summaryrefslogtreecommitdiff
path: root/src/libcharon/sa/authenticators/authenticator.c
blob: 9ffe661ccac9dbf47619ed4d7034903d963fc1e7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
/*
 * Copyright (C) 2006-2009 Martin Willi
 * Copyright (C) 2008 Tobias Brunner
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include <string.h>

#include "authenticator.h"

#include <sa/authenticators/pubkey_authenticator.h>
#include <sa/authenticators/psk_authenticator.h>
#include <sa/authenticators/eap_authenticator.h>
#include <encoding/payloads/auth_payload.h>


ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
	"RSA signature",
	"pre-shared key",
	"DSS signature");
ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_GSPM, AUTH_DSS,
	"ECDSA-256 signature",
	"ECDSA-384 signature",
	"ECDSA-521 signature",
	"secure password method");
ENUM_END(auth_method_names, AUTH_GSPM);

/**
 * Described in header.
 */
authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg,
									chunk_t received_nonce, chunk_t sent_nonce,
									chunk_t received_init, chunk_t sent_init,
									char reserved[3])
{
	switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
	{
		case AUTH_CLASS_ANY:
			/* defaults to PUBKEY */
		case AUTH_CLASS_PUBKEY:
			return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa,
										received_nonce, sent_init, reserved);
		case AUTH_CLASS_PSK:
			return (authenticator_t*)psk_authenticator_create_builder(ike_sa,
										received_nonce, sent_init, reserved);
		case AUTH_CLASS_EAP:
			return (authenticator_t*)eap_authenticator_create_builder(ike_sa,
										received_nonce, sent_nonce,
										received_init, sent_init, reserved);
		default:
			return NULL;
	}
}

/**
 * Described in header.
 */
authenticator_t *authenticator_create_verifier(
									ike_sa_t *ike_sa, message_t *message,
									chunk_t received_nonce, chunk_t sent_nonce,
									chunk_t received_init, chunk_t sent_init,
									char reserved[3])
{
	auth_payload_t *auth_payload;

	auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
	if (auth_payload == NULL)
	{
		return (authenticator_t*)eap_authenticator_create_verifier(ike_sa,
										received_nonce, sent_nonce,
										received_init, sent_init, reserved);
	}
	switch (auth_payload->get_auth_method(auth_payload))
	{
		case AUTH_RSA:
		case AUTH_ECDSA_256:
		case AUTH_ECDSA_384:
		case AUTH_ECDSA_521:
			return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
										sent_nonce, received_init, reserved);
		case AUTH_PSK:
			return (authenticator_t*)psk_authenticator_create_verifier(ike_sa,
										sent_nonce, received_init, reserved);
		default:
			return NULL;
	}
}