Avoid proxy for bypass_socket, enable_udp_decap
[strongswan.git] / src / charon-tkm / src / tkm / tkm_listener.c
1 /*
2 * Copyrigth (C) 2012 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <daemon.h>
18 #include <encoding/payloads/auth_payload.h>
19 #include <utils/chunk.h>
20 #include <tkm/types.h>
21 #include <tkm/constants.h>
22 #include <tkm/client.h>
23
24 #include "tkm_listener.h"
25 #include "tkm_keymat.h"
26 #include "tkm_utils.h"
27
28 typedef struct private_tkm_listener_t private_tkm_listener_t;
29
30 /**
31 * Private data of a tkm_listener_t object.
32 */
33 struct private_tkm_listener_t {
34
35 /**
36 * Public tkm_listener_t interface.
37 */
38 tkm_listener_t public;
39
40 };
41
42 METHOD(listener_t, authorize, bool,
43 private_tkm_listener_t *this, ike_sa_t *ike_sa,
44 bool final, bool *success)
45 {
46 if (!final)
47 {
48 return TRUE;
49 }
50
51 tkm_keymat_t * const keymat = (tkm_keymat_t*)ike_sa->get_keymat(ike_sa);
52 const isa_id_type isa_id = keymat->get_isa_id(keymat);
53 DBG1(DBG_IKE, "TKM authorize listener called for ISA context %llu", isa_id);
54
55 const chunk_t * const auth = keymat->get_auth_payload(keymat);
56 if (!auth->ptr)
57 {
58 DBG1(DBG_IKE, "no AUTHENTICATION data available");
59 *success = FALSE;
60 }
61
62 signature_type signature;
63 chunk_to_sequence(auth, &signature);
64 if (ike_isa_auth_psk(isa_id, signature) != TKM_OK)
65 {
66 DBG1(DBG_IKE, "TKM based authentication failed"
67 " for ISA context %llu", isa_id);
68 *success = FALSE;
69 }
70 else
71 {
72 DBG1(DBG_IKE, "TKM based authentication successful"
73 " for ISA context %llu", isa_id);
74 *success = TRUE;
75 }
76
77 return TRUE;
78 }
79
80 METHOD(listener_t, message, bool,
81 private_tkm_listener_t *this, ike_sa_t *ike_sa,
82 message_t *message, bool incoming, bool plain)
83 {
84 if (!incoming || !plain || message->get_exchange_type(message) != IKE_AUTH)
85 {
86 return TRUE;
87 }
88
89 tkm_keymat_t * const keymat = (tkm_keymat_t*)ike_sa->get_keymat(ike_sa);
90 const isa_id_type isa_id = keymat->get_isa_id(keymat);
91 DBG1(DBG_IKE, "saving AUTHENTICATION payload for authorize hook"
92 " (ISA context %llu)", isa_id);
93
94 auth_payload_t * const auth_payload =
95 (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
96 if (auth_payload)
97 {
98 const chunk_t auth_data = auth_payload->get_data(auth_payload);
99 keymat->set_auth_payload(keymat, &auth_data);
100 }
101 else
102 {
103 DBG1(DBG_IKE, "unable to extract AUTHENTICATION payload, authorize will"
104 " fail");
105 }
106
107 return TRUE;
108 }
109
110 METHOD(tkm_listener_t, destroy, void,
111 private_tkm_listener_t *this)
112 {
113 free(this);
114 }
115
116 /**
117 * See header
118 */
119 tkm_listener_t *tkm_listener_create()
120 {
121 private_tkm_listener_t *this;
122
123 INIT(this,
124 .public = {
125 .listener = {
126 .authorize = _authorize,
127 .message = _message,
128 },
129 .destroy = _destroy,
130 },
131 );
132
133 return &this->public;
134 }