From: Martin Willi Date: Fri, 19 Mar 2010 17:55:23 +0000 (+0100) Subject: Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs X-Git-Tag: 4.5.0~639 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0b71bc7af047f1a20bbad8a38d33b01452c35613;p=thirdparty%2Fstrongswan.git Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs --- diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 44501c0d02..510f5e5699 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -344,6 +344,14 @@ if MONOLITHIC endif endif +if USE_EAP_TLS + SUBDIRS += plugins/eap_tls + PLUGINS += eap-tls +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_tls/libstrongswan-eap-tls.la +endif +endif + if USE_MEDSRV SUBDIRS += plugins/medsrv PLUGINS += medsrv diff --git a/src/charon/plugins/eap_tls/Makefile.am b/src/libcharon/plugins/eap_tls/Makefile.am similarity index 85% rename from src/charon/plugins/eap_tls/Makefile.am rename to src/libcharon/plugins/eap_tls/Makefile.am index d18dda2aa5..bd8f82a623 100644 --- a/src/charon/plugins/eap_tls/Makefile.am +++ b/src/libcharon/plugins/eap_tls/Makefile.am @@ -1,9 +1,14 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-tls.la +else plugin_LTLIBRARIES = libstrongswan-eap-tls.la +endif libstrongswan_eap_tls_la_SOURCES = eap_tls_plugin.h eap_tls_plugin.c \ eap_tls.h eap_tls.c tls/tls.h tls/tls.c \ diff --git a/src/charon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c similarity index 100% rename from src/charon/plugins/eap_tls/eap_tls.c rename to src/libcharon/plugins/eap_tls/eap_tls.c diff --git a/src/charon/plugins/eap_tls/eap_tls.h b/src/libcharon/plugins/eap_tls/eap_tls.h similarity index 100% rename from src/charon/plugins/eap_tls/eap_tls.h rename to src/libcharon/plugins/eap_tls/eap_tls.h diff --git a/src/charon/plugins/eap_tls/eap_tls_plugin.c b/src/libcharon/plugins/eap_tls/eap_tls_plugin.c similarity index 97% rename from src/charon/plugins/eap_tls/eap_tls_plugin.c rename to src/libcharon/plugins/eap_tls/eap_tls_plugin.c index f7da643c29..15165d99fd 100644 --- a/src/charon/plugins/eap_tls/eap_tls_plugin.c +++ b/src/libcharon/plugins/eap_tls/eap_tls_plugin.c @@ -33,7 +33,7 @@ METHOD(plugin_t, destroy, void, /* * see header file */ -plugin_t *plugin_create() +plugin_t *eap_tls_plugin_create() { eap_tls_plugin_t *this; diff --git a/src/charon/plugins/eap_tls/eap_tls_plugin.h b/src/libcharon/plugins/eap_tls/eap_tls_plugin.h similarity index 96% rename from src/charon/plugins/eap_tls/eap_tls_plugin.h rename to src/libcharon/plugins/eap_tls/eap_tls_plugin.h index 5ec3836618..5ea7196035 100644 --- a/src/charon/plugins/eap_tls/eap_tls_plugin.h +++ b/src/libcharon/plugins/eap_tls/eap_tls_plugin.h @@ -42,6 +42,6 @@ struct eap_tls_plugin_t { /** * Create a eap_tls_plugin instance. */ -plugin_t *plugin_create(); +plugin_t *eap_tls_plugin_create(); #endif /** EAP_TLS_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_tls/tls/tls.c b/src/libcharon/plugins/eap_tls/tls/tls.c similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls.c rename to src/libcharon/plugins/eap_tls/tls/tls.c diff --git a/src/charon/plugins/eap_tls/tls/tls.h b/src/libcharon/plugins/eap_tls/tls/tls.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls.h rename to src/libcharon/plugins/eap_tls/tls/tls.h diff --git a/src/charon/plugins/eap_tls/tls/tls_compression.c b/src/libcharon/plugins/eap_tls/tls/tls_compression.c similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_compression.c rename to src/libcharon/plugins/eap_tls/tls/tls_compression.c diff --git a/src/charon/plugins/eap_tls/tls/tls_compression.h b/src/libcharon/plugins/eap_tls/tls/tls_compression.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_compression.h rename to src/libcharon/plugins/eap_tls/tls/tls_compression.h diff --git a/src/charon/plugins/eap_tls/tls/tls_crypto.c b/src/libcharon/plugins/eap_tls/tls/tls_crypto.c similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_crypto.c rename to src/libcharon/plugins/eap_tls/tls/tls_crypto.c diff --git a/src/charon/plugins/eap_tls/tls/tls_crypto.h b/src/libcharon/plugins/eap_tls/tls/tls_crypto.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_crypto.h rename to src/libcharon/plugins/eap_tls/tls/tls_crypto.h diff --git a/src/charon/plugins/eap_tls/tls/tls_fragmentation.c b/src/libcharon/plugins/eap_tls/tls/tls_fragmentation.c similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_fragmentation.c rename to src/libcharon/plugins/eap_tls/tls/tls_fragmentation.c diff --git a/src/charon/plugins/eap_tls/tls/tls_fragmentation.h b/src/libcharon/plugins/eap_tls/tls/tls_fragmentation.