tls.h

Go to the documentation of this file.

#ifndef TLS_H
#define TLS_H

struct tls_connection;

struct tls_keys {
        const u8 *master_key;
        size_t master_key_len;
        const u8 *client_random;
        size_t client_random_len;
        const u8 *server_random;
        size_t server_random_len;

        /*
         * If TLS library does not provide access to master_key, but only to
         * EAP key block, this pointer can be set to point to the result of
         * PRF(master_secret, "client EAP encryption",
         * client_random + server_random).
         */
        const u8 *eap_tls_prf;
        size_t eap_tls_prf_len;
};

struct tls_config {
        const char *opensc_engine_path;
        const char *pkcs11_engine_path;
        const char *pkcs11_module_path;
};

struct tls_connection_params {
        const char *ca_cert;
        const u8 *ca_cert_blob;
        size_t ca_cert_blob_len;
        const char *ca_path;
        const char *subject_match;
        const char *altsubject_match;
        const char *client_cert;
        const u8 *client_cert_blob;
        size_t client_cert_blob_len;
        const char *private_key;
        const u8 *private_key_blob;
        size_t private_key_blob_len;
        const char *private_key_passwd;
        const char *dh_file;
        const u8 *dh_blob;
        size_t dh_blob_len;

        /* OpenSSL specific variables */
        int engine;
        const char *engine_id;
        const char *pin;
        const char *key_id;
};


void * tls_init(const struct tls_config *conf);

void tls_deinit(void *tls_ctx);

int tls_get_errors(void *tls_ctx);

struct tls_connection * tls_connection_init(void *tls_ctx);

void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn);

int tls_connection_established(void *tls_ctx, struct tls_connection *conn);

int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn);

enum {
        TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3,
        TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2
};
int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                              const struct tls_connection_params *params);

int tls_global_ca_cert(void *tls_ctx, const char *ca_cert);

int tls_global_set_verify(void *tls_ctx, int check_crl);

int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
                              int verify_peer);

int tls_global_client_cert(void *tls_ctx, const char *client_cert);

int tls_global_private_key(void *tls_ctx, const char *private_key,
                           const char *private_key_passwd);

int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn,
                            struct tls_keys *keys);

u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
                              const u8 *in_data, size_t in_len,
                              size_t *out_len);

u8 * tls_connection_server_handshake(void *tls_ctx,
                                     struct tls_connection *conn,
                                     const u8 *in_data, size_t in_len,
                                     size_t *out_len);

int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn,
                           const u8 *in_data, size_t in_len,
                           u8 *out_data, size_t out_len);

int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn,
                           const u8 *in_data, size_t in_len,
                           u8 *out_data, size_t out_len);

int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn);

int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn,
                                  const u8 *key, size_t key_len);

int tls_connection_set_anon_dh(void *tls_ctx, struct tls_connection *conn);

int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
                   char *buf, size_t buflen);

int tls_connection_enable_workaround(void *tls_ctx,
                                     struct tls_connection *conn);

int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
                                    int ext_type, const u8 *data,
                                    size_t data_len);

int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn);

int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn);

int tls_connection_get_write_alerts(void *tls_ctx,
                                    struct tls_connection *conn);

int tls_connection_get_keyblock_size(void *tls_ctx,
                                     struct tls_connection *conn);

#endif /* TLS_H */

---