File: dtls.h

package info (click to toggle)
rtpengine 13.5.1.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 13,676 kB
  • sloc: ansic: 86,764; perl: 59,422; python: 3,193; sh: 1,030; makefile: 693; asm: 211
file content (117 lines) | stat: -rw-r--r-- 2,510 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
#ifndef _DTLS_H_
#define _DTLS_H_

#include <time.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>

#include "compat.h"
#include "str.h"
#include "obj.h"
#include "socket.h"
#include "types.h"

#define DTLS_MAX_DIGEST_LEN 64
#define DTLS_MTU_OVERHEAD 48 // 40 bytes IPv6 + 8 bytes UDP

struct packet_stream;
struct sockaddr_in6;

struct dtls_hash_func {
	const char *name;
	unsigned int num_bytes;
	unsigned int (*__func)(unsigned char *, X509 *);
};

struct dtls_fingerprint {
	unsigned char digest[DTLS_MAX_DIGEST_LEN];
	unsigned int digest_len;
	const struct dtls_hash_func *hash_func;
};

struct dtls_cert {
	struct obj obj;
	GQueue fingerprints;
	EVP_PKEY *pkey;
	X509 *x509;
	int64_t expires_us;
};

struct dtls_connection {
	SSL_CTX *ssl_ctx;
	SSL *ssl;
	BIO *r_bio, *w_bio;
	struct packet_stream *ps;
	endpoint_t fsin;
	stream_fd *sfd;
	unsigned char tls_id[16];
	unsigned int init:1,
	             active:1,
	             connected:1;
};




int dtls_init(void);
void dtls_timer(void);

int dtls_verify_cert(struct packet_stream *ps);
const struct dtls_hash_func *dtls_find_hash_func(const str *);
struct dtls_cert *dtls_cert(void);
void dtls_cert_free(void);

int dtls_connection_init(struct dtls_connection *, struct packet_stream *, int active, struct dtls_cert *cert);
int dtls(stream_fd *, const str *s, const endpoint_t *sin);
void dtls_connection_cleanup(struct dtls_connection *);
void dtls_shutdown(struct packet_stream *ps);




INLINE void __dtls_hash(const struct dtls_hash_func *hash_func, X509 *cert, unsigned char *out,
		unsigned int bufsize)
{
	unsigned int n;

	assert(bufsize >= hash_func->num_bytes);
	memset(out, 0, bufsize);
	n = hash_func->__func(out, cert);
	assert(n == hash_func->num_bytes);
	(void) n;
}
#define dtls_hash(hash_func, cert, outbuf) __dtls_hash(hash_func, cert, outbuf, sizeof(outbuf))

INLINE void dtls_fingerprint_hash(struct dtls_fingerprint *fp, X509 *cert) {
	__dtls_hash(fp->hash_func, cert, fp->digest, sizeof(fp->digest));
	fp->digest_len = fp->hash_func->num_bytes;
}

INLINE int is_dtls(const str *s) {
	const unsigned char *b = (const void *) s->s;

	if (s->len < 1)
		return 0;
	/* RFC 5764, 5.1.2 */
	if (b[0] >= 20 && b[0] <= 63)
		return 1;

	return 0;
}

// -1: not initialized, unknown or invalid
// 0 or 1: passive or active
INLINE int dtls_is_active(const struct dtls_connection *d) {
	if (!d || !d->init)
		return -1;
	return d->active ? 1 : 0;
}


struct dtls_connection *dtls_ptr(stream_fd *sfd);




#endif