diff options
Diffstat (limited to 'src/libcharon/sa/authenticators')
| -rw-r--r-- | src/libcharon/sa/authenticators/eap/eap_manager.c | 54 | ||||
| -rw-r--r-- | src/libcharon/sa/authenticators/eap/eap_method.c | 47 | ||||
| -rw-r--r-- | src/libcharon/sa/authenticators/eap/eap_method.h | 30 | ||||
| -rw-r--r-- | src/libcharon/sa/authenticators/eap_authenticator.c | 122 | ||||
| -rw-r--r-- | src/libcharon/sa/authenticators/pubkey_authenticator.c | 6 |
5 files changed, 82 insertions, 177 deletions
diff --git a/src/libcharon/sa/authenticators/eap/eap_manager.c b/src/libcharon/sa/authenticators/eap/eap_manager.c index f795183f0..bc2c4a617 100644 --- a/src/libcharon/sa/authenticators/eap/eap_manager.c +++ b/src/libcharon/sa/authenticators/eap/eap_manager.c @@ -68,12 +68,9 @@ struct private_eap_manager_t { rwlock_t *lock; }; -/** - * Implementation of eap_manager_t.add_method. - */ -static void add_method(private_eap_manager_t *this, eap_type_t type, - u_int32_t vendor, eap_role_t role, - eap_constructor_t constructor) +METHOD(eap_manager_t, add_method, void, + private_eap_manager_t *this, eap_type_t type, u_int32_t vendor, + eap_role_t role, eap_constructor_t constructor) { eap_entry_t *entry = malloc_thing(eap_entry_t); @@ -87,10 +84,8 @@ static void add_method(private_eap_manager_t *this, eap_type_t type, this->lock->unlock(this->lock); } -/** - * Implementation of eap_manager_t.remove_method. - */ -static void remove_method(private_eap_manager_t *this, eap_constructor_t constructor) +METHOD(eap_manager_t, remove_method, void, + private_eap_manager_t *this, eap_constructor_t constructor) { enumerator_t *enumerator; eap_entry_t *entry; @@ -109,13 +104,9 @@ static void remove_method(private_eap_manager_t *this, eap_constructor_t constru this->lock->unlock(this->lock); } -/** - * Implementation of eap_manager_t.create_instance. - */ -static eap_method_t* create_instance(private_eap_manager_t *this, - eap_type_t type, u_int32_t vendor, - eap_role_t role, identification_t *server, - identification_t *peer) +METHOD(eap_manager_t, create_instance, eap_method_t*, + private_eap_manager_t *this, eap_type_t type, u_int32_t vendor, + eap_role_t role, identification_t *server, identification_t *peer) { enumerator_t *enumerator; eap_entry_t *entry; @@ -140,10 +131,8 @@ static eap_method_t* create_instance(private_eap_manager_t *this, return method; } -/** - * Implementation of 2008_t.destroy - */ -static void destroy(private_eap_manager_t *this) +METHOD(eap_manager_t, destroy, void, + private_eap_manager_t *this) { this->methods->destroy_function(this->methods, free); this->lock->destroy(this->lock); @@ -151,19 +140,22 @@ static void destroy(private_eap_manager_t *this) } /* - * see header file + * See header */ eap_manager_t *eap_manager_create() { - private_eap_manager_t *this = malloc_thing(private_eap_manager_t); - - this->public.add_method = (void(*)(eap_manager_t*, eap_type_t type, u_int32_t vendor, eap_role_t role, eap_constructor_t constructor))add_method; - this->public.remove_method = (void(*)(eap_manager_t*, eap_constructor_t constructor))remove_method; - this->public.create_instance = (eap_method_t*(*)(eap_manager_t*, eap_type_t type, u_int32_t vendor, eap_role_t role, identification_t*,identification_t*))create_instance; - this->public.destroy = (void(*)(eap_manager_t*))destroy; - - this->methods = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); + private_eap_manager_t *this; + + INIT(this, + .public = { + .add_method = _add_method, + .remove_method = _remove_method, + .create_instance = _create_instance, + .destroy = _destroy, + }, + .methods = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); return &this->public; } diff --git a/src/libcharon/sa/authenticators/eap/eap_method.c b/src/libcharon/sa/authenticators/eap/eap_method.c index ad7b92cfa..0fa4a00c5 100644 --- a/src/libcharon/sa/authenticators/eap/eap_method.c +++ b/src/libcharon/sa/authenticators/eap/eap_method.c @@ -15,55 +15,8 @@ #include "eap_method.h" -/* - * See header - */ -eap_type_t eap_type_from_string(char *name) -{ - int i; - static struct { - char *name; - eap_type_t