2 * Copyright (C) 2012 Martin Willi
4 * Copyright (C) secunet Security Networks AG
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 * @defgroup pt_tls libpttls
27 #include <bio/bio_reader.h>
28 #include <bio/bio_writer.h>
29 #include <tls_socket.h>
32 * PT-TLS version we support
34 #define PT_TLS_VERSION 1
37 * Length of a PT-TLS header
39 #define PT_TLS_HEADER_LEN 16
42 * Maximum size of a PT-TLS message
44 #define PT_TLS_MAX_MESSAGE_LEN 128 * TLS_MAX_FRAGMENT_LEN - PT_TLS_HEADER_LEN
49 #define PT_TLS_PORT 271
51 typedef enum pt_tls_message_type_t pt_tls_message_type_t
;
52 typedef enum pt_tls_sasl_result_t pt_tls_sasl_result_t
;
53 typedef enum pt_tls_auth_t pt_tls_auth_t
;
56 * Message types, as defined by NEA PT-TLS
58 enum pt_tls_message_type_t
{
59 PT_TLS_EXPERIMENTAL
= 0,
60 PT_TLS_VERSION_REQUEST
= 1,
61 PT_TLS_VERSION_RESPONSE
= 2,
62 PT_TLS_SASL_MECHS
= 3,
63 PT_TLS_SASL_MECH_SELECTION
= 4,
64 PT_TLS_SASL_AUTH_DATA
= 5,
65 PT_TLS_SASL_RESULT
= 6,
66 PT_TLS_PB_TNC_BATCH
= 7,
70 extern enum_name_t
*pt_tls_message_type_names
;
73 * Result code for a single SASL mechanism, as sent in PT_TLS_SASL_RESULT
75 enum pt_tls_sasl_result_t
{
76 PT_TLS_SASL_RESULT_SUCCESS
= 0,
77 PT_TLS_SASL_RESULT_FAILURE
= 1,
78 PT_TLS_SASL_RESULT_ABORT
= 2,
79 PT_TLS_SASL_RESULT_MECH_FAILURE
= 3,
82 extern enum_name_t
*pt_tls_sasl_result_names
;
85 * Client authentication to require as PT-TLS server.
88 /** don't require TLS client certificate or request SASL authentication */
90 /** require TLS certificate authentication, no SASL */
92 /** do SASL regardless of TLS certificate authentication */
94 /* if client does not authenticate with a TLS certificate, request SASL */
95 PT_TLS_AUTH_TLS_OR_SASL
,
96 /* require both, TLS certificate authentication and SASL */
97 PT_TLS_AUTH_TLS_AND_SASL
,
101 * Read a PT-TLS message, create reader over Message Value.
103 * @param tls TLS socket to read from
104 * @param vendor receives Message Type Vendor ID from header
105 * @param type receives Message Type from header
106 * @param identifier receives Message Identifier
107 * @return reader over message value, NULL on error
109 bio_reader_t
* pt_tls_read(tls_socket_t
*tls
, uint32_t *vendor
,
110 uint32_t *type
, uint32_t *identifier
);
113 * Prepend a PT-TLS header to a writer, send data, destroy writer.
115 * @param tls TLS socket to write to
116 * @param type Message Type to write
117 * @param identifier Message Identifier to write
118 * @param data Message value to write
119 * @return TRUE if data written successfully
121 bool pt_tls_write(tls_socket_t
*tls
, pt_tls_message_type_t type
,
122 uint32_t identifier
, chunk_t data
);
125 * Dummy libpttls initialization function needed for integrity test
127 void libpttls_init(void);
129 #endif /** PT_TLS_H_ @}*/