From 0f82a47063f05d8eeae64866ff4787edc8db6328 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 3 Aug 2010 15:17:40 +0200 Subject: [PATCH] Moved TLS stack to its own library --- Doxyfile.in | 1 + configure.in | 6 ++++++ src/Makefile.am | 4 ++++ src/libcharon/Makefile.am | 7 +++++++ src/libcharon/plugins/eap_tls/Makefile.am | 18 +++++------------- src/libcharon/plugins/eap_tls/eap_tls.c | 2 +- src/libtls/Makefile.am | 15 +++++++++++++++ .../plugins/eap_tls/tls => libtls}/tls.c | 2 -- .../plugins/eap_tls/tls => libtls}/tls.h | 8 +++++--- .../eap_tls/tls => libtls}/tls_compression.c | 2 -- .../eap_tls/tls => libtls}/tls_compression.h | 2 +- .../eap_tls/tls => libtls}/tls_crypto.c | 2 +- .../eap_tls/tls => libtls}/tls_crypto.h | 2 +- .../eap_tls/tls => libtls}/tls_fragmentation.c | 2 +- .../eap_tls/tls => libtls}/tls_fragmentation.h | 2 +- .../eap_tls/tls => libtls}/tls_handshake.h | 4 ++-- .../plugins/eap_tls/tls => libtls}/tls_peer.c | 2 +- .../plugins/eap_tls/tls => libtls}/tls_peer.h | 2 +- .../plugins/eap_tls/tls => libtls}/tls_prf.c | 0 .../plugins/eap_tls/tls => libtls}/tls_prf.h | 2 +- .../eap_tls/tls => libtls}/tls_protection.c | 2 +- .../eap_tls/tls => libtls}/tls_protection.h | 2 +- .../eap_tls/tls => libtls}/tls_reader.c | 4 ++-- .../eap_tls/tls => libtls}/tls_reader.h | 4 ++-- .../eap_tls/tls => libtls}/tls_server.c | 2 +- .../eap_tls/tls => libtls}/tls_server.h | 2 +- .../eap_tls/tls => libtls}/tls_writer.c | 2 +- .../eap_tls/tls => libtls}/tls_writer.h | 4 ++-- 28 files changed, 65 insertions(+), 42 deletions(-) create mode 100644 src/libtls/Makefile.am rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls.c (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls.h (96%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_compression.c (98%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_compression.h (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_crypto.c (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_crypto.h (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_fragmentation.c (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_fragmentation.h (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_handshake.h (97%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_peer.c (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_peer.h (98%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_prf.c (100%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_prf.h (98%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_protection.c (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_protection.h (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_reader.c (98%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_reader.h (98%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_server.c (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_server.h (98%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_writer.c (99%) rename src/{libcharon/plugins/eap_tls/tls => libtls}/tls_writer.h (98%) diff --git a/Doxyfile.in b/Doxyfile.in index b79c9909d..52e62b767 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -531,6 +531,7 @@ INPUT = @SRC_DIR@/src/libstrongswan \ @SRC_DIR@/src/libhydra \ @SRC_DIR@/src/libcharon \ @SRC_DIR@/src/libsimaka \ + @SRC_DIR@/src/libtls \ @SRC_DIR@/src/libfast \ @SRC_DIR@/src/manager diff --git a/configure.in b/configure.in index 65f45c889..f15e5d2d8 100644 --- a/configure.in +++ b/configure.in @@ -225,6 +225,10 @@ if test x$eap_sim = xtrue; then simaka=true; fi +if test x$eap_tls = xtrue; then + tls=true; +fi + if test x$fips_prf = xtrue; then if test x$openssl = xfalse; then sha1=true; @@ -895,6 +899,7 @@ AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue) AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap) AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue) AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue) +AM_CONDITIONAL(USE_TLS, test x$tls = xtrue) AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue) dnl ============================== @@ -955,6 +960,7 @@ AC_OUTPUT( src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile + src/libtls/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile diff --git a/src/Makefile.am b/src/Makefile.am index 8d4dd2e37..0edddc9fc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -12,6 +12,10 @@ if USE_SIMAKA SUBDIRS += libsimaka endif +if USE_TLS + SUBDIRS += libtls +endif + if USE_FILE_CONFIG SUBDIRS += libfreeswan starter ipsec _copyright endif diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 510f5e569..4681fb964 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -352,6 +352,13 @@ if MONOLITHIC endif endif +if USE_TLS +if MONOLITHIC + # otherwise this library is linked to eap_tls + libcharon_la_LIBADD += $(top_builddir)/src/libtls/libtls.la +endif +endif + if USE_MEDSRV SUBDIRS += plugins/medsrv PLUGINS += medsrv diff --git a/src/libcharon/plugins/eap_tls/Makefile.am b/src/libcharon/plugins/eap_tls/Makefile.am index bd8f82a62..29ddd822b 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.am +++ b/src/libcharon/plugins/eap_tls/Makefile.am @@ -1,6 +1,6 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ - -I$(top_srcdir)/src/libcharon + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic @@ -8,18 +8,10 @@ if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-eap-tls.la else plugin_LTLIBRARIES = libstrongswan-eap-tls.la +libstrongswan_eap_tls_la_LIBADD = $(top_builddir)/src/libtls/libtls.la endif -libstrongswan_eap_tls_la_SOURCES = eap_tls_plugin.h eap_tls_plugin.c \ - eap_tls.h eap_tls.c tls/tls.h tls/tls.c \ - tls/tls_protection.h tls/tls_protection.c \ - tls/tls_compression.h tls/tls_compression.c \ - tls/tls_fragmentation.h tls/tls_fragmentation.c \ - tls/tls_crypto.h tls/tls_crypto.c \ - tls/tls_prf.h tls/tls_prf.c \ - tls/tls_reader.h tls/tls_reader.c \ - tls/tls_writer.h tls/tls_writer.c \ - tls/tls_peer.h tls/tls_peer.c \ - tls/tls_server.h tls/tls_server.c \ - tls/tls_handshake.h +libstrongswan_eap_tls_la_SOURCES = \ + eap_tls_plugin.h eap_tls_plugin.c eap_tls.h eap_tls.c + libstrongswan_eap_tls_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index cf4294970..453a4cc05 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -15,7 +15,7 @@ #include "eap_tls.h" -#include "tls/tls.h" +#include #include #include diff --git a/src/libtls/Makefile.am b/src/libtls/Makefile.am new file mode 100644 index 000000000..d61cd8477 --- /dev/null +++ b/src/libtls/Makefile.am @@ -0,0 +1,15 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +noinst_LTLIBRARIES = libtls.la +libtls_la_SOURCES = \ + tls_protection.h tls_protection.c \ + tls_compression.h tls_compression.c \ + tls_fragmentation.h tls_fragmentation.c \ + tls_crypto.h tls_crypto.c \ + tls_prf.h tls_prf.c \ + tls_reader.h tls_reader.c \ + tls_writer.h tls_writer.c \ + tls_peer.h tls_peer.c \ + tls_server.h tls_server.c \ + tls_handshake.h tls.h tls.c diff --git a/src/libcharon/plugins/eap_tls/tls/tls.c b/src/libtls/tls.c similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls.c rename to src/libtls/tls.c index ab03037fa..4384c0749 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls.c +++ b/src/libtls/tls.c @@ -22,8 +22,6 @@ #include "tls_server.h" #include "tls_peer.h" -#include - ENUM_BEGIN(tls_version_names, SSL_2_0, SSL_2_0, "SSLv2"); ENUM_NEXT(tls_version_names, SSL_3_0, TLS_1_2, SSL_2_0, diff --git a/src/libcharon/plugins/eap_tls/tls/tls.h b/src/libtls/tls.h similarity index 96% rename from src/libcharon/plugins/eap_tls/tls/tls.h rename to src/libtls/tls.h index 283f591e7..67ee74230 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls.h +++ b/src/libtls/tls.h @@ -14,11 +14,13 @@ */ /** - * @defgroup tlsgroup tls - * @{ @ingroup eap_tls + * @defgroup libtls libtls + * + * @addtogroup libtls + * TLS implementation on top of libstrongswan * * @defgroup tls tls - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_compression.c b/src/libtls/tls_compression.c similarity index 98% rename from