]>
Commit | Line | Data |
---|---|---|
55916dcc MW |
1 | /* |
2 | * Copyright (C) 2009 Martin Willi | |
19ef2aec TB |
3 | * |
4 | * Copyright (C) secunet Security Networks AG | |
55916dcc MW |
5 | * |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
17 | /** | |
18 | * @defgroup simaka_crypto simaka_crypto | |
19 | * @{ @ingroup libsimaka | |
20 | */ | |
21 | ||
22 | #ifndef SIMAKA_CRYPTO_H_ | |
23 | #define SIMAKA_CRYPTO_H_ | |
24 | ||
25 | #include <library.h> | |
26 | ||
27 | typedef struct simaka_crypto_t simaka_crypto_t; | |
28 | ||
29 | /** | |
30 | * EAP-SIM/AKA crypto helper and key derivation class. | |
31 | */ | |
32 | struct simaka_crypto_t { | |
33 | ||
34 | /** | |
35 | * Get the signer to use for AT_MAC calculation/verification. | |
36 | * | |
37 | * @return signer reference, NULL if no keys have been derived | |
38 | */ | |
39 | signer_t* (*get_signer)(simaka_crypto_t *this); | |
40 | ||
41 | /** | |
42 | * Get the signer to use for AT_ENCR_DATA encryption/decryption. | |
43 | * | |
44 | * @return crypter reference, NULL if no keys have been derived | |
45 | */ | |
46 | crypter_t* (*get_crypter)(simaka_crypto_t *this); | |
47 | ||
48 | /** | |
49 | * Get the random number generator. | |
50 | * | |
51 | * @return rng reference | |
52 | */ | |
53 | rng_t* (*get_rng)(simaka_crypto_t *this); | |
54 | ||
55 | /** | |
56 | * Derive keys after full authentication. | |
57 | * | |
58 | * This methods derives the k_encr/k_auth keys and loads them into the | |
59 | * internal crypter/signer instances. The passed data is method specific: | |
60 | * For EAP-SIM, it is "n*Kc|NONCE_MT|Version List|Selected Version", for | |
61 | * EAP-AKA it is "IK|CK". | |
62 | * | |
63 | * @param id peer identity | |
64 | * @param data method specific data | |
454b59c5 | 65 | * @param mk chunk receiving allocated master key MK |
86d2cdc1 MW |
66 | * @param msk chunk receiving allocated MSK |
67 | * @return TRUE if keys allocated and derived successfully | |
55916dcc | 68 | */ |
86d2cdc1 MW |
69 | bool (*derive_keys_full)(simaka_crypto_t *this, identification_t *id, |
70 | chunk_t data, chunk_t *mk, chunk_t *msk); | |
454b59c5 MW |
71 | |
72 | /** | |
73 | * Derive k_encr/k_auth keys from MK using fast reauthentication. | |
74 | * | |
75 | * This methods derives the k_encr/k_auth keys and loads them into the | |
76 | * internal crypter/signer instances. | |
77 | * | |
78 | * @param mk master key | |
86d2cdc1 | 79 | * @return TRUE if keys derived successfully |
454b59c5 | 80 | */ |
86d2cdc1 | 81 | bool (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk); |
454b59c5 MW |
82 | |
83 | /** | |
84 | * Derive MSK using fast reauthentication. | |
85 | * | |
86 | * @param id fast reauthentication identity | |
87 | * @param counter fast reauthentication counter value, network order | |
88 | * @param nonce_s server generated NONCE_S value | |
89 | * @param mk master key of last full authentication | |
86d2cdc1 MW |
90 | * @param msk chunk receiving allocated MSK |
91 | * @return TRUE if MSK allocated and derived successfully | |
454b59c5 | 92 | */ |
86d2cdc1 MW |
93 | bool (*derive_keys_reauth_msk)(simaka_crypto_t *this, |
94 | identification_t *id, chunk_t counter, | |
95 | chunk_t nonce_s, chunk_t mk, chunk_t *msk); | |
454b59c5 MW |
96 | |
97 | /** | |
98 | * Clear keys (partially) derived. | |
99 | */ | |
100 | void (*clear_keys)(simaka_crypto_t *this); | |
55916dcc MW |
101 | |
102 | /** | |
103 | * Destroy a simaka_crypto_t. | |
104 | */ | |
105 | void (*destroy)(simaka_crypto_t *this); | |
106 | }; | |
107 | ||
108 | /** | |
109 | * Create a simaka_crypto instance. | |
110 | * | |
111 | * @return EAP-SIM/AKA crypto instance, NULL if algorithms missing | |
112 | */ | |
113 | simaka_crypto_t *simaka_crypto_create(); | |
114 | ||
13f418b4 | 115 | #endif /** SIMAKA_CRYPTO_H_ @}*/ |