1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/*
* Copyright (C) 2006-2009 Martin Willi
* Copyright (C) 2008 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <string.h>
#include "authenticator.h"
#include <sa/authenticators/pubkey_authenticator.h>
#include <sa/authenticators/psk_authenticator.h>
#include <sa/authenticators/eap_authenticator.h>
#include <encoding/payloads/auth_payload.h>
ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
"RSA signature",
"pre-shared key",
"DSS signature");
ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_ECDSA_521, AUTH_DSS,
"ECDSA-256 signature",
"ECDSA-384 signature",
"ECDSA-521 signature");
ENUM_END(auth_method_names, AUTH_ECDSA_521);
/**
* Described in header.
*/
authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg,
chunk_t received_nonce, chunk_t sent_nonce,
chunk_t received_init, chunk_t sent_init,
char reserved[3])
{
switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
{
case AUTH_CLASS_ANY:
/* defaults to PUBKEY */
case AUTH_CLASS_PUBKEY:
return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa,
received_nonce, sent_init, reserved);
case AUTH_CLASS_PSK:
return (authenticator_t*)psk_authenticator_create_builder(ike_sa,
received_nonce, sent_init, reserved);
case AUTH_CLASS_EAP:
return (authenticator_t*)eap_authenticator_create_builder(ike_sa,
received_nonce, sent_nonce,
received_init, sent_init, reserved);
default:
return NULL;
}
}
/**
* Described in header.
*/
authenticator_t *authenticator_create_verifier(
ike_sa_t *ike_sa, message_t *message,
chunk_t received_nonce, chunk_t sent_nonce,
chunk_t received_init, chunk_t sent_init,
char reserved[3])
{
auth_payload_t *auth_payload;
auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
if (auth_payload == NULL)
{
return (authenticator_t*)eap_authenticator_create_verifier(ike_sa,
received_nonce, sent_nonce,
received_init, sent_init, reserved);
}
switch (auth_payload->get_auth_method(auth_payload))
{
case AUTH_RSA:
case AUTH_ECDSA_256:
case AUTH_ECDSA_384:
case AUTH_ECDSA_521:
return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
sent_nonce, received_init, reserved);
case AUTH_PSK:
return (authenticator_t*)psk_authenticator_create_verifier(ike_sa,
sent_nonce, received_init, reserved);
default:
return NULL;
}
}
|
