PTLib  Version 2.18.8
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
pssl.h
Go to the documentation of this file.
1 /*
2  * pssl.h
3  *
4  * Secure Sockets Layer channel interface class.
5  *
6  * Portable Windows Library
7  *
8  * Copyright (c) 1993-2002 Equivalence Pty. Ltd.
9  *
10  * The contents of this file are subject to the Mozilla Public License
11  * Version 1.0 (the "License"); you may not use this file except in
12  * compliance with the License. You may obtain a copy of the License at
13  * http://www.mozilla.org/MPL/
14  *
15  * Software distributed under the License is distributed on an "AS IS"
16  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
17  * the License for the specific language governing rights and limitations
18  * under the License.
19  *
20  * The Original Code is Portable Windows Library.
21  *
22  * The Initial Developer of the Original Code is Equivalence Pty. Ltd.
23  *
24  * Contributor(s): ______________________________________.
25  */
26 
27 #ifndef PTLIB_PSSL_H
28 #define PTLIB_PSSL_H
29 
30 #ifdef P_USE_PRAGMA
31 #pragma interface
32 #endif
33 
34 #include <ptlib/sockets.h>
35 
36 
37 struct ssl_st;
38 struct ssl_ctx_st;
39 struct x509_st;
40 struct X509_name_st;
41 struct evp_pkey_st;
42 struct evp_cipher_ctx_st;
43 struct dh_st;
44 struct aes_key_st;
45 struct SHAstate_st;
46 struct bio_method_st;
47 struct bio_st;
48 
49 
50 enum PSSLFileTypes {
51  PSSLFileTypePEM,
52  PSSLFileTypeASN1,
53  PSSLFileTypeDEFAULT
54 };
55 
56 
57 typedef PNotifierTemplate<bool> PSSLPasswordNotifier;
58 #define PDECLARE_SSLPasswordNotifier(cls, fn) PDECLARE_NOTIFIER2(PString, cls, fn, bool)
59 
60 
65 class PSSLPrivateKey : public PObject
66 {
67  PCLASSINFO(PSSLPrivateKey, PObject);
68  public:
71  PSSLPrivateKey();
72 
75  PSSLPrivateKey(
76  unsigned modulus,
77  void (*callback)(int,int,void *) = NULL,
78  void *cb_arg = NULL
79  );
80 
86  PSSLPrivateKey(
87  const PFilePath & keyFile,
88  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
89  );
90 
93  PSSLPrivateKey(
94  const BYTE * keyData,
95  PINDEX keySize
96  );
97 
100  PSSLPrivateKey(
101  const PBYTEArray & keyData
102  );
103 
106  PSSLPrivateKey(
107  const PSSLPrivateKey & privKey
108  );
109  PSSLPrivateKey(
110  evp_pkey_st * privKey,
111  bool duplicate = true
112  );
113 
116  PSSLPrivateKey & operator=(
117  const PSSLPrivateKey & privKay
118  );
119  PSSLPrivateKey & operator=(
120  evp_pkey_st * privKay
121  );
122 
125  ~PSSLPrivateKey();
126 
129  operator evp_pkey_st *() const { return m_pkey; }
130 
133  void Attach(evp_pkey_st * key);
134 
137  PBoolean Create(
138  unsigned modulus,
139  void (*callback)(int,int,void *) = NULL,
140  void *cb_arg = NULL
141  );
142 
145  bool IsValid() const { return m_pkey != NULL; }
146 
149  bool SetData(
150  const PBYTEArray & data
151  );
152 
155  PBYTEArray GetData() const;
156 
159  PString AsString() const;
160 
163  bool Parse(
164  const PString & keyStr
165  );
166 
172  PBoolean Load(
173  const PFilePath & keyFile,
174  PSSLFileTypes fileType = PSSLFileTypeDEFAULT,
175  const PSSLPasswordNotifier & notifier = PSSLPasswordNotifier()
176  );
177 
183  PBoolean Save(
184  const PFilePath & keyFile,
185  PBoolean append = false,
186  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
187  );
188 
189 
190  protected:
191  void FreePrivateKey();
192  evp_pkey_st * m_pkey;
193 };
194 
195 
200 class PSSLCertificate : public PObject
201 {
202  PCLASSINFO(PSSLCertificate, PObject);
203  public:
206  PSSLCertificate();
207 
213  PSSLCertificate(
214  const PFilePath & certFile,
215  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
216  );
217 
220  PSSLCertificate(
221  const BYTE * certData,
222  PINDEX certSize
223  );
224 
227  PSSLCertificate(
228  const PBYTEArray & certData
229  );
230 
233  PSSLCertificate(
234  const PString & certString
235  );
236 
239  PSSLCertificate(
240  const PSSLCertificate & cert
241  );
242  PSSLCertificate(
243  x509_st * cert,
244  bool duplicate = true
245  );
246 
249  PSSLCertificate & operator=(
250  const PSSLCertificate & cert
251  );
252  PSSLCertificate & operator=(
253  x509_st * cert
254  );
255 
258  ~PSSLCertificate();
259 
262  operator x509_st *() const { return m_certificate; }
263 
266  void Attach(x509_st * cert);
267 
270  bool IsValid() const { return m_certificate != NULL; }
271 
272 
281  bool CreateRoot(
282  const PString & subject,
283  const PSSLPrivateKey & key,
284  const char * digest = NULL,
285  unsigned version = 0
286  );
287 
290  bool SetData(
291  const PBYTEArray & data
292  );
293 
296  PBYTEArray GetData() const;
297 
300  PString AsString() const;
301 
304  bool Parse(
305  const PString & certStr
306  );
307 
313  PBoolean Load(
314  const PFilePath & certFile,
315  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
316  );
317 
323  PBoolean Save(
324  const PFilePath & keyFile,
325  PBoolean append = false,
326  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
327  );
328 
329  class X509_Name : public PObject {
