2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 typedef struct private_eap_tls_t private_eap_tls_t
;
26 * Private data of an eap_tls_t object.
28 struct private_eap_tls_t
{
36 * TLS stack, wrapped by EAP helper
41 /** Maximum number of EAP-TLS messages/fragments allowed */
42 #define MAX_MESSAGE_COUNT 32
43 /** Default size of a EAP-TLS fragment */
44 #define MAX_FRAGMENT_LEN 1024
46 METHOD(eap_method_t
, initiate
, status_t
,
47 private_eap_tls_t
*this, eap_payload_t
**out
)
51 if (this->tls_eap
->initiate(this->tls_eap
, &data
) == NEED_MORE
)
53 *out
= eap_payload_create_data(data
);
60 METHOD(eap_method_t
, process
, status_t
,
61 private_eap_tls_t
*this, eap_payload_t
*in
, eap_payload_t
**out
)
66 data
= in
->get_data(in
);
67 status
= this->tls_eap
->process(this->tls_eap
, data
, &data
);
68 if (status
== NEED_MORE
)
70 *out
= eap_payload_create_data(data
);
76 METHOD(eap_method_t
, get_type
, eap_type_t
,
77 private_eap_tls_t
*this, u_int32_t
*vendor
)
83 METHOD(eap_method_t
, get_msk
, status_t
,
84 private_eap_tls_t
*this, chunk_t
*msk
)
86 *msk
= this->tls_eap
->get_msk(this->tls_eap
);
94 METHOD(eap_method_t
, get_identifier
, u_int8_t
,
95 private_eap_tls_t
*this)
97 return this->tls_eap
->get_identifier(this->tls_eap
);
100 METHOD(eap_method_t
, set_identifier
, void,
101 private_eap_tls_t
*this, u_int8_t identifier
)
103 this->tls_eap
->set_identifier(this->tls_eap
, identifier
);
106 METHOD(eap_method_t
, is_mutual
, bool,
107 private_eap_tls_t
*this)
112 METHOD(eap_method_t
, destroy
, void,
113 private_eap_tls_t
*this)
115 this->tls_eap
->destroy(this->tls_eap
);
120 * Generic private constructor
122 static eap_tls_t
*eap_tls_create(identification_t
*server
,
123 identification_t
*peer
, bool is_server
)
125 private_eap_tls_t
*this;
134 .initiate
= _initiate
,
136 .get_type
= _get_type
,
137 .is_mutual
= _is_mutual
,
139 .get_identifier
= _get_identifier
,
140 .set_identifier
= _set_identifier
,
146 frag_size
= lib
->settings
->get_int(lib
->settings
,
147 "%s.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN
,
149 max_msg_count
= lib
->settings
->get_int(lib
->settings
,
150 "%s.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT
,
152 include_length
= lib
->settings
->get_bool(lib
->settings
,
153 "%s.plugins.eap-tls.include_length", TRUE
, lib
->ns
);
154 tls
= tls_create(is_server
, server
, peer
, TLS_PURPOSE_EAP_TLS
, NULL
, NULL
);
155 this->tls_eap
= tls_eap_create(EAP_TLS
, tls
, frag_size
, max_msg_count
,
162 return &this->public;
165 eap_tls_t
*eap_tls_create_server(identification_t
*server
,
166 identification_t
*peer
)
168 return eap_tls_create(server
, peer
, TRUE
);
171 eap_tls_t
*eap_tls_create_peer(identification_t
*server
,
172 identification_t
*peer
)
174 return eap_tls_create(server
, peer
, FALSE
);