hitls_security.h

浏览该文件的文档.

/*---------------------------------------------------------------------------------------------
 *  This file is part of the openHiTLS project.
 *  Copyright © 2023 Huawei Technologies Co.,Ltd. All rights reserved.
 *  Licensed under the openHiTLS Software license agreement 1.0. See LICENSE in the project root
 *  for license information.
 *---------------------------------------------------------------------------------------------
 */
 
#ifndef HITLS_SECURITY_H
#define HITLS_SECURITY_H
 
#include <stdint.h>
#include "hitls_type.h"
 
#ifdef __cplusplus
extern "C" {
#endif
 
#ifndef HITLS_DEFAULT_SECURITY_LEVEL
#define HITLS_DEFAULT_SECURITY_LEVEL 0
#endif
 
/* security level  */
#define HITLS_SECURITY_LEVEL_ZERO 0
#define HITLS_SECURITY_LEVEL_ONE 1
#define HITLS_SECURITY_LEVEL_TWO 2
#define HITLS_SECURITY_LEVEL_THREE 3
#define HITLS_SECURITY_LEVEL_FOUR 4
#define HITLS_SECURITY_LEVEL_FIVE 5
#define HITLS_SECURITY_LEVEL_MIN HITLS_SECURITY_LEVEL_ZERO
#define HITLS_SECURITY_LEVEL_MAX HITLS_SECURITY_LEVEL_FIVE
 
/* security strength  */
#define HITLS_SECURITY_LEVEL_ONE_SECBITS 80
#define HITLS_SECURITY_LEVEL_TWO_SECBITS 112
#define HITLS_SECURITY_LEVEL_THREE_SECBITS 128
#define HITLS_SECURITY_LEVEL_FOUR_SECBITS 192
#define HITLS_SECURITY_LEVEL_FIVE_SECBITS 256
 
/* What the "other" parameter contains in security callback */
/* Mask for type */
# define HITLS_SECURITY_SECOP_OTHER_TYPE    0xffff0000
# define HITLS_SECURITY_SECOP_OTHER_NONE    0
# define HITLS_SECURITY_SECOP_OTHER_CIPHER  (1 << 16)
# define HITLS_SECURITY_SECOP_OTHER_CURVE   (2 << 16)
# define HITLS_SECURITY_SECOP_OTHER_DH      (3 << 16)
# define HITLS_SECURITY_SECOP_OTHER_PKEY    (4 << 16)
# define HITLS_SECURITY_SECOP_OTHER_SIGALG  (5 << 16)
# define HITLS_SECURITY_SECOP_OTHER_CERT    (6 << 16)
 
/* Indicated operation refers to peer key or certificate */
# define HITLS_SECURITY_SECOP_PEER          0x1000
 
