auth.c File Reference

#include "common.h"
#include <assert.h>
#include <string.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include "message.h"
#include "auth.h"
#include "prf.h"
#include "integ.h"
#include "payload.h"
#include "enums.h"

Functions
uint16_t	GenerateCertAuthData (EVP_PKEY *pkey, uint8_t *data, uint32_t dlen, uint8_t *dest)
	Generate auth data using certificate private key (RSA or DSA).
int	CertAuthenticate (const struct ikev2_ctx *i2, struct CertList *cert, uint8_t *adata, uint32_t alen, uint8_t *sigbuf, uint32_t siglen)
	Authenticate peer using data acguired from CERT payload Opertation is performed in three main steps: verify certifcate against trusted CA certificate chek if certificate CommonName is on sslist verify signature.
uint16_t	GenerateAuthData (const struct ikev2_ctx *i2, uint8_t type, struct IKEv2Session *session, uint8_t *id, uint16_t idlen, uint8_t *p)
	generate data for auth payload
int	Authenticate (const struct ikev2_ctx *i2, struct CertList *cert, uint8_t type, uint8_t *data, uint16_t dlen, struct IKEv2Session *session, uint8_t *idData, uint16_t idlen)
	Authenticate a peer.
int	LoadCertData (int type, char *filename, unsigned char **cert)
	Load a certificate from a file and convert it to DER encoding.
void	AddSharedSec (struct sharedSecList **list, int idt, char *id, char *pwd, int authtype)
	add a shared secret = id/pwd to the list of acceptables shared secrets of other party
int	UpdateSharedSec (struct sharedSecList **list, int id_type, char *id, char *secret, int authtype)
	Update list or add secret to list.
int	IsAcceptable (struct sharedSecList *list, char *id, int idlen, char *pwd, int pwdlen)
	check if id/pwd is in list
void	FreeSharedSecList (struct sharedSecList *list)
	free shered secret list memory
int	AuthorizeCert (struct sharedSecList *sslist, X509 *x509)
	Check if username on user list match the certifcate common name and user is allowed to use certificate for authetnication.
uint32_t	CreateCAHashString (X509_STORE *x509_store, uint8_t **result)
	Creates a list of SHA1 hashes of public key trusted CA's as described in paragraph 3.7 RFC4306 (IKEv2).
int	GetCertAuthMethod (EVP_PKEY *pkey)
	Get authentication method for auth payload associated with this private key.

---

Function Documentation

void AddSharedSec (  struct sharedSecList **  list, int  idt, char *  id, char *  pwd, int  authtype )

add a shared secret = id/pwd to the list of acceptables shared secrets of other party Parameters: **list  ptr to list idt  id type *id  id *pwd  password authtype  allowed authetnication type

int Authenticate (  const struct ikev2_ctx *  i2, struct CertList *  cert, uint8_t  type, uint8_t *  data, uint16_t  dlen, struct IKEv2Session *  session, uint8_t *  idData, uint16_t  idlen )

Authenticate a peer. Parameters: *i2  IKEv2 context *cert  list of raw certificate data type  auth payload type *data  auth data dlen  auth data length *session  current IKEv2 session *idData  peer identification data idlen  idData length Returns: 1 on success, 0 otherwise

int AuthorizeCert (  struct sharedSecList *  sslist, X509 *  x509 )

Check if username on user list match the certifcate common name and user is allowed to use certificate for authetnication. Parameters: sslist  shared secret list x509  certificate Returns: 1 on success, 0 on fail

int CertAuthenticate (  const struct ikev2_ctx *  i2, struct CertList *  cert, uint8_t *  adata, uint32_t  alen, uint8_t *  sigbuf, uint32_t  siglen )

Authenticate peer using data acguired from CERT payload Opertation is performed in three main steps: verify certifcate against trusted CA certificate chek if certificate CommonName is on sslist verify signature. Parameters: *i2  IKEv2 context data *cert  certificate data *adata  data to verify alen  adata length *sigbuf  sigbuf signature to verify siglen  signature siglen Returns: 1 on succes, 0 otherwise

uint32_t CreateCAHashString (  X509_STORE *  x509_store, uint8_t **  result )

Creates a list of SHA1 hashes of public key trusted CA's as described in paragraph 3.7 RFC4306 (IKEv2). Parameters: x509_store  local cert store result  place for result Returns: length of result, or 0 in case of error

void FreeSharedSecList (  struct sharedSecList *  list  )

free shered secret list memory Parameters: *list  ptr to list

uint16_t GenerateAuthData (  const struct ikev2_ctx *  i2, uint8_t  type, struct IKEv2Session *  session, uint8_t *  id, uint16_t  idlen, uint8_t *  p )

generate data for auth payload Parameters: *i2  ikev2 context data type  type of auth *session  ptr to sessiot struct *id  ptr to id data idlen  id data length *p  ptr to dest buffer Returns: legth of auth data

uint16_t GenerateCertAuthData (  EVP_PKEY *  pkey, uint8_t *  data, uint32_t  dlen, uint8_t *  dest )

Generate auth data using certificate private key (RSA or DSA). Parameters: pkey  private key structure data  to sign dlen  data length *dest  place for sign Returns: length of sign

int GetCertAuthMethod (  EVP_PKEY *  pkey  )

Get authentication method for auth payload associated with this private key. Parameters: *pkey  private key data Returns: IKEv2_AMT_RSA_DS | IKEv2_AMT_DSS_DS | -1 in case of unknown type

int IsAcceptable (  struct sharedSecList *  list, char *  id, int  idlen, char *  pwd, int  pwdlen )

check if id/pwd is in list Warning: kwz: this function is unused Parameters: *list  ptr to list *id  id idlen  id length *pwd  password pwdlen  password length Returns: 1 if found, 0 otherwise

int LoadCertData (  int  type, char *  filename, unsigned char **  cert )

Load a certificate from a file and convert it to DER encoding. Parameters: type  type of certificate *filename  name of file containing certificate **cert  result Returns: length in bytes of cert

int UpdateSharedSec (  struct sharedSecList **  list, int  id_type, char *  id, char *  secret, int  authtype )

Update list or add secret to list. Parameters: **list  ptr to shared secret list id_type  id type *id  id *secret  password authtype  allowed authetnication type Returns: 0 on success, non 0 otherwise

---

Project hosted by: