Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs

src/libcharon/Makefile.am

@@ -344,6 +344,14 @@ if MONOLITHIC
 endif
 endif
 
+if USE_EAP_TLS
+  SUBDIRS += plugins/eap_tls
+  PLUGINS += eap-tls
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_tls/libstrongswan-eap-tls.la
+endif
+endif
+
 if USE_MEDSRV
   SUBDIRS += plugins/medsrv
   PLUGINS += medsrv

src/libcharon/plugins/eap_tls/Makefile.am

@@ -1,9 +1,14 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-tls.la
+else
 plugin_LTLIBRARIES = libstrongswan-eap-tls.la
+endif
 
 libstrongswan_eap_tls_la_SOURCES = eap_tls_plugin.h eap_tls_plugin.c \
 	eap_tls.h eap_tls.c tls/tls.h tls/tls.c \

src/libcharon/plugins/eap_tls/eap_tls_plugin.c

@@ -33,7 +33,7 @@ METHOD(plugin_t, destroy, void,
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *eap_tls_plugin_create()
 {
 	eap_tls_plugin_t *this;
 

src/libcharon/plugins/eap_tls/eap_tls_plugin.h

@@ -42,6 +42,6 @@ struct eap_tls_plugin_t {
 /**
  * Create a eap_tls_plugin instance.
  */
-plugin_t *plugin_create();
+plugin_t *eap_tls_plugin_create();
 
 #endif /** EAP_TLS_PLUGIN_H_ @}*/

src/libcharon/plugins/eap_tls/tls/tls_peer.c

@@ -233,8 +233,8 @@ static status_t process_certreq(private_tls_peer_t *this, tls_reader_t *reader)
 			return FAILED;
 		}
 		id = identification_create_from_encoding(ID_DER_ASN1_DN, data);
-		cert = charon->credentials->get_cert(charon->credentials,
-											 CERT_X509, KEY_ANY, id, TRUE);
+		cert = lib->credmgr->get_cert(lib->credmgr,
+									  CERT_X509, KEY_ANY, id, TRUE);
 		if (cert)
 		{
 			DBG1(DBG_IKE, "received cert request for '%Y", id);
@@ -397,7 +397,7 @@ static status_t send_certificate(private_tls_peer_t *this,
 	tls_writer_t *certs;
 	chunk_t data;
 
-	this->private = charon->credentials->get_private(charon->credentials,
+	this->private = lib->credmgr->get_private(lib->credmgr,
 										KEY_ANY, this->peer, this->peer_auth);
 	if (!this->private)
 	{
@@ -410,22 +410,26 @@ static status_t send_certificate(private_tls_peer_t *this,
 	cert = this->peer_auth->get(this->peer_auth, AUTH_RULE_SUBJECT_CERT);
 	if (cert)
 	{
-		DBG1(DBG_IKE, "sending TLS peer certificate '%Y'",
-			 cert->get_subject(cert));
-		data = cert->get_encoding(cert);
-		certs->write_data24(certs, data);
-		free(data.ptr);
+		if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
+		{
+			DBG1(DBG_IKE, "sending TLS peer certificate '%Y'",
+				 cert->get_subject(cert));
+			certs->write_data24(certs, data);
+			free(data.ptr);
+		}
 	}
 	enumerator = this->peer_auth->create_enumerator(this->peer_auth);
 	while (enumerator->enumerate(enumerator, &rule, &cert))
 	{
 		if (rule == AUTH_RULE_IM_CERT)
 		{
-			DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
-				 cert->get_subject(cert));
-			data = cert->get_encoding(cert);
-			certs->write_data24(certs, data);
-			free(data.ptr);
+			if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
+			{
+				DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
+					 cert->get_subject(cert));
+				certs->write_data24(certs, data);
+				free(data.ptr);
+			}
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -466,8 +470,8 @@ static status_t send_key_exchange(private_tls_peer_t *this,
 								 chunk_from_thing(this->client_random),
 								 chunk_from_thing(this->server_random));
 
-	enumerator = charon->credentials->create_public_enumerator(
-				charon->credentials, KEY_ANY, this->server, this->server_auth);
+	enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
+									KEY_ANY, this->server, this->server_auth);
 	while (enumerator->enumerate(enumerator, &current, &auth))
 	{
 		public = current->get_ref(current);

src/libcharon/plugins/eap_tls/tls/tls_server.c

@@ -250,8 +250,8 @@ static status_t process_cert_verify(private_tls_server_t *this,
 	auth_cfg_t *auth;
 	tls_reader_t *sig;
 
-	enumerator = charon->credentials->create_public_enumerator(
-					charon->credentials, KEY_ANY, this->peer, this->peer_auth);
+	enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
+										KEY_ANY, this->peer, this->peer_auth);
 	while (enumerator->enumerate(enumerator, &public, &auth))
 	{
 		sig = tls_reader_create(reader->peek(reader));
@@ -404,7 +404,7 @@ static status_t send_certificate(private_tls_server_t *this,
 	tls_writer_t *certs;
 	chunk_t data;
 
-	this->private = charon->credentials->get_private(charon->credentials,
+	this->private = lib->credmgr->get_private(lib->credmgr,
 									KEY_ANY, this->server, this->server_auth);
 	if (!this->private)
 	{
@@ -417,22 +417,26 @@ static status_t send_certificate(private_tls_server_t *this,
 	cert = this->server_auth->get(this->server_auth, AUTH_RULE_SUBJECT_CERT);
 	if (cert)
 	{
-		DBG1(DBG_IKE, "sending TLS server certificate '%Y'",
-			 cert->get_subject(cert));
-		data = cert->get_encoding(cert);
-		certs->write_data24(certs, data);
-		free(data.ptr);
+		if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
+		{
+			DBG1(DBG_IKE, "sending TLS server certificate '%Y'",
+				 cert->get_subject(cert));
+			certs->write_data24(certs, data);
+			free(data.ptr);
+		}
 	}
 	enumerator = this->server_auth->create_enumerator(this->server_auth);
 	while (enumerator->enumerate(enumerator, &rule, &cert))
 	{
 		if (rule == AUTH_RULE_IM_CERT)
 		{
-			DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
-				 cert->get_subject(cert));
-			data = cert->get_encoding(cert);
-			certs->write_data24(certs, data);
-			free(data.ptr);
+			if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
+			{
+				DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
+					 cert->get_subject(cert));
+				certs->write_data24(certs, data);
+				free(data.ptr);
+			}
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -466,8 +470,8 @@ static status_t send_certificate_request(private_tls_server_t *this,
 	}
 
 	authorities = tls_writer_create(64);
-	enumerator = charon->credentials->create_cert_enumerator(
-						charon->credentials, CERT_X509, KEY_RSA, NULL, TRUE);
+	enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
+												CERT_X509, KEY_RSA, NULL, TRUE);
 	while (enumerator->enumerate(enumerator, &cert))
 	{
 		id = cert->get_subject(cert);

src/libstrongswan/credentials/auth_cfg.c

@@ -57,7 +57,9 @@ ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC,
 	"MD5",
 	"OTP",
 	"GTC");
-ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC,
+ENUM_NEXT(eap_type_short_names, EAP_TLS, EAP_TLS, EAP_GTC,
+	"TLS");
+ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_TLS,
 	"SIM");
 ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM,
 	"AKA");