BLOG | DOCUMENTATION | TRAC

Home --> Documentations --> PJLIB Reference

ssl_sock.h
Go to the documentation of this file.
1 /* $Id: ssl_sock.h 4146 2012-05-30 06:35:59Z nanang $ */
2 /*
3  * Copyright (C) 2009-2011 Teluu Inc. (http://www.teluu.com)
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18  */
19 #ifndef __PJ_SSL_SOCK_H__
20 #define __PJ_SSL_SOCK_H__
21 
27 #include <pj/ioqueue.h>
28 #include <pj/sock.h>
29 #include <pj/sock_qos.h>
30 
31 
32 PJ_BEGIN_DECL
33 
53 typedef struct pj_ssl_sock_t pj_ssl_sock_t;
54 
55 
60 typedef struct pj_ssl_cert_t pj_ssl_cert_t;
61 
62 
63 typedef enum pj_ssl_cert_verify_flag_t
64 {
68  PJ_SSL_CERT_ESUCCESS = 0,
69 
73  PJ_SSL_CERT_EISSUER_NOT_FOUND = (1 << 0),
74 
78  PJ_SSL_CERT_EUNTRUSTED = (1 << 1),
79 
83  PJ_SSL_CERT_EVALIDITY_PERIOD = (1 << 2),
84 
89  PJ_SSL_CERT_EINVALID_FORMAT = (1 << 3),
90 
94  PJ_SSL_CERT_EINVALID_PURPOSE = (1 << 4),
95 
101  PJ_SSL_CERT_EISSUER_MISMATCH = (1 << 5),
102 
106  PJ_SSL_CERT_ECRL_FAILURE = (1 << 6),
107 
111  PJ_SSL_CERT_EREVOKED = (1 << 7),
112 
116  PJ_SSL_CERT_ECHAIN_TOO_LONG = (1 << 8),
117 
124  PJ_SSL_CERT_EIDENTITY_NOT_MATCH = (1 << 30),
125 
129  PJ_SSL_CERT_EUNKNOWN = (1 << 31)
130 
131 } pj_ssl_cert_verify_flag_t;
132 
133 
134 typedef enum pj_ssl_cert_name_type
135 {
136  PJ_SSL_CERT_NAME_UNKNOWN = 0,
137  PJ_SSL_CERT_NAME_RFC822,
138  PJ_SSL_CERT_NAME_DNS,
139  PJ_SSL_CERT_NAME_URI,
140  PJ_SSL_CERT_NAME_IP
141 } pj_ssl_cert_name_type;
142 
146 typedef struct pj_ssl_cert_info {
147 
148  unsigned version;
150  pj_uint8_t serial_no[20];
154  struct {
155  pj_str_t cn;
156  pj_str_t info;
159  } subject;
161  struct {
162  pj_str_t cn;
163  pj_str_t info;
165  } issuer;
167  struct {
168  pj_time_val start;
169  pj_time_val end;
170  pj_bool_t gmt;
172  } validity;
174  struct {
175  unsigned cnt;
176  struct {
177  pj_ssl_cert_name_type type;
179  pj_str_t name;
180  } *entry;
181  } subj_alt_name;
184 } pj_ssl_cert_info;
185 
186 
198 PJ_DECL(pj_status_t) pj_ssl_cert_load_from_files(pj_pool_t *pool,
199  const pj_str_t *CA_file,
200  const pj_str_t *cert_file,
201  const pj_str_t *privkey_file,
202  const pj_str_t *privkey_pass,
203  pj_ssl_cert_t **p_cert);
204 
205 
217 PJ_DECL(pj_ssize_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
218  const char *indent,
219  char *buf,
220  pj_size_t buf_size);
221 
222 
235 PJ_DECL(pj_status_t) pj_ssl_cert_get_verify_status_strings(
236  pj_uint32_t verify_status,
237  const char *error_strings[],
238  unsigned *count);
239 
240 
244 typedef enum pj_ssl_cipher {
245 
246  /* NULL */
247  PJ_TLS_NULL_WITH_NULL_NULL = 0x00000000,
248 
249  /* TLS/SSLv3 */
250  PJ_TLS_RSA_WITH_NULL_MD5 = 0x00000001,
251  PJ_TLS_RSA_WITH_NULL_SHA = 0x00000002,
252  PJ_TLS_RSA_WITH_NULL_SHA256 = 0x0000003B,
253  PJ_TLS_RSA_WITH_RC4_128_MD5 = 0x00000004,
254  PJ_TLS_RSA_WITH_RC4_128_SHA = 0x00000005,
255  PJ_TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x0000000A,
256  PJ_TLS_RSA_WITH_AES_128_CBC_SHA = 0x0000002F,
257  PJ_TLS_RSA_WITH_AES_256_CBC_SHA = 0x00000035,
258  PJ_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003C,
259  PJ_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x0000003D,
260  PJ_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x0000000D,
261  PJ_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000010,
262  PJ_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x00000013,
263  PJ_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000016,
264  PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x00000030,
265  PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x00000031,
266  PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x00000032,
267  PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x00000033,
268  PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x00000036,
269  PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x00000037,
