2 * Copyright (C) 2011 Martin Willi
3 * Copyright (C) 2011 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 #include "psk_v1_authenticator.h"
19 #include <sa/ikev1/keymat_v1.h>
20 #include <encoding/payloads/hash_payload.h>
22 typedef struct private_psk_v1_authenticator_t private_psk_v1_authenticator_t
;
25 * Private data of an psk_v1_authenticator_t object.
27 struct private_psk_v1_authenticator_t
{
30 * Public authenticator_t interface.
32 psk_v1_authenticator_t
public;
40 * TRUE if we are initiator
50 * Others DH public value
55 * Encoded SA payload, without fixed header
60 * Encoded ID payload, without fixed header
65 * Used for Hybrid authentication to build hash without PSK?
70 METHOD(authenticator_t
, build
, status_t
,
71 private_psk_v1_authenticator_t
*this, message_t
*message
)
73 hash_payload_t
*hash_payload
;
77 if (!this->dh
->get_my_public_value(this->dh
, &dh
))
81 keymat
= (keymat_v1_t
*)this->ike_sa
->get_keymat(this->ike_sa
);
82 if (!keymat
->get_hash(keymat
, this->initiator
, dh
, this->dh_value
,
83 this->ike_sa
->get_id(this->ike_sa
), this->sa_payload
,
84 this->id_payload
, &hash
))
91 hash_payload
= hash_payload_create(PLV1_HASH
);
92 hash_payload
->set_hash(hash_payload
, hash
);
93 message
->add_payload(message
, &hash_payload
->payload_interface
);
99 METHOD(authenticator_t
, process
, status_t
,
100 private_psk_v1_authenticator_t
*this, message_t
*message
)
102 hash_payload_t
*hash_payload
;
107 hash_payload
= (hash_payload_t
*)message
->get_payload(message
, PLV1_HASH
);
110 DBG1(DBG_IKE
, "HASH payload missing in message");
114 if (!this->dh
->get_my_public_value(this->dh
, &dh
))
118 keymat
= (keymat_v1_t
*)this->ike_sa
->get_keymat(this->ike_sa
);
119 if (!keymat
->get_hash(keymat
, !this->initiator
, this->dh_value
, dh
,
120 this->ike_sa
->get_id(this->ike_sa
), this->sa_payload
,
121 this->id_payload
, &hash
))
127 if (chunk_equals(hash
, hash_payload
->get_hash(hash_payload
)))
132 auth
= this->ike_sa
->get_auth_cfg(this->ike_sa
, FALSE
);
133 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, AUTH_CLASS_PSK
);
138 DBG1(DBG_IKE
, "calculated HASH does not match HASH payload");
142 METHOD(authenticator_t
, destroy
, void,
143 private_psk_v1_authenticator_t
*this)
145 chunk_free(&this->id_payload
);
150 * Described in header.
152 psk_v1_authenticator_t
*psk_v1_authenticator_create(ike_sa_t
*ike_sa
,
153 bool initiator
, diffie_hellman_t
*dh
,
154 chunk_t dh_value
, chunk_t sa_payload
,
155 chunk_t id_payload
, bool hybrid
)
157 private_psk_v1_authenticator_t
*this;
164 .is_mutual
= (void*)return_false
,
169 .initiator
= initiator
,
171 .dh_value
= dh_value
,
172 .sa_payload
= sa_payload
,
173 .id_payload
= id_payload
,
177 return &this->public;