00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019 #ifndef __PJ_SSL_SOCK_H__
00020 #define __PJ_SSL_SOCK_H__
00021
00027 #include <pj/ioqueue.h>
00028 #include <pj/sock.h>
00029 #include <pj/sock_qos.h>
00030
00031
00032 PJ_BEGIN_DECL
00033
00053 typedef struct pj_ssl_sock_t pj_ssl_sock_t;
00054
00055
00060 typedef struct pj_ssl_cert_t pj_ssl_cert_t;
00061
00062
00063 typedef enum pj_ssl_cert_verify_flag_t
00064 {
00068 PJ_SSL_CERT_ESUCCESS = 0,
00069
00073 PJ_SSL_CERT_EISSUER_NOT_FOUND = (1 << 0),
00074
00078 PJ_SSL_CERT_EUNTRUSTED = (1 << 1),
00079
00083 PJ_SSL_CERT_EVALIDITY_PERIOD = (1 << 2),
00084
00089 PJ_SSL_CERT_EINVALID_FORMAT = (1 << 3),
00090
00094 PJ_SSL_CERT_EINVALID_PURPOSE = (1 << 4),
00095
00101 PJ_SSL_CERT_EISSUER_MISMATCH = (1 << 5),
00102
00106 PJ_SSL_CERT_ECRL_FAILURE = (1 << 6),
00107
00111 PJ_SSL_CERT_EREVOKED = (1 << 7),
00112
00116 PJ_SSL_CERT_ECHAIN_TOO_LONG = (1 << 8),
00117
00124 PJ_SSL_CERT_EIDENTITY_NOT_MATCH = (1 << 30),
00125
00129 PJ_SSL_CERT_EUNKNOWN = (1 << 31)
00130
00131 } pj_ssl_cert_verify_flag_t;
00132
00133
00134 typedef enum pj_ssl_cert_name_type
00135 {
00136 PJ_SSL_CERT_NAME_UNKNOWN = 0,
00137 PJ_SSL_CERT_NAME_RFC822,
00138 PJ_SSL_CERT_NAME_DNS,
00139 PJ_SSL_CERT_NAME_URI,
00140 PJ_SSL_CERT_NAME_IP
00141 } pj_ssl_cert_name_type;
00142
00146 typedef struct pj_ssl_cert_info {
00147
00148 unsigned version;
00150 pj_uint8_t serial_no[20];
00154 struct {
00155 pj_str_t cn;
00156 pj_str_t info;
00159 } subject;
00161 struct {
00162 pj_str_t cn;
00163 pj_str_t info;
00165 } issuer;
00167 struct {
00168 pj_time_val start;
00169 pj_time_val end;
00170 pj_bool_t gmt;
00172 } validity;
00174 struct {
00175 unsigned cnt;
00176 struct {
00177 pj_ssl_cert_name_type type;
00179 pj_str_t name;
00180 } *entry;
00181 } subj_alt_name;
00184 } pj_ssl_cert_info;
00185
00186
00198 PJ_DECL(pj_status_t) pj_ssl_cert_load_from_files(pj_pool_t *pool,
00199 const pj_str_t *CA_file,
00200 const pj_str_t *cert_file,
00201 const pj_str_t *privkey_file,
00202 const pj_str_t *privkey_pass,
00203 pj_ssl_cert_t **p_cert);
00204
00205
00217 PJ_DECL(pj_ssize_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
00218 const char *indent,
00219 char *buf,
00220 pj_size_t buf_size);
00221
00222
00235 PJ_DECL(pj_status_t) pj_ssl_cert_get_verify_status_strings(
00236 pj_uint32_t verify_status,
00237 const char *error_strings[],
00238 unsigned *count);
00239
00240
00244 typedef enum pj_ssl_cipher {
00245
00246
00247 PJ_TLS_NULL_WITH_NULL_NULL = 0x00000000,
00248
00249
00250 PJ_TLS_RSA_WITH_NULL_MD5 = 0x00000001,
00251 PJ_TLS_RSA_WITH_NULL_SHA = 0x00000002,
00252 PJ_TLS_RSA_WITH_NULL_SHA256 = 0x0000003B,
00253 PJ_TLS_RSA_WITH_RC4_128_MD5 = 0x00000004,
00254 PJ_TLS_RSA_WITH_RC4_128_SHA = 0x00000005,
00255 PJ_TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x0000000A,
00256 PJ_TLS_RSA_WITH_AES_128_CBC_SHA = 0x0000002F,
00257 PJ_TLS_RSA_WITH_AES_256_CBC_SHA = 0x00000035,
00258 PJ_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003C,
00259 PJ_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x0000003D,
00260 PJ_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x0000000D,
00261 PJ_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000010,
00262 PJ_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x00000013,
00263 PJ_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000016,
00264 PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x00000030,
00265 PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x00000031,
00266 PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x00000032,
00267 PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x00000033,
00268 PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x00000036,
00269 PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x00000037,
00270 PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x00000038,
00271 PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x00000039,
