common/include/ssl_stream.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

#pragma once
#include <stdlib.h>
#include <tfe_cmsg.h>
#include <uuid/uuid.h>
struct ssl_stream;

enum ssl_stream_action
{
	SSL_ACTION_PASSTHROUGH=0,
	SSL_ACTION_INTERCEPT,
	SSL_ACTION_SHUTDOWN
};
typedef enum ssl_stream_action ssl_stream_new_hook(struct ssl_stream *upstream, void* u_para);

enum SSL_STREAM_OPT
{
	SSL_STREAM_OPT_IS_EV_CERT,				//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_IS_CT_CERT,				//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_IS_MUTUAL_AUTH,			//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_PINNING_STATUS,			//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_APP_STATUS,				//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_HAS_PROTOCOL_ERRORS,		//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_NO_VERIFY_SELF_SIGNED,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:1.
	SSL_STREAM_OPT_NO_VERIFY_ISSUER,		//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SSL_STREAM_OPT_NO_VERIFY_EXPIRY_DATE,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SSL_STREAM_OPT_BLOCK_FAKE_CERT,			//VALUE is an interger, SIZE=sizeof(int). 1:PASSTHROUGH, 0:BLOCK. DEFAULT:1.
	SSL_STREAM_OPT_PROTOCOL_MIN_VERSION,
	SSL_STREAM_OPT_PROTOCOL_MAX_VERSION,
	SSL_STREAM_OPT_ENABLE_ALPN,
	SSL_STREAM_OPT_KEYRING_FOR_TRUSTED,
	SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED,
	SSL_STREAM_OPT_SNI,						//VALUE is string
	SSL_STREAM_OPT_ADDR						//VALUE is string
};
enum ssl_ja3_pinning_status
{
    JA3_PINNING_STATUS_UNKNOWN = -1,
    JA3_PINNING_STATUS_NOT_PINNING = 0,
    JA3_PINNING_STATUS_IS_PINNING = 1,
};
int sslver_str2num(const char * version_str);

//s_stream must be upstream.
int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int opt_val);
int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, int *opt_val);
int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char *in_buff, size_t sz);
int ssl_stream_set_uuid_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, uuid_t *uuid);
void ssl_stream_set_cmsg_string(struct ssl_stream *stream, enum tfe_cmsg_tlv_type type, const char *value_str);

void ssl_stream_get_policy_id(struct ssl_stream *upstream, uuid_t *policy_id);
void ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream, uuid_t *profile_id);
void ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream, uuid_t *profile_id);
void ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream, uuid_t *profile_id);

unsigned int is_ssl_debug();