2018-04-01 10:04:09 +02:00
|
|
|
#include "cw.h"
|
2022-08-09 09:52:30 +02:00
|
|
|
#include "cfg.h"
|
2018-04-04 10:59:07 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
2022-08-09 22:35:47 +02:00
|
|
|
static int get_psk(struct cw_Conn *conn, const char *username, uint8_t ** psk,
|
2022-08-09 09:52:30 +02:00
|
|
|
unsigned int *len)
|
2018-04-04 10:59:07 +02:00
|
|
|
{
|
|
|
|
char key[CW_KTV_MAX_KEY_LEN];
|
2022-08-09 09:52:30 +02:00
|
|
|
cw_Val_t *result;
|
|
|
|
sprintf(key, "%s/%s", "psk", username);
|
|
|
|
result = cw_ktv_get(conn->local_cfg, key, CW_TYPE_BSTR16);
|
|
|
|
if (result == NULL) {
|
|
|
|
if (conn->dtls_psk != NULL) {
|
2018-04-04 10:59:07 +02:00
|
|
|
*psk = bstr16_data(conn->dtls_psk);
|
|
|
|
*len = bstr16_len(conn->dtls_psk);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
2022-08-09 09:52:30 +02:00
|
|
|
|
2018-04-04 10:59:07 +02:00
|
|
|
if (result == NULL)
|
|
|
|
return 0;
|
|
|
|
*psk = result->type->data(result);
|
|
|
|
*len = result->type->len(result);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-04-01 10:07:20 +02:00
|
|
|
/**
|
|
|
|
* @brief Setup DTLS parameters from config
|
|
|
|
* @param conn
|
|
|
|
* @param cfg
|
|
|
|
* @param prefix
|
|
|
|
* @param default_cipher
|
|
|
|
* @return
|
|
|
|
*/
|
2022-08-09 22:35:47 +02:00
|
|
|
int cw_setup_dtls(struct cw_Conn *conn, mavl_t cfg, const char *prefix,
|
2022-08-09 09:52:30 +02:00
|
|
|
char *default_cipher)
|
2018-04-01 10:04:09 +02:00
|
|
|
{
|
|
|
|
char key[CW_KTV_MAX_KEY_LEN];
|
2022-08-09 09:52:30 +02:00
|
|
|
char *ssl_cert, *ssl_key;
|
2018-04-01 10:04:09 +02:00
|
|
|
uint8_t security;
|
2022-08-09 09:52:30 +02:00
|
|
|
|
2018-04-01 10:04:09 +02:00
|
|
|
security = 0;
|
2022-08-09 09:52:30 +02:00
|
|
|
|
|
|
|
sprintf(key, "%s/%s", prefix, "ssl-cipher");
|
|
|
|
conn->dtls_cipher = cw_cfg_get(cfg, key, default_cipher);
|
|
|
|
|
|
|
|
|
|
|
|
sprintf(key, "%s/%s", prefix, "ssl-psk");
|
|
|
|
conn->dtls_psk = cw_cfg_get(cfg, key, NULL);
|
|
|
|
|
|
|
|
sprintf(key, "%s/%s", prefix, "ssl-psk-enable");
|
|
|
|
conn->dtls_psk_enable = cw_cfg_get_bool(cfg, key, "flase");
|
|
|
|
|
|
|
|
if (conn->dtls_psk_enable) {
|
2018-04-01 10:04:09 +02:00
|
|
|
security |= CAPWAP_FLAG_AC_SECURITY_S;
|
|
|
|
}
|
2022-08-09 09:52:30 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sprintf(key, "%s/%s", prefix, "ssl-certfile");
|
|
|
|
ssl_cert = cw_cfg_get(conn->local_cfg, key, NULL);
|
|
|
|
sprintf(key, "%s/%s", prefix, "ssl-keyfile");
|
|
|
|
ssl_key = cw_cfg_get(conn->local_cfg, key, NULL);
|
|
|
|
|
|
|
|
if (ssl_cert != NULL && ssl_key != NULL) {
|
2018-04-01 10:04:09 +02:00
|
|
|
conn->dtls_cert_file = ssl_cert;
|
|
|
|
conn->dtls_key_file = ssl_key;
|
2022-08-09 09:52:30 +02:00
|
|
|
sprintf(key, "%s/%s", prefix, "ssl-keypass");
|
|
|
|
conn->dtls_key_pass = cw_cfg_get(cfg, key, NULL);
|
2018-04-01 10:04:09 +02:00
|
|
|
security |= CAPWAP_FLAG_AC_SECURITY_X;
|
|
|
|
}
|
|
|
|
|
2022-08-09 09:52:30 +02:00
|
|
|
sprintf(key, "%s/%s", prefix, "ssl-dhbits");
|
|
|
|
conn->dtls_dhbits = cw_cfg_get_word(cfg, key, "1024");
|
|
|
|
|
2018-04-04 10:59:07 +02:00
|
|
|
conn->dtls_get_psk = get_psk;
|
2018-04-04 00:43:13 +02:00
|
|
|
|
2018-04-01 10:04:09 +02:00
|
|
|
return security;
|
2022-07-31 17:15:32 +02:00
|
|
|
}
|