diff options
Diffstat (limited to 'src/libcharon/plugins/eap_aka/eap_aka_peer.c')
| -rw-r--r-- | src/libcharon/plugins/eap_aka/eap_aka_peer.c | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c index df0c4c5b4..8c392405e 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_peer.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c @@ -20,6 +20,7 @@ #include <simaka_message.h> #include <simaka_crypto.h> +#include <simaka_manager.h> typedef struct private_eap_aka_peer_t private_eap_aka_peer_t; @@ -34,6 +35,11 @@ struct private_eap_aka_peer_t { eap_aka_peer_t public; /** + * AKA backend manager + */ + simaka_manager_t *mgr; + + /** * EAP-AKA crypto helper */ simaka_crypto_t *crypto; @@ -91,7 +97,7 @@ static eap_payload_t* create_client_error(private_eap_aka_peer_t *this) encoded = htons(AKA_UNABLE_TO_PROCESS); message->add_attribute(message, AT_CLIENT_ERROR_CODE, chunk_create((char*)&encoded, sizeof(encoded))); - out = message->generate(message, chunk_empty); + out = eap_payload_create_data_own(message->generate(message, chunk_empty)); message->destroy(message); return out; } @@ -140,7 +146,7 @@ static status_t process_identity(private_eap_aka_peer_t *this, switch (id_req) { case AT_ANY_ID_REQ: - this->reauth = charon->sim->card_get_reauth(charon->sim, + this->reauth = this->mgr->card_get_reauth(this->mgr, this->permanent, this->mk, &this->counter); if (this->reauth) { @@ -149,8 +155,8 @@ static status_t process_identity(private_eap_aka_peer_t *this, } /* FALL */ case AT_FULLAUTH_ID_REQ: - this->pseudonym = charon->sim->card_get_pseudonym(charon->sim, - this->permanent); + this->pseudonym = this->mgr->card_get_pseudonym(this->mgr, + this->permanent); if (this->pseudonym) { id = this->pseudonym->get_encoding(this->pseudonym); @@ -169,7 +175,7 @@ static status_t process_identity(private_eap_aka_peer_t *this, { message->add_attribute(message, AT_IDENTITY, id); } - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, chunk_empty)); message->destroy(message); return NEED_MORE; @@ -220,10 +226,10 @@ static status_t process_challenge(private_eap_aka_peer_t *this, return NEED_MORE; } - status = charon->sim->card_get_quintuplet(charon->sim, this->permanent, + status = this->mgr->card_get_quintuplet(this->mgr, this->permanent, rand.ptr, autn.ptr, ck, ik, res, &res_len); if (status == INVALID_STATE && - charon->sim->card_resync(charon->sim, this->permanent, rand.ptr, auts)) + this->mgr->card_resync(this->mgr, this->permanent, rand.ptr, auts)) { DBG1(DBG_IKE, "received SQN invalid, sending %N", simaka_subtype_names, AKA_SYNCHRONIZATION_FAILURE); @@ -231,7 +237,8 @@ static status_t process_challenge(private_eap_aka_peer_t *this, AKA_SYNCHRONIZATION_FAILURE, this->crypto); message->add_attribute(message, AT_AUTS, chunk_create(auts, AKA_AUTS_LEN)); - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, + chunk_empty)); message->destroy(message); return NEED_MORE; } @@ -241,7 +248,8 @@ static status_t process_challenge(private_eap_aka_peer_t *this, this->permanent, simaka_subtype_names, AKA_AUTHENTICATION_REJECT); message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, AKA_AUTHENTICATION_REJECT, this->crypto); - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, + chunk_empty)); message->destroy(message); return NEED_MORE; } @@ -274,13 +282,13 @@ static status_t process_challenge(private_eap_aka_peer_t *this, case AT_NEXT_REAUTH_ID: this->counter = 0; id = identification_create_from_data(data); - charon->sim->card_set_reauth(charon->sim, this->permanent, id, - this->mk, this->counter); + this->mgr->card_set_reauth(this->mgr, this->permanent, id, + this->mk, this->counter); id->destroy(id); break; case AT_NEXT_PSEUDONYM: id = identification_create_from_data(data); - charon->sim->card_set_pseudonym(charon->sim, this->permanent, id); + this->mgr->card_set_pseudonym(this->mgr, this->permanent, id); id->destroy(id); break; default: @@ -292,7 +300,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this, message = simaka_message_create(FALSE, this->identifier, EAP_AKA, AKA_CHALLENGE, this->crypto); message->add_attribute(message, AT_RES, chunk_create(res, res_len)); - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, chunk_empty)); message->destroy(message); return NEED_MORE; } @@ -389,13 +397,13 @@ static status_t process_reauthentication(private_eap_aka_peer_t *this, identification_t *reauth; reauth = identification_create_from_data(data); - charon->sim->card_set_reauth(charon->sim, this->permanent, reauth, - this->mk, this->counter); + this->mgr->card_set_reauth(this->mgr, this->permanent, reauth, + this->mk, this->counter); reauth->destroy(reauth); } } message->add_attribute(message, AT_COUNTER, counter); - *out = message->generate(message, nonce); + *out = eap_payload_create_data_own(message->generate(message, nonce)); message->destroy(message); return NEED_MORE; } @@ -446,7 +454,8 @@ static status_t process_notification(private_eap_aka_peer_t *this, { /* empty notification reply */ message = simaka_message_create(FALSE, this->identifier, EAP_AKA, AKA_NOTIFICATION, this->crypto); - *out = message->generate(message, chunk_empty); + *out = eap_payload_create_data_own(message->generate(message, + chunk_empty)); message->destroy(message); } else @@ -466,7 +475,7 @@ METHOD(eap_method_t, process, status_t, /* store received EAP message identifier */ this->identifier = in->get_identifier(in); - message = simaka_message_create_from_payload(in, this->crypto); + message = simaka_message_create_from_payload(in->get_data(in), this->crypto); if (!message) { *out = create_client_error(this); @@ -578,7 +587,8 @@ eap_aka_peer_t *eap_aka_peer_create(identification_t *server, .destroy = _destroy, }, }, - .crypto = simaka_crypto_create(), + .crypto = simaka_crypto_create(EAP_AKA), + .mgr = lib->get(lib, "aka-manager"), ); if (!this->crypto) |