Implemented TLS session resumption both as client and as server
[strongswan.git] / src / libcharon / plugins / eap_ttls / eap_ttls.c
1 /*
2 * Copyright (C) 2010 Martin Willi, revosec AG
3 * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "eap_ttls.h"
17 #include "eap_ttls_peer.h"
18 #include "eap_ttls_server.h"
19
20 #include <tls_eap.h>
21
22 #include <daemon.h>
23 #include <library.h>
24
25 typedef struct private_eap_ttls_t private_eap_ttls_t;
26
27 /**
28 * Private data of an eap_ttls_t object.
29 */
30 struct private_eap_ttls_t {
31
32 /**
33 * Public interface.
34 */
35 eap_ttls_t public;
36
37 /**
38 * TLS stack, wrapped by EAP helper
39 */
40 tls_eap_t *tls_eap;
41 };
42
43 /** Maximum number of EAP-TTLS messages/fragments allowed */
44 #define MAX_MESSAGE_COUNT 32
45 /** Default size of a EAP-TTLS fragment */
46 #define MAX_FRAGMENT_LEN 1024
47
48 METHOD(eap_method_t, initiate, status_t,
49 private_eap_ttls_t *this, eap_payload_t **out)
50 {
51 chunk_t data;
52
53 if (this->tls_eap->initiate(this->tls_eap, &data) == NEED_MORE)
54 {
55 *out = eap_payload_create_data(data);
56 free(data.ptr);
57 return NEED_MORE;
58 }
59 return FAILED;
60 }
61
62 METHOD(eap_method_t, process, status_t,
63 private_eap_ttls_t *this, eap_payload_t *in, eap_payload_t **out)
64 {
65 status_t status;
66 chunk_t data;
67
68 data = in->get_data(in);
69 status = this->tls_eap->process(this->tls_eap, data, &data);
70 if (status == NEED_MORE)
71 {
72 *out = eap_payload_create_data(data);
73 free(data.ptr);
74 }
75 return status;
76 }
77
78 METHOD(eap_method_t, get_type, eap_type_t,
79 private_eap_ttls_t *this, u_int32_t *vendor)
80 {
81 *vendor = 0;
82 return EAP_TTLS;
83 }
84
85 METHOD(eap_method_t, get_msk, status_t,
86 private_eap_ttls_t *this, chunk_t *msk)
87 {
88 *msk = this->tls_eap->get_msk(this->tls_eap);
89 if (msk->len)
90 {
91 return SUCCESS;
92 }
93 return FAILED;
94 }
95
96 METHOD(eap_method_t, get_identifier, u_int8_t,
97 private_eap_ttls_t *this)
98 {
99 return this->tls_eap->get_identifier(this->tls_eap);
100 }
101
102 METHOD(eap_method_t, set_identifier, void,
103 private_eap_ttls_t *this, u_int8_t identifier)
104 {
105 this->tls_eap->set_identifier(this->tls_eap, identifier);
106 }
107
108 METHOD(eap_method_t, is_mutual, bool,
109 private_eap_ttls_t *this)
110 {
111 return TRUE;
112 }
113
114 METHOD(eap_method_t, destroy, void,
115 private_eap_ttls_t *this)
116 {
117 this->tls_eap->destroy(this->tls_eap);
118 free(this);
119 }
120
121 /**
122 * Generic private constructor
123 */
124 static eap_ttls_t *eap_ttls_create(identification_t *server,
125 identification_t *peer, bool is_server,
126 tls_application_t *application)
127 {
128 private_eap_ttls_t *this;
129 size_t frag_size;
130 int max_msg_count;
131 bool include_length;
132 tls_t *tls;
133
134 INIT(this,
135 .public = {
136 .eap_method = {
137 .initiate = _initiate,
138 .process = _process,
139 .get_type = _get_type,
140 .is_mutual = _is_mutual,
141 .get_identifier = _get_identifier,
142 .set_identifier = _set_identifier,
143 .get_msk = _get_msk,
144 .destroy = _destroy,
145 },
146 },
147 );
148 if (is_server && !lib->settings->get_bool(lib->settings,
149 "charon.plugins.eap-ttls.request_peer_auth", FALSE))
150 {
151 peer = NULL;
152 }
153 frag_size = lib->settings->get_int(lib->settings,
154 "charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN);
155 max_msg_count = lib->settings->get_int(lib->settings,
156 "charon.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT);
157 include_length = lib->settings->get_bool(lib->settings,
158 "charon.plugins.eap-ttls.include_length", TRUE);
159 tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS,
160 application, NULL);
161 this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count,
162 include_length);
163 if (!this->tls_eap)
164 {
165 application->destroy(application);
166 free(this);
167 return NULL;
168 }
169 return &this->public;
170 }
171
172 eap_ttls_t *eap_ttls_create_server(identification_t *server,
173 identification_t *peer)
174 {
175 return eap_ttls_create(server, peer, TRUE,
176 &eap_ttls_server_create(server, peer)->application);
177 }
178
179 eap_ttls_t *eap_ttls_create_peer(identification_t *server,
180 identification_t *peer)
181 {
182 return eap_ttls_create(server, peer, FALSE,
183 &eap_ttls_peer_create(server, peer)->application);
184 }