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_fragmentation.h rename to src/libcharon/plugins/eap_tls/tls/tls_fragmentation.h diff --git a/src/charon/plugins/eap_tls/tls/tls_handshake.h b/src/libcharon/plugins/eap_tls/tls/tls_handshake.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_handshake.h rename to src/libcharon/plugins/eap_tls/tls/tls_handshake.h diff --git a/src/charon/plugins/eap_tls/tls/tls_peer.c b/src/libcharon/plugins/eap_tls/tls/tls_peer.c similarity index 95% rename from src/charon/plugins/eap_tls/tls/tls_peer.c rename to src/libcharon/plugins/eap_tls/tls/tls_peer.c index 21bf77c361..95973598b0 100644 --- a/src/charon/plugins/eap_tls/tls/tls_peer.c +++ b/src/libcharon/plugins/eap_tls/tls/tls_peer.c @@ -233,8 +233,8 @@ static status_t process_certreq(private_tls_peer_t *this, tls_reader_t *reader) return FAILED; } id = identification_create_from_encoding(ID_DER_ASN1_DN, data); - cert = charon->credentials->get_cert(charon->credentials, - CERT_X509, KEY_ANY, id, TRUE); + cert = lib->credmgr->get_cert(lib->credmgr, + CERT_X509, KEY_ANY, id, TRUE); if (cert) { DBG1(DBG_IKE, "received cert request for '%Y", id); @@ -397,7 +397,7 @@ static status_t send_certificate(private_tls_peer_t *this, tls_writer_t *certs; chunk_t data; - this->private = charon->credentials->get_private(charon->credentials, + this->private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, this->peer, this->peer_auth); if (!this->private) { @@ -410,22 +410,26 @@ static status_t send_certificate(private_tls_peer_t *this, cert = this->peer_auth->get(this->peer_auth, AUTH_RULE_SUBJECT_CERT); if (cert) { - DBG1(DBG_IKE, "sending TLS peer certificate '%Y'", - cert->get_subject(cert)); - data = cert->get_encoding(cert); - certs->write_data24(certs, data); - free(data.ptr); + if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) + { + DBG1(DBG_IKE, "sending TLS peer certificate '%Y'", + cert->get_subject(cert)); + certs->write_data24(certs, data); + free(data.ptr); + } } enumerator = this->peer_auth->create_enumerator(this->peer_auth); while (enumerator->enumerate(enumerator, &rule, &cert)) { if (rule == AUTH_RULE_IM_CERT) { - DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'", - cert->get_subject(cert)); - data = cert->get_encoding(cert); - certs->write_data24(certs, data); - free(data.ptr); + if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) + { + DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'", + cert->get_subject(cert)); + certs->write_data24(certs, data); + free(data.ptr); + } } } enumerator->destroy(enumerator); @@ -466,8 +470,8 @@ static status_t send_key_exchange(private_tls_peer_t *this, chunk_from_thing(this->client_random), chunk_from_thing(this->server_random)); - enumerator = charon->credentials->create_public_enumerator( - charon->credentials, KEY_ANY, this->server, this->server_auth); + enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, + KEY_ANY, this->server, this->server_auth); while (enumerator->enumerate(enumerator, ¤t, &auth)) { public = current->get_ref(current); diff --git a/src/charon/plugins/eap_tls/tls/tls_peer.h b/src/libcharon/plugins/eap_tls/tls/tls_peer.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_peer.h rename to src/libcharon/plugins/eap_tls/tls/tls_peer.h diff --git a/src/charon/plugins/eap_tls/tls/tls_prf.c b/src/libcharon/plugins/eap_tls/tls/tls_prf.c similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_prf.c rename to src/libcharon/plugins/eap_tls/tls/tls_prf.c diff --git a/src/charon/plugins/eap_tls/tls/tls_prf.h b/src/libcharon/plugins/eap_tls/tls/tls_prf.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_prf.h rename to src/libcharon/plugins/eap_tls/tls/tls_prf.h diff --git a/src/charon/plugins/eap_tls/tls/tls_protection.c b/src/libcharon/plugins/eap_tls/tls/tls_protection.c similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_protection.c rename to src/libcharon/plugins/eap_tls/tls/tls_protection.c diff --git a/src/charon/plugins/eap_tls/tls/tls_protection.h b/src/libcharon/plugins/eap_tls/tls/tls_protection.