]>
Commit | Line | Data |
---|---|---|
18d56a18 MW |
1 | /* |
2 | * Copyright (C) 2012 Martin Willi | |
3 | * Copyright (C) 2012 revosec AG | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
14 | */ | |
15 | ||
16 | /** | |
0ceb2888 | 17 | * @defgroup pt_tls libpttls |
11adf114 TB |
18 | * |
19 | * @addtogroup pt_tls | |
20 | * @{ | |
18d56a18 MW |
21 | */ |
22 | ||
23 | #ifndef PT_TLS_H_ | |
24 | #define PT_TLS_H_ | |
25 | ||
26 | #include <bio/bio_reader.h> | |
27 | #include <bio/bio_writer.h> | |
28 | #include <tls_socket.h> | |
29 | ||
30 | /** | |
31 | * PT-TLS version we support | |
32 | */ | |
33 | #define PT_TLS_VERSION 1 | |
34 | ||
35 | /** | |
36 | * Length of a PT-TLS header | |
37 | */ | |
38 | #define PT_TLS_HEADER_LEN 16 | |
39 | ||
e689de6b AS |
40 | /** |
41 | * Maximum size of a PT-TLS message | |
42 | */ | |
3a726816 | 43 | #define PT_TLS_MAX_MESSAGE_LEN 128 * TLS_MAX_FRAGMENT_LEN - PT_TLS_HEADER_LEN |
e689de6b | 44 | |
180a2f26 AS |
45 | /** |
46 | * Default PT-TLS port | |
47 | */ | |
48 | #define PT_TLS_PORT 271 | |
49 | ||
18d56a18 | 50 | typedef enum pt_tls_message_type_t pt_tls_message_type_t; |
5b1a1083 | 51 | typedef enum pt_tls_sasl_result_t pt_tls_sasl_result_t; |
61f1693d | 52 | typedef enum pt_tls_auth_t pt_tls_auth_t; |
18d56a18 MW |
53 | |
54 | /** | |
55 | * Message types, as defined by NEA PT-TLS | |
56 | */ | |
57 | enum pt_tls_message_type_t { | |
58 | PT_TLS_EXPERIMENTAL = 0, | |
59 | PT_TLS_VERSION_REQUEST = 1, | |
60 | PT_TLS_VERSION_RESPONSE = 2, | |
61 | PT_TLS_SASL_MECHS = 3, | |
62 | PT_TLS_SASL_MECH_SELECTION = 4, | |
63 | PT_TLS_SASL_AUTH_DATA = 5, | |
64 | PT_TLS_SASL_RESULT = 6, | |
65 | PT_TLS_PB_TNC_BATCH = 7, | |
66 | PT_TLS_ERROR = 8, | |
67 | }; | |
68 | ||
6d6100c2 AS |
69 | extern enum_name_t *pt_tls_message_type_names; |
70 | ||
5b1a1083 MW |
71 | /** |
72 | * Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT | |
73 | */ | |
74 | enum pt_tls_sasl_result_t { | |
75 | PT_TLS_SASL_RESULT_SUCCESS = 0, | |
76 | PT_TLS_SASL_RESULT_FAILURE = 1, | |
77 | PT_TLS_SASL_RESULT_ABORT = 2, | |
78 | PT_TLS_SASL_RESULT_MECH_FAILURE = 3, | |
79 | }; | |
80 | ||
6d6100c2 AS |
81 | extern enum_name_t *pt_tls_sasl_result_names; |
82 | ||
61f1693d MW |
83 | /** |
84 | * Client authentication to require as PT-TLS server. | |
85 | */ | |
86 | enum pt_tls_auth_t { | |
87 | /** don't require TLS client certificate or request SASL authentication */ | |
88 | PT_TLS_AUTH_NONE, | |
89 | /** require TLS certificate authentication, no SASL */ | |
90 | PT_TLS_AUTH_TLS, | |
91 | /** do SASL regardless of TLS certificate authentication */ | |
92 | PT_TLS_AUTH_SASL, | |
93 | /* if client does not authenticate with a TLS certificate, request SASL */ | |
94 | PT_TLS_AUTH_TLS_OR_SASL, | |
95 | /* require both, TLS certificate authentication and SASL */ | |
96 | PT_TLS_AUTH_TLS_AND_SASL, | |
97 | }; | |
98 | ||
18d56a18 MW |
99 | /** |
100 | * Read a PT-TLS message, create reader over Message Value. | |
101 | * | |
102 | * @param tls TLS socket to read from | |
103 | * @param vendor receives Message Type Vendor ID from header | |
104 | * @param type receives Message Type from header | |
2db6d5b8 | 105 | * @param identifier receives Message Identifier |
18d56a18 MW |
106 | * @return reader over message value, NULL on error |
107 | */ | |
b12c53ce AS |
108 | bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor, |
109 | uint32_t *type, uint32_t *identifier); | |
18d56a18 MW |
110 | |
111 | /** | |
112 | * Prepend a PT-TLS header to a writer, send data, destroy writer. | |
113 | * | |
114 | * @param tls TLS socket to write to | |
18d56a18 MW |
115 | * @param type Message Type to write |
116 | * @param identifier Message Identifier to write | |
e689de6b | 117 | * @param data Message value to write |
18d56a18 MW |
118 | * @return TRUE if data written successfully |
119 | */ | |
e689de6b | 120 | bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type, |
b12c53ce | 121 | uint32_t identifier, chunk_t data); |
18d56a18 | 122 | |
e8f65c5c | 123 | /** |
e8f65c5c AS |
124 | * Dummy libpttls initialization function needed for integrity test |
125 | */ | |
126 | void libpttls_init(void); | |
127 | ||
18d56a18 | 128 | #endif /** PT_TLS_H_ @}*/ |