137 lines
5.2 KiB
C
137 lines
5.2 KiB
C
/*
|
|
* ITLSPlugin.h
|
|
*
|
|
* This source file is part of the FoundationDB open source project
|
|
*
|
|
* Copyright 2013-2018 Apple Inc. and the FoundationDB project authors
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef FDB_ITLSPLUGIN_H
|
|
#define FDB_ITLSPLUGIN_H
|
|
|
|
#pragma once
|
|
|
|
#include <stdint.h>
|
|
|
|
struct ITLSSession {
|
|
enum { SUCCESS = 0, WANT_READ = -1, WANT_WRITE = -2, FAILED = -3 };
|
|
|
|
virtual void addref() = 0;
|
|
virtual void delref() = 0;
|
|
|
|
// handshake should return SUCCESS if the handshake is complete,
|
|
// FAILED on fatal error, or one of WANT_READ or WANT_WRITE if the
|
|
// handshake should be reattempted after more data can be
|
|
// read/written on the underlying connection.
|
|
virtual int handshake() = 0;
|
|
|
|
// read should return the (non-zero) number of bytes read,
|
|
// WANT_READ or WANT_WRITE if the operation is blocked by the
|
|
// underlying stream, or FAILED if there is an error (including a
|
|
// closed connection).
|
|
virtual int read(uint8_t* data, int length) = 0;
|
|
|
|
// write should return the (non-zero) number of bytes written, or
|
|
// WANT_READ or WANT_WRITE if the operation is blocked by the
|
|
// underlying stream, or FAILED if there is an error.
|
|
virtual int write(const uint8_t* data, int length) = 0;
|
|
};
|
|
|
|
// Returns the number of bytes sent (possibly 0), or -1 on error
|
|
// (including connection close)
|
|
typedef int(*TLSSendCallbackFunc)(void* ctx, const uint8_t* buf, int len);
|
|
|
|
// Returns the number of bytes read (possibly 0), or -1 on error
|
|
// (including connection close)
|
|
typedef int(*TLSRecvCallbackFunc)(void* ctx, uint8_t* buf, int len);
|
|
|
|
struct ITLSPolicy {
|
|
virtual void addref() = 0;
|
|
virtual void delref() = 0;
|
|
|
|
// set_ca_data should import the provided certificate list and
|
|
// associate it with this policy. cert_data will point to a PEM
|
|
// encoded certificate list of trust roots.
|
|
//
|
|
// set_ca_data should return true if the operation succeeded,
|
|
// and false otherwise. After the first call to create_session for
|
|
// a given policy, set_ca_data should immediately return false
|
|
// if called.
|
|
virtual bool set_ca_data(const uint8_t* ca_data, int ca_len) = 0;
|
|
|
|
// set_cert_data should import the provided certificate list and
|
|
// associate it with this policy. cert_data will point to a PEM
|
|
// encoded certificate list, ordered such that each certificate
|
|
// certifies the one before it.
|
|
//
|
|
// cert_data may additionally contain key information, which must
|
|
// be ignored.
|
|
//
|
|
// set_cert_data should return true if the operation succeeded,
|
|
// and false otherwise. After the first call to create_session for
|
|
// a given policy, set_cert_data should immediately return false
|
|
// if called.
|
|
virtual bool set_cert_data(const uint8_t* cert_data, int cert_len) = 0;
|
|
|
|
// set_key_data should import the provided private key and
|
|
// associate it with this policy. key_data will point to a PEM
|
|
// encoded key, which may be encrypted. If encrypted the password
|
|
// argument should be specified, otherwise it may be NULL.
|
|
//
|
|
// key_data may additionally contain certificate information,
|
|
// which must be ignored.
|
|
//
|
|
// set_key_data should return true if the operation succeeded, and
|
|
// false otherwise. After the first call to create_session for a
|
|
// given policy, set_key_data should immediately return false if
|
|
// called.
|
|
virtual bool set_key_data(const uint8_t* key_data, int key_len, const char* password) = 0;
|
|
|
|
// set_verify_peers should modify the validation rules for
|
|
// verifying a peer during connection handshake. The format of
|
|
// verify_peers is implementation specific.
|
|
//
|
|
// set_verify_peers should return true if the operation succeed,
|
|
// and false otherwise. After the first call to create_session for
|
|
// a given policy, set_verify_peers should immediately return
|
|
// false if called.
|
|
virtual bool set_verify_peers(int count, const uint8_t* verify_peers[], int verify_peers_len[]) = 0;
|
|
|
|
// create_session should return a new object that implements
|
|
// ITLSSession, associated with this policy. After the first call
|
|
// to create_session for a given policy, further calls to
|
|
// ITLSPolicy::set_* will fail and return false.
|
|
//
|
|
// The newly created session should use send_func and recv_func to
|
|
// send and receive data on the underlying transport, and must
|
|
// provide send_ctx/recv_ctx to the callbacks.
|
|
//
|
|
// uid will be used to identify this session within trace events
|
|
virtual ITLSSession* create_session(bool is_client, const char *servername, TLSSendCallbackFunc send_func, void* send_ctx, TLSRecvCallbackFunc recv_func, void* recv_ctx, void* uid) = 0;
|
|
};
|
|
|
|
struct ITLSPlugin {
|
|
virtual void addref() = 0;
|
|
virtual void delref() = 0;
|
|
|
|
// create_policy should return a new object that implements
|
|
// ITLSPolicy.
|
|
virtual ITLSPolicy* create_policy() = 0;
|
|
|
|
static inline const char* get_plugin_type_name_and_version() { return "ITLSPlugin"; }
|
|
};
|
|
|
|
#endif /* FDB_ITLSPLUGIN_H */
|