From: Martin Willi Date: Tue, 27 Oct 2009 10:10:44 +0000 (+0100) Subject: Query triplet/quintuplet functions with permanent identity only, X-Git-Tag: 4.3.6~224 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c2f8c6a11ea59b3b3f797810a2f34eac30e5867e;p=thirdparty%2Fstrongswan.git Query triplet/quintuplet functions with permanent identity only, extended sim_provider with a is_pseudonym() function. --- diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c index 07d206e163..9365eb2e87 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c @@ -55,16 +55,16 @@ void eap_aka_3gpp2_get_sqn(char sqn[AKA_SQN_LEN], int offset); * Implementation of sim_card_t.get_quintuplet */ static status_t get_quintuplet(private_eap_aka_3gpp2_card_t *this, - identification_t *imsi, char rand[AKA_RAND_LEN], + identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]) { char *amf, *mac; char k[AKA_K_LEN], ak[AKA_AK_LEN], sqn[AKA_SQN_LEN], xmac[AKA_MAC_LEN]; - if (!eap_aka_3gpp2_get_k(imsi, k)) + if (!eap_aka_3gpp2_get_k(id, k)) { - DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", imsi); + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); return FAILED; } @@ -113,14 +113,14 @@ static status_t get_quintuplet(private_eap_aka_3gpp2_card_t *this, /** * Implementation of sim_card_t.resync */ -static bool resync(private_eap_aka_3gpp2_card_t *this, identification_t *imsi, +static bool resync(private_eap_aka_3gpp2_card_t *this, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) { char amf[AKA_AMF_LEN], k[AKA_K_LEN], aks[AKA_AK_LEN], macs[AKA_MAC_LEN]; - if (!eap_aka_3gpp2_get_k(imsi, k)) + if (!eap_aka_3gpp2_get_k(id, k)) { - DBG1(DBG_IKE, "no EAP key found for %Y to resync AKA", imsi); + DBG1(DBG_IKE, "no EAP key found for %Y to resync AKA", id); return FALSE; } @@ -151,13 +151,13 @@ eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f) { private_eap_aka_3gpp2_card_t *this = malloc_thing(private_eap_aka_3gpp2_card_t); - this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; - this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet; - this->public.card.resync = (bool(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync; - this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))return_null; - this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *perm, identification_t *pseudonym))nop; - this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *perm, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null; - this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *perm, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop; + this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; + this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet; + this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync; + this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *id))return_null; + this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))nop; + this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null; + this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop; this->public.destroy = (void(*)(eap_aka_3gpp2_card_t*))destroy; this->f = f; diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c index ee75022497..8dba38d9b9 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c @@ -85,7 +85,7 @@ void eap_aka_3gpp2_get_sqn(char sqn[AKA_SQN_LEN], int offset) * Implementation of usim_provider_t.get_quintuplet */ static bool get_quintuplet(private_eap_aka_3gpp2_provider_t *this, - identification_t *imsi, char rand[AKA_RAND_LEN], + identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]) { @@ -102,9 +102,9 @@ static bool get_quintuplet(private_eap_aka_3gpp2_provider_t *this, rng->get_bytes(rng, AKA_RAND_LEN, rand); rng->destroy(rng); - if (!eap_aka_3gpp2_get_k(imsi, k)) + if (!eap_aka_3gpp2_get_k(id, k)) { - DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", imsi); + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); return FALSE; } @@ -134,15 +134,15 @@ static bool get_quintuplet(private_eap_aka_3gpp2_provider_t *this, * Implementation of usim_provider_t.resync */ static bool resync(private_eap_aka_3gpp2_provider_t *this, - identification_t *imsi, char rand[AKA_RAND_LEN], + identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) { char *sqn, *macs; char aks[AKA_AK_LEN], k[AKA_K_LEN], amf[AKA_AMF_LEN], xmacs[AKA_MAC_LEN]; - if (!eap_aka_3gpp2_get_k(imsi, k)) + if (!eap_aka_3gpp2_get_k(id, k)) { - DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", imsi); + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); return FALSE; } @@ -184,11 +184,12 @@ eap_aka_3gpp2_provider_t *eap_aka_3gpp2_provider_create( { private_eap_aka_3gpp2_provider_t *this = malloc_thing(private_eap_aka_3gpp2_provider_t); - this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; - this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))get_quintuplet; - this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync; + this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; + this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))get_quintuplet; + this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync; + this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; - this->public.provider.is_reauth = (bool(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_false; + this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null; this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null; this->public.destroy = (void(*)(eap_aka_3gpp2_provider_t*))destroy; diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c b/src/charon/plugins/eap_sim_file/eap_sim_file_card.c index 77e06e09a0..1413d97d33 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.c @@ -62,41 +62,24 @@ static bool equals(identification_t *key1, identification_t *key2) return key1->equals(key1, key2); } -/** - * Lookup the permanent identity of pseudonym, if any - */ -static identification_t *lookup_permanent(private_eap_sim_file_card_t *this, - identification_t *pseudonym) -{ - identification_t *permanent; - - permanent = this->permanent->get(this->permanent, pseudonym); - if (permanent) - { - return permanent; - } - return pseudonym; -} - /** * Implementation of sim_card_t.get_triplet */ static bool get_triplet(private_eap_sim_file_card_t *this, - identification_t *imsi, char *rand, char *sres, char *kc) + identification_t *id, char *rand, char *sres, char *kc) { enumerator_t *enumerator; - identification_t *id; + identification_t *cand; char *c_rand, *c_sres, *c_kc; - imsi = lookup_permanent(this, imsi); - DBG2(DBG_CFG, "looking for triplet: %Y rand %b", imsi, rand, SIM_RAND_LEN); + DBG2(DBG_CFG, "looking for triplet: %Y rand %b", id, rand, SIM_RAND_LEN); enumerator = this->triplets->create_enumerator(this->triplets); - while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc)) + while (enumerator->enumerate(enumerator, &cand, &c_rand, &c_sres, &c_kc)) { - DBG2(DBG_CFG, "got a triplet: %Y rand %b\nsres %b\n kc %b", id, + DBG2(DBG_CFG, "got a triplet: %Y rand %b\nsres %b\n kc %b", cand, c_rand, SIM_RAND_LEN, c_sres, SIM_SRES_LEN, c_kc, SIM_KC_LEN); - if (imsi->matches(imsi, id)) + if (id->matches(id, cand)) { if (memeq(c_rand, rand, SIM_RAND_LEN)) { @@ -189,13 +172,13 @@ eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets) { private_eap_sim_file_card_t *this = malloc_thing(private_eap_sim_file_card_t); - this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet; - this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet; - this->public.card.resync = (bool(*)(sim_card_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet; + this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]))get_quintuplet; + this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))get_pseudonym; - this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *perm, identification_t *pseudonym))set_pseudonym; - this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *perm, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null; - this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *perm, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop; + this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))set_pseudonym; + this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null; + this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop; this->public.destroy = (void(*)(eap_sim_file_card_t*))destroy; this->triplets = triplets; diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c index 802de48bc4..22c4f26e3a 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c @@ -67,39 +67,20 @@ static bool equals(identification_t *key1, identification_t *key2) return key1->equals(key1, key2); } -/** - * Lookup the permanent identity of pseudonym, if any - */ -static identification_t *lookup_permanent(private_eap_sim_file_provider_t *this, - identification_t *pseudonym) -{ - identification_t *permanent; - - permanent = this->permanent->get(this->permanent, pseudonym); - if (permanent) - { - return permanent; - } - return pseudonym; -} - /** * Implementation of sim_provider_t.get_triplet */ static bool get_triplet(private_eap_sim_file_provider_t *this, - identification_t *imsi, - char *rand, char *sres, char *kc) + identification_t *id, char *rand, char *sres, char *kc) { enumerator_t *enumerator; - identification_t *id; + identification_t *cand; char *c_rand, *c_sres, *c_kc; - imsi = lookup_permanent(this, imsi); - enumerator = this->triplets->create_enumerator(this->triplets); - while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc)) + while (enumerator->enumerate(enumerator, &cand, &c_rand, &c_sres, &c_kc)) { - if (imsi->matches(imsi, id)) + if (id->matches(id, cand)) { memcpy(rand, c_rand, SIM_RAND_LEN); memcpy(sres, c_sres, SIM_SRES_LEN); @@ -112,6 +93,22 @@ static bool get_triplet(private_eap_sim_file_provider_t *this, return FALSE; } +/** + * Implementation of sim_provider_t.is_pseudonym + */ +static identification_t* is_pseudonym(private_eap_sim_file_provider_t *this, + identification_t *id) +{ + identification_t *permanent; + + permanent = this->permanent->get(this->permanent, id); + if (permanent) + { + return permanent->clone(permanent); + } + return NULL; +} + /** * Implementation of sim_provider_t.get_triplet */ @@ -182,11 +179,12 @@ eap_sim_file_provider_t *eap_sim_file_provider_create( { private_eap_sim_file_provider_t *this = malloc_thing(private_eap_sim_file_provider_t); - this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet; - this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false; - this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet; + this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false; + this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))is_pseudonym; this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))gen_pseudonym; - this->public.provider.is_reauth = (bool(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_false; + this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null; this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null; this->public.destroy = (void(*)(eap_sim_file_provider_t*))destroy; diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/charon/sa/authenticators/eap/sim_manager.h index 7acf8f87b6..cc109f7652 100644 --- a/src/charon/sa/authenticators/eap/sim_manager.h +++ b/src/charon/sa/authenticators/eap/sim_manager.h @@ -46,20 +46,20 @@ typedef struct sim_provider_t sim_provider_t; * The SIM card completes triplets/quintuplets requested in a challenge * received from the server. * An implementation supporting only one of SIM/AKA authentication may - * implement the other methods with return_false()/return NOT_SUPPORTED. + * implement the other methods with return_false()/return NOT_SUPPORTED/NULL. */ struct sim_card_t { /** * Calculate SRES/KC from a RAND for SIM authentication. * - * @param imsi identity to get a triplet for + * @param id permanent identity to get a triplet for * @param rand RAND input buffer, fixed size 16 bytes * @param sres SRES output buffer, fixed size 4 byte * @param kc KC output buffer, fixed size 8 bytes * @return TRUE if SRES/KC calculated, FALSE on error/wrong identity */ - bool (*get_triplet)(sim_card_t *this, identification_t *imsi, + bool (*get_triplet)(sim_card_t *this, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]); @@ -69,7 +69,7 @@ struct sim_card_t { * If the received sequence number (in autn) is out of sync, INVALID_STATE * is returned. * - * @param imsi peer identity requesting quintuplet for + * @param id permanent identity to request quintuplet for * @param rand random value rand * @param autn authentication token autn * @param ck buffer receiving encryption key ck @@ -77,7 +77,7 @@ struct sim_card_t { * @param res buffer receiving authentication result res * @return SUCCESS, FAILED, or INVALID_STATE if out of sync */ - status_t (*get_quintuplet)(sim_card_t *this, identification_t *imsi, + status_t (*get_quintuplet)(sim_card_t *this, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_LEN]); @@ -85,51 +85,51 @@ struct sim_card_t { /** * Calculate AUTS from RAND for AKA resynchronization. * - * @param imsi peer identity requesting quintuplet for + * @param id permanent identity to request quintuplet for * @param rand random value rand * @param auts resynchronization parameter auts * @return TRUE if parameter generated successfully */ - bool (*resync)(sim_card_t *this, identification_t *imsi, + bool (*resync)(sim_card_t *this, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); /** * Set the pseudonym to use for next authentication. * - * @param perm permanent identity of the peer (imsi) - * @param pseudo pseudonym identity received from the server + * @param id permanent identity of the peer + * @param pseudonym pseudonym identity received from the server */ - void (*set_pseudonym)(sim_card_t *this, identification_t *perm, - identification_t *pseudo); + void (*set_pseudonym)(sim_card_t *this, identification_t *id, + identification_t *pseudonym); /** * Get the pseudonym previously stored via set_pseudonym(). * - * @param perm permanent identity of the peer (imsi) + * @param id permanent identity of