9c11bc796cf9cd7329dbb729b76fdab155a24a27
[strongswan.git] / src / charon / plugins / eap_tls / tls / tls.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tls.h"
17
18 #include "tls_protection.h"
19 #include "tls_compression.h"
20 #include "tls_fragmentation.h"
21 #include "tls_server.h"
22 #include "tls_peer.h"
23
24 #include <daemon.h>
25
26 ENUM(tls_version_names, SSL_2_0, TLS_1_2,
27 "SSLv2",
28 "SSLv3",
29 "TLS 1.0",
30 "TLS 1.1",
31 "TLS 1.2",
32 );
33
34 ENUM(tls_content_type_names, TLS_CHANGE_CIPHER_SPEC, TLS_APPLICATION_DATA,
35 "ChangeCipherSpec",
36 "Alert",
37 "Handshake",
38 "ApplicationData",
39 );
40
41 ENUM_BEGIN(tls_handshake_type_names, TLS_HELLO_REQUEST, TLS_SERVER_HELLO,
42 "HelloRequest",
43 "ClientHello",
44 "ServerHello");
45 ENUM_NEXT(tls_handshake_type_names, TLS_CERTIFICATE, TLS_CLIENT_KEY_EXCHANGE, TLS_SERVER_HELLO,
46 "Certificate",
47 "ServerKeyExchange",
48 "CertificateRequest",
49 "ServerHelloDone",
50 "CertificateVerify",
51 "ClientKeyExchange");
52 ENUM_NEXT(tls_handshake_type_names, TLS_FINISHED, TLS_FINISHED, TLS_CLIENT_KEY_EXCHANGE,
53 "Finished");
54 ENUM_END(tls_handshake_type_names, TLS_FINISHED);
55
56
57 typedef struct private_tls_t private_tls_t;
58
59 /**
60 * Private data of an tls_protection_t object.
61 */
62 struct private_tls_t {
63
64 /**
65 * Public tls_t interface.
66 */
67 tls_t public;
68
69 /**
70 * Role this TLS stack acts as.
71 */
72 bool is_server;
73
74 /**
75 * TLS record protection layer
76 */
77 tls_protection_t *protection;
78
79 /**
80 * TLS record compression layer
81 */
82 tls_compression_t *compression;
83
84 /**
85 * TLS record fragmentation layer
86 */
87 tls_fragmentation_t *fragmentation;
88
89 /**
90 * TLS handshake protocol handler
91 */
92 tls_handshake_t *handshake;
93 };
94
95 METHOD(tls_t, process, status_t,
96 private_tls_t *this, tls_content_type_t type, chunk_t data)
97 {
98 return this->protection->process(this->protection, type, data);
99 }
100
101 METHOD(tls_t, build, status_t,
102 private_tls_t *this, tls_content_type_t *type, chunk_t *data)
103 {
104 return this->protection->build(this->protection, type, data);
105 }
106
107 METHOD(tls_t, destroy, void,
108 private_tls_t *this)
109 {
110 this->protection->destroy(this->protection);
111 this->compression->destroy(this->compression);
112 this->fragmentation->destroy(this->fragmentation);
113 this->handshake->destroy(this->handshake);
114
115 free(this);
116 }
117
118 /**
119 * See header
120 */
121 tls_t *tls_create(bool is_server)
122 {
123 private_tls_t *this;
124
125 INIT(this,
126 .public = {
127 .process = _process,
128 .build = _build,
129 .destroy = _destroy,
130 },
131 .is_server = is_server,
132 );
133
134 if (is_server)
135 {
136 this->handshake = &tls_server_create()->handshake;
137 }
138 else
139 {
140 this->handshake = &tls_peer_create()->handshake;
141 }
142 this->fragmentation = tls_fragmentation_create(this->handshake);
143 this->compression = tls_compression_create(this->fragmentation);
144 this->protection = tls_protection_create(this->compression);
145
146 return &this->public;
147 }