ims-volte-vowifi/strongswan-epdg
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

determine underlying IF-T transport protocol

Browse source
This commit is contained in:
Andreas Steffen 2013-02-12 12:25:39 +01:00
parent bd1ee5bdc4
commit 3e56352815
13 changed files with 231 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/libcharon/plugins/eap_tnc/eap_tnc.c
View file

@ -173,10 +173,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
return NULL;
}
tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server,
server, peer);
this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs,
EAP_TNC_MAX_MESSAGE_LEN,
max_msg_count, FALSE);
server, peer, TNC_IFT_EAP_1_1);
this->tls_eap = tls_eap_create(EAP_TNC, &tnccs->tls,
EAP_TNC_MAX_MESSAGE_LEN,
max_msg_count, FALSE);
if (!this->tls_eap)
{
free(this);

3
src/libcharon/plugins/tnc_imc/Makefile.am
View file

@ -4,7 +4,8 @@ INCLUDES = \
-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libtnccs
-I$(top_srcdir)/src/libtnccs \
-I$(top_srcdir)/src/libtls
AM_CFLAGS = -rdynamic

3
src/libcharon/plugins/tnc_imv/Makefile.am
View file

@ -4,7 +4,8 @@ INCLUDES = \
-I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libtnccs
-I$(top_srcdir)/src/libtnccs \
-I$(top_srcdir)/src/libtls
AM_CFLAGS = -rdynamic

52
src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c
View file

@ -165,7 +165,8 @@ METHOD(tnccs_manager_t, remove_method, void,
METHOD(tnccs_manager_t, create_instance, tnccs_t*,
private_tnc_tnccs_manager_t *this, tnccs_type_t type, bool is_server,
identification_t *server, identification_t *peer)
identification_t *server, identification_t *peer,
tnc_ift_type_t transport)
{
enumerator_t *enumerator;
tnccs_entry_t *entry;
@ -177,7 +178,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
{
if (type == entry->type)
{
protocol = entry->constructor(is_server, server, peer);
protocol = entry->constructor(is_server, server, peer, transport);
if (protocol)
{
break;
@ -662,15 +663,52 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
version = "1.0";
break;
default:
return TNC_RESULT_INVALID_PARAMETER;
return TNC_RESULT_INVALID_PARAMETER;
}
return str_attribute(buffer_len, buffer, value_len, version);
}
case TNC_ATTRIBUTEID_IFT_PROTOCOL:
return str_attribute(buffer_len, buffer, value_len,
"IF-T for Tunneled EAP");
{
char *protocol;
switch (entry->tnccs->get_transport(entry->tnccs))
{
case TNC_IFT_EAP_1_0:
case TNC_IFT_EAP_1_1:
case TNC_IFT_EAP_2_0:
protocol = "IF-T for Tunneled EAP";
break;
case TNC_IFT_TLS_1_0:
case TNC_IFT_TLS_2_0:
protocol = "IF-T for TLS";
break;
default:
return TNC_RESULT_INVALID_PARAMETER;
}
return str_attribute(buffer_len, buffer, value_len, protocol);
}
case TNC_ATTRIBUTEID_IFT_VERSION:
return str_attribute(buffer_len, buffer, value_len, "1.1");
{
char *version;
switch (entry->tnccs->get_transport(entry->tnccs))
{
case TNC_IFT_EAP_1_0:
case TNC_IFT_TLS_1_0:
version = "1.0";
break;
case TNC_IFT_EAP_1_1:
version = "1.1";
break;
case TNC_IFT_EAP_2_0:
case TNC_IFT_TLS_2_0:
version = "2.0";
break;
default:
return TNC_RESULT_INVALID_PARAMETER;
}
return str_attribute(buffer_len, buffer, value_len, version);
}
case TNC_ATTRIBUTEID_AR_IDENTITIES:
{
linked_list_t *list;
@ -681,7 +719,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
TNC_Result result;
list = linked_list_create();
tnccs = (tls_t*)entry->tnccs;
tnccs = &entry->tnccs->tls;
peer = tnccs->get_peer_id(tnccs);
if (peer)
{

