Annotation of embedaddon/strongswan/src/libcharon/sa/authenticator.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2006-2009 Martin Willi
! 3: * Copyright (C) 2008 Tobias Brunner
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: #include <string.h>
! 18:
! 19: #include "authenticator.h"
! 20:
! 21: #include <sa/ikev2/authenticators/pubkey_authenticator.h>
! 22: #include <sa/ikev2/authenticators/psk_authenticator.h>
! 23: #include <sa/ikev2/authenticators/eap_authenticator.h>
! 24: #include <sa/ikev1/authenticators/psk_v1_authenticator.h>
! 25: #include <sa/ikev1/authenticators/pubkey_v1_authenticator.h>
! 26: #include <sa/ikev1/authenticators/hybrid_authenticator.h>
! 27: #include <encoding/payloads/auth_payload.h>
! 28:
! 29:
! 30: ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
! 31: "RSA signature",
! 32: "pre-shared key",
! 33: "DSS signature");
! 34: ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_DS, AUTH_DSS,
! 35: "ECDSA-256 signature",
! 36: "ECDSA-384 signature",
! 37: "ECDSA-521 signature",
! 38: "secure password method",
! 39: "NULL authentication",
! 40: "digital signature");
! 41: ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_DS,
! 42: "XAuthInitPSK",
! 43: "XAuthRespPSK",
! 44: "XAuthInitRSA",
! 45: "XauthRespRSA",
! 46: "HybridInitRSA",
! 47: "HybridRespRSA",
! 48: );
! 49: ENUM_END(auth_method_names, AUTH_HYBRID_RESP_RSA);
! 50:
! 51: #ifdef USE_IKEV2
! 52:
! 53: /**
! 54: * Described in header.
! 55: */
! 56: authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg,
! 57: chunk_t received_nonce, chunk_t sent_nonce,
! 58: chunk_t received_init, chunk_t sent_init,
! 59: char reserved[3])
! 60: {
! 61: switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
! 62: {
! 63: case AUTH_CLASS_ANY:
! 64: /* defaults to PUBKEY */
! 65: case AUTH_CLASS_PUBKEY:
! 66: return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa,
! 67: received_nonce, sent_init, reserved);
! 68: case AUTH_CLASS_PSK:
! 69: return (authenticator_t*)psk_authenticator_create_builder(ike_sa,
! 70: received_nonce, sent_init, reserved);
! 71: case AUTH_CLASS_EAP:
! 72: return (authenticator_t*)eap_authenticator_create_builder(ike_sa,
! 73: received_nonce, sent_nonce,
! 74: received_init, sent_init, reserved);
! 75: default:
! 76: return NULL;
! 77: }
! 78: }
! 79:
! 80: /**
! 81: * Described in header.
! 82: */
! 83: authenticator_t *authenticator_create_verifier(
! 84: ike_sa_t *ike_sa, message_t *message,
! 85: chunk_t received_nonce, chunk_t sent_nonce,
! 86: chunk_t received_init, chunk_t sent_init,
! 87: char reserved[3])
! 88: {
! 89: auth_payload_t *auth_payload;
! 90:
! 91: auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH);
! 92: if (auth_payload == NULL)
! 93: {
! 94: return (authenticator_t*)eap_authenticator_create_verifier(ike_sa,
! 95: received_nonce, sent_nonce,
! 96: received_init, sent_init, reserved);
! 97: }
! 98: switch (auth_payload->get_auth_method(auth_payload))
! 99: {
! 100: case AUTH_RSA:
! 101: case AUTH_ECDSA_256:
! 102: case AUTH_ECDSA_384:
! 103: case AUTH_ECDSA_521:
! 104: case AUTH_DS:
! 105: return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
! 106: sent_nonce, received_init, reserved);
! 107: case AUTH_PSK:
! 108: return (authenticator_t*)psk_authenticator_create_verifier(ike_sa,
! 109: sent_nonce, received_init, reserved);
! 110: default:
! 111: return NULL;
! 112: }
! 113: }
! 114:
! 115: #endif /* USE_IKEV2 */
! 116:
! 117: #ifdef USE_IKEV1
! 118:
! 119: /**
! 120: * Described in header.
! 121: */
! 122: authenticator_t *authenticator_create_v1(ike_sa_t *ike_sa, bool initiator,
! 123: auth_method_t auth_method, diffie_hellman_t *dh,
! 124: chunk_t dh_value, chunk_t sa_payload,
! 125: chunk_t id_payload)
! 126: {
! 127: switch (auth_method)
! 128: {
! 129: case AUTH_PSK:
! 130: case AUTH_XAUTH_INIT_PSK:
! 131: case AUTH_XAUTH_RESP_PSK:
! 132: return (authenticator_t*)psk_v1_authenticator_create(ike_sa,
! 133: initiator, dh, dh_value, sa_payload,
! 134: id_payload, FALSE);
! 135: case AUTH_RSA:
! 136: case AUTH_XAUTH_INIT_RSA:
! 137: case AUTH_XAUTH_RESP_RSA:
! 138: return (authenticator_t*)pubkey_v1_authenticator_create(ike_sa,
! 139: initiator, dh, dh_value, sa_payload,
! 140: id_payload, KEY_RSA);
! 141: case AUTH_ECDSA_256:
! 142: case AUTH_ECDSA_384:
! 143: case AUTH_ECDSA_521:
! 144: return (authenticator_t*)pubkey_v1_authenticator_create(ike_sa,
! 145: initiator, dh, dh_value, sa_payload,
! 146: id_payload, KEY_ECDSA);
! 147: case AUTH_HYBRID_INIT_RSA:
! 148: case AUTH_HYBRID_RESP_RSA:
! 149: return (authenticator_t*)hybrid_authenticator_create(ike_sa,
! 150: initiator, dh, dh_value, sa_payload,
! 151: id_payload);
! 152: default:
! 153: return NULL;
! 154: }
! 155: }
! 156:
! 157: #endif /* USE_IKEV1 */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>