Developer/html/_nb_ssl_ctx_8h_source.html

/*NB_REVISION*/


/*NB_COPYRIGHT*/


#ifndef _NB_SSL_CTX_H_

#define _NB_SSL_CTX_H_


#include <predef.h>

#include <nbrtos.h>

#include <basictypes.h>

#include <crypto/ssl.h>


#ifndef _WOLFSSL_METHOD_DEFINED

#define _WOLFSSL_METHOD_DEFINED

/* SSL Version */

typedef struct ProtocolVersion {

    uint8_t major;

    uint8_t minor;

} __attribute__((packed)) ProtocolVersion;


/* wolfSSL method type */

struct WOLFSSL_METHOD {

    ProtocolVersion version;

    uint8_t            side;         /* connection side, server or client */

    uint8_t            downgrade;    /* whether to downgrade version, default no */

};

#endif


enum VerifyPeer

{

    VerifyPeer_default,

    VerifyPeer_off,

    VerifyPeer_on,

};


enum SSL_CertType {

    Cert_User,

    Cert_CA,

#ifdef WOLFSSL_TRUST_PEER_CERT

    Cert_TrustedPeer,

#endif

#ifdef HAVE_CRL

    Cert_CRL,

#endif

    Cert_PrivKey,

    Cert_MAXTYPE

};


enum SSL_Encoding {

    Encoding_PEM = SSL_FILETYPE_PEM,

    Encoding_DER = SSL_FILETYPE_ASN1,

    Encoding_ASN1= SSL_FILETYPE_ASN1

};


//#define NBSSLCTX_PROTOCOL__MAKE_ENUMS

enum SSL_Method {

    TLS,

    TLS_Client,

    TLS_Server,

    TLSv1_2,

    TLSv1_2_client,

    TLSv1_2_server,

#ifdef WOLFSSL_TLS13

    TLSv1_3,

    TLSv1_3_client,

    TLSv1_3_server,

#endif

//#include <crypto/NetBurner/Wolf_Method.inc>

};

//#undef NBSSLCTX_PROTOCOL__MAKE_ENUMS


class NbSslCtx

{

    enum LoadedBits {

        Loaded_User = (1 << Cert_User),

        Loaded_CA   = (1 << Cert_CA),

#ifdef WOLFSSL_TRUST_PEER_CERT

        Loaded_Peer = (1 << Cert_TrustedPeer),

#endif

#ifdef HAVE_CRL

        Loaded_CRL  = (1 << Cert_CRL),

#endif

        Loaded_Key  = (1 << Cert_PrivKey),


        Loaded_ManualReq  = (1 << (Cert_MAXTYPE+1)),

    };

    public:

        NbSslCtx(uint8_t *CertBuf=NULL, uint32_t CertBufLen=0, SSL_CertType type=Cert_User,SSL_Encoding encoding=Encoding_PEM);

        NbSslCtx(SSL_Method method, uint8_t *CertBuf=NULL, uint32_t CertBufLen=0, SSL_CertType type=Cert_User,SSL_Encoding encoding=Encoding_PEM);

        int Init();


        WOLFSSL_CTX* GetCtx(){ return m_wolfCtx; }


//        void SetInit(bool init){ m_ctxInit = init; }

        bool GetInit(){ return m_wolfCtx != NULL; }


        inline bool HaveCert_CA(){ return m_certsLoaded & Loaded_CA; }

        inline bool HaveCert_User(){ return m_certsLoaded & Loaded_User; }

#ifdef WOLFSSL_TRUST_PEER_CERT

        inline bool HaveCert_Peer(){ return m_certsLoaded & Loaded_Peer; }

#endif

#ifdef HAVE_CRL

        inline bool HaveCert_CRL(){ return m_certsLoaded & Loaded_CRL; }

#endif

//        void SetCaSet(bool set){ m_ctxCaSet = set; }


//        VerifyPeer GetVerifyPeer(){ return m_verifyPeer; }

//        void SetVerifyPeer( VerifyPeer verifYPeer ){ m_verifyPeer = verifYPeer; }


        int AddCA(const uint8_t *CaBuf, uint32_t CaBufLen, SSL_Encoding encoding=Encoding_PEM);

        int UseCert(const uint8_t *certBuf, uint32_t certLen, SSL_Encoding encoding=Encoding_PEM);

        int UseKey(const uint8_t *certBuf, uint32_t certLen, SSL_Encoding encoding=Encoding_PEM);

        int CheckKey();

