diff options
Diffstat (limited to 'src/libsimaka/simaka_manager.c')
| -rw-r--r-- | src/libsimaka/simaka_manager.c | 626 |
1 files changed, 626 insertions, 0 deletions
diff --git a/src/libsimaka/simaka_manager.c b/src/libsimaka/simaka_manager.c new file mode 100644 index 000000000..65de1c5ab --- /dev/null +++ b/src/libsimaka/simaka_manager.c @@ -0,0 +1,626 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "simaka_manager.h" + +#include <debug.h> +#include <utils/linked_list.h> +#include <threading/rwlock.h> + +typedef struct private_simaka_manager_t private_simaka_manager_t; + +/** + * Private data of an simaka_manager_t object. + */ +struct private_simaka_manager_t { + + /** + * Public simaka_manager_t interface. + */ + simaka_manager_t public; + + /** + * list of added cards + */ + linked_list_t *cards; + + /** + * list of added provider + */ + linked_list_t *providers; + + /** + * list of added hooks + */ + linked_list_t *hooks; + + /** + * lock for lists above + */ + rwlock_t *lock; +}; + +/** + * Described in header. + */ +void libsimaka_init(void) +{ + /* empty */ +} + +METHOD(simaka_manager_t, add_card, void, + private_simaka_manager_t *this, simaka_card_t *card) +{ + this->lock->write_lock(this->lock); + this->cards->insert_last(this->cards, card); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, remove_card, void, + private_simaka_manager_t *this, simaka_card_t *card) +{ + this->lock->write_lock(this->lock); + this->cards->remove(this->cards, card, NULL); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, card_get_triplet, bool, + private_simaka_manager_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) +{ + enumerator_t *enumerator; + simaka_card_t *card; + int tried = 0; + + this->lock->read_lock(this->lock); + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + if (card->get_triplet(card, id, rand, sres, kc)) + { + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return TRUE; + } + tried++; + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + DBG1(DBG_LIB, "tried %d SIM cards, but none has triplets for '%Y'", + tried, id); + return FALSE; +} + +METHOD(simaka_manager_t, card_get_quintuplet, status_t, + private_simaka_manager_t *this, identification_t *id, char rand[AKA_RAND_LEN], + char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char res[AKA_RES_MAX], int *res_len) +{ + enumerator_t *enumerator; + simaka_card_t *card; + status_t status = NOT_FOUND; + int tried = 0; + + this->lock->read_lock(this->lock); + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + status = card->get_quintuplet(card, id, rand, autn, ck, ik, res, res_len); + switch (status) + { /* try next on error, but not on INVALID_STATE */ + case SUCCESS: + case INVALID_STATE: + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return status; + case NOT_SUPPORTED: + case FAILED: + default: + tried++; + continue; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + DBG1(DBG_LIB, "tried %d SIM cards, but none has quintuplets for '%Y'", + tried, id); + return status; +} + +METHOD(simaka_manager_t, card_resync, bool, + private_simaka_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + enumerator_t *enumerator; + simaka_card_t *card; + + this->lock->read_lock(this->lock); + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + if (card->resync(card, id, rand, auts)) + { + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return TRUE; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return FALSE; +} + +METHOD(simaka_manager_t, card_set_pseudonym, void, + private_simaka_manager_t *this, identification_t *id, + identification_t *pseudonym) +{ + enumerator_t *enumerator; + simaka_card_t *card; + + DBG1(DBG_LIB, "storing pseudonym '%Y' for '%Y'", pseudonym, id); + + this->lock->read_lock(this->lock); + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + card->set_pseudonym(card, id, pseudonym); + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, card_get_pseudonym, identification_t*, + private_simaka_manager_t *this, identification_t *id) +{ + enumerator_t *enumerator; + simaka_card_t *card; + identification_t *pseudonym = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + pseudonym = card->get_pseudonym(card, id); + if (pseudonym) + { + DBG1(DBG_LIB, "using stored pseudonym identity '%Y' " + "instead of '%Y'", pseudonym, id); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return pseudonym; +} + +METHOD(simaka_manager_t, card_set_reauth, void, + private_simaka_manager_t *this, identification_t *id, identification_t *next, + char mk[HASH_SIZE_SHA1], u_int16_t counter) +{ + enumerator_t *enumerator; + simaka_card_t *card; + + DBG1(DBG_LIB, "storing next reauthentication identity '%Y' for '%Y'", + next, id); + + this->lock->read_lock(this->lock); + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + card->set_reauth(card, id, next, mk, counter); + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, card_get_reauth, identification_t*, + private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter) +{ + enumerator_t *enumerator; + simaka_card_t *card; + identification_t *reauth = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + reauth = card->get_reauth(card, id, mk, counter); + if (reauth) + { + DBG1(DBG_LIB, "using stored reauthentication identity '%Y' " + "instead of '%Y'", reauth, id); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return reauth; +} + +METHOD(simaka_manager_t, add_provider, void, + private_simaka_manager_t *this, simaka_provider_t *provider) +{ + this->lock->write_lock(this->lock); + this->providers->insert_last(this->providers, provider); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, remove_provider, void, + private_simaka_manager_t *this, simaka_provider_t *provider) +{ + this->lock->write_lock(this->lock); + this->providers->remove(this->providers, provider, NULL); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, provider_get_triplet, bool, + private_simaka_manager_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) +{ + enumerator_t *enumerator; + simaka_provider_t *provider; + int tried = 0; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + if (provider->get_triplet(provider, id, rand, sres, kc)) + { + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return TRUE; + } + tried++; + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + DBG1(DBG_LIB, "tried %d SIM providers, but none had a triplet for '%Y'", + tried, id); + return FALSE; +} + +METHOD(simaka_manager_t, provider_get_quintuplet, bool, + private_simaka_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]) +{ + enumerator_t *enumerator; + simaka_provider_t *provider; + int tried = 0; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + if (provider->get_quintuplet(provider, id, rand, xres, xres_len, + ck, ik, autn)) + { + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return TRUE; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + DBG1(DBG_LIB, "tried %d SIM providers, but none had a quintuplet for '%Y'", + tried, id); + return FALSE; +} + +METHOD(simaka_manager_t, provider_resync, bool, + private_simaka_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + enumerator_t *enumerator; + simaka_provider_t *provider; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + if (provider->resync(provider, id, rand, auts)) + { + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return TRUE; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return FALSE; +} + +METHOD(simaka_manager_t, provider_is_pseudonym, identification_t*, + private_simaka_manager_t *this, identification_t *id) +{ + enumerator_t *enumerator; + simaka_provider_t *provider; + identification_t *permanent = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + permanent = provider->is_pseudonym(provider, id); + if (permanent) + { + DBG1(DBG_LIB, "received pseudonym identity '%Y' " + "mapping to '%Y'", id, permanent); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return permanent; +} + +METHOD(simaka_manager_t, provider_gen_pseudonym, identification_t*, + private_simaka_manager_t *this, identification_t *id) +{ + enumerator_t *enumerator; + simaka_provider_t *provider; + identification_t *pseudonym = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + pseudonym = provider->gen_pseudonym(provider, id); + if (pseudonym) + { + DBG1(DBG_LIB, "proposing new pseudonym '%Y'", pseudonym); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return pseudonym; +} + +METHOD(simaka_manager_t, provider_is_reauth, identification_t*, + private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter) +{ + enumerator_t *enumerator; + simaka_provider_t *provider; + identification_t *permanent = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + permanent = provider->is_reauth(provider, id, mk, counter); + if (permanent) + { + DBG1(DBG_LIB, "received reauthentication identity '%Y' " + "mapping to '%Y'", id, permanent); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return permanent; +} + +METHOD(simaka_manager_t, provider_gen_reauth, identification_t*, + private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1]) +{ + enumerator_t *enumerator; + simaka_provider_t *provider; + identification_t *reauth = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + reauth = provider->gen_reauth(provider, id, mk); + if (reauth) + { + DBG1(DBG_LIB, "proposing new reauthentication identity '%Y'", reauth); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return reauth; +} + +METHOD(simaka_manager_t, add_hooks, void, + private_simaka_manager_t *this, simaka_hooks_t *hooks) +{ + this->lock->write_lock(this->lock); + this->hooks->insert_last(this->hooks, hooks); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, remove_hooks, void, + private_simaka_manager_t *this, simaka_hooks_t *hooks) +{ + this->lock->write_lock(this->lock); + this->hooks->remove(this->hooks, hooks, NULL); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, message_hook, void, + private_simaka_manager_t *this, simaka_message_t *message, + bool inbound, bool decrypted) +{ + enumerator_t *enumerator; + simaka_hooks_t *hooks; + + this->lock->read_lock(this->lock); + enumerator = this->hooks->create_enumerator(this->hooks); + while (enumerator->enumerate(enumerator, &hooks)) + { + hooks->message(hooks, message, inbound, decrypted); + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, key_hook, void, + private_simaka_manager_t *this, chunk_t k_encr, chunk_t k_auth) +{ + enumerator_t *enumerator; + simaka_hooks_t *hooks; + + this->lock->read_lock(this->lock); + enumerator = this->hooks->create_enumerator(this->hooks); + while (enumerator->enumerate(enumerator, &hooks)) + { + hooks->keys(hooks, k_encr, k_auth); + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +METHOD(simaka_manager_t, destroy, void, + private_simaka_manager_t *this) +{ + this->cards->destroy(this->cards); + this->providers->destroy(this->providers); + this->hooks->destroy(this->hooks); + this->lock->destroy(this->lock); + free(this); +} + +/** + * See header + */ +simaka_manager_t *simaka_manager_create() +{ + private_simaka_manager_t *this; + + INIT(this, + .public = { + .add_card = _add_card, + .remove_card = _remove_card, + .card_get_triplet = _card_get_triplet, + .card_get_quintuplet = _card_get_quintuplet, + .card_resync = _card_resync, + .card_set_pseudonym = _card_set_pseudonym, + .card_get_pseudonym = _card_get_pseudonym, + .card_set_reauth = _card_set_reauth, + .card_get_reauth = _card_get_reauth, + .add_provider = _add_provider, + .remove_provider = _remove_provider, + .provider_get_triplet = _provider_get_triplet, + .provider_get_quintuplet = _provider_get_quintuplet, + .provider_resync = _provider_resync, + .provider_is_pseudonym = _provider_is_pseudonym, + .provider_gen_pseudonym = _provider_gen_pseudonym, + .provider_is_reauth = _provider_is_reauth, + .provider_gen_reauth = _provider_gen_reauth, + .add_hooks = _add_hooks, + .remove_hooks = _remove_hooks, + .message_hook = _message_hook, + .key_hook = _key_hook, + .destroy = _destroy, + }, + .cards = linked_list_create(), + .providers = linked_list_create(), + .hooks = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + return &this->public; +} + +/** + * (Un-)register a provider to a simaka manager + */ +static bool register_card(char *mgr_name, bool reg, simaka_card_t *card) +{ + simaka_manager_t *mgr; + + if (!card) + { + return FALSE; + } + mgr = lib->get(lib, mgr_name); + if (mgr) + { + if (reg) + { + mgr->add_card(mgr, card); + } + else + { + mgr->remove_card(mgr, card); + } + return TRUE; + } + return FALSE; +} + +/** + * (Un-)register a provider to a simaka manager + */ +static bool register_provider(char *mgr_name, bool reg, + simaka_provider_t *provider) +{ + simaka_manager_t *mgr; + + if (!provider) + { + return FALSE; + } + mgr = lib->get(lib, mgr_name); + if (mgr) + { + if (reg) + { + mgr->add_provider(mgr, provider); + } + else + { + mgr->remove_provider(mgr, provider); + } + return TRUE; + } + return FALSE; +} + +/** + * See header + */ +bool simaka_manager_register(plugin_t *plugin, plugin_feature_t *feature, + bool reg, void *data) +{ + simaka_manager_register_cb_t get = (simaka_manager_register_cb_t)data; + + if (feature->type == FEATURE_CUSTOM) + { + if (streq(feature->arg.custom, "aka-card")) + { + return register_card("aka-manager", reg, get(plugin)); + } + else if (streq(feature->arg.custom, "aka-provider")) + { + return register_provider("aka-manager", reg, get(plugin)); + } + else if (streq(feature->arg.custom, "sim-card")) + { + return register_card("sim-manager", reg, get(plugin)); + } + else if (streq(feature->arg.custom, "sim-provider")) + { + return register_provider("sim-manager", reg, get(plugin)); + } + } + return FALSE; +} |