![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to eap_tls.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_tls|
Return to eap_tls.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_tls |
1.1 misho 1: /*
2: * Copyright (C) 2010 Martin Willi
3: * Copyright (C) 2010 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "eap_tls.h"
17:
18: #include <tls_eap.h>
19:
20: #include <daemon.h>
21: #include <library.h>
22:
23: typedef struct private_eap_tls_t private_eap_tls_t;
24:
25: /**
26: * Private data of an eap_tls_t object.
27: */
28: struct private_eap_tls_t {
29:
30: /**
31: * Public interface.
32: */
33: eap_tls_t public;
34:
35: /**
36: * TLS stack, wrapped by EAP helper
37: */
38: tls_eap_t *tls_eap;
39: };
40:
41: /** Maximum number of EAP-TLS messages/fragments allowed */
42: #define MAX_MESSAGE_COUNT 32
43: /** Default size of a EAP-TLS fragment */
44: #define MAX_FRAGMENT_LEN 1024
45:
46: METHOD(eap_method_t, initiate, status_t,
47: private_eap_tls_t *this, eap_payload_t **out)
48: {
49: chunk_t data;
50:
51: if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE)
52: {
53: *out = eap_payload_create_data(data);
54: free(data.ptr);
55: return NEED_MORE;
56: }
57: return FAILED;
58: }
59:
60: METHOD(eap_method_t, process, status_t,
61: private_eap_tls_t *this, eap_payload_t *in, eap_payload_t **out)
62: {
63: status_t status;
64: chunk_t data;
65:
66: data = in->get_data(in);
67: status = this->tls_eap->process(this->tls_eap, data, &data);
68: if (status == NEED_MORE)
69: {
70: *out = eap_payload_create_data(data);
71: free(data.ptr);
72: }
73: return status;
74: }
75:
76: METHOD(eap_method_t, get_type, eap_type_t,
77: private_eap_tls_t *this, uint32_t *vendor)
78: {
79: *vendor = 0;
80: return EAP_TLS;
81: }
82:
83: METHOD(eap_method_t, get_msk, status_t,
84: private_eap_tls_t *this, chunk_t *msk)
85: {
86: *msk = this->tls_eap->get_msk(this->tls_eap);
87: if (msk->len)
88: {
89: return SUCCESS;
90: }
91: return FAILED;
92: }
93:
94: METHOD(eap_method_t, get_identifier, uint8_t,
95: private_eap_tls_t *this)
96: {
97: return this->tls_eap->get_identifier(this->tls_eap);
98: }
99:
100: METHOD(eap_method_t, set_identifier, void,
101: private_eap_tls_t *this, uint8_t identifier)
102: {
103: this->tls_eap->set_identifier(this->tls_eap, identifier);
104: }
105:
106: METHOD(eap_method_t, is_mutual, bool,
107: private_eap_tls_t *this)
108: {
109: return TRUE;
110: }
111:
112: METHOD(eap_method_t, get_auth, auth_cfg_t*,
113: private_eap_tls_t *this)
114: {
115: return this->tls_eap->get_auth(this->tls_eap);
116: }
117:
118: METHOD(eap_method_t, destroy, void,
119: private_eap_tls_t *this)
120: {
121: this->tls_eap->destroy(this->tls_eap);
122: free(this);
123: }
124:
125: /**
126: * Generic private constructor
127: */
128: static eap_tls_t *eap_tls_create(identification_t *server,
129: identification_t *peer, bool is_server)
130: {
131: private_eap_tls_t *this;
132: size_t frag_size;
133: int max_msg_count;
134: bool include_length;
135: tls_t *tls;
136:
137: INIT(this,
138: .public = {
139: .eap_method = {
140: .initiate = _initiate,
141: .process = _process,
142: .get_type = _get_type,
143: .is_mutual = _is_mutual,
144: .get_msk = _get_msk,
145: .get_identifier = _get_identifier,
146: .set_identifier = _set_identifier,
147: .get_auth = _get_auth,
148: .destroy = _destroy,
149: },
150: },
151: );
152:
153: frag_size = lib->settings->get_int(lib->settings,
154: "%s.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN,
155: lib->ns);
156: max_msg_count = lib->settings->get_int(lib->settings,
157: "%s.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT,
158: lib->ns);
159: include_length = lib->settings->get_bool(lib->settings,
160: "%s.plugins.eap-tls.include_length", TRUE, lib->ns);
161: tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL, NULL);
162: this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count,
163: include_length);
164: if (!this->tls_eap)
165: {
166: free(this);
167: return NULL;
168: }
169: return &this->public;
170: }
171:
172: eap_tls_t *eap_tls_create_server(identification_t *server,
173: identification_t *peer)
174: {
175: return eap_tls_create(server, peer, TRUE);
176: }
177:
178: eap_tls_t *eap_tls_create_peer(identification_t *server,
179: identification_t *peer)
180: {
181: return eap_tls_create(server, peer, FALSE);
182: }