diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-05-27 15:43:45 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-05-27 15:43:45 +0000 |
| commit | 6c2828d075efdfc02348369149b4347447857c8c (patch) | |
| tree | 6c9ec7c9f342792e5eb2c2973daa7bbbeb45362e /src/charon/plugins/eap_aka | |
| parent | cc7f376e575482c9a4866a4bd0c1f470394d740b (diff) | |
| download | vyos-strongswan-6c2828d075efdfc02348369149b4347447857c8c.tar.gz vyos-strongswan-6c2828d075efdfc02348369149b4347447857c8c.zip | |
Remove leftovers after source code restructuring.
Diffstat (limited to 'src/charon/plugins/eap_aka')
| -rw-r--r-- | src/charon/plugins/eap_aka/Makefile.am | 14 | ||||
| -rw-r--r-- | src/charon/plugins/eap_aka/Makefile.in | 577 | ||||
| -rw-r--r-- | src/charon/plugins/eap_aka/eap_aka_peer.c | 583 | ||||
| -rw-r--r-- | src/charon/plugins/eap_aka/eap_aka_peer.h | 49 | ||||
| -rw-r--r-- | src/charon/plugins/eap_aka/eap_aka_plugin.c | 51 | ||||
| -rw-r--r-- | src/charon/plugins/eap_aka/eap_aka_plugin.h | 50 | ||||
| -rw-r--r-- | src/charon/plugins/eap_aka/eap_aka_server.c | 700 | ||||
| -rw-r--r-- | src/charon/plugins/eap_aka/eap_aka_server.h | 49 |
8 files changed, 0 insertions, 2073 deletions
diff --git a/src/charon/plugins/eap_aka/Makefile.am b/src/charon/plugins/eap_aka/Makefile.am deleted file mode 100644 index e007f5f00..000000000 --- a/src/charon/plugins/eap_aka/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ - -I$(top_srcdir)/src/libsimaka - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-aka.la - -libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \ - eap_aka_peer.h eap_aka_peer.c \ - eap_aka_server.h eap_aka_server.c -libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la -libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/eap_aka/Makefile.in b/src/charon/plugins/eap_aka/Makefile.in deleted file mode 100644 index d241e1ad0..000000000 --- a/src/charon/plugins/eap_aka/Makefile.in +++ /dev/null @@ -1,577 +0,0 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/charon/plugins/eap_aka -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ - $(top_srcdir)/m4/config/ltoptions.m4 \ - $(top_srcdir)/m4/config/ltsugar.m4 \ - $(top_srcdir)/m4/config/ltversion.m4 \ - $(top_srcdir)/m4/config/lt~obsolete.m4 \ - $(top_srcdir)/m4/macros/with.m4 \ - $(top_srcdir)/m4/macros/enable-disable.m4 \ - $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eap_aka_la_DEPENDENCIES = \ - $(top_builddir)/src/libsimaka/libsimaka.la -am_libstrongswan_eap_aka_la_OBJECTS = eap_aka_plugin.lo \ - eap_aka_peer.lo eap_aka_server.lo -libstrongswan_eap_aka_la_OBJECTS = \ - $(am_libstrongswan_eap_aka_la_OBJECTS) -libstrongswan_eap_aka_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libstrongswan_eap_aka_la_LDFLAGS) $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I.@am__isrc@ -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eap_aka_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eap_aka_la_SOURCES) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -ALLOCA = @ALLOCA@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BTLIB = @BTLIB@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLIB = @DLLIB@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GPERF = @GPERF@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -MYSQLCFLAG = @MYSQLCFLAG@ -MYSQLCONFIG = @MYSQLCONFIG@ -MYSQLLIB = @MYSQLLIB@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -PTHREADLIB = @PTHREADLIB@ -RANLIB = @RANLIB@ -RTLIB = @RTLIB@ -RUBY = @RUBY@ -RUBYINCLUDE = @RUBYINCLUDE@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKLIB = @SOCKLIB@ -STRIP = @STRIP@ -VERSION = @VERSION@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -default_pkcs11 = @default_pkcs11@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -ipsecdir = @ipsecdir@ -ipsecgid = @ipsecgid@ -ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -ipsecuser = @ipsecuser@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libstrongswan_plugins = @libstrongswan_plugins@ -linux_headers = @linux_headers@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -nm_CFLAGS = @nm_CFLAGS@ -nm_LIBS = @nm_LIBS@ -nm_ca_dir = @nm_ca_dir@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -piddir = @piddir@ -plugindir = @plugindir@ -pluto_plugins = @pluto_plugins@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -random_device = @random_device@ -resolv_conf = @resolv_conf@ -routing_table = @routing_table@ -routing_table_prio = @routing_table_prio@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -strongswan_conf = @strongswan_conf@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -urandom_device = @urandom_device@ -xml_CFLAGS = @xml_CFLAGS@ -xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ - -I$(top_srcdir)/src/libsimaka - -AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-aka.la -libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \ - eap_aka_peer.h eap_aka_peer.c \ - eap_aka_server.h eap_aka_server.c - -libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la -libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) - @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ - } - -uninstall-pluginLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ - done - -clean-pluginLTLIBRARIES: - -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libstrongswan-eap-aka.la: $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_DEPENDENCIES) - $(libstrongswan_eap_aka_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_peer.