2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * @defgroup libtls libtls
20 * TLS implementation on top of libstrongswan
29 typedef enum tls_version_t tls_version_t
;
30 typedef enum tls_content_type_t tls_content_type_t
;
31 typedef enum tls_handshake_type_t tls_handshake_type_t
;
32 typedef struct tls_t tls_t
;
37 * TLS/SSL version numbers
48 * Enum names for tls_version_t
50 extern enum_name_t
*tls_version_names
;
53 * TLS higher level content type
55 enum tls_content_type_t
{
56 TLS_CHANGE_CIPHER_SPEC
= 20,
59 TLS_APPLICATION_DATA
= 23,
63 * Enum names for tls_content_type_t
65 extern enum_name_t
*tls_content_type_names
;
68 * TLS handshake subtype
70 enum tls_handshake_type_t
{
71 TLS_HELLO_REQUEST
= 0,
75 TLS_SERVER_KEY_EXCHANGE
= 12,
76 TLS_CERTIFICATE_REQUEST
= 13,
77 TLS_SERVER_HELLO_DONE
= 14,
78 TLS_CERTIFICATE_VERIFY
= 15,
79 TLS_CLIENT_KEY_EXCHANGE
= 16,
84 * Enum names for tls_handshake_type_t
86 extern enum_name_t
*tls_handshake_type_names
;
89 * A bottom-up driven TLS stack, suitable for EAP implementations.
94 * Process a TLS record, pass it to upper layers.
96 * @param type type of the TLS record to process
97 * @param data associated TLS record data
99 * - SUCCESS if TLS negotiation complete
100 * - FAILED if TLS handshake failed
101 * - NEED_MORE if more invocations to process/build needed
103 status_t (*process
)(tls_t
*this, tls_content_type_t type
, chunk_t data
);
106 * Query upper layer for TLS record, build protected record.
108 * @param type type of the built TLS record
109 * @param data allocated data of the built TLS record
111 * - SUCCESS if TLS negotiation complete
112 * - FAILED if TLS handshake failed
113 * - NEED_MORE if upper layers have more records to send
114 * - INVALID_STATE if more input records required
116 status_t (*build
)(tls_t
*this, tls_content_type_t
*type
, chunk_t
*data
);
119 * Check if TLS stack is acting as a server.
121 * @return TRUE if server, FALSE if peer
123 bool (*is_server
)(tls_t
*this);
126 * Get the negotiated TLS/SSL version.
128 * @return negotiated TLS version
130 tls_version_t (*get_version
)(tls_t
*this);
133 * Set the negotiated TLS/SSL version.
135 * @param version negotiated TLS version
137 void (*set_version
)(tls_t
*this, tls_version_t version
);
140 * Check if TLS negotiation completed successfully.
142 * @return TRUE if TLS negotation and authentication complete
144 bool (*is_complete
)(tls_t
*this);
147 * Get the MSK for EAP-TLS.
149 * @return MSK, internal data
151 chunk_t (*get_eap_msk
)(tls_t
*this);
156 void (*destroy
)(tls_t
*this);
160 * Create a tls instance.
162 * @param is_server TRUE to act as server, FALSE for client
163 * @param server server identity
164 * @param peer peer identity
165 * @param msk_label ASCII string constant used as seed for MSK PRF
168 tls_t
*tls_create(bool is_server
, identification_t
*server
,
169 identification_t
*peer
, char *msk_label
);
171 #endif /** TLS_H_ @}*/