Annotation of embedaddon/strongswan/src/libcharon/sa/authenticator.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2006-2009 Martin Willi
3: * Copyright (C) 2008 Tobias Brunner
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include <string.h>
18:
19: #include "authenticator.h"
20:
21: #include <sa/ikev2/authenticators/pubkey_authenticator.h>
22: #include <sa/ikev2/authenticators/psk_authenticator.h>
23: #include <sa/ikev2/authenticators/eap_authenticator.h>
24: #include <sa/ikev1/authenticators/psk_v1_authenticator.h>
25: #include <sa/ikev1/authenticators/pubkey_v1_authenticator.h>
26: #include <sa/ikev1/authenticators/hybrid_authenticator.h>
27: #include <encoding/payloads/auth_payload.h>
28:
29:
30: ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
31: "RSA signature",
32: "pre-shared key",
33: "DSS signature");
34: ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_DS, AUTH_DSS,
35: "ECDSA-256 signature",
36: "ECDSA-384 signature",
37: "ECDSA-521 signature",
38: "secure password method",
39: "NULL authentication",
40: "digital signature");
41: ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_DS,
42: "XAuthInitPSK",
43: "XAuthRespPSK",
44: "XAuthInitRSA",
45: "XauthRespRSA",
46: "HybridInitRSA",
47: "HybridRespRSA",
48: );
49: ENUM_END(auth_method_names, AUTH_HYBRID_RESP_RSA);
50:
51: #ifdef USE_IKEV2
52:
53: /**
54: * Described in header.
55: */
56: authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg,
57: chunk_t received_nonce, chunk_t sent_nonce,
58: chunk_t received_init, chunk_t sent_init,
59: char reserved[3])
60: {
61: switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
62: {
63: case AUTH_CLASS_ANY:
64: /* defaults to PUBKEY */
65: case AUTH_CLASS_PUBKEY:
66: return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa,
67: received_nonce, sent_init, reserved);
68: case AUTH_CLASS_PSK:
69: return (authenticator_t*)psk_authenticator_create_builder(ike_sa,
70: received_nonce, sent_init, reserved);
71: case AUTH_CLASS_EAP:
72: return (authenticator_t*)eap_authenticator_create_builder(ike_sa,
73: received_nonce, sent_nonce,
74: received_init, sent_init, reserved);
75: default:
76: return NULL;
77: }
78: }
79:
80: /**
81: * Described in header.
82: */
83: authenticator_t *authenticator_create_verifier(
84: ike_sa_t *ike_sa, message_t *message,
85: chunk_t received_nonce, chunk_t sent_nonce,
86: chunk_t received_init, chunk_t sent_init,
87: char reserved[3])
88: {
89: auth_payload_t *auth_payload;
90:
91: auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH);
92: if (auth_payload == NULL)
93: {
94: return (authenticator_t*)eap_authenticator_create_verifier(ike_sa,
95: received_nonce, sent_nonce,
96: received_init, sent_init, reserved);
97: }
98: switch (auth_payload->get_auth_method(auth_payload))
99: {
100: case AUTH_RSA:
101: case AUTH_ECDSA_256:
102: case AUTH_ECDSA_384:
103: case AUTH_ECDSA_521:
104: case AUTH_DS:
105: return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
106: sent_nonce, received_init, reserved);
107: case AUTH_PSK:
108: return (authenticator_t*)psk_authenticator_create_verifier(ike_sa,
109: sent_nonce, received_init, reserved);
110: default:
111: return NULL;
112: }
113: }
114:
115: #endif /* USE_IKEV2 */
116:
117: #ifdef USE_IKEV1
118:
119: /**
120: * Described in header.
121: */
122: authenticator_t *authenticator_create_v1(ike_sa_t *ike_sa, bool initiator,
123: auth_method_t auth_method, diffie_hellman_t *dh,
124: chunk_t dh_value, chunk_t sa_payload,
125: chunk_t id_payload)
126: {
127: switch (auth_method)
128: {
129: case AUTH_PSK:
130: case AUTH_XAUTH_INIT_PSK:
131: case AUTH_XAUTH_RESP_PSK:
132: return (authenticator_t*)psk_v1_authenticator_create(ike_sa,
133: initiator, dh, dh_value, sa_payload,
134: id_payload, FALSE);
135: case AUTH_RSA:
136: case AUTH_XAUTH_INIT_RSA:
137: case AUTH_XAUTH_RESP_RSA:
138: return (authenticator_t*)pubkey_v1_authenticator_create(ike_sa,
139: initiator, dh, dh_value, sa_payload,
140: id_payload, KEY_RSA);
141: case AUTH_ECDSA_256:
142: case AUTH_ECDSA_384:
143: case AUTH_ECDSA_521:
144: return (authenticator_t*)pubkey_v1_authenticator_create(ike_sa,
145: initiator, dh, dh_value, sa_payload,
146: id_payload, KEY_ECDSA);
147: case AUTH_HYBRID_INIT_RSA:
148: case AUTH_HYBRID_RESP_RSA:
149: return (authenticator_t*)hybrid_authenticator_create(ike_sa,
150: initiator, dh, dh_value, sa_payload,
151: id_payload);
152: default:
153: return NULL;
154: }
155: }
156:
157: #endif /* USE_IKEV1 */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>