00272 PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x0000003E,
00273 PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003F,
00274 PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x00000040,
00275 PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x00000067,
00276 PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x00000068,
00277 PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x00000069,
00278 PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x0000006A,
00279 PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x0000006B,
00280 PJ_TLS_DH_anon_WITH_RC4_128_MD5 = 0x00000018,
00281 PJ_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x0000001B,
00282 PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x00000034,
00283 PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x0000003A,
00284 PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x0000006C,
00285 PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x0000006D,
00286
00287
00288 PJ_TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x00000003,
00289 PJ_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x00000006,
00290 PJ_TLS_RSA_WITH_IDEA_CBC_SHA = 0x00000007,
00291 PJ_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000008,
00292 PJ_TLS_RSA_WITH_DES_CBC_SHA = 0x00000009,
00293 PJ_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0000000B,
00294 PJ_TLS_DH_DSS_WITH_DES_CBC_SHA = 0x0000000C,
00295 PJ_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0000000E,
00296 PJ_TLS_DH_RSA_WITH_DES_CBC_SHA = 0x0000000F,
00297 PJ_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x00000011,
00298 PJ_TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x00000012,
00299 PJ_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000014,
00300 PJ_TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x00000015,
00301 PJ_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x00000017,
00302 PJ_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x00000019,
00303 PJ_TLS_DH_anon_WITH_DES_CBC_SHA = 0x0000001A,
00304
00305
00306 PJ_SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x0000001C,
00307 PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x0000001D,
00308 PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E,
00309
00310
00311 PJ_SSL_CK_RC4_128_WITH_MD5 = 0x00010080,
00312 PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x00020080,
00313 PJ_SSL_CK_RC2_128_CBC_WITH_MD5 = 0x00030080,
00314 PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x00040080,
00315 PJ_SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x00050080,
00316 PJ_SSL_CK_DES_64_CBC_WITH_MD5 = 0x00060040,
00317 PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x000700C0
00318
00319 } pj_ssl_cipher;
00320
00321
00330 PJ_DECL(pj_status_t) pj_ssl_cipher_get_availables(pj_ssl_cipher ciphers[],
00331 unsigned *cipher_num);
00332
00333
00341 PJ_DECL(pj_bool_t) pj_ssl_cipher_is_supported(pj_ssl_cipher cipher);
00342
00343
00352 PJ_DECL(const char*) pj_ssl_cipher_name(pj_ssl_cipher cipher);
00353
00354
00363 PJ_DECL(pj_ssl_cipher) pj_ssl_cipher_id(const char *cipher_name);
00364
00365
00369 typedef struct pj_ssl_sock_cb
00370 {
00397 pj_bool_t (*on_data_read)(pj_ssl_sock_t *ssock,
00398 void *data,
00399 pj_size_t size,
00400 pj_status_t status,
00401 pj_size_t *remainder);
00422 pj_bool_t (*on_data_recvfrom)(pj_ssl_sock_t *ssock,
00423 void *data,
00424 pj_size_t size,
00425 const pj_sockaddr_t *src_addr,
00426 int addr_len,
00427 pj_status_t status);
00428
00442 pj_bool_t (*on_data_sent)(pj_ssl_sock_t *ssock,
00443 pj_ioqueue_op_key_t *send_key,
00444 pj_ssize_t sent);
00445
00460 pj_bool_t (*on_accept_complete)(pj_ssl_sock_t *ssock,
00461 pj_ssl_sock_t *newsock,
00462 const pj_sockaddr_t *src_addr,
00463 int src_addr_len);
00464
00477 pj_bool_t (*on_connect_complete)(pj_ssl_sock_t *ssock,
00478 pj_status_t status);
00479
