Rebuild library.lo after changing ./configure options
[strongswan.git] / src / libtls / tls_protection.h
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup tls_protection tls_protection
18 * @{ @ingroup libtls
19 */
20
21 #ifndef TLS_PROTECTION_H_
22 #define TLS_PROTECTION_H_
23
24 typedef struct tls_protection_t tls_protection_t;
25
26 #include <library.h>
27
28 #include "tls.h"
29 #include "tls_compression.h"
30
31 /**
32 * TLS record protocol protection layer.
33 */
34 struct tls_protection_t {
35
36 /**
37 * Process a protected TLS record, pass it to upper layers.
38 *
39 * @param type type of the TLS record to process
40 * @param data associated TLS record data
41 * @return
42 * - SUCCESS if TLS negotiation complete
43 * - FAILED if TLS handshake failed
44 * - NEED_MORE if more invocations to process/build needed
45 */
46 status_t (*process)(tls_protection_t *this,
47 tls_content_type_t type, chunk_t data);
48
49 /**
50 * Query upper layer for TLS record, build protected record.
51 *
52 * @param type type of the built TLS record
53 * @param data allocated data of the built TLS record
54 * @return
55 * - SUCCESS if TLS negotiation complete
56 * - FAILED if TLS handshake failed
57 * - NEED_MORE if upper layers have more records to send
58 * - INVALID_STATE if more input records required
59 */
60 status_t (*build)(tls_protection_t *this,
61 tls_content_type_t *type, chunk_t *data);
62
63 /**
64 * Set a new cipher, including encryption and integrity algorithms.
65 *
66 * @param inbound TRUE to use cipher for inbound data, FALSE for outbound
67 * @param signer new signer to use, gets owned by protection layer
68 * @param crypter new crypter to use, gets owned by protection layer
69 * @param iv initial IV for crypter, gets owned by protection layer
70 */
71 void (*set_cipher)(tls_protection_t *this, bool inbound, signer_t *signer,
72 crypter_t *crypter, chunk_t iv);
73
74 /**
75 * Destroy a tls_protection_t.
76 */
77 void (*destroy)(tls_protection_t *this);
78 };
79
80 /**
81 * Create a tls_protection instance.
82 *
83 * @param tls TLS context
84 * @param compression compression layer of TLS stack
85 * @return TLS protection layer.
86 */
87 tls_protection_t *tls_protection_create(tls_t *tls,
88 tls_compression_t *compression);
89
90 #endif /** TLS_PROTECTION_H_ @}*/