270  PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x00000038,
271  PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x00000039,
272  PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x0000003E,
273  PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003F,
274  PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x00000040,
275  PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x00000067,
276  PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x00000068,
277  PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x00000069,
278  PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x0000006A,
279  PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x0000006B,
280  PJ_TLS_DH_anon_WITH_RC4_128_MD5 = 0x00000018,
281  PJ_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x0000001B,
282  PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x00000034,
283  PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x0000003A,
284  PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x0000006C,
285  PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x0000006D,
286 
287  /* TLS (deprecated) */
288  PJ_TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x00000003,
289  PJ_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x00000006,
290  PJ_TLS_RSA_WITH_IDEA_CBC_SHA = 0x00000007,
291  PJ_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000008,
292  PJ_TLS_RSA_WITH_DES_CBC_SHA = 0x00000009,
293  PJ_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0000000B,
294  PJ_TLS_DH_DSS_WITH_DES_CBC_SHA = 0x0000000C,
295  PJ_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0000000E,
296  PJ_TLS_DH_RSA_WITH_DES_CBC_SHA = 0x0000000F,
297  PJ_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x00000011,
298  PJ_TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x00000012,
299  PJ_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000014,
300  PJ_TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x00000015,
301  PJ_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x00000017,
302  PJ_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x00000019,
303  PJ_TLS_DH_anon_WITH_DES_CBC_SHA = 0x0000001A,
304 
305  /* SSLv3 */
306  PJ_SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x0000001C,
307  PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x0000001D,
308  PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E,
309 
310  /* SSLv2 */
311  PJ_SSL_CK_RC4_128_WITH_MD5 = 0x00010080,
312  PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x00020080,
313  PJ_SSL_CK_RC2_128_CBC_WITH_MD5 = 0x00030080,
314  PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x00040080,
315  PJ_SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x00050080,
316  PJ_SSL_CK_DES_64_CBC_WITH_MD5 = 0x00060040,
317  PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x000700C0
318 
319 } pj_ssl_cipher;
320 
321 
330 PJ_DECL(pj_status_t) pj_ssl_cipher_get_availables(pj_ssl_cipher ciphers[],
331  unsigned *cipher_num);
332 
333 
341 PJ_DECL(pj_bool_t) pj_ssl_cipher_is_supported(pj_ssl_cipher cipher);
342 
343 
352 PJ_DECL(const char*) pj_ssl_cipher_name(pj_ssl_cipher cipher);
353 
354 
363 PJ_DECL(pj_ssl_cipher) pj_ssl_cipher_id(const char *cipher_name);
364 
365 
369 typedef struct pj_ssl_sock_cb
370 {
397  pj_bool_t (*on_data_read)(pj_ssl_sock_t *ssock,
398  void *data,
399  pj_size_t size,
400  pj_status_t status,
401  pj_size_t *remainder);
422  pj_bool_t (*on_data_recvfrom)(pj_ssl_sock_t *ssock,
423  void *data,
424  pj_size_t size,
425  const pj_sockaddr_t *src_addr,
426  int addr_len,
427  pj_status_t status);
428 
442  pj_bool_t (*on_data_sent)(pj_ssl_sock_t *ssock,
443  pj_ioqueue_op_key_t *send_key,
444  pj_ssize_t sent);
445 
460  pj_bool_t (*on_accept_complete)(pj_ssl_sock_t *ssock,
461  pj_ssl_sock_t *newsock,
462  const pj_sockaddr_t *src_addr,
463  int src_addr_len);
464 
477  pj_bool_t (*on_connect_complete)(pj_ssl_sock_t *ssock,
