From 17102f7b58793bf1b5a05ab30bb67f32f2235da5 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 25 Aug 2010 12:51:01 +0200 Subject: Added a simple high level TLS wrapper for sockets --- src/libtls/tls_socket.h | 75 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 src/libtls/tls_socket.h (limited to 'src/libtls/tls_socket.h') diff --git a/src/libtls/tls_socket.h b/src/libtls/tls_socket.h new file mode 100644 index 000000000..ac714a385 --- /dev/null +++ b/src/libtls/tls_socket.h @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tls_socket tls_socket + * @{ @ingroup libtls + */ + +#ifndef TLS_SOCKET_H_ +#define TLS_SOCKET_H_ + +#include "tls.h" + +typedef struct tls_socket_t tls_socket_t; + +/** + * TLS secured socket. + * + * Wraps a blocking (socket) file descriptor for a reliable transport into a + * TLS secured socket. TLS negotiation happens on demand, certificates and + * private keys are fetched from any registered credential set. + */ +struct tls_socket_t { + + /** + * Read data from secured socket, return allocated chunk. + * + * This call is blocking, you may use select() on the underlying socket to + * wait for data. If the there was non-application data available, the + * read function can return an empty chunk. + * + * @param data pointer to allocate received data + * @return TRUE if data received successfully + */ + bool (*read)(tls_socket_t *this, chunk_t *data); + + /** + * Write a chunk of data over the secured socket. + * + * @param data data to send + * @return TRUE if data sent successfully + */ + bool (*write)(tls_socket_t *this, chunk_t data); + + /** + * Destroy a tls_socket_t. + */ + void (*destroy)(tls_socket_t *this); +}; + +/** + * Create a tls_socket instance. + * + * @param is_server TRUE to act as TLS server + * @param server server identity + * @param peer client identity, NULL for no client authentication + * @param fd socket to read/write from + * @return TLS socket wrapper + */ +tls_socket_t *tls_socket_create(bool is_server, identification_t *server, + identification_t *peer, int fd); + +#endif /** TLS_SOCKET_H_ @}*/ -- cgit v1.2.3