1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
/**
@file rexmpp_tls.h
@brief TLS abstraction
@author defanor <defanor@uberspace.net>
@date 2021
@copyright MIT license.
These functions only alter the rexmpp structure's tls member (in
particular, they don't change other state variables), but use rexmpp_t
to write logs and read other values (including server socket).
*/
#ifndef REXMPP_TLS_H
#define REXMPP_TLS_H
#include <stdint.h>
#include "rexmpp.h"
#include "config.h"
#define DTLS_SRTP_BUF_SIZE 0x4000
typedef struct rexmpp_tls rexmpp_tls_t;
/**
@brief TLS operation results.
*/
enum rexmpp_tls_err {
REXMPP_TLS_SUCCESS,
REXMPP_TLS_E_AGAIN,
REXMPP_TLS_E_OTHER
};
typedef enum rexmpp_tls_err rexmpp_tls_err_t;
/**
@brief TLS context.
*/
#if defined(USE_GNUTLS)
#include <gnutls/gnutls.h>
struct rexmpp_tls {
void *tls_session_data;
size_t tls_session_data_size;
gnutls_session_t gnutls_session;
gnutls_certificate_credentials_t gnutls_cred;
char dtls_buf[DTLS_SRTP_BUF_SIZE];
size_t dtls_buf_len;
};
#elif defined(USE_OPENSSL)
#include <openssl/ssl.h>
enum rexmpp_openssl_direction {
REXMPP_OPENSSL_NONE,
REXMPP_OPENSSL_READ,
REXMPP_OPENSSL_WRITE
};
struct rexmpp_tls {
SSL_CTX *openssl_ctx;
SSL *openssl_conn;
BIO *bio_conn;
BIO *bio_io;
enum rexmpp_openssl_direction openssl_direction;
};
#else
struct rexmpp_tls {
int dummy;
};
#endif
int rexmpp_tls_init(rexmpp_t *s);
void rexmpp_tls_cleanup(rexmpp_t *s);
void rexmpp_tls_deinit(rexmpp_t *s);
rexmpp_tls_t *rexmpp_tls_ctx_new (rexmpp_t *s, int dtls);
void rexmpp_tls_ctx_free (rexmpp_tls_t *tls_ctx);
void rexmpp_tls_session_free (rexmpp_tls_t *tls_ctx);
rexmpp_tls_err_t rexmpp_tls_connect (rexmpp_t *s);
rexmpp_tls_err_t rexmpp_tls_handshake (rexmpp_t *s, rexmpp_tls_t *tls_ctx);
rexmpp_tls_err_t rexmpp_tls_disconnect (rexmpp_t *s, rexmpp_tls_t *tls_ctx);
rexmpp_tls_err_t
rexmpp_dtls_connect (rexmpp_t *s,
rexmpp_tls_t *tls_ctx,
void *user_data,
int client);
void rexmpp_dtls_feed(rexmpp_t *s, rexmpp_tls_t *tls_ctx, uint8_t *buf, size_t len);
int
rexmpp_tls_srtp_get_keys (rexmpp_t *s,
rexmpp_tls_t *tls_ctx,
size_t key_len,
size_t salt_len,
unsigned char *key_mat);
rexmpp_tls_err_t
rexmpp_tls_send (rexmpp_t *s,
rexmpp_tls_t *tls_ctx,
void *data,
size_t data_size,
ssize_t *written);
rexmpp_tls_err_t
rexmpp_tls_recv (rexmpp_t *s,
rexmpp_tls_t *tls_ctx,
void *data,
size_t data_size,
ssize_t *received);
unsigned int rexmpp_dtls_timeout (rexmpp_t *s, rexmpp_tls_t *tls_ctx);
int rexmpp_tls_fds(rexmpp_t *s, fd_set *read_fds, fd_set *write_fds);
/**
@brief Sets credentials for a given TLS context: either provided
ones or defined for the whole ::rexmpp structure.
*/
rexmpp_tls_err_t
rexmpp_tls_set_x509_key_file (rexmpp_t *s,
rexmpp_tls_t *tls_ctx,
const char *cert_file,
const char *key_file);
rexmpp_tls_err_t
rexmpp_tls_set_x509_trust_file (rexmpp_t *s,
rexmpp_tls_t *tls_ctx,
const char *cert_file);
int rexmpp_tls_peer_fp (rexmpp_t *s,
rexmpp_tls_t *tls_ctx,
const char *algo_str,
char *raw_fp,
char *fp_str,
size_t *fp_size);
int rexmpp_tls_my_fp (rexmpp_t *s,
char *raw_fp,
char *fp_str,
size_t *fp_size);
int rexmpp_tls_session_fp (rexmpp_t *s,
rexmpp_tls_t *tls_ctx,
const char *algo_str,
char *raw_fp,
char *fp_str,
size_t *fp_size);
int rexmpp_x509_cert_fp (rexmpp_t *s,
const char *algo_str,
void *cert,
char *raw_fp,
char *fp_str,
size_t *fp_size);
int rexmpp_x509_raw_cert_fp (rexmpp_t *s,
const char *algo_str,
const void *raw_cert,
char *raw_fp,
char *fp_str,
size_t *fp_size);
#endif
|