330  PCLASSINFO(X509_Name, PObject);
331  public:
332  X509_Name(X509_name_st * name = NULL) : m_name(name) { }
333 
334  Comparison Compare(const PObject & other) const;
335  void PrintOn(ostream & strm) const;
336 
337  bool IsValid() const { return m_name != NULL; }
338 
339  PString GetCommonName() const;
340  PString GetNID(int id) const;
341  PString AsString(
342  int indent = -1 // Negative means single line
343  ) const;
344 
345  protected:
346  X509_name_st * m_name;
347  };
348 
351  bool GetIssuerName(X509_Name & name) const;
352 
355  bool GetSubjectName(X509_Name & name) const;
356  PString GetSubjectName() const;
357 
360  PString GetSubjectAltName() const;
361 
362  P_DECLARE_BITWISE_ENUM(CheckHostFlags, 5, (
363  CheckHostNormalRules,
364  CheckHostAlwaysUseSubject,
365  CheckHostNoWildcards,
366  CheckHostNoPartialWildcards,
367  CheckHostMultiLabelWildcards,
368  CheckHostSingleLabelDomains
369  ));
370 
373  bool CheckHostName(
374  const PString & hostname,
375  CheckHostFlags flags = CheckHostNormalRules
376  );
377 
378  virtual void PrintOn(ostream & strm) const { strm << GetSubjectName(); }
379 
380  typedef std::list<x509_st *> X509_Chain;
381  const X509_Chain & GetChain() const { return m_chain; }
382 
383  protected:
384  void FreeCertificate();
385  x509_st * m_certificate;
386  X509_Chain m_chain;
387 };
388 
389 
392 class PSSLCertificateFingerprint : public PObject
393 {
394  PCLASSINFO(PSSLCertificateFingerprint, PObject);
395  public:
396  P_DECLARE_ENUM(HashType,
397  HashMd5,
398  HashSha1,
399  HashSha256,
400  HashSha512
401  );
402 
404  PSSLCertificateFingerprint();
405 
408  PSSLCertificateFingerprint(
409  const PString& inStr
410  );
411 
414  PSSLCertificateFingerprint(
415  HashType type,
416  const PSSLCertificate& certificate
417  );
418 
419  Comparison Compare(const PObject & other) const;
420 
421  bool IsValid() const;
422 
423  bool MatchForCertificate(
424  const PSSLCertificate& cert
425  ) const;
426 
427  PString AsString() const;
428  bool FromString(const PString & str);
429 
430  HashType GetHash() const { return m_hashAlogorithm; }
431  void SetHash(HashType hash) { m_hashAlogorithm = hash; }
432 
433  private:
434  HashType m_hashAlogorithm;
435  PString m_fingerprint;
436 };
437 
438 
443 class PSSLDiffieHellman : public PObject
444 {
445  PCLASSINFO(PSSLDiffieHellman, PObject);
446  public:
449  PSSLDiffieHellman();
450 
456  PSSLDiffieHellman(
457  const PFilePath & dhFile,
458  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
459  );
460 
466  PSSLDiffieHellman(
467  PINDEX numBits,
468  const BYTE * pData,
469  const BYTE * gData,
470  const BYTE * pubKey = NULL
471  );
472 
476  PSSLDiffieHellman(
477  const PBYTEArray & pData,
478  const PBYTEArray & gData,
479  const PBYTEArray & pubKey = PBYTEArray()
480  );
481 
484  PSSLDiffieHellman(
485  const PSSLDiffieHellman & dh
486  );
487 
490  PSSLDiffieHellman & operator=(
491  const PSSLDiffieHellman & dh
492  );
493 
496  ~PSSLDiffieHellman();
497 
500  bool IsValid() const { return m_dh != NULL; }
501 
504  operator dh_st *() const { return m_dh; }
505 
511  PBoolean Load(
512  const PFilePath & dhFile,
513  PSSLFileTypes fileType = PSSLFileTypeDEFAULT
514  );
515 
518  PINDEX GetNumBits() const;
519 
522  PBYTEArray GetModulus() const;
523 
526  PBYTEArray GetGenerator() const;
527 
530  PBYTEArray GetHalfKey() const;
531 
534  bool ComputeSessionKey(const PBYTEArray & otherHalf);
535 
538  const PBYTEArray & GetSessionKey() const { return m_sessionKey; }
539 
540  protected:
541  bool Construct(const BYTE * pData, PINDEX pSize,
542  const BYTE * gData, PINDEX gSize,
543  const BYTE * kData, PINDEX kSize);
544 
545  dh_st * m_dh;
546  PBYTEArray m_sessionKey;
547 };
548 
549 
550 #ifdef P_SSL_AES
551 class PAESContext : public PObject
553 {
554  PCLASSINFO(PAESContext, PObject);
555  public:
556  PAESContext();
557  PAESContext(bool encrypt, const void * key, PINDEX numBits);
558  ~PAESContext();
559 
560  void SetEncrypt(const void * key, PINDEX numBits);
561  void SetDecrypt(const void * key, PINDEX numBits);
562 
563  void Encrypt(const void * in, void * out);
564  void Decrypt(const void * in, void * out);
565 
566  protected:
567  aes_key_st * m_key;
568 };
569 #endif // P_SSL_AES
570 
571 
573 class PSSLCipherContext : public PObject
574 {
575  PCLASSINFO(PSSLCipherContext, PObject);
576  public:
577  PSSLCipherContext(
578  bool encrypt
579  );
580 
581  ~PSSLCipherContext();
582 
585  operator evp_cipher_ctx_st *() const { return m_context; }
586 
588  bool IsEncrypt() const;
589 
592  PString GetAlgorithm() const;
593 
597  bool SetAlgorithm(
598  const PString & name
599  );
600 
603  bool SetKey(const PBYTEArray & key) { return SetKey(key, key.GetSize()); }
604  bool SetKey(const BYTE * keyPtr, PINDEX keyLen);
605 
608  bool SetIV(const PBYTEArray & iv) { return SetIV(iv, iv.GetSize()); }
609  bool SetIV(const BYTE * ivPtr, PINDEX ivLen);
610 
611  enum PadMode {
612  NoPadding,
613  PadPKCS,
614  PadLoosePKCS,
