hitls_security.h

/*
 * This file is part of the openHiTLS project.
 *
 * openHiTLS is licensed under the Mulan PSL v2.
 * You can use this software according to the terms and conditions of the Mulan PSL v2.
 * You may obtain a copy of Mulan PSL v2 at:
 *
 *     http://license.coscl.org.cn/MulanPSL2
 *
 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
 * See the Mulan PSL v2 for more details.
 */

 
#ifndef HITLS_SECURITY_H
#define HITLS_SECURITY_H
 
#include <stdint.h>
#include "hitls_type.h"
 
#ifdef __cplusplus
extern "C" {
#endif

#ifndef HITLS_DEFAULT_SECURITY_LEVEL
#define HITLS_DEFAULT_SECURITY_LEVEL 1
#endif

#define HITLS_SECURITY_LEVEL_ZERO 0
#define HITLS_SECURITY_LEVEL_ONE 1
#define HITLS_SECURITY_LEVEL_TWO 2
#define HITLS_SECURITY_LEVEL_THREE 3
#define HITLS_SECURITY_LEVEL_FOUR 4
#define HITLS_SECURITY_LEVEL_FIVE 5
#define HITLS_SECURITY_LEVEL_MIN HITLS_SECURITY_LEVEL_ZERO
#define HITLS_SECURITY_LEVEL_MAX HITLS_SECURITY_LEVEL_FIVE

#define HITLS_SECURITY_LEVEL_ONE_SECBITS 80
#define HITLS_SECURITY_LEVEL_TWO_SECBITS 112
#define HITLS_SECURITY_LEVEL_THREE_SECBITS 128
#define HITLS_SECURITY_LEVEL_FOUR_SECBITS 192
#define HITLS_SECURITY_LEVEL_FIVE_SECBITS 256
 
/* What the "other" parameter contains in security callback */
/* Mask for type */
# define HITLS_SECURITY_SECOP_OTHER_TYPE    0xffff0000
# define HITLS_SECURITY_SECOP_OTHER_NONE    0
# define HITLS_SECURITY_SECOP_OTHER_CIPHER  (1 << 16)
# define HITLS_SECURITY_SECOP_OTHER_CURVE   (2 << 16)
# define HITLS_SECURITY_SECOP_OTHER_DH      (3 << 16)
# define HITLS_SECURITY_SECOP_OTHER_PKEY    (4 << 16)
# define HITLS_SECURITY_SECOP_OTHER_SIGALG  (5 << 16)
# define HITLS_SECURITY_SECOP_OTHER_CERT    (6 << 16)

