Register hmac/xcbc algorithms after potentially underlying PKCS#11
[strongswan.git] / src / libtls / tls.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tls.h"
17
18 #include "tls_protection.h"
19 #include "tls_compression.h"
20 #include "tls_fragmentation.h"
21 #include "tls_crypto.h"
22 #include "tls_server.h"
23 #include "tls_peer.h"
24
25 ENUM_BEGIN(tls_version_names, SSL_2_0, SSL_2_0,
26 "SSLv2");
27 ENUM_NEXT(tls_version_names, SSL_3_0, TLS_1_2, SSL_2_0,
28 "SSLv3",
29 "TLS 1.0",
30 "TLS 1.1",
31 "TLS 1.2");
32 ENUM_END(tls_version_names, TLS_1_2);
33
34 ENUM(tls_content_type_names, TLS_CHANGE_CIPHER_SPEC, TLS_APPLICATION_DATA,
35 "ChangeCipherSpec",
36 "Alert",
37 "Handshake",
38 "ApplicationData",
39 );
40
41 ENUM_BEGIN(tls_handshake_type_names, TLS_HELLO_REQUEST, TLS_SERVER_HELLO,
42 "HelloRequest",
43 "ClientHello",
44 "ServerHello");
45 ENUM_NEXT(tls_handshake_type_names, TLS_CERTIFICATE, TLS_CLIENT_KEY_EXCHANGE, TLS_SERVER_HELLO,
46 "Certificate",
47 "ServerKeyExchange",
48 "CertificateRequest",
49 "ServerHelloDone",
50 "CertificateVerify",
51 "ClientKeyExchange");
52 ENUM_NEXT(tls_handshake_type_names, TLS_FINISHED, TLS_FINISHED, TLS_CLIENT_KEY_EXCHANGE,
53 "Finished");
54 ENUM_END(tls_handshake_type_names, TLS_FINISHED);
55
56
57 typedef struct private_tls_t private_tls_t;
58
59 /**
60 * Private data of an tls_protection_t object.
61 */
62 struct private_tls_t {
63
64 /**
65 * Public tls_t interface.
66 */
67 tls_t public;
68
69 /**
70 * Role this TLS stack acts as.
71 */
72 bool is_server;
73
74 /**
75 * Server identity
76 */
77 identification_t *server;
78
79 /**
80 * Peer identity
81 */
82 identification_t *peer;
83
84 /**
85 * Negotiated TLS version
86 */
87 tls_version_t version;
88
89 /**
90 * TLS record protection layer
91 */
92 tls_protection_t *protection;
93
94 /**
95 * TLS record compression layer
96 */
97 tls_compression_t *compression;
98
99 /**
100 * TLS record fragmentation layer
101 */
102 tls_fragmentation_t *fragmentation;
103
104 /**
105 * TLS crypto helper context
106 */
107 tls_crypto_t *crypto;
108
109 /**
110 * TLS handshake protocol handler
111 */
112 tls_handshake_t *handshake;
113 };
114
115 METHOD(tls_t, process, status_t,
116 private_tls_t *this, tls_content_type_t type, chunk_t data)
117 {
118 return this->protection->process(this->protection, type, data);
119 }
120
121 METHOD(tls_t, build, status_t,
122 private_tls_t *this, tls_content_type_t *type, chunk_t *data)
123 {
124 return this->protection->build(this->protection, type, data);
125 }
126
127 METHOD(tls_t, is_server, bool,
128 private_tls_t *this)
129 {
130 return this->is_server;
131 }
132
133 METHOD(tls_t, get_version, tls_version_t,
134 private_tls_t *this)
135 {
136 return this->version;
137 }
138
139 METHOD(tls_t, set_version, void,
140 private_tls_t *this, tls_version_t version)
141 {
142 this->version = version;
143 }
144
145 METHOD(tls_t, is_complete, bool,
146 private_tls_t *this)
147 {
148 return this->crypto->get_eap_msk(this->crypto).len != 0;
149 }
150
151 METHOD(tls_t, get_eap_msk, chunk_t,
152 private_tls_t *this)
153 {
154 return this->crypto->get_eap_msk(this->crypto);
155 }
156
157 METHOD(tls_t, destroy, void,
158 private_tls_t *this)
159 {
160 this->protection->destroy(this->protection);
161 this->compression->destroy(this->compression);
162 this->fragmentation->destroy(this->fragmentation);
163 this->crypto->destroy(this->crypto);
164 this->handshake->destroy(this->handshake);
165 this->peer->destroy(this->peer);
166 this->server->destroy(this->server);
167
168 free(this);
169 }
170
171 /**
172 * See header
173 */
174 tls_t *tls_create(bool is_server, identification_t *server,
175 identification_t *peer)
176 {
177 private_tls_t *this;
178
179 INIT(this,
180 .public = {
181 .process = _process,
182 .build = _build,
183 .is_server = _is_server,
184 .get_version = _get_version,
185 .set_version = _set_version,
186 .is_complete = _is_complete,
187 .get_eap_msk = _get_eap_msk,
188 .destroy = _destroy,
189 },
190 .is_server = is_server,
191 .version = TLS_1_2,
192 .server = server->clone(server),
193 .peer = peer->clone(peer),
194 );
195
196 this->crypto = tls_crypto_create(&this->public);
197 if (is_server)
198 {
199 this->handshake = &tls_server_create(&this->public, this->crypto,
200 this->server, this->peer)->handshake;
201 }
202 else
203 {
204 this->handshake = &tls_peer_create(&this->public, this->crypto,
205 this->peer, this->server)->handshake;
206 }
207 this->fragmentation = tls_fragmentation_create(this->handshake);
208 this->compression = tls_compression_create(this->fragmentation);
209 this->protection = tls_protection_create(&this->public, this->compression);
210 this->crypto->set_protection(this->crypto, this->protection);
211
212 return &this->public;
213 }