summaryrefslogtreecommitdiff
path: root/src/libpttls/pt_tls_client.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-11-01 13:32:07 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-11-01 13:32:07 +0100
commit5313d2d78ca150515f7f5eb39801c100690b6b29 (patch)
treec78e420367283bb1b16f14210b12687cdfbd26eb /src/libpttls/pt_tls_client.c
parent6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff)
downloadvyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.tar.gz
vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.zip
Imported Upstream version 5.1.1
Diffstat (limited to 'src/libpttls/pt_tls_client.c')
-rw-r--r--src/libpttls/pt_tls_client.c83
1 files changed, 42 insertions, 41 deletions
diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c
index d3ac936a2..01a84cd14 100644
--- a/src/libpttls/pt_tls_client.c
+++ b/src/libpttls/pt_tls_client.c
@@ -102,6 +102,7 @@ static bool negotiate_version(private_pt_tls_client_t *this)
bio_reader_t *reader;
u_int32_t type, vendor, identifier, reserved;
u_int8_t version;
+ bool res;
DBG1(DBG_TNC, "sending offer for PT-TLS version %d", PT_TLS_VERSION);
@@ -110,8 +111,10 @@ static bool negotiate_version(private_pt_tls_client_t *this)
writer->write_uint8(writer, PT_TLS_VERSION);
writer->write_uint8(writer, PT_TLS_VERSION);
writer->write_uint8(writer, PT_TLS_VERSION);
- if (!pt_tls_write(this->tls, writer, PT_TLS_VERSION_REQUEST,
- this->identifier++))
+ res = pt_tls_write(this->tls, PT_TLS_VERSION_REQUEST, this->identifier++,
+ writer->get_buf(writer));
+ writer->destroy(writer);
+ if (!res)
{
return FALSE;
}
@@ -144,6 +147,7 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
bio_reader_t *reader;
bio_writer_t *writer;
chunk_t data;
+ bool res;
writer = bio_writer_create(32);
writer->write_data8(writer, chunk_from_str(sasl->get_name(sasl)));
@@ -164,8 +168,10 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
writer->destroy(writer);
return FAILED;
}
- if (!pt_tls_write(this->tls, writer, PT_TLS_SASL_MECH_SELECTION,
- this->identifier++))
+ res = pt_tls_write(this->tls, PT_TLS_SASL_MECH_SELECTION,
+ this->identifier++, writer->get_buf(writer));
+ writer->destroy(writer);
+ if (!res)
{
return FAILED;
}
@@ -203,14 +209,15 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
reader->destroy(reader);
return FAILED;
}
+ DBG1(DBG_TNC, "received SASL %N result",
+ pt_tls_sasl_result_names, result);
+
switch (result)
{
case PT_TLS_SASL_RESULT_ABORT:
- DBG1(DBG_TNC, "received SASL abort result");
reader->destroy(reader);
return FAILED;
case PT_TLS_SASL_RESULT_SUCCESS:
- DBG1(DBG_TNC, "received SASL success result");
switch (sasl->process(sasl, reader->peek(reader)))
{
case SUCCESS:
@@ -226,7 +233,6 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
break;
case PT_TLS_SASL_RESULT_MECH_FAILURE:
case PT_TLS_SASL_RESULT_FAILURE:
- DBG1(DBG_TNC, "received SASL failure result");
/* non-fatal failure, try again */
reader->destroy(reader);
return NEED_MORE;
@@ -253,8 +259,10 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
writer->destroy(writer);
return FAILED;
}
- if (!pt_tls_write(this->tls, writer, PT_TLS_SASL_AUTH_DATA,
- this->identifier++))
+ res = pt_tls_write(this->tls, PT_TLS_SASL_AUTH_DATA,
+ this->identifier++, writer->get_buf(writer));
+ writer->destroy(writer);
+ if (!res)
{
return FAILED;
}
@@ -351,44 +359,30 @@ static bool assess(private_pt_tls_client_t *this, tls_t *tnccs)
{
while (TRUE)
{
- bio_writer_t *writer;
+ size_t msglen;
+ size_t buflen = PT_TLS_MAX_MESSAGE_LEN;
+ char buf[buflen];
bio_reader_t *reader;
u_int32_t vendor, type, identifier;
chunk_t data;
- writer = bio_writer_create(32);
- while (TRUE)
+ switch (tnccs->build(tnccs, buf, &buflen, &msglen))
{
- char buf[2048];
- size_t buflen, msglen;
-
- buflen = sizeof(buf);
- switch (tnccs->build(tnccs, buf, &buflen, &msglen))
- {
- case SUCCESS:
- writer->destroy(writer);
- return tnccs->is_complete(tnccs);
- case FAILED:
- default:
- writer->destroy(writer);
+ case SUCCESS:
+ return tnccs->is_complete(tnccs);
+ case ALREADY_DONE:
+ data = chunk_create(buf, buflen);
+ if (!pt_tls_write(this->tls, PT_TLS_PB_TNC_BATCH,
+ this->identifier++, data))
+ {
return FALSE;
- case INVALID_STATE:
- writer->destroy(writer);
- break;
- case NEED_MORE:
- writer->write_data(writer, chunk_create(buf, buflen));
- continue;
- case ALREADY_DONE:
- writer->write_data(writer, chunk_create(buf, buflen));
- if (!pt_tls_write(this->tls, writer, PT_TLS_PB_TNC_BATCH,
- this->identifier++))
- {
- return FALSE;
- }
- writer = bio_writer_create(32);
- continue;
- }
- break;
+ }
+ break;
+ case INVALID_STATE:
+ break;
+ case FAILED:
+ default:
+ return FALSE;
}
reader = pt_tls_read(this->tls, &vendor, &type, &identifier);
@@ -437,19 +431,26 @@ METHOD(pt_tls_client_t, run_assessment, status_t,
{
if (!this->tls)
{
+ DBG1(DBG_TNC, "entering PT-TLS setup phase");
if (!make_connection(this))
{
return FAILED;
}
}
+
+ DBG1(DBG_TNC, "entering PT-TLS negotiation phase");
if (!negotiate_version(this))
{
return FAILED;
}
+
+ DBG1(DBG_TNC, "doing SASL client authentication");
if (!authenticate(this))
{
return FAILED;
}
+
+ DBG1(DBG_TNC, "entering PT-TLS data transport phase");
if (!assess(this, (tls_t*)tnccs))
{
return FAILED;