vlc_tls.h 6.65 KB
Newer Older
1
/*****************************************************************************
2
 * vlc_tls.h: Transport Layer Security API
3
 *****************************************************************************
4
 * Copyright (C) 2004-2011 Rémi Denis-Courmont
Jean-Baptiste Kempf's avatar
LGPL  
Jean-Baptiste Kempf committed
5
 * Copyright (C) 2005-2006 VLC authors and VideoLAN
6
 *
Jean-Baptiste Kempf's avatar
LGPL  
Jean-Baptiste Kempf committed
7 8 9
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or
10 11 12 13
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Jean-Baptiste Kempf's avatar
LGPL  
Jean-Baptiste Kempf committed
14 15
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Lesser General Public License for more details.
16
 *
Jean-Baptiste Kempf's avatar
LGPL  
Jean-Baptiste Kempf committed
17 18 19
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
20 21
 *****************************************************************************/

22 23
#ifndef VLC_TLS_H
# define VLC_TLS_H
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
24

25
/**
26 27 28
 * \ingroup sockets
 * \defgroup tls Transport Layer Security
 * @{
29
 * \file
30
 * Transport Layer Security (TLS) functions
31 32
 */

Clément Stenac's avatar
Clément Stenac committed
33
# include <vlc_network.h>
34

35 36 37
typedef struct vlc_tls vlc_tls_t;
typedef struct vlc_tls_creds vlc_tls_creds_t;

38
/** TLS session */
39
struct vlc_tls
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
40
{
41
    vlc_object_t *obj;
42
    void *sys;
43
    int fd;
44

45 46
    ssize_t (*recv)(struct vlc_tls *, void *, size_t);
    ssize_t (*send)(struct vlc_tls *, const void *, size_t);
47
    int (*shutdown)(struct vlc_tls *, bool duplex);
48
    void (*close)(vlc_tls_t *);
49
};
50

51 52 53 54
/**
 * Initiates a client TLS session.
 *
 * Performs client side of TLS handshake through a connected socket, and
55 56
 * establishes a secure channel. This is a blocking network operation and may
 * be a thread cancellation point.
57 58 59 60 61 62 63 64 65 66 67 68 69
 *
 * @param fd socket through which to establish the secure channel
 * @param hostname expected server name, used both as Server Name Indication
 *                 and as expected Common Name of the peer certificate
 * @param service unique identifier for the service to connect to
 *                (only used locally for certificates database)
 * @param alpn NULL-terminated list of Application Layer Protocols
 *             to negotiate, or NULL to not negotiate protocols
 * @param alp storage space for the negotiated Application Layer
 *            Protocol or NULL if negotiation was not performed[OUT]
 *
 * @return TLS session, or NULL on error.
 **/
70
VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate (vlc_tls_creds_t *, int fd,
71 72
                                         const char *host, const char *service,
                                         const char *const *alpn, char **alp);
73

74 75
vlc_tls_t *vlc_tls_SessionCreate (vlc_tls_creds_t *, int fd, const char *host,
                                  const char *const *alpn);
76 77

/**
78
 * Destroys a TLS session down.
79
 *
80 81 82 83 84 85
 * All resources associated with the TLS session are released.
 *
 * If the session was established succesfully, then shutdown cleanly, the
 * underlying socket can be reused. Otherwise, it must be closed. Either way,
 * this function does not close the underlying socket: Use vlc_tls_Close()
 * instead to close it at the same.
86 87 88
 *
 * This function is non-blocking and is not a cancellation point.
 */
89
VLC_API void vlc_tls_SessionDelete (vlc_tls_t *);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
90

91 92 93
/**
 * Receives data through a TLS session.
 */
94
VLC_API ssize_t vlc_tls_Read(vlc_tls_t *, void *buf, size_t len, bool waitall);
95
VLC_API char *vlc_tls_GetLine(vlc_tls_t *);
96 97 98 99