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_protection.h rename to src/libcharon/plugins/eap_tls/tls/tls_protection.h diff --git a/src/charon/plugins/eap_tls/tls/tls_reader.c b/src/libcharon/plugins/eap_tls/tls/tls_reader.c similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_reader.c rename to src/libcharon/plugins/eap_tls/tls/tls_reader.c diff --git a/src/charon/plugins/eap_tls/tls/tls_reader.h b/src/libcharon/plugins/eap_tls/tls/tls_reader.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_reader.h rename to src/libcharon/plugins/eap_tls/tls/tls_reader.h diff --git a/src/charon/plugins/eap_tls/tls/tls_server.c b/src/libcharon/plugins/eap_tls/tls/tls_server.c similarity index 95% rename from src/charon/plugins/eap_tls/tls/tls_server.c rename to src/libcharon/plugins/eap_tls/tls/tls_server.c index ba873c847d..60c62684e4 100644 --- a/src/charon/plugins/eap_tls/tls/tls_server.c +++ b/src/libcharon/plugins/eap_tls/tls/tls_server.c @@ -250,8 +250,8 @@ static status_t process_cert_verify(private_tls_server_t *this, auth_cfg_t *auth; tls_reader_t *sig; - enumerator = charon->credentials->create_public_enumerator( - charon->credentials, KEY_ANY, this->peer, this->peer_auth); + enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, + KEY_ANY, this->peer, this->peer_auth); while (enumerator->enumerate(enumerator, &public, &auth)) { sig = tls_reader_create(reader->peek(reader)); @@ -404,7 +404,7 @@ static status_t send_certificate(private_tls_server_t *this, tls_writer_t *certs; chunk_t data; - this->private = charon->credentials->get_private(charon->credentials, + this->private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, this->server, this->server_auth); if (!this->private) { @@ -417,22 +417,26 @@ static status_t send_certificate(private_tls_server_t *this, cert = this->server_auth->get(this->server_auth, AUTH_RULE_SUBJECT_CERT); if (cert) { - DBG1(DBG_IKE, "sending TLS server certificate '%Y'", - cert->get_subject(cert)); - data = cert->get_encoding(cert); - certs->write_data24(certs, data); - free(data.ptr); + if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) + { + DBG1(DBG_IKE, "sending TLS server certificate '%Y'", + cert->get_subject(cert)); + certs->write_data24(certs, data); + free(data.ptr); + } } enumerator = this->server_auth->create_enumerator(this->server_auth); while (enumerator->enumerate(enumerator, &rule, &cert)) { if (rule == AUTH_RULE_IM_CERT) { - DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'", - cert->get_subject(cert)); - data = cert->get_encoding(cert); - certs->write_data24(certs, data); - free(data.ptr); + if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) + { + DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'", + cert->get_subject(cert)); + certs->write_data24(certs, data); + free(data.ptr); + } } } enumerator->destroy(enumerator); @@ -466,8 +470,8 @@ static status_t send_certificate_request(private_tls_server_t *this, } authorities = tls_writer_create(64); - enumerator = charon->credentials->create_cert_enumerator( - charon->credentials, CERT_X509, KEY_RSA, NULL, TRUE); + enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, + CERT_X509, KEY_RSA, NULL, TRUE); while (enumerator->enumerate(enumerator, &cert)) { id = cert->get_subject(cert); diff --git a/src/charon/plugins/eap_tls/tls/tls_server.h b/src/libcharon/plugins/eap_tls/tls/tls_server.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_server.h rename to src/libcharon/plugins/eap_tls/tls/tls_server.h diff --git a/src/charon/plugins/eap_tls/tls/tls_writer.c b/src/libcharon/plugins/eap_tls/tls/tls_writer.c similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_writer.c rename to src/libcharon/plugins/eap_tls/tls/tls_writer.c diff --git a/src/charon/plugins/eap_tls/tls/tls_writer.h b/src/libcharon/plugins/eap_tls/tls/tls_writer.h similarity index 100% rename from src/charon/plugins/eap_tls/tls/tls_writer.h rename to src/libcharon/plugins/eap_tls/tls/tls_writer.h diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 0ec2a1be7e..1e081270e8 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -57,7 +57,9 @@ ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC, "MD5", "OTP", "GTC"); -ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC, +ENUM_NEXT(eap_type_short_names, EAP_TLS, EAP_TLS, EAP_GTC, + "TLS"); +ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_TLS, "SIM"); ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM, "AKA");