# define HITLS_SECURITY_SECOP_PEER          0x1000
 
/* Called to filter ciphers */
/* Ciphers client supports */
# define HITLS_SECURITY_SECOP_CIPHER_SUPPORTED      (1 | HITLS_SECURITY_SECOP_OTHER_CIPHER)
/* Cipher shared by client/server */
# define HITLS_SECURITY_SECOP_CIPHER_SHARED         (2 | HITLS_SECURITY_SECOP_OTHER_CIPHER)
/* Sanity check of cipher server selects */
# define HITLS_SECURITY_SECOP_CIPHER_CHECK          (3 | HITLS_SECURITY_SECOP_OTHER_CIPHER)
/* Curves supported by client */
# define HITLS_SECURITY_SECOP_CURVE_SUPPORTED       (4 | HITLS_SECURITY_SECOP_OTHER_CURVE)
/* Curves shared by client/server */
# define HITLS_SECURITY_SECOP_CURVE_SHARED          (5 | HITLS_SECURITY_SECOP_OTHER_CURVE)
/* Sanity check of curve server selects */
# define HITLS_SECURITY_SECOP_CURVE_CHECK           (6 | HITLS_SECURITY_SECOP_OTHER_CURVE)
/* Temporary DH key */
# define HITLS_SECURITY_SECOP_TMP_DH                (7 | HITLS_SECURITY_SECOP_OTHER_PKEY)
/* SSL/TLS version */
# define HITLS_SECURITY_SECOP_VERSION               (9 | HITLS_SECURITY_SECOP_OTHER_NONE)
/* Session tickets */
# define HITLS_SECURITY_SECOP_TICKET                (10 | HITLS_SECURITY_SECOP_OTHER_NONE)
/* Supported signature algorithms sent to peer */
# define HITLS_SECURITY_SECOP_SIGALG_SUPPORTED      (11 | HITLS_SECURITY_SECOP_OTHER_SIGALG)
/* Shared signature algorithm */
# define HITLS_SECURITY_SECOP_SIGALG_SHARED         (12 | HITLS_SECURITY_SECOP_OTHER_SIGALG)
/* Sanity check signature algorithm allowed */
# define HITLS_SECURITY_SECOP_SIGALG_CHECK          (13 | HITLS_SECURITY_SECOP_OTHER_SIGALG)
/* Used to get mask of supported public key signature algorithms */
# define HITLS_SECURITY_SECOP_SIGALG_MASK           (14 | HITLS_SECURITY_SECOP_OTHER_SIGALG)
/* Use to see if compression is allowed */
# define HITLS_SECURITY_SECOP_COMPRESSION           (15 | HITLS_SECURITY_SECOP_OTHER_NONE)
/* EE key in certificate */
# define HITLS_SECURITY_SECOP_EE_KEY                (16 | HITLS_SECURITY_SECOP_OTHER_CERT)
/* CA key in certificate */
# define HITLS_SECURITY_SECOP_CA_KEY                (17 | HITLS_SECURITY_SECOP_OTHER_CERT)
/* CA digest algorithm in certificate */
# define HITLS_SECURITY_SECOP_CA_MD                 (18 | HITLS_SECURITY_SECOP_OTHER_CERT)
/* Peer EE key in certificate */
# define HITLS_SECURITY_SECOP_PEER_EE_KEY           (HITLS_SECURITY_SECOP_EE_KEY | HITLS_SECURITY_SECOP_PEER)
/* Peer CA key in certificate */
# define HITLS_SECURITY_SECOP_PEER_CA_KEY           (HITLS_SECURITY_SECOP_CA_KEY | HITLS_SECURITY_SECOP_PEER)
/* Peer CA digest algorithm in certificate */
# define HITLS_SECURITY_SECOP_PEER_CA_MD            (HITLS_SECURITY_SECOP_CA_MD | HITLS_SECURITY_SECOP_PEER)

typedef int32_t (*HITLS_SecurityCb)(const HITLS_Ctx *ctx, const HITLS_Config *config, int32_t option,
    int32_t bits, int32_t id, void *other, void *exData);

int32_t HITLS_CFG_SetSecurityLevel(HITLS_Config *config, int32_t securityLevel);

int32_t HITLS_CFG_GetSecurityLevel(const HITLS_Config *config, int32_t *securityLevel);

int32_t HITLS_CFG_SetSecurityCb(HITLS_Config *config, HITLS_SecurityCb securityCb);

HITLS_SecurityCb HITLS_CFG_GetSecurityCb(const HITLS_Config *config);

int32_t HITLS_CFG_SetSecurityExData(HITLS_Config *config, void *securityExData);

void *HITLS_CFG_GetSecurityExData(const HITLS_Config *config);

int32_t HITLS_SetSecurityLevel(HITLS_Ctx *ctx, int32_t securityLevel);

int32_t HITLS_GetSecurityLevel(const HITLS_Ctx *ctx, int32_t *securityLevel);

int32_t HITLS_SetSecurityCb(HITLS_Ctx *ctx, HITLS_SecurityCb securityCb);

HITLS_SecurityCb HITLS_GetSecurityCb(const HITLS_Ctx *ctx);

int32_t HITLS_SetSecurityExData(HITLS_Ctx *ctx, void *securityExData);

void *HITLS_GetSecurityExData(const HITLS_Ctx *ctx);
 
#ifdef __cplusplus
}
#endif /* end __cplusplus */
 
#endif /* end HITLS_SECURITY_H */