#ifdef WOLFSSL_TRUST_PEER_CERT

        int AddPeer(const uint8_t *PeerCertBuf, uint32_t PeerCertBufLen, SSL_Encoding encoding=Encoding_PEM);

#endif

#ifdef HAVE_CRL

        int AddCRL(const uint8_t *CRLBuf, uint32_t CRLBufLen, SSL_Encoding encoding=Encoding_PEM);

#endif


        int UnloadCAs();

        int UnloadUserCertAndKey();

#ifdef WOLFSSL_TRUST_PEER_CERT

        int UnloadPeers();

#endif

#ifdef HAVE_CRL

        int UnloadCRLs();

#endif


        int ResetStores();


        int RequireCert(bool required);


        int Connect(IPADDR ip, uint16_t remotePort,

                const TickTimeout &timeout, const char *commonName,

                int intf = -1, int verifyPeer = -1);

       int AsyncConnect(IPADDR ip, uint16_t remotePort,

                const char *commonName, int intf = -1,

                int verifyPeer = -1);

        int Accept(int fdListen, IPADDR *address,

               uint16_t *port, const TickTimeout &timeout,

               const char *commonName, int verifyPeer = -1);

        int AsyncAccept(int fdListen, IPADDR *address,

               uint16_t *port, const TickTimeout &timeout,

               const char *commonName, int verifyPeer = -1);


        inline int Connect(IPADDR ip, uint16_t remotePort,

                uint32_t timeout, const char *commonName,

                int intf = -1, int verifyPeer = -1)

        {

            TickTimeout tt(timeout);

            return Connect(ip, remotePort, tt, commonName, intf, verifyPeer);

        }

        inline int Accept(int fdListen, IPADDR *address,

               uint16_t *port, uint32_t timeout,

               const char *commonName, int verifyPeer = -1)

        {

            TickTimeout tt(timeout);

            return Accept(fdListen, address, port, tt, commonName, verifyPeer);

        }

        inline int AsyncAccept(int fdListen, IPADDR *address,

               uint16_t *port, uint32_t timeout,

               const char *commonName, int verifyPeer = -1)

        {

            TickTimeout tt(timeout);

            return AsyncAccept(fdListen, address, port, tt, commonName, verifyPeer);

        }


        int MakeSecure(int tcpFd, const TickTimeout &timeout,

                const char *commonName, bool bIsClient = true,

                int verifyPeer = -1);

        int AsyncMakeSecure(int tcpFd, const char *commonName,

                bool bIsClient = true, int verifyPeer = -1);


        inline int MakeSecure(int tcpFd, uint32_t timeout,

                const char *commonName, bool bIsClient = true,

                int verifyPeer = -1)

        {

            TickTimeout tt(timeout);

            return MakeSecure(tcpFd, tt, commonName, verifyPeer);

        }


        int Negotiate(int tcpFd, const char *commonName,

                bool bIsClient = true, bool reuseSession = true,

                int verifyPeer = -1);


    private:

        WOLFSSL_CTX*        m_wolfCtx = nullptr;

        WOLFSSL_METHOD      m_wolfMethod;

        uint8_t            *m_initCertBuf;

        union {

            uint32_t            m_initCertLen;

            uint32_t            m_certsLoaded;

        };

        SSL_CertType        m_initCertType;

        SSL_Encoding        m_initEncoding;


        static const WOLFSSL_METHOD protocolMethods[];

    friend class LockObj;

};


extern NbSslCtx SSL_gServerCtx;

extern NbSslCtx SSL_gClientCtx;

#endif /* _NB_SSL_CTX_H_ */

IPADDR6
Used to hold and manipulate IPv4 and IPv6 addresses in dual stack mode.
Definition ipv6_addr.h:41

TickTimeout
TickTimeout objects are used to facilitate sequential function calls with timeout parameters that nee...
Definition nbrtos.h:168

nbrtos.h
NetBurner Real-Time Operating System (NBRTOS) API.

ssl.h
NetBurner SSL/TLS API.