- forgot to add
authorJan Hutter <jhutter@hsr.ch>
Sat, 3 Dec 2005 12:32:26 +0000 (12:32 -0000)
committerJan Hutter <jhutter@hsr.ch>
Sat, 3 Dec 2005 12:32:26 +0000 (12:32 -0000)
Source/charon/sa/authenticator.c [new file with mode: 0644]
Source/charon/sa/authenticator.h [new file with mode: 0644]

diff --git a/Source/charon/sa/authenticator.c b/Source/charon/sa/authenticator.c
new file mode 100644 (file)
index 0000000..6ab1b00
--- /dev/null
@@ -0,0 +1,225 @@
+/**
+ * @file authenticator.c
+ *
+ * @brief Implementation of authenticator.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "authenticator.h"
+
+#include <utils/allocator.h>
+
+typedef struct private_authenticator_t private_authenticator_t;
+
+/**
+ * Private data of an authenticator_t object.
+ */
+struct private_authenticator_t {
+
+       /**
+        * Public interface.
+        */
+       authenticator_t public;
+
+       /**
+        * IKE_SA.
+        */
+       protected_ike_sa_t *ike_sa;
+
+       /**
+        * A logger for.
+        * 
+        * Using logger of IKE_SA.
+        */
+       logger_t *logger;
+       
+       /**
+        * TODO
+        */
+       chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,identification_t *my_id);
+       
+       chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t octets,chunk_t preshared_secret);
+};
+
+/**
+ * Implementation of authenticator_t.private_authenticator_t.
+ */
+static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,identification_t *my_id)
+{
+       chunk_t id_chunk = my_id->get_encoding(my_id);
+       u_int8_t id_with_header[4 + id_chunk.len];
+       chunk_t id_with_header_chunk;
+       chunk_t octets;
+       u_int8_t *current_pos;
+       prf_t *prf;
+       
+       id_with_header[0] = my_id->get_type(my_id);
+       id_with_header[1] = 0x00;
+       id_with_header[2] = 0x00;
+       id_with_header[3] = 0x00;
+       memcpy(id_with_header + 4,id_chunk.ptr,id_chunk.len);
+       id_with_header_chunk.ptr = id_with_header;
+       id_with_header_chunk.len = sizeof(id_with_header);
+       
+       prf = this->ike_sa->get_prf(this->ike_sa);
+       
+       prf->set_key(prf,this->ike_sa->get_key_pr(this->ike_sa));
+       
+       
+       /* 4 bytes are id type and reserved fields of id payload */
+       octets.len = last_message.len + other_nonce.len + prf->get_block_size(prf);
+       octets.ptr = allocator_alloc(octets.len);
+       current_pos = octets.ptr;
+       memcpy(current_pos,last_message.ptr,last_message.len);
+       current_pos += last_message.len;
+       memcpy(current_pos,other_nonce.ptr,other_nonce.len);
+       current_pos += other_nonce.len;
+       prf->get_bytes(prf,id_with_header_chunk,current_pos);
+       
+       this->logger->log_chunk(this->logger,RAW | MORE, "Octets (Mesage + Nonce + prf(Sk_px,Idx)",&octets);
+       return octets;
+}
+
+/**
+ * Implementation of authenticator_t.allocate_auth_data_with_preshared_secret.
+ */
+static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t octets,chunk_t preshared_secret)
+{
+       prf_t *prf = this->ike_sa->get_prf(this->ike_sa);
+       chunk_t auth_data;      
+       chunk_t key_pad;
+       chunk_t key;
+       
+       key_pad.ptr = "Key Pad for IKEv2";
+       key_pad.len = strlen(key_pad.ptr);
+
+       prf->set_key(prf,preshared_secret);
+       prf->allocate_bytes(prf,key_pad,&key);
+       prf->set_key(prf,key);
+       allocator_free_chunk(&key);
+       prf->allocate_bytes(prf,octets,&auth_data);
+       this->logger->log_chunk(this->logger,RAW | MORE, "Authenticated data",&auth_data);
+                       
+       return auth_data;
+}
+
+
+/**
+ * Implementation of authenticator_t.verify_authentication.
