]>
Commit | Line | Data |
---|---|---|
17102f7b MW |
1 | /* |
2 | * Copyright (C) 2010 Martin Willi | |
3 | * Copyright (C) 2010 revosec AG | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
14 | */ | |
15 | ||
16 | /** | |
17 | * @defgroup tls_socket tls_socket | |
18 | * @{ @ingroup libtls | |
19 | */ | |
20 | ||
21 | #ifndef TLS_SOCKET_H_ | |
22 | #define TLS_SOCKET_H_ | |
23 | ||
24 | #include "tls.h" | |
25 | ||
26 | typedef struct tls_socket_t tls_socket_t; | |
27 | ||
28 | /** | |
29 | * TLS secured socket. | |
30 | * | |
31 | * Wraps a blocking (socket) file descriptor for a reliable transport into a | |
32 | * TLS secured socket. TLS negotiation happens on demand, certificates and | |
33 | * private keys are fetched from any registered credential set. | |
34 | */ | |
35 | struct tls_socket_t { | |
36 | ||
37 | /** | |
ee90c789 | 38 | * Read data from secured socket. |
17102f7b MW |
39 | * |
40 | * This call is blocking, you may use select() on the underlying socket to | |
ee90c789 MW |
41 | * wait for data. If "block" is FALSE and no application data is available, |
42 | * the function returns -1 and sets errno to EWOULDBLOCK. | |
17102f7b | 43 | * |
ee90c789 MW |
44 | * @param buf buffer to write received data to |
45 | * @param len size of buffer | |
46 | * @param block TRUE to block this call, FALSE to fail if it would block | |
47 | * @return number of bytes read, 0 on EOF, -1 on error | |
17102f7b | 48 | */ |
ee90c789 | 49 | ssize_t (*read)(tls_socket_t *this, void *buf, size_t len, bool block); |
17102f7b MW |
50 | |
51 | /** | |
ee90c789 | 52 | * Write data over the secured socket. |
17102f7b | 53 | * |
ee90c789 MW |
54 | * @param buf data to send |
55 | * @param len number of bytes to write from buf | |
56 | * @return number of bytes written, -1 on error | |
17102f7b | 57 | */ |
ee90c789 | 58 | ssize_t (*write)(tls_socket_t *this, void *buf, size_t len); |
17102f7b | 59 | |
3a87c89b MW |
60 | /** |
61 | * Read/write plain data from file descriptor. | |
62 | * | |
63 | * This call is blocking, but a thread cancellation point. Data is | |
64 | * exchanged until one of the sockets gets closed or an error occurs. | |
65 | * | |
66 | * @param rfd file descriptor to read plain data from | |
67 | * @param wfd file descriptor to write plain data to | |
68 | * @return TRUE if data exchanged successfully | |
69 | */ | |
70 | bool (*splice)(tls_socket_t *this, int rfd, int wfd); | |
71 | ||
6b012164 MW |
72 | /** |
73 | * Get the underlying file descriptor passed to the constructor. | |
74 | * | |
75 | * @return file descriptor | |
76 | */ | |
77 | int (*get_fd)(tls_socket_t *this); | |
78 | ||
257c80cb MW |
79 | /** |
80 | * Return the server identity. | |
81 | * | |
82 | * @return server identity | |
83 | */ | |
84 | identification_t* (*get_server_id)(tls_socket_t *this); | |
85 | ||
86 | /** | |
87 | * Return the peer identity. | |
88 | * | |
89 | * @return peer identity | |
90 | */ | |
91 | identification_t* (*get_peer_id)(tls_socket_t *this); | |
92 | ||
17102f7b MW |
93 | /** |
94 | * Destroy a tls_socket_t. | |
95 | */ | |
96 | void (*destroy)(tls_socket_t *this); | |
97 | }; | |
98 | ||
99 | /** | |
100 | * Create a tls_socket instance. | |
101 | * | |
102 | * @param is_server TRUE to act as TLS server | |
103 | * @param server server identity | |
104 | * @param peer client identity, NULL for no client authentication | |
105 | * @param fd socket to read/write from | |
6a5c86b7 | 106 | * @param cache session cache to use, or NULL |
e15f64cc | 107 | * @param max_version maximun TLS version to negotiate |
53138802 | 108 | * @param nullok accept NULL encryption ciphers |
17102f7b MW |
109 | * @return TLS socket wrapper |
110 | */ | |
111 | tls_socket_t *tls_socket_create(bool is_server, identification_t *server, | |
53138802 | 112 | identification_t *peer, int fd, tls_cache_t *cache, |
e15f64cc | 113 | tls_version_t max_version, bool nullok); |
17102f7b MW |
114 | |
115 | #endif /** TLS_SOCKET_H_ @}*/ |