Added TLS crypto helper, currently supports cipher suite selection
[strongswan.git] / src / charon / plugins / eap_tls / tls / tls.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tls.h"
17
18 #include "tls_protection.h"
19 #include "tls_compression.h"
20 #include "tls_fragmentation.h"
21 #include "tls_crypto.h"
22 #include "tls_server.h"
23 #include "tls_peer.h"
24
25 #include <daemon.h>
26
27 ENUM(tls_version_names, SSL_2_0, TLS_1_2,
28 "SSLv2",
29 "SSLv3",
30 "TLS 1.0",
31 "TLS 1.1",
32 "TLS 1.2",
33 );
34
35 ENUM(tls_content_type_names, TLS_CHANGE_CIPHER_SPEC, TLS_APPLICATION_DATA,
36 "ChangeCipherSpec",
37 "Alert",
38 "Handshake",
39 "ApplicationData",
40 );
41
42 ENUM_BEGIN(tls_handshake_type_names, TLS_HELLO_REQUEST, TLS_SERVER_HELLO,
43 "HelloRequest",
44 "ClientHello",
45 "ServerHello");
46 ENUM_NEXT(tls_handshake_type_names, TLS_CERTIFICATE, TLS_CLIENT_KEY_EXCHANGE, TLS_SERVER_HELLO,
47 "Certificate",
48 "ServerKeyExchange",
49 "CertificateRequest",
50 "ServerHelloDone",
51 "CertificateVerify",
52 "ClientKeyExchange");
53 ENUM_NEXT(tls_handshake_type_names, TLS_FINISHED, TLS_FINISHED, TLS_CLIENT_KEY_EXCHANGE,
54 "Finished");
55 ENUM_END(tls_handshake_type_names, TLS_FINISHED);
56
57
58 typedef struct private_tls_t private_tls_t;
59
60 /**
61 * Private data of an tls_protection_t object.
62 */
63 struct private_tls_t {
64
65 /**
66 * Public tls_t interface.
67 */
68 tls_t public;
69
70 /**
71 * Role this TLS stack acts as.
72 */
73 bool is_server;
74
75 /**
76 * TLS record protection layer
77 */
78 tls_protection_t *protection;
79
80 /**
81 * TLS record compression layer
82 */
83 tls_compression_t *compression;
84
85 /**
86 * TLS record fragmentation layer
87 */
88 tls_fragmentation_t *fragmentation;
89
90 /**
91 * TLS crypto helper context
92 */
93 tls_crypto_t *crypto;
94
95 /**
96 * TLS handshake protocol handler
97 */
98 tls_handshake_t *handshake;
99 };
100
101 METHOD(tls_t, process, status_t,
102 private_tls_t *this, tls_content_type_t type, chunk_t data)
103 {
104 return this->protection->process(this->protection, type, data);
105 }
106
107 METHOD(tls_t, build, status_t,
108 private_tls_t *this, tls_content_type_t *type, chunk_t *data)
109 {
110 return this->protection->build(this->protection, type, data);
111 }
112
113 METHOD(tls_t, destroy, void,
114 private_tls_t *this)
115 {
116 this->protection->destroy(this->protection);
117 this->compression->destroy(this->compression);
118 this->fragmentation->destroy(this->fragmentation);
119 this->crypto->destroy(this->crypto);
120 this->handshake->destroy(this->handshake);
121
122 free(this);
123 }
124
125 /**
126 * See header
127 */
128 tls_t *tls_create(bool is_server)
129 {
130 private_tls_t *this;
131
132 INIT(this,
133 .public = {
134 .process = _process,
135 .build = _build,
136 .destroy = _destroy,
137 },
138 .is_server = is_server,
139 .crypto = tls_crypto_create(),
140 );
141
142 if (is_server)
143 {
144 this->handshake = &tls_server_create(this->crypto)->handshake;
145 }
146 else
147 {
148 this->handshake = &tls_peer_create(this->crypto)->handshake;
149 }
150 this->fragmentation = tls_fragmentation_create(this->handshake);
151 this->compression = tls_compression_create(this->fragmentation);
152 this->protection = tls_protection_create(this->compression);
153
154 return &this->public;
155 }