lookup of private key based on keyid of public key
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 30 May 2006 07:53:13 +0000 (07:53 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 30 May 2006 07:53:13 +0000 (07:53 -0000)
src/charon/sa/authenticator.c

index 3aeb879..52bd256 100644 (file)
@@ -150,7 +150,7 @@ static chunk_t allocate_octets(private_authenticator_t *this,
        current_pos += other_nonce.len;
        prf->get_bytes(prf, id_with_header_chunk, current_pos);
        
        current_pos += other_nonce.len;
        prf->get_bytes(prf, id_with_header_chunk, current_pos);
        
-       this->logger->log_chunk(this->logger,RAW | LEVEL2, "Octets (Mesage + Nonce + prf(Sk_px,Idx)",octets);
+       this->logger->log_chunk(this->logger,RAW | LEVEL2, "octets (message + nonce + prf(Sk_px,Idx)",octets);
        return octets;
 }
 
        return octets;
 }
 
@@ -177,7 +177,7 @@ static chunk_t build_preshared_secret_signature(private_authenticator_t *this,
        this->prf->set_key(this->prf, key);
        this->prf->allocate_bytes(this->prf, octets, &auth_data);
        chunk_free(&octets);
        this->prf->set_key(this->prf, key);
        this->prf->allocate_bytes(this->prf, octets, &auth_data);
        chunk_free(&octets);
-       this->logger->log_chunk(this->logger,RAW | LEVEL2, "Authenticated data",auth_data);
+       this->logger->log_chunk(this->logger,RAW | LEVEL2, "authenticated data",auth_data);
 
        return auth_data;
 }
 
        return auth_data;
 }
@@ -206,7 +206,7 @@ static status_t verify_auth_data (private_authenticator_t *this,
                                                                                                                        &preshared_secret);
                        if (status != SUCCESS)
                        {
                                                                                                                        &preshared_secret);
                        if (status != SUCCESS)
                        {
-                               this->logger->log(this->logger, ERROR|LEVEL1, "No shared secret found for %s",
+                               this->logger->log(this->logger, ERROR|LEVEL1, "no shared secret found for '%s'",
                                                                  other_id->get_string(other_id));
                                other_id->destroy(other_id);
                                return status;  
                                                                  other_id->get_string(other_id));
                                other_id->destroy(other_id);
                                return status;  
@@ -227,13 +227,13 @@ static status_t verify_auth_data (private_authenticator_t *this,
                        }
                        else if (memcmp(auth_data.ptr,my_auth_data.ptr, my_auth_data.len) == 0)
                        {
                        }
                        else if (memcmp(auth_data.ptr,my_auth_data.ptr, my_auth_data.len) == 0)
                        {
-                               this->logger->log(this->logger, CONTROL, "Authentication of %s with preshared secret successful",
+                               this->logger->log(this->logger, CONTROL, "authentication of '%s' with preshared secret successful",
                                                                                other_id->get_string(other_id));
                                status = SUCCESS;
                        }
                        else
                        {
                                                                                other_id->get_string(other_id));
                                status = SUCCESS;
                        }
                        else
                        {
-                               this->logger->log(this->logger, CONTROL, "Authentication of %s with preshared secret failed",
+                               this->logger->log(this->logger, ERROR, "authentication of '%s' with preshared secret failed",
                                                                                other_id->get_string(other_id));
                                status = FAILED;
                        }
                                                                                other_id->get_string(other_id));
                                status = FAILED;
                        }
@@ -254,7 +254,7 @@ static status_t verify_auth_data (private_authenticator_t *this,
                                                                                                                         other_id);
                        if (public_key == NULL)
                        {
                                                                                                                         other_id);
                        if (public_key == NULL)
                        {
-                               this->logger->log(this->logger, ERROR|LEVEL1, "No RSA public key found for %s",
+                               this->logger->log(this->logger, ERROR|LEVEL1, "no public key found for '%s'",
                                                                  other_id->get_string(other_id));
                                other_id->destroy(other_id);
                                return NOT_FOUND;       
                                                                  other_id->get_string(other_id));
                                other_id->destroy(other_id);
                                return NOT_FOUND;       
@@ -265,12 +265,12 @@ static status_t verify_auth_data (private_authenticator_t *this,
                        status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
                        if (status == SUCCESS)
                        {
                        status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
                        if (status == SUCCESS)
                        {
-                               this->logger->log(this->logger, CONTROL, "Authentication of %s with RSA successful",
+                               this->logger->log(this->logger, CONTROL, "authentication of '%s' with RSA successful",
                                                                                other_id->get_string(other_id));
                        }
                        else
                        {
                                                                                other_id->get_string(other_id));
                        }
                        else
                        {
-                               this->logger->log(this->logger, CONTROL, "Authentication of %s with RSA failed",
+                               this->logger->log(this->logger, ERROR, "authentication of '%s' with RSA failed",
                                                                                other_id->get_string(other_id));
                        }
                        
