diff options
Diffstat (limited to 'src/libsimaka/simaka_message.h')
-rw-r--r-- | src/libsimaka/simaka_message.h | 273 |
1 files changed, 273 insertions, 0 deletions
diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h new file mode 100644 index 000000000..ee9b3ebec --- /dev/null +++ b/src/libsimaka/simaka_message.h @@ -0,0 +1,273 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup libsimaka libsimaka + * + * @addtogroup libsimaka + * Library providing functions shared between EAP-SIM and EAP-AKA plugins. + * + * @defgroup simaka_message simaka_message + * @{ @ingroup libsimaka + */ + +#ifndef SIMAKA_MESSAGE_H_ +#define SIMAKA_MESSAGE_H_ + +#include <enum.h> +#include <daemon.h> + +#include "simaka_crypto.h" + +typedef struct simaka_message_t simaka_message_t; +typedef enum simaka_attribute_t simaka_attribute_t; +typedef enum simaka_subtype_t simaka_subtype_t; +typedef enum simaka_notification_t simaka_notification_t; +typedef enum simaka_client_error_t simaka_client_error_t; + +/** + * Subtypes of EAP-SIM/AKA messages + */ +enum simaka_subtype_t { + AKA_CHALLENGE = 1, + AKA_AUTHENTICATION_REJECT = 2, + AKA_SYNCHRONIZATION_FAILURE = 4, + AKA_IDENTITY = 5, + SIM_START = 10, + SIM_CHALLENGE = 11, + SIM_NOTIFICATION = 12, + AKA_NOTIFICATION = 12, + SIM_REAUTHENTICATION = 13, + AKA_REAUTHENTICATION = 13, + SIM_CLIENT_ERROR = 14, + AKA_CLIENT_ERROR = 14, +}; + +/** + * Enum names for simaka_subtype_t + */ +extern enum_name_t *simaka_subtype_names; + +/** + * Attributes in EAP-SIM/AKA messages + */ +enum simaka_attribute_t { + AT_RAND = 1, + AT_AUTN = 2, + AT_RES = 3, + AT_AUTS = 4, + AT_PADDING = 6, + AT_NONCE_MT = 7, + AT_PERMANENT_ID_REQ = 10, + AT_MAC = 11, + AT_NOTIFICATION = 12, + AT_ANY_ID_REQ = 13, + AT_IDENTITY = 14, + AT_VERSION_LIST = 15, + AT_SELECTED_VERSION = 16, + AT_FULLAUTH_ID_REQ = 17, + AT_COUNTER = 19, + AT_COUNTER_TOO_SMALL = 20, + AT_NONCE_S = 21, + AT_CLIENT_ERROR_CODE = 22, + AT_IV = 129, + AT_ENCR_DATA = 130, + AT_NEXT_PSEUDONYM = 132, + AT_NEXT_REAUTH_ID = 133, + AT_CHECKCODE = 134, + AT_RESULT_IND = 135, +}; + +/** + * Enum names for simaka_attribute_t + */ +extern enum_name_t *simaka_attribute_names; + +/** + * Notification codes used within AT_NOTIFICATION attribute. + */ +enum simaka_notification_t { + /** SIM General failure after authentication. (Implies failure) */ + SIM_GENERAL_FAILURE_AA = 0, + /** AKA General failure after authentication. (Implies failure) */ + AKA_GENERAL_FAILURE_AA = 0, + /** SIM General failure. (Implies failure, used before authentication) */ + SIM_GENERAL_FAILURE = 16384, + /** AKA General failure. (Implies failure, used before authentication) */ + AKA_GENERAL_FAILURE = 16384, + /** SIM User has been temporarily denied access to the requested service. */ + SIM_TEMP_DENIED = 1026, + /** AKA User has been temporarily denied access to the requested service. */ + AKA_TEMP_DENIED = 1026, + /** SIM User has not subscribed to the requested service. */ + SIM_NOT_SUBSCRIBED = 1031, + /** AKA User has not subscribed to the requested service. */ + AKA_NOT_SUBSCRIBED = 1031, + /** SIM Success. User has been successfully authenticated. */ + SIM_SUCCESS = 32768, + /** AKA Success. User has been successfully authenticated. */ + AKA_SUCCESS = 32768, +}; + +/** + * Enum names for simaka_notification_t + */ +extern enum_name_t *simaka_notification_names; + +/** + * Error codes sent in AT_CLIENT_ERROR_CODE attribute + */ +enum simaka_client_error_t { + /** AKA unable to process packet */ + AKA_UNABLE_TO_PROCESS = 0, + /** SIM unable to process packet */ + SIM_UNABLE_TO_PROCESS = 0, + /** SIM unsupported version */ + SIM_UNSUPPORTED_VERSION = 1, + /** SIM insufficient number of challenges */ + SIM_INSUFFICIENT_CHALLENGES = 2, + /** SIM