summaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
Diffstat (limited to 'src/include')
-rw-r--r--src/include/s6-networking/sbearssl.h202
-rw-r--r--src/include/s6-networking/stls.h23
2 files changed, 225 insertions, 0 deletions
diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h
new file mode 100644
index 0000000..a41ebd2
--- /dev/null
+++ b/src/include/s6-networking/sbearssl.h
@@ -0,0 +1,202 @@
+/* ISC license. */
+
+#ifndef SBEARSSL_H
+#define SBEARSSL_H
+
+#include <sys/types.h>
+#include <bearssl.h>
+#include <skalibs/buffer.h>
+#include <skalibs/stralloc.h>
+#include <skalibs/genalloc.h>
+#include <skalibs/tai.h>
+
+ /*
+ * Support library for bearssl.
+ * Provides types for relocatable objects (instead of pointers,
+ * indices, with storage in a stralloc), conversion functions
+ * from/to native bearssl types, and a higher-level API to
+ * read secret keys / certificate chains / trust anchors from
+ * the filesystem.
+ */
+
+
+ /* Utility functions */
+
+extern int sbearssl_isder (unsigned char const *, size_t) ;
+
+
+ /* Private keys */
+
+typedef struct sbearssl_rsa_skey_s sbearssl_rsa_skey, *sbearssl_rsa_skey_ref ;
+struct sbearssl_rsa_skey_s
+{
+ uint32_t n_bitlen ;
+ size_t p ;
+ size_t plen ;
+ size_t q ;
+ size_t qlen ;
+ size_t dp ;
+ size_t dplen ;
+ size_t dq ;
+ size_t dqlen ;
+ size_t iq ;
+ size_t iqlen ;
+} ;
+
+extern int sbearssl_rsa_skey_from (sbearssl_rsa_skey *, br_rsa_private_key const *, stralloc *) ;
+extern void sbearssl_rsa_privkey_to (sbearssl_rsa_skey const *, br_rsa_private_key *, char const *, size_t) ;
+
+
+typedef struct sbearssl_ec_skey_s sbearssl_ec_skey, *sbearssl_ec_skey_ref ;
+struct sbearssl_ec_skey_s
+{
+ int curve ;
+ size_t x ;
+ size_t xlen ;
+} ;
+
+extern int sbearssl_ec_skey_from (sbearssl_ec_skey *, br_ec_private_key const *, stralloc *) ;
+extern void sbearssl_ec_skey_to (sbearssl_ec_skey const *, br_ec_private_key *, char const *, size_t) ;
+
+
+union sbearssl_skey_data_u
+{
+ sbearssl_rsa_skey rsa ;
+ sbearssl_ec_skey ec ;
+} ;
+
+typedef struct sbearssl_skey_s sbearssl_skey, *sbearssl_skey_ref ;
+struct sbearssl_skey_s
+{
+ unsigned int type ;
+ union sbearssl_skey_u data ;
+} ;
+
+union br_skey_u
+{
+ br_rsa_private_key rsa ;
+ br_ec_private_key ec ;
+} ;
+
+typedef struct br_skey_s br_skey, *br_skey_ref ;
+struct br_skey_s
+{
+ unsigned char type ;
+ union br_skey_u data ;
+} ;
+
+extern int sbearssl_skey_from (sbearssl_skey *, br_skey const *, stralloc *) ;
+extern int sbearssl_skey_to (sbearssl_skey const *, br_skey *, char const *) ;
+
+extern int sbearssl_skey_readfile (char const *, sbearssl_skey *, stralloc *) ;
+
+
+ /* Public keys */
+
+typedef struct sbearssl_rsa_pkey_s sbearssl_rsa_pkey, *sbearssl_rsa_pkey_ref ;
+struct sbearssl_rsa_pkey_s
+{
+ size_t n ;
+ size_t nlen ;
+ size_t e ;
+ size_t elen ;
+} ;
+
+extern int sbearssl_rsa_pkey_from (sbearssl_rsa_pkey *, br_rsa_public_key const *, stralloc *) ;
+extern void sbearssl_rsa_pkey_to (sbearssl_rsa_pkey const *, br_rsa_public_key *, char const *) ;
+
+
+typedef struct sbearssl_ec_pkey_s sbearssl_ec_pkey, *sbearssl_ec_pkey_ref ;
+struct sbearssl_ec_pkey_s
+{
+ int curve ;
+ size_t q ;
+ size_t qlen ;
+} ;
+
