loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
[strongswan.git] / src / charon / sa / authenticators / rsa_authenticator.c
1 /*
2 * Copyright (C) 2005-2006 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * $Id$
17 */
18
19 #include <string.h>
20
21 #include "rsa_authenticator.h"
22
23 #include <daemon.h>
24 #include <credentials/auth_info.h>
25
26
27 typedef struct private_rsa_authenticator_t private_rsa_authenticator_t;
28
29 /**
30 * Private data of an rsa_authenticator_t object.
31 */
32 struct private_rsa_authenticator_t {
33
34 /**
35 * Public authenticator_t interface.
36 */
37 rsa_authenticator_t public;
38
39 /**
40 * Assigned IKE_SA
41 */
42 ike_sa_t *ike_sa;
43 };
44
45 /**
46 * Function implemented in psk_authenticator.c
47 */
48 extern chunk_t build_tbs_octets(chunk_t ike_sa_init, chunk_t nonce,
49 identification_t *id, prf_t *prf);
50
51 /**
52 * Implementation of authenticator_t.verify.
53 */
54 static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
55 chunk_t my_nonce, auth_payload_t *auth_payload)
56 {
57 public_key_t *public;
58 chunk_t auth_data, octets;
59 identification_t *other_id;
60 prf_t *prf;
61 auth_info_t *auth, *current_auth;
62 enumerator_t *enumerator;
63 status_t status = FAILED;
64
65 other_id = this->ike_sa->get_other_id(this->ike_sa);
66
67 if (auth_payload->get_auth_method(auth_payload) != AUTH_RSA)
68 {
69 return INVALID_ARG;
70 }
71 auth_data = auth_payload->get_data(auth_payload);
72 prf = this->ike_sa->get_prf(this->ike_sa);
73 prf->set_key(prf, this->ike_sa->get_skp_verify(this->ike_sa));
74 octets = build_tbs_octets(ike_sa_init, my_nonce, other_id, prf);
75
76 auth = this->ike_sa->get_other_auth(this->ike_sa);
77 enumerator = charon->credentials->create_public_enumerator(
78 charon->credentials, KEY_RSA, other_id, auth);
79 while (enumerator->enumerate(enumerator, &public, &current_auth))
80 {
81 /* We are currently fixed to SHA1 hashes.
82 * TODO: allow other hash algorithms and note it in "auth" */
83 if (public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, octets, auth_data))
84 {
85 DBG1(DBG_IKE, "authentication of '%D' with %N successful",
86 other_id, auth_method_names, AUTH_RSA);
87 status = SUCCESS;
88 auth->merge(auth, current_auth);
89 break;
90 }
91 else
92 {
93 DBG1(DBG_IKE, "signature validation failed, looking for another key");
94 }
95 }
96 enumerator->destroy(enumerator);
97 chunk_free(&octets);
98 return status;
99 }
100
101 /**
102 * Implementation of authenticator_t.build.
103 */
104 static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
105 chunk_t other_nonce, auth_payload_t **auth_payload)
106 {
107 chunk_t octets, auth_data;
108 status_t status = FAILED;
109 private_key_t *private;
110 identification_t *my_id;
111 prf_t *prf;
112 auth_info_t *auth;
113
114 my_id = this->ike_sa->get_my_id(this->ike_sa);
115 DBG1(DBG_IKE, "authentication of '%D' (myself) with %N",
116 my_id, auth_method_names, AUTH_RSA);
117
118 auth = this->ike_sa->get_my_auth(this->ike_sa);
119 private = charon->credentials->get_private(charon->credentials, KEY_RSA,
120 my_id, auth);
121 if (private == NULL)
122 {
123 DBG1(DBG_IKE, "no RSA private key found for '%D'", my_id);
124 return NOT_FOUND;
125 }
126 prf = this->ike_sa->get_prf(this->ike_sa);
127 prf->set_key(prf, this->ike_sa->get_skp_build(this->ike_sa));
128 octets = build_tbs_octets(ike_sa_init, other_nonce, my_id, prf);
129 /* we currently use always SHA1 for signatures,
130 * TODO: support other hashes depending on configuration/auth */
131 if (private->sign(private, SIGN_RSA_EMSA_PKCS1_SHA1, octets, &auth_data))
132 {
133 auth_payload_t *payload = auth_payload_create();
134 payload->set_auth_method(payload, AUTH_RSA);
135 payload->set_data(payload, auth_data);
136 *auth_payload = payload;
137 chunk_free(&auth_data);
138 status = SUCCESS;
139 DBG2(DBG_IKE, "successfully signed with RSA private key");
140 }
141 else
142 {
143 DBG1(DBG_IKE, "building RSA signature failed");
144 }
145 chunk_free(&octets);
146 private->destroy(private);
147
148 return status;
149 }
150
151 /**
152 * Implementation of authenticator_t.destroy.
153 */
154 static void destroy(private_rsa_authenticator_t *this)
155 {
156 free(this);
157 }
158
159 /*
160 * Described in header.
161 */
162 rsa_authenticator_t *rsa_authenticator_create(ike_sa_t *ike_sa)
163 {
164 private_rsa_authenticator_t *this = malloc_thing(private_rsa_authenticator_t);
165
166 /* public functions */
167 this->public.authenticator_interface.verify = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t*))verify;
168 this->public.authenticator_interface.build = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t**))build;
169 this->public.authenticator_interface.destroy = (void(*)(authenticator_t*))destroy;
170
171 /* private data */
172 this->ike_sa = ike_sa;
173
174 return &this->public;
175 }