src/libcharon/plugins/eap_tls/tls/tls_compression.c rename to src/libtls/tls_compression.c index 453558084..02a3578e3 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_compression.c +++ b/src/libtls/tls_compression.c @@ -15,8 +15,6 @@ #include "tls_compression.h" -#include - typedef struct private_tls_compression_t private_tls_compression_t; /** diff --git a/src/libcharon/plugins/eap_tls/tls/tls_compression.h b/src/libtls/tls_compression.h similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_compression.h rename to src/libtls/tls_compression.h index a61543004..bd27ab5d7 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_compression.h +++ b/src/libtls/tls_compression.h @@ -15,7 +15,7 @@ /** * @defgroup tls_compression tls_compression - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_COMPRESSION_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_crypto.c b/src/libtls/tls_crypto.c similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_crypto.c rename to src/libtls/tls_crypto.c index f8894629f..085c11e2d 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -15,7 +15,7 @@ #include "tls_crypto.h" -#include +#include typedef struct private_tls_crypto_t private_tls_crypto_t; diff --git a/src/libcharon/plugins/eap_tls/tls/tls_crypto.h b/src/libtls/tls_crypto.h similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_crypto.h rename to src/libtls/tls_crypto.h index 69b8da742..0d2588aa6 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_crypto.h +++ b/src/libtls/tls_crypto.h @@ -15,7 +15,7 @@ /** * @defgroup tls_crypto tls_crypto - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_CRYPTO_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_fragmentation.c rename to src/libtls/tls_fragmentation.c index 7a99c9235..a8d8aa289 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_fragmentation.c +++ b/src/libtls/tls_fragmentation.c @@ -17,7 +17,7 @@ #include "tls_reader.h" -#include +#include typedef struct private_tls_fragmentation_t private_tls_fragmentation_t; diff --git a/src/libcharon/plugins/eap_tls/tls/tls_fragmentation.h b/src/libtls/tls_fragmentation.h similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_fragmentation.h rename to src/libtls/tls_fragmentation.h index 61bf5488e..e141a334b 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_fragmentation.h +++ b/src/libtls/tls_fragmentation.h @@ -15,7 +15,7 @@ /** * @defgroup tls_fragmentation tls_fragmentation - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_FRAGMENTATION_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_handshake.h b/src/libtls/tls_handshake.h similarity index 97% rename from src/libcharon/plugins/eap_tls/tls/tls_handshake.h rename to src/libtls/tls_handshake.h index 113974042..c0798625e 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_handshake.h +++ b/src/libtls/tls_handshake.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -15,7 +15,7 @@ /** * @defgroup tls_handshake tls_handshake - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_HANDSHAKE_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_peer.c b/src/libtls/tls_peer.c similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_peer.c rename to src/libtls/tls_peer.c index 95973598b..c87002fc7 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -15,7 +15,7 @@ #include "tls_peer.h" -#include +#include #include diff --git a/src/libcharon/plugins/eap_tls/tls/tls_peer.h b/src/libtls/tls_peer.h similarity index 98% rename from src/libcharon/plugins/eap_tls/tls/tls_peer.h rename to src/libtls/tls_peer.h index 7857d3261..eb97c97e4 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_peer.h +++ b/src/libtls/tls_peer.h @@ -15,7 +15,7 @@ /** * @defgroup tls_peer tls_peer - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_PEER_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_prf.c b/src/libtls/tls_prf.c similarity index 100% rename from src/libcharon/plugins/eap_tls/tls/tls_prf.c rename to src/libtls/tls_prf.c diff --git