/* srp-tls.h * * Copyright (c) 2019-2021 Apple Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * TLS Shim definitions. These entry points should in principle work for any TLS * library, with the addition of a single shim file, for example tls-mbedtls.c. */ #ifndef __SRP_TLS_H #define __SRP_TLS_H // Anonymous key structure, depends on the target. typedef struct srp_key srp_key_t; #ifdef SRP_CRYPTO_MBEDTLS_INTERNAL #include #include #include struct tls_context { struct mbedtls_ssl_context context; enum { handshake_in_progress, handshake_complete } state; }; #endif // SRP_CRYPTO_MBEDTLS_INTERNAL #ifdef SRP_CRYPTO_MACOS #include "tls-macos.h" #endif // tls_*.c: bool srp_tls_init(void); bool srp_tls_client_init(void); bool srp_tls_server_init(const char *NULLABLE cacert_file, const char *NULLABLE srvcrt_file, const char *NULLABLE server_key_file); bool srp_tls_accept_setup(comm_t *NONNULL comm); bool srp_tls_listen_callback(comm_t *NONNULL comm); bool srp_tls_connect_callback(comm_t *NONNULL comm); ssize_t srp_tls_read(comm_t *NONNULL comm, unsigned char *NONNULL buf, size_t max); void srp_tls_context_free(comm_t *NONNULL comm); ssize_t srp_tls_write(comm_t *NONNULL comm, struct iovec *NONNULL iov, int iov_len); /*! * @brief * Configure TLS with the identity. * * @param context * Context passed to this function to let it finish the configuration process. * * @discussion * This function can only be called after srp_tls_init() is called to fetch the necessary identity. * */ void srp_tls_configure(void *NULLABLE context); /*! * @brief * Gets the remaining valid time for the TLS certificate that is initialized by srp_tls_init(). * * @result * The remaining time valid time before TLS certificate expires. * * @discussion * srp_tls_init() has to be called to initialize the TLS certificate before calling this function. */ uint32_t srp_tls_get_next_rotation_time(void); /*! * @brief * Destroy the TLS certificate that is initialized by srp_tls_init(). * * @discussion * srp_tls_init() has to be called to initialize the TLS certificate before calling this function. */ void srp_tls_dispose(void); /*! * @brief * Schedule a wake up event so that the TLS certificate that is expiring * soon can be replaced with a newer one. * * @param tls_listener_wakeup * The pointer to the tls_listener_wakeup context that can be used to * schedule a wakeup event. * * @param tls_listener_to_rotate * The TLS listener object created before that needs to be rotated. * * @discussion * The TLS rotation time is controlled by * TLS_CERTIFICATE_VALID_PERIOD_SECS. */ void schedule_tls_certificate_rotation(wakeup_t * NULLABLE * NONNULL tls_listener_wakeup, comm_t * NONNULL tls_listener_to_rotate); #endif // __SRP_TLS_H // Local Variables: // mode: C // tab-width: 4 // c-file-style: "bsd" // c-basic-offset: 4 // fill-column: 108 // indent-tabs-mode: nil // End: