[thirdparty/strongswan.git] / src / libpttls / pt_tls.h

/*
 * Copyright (C) 2012 Martin Willi
 * Copyright (C) 2012 revosec AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup pt_tls libpttls
 *
 * @addtogroup pt_tls
 * @{
 */

#ifndef PT_TLS_H_
#define PT_TLS_H_

#include <bio/bio_reader.h>
#include <bio/bio_writer.h>
#include <tls_socket.h>

/**
 * PT-TLS version we support
 */
#define PT_TLS_VERSION 1

/**
 * Length of a PT-TLS header
 */
#define PT_TLS_HEADER_LEN 16

/**
 * Maximum size of a PT-TLS message
 */
#define PT_TLS_MAX_MESSAGE_LEN	128 * TLS_MAX_FRAGMENT_LEN - PT_TLS_HEADER_LEN

/**
 * Default PT-TLS port
 */
#define PT_TLS_PORT	 271

typedef enum pt_tls_message_type_t pt_tls_message_type_t;
typedef enum pt_tls_sasl_result_t pt_tls_sasl_result_t;
typedef enum pt_tls_auth_t pt_tls_auth_t;

/**
 * Message types, as defined by NEA PT-TLS
 */
enum pt_tls_message_type_t {
	PT_TLS_EXPERIMENTAL = 0,
	PT_TLS_VERSION_REQUEST = 1,
	PT_TLS_VERSION_RESPONSE = 2,
	PT_TLS_SASL_MECHS = 3,
	PT_TLS_SASL_MECH_SELECTION = 4,
	PT_TLS_SASL_AUTH_DATA = 5,
	PT_TLS_SASL_RESULT = 6,
	PT_TLS_PB_TNC_BATCH = 7,
	PT_TLS_ERROR = 8,
};

extern enum_name_t *pt_tls_message_type_names;

/**
 * Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT
 */
enum pt_tls_sasl_result_t {
	PT_TLS_SASL_RESULT_SUCCESS = 0,
	PT_TLS_SASL_RESULT_FAILURE = 1,
	PT_TLS_SASL_RESULT_ABORT = 2,
	PT_TLS_SASL_RESULT_MECH_FAILURE = 3,
};

extern enum_name_t *pt_tls_sasl_result_names;

/**
 * Client authentication to require as PT-TLS server.
 */
enum pt_tls_auth_t {
	/** don't require TLS client certificate or request SASL authentication */
	PT_TLS_AUTH_NONE,
	/** require TLS certificate authentication, no SASL */
	PT_TLS_AUTH_TLS,
	/** do SASL regardless of TLS certificate authentication */
	PT_TLS_AUTH_SASL,
	/* if client does not authenticate with a TLS certificate, request SASL */
	PT_TLS_AUTH_TLS_OR_SASL,
	/* require both, TLS certificate authentication and SASL */
	PT_TLS_AUTH_TLS_AND_SASL,
};

/**
 * Read a PT-TLS message, create reader over Message Value.
 *
 * @param tls			TLS socket to read from
 * @param vendor		receives Message Type Vendor ID from header
 * @param type			receives Message Type from header
 * @param identifier	receives Message Identifier
 * @return				reader over message value, NULL on error
 */
bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor,
						  uint32_t *type, uint32_t *identifier);

/**
 * Prepend a PT-TLS header to a writer, send data, destroy writer.
 *
 * @param tls			TLS socket to write to
 * @param type			Message Type to write
 * @param identifier	Message Identifier to write
 * @param data			Message value to write
 * @return				TRUE if data written successfully
 */
bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type,
				  uint32_t identifier, chunk_t data);

/**
 * Dummy libpttls initialization function needed for integrity test
 */
void libpttls_init(void);

