1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
/*
* Copyright (C) 2008-2011 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup simaka_card simaka_card
* @{ @ingroup libsimaka
*/
#ifndef SIMAKA_CARD_H_
#define SIMAKA_CARD_H_
typedef struct simaka_card_t simaka_card_t;
#include "simaka_manager.h"
#include <utils/identification.h>
/**
* Interface for a (U)SIM card (used as EAP client).
*
* The SIM card completes triplets/quintuplets requested in a challenge
* received from the server.
* An implementation supporting only one of SIM/AKA authentication may
* implement the other methods with return_false()/return NOT_SUPPORTED/NULL.
*/
struct simaka_card_t {
/**
* Calculate SRES/KC from a RAND for SIM authentication.
*
* @param id permanent identity to get a triplet for
* @param rand RAND input buffer, fixed size 16 bytes
* @param sres SRES output buffer, fixed size 4 byte
* @param kc KC output buffer, fixed size 8 bytes
* @return TRUE if SRES/KC calculated, FALSE on error/wrong identity
*/
bool (*get_triplet)(simaka_card_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
char kc[SIM_KC_LEN]);
/**
* Calculate CK/IK/RES from RAND/AUTN for AKA authentication.
*
* If the received sequence number (in autn) is out of sync, INVALID_STATE
* is returned.
* The RES value is the only one with variable length. Pass a buffer
* of at least AKA_RES_MAX, the actual number of bytes is written to the
* res_len value. While the standard would allow any bit length between
* 32 and 128 bits, we support only full bytes for now.
*
* @param id permanent identity to request quintuplet for
* @param rand random value rand
* @param autn authentication token autn
* @param ck buffer receiving encryption key ck
* @param ik buffer receiving integrity key ik
* @param res buffer receiving authentication result res
* @param res_len nubmer of bytes written to res buffer
* @return SUCCESS, FAILED, or INVALID_STATE if out of sync
*/
status_t (*get_quintuplet)(simaka_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN],
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
char res[AKA_RES_MAX], int *res_len);
/**
* Calculate AUTS from RAND for AKA resynchronization.
*
* @param id permanent identity to request quintuplet for
* @param rand random value rand
* @param auts resynchronization parameter auts
* @return TRUE if parameter generated successfully
*/
bool (*resync)(simaka_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
/**
* Set the pseudonym to use for next authentication.
*
* @param id permanent identity of the peer
* @param pseudonym pseudonym identity received from the server
*/
void (*set_pseudonym)(simaka_card_t *this, identification_t *id,
identification_t *pseudonym);
/**
* Get the pseudonym previously stored via set_pseudonym().
*
* @param id permanent identity of the peer
* @return associated pseudonym identity, NULL if none stored
*/
identification_t* (*get_pseudonym)(simaka_card_t *this, identification_t *id);
/**
* Store parameters to use for the next fast reauthentication.
*
* @param id permanent identity of the peer
* @param next next fast reauthentication identity to use
* @param mk master key MK to store for reauthentication
* @param counter counter value to store, host order
*/
void (*set_reauth)(simaka_card_t *this, identification_t *id,
identification_t *next, char mk[HASH_SIZE_SHA1],
u_int16_t counter);
/**
* Retrieve parameters for fast reauthentication stored via set_reauth().
*
* @param id permanent identity of the peer
* @param mk buffer receiving master key MK
* @param counter pointer receiving counter value, in host order
* @return fast reauthentication identity, NULL if not found
*/
identification_t* (*get_reauth)(simaka_card_t *this, identification_t *id,
char mk[HASH_SIZE_SHA1], u_int16_t *counter);
};
#endif /** SIMAKA_CARD_H_ @}*/
|