summaryrefslogtreecommitdiffstats
path: root/src/mbedTLS++/SslConfig.h
blob: ea0dc2f2e79a0f4a3834956255cbc7b8f7fadfa2 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

#pragma once

#include "mbedtls/ssl.h"

// fwd:
class cCryptoKey;
class cCtrDrbgContext;
class cX509Cert;

using cCryptoKeyPtr = std::shared_ptr<cCryptoKey>;
using cCtrDrbgContextPtr = std::shared_ptr<cCtrDrbgContext>;
using cX509CertPtr = std::shared_ptr<cX509Cert>;

enum class eSslAuthMode
{
	None = 0,  // MBEDTLS_SSL_VERIFY_NONE
	Optional = 1,  // MBEDTLS_SSL_VERIFY_OPTIONAL
	Required = 2,  // MBEDTLS_SSL_VERIFY_REQUIRED
	Unset = 3,  // MBEDTLS_SSL_VERIFY_UNSET
};



class cSslConfig
{
	friend class cSslContext;

  public:
	/** Type of the SSL debug callback.
	Parameters are:
		void *       Opaque context for the callback
		int          Debug level
		const char * File name
		int          Line number
		const char * Message */
	using cDebugCallback = void (*)(void *, int, const char *, int, const char *);

	/** Type of the SSL certificate verify callback.
	Parameters are:
		void *             Opaque context for the callback
		mbedtls_x509_crt * Current cert
		int                Cert chain depth
		uint32_t *         Verification flags */
	using cVerifyCallback = int (*)(void *, mbedtls_x509_crt *, int, uint32_t *);

	cSslConfig();
	~cSslConfig();

	/** Initialize with mbedTLS default settings. */
	int InitDefaults(bool a_IsClient);

	/** Set the authorization mode. */
	void SetAuthMode(eSslAuthMode a_AuthMode);

	/** Set the random number generator. */
	void SetRng(cCtrDrbgContextPtr a_CtrDrbg);

	/** Set the debug callback. */
	void SetDebugCallback(cDebugCallback a_CallbackFun, void * a_CallbackData);

	/** Set the certificate verify callback. */
	void SetVerifyCallback(cVerifyCallback a_CallbackFun, void * a_CallbackData);

	/** Set the enabled cipher suites. */
	void SetCipherSuites(std::vector<int> a_CipherSuites);

	/** Set the certificate to use for connections. */
	void SetOwnCert(cX509CertPtr a_OwnCert, cCryptoKeyPtr a_OwnCertPrivKey);

	/** Set the trusted certificate authority chain. */
	void SetCACerts(cX509CertPtr a_CACert);

	/** Creates a new config with some sensible defaults on top of mbedTLS basic settings. */
	static std::shared_ptr<cSslConfig> MakeDefaultConfig(bool a_IsClient);

	/** Returns the default config for client connections. */
	static std::shared_ptr<const cSslConfig> GetDefaultClientConfig();

	/** Returns the default config for server connections. */
	static std::shared_ptr<const cSslConfig> GetDefaultServerConfig();

  private:
	/** Returns a pointer to the wrapped mbedtls representation. */
	const mbedtls_ssl_config * GetInternal() const { return &m_Config; }

	mbedtls_ssl_config m_Config;
	cCtrDrbgContextPtr m_CtrDrbg;
	cX509CertPtr m_OwnCert;
	cCryptoKeyPtr m_OwnCertPrivKey;
	cX509CertPtr m_CACerts;
	std::vector<int> m_CipherSuites;
};