Defined hybrid IKEv1 authentication methods
[strongswan.git] / src / libcharon / sa / authenticators / authenticator.c
1 /*
2 * Copyright (C) 2006-2009 Martin Willi
3 * Copyright (C) 2008 Tobias Brunner
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <string.h>
18
19 #include "authenticator.h"
20
21 #include <sa/authenticators/pubkey_authenticator.h>
22 #include <sa/authenticators/psk_authenticator.h>
23 #include <sa/authenticators/eap_authenticator.h>
24 #include <sa/authenticators/psk_v1_authenticator.h>
25 #include <sa/authenticators/pubkey_v1_authenticator.h>
26 #include <encoding/payloads/auth_payload.h>
27
28
29 ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
30 "RSA signature",
31 "pre-shared key",
32 "DSS signature");
33 ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_ECDSA_521, AUTH_DSS,
34 "ECDSA-256 signature",
35 "ECDSA-384 signature",
36 "ECDSA-521 signature");
37 ENUM_END(auth_method_names, AUTH_ECDSA_521);
38
39 /**
40 * Described in header.
41 */
42 authenticator_t *authenticator_create_builder(ike_sa_t *ike_sa, auth_cfg_t *cfg,
43 chunk_t received_nonce, chunk_t sent_nonce,
44 chunk_t received_init, chunk_t sent_init,
45 char reserved[3])
46 {
47 switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
48 {
49 case AUTH_CLASS_ANY:
50 /* defaults to PUBKEY */
51 case AUTH_CLASS_PUBKEY:
52 return (authenticator_t*)pubkey_authenticator_create_builder(ike_sa,
53 received_nonce, sent_init, reserved);
54 case AUTH_CLASS_PSK:
55 return (authenticator_t*)psk_authenticator_create_builder(ike_sa,
56 received_nonce, sent_init, reserved);
57 case AUTH_CLASS_EAP:
58 return (authenticator_t*)eap_authenticator_create_builder(ike_sa,
59 received_nonce, sent_nonce,
60 received_init, sent_init, reserved);
61 default:
62 return NULL;
63 }
64 }
65
66 /**
67 * Described in header.
68 */
69 authenticator_t *authenticator_create_verifier(
70 ike_sa_t *ike_sa, message_t *message,
71 chunk_t received_nonce, chunk_t sent_nonce,
72 chunk_t received_init, chunk_t sent_init,
73 char reserved[3])
74 {
75 auth_payload_t *auth_payload;
76
77 auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
78 if (auth_payload == NULL)
79 {
80 return (authenticator_t*)eap_authenticator_create_verifier(ike_sa,
81 received_nonce, sent_nonce,
82 received_init, sent_init, reserved);
83 }
84 switch (auth_payload->get_auth_method(auth_payload))
85 {
86 case AUTH_RSA:
87 case AUTH_ECDSA_256:
88 case AUTH_ECDSA_384:
89 case AUTH_ECDSA_521:
90 return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
91 sent_nonce, received_init, reserved);
92 case AUTH_PSK:
93 return (authenticator_t*)psk_authenticator_create_verifier(ike_sa,
94 sent_nonce, received_init, reserved);
95 default:
96 return NULL;
97 }
98 }
99
100 /**
101 * Described in header.
102 */
103 authenticator_t *authenticator_create_v1(ike_sa_t *ike_sa, bool initiator,
104 auth_method_t auth_method, diffie_hellman_t *dh,
105 chunk_t dh_value, chunk_t sa_payload)
106 {
107 switch (auth_method)
108 {
109 case AUTH_PSK:
110 case AUTH_XAUTH_INIT_PSK:
111 case AUTH_XAUTH_RESP_PSK:
112 return (authenticator_t*)psk_v1_authenticator_create(ike_sa,
113 initiator, dh, dh_value, sa_payload);
114 case AUTH_RSA:
115 case AUTH_XAUTH_INIT_RSA:
116 case AUTH_XAUTH_RESP_RSA:
117 return (authenticator_t*)pubkey_v1_authenticator_create(ike_sa,
118 initiator, dh, dh_value, sa_payload);
119 default:
120 return NULL;
121 }
122 }