Annotation of embedaddon/strongswan/src/libcharon/plugins/eap_peap/eap_peap.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2010 Martin Willi
! 3: * Copyright (C) 2010 revosec AG
! 4: *
! 5: * Copyright (C) 2010 Andreas Steffen
! 6: * HSR Hochschule fuer Technik Rapperswil
! 7: *
! 8: * This program is free software; you can redistribute it and/or modify it
! 9: * under the terms of the GNU General Public License as published by the
! 10: * Free Software Foundation; either version 2 of the License, or (at your
! 11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 12: *
! 13: * This program is distributed in the hope that it will be useful, but
! 14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 16: * for more details.
! 17: */
! 18:
! 19: #include "eap_peap.h"
! 20: #include "eap_peap_peer.h"
! 21: #include "eap_peap_server.h"
! 22:
! 23: #include <tls_eap.h>
! 24:
! 25: #include <daemon.h>
! 26: #include <library.h>
! 27:
! 28: typedef struct private_eap_peap_t private_eap_peap_t;
! 29:
! 30: /**
! 31: * Private data of an eap_peap_t object.
! 32: */
! 33: struct private_eap_peap_t {
! 34:
! 35: /**
! 36: * Public interface.
! 37: */
! 38: eap_peap_t public;
! 39:
! 40: /**
! 41: * TLS stack, wrapped by EAP helper
! 42: */
! 43: tls_eap_t *tls_eap;
! 44: };
! 45:
! 46: /** Maximum number of EAP-PEAP messages/fragments allowed */
! 47: #define MAX_MESSAGE_COUNT 32
! 48: /** Default size of a EAP-PEAP fragment */
! 49: #define MAX_FRAGMENT_LEN 1024
! 50:
! 51: METHOD(eap_method_t, initiate, status_t,
! 52: private_eap_peap_t *this, eap_payload_t **out)
! 53: {
! 54: chunk_t data;
! 55:
! 56: if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE)
! 57: {
! 58: *out = eap_payload_create_data(data);
! 59: free(data.ptr);
! 60: return NEED_MORE;
! 61: }
! 62: return FAILED;
! 63: }
! 64:
! 65: METHOD(eap_method_t, process, status_t,
! 66: private_eap_peap_t *this, eap_payload_t *in, eap_payload_t **out)
! 67: {
! 68: status_t status;
! 69: chunk_t data;
! 70:
! 71: data = in->get_data(in);
! 72: status = this->tls_eap->process(this->tls_eap, data, &data);
! 73: if (status == NEED_MORE)
! 74: {
! 75: *out = eap_payload_create_data(data);
! 76: free(data.ptr);
! 77: }
! 78: return status;
! 79: }
! 80:
! 81: METHOD(eap_method_t, get_type, eap_type_t,
! 82: private_eap_peap_t *this, uint32_t *vendor)
! 83: {
! 84: *vendor = 0;
! 85: return EAP_PEAP;
! 86: }
! 87:
! 88: METHOD(eap_method_t, get_msk, status_t,
! 89: private_eap_peap_t *this, chunk_t *msk)
! 90: {
! 91: *msk = this->tls_eap->get_msk(this->tls_eap);
! 92: if (msk->len)
! 93: {
! 94: return SUCCESS;
! 95: }
! 96: return FAILED;
! 97: }
! 98:
! 99: METHOD(eap_method_t, get_identifier, uint8_t,
! 100: private_eap_peap_t *this)
! 101: {
! 102: return this->tls_eap->get_identifier(this->tls_eap);
! 103: }
! 104:
! 105: METHOD(eap_method_t, set_identifier, void,
! 106: private_eap_peap_t *this, uint8_t identifier)
! 107: {
! 108: this->tls_eap->set_identifier(this->tls_eap, identifier);
! 109: }
! 110:
! 111: METHOD(eap_method_t, is_mutual, bool,
! 112: private_eap_peap_t *this)
! 113: {
! 114: return TRUE;
! 115: }
! 116:
! 117: METHOD(eap_method_t, destroy, void,
! 118: private_eap_peap_t *this)
! 119: {
! 120: this->tls_eap->destroy(this->tls_eap);
