make config_auth_method_t backward compatible to existing sql templates
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 10 Jun 2008 20:31:53 +0000 (20:31 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 10 Jun 2008 20:31:53 +0000 (20:31 -0000)
src/charon/config/peer_cfg.h
src/charon/sa/authenticators/pubkey_authenticator.c
src/starter/starterstroke.c

index d682534..7b9b01a 100644 (file)
@@ -86,11 +86,11 @@ extern enum_name_t *unique_policy_names;
  */
 enum config_auth_method_t {
        /** authentication using public keys (RSA, ECDSA) */
-       CONF_AUTH_PUBKEY = 0,
+       CONF_AUTH_PUBKEY =      1,
        /** authentication using a pre-shared secret */
-       CONF_AUTH_PSK,
+       CONF_AUTH_PSK =         2,
        /** authentication using EAP */
-       CONF_AUTH_EAP,
+       CONF_AUTH_EAP =         3,
 };
 
 /**
index 15a79e2..46e0be4 100644 (file)
@@ -132,8 +132,6 @@ static status_t build(private_pubkey_authenticator_t *this, chunk_t ike_sa_init,
        signature_scheme_t scheme;
 
        my_id = this->ike_sa->get_my_id(this->ike_sa);
-       DBG1(DBG_IKE, "authentication of '%D' (myself) with public key", my_id);
-       
        auth = this->ike_sa->get_my_auth(this->ike_sa);
        private = charon->credentials->get_private(charon->credentials, KEY_ANY,
                                                                                           my_id, auth);
@@ -168,7 +166,8 @@ static status_t build(private_pubkey_authenticator_t *this, chunk_t ike_sa_init,
                                        auth_method = AUTH_ECDSA_521;
                                        break;
                                default:
-                                       DBG1(DBG_IKE, "ECDSA not supported by private key");
+                                       DBG1(DBG_IKE, "%d bit ECDSA private key size not supported",
+                                                       private->get_keysize(private));
                                        return status;
                        }
                        break;
@@ -177,7 +176,6 @@ static status_t build(private_pubkey_authenticator_t *this, chunk_t ike_sa_init,
                                        key_type_names, private->get_type(private));
                        return status;
        }
-       
        prf = this->ike_sa->get_prf(this->ike_sa);
        prf->set_key(prf, this->ike_sa->get_skp_build(this->ike_sa));
        octets = build_tbs_octets(ike_sa_init, other_nonce, my_id, prf);
@@ -190,12 +188,10 @@ static status_t build(private_pubkey_authenticator_t *this, chunk_t ike_sa_init,
                *auth_payload = payload;
                chunk_free(&auth_data);
                status = SUCCESS;
-               DBG2(DBG_IKE, "successfully built %N with private key", auth_method_names, auth_method);
-       }
-       else
-       {
-               DBG1(DBG_IKE, "building signature failed");
        }
+       DBG1(DBG_IKE, "authentication of '%D' (myself) with %N %s", my_id,
+                       auth_method_names, auth_method,
+                       (status == SUCCESS)? "successful":"failed");
        chunk_free(&octets);
        private->destroy(private);
        
index 0183c26..b7d0d32 100644 (file)
 #include "files.h"
 
 /**
- * Authentication mehtods, must be the same as in charon
+ * Authentication methods, must be the same as in charon/config/peer_cfg.h
  */
 enum auth_method_t {
-       AUTH_PUBKEY = 0,
-       AUTH_PSK,
-       AUTH_EAP,
+       AUTH_PUBKEY =   1,
+       AUTH_PSK =              2,
+       AUTH_EAP =              3
 };
 
 static char* push_string(stroke_msg_t *msg, char *string)