1 /*
2 * SysDB - src/include/utils/ssl.h
3 * Copyright (C) 2015 Sebastian 'tokkee' Harl <sh@tokkee.org>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
19 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
28 #ifndef SDB_UTILS_SSL_H
29 #define SDB_UTILS_SSL_H 1
31 #include <sys/types.h>
32 #include <stddef.h>
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
38 #ifndef SDB_SSL_KEYFILE
39 # define SDB_SSL_KEYFILE SYSCONFDIR "/sysdb/ssl/key.pem"
40 #endif
41 #ifndef SDB_SSL_CERTFILE
42 # define SDB_SSL_CERTFILE SYSCONFDIR "/sysdb/ssl/cert.pem"
43 #endif
44 #ifndef SDB_SSL_CRLFILE
45 # define SDB_SSL_CRLFILE SYSCONFDIR "/sysdb/ssl/crl.pem"
46 #endif
47 #ifndef SDB_SSL_CAFILE
48 # define SDB_SSL_CAFILE SYSCONFDIR "/ssl/certs/ca-certificates.crt"
49 #endif
51 typedef struct {
52 char *ca_file;
53 char *key_file;
54 char *cert_file;
55 char *crl_file;
56 } sdb_ssl_options_t;
57 #define SDB_SSL_DEFAULT_OPTIONS { \
58 SDB_SSL_CAFILE, SDB_SSL_KEYFILE, SDB_SSL_CERTFILE, SDB_SSL_CRLFILE, \
59 }
61 struct sdb_ssl_client;
62 typedef struct sdb_ssl_client sdb_ssl_client_t;
64 struct sdb_ssl_server;
65 typedef struct sdb_ssl_server sdb_ssl_server_t;
67 struct sdb_ssl_session;
68 typedef struct sdb_ssl_session sdb_ssl_session_t;
70 /*
71 * sdb_ssl_init, sdb_ssl_shutdown:
72 * Global setup and shutdown of SSL/TLS. This is required before any other
73 * function can be used.
74 */
75 void
76 sdb_ssl_init(void);
77 void
78 sdb_ssl_shutdown(void);
80 /*
81 * sdb_ssl_client_create:
82 * Allocate and initialize a TLS/SSL client using the specified options. If no
83 * options are specified, default values will be used instead.
84 */
85 sdb_ssl_client_t *
86 sdb_ssl_client_create(const sdb_ssl_options_t *opts);
88 /*
89 * sdb_ssl_client_destroy:
90 * Destroy a TLS/SSL client and free all of its memory.
91 */
92 void
93 sdb_ssl_client_destroy(sdb_ssl_client_t *client);
95 /*
96 * sdb_ssl_client_connect:
97 * Initialize a TLS/SSL session on the specified socket.
98 */
99 sdb_ssl_session_t *
100 sdb_ssl_client_connect(sdb_ssl_client_t *client, int fd);
102 /*
103 * sdb_ssl_server_create:
104 * Allocate and initialize a TLS/SSL server using the specified options. If no
105 * options are specified, default values will be used instead.
106 */
107 sdb_ssl_server_t *
108 sdb_ssl_server_create(const sdb_ssl_options_t *opts);
110 /*
111 * sdb_ssl_server_destroy:
112 * Destroy a TLS/SSL server and free all of its memory.
113 */
114 void
115 sdb_ssl_server_destroy(sdb_ssl_server_t *server);
117 /*
118 * sdb_ssl_server_accept:
119 * Initialize a TLS/SSL session on the specified socket.
120 */
121 sdb_ssl_session_t *
122 sdb_ssl_server_accept(sdb_ssl_server_t *server, int fd);
124 /*
125 * sdb_ssl_session_destroy:
126 * Shutdown and destroy a TLS/SSL session.
127 */
128 void
129 sdb_ssl_session_destroy(sdb_ssl_session_t *session);
131 /*
132 * sdb_ssl_session_peer:
133 * Return the name of the peer of a TLS/SSL session.
134 *
135 * Returns:
136 * - a dynamically allocated string on success
137 * - NULL else
138 */
139 char *
140 sdb_ssl_session_peer(sdb_ssl_session_t *session);
142 /*
143 * sdb_ssl_session_write:
144 * Write a message to an open TLS/SSL session.
145 */
146 ssize_t
147 sdb_ssl_session_write(sdb_ssl_session_t *session, const void *buf, size_t n);
149 /*
150 * sdb_ssl_session_read:
151 * Read from an open TLS/SSL session.
152 */
153 ssize_t
154 sdb_ssl_session_read(sdb_ssl_session_t *session, void *buf, size_t n);
156 /*
157 * sdb_ssl_free_options:
158 * Free all strings stored in the specified options. All fields will be set to
159 * NULL.
160 */
161 void
162 sdb_ssl_free_options(sdb_ssl_options_t *opts);
164 #ifdef __cplusplus
165 } /* extern "C" */
166 #endif
168 #endif /* ! SDB_UTILS_SSL_H */
170 /* vim: set tw=78 sw=4 ts=4 noexpandtab : */