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_plugin.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_server.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: - for dir in "$(DESTDIR)$(plugindir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-pluginLTLIBRARIES - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-pluginLTLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.c b/src/charon/plugins/eap_aka/eap_aka_peer.c deleted file mode 100644 index 26546809d..000000000 --- a/src/charon/plugins/eap_aka/eap_aka_peer.c +++ /dev/null @@ -1,583 +0,0 @@ -/* - * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "eap_aka_peer.h" - -#include <library.h> -#include <daemon.h> - -#include <simaka_message.h> -#include <simaka_crypto.h> - -typedef struct private_eap_aka_peer_t private_eap_aka_peer_t; - -/** - * Private data of an eap_aka_peer_t object. - */ -struct private_eap_aka_peer_t { - - /** - * Public authenticator_t interface. - */ - eap_aka_peer_t public; - - /** - * EAP-AKA crypto helper - */ - simaka_crypto_t *crypto; - - /** - * permanent ID of peer - */ - identification_t *permanent; - - /** - * Pseudonym identity the peer uses - */ - identification_t *pseudonym; - - /** - * Reauthentication identity the peer uses - */ - identification_t *reauth; - - /** - * MSK - */ - chunk_t msk; - - /** - * Master key, if reauthentication is used - */ - char mk[HASH_SIZE_SHA1]; - - /** - * Counter value if reauthentication is used - */ - u_int16_t counter; -}; - -/** - * Create a AKA_CLIENT_ERROR: "Unable to process" - */ -static eap_payload_t* create_client_error(private_eap_aka_peer_t *this, - u_int8_t identifier) -{ - simaka_message_t *message; - eap_payload_t *out; - u_int16_t encoded; - - DBG1(DBG_IKE, "sending client error '%N'", - simaka_client_error_names, AKA_UNABLE_TO_PROCESS); - - message = simaka_message_create(FALSE, identifier, EAP_AKA, - AKA_CLIENT_ERROR, this->crypto); - encoded = htons(AKA_UNABLE_TO_PROCESS); - message->add_attribute(message, AT_CLIENT_ERROR_CODE, - chunk_create((char*)&encoded, sizeof(encoded))); - out = message->generate(message, chunk_empty); - message->destroy(message); - return out; -} - -/** - * process an EAP-AKA/Request/Identity message - */ -static status_t process_identity(private_eap_aka_peer_t *this, - simaka_message_t *in, eap_payload_t **out) -{ - simaka_message_t *message; - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data, id = chunk_empty; - simaka_attribute_t id_req = 0; - - /* reset previously uses reauthentication/pseudonym data */ - this->crypto->clear_keys(this->crypto); - DESTROY_IF(this->pseudonym); - this->pseudonym = NULL; - DESTROY_IF(this->reauth); - this->reauth = NULL; - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - switch (type) - { - case AT_ANY_ID_REQ: - case AT_FULLAUTH_ID_REQ: - case AT_PERMANENT_ID_REQ: - id_req = type; - break; - default: - if (!simaka_attribute_skippable(type)) - { - *out = create_client_error(this, in->get_identifier(in)); - enumerator->destroy(enumerator); - return NEED_MORE; - } - break; - } - } - enumerator->destroy(enumerator); - - switch (id_req) - { - case AT_ANY_ID_REQ: - this->reauth = charon->sim->card_get_reauth(charon->sim, - this->permanent, this->mk, &this->counter); - if (this->reauth) - { - id = this->reauth->get_encoding(this->reauth); - break; - } - /* FALL */ - case AT_FULLAUTH_ID_REQ: - this->pseudonym = charon->sim->card_get_pseudonym(charon->sim, - this->permanent); - if (this->pseudonym) - { - id = this->pseudonym->get_encoding(this->pseudonym); - break; - } - /* FALL */ - case AT_PERMANENT_ID_REQ: - id = this->permanent->get_encoding(this->permanent); - break; - default: - break; - } - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, - AKA_IDENTITY, this->crypto); - if (id.len) - { - message->add_attribute(message, AT_IDENTITY, id); - } - *out = message->generate(message, chunk_empty); - message->destroy(message); - - return NEED_MORE; -} - -/** - * Process an EAP-AKA/Request/Challenge message - */ -static status_t process_challenge(private_eap_aka_peer_t *this, - simaka_message_t *in, eap_payload_t **out) -{ - simaka_message_t *message; - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data, rand = chunk_empty, autn = chunk_empty, mk; - u_char res[AKA_RES_MAX], ck[AKA_CK_LEN], ik[AKA_IK_LEN], auts[AKA_AUTS_LEN]; - int res_len; - identification_t *id; - status_t status; - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - switch (type) - { - case AT_RAND: - rand = data; - break; - case AT_AUTN: - autn = data; - break; - default: - if (!simaka_attribute_skippable(type)) - { - *out = create_client_error(this, in->get_identifier(in)); - enumerator->destroy(enumerator); - return NEED_MORE; - } - break; - } - } - enumerator->destroy(enumerator); - - if (!rand.len || !autn.len) - { - DBG1(DBG_IKE, "received invalid EAP-AKA challenge message"); - *out = create_client_error(this, in->get_identifier(in)); - return NEED_MORE; - } - - status = charon->sim->card_get_quintuplet(charon->sim, this->permanent, - rand.ptr, autn.ptr, ck, ik, res, &res_len); - if (status == INVALID_STATE && - charon->sim->card_resync(charon->sim, this->permanent, rand.ptr, auts)) - { - DBG1(DBG_IKE, "received SQN invalid, sending %N", - simaka_subtype_names, AKA_SYNCHRONIZATION_FAILURE); - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, - AKA_SYNCHRONIZATION_FAILURE, this->crypto); - message->add_attribute(message, AT_AUTS, - chunk_create(auts, AKA_AUTS_LEN)); - *out = message->generate(message, chunk_empty); - message->destroy(message); - return NEED_MORE; - } - if (status != SUCCESS) - { - DBG1(DBG_IKE, "no USIM found with quintuplets for '%Y', sending %N", - this->permanent, simaka_subtype_names, AKA_AUTHENTICATION_REJECT); - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, - AKA_AUTHENTICATION_REJECT, this->crypto); - *out = message->generate(message, chunk_empty); - message->destroy(message); - return NEED_MORE; - } - - id = this->permanent; - if (this->pseudonym) - { - id = this->pseudonym; - } - data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN), - chunk_create(ck, AKA_CK_LEN)); - free(this->msk.ptr); - this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk); - memcpy(this->mk, mk.ptr, mk.len); - free(mk.ptr); - - /* Verify AT_MAC attribute and parse() again after key derivation, - * reading encrypted attributes */ - if (!in->verify(in, chunk_empty) || !in->parse(in)) - { - *out = create_client_error(this, in->get_identifier(in)); - return NEED_MORE; - } - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - switch (type) - { - case AT_NEXT_REAUTH_ID: - this->counter = 0; - id = identification_create_from_data(data); - charon->sim->card_set_reauth(charon->sim, this->permanent, id, - this->mk, this->counter); - id->destroy(id); - break; - case AT_NEXT_PSEUDONYM: - id = identification_create_from_data(data); - charon->sim->card_set_pseudonym(charon->sim, this->permanent, id); - id->destroy(id); - break; - default: - break; - } - } - enumerator->destroy(enumerator); - - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, - AKA_CHALLENGE, this->crypto); - message->add_attribute(message, AT_RES, chunk_create(res, res_len)); - *out = message->generate(message, chunk_empty); - message->destroy(message); - return NEED_MORE; -} - -/** - * Check if a received counter value is acceptable - */ -static bool counter_too_small(private_eap_aka_peer_t *this, chunk_t chunk) -{ - u_int16_t counter; - - memcpy(&counter, chunk.ptr, sizeof(counter)); - counter = htons(counter); - return counter < this->counter; -} - -/** - * process an EAP-AKA/Request/Reauthentication message - */ -static status_t process_reauthentication(private_eap_aka_peer_t *this, - simaka_message_t *in, eap_payload_t **out) -{ - simaka_message_t *message; - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data, counter = chunk_empty, nonce = chunk_empty, id = chunk_empty; - - if (!this->reauth) - { - DBG1(DBG_IKE, "received %N, but not expected", - simaka_subtype_names, AKA_REAUTHENTICATION); - *out = create_client_error(this, in->get_identifier(in)); - return NEED_MORE; - } - - this->crypto->derive_keys_reauth(this->crypto, - chunk_create(this->mk, HASH_SIZE_SHA1)); - - /* verify MAC and parse again with decryption key */ - if (!in->verify(in, chunk_empty) || !in->parse(in)) - { - *out = create_client_error(this, in->get_identifier(in)); - return NEED_MORE; - } - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - switch (type) - { - case AT_COUNTER: - counter = data; - break; - case AT_NONCE_S: - nonce = data; - break; - case AT_NEXT_REAUTH_ID: - id = data; - break; - default: - if (!simaka_attribute_skippable(type)) - { - *out = create_client_error(this, in->get_identifier(in)); - enumerator->destroy(enumerator); - return NEED_MORE; - } - break; - } - } - enumerator->destroy(enumerator); - - if (!nonce.len || !counter.len) - { - DBG1(DBG_IKE, "EAP-AKA/Request/Reauthentication message incomplete"); - *out = create_client_error(this, in->get_identifier(in)); - return