615  PadCipherStealing
616  };
617 
622  bool SetPadding(PadMode pad);
623 
628  PadMode GetPadding() const { return m_padMode; }
629 
632  bool Process(
633  const PBYTEArray & in,
634  PBYTEArray & out
635  );
636  bool Process(
637  const BYTE * inPtr,
638  PINDEX inLen,
639  BYTE * outPtr,
640  PINDEX & outLen,
641  bool partial = false
642  );
643 
646  PINDEX GetKeyLength() const;
647 
650  PINDEX GetIVLength() const;
651 
654  PINDEX GetBlockSize() const;
655 
658  PINDEX GetBlockedDataSize(PINDEX size) const;
659 
660  protected:
661  PadMode m_padMode;
662  bool m_encrypt;
663  evp_cipher_ctx_st * m_context;
664 
665  // ciphertext stealing code based on a OpenSSL patch by An-Cheng Huang
666  unsigned char m_pad_buf[32]; // Saved partial block of input data
667  unsigned char m_pad_final_buf[32]; // Last processed block of output data
668  int m_pad_buf_len; // Number of bytes in m_pad_buf
669  bool m_pad_final_used; // Indicates whether the final buffer is used
670  bool UpdateCTS(unsigned char *out, int *outl, const unsigned char *in, int inl);
671  bool EncryptFinalCTS(unsigned char *out, int *outl);
672  bool DecryptFinalCTS(unsigned char *out, int *outl);
673 
674  // Relaxed decryption that doesn't verify contents of the padding in the last decrypted block
675  bool UpdateLoose(unsigned char *out, int *outl, const unsigned char *in, int inl);
676  bool DecryptUpdateLoose(unsigned char *out, int *outl, const unsigned char *in, int inl);
677  bool DecryptFinalLoose(unsigned char *out, int *outl);
678 
679  private:
680  PSSLCipherContext(const PSSLCipherContext &) { }
681  void operator=(const PSSLCipherContext &) { }
682 };
683 
684 
686 class PSHA1Context : public PObject
687 {
688  PCLASSINFO(PSHA1Context, PObject);
689  public:
690  PSHA1Context();
691  ~PSHA1Context();
692 
693  enum { BlockSize = 64 };
694 
695  void Update(const void * data, PINDEX length);
696  void Update(const PString & str) { Update((const char *)str, str.GetLength()); }
697 
698  typedef BYTE Digest[20];
699  void Finalise(Digest result);
700 
701  static void Process(const void * data, PINDEX length, Digest result);
702  static void Process(const PString & str, Digest result) { Process((const char *)str, str.GetLength(), result); }
703 
704  protected:
705  SHAstate_st * m_context;
706 
707  private:
708  PSHA1Context(const PSHA1Context &) { }
709  void operator=(const PSHA1Context &) { }
710 };
711 
712 
718 class PSSLContext : public PObject
719 {
720  PCLASSINFO(PSSLContext, PObject);
721  public:
722  P_DECLARE_TRACED_ENUM(Method,
723  SSLv23,
724  SSLv3,
725  TLSv1,
726  TLSv1_1,
727  TLSv1_2,
728  DTLSv1,
729  DTLSv1_2,
730  DTLSv1_2_v1_0
731  );
732 
733  static const Method HighestTLS = TLSv1_2;
734  static const Method HighestDTLS = DTLSv1_2_v1_0;
735 
744  PSSLContext(
745  const void * sessionId = NULL,
746  PINDEX idSize = 0
747  );
748  PSSLContext(
749  Method method,
750  const void * sessionId = NULL,
751  PINDEX idSize = 0
752  );
753 
756  ~PSSLContext();
757 
760  operator ssl_ctx_st *() const { return m_context; }
761 
764  bool SetVerifyLocations(
765  const PFilePath & caFile,
766  const PDirectory & caDir
767  );
768 
771  bool SetVerifyDirectory(
772  const PDirectory & caDir
773  );
774 
777  bool SetVerifyFile(
778  const PFilePath & caFile
779  );
780 
783  bool SetVerifySystemDefault();
784 
787  bool SetVerifyCertificate(
788  const PSSLCertificate & cert
789  );
790 
791  P_DECLARE_ENUM(VerifyMode,
792  VerifyNone,
793  VerifyPeer,
794  VerifyPeerMandatory
795  );
796 
799  void SetVerifyMode(
800  VerifyMode mode,
801  unsigned depth = 9
802  );
803 
806  VerifyMode GetVerifyMode() const;
807 
810  bool AddClientCA(
811  const PSSLCertificate & certificate
812  );
813  bool AddClientCA(
814  const PList<PSSLCertificate> & certificates
815  );
816 
819  bool UseCertificate(
820  const PSSLCertificate & certificate
821  );
822 
825  bool UsePrivateKey(
826  const PSSLPrivateKey & key
827  );
828 
831  bool UseDiffieHellman(
832  const PSSLDiffieHellman & dh
833  );
834 
837  bool SetCipherList(
838  const PString & ciphers
839  );
840 
843  bool SetCredentials(
844  const PString & authority,
845  const PString & certificate,
846  const PString & privateKey,
847  bool create = false
848  );
849 
851  void SetPasswordNotifier(
852  const PSSLPasswordNotifier & notifier
853  );
854 
856  bool SetExtension(
857  const char * extension
858  );
859 
860  Method GetMethod() const { return m_method; }
861 
862  protected:
863  void Construct(const void * sessionId, PINDEX idSize);
864 
865  Method m_method;
866  ssl_ctx_st * m_context;
867  PSSLPasswordNotifier m_passwordNotifier;
868 
869  private:
870  PSSLContext(const PSSLContext &) { }
871  void operator=(const PSSLContext &) { }
872 };
873 
874 
877 class PSSLChannel : public PIndirectChannel
878 {
879  PCLASSINFO(PSSLChannel, PIndirectChannel)
880  public:
884  PSSLChannel(
885  PSSLContext * context = NULL,
886  PBoolean autoDeleteContext = false
887  );
888  PSSLChannel(
