implemented server side support for EAP-TTLS
[strongswan.git] / src / libcharon / plugins / eap_ttls / eap_ttls.c
index fa812a1..ad3360d 100644 (file)
@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2010 Martin Willi
- * Copyright (C) 2010 revosec AG
+ * Copyright (C) 2010 Martin Willi, revosec AG
+ * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -14,6 +14,8 @@
  */
 
 #include "eap_ttls.h"
+#include "eap_ttls_peer.h"
+#include "eap_ttls_server.h"
 
 #include <tls.h>
 
@@ -82,6 +84,7 @@ typedef enum {
        EAP_TTLS_LENGTH = (1<<7),
        EAP_TTLS_MORE_FRAGS = (1<<6),
        EAP_TTLS_START = (1<<5),
+       EAP_TTLS_VERSION = 0x07
 } eap_ttls_flags_t;
 
 /**
@@ -120,6 +123,7 @@ METHOD(eap_method_t, initiate, status_t,
                do {
                        pkt.identifier = random();
                } while (!pkt.identifier);
+               DBG2(DBG_IKE, "sending EAP-TLS start packet");
 
                *out = eap_payload_create_data(chunk_from_thing(pkt));
                return NEED_MORE;
@@ -194,6 +198,7 @@ static eap_payload_t *create_ack(private_eap_ttls_t *this, u_int8_t identifier)
                .type = EAP_TTLS,
        };
        htoun16(&pkt.length, sizeof(pkt));
+       DBG2(DBG_IKE, "sending EAP-TLS acknowledgement packet");
 
        return eap_payload_create_data(chunk_from_thing(pkt));
 }
@@ -229,6 +234,7 @@ static eap_payload_t *read_buf(private_eap_ttls_t *this, u_int8_t identifier)
                        pkt_len += EAP_TTLS_FRAGMENT_LEN;
                        memcpy(start, this->output.ptr + this->outpos, EAP_TTLS_FRAGMENT_LEN);
                        this->outpos += EAP_TTLS_FRAGMENT_LEN;
+                       DBG2(DBG_IKE, "sending EAP-TLS packet fragment");
                }
                else
                {
@@ -237,8 +243,13 @@ static eap_payload_t *read_buf(private_eap_ttls_t *this, u_int8_t identifier)
                                   this->output.len - this->outpos);
                        chunk_free(&this->output);
                        this->outpos = 0;
+                       DBG2(DBG_IKE, "sending EAP-TLS packet");
                }
        }
+       else
+       {
+               DBG2(DBG_IKE, "sending EAP-TLS acknowledgement packet");
+       }
        htoun16(&pkt->length, pkt_len);
        return eap_payload_create_data(chunk_create(buf, pkt_len));
 }
@@ -319,7 +330,7 @@ METHOD(eap_method_t, process, status_t,
 
        if (++this->processed > MAX_EAP_TTLS_MESSAGE_COUNT)
        {
-               DBG1(DBG_IKE, "EAP-TLS packet count exceeded");
+               DBG1(DBG_IKE, "EAP-TTLS packet count exceeded");
                return FAILED;
        }
 
@@ -332,7 +343,12 @@ METHOD(eap_method_t, process, status_t,
                DBG1(DBG_IKE, "invalid EAP-TLS packet length");
                return FAILED;
        }
-       if (!(pkt->flags & EAP_TTLS_START))
+       if (pkt->flags & EAP_TTLS_START)
+       {
+               DBG1(DBG_IKE, "EAP-TTLS version is v%u",
+               pkt->flags & EAP_TTLS_VERSION);
+       }
+       else
        {
                if (data.len == sizeof(eap_ttls_packet_t))
                {
@@ -358,7 +374,7 @@ METHOD(eap_method_t, process, status_t,
                }
                else if (this->input.len != this->inpos)
                {
-                       DBG1(DBG_IKE, "defragemented TLS message has invalid length");
+                       DBG1(DBG_IKE, "defragmented TLS message has invalid length");
                        return FAILED;
                }
        }
@@ -409,7 +425,8 @@ METHOD(eap_method_t, destroy, void,
  * Generic private constructor
  */
 static eap_ttls_t *eap_ttls_create(identification_t *server,
-                                                                identification_t *peer, bool is_server)
+                                                                  identification_t *peer, bool is_server,
+                                                                  tls_application_t *application)
 {
        private_eap_ttls_t *this;
 
@@ -425,19 +442,21 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
                .is_server = is_server,
        );
        /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
-       this->tls = tls_create(is_server, server, peer, "ttls keying material");
-
+       this->tls = tls_create(is_server, server, peer, FALSE,
+                                                  "ttls keying material", application);
        return &this->public;
 }
 
 eap_ttls_t *eap_ttls_create_server(identification_t *server,
-                                                                identification_t *peer)
+                                                                  identification_t *peer)
 {
-       return eap_ttls_create(server, peer, TRUE);
+       return eap_ttls_create(server, peer, TRUE,
+                                                  &eap_ttls_server_create(server, peer)->application);
 }
 
 eap_ttls_t *eap_ttls_create_peer(identification_t *server,
-                                                          identification_t *peer)
+                                                                identification_t *peer)
 {
-       return eap_ttls_create(server, peer, FALSE);
+       return eap_ttls_create(server, peer, FALSE,
+                                                  &eap_ttls_peer_create(server, peer)->application);
 }