extended sim_provider with a is_pseudonym() function.
* Implementation of sim_card_t.get_quintuplet
*/
static status_t get_quintuplet(private_eap_aka_3gpp2_card_t *this,
- identification_t *imsi, char rand[AKA_RAND_LEN],
+ identification_t *id, char rand[AKA_RAND_LEN],
char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN],
char ik[AKA_IK_LEN], char res[AKA_RES_LEN])
{
char *amf, *mac;
char k[AKA_K_LEN], ak[AKA_AK_LEN], sqn[AKA_SQN_LEN], xmac[AKA_MAC_LEN];
- if (!eap_aka_3gpp2_get_k(imsi, k))
+ if (!eap_aka_3gpp2_get_k(id, k))
{
- DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", imsi);
+ DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id);
return FAILED;
}
/**
* Implementation of sim_card_t.resync
*/
-static bool resync(private_eap_aka_3gpp2_card_t *this, identification_t *imsi,
+static bool resync(private_eap_aka_3gpp2_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN])
{
char amf[AKA_AMF_LEN], k[AKA_K_LEN], aks[AKA_AK_LEN], macs[AKA_MAC_LEN];
- if (!eap_aka_3gpp2_get_k(imsi, k))
+ if (!eap_aka_3gpp2_get_k(id, k))
{
- DBG1(DBG_IKE, "no EAP key found for %Y to resync AKA", imsi);
+ DBG1(DBG_IKE, "no EAP key found for %Y to resync AKA", id);
return FALSE;
}
{
private_eap_aka_3gpp2_card_t *this = malloc_thing(private_eap_aka_3gpp2_card_t);
- this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
- this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet;
- this->public.card.resync = (bool(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
- this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))return_null;
- this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *perm, identification_t *pseudonym))nop;
- this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *perm, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
- this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *perm, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
+ this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
+ this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet;
+ this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
+ this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *id))return_null;
+ this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))nop;
+ this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
+ this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
this->public.destroy = (void(*)(eap_aka_3gpp2_card_t*))destroy;
this->f = f;
* Implementation of usim_provider_t.get_quintuplet
*/
static bool get_quintuplet(private_eap_aka_3gpp2_provider_t *this,
- identification_t *imsi, char rand[AKA_RAND_LEN],
+ identification_t *id, char rand[AKA_RAND_LEN],
char xres[AKA_RES_LEN], char ck[AKA_CK_LEN],
char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN])
{
rng->get_bytes(rng, AKA_RAND_LEN, rand);
rng->destroy(rng);
- if (!eap_aka_3gpp2_get_k(imsi, k))
+ if (!eap_aka_3gpp2_get_k(id, k))
{
- DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", imsi);
+ DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id);
return FALSE;
}
* Implementation of usim_provider_t.resync
*/
static bool resync(private_eap_aka_3gpp2_provider_t *this,
- identification_t *imsi, char rand[AKA_RAND_LEN],
+ identification_t *id, char rand[AKA_RAND_LEN],
char auts[AKA_AUTS_LEN])
{
char *sqn, *macs;
char aks[AKA_AK_LEN], k[AKA_K_LEN], amf[AKA_AMF_LEN], xmacs[AKA_MAC_LEN];
- if (!eap_aka_3gpp2_get_k(imsi, k))
+ if (!eap_aka_3gpp2_get_k(id, k))
{
- DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", imsi);
+ DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id);
return FALSE;
}
{
private_eap_aka_3gpp2_provider_t *this = malloc_thing(private_eap_aka_3gpp2_provider_t);
- this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
- this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))get_quintuplet;
- this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
+ this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false;
+ this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))get_quintuplet;
+ this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync;
+ this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null;
this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null;
- this->public.provider.is_reauth = (bool(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_false;
+ this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null;
this->public.destroy = (void(*)(eap_aka_3gpp2_provider_t*))destroy;
return key1->equals(key1, key2);
}
-/**
- * Lookup the permanent identity of pseudonym, if any
- */
-static identification_t *lookup_permanent(private_eap_sim_file_card_t *this,
- identification_t *pseudonym)
-{
- identification_t *permanent;
-
- permanent = this->permanent->get(this->permanent, pseudonym);
- if (permanent)