889  PSSLContext & context
890  );
891 
894  ~PSSLChannel();
895 
896  // Overrides from PChannel
897  virtual PBoolean Read(void * buf, PINDEX len);
898  virtual PBoolean Write(const void * buf, PINDEX len);
899  virtual PBoolean Close();
900  virtual PBoolean Shutdown(ShutdownValue);
901  virtual PString GetErrorText(ErrorGroup group = NumErrorGroups) const;
902  virtual PBoolean ConvertOSError(P_INT_PTR libcReturnValue, ErrorGroup group = LastGeneralError);
903 
904  // New functions
909  PBoolean Accept();
910 
913  PBoolean Accept(
914  PChannel & channel
915  );
916 
919  PBoolean Accept(
920  PChannel * channel,
921  PBoolean autoDelete = true
922  );
923 
924 
929  PBoolean Connect();
930 
933  PBoolean Connect(
934  PChannel & channel
935  );
936 
939  PBoolean Connect(
940  PChannel * channel,
941  PBoolean autoDelete = true
942  );
943 
946  bool AddClientCA(
947  const PSSLCertificate & certificate
948  );
949  bool AddClientCA(
950  const PList<PSSLCertificate> & certificates
951  );
952 
955  PBoolean UseCertificate(
956  const PSSLCertificate & certificate
957  );
958 
961  PBoolean UsePrivateKey(
962  const PSSLPrivateKey & key
963  );
964 
967  PString GetCipherList() const;
968 
969  typedef PSSLContext::VerifyMode VerifyMode;
970 
971  struct VerifyInfo
972  {
973  VerifyInfo(bool ok, const PSSLCertificate & cert, int err) : m_ok(ok), m_peerCertificate(cert), m_errorCode(err) { }
974  bool m_ok;
975  PSSLCertificate m_peerCertificate;
976  int m_errorCode;
977  };
978  typedef PNotifierTemplate<VerifyInfo &> VerifyNotifier;
979  #define PDECLARE_SSLVerifyNotifier(cls, fn) PDECLARE_NOTIFIER2(PSSLChannel, cls, fn, PSSLChannel::VerifyInfo &)
980  #define PCREATE_SSLVerifyNotifier(fn) PCREATE_NOTIFIER2(fn, PSSLChannel::VerifyInfo &)
981 
984  void SetVerifyMode(
985  VerifyMode mode,
986  const VerifyNotifier & notifier = VerifyNotifier()
987  );
988 
992  virtual void OnVerify(
993  VerifyInfo & info
994  );
995 
1002  bool GetPeerCertificate(
1003  PSSLCertificate & certificate,
1004  PString * error = NULL
1005  );
1006 
1009  bool SetServerNameIndication(
1010  const PString & name
1011  );
1012 
1016  bool CheckHostName(
1017  const PString & hostname,
1018  PSSLCertificate::CheckHostFlags flags = PSSLCertificate::CheckHostNormalRules
1019  );
1020 
1021  PSSLContext * GetContext() const { return m_context; }
1022 
1025  operator ssl_st *() const { return m_ssl; }
1026 
1027 
1028  protected:
1029  void Construct(PSSLContext * ctx, PBoolean autoDel);
1030  virtual bool InternalAccept();
1031  virtual bool InternalConnect();
1032 
1033  protected:
1034  static int BioRead(bio_st * bio, char * buf, int len);
1035  static int BioWrite(bio_st * bio, const char * buf, int len);
1036  static long BioControl(bio_st * bio, int cmd, long num, void * ptr);
1037  static int BioClose(bio_st * bio);
1038 
1039  virtual int BioRead(char * buf, int len);
1040  virtual int BioWrite(const char * buf, int len);
1041  virtual long BioControl(int cmd, long num, void * ptr);
1042  virtual int BioClose();
1043 
1044  PSSLContext * m_context;
1045  bool m_autoDeleteContext;
1046  ssl_st * m_ssl;
1047  bio_method_st* m_bioMethod;
1048  bio_st * m_bio;
1049  VerifyNotifier m_verifyNotifier;
1050  PDECLARE_MUTEX(m_writeMutex);
1051 
1052  P_REMOVE_VIRTUAL(PBoolean,RawSSLRead(void *, PINDEX &),false);
1053  P_REMOVE_VIRTUAL(bool,OnVerify(bool,const PSSLCertificate&),false);
1054 };
1055 
1056 
1059 class PSSLChannelDTLS : public PSSLChannel
1060 {
1061  PCLASSINFO(PSSLChannelDTLS, PSSLChannel)
1062  public:
1066  PSSLChannelDTLS(
1067  PSSLContext * context = NULL,
1068  bool autoDeleteContext = false
1069  );
1070  PSSLChannelDTLS(
1071  PSSLContext & context
1072  );
1073 
1076  ~PSSLChannelDTLS();
1077 
1078  // Overrides from PChannel
1079  virtual PBoolean Read(void * buf, PINDEX len);
1080  virtual PBoolean Write(const void * buf, PINDEX len);
1081 
1085  bool SetMTU(
1086  unsigned bytes
1087  );
1088 
1091  bool ExecuteHandshake();
1092 
1094  bool IsServer() const;
1095 
1097  PCaselessString GetSelectedProfile() const;
1098 
1100  PBYTEArray GetKeyMaterial(
1101  PINDEX materialSize,
1102  const char * name
1103  ) const;
1104 
1105  protected:
1106  virtual bool InternalAccept();
1107  virtual bool InternalConnect();
1108 };
1109 
1110 
1111 #endif // PTLIB_PSSL_H
1112 
1113 
1114 // End Of File ///////////////////////////////////////////////////////////////
PSHA1Context::BlockSize
Definition: pssl.h:693
PSSLPrivateKey::operator=
PSSLPrivateKey & operator=(const PSSLPrivateKey &privKay)
Create a copy of the private key.
PSHA1Context::m_context
SHAstate_st * m_context
Definition: pssl.h:705
PSSLFileTypePEM
Definition: pssl.h:51
PSSLCertificate::X509_Chain
std::list< x509_st * > X509_Chain
Definition: pssl.h:380
PSSLCertificate::m_certificate
x509_st * m_certificate
Definition: pssl.h:385
PSSLChannel::BioRead
static int BioRead(bio_st *bio, char *buf, int len)
PSSLChannel::OnVerify
virtual void OnVerify(VerifyInfo &info)
Call back for certificate verification.