type; - } types[] = { - {"identity", EAP_IDENTITY}, - {"md5", EAP_MD5}, - {"otp", EAP_OTP}, - {"gtc", EAP_GTC}, - {"sim", EAP_SIM}, - {"aka", EAP_AKA}, - {"mschapv2", EAP_MSCHAPV2}, - {"radius", EAP_RADIUS}, - }; - - for (i = 0; i < countof(types); i++) - { - if (strcaseeq(name, types[i].name)) - { - return types[i].type; - } - } - return 0; -} - -ENUM(eap_code_names, EAP_REQUEST, EAP_FAILURE, - "EAP_REQUEST", - "EAP_RESPONSE", - "EAP_SUCCESS", - "EAP_FAILURE", -); - -ENUM(eap_code_short_names, EAP_REQUEST, EAP_FAILURE, - "REQ", - "RES", - "SUCC", - "FAIL", -); - ENUM(eap_role_names, EAP_SERVER, EAP_PEER, "EAP_SERVER", "EAP_PEER", ); - - - diff --git a/src/libcharon/sa/authenticators/eap/eap_method.h b/src/libcharon/sa/authenticators/eap/eap_method.h index df354edb4..9961039ff 100644 --- a/src/libcharon/sa/authenticators/eap/eap_method.h +++ b/src/libcharon/sa/authenticators/eap/eap_method.h @@ -23,10 +23,10 @@ typedef struct eap_method_t eap_method_t; typedef enum eap_role_t eap_role_t; -typedef enum eap_code_t eap_code_t; #include <library.h> #include <utils/identification.h> +#include <eap/eap.h> #include <encoding/payloads/eap_payload.h> /** @@ -42,34 +42,6 @@ enum eap_role_t { extern enum_name_t *eap_role_names; /** - * Lookup the EAP method type from a string. - * - * @param name EAP method name (such as "md5", "aka") - * @return method type, 0 if unkown - */ -eap_type_t eap_type_from_string(char *name); - -/** - * EAP code, type of an EAP message - */ -enum eap_code_t { - EAP_REQUEST = 1, - EAP_RESPONSE = 2, - EAP_SUCCESS = 3, - EAP_FAILURE = 4, -}; - -/** - * enum names for eap_code_t. - */ -extern enum_name_t *eap_code_names; - -/** - * short string enum names for eap_code_t. - */ -extern enum_name_t *eap_code_short_names; - -/** * Interface of an EAP method for server and client side. * * An EAP method initiates an EAP exchange and processes requests and diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c index 3c0f3c358..8b22fd1d7 100644 --- a/src/libcharon/sa/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/authenticators/eap_authenticator.c @@ -99,22 +99,30 @@ struct private_eap_authenticator_t { static eap_method_t *load_method(private_eap_authenticator_t *this, eap_type_t type, u_int32_t vendor, eap_role_t role) { - identification_t *server, *peer; + identification_t *server, *peer, *aaa; + auth_cfg_t *auth; if (role == EAP_SERVER) { server = this->ike_sa->get_my_id(this->ike_sa); peer = this->ike_sa->get_other_id(this->ike_sa); + auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); } else { server = this->ike_sa->get_other_id(this->ike_sa); peer = this->ike_sa->get_my_id(this->ike_sa); + auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); } if (this->eap_identity) { peer = this->eap_identity; } + aaa = auth->get(auth, AUTH_RULE_AAA_IDENTITY); + if (aaa) + { + server = aaa; + } return charon->eap->create_instance(charon->eap, type, vendor, role, server, peer); } @@ -458,11 +466,8 @@ static void build_auth(private_eap_authenticator_t *this, message_t *message, chunk_free(&auth_data); } -/** - * Implementation of authenticator_t.process for a server - */ -static status_t process_server(private_eap_authenticator_t *this, - message_t *message) +METHOD(authenticator_t, process_server, status_t, + private_eap_authenticator_t *this, message_t *message) { eap_payload_t *eap_payload; @@ -492,11 +497,8 @@ static status_t process_server(private_eap_authenticator_t *this, return NEED_MORE; } -/** - * Implementation of authenticator_t.build for a server - */ -static status_t build_server(private_eap_authenticator_t *this, - message_t *message) +METHOD(authenticator_t, build_server, status_t, + private_eap_authenticator_t *this, message_t *message) { if (this->eap_payload) { @@ -519,11 +521,8 @@ static status_t build_server(private_eap_authenticator_t *this, return FAILED; } -/** - * Implementation of authenticator_t.process for a client - */ -static status_t process_client(private_eap_authenticator_t *this, - message_t *message) +METHOD(authenticator_t, process_client, status_t, + private_eap_authenticator_t *this, message_t *message) { eap_payload_t *eap_payload; @@ -603,11 +602,8 @@ static status_t process_client(private_eap_authenticator_t *this, return FAILED; } -/** - * Implementation of authenticator_t.build for a client - */ -static status_t build_client(private_eap_authenticator_t *this, - message_t *message) +METHOD(authenticator_t, build_client, status_t, + private_eap_authenticator_t *this, message_t *message) { if (this->eap_payload) { @@ -623,20 +619,16 @@ static status_t build_client(private_eap_authenticator_t *this, return NEED_MORE; } -/** - * Implementation of authenticator_t.is_mutual. - */ -static bool is_mutual(private_eap_authenticator_t *this) +METHOD(authenticator_t, is_mutual, bool, + private_eap_authenticator_t *this) { /* we don't know yet, but insist on it after EAP is complete */ this->require_mutual = TRUE; return TRUE; } -/** - * Implementation of authenticator_t.destroy. - */ -static void destroy(private_eap_authenticator_t *this) +METHOD(authenticator_t, destroy, void, + private_eap_authenticator_t *this) { DESTROY_IF(this->method); DESTROY_IF(this->eap_payload); @@ -652,25 +644,23 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, chunk_t received_init, chunk_t sent_init) { - private_eap_authenticator_t *this = malloc_thing(private_eap_authenticator_t); - - this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build_client; - this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process_client; - this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))is_mutual; - this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - - this->ike_sa = ike_sa; - this->received_init = received_init; - this->received_nonce = received_nonce; - this->sent_init = sent_init; - this->sent_nonce = sent_nonce; - this->msk = chunk_empty; - this->method = NULL; - this->eap_payload = NULL; - this->eap_complete = FALSE; - this->auth_complete = FALSE; - this->eap_identity = NULL; - this->require_mutual = FALSE; + private_eap_authenticator_t *this; + + INIT(this, + .public = { + .authenticator = { + .build = _build_client, + .process = _process_client, + .is_mutual = _is_mutual, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .received_init = received_init, + .received_nonce = received_nonce, + .sent_init = sent_init, + .sent_nonce = sent_nonce, + ); return &this->public; } @@ -682,25 +672,23 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_nonce, chunk_t received_init, chunk_t sent_init) { - private_eap_authenticator_t *this = malloc_thing(private_eap_authenticator_t); - - this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))build_server; - this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process_server; - this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))is_mutual; - this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - - this->ike_sa = ike_sa; - this->received_init = received_init; - this->received_nonce = received_nonce; - this->sent_init = sent_init; - this->sent_nonce = sent_nonce; - this->msk = chunk_empty; - this->method = NULL; - this->eap_payload = NULL; - this->eap_complete = FALSE; - this->auth_complete = FALSE; - this->eap_identity = NULL; - this->require_mutual = FALSE; + private_eap_authenticator_t *this; + + INIT(this, + .public = { + .authenticator = { + .build = _build_server, + .process = _process_server, + .is_mutual = _is_mutual, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .received_init = received_init, + .received_nonce = received_nonce, + .sent_init = sent_init, + .sent_nonce = sent_nonce, + ); return &this->public; } diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c index 3c67f6db6..54b4338bb 100644 --- a/src/libcharon/sa/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c @@ -84,15 +84,15 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) /* we try to deduct the signature scheme from the keysize */ switch (private->get_keysize(private)) { - case 32: + case 256: scheme = SIGN_ECDSA_256; auth_method = AUTH_ECDSA_256; break; - case 48: + case 384: scheme = SIGN_ECDSA_384; auth_method = AUTH_ECDSA_384; break; - case 66: + case 521: scheme = SIGN_ECDSA_521; auth_method = AUTH_ECDSA_521; break; |