- {
- return permanent;
- }
- return pseudonym;
-}
-
/**
* Implementation of sim_card_t.get_triplet
*/
static bool get_triplet(private_eap_sim_file_card_t *this,
- identification_t *imsi, char *rand, char *sres, char *kc)
+ identification_t *id, char *rand, char *sres, char *kc)
{
enumerator_t *enumerator;
- identification_t *id;
+ identification_t *cand;
char *c_rand, *c_sres, *c_kc;
- imsi = lookup_permanent(this, imsi);
- DBG2(DBG_CFG, "looking for triplet: %Y rand %b", imsi, rand, SIM_RAND_LEN);
+ DBG2(DBG_CFG, "looking for triplet: %Y rand %b", id, rand, SIM_RAND_LEN);
enumerator = this->triplets->create_enumerator(this->triplets);
- while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc))
+ while (enumerator->enumerate(enumerator, &cand, &c_rand, &c_sres, &c_kc))
{
- DBG2(DBG_CFG, "got a triplet: %Y rand %b\nsres %b\n kc %b", id,
+ DBG2(DBG_CFG, "got a triplet: %Y rand %b\nsres %b\n kc %b", cand,
c_rand, SIM_RAND_LEN, c_sres, SIM_SRES_LEN, c_kc, SIM_KC_LEN);
- if (imsi->matches(imsi, id))
+ if (id->matches(id, cand))
{
if (memeq(c_rand, rand, SIM_RAND_LEN))
{
{
private_eap_sim_file_card_t *this = malloc_thing(private_eap_sim_file_card_t);
- this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet;
- this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet;
- this->public.card.resync = (bool(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
+ this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet;
+ this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet;
+ this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))get_pseudonym;
- this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *perm, identification_t *pseudonym))set_pseudonym;
- this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *perm, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
- this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *perm, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
+ this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))set_pseudonym;
+ this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null;
+ this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop;
this->public.destroy = (void(*)(eap_sim_file_card_t*))destroy;
this->triplets = triplets;
return key1->equals(key1, key2);
}
-/**
- * Lookup the permanent identity of pseudonym, if any
- */
-static identification_t *lookup_permanent(private_eap_sim_file_provider_t *this,
- identification_t *pseudonym)
-{
- identification_t *permanent;
-
- permanent = this->permanent->get(this->permanent, pseudonym);
- if (permanent)
- {
- return permanent;
- }
- return pseudonym;
-}
-
/**
* Implementation of sim_provider_t.get_triplet
*/
static bool get_triplet(private_eap_sim_file_provider_t *this,
- identification_t *imsi,
- char *rand, char *sres, char *kc)
+ identification_t *id, char *rand, char *sres, char *kc)
{
enumerator_t *enumerator;
- identification_t *id;
+ identification_t *cand;
char *c_rand, *c_sres, *c_kc;
- imsi = lookup_permanent(this, imsi);
-
enumerator = this->triplets->create_enumerator(this->triplets);
- while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc))
+ while (enumerator->enumerate(enumerator, &cand, &c_rand, &c_sres, &c_kc))
{
- if (imsi->matches(imsi, id))
+ if (id->matches(id, cand))
{
memcpy(rand, c_rand, SIM_RAND_LEN);
memcpy(sres, c_sres, SIM_SRES_LEN);
return FALSE;
}
+/**
+ * Implementation of sim_provider_t.is_pseudonym
+ */
+static identification_t* is_pseudonym(private_eap_sim_file_provider_t *this,
+ identification_t *id)
+{
+ identification_t *permanent;
+
+ permanent = this->permanent->get(this->permanent, id);
+ if (permanent)
+ {
+ return permanent->clone(permanent);
+ }
+ return NULL;
+}
+
/**
* Implementation of sim_provider_t.get_triplet
*/
{
private_eap_sim_file_provider_t *this = malloc_thing(private_eap_sim_file_provider_t);
- this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet;
- this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
- this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
+ this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet;
+ this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false;
+ this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false;
+ this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))is_pseudonym;
this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))gen_pseudonym;
- this->public.provider.is_reauth = (bool(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_false;
+ this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null;
this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null;
this->public.destroy = (void(*)(eap_sim_file_provider_t*))destroy;
* The SIM card completes triplets/quintuplets requested in a challenge
* received from the server.
