projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Refactored common used operations into TLS crypto helper
[strongswan.git] / src / charon / plugins / eap_tls / tls / tls_crypto.h
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup tls_crypto tls_crypto
18 * @{ @ingroup tls
19 */
20
21 #ifndef TLS_CRYPTO_H_
22 #define TLS_CRYPTO_H_
23
24 typedef struct tls_crypto_t tls_crypto_t;
25
26 #include "tls.h"
27 #include "tls_prf.h"
28
29 #include <credentials/keys/private_key.h>
30
31 /**
32 * TLS crypto helper functions.
33 */
34 struct tls_crypto_t {
35
36 /**
37 * Get a list of supported TLS cipher suites.
38 *
39 * @param suites list of suites, points to internal data
40 * @return number of suites returned
41 */
42 int (*get_cipher_suites)(tls_crypto_t *this, tls_cipher_suite_t **suites);
43
44 /**
45 * Select and store a cipher suite from a given list of candidates.
46 *
47 * @param suites list of candidates to select from
48 * @param count number of suites
49 * @return selected suite, 0 if none acceptable
50 */
51 tls_cipher_suite_t (*select_cipher_suite)(tls_crypto_t *this,
52 tls_cipher_suite_t *suites, int count);
53
54 /**
55 * Store exchanged handshake data, used for cryptographic operations.
56 *
57 * @param type handshake sub type
58 * @param data data to append to handshake buffer
59 */
60 void (*append_handshake)(tls_crypto_t *this,
61 tls_handshake_type_t type, chunk_t data);
62
63 /**
64 * Create a signature of the handshake data using a given private key.
65 *
66 * @param key private key to use for signature
67 * @param sig allocated signature
68 * @return TRUE if signature create successfully
69 */
70 bool (*sign_handshake)(tls_crypto_t *this, private_key_t *key, chunk_t *sig);
71
72 /**
73 * Calculate the data of a TLS finished message.
74 *
75 * @param label ASCII label to use for calculation
76 * @param out buffer to write finished data to
77 * @return TRUE if calculation successful
78 */
79 bool (*calculate_finished)(tls_crypto_t *this, char *label, char out[12]);
80
81 /**
82 * Derive the master secret, MAC and encryption keys.
83 *
84 * @param premaster premaster secret
85 * @param client_random random data from client hello
86 * @param server_random random data from server hello
87 */
88 void (*derive_secrets)(tls_crypto_t *this, chunk_t premaster,
89 chunk_t client_random, chunk_t server_random);
90
91 /**
92 * Change the cipher used at protection layer.
93 *
94 * @param inbound TRUE to change inbound cipher, FALSE for outbound
95 */
96 void (*change_cipher)(tls_crypto_t *this, bool inbound);
97
98 /**
99 * Derive the EAP-TLS MSK.
100 *
101 * @param client_random random data from client hello
102 * @param server_random random data from server hello
103 */
104 void (*derive_eap_msk)(tls_crypto_t *this,
105 chunk_t client_random, chunk_t server_random);
106
107 /**
108 * Get the MSK to use in EAP-TLS.
109 *
110 * @return MSK, points to internal data
111 */
112 chunk_t (*get_eap_msk)(tls_crypto_t *this);
113
114 /**
115 * Destroy a tls_crypto_t.
116 */
117 void (*destroy)(tls_crypto_t *this);
118 };
119
120 /**
121 * Create a tls_crypto instance.
122 */
123 tls_crypto_t *tls_crypto_create(tls_t *tls);
124
125 #endif /** TLS_CRYPTO_H_ @}*/
strongSwan - IPsec VPN