the peer * @return associated pseudonym identity, NULL if none stored */ - identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *perm); + identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *id); /** * Store parameters to use for the next fast reauthentication. * - * @param perm permanent identity of the peer (imsi) + * @param id permanent identity of the peer * @param next next fast reauthentication identity to use * @param mk master key MK to store for reauthentication * @param counter counter value to store, host order */ - void (*set_reauth)(sim_card_t *this, identification_t *perm, + void (*set_reauth)(sim_card_t *this, identification_t *id, identification_t *next, char mk[HASH_SIZE_SHA1], u_int16_t counter); /** * Retrieve parameters for fast reauthentication stored via set_reauth(). * - * @param perm permanent identity of the peer (imsi) + * @param id permanent identity of the peer * @param mk buffer receiving master key MK * @param counter pointer receiving counter value, in host order */ - identification_t* (*get_reauth)(sim_card_t *this, identification_t *perm, + identification_t* (*get_reauth)(sim_card_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter); }; @@ -147,20 +147,20 @@ struct sim_provider_t { /** * Create a challenge for SIM authentication. * - * @param imsi client identity + * @param id permanent identity of peer to gen triplet for * @param rand RAND output buffer, fixed size 16 bytes * @param sres SRES output buffer, fixed size 4 byte * @param kc KC output buffer, fixed size 8 bytes * @return TRUE if triplet received, FALSE otherwise */ - bool (*get_triplet)(sim_provider_t *this, identification_t *imsi, + bool (*get_triplet)(sim_provider_t *this, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]); /** * Create a challenge for AKA authentication. * - * @param imsi peer identity to create challenge for + * @param id permanent identity of peer to create challenge for * @param rand buffer receiving random value rand * @param xres buffer receiving expected authentication result xres * @param ck buffer receiving encryption key ck @@ -168,7 +168,7 @@ struct sim_provider_t { * @param autn authentication token autn * @return TRUE if quintuplet generated successfully */ - bool (*get_quintuplet)(sim_provider_t *this, identification_t *imsi, + bool (*get_quintuplet)(sim_provider_t *this, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]); @@ -176,39 +176,48 @@ struct sim_provider_t { /** * Process AKA resynchroniusation request of a peer. * - * @param imsi peer identity requesting resynchronisation + * @param id permanent identity of peer requesting resynchronisation * @param rand random value rand * @param auts synchronization parameter auts * @return TRUE if resynchronized successfully */ - bool (*resync)(sim_provider_t *this, identification_t *imsi, + bool (*resync)(sim_provider_t *this, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); + /** + * Check if peer uses a pseudonym, get permanent identity. + * + * @param id pseudonym identity candidate + * @return permanent identity, NULL if id not a pseudonym + */ + identification_t* (*is_pseudonym)(sim_provider_t *this, + identification_t *id); + /** * Generate a pseudonym identitiy for a given peer identity. * - * @param id peer identity to generate a pseudonym for + * @param id permanent identity to generate a pseudonym for * @return generated pseudonym, NULL to not use a pseudonym identity */ identification_t* (*gen_pseudonym)(sim_provider_t *this, identification_t *id); /** - * Check if peer uses reauthentication, retrieve parameters if so. + * Check if peer uses reauthentication, retrieve reauth parameters. * - * @param id peer identity, candidate for a reauthentication identity + * @param id reauthentication identity (candidate) * @param mk buffer receiving master key MK * @param counter pointer receiving current counter value, host order - * @return TRUE if id is a fast reauthentication identity + * @return permanent identity, NULL if id not a reauth identity */ - bool (*is_reauth)(sim_provider_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter); + identification_t* (*is_reauth)(sim_provider_t *this, identification_t *id, + char mk[HASH_SIZE_SHA1], u_int16_t *counter); /** * Generate a fast reauthentication identity, associated to a master key. * - * @param id previously used reauthentication/pseudo/permanent id - * @param mk master key to store to generated identity + * @param id permanent peer identity + * @param mk master key to store along with generated identity * @return fast reauthentication identity, NULL to not use reauth */ identification_t* (*gen_reauth)(sim_provider_t *this, identification_t *id,