summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/eap_sim/eap_sim_peer.c
diff options
context:
space:
mode:
authorRené Mayrhofer <rene@mayrhofer.eu.org>2011-05-19 13:37:29 +0200
committerRené Mayrhofer <rene@mayrhofer.eu.org>2011-05-19 13:37:29 +0200
commit0a9d51a49042a68daa15b0c74a2b7f152f52606b (patch)
tree451888dcb17d00e52114f734e846821373fbbd44 /src/libcharon/plugins/eap_sim/eap_sim_peer.c
parent568905f488e63e28778f87ac0e38d845f45bae79 (diff)
downloadvyos-strongswan-0a9d51a49042a68daa15b0c74a2b7f152f52606b.tar.gz
vyos-strongswan-0a9d51a49042a68daa15b0c74a2b7f152f52606b.zip
Imported Upstream version 4.5.2
Diffstat (limited to 'src/libcharon/plugins/eap_sim/eap_sim_peer.c')
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_peer.c143
1 files changed, 70 insertions, 73 deletions
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
index a3506f4ba..083bf73a3 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
@@ -56,6 +56,11 @@ struct private_eap_sim_peer_t {
identification_t *reauth;
/**
+ * EAP message identifier
+ */
+ u_int8_t identifier;
+
+ /**
* EAP-SIM crypto helper
*/
simaka_crypto_t *crypto;
@@ -98,7 +103,7 @@ static chunk_t version = chunk_from_chars(0x00,0x01);
* Create a SIM_CLIENT_ERROR
*/
static eap_payload_t* create_client_error(private_eap_sim_peer_t *this,
- u_int8_t identifier, simaka_client_error_t code)
+ simaka_client_error_t code)
{
simaka_message_t *message;
eap_payload_t *out;
@@ -106,7 +111,7 @@ static eap_payload_t* create_client_error(private_eap_sim_peer_t *this,
DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, code);
- message = simaka_message_create(FALSE, identifier, EAP_SIM,
+ message = simaka_message_create(FALSE, this->identifier, EAP_SIM,
SIM_CLIENT_ERROR, this->crypto);
encoded = htons(code);
message->add_attribute(message, AT_CLIENT_ERROR_CODE,
@@ -164,8 +169,7 @@ static status_t process_start(private_eap_sim_peer_t *this,
default:
if (!simaka_attribute_skippable(type))
{
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
enumerator->destroy(enumerator);
return NEED_MORE;
}
@@ -177,8 +181,7 @@ static status_t process_start(private_eap_sim_peer_t *this,
if (!supported)
{
DBG1(DBG_IKE, "server does not support EAP-SIM version number 1");
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNSUPPORTED_VERSION);
+ *out = create_client_error(this, SIM_UNSUPPORTED_VERSION);
return NEED_MORE;
}
@@ -214,7 +217,7 @@ static status_t process_start(private_eap_sim_peer_t *this,
free(this->nonce.ptr);
rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
- message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+ message = simaka_message_create(FALSE, this->identifier, EAP_SIM,
SIM_START, this->crypto);
if (!this->reauth)
{
@@ -261,8 +264,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
default:
if (!simaka_attribute_skippable(type))
{
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
enumerator->destroy(enumerator);
return NEED_MORE;
}
@@ -277,8 +279,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
memeq(rands.ptr, rands.ptr + SIM_RAND_LEN, SIM_RAND_LEN))
{
DBG1(DBG_IKE, "no valid AT_RAND received");
- *out = create_client_error(this, in->get_identifier(in),
- SIM_INSUFFICIENT_CHALLENGES);
+ *out = create_client_error(this, SIM_INSUFFICIENT_CHALLENGES);
return NEED_MORE;
}
/* get two or three KCs/SRESes from SIM using RANDs */
@@ -290,8 +291,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
rands.ptr, sres.ptr, kc.ptr))
{
DBG1(DBG_IKE, "unable to get EAP-SIM triplet");
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
DBG3(DBG_IKE, "got triplet for RAND %b\n Kc %b\n SRES %b",
@@ -316,8 +316,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
* parse() again after key derivation, reading encrypted attributes */
if (!in->verify(in, this->nonce) || !in->parse(in))
{
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
@@ -345,7 +344,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
enumerator->destroy(enumerator);
/* build response with AT_MAC, built over "EAP packet | n*SRES" */
- message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+ message = simaka_message_create(FALSE, this->identifier, EAP_SIM,
SIM_CHALLENGE, this->crypto);
*out = message->generate(message, sreses);
message->destroy(message);
@@ -379,8 +378,7 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this,
{
DBG1(DBG_IKE, "received %N, but not expected",
simaka_subtype_names, SIM_REAUTHENTICATION);
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
@@ -390,8 +388,7 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this,
/* verify MAC and parse again with decryption key */
if (!in->verify(in, chunk_empty) || !in->parse(in))
{
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
@@ -412,8 +409,7 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this,
default:
if (!simaka_attribute_skippable(type))
{
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
enumerator->destroy(enumerator);