PSSLCipherContext::DecryptFinalLoose
bool DecryptFinalLoose(unsigned char *out, int *outl)
PSSLContext::SetCredentials
bool SetCredentials(const PString &authority, const PString &certificate, const PString &privateKey, bool create=false)
Set the credentials for the context.
PSSLChannel::SetServerNameIndication
bool SetServerNameIndication(const PString &name)
Set the Server Name Indication TLS extension.
PSSLCipherContext::m_padMode
PadMode m_padMode
Definition: pssl.h:661
PSHA1Context::Process
static void Process(const void *data, PINDEX length, Digest result)
PSSLChannelDTLS::GetKeyMaterial
PBYTEArray GetKeyMaterial(PINDEX materialSize, const char *name) const
Get the key material after exchange completed.
PChannel::NumErrorGroups
Definition: channel.h:255
PSSLChannelDTLS::GetSelectedProfile
PCaselessString GetSelectedProfile() const
Get the selected profile name.
PSSLContext::HighestDTLS
static const Method HighestDTLS
Definition: pssl.h:734
PSSLFileTypeASN1
Definition: pssl.h:52
PSSLChannel::GetErrorText
virtual PString GetErrorText(ErrorGroup group=NumErrorGroups) const
Get error message description.
PSSLDiffieHellman::ComputeSessionKey
bool ComputeSessionKey(const PBYTEArray &otherHalf)
Compute the session key, geven other half-key.
PSSLCertificateFingerprint::P_DECLARE_ENUM
P_DECLARE_ENUM(HashType, HashMd5, HashSha1, HashSha256, HashSha512)
PSSLCertificate::X509_Name::GetCommonName
PString GetCommonName() const
PCLASSINFO
#define PCLASSINFO(cls, par)
Declare all the standard PTLib class information.
Definition: object.h:2164
PSSLCertificate::~PSSLCertificate
~PSSLCertificate()
Destroy and release storage for certificate.
PSSLChannel::UseCertificate
PBoolean UseCertificate(const PSSLCertificate &certificate)
Use the certificate specified.
PSSLPrivateKey::Create
PBoolean Create(unsigned modulus, void(*callback)(int, int, void *)=NULL, void *cb_arg=NULL)
Create a new private key.
PSSLDiffieHellman::GetSessionKey
const PBYTEArray & GetSessionKey() const
Get the session key value.
Definition: pssl.h:538
PSSLCertificate::X509_Name::AsString
PString AsString(int indent=-1) const
PSSLCertificateFingerprint::FromString
bool FromString(const PString &str)
PSSLChannel::SetVerifyMode
void SetVerifyMode(VerifyMode mode, const VerifyNotifier &notifier=VerifyNotifier())
Set certificate verification mode for connection.
PChannel::LastGeneralError
Error during other operation, eg Open()
Definition: channel.h:254
PSSLChannelDTLS::Write
virtual PBoolean Write(const void *buf, PINDEX len)
Low level write to the channel.
PSSLChannel::VerifyInfo::m_ok
bool m_ok
Definition: pssl.h:974
PSSLContext::PSSLContext
PSSLContext(const void *sessionId=NULL, PINDEX idSize=0)
Create a new context for SSL channels.
PSSLPrivateKey::Attach
void Attach(evp_pkey_st *key)
Set internal OpenSSL private key structure.
PSSLCertificate::IsValid
bool IsValid() const
Return true if is a valid certificate.
Definition: pssl.h:270
PSSLChannelDTLS::InternalConnect
virtual bool InternalConnect()
PSSLChannel::UsePrivateKey
PBoolean UsePrivateKey(const PSSLPrivateKey &key)
Use the private key file specified.
PSSLChannel::BioControl
static long BioControl(bio_st *bio, int cmd, long num, void *ptr)
PSSLChannel::PDECLARE_MUTEX
PDECLARE_MUTEX(m_writeMutex)
PSSLCertificate
Certificate for SSL.
Definition: pssl.h:200
PFilePath
This class describes a full description for a file on the particular platform.
Definition: filepath.h:61
PSSLChannel::VerifyInfo::m_peerCertificate
PSSLCertificate m_peerCertificate
Definition: pssl.h:975
PSSLCipherContext::GetBlockSize
PINDEX GetBlockSize() const
Get the cipher block size.
PSSLCertificate::AsString
PString AsString() const
Get the certificate as ASN1 DER base64 encoded data.
PSSLPrivateKey::~PSSLPrivateKey
~PSSLPrivateKey()
Destroy and release storage for private key.
PObject::Comparison
Comparison
Result of the comparison operation performed by the Compare() function.
Definition: object.h:2251
PSSLCertificate::X509_Name::IsValid
bool IsValid() const
Definition: pssl.h:337
PSSLContext::SetExtension
bool SetExtension(const char *extension)
Set TLS extension.
PSSLCipherContext::UpdateCTS
bool UpdateCTS(unsigned char *out, int *outl, const unsigned char *in, int inl)
PSSLCertificate::Load
PBoolean Load(const PFilePath &certFile, PSSLFileTypes fileType=PSSLFileTypeDEFAULT)
Load certificate from file.
PSSLCipherContext::GetIVLength
PINDEX GetIVLength() const
Get the cipher initial vector length.
PSSLDiffieHellman::m_dh
dh_st * m_dh
Definition: pssl.h:545
PIndirectChannel
This is a channel that operates indirectly through another channel(s).
Definition: indchan.h:45
PSSLCertificate::FreeCertificate
void FreeCertificate()
PSSLCipherContext::DecryptUpdateLoose
bool DecryptUpdateLoose(unsigned char *out, int *outl, const unsigned char *in, int inl)
PCaselessString
This class is a variation of a string that ignores case.
Definition: pstring.h:2012
PSSLCipherContext::EncryptFinalCTS
bool EncryptFinalCTS(unsigned char *out, int *outl)
PSSLChannel::ConvertOSError
virtual PBoolean ConvertOSError(P_INT_PTR libcReturnValue, ErrorGroup group=LastGeneralError)
Convert an operating system error into platform independent error.
PSSLCertificate::GetChain
const X509_Chain & GetChain() const
Definition: pssl.h:381
PSSLContext::AddClientCA
bool AddClientCA(const PSSLCertificate &certificate)
Set the CA certificate(s) to send to client from server.
