cdk::TLS

TLS Struct Reference

#include <tls.h>

Collaboration diagram for TLS:

Collaboration graph

Detailed Description

Data type used to implement SSLv2/TLS. For details, see RFC 2246.

Sample code illustrating the use of this class appears in the Cookbook section Implementing a Simple TLS Client.


Public Member Functions

Constructor
 TLS ()
 Constructor.
Object Reuse and Initialization
void clear ()
 Reset TLS object.
int setcipher (int cipher, int minor)
 Specify cipher suite and minor TLS version number.
void setrand (const str &r1, const str &r2, const str &r3, double now)
 Seed pseudorandom number generation.
int load (const Chain &a)
 Load chain of certificates for client authentication.
Inspectors
str version () const
 Get current TLS version number.
int parse (str &rec, str &rest) const
 Extract top-level record from server buffer.
Communications Processing Functions
int dorecs ()
 Process communication records between client and server.
Encryption and Decryption
str wrap (str data)
 Encrypt data buffer (with MAC).
int unwrap (str data, str &plain)
 Dencrypt data buffer (and strip MAC).
Predicates
bool isBad () const
 Predicate to test object's error state.

Data Fields

party c
 client
party s
 server
str dn
 list of CA DNs accepted by server for client authentication
int lasterror
 explanation of last non-zero return code
TokenSignCallback sign
 callback for client authentication via token
void * tokeninfoptr
 additional data for signature callback

Member Function Documentation

int dorecs (  ) 

Process communication records between client and server.

Returns:
0 did nothing
1 success
2 error/warning
3 fatal error
Remarks:
Invokes signature callback when client authentication is required during initial handshake with server.

int load ( const Chain a  ) 

Load chain of certificates for client authentication.

Parameters:
a chain of certificates to be loaded
Returns:
0 success
Remarks:
Certificates must be supplied in the following order: end-entity, intermediate CA certificates, root certificate.

int parse ( str rec,
str rest 
) const

Extract top-level record from server buffer.

Parameters:
rec buffer in which to place the top-level record (prior to unwrapping)
rest buffer in which to place the remaining data from the server buffer
Returns:
0 success
1 incomplete input record
2 error

int setcipher ( int  cipher,
int  minor 
)

Specify cipher suite and minor TLS version number.

Parameters:
cipher ID of desired cipher suite:
  • 0x04 = RC4/MD5
  • 0x05 = RC4/SHA1
  • 0x09 = DES
  • 0x0a = TDES
  • 0x2f = AES-128
  • 0x35 = AES-256
minor TLS version number
Returns:
0 success
1 invalid cipher suite ID
Remarks:
If server supports TDES but not requested cipher suite, subsequent dorecs() calls will fall back to TDES; otherwise dorecs() calls will fail.

void setrand ( const str r1,
const str r2,
const str r3,
double  now 
) [inline]

Seed pseudorandom number generation.

Parameters:
r1 46-byte seed (for premaster secret)
r2 28-byte seed (for client portion of master secret)
r3 extra 20-byte seed (for client authentication using DSA or ECDSA)
now current time (provides additional entropy for client portion of master secret)

int unwrap ( str  data,
str plain 
)

Dencrypt data buffer (and strip MAC).

Parameters:
data buffer to be decrypted
plain output buffer for plaintext
Returns:
0 success

str version (  )  const [inline]

Get current TLS version number.

Returns:
string representation of current TLS version (1 = TLS, aka SSL v3.1)

str wrap ( str  data  ) 

Encrypt data buffer (with MAC).

Parameters:
data buffer to be encrypted
Returns:
a string representation of the ciphertext.

The documentation for this struct was generated from the following file:
ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.