summaryrefslogtreecommitdiff
path: root/src/libsimaka/simaka_message.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libsimaka/simaka_message.h')
-rw-r--r--src/libsimaka/simaka_message.h273
1 files changed, 273 insertions, 0 deletions
diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h
new file mode 100644
index 000000000..ee9b3ebec
--- /dev/null
+++ b/src/libsimaka/simaka_message.h
@@ -0,0 +1,273 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup libsimaka libsimaka
+ *
+ * @addtogroup libsimaka
+ * Library providing functions shared between EAP-SIM and EAP-AKA plugins.
+ *
+ * @defgroup simaka_message simaka_message
+ * @{ @ingroup libsimaka
+ */
+
+#ifndef SIMAKA_MESSAGE_H_
+#define SIMAKA_MESSAGE_H_
+
+#include <enum.h>
+#include <daemon.h>
+
+#include "simaka_crypto.h"
+
+typedef struct simaka_message_t simaka_message_t;
+typedef enum simaka_attribute_t simaka_attribute_t;
+typedef enum simaka_subtype_t simaka_subtype_t;
+typedef enum simaka_notification_t simaka_notification_t;
+typedef enum simaka_client_error_t simaka_client_error_t;
+
+/**
+ * Subtypes of EAP-SIM/AKA messages
+ */
+enum simaka_subtype_t {
+ AKA_CHALLENGE = 1,
+ AKA_AUTHENTICATION_REJECT = 2,
+ AKA_SYNCHRONIZATION_FAILURE = 4,
+ AKA_IDENTITY = 5,
+ SIM_START = 10,
+ SIM_CHALLENGE = 11,
+ SIM_NOTIFICATION = 12,
+ AKA_NOTIFICATION = 12,
+ SIM_REAUTHENTICATION = 13,
+ AKA_REAUTHENTICATION = 13,
+ SIM_CLIENT_ERROR = 14,
+ AKA_CLIENT_ERROR = 14,
+};
+
+/**
+ * Enum names for simaka_subtype_t
+ */
+extern enum_name_t *simaka_subtype_names;
+
+/**
+ * Attributes in EAP-SIM/AKA messages
+ */
+enum simaka_attribute_t {
+ AT_RAND = 1,
+ AT_AUTN = 2,
+ AT_RES = 3,
+ AT_AUTS = 4,
+ AT_PADDING = 6,
+ AT_NONCE_MT = 7,
+ AT_PERMANENT_ID_REQ = 10,
+ AT_MAC = 11,
+ AT_NOTIFICATION = 12,
+ AT_ANY_ID_REQ = 13,
+ AT_IDENTITY = 14,
+ AT_VERSION_LIST = 15,
+ AT_SELECTED_VERSION = 16,
+ AT_FULLAUTH_ID_REQ = 17,
+ AT_COUNTER = 19,
+ AT_COUNTER_TOO_SMALL = 20,
+ AT_NONCE_S = 21,
+ AT_CLIENT_ERROR_CODE = 22,
+ AT_IV = 129,
+ AT_ENCR_DATA = 130,
+ AT_NEXT_PSEUDONYM = 132,
+ AT_NEXT_REAUTH_ID = 133,
+ AT_CHECKCODE = 134,
+ AT_RESULT_IND = 135,
+};
+
+/**
+ * Enum names for simaka_attribute_t
+ */
+extern enum_name_t *simaka_attribute_names;
+
+/**
+ * Notification codes used within AT_NOTIFICATION attribute.
+ */
+enum simaka_notification_t {
+ /** SIM General failure after authentication. (Implies failure) */
+ SIM_GENERAL_FAILURE_AA = 0,
+ /** AKA General failure after authentication. (Implies failure) */
+ AKA_GENERAL_FAILURE_AA = 0,
+ /** SIM General failure. (Implies failure, used before authentication) */
+ SIM_GENERAL_FAILURE = 16384,
+ /** AKA General failure. (Implies failure, used before authentication) */
+ AKA_GENERAL_FAILURE = 16384,
+ /** SIM User has been temporarily denied access to the requested service. */
+ SIM_TEMP_DENIED = 1026,
+ /** AKA User has been temporarily denied access to the requested service. */
+ AKA_TEMP_DENIED = 1026,
+ /** SIM User has not subscribed to the requested service. */
+ SIM_NOT_SUBSCRIBED = 1031,
+ /** AKA User has not subscribed to the requested service. */
+ AKA_NOT_SUBSCRIBED = 1031,
+ /** SIM Success. User has been successfully authenticated. */
+ SIM_SUCCESS = 32768,
+ /** AKA Success. User has been successfully authenticated. */
+ AKA_SUCCESS = 32768,
+};
+
+/**
+ * Enum names for simaka_notification_t
+ */
+extern enum_name_t *simaka_notification_names;
+
+/**
+ * Error codes sent in AT_CLIENT_ERROR_CODE attribute
+ */
+enum simaka_client_error_t {
+ /** AKA unable to process packet */
+ AKA_UNABLE_TO_PROCESS = 0,
+ /** SIM unable to process packet */
+ SIM_UNABLE_TO_PROCESS = 0,
+ /** SIM unsupported version */
+ SIM_UNSUPPORTED_VERSION = 1,
+ /** SIM insufficient number of challenges */
+ SIM_INSUFFICIENT_CHALLENGES = 2,
+ /** SIM RANDs are not fresh */
+ SIM_RANDS_NOT_FRESH = 3,
+};
+
+/**
+ * Enum names for simaka_client_error_t
+ */
+extern enum_name_t *simaka_client_error_names;
+
+/**
+ * Check if an EAP-SIM/AKA attribute is "skippable".
