tortls.h 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. /* Copyright (c) 2003, Roger Dingledine
  2. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  3. * Copyright (c) 2007-2015, The Tor Project, Inc. */
  4. /* See LICENSE for licensing information */
  5. #ifndef TOR_TORTLS_H
  6. #define TOR_TORTLS_H
  7. /**
  8. * \file tortls.h
  9. * \brief Headers for tortls.c
  10. **/
  11. #include "crypto.h"
  12. #include "compat.h"
  13. #include "testsupport.h"
  14. /* Opaque structure to hold a TLS connection. */
  15. typedef struct tor_tls_t tor_tls_t;
  16. /* Opaque structure to hold an X509 certificate. */
  17. typedef struct tor_cert_t tor_cert_t;
  18. /* Possible return values for most tor_tls_* functions. */
  19. #define MIN_TOR_TLS_ERROR_VAL_ -9
  20. #define TOR_TLS_ERROR_MISC -9
  21. /* Rename to unexpected close or something. XXXX */
  22. #define TOR_TLS_ERROR_IO -8
  23. #define TOR_TLS_ERROR_CONNREFUSED -7
  24. #define TOR_TLS_ERROR_CONNRESET -6
  25. #define TOR_TLS_ERROR_NO_ROUTE -5
  26. #define TOR_TLS_ERROR_TIMEOUT -4
  27. #define TOR_TLS_CLOSE -3
  28. #define TOR_TLS_WANTREAD -2
  29. #define TOR_TLS_WANTWRITE -1
  30. #define TOR_TLS_DONE 0
  31. /** Collection of case statements for all TLS errors that are not due to
  32. * underlying IO failure. */
  33. #define CASE_TOR_TLS_ERROR_ANY_NONIO \
  34. case TOR_TLS_ERROR_MISC: \
  35. case TOR_TLS_ERROR_CONNREFUSED: \
  36. case TOR_TLS_ERROR_CONNRESET: \
  37. case TOR_TLS_ERROR_NO_ROUTE: \
  38. case TOR_TLS_ERROR_TIMEOUT
  39. /** Use this macro in a switch statement to catch _any_ TLS error. That way,
  40. * if more errors are added, your switches will still work. */
  41. #define CASE_TOR_TLS_ERROR_ANY \
  42. CASE_TOR_TLS_ERROR_ANY_NONIO: \
  43. case TOR_TLS_ERROR_IO
  44. #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
  45. const char *tor_tls_err_to_string(int err);
  46. void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
  47. void tor_tls_free_all(void);
  48. #define TOR_TLS_CTX_IS_PUBLIC_SERVER (1u<<0)
  49. #define TOR_TLS_CTX_USE_ECDHE_P256 (1u<<1)
  50. #define TOR_TLS_CTX_USE_ECDHE_P224 (1u<<2)
  51. int tor_tls_context_init(unsigned flags,
  52. crypto_pk_t *client_identity,
  53. crypto_pk_t *server_identity,
  54. unsigned int key_lifetime);
  55. tor_tls_t *tor_tls_new(int sock, int is_server);
  56. void tor_tls_set_logged_address(tor_tls_t *tls, const char *address);
  57. void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
  58. void (*cb)(tor_tls_t *, void *arg),
  59. void *arg);
  60. int tor_tls_is_server(tor_tls_t *tls);
  61. void tor_tls_free(tor_tls_t *tls);
  62. int tor_tls_peer_has_cert(tor_tls_t *tls);
  63. tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
  64. int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
  65. int tor_tls_check_lifetime(int severity,
  66. tor_tls_t *tls, int past_tolerance,
  67. int future_tolerance);
  68. int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
  69. int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
  70. int tor_tls_handshake(tor_tls_t *tls);
  71. int tor_tls_finish_handshake(tor_tls_t *tls);
  72. int tor_tls_renegotiate(tor_tls_t *tls);
  73. void tor_tls_unblock_renegotiation(tor_tls_t *tls);
  74. void tor_tls_block_renegotiation(tor_tls_t *tls);
  75. void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
  76. int tor_tls_shutdown(tor_tls_t *tls);
  77. int tor_tls_get_pending_bytes(tor_tls_t *tls);
  78. size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
  79. void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
  80. size_t *n_read, size_t *n_written);
  81. void tor_tls_get_buffer_sizes(tor_tls_t *tls,
  82. size_t *rbuf_capacity, size_t *rbuf_bytes,
  83. size_t *wbuf_capacity, size_t *wbuf_bytes);
  84. MOCK_DECL(double, tls_get_write_overhead_ratio, (void));
  85. int tor_tls_used_v1_handshake(tor_tls_t *tls);
  86. int tor_tls_received_v3_certificate(tor_tls_t *tls);
  87. int tor_tls_get_num_server_handshakes(tor_tls_t *tls);
  88. int tor_tls_server_got_renegotiate(tor_tls_t *tls);
  89. int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out);
  90. /* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
  91. */
  92. #define check_no_tls_errors() check_no_tls_errors_(__FILE__,__LINE__)
  93. void check_no_tls_errors_(const char *fname, int line);
  94. void tor_tls_log_one_error(tor_tls_t *tls, unsigned long err,
  95. int severity, int domain, const char *doing);
  96. #ifdef USE_BUFFEREVENTS
  97. int tor_tls_start_renegotiating(tor_tls_t *tls);
  98. struct bufferevent *tor_tls_init_bufferevent(tor_tls_t *tls,
  99. struct bufferevent *bufev_in,
  100. evutil_socket_t socket, int receiving,
  101. int filter);
  102. #endif
  103. void tor_cert_free(tor_cert_t *cert);
  104. tor_cert_t *tor_cert_decode(const uint8_t *certificate,
  105. size_t certificate_len);
  106. void tor_cert_get_der(const tor_cert_t *cert,
  107. const uint8_t **encoded_out, size_t *size_out);
  108. const digests_t *tor_cert_get_id_digests(const tor_cert_t *cert);
  109. const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert);
  110. int tor_tls_get_my_certs(int server,
  111. const tor_cert_t **link_cert_out,
  112. const tor_cert_t **id_cert_out);
  113. crypto_pk_t *tor_tls_get_my_client_auth_key(void);
  114. crypto_pk_t *tor_tls_cert_get_key(tor_cert_t *cert);
  115. int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert);
  116. int tor_tls_cert_is_valid(int severity,
  117. const tor_cert_t *cert,
  118. const tor_cert_t *signing_cert,
  119. int check_rsa_1024);
  120. const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
  121. #endif