1: /*
2: * Copyright (C) 2010 Martin Willi
3: * Copyright (C) 2010 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup tls_protection tls_protection
18: * @{ @ingroup libtls
19: */
20:
21: #ifndef TLS_PROTECTION_H_
22: #define TLS_PROTECTION_H_
23:
24: #include <library.h>
25:
26: typedef struct tls_protection_t tls_protection_t;
27:
28: #include "tls.h"
29: #include "tls_aead.h"
30: #include "tls_alert.h"
31: #include "tls_compression.h"
32:
33: /**
34: * TLS record protocol protection layer.
35: */
36: struct tls_protection_t {
37:
38: /**
39: * Process a protected TLS record, pass it to upper layers.
40: *
41: * @param type type of the TLS record to process
42: * @param data associated TLS record data
43: * @return
44: * - SUCCESS if TLS negotiation complete
45: * - FAILED if TLS handshake failed
46: * - NEED_MORE if more invocations to process/build needed
47: */
48: status_t (*process)(tls_protection_t *this,
49: tls_content_type_t type, chunk_t data);
50:
51: /**
52: * Query upper layer for TLS record, build protected record.
53: *
54: * @param type type of the built TLS record
55: * @param data allocated data of the built TLS record
56: * @return
57: * - SUCCESS if TLS negotiation complete
58: * - FAILED if TLS handshake failed
59: * - NEED_MORE if upper layers have more records to send
60: * - INVALID_STATE if more input records required
61: */
62: status_t (*build)(tls_protection_t *this,
63: tls_content_type_t *type, chunk_t *data);
64:
65: /**
66: * Set a new transforms to use at protection layer
67: *
68: * @param inbound TRUE to use cipher for inbound data, FALSE for outbound
69: * @param aead new AEAD transform
70: */
71: void (*set_cipher)(tls_protection_t *this, bool inbound, tls_aead_t *aead);
72:
73: /**
74: * Set the TLS version negotiated, used for MAC calculation.
75: *
76: * @param version TLS version negotiated
77: */
78: void (*set_version)(tls_protection_t *this, tls_version_t version);
79:
80: /**
81: * Destroy a tls_protection_t.
82: */
83: void (*destroy)(tls_protection_t *this);
84: };
85:
86: /**
87: * Create a tls_protection instance.
88: *
89: * @param compression compression layer of TLS stack
90: * @param alert TLS alert handler
91: * @return TLS protection layer.
92: */
93: tls_protection_t *tls_protection_create(tls_compression_t *compression,
94: tls_alert_t *alert);
95:
96: #endif /** TLS_PROTECTION_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>