*/
identification_t *reauth;
+ /**
+ * EAP message identifier
+ */
+ u_int8_t identifier;
+
/**
* MSK
*/
/**
* Create a AKA_CLIENT_ERROR: "Unable to process"
*/
-static eap_payload_t* create_client_error(private_eap_aka_peer_t *this,
- u_int8_t identifier)
+static eap_payload_t* create_client_error(private_eap_aka_peer_t *this)
{
simaka_message_t *message;
eap_payload_t *out;
DBG1(DBG_IKE, "sending client error '%N'",
simaka_client_error_names, AKA_UNABLE_TO_PROCESS);
- message = simaka_message_create(FALSE, identifier, EAP_AKA,
+ message = simaka_message_create(FALSE, this->identifier, EAP_AKA,
AKA_CLIENT_ERROR, this->crypto);
encoded = htons(AKA_UNABLE_TO_PROCESS);
message->add_attribute(message, AT_CLIENT_ERROR_CODE,
default:
if (!simaka_attribute_skippable(type))
{
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
enumerator->destroy(enumerator);
return NEED_MORE;
}
default:
break;
}
- message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
+ message = simaka_message_create(FALSE, this->identifier, EAP_AKA,
AKA_IDENTITY, this->crypto);
if (id.len)
{
default:
if (!simaka_attribute_skippable(type))
{
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
enumerator->destroy(enumerator);
return NEED_MORE;
}
if (!rand.len || !autn.len)
{
DBG1(DBG_IKE, "received invalid EAP-AKA challenge message");
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
return NEED_MORE;
}
* reading encrypted attributes */
if (!in->verify(in, chunk_empty) || !in->parse(in))
{
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
return NEED_MORE;
}
}
enumerator->destroy(enumerator);
- message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
+ message = simaka_message_create(FALSE, this->identifier, EAP_AKA,
AKA_CHALLENGE, this->crypto);
message->add_attribute(message, AT_RES, chunk_create(res, res_len));
*out = message->generate(message, chunk_empty);
{
DBG1(DBG_IKE, "received %N, but not expected",
simaka_subtype_names, AKA_REAUTHENTICATION);
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
return NEED_MORE;
}
/* verify MAC and parse again with decryption key */
if (!in->verify(in, chunk_empty) || !in->parse(in))
{
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
return NEED_MORE;
}
default:
if (!simaka_attribute_skippable(type))
{
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
enumerator->destroy(enumerator);
return NEED_MORE;
}
if (!nonce.len || !counter.len)
{
DBG1(DBG_IKE, "EAP-AKA/Request/Reauthentication message incomplete");
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
return NEED_MORE;
}
if (success)
{ /* empty notification reply */
- message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
+ message = simaka_message_create(FALSE, this->identifier, EAP_AKA,
AKA_NOTIFICATION, this->crypto);
*out = message->generate(message, chunk_empty);
message->destroy(message);
}
else
{
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
}
return NEED_MORE;
}
simaka_message_t *message;
status_t status;
+ /* store received EAP message identifier */
+ this->identifier = in->get_identifier(in);
+
message = simaka_message_create_from_payload(in, this->crypto);
if (!message)
{
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
return NEED_MORE;
}
if (!message->parse(message))
{
message->destroy(message);
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
return NEED_MORE;
}
switch (message->get_subtype(message))
default:
DBG1(DBG_IKE, "unable to process EAP-AKA subtype %N",
simaka_subtype_names, message->get_subtype(message));
- *out = create_client_error(this, in->get_identifier(in));
+ *out = create_client_error(this);
status = NEED_MORE;
break;
}
return FAILED;
}
+METHOD(eap_method_t, get_identifier, u_int8_t,
+ private_eap_aka_peer_t *this)
+{
+ return this->identifier;
+}
+
+METHOD(eap_method_t, set_identifier, void,
+ private_eap_aka_peer_t *this, u_int8_t identifier)
+{
+ this->identifier = identifier;
+}
+
METHOD(eap_method_t, is_mutual, bool,
private_eap_aka_peer_t *this)
{
.get_type = _get_type,
.is_mutual = _is_mutual,
.get_msk = _get_msk,
+ .get_identifier = _get_identifier,
+ .set_identifier = _set_identifier,
.destroy = _destroy,
},
},
projects / thirdparty / strongswan.git / commitdiff
