2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * @defgroup tls_protection tls_protection
21 #ifndef TLS_PROTECTION_H_
22 #define TLS_PROTECTION_H_
26 typedef struct tls_protection_t tls_protection_t
;
29 #include "tls_alert.h"
30 #include "tls_compression.h"
33 * TLS record protocol protection layer.
35 struct tls_protection_t
{
38 * Process a protected TLS record, pass it to upper layers.
40 * @param type type of the TLS record to process
41 * @param data associated TLS record data
43 * - SUCCESS if TLS negotiation complete
44 * - FAILED if TLS handshake failed
45 * - NEED_MORE if more invocations to process/build needed
47 status_t (*process
)(tls_protection_t
*this,
48 tls_content_type_t type
, chunk_t data
);
51 * Query upper layer for TLS record, build protected record.
53 * @param type type of the built TLS record
54 * @param data allocated data of the built TLS record
56 * - SUCCESS if TLS negotiation complete
57 * - FAILED if TLS handshake failed
58 * - NEED_MORE if upper layers have more records to send
59 * - INVALID_STATE if more input records required
61 status_t (*build
)(tls_protection_t
*this,
62 tls_content_type_t
*type
, chunk_t
*data
);
65 * Set a new cipher, including encryption and integrity algorithms.
67 * @param inbound TRUE to use cipher for inbound data, FALSE for outbound
68 * @param signer new signer to use, gets owned by protection layer
69 * @param crypter new crypter to use, gets owned by protection layer
70 * @param iv initial IV for crypter, gets owned by protection layer
72 void (*set_cipher
)(tls_protection_t
*this, bool inbound
, signer_t
*signer
,
73 crypter_t
*crypter
, chunk_t iv
);
76 * Set the TLS version negotiated, used for MAC calculation.
78 * @param version TLS version negotiated
80 void (*set_version
)(tls_protection_t
*this, tls_version_t version
);
83 * Destroy a tls_protection_t.
85 void (*destroy
)(tls_protection_t
*this);
89 * Create a tls_protection instance.
91 * @param compression compression layer of TLS stack
92 * @param alert TLS alert handler
93 * @return TLS protection layer.
95 tls_protection_t
*tls_protection_create(tls_compression_t
*compression
,
98 #endif /** TLS_PROTECTION_H_ @}*/