diff options
Diffstat (limited to 'nts_ke_session.h')
-rw-r--r-- | nts_ke_session.h | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/nts_ke_session.h b/nts_ke_session.h new file mode 100644 index 0000000..2735e04 --- /dev/null +++ b/nts_ke_session.h @@ -0,0 +1,93 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2020 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header file for the NTS-KE session + */ + +#ifndef GOT_NTS_KE_SESSION_H +#define GOT_NTS_KE_SESSION_H + +#include "nts_ke.h" +#include "siv.h" + +typedef struct NKSN_Credentials_Record *NKSN_Credentials; + +typedef struct NKSN_Instance_Record *NKSN_Instance; + +/* Handler for received NTS-KE messages. A zero return code stops + the session. */ +typedef int (*NKSN_MessageHandler)(void *arg); + +/* Get server or client credentials using a server certificate and key, + or certificates of trusted CAs. The credentials may be shared between + different clients or servers. */ +extern NKSN_Credentials NKSN_CreateServerCertCredentials(const char **certs, const char **keys, + int n_certs_keys); +extern NKSN_Credentials NKSN_CreateClientCertCredentials(const char **certs, uint32_t *ids, + int n_certs_ids, + uint32_t trusted_cert_set); + +/* Destroy the credentials */ +extern void NKSN_DestroyCertCredentials(NKSN_Credentials credentials); + +/* Create an instance */ +extern NKSN_Instance NKSN_CreateInstance(int server_mode, const char *server_name, + NKSN_MessageHandler handler, void *handler_arg); + +/* Destroy an instance */ +extern void NKSN_DestroyInstance(NKSN_Instance inst); + +/* Start a new NTS-KE session */ +extern int NKSN_StartSession(NKSN_Instance inst, int sock_fd, const char *label, + NKSN_Credentials credentials, double timeout); + +/* Begin an NTS-KE message. A request should be made right after starting + the session and response should be made in the message handler. */ +extern void NKSN_BeginMessage(NKSN_Instance inst); + +/* Add a record to the message */ +extern int NKSN_AddRecord(NKSN_Instance inst, int critical, int type, + const void *body, int body_length); + +/* Terminate the message */ +extern int NKSN_EndMessage(NKSN_Instance inst); + +/* Get the next record from the received message. This function should be + called from the message handler. */ +extern int NKSN_GetRecord(NKSN_Instance inst, int *critical, int *type, int *body_length, + void *body, int buffer_length); + +/* Export NTS keys for a specified algorithm */ +extern int NKSN_GetKeys(NKSN_Instance inst, SIV_Algorithm siv, NKE_Key *c2s, NKE_Key *s2c); + +/* Check if the session has stopped */ +extern int NKSN_IsStopped(NKSN_Instance inst); + +/* Stop the session */ +extern void NKSN_StopSession(NKSN_Instance inst); + +/* Get a factor to calculate retry interval (in log2 seconds) + based on the session state or how it was terminated */ +extern int NKSN_GetRetryFactor(NKSN_Instance inst); + +#endif |