From: Andreas Steffen Date: Thu, 17 Oct 2013 21:28:22 +0000 (+0200) Subject: Added tnc-pt-tls plugin X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=247f3ceef0dde7332ef291c610db81917e5d548e;p=thirdparty%2Fstrongswan.git Added tnc-pt-tls plugin --- diff --git a/configure.ac b/configure.ac index 10f1e1929a..e28df867a7 100644 --- a/configure.ac +++ b/configure.ac @@ -187,6 +187,7 @@ ARG_DISBL_SET([xauth-generic], [disable generic XAuth backend.]) ARG_ENABL_SET([xauth-eap], [enable XAuth backend using EAP methods to verify passwords.]) ARG_ENABL_SET([xauth-pam], [enable XAuth backend using PAM to verify passwords.]) ARG_ENABL_SET([xauth-noauth], [enable XAuth pseudo-backend that does not actually verify or even request any credentials.]) +ARG_ENABL_SET([tnc-pt-tls], [enable PT-TLS protocol support.]) ARG_ENABL_SET([tnc-ifmap], [enable TNC IF-MAP module. Requires libxml]) ARG_ENABL_SET([tnc-pdp], [enable TNC policy decision point module.]) ARG_ENABL_SET([tnc-imc], [enable TNC IMC module.]) @@ -1076,6 +1077,7 @@ ADD_PLUGIN([xauth-generic], [c charon cmd]) ADD_PLUGIN([xauth-eap], [c charon]) ADD_PLUGIN([xauth-pam], [c charon]) ADD_PLUGIN([xauth-noauth], [c charon]) +ADD_PLUGIN([tnc-pt-tls], [c charon]) ADD_PLUGIN([tnc-ifmap], [c charon]) ADD_PLUGIN([tnc-pdp], [c charon]) ADD_PLUGIN([tnc-imc], [t charon]) @@ -1230,6 +1232,7 @@ AM_CONDITIONAL(USE_XAUTH_PAM, test x$xauth_pam = xtrue) AM_CONDITIONAL(USE_XAUTH_NOAUTH, test x$xauth_noauth = xtrue) AM_CONDITIONAL(USE_TNC_IFMAP, test x$tnc_ifmap = xtrue) AM_CONDITIONAL(USE_TNC_PDP, test x$tnc_pdp = xtrue) +AM_CONDITIONAL(USE_TNC_PT_TLS, test x$tnc_pt_tls = xtrue) AM_CONDITIONAL(USE_TNC_IMC, test x$tnc_imc = xtrue) AM_CONDITIONAL(USE_TNC_IMV, test x$tnc_imv = xtrue) AM_CONDITIONAL(USE_TNC_TNCCS, test x$tnc_tnccs = xtrue) @@ -1287,7 +1290,7 @@ AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$n AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue) AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue) AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue) -AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue) +AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue -o x$tnc_pt_tls = xtrue) AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue) AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$tools = xtrue -o x$conftest = xtrue) AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap) @@ -1446,6 +1449,7 @@ AC_CONFIG_FILES([ src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile + src/libcharon/plugins/tnc_pt_tls/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index df58eaa102..25a66b2165 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -398,6 +398,13 @@ if MONOLITHIC endif endif +if USE_TNC_PT_TLS + SUBDIRS += plugins/tnc_pt_tls +if MONOLITHIC + libcharon_la_LIBADD += plugins/tnc_pt_tls/libstrongswan-tnc-pt-tls.la +endif +endif + if USE_LIBTNCCS if MONOLITHIC # otherwise this library is linked to the respective plugins diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c index 6f6452229f..d0b3ec8f75 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c @@ -24,7 +24,8 @@ #include #include -#include +#include +#include /** * Maximum size of an EAP-TNC message @@ -215,30 +216,35 @@ METHOD(eap_method_t, is_mutual, bool, METHOD(eap_method_t, destroy, void, private_eap_tnc_t *this) { - pt_tls_client_t *pt_tls_client; + pt_tls_manager_t *manager; + pt_tls_connection_t *connection; identification_t *server, *client; char *pdp_server; u_int16_t pdp_port; host_t *host; tls_t *tls; - tls = &this->tnccs->tls; pdp_server = this->tnccs->get_pdp_server(this->tnccs, &pdp_port); - if (pdp_server) + manager = lib->get(lib, "pt-tls-manager"); + if (manager && pdp_server) { host = host_create_from_dns(pdp_server, AF_UNSPEC, pdp_port); - server = identification_create_from_string(pdp_server); - client = tls->get_peer_id(tls); if (host) { - DBG2(DBG_TNC, "TODO: setup PT-TLS connection to '%s' at %#H", - pdp_server, host); - pt_tls_client = pt_tls_client_create(host, server, - client->clone(client)); - pt_tls_client->destroy(pt_tls_client); + server = identification_create_from_string(pdp_server); + this->tnccs = this->tnccs->get_ref(this->tnccs); + tls = &this->tnccs->tls; + client = tls->get_peer_id(tls); + client = client->clone(client); + connection = manager->create_connection(manager, this->tnccs, host, + server, client); + manager->add_connection(manager, connection); + } + else + { + DBG1(DBG_TNC, "could not resolve hostname '%s'", pdp_server); } } - tls->destroy(tls); this->tls_eap->destroy(this->tls_eap); free(this); } diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c index 813a75f487..21e50fc107 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c @@ -36,6 +36,7 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(EAP_PEER, EAP_TNC), PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS), PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), + PLUGIN_SDEPEND(CUSTOM, "pt-tls-manager"), }; *features = f; return countof(f); diff --git a/src/libcharon/plugins/tnc_pt_tls/Makefile.am b/src/libcharon/plugins/tnc_pt_tls/Makefile.am new file mode 100644 index 0000000000..b58f54a98e --- /dev/null +++ b/src/libcharon/plugins/tnc_pt_tls/Makefile.am @@ -0,0 +1,27 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libtls \ + -I$(top_srcdir)/src/libpttls \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtnccs + +AM_CFLAGS = \ + -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-tnc-pt-tls.la +else +plugin_LTLIBRARIES = libstrongswan-tnc-pt-tls.la +libstrongswan_tnc_pt_tls_la_LIBADD = \ + $(top_builddir)/src/libtls/libtls.la \ + $(top_builddir)/src/libpttls/libpttls.la \ + $(top_builddir)/src/libtnccs/libtnccs.la +endif + +libstrongswan_tnc_pt_tls_la_SOURCES = \ + tnc_pt_tls_plugin.h tnc_pt_tls_plugin.c \ + tnc_pt_tls_connection.h tnc_pt_tls_connection.c + +libstrongswan_tnc_pt_tls_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_connection.c b/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_connection.c new file mode 100644 index 0000000000..d26efb17a3 --- /dev/null +++ b/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_connection.c @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tnc_pt_tls_connection.h" + +#include + +typedef struct private_tnc_pt_tls_connection_t private_tnc_pt_tls_connection_t; + +/** + * Private data of an tnc_pt_tls_connection_t object. + */ +struct private_tnc_pt_tls_connection_t { + + /** + * Public pt_tls_connection_t interface. + */ + pt_tls_connection_t public; + + /** + * PT-TLS client instance + */ + pt_tls_client_t *pt_tls_client; + +}; + +METHOD(pt_tls_connection_t, destroy, void, + private_tnc_pt_tls_connection_t *this) +{ + DBG2(DBG_TNC, "destroying PT-TLS connection"); + this->pt_tls_client->destroy(this->pt_tls_client); + free(this); +} + +/** + * See header + */ +pt_tls_connection_t *tnc_pt_tls_connection_create(tnccs_t *tnccs, host_t *host, + identification_t *server, identification_t *client) +{ + private_tnc_pt_tls_connection_t *this; + + DBG2(DBG_TNC, "TODO: setup PT-TLS connection to '%Y' at %#H", server, host); + + INIT(this, + .public = { + .destroy = _destroy, + }, + .pt_tls_client = pt_tls_client_create(host, server, client), + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_connection.h b/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_connection.h new file mode 100644 index 0000000000..746d9001a7 --- /dev/null +++ b/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_connection.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tnc_pt_tls_connection tnc_pt_tls_connection + * @{ @ingroup pt_tls + */ + +#ifndef TNC_PT_TLS_CONNECTION_H_ +#define TNC_PT_TLS_CONNECTION_H_ + + +#include + +#include + +/** + * Create a PT-TLS connection instance. + * + * @param tnccs IF-TNCCS connection to be transported + * @param host IP address of PDP server + * @param server Hostname of PDP server + * @param client Access Requestor Identity + */ +pt_tls_connection_t* tnc_pt_tls_connection_create(tnccs_t *tnccs, host_t *host, + identification_t *server, identification_t *client); + +#endif /** TNC_PT_TLS_CONNECTION_H_ @}*/ diff --git a/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_plugin.c