return NULL;
}
tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server,
- server, peer);
- this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs,
- EAP_TNC_MAX_MESSAGE_LEN,
- max_msg_count, FALSE);
+ server, peer, TNC_IFT_EAP_1_1);
+ this->tls_eap = tls_eap_create(EAP_TNC, &tnccs->tls,
+ EAP_TNC_MAX_MESSAGE_LEN,
+ max_msg_count, FALSE);
if (!this->tls_eap)
{
free(this);
-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libtnccs
+ -I$(top_srcdir)/src/libtnccs \
+ -I$(top_srcdir)/src/libtls
AM_CFLAGS = -rdynamic
-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libtnccs
+ -I$(top_srcdir)/src/libtnccs \
+ -I$(top_srcdir)/src/libtls
AM_CFLAGS = -rdynamic
METHOD(tnccs_manager_t, create_instance, tnccs_t*,
private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server,
- identification_t *server, identification_t *peer)
+ identification_t *server, identification_t *peer,
+ tnc_ift_type_t transport)
{
enumerator_t *enumerator;
tnccs_entry_t *entry;
{
if (type == entry->type)
{
- protocol = entry->constructor(is_server, server, peer);
+ protocol = entry->constructor(is_server, server, peer, transport);
if (protocol)
{
break;
version = "1.0";
break;
default:
- return TNC_RESULT_INVALID_PARAMETER;
+ return TNC_RESULT_INVALID_PARAMETER;
}
return str_attribute(buffer_len, buffer, value_len, version);
}
case TNC_ATTRIBUTEID_IFT_PROTOCOL:
- return str_attribute(buffer_len, buffer, value_len,
- "IF-T for Tunneled EAP");
+ {
+ char *protocol;
+
+ switch (entry->tnccs->get_transport(entry->tnccs))
+ {
+ case TNC_IFT_EAP_1_0:
+ case TNC_IFT_EAP_1_1:
+ case TNC_IFT_EAP_2_0:
+ protocol = "IF-T for Tunneled EAP";
+ break;
+ case TNC_IFT_TLS_1_0:
+ case TNC_IFT_TLS_2_0:
+ protocol = "IF-T for TLS";
+ break;
+ default:
+ return TNC_RESULT_INVALID_PARAMETER;
+ }
+ return str_attribute(buffer_len, buffer, value_len, protocol);
+ }
case TNC_ATTRIBUTEID_IFT_VERSION:
- return str_attribute(buffer_len, buffer, value_len, "1.1");
+ {
+ char *version;
+
+ switch (entry->tnccs->get_transport(entry->tnccs))
+ {
+ case TNC_IFT_EAP_1_0:
+ case TNC_IFT_TLS_1_0:
+ version = "1.0";
+ break;
+ case TNC_IFT_EAP_1_1:
+ version = "1.1";
+ break;
+ case TNC_IFT_EAP_2_0:
+ case TNC_IFT_TLS_2_0:
+ version = "2.0";
+ break;
+ default:
+ return TNC_RESULT_INVALID_PARAMETER;
+ }
+ return str_attribute(buffer_len, buffer, value_len, version);
+ }
case TNC_ATTRIBUTEID_AR_IDENTITIES:
{
linked_list_t *list;
TNC_Result result;
list = linked_list_create();
- tnccs = (tls_t*)entry->tnccs;
+ tnccs = &entry->tnccs->tls;
peer = tnccs->get_peer_id(tnccs);
if (peer)
{
struct private_tnccs_11_t {
/**
- * Public tls_t interface.
+ * Public tnccs_t interface.
*/
- tls_t public;
+ tnccs_t public;
/**
* TNCC if TRUE, TNCS if FALSE
*/
identification_t *peer;
+ /**
+ * Underlying TNC IF-T transport protocol
+ */
+ tnc_ift_type_t transport;
+
/**
* Connection ID assigned to this TNCCS connection
*/
free(this);
}
+METHOD(tnccs_t, get_transport, tnc_ift_type_t,
+ private_tnccs_11_t *this)
+{
+ return this->transport;
+}
+
+METHOD(tnccs_t, set_transport, void,
+ private_tnccs_11_t *this, tnc_ift_type_t transport)
+{
+ this->transport = transport;
+}
+
/**
* See header
*/
-tls_t *tnccs_11_create(bool is_server, identification_t *server,
- identification_t *peer)
+tnccs_t* tnccs_11_create(bool is_server,
+ identification_t *server,
+ identification_t *peer,
+ tnc_ift_type_t transport)
{
private_tnccs_11_t *this;
INIT(this,
.public = {
- .process = _process,
- .build = _build,
- .is_server = _is_server,
- .get_server_id = _get_server_id,
- .get_peer_id = _get_peer_id,
- .get_purpose = _get_purpose,
- .is_complete = _is_complete,
- .get_eap_msk = _get_eap_msk,
- .destroy = _destroy,
+ .tls = {
+ .process = _process,
+ .build = _build,
+ .is_server = _is_server,
+ .get_server_id = _get_server_id,
+ .get_peer_id = _get_peer_id,
+ .get_purpose = _get_purpose,
+ .is_complete = _is_complete,
+ .get_eap_msk = _get_eap_msk,
+ .destroy = _destroy,
+ },
+ .get_transport = _get_transport,
+ .set_transport = _set_transport,
},
.is_server = is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
+ .transport = transport,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.max_msg_len = lib->settings->get_int(lib->settings,
"%s.plugins.tnccs-11.max_message_size", 45000,
#include <library.h>
-#include <tls.h>
+#include <tnc/tnccs/tnccs.h>
/**
* Create an instance of the TNC IF-TNCCS 1.1 protocol handler.