                                                                                other_id->get_string(other_id));
                        }
                        
@@ -313,7 +313,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
 
                        if (status != SUCCESS)
                        {
 
                        if (status != SUCCESS)
                        {
-                               this->logger->log(this->logger, ERROR|LEVEL1, "No shared secret found for %s",
+                               this->logger->log(this->logger, ERROR, "no shared secret found for %s",
                                                                  my_id->get_string(my_id));
                                my_id->destroy(my_id);
                                return status;  
                                                                  my_id->get_string(my_id));
                                my_id->destroy(my_id);
                                return status;  
@@ -332,38 +332,61 @@ static status_t compute_auth_data (private_authenticator_t *this,
                }
                case RSA_DIGITAL_SIGNATURE:
                {
                }
                case RSA_DIGITAL_SIGNATURE:
                {
-                       identification_t *my_id = my_id_payload->get_identification(my_id_payload);
-                       rsa_private_key_t *private_key;
-                       status_t status;
+                       char buf[BUF_LEN];
                        chunk_t octets, auth_data;
                        chunk_t octets, auth_data;
+                       status_t status = NOT_FOUND;
+                       rsa_public_key_t  *my_pubkey;
+                       rsa_private_key_t *my_key;
+
+                       identification_t  *my_id = my_id_payload->get_identification(my_id_payload);
                        
                        
-                       private_key = charon->credentials->get_rsa_private_key(charon->credentials, my_id);
-                       if (private_key == NULL)
+                       this->logger->log(this->logger, CONTROL, "looking for public key belonging to '%s'",
+                                                         my_id->get_string(my_id));
+
+                       my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id);
+                       if (my_pubkey == NULL)
                        {
                        {
-                               this->logger->log(this->logger, ERROR|LEVEL1, "No RSA private key found for %s",
+                               this->logger->log(this->logger, ERROR, "no public key found for '%s'",
                                                                  my_id->get_string(my_id));
                                                                  my_id->get_string(my_id));
-                               my_id->destroy(my_id);
-                               return NOT_FOUND;       
+                               goto end_rsa;
                        }
                        }
-                       my_id->destroy(my_id);
+                       this->logger->log(this->logger, CONTROL, "matching public key found");
                        
                        
+                       chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
+                       this->logger->log(this->logger, CONTROL, "looking for private key with keyid %s", buf);
+
+                       my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
+                       if (my_key == NULL)
+                       {
+                               char buf[BUF_LEN];
+
+                               chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
+                               this->logger->log(this->logger, ERROR, "no private key found with keyid %s",
+                                                                 buf);
+                               goto end_rsa;
+                       }
+                       this->logger->log(this->logger, CONTROL, "matching private key found");
+
                        octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
                        octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
-                       
-                       status = private_key->build_emsa_pkcs1_signature(private_key, HASH_SHA1, octets, &auth_data);
+                       status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
                        chunk_free(&octets);
                        chunk_free(&octets);
+
                        if (status != SUCCESS)
                        {
                        if (status != SUCCESS)
                        {
-                               private_key->destroy(private_key);
-                               return status;
+                               my_key->destroy(my_key);
+                               goto end_rsa;
                        }
                        
                        *auth_payload = auth_payload_create();
                        (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE);
                        (*auth_payload)->set_data(*auth_payload, auth_data);
 
                        }
                        
                        *auth_payload = auth_payload_create();
                        (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE);
                        (*auth_payload)->set_data(*auth_payload, auth_data);
 
-                       private_key->destroy(private_key);
+                       my_key->destroy(my_key);
                        chunk_free(&auth_data);
                        chunk_free(&auth_data);
-                       return SUCCESS;
+
+               end_rsa:
+                       my_id->destroy(my_id);
+                       return status;
                }
                default:
                {
                }
                default:
                {