NEED_MORE; - } - - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, - AKA_REAUTHENTICATION, this->crypto); - if (counter_too_small(this, counter)) - { - DBG1(DBG_IKE, "reauthentication counter too small"); - message->add_attribute(message, AT_COUNTER_TOO_SMALL, chunk_empty); - } - else - { - free(this->msk.ptr); - this->msk = this->crypto->derive_keys_reauth_msk(this->crypto, - this->reauth, counter, nonce, - chunk_create(this->mk, HASH_SIZE_SHA1)); - if (id.len) - { - identification_t *reauth; - - reauth = identification_create_from_data(data); - charon->sim->card_set_reauth(charon->sim, this->permanent, reauth, - this->mk, this->counter); - reauth->destroy(reauth); - } - } - message->add_attribute(message, AT_COUNTER, counter); - *out = message->generate(message, nonce); - message->destroy(message); - return NEED_MORE; -} - -/** - * Process an EAP-AKA/Request/Notification message - */ -static status_t process_notification(private_eap_aka_peer_t *this, - simaka_message_t *in, eap_payload_t **out) -{ - simaka_message_t *message; - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data; - bool success = TRUE; - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - if (type == AT_NOTIFICATION) - { - u_int16_t code; - - memcpy(&code, data.ptr, sizeof(code)); - code = ntohs(code); - - /* test success bit */ - if (!(data.ptr[0] & 0x80)) - { - success = FALSE; - DBG1(DBG_IKE, "received EAP-AKA notification error '%N'", - simaka_notification_names, code); - } - else - { - DBG1(DBG_IKE, "received EAP-AKA notification '%N'", - simaka_notification_names, code); - } - } - else if (!simaka_attribute_skippable(type)) - { - success = FALSE; - break; - } - } - enumerator->destroy(enumerator); - - if (success) - { /* empty notification reply */ - message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, - AKA_NOTIFICATION, this->crypto); - *out = message->generate(message, chunk_empty); - message->destroy(message); - } - else - { - *out = create_client_error(this, in->get_identifier(in)); - } - return NEED_MORE; -} - - -/** - * Implementation of eap_method_t.process - */ -static status_t process(private_eap_aka_peer_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - simaka_message_t *message; - status_t status; - - message = simaka_message_create_from_payload(in, this->crypto); - if (!message) - { - *out = create_client_error(this, in->get_identifier(in)); - return NEED_MORE; - } - if (!message->parse(message)) - { - message->destroy(message); - *out = create_client_error(this, in->get_identifier(in)); - return NEED_MORE; - } - switch (message->get_subtype(message)) - { - case AKA_IDENTITY: - status = process_identity(this, message, out); - break; - case AKA_CHALLENGE: - status = process_challenge(this, message, out); - break; - case AKA_REAUTHENTICATION: - status = process_reauthentication(this, message, out); - break; - case AKA_NOTIFICATION: - status = process_notification(this, message, out); - break; - default: - DBG1(DBG_IKE, "unable to process EAP-AKA subtype %N", - simaka_subtype_names, message->get_subtype(message)); - *out = create_client_error(this, in->get_identifier(in)); - status = NEED_MORE; - break; - } - message->destroy(message); - return status; -} - -/** - * Implementation of eap_method_t.initiate - */ -static status_t initiate(private_eap_aka_peer_t *this, eap_payload_t **out) -{ - /* peer never initiates */ - return FAILED; -} - -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_aka_peer_t *this, u_int32_t *vendor) -{ - *vendor = 0; - return EAP_AKA; -} - -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_aka_peer_t *this, chunk_t *msk) -{ - if (this->msk.ptr) - { - *msk = this->msk; - return SUCCESS; - } - return FAILED; -} - -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_aka_peer_t *this) -{ - return TRUE; -} - -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_aka_peer_t *this) -{ - this->crypto->destroy(this->crypto); - this->permanent->destroy(this->permanent); - DESTROY_IF(this->pseudonym); - DESTROY_IF(this->reauth); - free(this->msk.ptr); - free(this); -} - -/* - * Described in header. - */ -eap_aka_peer_t *eap_aka_peer_create(identification_t *server, - identification_t *peer) -{ - private_eap_aka_peer_t *this = malloc_thing(private_eap_aka_peer_t); - - this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; - this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; - this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.interface.destroy = (void(*)(eap_method_t*))destroy; - - this->crypto = simaka_crypto_create(); - if (!this->crypto) - { - free(this); - return NULL; - } - this->permanent = peer->clone(peer); - this->pseudonym = NULL; - this->reauth = NULL; - this->msk = chunk_empty; - - return &this->public; -} - diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.h b/src/charon/plugins/eap_aka/eap_aka_peer.h deleted file mode 100644 index 65a210406..000000000 --- a/src/charon/plugins/eap_aka/eap_aka_peer.