84941bcc9f
* Renaming changes: * macro prefix "POLARSSL" -> "MBEDTLS" * functions now prefixed with "mbedtls_" * rename PolarSSL++ -> mbedTLS++ * rename polarssl submodule * Use mbedtls' AES-CFB8 implementation. * Add cSslConfig to wrap mbedtls_ssl_config * Update cTCPLink and cBlockingSslClientSocket to use cSslConfig * Use cSslConfig in cHTTPServer * Use cSslConfig for cMojangAPI::SecureRequest * CI Fixes * Set -fomit-frame-pointer on the right target
94 lines
2.7 KiB
C++
94 lines
2.7 KiB
C++
|
|
#pragma once
|
|
|
|
#include "mbedtls/ssl.h"
|
|
|
|
// fwd:
|
|
class cCryptoKey;
|
|
class cCtrDrbgContext;
|
|
class cX509Cert;
|
|
|
|
using cCryptoKeyPtr = std::shared_ptr<cCryptoKey>;
|
|
using cCtrDrbgContextPtr = std::shared_ptr<cCtrDrbgContext>;
|
|
using cX509CertPtr = std::shared_ptr<cX509Cert>;
|
|
|
|
enum class eSslAuthMode
|
|
{
|
|
None = 0, // MBEDTLS_SSL_VERIFY_NONE
|
|
Optional = 1, // MBEDTLS_SSL_VERIFY_OPTIONAL
|
|
Required = 2, // MBEDTLS_SSL_VERIFY_REQUIRED
|
|
Unset = 3, // MBEDTLS_SSL_VERIFY_UNSET
|
|
};
|
|
|
|
|
|
|
|
class cSslConfig
|
|
{
|
|
friend class cSslContext;
|
|
public:
|
|
/** Type of the SSL debug callback.
|
|
Parameters are:
|
|
void * Opaque context for the callback
|
|
int Debug level
|
|
const char * File name
|
|
int Line number
|
|
const char * Message */
|
|
using cDebugCallback = void(*)(void *, int, const char *, int, const char *);
|
|
|
|
/** Type of the SSL certificate verify callback.
|
|
Parameters are:
|
|
void * Opaque context for the callback
|
|
mbedtls_x509_crt * Current cert
|
|
int Cert chain depth
|
|
uint32_t * Verification flags */
|
|
using cVerifyCallback = int(*)(void *, mbedtls_x509_crt *, int, uint32_t *);
|
|
|
|
cSslConfig();
|
|
~cSslConfig();
|
|
|
|
/** Initialize with mbedTLS default settings. */
|
|
int InitDefaults(bool a_IsClient);
|
|
|
|
/** Set the authorization mode. */
|
|
void SetAuthMode(eSslAuthMode a_AuthMode);
|
|
|
|
/** Set the random number generator. */
|
|
void SetRng(cCtrDrbgContextPtr a_CtrDrbg);
|
|
|
|
/** Set the debug callback. */
|
|
void SetDebugCallback(cDebugCallback a_CallbackFun, void * a_CallbackData);
|
|
|
|
/** Set the certificate verify callback. */
|
|
void SetVerifyCallback(cVerifyCallback a_CallbackFun, void * a_CallbackData);
|
|
|
|
/** Set the enabled cipher suites. */
|
|
void SetCipherSuites(std::vector<int> a_CipherSuites);
|
|
|
|
/** Set the certificate to use for connections. */
|
|
void SetOwnCert(cX509CertPtr a_OwnCert, cCryptoKeyPtr a_OwnCertPrivKey);
|
|
|
|
/** Set the trusted certificate authority chain. */
|
|
void SetCACerts(cX509CertPtr a_CACert);
|
|
|
|
/** Creates a new config with some sensible defaults on top of mbedTLS basic settings. */
|
|
static std::shared_ptr<cSslConfig> MakeDefaultConfig(bool a_IsClient);
|
|
|
|
/** Returns the default config for client connections. */
|
|
static std::shared_ptr<const cSslConfig> GetDefaultClientConfig();
|
|
|
|
/** Returns the default config for server connections. */
|
|
static std::shared_ptr<const cSslConfig> GetDefaultServerConfig();
|
|
|
|
private:
|
|
|
|
/** Returns a pointer to the wrapped mbedtls representation. */
|
|
const mbedtls_ssl_config * GetInternal() const { return &m_Config; }
|
|
|
|
mbedtls_ssl_config m_Config;
|
|
cCtrDrbgContextPtr m_CtrDrbg;
|
|
cX509CertPtr m_OwnCert;
|
|
cCryptoKeyPtr m_OwnCertPrivKey;
|
|
cX509CertPtr m_CACerts;
|
|
std::vector<int> m_CipherSuites;
|
|
};
|