diff options
Diffstat (limited to 'src/libsimaka/simaka_crypto.h')
-rw-r--r-- | src/libsimaka/simaka_crypto.h | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/src/libsimaka/simaka_crypto.h b/src/libsimaka/simaka_crypto.h new file mode 100644 index 000000000..d1830e658 --- /dev/null +++ b/src/libsimaka/simaka_crypto.h @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup simaka_crypto simaka_crypto + * @{ @ingroup libsimaka + */ + +#ifndef SIMAKA_CRYPTO_H_ +#define SIMAKA_CRYPTO_H_ + +#include <library.h> + +typedef struct simaka_crypto_t simaka_crypto_t; + +/** + * EAP-SIM/AKA crypto helper and key derivation class. + */ +struct simaka_crypto_t { + + /** + * Get the signer to use for AT_MAC calculation/verification. + * + * @return signer reference, NULL if no keys have been derived + */ + signer_t* (*get_signer)(simaka_crypto_t *this); + + /** + * Get the signer to use for AT_ENCR_DATA encryption/decryption. + * + * @return crypter reference, NULL if no keys have been derived + */ + crypter_t* (*get_crypter)(simaka_crypto_t *this); + + /** + * Get the random number generator. + * + * @return rng reference + */ + rng_t* (*get_rng)(simaka_crypto_t *this); + + /** + * Derive keys after full authentication. + * + * This methods derives the k_encr/k_auth keys and loads them into the + * internal crypter/signer instances. The passed data is method specific: + * For EAP-SIM, it is "n*Kc|NONCE_MT|Version List|Selected Version", for + * EAP-AKA it is "IK|CK". + * + * @param id peer identity + * @param data method specific data + * @param mk chunk receiving allocated master key MK + * @return allocated MSK value + */ + chunk_t (*derive_keys_full)(simaka_crypto_t *this, identification_t *id, + chunk_t data, chunk_t *mk); + + /** + * Derive k_encr/k_auth keys from MK using fast reauthentication. + * + * This methods derives the k_encr/k_auth keys and loads them into the + * internal crypter/signer instances. + * + * @param mk master key + */ + void (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk); + + /** + * Derive MSK using fast reauthentication. + * + * @param id fast reauthentication identity + * @param counter fast reauthentication counter value, network order + * @param nonce_s server generated NONCE_S value + * @param mk master key of last full authentication + */ + chunk_t (*derive_keys_reauth_msk)(simaka_crypto_t *this, + identification_t *id, chunk_t counter, + chunk_t nonce_s, chunk_t mk); + + /** + * Clear keys (partially) derived. + */ + void (*clear_keys)(simaka_crypto_t *this); + + /** + * Destroy a simaka_crypto_t. + */ + void (*destroy)(simaka_crypto_t *this); +}; + +/** + * Create a simaka_crypto instance. + * + * @return EAP-SIM/AKA crypto instance, NULL if algorithms missing + */ +simaka_crypto_t *simaka_crypto_create(); + +#endif /** SIMAKA_CRYPTO_H_ @}*/ |