|
|
|
|
Home --> Documentations --> PJLIB Reference ssl_sock.h
Go to the documentation of this file.
00001 /* $Id: ssl_sock.h 4376 2013-02-27 09:41:37Z nanang $ */ 00002 /* 00003 * Copyright (C) 2009-2011 Teluu Inc. (http://www.teluu.com) 00004 * 00005 * This program is free software; you can redistribute it and/or modify 00006 * it under the terms of the GNU General Public License as published by 00007 * the Free Software Foundation; either version 2 of the License, or 00008 * (at your option) any later version. 00009 * 00010 * This program is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00013 * GNU General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU General Public License 00016 * along with this program; if not, write to the Free Software 00017 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 00018 */ 00019 #ifndef __PJ_SSL_SOCK_H__ 00020 #define __PJ_SSL_SOCK_H__ 00021 00027 #include <pj/ioqueue.h> 00028 #include <pj/sock.h> 00029 #include <pj/sock_qos.h> 00030 00031 00032 PJ_BEGIN_DECL 00033 00053 typedef struct pj_ssl_sock_t pj_ssl_sock_t; 00054 00055 00060 typedef struct pj_ssl_cert_t pj_ssl_cert_t; 00061 00062 00063 typedef enum pj_ssl_cert_verify_flag_t 00064 { 00068 PJ_SSL_CERT_ESUCCESS = 0, 00069 00073 PJ_SSL_CERT_EISSUER_NOT_FOUND = (1 << 0), 00074 00078 PJ_SSL_CERT_EUNTRUSTED = (1 << 1), 00079 00083 PJ_SSL_CERT_EVALIDITY_PERIOD = (1 << 2), 00084 00089 PJ_SSL_CERT_EINVALID_FORMAT = (1 << 3), 00090 00094 PJ_SSL_CERT_EINVALID_PURPOSE = (1 << 4), 00095 00101 PJ_SSL_CERT_EISSUER_MISMATCH = (1 << 5), 00102 00106 PJ_SSL_CERT_ECRL_FAILURE = (1 << 6), 00107 00111 PJ_SSL_CERT_EREVOKED = (1 << 7), 00112 00116 PJ_SSL_CERT_ECHAIN_TOO_LONG = (1 << 8), 00117 00124 PJ_SSL_CERT_EIDENTITY_NOT_MATCH = (1 << 30), 00125 00129 PJ_SSL_CERT_EUNKNOWN = (1 << 31) 00130 00131 } pj_ssl_cert_verify_flag_t; 00132 00133 00134 typedef enum pj_ssl_cert_name_type 00135 { 00136 PJ_SSL_CERT_NAME_UNKNOWN = 0, 00137 PJ_SSL_CERT_NAME_RFC822, 00138 PJ_SSL_CERT_NAME_DNS, 00139 PJ_SSL_CERT_NAME_URI, 00140 PJ_SSL_CERT_NAME_IP 00141 } pj_ssl_cert_name_type; 00142 00146 typedef struct pj_ssl_cert_info { 00147 00148 unsigned version; 00150 pj_uint8_t serial_no[20]; 00154 struct { 00155 pj_str_t cn; 00156 pj_str_t info; 00159 } subject; 00161 struct { 00162 pj_str_t cn; 00163 pj_str_t info; 00165 } issuer; 00167 struct { 00168 pj_time_val start; 00169 pj_time_val end; 00170 pj_bool_t gmt; 00172 } validity; 00174 struct { 00175 unsigned cnt; 00176 struct { 00177 pj_ssl_cert_name_type type; 00179 pj_str_t name; 00180 } *entry; 00181 } subj_alt_name; 00184 } pj_ssl_cert_info; 00185 00186 00198 PJ_DECL(pj_status_t) pj_ssl_cert_load_from_files(pj_pool_t *pool, 00199 const pj_str_t *CA_file, 00200 const pj_str_t *cert_file, 00201 const pj_str_t *privkey_file, 00202 const pj_str_t *privkey_pass, 00203 pj_ssl_cert_t **p_cert); 00204 00205 00217 PJ_DECL(pj_ssize_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, 00218 const char *indent, 00219 char *buf, 00220 pj_size_t buf_size); 00221 00222 00235 PJ_DECL(pj_status_t) pj_ssl_cert_get_verify_status_strings( 00236 pj_uint32_t verify_status, 00237 const char *error_strings[], 