* An implementation supporting only one of SIM/AKA authentication may
- * implement the other methods with return_false()/return NOT_SUPPORTED.
+ * implement the other methods with return_false()/return NOT_SUPPORTED/NULL.
*/
struct sim_card_t {
/**
* Calculate SRES/KC from a RAND for SIM authentication.
*
- * @param imsi identity to get a triplet for
+ * @param id permanent identity to get a triplet for
* @param rand RAND input buffer, fixed size 16 bytes
* @param sres SRES output buffer, fixed size 4 byte
* @param kc KC output buffer, fixed size 8 bytes
* @return TRUE if SRES/KC calculated, FALSE on error/wrong identity
*/
- bool (*get_triplet)(sim_card_t *this, identification_t *imsi,
+ bool (*get_triplet)(sim_card_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
char kc[SIM_KC_LEN]);
* If the received sequence number (in autn) is out of sync, INVALID_STATE
* is returned.
*
- * @param imsi peer identity requesting quintuplet for
+ * @param id permanent identity to request quintuplet for
* @param rand random value rand
* @param autn authentication token autn
* @param ck buffer receiving encryption key ck
* @param res buffer receiving authentication result res
* @return SUCCESS, FAILED, or INVALID_STATE if out of sync
*/
- status_t (*get_quintuplet)(sim_card_t *this, identification_t *imsi,
+ status_t (*get_quintuplet)(sim_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN],
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
char res[AKA_RES_LEN]);
/**
* Calculate AUTS from RAND for AKA resynchronization.
*
- * @param imsi peer identity requesting quintuplet for
+ * @param id permanent identity to request quintuplet for
* @param rand random value rand
* @param auts resynchronization parameter auts
* @return TRUE if parameter generated successfully
*/
- bool (*resync)(sim_card_t *this, identification_t *imsi,
+ bool (*resync)(sim_card_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
/**
* Set the pseudonym to use for next authentication.
*
- * @param perm permanent identity of the peer (imsi)
- * @param pseudo pseudonym identity received from the server
+ * @param id permanent identity of the peer
+ * @param pseudonym pseudonym identity received from the server
*/
- void (*set_pseudonym)(sim_card_t *this, identification_t *perm,
- identification_t *pseudo);
+ void (*set_pseudonym)(sim_card_t *this, identification_t *id,
+ identification_t *pseudonym);
/**
* Get the pseudonym previously stored via set_pseudonym().
*
- * @param perm permanent identity of the peer (imsi)
+ * @param id permanent identity of the peer
* @return associated pseudonym identity, NULL if none stored
*/
- identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *perm);
+ identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *id);
/**
* Store parameters to use for the next fast reauthentication.
*
- * @param perm permanent identity of the peer (imsi)
+ * @param id permanent identity of the peer
* @param next next fast reauthentication identity to use
* @param mk master key MK to store for reauthentication
* @param counter counter value to store, host order
*/
- void (*set_reauth)(sim_card_t *this, identification_t *perm,
+ void (*set_reauth)(sim_card_t *this, identification_t *id,
identification_t *next, char mk[HASH_SIZE_SHA1],
u_int16_t counter);
/**
* Retrieve parameters for fast reauthentication stored via set_reauth().
