diff options
| author | Garrett D'Amore <garrett@damore.org> | 2024-07-20 16:47:25 -0700 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2024-07-21 14:23:08 -0700 |
| commit | 0aeed90d9a85eaf6f00e81c6f5f69a7ed9fec8c6 (patch) | |
| tree | 9f1acaa0bc8569a9e8e88e203fddd877f0dbab99 /include | |
| parent | c0b93b441199619d27a1caf201a8c410f4246cf4 (diff) | |
| download | nng-0aeed90d9a85eaf6f00e81c6f5f69a7ed9fec8c6.tar.gz nng-0aeed90d9a85eaf6f00e81c6f5f69a7ed9fec8c6.tar.bz2 nng-0aeed90d9a85eaf6f00e81c6f5f69a7ed9fec8c6.zip | |
fixes #1846 Add support for TLS PSK
This also adds an SP layer transport test for TLS, based on the TCP
test but with some additions; this test does not cover all the edge
cases for TLS, but it does at least show how to use it.
Diffstat (limited to 'include')
| -rw-r--r-- | include/nng/supplemental/tls/engine.h | 13 | ||||
| -rw-r--r-- | include/nng/supplemental/tls/tls.h | 12 |
2 files changed, 21 insertions, 4 deletions
diff --git a/include/nng/supplemental/tls/engine.h b/include/nng/supplemental/tls/engine.h index 309d83c5..5bfe339d 100644 --- a/include/nng/supplemental/tls/engine.h +++ b/include/nng/supplemental/tls/engine.h @@ -1,5 +1,5 @@ // -// Copyright 2020 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2024 Staysail Systems, Inc. <info@staysail.tech> // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this @@ -150,6 +150,12 @@ typedef struct nng_tls_engine_config_ops_s { int (*own_cert)( nng_tls_engine_config *, const char *, const char *, const char *); + // psk configures a PSK identity and key. This can be called + // once for clients, or multiple times for servers. However, not all + // implementations support multiple PSKs for a server. + int (*psk)( + nng_tls_engine_config *, const char *, const uint8_t *, size_t); + // version configures the minimum and maximum TLS versions. The // engine should default to supporting TLS1.0 through 1.2, and // optionally 1.3 if it can. The engine should restrict the @@ -163,8 +169,9 @@ typedef struct nng_tls_engine_config_ops_s { typedef enum nng_tls_engine_version_e { NNG_TLS_ENGINE_V0 = 0, - NNG_TLS_ENGINE_V1 = 1, - NNG_TLS_ENGINE_VERSION = NNG_TLS_ENGINE_V1, + NNG_TLS_ENGINE_V1 = 1, // adds FIPS, TLS 1.3 support + NNG_TLS_ENGINE_V2 = 2, // adds PSK support + NNG_TLS_ENGINE_VERSION = NNG_TLS_ENGINE_V2, } nng_tls_engine_version; typedef struct nng_tls_engine_s { diff --git a/include/nng/supplemental/tls/tls.h b/include/nng/supplemental/tls/tls.h index e547f8ee..e66f5a32 100644 --- a/include/nng/supplemental/tls/tls.h +++ b/include/nng/supplemental/tls/tls.h @@ -1,5 +1,5 @@ // -// Copyright 2020 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2024 Staysail Systems, Inc. <info@staysail.tech> // Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a @@ -18,6 +18,8 @@ extern "C" { #include <stddef.h> #include <stdint.h> +#include <nng/nng.h> + // Note that TLS functions may be stubbed out if TLS is not enabled in // the build. @@ -116,6 +118,14 @@ NNG_DECL int nng_tls_config_ca_file(nng_tls_config *, const char *); NNG_DECL int nng_tls_config_cert_key_file( nng_tls_config *, const char *, const char *); +// nng_tls_config_psk_identity is used to pass TLS PSK parameters. The +// identity, and an associated key. Clients can only do this once. +// Servers can do it multiple times, potentially, to provide for different +// keys for different client identities. There is no way to remove these +// from a configuration. +NNG_DECL int nng_tls_config_psk( + nng_tls_config *, const char *, const uint8_t *, size_t); + // Configure supported TLS version. By default we usually restrict // ourselves to TLS 1.2 and newer. We do not support older versions. // If the implementation cannot support any version (for example if |