-
Notifications
You must be signed in to change notification settings - Fork 1
/
libtls_h.lua
181 lines (156 loc) · 7.89 KB
/
libtls_h.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
--tls.h v1.58
local ffi = require'ffi'
ffi.cdef[[
typedef size_t time_t;
enum {
TLS_PROTOCOL_TLSv1_0 = (1 << 1),
TLS_PROTOCOL_TLSv1_1 = (1 << 2),
TLS_PROTOCOL_TLSv1_2 = (1 << 3),
TLS_PROTOCOL_TLSv1_3 = (1 << 4),
TLS_WANT_POLLIN = -2,
TLS_WANT_POLLOUT = -3,
/* RFC 6960 Section 2.3 */
TLS_OCSP_RESPONSE_SUCCESSFUL = 0,
TLS_OCSP_RESPONSE_MALFORMED = 1,
TLS_OCSP_RESPONSE_INTERNALERROR = 2,
TLS_OCSP_RESPONSE_TRYLATER = 3,
TLS_OCSP_RESPONSE_SIGREQUIRED = 4,
TLS_OCSP_RESPONSE_UNAUTHORIZED = 5,
/* RFC 6960 Section 2.2 */
TLS_OCSP_CERT_GOOD = 0,
TLS_OCSP_CERT_REVOKED = 1,
TLS_OCSP_CERT_UNKNOWN = 2,
/* RFC 5280 Section 5.3.1 */
TLS_CRL_REASON_UNSPECIFIED = 0,
TLS_CRL_REASON_KEY_COMPROMISE = 1,
TLS_CRL_REASON_CA_COMPROMISE = 2,
TLS_CRL_REASON_AFFILIATION_CHANGED = 3,
TLS_CRL_REASON_SUPERSEDED = 4,
TLS_CRL_REASON_CESSATION_OF_OPERATION = 5,
TLS_CRL_REASON_CERTIFICATE_HOLD = 6,
TLS_CRL_REASON_REMOVE_FROM_CRL = 8,
TLS_CRL_REASON_PRIVILEGE_WITHDRAWN = 9,
TLS_CRL_REASON_AA_COMPROMISE = 10,
TLS_MAX_SESSION_ID_LENGTH = 32,
TLS_TICKET_KEY_SIZE = 48,
};
struct tls;
struct tls_config;
typedef ssize_t (*tls_read_cb )(struct tls *ctx, char *buf, size_t buflen, intptr_t cb_arg);
typedef ssize_t (*tls_write_cb)(struct tls *ctx, char *buf, size_t buflen, intptr_t cb_arg);
int tls_init(void);
const char *tls_config_error(struct tls_config *_config);
const char *tls_error(struct tls *_ctx);
struct tls_config *tls_config_new(void);
void tls_config_free(struct tls_config *_config);
const char *tls_default_ca_cert_file(void);
int tls_config_add_keypair_file(struct tls_config *_config,
const char *_cert_file, const char *_key_file);
int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
size_t _cert_len, const uint8_t *_key, size_t _key_len);
int tls_config_add_keypair_ocsp_file(struct tls_config *_config,
const char *_cert_file, const char *_key_file,
const char *_ocsp_staple_file);
int tls_config_add_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
size_t _cert_len, const uint8_t *_key, size_t _key_len,
const uint8_t *_staple, size_t _staple_len);
int tls_config_set_alpn(struct tls_config *_config, const char *_alpn);
int tls_config_set_ca_file(struct tls_config *_config, const char *_ca_file);
int tls_config_set_ca_path(struct tls_config *_config, const char *_ca_path);
int tls_config_set_ca_mem(struct tls_config *_config, const uint8_t *_ca,
size_t _len);
int tls_config_set_cert_file(struct tls_config *_config,
const char *_cert_file);
int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert,
size_t _len);
int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers);
int tls_config_set_crl_file(struct tls_config *_config, const char *_crl_file);
int tls_config_set_crl_mem(struct tls_config *_config, const uint8_t *_crl,
size_t _len);
int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_curve);
int tls_config_set_ecdhecurves(struct tls_config *_config, const char *_curves);
int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
size_t _len);
int tls_config_set_keypair_file(struct tls_config *_config,
const char *_cert_file, const char *_key_file);
int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
size_t _cert_len, const uint8_t *_key, size_t _key_len);
int tls_config_set_keypair_ocsp_file(struct tls_config *_config,
const char *_cert_file, const char *_key_file, const char *_staple_file);
int tls_config_set_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
size_t _cert_len, const uint8_t *_key, size_t _key_len,
const uint8_t *_staple, size_t staple_len);