/**
 * Sends data through a TLS session.
 */
100
VLC_API ssize_t vlc_tls_Write(vlc_tls_t *, const void *buf, size_t len);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
101

102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
/**
 * Terminates a TLS session.
 *
 * This sends the TLS session close notification to the other end, securely
 * indicating that no further data will be sent. Data can still be received
 * until a close notification is received from the other end.
 *
 * @param duplex whether to stop receiving data as well
 * @retval 0 the session was terminated securely and cleanly
 *           (the underlying socket can be reused for other purposes)
 * @return -1 the session was terminated locally, but either a notification
 *            could not be sent or received (the underlying socket cannot be
 *            reused and must be closed)
 */
static inline int vlc_tls_Shutdown(vlc_tls_t *tls, bool duplex)
{
    return tls->shutdown(tls, duplex);
}

121 122
# define tls_Recv(a,b,c) vlc_tls_Read(a,b,c,false)
# define tls_Send(a,b,c) vlc_tls_Write(a,b,c)
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
123

124 125 126 127 128 129 130 131 132 133 134 135 136 137
/**
 * Closes a TLS session and underlying connection.
 *
 * This function is non-blocking and is a cancellation point.
 */
static inline void vlc_tls_Close(vlc_tls_t *session)
{
    int fd = session->fd;

    vlc_tls_SessionDelete(session);
    shutdown(fd, SHUT_RDWR);
    net_Close(fd);
}

138
/** TLS credentials (certificate, private and trust settings) */
139
struct vlc_tls_creds
140 141
{
    VLC_COMMON_MEMBERS
142

143
    module_t  *module;
144
    void *sys;
145

146 147
    int (*open) (vlc_tls_creds_t *, vlc_tls_t *, int fd, const char *host,
                 const char *const *alpn);
148 149
    int  (*handshake)(vlc_tls_creds_t *, vlc_tls_t *, const char *host,
                      const char *service, char ** /*restrict*/ alp);
150
};
151

152 153 154 155 156 157
/**
 * Allocates TLS credentials for a client.
 * Credentials can be cached and reused across multiple TLS sessions.
 *
 * @return TLS credentials object, or NULL on error.
 **/
158
VLC_API vlc_tls_creds_t *vlc_tls_ClientCreate (vlc_object_t *);
159 160 161 162 163 164 165 166 167 168 169

/**
 * Allocates server TLS credentials.
 *
 * @param cert_path required (Unicode) path to an x509 certificate,
 *                  if NULL, anonymous key exchange will be used.
 * @param key_path (UTF-8) path to the PKCS private key for the certificate,
 *                 if NULL; cert_path will be used.
 *
 * @return TLS credentials object, or NULL on error.
 */
170 171
vlc_tls_creds_t *vlc_tls_ServerCreate (vlc_object_t *,
                                       const char *cert, const char *key);
172

173 174 175
static inline int vlc_tls_SessionHandshake (vlc_tls_creds_t *crd,
                                            vlc_tls_t *tls)
{
176
    return crd->handshake(crd, tls, NULL, NULL, NULL);
177 178
}

179 180 181 182 183 184 185 186
/**
 * Releases TLS credentials.
 *
 * Releases data allocated with vlc_tls_ClientCreate() or
 * vlc_tls_ServerCreate().
 *
 * @param srv object to be destroyed (or NULL)
 */
187
VLC_API void vlc_tls_Delete (vlc_tls_creds_t *);
188

189 190 191 192 193 194 195 196 197 198
/**
 * Fakes a TLS session.
 *
 * Creates a dummy TLS session structure from a socket file descriptor. Data
 * will be sent and received directly through the socket. This can be used
 * either to share common code between non-TLS and TLS cases, or for testing
 * purposes.
 */
VLC_API vlc_tls_t *vlc_tls_DummyCreate(vlc_object_t *obj, int fd);

199 200
/** @} */

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
201
#endif