Cleaned up the public TLS interface

author Martin Willi <martin@revosec.ch>

Fri, 5 Feb 2010 13:39:19 +0000 (13:39 +0000)

committer Martin Willi <martin@revosec.ch>

Tue, 3 Aug 2010 13:39:25 +0000 (15:39 +0200)
author Martin Willi <martin@revosec.ch>
Fri, 5 Feb 2010 13:39:19 +0000 (13:39 +0000)
committer Martin Willi <martin@revosec.ch>
Tue, 3 Aug 2010 13:39:25 +0000 (15:39 +0200)
diff --git a/src/charon/plugins/eap_tls/tls/tls.c b/src/charon/plugins/eap_tls/tls/tls.c

index c011ad67848bf2e59a10f73ace0fd22ebf483d58..7bc7869da29f60484a447c3c9f53ad334cf8113b 100644 (file)
--- a/src/charon/plugins/eap_tls/tls/tls.c
+++ b/src/charon/plugins/eap_tls/tls/tls.c
@@ -134,13 +134,6 @@ METHOD(tls_t, set_version, void,
         this->version = version;
  }
  
-METHOD(tls_t, change_cipher, void,
-       private_tls_t *this, bool inbound, signer_t *signer,
-       crypter_t *crypter, chunk_t iv)
-{
-       this->protection->set_cipher(this->protection, inbound, signer, crypter, iv);
-}
-
  METHOD(tls_t, get_eap_msk, chunk_t,
         private_tls_t *this)
  {
@@ -174,7 +167,6 @@ tls_t *tls_create(bool is_server, identification_t *server,
                         .is_server = _is_server,
                         .get_version = _get_version,
                         .set_version = _set_version,
-                       .change_cipher = _change_cipher,
                         .get_eap_msk = _get_eap_msk,
                         .destroy = _destroy,
                 },
@@ -196,6 +188,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
         this->fragmentation = tls_fragmentation_create(this->handshake);
         this->compression = tls_compression_create(this->fragmentation);
         this->protection = tls_protection_create(&this->public, this->compression);
+       this->crypto->set_protection(this->crypto, this->protection);
  
         return &this->public;
  }
diff --git a/src/charon/plugins/eap_tls/tls/tls.h b/src/charon/plugins/eap_tls/tls/tls.h

index ffaa83ebaff57573ff3efb082a79d79bda2f7636..f40a59a027dd86509c653fef53dee6ba1ad17785 100644 (file)
--- a/src/charon/plugins/eap_tls/tls/tls.h
+++ b/src/charon/plugins/eap_tls/tls/tls.h
@@ -27,7 +27,6 @@
  typedef enum tls_version_t tls_version_t;
  typedef enum tls_content_type_t tls_content_type_t;
  typedef enum tls_handshake_type_t tls_handshake_type_t;
-typedef enum tls_cipher_suite_t tls_cipher_suite_t;
  typedef struct tls_t tls_t;
  
  #include <library.h>
@@ -84,46 +83,6 @@ enum tls_handshake_type_t {
   */
  extern enum_name_t *tls_handshake_type_names;
  
-enum tls_cipher_suite_t {
-       TLS_NULL_WITH_NULL_NULL =                               0x00,
-       TLS_RSA_WITH_NULL_MD5 =                                 0x01,
-       TLS_RSA_WITH_NULL_SHA =                                 0x02,
-       TLS_RSA_WITH_NULL_SHA256 =                              0x3B,
-       TLS_RSA_WITH_RC4_128_MD5 =                              0x04,
-       TLS_RSA_WITH_RC4_128_SHA =                              0x05,
-       TLS_RSA_WITH_3DES_EDE_CBC_SHA =                 0x0A,
-       TLS_RSA_WITH_AES_128_CBC_SHA =                  0x2F,
-       TLS_RSA_WITH_AES_256_CBC_SHA =                  0x35,
-       TLS_RSA_WITH_AES_128_CBC_SHA256 =               0x3C,
-       TLS_RSA_WITH_AES_256_CBC_SHA256 =               0x3D,
-       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA =              0x0D,
-       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA =              0x10,
-       TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA =             0x13,
-       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA =             0x16,
-       TLS_DH_DSS_WITH_AES_128_CBC_SHA =               0x30,
-       TLS_DH_RSA_WITH_AES_128_CBC_SHA =               0x31,
-       TLS_DHE_DSS_WITH_AES_128_CBC_SHA =              0x32,
-       TLS_DHE_RSA_WITH_AES_128_CBC_SHA =              0x33,
-       TLS_DH_DSS_WITH_AES_256_CBC_SHA =               0x36,
-       TLS_DH_RSA_WITH_AES_256_CBC_SHA =               0x37,
-       TLS_DHE_DSS_WITH_AES_256_CBC_SHA =              0x38,
-       TLS_DHE_RSA_WITH_AES_256_CBC_SHA =              0x39,
-       TLS_DH_DSS_WITH_AES_128_CBC_SHA256 =    0x3E,
-       TLS_DH_RSA_WITH_AES_128_CBC_SHA256 =    0x3F,
-       TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 =   0x40,
-       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 =   0x67,
-       TLS_DH_DSS_WITH_AES_256_CBC_SHA256 =    0x68,
-       TLS_DH_RSA_WITH_AES_256_CBC_SHA256 =    0x69,
-       TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 =   0x6A,
-       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 =   0x6B,
-       TLS_DH_ANON_WITH_RC4_128_MD5 =                  0x18,
-       TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA =             0x1B,
-       TLS_DH_ANON_WITH_AES_128_CBC_SHA =              0x34,
-       TLS_DH_ANON_WITH_AES_256_CBC_SHA =              0x3A,
-       TLS_DH_ANON_WITH_AES_128_CBC_SHA256 =   0x6C,
-       TLS_DH_ANON_WITH_AES_256_CBC_SHA256 =   0x6D,
-};
-
  /**
   * A bottom-up driven TLS stack, suitable for EAP implementations.
   */
@@ -175,17 +134,6 @@ struct tls_t {
          */
         void (*set_version)(tls_t *this, tls_version_t version);
  