PSSLCipherContext::m_pad_buf
unsigned char m_pad_buf[32]
Definition: pssl.h:666
PSHA1Context::Update
void Update(const PString &str)
Definition: pssl.h:696
PSSLChannel::VerifyInfo
Definition: pssl.h:971
PSSLContext::GetMethod
Method GetMethod() const
Definition: pssl.h:860
PSSLCertificateFingerprint::PSSLCertificateFingerprint
PSSLCertificateFingerprint()
Create empty fingerprint.
PSSLChannel::BioWrite
static int BioWrite(bio_st *bio, const char *buf, int len)
PSSLPrivateKey::GetData
PBYTEArray GetData() const
Get the certificate as binary ASN1 DER encoded data.
PSSLFileTypeDEFAULT
Definition: pssl.h:53
PSSLCipherContext
Encryption/decryption context.
Definition: pssl.h:573
PSSLContext::SetVerifySystemDefault
bool SetVerifySystemDefault()
Set the locations for CA certificates used to verify peer certificates.
PSSLContext::P_DECLARE_ENUM
P_DECLARE_ENUM(VerifyMode, VerifyNone, VerifyPeer, VerifyPeerMandatory)
PChannel::ShutdownValue
ShutdownValue
Definition: channel.h:589
PSSLChannel::m_bioMethod
bio_method_st * m_bioMethod
Definition: pssl.h:1047
PSSLPrivateKey
Private key for SSL.
Definition: pssl.h:65
PSSLPrivateKey::Save
PBoolean Save(const PFilePath &keyFile, PBoolean append=false, PSSLFileTypes fileType=PSSLFileTypeDEFAULT)
Save private key to file.
PSSLCipherContext::Process
bool Process(const PBYTEArray &in, PBYTEArray &out)
Encrypt/Decrypt a block of data.
PSSLCertificate::GetData
PBYTEArray GetData() const
Get the certificate as binary ASN1 DER encoded data.
PList
This template class maps the PAbstractList to a specific object type.
Definition: lists.h:322
PSSLContext::UsePrivateKey
bool UsePrivateKey(const PSSLPrivateKey &key)
Use the private key specified.
PSSLChannel::m_ssl
ssl_st * m_ssl
Definition: pssl.h:1046
PSSLCipherContext::DecryptFinalCTS
bool DecryptFinalCTS(unsigned char *out, int *outl)
PSSLChannel::InternalAccept
virtual bool InternalAccept()
PSSLCipherContext::m_pad_final_used
bool m_pad_final_used
Definition: pssl.h:669
PSSLChannel::m_context
PSSLContext * m_context
Definition: pssl.h:1044
PDirectory
Class to represent a directory in the operating system file system.
Definition: pdirect.h:173
PSSLContext::GetVerifyMode
VerifyMode GetVerifyMode() const
Set certificate verification mode for connection.
PSSLPrivateKey::IsValid
bool IsValid() const
Return true if is a valid private key.
Definition: pssl.h:145
PSSLChannel::PSSLChannel
PSSLChannel(PSSLContext *context=NULL, PBoolean autoDeleteContext=false)
Create a new channel given the context.
PSSLCipherContext::GetBlockedDataSize
PINDEX GetBlockedDataSize(PINDEX size) const
Calculate the rounded up size for encrypted data.
PSSLCertificate::GetSubjectName
PString GetSubjectName() const
PSSLContext::UseDiffieHellman
bool UseDiffieHellman(const PSSLDiffieHellman &dh)
Use the Diffie-Hellman parameters specified.
PBYTEArray
Array of unsigned characters.
Definition: array.h:605
PSSLDiffieHellman::GetGenerator
PBYTEArray GetGenerator() const
Get the G value.
PSSLChannel::m_autoDeleteContext
bool m_autoDeleteContext
Definition: pssl.h:1045
PSSLCertificate::CreateRoot
bool CreateRoot(const PString &subject, const PSSLPrivateKey &key, const char *digest=NULL, unsigned version=0)
Create a new root certificate.
PSSLChannelDTLS::InternalAccept
virtual bool InternalAccept()
PSSLContext::HighestTLS
static const Method HighestTLS
Definition: pssl.h:733
PSSLChannel::m_verifyNotifier
VerifyNotifier m_verifyNotifier
Definition: pssl.h:1049
PSSLCertificateFingerprint::GetHash
HashType GetHash() const
Definition: pssl.h:430
PSSLCertificate::X509_Name
Definition: pssl.h:329
PSSLDiffieHellman::GetNumBits
PINDEX GetNumBits() const
Get number of bits being used.
PSSLCipherContext::PadLoosePKCS
Definition: pssl.h:614
PSSLCipherContext::GetAlgorithm
PString GetAlgorithm() const
Get selected algorithm.
PSSLCertificateFingerprint
Create a &quot;fingerprint&quot; for SSL certificate.
Definition: pssl.h:392
PSSLChannelDTLS::Read
virtual PBoolean Read(void *buf, PINDEX len)
Low level read from the channel.
PSSLContext::SetPasswordNotifier
void SetPasswordNotifier(const PSSLPasswordNotifier &notifier)
Set the notifier for when SSL needs to get a password to unlock a private key.
PSSLCertificate::X509_Name::X509_Name
X509_Name(X509_name_st *name=NULL)
Definition: pssl.h:332
PSSLCipherContext::NoPadding
Definition: pssl.h:612
PChannel
Abstract class defining I/O channel semantics.
Definition: channel.h:103
PSSLChannelDTLS
This class will start a secure SSL based channel.
Definition: pssl.h:1059
PSSLCertificateFingerprint::Compare
Comparison Compare(const PObject &other) const
Compare the two objects and return their relative rank.
PContainer::GetSize
virtual PINDEX GetSize() const
Get the current size of the container.
PSSLDiffieHellman::GetHalfKey
PBYTEArray GetHalfKey() const
Get the &quot;half-key&quot; value.
PSSLContext::SetVerifyDirectory
bool SetVerifyDirectory(const PDirectory &caDir)
Set the locations for CA certificates used to verify peer certificates.
PSSLChannel::Connect
PBoolean Connect()
Connect to remote server.