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup eap_aka_peer eap_aka_peer - * @{ @ingroup eap_aka - */ - -#ifndef EAP_AKA_PEER_H_ -#define EAP_AKA_PEER_H_ - -typedef struct eap_aka_peer_t eap_aka_peer_t; - -#include <sa/authenticators/eap/eap_method.h> - -/** - * Implementation of the eap_method_t interface using EAP-AKA as a client. - */ -struct eap_aka_peer_t { - - /** - * Implemented eap_method_t interface. - */ - eap_method_t interface; -}; - -/** - * Creates the peer implementation of the EAP method EAP-AKA. - * - * @param server ID of the EAP server - * @param peer ID of the EAP client - * @return eap_aka_peer_t object - */ -eap_aka_peer_t *eap_aka_peer_create(identification_t *server, - identification_t *peer); - -#endif /** EAP_AKA_PEER_H_ @}*/ diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.c b/src/charon/plugins/eap_aka/eap_aka_plugin.c deleted file mode 100644 index c44a08966..000000000 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "eap_aka_plugin.h" - -#include "eap_aka_peer.h" -#include "eap_aka_server.h" - -#include <daemon.h> - -/** - * Implementation of plugin_t.destroy - */ -static void destroy(eap_aka_plugin_t *this) -{ - charon->eap->remove_method(charon->eap, - (eap_constructor_t)eap_aka_server_create); - charon->eap->remove_method(charon->eap, - (eap_constructor_t)eap_aka_peer_create); - free(this); -} - -/* - * see header file - */ -plugin_t *plugin_create() -{ - eap_aka_plugin_t *this = malloc_thing(eap_aka_plugin_t); - - this->plugin.destroy = (void(*)(plugin_t*))destroy; - - charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_SERVER, - (eap_constructor_t)eap_aka_server_create); - charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_PEER, - (eap_constructor_t)eap_aka_peer_create); - - return &this->plugin; -} - diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.h b/src/charon/plugins/eap_aka/eap_aka_plugin.h deleted file mode 100644 index 938e5ecbd..000000000 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup eap_aka eap_aka - * @ingroup cplugins - * - * @defgroup eap_aka_plugin eap_aka_plugin - * @{ @ingroup eap_aka - */ - -#ifndef EAP_AKA_PLUGIN_H_ -#define EAP_AKA_PLUGIN_H_ - -#include <plugins/plugin.h> - -typedef struct eap_aka_plugin_t eap_aka_plugin_t; - -/** - * EAP-AKA plugin. - * - * EAP-AKA uses 3rd generation mobile phone standard authentication - * mechanism for authentication, as defined RFC4187. - */ -struct eap_aka_plugin_t { - - /** - * implements plugin interface - */ - plugin_t plugin; -}; - -/** - * Create a eap_aka_plugin instance. - */ -plugin_t *plugin_create(); - -#endif /** EAP_AKA_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_aka/eap_aka_server.c b/src/charon/plugins/eap_aka/eap_aka_server.c deleted file mode 100644 index 9baff3e23..000000000 --- a/src/charon/plugins/eap_aka/eap_aka_server.c +++ /dev/null @@ -1,700 +0,0 @@ -/* - * Copyright (C) 2006-2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "eap_aka_server.h" - -#include <daemon.h> -#include <library.h> - -#include <simaka_message.h> -#include <simaka_crypto.h> - -/** length of the AT_NONCE_S value */ -#define NONCE_LEN 16 - -typedef struct private_eap_aka_server_t private_eap_aka_server_t; - -/** - * Private data of an eap_aka_server_t object. - */ -struct private_eap_aka_server_t { - - /** - * Public authenticator_t interface. - */ - eap_aka_server_t public; - - /** - * EAP-AKA crypto helper - */ - simaka_crypto_t *crypto; - - /** - * permanent ID of the peer - */ - identification_t *permanent; - - /** - * pseudonym ID of peer - */ - identification_t *pseudonym; - - /** - * reauthentication ID of peer - */ - identification_t *reauth; - - /** - * EAP identifier value - */ - u_int8_t identifier; - - /** - * Expected Result XRES - */ - chunk_t xres; - - /** - * Random value RAND - */ - chunk_t rand; - - /** - * MSK - */ - chunk_t msk; - - /** - * Nonce value used in AT_NONCE_S - */ - chunk_t nonce; - - /** - * Counter value negotiated, network order - */ - chunk_t counter; - - /** - * Do we request fast reauthentication? - */ - bool use_reauth; - - /** - * Do we request pseudonym identities? - */ - bool use_pseudonym; - - /** - * Do we request permanent identities? - */ - bool use_permanent; - - /** - * EAP-AKA message we have initiated - */ - simaka_subtype_t pending; - - /** - * Did the client send a synchronize request? - */ - bool synchronized; -}; - -/** - * Create EAP-AKA/Request/Identity message - */ -static status_t identity(private_eap_aka_server_t *this, eap_payload_t **out) -{ - simaka_message_t *message; - - message = simaka_message_create(TRUE, this->identifier++, EAP_AKA, - AKA_IDENTITY, this->crypto); - if (this->use_reauth) - { - message->add_attribute(message, AT_ANY_ID_REQ, chunk_empty); - } - else