1 /*
2 * SysDB - src/include/utils/ssl.h
3 * Copyright (C) 2015 Sebastian 'tokkee' Harl <sh@tokkee.org>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
19 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
28 #ifndef SDB_UTILS_SSL_H
29 #define SDB_UTILS_SSL_H 1
31 #include <sys/types.h>
32 #include <stddef.h>
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
38 #ifndef SDB_SSL_KEYFILE
39 # define SDB_SSL_KEYFILE SYSCONFDIR "/sysdb/ssl/key.pem"
40 #endif
41 #ifndef SDB_SSL_CERTFILE
42 # define SDB_SSL_CERTFILE SYSCONFDIR "/sysdb/ssl/cert.pem"
43 #endif
44 #ifndef SDB_SSL_CRLFILE
45 # define SDB_SSL_CRLFILE SYSCONFDIR "/sysdb/ssl/crl.pem"
46 #endif
47 #ifndef SDB_SSL_CAFILE
48 # define SDB_SSL_CAFILE SYSCONFDIR "/ssl/certs/ca-certificates.crt"
49 #endif
51 typedef struct {
52 char *ca_file;
53 char *key_file;
54 char *cert_file;
55 char *crl_file;
56 } sdb_ssl_options_t;
57 #define SDB_SSL_DEFAULT_OPTIONS { \
58 SDB_SSL_CAFILE, SDB_SSL_KEYFILE, SDB_SSL_CERTFILE, SDB_SSL_CRLFILE, \
59 }
61 struct sdb_ssl_client;
62 typedef struct sdb_ssl_client sdb_ssl_client_t;
64 struct sdb_ssl_server;
65 typedef struct sdb_ssl_server sdb_ssl_server_t;
67 struct sdb_ssl_session;
68 typedef struct sdb_ssl_session sdb_ssl_session_t;
70 /*
71 * sdb_ssl_client_create:
72 * Allocate and initialize a TLS/SSL client using the specified options. If no
73 * options are specified, default values will be used instead.
74 */
75 sdb_ssl_client_t *
76 sdb_ssl_client_create(sdb_ssl_options_t *opts);
78 /*
79 * sdb_ssl_client_destroy:
80 * Destroy a TLS/SSL client and free all of its memory.
81 */
82 void
83 sdb_ssl_client_destroy(sdb_ssl_client_t *client);
85 /*
86 * sdb_ssl_client_connect:
87 * Initialize a TLS/SSL session on the specified socket.
88 */
89 sdb_ssl_session_t *
90 sdb_ssl_client_connect(sdb_ssl_client_t *client, int fd);
92 /*
93 * sdb_ssl_server_create:
94 * Allocate and initialize a TLS/SSL server using the specified options. If no
95 * options are specified, default values will be used instead.
96 */
97 sdb_ssl_server_t *
98 sdb_ssl_server_create(sdb_ssl_options_t *opts);
100 /*
101 * sdb_ssl_server_destroy:
102 * Destroy a TLS/SSL server and free all of its memory.
103 */
104 void
105 sdb_ssl_server_destroy(sdb_ssl_server_t *server);
107 /*
108 * sdb_ssl_server_accept:
109 * Initialize a TLS/SSL session on the specified socket.
110 */
111 sdb_ssl_session_t *
112 sdb_ssl_server_accept(sdb_ssl_server_t *server, int fd);
114 /*
115 * sdb_ssl_session_destroy:
116 * Shutdown and destroy a TLS/SSL session.
117 */
118 void
119 sdb_ssl_session_destroy(sdb_ssl_session_t *session);
121 /*
122 * sdb_ssl_session_peer:
123 * Return the name of the peer of a TLS/SSL session.
124 *
125 * Returns:
126 * - a dynamically allocated string on success
127 * - NULL else
128 */
129 char *
130 sdb_ssl_session_peer(sdb_ssl_session_t *session);
132 /*
133 * sdb_ssl_session_write:
134 * Write a message to an open TLS/SSL session.
135 */
136 ssize_t
137 sdb_ssl_session_write(sdb_ssl_session_t *session, const void *buf, size_t n);
139 /*
140 * sdb_ssl_session_read:
141 * Read from an open TLS/SSL session.
142 */
143 ssize_t
144 sdb_ssl_session_read(sdb_ssl_session_t *session, void *buf, size_t n);
146 /*
147 * sdb_ssl_free_options:
148 * Free all strings stored in the specified options. All fields will be set to
149 * NULL.
150 */
151 void
152 sdb_ssl_free_options(sdb_ssl_options_t *opts);
154 #ifdef __cplusplus
155 } /* extern "C" */
156 #endif
158 #endif /* ! SDB_UTILS_SSL_H */
160 /* vim: set tw=78 sw=4 ts=4 noexpandtab : */