50
src/libcharon/plugins/tnccs_11/tnccs_11.c
View file

@ -43,9 +43,9 @@ typedef struct private_tnccs_11_t private_tnccs_11_t;
struct private_tnccs_11_t {
/**
* Public tls_t interface.
* Public tnccs_t interface.
*/
tls_t public;
tnccs_t public;
/**
* TNCC if TRUE, TNCS if FALSE
@ -62,6 +62,11 @@ struct private_tnccs_11_t {
*/
identification_t *peer;
/**
* Underlying TNC IF-T transport protocol
*/
tnc_ift_type_t transport;
/**
* Connection ID assigned to this TNCCS connection
*/
@ -557,29 +562,48 @@ METHOD(tls_t, destroy, void,
free(this);
}
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
private_tnccs_11_t *this)
{
return this->transport;
}
METHOD(tnccs_t, set_transport, void,
private_tnccs_11_t *this, tnc_ift_type_t transport)
{
this->transport = transport;
}
/**
* See header
*/
tls_t *tnccs_11_create(bool is_server, identification_t *server,
identification_t *peer)
tnccs_t* tnccs_11_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport)
{
private_tnccs_11_t *this;
INIT(this,
.public = {
.process = _process,
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
.tls = {
.process = _process,
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
},
.get_transport = _get_transport,
.set_transport = _set_transport,
},
.is_server = is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
.transport = transport,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.max_msg_len = lib->settings->get_int(lib->settings,
"%s.plugins.tnccs-11.max_message_size", 45000,

9
src/libcharon/plugins/tnccs_11/tnccs_11.h
View file

@ -23,7 +23,7 @@
#include <library.h>
#include <tls.h>
#include <tnc/tnccs/tnccs.h>
/**
* Create an instance of the TNC IF-TNCCS 1.1 protocol handler.
@ -31,9 +31,12 @@
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
* @param transport Underlying IF-T transport protocol
* @return TNC_IF_TNCCS 1.1 protocol stack
*/
tls_t *tnccs_11_create(bool is_server, identification_t *server,
identification_t *peer);
tnccs_t* tnccs_11_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport);
#endif /** TNCCS_11_H_ @}*/

50
src/libcharon/plugins/tnccs_20/tnccs_20.c
View file

@ -48,9 +48,9 @@ typedef struct private_tnccs_20_t private_tnccs_20_t;
struct private_tnccs_20_t {
/**
* Public tls_t interface.
* Public tnccs_t interface.
*/
tls_t public;
tnccs_t public;
/**
* TNCC if TRUE, TNCS if FALSE
@ -67,6 +67,11 @@ struct private_tnccs_20_t {
*/
identification_t *peer;
/**
* Underlying TNC IF-T transport protocol
*/
tnc_ift_type_t transport;
/**
* PB-TNC State Machine
*/
@ -823,29 +828,48 @@ METHOD(tls_t, destroy, void,
free(this);
}
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
private_tnccs_20_t *this)
{
return this->transport;
}
METHOD(tnccs_t, set_transport, void,
private_tnccs_20_t *this, tnc_ift_type_t transport)
{
this->transport = transport;
}
/**
* See header
*/
tls_t *tnccs_20_create(bool is_server, identification_t *server,
identification_t *peer)
tnccs_t* tnccs_20_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport)
{
private_tnccs_20_t *this;
INIT(this,
.public = {
.process = _process,
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
.tls = {
.process = _process,
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
},
.get_transport = _get_transport,
.set_transport = _set_transport,
},
.is_server = is_server,
.server = server->clone(server),
.peer = peer->clone(peer),
.transport = transport,
.state_machine = pb_tnc_state_machine_create(is_server),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.messages = linked_list_create(),

9
src/libcharon/plugins/tnccs_20/tnccs_20.h
View file

@ -23,7 +23,7 @@
#include <library.h>
#include <tls.h>
#include <tnc/tnccs/tnccs.h>
/**
* Create an instance of the TNC IF-TNCCS 2.0 protocol handler.
@ -31,9 +31,12 @@
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
* @param transport Underlying IF-T transport protocol
* @return TNC_IF_TNCCS 2.0 protocol stack
*/
tls_t *tnccs_20_create(bool is_server, identification_t *server,
identification_t *peer);
tnccs_t* tnccs_20_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport);
#endif /** TNCCS_20_H_ @}*/

