Back to index

tor  0.2.3.19-rc
tortls.h
Go to the documentation of this file.
00001 /* Copyright (c) 2003, Roger Dingledine
00002  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
00003  * Copyright (c) 2007-2012, The Tor Project, Inc. */
00004 /* See LICENSE for licensing information */
00005 
00006 #ifndef _TOR_TORTLS_H
00007 #define _TOR_TORTLS_H
00008 
00014 #include "crypto.h"
00015 #include "compat.h"
00016 
00017 /* Opaque structure to hold a TLS connection. */
00018 typedef struct tor_tls_t tor_tls_t;
00019 
00020 /* Opaque structure to hold an X509 certificate. */
00021 typedef struct tor_cert_t tor_cert_t;
00022 
00023 /* Possible return values for most tor_tls_* functions. */
00024 #define _MIN_TOR_TLS_ERROR_VAL     -9
00025 #define TOR_TLS_ERROR_MISC         -9
00026 /* Rename to unexpected close or something. XXXX */
00027 #define TOR_TLS_ERROR_IO           -8
00028 #define TOR_TLS_ERROR_CONNREFUSED  -7
00029 #define TOR_TLS_ERROR_CONNRESET    -6
00030 #define TOR_TLS_ERROR_NO_ROUTE     -5
00031 #define TOR_TLS_ERROR_TIMEOUT      -4
00032 #define TOR_TLS_CLOSE              -3
00033 #define TOR_TLS_WANTREAD           -2
00034 #define TOR_TLS_WANTWRITE          -1
00035 #define TOR_TLS_DONE                0
00036 
00039 #define CASE_TOR_TLS_ERROR_ANY_NONIO            \
00040   case TOR_TLS_ERROR_MISC:                      \
00041   case TOR_TLS_ERROR_CONNREFUSED:               \
00042   case TOR_TLS_ERROR_CONNRESET:                 \
00043   case TOR_TLS_ERROR_NO_ROUTE:                  \
00044   case TOR_TLS_ERROR_TIMEOUT
00045 
00048 #define CASE_TOR_TLS_ERROR_ANY                  \
00049   CASE_TOR_TLS_ERROR_ANY_NONIO:                 \
00050   case TOR_TLS_ERROR_IO
00051 
00052 #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
00053 const char *tor_tls_err_to_string(int err);
00054 void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
00055 
00056 void tor_tls_free_all(void);
00057 int tor_tls_context_init(int is_public_server,
00058                          crypto_pk_t *client_identity,
00059                          crypto_pk_t *server_identity,
00060                          unsigned int key_lifetime);
00061 tor_tls_t *tor_tls_new(int sock, int is_server);
00062 void tor_tls_set_logged_address(tor_tls_t *tls, const char *address);
00063 void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
00064                                       void (*cb)(tor_tls_t *, void *arg),
00065                                       void *arg);
00066 int tor_tls_is_server(tor_tls_t *tls);
00067 void tor_tls_free(tor_tls_t *tls);
00068 int tor_tls_peer_has_cert(tor_tls_t *tls);
00069 tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
00070 int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
00071 int tor_tls_check_lifetime(int severity,
00072                            tor_tls_t *tls, int past_tolerance,
00073                            int future_tolerance);
00074 int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
00075 int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
00076 int tor_tls_handshake(tor_tls_t *tls);
00077 int tor_tls_finish_handshake(tor_tls_t *tls);
00078 int tor_tls_renegotiate(tor_tls_t *tls);
00079 void tor_tls_unblock_renegotiation(tor_tls_t *tls);
00080 void tor_tls_block_renegotiation(tor_tls_t *tls);
00081 void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
00082 int tor_tls_shutdown(tor_tls_t *tls);
00083 int tor_tls_get_pending_bytes(tor_tls_t *tls);
00084 size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
00085 
00086 void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
00087                              size_t *n_read, size_t *n_written);
00088 
00089 void tor_tls_get_buffer_sizes(tor_tls_t *tls,
00090                               size_t *rbuf_capacity, size_t *rbuf_bytes,
00091                               size_t *wbuf_capacity, size_t *wbuf_bytes);
00092 
00093 int tor_tls_used_v1_handshake(tor_tls_t *tls);
00094 int tor_tls_received_v3_certificate(tor_tls_t *tls);
00095 int tor_tls_get_num_server_handshakes(tor_tls_t *tls);
00096 int tor_tls_server_got_renegotiate(tor_tls_t *tls);
00097 int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out);
00098 
00099 /* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
00100  */
00101 #define check_no_tls_errors() _check_no_tls_errors(__FILE__,__LINE__)
00102 
00103 void _check_no_tls_errors(const char *fname, int line);
00104 void tor_tls_log_one_error(tor_tls_t *tls, unsigned long err,
00105                            int severity, int domain, const char *doing);
00106 
00107 #ifdef USE_BUFFEREVENTS
00108 int tor_tls_start_renegotiating(tor_tls_t *tls);
00109 struct bufferevent *tor_tls_init_bufferevent(tor_tls_t *tls,
00110                                      struct bufferevent *bufev_in,
00111                                       evutil_socket_t socket, int receiving,
00112                                      int filter);
00113 #endif
00114 
00115 void tor_cert_free(tor_cert_t *cert);
00116 tor_cert_t *tor_cert_decode(const uint8_t *certificate,
00117                             size_t certificate_len);
00118 void tor_cert_get_der(const tor_cert_t *cert,
00119                       const uint8_t **encoded_out, size_t *size_out);
00120 const digests_t *tor_cert_get_id_digests(const tor_cert_t *cert);
00121 const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert);
00122 int tor_tls_get_my_certs(int server,
00123                          const tor_cert_t **link_cert_out,
00124                          const tor_cert_t **id_cert_out);
00125 crypto_pk_t *tor_tls_get_my_client_auth_key(void);
00126 crypto_pk_t *tor_tls_cert_get_key(tor_cert_t *cert);
00127 int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert);
00128 int tor_tls_cert_is_valid(int severity,
00129                           const tor_cert_t *cert,
00130                           const tor_cert_t *signing_cert,
00131                           int check_rsa_1024);
00132 
00133 #endif
00134