-       /**
-        * Change used cipher, including encryption and integrity algorithms.
-        *
-        * @param inbound       TRUE to use cipher for inbound data, FALSE for outbound
-        * @param signer        new signer to use
-        * @param crypter       new crypter to use
-        * @param iv            initial IV for crypter
-        */
-       void (*change_cipher)(tls_t *this, bool inbound, signer_t *signer,
-                                                 crypter_t *crypter, chunk_t iv);
-
         /**
          * Get the MSK for EAP-TLS.
          *
diff --git a/src/charon/plugins/eap_tls/tls/tls_crypto.c b/src/charon/plugins/eap_tls/tls/tls_crypto.c

index 719003e05d32578a723ca4c3ca4935d09a28f4c7..789b942893cd839423474c394cd90c475eb04993 100644 (file)
--- a/src/charon/plugins/eap_tls/tls/tls_crypto.c
+++ b/src/charon/plugins/eap_tls/tls/tls_crypto.c
@@ -29,6 +29,11 @@ struct private_tls_crypto_t {
          */
         tls_crypto_t public;
  
+       /**
+        * Protection layer
+        */
+       tls_protection_t *protection;
+
         /**
          * List of supported/acceptable cipher suites
          */
@@ -351,6 +356,12 @@ METHOD(tls_crypto_t, select_cipher_suite, tls_cipher_suite_t,
         return 0;
  }
  
+METHOD(tls_crypto_t, set_protection, void,
+       private_tls_crypto_t *this, tls_protection_t *protection)
+{
+       this->protection = protection;
+}
+
  METHOD(tls_crypto_t, append_handshake, void,
         private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data)
  {
@@ -561,15 +572,18 @@ METHOD(tls_crypto_t, derive_secrets, void,
  METHOD(tls_crypto_t, change_cipher, void,
         private_tls_crypto_t *this, bool inbound)
  {
-       if (inbound)
-       {
-               this->tls->change_cipher(this->tls, TRUE, this->signer_in,
-                                                                this->crypter_in, this->iv_in);
-       }
-       else
+       if (this->protection)
         {
-               this->tls->change_cipher(this->tls, FALSE, this->signer_out,
-                                                                this->crypter_out, this->iv_out);
+               if (inbound)
+               {
+                       this->protection->set_cipher(this->protection, TRUE,
+                                                       this->signer_in, this->crypter_in, this->iv_in);
+               }
+               else
+               {
+                       this->protection->set_cipher(this->protection, FALSE,
+                                                       this->signer_out, this->crypter_out, this->iv_out);
+               }
         }
  }
  
@@ -618,6 +632,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls)
                 .public = {
                         .get_cipher_suites = _get_cipher_suites,
                         .select_cipher_suite = _select_cipher_suite,
+                       .set_protection = _set_protection,
                         .append_handshake = _append_handshake,
                         .sign_handshake = _sign_handshake,
                         .calculate_finished = _calculate_finished,
diff --git a/src/charon/plugins/eap_tls/tls/tls_crypto.h b/src/charon/plugins/eap_tls/tls/tls_crypto.h

index e3363cde96c87fd498a4cf6fe96c2b623a50f45c..49bc09c9934ea00235c056683b6b082fa506b56d 100644 (file)
--- a/src/charon/plugins/eap_tls/tls/tls_crypto.h
+++ b/src/charon/plugins/eap_tls/tls/tls_crypto.h
@@ -22,12 +22,57 @@
  #define TLS_CRYPTO_H_
  
  typedef struct tls_crypto_t tls_crypto_t;
+typedef enum tls_cipher_suite_t tls_cipher_suite_t;
  
