[thirdparty/strongswan.git] / src / libtls / tls_socket.h

/*
 * Copyright (C) 2010 Martin Willi
 * Copyright (C) 2010 revosec AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup tls_socket tls_socket
 * @{ @ingroup libtls
 */

#ifndef TLS_SOCKET_H_
#define TLS_SOCKET_H_

#include "tls.h"

typedef struct tls_socket_t tls_socket_t;

/**
 * TLS secured socket.
 *
 * Wraps a blocking (socket) file descriptor for a reliable transport into a
 * TLS secured socket. TLS negotiation happens on demand, certificates and
 * private keys are fetched from any registered credential set.
 */
struct tls_socket_t {

	/**
	 * Read data from secured socket.
	 *
	 * This call is blocking, you may use select() on the underlying socket to
	 * wait for data. If "block" is FALSE and no application data is available,
	 * the function returns -1 and sets errno to EWOULDBLOCK.
	 *
	 * @param buf		buffer to write received data to
	 * @param len		size of buffer
	 * @param block		TRUE to block this call, FALSE to fail if it would block
	 * @return			number of bytes read, 0 on EOF, -1 on error
	 */
	ssize_t (*read)(tls_socket_t *this, void *buf, size_t len, bool block);

	/**
	 * Write data over the secured socket.
	 *
	 * @param buf		data to send
	 * @param len		number of bytes to write from buf
	 * @return			number of bytes written, -1 on error
	 */
	ssize_t (*write)(tls_socket_t *this, void *buf, size_t len);

	/**
	 * Read/write plain data from file descriptor.
	 *
	 * This call is blocking, but a thread cancellation point. Data is
	 * exchanged until one of the sockets gets closed or an error occurs.
	 *
	 * @param rfd		file descriptor to read plain data from
	 * @param wfd		file descriptor to write plain data to
	 * @return			TRUE if data exchanged successfully
	 */
	bool (*splice)(tls_socket_t *this, int rfd, int wfd);

	/**
	 * Get the underlying file descriptor passed to the constructor.
	 *
	 * @return			file descriptor
	 */
	int (*get_fd)(tls_socket_t *this);

	/**
	 * Return the server identity.
	 *
	 * @return			server identity
	 */
	identification_t* (*get_server_id)(tls_socket_t *this);

	/**
	 * Return the peer identity.
	 *
	 * @return			peer identity
	 */
	identification_t* (*get_peer_id)(tls_socket_t *this);

	/**
	 * Destroy a tls_socket_t.
	 */
	void (*destroy)(tls_socket_t *this);
};

/**
 * Create a tls_socket instance.
 *
 * @param is_server			TRUE to act as TLS server
 * @param server			server identity
 * @param peer				client identity, NULL for no client authentication
 * @param fd				socket to read/write from
 * @param cache				session cache to use, or NULL
 * @param max_version		maximun TLS version to negotiate
 * @param nullok			accept NULL encryption ciphers
 * @return					TLS socket wrapper
 */
tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
							identification_t *peer, int fd, tls_cache_t *cache,
							tls_version_t max_version, bool nullok);

#endif /** TLS_SOCKET_H_ @}*/
Commit	Line	Data
17102f7b MW	1	/*
	2	* Copyright (C) 2010 Martin Willi
	3	* Copyright (C) 2010 revosec AG
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	/**
	17	* @defgroup tls_socket tls_socket
	18	* @{ @ingroup libtls
	19	*/
	20
	21	#ifndef TLS_SOCKET_H_
	22	#define TLS_SOCKET_H_
	23
	24	#include "tls.h"
	25
	26	typedef struct tls_socket_t tls_socket_t;
	27
	28	/**
	29	* TLS secured socket.
	30	*
	31	* Wraps a blocking (socket) file descriptor for a reliable transport into a
	32	* TLS secured socket. TLS negotiation happens on demand, certificates and
	33	* private keys are fetched from any registered credential set.
	34	*/
	35	struct tls_socket_t {
	36
	37	/**
ee90c789	38	* Read data from secured socket.
17102f7b MW	39	*
17102f7b MW	40	* This call is blocking, you may use select() on the underlying socket to
ee90c789 MW	41	* wait for data. If "block" is FALSE and no application data is available,
ee90c789 MW	42	* the function returns -1 and sets errno to EWOULDBLOCK.
17102f7b	43	*
ee90c789 MW	44	* @param buf buffer to write received data to
	45	* @param len size of buffer
	46	* @param block TRUE to block this call, FALSE to fail if it would block
	47	* @return number of bytes read, 0 on EOF, -1 on error
17102f7b	48	*/
ee90c789	49	ssize_t (read)(tls_socket_t this, void *buf, size_t len, bool block);
17102f7b MW	50
17102f7b MW	51	/**
ee90c789	52	* Write data over the secured socket.
17102f7b	53	*
ee90c789 MW	54	* @param buf data to send
	55	* @param len number of bytes to write from buf
	56	* @return number of bytes written, -1 on error
17102f7b	57	*/
ee90c789	58	ssize_t (write)(tls_socket_t this, void *buf, size_t len);
17102f7b	59
3a87c89b MW	60	/**
	61	* Read/write plain data from file descriptor.
	62	*
	63	* This call is blocking, but a thread cancellation point. Data is
	64	* exchanged until one of the sockets gets closed or an error occurs.
	65	*
	66	* @param rfd file descriptor to read plain data from
	67	* @param wfd file descriptor to write plain data to
	68	* @return TRUE if data exchanged successfully
	69	*/
	70	bool (splice)(tls_socket_t this, int rfd, int wfd);
	71
6b012164 MW	72	/**
	73	* Get the underlying file descriptor passed to the constructor.
	74	*
	75	* @return file descriptor
	76	*/
	77	int (get_fd)(tls_socket_t this);
	78
257c80cb MW	79	/**
	80	* Return the server identity.
	81	*
	82	* @return server identity
	83	*/
	84	identification_t* (get_server_id)(tls_socket_t this);
	85
	86	/**
	87	* Return the peer identity.
	88	*
	89	* @return peer identity
	90	*/
	91	identification_t* (get_peer_id)(tls_socket_t this);
	92
17102f7b MW	93	/**
	94	* Destroy a tls_socket_t.
	95	*/
	96	void (destroy)(tls_socket_t this);
	97	};
	98
	99	/**
	100	* Create a tls_socket instance.
	101	*
	102	* @param is_server TRUE to act as TLS server
	103	* @param server server identity
	104	* @param peer client identity, NULL for no client authentication
	105	* @param fd socket to read/write from
6a5c86b7	106	* @param cache session cache to use, or NULL
e15f64cc	107	* @param max_version maximun TLS version to negotiate
53138802	108	* @param nullok accept NULL encryption ciphers
17102f7b MW	109	* @return TLS socket wrapper
	110	*/
	111	tls_socket_t tls_socket_create(bool is_server, identification_t server,
53138802	112	identification_t peer, int fd, tls_cache_t cache,
e15f64cc	113	tls_version_t max_version, bool nullok);
17102f7b MW	114
17102f7b MW	115	#endif /** TLS_SOCKET_H_ @}*/