/* Called to filter ciphers */
/* Ciphers client supports */
# define HITLS_SECURITY_SECOP_CIPHER_SUPPORTED      (1 | HITLS_SECURITY_SECOP_OTHER_CIPHER)
/* Cipher shared by client/server */
# define HITLS_SECURITY_SECOP_CIPHER_SHARED         (2 | HITLS_SECURITY_SECOP_OTHER_CIPHER)
/* Sanity check of cipher server selects */
# define HITLS_SECURITY_SECOP_CIPHER_CHECK          (3 | HITLS_SECURITY_SECOP_OTHER_CIPHER)
/* Curves supported by client */
# define HITLS_SECURITY_SECOP_CURVE_SUPPORTED       (4 | HITLS_SECURITY_SECOP_OTHER_CURVE)
/* Curves shared by client/server */
# define HITLS_SECURITY_SECOP_CURVE_SHARED          (5 | HITLS_SECURITY_SECOP_OTHER_CURVE)
/* Sanity check of curve server selects */
# define HITLS_SECURITY_SECOP_CURVE_CHECK           (6 | HITLS_SECURITY_SECOP_OTHER_CURVE)
/* Temporary DH key */
# define HITLS_SECURITY_SECOP_TMP_DH                (7 | HITLS_SECURITY_SECOP_OTHER_PKEY)
/* SSL/TLS version */
# define HITLS_SECURITY_SECOP_VERSION               (9 | HITLS_SECURITY_SECOP_OTHER_NONE)
/* Session tickets */
# define HITLS_SECURITY_SECOP_TICKET                (10 | HITLS_SECURITY_SECOP_OTHER_NONE)
/* Supported signature algorithms sent to peer */
# define HITLS_SECURITY_SECOP_SIGALG_SUPPORTED      (11 | HITLS_SECURITY_SECOP_OTHER_SIGALG)
/* Shared signature algorithm */
# define HITLS_SECURITY_SECOP_SIGALG_SHARED         (12 | HITLS_SECURITY_SECOP_OTHER_SIGALG)
/* Sanity check signature algorithm allowed */
# define HITLS_SECURITY_SECOP_SIGALG_CHECK          (13 | HITLS_SECURITY_SECOP_OTHER_SIGALG)
/* Used to get mask of supported public key signature algorithms */
# define HITLS_SECURITY_SECOP_SIGALG_MASK           (14 | HITLS_SECURITY_SECOP_OTHER_SIGALG)
/* Use to see if compression is allowed */
# define HITLS_SECURITY_SECOP_COMPRESSION           (15 | HITLS_SECURITY_SECOP_OTHER_NONE)
/* EE key in certificate */
# define HITLS_SECURITY_SECOP_EE_KEY                (16 | HITLS_SECURITY_SECOP_OTHER_CERT)
/* CA key in certificate */
# define HITLS_SECURITY_SECOP_CA_KEY                (17 | HITLS_SECURITY_SECOP_OTHER_CERT)
/* CA digest algorithm in certificate */
# define HITLS_SECURITY_SECOP_CA_MD                 (18 | HITLS_SECURITY_SECOP_OTHER_CERT)
/* Peer EE key in certificate */
# define HITLS_SECURITY_SECOP_PEER_EE_KEY           (HITLS_SECURITY_SECOP_EE_KEY | HITLS_SECURITY_SECOP_PEER)
/* Peer CA key in certificate */
# define HITLS_SECURITY_SECOP_PEER_CA_KEY           (HITLS_SECURITY_SECOP_CA_KEY | HITLS_SECURITY_SECOP_PEER)
/* Peer CA digest algorithm in certificate */
# define HITLS_SECURITY_SECOP_PEER_CA_MD            (HITLS_SECURITY_SECOP_CA_MD | HITLS_SECURITY_SECOP_PEER)
 
typedef int32_t (*HITLS_SecurityCb)(const HITLS_Ctx *ctx, const HITLS_Config *config, int32_t option,
    int32_t bits, int32_t id, void *other, void *exData);
 
int32_t HITLS_CFG_SetSecurityLevel(HITLS_Config *config, int32_t securityLevel);
 
int32_t HITLS_CFG_GetSecurityLevel(const HITLS_Config *config, int32_t *securityLevel);
 
int32_t HITLS_CFG_SetSecurityCb(HITLS_Config *config, HITLS_SecurityCb securityCb);
 
HITLS_SecurityCb HITLS_CFG_GetSecurityCb(const HITLS_Config *config);
 
int32_t HITLS_CFG_SetSecurityExData(HITLS_Config *config, void *securityExData);
 
void *HITLS_CFG_GetSecurityExData(const HITLS_Config *config);
 
int32_t HITLS_SetSecurityLevel(HITLS_Ctx *ctx, int32_t securityLevel);
 
int32_t HITLS_GetSecurityLevel(const HITLS_Ctx *ctx, int32_t *securityLevel);
 
int32_t HITLS_SetSecurityCb(HITLS_Ctx *ctx, HITLS_SecurityCb securityCb);
 
HITLS_SecurityCb HITLS_GetSecurityCb(const HITLS_Ctx *ctx);
 
int32_t HITLS_SetSecurityExData(HITLS_Ctx *ctx, void *securityExData);
 
void *HITLS_GetSecurityExData(const HITLS_Ctx *ctx);
 
#ifdef __cplusplus
}
#endif /* end __cplusplus */
 
#endif /* end HITLS_SECURITY_H */