created an eap-tnc method hull

This commit is contained in:
Andreas Steffen 2010-08-30 15:36:24 +02:00
parent 577893612f
commit d93e2e5409
9 changed files with 373 additions and 0 deletions

View File

@ -113,6 +113,7 @@ ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algor
ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authenication module.])
ARG_ENABL_SET([eap-tls], [enable EAP TLS authenication module.])
ARG_ENABL_SET([eap-ttls], [enable EAP TTLS authenication module.])
ARG_ENABL_SET([eap-tnc], [enable EAP TNC trusted network connect module.])
ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authenication module.])
ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.])
ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.])
@ -751,6 +752,7 @@ ADD_PLUGIN([eap-mschapv2], [c libcharon])
ADD_PLUGIN([eap-radius], [c libcharon])
ADD_PLUGIN([eap-tls], [c libcharon])
ADD_PLUGIN([eap-ttls], [c libcharon])
ADD_PLUGIN([eap-tnc], [c libcharon])
ADD_PLUGIN([medsrv], [c libcharon])
ADD_PLUGIN([medcli], [c libcharon])
ADD_PLUGIN([nm], [c libcharon])
@ -843,6 +845,7 @@ AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue)
AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue)
AM_CONDITIONAL(USE_EAP_TLS, test x$eap_tls = xtrue)
AM_CONDITIONAL(USE_EAP_TTLS, test x$eap_ttls = xtrue)
AM_CONDITIONAL(USE_EAP_TNC, test x$eap_tnc = xtrue)
AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue)
AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue)
AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue)
@ -974,6 +977,7 @@ AC_OUTPUT(
src/libcharon/plugins/eap_mschapv2/Makefile
src/libcharon/plugins/eap_tls/Makefile
src/libcharon/plugins/eap_ttls/Makefile
src/libcharon/plugins/eap_tnc/Makefile
src/libcharon/plugins/eap_radius/Makefile
src/libcharon/plugins/kernel_netlink/Makefile
src/libcharon/plugins/kernel_pfkey/Makefile

View File

@ -332,6 +332,13 @@ if MONOLITHIC
endif
endif
if USE_EAP_TNC
SUBDIRS += plugins/eap_tnc
if MONOLITHIC
libcharon_la_LIBADD += plugins/eap_tnc/libstrongswan-eap-tnc.la
endif
endif
if USE_TLS
if MONOLITHIC
# otherwise this library is linked to eap_tls

View File

@ -0,0 +1,16 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-eap-tnc.la
else
plugin_LTLIBRARIES = libstrongswan-eap-tnc.la
endif
libstrongswan_eap_tnc_la_SOURCES = \
eap_tnc_plugin.h eap_tnc_plugin.c eap_tnc.h eap_tnc.c
libstrongswan_eap_tnc_la_LDFLAGS = -module -avoid-version

View File

@ -0,0 +1,190 @@
/*
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "eap_tnc.h"
#include <daemon.h>
#include <library.h>
typedef struct private_eap_tnc_t private_eap_tnc_t;
/**
* Private data of an eap_tnc_t object.
*/
struct private_eap_tnc_t {
/**
* Public authenticator_t interface.
*/
eap_tnc_t public;
/**
* ID of the server
*/
identification_t *server;
/**
* ID of the peer
*/
identification_t *peer;
};
/**
* Flags of an EAP-TNC message
*/
typedef enum {
EAP_TNC_LENGTH = (1<<7),
EAP_TNC_MORE_FRAGS = (1<<6),
EAP_TNC_START = (1<<5),
EAP_TNC_DH = (1<<4),
EAP_TNC_VERSION = 0x07
} eap_tnc_flags_t;
/**
* EAP-TNC packet format
*/
typedef struct __attribute__((packed)) {
u_int8_t code;
u_int8_t identifier;
u_int16_t length;
u_int8_t type;
u_int8_t flags;
} eap_tnc_packet_t;
METHOD(eap_method_t, initiate_peer, status_t,
private_eap_tnc_t *this, eap_payload_t **out)
{
/* peer never initiates */
return FAILED;
}
METHOD(eap_method_t, initiate_server, status_t,
private_eap_tnc_t *this, eap_payload_t **out)
{
return NEED_MORE;
}
METHOD(eap_method_t, process_peer, status_t,
private_eap_tnc_t *this, eap_payload_t *in, eap_payload_t **out)
{
eap_tnc_packet_t *pkt;
chunk_t data;
data = in->get_data(in);
pkt = (eap_tnc_packet_t*)data.ptr;
if (data.len < sizeof(eap_tnc_packet_t) ||
untoh16(&pkt->length) != data.len)
{
DBG1(DBG_IKE, "invalid EAP-TNC packet length");
return FAILED;
}
if (pkt->flags & EAP_TNC_START)
{
DBG1(DBG_IKE, "EAP-TNC version is v%u", pkt->flags & EAP_TNC_VERSION);
}
*out = eap_payload_create_nak(in->get_identifier(in));
return NEED_MORE;
}
METHOD(eap_method_t, process_server, status_t,
private_eap_tnc_t *this, eap_payload_t *in, eap_payload_t **out)
{
chunk_t data;
data = in->get_data(in);
DBG2(DBG_IKE, "received EAP-TNC data: %B", &data);
return SUCCESS;
}
METHOD(eap_method_t, get_type, eap_type_t,
private_eap_tnc_t *this, u_int32_t *vendor)
{
*vendor = 0;
return EAP_TNC;
}
METHOD(eap_method_t, get_msk, status_t,
private_eap_tnc_t *this, chunk_t *msk)
{
return FAILED;
}
METHOD(eap_method_t, is_mutual, bool,
private_eap_tnc_t *this)
{
return FALSE;
}
METHOD(eap_method_t, destroy, void,
private_eap_tnc_t *this)
{
this->peer->destroy(this->peer);
this->server->destroy(this->server);
free(this);
}
/*
* See header
*/
eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *peer)
{
private_eap_tnc_t *this;
INIT(this,
.public = {
.eap_method = {
.initiate = _initiate_server,
.process = _process_server,
.get_type = _get_type,
.is_mutual = _is_mutual,
.get_msk = _get_msk,
.destroy = _destroy,
},
},
.peer = peer->clone(peer),
.server = server->clone(server),
);
return &this->public;
}
/*
* See header
*/
eap_tnc_t *eap_tnc_create_peer(identification_t *server, identification_t *peer)
{
private_eap_tnc_t *this;
INIT(this,
.public = {
.eap_method = {
.initiate = _initiate_peer,
.process = _process_peer,
.get_type = _get_type,
.is_mutual = _is_mutual,
.get_msk = _get_msk,
.destroy = _destroy,
},
},
.peer = peer->clone(peer),
.server = server->clone(server),
);
return &this->public;
}