  #include "tls.h"
  #include "tls_prf.h"
+#include "tls_protection.h"
  
  #include <credentials/keys/private_key.h>
  
+/**
+ * TLS cipher suites
+ */
+enum tls_cipher_suite_t {
+       TLS_NULL_WITH_NULL_NULL =                               0x00,
+       TLS_RSA_WITH_NULL_MD5 =                                 0x01,
+       TLS_RSA_WITH_NULL_SHA =                                 0x02,
+       TLS_RSA_WITH_NULL_SHA256 =                              0x3B,
+       TLS_RSA_WITH_RC4_128_MD5 =                              0x04,
+       TLS_RSA_WITH_RC4_128_SHA =                              0x05,
+       TLS_RSA_WITH_3DES_EDE_CBC_SHA =                 0x0A,
+       TLS_RSA_WITH_AES_128_CBC_SHA =                  0x2F,
+       TLS_RSA_WITH_AES_256_CBC_SHA =                  0x35,
+       TLS_RSA_WITH_AES_128_CBC_SHA256 =               0x3C,
+       TLS_RSA_WITH_AES_256_CBC_SHA256 =               0x3D,
+       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA =              0x0D,
+       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA =              0x10,
+       TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA =             0x13,
+       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA =             0x16,
+       TLS_DH_DSS_WITH_AES_128_CBC_SHA =               0x30,
+       TLS_DH_RSA_WITH_AES_128_CBC_SHA =               0x31,
+       TLS_DHE_DSS_WITH_AES_128_CBC_SHA =              0x32,
+       TLS_DHE_RSA_WITH_AES_128_CBC_SHA =              0x33,
+       TLS_DH_DSS_WITH_AES_256_CBC_SHA =               0x36,
+       TLS_DH_RSA_WITH_AES_256_CBC_SHA =               0x37,
+       TLS_DHE_DSS_WITH_AES_256_CBC_SHA =              0x38,
+       TLS_DHE_RSA_WITH_AES_256_CBC_SHA =              0x39,
+       TLS_DH_DSS_WITH_AES_128_CBC_SHA256 =    0x3E,
+       TLS_DH_RSA_WITH_AES_128_CBC_SHA256 =    0x3F,
+       TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 =   0x40,
+       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 =   0x67,
+       TLS_DH_DSS_WITH_AES_256_CBC_SHA256 =    0x68,
+       TLS_DH_RSA_WITH_AES_256_CBC_SHA256 =    0x69,
+       TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 =   0x6A,
+       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 =   0x6B,
+       TLS_DH_ANON_WITH_RC4_128_MD5 =                  0x18,
+       TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA =             0x1B,
+       TLS_DH_ANON_WITH_AES_128_CBC_SHA =              0x34,
+       TLS_DH_ANON_WITH_AES_256_CBC_SHA =              0x3A,
+       TLS_DH_ANON_WITH_AES_128_CBC_SHA256 =   0x6C,
+       TLS_DH_ANON_WITH_AES_256_CBC_SHA256 =   0x6D,
+};
+
  /**
   * TLS crypto helper functions.
   */
@@ -51,6 +96,13 @@ struct tls_crypto_t {
         tls_cipher_suite_t (*select_cipher_suite)(tls_crypto_t *this,
                                                                                 tls_cipher_suite_t *suites, int count);
  
+       /**
+        * Set the protection layer of the TLS stack to control it.
+        *
+        * @param protection            protection layer to work on
+        */
+       void (*set_protection)(tls_crypto_t *this, tls_protection_t *protection);
+
         /**
          * Store exchanged handshake data, used for cryptographic operations.
          *
author	Martin Willi <martin@revosec.ch>
	Fri, 5 Feb 2010 13:39:19 +0000 (13:39 +0000)
committer	Martin Willi <martin@revosec.ch>
	Tue, 3 Aug 2010 13:39:25 +0000 (15:39 +0200)
src/charon/plugins/eap_tls/tls/tls.c		patch \| blob \| blame \| history
src/charon/plugins/eap_tls/tls/tls.h		patch \| blob \| blame \| history
src/charon/plugins/eap_tls/tls/tls_crypto.c		patch \| blob \| blame \| history
src/charon/plugins/eap_tls/tls/tls_crypto.h		patch \| blob \| blame \| history