Added EAP-TLS plugin stub
authorMartin Willi <martin@revosec.ch>
Mon, 11 Jan 2010 13:21:58 +0000 (14:21 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 3 Aug 2010 13:39:24 +0000 (15:39 +0200)
configure.in
src/charon/plugins/eap_tls/Makefile.am [new file with mode: 0644]
src/charon/plugins/eap_tls/eap_tls.c [new file with mode: 0644]
src/charon/plugins/eap_tls/eap_tls.h [new file with mode: 0644]
src/charon/plugins/eap_tls/eap_tls_plugin.c [new file with mode: 0644]
src/charon/plugins/eap_tls/eap_tls_plugin.h [new file with mode: 0644]
src/libcharon/sa/authenticators/eap/eap_method.c
src/libstrongswan/credentials/auth_cfg.c
src/libstrongswan/credentials/auth_cfg.h
src/starter/confread.c
src/starter/ipsec.conf.5.in

index b294349..65f45c8 100644 (file)
@@ -111,6 +111,7 @@ ARG_ENABL_SET([eap-gtc],        [enable PAM based EAP GTC authenication module.]
 ARG_ENABL_SET([eap-aka],        [enable EAP AKA authentication module.])
 ARG_ENABL_SET([eap-aka-3gpp2],  [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.])
 ARG_ENABL_SET([eap-mschapv2],   [enable EAP MS-CHAPv2 authenication module.])
+ARG_ENABL_SET([eap-tls],        [enable EAP TLS authenication module.])
 ARG_ENABL_SET([eap-radius],     [enable RADIUS proxy authenication module.])
 ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.])
 ARG_ENABL_SET([kernel-pfkey],   [enable the PF_KEY kernel interface.])
@@ -846,6 +847,7 @@ AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue)
 AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
 AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue)
 AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue)
+AM_CONDITIONAL(USE_EAP_TLS, test x$eap_tls = xtrue)
 AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue)
 AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue)
 AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue)
@@ -969,6 +971,7 @@ AC_OUTPUT(
        src/libcharon/plugins/eap_simaka_pseudonym/Makefile
        src/libcharon/plugins/eap_simaka_reauth/Makefile
        src/libcharon/plugins/eap_mschapv2/Makefile
+       src/libcharon/plugins/eap_tls/Makefile
        src/libcharon/plugins/eap_radius/Makefile
        src/libcharon/plugins/kernel_netlink/Makefile
        src/libcharon/plugins/kernel_pfkey/Makefile
diff --git a/src/charon/plugins/eap_tls/Makefile.am b/src/charon/plugins/eap_tls/Makefile.am
new file mode 100644 (file)
index 0000000..236e50d
--- /dev/null
@@ -0,0 +1,10 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-eap-tls.la
+
+libstrongswan_eap_tls_la_SOURCES = eap_tls_plugin.h eap_tls_plugin.c \
+       eap_tls.h eap_tls.c
+libstrongswan_eap_tls_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_tls/eap_tls.c b/src/charon/plugins/eap_tls/eap_tls.c
new file mode 100644 (file)
index 0000000..0ff68b7
--- /dev/null
@@ -0,0 +1,122 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap_tls.h"
+
+#include <daemon.h>
+#include <library.h>
+
+typedef struct private_eap_tls_t private_eap_tls_t;
+
+/**
+ * Private data of an eap_tls_t object.
+ */
+struct private_eap_tls_t {
+
+       /**
+        * Public interface.
+        */
+       eap_tls_t public;
+
+       /**
+        * ID of the server
+        */
+       identification_t *server;
+
+       /**
+        * ID of the peer
+        */
+       identification_t *peer;
+
+       /**
+        * Is this method instance acting as server?
+        */
+       bool is_server;
+};
+
+METHOD(eap_method_t, initiate, status_t,
+       private_eap_tls_t *this, eap_payload_t **out)
+{
+       return FAILED;
+}
+
+METHOD(eap_method_t, process, status_t,
+       private_eap_tls_t *this, eap_payload_t *in, eap_payload_t **out)
+{
+       return FAILED;
+}
+
+METHOD(eap_method_t, get_type, eap_type_t,
+       private_eap_tls_t *this, u_int32_t *vendor)
+{
+       *vendor = 0;
+       return EAP_TLS;
+}
+
+METHOD(eap_method_t, get_msk, status_t,
+       private_eap_tls_t *this, chunk_t *msk)
+{
+       return FAILED;
+}
+
+METHOD(eap_method_t, is_mutual, bool,
+       private_eap_tls_t *this)
+{
+       return TRUE;
+}
+
+METHOD(eap_method_t, destroy, void,
+       private_eap_tls_t *this)
+{
+       this->peer->destroy(this->peer);
+       this->server->destroy(this->server);
+       free(this);
+}
+
+/**
+ * Generic private constructor
+ */
+static eap_tls_t *eap_tls_create(identification_t *server,
+                                                                identification_t *peer, bool is_server)
+{
+       private_eap_tls_t *this;
+
+       INIT(this,
+               .public.eap_method = {
+                       .initiate = _initiate,
+                       .process = _process,
+                       .get_type = _get_type,
+                       .is_mutual = _is_mutual,
+                       .get_msk = _get_msk,
+                       .destroy = _destroy,
+               },
+               .peer = peer->clone(peer),
+               .server = server->clone(server),
+               .is_server = is_server,
+       );
+       return &this->public;
+}
+
+eap_tls_t *eap_tls_create_server(identification_t *server,
+                                                                identification_t *peer)
+{
+       return eap_tls_create(server, peer, TRUE);
+}
+
+eap_tls_t *eap_tls_create_peer(identification_t *server,
+                                                          identification_t *peer)
+{
+       return eap_tls_create(server, peer, FALSE);
+}
diff --git a/src/charon/plugins/eap_tls/eap_tls.h b/src/charon/plugins/eap_tls/eap_tls.h
new file mode 100644 (file)
index 0000000..6be7b4a
--- /dev/null
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap_tls eap_tls
+ * @{ @ingroup eap_tls
+ */
+
+#ifndef EAP_TLS_H_
+#define EAP_TLS_H_
+
+typedef struct eap_tls_t eap_tls_t;
+
+#include <sa/authenticators/eap/eap_method.h>
+
+/**
+ * Implementation of eap_method_t using EAP-TLS.