PSSLDiffieHellman::Construct
bool Construct(const BYTE *pData, PINDEX pSize, const BYTE *gData, PINDEX gSize, const BYTE *kData, PINDEX kSize)
PSSLContext::Construct
void Construct(const void *sessionId, PINDEX idSize)
PBoolean
bool PBoolean
Definition: object.h:174
PSSLCertificate::X509_Name::Compare
Comparison Compare(const PObject &other) const
Compare the two objects and return their relative rank.
PSSLChannel::~PSSLChannel
~PSSLChannel()
Close and clear the SSL channel.
PSSLChannel::VerifyMode
PSSLContext::VerifyMode VerifyMode
Definition: pssl.h:969
PSSLChannel::GetPeerCertificate
bool GetPeerCertificate(PSSLCertificate &certificate, PString *error=NULL)
Get the peer certificate, if there is one.
PSSLCertificate::P_DECLARE_BITWISE_ENUM
P_DECLARE_BITWISE_ENUM(CheckHostFlags, 5,(CheckHostNormalRules, CheckHostAlwaysUseSubject, CheckHostNoWildcards, CheckHostNoPartialWildcards, CheckHostMultiLabelWildcards, CheckHostSingleLabelDomains))
PSSLCertificate::GetIssuerName
bool GetIssuerName(X509_Name &name) const
Get certificate issuer name.
P_INT_PTR
intptr_t P_INT_PTR
Definition: object.h:2646
PSSLCipherContext::PSSLCipherContext
PSSLCipherContext(bool encrypt)
PSHA1Context::Digest
BYTE Digest[20]
Definition: pssl.h:698
PString
The character string class.
Definition: pstring.h:108
PSSLCertificate::m_chain
X509_Chain m_chain
Definition: pssl.h:386
PSSLDiffieHellman::~PSSLDiffieHellman
~PSSLDiffieHellman()
Destroy and release storage for Diffie-Hellman parameters.
PSHA1Context::Finalise
void Finalise(Digest result)
PSSLContext
Context for SSL channels.
Definition: pssl.h:718
PSSLCertificate::PrintOn
virtual void PrintOn(ostream &strm) const
Output the contents of the object to the stream.
Definition: pssl.h:378
PSSLDiffieHellman::operator=
PSSLDiffieHellman & operator=(const PSSLDiffieHellman &dh)
Create a copy of the Diffie-Hellman parameters.
PSSLCipherContext::SetIV
bool SetIV(const PBYTEArray &iv)
Set encryption/decryption initial vector.
Definition: pssl.h:608
PSSLContext::m_context
ssl_ctx_st * m_context
Definition: pssl.h:866
PSSLChannel
This class will start a secure SSL based channel.
Definition: pssl.h:877
PSSLCipherContext::SetAlgorithm
bool SetAlgorithm(const PString &name)
Set encryption/decryption algorithm.
PSSLContext::m_method
Method m_method
Definition: pssl.h:865
PSSLContext::SetVerifyLocations
bool SetVerifyLocations(const PFilePath &caFile, const PDirectory &caDir)
Set the locations for CA certificates used to verify peer certificates.
PSSLCipherContext::PadMode
PadMode
Definition: pssl.h:611
PSSLPrivateKey::AsString
PString AsString() const
Get the certificate as ASN1 DER base64 encoded data.
PChannel::ErrorGroup
ErrorGroup
Error groups.
Definition: channel.h:251
PSSLCertificateFingerprint::MatchForCertificate
bool MatchForCertificate(const PSSLCertificate &cert) const
PSSLCipherContext::m_pad_buf_len
int m_pad_buf_len
Definition: pssl.h:668
PSSLChannel::VerifyInfo::m_errorCode
int m_errorCode
Definition: pssl.h:976
PSSLChannel::InternalConnect
virtual bool InternalConnect()
PSSLDiffieHellman::Load
PBoolean Load(const PFilePath &dhFile, PSSLFileTypes fileType=PSSLFileTypeDEFAULT)
Load Diffie-Hellman parameters from file.
PSSLChannel::BioClose
virtual int BioClose()
PSSLCertificate::PSSLCertificate
PSSLCertificate()
Create an empty certificate.
PSSLChannel::Shutdown
virtual PBoolean Shutdown(ShutdownValue)
Close one or both of the data streams associated with a channel.
PSSLChannel::m_bio
bio_st * m_bio
Definition: pssl.h:1048
PSSLChannel::P_REMOVE_VIRTUAL
P_REMOVE_VIRTUAL(PBoolean, RawSSLRead(void *, PINDEX &), false)
PSSLChannel::Write
virtual PBoolean Write(const void *buf, PINDEX len)
Low level write to the channel.
PSSLDiffieHellman::m_sessionKey
PBYTEArray m_sessionKey
Definition: pssl.h:546
PSHA1Context::Update
void Update(const void *data, PINDEX length)
PSSLCertificate::Attach
void Attach(x509_st *cert)
Set internal OpenSSL X509 structure.
PSSLContext::SetVerifyCertificate
bool SetVerifyCertificate(const PSSLCertificate &cert)
Set the CA certificate used to verify peer certificates.
PSSLPrivateKey::Load
PBoolean Load(const PFilePath &keyFile, PSSLFileTypes fileType=PSSLFileTypeDEFAULT, const PSSLPasswordNotifier &notifier=PSSLPasswordNotifier())
Load private key from file.
PSSLCipherContext::GetPadding
PadMode GetPadding() const
Get padding mode.
Definition: pssl.h:628
PSSLChannel::Accept
PBoolean Accept()
Accept a new inbound connection (server).
PSSLChannel::Read
virtual PBoolean Read(void *buf, PINDEX len)
Low level read from the channel.
PSSLCipherContext::SetPadding
bool SetPadding(PadMode pad)
Set padding mode.
PSHA1Context::Process
static void Process(const PString &str, Digest result)
Definition: pssl.h:702
PSSLChannel::CheckHostName
bool CheckHostName(const PString &hostname, PSSLCertificate::CheckHostFlags flags=PSSLCertificate::CheckHostNormalRules)
Check the host name against the certificate.