00480 } pj_ssl_sock_cb;
00481
00482
00486 typedef enum pj_ssl_sock_proto
00487 {
00488 PJ_SSL_SOCK_PROTO_DEFAULT,
00489 PJ_SSL_SOCK_PROTO_TLS1,
00490 PJ_SSL_SOCK_PROTO_SSL3,
00491 PJ_SSL_SOCK_PROTO_SSL23,
00493 PJ_SSL_SOCK_PROTO_SSL2,
00494 PJ_SSL_SOCK_PROTO_DTLS1
00495 } pj_ssl_sock_proto;
00496
00497
00501 typedef struct pj_ssl_sock_info
00502 {
00507 pj_bool_t established;
00508
00512 pj_ssl_sock_proto proto;
00513
00518 pj_ssl_cipher cipher;
00519
00523 pj_sockaddr local_addr;
00524
00528 pj_sockaddr remote_addr;
00529
00533 pj_ssl_cert_info *local_cert_info;
00534
00538 pj_ssl_cert_info *remote_cert_info;
00539
00543 pj_uint32_t verify_status;
00544
00548 unsigned long last_native_err;
00549
00550 } pj_ssl_sock_info;
00551
00552
00556 typedef struct pj_ssl_sock_param
00557 {
00563 int sock_af;
00564
00570 int sock_type;
00571
00576 pj_ioqueue_t *ioqueue;
00577
00583 pj_timer_heap_t *timer_heap;
00584
00588 pj_ssl_sock_cb cb;
00589
00593 void *user_data;
00594
00600 pj_ssl_sock_proto proto;
00601
00614 unsigned async_cnt;
00615
00629 int concurrency;
00630
00644 pj_bool_t whole_data;
00645
00654 pj_size_t send_buffer_size;
00655
00664 pj_size_t read_buffer_size;
00665
00671 unsigned ciphers_num;
00672
00677 pj_ssl_cipher *ciphers;
00678
00685 pj_time_val timeout;
00686
00692 pj_bool_t verify_peer;
00693
00700 pj_bool_t require_client_cert;
00701
00711 pj_str_t server_name;
00712
00720 pj_qos_type qos_type;
00721
00729 pj_qos_params qos_params;
00730
00737 pj_bool_t qos_ignore_error;
00738
00739
00740 } pj_ssl_sock_param;
00741
00742
00749 PJ_DECL(void) pj_ssl_sock_param_default(pj_ssl_sock_param *param);
00750
00751
00761 PJ_DECL(pj_status_t) pj_ssl_sock_create(pj_pool_t *pool,
00762 const pj_ssl_sock_param *param,
00763 pj_ssl_sock_t **p_ssock);
00764
00765
00781 PJ_DECL(pj_status_t) pj_ssl_sock_set_certificate(
00782 pj_ssl_sock_t *ssock,
00783 pj_pool_t *pool,
00784 const pj_ssl_cert_t *cert);
00785
00786
00795 PJ_DECL(pj_status_t) pj_ssl_sock_close(pj_ssl_sock_t *ssock);
00796
00797
00810 PJ_DECL(pj_status_t) pj_ssl_sock_set_user_data(pj_ssl_sock_t *ssock,
00811 void *user_data);
00812
00821 PJ_DECL(void*) pj_ssl_sock_get_user_data(pj_ssl_sock_t *ssock);
00822
00823
00832 PJ_DECL(pj_status_t) pj_ssl_sock_get_info(pj_ssl_sock_t *ssock,
00833 pj_ssl_sock_info *info);
00834
00835
00858 PJ_DECL(pj_status_t) pj_ssl_sock_start_read(pj_ssl_sock_t *ssock,
00859 pj_pool_t *pool,
00860 unsigned buff_size,
00861 pj_uint32_t flags);
00862
00877 PJ_DECL(pj_status_t) pj_ssl_sock_start_read2(pj_ssl_sock_t *ssock,
00878 pj_pool_t *pool,
00879 unsigned buff_size,
00880 void *readbuf[],
00881 pj_uint32_t flags);
00882
00896 PJ_DECL(pj_status_t) pj_ssl_sock_start_recvfrom(pj_ssl_sock_t *ssock,
00897 pj_pool_t *pool,
00898 unsigned buff_size,
00899 pj_uint32_t flags);
00900
00915 PJ_DECL(pj_status_t) pj_ssl_sock_start_recvfrom2(pj_ssl_sock_t *ssock,
00916 pj_pool_t *pool,
00917 unsigned buff_size,
00918 void *readbuf[],
00919 pj_uint32_t flags);
00920
00941 PJ_DECL(pj_status_t) pj_ssl_sock_send(pj_ssl_sock_t *ssock,
00942 pj_ioqueue_op_key_t *send_key,
00943 const void *data,
00944 pj_ssize_t *size,
00945 unsigned flags);
00946
00968 PJ_DECL(pj_status_t) pj_ssl_sock_sendto(pj_ssl_sock_t *ssock,
00969 pj_ioqueue_op_key_t *send_key,
00970 const void *data,
00971 pj_ssize_t *size,
00972 unsigned flags,
00973 const pj_sockaddr_t *addr,
00974 int addr_len);
00975
00976
00997 PJ_DECL(pj_status_t) pj_ssl_sock_start_accept(pj_ssl_sock_t *ssock,
00998 pj_pool_t *pool,
00999 const pj_sockaddr_t *local_addr,
01000 int addr_len);
01001
01002
01021 PJ_DECL(pj_status_t) pj_ssl_sock_start_connect(pj_ssl_sock_t *ssock,
01022 pj_pool_t *pool,
01023 const pj_sockaddr_t *localaddr,
01024 const pj_sockaddr_t *remaddr,
01025 int addr_len);
01026
01027
01042 PJ_DECL(pj_status_t) pj_ssl_sock_renegotiate(pj_ssl_sock_t *ssock);
01043
01044
01049 PJ_END_DECL
01050
01051 #endif