478  pj_status_t status);
479 
480 } pj_ssl_sock_cb;
481 
482 
486 typedef enum pj_ssl_sock_proto
487 {
488  PJ_SSL_SOCK_PROTO_DEFAULT,
489  PJ_SSL_SOCK_PROTO_TLS1,
490  PJ_SSL_SOCK_PROTO_SSL3,
491  PJ_SSL_SOCK_PROTO_SSL23,
493  PJ_SSL_SOCK_PROTO_SSL2,
494  PJ_SSL_SOCK_PROTO_DTLS1
495 } pj_ssl_sock_proto;
496 
497 
501 typedef struct pj_ssl_sock_info
502 {
507  pj_bool_t established;
508 
512  pj_ssl_sock_proto proto;
513 
518  pj_ssl_cipher cipher;
519 
523  pj_sockaddr local_addr;
524 
528  pj_sockaddr remote_addr;
529 
533  pj_ssl_cert_info *local_cert_info;
534 
538  pj_ssl_cert_info *remote_cert_info;
539 
543  pj_uint32_t verify_status;
544 
548  unsigned long last_native_err;
549 
550 } pj_ssl_sock_info;
551 
552 
556 typedef struct pj_ssl_sock_param
557 {
563  int sock_af;
564 
570  int sock_type;
571 
576  pj_ioqueue_t *ioqueue;
577 
583  pj_timer_heap_t *timer_heap;
584 
588  pj_ssl_sock_cb cb;
589 
593  void *user_data;
594 
600  pj_ssl_sock_proto proto;
601 
614  unsigned async_cnt;
615 
629  int concurrency;
630 
644  pj_bool_t whole_data;
645 
654  pj_size_t send_buffer_size;
655 
664  pj_size_t read_buffer_size;
665 
671  unsigned ciphers_num;
672 
677  pj_ssl_cipher *ciphers;
678 
685  pj_time_val timeout;
686 
692  pj_bool_t verify_peer;
693 
700  pj_bool_t require_client_cert;
701 
711  pj_str_t server_name;
712 
720  pj_qos_type qos_type;
721 
729  pj_qos_params qos_params;
730 
737  pj_bool_t qos_ignore_error;
738 
739 
740 } pj_ssl_sock_param;
741 
742 
749 PJ_DECL(void) pj_ssl_sock_param_default(pj_ssl_sock_param *param);
750 
751 
761 PJ_DECL(pj_status_t) pj_ssl_sock_create(pj_pool_t *pool,
762  const pj_ssl_sock_param *param,
763  pj_ssl_sock_t **p_ssock);
764 
765 
781 PJ_DECL(pj_status_t) pj_ssl_sock_set_certificate(
782  pj_ssl_sock_t *ssock,
783  pj_pool_t *pool,
784  const pj_ssl_cert_t *cert);
785 
786 
795 PJ_DECL(pj_status_t) pj_ssl_sock_close(pj_ssl_sock_t *ssock);
796 
797 
810 PJ_DECL(pj_status_t) pj_ssl_sock_set_user_data(pj_ssl_sock_t *ssock,
811  void *user_data);
812 
821 PJ_DECL(void*) pj_ssl_sock_get_user_data(pj_ssl_sock_t *ssock);
822 
823 
832 PJ_DECL(pj_status_t) pj_ssl_sock_get_info(pj_ssl_sock_t *ssock,
833  pj_ssl_sock_info *info);
834 
835 
858 PJ_DECL(pj_status_t) pj_ssl_sock_start_read(pj_ssl_sock_t *ssock,
859  pj_pool_t *pool,
860  unsigned buff_size,
861  pj_uint32_t flags);
862 
877 PJ_DECL(pj_status_t) pj_ssl_sock_start_read2(pj_ssl_sock_t *ssock,
878  pj_pool_t *pool,
879  unsigned buff_size,
880  void *readbuf[],
881  pj_uint32_t flags);
882 
896 PJ_DECL(pj_status_t) pj_ssl_sock_start_recvfrom(pj_ssl_sock_t *ssock,
897  pj_pool_t *pool,
898  unsigned buff_size,
899  pj_uint32_t flags);
900 
915 PJ_DECL(pj_status_t) pj_ssl_sock_start_recvfrom2(pj_ssl_sock_t *ssock,
916  pj_pool_t *pool,
917  unsigned buff_size,
918  void *readbuf[],
919  pj_uint32_t flags);
920 
941 PJ_DECL(pj_status_t) pj_ssl_sock_send(pj_ssl_sock_t *ssock,
942  pj_ioqueue_op_key_t *send_key,
943  const void *data,
944  pj_ssize_t *size,
945  unsigned flags);
946 
968 PJ_DECL(pj_status_t) pj_ssl_sock_sendto(pj_ssl_sock_t *ssock,
969  pj_ioqueue_op_key_t *send_key,
970  const void *data,
971  pj_ssize_t *size,
972  unsigned flags,
973  const pj_sockaddr_t *addr,
974  int addr_len);
975 
976 
997 PJ_DECL(pj_status_t) pj_ssl_sock_start_accept(pj_ssl_sock_t *ssock,
998  pj_pool_t *pool,
999  const pj_sockaddr_t *local_addr,
1000  int addr_len);
1001 
1002 
1021 PJ_DECL(pj_status_t) pj_ssl_sock_start_connect(pj_ssl_sock_t *ssock,
1022  pj_pool_t *pool,
1023  const pj_sockaddr_t *localaddr,
1024  const pj_sockaddr_t *remaddr,
1025  int addr_len);
1026 
1027 
1042 PJ_DECL(pj_status_t) pj_ssl_sock_renegotiate(pj_ssl_sock_t *ssock);
1043 
1044 
1049 PJ_END_DECL
1050 
1051 #endif /* __PJ_SSL_SOCK_H__ */

 

PJLIB Open Source, high performance, small footprint, and very very portable framework
Copyright (C) 2006-2009 Teluu Inc.