trap-manager: Wait for install to finish before uninstalling
[strongswan.git] / src / libtls / tls_handshake.h
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup tls_handshake tls_handshake
18 * @{ @ingroup libtls
19 */
20
21 #ifndef TLS_HANDSHAKE_H_
22 #define TLS_HANDSHAKE_H_
23
24 typedef struct tls_handshake_t tls_handshake_t;
25
26 #include "tls.h"
27
28 #include <bio/bio_reader.h>
29 #include <bio/bio_writer.h>
30
31 /**
32 * TLS handshake state machine interface.
33 */
34 struct tls_handshake_t {
35
36 /**
37 * Process received TLS handshake message.
38 *
39 * @param type TLS handshake message type
40 * @param reader TLS data buffer
41 * @return
42 * - SUCCESS if TLS negotiation complete
43 * - FAILED if a fatal TLS alert queued
44 * - NEED_MORE if more invocations to process/build needed
45 * - DESTROY_ME if a fatal TLS alert received
46 */
47 status_t (*process)(tls_handshake_t *this,
48 tls_handshake_type_t type, bio_reader_t *reader);
49
50 /**
51 * Build TLS handshake messages to send out.
52 *
53 * @param type type of created handshake message
54 * @param writer TLS data buffer to write to
55 * @return
56 * - SUCCESS if handshake complete
57 * - FAILED if handshake failed
58 * - NEED_MORE if more messages ready for delivery
59 * - INVALID_STATE if more input to process() required
60 */
61 status_t (*build)(tls_handshake_t *this,
62 tls_handshake_type_t *type, bio_writer_t *writer);
63
64 /**
65 * Check if the cipher spec should be changed for outgoing messages.
66 *
67 * @param inbound TRUE to check for inbound cipherspec change
68 * @return TRUE if cipher spec should be changed
69 */
70 bool (*cipherspec_changed)(tls_handshake_t *this, bool inbound);
71
72 /**
73 * Change the cipher for a direction.
74 *
75 * @param inbound TRUE to change inbound cipherspec, FALSE for outbound
76 */
77 void (*change_cipherspec)(tls_handshake_t *this, bool inbound);
78
79 /**
80 * Check if the finished message was decoded successfully.
81 *
82 * @return TRUE if finished message was decoded successfully
83 */
84 bool (*finished)(tls_handshake_t *this);
85
86 /**
87 * Get the peer identity authenticated/to authenticate during handshake.
88 *
89 * @return peer identity
90 */
91 identification_t* (*get_peer_id)(tls_handshake_t *this);
92
93 /**
94 * Get the server identity authenticated/to authenticate during handshake.
95 *
96 * @return server identity
97 */
98 identification_t* (*get_server_id)(tls_handshake_t *this);
99
100 /**
101 * Get the peers authentication information after completing the handshake.
102 *
103 * @return authentication data, internal data
104 */
105 auth_cfg_t* (*get_auth)(tls_handshake_t *this);
106
107 /**
108 * Destroy a tls_handshake_t.
109 */
110 void (*destroy)(tls_handshake_t *this);
111 };
112
113 #endif /** TLS_HANDSHAKE_H_ @}*/