00238 unsigned *count); 00239 00240 00244 typedef enum pj_ssl_cipher { 00245 00246 /* NULL */ 00247 PJ_TLS_NULL_WITH_NULL_NULL = 0x00000000, 00248 00249 /* TLS/SSLv3 */ 00250 PJ_TLS_RSA_WITH_NULL_MD5 = 0x00000001, 00251 PJ_TLS_RSA_WITH_NULL_SHA = 0x00000002, 00252 PJ_TLS_RSA_WITH_NULL_SHA256 = 0x0000003B, 00253 PJ_TLS_RSA_WITH_RC4_128_MD5 = 0x00000004, 00254 PJ_TLS_RSA_WITH_RC4_128_SHA = 0x00000005, 00255 PJ_TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x0000000A, 00256 PJ_TLS_RSA_WITH_AES_128_CBC_SHA = 0x0000002F, 00257 PJ_TLS_RSA_WITH_AES_256_CBC_SHA = 0x00000035, 00258 PJ_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003C, 00259 PJ_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x0000003D, 00260 PJ_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x0000000D, 00261 PJ_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000010, 00262 PJ_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x00000013, 00263 PJ_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000016, 00264 PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x00000030, 00265 PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x00000031, 00266 PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x00000032, 00267 PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x00000033, 00268 PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x00000036, 00269 PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x00000037, 00270 PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x00000038, 00271 PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x00000039, 00272 PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x0000003E, 00273 PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003F, 00274 PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x00000040, 00275 PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x00000067, 00276 PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x00000068, 00277 PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x00000069, 00278 PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x0000006A, 00279 PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x0000006B, 00280 PJ_TLS_DH_anon_WITH_RC4_128_MD5 = 0x00000018, 00281 PJ_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x0000001B, 00282 PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x00000034, 00283 PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x0000003A, 00284 PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x0000006C, 00285 PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x0000006D, 00286 00287 /* TLS (deprecated) */ 00288 PJ_TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x00000003, 00289 PJ_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x00000006, 00290 PJ_TLS_RSA_WITH_IDEA_CBC_SHA = 0x00000007, 00291 PJ_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000008, 00292 PJ_TLS_RSA_WITH_DES_CBC_SHA = 0x00000009, 00293 PJ_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0000000B, 00294 PJ_TLS_DH_DSS_WITH_DES_CBC_SHA = 0x0000000C, 00295 PJ_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0000000E, 00296 PJ_TLS_DH_RSA_WITH_DES_CBC_SHA = 0x0000000F, 00297 