*
- * @param perm permanent identity of the peer (imsi)
+ * @param id permanent identity of the peer
* @param mk buffer receiving master key MK
* @param counter pointer receiving counter value, in host order
*/
- identification_t* (*get_reauth)(sim_card_t *this, identification_t *perm,
+ identification_t* (*get_reauth)(sim_card_t *this, identification_t *id,
char mk[HASH_SIZE_SHA1], u_int16_t *counter);
};
/**
* Create a challenge for SIM authentication.
*
- * @param imsi client identity
+ * @param id permanent identity of peer to gen triplet for
* @param rand RAND output buffer, fixed size 16 bytes
* @param sres SRES output buffer, fixed size 4 byte
* @param kc KC output buffer, fixed size 8 bytes
* @return TRUE if triplet received, FALSE otherwise
*/
- bool (*get_triplet)(sim_provider_t *this, identification_t *imsi,
+ bool (*get_triplet)(sim_provider_t *this, identification_t *id,
char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN],
char kc[SIM_KC_LEN]);
/**
* Create a challenge for AKA authentication.
*
- * @param imsi peer identity to create challenge for
+ * @param id permanent identity of peer to create challenge for
* @param rand buffer receiving random value rand
* @param xres buffer receiving expected authentication result xres
* @param ck buffer receiving encryption key ck
* @param autn authentication token autn
* @return TRUE if quintuplet generated successfully
*/
- bool (*get_quintuplet)(sim_provider_t *this, identification_t *imsi,
+ bool (*get_quintuplet)(sim_provider_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN],
char ck[AKA_CK_LEN], char ik[AKA_IK_LEN],
char autn[AKA_AUTN_LEN]);
/**
* Process AKA resynchroniusation request of a peer.
*
- * @param imsi peer identity requesting resynchronisation
+ * @param id permanent identity of peer requesting resynchronisation
* @param rand random value rand
* @param auts synchronization parameter auts
* @return TRUE if resynchronized successfully
*/
- bool (*resync)(sim_provider_t *this, identification_t *imsi,
+ bool (*resync)(sim_provider_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
+ /**
+ * Check if peer uses a pseudonym, get permanent identity.
+ *
+ * @param id pseudonym identity candidate
+ * @return permanent identity, NULL if id not a pseudonym
+ */
+ identification_t* (*is_pseudonym)(sim_provider_t *this,
+ identification_t *id);
+
/**
* Generate a pseudonym identitiy for a given peer identity.
*
- * @param id peer identity to generate a pseudonym for
+ * @param id permanent identity to generate a pseudonym for
* @return generated pseudonym, NULL to not use a pseudonym identity
*/
identification_t* (*gen_pseudonym)(sim_provider_t *this,
identification_t *id);
/**
- * Check if peer uses reauthentication, retrieve parameters if so.
+ * Check if peer uses reauthentication, retrieve reauth parameters.
*
- * @param id peer identity, candidate for a reauthentication identity
+ * @param id reauthentication identity (candidate)
* @param mk buffer receiving master key MK
* @param counter pointer receiving current counter value, host order
- * @return TRUE if id is a fast reauthentication identity
+ * @return permanent identity, NULL if id not a reauth identity
*/
- bool (*is_reauth)(sim_provider_t *this, identification_t *id,
- char mk[HASH_SIZE_SHA1], u_int16_t *counter);
+ identification_t* (*is_reauth)(sim_provider_t *this, identification_t *id,
+ char mk[HASH_SIZE_SHA1], u_int16_t *counter);
/**
* Generate a fast reauthentication identity, associated to a master key.
*
- * @param id previously used reauthentication/pseudo/permanent id
- * @param mk master key to store to generated identity
+ * @param id permanent peer identity
+ * @param mk master key to store along with generated identity
* @return fast reauthentication identity, NULL to not use reauth
*/
identification_t* (*gen_reauth)(sim_provider_t *this, identification_t *id,
projects / thirdparty / strongswan.git / commitdiff