! 121: free(this);
! 122: }
! 123:
! 124: /**
! 125: * Create an empty private eap_peap_t object
! 126: */
! 127: static private_eap_peap_t *eap_peap_create_empty(void)
! 128: {
! 129: private_eap_peap_t *this;
! 130:
! 131: INIT(this,
! 132: .public = {
! 133: .eap_method = {
! 134: .initiate = _initiate,
! 135: .process = _process,
! 136: .get_type = _get_type,
! 137: .is_mutual = _is_mutual,
! 138: .get_msk = _get_msk,
! 139: .get_identifier = _get_identifier,
! 140: .set_identifier = _set_identifier,
! 141: .destroy = _destroy,
! 142: },
! 143: },
! 144: );
! 145: return this;
! 146: }
! 147:
! 148: /**
! 149: * Generic private constructor
! 150: */
! 151: static eap_peap_t *eap_peap_create(private_eap_peap_t * this,
! 152: identification_t *server,
! 153: identification_t *peer, bool is_server,
! 154: tls_application_t *application)
! 155: {
! 156: size_t frag_size;
! 157: int max_msg_count;
! 158: bool include_length;
! 159: tls_t *tls;
! 160:
! 161: if (is_server && !lib->settings->get_bool(lib->settings,
! 162: "%s.plugins.eap-peap.request_peer_auth", FALSE,
! 163: lib->ns))
! 164: {
! 165: peer = NULL;
! 166: }
! 167: frag_size = lib->settings->get_int(lib->settings,
! 168: "%s.plugins.eap-peap.fragment_size", MAX_FRAGMENT_LEN,
! 169: lib->ns);
! 170: max_msg_count = lib->settings->get_int(lib->settings,
! 171: "%s.plugins.eap-peap.max_message_count", MAX_MESSAGE_COUNT,
! 172: lib->ns);
! 173: include_length = lib->settings->get_bool(lib->settings,
! 174: "%s.plugins.eap-peap.include_length", FALSE, lib->ns);
! 175: tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_PEAP,
! 176: application, NULL);
! 177: this->tls_eap = tls_eap_create(EAP_PEAP, tls, frag_size, max_msg_count,
! 178: include_length);
! 179: if (!this->tls_eap)
! 180: {
! 181: application->destroy(application);
! 182: free(this);
! 183: return NULL;
! 184: }
! 185: return &this->public;
! 186: }
! 187:
! 188: eap_peap_t *eap_peap_create_server(identification_t *server,
! 189: identification_t *peer)
! 190: {
! 191: private_eap_peap_t *eap_peap;
! 192: eap_method_t *eap_method;
! 193: eap_peap_server_t *eap_peap_server;
! 194: tls_application_t *application;
! 195:
! 196: /* the tunneled application needs a reference to the outer EAP-PEAP method */
! 197: eap_peap = eap_peap_create_empty();
! 198: eap_method = &eap_peap->public.eap_method;
! 199: eap_peap_server = eap_peap_server_create(server, peer, eap_method);
! 200: application = &eap_peap_server->application;
! 201:
! 202: return eap_peap_create(eap_peap, server, peer, TRUE, application);
! 203: }
! 204:
! 205: eap_peap_t *eap_peap_create_peer(identification_t *server,
! 206: identification_t *peer)
! 207: {
! 208: private_eap_peap_t *eap_peap;
! 209: eap_method_t *eap_method;
! 210: eap_peap_peer_t *eap_peap_peer;
! 211: tls_application_t *application;
! 212:
! 213: /* the tunneled application needs a reference to the outer EAP-PEAP method */
! 214: eap_peap = eap_peap_create_empty();
! 215: eap_method = &eap_peap->public.eap_method;
! 216: eap_peap_peer = eap_peap_peer_create(server, peer, eap_method);
! 217: application = &eap_peap_peer->application;
! 218:
! 219: return eap_peap_create(eap_peap, server, peer, FALSE, application);
! 220: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>