if (this->use_pseudonym) - { - message->add_attribute(message, AT_FULLAUTH_ID_REQ, chunk_empty); - } - else if (this->use_permanent) - { - message->add_attribute(message, AT_PERMANENT_ID_REQ, chunk_empty); - } - *out = message->generate(message, chunk_empty); - message->destroy(message); - - this->pending = AKA_IDENTITY; - return NEED_MORE; -} - -/** - * Create EAP-AKA/Request/Challenge message - */ -static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out) -{ - simaka_message_t *message; - char rand[AKA_RAND_LEN], xres[AKA_RES_MAX]; - char ck[AKA_CK_LEN], ik[AKA_IK_LEN], autn[AKA_AUTN_LEN]; - int xres_len; - chunk_t data, mk; - identification_t *id; - - if (!charon->sim->provider_get_quintuplet(charon->sim, this->permanent, - rand, xres, &xres_len, ck, ik, autn)) - { - if (this->use_pseudonym) - { - /* probably received a pseudonym/reauth id we couldn't map */ - DBG1(DBG_IKE, "failed to map pseudonym/reauth identity '%Y', " - "fallback to permanent identity request", this->permanent); - this->use_pseudonym = FALSE; - DESTROY_IF(this->pseudonym); - this->pseudonym = NULL; - return identity(this, out); - } - return FAILED; - } - id = this->permanent; - if (this->pseudonym) - { - id = this->pseudonym; - } - data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN), - chunk_create(ck, AKA_CK_LEN)); - free(this->msk.ptr); - this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk); - this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN)); - this->xres = chunk_clone(chunk_create(xres, xres_len)); - - message = simaka_message_create(TRUE, this->identifier++, EAP_AKA, - AKA_CHALLENGE, this->crypto); - message->add_attribute(message, AT_RAND, this->rand); - message->add_attribute(message, AT_AUTN, chunk_create(autn, AKA_AUTN_LEN)); - id = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk.ptr); - if (id) - { - message->add_attribute(message, AT_NEXT_REAUTH_ID, - id->get_encoding(id)); - id->destroy(id); - } - else - { - id = charon->sim->provider_gen_pseudonym(charon->sim, this->permanent); - if (id) - { - message->add_attribute(message, AT_NEXT_PSEUDONYM, - id->get_encoding(id)); - id->destroy(id); - } - } - *out = message->generate(message, chunk_empty); - message->destroy(message); - - free(mk.ptr); - this->pending = AKA_CHALLENGE; - return NEED_MORE; -} - -/** - * Initiate EAP-AKA/Request/Re-authentication message - */ -static status_t reauthenticate(private_eap_aka_server_t *this, - char mk[HASH_SIZE_SHA1], u_int16_t counter, - eap_payload_t **out) -{ - simaka_message_t *message; - identification_t *next; - chunk_t mkc; - rng_t *rng; - - DBG1(DBG_IKE, "initiating EAP-AKA reauthentication"); - - rng = this->crypto->get_rng(this->crypto); - rng->allocate_bytes(rng, NONCE_LEN, &this->nonce); - - mkc = chunk_create(mk, HASH_SIZE_SHA1); - counter = htons(counter); - this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter))); - - this->crypto->derive_keys_reauth(this->crypto, mkc); - this->msk = this->crypto->derive_keys_reauth_msk(this->crypto, - this->reauth, this->counter, this->nonce, mkc); - - message = simaka_message_create(TRUE, this->identifier++, EAP_AKA, - AKA_REAUTHENTICATION, this->crypto); - message->add_attribute(message, AT_COUNTER, this->counter); - message->add_attribute(message, AT_NONCE_S, this->nonce); - next = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk); - if (next) - { - message->add_attribute(message, AT_NEXT_REAUTH_ID, - next->get_encoding(next)); - next->destroy(next); - } - *out = message->generate(message, chunk_empty); - message->destroy(message); - - this->pending = SIM_REAUTHENTICATION; - return NEED_MORE; -} - -/** - * Implementation of eap_method_t.initiate - */ -static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out) -{ - if (this->use_permanent || this->use_pseudonym || this->use_reauth) - { - return identity(this, out); - } - return challenge(this, out); -} - -/** - * Process EAP-AKA/Response/Identity message - */ -static status_t process_identity(private_eap_aka_server_t *this, - simaka_message_t *in, eap_payload_t **out) -{ - identification_t *permanent, *id; - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data, identity = chunk_empty; - - if (this->pending != AKA_IDENTITY) - { - DBG1(DBG_IKE, "received %N, but not expected", - simaka_subtype_names, AKA_IDENTITY); - return FAILED; - } - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - switch (type) - { - case AT_IDENTITY: - identity = data; - break; - default: - if (!simaka_attribute_skippable(type)) - { - enumerator->destroy(enumerator); - return FAILED; - } - break; - } - } - enumerator->destroy(enumerator); - - if (!identity.len) - { - DBG1(DBG_IKE, "received incomplete Identity response"); - return FAILED; - } - - id = identification_create_from_data(identity); - if (this->use_reauth) - { - char mk[HASH_SIZE_SHA1]; - u_int16_t counter; - - permanent = charon->sim->provider_is_reauth(charon->sim, id, - mk, &counter); - if (permanent) - { - this->permanent->destroy(this->permanent); - this->permanent = permanent; - this->reauth = id; - return reauthenticate(this, mk, counter, out); - } - /* unable to map, maybe a pseudonym? */ - DBG1(DBG_IKE, "'%Y' is not a reauth identity", id); - this->use_reauth = FALSE; - } - if (this->use_pseudonym) - { - permanent = charon->sim->provider_is_pseudonym(charon->sim, id); - if (permanent) - { - this->permanent->destroy(this->permanent); - this->permanent = permanent; - this->pseudonym = id->clone(id); - /* we already have a new permanent identity now */ - this->use_permanent = FALSE; - } - else - { - DBG1(DBG_IKE, "'%Y' is not a pseudonym", id); - } - } - if (!this->pseudonym && this->use_permanent) - { - /* got a permanent identity or a pseudonym reauth id wou couldn't map, - * try to get quintuplets */ - DBG1(DBG_IKE, "received identity '%Y'", id); - this->permanent->destroy(this->permanent); - this->permanent = id->clone(id); - } - id->destroy(id); - - return challenge(this, out); -} - -/** - * Process EAP-AKA/Response/Challenge message - */ -static status_t process_challenge(private_eap_aka_server_t *this, - simaka_message_t *in) -{ - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data, res = chunk_empty; - - if (this->pending != AKA_CHALLENGE) - { - DBG1(DBG_IKE, "received %N, but not expected", - simaka_subtype_names, AKA_CHALLENGE); - return FAILED; - } - /* verify MAC of EAP message, AT_MAC */ - if (!in->verify(in, chunk_empty)) - { - return FAILED; - } - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - switch (type) - { - case AT_RES: - res = data; - break; - default: - if (!simaka_attribute_skippable(type)) - { - enumerator->destroy(enumerator); - return FAILED; - } - break; - } - } - enumerator->destroy(enumerator); - - /* compare received RES against stored XRES */ - if (!chunk_equals(res, this->xres)) - { - DBG1(DBG_IKE, "received RES does not match XRES"); - return FAILED; - } - return SUCCESS; -} - -/** - * process an EAP-AKA/Response/Reauthentication message - */ -static status_t process_reauthentication(private_eap_aka_server_t *this, - simaka_message_t *in, eap_payload_t **out) -{ - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data, counter = chunk_empty; - bool too_small = FALSE; - - if (this->pending != AKA_REAUTHENTICATION) - { - DBG1(DBG_IKE, "received %N, but not expected", - simaka_subtype_names, AKA_REAUTHENTICATION); - return FAILED; - } - /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_S" */ - if (!in->verify(in, this->nonce)) - { - return FAILED; - } - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - switch (type) - { - case AT_COUNTER: - counter = data; - break; - case AT_COUNTER_TOO_SMALL: - too_small = TRUE; - break; - default: - if (!simaka_attribute_skippable(type)) - { - enumerator->destroy(enumerator); - return FAILED; - } - break; - } - } - enumerator->destroy(enumerator); - - if (too_small) - { - DBG1(DBG_IKE, "received %N, initiating full authentication", - simaka_attribute_names, AT_COUNTER_TOO_SMALL); - this->use_reauth = FALSE; - this->crypto->clear_keys(this->crypto); - return challenge(this, out); - } - if (!chunk_equals(counter, this->counter)) - { - DBG1(DBG_IKE, "received counter does not match"); - return FAILED; - } - return SUCCESS; -} - -/** - * Process EAP-AKA/Response/SynchronizationFailure message - */ -static status_t process_synchronize(private_eap_aka_server_t *this, - simaka_message_t *in, eap_payload_t **out) -{ - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data, auts = chunk_empty; - - if (this->synchronized) - { - DBG1(DBG_IKE, "received %N, but peer did already resynchronize", - simaka_subtype_names, AKA_SYNCHRONIZATION_FAILURE); - return FAILED; - } - - DBG1(DBG_IKE, "received synchronization request, retrying..."); - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - switch (type) - { - case AT_AUTS: - auts = data; - break; - default: - if (!simaka_attribute_skippable(type)) - { - enumerator->destroy(enumerator); - return FAILED; - } - break; - } - } - enumerator->destroy(enumerator); - - if (!auts.len) - { - DBG1(DBG_IKE, "synchronization request didn't contain usable AUTS"); - return FAILED; - } - - if (!charon->sim->provider_resync(charon->sim, this->permanent, - this->rand.ptr, auts.ptr)) - { - DBG1(DBG_IKE, "no AKA provider found supporting " - "resynchronization for '%Y'", this->permanent); - return FAILED; - } - this->synchronized = TRUE; - return challenge(this, out); -} - -/** - * Process EAP-AKA/Response/ClientErrorCode message - */ -static status_t process_client_error(private_eap_aka_server_t *this, - simaka_message_t *in) -{ - enumerator_t *enumerator; - simaka_attribute_t