Separated cipherspec checking and switching, allowing us to defer the second
[strongswan.git] / src / libtls / tls_handshake.h
index c079862..bea0024 100644 (file)
@@ -24,8 +24,9 @@
 typedef struct tls_handshake_t tls_handshake_t;
 
 #include "tls.h"
-#include "tls_reader.h"
-#include "tls_writer.h"
+
+#include <bio/bio_reader.h>
+#include <bio/bio_writer.h>
 
 /**
  * TLS handshake state machine interface.
@@ -38,12 +39,13 @@ struct tls_handshake_t {
         * @param type          TLS handshake message type
         * @param reader        TLS data buffer
         * @return
-        *                                      - SUCCESS if handshake complete
-        *                                      - FAILED if handshake failed
-        *                                      - NEED_MORE if another invocation of process/build needed
+        *                                      - SUCCESS if TLS negotiation complete
+        *                                      - FAILED if a fatal TLS alert queued
+        *                                      - NEED_MORE if more invocations to process/build needed
+        *                                      - DESTROY_ME if a fatal TLS alert received
         */
        status_t (*process)(tls_handshake_t *this,
-                                               tls_handshake_type_t type, tls_reader_t *reader);
+                                               tls_handshake_type_t type, bio_reader_t *reader);
 
        /**
         * Build TLS handshake messages to send out.
@@ -57,21 +59,29 @@ struct tls_handshake_t {
         *                                      - INVALID_STATE if more input to process() required
         */
        status_t (*build)(tls_handshake_t *this,
-                                         tls_handshake_type_t *type, tls_writer_t *writer);
+                                         tls_handshake_type_t *type, bio_writer_t *writer);
+
+       /**
+        * Check if the cipher spec should be changed for outgoing messages.
+        *
+        * @param inbound       TRUE to check for inbound cipherspec change
+        * @return                      TRUE if cipher spec should be changed
+        */
+       bool (*cipherspec_changed)(tls_handshake_t *this, bool inbound);
 
        /**
-        * Check if the cipher spec for outgoing messages has changed.
+        * Change the cipher for a direction.
         *
-        * @return                      TRUE if cipher spec changed
+        * @param inbound       TRUE to change inbound cipherspec, FALSE for outbound
         */
-       bool (*cipherspec_changed)(tls_handshake_t *this);
+       void (*change_cipherspec)(tls_handshake_t *this, bool inbound);
 
        /**
-        * Change the cipher spec for incoming messages.
+        * Check if the finished message was decoded successfully.
         *
-        * @return                      TRUE if cipher spec changed
+        * @return                      TRUE if finished message was decoded successfully
         */
-       bool (*change_cipherspec)(tls_handshake_t *this);
+       bool (*finished)(tls_handshake_t *this);
 
        /**
         * Destroy a tls_handshake_t.