1: /*
2: * Copyright (C) 2010 Martin Willi
3: * Copyright (C) 2010 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup tls_handshake tls_handshake
18: * @{ @ingroup libtls
19: */
20:
21: #ifndef TLS_HANDSHAKE_H_
22: #define TLS_HANDSHAKE_H_
23:
24: typedef struct tls_handshake_t tls_handshake_t;
25:
26: #include "tls.h"
27:
28: #include <bio/bio_reader.h>
29: #include <bio/bio_writer.h>
30:
31: /**
32: * TLS handshake state machine interface.
33: */
34: struct tls_handshake_t {
35:
36: /**
37: * Process received TLS handshake message.
38: *
39: * @param type TLS handshake message type
40: * @param reader TLS data buffer
41: * @return
42: * - SUCCESS if TLS negotiation complete
43: * - FAILED if a fatal TLS alert queued
44: * - NEED_MORE if more invocations to process/build needed
45: * - DESTROY_ME if a fatal TLS alert received
46: */
47: status_t (*process)(tls_handshake_t *this,
48: tls_handshake_type_t type, bio_reader_t *reader);
49:
50: /**
51: * Build TLS handshake messages to send out.
52: *
53: * @param type type of created handshake message
54: * @param writer TLS data buffer to write to
55: * @return
56: * - SUCCESS if handshake complete
57: * - FAILED if handshake failed
58: * - NEED_MORE if more messages ready for delivery
59: * - INVALID_STATE if more input to process() required
60: */
61: status_t (*build)(tls_handshake_t *this,
62: tls_handshake_type_t *type, bio_writer_t *writer);
63:
64: /**
65: * Check if the cipher spec should be changed for outgoing messages.
66: *
67: * @param inbound TRUE to check for inbound cipherspec change
68: * @return TRUE if cipher spec should be changed
69: */
70: bool (*cipherspec_changed)(tls_handshake_t *this, bool inbound);
71:
72: /**
73: * Change the cipher for a direction.
74: *
75: * @param inbound TRUE to change inbound cipherspec, FALSE for outbound
76: */
77: void (*change_cipherspec)(tls_handshake_t *this, bool inbound);
78:
79: /**
80: * Check if the finished message was decoded successfully.
81: *
82: * @return TRUE if finished message was decoded successfully
83: */
84: bool (*finished)(tls_handshake_t *this);
85:
86: /**
87: * Get the peer identity authenticated/to authenticate during handshake.
88: *
89: * @return peer identity
90: */
91: identification_t* (*get_peer_id)(tls_handshake_t *this);
92:
93: /**
94: * Get the server identity authenticated/to authenticate during handshake.
95: *
96: * @return server identity
97: */
98: identification_t* (*get_server_id)(tls_handshake_t *this);
99:
100: /**
101: * Get the peers authentication information after completing the handshake.
102: *
103: * @return authentication data, internal data
104: */
105: auth_cfg_t* (*get_auth)(tls_handshake_t *this);
106:
107: /**
108: * Destroy a tls_handshake_t.
109: */
110: void (*destroy)(tls_handshake_t *this);
111: };
112:
113: #endif /** TLS_HANDSHAKE_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tls_handshake.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtls