libwebsockets
Lightweight C library for HTML5 websockets
Loading...
Searching...
No Matches
lws-gendtls.h
Go to the documentation of this file.
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2020 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
35
36#if defined(LWS_WITH_DTLS)
37
38#if defined(LWS_WITH_MBEDTLS)
39#include <mbedtls/ssl.h>
40#if !defined(LWS_HAVE_MBEDTLS_V4)
41#include <mbedtls/entropy.h>
42#include <mbedtls/ctr_drbg.h>
43#endif
44#include <mbedtls/ssl_cookie.h>
45#elif defined(LWS_WITH_GNUTLS)
46#include <gnutls/gnutls.h>
47#elif defined(LWS_WITH_SCHANNEL)
48#define SECURITY_WIN32
49#include <security.h>
50#include <schannel.h>
51#elif defined(LWS_WITH_OPENHITLS)
52#include <hitls.h>
53#include <hitls_config.h>
54#include <bsl_uio.h>
55#else /* OpenSSL */
56#include <openssl/ssl.h>
57#endif
58
59struct lws_gendtls_ctx {
60#if defined(LWS_WITH_MBEDTLS)
61 mbedtls_ssl_context ssl;
62 mbedtls_ssl_config conf;
63 mbedtls_ctr_drbg_context ctr_drbg;
64 mbedtls_entropy_context entropy;
65 mbedtls_x509_crt cacert;
66 mbedtls_pk_context pkey;
67 mbedtls_ssl_cookie_ctx cookie_ctx;
68 struct lws_buflist *rx_head;
69 struct lws_buflist *tx_head;
70 lws_usec_t timer_set_us;
71 uint32_t timer_int_ms;
72 uint32_t timer_fin_ms;
73#if defined(MBEDTLS_SSL_DTLS_SRTP)
74 mbedtls_ssl_srtp_profile srtp_profiles[4];
75#endif
76#elif defined(LWS_WITH_GNUTLS)
77 gnutls_session_t session;
78 gnutls_certificate_credentials_t cred;
79 gnutls_datum_t cookie_key;
80 struct lws_buflist *rx_head;
81 struct lws_buflist *tx_head;
82 int handshake_done;
83 int cookie_read;
84 /* Temporary storage for certificates/keys until both are present */
85 uint8_t *cert_mem;
86 size_t cert_len;
87 uint8_t *key_mem;
88 size_t key_len;
89 struct lws_context *context;
90#elif defined(LWS_WITH_SCHANNEL)
91 CredHandle cred;
92 CtxtHandle ctxt;
93 struct lws_buflist *rx_head;
94 struct lws_buflist *tx_head;
95 struct lws_context *context;
96 int mode;
97 int handshake_done;
98 /* Windows handles */
99 HCERTSTORE store;
100 PCCERT_CONTEXT cert_ctxt;
101 SCHANNEL_CRED schannel_cred;
102 int cred_init;
103 /* Temporary storage for certificates/keys until both are present */
104 uint8_t *cert_mem;
105 size_t cert_len;
106 uint8_t *key_mem;
107 size_t key_len;
108 char key_container_name[64];
109 NCRYPT_KEY_HANDLE key_cng;
110 /* Store the client address for SChannel DTLS ACCEPT */
111 struct sockaddr_storage client_addr;
112 size_t client_addr_len;
113#elif defined(LWS_WITH_OPENHITLS)
114 HITLS_Ctx *ctx;
115 HITLS_Config *config;
116 BSL_UIO *uio;
117 BSL_UIO_Method *uio_method;
118 struct lws_buflist *rx_head;
119 struct lws_buflist *tx_head;
120 struct lws_context *context;
121 int mode;
122 unsigned int mtu;
123 unsigned int timeout_ms;
124 int handshake_done;
125#else /* OpenSSL */
126 void *ssl; /* SSL * */
127 /* OpenSSL Bio mems are handled internally via SSL_set_bio */
128#endif
129};
130
131enum lws_gendtls_conn_mode {
132 LWS_GENDTLS_MODE_CLIENT,
133 LWS_GENDTLS_MODE_SERVER
134};
135
136struct lws_gendtls_creation_info {
137 struct lws_context *context;
138 enum lws_gendtls_conn_mode mode;
139 unsigned int mtu;
140 unsigned int timeout_ms;
141 const char *use_srtp;
142};
143
154lws_gendtls_create(struct lws_gendtls_ctx *ctx,
155 const struct lws_gendtls_creation_info *info);
156
164lws_gendtls_destroy(struct lws_gendtls_ctx *ctx);
165
175lws_gendtls_set_cert_mem(struct lws_gendtls_ctx *ctx, const uint8_t *cert, size_t len);
176
186lws_gendtls_set_key_mem(struct lws_gendtls_ctx *ctx, const uint8_t *key, size_t len);
187
197lws_gendtls_put_rx(struct lws_gendtls_ctx *ctx, const uint8_t *in, size_t len);
198
208lws_gendtls_get_rx(struct lws_gendtls_ctx *ctx, uint8_t *out, size_t max_len);
209
219lws_gendtls_put_tx(struct lws_gendtls_ctx *ctx, const uint8_t *in, size_t len);
220
230lws_gendtls_get_tx(struct lws_gendtls_ctx *ctx, uint8_t *out, size_t max_len);
231
245lws_gendtls_export_keying_material(struct lws_gendtls_ctx *ctx, const char *label,
246 size_t label_len, const uint8_t *context,
247 size_t context_len, uint8_t *out, size_t out_len);
248
256lws_gendtls_handshake_done(struct lws_gendtls_ctx *ctx);
257
265lws_gendtls_is_clean(struct lws_gendtls_ctx *ctx);
266
273LWS_VISIBLE LWS_EXTERN const char *
274lws_gendtls_get_srtp_profile(struct lws_gendtls_ctx *ctx);
275
276#if defined(LWS_WITH_SCHANNEL)
287lws_gendtls_schannel_set_client_addr(struct lws_gendtls_ctx *ctx,
288 const struct sockaddr *sa, size_t sa_len);
289#endif
290
291#endif /* LWS_WITH_DTLS */
292
unsigned int uint32_t
#define LWS_EXTERN
int64_t lws_usec_t
unsigned char uint8_t
#define LWS_VISIBLE