PJ_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x00000011, 00298 PJ_TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x00000012, 00299 PJ_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000014, 00300 PJ_TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x00000015, 00301 PJ_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x00000017, 00302 PJ_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x00000019, 00303 PJ_TLS_DH_anon_WITH_DES_CBC_SHA = 0x0000001A, 00304 00305 /* SSLv3 */ 00306 PJ_SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x0000001C, 00307 PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x0000001D, 00308 PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E, 00309 00310 /* SSLv2 */ 00311 PJ_SSL_CK_RC4_128_WITH_MD5 = 0x00010080, 00312 PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x00020080, 00313 PJ_SSL_CK_RC2_128_CBC_WITH_MD5 = 0x00030080, 00314 PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x00040080, 00315 PJ_SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x00050080, 00316 PJ_SSL_CK_DES_64_CBC_WITH_MD5 = 0x00060040, 00317 PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x000700C0 00318 00319 } pj_ssl_cipher; 00320 00321 00330 PJ_DECL(pj_status_t) pj_ssl_cipher_get_availables(pj_ssl_cipher ciphers[], 00331 unsigned *cipher_num); 00332 00333 00341 PJ_DECL(pj_bool_t) pj_ssl_cipher_is_supported(pj_ssl_cipher cipher); 00342 00343 00352 PJ_DECL(const char*) pj_ssl_cipher_name(pj_ssl_cipher cipher); 00353 00354 00363 PJ_DECL(pj_ssl_cipher) pj_ssl_cipher_id(const char *cipher_name); 00364 00365 00369 typedef struct pj_ssl_sock_cb 00370 { 00397 pj_bool_t (*on_data_read)(pj_ssl_sock_t *ssock, 00398 void *data, 00399 pj_size_t size, 00400 pj_status_t status, 00401 pj_size_t *remainder); 00422 pj_bool_t (*on_data_recvfrom)(pj_ssl_sock_t *ssock, 00423 void *data, 00424 pj_size_t size, 00425 const pj_sockaddr_t *src_addr, 00426 int addr_len, 00427 pj_status_t status); 00428 00442 pj_bool_t (*on_data_sent)(pj_ssl_sock_t *ssock, 00443 pj_ioqueue_op_key_t *send_key, 00444 pj_ssize_t sent); 00445 00460 pj_bool_t (*on_accept_complete)(pj_ssl_sock_t *ssock, 00461 pj_ssl_sock_t *newsock, 00462 const pj_sockaddr_t *src_addr, 00463 int src_addr_len); 00464 00477 pj_bool_t (*on_connect_complete)(pj_ssl_sock_t *ssock, 00478 pj_status_t status); 00479 00480 } pj_ssl_sock_cb; 00481 00482 00486 typedef enum pj_ssl_sock_proto 00487 { 00488 PJ_SSL_SOCK_PROTO_DEFAULT, 00489 PJ_SSL_SOCK_PROTO_TLS1, 00490 PJ_SSL_SOCK_PROTO_SSL3, 00491 PJ_SSL_SOCK_PROTO_SSL23, 00493 PJ_SSL_SOCK_PROTO_SSL2, 00494 PJ_SSL_SOCK_PROTO_DTLS1 00495 } pj_ssl_sock_proto; 00496 00497 00501 typedef struct pj_ssl_sock_info 00502 { 00507 pj_bool_t established; 00508 00512 pj_ssl_sock_proto proto; 00513 00518 pj_ssl_cipher cipher; 00519 00523 pj_sockaddr local_addr; 00524 00528 pj_sockaddr remote_addr; 00529 00533 pj_ssl_cert_info *local_cert_info; 00534 00538 pj_ssl_cert_info *remote_cert_info; 00539 00543 pj_uint32_t verify_status; 00544 00548 unsigned long last_native_err; 00549 00550 } pj_ssl_sock_info; 00551 00552 00556 typedef struct pj_ssl_sock_param 00557 { 00563 int sock_af; 00564 