Added dummy/identity implementations of the different TLS record layers

8 files changed, 475 insertions, 3 deletions

diff --git a/src/charon/plugins/eap_tls/Makefile.am b/src/charon/plugins/eap_tls/Makefile.am
index 694b869e5..25afad2e2 100644
--- a/src/charon/plugins/eap_tls/Makefile.am
+++ b/src/charon/plugins/eap_tls/Makefile.am
@@ -6,5 +6,8 @@ AM_CFLAGS = -rdynamic
 plugin_LTLIBRARIES = libstrongswan-eap-tls.la
 
 libstrongswan_eap_tls_la_SOURCES = eap_tls_plugin.h eap_tls_plugin.c \
-	eap_tls.h eap_tls.c tls/tls.h tls/tls.c
+	eap_tls.h eap_tls.c tls/tls.h tls/tls.c \
+	tls/tls_protection.h tls/tls_protection.c \
+	tls/tls_compression.h tls/tls_compression.c \
+	tls/tls_fragmentation.h tls/tls_fragmentation.c
 libstrongswan_eap_tls_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_tls/tls/tls.c b/src/charon/plugins/eap_tls/tls/tls.c
index ddb0c81f0..5bba59792 100644
--- a/src/charon/plugins/eap_tls/tls/tls.c
+++ b/src/charon/plugins/eap_tls/tls/tls.c
@@ -15,6 +15,10 @@
 
 #include "tls.h"
 
+#include "tls_protection.h"
+#include "tls_compression.h"
+#include "tls_fragmentation.h"
+
 #include <daemon.h>
 
 ENUM(tls_version_names, SSL_2_0, TLS_1_2,
@@ -64,23 +68,42 @@ struct private_tls_t {
 	 * Role this TLS stack acts as.
 	 */
 	bool is_server;
+
+	/**
+	 * TLS record protection layer
+	 */
+	tls_protection_t *protection;
+
+	/**
+	 * TLS record compression layer
+	 */
+	tls_compression_t *compression;
+
+	/**
+	 * TLS record fragmentation layer
+	 */
+	tls_fragmentation_t *fragmentation;
 };
 
 METHOD(tls_t, process, status_t,
 	private_tls_t *this, tls_content_type_t type, chunk_t data)
 {
-	return NEED_MORE;
+	return this->protection->process(this->protection, type, data);
 }
 
 METHOD(tls_t, build, status_t,
 	private_tls_t *this, tls_content_type_t *type, chunk_t *data)
 {
-	return INVALID_STATE;
+	return this->protection->build(this->protection, type, data);
 }
 
 METHOD(tls_t, destroy, void,
 	private_tls_t *this)
 {
+	this->protection->destroy(this->protection);
+	this->compression->destroy(this->compression);
+	this->fragmentation->destroy(this->fragmentation);
+
 	free(this);
 }
 
@@ -100,5 +123,9 @@ tls_t *tls_create(bool is_server)
 		.is_server = is_server,
 	);
 