+ */
+struct eap_tls_t {
+
+       /**
+        * Implements eap_method_t interface.
+        */
+       eap_method_t eap_method;
+};
+
+/**
+ * Creates the EAP method EAP-TLS acting as server.
+ *
+ * @param server       ID of the EAP server
+ * @param peer         ID of the EAP client
+ * @return                     eap_tls_t object
+ */
+eap_tls_t *eap_tls_create_server(identification_t *server,
+                                                                identification_t *peer);
+
+/**
+ * Creates the EAP method EAP-TLS acting as peer.
+ *
+ * @param server       ID of the EAP server
+ * @param peer         ID of the EAP client
+ * @return                     eap_tls_t object
+ */
+eap_tls_t *eap_tls_create_peer(identification_t *server,
+                                                          identification_t *peer);
+
+#endif /** EAP_TLS_H_ @}*/
diff --git a/src/charon/plugins/eap_tls/eap_tls_plugin.c b/src/charon/plugins/eap_tls/eap_tls_plugin.c
new file mode 100644 (file)
index 0000000..f7da643
--- /dev/null
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap_tls_plugin.h"
+
+#include "eap_tls.h"
+
+#include <daemon.h>
+
+
+METHOD(plugin_t, destroy, void,
+       eap_tls_plugin_t *this)
+{
+       charon->eap->remove_method(charon->eap,
+                                                          (eap_constructor_t)eap_tls_create_server);
+       charon->eap->remove_method(charon->eap,
+                                                          (eap_constructor_t)eap_tls_create_peer);
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+       eap_tls_plugin_t *this;
+
+       INIT(this,
+               .plugin.destroy = _destroy,
+       );
+
+       charon->eap->add_method(charon->eap, EAP_TLS, 0, EAP_SERVER,
+                                                       (eap_constructor_t)eap_tls_create_server);
+       charon->eap->add_method(charon->eap, EAP_TLS, 0, EAP_PEER,
+                                                       (eap_constructor_t)eap_tls_create_peer);
+
+       return &this->plugin;
+}
diff --git a/src/charon/plugins/eap_tls/eap_tls_plugin.h b/src/charon/plugins/eap_tls/eap_tls_plugin.h
new file mode 100644 (file)
index 0000000..5ec3836
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap_tls eap_tls
+ * @ingroup cplugins
+ *
+ * @defgroup eap_tls_plugin eap_tls_plugin
+ * @{ @ingroup eap_tls
+ */
+
+#ifndef EAP_TLS_PLUGIN_H_
+#define EAP_TLS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct eap_tls_plugin_t eap_tls_plugin_t;
+
+/**
+ * EAP-TLS plugin
+ */
+struct eap_tls_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+/**
+ * Create a eap_tls_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** EAP_TLS_PLUGIN_H_ @}*/
index ad7b92c..9d6aba5 100644 (file)
@@ -29,6 +29,7 @@ eap_type_t eap_type_from_string(char *name)
                {"md5",                 EAP_MD5},
                {"otp",                 EAP_OTP},
                {"gtc",                 EAP_GTC},
+               {"tls",                 EAP_TLS},
                {"sim",                 EAP_SIM},
                {"aka",                 EAP_AKA},
                {"mschapv2",    EAP_MSCHAPV2},
index 2573d03..0ec2a1b 100644 (file)
@@ -36,7 +36,9 @@ ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC,
        "EAP_MD5",
        "EAP_OTP",
        "EAP_GTC");
-ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_GTC,
+ENUM_NEXT(eap_type_names, EAP_TLS, EAP_TLS, EAP_GTC,
+       "EAP_TLS");
+ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_TLS,
        "EAP_SIM");
 ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM,
        "EAP_AKA");
index 713e163..6c9a6b1 100644 (file)
@@ -60,6 +60,7 @@ enum eap_type_t {
        EAP_MD5 = 4,
        EAP_OTP = 5,
        EAP_GTC = 6,
+       EAP_TLS = 13,
        EAP_SIM = 18,
        EAP_AKA = 23,
        EAP_MSCHAPV2 = 26,
index 399e178..236183d 100644 (file)
@@ -687,6 +687,10 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
                        {
                                conn->eap_type = 6;
                        }
+                       else if (streq(kw->value, "tls"))
+                       {
+                               conn->eap_type = 13;
+                       }
                        else if (streq(kw->value, "mschapv2"))
                        {
                                conn->eap_type = 26;
index 3d2940a..0f87f6b 100644 (file)
@@ -541,6 +541,7 @@ an optional EAP method can be appended. Currently defined methods are
 .BR eap-aka ,
 .BR eap-gtc ,
 .BR eap-md5 ,
+.BR eap-tls ,
 .B eap-mschapv2
 and
 .BR eap-sim .