+ */
+static status_t verify_authentication (private_authenticator_t *this,auth_method_t auth_method, chunk_t auth_data, chunk_t last_message, chunk_t other_nonce,identification_t *my_id,bool *verified)
+{
+       switch(auth_method)
+       {
+               case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
+               {
+                       
+                       chunk_t preshared_secret;
+                       
+                       preshared_secret.ptr = "secret";
+                       preshared_secret.len = strlen(preshared_secret.ptr);
+                       
+                       chunk_t octets = this->allocate_octets(this,last_message, other_nonce,my_id);
+                       chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,octets,preshared_secret);
+
+                       allocator_free_chunk(&octets);                          
+
+                       if (auth_data.len != my_auth_data.len)
+                       {
+                               *verified = FALSE;
+                               allocator_free_chunk(&my_auth_data);
+                               return SUCCESS;
+                       }
+                       if (memcmp(auth_data.ptr,my_auth_data.ptr,my_auth_data.len) == 0)
+                       {
+                               *verified = TRUE;
+                       }
+                       else
+                       {
+                               *verified = FALSE;
+                       }
+                       allocator_free_chunk(&my_auth_data);            
+                       return SUCCESS;
+               }
+               default:
+               {
+                       return NOT_SUPPORTED;
+               }
+       }
+}
+
+/**
+ * Implementation of authenticator_t.allocate_auth_data.
+ */
+static status_t allocate_auth_data (private_authenticator_t *this,auth_method_t auth_method,chunk_t last_message, chunk_t other_nonce,identification_t *my_id,chunk_t *auth_data)
+{
+       switch(auth_method)
+       {
+               case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
+               {
+                       chunk_t preshared_secret;
+                       
+                       preshared_secret.ptr = "secret";
+                       preshared_secret.len = strlen(preshared_secret.ptr);
+                       
+                       chunk_t octets = this->allocate_octets(this,last_message, other_nonce,my_id);
+                       chunk_t my_auth_data = allocate_auth_data_with_preshared_secret(this,octets,preshared_secret);
+                       
+                       allocator_free_chunk(&octets);
+                       
+                       *auth_data = my_auth_data;
+                       
+                       return SUCCESS;
+               }
+               default:
+               {
+                       return NOT_SUPPORTED;
+               }
+       }
+}
+
+/**
+ * Implementation of authenticator_t.destroy.
+ */
+static void destroy (private_authenticator_t *this)
+{
+       allocator_free(this);
+}
+
+/*
+ * Described in header.
+ */
+authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
+{
+       private_authenticator_t *this = allocator_alloc_thing(private_authenticator_t);
+
+       /* Public functions */
+       this->public.destroy = (void(*)(authenticator_t*))destroy;
+       this->public.verify_authentication = (status_t (*) (authenticator_t *,auth_method_t , chunk_t , chunk_t , chunk_t ,identification_t *,bool *) )verify_authentication;
+       this->public.allocate_auth_data = (status_t (*)  (authenticator_t *,auth_method_t ,chunk_t , chunk_t ,identification_t *,chunk_t *)) allocate_auth_data;
+       
+       /* private functions */
+       this->allocate_octets = allocate_octets;
+       this->allocate_auth_data_with_preshared_secret = allocate_auth_data_with_preshared_secret;
+       
+       /* private data */
+       this->ike_sa = ike_sa;
+       this->logger = this->ike_sa->get_logger(this->ike_sa);
+       
+       return  &(this->public);
+}
diff --git a/Source/charon/sa/authenticator.h b/Source/charon/sa/authenticator.h
new file mode 100644 (file)
index 0000000..3978cf1
--- /dev/null
@@ -0,0 +1,77 @@
+/**
+ * @file authenticator.h
+ *
+ * @brief Interface of authenticator.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+
+#ifndef _AUTHENTICATOR_H_
+#define _AUTHENTICATOR_H_
+
+
+#include <types.h>
+#include <encoding/payloads/auth_payload.h>
+#include <utils/identification.h>
+#include <sa/ike_sa.h>
+
+
+typedef struct authenticator_t authenticator_t;
+
+
+/**
+ * @brief Class authenticator_t. Used to authenticate a peer.
+ * 
+ * Currently only preshared secret as auth_method supported!
+ * 
+ * @ingroup sa
+ */
+struct authenticator_t {
+
+       /**
+        * @brief Verifying of given authentication data.
+        *
+        * TODO
+        * @param this                  authenticator_t object
+        * @return
+        *                                              - NOT_SUPPORTED if auth_method is not supported
+        */
+       status_t (*verify_authentication) (authenticator_t *this,auth_method_t auth_method, chunk_t auth_data, chunk_t last_message, chunk_t other_nonce,identification_t *my_id,bool *verified);
+
+       /**
+        * @brief Verifying of given authentication data.
+        *
+        * TODO
+        * @param this                  authenticator_t object
+        * @return
+        *                                              - NOT_SUPPORTED if auth_method is not supported
+        */
+       status_t (*allocate_auth_data) (authenticator_t *this,auth_method_t auth_method,chunk_t last_message, chunk_t other_nonce,identification_t *my_id,chunk_t *auth_data);
+
+
+       /**
+        * @brief Destroys a authenticator_t object.
+        *
+        * @param this                  authenticator_t object
+        */
+       void (*destroy) (authenticator_t *this);
+};
+
+authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa);
+
+#endif //_AUTHENTICATOR_H_