| /* |
| chronyd/chronyc - Programs for keeping computer clocks accurate. |
| |
| ********************************************************************** |
| * Copyright (C) Miroslav Lichvar 2020 |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of version 2 of the GNU General Public License as |
| * published by the Free Software Foundation. |
| * |
| * This program is distributed in the hope that it will be useful, but |
| * WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License along |
| * with this program; if not, write to the Free Software Foundation, Inc., |
| * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| * |
| ********************************************************************** |
| |
| ======================================================================= |
| |
| Header file for the NTS-KE session |
| */ |
| |
| #ifndef GOT_NTS_KE_SESSION_H |
| #define GOT_NTS_KE_SESSION_H |
| |
| #include "nts_ke.h" |
| #include "siv.h" |
| |
| typedef struct NKSN_Credentials_Record *NKSN_Credentials; |
| |
| typedef struct NKSN_Instance_Record *NKSN_Instance; |
| |
| /* Handler for received NTS-KE messages. A zero return code stops |
| the session. */ |
| typedef int (*NKSN_MessageHandler)(void *arg); |
| |
| /* Get server or client credentials using a server certificate and key, |
| or certificates of trusted CAs. The credentials may be shared between |
| different clients or servers. */ |
| extern NKSN_Credentials NKSN_CreateServerCertCredentials(const char **certs, const char **keys, |
| int n_certs_keys); |
| extern NKSN_Credentials NKSN_CreateClientCertCredentials(const char **certs, uint32_t *ids, |
| int n_certs_ids, |
| uint32_t trusted_cert_set); |
| |
| /* Destroy the credentials */ |
| extern void NKSN_DestroyCertCredentials(NKSN_Credentials credentials); |
| |
| /* Create an instance */ |
| extern NKSN_Instance NKSN_CreateInstance(int server_mode, const char *server_name, |
| NKSN_MessageHandler handler, void *handler_arg); |
| |
| /* Destroy an instance */ |
| extern void NKSN_DestroyInstance(NKSN_Instance inst); |
| |
| /* Start a new NTS-KE session */ |
| extern int NKSN_StartSession(NKSN_Instance inst, int sock_fd, const char *label, |
| NKSN_Credentials credentials, double timeout); |
| |
| /* Begin an NTS-KE message. A request should be made right after starting |
| the session and response should be made in the message handler. */ |
| extern void NKSN_BeginMessage(NKSN_Instance inst); |
| |
| /* Add a record to the message */ |
| extern int NKSN_AddRecord(NKSN_Instance inst, int critical, int type, |
| const void *body, int body_length); |
| |
| /* Terminate the message */ |
| extern int NKSN_EndMessage(NKSN_Instance inst); |
| |
| /* Get the next record from the received message. This function should be |
| called from the message handler. */ |
| extern int NKSN_GetRecord(NKSN_Instance inst, int *critical, int *type, int *body_length, |
| void *body, int buffer_length); |
| |
| /* Export NTS keys for a specified algorithm */ |
| extern int NKSN_GetKeys(NKSN_Instance inst, SIV_Algorithm siv, NKE_Key *c2s, NKE_Key *s2c); |
| |
| /* Check if the session has stopped */ |
| extern int NKSN_IsStopped(NKSN_Instance inst); |
| |
| /* Stop the session */ |
| extern void NKSN_StopSession(NKSN_Instance inst); |
| |
| /* Get a factor to calculate retry interval (in log2 seconds) |
| based on the session state or how it was terminated */ |
| extern int NKSN_GetRetryFactor(NKSN_Instance inst); |
| |
| #endif |