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
+ * @param transport Underlying IF-T transport protocol
* @return TNC_IF_TNCCS 1.1 protocol stack
*/
-tls_t *tnccs_11_create(bool is_server, identification_t *server,
- identification_t *peer);
+tnccs_t* tnccs_11_create(bool is_server,
+ identification_t *server,
+ identification_t *peer,
+ tnc_ift_type_t transport);
#endif /** TNCCS_11_H_ @}*/
struct private_tnccs_20_t {
/**
- * Public tls_t interface.
+ * Public tnccs_t interface.
*/
- tls_t public;
+ tnccs_t public;
/**
* TNCC if TRUE, TNCS if FALSE
*/
identification_t *peer;
+ /**
+ * Underlying TNC IF-T transport protocol
+ */
+ tnc_ift_type_t transport;
+
/**
* PB-TNC State Machine
*/
free(this);
}
+METHOD(tnccs_t, get_transport, tnc_ift_type_t,
+ private_tnccs_20_t *this)
+{
+ return this->transport;
+}
+
+METHOD(tnccs_t, set_transport, void,
+ private_tnccs_20_t *this, tnc_ift_type_t transport)
+{
+ this->transport = transport;
+}
+
/**
* See header
*/
-tls_t *tnccs_20_create(bool is_server, identification_t *server,
- identification_t *peer)
+tnccs_t* tnccs_20_create(bool is_server,
+ identification_t *server,
+ identification_t *peer,
+ tnc_ift_type_t transport)
{
private_tnccs_20_t *this;
INIT(this,
.public = {
- .process = _process,
- .build = _build,
- .is_server = _is_server,
- .get_server_id = _get_server_id,
- .get_peer_id = _get_peer_id,
- .get_purpose = _get_purpose,
- .is_complete = _is_complete,
- .get_eap_msk = _get_eap_msk,
- .destroy = _destroy,
+ .tls = {
+ .process = _process,
+ .build = _build,
+ .is_server = _is_server,
+ .get_server_id = _get_server_id,
+ .get_peer_id = _get_peer_id,
+ .get_purpose = _get_purpose,
+ .is_complete = _is_complete,
+ .get_eap_msk = _get_eap_msk,
+ .destroy = _destroy,
+ },
+ .get_transport = _get_transport,
+ .set_transport = _set_transport,
},
.is_server = is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
+ .transport = transport,
.state_machine = pb_tnc_state_machine_create(is_server),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.messages = linked_list_create(),
#include <library.h>
-#include <tls.h>
+#include <tnc/tnccs/tnccs.h>
/**
* Create an instance of the TNC IF-TNCCS 2.0 protocol handler.
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
+ * @param transport Underlying IF-T transport protocol
* @return TNC_IF_TNCCS 2.0 protocol stack
*/
-tls_t *tnccs_20_create(bool is_server, identification_t *server,
- identification_t *peer);
+tnccs_t* tnccs_20_create(bool is_server,
+ identification_t *server,
+ identification_t *peer,
+ tnc_ift_type_t transport);
#endif /** TNCCS_20_H_ @}*/
struct private_tnccs_dynamic_t {
/**
- * Public tls_t interface.
+ * Public tnccs_t interface.