00570 int sock_type; 00571 00576 pj_ioqueue_t *ioqueue; 00577 00583 pj_timer_heap_t *timer_heap; 00584 00588 pj_ssl_sock_cb cb; 00589 00593 void *user_data; 00594 00600 pj_ssl_sock_proto proto; 00601 00614 unsigned async_cnt; 00615 00629 int concurrency; 00630 00644 pj_bool_t whole_data; 00645 00654 pj_size_t send_buffer_size; 00655 00664 pj_size_t read_buffer_size; 00665 00671 unsigned ciphers_num; 00672 00677 pj_ssl_cipher *ciphers; 00678 00685 pj_time_val timeout; 00686 00692 pj_bool_t verify_peer; 00693 00700 pj_bool_t require_client_cert; 00701 00711 pj_str_t server_name; 00712 00720 pj_qos_type qos_type; 00721 00729 pj_qos_params qos_params; 00730 00737 pj_bool_t qos_ignore_error; 00738 00739 00740 } pj_ssl_sock_param; 00741 00742 00749 PJ_DECL(void) pj_ssl_sock_param_default(pj_ssl_sock_param *param); 00750 00751 00761 PJ_DECL(pj_status_t) pj_ssl_sock_create(pj_pool_t *pool, 00762 const pj_ssl_sock_param *param, 00763 pj_ssl_sock_t **p_ssock); 00764 00765 00781 PJ_DECL(pj_status_t) pj_ssl_sock_set_certificate( 00782 pj_ssl_sock_t *ssock, 00783 pj_pool_t *pool, 00784 const pj_ssl_cert_t *cert); 00785 00786 00795 PJ_DECL(pj_status_t) pj_ssl_sock_close(pj_ssl_sock_t *ssock); 00796 00797 00810 PJ_DECL(pj_status_t) pj_ssl_sock_set_user_data(pj_ssl_sock_t *ssock, 00811 void *user_data); 00812 00821 PJ_DECL(void*) pj_ssl_sock_get_user_data(pj_ssl_sock_t *ssock); 00822 00823 00832 PJ_DECL(pj_status_t) pj_ssl_sock_get_info(pj_ssl_sock_t *ssock, 00833 pj_ssl_sock_info *info); 00834 00835 00858 PJ_DECL(pj_status_t) pj_ssl_sock_start_read(pj_ssl_sock_t *ssock, 00859 pj_pool_t *pool, 00860 unsigned buff_size, 00861 pj_uint32_t flags); 00862 00877 PJ_DECL(pj_status_t) pj_ssl_sock_start_read2(pj_ssl_sock_t *ssock, 00878 pj_pool_t *pool, 00879 unsigned buff_size, 00880 void *readbuf[], 00881 pj_uint32_t flags); 00882 00896 PJ_DECL(pj_status_t) pj_ssl_sock_start_recvfrom(pj_ssl_sock_t *ssock, 00897 pj_pool_t *pool, 00898 unsigned buff_size, 00899 pj_uint32_t flags); 00900 00915 PJ_DECL(pj_status_t) pj_ssl_sock_start_recvfrom2(pj_ssl_sock_t *ssock, 00916 pj_pool_t *pool, 00917 unsigned buff_size, 00918 void *readbuf[], 00919 pj_uint32_t flags); 00920 00941 PJ_DECL(pj_status_t) pj_ssl_sock_send(pj_ssl_sock_t *ssock, 00942 pj_ioqueue_op_key_t *send_key, 00943 const void *data, 00944 pj_ssize_t *size, 00945 unsigned flags); 00946 00968 PJ_DECL(pj_status_t) pj_ssl_sock_sendto(pj_ssl_sock_t *ssock, 00969 pj_ioqueue_op_key_t *send_key, 00970 const void *data, 00971 pj_ssize_t *size, 00972 unsigned flags, 00973 const pj_sockaddr_t *addr, 00974 int addr_len); 00975 00976 00997 PJ_DECL(pj_status_t) pj_ssl_sock_start_accept(pj_ssl_sock_t *ssock, 00998 pj_pool_t *pool, 00999 const pj_sockaddr_t *local_addr, 01000 int addr_len); 01001 01002 01021 PJ_DECL(pj_status_t) pj_ssl_sock_start_connect(pj_ssl_sock_t *ssock, 01022 pj_pool_t *pool, 01023 const pj_sockaddr_t *localaddr, 01024 const pj_sockaddr_t *remaddr, 01025 int addr_len); 01026 01027 01042 PJ_DECL(pj_status_t) pj_ssl_sock_renegotiate(pj_ssl_sock_t *ssock); 01043 01044 01049 PJ_END_DECL 01050 01051 #endif /* __PJ_SSL_SOCK_H__ */
Copyright (C) 2006-2009 Teluu Inc. |