f0a8d625b88aac0c959a8159449b710e58749246
[strongswan.git] / src / libcharon / plugins / eap_ttls / eap_ttls_peer.c
1 /*
2 * Copyright (C) 2010 Andreas Steffen
3 * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "eap_ttls_peer.h"
17
18 #include <debug.h>
19 #include <sa/authenticators/eap/eap_method.h>
20
21 #define AVP_EAP_MESSAGE 79
22
23 typedef struct private_eap_ttls_peer_t private_eap_ttls_peer_t;
24
25 /**
26 * Private data of an eap_ttls_peer_t object.
27 */
28 struct private_eap_ttls_peer_t {
29
30 /**
31 * Public eap_ttls_peer_t interface.
32 */
33 eap_ttls_peer_t public;
34
35 /**
36 * Peer identity
37 */
38 identification_t *peer;
39
40 /**
41 * EAP-TTLS state information
42 */
43 bool start_phase2;
44 };
45
46 /**
47 * Send an EAP-Message Attribute-Value Pair
48 */
49 static void send_avp_eap_message(tls_writer_t *writer, chunk_t data)
50 {
51 char zero_padding[] = { 0x00, 0x00, 0x00 };
52 chunk_t avp_padding;
53 u_int8_t avp_flags;
54 u_int32_t avp_len;
55
56 avp_flags = 0x40;
57 avp_len = 8 + data.len;
58 avp_padding = chunk_create(zero_padding, (4 - data.len) % 4);
59
60 writer->write_uint32(writer, AVP_EAP_MESSAGE);
61 writer->write_uint8(writer, avp_flags);
62 writer->write_uint24(writer, avp_len);
63 writer->write_data(writer, data);
64 writer->write_data(writer, avp_padding);
65 }
66
67 /**
68 * Process an EAP-Message Attribute-Value Pair
69 */
70 static status_t process_avp_eap_message(tls_reader_t *reader, chunk_t *data)
71 {
72 u_int32_t avp_code;
73 u_int8_t avp_flags;
74 u_int32_t avp_len, data_len;
75
76 if (!reader->read_uint32(reader, &avp_code) ||
77 !reader->read_uint8(reader, &avp_flags) ||
78 !reader->read_uint24(reader, &avp_len))
79 {
80 DBG1(DBG_IKE, "received invalid AVP");
81 return FAILED;
82 }
83 if (avp_code != AVP_EAP_MESSAGE)
84 {
85 DBG1(DBG_IKE, "expected AVP_EAP_MESSAGE but received %u", avp_code);
86 return FAILED;
87 }
88 data_len = avp_len - 8;
89 if (!reader->read_data(reader, data_len + (4 - avp_len) % 4, data))
90 {
91 DBG1(DBG_IKE, "received insufficient AVP data");
92 return FAILED;
93 }
94 data->len = data_len;
95 return SUCCESS;
96 }
97
98 METHOD(tls_application_t, process, status_t,
99 private_eap_ttls_peer_t *this, tls_reader_t *reader)
100 {
101 chunk_t data;
102 status_t status;
103
104 status = process_avp_eap_message(reader, &data);
105 if (status == FAILED)
106 {
107 return FAILED;
108 }
109 DBG2(DBG_IKE, "received EAP message: %B", &data);
110 return FAILED;
111 }
112
113 METHOD(tls_application_t, build, status_t,
114 private_eap_ttls_peer_t *this, tls_writer_t *writer)
115 {
116 if (this->start_phase2)
117 {
118 chunk_t data = chunk_from_chars(
119 EAP_RESPONSE, 0x00, 0x00, 25,
120 EAP_IDENTITY,
121 'c', 'a', 'r', 'o', 'l', '@', 's', 't', 'r', 'o', 'n', 'g',
122 's', 'w', 'a', 'n', '.', 'o', 'r', 'g');
123
124 DBG2(DBG_IKE, "sending EAP message: %B", &data);
125 send_avp_eap_message(writer, data);
126 this->start_phase2 = FALSE;
127 }
128 return INVALID_STATE;
129 }
130
131 METHOD(tls_application_t, destroy, void,
132 private_eap_ttls_peer_t *this)
133 {
134 free(this);
135 }
136
137 /**
138 * See header
139 */
140 eap_ttls_peer_t *eap_ttls_peer_create(identification_t *peer)
141 {
142 private_eap_ttls_peer_t *this;
143
144 INIT(this,
145 .public.application = {
146 .process = _process,
147 .build = _build,
148 .destroy = _destroy,
149 },
150 .peer = peer,
151 .start_phase2 = TRUE,
152 );
153
154 return &this->public;
155 }