*/
- tls_t public;
+ tnccs_t public;
/**
* Server identity
* Detected TNC IF-TNCCS stack
*/
tls_t *tls;
+
+ /**
+ * Underlying TNC IF-T transport protocol
+ */
+ tnc_ift_type_t transport;
+
};
/**
DBG1(DBG_TNC, "%N protocol detected dynamically",
tnccs_type_names, type);
this->tls = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, type, TRUE,
- this->server, this->peer);
+ this->server, this->peer, this->transport);
if (!this->tls)
{
DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
free(this);
}
+METHOD(tnccs_t, get_transport, tnc_ift_type_t,
+ private_tnccs_dynamic_t *this)
+{
+ return this->transport;
+}
+
+METHOD(tnccs_t, set_transport, void,
+ private_tnccs_dynamic_t *this, tnc_ift_type_t transport)
+{
+ this->transport = transport;
+}
+
/**
* See header
*/
-tls_t *tnccs_dynamic_create(bool is_server, identification_t *server,
- identification_t *peer)
+tnccs_t* tnccs_dynamic_create(bool is_server,
+ identification_t *server,
+ identification_t *peer,
+ tnc_ift_type_t transport)
{
private_tnccs_dynamic_t *this;
INIT(this,
.public = {
- .process = _process,
- .build = _build,
- .is_server = _is_server,
- .get_server_id = _get_server_id,
- .get_peer_id = _get_peer_id,
- .get_purpose = _get_purpose,
- .is_complete = _is_complete,
- .get_eap_msk = _get_eap_msk,
- .destroy = _destroy,
+ .tls = {
+ .process = _process,
+ .build = _build,
+ .is_server = _is_server,
+ .get_server_id = _get_server_id,
+ .get_peer_id = _get_peer_id,
+ .get_purpose = _get_purpose,
+ .is_complete = _is_complete,
+ .get_eap_msk = _get_eap_msk,
+ .destroy = _destroy,
+ },
+ .get_transport = _get_transport,
+ .set_transport = _set_transport,
},
.server = server->clone(server),
.peer = peer->clone(peer),
+ .transport = transport,
);
return &this->public;
#include <library.h>
-#include <tls.h>
+#include <tnc/tnccs/tnccs.h>
/**
* Create an instance of a dynamic TNC IF-TNCCS protocol handler.
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
+ * @param transport Underlying IF-T transport protocol
* @return dynamic TNC IF-TNCCS protocol stack
*/
-tls_t *tnccs_dynamic_create(bool is_server, identification_t *server,
- identification_t *peer);
+tnccs_t* tnccs_dynamic_create(bool is_server,
+ identification_t *server,
+ identification_t *peer,
+ tnc_ift_type_t transport);
#endif /** TNCCS_DYNAMIC_H_ @}*/
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif
+INCLUDES = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtls
ipseclib_LTLIBRARIES = libtnccs.la
typedef struct tnccs_t tnccs_t;
typedef enum tnccs_type_t tnccs_type_t;
+typedef enum tnc_ift_type_t tnc_ift_type_t;
#include <tncif.h>
#include <tncifimc.h>
#include <library.h>
#include <plugins/plugin.h>
+#include <tls.h>
+
/**
* Type of TNC Client/Server protocol
*/
TNCCS_DYNAMIC
};
+/**
+ * Type of TNC Transport protocol
+ */
+enum tnc_ift_type_t {
+ TNC_IFT_UNKNOWN,
+ TNC_IFT_EAP_1_0,
+ TNC_IFT_EAP_1_1,
+ TNC_IFT_EAP_2_0,
+ TNC_IFT_TLS_1_0,
+ TNC_IFT_TLS_2_0
+};
+
/**
* enum names for tnccs_type_t.
*/
extern enum_name_t *tnccs_type_names;
+/**
+ * TNCCS public interface
+ */
+struct tnccs_t {
+
+ /**
+ * Implements tls_t
+ */
+ tls_t tls;
+
+ /**
+ * Get underlying TNC IF-T transport protocol
+ */
+ tnc_ift_type_t (*get_transport)(tnccs_t *this);
+
+ /**
+ * Set underlying TNC IF-T transport protocol
+ */
+ void (*set_transport)(tnccs_t *this, tnc_ift_type_t transport);
+
+};
+
/**
* Constructor definition for a pluggable TNCCS protocol implementation.
*
* @param is_server TRUE if TNC Server, FALSE if TNC Client
* @param server Server identity
* @param peer Client identity
+ * @param transport Underlying TNC IF-T transport protocol used
* @return implementation of the tnccs_t interface
*/
typedef tnccs_t *(*tnccs_constructor_t)(bool is_server,
identification_t *server,
- identification_t *peer);
+ identification_t *peer,
+ tnc_ift_type_t transport);
/**
* Callback function adding a message to a TNCCS batch
* @param is_server TRUE if TNC Server, FALSE if TNC Client
* @param server Server identity
* @param peer Client identity
+ * @param transport Underlying TNC IF-T transport protocol used
* @return TNCCS protocol instance, NULL if no constructor found
*/
tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
bool is_server, identification_t *server,
- identification_t *peer);
+ identification_t *peer,
+ tnc_ift_type_t transport);
/**
* Create a TNCCS connection and assign a unique connection ID as well a
projects / thirdparty / strongswan.git / commitdiff
