summaryrefslogtreecommitdiff
path: root/src/libtls/tls_handshake.h
blob: 7edb49ba052b6d4703e79f35390e2cf892867a3a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
/*
 * Copyright (C) 2010 Martin Willi
 * Copyright (C) 2010 revosec AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup tls_handshake tls_handshake
 * @{ @ingroup libtls
 */

#ifndef TLS_HANDSHAKE_H_
#define TLS_HANDSHAKE_H_

typedef struct tls_handshake_t tls_handshake_t;

#include "tls.h"

#include <bio/bio_reader.h>
#include <bio/bio_writer.h>

/**
 * TLS handshake state machine interface.
 */
struct tls_handshake_t {

	/**
	 * Process received TLS handshake message.
	 *
	 * @param type		TLS handshake message type
	 * @param reader	TLS data buffer
	 * @return
	 *					- SUCCESS if TLS negotiation complete
	 *					- FAILED if a fatal TLS alert queued
	 *					- NEED_MORE if more invocations to process/build needed
	 *					- DESTROY_ME if a fatal TLS alert received
	 */
	status_t (*process)(tls_handshake_t *this,
						tls_handshake_type_t type, bio_reader_t *reader);

	/**
	 * Build TLS handshake messages to send out.
	 *
	 * @param type		type of created handshake message
	 * @param writer	TLS data buffer to write to
	 * @return
	 *					- SUCCESS if handshake complete
	 *					- FAILED if handshake failed
	 *					- NEED_MORE if more messages ready for delivery
	 *					- INVALID_STATE if more input to process() required
	 */
	status_t (*build)(tls_handshake_t *this,
					  tls_handshake_type_t *type, bio_writer_t *writer);

	/**
	 * Check if the cipher spec should be changed for outgoing messages.
	 *
	 * @param inbound	TRUE to check for inbound cipherspec change
	 * @return			TRUE if cipher spec should be changed
	 */
	bool (*cipherspec_changed)(tls_handshake_t *this, bool inbound);

	/**
	 * Change the cipher for a direction.
	 *
	 * @param inbound	TRUE to change inbound cipherspec, FALSE for outbound
	 */
	void (*change_cipherspec)(tls_handshake_t *this, bool inbound);

	/**
	 * Check if the finished message was decoded successfully.
	 *
	 * @return			TRUE if finished message was decoded successfully
	 */
	bool (*finished)(tls_handshake_t *this);

	/**
	 * Get the peer identity authenticated/to authenticate during handshake.
	 *
	 * @return			peer identity
	 */
	identification_t* (*get_peer_id)(tls_handshake_t *this);

	/**
	 * Get the server identity authenticated/to authenticate during handshake.
	 *
	 * @return			server identity
	 */
	identification_t* (*get_server_id)(tls_handshake_t *this);

	/**
	 * Get the peers authentication information after completing the handshake.
	 *
	 * @return			authentication data, internal data
	 */
	auth_cfg_t* (*get_auth)(tls_handshake_t *this);

	/**
	 * Destroy a tls_handshake_t.
	 */
	void (*destroy)(tls_handshake_t *this);
};

#endif /** TLS_HANDSHAKE_H_ @}*/