a/src/libcharon/plugins/eap_tls/tls/tls_prf.h b/src/libtls/tls_prf.h similarity index 98% rename from src/libcharon/plugins/eap_tls/tls/tls_prf.h rename to src/libtls/tls_prf.h index 7326be98c..811ce2d05 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_prf.h +++ b/src/libtls/tls_prf.h @@ -15,7 +15,7 @@ /** * @defgroup tls_prf tls_prf - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_PRF_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_protection.c b/src/libtls/tls_protection.c similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_protection.c rename to src/libtls/tls_protection.c index 75fae0a71..5ea0a8312 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_protection.c +++ b/src/libtls/tls_protection.c @@ -15,7 +15,7 @@ #include "tls_protection.h" -#include +#include typedef struct private_tls_protection_t private_tls_protection_t; diff --git a/src/libcharon/plugins/eap_tls/tls/tls_protection.h b/src/libtls/tls_protection.h similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_protection.h rename to src/libtls/tls_protection.h index fab913788..aa7681bd5 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_protection.h +++ b/src/libtls/tls_protection.h @@ -15,7 +15,7 @@ /** * @defgroup tls_protection tls_protection - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_PROTECTION_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_reader.c b/src/libtls/tls_reader.c similarity index 98% rename from src/libcharon/plugins/eap_tls/tls/tls_reader.c rename to src/libtls/tls_reader.c index b21eb04f3..ee537be71 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_reader.c +++ b/src/libtls/tls_reader.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -15,7 +15,7 @@ #include "tls_reader.h" -#include +#include typedef struct private_tls_reader_t private_tls_reader_t; diff --git a/src/libcharon/plugins/eap_tls/tls/tls_reader.h b/src/libtls/tls_reader.h similarity index 98% rename from src/libcharon/plugins/eap_tls/tls/tls_reader.h rename to src/libtls/tls_reader.h index a8917dfb6..a8978b486 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_reader.h +++ b/src/libtls/tls_reader.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -15,7 +15,7 @@ /** * @defgroup tls_reader tls_reader - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_READER_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_server.c b/src/libtls/tls_server.c similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_server.c rename to src/libtls/tls_server.c index 60c62684e..c0c0cc45f 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_server.c +++ b/src/libtls/tls_server.c @@ -17,7 +17,7 @@ #include -#include +#include typedef struct private_tls_server_t private_tls_server_t; diff --git a/src/libcharon/plugins/eap_tls/tls/tls_server.h b/src/libtls/tls_server.h similarity index 98% rename from src/libcharon/plugins/eap_tls/tls/tls_server.h rename to src/libtls/tls_server.h index 3fddea225..6dc26cd3f 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_server.h +++ b/src/libtls/tls_server.h @@ -15,7 +15,7 @@ /** * @defgroup tls_server tls_server - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_SERVER_H_ diff --git a/src/libcharon/plugins/eap_tls/tls/tls_writer.c b/src/libtls/tls_writer.c similarity index 99% rename from src/libcharon/plugins/eap_tls/tls/tls_writer.c rename to src/libtls/tls_writer.c index f1d9d790e..235dc2cdf 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_writer.c +++ b/src/libtls/tls_writer.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/libcharon/plugins/eap_tls/tls/tls_writer.h b/src/libtls/tls_writer.h similarity index 98% rename from src/libcharon/plugins/eap_tls/tls/tls_writer.h rename to src/libtls/tls_writer.h index ce8ba6a6e..e6522dbfb 100644 --- a/src/libcharon/plugins/eap_tls/tls/tls_writer.h +++ b/src/libtls/tls_writer.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -15,7 +15,7 @@ /** * @defgroup tls_writer tls_writer - * @{ @ingroup tls + * @{ @ingroup libtls */ #ifndef TLS_WRITER_H_