RANDs are not fresh */ + SIM_RANDS_NOT_FRESH = 3, +}; + +/** + * Enum names for simaka_client_error_t + */ +extern enum_name_t *simaka_client_error_names; + +/** + * Check if an EAP-SIM/AKA attribute is "skippable". + * + * @param attribute attribute to check + * @return TRUE if attribute skippable, FALSE if non-skippable + */ +bool simaka_attribute_skippable(simaka_attribute_t attribute); + +/** + * EAP-SIM and EAP-AKA message abstraction. + * + * Messages for EAP-SIM and EAP-AKA share a common format, this class + * abstracts such a message and provides encoding/encryption/signing + * functionality. + */ +struct simaka_message_t { + + /** + * Check if the given message is a request or response. + * + * @return TRUE if request, FALSE if response + */ + bool (*is_request)(simaka_message_t *this); + + /** + * Get the EAP message identifier. + * + * @return EAP message identifier + */ + u_int8_t (*get_identifier)(simaka_message_t *this); + + /** + * Get the EAP type of the message. + * + * @return EAP type: EAP-SIM or EAP-AKA + */ + eap_type_t (*get_type)(simaka_message_t *this); + + /** + * Get the subtype of an EAP-SIM message. + * + * @return subtype of message + */ + simaka_subtype_t (*get_subtype)(simaka_message_t *this); + + /** + * Create an enumerator over message attributes. + * + * @return enumerator over (simaka_attribute_t, chunk_t) + */ + enumerator_t* (*create_attribute_enumerator)(simaka_message_t *this); + + /** + * Append an attribute to the EAP-SIM message. + * + * Make sure to pass only data of correct length for the given attribute. + * + * @param type type of attribute to add to message + * @param data unpadded attribute data to add + */ + void (*add_attribute)(simaka_message_t *this, simaka_attribute_t type, + chunk_t data); + + /** + * Parse a message, with optional attribute decryption. + * + * This method does not verify message integrity, as the key is available + * only after the payload has been parsed. It might be necessary to call + * parse twice, as key derivation data in EAP-SIM/AKA is in the same + * packet as encrypted data. + * + * @param crypto EAP-SIM/AKA crypto helper + * @return TRUE if message parsed successfully + */ + bool (*parse)(simaka_message_t *this); + + /** + * Verify the message integrity of a parsed message. + * + * @param crypto EAP-SIM/AKA crypto helper + * @param sigdata additional data to include in signature, if any + * @return TRUE if message integrity check successful + */ + bool (*verify)(simaka_message_t *this, chunk_t sigdata); + + /** + * Generate a message, optionally encrypt attributes and create a MAC. + * + * @param sigdata additional data to include in signature, if any + * @return generated eap payload, NULL if failed + */ + eap_payload_t* (*generate)(simaka_message_t *this, chunk_t sigdata); + + /** + * Destroy a simaka_message_t. + */ + void (*destroy)(simaka_message_t *this); +}; + +/** + * Create an empty simaka_message. + * + * @param request TRUE for a request message, FALSE for a response + * @param identifier EAP message identifier + * @param type EAP type: EAP-SIM or EAP-AKA + * @param subtype subtype of the EAP message + * @param crypto EAP-SIM/AKA crypto helper + * @return empty message of requested kind, NULL on error + */ +simaka_message_t *simaka_message_create(bool request, u_int8_t identifier, + eap_type_t type, simaka_subtype_t subtype, + simaka_crypto_t *crypto); + +/** + * Create an simaka_message from a chunk of data. + * + * @param payload payload to create message from + * @param crypto EAP-SIM/AKA crypto helper + * @return EAP message, NULL on error + */ +simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload, + simaka_crypto_t *crypto); + +#endif /** SIMAKA_MESSAGE_H_ @}*/ |