[BACK]Return to tls_protection.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtls
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtls / tls_protection.h
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:45 2020 UTC (4 years, 3 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

    1: /*
    2:  * Copyright (C) 2010 Martin Willi
    3:  * Copyright (C) 2010 revosec AG
    4:  *
    5:  * This program is free software; you can redistribute it and/or modify it
    6:  * under the terms of the GNU General Public License as published by the
    7:  * Free Software Foundation; either version 2 of the License, or (at your
    8:  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
    9:  *
   10:  * This program is distributed in the hope that it will be useful, but
   11:  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
   12:  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   13:  * for more details.
   14:  */
   15: 
   16: /**
   17:  * @defgroup tls_protection tls_protection
   18:  * @{ @ingroup libtls
   19:  */
   20: 
   21: #ifndef TLS_PROTECTION_H_
   22: #define TLS_PROTECTION_H_
   23: 
   24: #include <library.h>
   25: 
   26: typedef struct tls_protection_t tls_protection_t;
   27: 
   28: #include "tls.h"
   29: #include "tls_aead.h"
   30: #include "tls_alert.h"
   31: #include "tls_compression.h"
   32: 
   33: /**
   34:  * TLS record protocol protection layer.
   35:  */
   36: struct tls_protection_t {
   37: 
   38: 	/**
   39: 	 * Process a protected TLS record, pass it to upper layers.
   40: 	 *
   41: 	 * @param type		type of the TLS record to process
   42: 	 * @param data		associated TLS record data
   43: 	 * @return
   44: 	 *					- SUCCESS if TLS negotiation complete
   45: 	 *					- FAILED if TLS handshake failed
   46: 	 *					- NEED_MORE if more invocations to process/build needed
   47: 	 */
   48: 	status_t (*process)(tls_protection_t *this,
   49: 						tls_content_type_t type, chunk_t data);
   50: 
   51: 	/**
   52: 	 * Query upper layer for TLS record, build protected record.
   53: 	 *
   54: 	 * @param type		type of the built TLS record
   55: 	 * @param data		allocated data of the built TLS record
   56: 	 * @return
   57: 	 *					- SUCCESS if TLS negotiation complete
   58: 	 *					- FAILED if TLS handshake failed
   59: 	 *					- NEED_MORE if upper layers have more records to send
   60: 	 *					- INVALID_STATE if more input records required
   61: 	 */
   62: 	status_t (*build)(tls_protection_t *this,
   63: 					  tls_content_type_t *type, chunk_t *data);
   64: 
   65: 	/**
   66: 	 * Set a new transforms to use at protection layer
   67: 	 *
   68: 	 * @param inbound	TRUE to use cipher for inbound data, FALSE for outbound
   69: 	 * @param aead		new AEAD transform
   70: 	 */
   71: 	void (*set_cipher)(tls_protection_t *this, bool inbound, tls_aead_t *aead);
   72: 
   73: 	/**
   74: 	 * Set the TLS version negotiated, used for MAC calculation.
   75: 	 *
   76: 	 * @param version	TLS version negotiated
   77: 	 */
   78: 	void (*set_version)(tls_protection_t *this, tls_version_t version);
   79: 
   80: 	/**
   81: 	 * Destroy a tls_protection_t.
   82: 	 */
   83: 	void (*destroy)(tls_protection_t *this);
   84: };
   85: 
   86: /**
   87:  * Create a tls_protection instance.
   88:  *
   89:  * @param compression		compression layer of TLS stack
   90:  * @param alert				TLS alert handler
   91:  * @return					TLS protection layer.
   92:  */
   93: tls_protection_t *tls_protection_create(tls_compression_t *compression,
   94: 										tls_alert_t *alert);
   95: 
   96: #endif /** TLS_PROTECTION_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>