b/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_plugin.c new file mode 100644 index 0000000000..d667593345 --- /dev/null +++ b/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_plugin.c @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tnc_pt_tls_plugin.h" +#include "tnc_pt_tls_connection.h" + +#include "pt_tls_manager.h" + +#include + +typedef struct private_tnc_pt_tls_plugin_t private_tnc_pt_tls_plugin_t; + +/** + * Private data of a tnc_pt_tls_plugin_t object. + */ +struct private_tnc_pt_tls_plugin_t { + + /** + * Public interface. + */ + pt_tls_plugin_t public; + + /** + * PT-TLS backend manager + */ + pt_tls_manager_t *mgr; +}; + + +METHOD(plugin_t, get_name, char*, + private_tnc_pt_tls_plugin_t *this) +{ + return "tnc-pt-tls"; +} + +/** + * Register PT-TLS manager + */ +static bool plugin_cb(private_tnc_pt_tls_plugin_t *this, + plugin_feature_t *feature, bool reg, void *cb_data) +{ + if (reg) + { + lib->set(lib, "pt-tls-manager", this->mgr); + } + else + { + lib->set(lib, "pt-tls-manager", NULL); + } + return TRUE; +} + +METHOD(plugin_t, get_features, int, + private_tnc_pt_tls_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL), + PLUGIN_PROVIDE(CUSTOM, "pt-tls-manager"), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_tnc_pt_tls_plugin_t *this) +{ + this->mgr->destroy(this->mgr); + free(this); +} + +/* + * see header file + */ +plugin_t *tnc_pt_tls_plugin_create() +{ + private_tnc_pt_tls_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + .mgr = pt_tls_manager_create(tnc_pt_tls_connection_create), + ); + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_plugin.h b/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_plugin.h new file mode 100644 index 0000000000..a4601a5160 --- /dev/null +++ b/src/libcharon/plugins/tnc_pt_tls/tnc_pt_tls_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pt_tls pt_tls + * @ingroup cplugins + * + * @defgroup pt_tls_plugin pt_tls_plugin + * @{ @ingroup pt_tls + */ + +#ifndef PT_TLS_PLUGIN_H_ +#define PT_TLS_PLUGIN_H_ + +#include + +typedef struct pt_tls_plugin_t pt_tls_plugin_t; + +/** + * EAP-TNC plugin + */ +struct pt_tls_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** PT_TLS_PLUGIN_H_ @}*/ diff --git a/src/libpttls/Makefile.am b/src/libpttls/Makefile.am index f2bcf44d56..5b3c2b73c9 100644 --- a/src/libpttls/Makefile.am +++ b/src/libpttls/Makefile.am @@ -17,5 +17,6 @@ libpttls_la_SOURCES = pt_tls.c pt_tls.h \ pt_tls_client.c pt_tls_client.h \ pt_tls_server.c pt_tls_server.h \ pt_tls_dispatcher.c pt_tls_dispatcher.h \ + pt_tls_manager.h pt_tls_manager.c pt_tls_connection.h \ sasl/sasl_plain/sasl_plain.c sasl/sasl_plain/sasl_plain.h \ sasl/sasl_mechanism.c sasl/sasl_mechanism.h diff --git a/src/libpttls/pt_tls_connection.h b/src/libpttls/pt_tls_connection.h new file mode 100644 index 0000000000..e5a7c2dd2b --- /dev/null +++ b/src/libpttls/pt_tls_connection.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pt_tls_connection pt_tls_connection + * @{ @ingroup pt_tls + */ + +#ifndef PT_TLS_CONNECTION_H_ +#define PT_TLS_CONNECTION_H_ + +typedef struct pt_tls_connection_t pt_tls_connection_t; + +#include + +#include + +/** + * Constructor function for PT-TLS connection + */ +typedef pt_tls_connection_t* (*pt_tls_connection_constructor_t)(tnccs_t *tnccs, + host_t *host, identification_t *server, + identification_t *client); + +/** + * Public interface of a PT-TLS connection. + */ +struct pt_tls_connection_t { + + /** + * Destroy a pt_tls_connection_t object. + */ + void (*destroy)(pt_tls_connection_t *this); +}; + +#endif /** PT_TLS_CONNECTION_H_ @}*/ diff --git a/src/libpttls/pt_tls_manager.c b/src/libpttls/pt_tls_manager.c new file mode 100644 index 0000000000..1513acd8bc --- /dev/null +++ b/src/libpttls/pt_tls_manager.c @@ -0,0 +1,101 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pt_tls_manager.h" + +#include +#include + +typedef struct private_pt_tls_manager_t private_pt_tls_manager_t; + +/** + * Private data of an pt_tls_manager_t object. + */ +struct private_pt_tls_manager_t { + + /** + * Public pt_tls_manager_t interface. + */ + pt_tls_manager_t public; + + /** + * Constructor