return NEED_MORE;
}
@@ -425,12 +421,11 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this,
if (!nonce.len || !counter.len)
{
DBG1(DBG_IKE, "EAP-SIM/Request/Re-Authentication message incomplete");
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
- message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+ message = simaka_message_create(FALSE, this->identifier, EAP_SIM,
SIM_REAUTHENTICATION, this->crypto);
if (counter_too_small(this, counter))
{
@@ -503,40 +498,37 @@ static status_t process_notification(private_eap_sim_peer_t *this,
if (success)
{ /* empty notification reply */
- message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
+ message = simaka_message_create(FALSE, this->identifier, EAP_SIM,
SIM_NOTIFICATION, this->crypto);
*out = message->generate(message, chunk_empty);
message->destroy(message);
}
else
{
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
}
return NEED_MORE;
}
-/**
- * Implementation of eap_method_t.process
- */
-static status_t process(private_eap_sim_peer_t *this,
- eap_payload_t *in, eap_payload_t **out)
+METHOD(eap_method_t, process, status_t,
+ private_eap_sim_peer_t *this, eap_payload_t *in, eap_payload_t **out)
{
simaka_message_t *message;
status_t status;
+ /* store received EAP message identifier */
+ this->identifier = in->get_identifier(in);
+
message = simaka_message_create_from_payload(in, this->crypto);
if (!message)
{
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
if (!message->parse(message))
{
message->destroy(message);
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
switch (message->get_subtype(message))
@@ -556,8 +548,7 @@ static status_t process(private_eap_sim_peer_t *this,
default:
DBG1(DBG_IKE, "unable to process EAP-SIM subtype %N",
simaka_subtype_names, message->get_subtype(message));
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
+ *out = create_client_error(this, SIM_UNABLE_TO_PROCESS);
status = NEED_MORE;
break;
}
@@ -565,28 +556,22 @@ static status_t process(private_eap_sim_peer_t *this,
return status;
}
-/**
- * Implementation of eap_method_t.initiate
- */
-static status_t initiate(private_eap_sim_peer_t *this, eap_payload_t **out)
+METHOD(eap_method_t, initiate, status_t,
+ private_eap_sim_peer_t *this, eap_payload_t **out)
{
/* peer never initiates */
return FAILED;
}
-/**
- * Implementation of eap_method_t.get_type.
- */
-static eap_type_t get_type(private_eap_sim_peer_t *this, u_int32_t *vendor)
+METHOD(eap_method_t, get_type, eap_type_t,
+ private_eap_sim_peer_t *this, u_int32_t *vendor)
{
*vendor = 0;
return EAP_SIM;
}
-/**
- * Implementation of eap_method_t.get_msk.
- */
-static status_t get_msk(private_eap_sim_peer_t *this, chunk_t *msk)
+METHOD(eap_method_t, get_msk, status_t,
+ private_eap_sim_peer_t *this, chunk_t *msk)
{
if (this->msk.ptr)
{
@@ -596,18 +581,26 @@ static status_t get_msk(private_eap_sim_peer_t *this, chunk_t *msk)
return FAILED;
}
-/**
- * Implementation of eap_method_t.is_mutual.
- */
-static bool is_mutual(private_eap_sim_peer_t *this)
+METHOD(eap_method_t, get_identifier, u_int8_t,
+ private_eap_sim_peer_t *this)
+{
+ return this->identifier;
+}
+
+METHOD(eap_method_t, set_identifier, void,
+ private_eap_sim_peer_t *this, u_int8_t identifier)
+{
+ this->identifier = identifier;
+}
+
+METHOD(eap_method_t, is_mutual, bool,
+ private_eap_sim_peer_t *this)
{
return TRUE;
}
-/**
- * Implementation of eap_method_t.destroy.
- */
-static void destroy(private_eap_sim_peer_t *this)
+METHOD(eap_method_t, destroy, void,
+ private_eap_sim_peer_t *this)
{
this->permanent->destroy(this->permanent);
DESTROY_IF(this->pseudonym);
@@ -625,28 +618,32 @@ static void destroy(private_eap_sim_peer_t *this)
eap_sim_peer_t *eap_sim_peer_create(identification_t *server,
identification_t *peer)
{
- private_eap_sim_peer_t *this = malloc_thing(private_eap_sim_peer_t);
-
- this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate;
- this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process;
- this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type;
- this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual;
- this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk;
- this->public.interface.destroy = (void(*)(eap_method_t*))destroy;
+ private_eap_sim_peer_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .initiate = _initiate,
+ .process = _process,
+ .get_type = _get_type,
+ .is_mutual = _is_mutual,
+ .get_msk = _get_msk,
+ .get_identifier = _get_identifier,
+ .set_identifier = _set_identifier,
+ .destroy = _destroy,
+ },
+ },
+ .crypto = simaka_crypto_create(),
+ );
- this->crypto = simaka_crypto_create();
if (!this->crypto)
{
free(this);
return NULL;
}
+
this->permanent = peer->clone(peer);
- this->pseudonym = NULL;
- this->reauth = NULL;
this->tries = MAX_TRIES;
- this->version_list = chunk_empty;
- this->nonce = chunk_empty;
- this->msk = chunk_empty;
return &this->public;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:59:29 +0000