Annotation of embedaddon/strongswan/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011 Martin Willi
! 3: * Copyright (C) 2011 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "psk_v1_authenticator.h"
! 17:
! 18: #include <daemon.h>
! 19: #include <sa/ikev1/keymat_v1.h>
! 20: #include <encoding/payloads/hash_payload.h>
! 21:
! 22: typedef struct private_psk_v1_authenticator_t private_psk_v1_authenticator_t;
! 23:
! 24: /**
! 25: * Private data of an psk_v1_authenticator_t object.
! 26: */
! 27: struct private_psk_v1_authenticator_t {
! 28:
! 29: /**
! 30: * Public authenticator_t interface.
! 31: */
! 32: psk_v1_authenticator_t public;
! 33:
! 34: /**
! 35: * Assigned IKE_SA
! 36: */
! 37: ike_sa_t *ike_sa;
! 38:
! 39: /**
! 40: * TRUE if we are initiator
! 41: */
! 42: bool initiator;
! 43:
! 44: /**
! 45: * DH key exchange
! 46: */
! 47: diffie_hellman_t *dh;
! 48:
! 49: /**
! 50: * Others DH public value
! 51: */
! 52: chunk_t dh_value;
! 53:
! 54: /**
! 55: * Encoded SA payload, without fixed header
! 56: */
! 57: chunk_t sa_payload;
! 58:
! 59: /**
! 60: * Encoded ID payload, without fixed header
! 61: */
! 62: chunk_t id_payload;
! 63:
! 64: /**
! 65: * Used for Hybrid authentication to build hash without PSK?
! 66: */
! 67: bool hybrid;
! 68: };
! 69:
! 70: METHOD(authenticator_t, build, status_t,
! 71: private_psk_v1_authenticator_t *this, message_t *message)
! 72: {
! 73: hash_payload_t *hash_payload;
! 74: keymat_v1_t *keymat;
! 75: chunk_t hash, dh;
! 76:
! 77: if (!this->dh->get_my_public_value(this->dh, &dh))
! 78: {
! 79: return FAILED;
! 80: }
! 81: keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
! 82: if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
! 83: this->ike_sa->get_id(this->ike_sa), this->sa_payload,
! 84: this->id_payload, &hash, NULL))
! 85: {
! 86: free(dh.ptr);
! 87: return FAILED;
! 88: }
! 89: free(dh.ptr);
! 90:
! 91: hash_payload = hash_payload_create(PLV1_HASH);
! 92: hash_payload->set_hash(hash_payload, hash);
! 93: message->add_payload(message, &hash_payload->payload_interface);
! 94: free(hash.ptr);
! 95:
! 96: return SUCCESS;
! 97: }
! 98:
! 99: METHOD(authenticator_t, process, status_t,
! 100: private_psk_v1_authenticator_t *this, message_t *message)
! 101: {
! 102: hash_payload_t *hash_payload;
! 103: keymat_v1_t *keymat;
! 104: chunk_t hash, dh;
! 105: auth_cfg_t *auth;
! 106:
! 107: hash_payload = (hash_payload_t*)message->get_payload(message, PLV1_HASH);
! 108: if (!hash_payload)
! 109: {
! 110: DBG1(DBG_IKE, "HASH payload missing in message");
! 111: return FAILED;
! 112: }
! 113:
! 114: if (!this->dh->get_my_public_value(this->dh, &dh))
! 115: {
! 116: return FAILED;
! 117: }
! 118: keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
! 119: if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
! 120: this->ike_sa->get_id(this->ike_sa), this->sa_payload,
! 121: this->id_payload, &hash, NULL))
! 122: {
! 123: free(dh.ptr);
! 124: return FAILED;
! 125: }
! 126: free(dh.ptr);
! 127: if (chunk_equals_const(hash, hash_payload->get_hash(hash_payload)))
! 128: {
! 129: free(hash.ptr);
! 130: if (!this->hybrid)
! 131: {
! 132: auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
! 133: auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
! 134: }
! 135: return SUCCESS;
! 136: }
! 137: free(hash.ptr);
! 138: DBG1(DBG_IKE, "calculated HASH does not match HASH payload");
! 139: return FAILED;
! 140: }
! 141:
! 142: METHOD(authenticator_t, destroy, void,
! 143: private_psk_v1_authenticator_t *this)
! 144: {
! 145: chunk_free(&this->id_payload);
! 146: free(this);
! 147: }
! 148:
! 149: /*
! 150: * Described in header.
! 151: */
! 152: psk_v1_authenticator_t *psk_v1_authenticator_create(ike_sa_t *ike_sa,
! 153: bool initiator, diffie_hellman_t *dh,
! 154: chunk_t dh_value, chunk_t sa_payload,
! 155: chunk_t id_payload, bool hybrid)
! 156: {
! 157: private_psk_v1_authenticator_t *this;
! 158:
! 159: INIT(this,
! 160: .public = {
! 161: .authenticator = {
! 162: .build = _build,
! 163: .process = _process,
! 164: .is_mutual = (void*)return_false,
! 165: .destroy = _destroy,
! 166: },
! 167: },
! 168: .ike_sa = ike_sa,
! 169: .initiator = initiator,
! 170: .dh = dh,
! 171: .dh_value = dh_value,
! 172: .sa_payload = sa_payload,
! 173: .id_payload = id_payload,
! 174: .hybrid = hybrid,
! 175: );
! 176:
! 177: return &this->public;
! 178: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to psk_v1_authenticator.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1 / authenticators