Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/include/k5-tls.h
34907 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/* include/k5-tls.h - internal pluggable interface for TLS */

3
/*

4
 * Copyright (C) 2014 by the Massachusetts Institute of Technology.

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions

9
 * are met:

10
 *

11
 * * Redistributions of source code must retain the above copyright

12
 *   notice, this list of conditions and the following disclaimer.

13
 *

14
 * * Redistributions in binary form must reproduce the above copyright

15
 *   notice, this list of conditions and the following disclaimer in

16
 *   the documentation and/or other materials provided with the

17
 *   distribution.

18
 *

19
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

20
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

21
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

22
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

23
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

24
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

25
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

26
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

27
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

28
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

29
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

30
 * OF THE POSSIBILITY OF SUCH DAMAGE.

31
 */

32


33
/*

34
 * This internal pluggable interface allows libkrb5 to load an in-tree module

35
 * providing TLS support at runtime.  It is currently tailored for the needs of

36
 * the OpenSSL module as used for HTTP proxy support.  As an internal

37
 * interface, it can be changed to fit different implementations and consumers

38
 * without regard for backward compatibility.

39
 */

40


41
#ifndef K5_TLS_H

42
#define K5_TLS_H

43


44
#include "k5-int.h"

45


46
/* An abstract type for localauth module data. */

47
typedef struct k5_tls_handle_st *k5_tls_handle;

48


49
typedef enum {

50
    DATA_READ, DONE, WANT_READ, WANT_WRITE, ERROR_TLS

51
} k5_tls_status;

52


53
/*

54
 * Create a handle for fd, where the server certificate must match servername

55
 * and be trusted according to anchors.  anchors is a null-terminated list

56
 * using the DIR:/FILE:/ENV: syntax borrowed from PKINIT.  If anchors is null,

57
 * use the system default trust anchors.

58
 */

59
typedef krb5_error_code

60
(*k5_tls_setup_fn)(krb5_context context, SOCKET fd, const char *servername,

61
                   char **anchors, k5_tls_handle *handle_out);

62


63
/*

64
 * Write len bytes of data using TLS.  Return DONE if writing is complete,

65
 * WANT_READ or WANT_WRITE if the underlying socket must be readable or

66
 * writable to continue, and ERROR_TLS if the TLS channel or underlying socket

67
 * experienced an error.  After WANT_READ or WANT_WRITE, the operation will be

68
 * retried with the same arguments even if some data has already been written.

69
 * (OpenSSL makes this contract easy to fulfill.  For other implementations we

70
 * might want to change it.)

71
 */

72
typedef k5_tls_status

73
(*k5_tls_write_fn)(krb5_context context, k5_tls_handle handle,

74
                   const void *data, size_t len);

75


76
/*

77
 * Read up to data_size bytes of data using TLS.  Return DATA_READ and set

78
 * *len_out if any data is read.  Return DONE if there is no more data to be

79
 * read on the connection, WANT_READ or WANT_WRITE if the underlying socket

80
 * must be readable or writable to continue, and ERROR_TLS if the TLS channel

81
 * or underlying socket experienced an error.

82
 *

83
 * After DATA_READ, there may still be pending buffered data to read.  The

84
 * caller must call this method again with additional buffer space before

85
 * selecting for reading on the underlying socket.

86
 */

87
typedef k5_tls_status

88
(*k5_tls_read_fn)(krb5_context context, k5_tls_handle handle, void *data,

89
                  size_t data_size, size_t *len_out);

90


91
/* Release a handle.  Do not pass a null pointer. */

92
typedef void

93
(*k5_tls_free_handle_fn)(krb5_context context, k5_tls_handle handle);

94


95
/* All functions are mandatory unless they are all null, in which case the

96
 * caller should assume that TLS is unsupported. */

97
typedef struct k5_tls_vtable_st {

98
    k5_tls_setup_fn setup;

99
    k5_tls_write_fn write;

100
    k5_tls_read_fn read;

101
    k5_tls_free_handle_fn free_handle;

102
} *k5_tls_vtable;

103


104
#endif /* K5_TLS_H */

105


106