53
src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c
View file

@ -27,9 +27,9 @@ typedef struct private_tnccs_dynamic_t private_tnccs_dynamic_t;
struct private_tnccs_dynamic_t {
/**
* Public tls_t interface.
* Public tnccs_t interface.
*/
tls_t public;
tnccs_t public;
/**
* Server identity
@ -45,6 +45,12 @@ struct private_tnccs_dynamic_t {
* Detected TNC IF-TNCCS stack
*/
tls_t *tls;
/**
* Underlying TNC IF-T transport protocol
*/
tnc_ift_type_t transport;
};
/**
@ -87,7 +93,7 @@ METHOD(tls_t, process, status_t,
DBG1(DBG_TNC, "%N protocol detected dynamically",
tnccs_type_names, type);
this->tls = (tls_t*)tnc->tnccs->create_instance(tnc->tnccs, type, TRUE,
this->server, this->peer);
this->server, this->peer, this->transport);
if (!this->tls)
{
DBG1(DBG_TNC, "N% protocol not supported", tnccs_type_names, type);
@ -148,28 +154,47 @@ METHOD(tls_t, destroy, void,
free(this);
}
METHOD(tnccs_t, get_transport, tnc_ift_type_t,
private_tnccs_dynamic_t *this)
{
return this->transport;
}
METHOD(tnccs_t, set_transport, void,
private_tnccs_dynamic_t *this, tnc_ift_type_t transport)
{
this->transport = transport;
}
/**
* See header
*/
tls_t *tnccs_dynamic_create(bool is_server, identification_t *server,
identification_t *peer)
tnccs_t* tnccs_dynamic_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport)
{
private_tnccs_dynamic_t *this;
INIT(this,
.public = {
.process = _process,
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
.tls = {
.process = _process,
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
.destroy = _destroy,
},
.get_transport = _get_transport,
.set_transport = _set_transport,
},
.server = server->clone(server),
.peer = peer->clone(peer),
.transport = transport,
);
return &this->public;

9
src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.h
View file

@ -23,7 +23,7 @@
#include <library.h>
#include <tls.h>
#include <tnc/tnccs/tnccs.h>
/**
* Create an instance of a dynamic TNC IF-TNCCS protocol handler.
@ -31,9 +31,12 @@
* @param is_server TRUE to act as TNC Server, FALSE for TNC Client
* @param server Server identity
* @param peer Client identity
* @param transport Underlying IF-T transport protocol
* @return dynamic TNC IF-TNCCS protocol stack
*/
tls_t *tnccs_dynamic_create(bool is_server, identification_t *server,
identification_t *peer);
tnccs_t* tnccs_dynamic_create(bool is_server,
identification_t *server,
identification_t *peer,
tnc_ift_type_t transport);
#endif /** TNCCS_DYNAMIC_H_ @}*/

5
src/libtnccs/Makefile.am
View file

@ -1,5 +1,8 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libtncif
INCLUDES = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libtls
ipseclib_LTLIBRARIES = libtnccs.la

41
src/libtnccs/tnc/tnccs/tnccs.h
View file

@ -26,6 +26,7 @@
typedef struct tnccs_t tnccs_t;
typedef enum tnccs_type_t tnccs_type_t;
typedef enum tnc_ift_type_t tnc_ift_type_t;
#include <tncif.h>
#include <tncifimc.h>
@ -34,6 +35,8 @@ typedef enum tnccs_type_t tnccs_type_t;
#include <library.h>
#include <plugins/plugin.h>
#include <tls.h>
/**
* Type of TNC Client/Server protocol
*/
@ -45,22 +48,58 @@ enum tnccs_type_t {
TNCCS_DYNAMIC
};
/**
* Type of TNC Transport protocol
*/
enum tnc_ift_type_t {
TNC_IFT_UNKNOWN,
TNC_IFT_EAP_1_0,
TNC_IFT_EAP_1_1,
TNC_IFT_EAP_2_0,
TNC_IFT_TLS_1_0,
TNC_IFT_TLS_2_0
};
/**
* enum names for tnccs_type_t.
*/
extern enum_name_t *tnccs_type_names;
/**
* TNCCS public interface
*/
struct tnccs_t {
/**
* Implements tls_t
*/
tls_t tls;
/**
* Get underlying TNC IF-T transport protocol
*/
tnc_ift_type_t (*get_transport)(tnccs_t *this);
/**
* Set underlying TNC IF-T transport protocol
*/
void (*set_transport)(tnccs_t *this, tnc_ift_type_t transport);
};
/**
* Constructor definition for a pluggable TNCCS protocol implementation.
*
* @param is_server TRUE if TNC Server, FALSE if TNC Client
* @param server Server identity
* @param peer Client identity
* @param transport Underlying TNC IF-T transport protocol used
* @return implementation of the tnccs_t interface
*/
typedef tnccs_t *(*tnccs_constructor_t)(bool is_server,
identification_t *server,
identification_t *peer);
identification_t *peer,
tnc_ift_type_t transport);
/**
* Callback function adding a message to a TNCCS batch

4
src/libtnccs/tnc/tnccs/tnccs_manager.h
View file

@ -58,11 +58,13 @@ struct tnccs_manager_t {
* @param is_server TRUE if TNC Server, FALSE if TNC Client
* @param server Server identity
* @param peer Client identity
* @param transport Underlying TNC IF-T transport protocol used
* @return TNCCS protocol instance, NULL if no constructor found
*/
tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
bool is_server, identification_t *server,
identification_t *peer);
identification_t *peer,
tnc_ift_type_t transport);
/**
* Create a TNCCS connection and assign a unique connection ID as well a