libwebsockets
Lightweight C library for HTML5 websockets
Loading...
Searching...
No Matches
lws-gendtls.h
Go to the documentation of this file.
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2020 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
35
36#if defined(LWS_WITH_DTLS)
37
38#if defined(LWS_WITH_MBEDTLS)
39#include <mbedtls/ssl.h>
40#include <mbedtls/entropy.h>
41#include <mbedtls/ctr_drbg.h>
42#include <mbedtls/ssl_cookie.h>
43#elif defined(LWS_WITH_GNUTLS)
44#include <gnutls/gnutls.h>
45#elif defined(LWS_WITH_SCHANNEL)
46#define SECURITY_WIN32
47#include <security.h>
48#include <schannel.h>
49#else /* OpenSSL */
50#include <openssl/ssl.h>
51#endif
52
53struct lws_gendtls_ctx {
54#if defined(LWS_WITH_MBEDTLS)
55 mbedtls_ssl_context ssl;
56 mbedtls_ssl_config conf;
57 mbedtls_ctr_drbg_context ctr_drbg;
58 mbedtls_entropy_context entropy;
59 mbedtls_x509_crt cacert;
60 mbedtls_pk_context pkey;
61 mbedtls_ssl_cookie_ctx cookie_ctx;
62 struct lws_buflist *rx_head;
63 struct lws_buflist *tx_head;
64 lws_usec_t timer_set_us;
65 uint32_t timer_int_ms;
66 uint32_t timer_fin_ms;
67#if defined(MBEDTLS_SSL_DTLS_SRTP)
68 mbedtls_ssl_srtp_profile srtp_profiles[4];
69#endif
70#elif defined(LWS_WITH_GNUTLS)
71 gnutls_session_t session;
72 gnutls_certificate_credentials_t cred;
73 gnutls_datum_t cookie_key;
74 struct lws_buflist *rx_head;
75 struct lws_buflist *tx_head;
76 int handshake_done;
77 int cookie_read;
78 /* Temporary storage for certificates/keys until both are present */
79 uint8_t *cert_mem;
80 size_t cert_len;
81 uint8_t *key_mem;
82 size_t key_len;
83 struct lws_context *context;
84#elif defined(LWS_WITH_SCHANNEL)
85 CredHandle cred;
86 CtxtHandle ctxt;
87 struct lws_buflist *rx_head;
88 struct lws_buflist *tx_head;
89 struct lws_context *context;
90 int mode;
91 int handshake_done;
92 /* Windows handles */
93 HCERTSTORE store;
94 PCCERT_CONTEXT cert_ctxt;
95 SCHANNEL_CRED schannel_cred;
96 int cred_init;
97 /* Temporary storage for certificates/keys until both are present */
98 uint8_t *cert_mem;
99 size_t cert_len;
100 uint8_t *key_mem;
101 size_t key_len;
102 char key_container_name[64];
103 NCRYPT_KEY_HANDLE key_cng;
104 /* Store the client address for SChannel DTLS ACCEPT */
105 struct sockaddr_storage client_addr;
106 size_t client_addr_len;
107#else /* OpenSSL */
108 void *ssl; /* SSL * */
109 /* OpenSSL Bio mems are handled internally via SSL_set_bio */
110#endif
111};
112
113enum lws_gendtls_conn_mode {
114 LWS_GENDTLS_MODE_CLIENT,
115 LWS_GENDTLS_MODE_SERVER
116};
117
118struct lws_gendtls_creation_info {
119 struct lws_context *context;
120 enum lws_gendtls_conn_mode mode;
121 unsigned int mtu;
122 unsigned int timeout_ms;
123 const char *use_srtp;
124};
125
135LWS_VISIBLE LWS_EXTERN int
136lws_gendtls_create(struct lws_gendtls_ctx *ctx,
137 const struct lws_gendtls_creation_info *info);
138
145LWS_VISIBLE LWS_EXTERN void
146lws_gendtls_destroy(struct lws_gendtls_ctx *ctx);
147
156LWS_VISIBLE LWS_EXTERN int
157lws_gendtls_set_cert_mem(struct lws_gendtls_ctx *ctx, const uint8_t *cert, size_t len);
158
167LWS_VISIBLE LWS_EXTERN int
168lws_gendtls_set_key_mem(struct lws_gendtls_ctx *ctx, const uint8_t *key, size_t len);
169
178LWS_VISIBLE LWS_EXTERN int
179lws_gendtls_put_rx(struct lws_gendtls_ctx *ctx, const uint8_t *in, size_t len);
180
189LWS_VISIBLE LWS_EXTERN int
190lws_gendtls_get_rx(struct lws_gendtls_ctx *ctx, uint8_t *out, size_t max_len);
191
200LWS_VISIBLE LWS_EXTERN int
201lws_gendtls_put_tx(struct lws_gendtls_ctx *ctx, const uint8_t *in, size_t len);
202
211LWS_VISIBLE LWS_EXTERN int
212lws_gendtls_get_tx(struct lws_gendtls_ctx *ctx, uint8_t *out, size_t max_len);
213
226LWS_VISIBLE LWS_EXTERN int
227lws_gendtls_export_keying_material(struct lws_gendtls_ctx *ctx, const char *label,
228 size_t label_len, const uint8_t *context,
229 size_t context_len, uint8_t *out, size_t out_len);
230
237LWS_VISIBLE LWS_EXTERN int
238lws_gendtls_handshake_done(struct lws_gendtls_ctx *ctx);
239
246LWS_VISIBLE LWS_EXTERN int
247lws_gendtls_is_clean(struct lws_gendtls_ctx *ctx);
248
255LWS_VISIBLE LWS_EXTERN const char *
256lws_gendtls_get_srtp_profile(struct lws_gendtls_ctx *ctx);
257
258#if defined(LWS_WITH_SCHANNEL)
268LWS_VISIBLE LWS_EXTERN void
269lws_gendtls_schannel_set_client_addr(struct lws_gendtls_ctx *ctx,
270 const struct sockaddr *sa, size_t sa_len);
271#endif
272
273#endif /* LWS_WITH_DTLS */
274
uint32_t
unsigned int uint32_t
Definition libwebsockets.h:683
LWS_EXTERN
#define LWS_EXTERN
Definition libwebsockets.h:296
lws_usec_t
int64_t lws_usec_t
Definition libwebsockets.h:689
uint8_t
unsigned char uint8_t
Definition libwebsockets.h:685
LWS_VISIBLE
#define LWS_VISIBLE
Definition libwebsockets.h:291