d7a4b3eef1fa8a2cfc891b8a5ba1b969ab077d0f
[strongswan.git] / src / libcharon / sa / authenticator.c
1 /*
2 * Copyright (C) 2006-2009 Martin Willi
3 * Copyright (C) 2008 Tobias Brunner
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <string.h>
18
19 #include "authenticator.h"
20
21 #include <sa/ikev2/authenticators/pubkey_authenticator.h>
22 #include <sa/ikev2/authenticators/psk_authenticator.h>
23 #include <sa/ikev2/authenticators/eap_authenticator.h>
24 #include <sa/ikev1/authenticators/psk_v1_authenticator.h>
25 #include <sa/ikev1/authenticators/pubkey_v1_authenticator.h>
26 #include <sa/ikev1/authenticators/hybrid_authenticator.h>
27 #include <encoding/payloads/auth_payload.h>
28
29
30 ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
31 "RSA signature",
32 "pre-shared key",
33 "DSS signature");
34 ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_ECDSA_521, AUTH_DSS,
35 "ECDSA-256 signature",
36 "ECDSA-384 signature",
37 "ECDSA-521 signature");
38 ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_ECDSA_521,
39 "XAuthInitPSK",
40 "XAuthRespPSK",
41 "XAuthInitRSA",
42 "XauthRespRSA",
43 "HybridInitRSA",
44 "HybridRespRSA",
45 );
46 ENUM_END(auth_method_names, AUTH_HYBRID_RESP_RSA);
47
48 /**
49 * Described in header.
50 */
51 authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg,
52 chunk_t received_nonce, chunk_t sent_nonce,
53 chunk_t received_init, chunk_t sent_init,
54 char reserved[3])
55 {
56 switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
57 {
58 case AUTH_CLASS_ANY:
59 /* defaults to PUBKEY */
60 case AUTH_CLASS_PUBKEY:
61 return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa,
62 received_nonce, sent_init, reserved);
63 case AUTH_CLASS_PSK:
64 return (authenticator_t*)psk_authenticator_create_builder(ike_sa,
65 received_nonce, sent_init, reserved);
66 case AUTH_CLASS_EAP:
67 return (authenticator_t*)eap_authenticator_create_builder(ike_sa,
68 received_nonce, sent_nonce,
69 received_init, sent_init, reserved);
70 default:
71 return NULL;
72 }
73 }
74
75 /**
76 * Described in header.
77 */
78 authenticator_t *authenticator_create_verifier(
79 ike_sa_t *ike_sa, message_t *message,
80 chunk_t received_nonce, chunk_t sent_nonce,
81 chunk_t received_init, chunk_t sent_init,
82 char reserved[3])
83 {
84 auth_payload_t *auth_payload;
85
86 auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
87 if (auth_payload == NULL)
88 {
89 return (authenticator_t*)eap_authenticator_create_verifier(ike_sa,
90 received_nonce, sent_nonce,
91 received_init, sent_init, reserved);
92 }
93 switch (auth_payload->get_auth_method(auth_payload))
94 {
95 case AUTH_RSA:
96 case AUTH_ECDSA_256:
97 case AUTH_ECDSA_384:
98 case AUTH_ECDSA_521:
99 return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
100 sent_nonce, received_init, reserved);
101 case AUTH_PSK:
102 return (authenticator_t*)psk_authenticator_create_verifier(ike_sa,
103 sent_nonce, received_init, reserved);
104 default:
105 return NULL;
106 }
107 }
108
109 /**
110 * Described in header.
111 */
112 authenticator_t *authenticator_create_v1(ike_sa_t *ike_sa, bool initiator,
113 auth_method_t auth_method, diffie_hellman_t *dh,
114 chunk_t dh_value, chunk_t sa_payload,
115 chunk_t id_payload)
116 {
117 switch (auth_method)
118 {
119 case AUTH_PSK:
120 case AUTH_XAUTH_INIT_PSK:
121 case AUTH_XAUTH_RESP_PSK:
122 return (authenticator_t*)psk_v1_authenticator_create(ike_sa,
123 initiator, dh, dh_value, sa_payload,
124 id_payload);
125 case AUTH_RSA:
126 case AUTH_XAUTH_INIT_RSA:
127 case AUTH_XAUTH_RESP_RSA:
128 return (authenticator_t*)pubkey_v1_authenticator_create(ike_sa,
129 initiator, dh, dh_value, sa_payload,
130 id_payload);
131 case AUTH_HYBRID_INIT_RSA:
132 case AUTH_HYBRID_RESP_RSA:
133 return (authenticator_t*)hybrid_authenticator_create(ike_sa,
134 initiator, dh, dh_value, sa_payload,
135 id_payload);
136 default:
137 return NULL;
138 }
139 }