1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
/*
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup pt_tls libpttls
*
* @addtogroup pt_tls
* @{
*/
#ifndef PT_TLS_H_
#define PT_TLS_H_
#include <bio/bio_reader.h>
#include <bio/bio_writer.h>
#include <tls_socket.h>
/**
* PT-TLS version we support
*/
#define PT_TLS_VERSION 1
/**
* Length of a PT-TLS header
*/
#define PT_TLS_HEADER_LEN 16
/**
* Maximum size of a PT-TLS message
*/
#define PT_TLS_MAX_MESSAGE_LEN 8 * TLS_MAX_FRAGMENT_LEN - PT_TLS_HEADER_LEN
/**
* Default PT-TLS port
*/
#define PT_TLS_PORT 271
typedef enum pt_tls_message_type_t pt_tls_message_type_t;
typedef enum pt_tls_sasl_result_t pt_tls_sasl_result_t;
typedef enum pt_tls_auth_t pt_tls_auth_t;
/**
* Message types, as defined by NEA PT-TLS
*/
enum pt_tls_message_type_t {
PT_TLS_EXPERIMENTAL = 0,
PT_TLS_VERSION_REQUEST = 1,
PT_TLS_VERSION_RESPONSE = 2,
PT_TLS_SASL_MECHS = 3,
PT_TLS_SASL_MECH_SELECTION = 4,
PT_TLS_SASL_AUTH_DATA = 5,
PT_TLS_SASL_RESULT = 6,
PT_TLS_PB_TNC_BATCH = 7,
PT_TLS_ERROR = 8,
};
extern enum_name_t *pt_tls_message_type_names;
/**
* Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT
*/
enum pt_tls_sasl_result_t {
PT_TLS_SASL_RESULT_SUCCESS = 0,
PT_TLS_SASL_RESULT_FAILURE = 1,
PT_TLS_SASL_RESULT_ABORT = 2,
PT_TLS_SASL_RESULT_MECH_FAILURE = 3,
};
extern enum_name_t *pt_tls_sasl_result_names;
/**
* Client authentication to require as PT-TLS server.
*/
enum pt_tls_auth_t {
/** don't require TLS client certificate or request SASL authentication */
PT_TLS_AUTH_NONE,
/** require TLS certificate authentication, no SASL */
PT_TLS_AUTH_TLS,
/** do SASL regardless of TLS certificate authentication */
PT_TLS_AUTH_SASL,
/* if client does not authenticate with a TLS certificate, request SASL */
PT_TLS_AUTH_TLS_OR_SASL,
/* require both, TLS certificate authentication and SASL */
PT_TLS_AUTH_TLS_AND_SASL,
};
/**
* Read a PT-TLS message, create reader over Message Value.
*
* @param tls TLS socket to read from
* @param vendor receives Message Type Vendor ID from header
* @param type receives Message Type from header
* @param identifier receives Message Identifer
* @return reader over message value, NULL on error
*/
bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor,
u_int32_t *type, u_int32_t *identifier);
/**
* Prepend a PT-TLS header to a writer, send data, destroy writer.
*
* @param tls TLS socket to write to
* @param type Message Type to write
* @param identifier Message Identifier to write
* @param data Message value to write
* @return TRUE if data written successfully
*/
bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type,
u_int32_t identifier, chunk_t data);
/**
* @}
* @addtogroup libpttls
* @{
*
* Dummy libpttls initialization function needed for integrity test
*/
void libpttls_init(void);
#endif /** PT_TLS_H_ @}*/
|
