2 * Copyright (C) 2005-2008 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 #include "psk_authenticator.h"
24 #include <credentials/auth_info.h>
27 typedef struct private_psk_authenticator_t private_psk_authenticator_t
;
30 * Private data of an psk_authenticator_t object.
32 struct private_psk_authenticator_t
{
35 * Public authenticator_t interface.
37 psk_authenticator_t
public;
46 * Implementation of authenticator_t.verify.
48 static status_t
verify(private_psk_authenticator_t
*this, chunk_t ike_sa_init
,
49 chunk_t my_nonce
, auth_payload_t
*auth_payload
)
51 chunk_t auth_data
, recv_auth_data
;
52 identification_t
*my_id
, *other_id
;
54 enumerator_t
*enumerator
;
55 bool authenticated
= FALSE
;
59 keymat
= this->ike_sa
->get_keymat(this->ike_sa
);
60 recv_auth_data
= auth_payload
->get_data(auth_payload
);
61 my_id
= this->ike_sa
->get_my_id(this->ike_sa
);
62 other_id
= this->ike_sa
->get_other_id(this->ike_sa
);
63 enumerator
= charon
->credentials
->create_shared_enumerator(
64 charon
->credentials
, SHARED_IKE
, my_id
, other_id
);
65 while (!authenticated
&& enumerator
->enumerate(enumerator
, &key
, NULL
, NULL
))
69 auth_data
= keymat
->get_psk_sig(keymat
, TRUE
, ike_sa_init
, my_nonce
,
70 key
->get_key(key
), other_id
);
71 if (auth_data
.len
&& chunk_equals(auth_data
, recv_auth_data
))
73 DBG1(DBG_IKE
, "authentication of '%D' with %N successful",
74 other_id
, auth_method_names
, AUTH_PSK
);
77 chunk_free(&auth_data
);
79 enumerator
->destroy(enumerator
);
85 DBG1(DBG_IKE
, "no shared key found for '%D' - '%D'", my_id
, other_id
);
88 DBG1(DBG_IKE
, "tried %d shared key%s for '%D' - '%D', but MAC mismatched",
89 keys_found
, keys_found
== 1 ?
"" : "s", my_id
, other_id
);
96 * Implementation of authenticator_t.build.
98 static status_t
build(private_psk_authenticator_t
*this, chunk_t ike_sa_init
,
99 chunk_t other_nonce
, auth_payload_t
**auth_payload
)
101 identification_t
*my_id
, *other_id
;
106 keymat
= this->ike_sa
->get_keymat(this->ike_sa
);
107 my_id
= this->ike_sa
->get_my_id(this->ike_sa
);
108 other_id
= this->ike_sa
->get_other_id(this->ike_sa
);
109 DBG1(DBG_IKE
, "authentication of '%D' (myself) with %N",
110 my_id
, auth_method_names
, AUTH_PSK
);
111 key
= charon
->credentials
->get_shared(charon
->credentials
, SHARED_IKE
,
115 DBG1(DBG_IKE
, "no shared key found for '%D' - '%D'", my_id
, other_id
);
118 auth_data
= keymat
->get_psk_sig(keymat
, FALSE
, ike_sa_init
, other_nonce
,
119 key
->get_key(key
), my_id
);
121 DBG2(DBG_IKE
, "successfully created shared key MAC");
122 *auth_payload
= auth_payload_create();
123 (*auth_payload
)->set_auth_method(*auth_payload
, AUTH_PSK
);
124 (*auth_payload
)->set_data(*auth_payload
, auth_data
);
126 chunk_free(&auth_data
);
131 * Implementation of authenticator_t.destroy.
133 static void destroy(private_psk_authenticator_t
*this)
139 * Described in header.
141 psk_authenticator_t
*psk_authenticator_create(ike_sa_t
*ike_sa
)
143 private_psk_authenticator_t
*this = malloc_thing(private_psk_authenticator_t
);
145 /* public functions */
146 this->public.authenticator_interface
.verify
= (status_t(*)(authenticator_t
*,chunk_t
,chunk_t
,auth_payload_t
*))verify
;
147 this->public.authenticator_interface
.build
= (status_t(*)(authenticator_t
*,chunk_t
,chunk_t
,auth_payload_t
**))build
;
148 this->public.authenticator_interface
.destroy
= (void(*)(authenticator_t
*))destroy
;
151 this->ike_sa
= ike_sa
;
153 return &this->public;
projects / strongswan.git / blob