View File

@ -0,0 +1,57 @@
/*
* Copyright (C) 2010 Andreas Steffen
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup eap_tnc_i eap_tnc
* @{ @ingroup eap_tnc
*/
#ifndef EAP_TNC_H_
#define EAP_TNC_H_
typedef struct eap_tnc_t eap_tnc_t;
#include <sa/authenticators/eap/eap_method.h>
/**
* Implementation of the eap_method_t interface using EAP-TNC.
*/
struct eap_tnc_t {
/**
* Implemented eap_method_t interface.
*/
eap_method_t eap_method;
};
/**
* Creates the EAP method EAP-TNC acting as server.
*
* @param server ID of the EAP server
* @param peer ID of the EAP client
* @return eap_tnc_t object
*/
eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *peer);
/**
* Creates the EAP method EAP-TNC acting as peer.
*
* @param server ID of the EAP server
* @param peer ID of the EAP client
* @return eap_tnc_t object
*/
eap_tnc_t *eap_tnc_create_peer(identification_t *server, identification_t *peer);
#endif /** EAP_TNC_H_ @}*/

View File

@ -0,0 +1,51 @@
/*
* Copyright (C) 2010 Andreas Steffen
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "eap_tnc_plugin.h"
#include "eap_tnc.h"
#include <daemon.h>
METHOD(plugin_t, destroy, void,
eap_tnc_plugin_t *this)
{
charon->eap->remove_method(charon->eap,
(eap_constructor_t)eap_tnc_create_server);
charon->eap->remove_method(charon->eap,
(eap_constructor_t)eap_tnc_create_peer);
free(this);
}
/*
* see header file
*/
plugin_t *eap_tnc_plugin_create()
{
eap_tnc_plugin_t *this;
INIT(this,
.plugin = {
.destroy = _destroy,
},
);
charon->eap->add_method(charon->eap, EAP_TNC, 0, EAP_SERVER,
(eap_constructor_t)eap_tnc_create_server);
charon->eap->add_method(charon->eap, EAP_TNC, 0, EAP_PEER,
(eap_constructor_t)eap_tnc_create_peer);
return &this->plugin;
}

View File

@ -0,0 +1,42 @@
/*
* Copyright (C) 2010 Andreas Steffen
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup eap_tnc eap_tnc
* @ingroup cplugins
*
* @defgroup eap_tnc_plugin eap_tnc_plugin
* @{ @ingroup eap_tnc
*/
#ifndef EAP_TNC_PLUGIN_H_
#define EAP_TNC_PLUGIN_H_
#include <plugins/plugin.h>
typedef struct eap_tnc_plugin_t eap_tnc_plugin_t;
/**
* EAP-MD5 plugin
*/
struct eap_tnc_plugin_t {
/**
* implements plugin interface
*/
plugin_t plugin;
};
#endif /** EAP_TNC_PLUGIN_H_ @}*/

View File

@ -182,6 +182,11 @@ then
echo -n " --enable-eap-ttls" >> $INSTALLSHELL
fi
if [ "$USE_EAP_TNC" = "yes" ]
then
echo -n " --enable-eap-tnc" >> $INSTALLSHELL
fi
if [ "$USE_SQL" = "yes" ]
then
echo -n " --enable-sql --enable-sqlite" >> $INSTALLSHELL

View File

@ -44,6 +44,7 @@ USE_EAP_IDENTITY="yes"
USE_EAP_RADIUS="yes"
USE_EAP_TLS="yes"
USE_EAP_TTLS="yes"
USE_EAP_TNC="yes"
USE_SQL="yes"
USE_MEDIATION="yes"
USE_OPENSSL="yes"