]>
Commit | Line | Data |
---|---|---|
f27f6296 | 1 | /* |
a44bb934 | 2 | * Copyright (C) 2006-2009 Martin Willi |
19ef2aec TB |
3 | * |
4 | * Copyright (C) secunet Security Networks AG | |
f27f6296 MW |
5 | * |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
552cc11b MW |
15 | */ |
16 | ||
17 | /** | |
18 | * @defgroup eap_authenticator eap_authenticator | |
22bf44c8 | 19 | * @{ @ingroup authenticators_v2 |
f27f6296 MW |
20 | */ |
21 | ||
22 | #ifndef EAP_AUTHENTICATOR_H_ | |
23 | #define EAP_AUTHENTICATOR_H_ | |
24 | ||
25 | typedef struct eap_authenticator_t eap_authenticator_t; | |
26 | ||
15a682f4 | 27 | #include <sa/authenticator.h> |
f27f6296 MW |
28 | |
29 | /** | |
a44bb934 | 30 | * Implementation of authenticator_t using EAP authentication. |
f27f6296 MW |
31 | * |
32 | * Authentication using EAP involves the most complex authenticator. It stays | |
33 | * alive over multiple ike_auth transactions and handles multiple EAP | |
34 | * messages. | |
f27f6296 MW |
35 | * |
36 | * @verbatim | |
37 | ike_sa_init | |
38 | -------------------------> | |
39 | <------------------------- | |
40 | followed by multiple ike_auth: | |
41 | ||
42 | +--------+ +--------+ | |
a44bb934 | 43 | | EAP | IDi, [IDr,] SA, TS | EAP | |
f27f6296 | 44 | | client | ---------------------------> | server | |
a44bb934 MW |
45 | | | ID, AUTH, EAP | | |
46 | | | <--------------------------- | | | |
47 | | | EAP | | | |
48 | | | ---------------------------> | | | |
f27f6296 MW |
49 | | | EAP | | |
50 | | | <--------------------------- | | | |
51 | | | EAP | | | |
52 | | | ---------------------------> | | | |
53 | | | EAP(SUCCESS) | | | |
54 | | | <--------------------------- | | | |
55 | | | AUTH | | If EAP establishes | |
56 | | | ---------------------------> | | a session key, AUTH | |
57 | | | AUTH, SA, TS | | payloads use this | |
58 | | | <--------------------------- | | key, not SK_pi/pr | |
59 | +--------+ +--------+ | |
60 | ||
61 | @endverbatim | |
f27f6296 MW |
62 | */ |
63 | struct eap_authenticator_t { | |
64 | ||
65 | /** | |
66 | * Implemented authenticator_t interface. | |
67 | */ | |
a44bb934 | 68 | authenticator_t authenticator; |
f27f6296 MW |
69 | }; |
70 | ||
71 | /** | |
a44bb934 | 72 | * Create an authenticator to authenticate against an EAP server. |
f27f6296 | 73 | * |
a44bb934 MW |
74 | * @param ike_sa associated ike_sa |
75 | * @param received_nonce nonce received in IKE_SA_INIT | |
25f2d52f MW |
76 | * @param sent_nonce nonce sent in IKE_SA_INIT |
77 | * @param received_init received IKE_SA_INIT message data | |
a44bb934 | 78 | * @param sent_init sent IKE_SA_INIT message data |
5f15faeb | 79 | * @param reserved reserved bytes of ID payload |
a44bb934 MW |
80 | * @return EAP authenticator |
81 | */ | |
82 | eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, | |
25f2d52f | 83 | chunk_t received_nonce, chunk_t sent_nonce, |
5f15faeb MW |
84 | chunk_t received_init, chunk_t sent_init, |
85 | char reserved[3]); | |
a44bb934 MW |
86 | |
87 | /** | |
88 | * Create an authenticator to authenticate EAP clients. | |
7daf5226 | 89 | * |
a44bb934 | 90 | * @param ike_sa associated ike_sa |
25f2d52f | 91 | * @param received_nonce nonce received in IKE_SA_INIT |
a44bb934 MW |
92 | * @param sent_nonce nonce sent in IKE_SA_INIT |
93 | * @param received_init received IKE_SA_INIT message data | |
25f2d52f | 94 | * @param sent_init sent IKE_SA_INIT message data |
5f15faeb | 95 | * @param reserved reserved bytes of ID payload |
a44bb934 | 96 | * @return EAP authenticator |
f27f6296 | 97 | */ |
a44bb934 | 98 | eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, |
25f2d52f | 99 | chunk_t received_nonce, chunk_t sent_nonce, |
5f15faeb MW |
100 | chunk_t received_init, chunk_t sent_init, |
101 | char reserved[3]); | |
f27f6296 | 102 | |
1490ff4d | 103 | #endif /** EAP_AUTHENTICATOR_H_ @}*/ |