PSSLCertificate::GetSubjectAltName
PString GetSubjectAltName() const
Get certificate alternate subject name.
PSSLCipherContext::GetKeyLength
PINDEX GetKeyLength() const
Get the cipher key length.
PSSLChannel::Close
virtual PBoolean Close()
Close the channel.
PSSLCertificateFingerprint::SetHash
void SetHash(HashType hash)
Definition: pssl.h:431
PSSLCertificate::CheckHostName
bool CheckHostName(const PString &hostname, CheckHostFlags flags=CheckHostNormalRules)
Check the host name against the certificate.
PSSLCertificate::X509_Name::GetNID
PString GetNID(int id) const
PSHA1Context
SHA1 digest scheme.
Definition: pssl.h:686
PSSLPrivateKey::Parse
bool Parse(const PString &keyStr)
Set the certificate from ASN1 DER base64 encoded data.
PSSLPrivateKey::FreePrivateKey
void FreePrivateKey()
PSSLChannelDTLS::IsServer
bool IsServer() const
Indicate we are operating as a server.
PSSLCertificate::operator=
PSSLCertificate & operator=(const PSSLCertificate &cert)
Create a copy of the certificate.
PSSLCipherContext::m_encrypt
bool m_encrypt
Definition: pssl.h:662
PSSLChannel::AddClientCA
bool AddClientCA(const PSSLCertificate &certificate)
Set the CA certificate(s) to send to client from server.
PSSLCertificate::Save
PBoolean Save(const PFilePath &keyFile, PBoolean append=false, PSSLFileTypes fileType=PSSLFileTypeDEFAULT)
Save certificate to file.
PSSLPrivateKey::PSSLPrivateKey
PSSLPrivateKey()
Create an empty private key.
PSSLChannel::GetCipherList
PString GetCipherList() const
Get the available ciphers.
PSSLCipherContext::IsEncrypt
bool IsEncrypt() const
Indicate we are encrypting data.
PSSLCertificate::SetData
bool SetData(const PBYTEArray &data)
Set the certificate as binary ASN1 DER encoded data.
PSSLPrivateKey::SetData
bool SetData(const PBYTEArray &data)
Set the certificate as binary ASN1 DER encoded data.
PSSLCipherContext::SetKey
bool SetKey(const PBYTEArray &key)
Set encryption/decryption key.
Definition: pssl.h:603
PSSLDiffieHellman::GetModulus
PBYTEArray GetModulus() const
Get the P value.
PSSLChannelDTLS::~PSSLChannelDTLS
~PSSLChannelDTLS()
Close and clear the SSL channel.
PSSLChannel::VerifyNotifier
PNotifierTemplate< VerifyInfo & > VerifyNotifier
Definition: pssl.h:978
PSSLPasswordNotifier
PNotifierTemplate< bool > PSSLPasswordNotifier
Definition: pssl.h:57
PString::GetLength
virtual PINDEX GetLength() const
Determine the length of the null terminated string.
Definition: pstring.h:595
PSSLContext::SetVerifyMode
void SetVerifyMode(VerifyMode mode, unsigned depth=9)
Set certificate verification mode for connection.
PSSLDiffieHellman
Diffie-Hellman key exchange conteext.
Definition: pssl.h:443
PSSLChannelDTLS::SetMTU
bool SetMTU(unsigned bytes)
Set the MTU for DTLS handshake.
PSSLContext::P_DECLARE_TRACED_ENUM
P_DECLARE_TRACED_ENUM(Method, SSLv23, SSLv3, TLSv1, TLSv1_1, TLSv1_2, DTLSv1, DTLSv1_2, DTLSv1_2_v1_0)
PSSLCertificate::X509_Name::m_name
X509_name_st * m_name
Definition: pssl.h:346
PSSLCipherContext::m_pad_final_buf
unsigned char m_pad_final_buf[32]
Definition: pssl.h:667
PSSLContext::SetVerifyFile
bool SetVerifyFile(const PFilePath &caFile)
Set the locations for CA certificates used to verify peer certificates.
PSSLContext::UseCertificate
bool UseCertificate(const PSSLCertificate &certificate)
Use the certificate specified.
PSSLDiffieHellman::IsValid
bool IsValid() const
Return true if is a valid Diffie-Hellman context.
Definition: pssl.h:500
PSSLPrivateKey::m_pkey
evp_pkey_st * m_pkey
Definition: pssl.h:192
PSSLContext::m_passwordNotifier
PSSLPasswordNotifier m_passwordNotifier
Definition: pssl.h:867
PSSLCertificate::X509_Name::PrintOn
void PrintOn(ostream &strm) const
Output the contents of the object to the stream.
PSSLCertificateFingerprint::AsString
PString AsString() const
PSSLCipherContext::m_context
evp_cipher_ctx_st * m_context
Definition: pssl.h:663
PSSLChannelDTLS::ExecuteHandshake
bool ExecuteHandshake()
Perform negotiation handshake.
PSSLChannel::GetContext
PSSLContext * GetContext() const
Definition: pssl.h:1021
PObject
Ultimate parent class for all objects in the class library.
Definition: object.h:2204
PSSLCipherContext::UpdateLoose
bool UpdateLoose(unsigned char *out, int *outl, const unsigned char *in, int inl)
PSSLChannelDTLS::PSSLChannelDTLS
PSSLChannelDTLS(PSSLContext *context=NULL, bool autoDeleteContext=false)
Create a new channel given the context.
PSSLChannel::VerifyInfo::VerifyInfo
VerifyInfo(bool ok, const PSSLCertificate &cert, int err)
Definition: pssl.h:973
PSSLDiffieHellman::PSSLDiffieHellman
PSSLDiffieHellman()
Create an empty set of Diffie-Hellman parameters.
PSSLContext::~PSSLContext
~PSSLContext()
Clean up the SSL context.
PSSLCertificate::Parse
bool Parse(const PString &certStr)
Set the certificate from ASN1 DER base64 encoded data.
PSSLCipherContext::PadPKCS
Definition: pssl.h:613
PSSLContext::SetCipherList
bool SetCipherList(const PString &ciphers)
Set the available ciphers to those listed.
PSSLFileTypes
PSSLFileTypes
Definition: pssl.h:50