charon-nm: Set local address to %any so IPv6 may be used as outer address
[strongswan.git] / src / libtls / tls_protection.h
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup tls_protection tls_protection
18 * @{ @ingroup libtls
19 */
20
21 #ifndef TLS_PROTECTION_H_
22 #define TLS_PROTECTION_H_
23
24 #include <library.h>
25
26 typedef struct tls_protection_t tls_protection_t;
27
28 #include "tls.h"
29 #include "tls_aead.h"
30 #include "tls_alert.h"
31 #include "tls_compression.h"
32
33 /**
34 * TLS record protocol protection layer.
35 */
36 struct tls_protection_t {
37
38 /**
39 * Process a protected TLS record, pass it to upper layers.
40 *
41 * @param type type of the TLS record to process
42 * @param data associated TLS record data
43 * @return
44 * - SUCCESS if TLS negotiation complete
45 * - FAILED if TLS handshake failed
46 * - NEED_MORE if more invocations to process/build needed
47 */
48 status_t (*process)(tls_protection_t *this,
49 tls_content_type_t type, chunk_t data);
50
51 /**
52 * Query upper layer for TLS record, build protected record.
53 *
54 * @param type type of the built TLS record
55 * @param data allocated data of the built TLS record
56 * @return
57 * - SUCCESS if TLS negotiation complete
58 * - FAILED if TLS handshake failed
59 * - NEED_MORE if upper layers have more records to send
60 * - INVALID_STATE if more input records required
61 */
62 status_t (*build)(tls_protection_t *this,
63 tls_content_type_t *type, chunk_t *data);
64
65 /**
66 * Set a new transforms to use at protection layer
67 *
68 * @param inbound TRUE to use cipher for inbound data, FALSE for outbound
69 * @param aead new AEAD transform
70 */
71 void (*set_cipher)(tls_protection_t *this, bool inbound, tls_aead_t *aead);
72
73 /**
74 * Set the TLS version negotiated, used for MAC calculation.
75 *
76 * @param version TLS version negotiated
77 */
78 void (*set_version)(tls_protection_t *this, tls_version_t version);
79
80 /**
81 * Destroy a tls_protection_t.
82 */
83 void (*destroy)(tls_protection_t *this);
84 };
85
86 /**
87 * Create a tls_protection instance.
88 *
89 * @param compression compression layer of TLS stack
90 * @param alert TLS alert handler
91 * @return TLS protection layer.
92 */
93 tls_protection_t *tls_protection_create(tls_compression_t *compression,
94 tls_alert_t *alert);
95
96 #endif /** TLS_PROTECTION_H_ @}*/