add priority management for kernel policy
[strongswan.git] / src / charon / sa / authenticator.c
index 81dee0b..8dcfc04 100644 (file)
@@ -6,7 +6,8 @@
  */
 
 /*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -47,7 +48,12 @@ struct private_authenticator_t {
        /**
         * Assigned IKE_SA. Needed to get objects of type prf_t and logger_t.
         */
-       protected_ike_sa_t *ike_sa;
+       ike_sa_t *ike_sa;
+       
+       /**
+        * auth_method to create own signature/mac/whatever..
+        */
+       auth_method_t auth_method;
        
        /**
         * PRF taken from the IKE_SA.
@@ -206,7 +212,7 @@ static status_t verify_auth_data (private_authenticator_t *this,
                                                                                                                        &preshared_secret);
                        if (status != SUCCESS)
                        {
-                               this->logger->log(this->logger, ERROR|LEVEL1, "no shared secret found for '%s'",
+                               this->logger->log(this->logger, ERROR, "no shared secret found for '%s'",
                                                                  other_id->get_string(other_id));
                                other_id->destroy(other_id);
                                return status;  
@@ -243,18 +249,17 @@ static status_t verify_auth_data (private_authenticator_t *this,
                }
                case RSA_DIGITAL_SIGNATURE:
                {
-                       identification_t *other_id = other_id_payload->get_identification(other_id_payload);
-                       rsa_public_key_t *public_key;
                        status_t status;
-                       chunk_t octets, auth_data;
-                       
-                       auth_data = auth_payload->get_data(auth_payload);
-                       
-                       public_key = charon->credentials->get_rsa_public_key(charon->credentials,
-                                                                                                                        other_id);
+                       chunk_t octets;
+                       chunk_t auth_data = auth_payload->get_data(auth_payload);
+                       identification_t *other_id = other_id_payload->get_identification(other_id_payload);
+
+                       rsa_public_key_t *public_key =
+                               charon->credentials->get_trusted_public_key(charon->credentials, other_id);
+
                        if (public_key == NULL)
                        {
-                               this->logger->log(this->logger, ERROR|LEVEL1, "no public key found for '%s'",
+                               this->logger->log(this->logger, ERROR, "no public key found for '%s'",
                                                                  other_id->get_string(other_id));
                                other_id->destroy(other_id);
                                return NOT_FOUND;       
@@ -274,7 +279,6 @@ static status_t verify_auth_data (private_authenticator_t *this,
                                                                                other_id->get_string(other_id));
                        }
                        
-                       public_key->destroy(public_key);
                        other_id->destroy(other_id);
                        chunk_free(&octets);
                        return status;
@@ -295,10 +299,8 @@ static status_t compute_auth_data (private_authenticator_t *this,
                                                                        chunk_t other_nonce,
                                                                        id_payload_t *my_id_payload,
                                                                        bool initiator)
-{
-       connection_t *connection = this->ike_sa->get_connection(this->ike_sa);
-       
-       switch(connection->get_auth_method(connection))
+{      
+       switch(this->auth_method)
        {
                case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
                {
@@ -340,7 +342,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
 
                        identification_t  *my_id = my_id_payload->get_identification(my_id_payload);
                        
-                       this->logger->log(this->logger, CONTROL, "looking for public key belonging to '%s'",
+                       this->logger->log(this->logger, CONTROL|LEVEL1, "looking for public key belonging to '%s'",
                                                          my_id->get_string(my_id));
 
                        my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id);
@@ -350,23 +352,22 @@ static status_t compute_auth_data (private_authenticator_t *this,
                                                                  my_id->get_string(my_id));
                                goto end_rsa;
                        }
-                       this->logger->log(this->logger, CONTROL, "matching public key found");
+                       this->logger->log(this->logger, CONTROL|LEVEL2, "matching public key found");
                        
                        chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
-                       this->logger->log(this->logger, CONTROL, "looking for private key with keyid %s", buf);
+                       this->logger->log(this->logger, CONTROL|LEVEL1, "looking for private key with keyid %s", buf);
 
                        my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
-                       my_pubkey->destroy(my_pubkey);
                        if (my_key == NULL)
                        {
                                char buf[BUF_LEN];
 
                                chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
-                               this->logger->log(this->logger, ERROR, "no private key found with keyid %s",
-                                                                 buf);
+                               this->logger->log(this->logger, ERROR, "no private key found with for %s with keyid %s",
+                                                                 my_id->get_string(my_id), buf);
                                goto end_rsa;
                        }
-                       this->logger->log(this->logger, CONTROL, "matching private key found");
+                       this->logger->log(this->logger, CONTROL|LEVEL2, "matching private key found");
 
                        octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
                        status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
@@ -407,7 +408,7 @@ static void destroy (private_authenticator_t *this)
 /*
  * Described in header.
  */
-authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
+authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method)
 {
        private_authenticator_t *this = malloc_thing(private_authenticator_t);
 
@@ -422,6 +423,7 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
        
        /* private data */
        this->ike_sa = ike_sa;
+       this->auth_method = auth_method;
        this->prf = this->ike_sa->get_prf(this->ike_sa);
        this->logger = logger_manager->get_logger(logger_manager, IKE_SA);