libwebsockets
Lightweight C library for HTML5 websockets
Loading...
Searching...
No Matches
lws-gendtls.h
Go to the documentation of this file.
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2020 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
35
36#if defined(LWS_WITH_DTLS)
37
38#if defined(LWS_WITH_MBEDTLS)
39#include <mbedtls/ssl.h>
40#if !defined(LWS_HAVE_MBEDTLS_V4)
41#include <mbedtls/entropy.h>
42#include <mbedtls/ctr_drbg.h>
43#endif
44#include <mbedtls/ssl_cookie.h>
45#elif defined(LWS_WITH_GNUTLS)
46#include <gnutls/gnutls.h>
47#elif defined(LWS_WITH_SCHANNEL)
48#define SECURITY_WIN32
49#include <security.h>
50#include <schannel.h>
51#else /* OpenSSL */
52#include <openssl/ssl.h>
53#endif
54
55struct lws_gendtls_ctx {
56#if defined(LWS_WITH_MBEDTLS)
57 mbedtls_ssl_context ssl;
58 mbedtls_ssl_config conf;
59 mbedtls_ctr_drbg_context ctr_drbg;
60 mbedtls_entropy_context entropy;
61 mbedtls_x509_crt cacert;
62 mbedtls_pk_context pkey;
63 mbedtls_ssl_cookie_ctx cookie_ctx;
64 struct lws_buflist *rx_head;
65 struct lws_buflist *tx_head;
66 lws_usec_t timer_set_us;
67 uint32_t timer_int_ms;
68 uint32_t timer_fin_ms;
69#if defined(MBEDTLS_SSL_DTLS_SRTP)
70 mbedtls_ssl_srtp_profile srtp_profiles[4];
71#endif
72#elif defined(LWS_WITH_GNUTLS)
73 gnutls_session_t session;
74 gnutls_certificate_credentials_t cred;
75 gnutls_datum_t cookie_key;
76 struct lws_buflist *rx_head;
77 struct lws_buflist *tx_head;
78 int handshake_done;
79 int cookie_read;
80 /* Temporary storage for certificates/keys until both are present */
81 uint8_t *cert_mem;
82 size_t cert_len;
83 uint8_t *key_mem;
84 size_t key_len;
85 struct lws_context *context;
86#elif defined(LWS_WITH_SCHANNEL)
87 CredHandle cred;
88 CtxtHandle ctxt;
89 struct lws_buflist *rx_head;
90 struct lws_buflist *tx_head;
91 struct lws_context *context;
92 int mode;
93 int handshake_done;
94 /* Windows handles */
95 HCERTSTORE store;
96 PCCERT_CONTEXT cert_ctxt;
97 SCHANNEL_CRED schannel_cred;
98 int cred_init;
99 /* Temporary storage for certificates/keys until both are present */
100 uint8_t *cert_mem;
101 size_t cert_len;
102 uint8_t *key_mem;
103 size_t key_len;
104 char key_container_name[64];
105 NCRYPT_KEY_HANDLE key_cng;
106 /* Store the client address for SChannel DTLS ACCEPT */
107 struct sockaddr_storage client_addr;
108 size_t client_addr_len;
109#else /* OpenSSL */
110 void *ssl; /* SSL * */
111 /* OpenSSL Bio mems are handled internally via SSL_set_bio */
112#endif
113};
114
115enum lws_gendtls_conn_mode {
116 LWS_GENDTLS_MODE_CLIENT,
117 LWS_GENDTLS_MODE_SERVER
118};
119
120struct lws_gendtls_creation_info {
121 struct lws_context *context;
122 enum lws_gendtls_conn_mode mode;
123 unsigned int mtu;
124 unsigned int timeout_ms;
125 const char *use_srtp;
126};
127
137LWS_VISIBLE LWS_EXTERN int
138lws_gendtls_create(struct lws_gendtls_ctx *ctx,
139 const struct lws_gendtls_creation_info *info);
140
147LWS_VISIBLE LWS_EXTERN void
148lws_gendtls_destroy(struct lws_gendtls_ctx *ctx);
149
158LWS_VISIBLE LWS_EXTERN int
159lws_gendtls_set_cert_mem(struct lws_gendtls_ctx *ctx, const uint8_t *cert, size_t len);
160
169LWS_VISIBLE LWS_EXTERN int
170lws_gendtls_set_key_mem(struct lws_gendtls_ctx *ctx, const uint8_t *key, size_t len);
171
180LWS_VISIBLE LWS_EXTERN int
181lws_gendtls_put_rx(struct lws_gendtls_ctx *ctx, const uint8_t *in, size_t len);
182
191LWS_VISIBLE LWS_EXTERN int
192lws_gendtls_get_rx(struct lws_gendtls_ctx *ctx, uint8_t *out, size_t max_len);
193
202LWS_VISIBLE LWS_EXTERN int
203lws_gendtls_put_tx(struct lws_gendtls_ctx *ctx, const uint8_t *in, size_t len);
204
213LWS_VISIBLE LWS_EXTERN int
214lws_gendtls_get_tx(struct lws_gendtls_ctx *ctx, uint8_t *out, size_t max_len);
215
228LWS_VISIBLE LWS_EXTERN int
229lws_gendtls_export_keying_material(struct lws_gendtls_ctx *ctx, const char *label,
230 size_t label_len, const uint8_t *context,
231 size_t context_len, uint8_t *out, size_t out_len);
232
239LWS_VISIBLE LWS_EXTERN int
240lws_gendtls_handshake_done(struct lws_gendtls_ctx *ctx);
241
248LWS_VISIBLE LWS_EXTERN int
249lws_gendtls_is_clean(struct lws_gendtls_ctx *ctx);
250
257LWS_VISIBLE LWS_EXTERN const char *
258lws_gendtls_get_srtp_profile(struct lws_gendtls_ctx *ctx);
259
260#if defined(LWS_WITH_SCHANNEL)
270LWS_VISIBLE LWS_EXTERN void
271lws_gendtls_schannel_set_client_addr(struct lws_gendtls_ctx *ctx,
272 const struct sockaddr *sa, size_t sa_len);
273#endif
274
275#endif /* LWS_WITH_DTLS */
276
uint32_t
unsigned int uint32_t
Definition libwebsockets.h:704
LWS_EXTERN
#define LWS_EXTERN
Definition libwebsockets.h:296
lws_usec_t
int64_t lws_usec_t
Definition libwebsockets.h:710
uint8_t
unsigned char uint8_t
Definition libwebsockets.h:706
LWS_VISIBLE
#define LWS_VISIBLE
Definition libwebsockets.h:291