+	this->fragmentation = tls_fragmentation_create();
+	this->compression = tls_compression_create(this->fragmentation);
+	this->protection = tls_protection_create(this->compression);
+
 	return &this->public;
 }
diff --git a/src/charon/plugins/eap_tls/tls/tls_compression.c b/src/charon/plugins/eap_tls/tls/tls_compression.c
new file mode 100644
index 000000000..453558084
--- /dev/null
+++ b/src/charon/plugins/eap_tls/tls/tls_compression.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tls_compression.h"
+
+#include <daemon.h>
+
+typedef struct private_tls_compression_t private_tls_compression_t;
+
+/**
+ * Private data of an tls_compression_t object.
+ */
+struct private_tls_compression_t {
+
+	/**
+	 * Public tls_compression_t interface.
+	 */
+	tls_compression_t public;
+
+	/**
+	 * Upper layer, TLS record fragmentation
+	 */
+	tls_fragmentation_t *fragmentation;
+};
+
+METHOD(tls_compression_t, process, status_t,
+	private_tls_compression_t *this, tls_content_type_t type, chunk_t data)
+{
+	return this->fragmentation->process(this->fragmentation, type, data);
+}
+
+METHOD(tls_compression_t, build, status_t,
+	private_tls_compression_t *this, tls_content_type_t *type, chunk_t *data)
+{
+	return this->fragmentation->build(this->fragmentation, type, data);
+}
+
+METHOD(tls_compression_t, destroy, void,
+	private_tls_compression_t *this)
+{
+	free(this);
+}
+
+/**
+ * See header
+ */
+tls_compression_t *tls_compression_create(tls_fragmentation_t *fragmentation)
+{
+	private_tls_compression_t *this;
+
+	INIT(this,
+		.public = {
+			.process = _process,
+			.build = _build,
+			.destroy = _destroy,
+		},
+		.fragmentation = fragmentation,
+	);
+
+	return &this->public;
+}
diff --git a/src/charon/plugins/eap_tls/tls/tls_compression.h b/src/charon/plugins/eap_tls/tls/tls_compression.h
new file mode 100644
index 000000000..a61543004
--- /dev/null
+++ b/src/charon/plugins/eap_tls/tls/tls_compression.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tls_compression tls_compression
+ * @{ @ingroup tls
+ */
+
+#ifndef TLS_COMPRESSION_H_
+#define TLS_COMPRESSION_H_
+
+typedef struct tls_compression_t tls_compression_t;
+
+#include <library.h>
+
+#include "tls.h"
+#include "tls_fragmentation.h"
+
+/**
+ * TLS record protocol compression layer.
+ */
+struct tls_compression_t {
+
+	/**
+	 * Process a compressed TLS record, pass it to upper layers.
+	 *
+	 * @param type		type of the TLS record to process
+	 * @param data		associated TLS record data
+	 * @return
+	 *					- SUCCESS if TLS negotiation complete
+	 *					- FAILED if TLS handshake failed
+	 *					- NEED_MORE if more invocations to process/build needed
+	 */
+	status_t (*process)(tls_compression_t *this,
+						tls_content_type_t type, chunk_t data);
+
+	/**
+	 * Query upper layer for TLS record, build compressed record.
+	 *
+	 * @param type		type of the built TLS record
+	 * @param data		allocated data of the built TLS record
+	 * @return
+	 *					- SUCCESS if TLS negotiation complete
+	 *					- FAILED if TLS handshake failed
+	 *					- NEED_MORE if upper layers have more records to send
+	 *					- INVALID_STATE if more input records required
+	 */
+	status_t (*build)(tls_compression_t *this,
+					  tls_content_type_t *type, chunk_t *data);
+
+	/**
+	 * Destroy a tls_compression_t.
+	 */
+	void (*destroy)(tls_compression_t *this);
+};
+
+/**
+ * Create a tls_compression instance.
+ *
+ * @param fragmentation		fragmentation layer of TLS stack
+ * @return					TLS compression layer.
+ */
+tls_compression_t *tls_compression_create(tls_fragmentation_t *fragmentation);
+
+#endif /** TLS_COMPRESSION_H_ @}*/
diff --git a/src/charon/plugins/eap_tls/tls/tls_fragmentation.c b/src/charon/plugins/eap_tls/tls/tls_fragmentation.c
new file mode 100644
index 000000000..c1cfa0559
--- /dev/null
+++ b/src/charon/plugins/eap_tls/tls/tls_fragmentation.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tls_fragmentation.h"
+
+#include <daemon.h>
+
+typedef struct private_tls_fragmentation_t private_tls_fragmentation_t;
+
+/**
+ * Private data of an tls_fragmentation_t object.
+ */
+struct private_tls_fragmentation_t {
+
+	/**
+	 * Public tls_fragmentation_t interface.
+	 */
+	tls_fragmentation_t public;
+};
+
+METHOD(tls_fragmentation_t, process, status_t,
+	private_tls_fragmentation_t *this, tls_content_type_t type, chunk_t data)
+{
+	return NEED_MORE;
+}
+
+METHOD(tls_fragmentation_t, build, status_t,
+	private_tls_fragmentation_t *this, tls_content_type_t *type, chunk_t *data)
+{
+	return INVALID_STATE;
+}
+
+METHOD(tls_fragmentation_t, destroy, void,
+	private_tls_fragmentation_t *this)
+{
+	free(this);
+}
+
+/**
+ * See header
+ */
+tls_fragmentation_t *tls_fragmentation_create()
+{
+	private_tls_fragmentation_t *this;
+
+	INIT(this,
+		.public = {
+			.process = _process,
+			.build = _build,
+			.destroy = _destroy,
+		},
+	);
+
+	return &this->public;
+}
diff --git a/src/charon/plugins/eap_tls/tls/tls_fragmentation.h b/src/charon/plugins/eap_tls/tls/tls_fragmentation.h
new file mode 100644
