Fixed EAP authentication regression
[strongswan.git] / src / charon / sa / authenticators / authenticator.c
1 /*
2 * Copyright (C) 2006-2009 Martin Willi
3 * Copyright (C) 2008 Tobias Brunner
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <string.h>
18
19 #include "authenticator.h"
20
21 #include <sa/authenticators/pubkey_authenticator.h>
22 #include <sa/authenticators/psk_authenticator.h>
23 #include <sa/authenticators/eap_authenticator.h>
24 #include <encoding/payloads/auth_payload.h>
25
26
27 ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
28 "RSA signature",
29 "pre-shared key",
30 "DSS signature");
31 ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_ECDSA_521, AUTH_DSS,
32 "ECDSA-256 signature",
33 "ECDSA-384 signature",
34 "ECDSA-521 signature");
35 ENUM_END(auth_method_names, AUTH_ECDSA_521);
36
37 ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP,
38 "any",
39 "public key",
40 "pre-shared key",
41 "EAP",
42 );
43
44 /**
45 * Described in header.
46 */
47 authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg,
48 chunk_t received_nonce, chunk_t sent_nonce,
49 chunk_t received_init, chunk_t sent_init)
50 {
51 switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
52 {
53 case AUTH_CLASS_ANY:
54 /* defaults to PUBKEY */
55 case AUTH_CLASS_PUBKEY:
56 return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa,
57 received_nonce, sent_init);
58 case AUTH_CLASS_PSK:
59 return (authenticator_t*)psk_authenticator_create_builder(ike_sa,
60 received_nonce, sent_init);
61 case AUTH_CLASS_EAP:
62 return (authenticator_t*)eap_authenticator_create_builder(ike_sa,
63 received_nonce, sent_nonce, received_init, sent_init);
64 default:
65 return NULL;
66 }
67 }
68
69 /**
70 * Described in header.
71 */
72 authenticator_t *authenticator_create_verifier(
73 ike_sa_t *ike_sa, message_t *message,
74 chunk_t received_nonce, chunk_t sent_nonce,
75 chunk_t received_init, chunk_t sent_init)
76 {
77 auth_payload_t *auth_payload;
78
79 auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
80 if (auth_payload == NULL)
81 {
82 return (authenticator_t*)eap_authenticator_create_verifier(ike_sa,
83 received_nonce, sent_nonce, received_init, sent_init);
84 }
85 switch (auth_payload->get_auth_method(auth_payload))
86 {
87 case AUTH_RSA:
88 case AUTH_ECDSA_256:
89 case AUTH_ECDSA_384:
90 case AUTH_ECDSA_521:
91 return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
92 sent_nonce, received_init);
93 case AUTH_PSK:
94 return (authenticator_t*)psk_authenticator_create_verifier(ike_sa,
95 sent_nonce, received_init);
96 default:
97 return NULL;
98 }
99 }
100