diff options
Diffstat (limited to 'src/charon/sa/authenticators/authenticator.c')
| -rw-r--r-- | src/charon/sa/authenticators/authenticator.c | 49 |
1 files changed, 34 insertions, 15 deletions
diff --git a/src/charon/sa/authenticators/authenticator.c b/src/charon/sa/authenticators/authenticator.c index 827c7a69a..ea8a16279 100644 --- a/src/charon/sa/authenticators/authenticator.c +++ b/src/charon/sa/authenticators/authenticator.c @@ -1,6 +1,6 @@ /* + * Copyright (C) 2006-2009 Martin Willi * Copyright (C) 2008 Tobias Brunner - * Copyright (C) 2006-2008 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: authenticator.c 4276 2008-08-22 10:44:51Z martin $ */ #include <string.h> @@ -23,6 +21,7 @@ #include <sa/authenticators/pubkey_authenticator.h> #include <sa/authenticators/psk_authenticator.h> #include <sa/authenticators/eap_authenticator.h> +#include <encoding/payloads/auth_payload.h> ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS, @@ -35,7 +34,8 @@ ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_ECDSA_521, AUTH_DSS, "ECDSA-521 signature"); ENUM_END(auth_method_names, AUTH_ECDSA_521); -ENUM(auth_class_names, AUTH_CLASS_PUBKEY, AUTH_CLASS_EAP, +ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP, + "any", "public key", "pre-shared key", "EAP", @@ -44,17 +44,23 @@ ENUM(auth_class_names, AUTH_CLASS_PUBKEY, AUTH_CLASS_EAP, /** * Described in header. */ -authenticator_t *authenticator_create_from_class(ike_sa_t *ike_sa, - auth_class_t class) +authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg, + chunk_t received_nonce, chunk_t sent_nonce, + chunk_t received_init, chunk_t sent_init) { - switch (class) + switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS)) { + case AUTH_CLASS_ANY: + /* defaults to PUBKEY */ case AUTH_CLASS_PUBKEY: - return (authenticator_t*)pubkey_authenticator_create(ike_sa); + return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa, + received_nonce, sent_init); case AUTH_CLASS_PSK: - return (authenticator_t*)psk_authenticator_create(ike_sa); + return (authenticator_t*)psk_authenticator_create_builder(ike_sa, + received_nonce, sent_init); case AUTH_CLASS_EAP: - return (authenticator_t*)eap_authenticator_create(ike_sa); + return (authenticator_t*)eap_authenticator_create_builder(ike_sa, + received_nonce, sent_nonce, received_init, sent_init); default: return NULL; } @@ -63,19 +69,32 @@ authenticator_t *authenticator_create_from_class(ike_sa_t *ike_sa, /** * Described in header. */ -authenticator_t *authenticator_create_from_method(ike_sa_t *ike_sa, - auth_method_t method) +authenticator_t *authenticator_create_verifier( + ike_sa_t *ike_sa, message_t *message, + chunk_t received_nonce, chunk_t sent_nonce, + chunk_t received_init, chunk_t sent_init) { - switch (method) + auth_payload_t *auth_payload; + + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + if (auth_payload == NULL) + { + return (authenticator_t*)eap_authenticator_create_verifier(ike_sa, + received_nonce, sent_nonce, received_init, sent_init); + } + switch (auth_payload->get_auth_method(auth_payload)) { case AUTH_RSA: case AUTH_ECDSA_256: case AUTH_ECDSA_384: case AUTH_ECDSA_521: - return (authenticator_t*)pubkey_authenticator_create(ike_sa); + return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa, + sent_nonce, received_init); case AUTH_PSK: - return (authenticator_t*)psk_authenticator_create(ike_sa); + return (authenticator_t*)psk_authenticator_create_verifier(ike_sa, + sent_nonce, received_init); default: return NULL; } } + |