int tls_config_set_ocsp_staple_mem(struct tls_config *_config,
const uint8_t *_staple, size_t _len);
int tls_config_set_ocsp_staple_file(struct tls_config *_config,
const char *_staple_file);
int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
void tls_config_prefer_ciphers_client(struct tls_config *_config);
void tls_config_prefer_ciphers_server(struct tls_config *_config);
void tls_config_insecure_noverifycert(struct tls_config *_config);
void tls_config_insecure_noverifyname(struct tls_config *_config);
void tls_config_insecure_noverifytime(struct tls_config *_config);
void tls_config_verify(struct tls_config *_config);
void tls_config_ocsp_require_stapling(struct tls_config *_config);
void tls_config_verify_client(struct tls_config *_config);
void tls_config_verify_client_optional(struct tls_config *_config);
void tls_config_clear_keys(struct tls_config *_config);
int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr);
int tls_config_set_session_id(struct tls_config *_config,
const unsigned char *_session_id, size_t _len);
int tls_config_set_session_lifetime(struct tls_config *_config, int _lifetime);
int tls_config_add_ticket_key(struct tls_config *_config, uint32_t _keyrev,
unsigned char *_key, size_t _keylen);
struct tls *tls_client(void);
struct tls *tls_server(void);
int tls_configure(struct tls *_ctx, struct tls_config *_config);
void tls_reset(struct tls *_ctx);
void tls_free(struct tls *_ctx);
int tls_accept_fds(struct tls *_ctx, struct tls **_cctx, int _fd_read,
int _fd_write);
int tls_accept_socket(struct tls *_ctx, struct tls **_cctx, int _socket);
int tls_accept_cbs(struct tls *_ctx, struct tls **_cctx,
tls_read_cb _read_cb, tls_write_cb _write_cb, void *_cb_arg);
int tls_connect(struct tls *_ctx, const char *_host, const char *_port);
int tls_connect_fds(struct tls *_ctx, int _fd_read, int _fd_write,
const char *_servername);
int tls_connect_servername(struct tls *_ctx, const char *_host,
const char *_port, const char *_servername);
int tls_connect_socket(struct tls *_ctx, int _s, const char *_servername);
int tls_connect_cbs(struct tls *_ctx, tls_read_cb _read_cb,
tls_write_cb _write_cb, intptr_t _cb_arg, const char *_servername);
int tls_handshake(struct tls *_ctx);
ssize_t tls_read(struct tls *_ctx, void *_buf, size_t _buflen);
ssize_t tls_write(struct tls *_ctx, const void *_buf, size_t _buflen);
int tls_close(struct tls *_ctx);
int tls_peer_cert_provided(struct tls *_ctx);
int tls_peer_cert_contains_name(struct tls *_ctx, const char *_name);
const char *tls_peer_cert_hash(struct tls *_ctx);
const char *tls_peer_cert_issuer(struct tls *_ctx);
const char *tls_peer_cert_subject(struct tls *_ctx);
time_t tls_peer_cert_notbefore(struct tls *_ctx);
time_t tls_peer_cert_notafter(struct tls *_ctx);
const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len);
const char *tls_conn_alpn_selected(struct tls *_ctx);
const char *tls_conn_cipher(struct tls *_ctx);
int tls_conn_cipher_strength(struct tls *_ctx);
const char *tls_conn_servername(struct tls *_ctx);
int tls_conn_session_resumed(struct tls *_ctx);
const char *tls_conn_version(struct tls *_ctx);
uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
void tls_unload_file(uint8_t *_buf, size_t len);
int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response,
size_t _size);
int tls_peer_ocsp_cert_status(struct tls *_ctx);
int tls_peer_ocsp_crl_reason(struct tls *_ctx);
time_t tls_peer_ocsp_next_update(struct tls *_ctx);
int tls_peer_ocsp_response_status(struct tls *_ctx);
const char *tls_peer_ocsp_result(struct tls *_ctx);
time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
time_t tls_peer_ocsp_this_update(struct tls *_ctx);
const char *tls_peer_ocsp_url(struct tls *_ctx);
]]