for PT-TLS connection instance + */ + pt_tls_connection_constructor_t create; + + /** + * list of added PT-TLS connections + */ + linked_list_t *connections; + + /** + * lock for lists above + */ + rwlock_t *lock; +}; + +METHOD(pt_tls_manager_t, create_connection, pt_tls_connection_t*, + private_pt_tls_manager_t *this, tnccs_t *tnccs, host_t *host, + identification_t *server, identification_t *client) +{ + return this->create(tnccs, host, server, client); +} + +METHOD(pt_tls_manager_t, add_connection, void, + private_pt_tls_manager_t *this, pt_tls_connection_t *connection) +{ + this->lock->write_lock(this->lock); + this->connections->insert_last(this->connections, connection); + this->lock->unlock(this->lock); +} + +METHOD(pt_tls_manager_t, remove_connection, void, + private_pt_tls_manager_t *this, pt_tls_connection_t *connection) +{ + this->lock->write_lock(this->lock); + this->connections->remove(this->connections, connection, NULL); + this->lock->unlock(this->lock); +} + +METHOD(pt_tls_manager_t, destroy, void, + private_pt_tls_manager_t *this) +{ + this->connections->destroy_offset(this->connections, + offsetof(pt_tls_connection_t, destroy)); + this->lock->destroy(this->lock); + free(this); +} + +/** + * See header + */ +pt_tls_manager_t *pt_tls_manager_create(pt_tls_connection_constructor_t create) +{ + private_pt_tls_manager_t *this; + + INIT(this, + .public = { + .create_connection = _create_connection, + .add_connection = _add_connection, + .remove_connection = _remove_connection, + .destroy = _destroy, + }, + .create = create, + .connections = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + return &this->public; +} diff --git a/src/libpttls/pt_tls_manager.h b/src/libpttls/pt_tls_manager.h new file mode 100644 index 0000000000..b7ece979b8 --- /dev/null +++ b/src/libpttls/pt_tls_manager.h @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pt_tls_manager pt_tls_manager + * @{ @ingroup pt_tls + */ + +#ifndef PT_TLS_MANAGER_H_ +#define PT_TLS_MANAGER_H_ + +typedef struct pt_tls_manager_t pt_tls_manager_t; + +#include "pt_tls_connection.h" + +/** + * The PT-TLS manager handles multiple PT-TLS connections. + */ +struct pt_tls_manager_t { + + /** + * Create a PT-TLS connection instance. + * + * @param tnccs IF-TNCCS connection to be transported + * @param host IP address of PDP server + * @param server Hostname of PDP server + * @param client Access Requestor Identity + */ + pt_tls_connection_t* (*create_connection)(pt_tls_manager_t *this, + tnccs_t *tnccs, host_t *host, + identification_t *server, + identification_t *client); + + /** + * Register a PT-TLS connection with the manager. + * + * @param connection PT-TLS connection to register + */ + void (*add_connection)(pt_tls_manager_t *this, + pt_tls_connection_t *connection); + + /** + * Unregister a previously registered connection from the manager. + * + * @param connection PT-TLS connection to unregister + */ + void (*remove_connection)(pt_tls_manager_t *this, + pt_tls_connection_t *connection); + + /** + * Destroy a manager instance. + */ + void (*destroy)(pt_tls_manager_t *this); +}; + +/** + * Create a PT-TLS manager to handle multiple PT-TLS connections. + * + * @return pt_tls_manager_t object + */ +pt_tls_manager_t *pt_tls_manager_create(); + +#endif /** PT_TLS_MANAGER_H_ @}*/ diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk index 646986a32d..0680b9a4bd 100644 --- a/testing/scripts/recipes/013_strongswan.mk +++ b/testing/scripts/recipes/013_strongswan.mk @@ -30,6 +30,7 @@ CONFIG_OPTS = \ --enable-eap-tnc \ --enable-tnc-ifmap \ --enable-tnc-pdp \ + --enable-tnc-pt-tls \ --enable-tnc-imc \ --enable-tnc-imv \ --enable-tnccs-11 \ diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf index 808f1d11ad..0f7131693d 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-pt-tls tnc-imc tnc-tnccs tnccs-20 updown plugins { eap-tnc { protocol = tnccs-2.0 diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf index 96ff63ab1e..f56e772b70 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-pt-tls tnc-imc tnc-tnccs tnccs-20 updown plugins { eap-tnc { protocol = tnccs-2.0