[thirdparty/strongswan.git] / src / libsimaka / simaka_crypto.h

/*
 * Copyright (C) 2009 Martin Willi
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup simaka_crypto simaka_crypto
 * @{ @ingroup libsimaka
 */

#ifndef SIMAKA_CRYPTO_H_
#define SIMAKA_CRYPTO_H_

#include <library.h>

typedef struct simaka_crypto_t simaka_crypto_t;

/**
 * EAP-SIM/AKA crypto helper and key derivation class.
 */
struct simaka_crypto_t {

	/**
	 * Get the signer to use for AT_MAC calculation/verification.
	 *
	 * @return		signer reference, NULL if no keys have been derived
	 */
	signer_t* (*get_signer)(simaka_crypto_t *this);

	/**
	 * Get the signer to use for AT_ENCR_DATA encryption/decryption.
	 *
	 * @return		crypter reference, NULL if no keys have been derived
	 */
	crypter_t* (*get_crypter)(simaka_crypto_t *this);

	/**
	 * Get the random number generator.
	 *
	 * @return		rng reference
	 */
	rng_t* (*get_rng)(simaka_crypto_t *this);

	/**
	 * Derive keys after full authentication.
	 *
	 * This methods derives the k_encr/k_auth keys and loads them into the
	 * internal crypter/signer instances. The passed data is method specific:
	 * For EAP-SIM, it is "n*Kc|NONCE_MT|Version List|Selected Version", for
	 * EAP-AKA it is "IK|CK".
	 *
	 * @param id	peer identity
	 * @param data	method specific data
	 * @param mk	chunk receiving allocated master key MK
	 * @param msk	chunk receiving allocated MSK
	 * @return		TRUE if keys allocated and derived successfully
	 */
	bool (*derive_keys_full)(simaka_crypto_t *this, identification_t *id,
							 chunk_t data, chunk_t *mk, chunk_t *msk);

	/**
	 * Derive k_encr/k_auth keys from MK using fast reauthentication.
	 *
	 * This methods derives the k_encr/k_auth keys and loads them into the
	 * internal crypter/signer instances.
	 *
	 * @param mk	master key
	 * @return		TRUE if keys derived successfully
	 */
	bool (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk);

	/**
	 * Derive MSK using fast reauthentication.
	 *
	 * @param id		fast reauthentication identity
	 * @param counter	fast reauthentication counter value, network order
	 * @param nonce_s	server generated NONCE_S value
	 * @param mk		master key of last full authentication
	 * @param msk		chunk receiving allocated MSK
	 * @return			TRUE if MSK allocated and derived successfully
	 */
	bool (*derive_keys_reauth_msk)(simaka_crypto_t *this,
								   identification_t *id, chunk_t counter,
								   chunk_t nonce_s, chunk_t mk, chunk_t *msk);

	/**
	 * Clear keys (partially) derived.
	 */
	void (*clear_keys)(simaka_crypto_t *this);

	/**
	 * Destroy a simaka_crypto_t.
	 */
	void (*destroy)(simaka_crypto_t *this);
};

/**
 * Create a simaka_crypto instance.
 *
 * @return		EAP-SIM/AKA crypto instance, NULL if algorithms missing
 */
simaka_crypto_t *simaka_crypto_create();

#endif /** SIMAKA_CRYPTO_H_ @}*/
Commit	Line	Data
55916dcc MW	1	/*
55916dcc MW	2	* Copyright (C) 2009 Martin Willi
19ef2aec TB	3	*
19ef2aec TB	4	* Copyright (C) secunet Security Networks AG
55916dcc MW	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2 of the License, or (at your
	9	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	10	*
	11	* This program is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	13	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	14	* for more details.
	15	*/
	16
	17	/**
	18	* @defgroup simaka_crypto simaka_crypto
	19	* @{ @ingroup libsimaka
	20	*/
	21
	22	#ifndef SIMAKA_CRYPTO_H_
	23	#define SIMAKA_CRYPTO_H_
	24
	25	#include <library.h>
	26
	27	typedef struct simaka_crypto_t simaka_crypto_t;
	28
	29	/**
	30	* EAP-SIM/AKA crypto helper and key derivation class.
	31	*/
	32	struct simaka_crypto_t {
	33
	34	/**
	35	* Get the signer to use for AT_MAC calculation/verification.
	36	*
	37	* @return signer reference, NULL if no keys have been derived
	38	*/
	39	signer_t* (get_signer)(simaka_crypto_t this);
	40
	41	/**
	42	* Get the signer to use for AT_ENCR_DATA encryption/decryption.
	43	*
	44	* @return crypter reference, NULL if no keys have been derived
	45	*/
	46	crypter_t* (get_crypter)(simaka_crypto_t this);
	47
	48	/**
	49	* Get the random number generator.
	50	*
	51	* @return rng reference
	52	*/
	53	rng_t* (get_rng)(simaka_crypto_t this);
	54
	55	/**
	56	* Derive keys after full authentication.
	57	*
	58	* This methods derives the k_encr/k_auth keys and loads them into the
	59	* internal crypter/signer instances. The passed data is method specific:
	60	* For EAP-SIM, it is "n*Kc\|NONCE_MT\|Version List\|Selected Version", for
	61	* EAP-AKA it is "IK\|CK".
	62	*
	63	* @param id peer identity
	64	* @param data method specific data
454b59c5	65	* @param mk chunk receiving allocated master key MK
86d2cdc1 MW	66	* @param msk chunk receiving allocated MSK
86d2cdc1 MW	67	* @return TRUE if keys allocated and derived successfully
55916dcc	68	*/
86d2cdc1 MW	69	bool (derive_keys_full)(simaka_crypto_t this, identification_t *id,
86d2cdc1 MW	70	chunk_t data, chunk_t mk, chunk_t msk);
454b59c5 MW	71
	72	/**
	73	* Derive k_encr/k_auth keys from MK using fast reauthentication.
	74	*
	75	* This methods derives the k_encr/k_auth keys and loads them into the
	76	* internal crypter/signer instances.
	77	*
	78	* @param mk master key
86d2cdc1	79	* @return TRUE if keys derived successfully
454b59c5	80	*/
86d2cdc1	81	bool (derive_keys_reauth)(simaka_crypto_t this, chunk_t mk);
454b59c5 MW	82
	83	/**
	84	* Derive MSK using fast reauthentication.
	85	*
	86	* @param id fast reauthentication identity
	87	* @param counter fast reauthentication counter value, network order
	88	* @param nonce_s server generated NONCE_S value
	89	* @param mk master key of last full authentication
86d2cdc1 MW	90	* @param msk chunk receiving allocated MSK
86d2cdc1 MW	91	* @return TRUE if MSK allocated and derived successfully
454b59c5	92	*/
86d2cdc1 MW	93	bool (derive_keys_reauth_msk)(simaka_crypto_t this,
	94	identification_t *id, chunk_t counter,
	95	chunk_t nonce_s, chunk_t mk, chunk_t *msk);
454b59c5 MW	96
	97	/**
	98	* Clear keys (partially) derived.
	99	*/
	100	void (clear_keys)(simaka_crypto_t this);
55916dcc MW	101
	102	/**
	103	* Destroy a simaka_crypto_t.
	104	*/
	105	void (destroy)(simaka_crypto_t this);
	106	};
	107
	108	/**
	109	* Create a simaka_crypto instance.
	110	*
	111	* @return EAP-SIM/AKA crypto instance, NULL if algorithms missing
	112	*/
	113	simaka_crypto_t *simaka_crypto_create();
	114
13f418b4	115	#endif /** SIMAKA_CRYPTO_H_ @}*/