+ *
+ * @param attribute attribute to check
+ * @return TRUE if attribute skippable, FALSE if non-skippable
+ */
+bool simaka_attribute_skippable(simaka_attribute_t attribute);
+
+/**
+ * EAP-SIM and EAP-AKA message abstraction.
+ *
+ * Messages for EAP-SIM and EAP-AKA share a common format, this class
+ * abstracts such a message and provides encoding/encryption/signing
+ * functionality.
+ */
+struct simaka_message_t {
+
+ /**
+ * Check if the given message is a request or response.
+ *
+ * @return TRUE if request, FALSE if response
+ */
+ bool (*is_request)(simaka_message_t *this);
+
+ /**
+ * Get the EAP message identifier.
+ *
+ * @return EAP message identifier
+ */
+ u_int8_t (*get_identifier)(simaka_message_t *this);
+
+ /**
+ * Get the EAP type of the message.
+ *
+ * @return EAP type: EAP-SIM or EAP-AKA
+ */
+ eap_type_t (*get_type)(simaka_message_t *this);
+
+ /**
+ * Get the subtype of an EAP-SIM message.
+ *
+ * @return subtype of message
+ */
+ simaka_subtype_t (*get_subtype)(simaka_message_t *this);
+
+ /**
+ * Create an enumerator over message attributes.
+ *
+ * @return enumerator over (simaka_attribute_t, chunk_t)
+ */
+ enumerator_t* (*create_attribute_enumerator)(simaka_message_t *this);
+
+ /**
+ * Append an attribute to the EAP-SIM message.
+ *
+ * Make sure to pass only data of correct length for the given attribute.
+ *
+ * @param type type of attribute to add to message
+ * @param data unpadded attribute data to add
+ */
+ void (*add_attribute)(simaka_message_t *this, simaka_attribute_t type,
+ chunk_t data);
+
+ /**
+ * Parse a message, with optional attribute decryption.
+ *
+ * This method does not verify message integrity, as the key is available
+ * only after the payload has been parsed. It might be necessary to call
+ * parse twice, as key derivation data in EAP-SIM/AKA is in the same
+ * packet as encrypted data.
+ *
+ * @param crypto EAP-SIM/AKA crypto helper
+ * @return TRUE if message parsed successfully
+ */
+ bool (*parse)(simaka_message_t *this);
+
+ /**
+ * Verify the message integrity of a parsed message.
+ *
+ * @param crypto EAP-SIM/AKA crypto helper
+ * @param sigdata additional data to include in signature, if any
+ * @return TRUE if message integrity check successful
+ */
+ bool (*verify)(simaka_message_t *this, chunk_t sigdata);
+
+ /**
+ * Generate a message, optionally encrypt attributes and create a MAC.
+ *
+ * @param sigdata additional data to include in signature, if any
+ * @return generated eap payload, NULL if failed
+ */
+ eap_payload_t* (*generate)(simaka_message_t *this, chunk_t sigdata);
+
+ /**
+ * Destroy a simaka_message_t.
+ */
+ void (*destroy)(simaka_message_t *this);
+};
+
+/**
+ * Create an empty simaka_message.
+ *
+ * @param request TRUE for a request message, FALSE for a response
+ * @param identifier EAP message identifier
+ * @param type EAP type: EAP-SIM or EAP-AKA
+ * @param subtype subtype of the EAP message
+ * @param crypto EAP-SIM/AKA crypto helper
+ * @return empty message of requested kind, NULL on error
+ */
+simaka_message_t *simaka_message_create(bool request, u_int8_t identifier,
+ eap_type_t type, simaka_subtype_t subtype,
+ simaka_crypto_t *crypto);
+
+/**
+ * Create an simaka_message from a chunk of data.
+ *
+ * @param payload payload to create message from
+ * @param crypto EAP-SIM/AKA crypto helper
+ * @return EAP message, NULL on error
+ */
+simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload,
+ simaka_crypto_t *crypto);
+
+#endif /** SIMAKA_MESSAGE_H_ @}*/