diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
| commit | 5313d2d78ca150515f7f5eb39801c100690b6b29 (patch) | |
| tree | c78e420367283bb1b16f14210b12687cdfbd26eb /src/libpttls/pt_tls.c | |
| parent | 6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff) | |
| download | vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.tar.gz vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.zip | |
Imported Upstream version 5.1.1
Diffstat (limited to 'src/libpttls/pt_tls.c')
| -rw-r--r-- | src/libpttls/pt_tls.c | 81 |
1 files changed, 63 insertions, 18 deletions
diff --git a/src/libpttls/pt_tls.c b/src/libpttls/pt_tls.c index 0fee343b8..3c1f874d7 100644 --- a/src/libpttls/pt_tls.c +++ b/src/libpttls/pt_tls.c @@ -16,6 +16,14 @@ #include "pt_tls.h" #include <utils/debug.h> +#include <pen/pen.h> +/** + * Described in header. + */ +void libpttls_init(void) +{ + /* empty */ +} /* * PT-TNC Message format: @@ -34,6 +42,26 @@ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +ENUM(pt_tls_message_type_names, PT_TLS_EXPERIMENTAL, PT_TLS_ERROR, + "Experimental", + "Version Request", + "Version Response", + "SASL Mechanisms", + "SASL Mechanism Selection", + "SASL Authentication Data", + "SASL Result", + "PB-TNC Batch", + "PT-TLS Error" +); + +ENUM(pt_tls_sasl_result_names, PT_TLS_SASL_RESULT_SUCCESS, + PT_TLS_SASL_RESULT_MECH_FAILURE, + "Success", + "Failure", + "Abort", + "Mechanism Failure" +); + /** * Read a chunk of data from TLS, returning a reader for it */ @@ -87,34 +115,51 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, DBG1(DBG_TNC, "received short PT-TLS header (%d bytes)", len); return NULL; } + + if (*vendor == PEN_IETF) + { + DBG2(DBG_TNC, "received PT-TLS message #%d of type '%N' (%d bytes)", + *identifier, pt_tls_message_type_names, *type, len); + } + else + { + DBG2(DBG_TNC, "received PT-TLS message #%d of unknown type " + "0x%06x/0x%08x (%d bytes)", + *identifier, *vendor, *type, len); + } + return read_tls(tls, len - PT_TLS_HEADER_LEN); } /** * Prepend a PT-TLS header to a writer, send data, destroy writer */ -bool pt_tls_write(tls_socket_t *tls, bio_writer_t *writer, - pt_tls_message_type_t type, u_int32_t identifier) +bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type, + u_int32_t identifier, chunk_t data) { - bio_writer_t *header; + bio_writer_t *writer; + chunk_t out; ssize_t len; - chunk_t data; - data = writer->get_buf(writer); len = PT_TLS_HEADER_LEN + data.len; - header = bio_writer_create(len); - header->write_uint8(header, 0); - header->write_uint24(header, 0); - header->write_uint32(header, type); - header->write_uint32(header, len); - header->write_uint32(header, identifier); - - header->write_data(header, data); - writer->destroy(writer); + writer = bio_writer_create(len); - data = header->get_buf(header); - len = tls->write(tls, data.ptr, data.len); - header->destroy(header); + /* write PT-TLS header */ + writer->write_uint8 (writer, 0); + writer->write_uint24(writer, 0); + writer->write_uint32(writer, type); + writer->write_uint32(writer, len); + writer->write_uint32(writer, identifier); + + /* write PT-TLS body */ + writer->write_data(writer, data); + + DBG2(DBG_TNC, "sending PT-TLS message #%d of type '%N' (%d bytes)", + identifier, pt_tls_message_type_names, type, len); + + out = writer->get_buf(writer); + len = tls->write(tls, out.ptr, out.len); + writer->destroy(writer); - return len == data.len; + return len == out.len; } |