+extern int sbearssl_ec_pkey_from (sbearssl_ec_pkey *, br_ec_public_key const *, stralloc *) ;
+extern void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *, br_ec_public_key *, char const *) ;
+
+
+union sbearssl_pkey_data_u
+{
+' sbearssl_rsa_pkey rsa ;
+ sbearssl_ec_pkey ec ;
+} ;
+
+typedef struct sbearssl_pkey_s sbearssl_pkey, *sbearssl_pkey_ref ;
+struct sbearssl_pkey_s
+{
+ unsigned char type ;
+ union sbearssl_pkey_u data ;
+} ;
+
+extern int sbearssl_pkey_from (sbearssl_pkey *, br_x509_pkey const *, stralloc *) ;
+extern int sbearssl_pkey_to (sbearssl_pkey const *, br_x509_pkey *, char const *) ;
+
+
+ /* Certificates (x509-encoded) */
+
+typedef struct sbearssl_cert_s sbearssl_cert, *sbearssl_cert_ref ;
+struct sbearssl_cert_s
+{
+ size_t data ;
+ size_t datalen ;
+} ;
+
+extern int sbearssl_cert_from (sbearssl_cert *, br_x509_certificate const *, stralloc *) ;
+extern void sbearssl_cert_to (sbearssl_cert const *, br_x509_certificate *, char const *) ;
+
+extern int sbearssl_cert_readfile (char const *, genalloc *, stralloc *) ;
+
+
+ /* Generic PEM */
+
+typedef struct sbearssl_pemobject_s sbearssl_pemobject, *sbearssl_pemobject_ref ;
+struct sbearssl_s
+{
+ size_t name ;
+ size_t data ;
+ size_t datalen ;
+} ;
+
+extern int sbearssl_pem_decode_from_string (char const *, size_t, genalloc *, stralloc *) ;
+extern int sbearssl_pem_decode_from_buffer (buffer *, genalloc *, stralloc *) ;
+
+
+ /* Trust anchors */
+
+typedef struct sbearssl_ta_s sbearssl_ta, *sbearssl_ta_ref ;
+struct sbearssl_ta_s
+{
+ size_t dn ;
+ size_t dnlen ;
+ unsigned int flags ;
+ sbearssl_pkey pkey ;
+} ;
+
+extern int sbearssl_ta_from (sbearssl_ta *, br_x509_trust_anchor const *, stralloc *) ;
+extern void sbearssl_ta_to (sbearssl_ta const *, br_x509_trust_anchor *, char const *) ;
+
+extern int sbearssl_ta_cert (sbearssl_ta *, sbearssl_cert const *, char const *, stralloc *) ;
+
+extern int sbearssl_ta_readfile (char const *, genalloc *, stralloc *) ;
+extern int sbearssl_ta_readdir (char const *, genalloc *, stralloc *) ;
+
+
+ /* Errors */
+
+extern char const *sbearssl_error_str (int) ;
+
+
+ /* Engine */
+
+extern int sbearssl_run (br_ssl_engine_context *, int *, unsigned int, uint32, tain_t const *) ;
+
+
+ /* s6-tlsc and s6-tlsd implementations */
+
+extern int sbearssl_s6tlsc (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int, int *) ;
+extern int sbearssl_s6tlsd (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int) ;
+
+#endif
diff --git a/src/include/s6-networking/stls.h b/src/include/s6-networking/stls.h
new file mode 100644
index 0000000..80c3df2
--- /dev/null
+++ b/src/include/s6-networking/stls.h
@@ -0,0 +1,23 @@
+/* ISC license. */
+
+#ifndef STLS_INTERNAL_H
+#define STLS_INTERNAL_H
+
+#include <sys/types.h>
+#include <tls.h>
+#include <skalibs/tai.h>
+
+#define STLS_BUFSIZE (16384 + 325 + 1)
+
+
+ /* Engine */
+
+extern int stls_run (struct tls *, int *, unsigned int, uint32_t, tain_t const *) ;
+
+
+ /* s6-tlsc and s6-tlsd implementations */
+
+extern int stls_s6tlsc (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int, int *) ;
+extern int stls_s6tlsd (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int) ;
+
+#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-27 12:05:51 +0000