#endif /** PT_TLS_H_ @}*/
Commit	Line	Data
18d56a18 MW	1	/*
	2	* Copyright (C) 2012 Martin Willi
	3	* Copyright (C) 2012 revosec AG
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	/**
0ceb2888	17	* @defgroup pt_tls libpttls
11adf114 TB	18	*
	19	* @addtogroup pt_tls
	20	* @{
18d56a18 MW	21	*/
	22
	23	#ifndef PT_TLS_H_
	24	#define PT_TLS_H_
	25
	26	#include <bio/bio_reader.h>
	27	#include <bio/bio_writer.h>
	28	#include <tls_socket.h>
	29
	30	/**
	31	* PT-TLS version we support
	32	*/
	33	#define PT_TLS_VERSION 1
	34
	35	/**
	36	* Length of a PT-TLS header
	37	*/
	38	#define PT_TLS_HEADER_LEN 16
	39
e689de6b AS	40	/**
	41	* Maximum size of a PT-TLS message
	42	*/
3a726816	43	#define PT_TLS_MAX_MESSAGE_LEN 128 * TLS_MAX_FRAGMENT_LEN - PT_TLS_HEADER_LEN
e689de6b	44
180a2f26 AS	45	/**
	46	* Default PT-TLS port
	47	*/
	48	#define PT_TLS_PORT 271
	49
18d56a18	50	typedef enum pt_tls_message_type_t pt_tls_message_type_t;
5b1a1083	51	typedef enum pt_tls_sasl_result_t pt_tls_sasl_result_t;
61f1693d	52	typedef enum pt_tls_auth_t pt_tls_auth_t;
18d56a18 MW	53
	54	/**
	55	* Message types, as defined by NEA PT-TLS
	56	*/
	57	enum pt_tls_message_type_t {
	58	PT_TLS_EXPERIMENTAL = 0,
	59	PT_TLS_VERSION_REQUEST = 1,
	60	PT_TLS_VERSION_RESPONSE = 2,
	61	PT_TLS_SASL_MECHS = 3,
	62	PT_TLS_SASL_MECH_SELECTION = 4,
	63	PT_TLS_SASL_AUTH_DATA = 5,
	64	PT_TLS_SASL_RESULT = 6,
	65	PT_TLS_PB_TNC_BATCH = 7,
	66	PT_TLS_ERROR = 8,
	67	};
	68
6d6100c2 AS	69	extern enum_name_t *pt_tls_message_type_names;
6d6100c2 AS	70
5b1a1083 MW	71	/**
	72	* Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT
	73	*/
	74	enum pt_tls_sasl_result_t {
	75	PT_TLS_SASL_RESULT_SUCCESS = 0,
	76	PT_TLS_SASL_RESULT_FAILURE = 1,
	77	PT_TLS_SASL_RESULT_ABORT = 2,
	78	PT_TLS_SASL_RESULT_MECH_FAILURE = 3,
	79	};
	80
6d6100c2 AS	81	extern enum_name_t *pt_tls_sasl_result_names;
6d6100c2 AS	82
61f1693d MW	83	/**
	84	* Client authentication to require as PT-TLS server.
	85	*/
	86	enum pt_tls_auth_t {
	87	/** don't require TLS client certificate or request SASL authentication */
	88	PT_TLS_AUTH_NONE,
	89	/** require TLS certificate authentication, no SASL */
	90	PT_TLS_AUTH_TLS,
	91	/** do SASL regardless of TLS certificate authentication */
	92	PT_TLS_AUTH_SASL,
	93	/* if client does not authenticate with a TLS certificate, request SASL */
	94	PT_TLS_AUTH_TLS_OR_SASL,
	95	/* require both, TLS certificate authentication and SASL */
	96	PT_TLS_AUTH_TLS_AND_SASL,
	97	};
	98
18d56a18 MW	99	/**
	100	* Read a PT-TLS message, create reader over Message Value.
	101	*
	102	* @param tls TLS socket to read from
	103	* @param vendor receives Message Type Vendor ID from header
	104	* @param type receives Message Type from header
2db6d5b8	105	* @param identifier receives Message Identifier
18d56a18 MW	106	* @return reader over message value, NULL on error
18d56a18 MW	107	*/
b12c53ce AS	108	bio_reader_t* pt_tls_read(tls_socket_t tls, uint32_t vendor,
b12c53ce AS	109	uint32_t type, uint32_t identifier);
18d56a18 MW	110
	111	/**
	112	* Prepend a PT-TLS header to a writer, send data, destroy writer.
	113	*
	114	* @param tls TLS socket to write to
18d56a18 MW	115	* @param type Message Type to write
18d56a18 MW	116	* @param identifier Message Identifier to write
e689de6b	117	* @param data Message value to write
18d56a18 MW	118	* @return TRUE if data written successfully
18d56a18 MW	119	*/
e689de6b	120	bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type,
b12c53ce	121	uint32_t identifier, chunk_t data);
18d56a18	122
e8f65c5c	123	/**
e8f65c5c AS	124	* Dummy libpttls initialization function needed for integrity test
	125	*/
	126	void libpttls_init(void);
	127
18d56a18	128	#endif /** PT_TLS_H_ @}*/