index 000000000..866a9708b
--- /dev/null
+++ b/src/charon/plugins/eap_tls/tls/tls_fragmentation.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tls_fragmentation tls_fragmentation
+ * @{ @ingroup tls
+ */
+
+#ifndef TLS_FRAGMENTATION_H_
+#define TLS_FRAGMENTATION_H_
+
+typedef struct tls_fragmentation_t tls_fragmentation_t;
+
+#include <library.h>
+
+#include "tls.h"
+
+/**
+ * TLS record protocol fragmentation layer.
+ */
+struct tls_fragmentation_t {
+
+	/**
+	 * Process a fragmented TLS record, pass it to upper layers.
+	 *
+	 * @param type		type of the TLS record to process
+	 * @param data		associated TLS record data
+	 * @return
+	 *					- SUCCESS if TLS negotiation complete
+	 *					- FAILED if TLS handshake failed
+	 *					- NEED_MORE if more invocations to process/build needed
+	 */
+	status_t (*process)(tls_fragmentation_t *this,
+						tls_content_type_t type, chunk_t data);
+
+	/**
+	 * Query upper layer for TLS messages, build fragmented records.
+	 *
+	 * @param type		type of the built TLS record
+	 * @param data		allocated data of the built TLS record
+	 * @return
+	 *					- SUCCESS if TLS negotiation complete
+	 *					- FAILED if TLS handshake failed
+	 *					- NEED_MORE if upper layers have more records to send
+	 *					- INVALID_STATE if more input records required
+	 */
+	status_t (*build)(tls_fragmentation_t *this,
+					  tls_content_type_t *type, chunk_t *data);
+
+	/**
+	 * Destroy a tls_fragmentation_t.
+	 */
+	void (*destroy)(tls_fragmentation_t *this);
+};
+
+/**
+ * Create a tls_fragmentation instance.
+ *
+ * @return					TLS fragmentation layer.
+ */
+tls_fragmentation_t *tls_fragmentation_create();
+
+#endif /** TLS_FRAGMENTATION_H_ @}*/
diff --git a/src/charon/plugins/eap_tls/tls/tls_protection.c b/src/charon/plugins/eap_tls/tls/tls_protection.c
new file mode 100644
index 000000000..51d0db601
--- /dev/null
+++ b/src/charon/plugins/eap_tls/tls/tls_protection.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tls_protection.h"
+
+#include <daemon.h>
+
+typedef struct private_tls_protection_t private_tls_protection_t;
+
+/**
+ * Private data of an tls_protection_t object.
+ */
+struct private_tls_protection_t {
+
+	/**
+	 * Public tls_protection_t interface.
+	 */
+	tls_protection_t public;
+
+	/**
+	 * Upper layer, TLS record compression
+	 */
+	tls_compression_t *compression;
+};
+
+METHOD(tls_protection_t, process, status_t,
+	private_tls_protection_t *this, tls_content_type_t type, chunk_t data)
+{
+	return this->compression->process(this->compression, type, data);
+}
+
+METHOD(tls_protection_t, build, status_t,
+	private_tls_protection_t *this, tls_content_type_t *type, chunk_t *data)
+{
+	return this->compression->build(this->compression, type, data);
+}
+
+METHOD(tls_protection_t, destroy, void,
+	private_tls_protection_t *this)
+{
+	free(this);
+}
+
+/**
+ * See header
+ */
+tls_protection_t *tls_protection_create(tls_compression_t *compression)
+{
+	private_tls_protection_t *this;
+
+	INIT(this,
+		.public = {
+			.process = _process,
+			.build = _build,
+			.destroy = _destroy,
+		},
+		.compression = compression,
+	);
+
+	return &this->public;
+}
diff --git a/src/charon/plugins/eap_tls/tls/tls_protection.h b/src/charon/plugins/eap_tls/tls/tls_protection.h
new file mode 100644
index 000000000..98f432b93
--- /dev/null
+++ b/src/charon/plugins/eap_tls/tls/tls_protection.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tls_protection tls_protection
+ * @{ @ingroup tls
+ */
+
+#ifndef TLS_PROTECTION_H_
+#define TLS_PROTECTION_H_
+
+typedef struct tls_protection_t tls_protection_t;
+
+#include <library.h>
+
+#include "tls.h"
+#include "tls_compression.h"
+
+/**
+ * TLS record protocol protection layer.
+ */
+struct tls_protection_t {
+
+	/**
+	 * Process a protected TLS record, pass it to upper layers.
+	 *
+	 * @param type		type of the TLS record to process
+	 * @param data		associated TLS record data
+	 * @return
+	 *					- SUCCESS if TLS negotiation complete
+	 *					- FAILED if TLS handshake failed
+	 *					- NEED_MORE if more invocations to process/build needed
+	 */
+	status_t (*process)(tls_protection_t *this,
+						tls_content_type_t type, chunk_t data);
+
+	/**
+	 * Query upper layer for TLS record, build protected record.
+	 *
+	 * @param type		type of the built TLS record
+	 * @param data		allocated data of the built TLS record
+	 * @return
+	 *					- SUCCESS if TLS negotiation complete
+	 *					- FAILED if TLS handshake failed
+	 *					- NEED_MORE if upper layers have more records to send
+	 *					- INVALID_STATE if more input records required
+	 */
+	status_t (*build)(tls_protection_t *this,
+					  tls_content_type_t *type, chunk_t *data);
+
+	/**
+	 * Destroy a tls_protection_t.
+	 */
+	void (*destroy)(tls_protection_t *this);
+};
+
+/**
+ * Create a tls_protection instance.
+ *
+ * @param compression		compression layer of TLS stack
+ * @return					TLS protection layer.
+ */
+tls_protection_t *tls_protection_create(tls_compression_t *compression);
+
+#endif /** TLS_PROTECTION_H_ @}*/