src/lib/tls/tortls_st.h

   1 /* Copyright (c) 2003, Roger Dingledine
   2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
   3  * Copyright (c) 2007-2021, The Tor Project, Inc. */
   4 /* See LICENSE for licensing information */
   5
   6 #ifndef TOR_TORTLS_ST_H
   7 #define TOR_TORTLS_ST_H
   8
   9 /**
  10  * @file tortls_st.h
  11  * @brief Structure declarations for internal TLS types.
  12  *
  13  * These should generally be treated as opaque outside of the
  14  * lib/tls module.
  15  **/
  16
  17 #include "lib/net/socket.h"
  18
  19 #define TOR_TLS_MAGIC 0x71571571
  20
  21 typedef enum {
  22     TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE,
  23     TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED, TOR_TLS_ST_RENEGOTIATE,
  24     TOR_TLS_ST_BUFFEREVENT
  25 } tor_tls_state_t;
  26 #define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t)
  27
  28 struct tor_tls_context_t {
  29   int refcnt;
  30   tor_tls_context_impl_t *ctx;
  31   struct tor_x509_cert_t *my_link_cert;
  32   struct tor_x509_cert_t *my_id_cert;
  33   struct tor_x509_cert_t *my_auth_cert;
  34   crypto_pk_t *link_key;
  35   crypto_pk_t *auth_key;
  36 };
  37
  38 /** Holds a SSL object and its associated data.  Members are only
  39  * accessed from within tortls.c.
  40  */
  41 struct tor_tls_t {
  42   uint32_t magic;
  43   tor_tls_context_t *context; /** A link to the context object for this tls. */
  44   tor_tls_impl_t *ssl; /**< An OpenSSL SSL object or NSS PRFileDesc. */
  45   tor_socket_t socket; /**< The underlying file descriptor for this TLS
  46                         * connection. */
  47   char *address; /**< An address to log when describing this connection. */
  48   tor_tls_state_bitfield_t state : 3; /**< The current SSL state,
  49                                        * depending on which operations
  50                                        * have completed successfully. */
  51   unsigned int isServer:1; /**< True iff this is a server-side connection */
  52   unsigned int wasV2Handshake:1; /**< True iff the original handshake for
  53                                   * this connection used the updated version
  54                                   * of the connection protocol (client sends
  55                                   * different cipher list, server sends only
  56                                   * one certificate). */
  57   /** True iff we should call negotiated_callback when we're done reading. */
  58   unsigned int got_renegotiate:1;
  59 #ifdef ENABLE_OPENSSL
  60   /** Return value from tor_tls_classify_client_ciphers, or 0 if we haven't
  61    * called that function yet. */
  62   int8_t client_cipher_list_type;
  63   size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last
  64                        * time. */
  65   /** Last values retrieved from BIO_number_read()/write(); see
  66    * tor_tls_get_n_raw_bytes() for usage.
  67    */
  68   unsigned long last_write_count;
  69   unsigned long last_read_count;
  70   /** Most recent error value from ERR_get_error(). */
  71   unsigned long last_error;
  72   /** If set, a callback to invoke whenever the client tries to renegotiate
  73    * the handshake. */
  74   void (*negotiated_callback)(tor_tls_t *tls, void *arg);
  75   /** Argument to pass to negotiated_callback. */
  76   void *callback_arg;
  77 #endif /* defined(ENABLE_OPENSSL) */
  78 #ifdef ENABLE_NSS
  79   /** Last values retried from tor_get_prfiledesc_byte_counts(). */
  80   uint64_t last_write_count;
  81   uint64_t last_read_count;
  82   long last_error;
  83 #endif /* defined(ENABLE_NSS) */
  84 };
  85
  86 #endif /* !defined(TOR_TORTLS_ST_H) */