Return to eap_peap.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_peap |
1.1 misho 1: /* 2: * Copyright (C) 2010 Martin Willi 3: * Copyright (C) 2010 revosec AG 4: * 5: * Copyright (C) 2010 Andreas Steffen 6: * HSR Hochschule fuer Technik Rapperswil 7: * 8: * This program is free software; you can redistribute it and/or modify it 9: * under the terms of the GNU General Public License as published by the 10: * Free Software Foundation; either version 2 of the License, or (at your 11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 12: * 13: * This program is distributed in the hope that it will be useful, but 14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 16: * for more details. 17: */ 18: 19: #include "eap_peap.h" 20: #include "eap_peap_peer.h" 21: #include "eap_peap_server.h" 22: 23: #include <tls_eap.h> 24: 25: #include <daemon.h> 26: #include <library.h> 27: 28: typedef struct private_eap_peap_t private_eap_peap_t; 29: 30: /** 31: * Private data of an eap_peap_t object. 32: */ 33: struct private_eap_peap_t { 34: 35: /** 36: * Public interface. 37: */ 38: eap_peap_t public; 39: 40: /** 41: * TLS stack, wrapped by EAP helper 42: */ 43: tls_eap_t *tls_eap; 44: }; 45: 46: /** Maximum number of EAP-PEAP messages/fragments allowed */ 47: #define MAX_MESSAGE_COUNT 32 48: /** Default size of a EAP-PEAP fragment */ 49: #define MAX_FRAGMENT_LEN 1024 50: 51: METHOD(eap_method_t, initiate, status_t, 52: private_eap_peap_t *this, eap_payload_t **out) 53: { 54: chunk_t data; 55: 56: if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE) 57: { 58: *out = eap_payload_create_data(data); 59: free(data.ptr); 60: return NEED_MORE; 61: } 62: return FAILED; 63: } 64: 65: METHOD(eap_method_t, process, status_t, 66: private_eap_peap_t *this, eap_payload_t *in, eap_payload_t **out) 67: { 68: status_t status; 69: chunk_t data; 70: 71: data = in->get_data(in); 72: status = this->tls_eap->process(this->tls_eap, data, &data); 73: if (status == NEED_MORE) 74: { 75: *out = eap_payload_create_data(data); 76: free(data.ptr); 77: } 78: return status; 79: } 80: 81: METHOD(eap_method_t, get_type, eap_type_t, 82: private_eap_peap_t *this, uint32_t *vendor) 83: { 84: *vendor = 0; 85: return EAP_PEAP; 86: } 87: 88: METHOD(eap_method_t, get_msk, status_t, 89: private_eap_peap_t *this, chunk_t *msk) 90: { 91: *msk = this->tls_eap->get_msk(this->tls_eap); 92: if (msk->len) 93: { 94: return SUCCESS; 95: } 96: return FAILED; 97: } 98: 99: METHOD(eap_method_t, get_identifier, uint8_t, 100: private_eap_peap_t *this) 101: { 102: return this->tls_eap->get_identifier(this->tls_eap); 103: } 104: 105: METHOD(eap_method_t, set_identifier, void, 106: private_eap_peap_t *this, uint8_t identifier) 107: { 108: this->tls_eap->set_identifier(this->tls_eap, identifier); 109: } 110: 111: METHOD(eap_method_t, is_mutual, bool, 112: private_eap_peap_t *this) 113: { 114: return TRUE; 115: } 116: 117: METHOD(eap_method_t, destroy, void, 118: private_eap_peap_t *this) 119: { 120: this->tls_eap->destroy(this->tls_eap); 121: free(this); 122: } 123: 124: /** 125: * Create an empty private eap_peap_t object 126: */ 127: static private_eap_peap_t *eap_peap_create_empty(void) 128: { 129: private_eap_peap_t *this; 130: 131: INIT(this, 132: .public = { 133: .eap_method = { 134: .initiate = _initiate, 135: .process = _process, 136: .get_type = _get_type, 137: .is_mutual = _is_mutual, 138: .get_msk = _get_msk, 139: .get_identifier = _get_identifier, 140: .set_identifier = _set_identifier, 141: .destroy = _destroy, 142: }, 143: }, 144: ); 145: return this; 146: } 147: 148: /** 149: * Generic private constructor 150: */ 151: static eap_peap_t *eap_peap_create(private_eap_peap_t * this, 152: identification_t *server, 153: identification_t *peer, bool is_server, 154: tls_application_t *application) 155: { 156: size_t frag_size; 157: int max_msg_count; 158: bool include_length; 159: tls_t *tls; 160: 161: if (is_server && !lib->settings->get_bool(lib->settings, 162: "%s.plugins.eap-peap.request_peer_auth", FALSE, 163: lib->ns)) 164: { 165: peer = NULL; 166: } 167: frag_size = lib->settings->get_int(lib->settings, 168: "%s.plugins.eap-peap.fragment_size", MAX_FRAGMENT_LEN, 169: lib->ns); 170: max_msg_count = lib->settings->get_int(lib->settings, 171: "%s.plugins.eap-peap.max_message_count", MAX_MESSAGE_COUNT, 172: lib->ns); 173: include_length = lib->settings->get_bool(lib->settings, 174: "%s.plugins.eap-peap.include_length", FALSE, lib->ns); 175: tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_PEAP, 176: application, NULL); 177: this->tls_eap = tls_eap_create(EAP_PEAP, tls, frag_size, max_msg_count, 178: include_length); 179: if (!this->tls_eap) 180: { 181: application->destroy(application); 182: free(this); 183: return NULL; 184: } 185: return &this->public; 186: } 187: 188: eap_peap_t *eap_peap_create_server(identification_t *server, 189: identification_t *peer) 190: { 191: private_eap_peap_t *eap_peap; 192: eap_method_t *eap_method; 193: eap_peap_server_t *eap_peap_server; 194: tls_application_t *application; 195: 196: /* the tunneled application needs a reference to the outer EAP-PEAP method */ 197: eap_peap = eap_peap_create_empty(); 198: eap_method = &eap_peap->public.eap_method; 199: eap_peap_server = eap_peap_server_create(server, peer, eap_method); 200: application = &eap_peap_server->application; 201: 202: return eap_peap_create(eap_peap, server, peer, TRUE, application); 203: } 204: 205: eap_peap_t *eap_peap_create_peer(identification_t *server, 206: identification_t *peer) 207: { 208: private_eap_peap_t *eap_peap; 209: eap_method_t *eap_method; 210: eap_peap_peer_t *eap_peap_peer; 211: tls_application_t *application; 212: 213: /* the tunneled application needs a reference to the outer EAP-PEAP method */ 214: eap_peap = eap_peap_create_empty(); 215: eap_method = &eap_peap->public.eap_method; 216: eap_peap_peer = eap_peap_peer_create(server, peer, eap_method); 217: application = &eap_peap_peer->application; 218: 219: return eap_peap_create(eap_peap, server, peer, FALSE, application); 220: }