Return to eap_peap.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_peap |
1.1 misho 1: /*
2: * Copyright (C) 2010 Martin Willi
3: * Copyright (C) 2010 revosec AG
4: *
5: * Copyright (C) 2010 Andreas Steffen
6: * HSR Hochschule fuer Technik Rapperswil
7: *
8: * This program is free software; you can redistribute it and/or modify it
9: * under the terms of the GNU General Public License as published by the
10: * Free Software Foundation; either version 2 of the License, or (at your
11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12: *
13: * This program is distributed in the hope that it will be useful, but
14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16: * for more details.
17: */
18:
19: #include "eap_peap.h"
20: #include "eap_peap_peer.h"
21: #include "eap_peap_server.h"
22:
23: #include <tls_eap.h>
24:
25: #include <daemon.h>
26: #include <library.h>
27:
28: typedef struct private_eap_peap_t private_eap_peap_t;
29:
30: /**
31: * Private data of an eap_peap_t object.
32: */
33: struct private_eap_peap_t {
34:
35: /**
36: * Public interface.
37: */
38: eap_peap_t public;
39:
40: /**
41: * TLS stack, wrapped by EAP helper
42: */
43: tls_eap_t *tls_eap;
44: };
45:
46: /** Maximum number of EAP-PEAP messages/fragments allowed */
47: #define MAX_MESSAGE_COUNT 32
48: /** Default size of a EAP-PEAP fragment */
49: #define MAX_FRAGMENT_LEN 1024
50:
51: METHOD(eap_method_t, initiate, status_t,
52: private_eap_peap_t *this, eap_payload_t **out)
53: {
54: chunk_t data;
55:
56: if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE)
57: {
58: *out = eap_payload_create_data(data);
59: free(data.ptr);
60: return NEED_MORE;
61: }
62: return FAILED;
63: }
64:
65: METHOD(eap_method_t, process, status_t,
66: private_eap_peap_t *this, eap_payload_t *in, eap_payload_t **out)
67: {
68: status_t status;
69: chunk_t data;
70:
71: data = in->get_data(in);
72: status = this->tls_eap->process(this->tls_eap, data, &data);
73: if (status == NEED_MORE)
74: {
75: *out = eap_payload_create_data(data);
76: free(data.ptr);
77: }
78: return status;
79: }
80:
81: METHOD(eap_method_t, get_type, eap_type_t,
82: private_eap_peap_t *this, uint32_t *vendor)
83: {
84: *vendor = 0;
85: return EAP_PEAP;
86: }
87:
88: METHOD(eap_method_t, get_msk, status_t,
89: private_eap_peap_t *this, chunk_t *msk)
90: {
91: *msk = this->tls_eap->get_msk(this->tls_eap);
92: if (msk->len)
93: {
94: return SUCCESS;
95: }
96: return FAILED;
97: }
98:
99: METHOD(eap_method_t, get_identifier, uint8_t,
100: private_eap_peap_t *this)
101: {
102: return this->tls_eap->get_identifier(this->tls_eap);
103: }
104:
105: METHOD(eap_method_t, set_identifier, void,
106: private_eap_peap_t *this, uint8_t identifier)
107: {
108: this->tls_eap->set_identifier(this->tls_eap, identifier);
109: }
110:
111: METHOD(eap_method_t, is_mutual, bool,
112: private_eap_peap_t *this)
113: {
114: return TRUE;
115: }
116:
117: METHOD(eap_method_t, destroy, void,
118: private_eap_peap_t *this)
119: {
120: this->tls_eap->destroy(this->tls_eap);
121: free(this);
122: }
123:
124: /**
125: * Create an empty private eap_peap_t object
126: */
127: static private_eap_peap_t *eap_peap_create_empty(void)
128: {
129: private_eap_peap_t *this;
130:
131: INIT(this,
132: .public = {
133: .eap_method = {
134: .initiate = _initiate,
135: .process = _process,
136: .get_type = _get_type,
137: .is_mutual = _is_mutual,
138: .get_msk = _get_msk,
139: .get_identifier = _get_identifier,
140: .set_identifier = _set_identifier,
141: .destroy = _destroy,
142: },
143: },
144: );
145: return this;
146: }
147:
148: /**
149: * Generic private constructor
150: */
151: static eap_peap_t *eap_peap_create(private_eap_peap_t * this,
152: identification_t *server,
153: identification_t *peer, bool is_server,
154: tls_application_t *application)
155: {
156: size_t frag_size;
157: int max_msg_count;
158: bool include_length;
159: tls_t *tls;
160:
161: if (is_server && !lib->settings->get_bool(lib->settings,
162: "%s.plugins.eap-peap.request_peer_auth", FALSE,
163: lib->ns))
164: {
165: peer = NULL;
166: }
167: frag_size = lib->settings->get_int(lib->settings,
168: "%s.plugins.eap-peap.fragment_size", MAX_FRAGMENT_LEN,
169: lib->ns);
170: max_msg_count = lib->settings->get_int(lib->settings,
171: "%s.plugins.eap-peap.max_message_count", MAX_MESSAGE_COUNT,
172: lib->ns);
173: include_length = lib->settings->get_bool(lib->settings,
174: "%s.plugins.eap-peap.include_length", FALSE, lib->ns);
175: tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_PEAP,
1.1.1.2 ! misho 176: application, NULL, 0);
1.1 misho 177: this->tls_eap = tls_eap_create(EAP_PEAP, tls, frag_size, max_msg_count,
178: include_length);
179: if (!this->tls_eap)
180: {
181: application->destroy(application);
182: free(this);
183: return NULL;
184: }
185: return &this->public;
186: }
187:
188: eap_peap_t *eap_peap_create_server(identification_t *server,
189: identification_t *peer)
190: {
191: private_eap_peap_t *eap_peap;
192: eap_method_t *eap_method;
193: eap_peap_server_t *eap_peap_server;
194: tls_application_t *application;
195:
196: /* the tunneled application needs a reference to the outer EAP-PEAP method */
197: eap_peap = eap_peap_create_empty();
198: eap_method = &eap_peap->public.eap_method;
199: eap_peap_server = eap_peap_server_create(server, peer, eap_method);
200: application = &eap_peap_server->application;
201:
202: return eap_peap_create(eap_peap, server, peer, TRUE, application);
203: }
204:
205: eap_peap_t *eap_peap_create_peer(identification_t *server,
206: identification_t *peer)
207: {
208: private_eap_peap_t *eap_peap;
209: eap_method_t *eap_method;
210: eap_peap_peer_t *eap_peap_peer;
211: tls_application_t *application;
212:
213: /* the tunneled application needs a reference to the outer EAP-PEAP method */
214: eap_peap = eap_peap_create_empty();
215: eap_method = &eap_peap->public.eap_method;
216: eap_peap_peer = eap_peap_peer_create(server, peer, eap_method);
217: application = &eap_peap_peer->application;
218:
219: return eap_peap_create(eap_peap, server, peer, FALSE, application);
220: }