tls.h

Go to the documentation of this file.
00001 
00016 #ifndef TLS_H
00017 #define TLS_H
00018 
00019 struct tls_connection;
00020 
00021 struct tls_keys {
00022         const u8 *master_key; /* TLS master secret */
00023         size_t master_key_len;
00024         const u8 *client_random;
00025         size_t client_random_len;
00026         const u8 *server_random;
00027         size_t server_random_len;
00028         const u8 *inner_secret; /* TLS/IA inner secret */
00029         size_t inner_secret_len;
00030 };
00031 
00032 struct tls_config {
00033         const char *opensc_engine_path;
00034         const char *pkcs11_engine_path;
00035         const char *pkcs11_module_path;
00036         int fips_mode;
00037 };
00038 
00083 struct tls_connection_params {
00084         const char *ca_cert;
00085         const u8 *ca_cert_blob;
00086         size_t ca_cert_blob_len;
00087         const char *ca_path;
00088         const char *subject_match;
00089         const char *altsubject_match;
00090         const char *client_cert;
00091         const u8 *client_cert_blob;
00092         size_t client_cert_blob_len;
00093         const char *private_key;
00094         const u8 *private_key_blob;
00095         size_t private_key_blob_len;
00096         const char *private_key_passwd;
00097         const char *dh_file;
00098         const u8 *dh_blob;
00099         size_t dh_blob_len;
00100         int tls_ia;
00101 
00102         /* OpenSSL specific variables */
00103         int engine;
00104         const char *engine_id;
00105         const char *pin;
00106         const char *key_id;
00107         const char *cert_id;
00108         const char *ca_cert_id;
00109 };
00110 
00111 
00125 void * tls_init(const struct tls_config *conf);
00126 
00138 void tls_deinit(void *tls_ctx);
00139 
00148 int tls_get_errors(void *tls_ctx);
00149 
00156 struct tls_connection * tls_connection_init(void *tls_ctx);
00157 
00166 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn);
00167 
00175 int tls_connection_established(void *tls_ctx, struct tls_connection *conn);
00176 
00189 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn);
00190 
00191 enum {
00192         TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3,
00193         TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2
00194 };
00195 
00208 int __must_check
00209 tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
00210                           const struct tls_connection_params *params);
00211 
00223 int __must_check tls_global_set_params(
00224         void *tls_ctx, const struct tls_connection_params *params);
00225 
00234 int __must_check tls_global_set_verify(void *tls_ctx, int check_crl);
00235 
00244 int __must_check tls_connection_set_verify(void *tls_ctx,
00245                                            struct tls_connection *conn,
00246                                            int verify_peer);
00247 
00259 int __must_check tls_connection_set_ia(void *tls_ctx,
00260                                        struct tls_connection *conn,
00261                                        int tls_ia);
00262 
00271 int __must_check tls_connection_get_keys(void *tls_ctx,
00272                                          struct tls_connection *conn,
00273                                          struct tls_keys *keys);
00274 
00296 int __must_check  tls_connection_prf(void *tls_ctx,
00297                                      struct tls_connection *conn,
00298                                      const char *label,
00299                                      int server_random_first,
00300                                      u8 *out, size_t out_len);
00301 
00333 u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn,
00334                               const u8 *in_data, size_t in_len,
00335                               size_t *out_len, u8 **appl_data,
00336                               size_t *appl_data_len);
00337 
00350 u8 * tls_connection_server_handshake(void *tls_ctx,
00351                                      struct tls_connection *conn,
00352                                      const u8 *in_data, size_t in_len,
00353                                      size_t *out_len);
00354 
00369 int __must_check tls_connection_encrypt(void *tls_ctx,
00370                                         struct tls_connection *conn,
00371                                         const u8 *in_data, size_t in_len,
00372                                         u8 *out_data, size_t out_len);
00373 
00388 int __must_check tls_connection_decrypt(void *tls_ctx,
00389                                         struct tls_connection *conn,
00390                                         const u8 *in_data, size_t in_len,
00391                                         u8 *out_data, size_t out_len);
00392 
00400 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn);
00401 
00402 enum {
00403         TLS_CIPHER_NONE,
00404         TLS_CIPHER_RC4_SHA /* 0x0005 */,
00405         TLS_CIPHER_AES128_SHA /* 0x002f */,
00406         TLS_CIPHER_RSA_DHE_AES128_SHA /* 0x0031 */,
00407         TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */
00408 };
00409 
00419 int __must_check tls_connection_set_cipher_list(void *tls_ctx,
00420                                                 struct tls_connection *conn,
00421                                                 u8 *ciphers);
00422 
00434 int __must_check tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
00435                                 char *buf, size_t buflen);
00436 
00447 int __must_check tls_connection_enable_workaround(void *tls_ctx,
00448                                                   struct tls_connection *conn);
00449 
00460 int __must_check tls_connection_client_hello_ext(void *tls_ctx,
00461                                                  struct tls_connection *conn,
00462                                                  int ext_type, const u8 *data,
00463                                                  size_t data_len);
00464 
00473 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn);
00474 
00483 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn);
00484 
00493 int tls_connection_get_write_alerts(void *tls_ctx,
00494                                     struct tls_connection *conn);
00495 
00504 int tls_connection_get_keyblock_size(void *tls_ctx,
00505                                      struct tls_connection *conn);
00506 
00507 #define TLS_CAPABILITY_IA 0x0001 /* TLS Inner Application (TLS/IA) */
00508 
00514 unsigned int tls_capabilities(void *tls_ctx);
00515 
00529 int __must_check tls_connection_ia_send_phase_finished(
00530         void *tls_ctx, struct tls_connection *conn, int final,
00531         u8 *out_data, size_t out_len);
00532 
00541 int __must_check tls_connection_ia_final_phase_finished(
00542         void *tls_ctx, struct tls_connection *conn);
00543 
00554 int __must_check tls_connection_ia_permute_inner_secret(
00555         void *tls_ctx, struct tls_connection *conn,
00556         const u8 *key, size_t key_len);
00557 
00558 typedef int (*tls_session_ticket_cb)
00559 (void *ctx, const u8 *ticket, size_t len, const u8 *client_random,
00560  const u8 *server_random, u8 *master_secret);
00561 
00562 int __must_check  tls_connection_set_session_ticket_cb(
00563         void *tls_ctx, struct tls_connection *conn,
00564         tls_session_ticket_cb cb, void *ctx);
00565 
00566 #endif /* TLS_H */
00567
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated on Sat Nov 21 23:16:50 2009 for hostapd by  doxygen 1.6.1