src/libcharon/plugins/eap_tls/eap_tls.c

   1 /*
   2  * Copyright (C) 2010 Martin Willi
   3  * Copyright (C) 2010 revosec AG
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "eap_tls.h"
  17
  18 #include <tls_eap.h>
  19
  20 #include <daemon.h>
  21 #include <library.h>
  22
  23 typedef struct private_eap_tls_t private_eap_tls_t;
  24
  25 /**
  26  * Private data of an eap_tls_t object.
  27  */
  28 struct private_eap_tls_t {
  29
  30         /**
  31          * Public interface.
  32          */
  33         eap_tls_t public;
  34
  35         /**
  36          * TLS stack, wrapped by EAP helper
  37          */
  38         tls_eap_t *tls_eap;
  39 };
  40
  41 /** Maximum number of EAP-TLS messages/fragments allowed */
  42 #define MAX_MESSAGE_COUNT 32
  43 /** Default size of a EAP-TLS fragment */
  44 #define MAX_FRAGMENT_LEN 1024
  45
  46 METHOD(eap_method_t, initiate, status_t,
  47         private_eap_tls_t *this, eap_payload_t **out)
  48 {
  49         chunk_t data;
  50
  51         if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE)
  52         {
  53                 *out = eap_payload_create_data(data);
  54                 free(data.ptr);
  55                 return NEED_MORE;
  56         }
  57         return FAILED;
  58 }
  59
  60 METHOD(eap_method_t, process, status_t,
  61         private_eap_tls_t *this, eap_payload_t *in, eap_payload_t **out)
  62 {
  63         status_t status;
  64         chunk_t data;
  65
  66         data = in->get_data(in);
  67         status = this->tls_eap->process(this->tls_eap, data, &data);
  68         if (status == NEED_MORE)
  69         {
  70                 *out = eap_payload_create_data(data);
  71                 free(data.ptr);
  72         }
  73         return status;
  74 }
  75
  76 METHOD(eap_method_t, get_type, eap_type_t,
  77         private_eap_tls_t *this, u_int32_t *vendor)
  78 {
  79         *vendor = 0;
  80         return EAP_TLS;
  81 }
  82
  83 METHOD(eap_method_t, get_msk, status_t,
  84         private_eap_tls_t *this, chunk_t *msk)
  85 {
  86         *msk = this->tls_eap->get_msk(this->tls_eap);
  87         if (msk->len)
  88         {
  89                 return SUCCESS;
  90         }
  91         return FAILED;
  92 }
  93
  94 METHOD(eap_method_t, get_identifier, u_int8_t,
  95         private_eap_tls_t *this)
  96 {
  97         return this->tls_eap->get_identifier(this->tls_eap);
  98 }
  99
 100 METHOD(eap_method_t, set_identifier, void,
 101         private_eap_tls_t *this, u_int8_t identifier)
 102 {
 103         this->tls_eap->set_identifier(this->tls_eap, identifier);
 104 }
 105
 106 METHOD(eap_method_t, is_mutual, bool,
 107         private_eap_tls_t *this)
 108 {
 109         return TRUE;
 110 }
 111
 112 METHOD(eap_method_t, destroy, void,
 113         private_eap_tls_t *this)
 114 {
 115         this->tls_eap->destroy(this->tls_eap);
 116         free(this);
 117 }
 118
 119 /**
 120  * Generic private constructor
 121  */
 122 static eap_tls_t *eap_tls_create(identification_t *server,
 123                                                                  identification_t *peer, bool is_server)
 124 {
 125         private_eap_tls_t *this;
 126         size_t frag_size;
 127         int max_msg_count;
 128         bool include_length;
 129         tls_t *tls;
 130
 131         INIT(this,
 132                 .public = {
 133                         .eap_method = {
 134                                 .initiate = _initiate,
 135                                 .process = _process,
 136                                 .get_type = _get_type,
 137                                 .is_mutual = _is_mutual,
 138                                 .get_msk = _get_msk,
 139                                 .get_identifier = _get_identifier,
 140                                 .set_identifier = _set_identifier,
 141                                 .destroy = _destroy,
 142                         },
 143                 },
 144         );
 145
 146         frag_size = lib->settings->get_int(lib->settings,
 147                                         "%s.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN,
 148                                         lib->ns);
 149         max_msg_count = lib->settings->get_int(lib->settings,
 150                                         "%s.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT,
 151                                         lib->ns);
 152         include_length = lib->settings->get_bool(lib->settings,
 153                                         "%s.plugins.eap-tls.include_length", TRUE, lib->ns);
 154         tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL, NULL);
 155         this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count,
 156                                                                                                  include_length);
 157         if (!this->tls_eap)
 158         {
 159                 free(this);
 160                 return NULL;
 161         }
 162         return &this->public;
 163 }
 164
 165 eap_tls_t *eap_tls_create_server(identification_t *server,
 166                                                                  identification_t *peer)
 167 {
 168         return eap_tls_create(server, peer, TRUE);
 169 }
 170
 171 eap_tls_t *eap_tls_create_peer(identification_t *server,
 172                                                            identification_t *peer)
 173 {
 174         return eap_tls_create(server, peer, FALSE);
 175 }