type; - chunk_t data; - - enumerator = in->create_attribute_enumerator(in); - while (enumerator->enumerate(enumerator, &type, &data)) - { - if (type == AT_CLIENT_ERROR_CODE) - { - u_int16_t code; - - memcpy(&code, data.ptr, sizeof(code)); - DBG1(DBG_IKE, "received EAP-AKA client error '%N'", - simaka_client_error_names, ntohs(code)); - } - else if (!simaka_attribute_skippable(type)) - { - break; - } - } - enumerator->destroy(enumerator); - return FAILED; -} - -/** - * Process EAP-AKA/Response/AuthenticationReject message - */ -static status_t process_authentication_reject(private_eap_aka_server_t *this, - simaka_message_t *in) -{ - DBG1(DBG_IKE, "received %N, authentication failed", - simaka_subtype_names, in->get_subtype(in)); - return FAILED; -} - -/** - * Implementation of eap_method_t.process - */ -static status_t process(private_eap_aka_server_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - simaka_message_t *message; - status_t status; - - message = simaka_message_create_from_payload(in, this->crypto); - if (!message) - { - return FAILED; - } - if (!message->parse(message)) - { - message->destroy(message); - return FAILED; - } - switch (message->get_subtype(message)) - { - case AKA_IDENTITY: - status = process_identity(this, message, out); - break; - case AKA_CHALLENGE: - status = process_challenge(this, message); - break; - case AKA_REAUTHENTICATION: - status = process_reauthentication(this, message, out); - break; - case AKA_SYNCHRONIZATION_FAILURE: - status = process_synchronize(this, message, out); - break; - case AKA_CLIENT_ERROR: - status = process_client_error(this, message); - break; - case AKA_AUTHENTICATION_REJECT: - status = process_authentication_reject(this, message); - break; - default: - DBG1(DBG_IKE, "unable to process EAP-AKA subtype %N", - simaka_subtype_names, message->get_subtype(message)); - status = FAILED; - break; - } - message->destroy(message); - return status; -} - -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_aka_server_t *this, u_int32_t *vendor) -{ - *vendor = 0; - return EAP_AKA; -} - -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_aka_server_t *this, chunk_t *msk) -{ - if (this->msk.ptr) - { - *msk = this->msk; - return SUCCESS; - } - return FAILED; -} - -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_aka_server_t *this) -{ - return TRUE; -} - -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_aka_server_t *this) -{ - this->crypto->destroy(this->crypto); - this->permanent->destroy(this->permanent); - DESTROY_IF(this->pseudonym); - DESTROY_IF(this->reauth); - free(this->xres.ptr); - free(this->rand.ptr); - free(this->nonce.ptr); - free(this->msk.ptr); - free(this->counter.ptr); - free(this); -} - -/* - * Described in header. - */ -eap_aka_server_t *eap_aka_server_create(identification_t *server, - identification_t *peer) -{ - private_eap_aka_server_t *this = malloc_thing(private_eap_aka_server_t); - - this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; - this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; - this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.interface.destroy = (void(*)(eap_method_t*))destroy; - - this->crypto = simaka_crypto_create(); - if (!this->crypto) - { - free(this); - return NULL; - } - this->permanent = peer->clone(peer); - this->pseudonym = NULL; - this->reauth = NULL; - this->xres = chunk_empty; - this->rand = chunk_empty; - this->nonce = chunk_empty; - this->msk = chunk_empty; - this->counter = chunk_empty; - this->pending = 0; - this->synchronized = FALSE; - this->use_reauth = this->use_pseudonym = this->use_permanent = - lib->settings->get_bool(lib->settings, - "charon.plugins.eap-aka.request_identity", TRUE); - /* generate a non-zero identifier */ - do { - this->identifier = random(); - } while (!this->identifier); - - return &this->public; -} - diff --git a/src/charon/plugins/eap_aka/eap_aka_server.h b/src/charon/plugins/eap_aka/eap_aka_server.h deleted file mode 100644 index d48fc4c34..000000000 --- a/src/charon/plugins/eap_aka/eap_aka_server.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup eap_aka_server eap_aka_server - * @{ @ingroup eap_aka - */ - -#ifndef EAP_AKA_SERVER_H_ -#define EAP_AKA_SERVER_H_ - -typedef struct eap_aka_server_t eap_aka_server_t; - -#include <sa/authenticators/eap/eap_method.h> - -/** - * Implementation of the eap_method_t interface using EAP-AKA as server. - */ -struct eap_aka_server_t { - - /** - * Implemented eap_method_t interface. - */ - eap_method_t interface; -}; - -/** - * Creates the server implementation of the EAP method EAP-AKA. - * - * @param server ID of the EAP server - * @param peer ID of the EAP client - * @return eap_aka_server_t object - */ -eap_aka_server_t *eap_aka_server_create(identification_t *server, - identification_t *peer); - -#endif /** EAP_AKA_SERVER_H_ @}*/ |