ac714a3853ccdedf6fa4d145c721561739ac22ec
[strongswan.git] / src / libtls / tls_socket.h
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup tls_socket tls_socket
18 * @{ @ingroup libtls
19 */
20
21 #ifndef TLS_SOCKET_H_
22 #define TLS_SOCKET_H_
23
24 #include "tls.h"
25
26 typedef struct tls_socket_t tls_socket_t;
27
28 /**
29 * TLS secured socket.
30 *
31 * Wraps a blocking (socket) file descriptor for a reliable transport into a
32 * TLS secured socket. TLS negotiation happens on demand, certificates and
33 * private keys are fetched from any registered credential set.
34 */
35 struct tls_socket_t {
36
37 /**
38 * Read data from secured socket, return allocated chunk.
39 *
40 * This call is blocking, you may use select() on the underlying socket to
41 * wait for data. If the there was non-application data available, the
42 * read function can return an empty chunk.
43 *
44 * @param data pointer to allocate received data
45 * @return TRUE if data received successfully
46 */
47 bool (*read)(tls_socket_t *this, chunk_t *data);
48
49 /**
50 * Write a chunk of data over the secured socket.
51 *
52 * @param data data to send
53 * @return TRUE if data sent successfully
54 */
55 bool (*write)(tls_socket_t *this, chunk_t data);
56
57 /**
58 * Destroy a tls_socket_t.
59 */
60 void (*destroy)(tls_socket_t *this);
61 };
62
63 /**
64 * Create a tls_socket instance.
65 *
66 * @param is_server TRUE to act as TLS server
67 * @param server server identity
68 * @param peer client identity, NULL for no client authentication
69 * @param fd socket to read/write from
70 * @return TLS socket wrapper
71 */
72 tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
73 identification_t *peer, int fd);
74
75 #endif /** TLS_SOCKET_H_ @}*/