![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to eap_ttls.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_ttls|
Return to eap_ttls.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / eap_ttls |
1.1 misho 1: /*
2: * Copyright (C) 2010 Martin Willi
3: * Copyright (C) 2010 revosec AG
4: *
5: * Copyright (C) 2010 Andreas Steffen
6: * HSR Hochschule fuer Technik Rapperswil
7: *
8: * This program is free software; you can redistribute it and/or modify it
9: * under the terms of the GNU General Public License as published by the
10: * Free Software Foundation; either version 2 of the License, or (at your
11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12: *
13: * This program is distributed in the hope that it will be useful, but
14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16: * for more details.
17: */
18:
19: #include "eap_ttls.h"
20: #include "eap_ttls_peer.h"
21: #include "eap_ttls_server.h"
22:
23: #include <tls_eap.h>
24:
25: #include <daemon.h>
26: #include <library.h>
27:
28: typedef struct private_eap_ttls_t private_eap_ttls_t;
29:
30: /**
31: * Private data of an eap_ttls_t object.
32: */
33: struct private_eap_ttls_t {
34:
35: /**
36: * Public interface.
37: */
38: eap_ttls_t public;
39:
40: /**
41: * TLS stack, wrapped by EAP helper
42: */
43: tls_eap_t *tls_eap;
44: };
45:
46: /** Maximum number of EAP-TTLS messages/fragments allowed */
47: #define MAX_MESSAGE_COUNT 32
48: /** Default size of a EAP-TTLS fragment */
49: #define MAX_FRAGMENT_LEN 1024
50:
51: METHOD(eap_method_t, initiate, status_t,
52: private_eap_ttls_t *this, eap_payload_t **out)
53: {
54: chunk_t data;
55:
56: if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE)
57: {
58: *out = eap_payload_create_data(data);
59: free(data.ptr);
60: return NEED_MORE;
61: }
62: return FAILED;
63: }
64:
65: METHOD(eap_method_t, process, status_t,
66: private_eap_ttls_t *this, eap_payload_t *in, eap_payload_t **out)
67: {
68: status_t status;
69: chunk_t data;
70:
71: data = in->get_data(in);
72: status = this->tls_eap->process(this->tls_eap, data, &data);
73: if (status == NEED_MORE)
74: {
75: *out = eap_payload_create_data(data);
76: free(data.ptr);
77: }
78: return status;
79: }
80:
81: METHOD(eap_method_t, get_type, eap_type_t,
82: private_eap_ttls_t *this, uint32_t *vendor)
83: {
84: *vendor = 0;
85: return EAP_TTLS;
86: }
87:
88: METHOD(eap_method_t, get_msk, status_t,
89: private_eap_ttls_t *this, chunk_t *msk)
90: {
91: *msk = this->tls_eap->get_msk(this->tls_eap);
92: if (msk->len)
93: {
94: return SUCCESS;
95: }
96: return FAILED;
97: }
98:
99: METHOD(eap_method_t, get_identifier, uint8_t,
100: private_eap_ttls_t *this)
101: {
102: return this->tls_eap->get_identifier(this->tls_eap);
103: }
104:
105: METHOD(eap_method_t, set_identifier, void,
106: private_eap_ttls_t *this, uint8_t identifier)
107: {
108: this->tls_eap->set_identifier(this->tls_eap, identifier);
109: }
110:
111: METHOD(eap_method_t, is_mutual, bool,
112: private_eap_ttls_t *this)
113: {
114: return TRUE;
115: }
116:
117: METHOD(eap_method_t, get_auth, auth_cfg_t*,
118: private_eap_ttls_t *this)
119: {
120: return this->tls_eap->get_auth(this->tls_eap);
121: }
122:
123: METHOD(eap_method_t, destroy, void,
124: private_eap_ttls_t *this)
125: {
126: this->tls_eap->destroy(this->tls_eap);
127: free(this);
128: }
129:
130: /**
131: * Generic private constructor
132: */
133: static eap_ttls_t *eap_ttls_create(identification_t *server,
134: identification_t *peer, bool is_server,
135: tls_application_t *application)
136: {
137: private_eap_ttls_t *this;
138: size_t frag_size;
139: int max_msg_count;
140: bool include_length;
141: tls_t *tls;
142:
143: INIT(this,
144: .public = {
145: .eap_method = {
146: .initiate = _initiate,
147: .process = _process,
148: .get_type = _get_type,
149: .is_mutual = _is_mutual,
150: .get_identifier = _get_identifier,
151: .set_identifier = _set_identifier,
152: .get_msk = _get_msk,
153: .get_auth = _get_auth,
154: .destroy = _destroy,
155: },
156: },
157: );
158: if (is_server && !lib->settings->get_bool(lib->settings,
159: "%s.plugins.eap-ttls.request_peer_auth", FALSE,
160: lib->ns))
161: {
162: peer = NULL;
163: }
164: frag_size = lib->settings->get_int(lib->settings,
165: "%s.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN,
166: lib->ns);
167: max_msg_count = lib->settings->get_int(lib->settings,
168: "%s.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT,
169: lib->ns);
170: include_length = lib->settings->get_bool(lib->settings,
171: "%s.plugins.eap-ttls.include_length", TRUE, lib->ns);
172: tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS,
173: application, NULL);
174: this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count,
175: include_length);
176: if (!this->tls_eap)
177: {
178: application->destroy(application);
179: free(this);
180: return NULL;
181: }
182: return &this->public;
183: }
184:
185: eap_ttls_t *eap_ttls_create_server(identification_t *server,
186: identification_t *peer)
187: {
188: return eap_ttls_create(server, peer, TRUE,
189: &eap_ttls_server_create(server, peer)->application);
190: }
191:
192: eap_ttls_t *eap_ttls_create_peer(identification_t *server,
193: identification_t *peer)
194: {
195: return eap_ttls_create(server, peer, FALSE,
196: &eap_ttls_peer_create(server, peer)->application);
197: }