diff options
| author | Joel Klinghed <the_jk@yahoo.com> | 2017-03-28 22:36:44 +0200 |
|---|---|---|
| committer | Joel Klinghed <the_jk@yahoo.com> | 2017-03-28 22:36:44 +0200 |
| commit | d01e13c9dee53c3ab4faf70a215f4d1dcfed9e87 (patch) | |
| tree | 90975d8502a6c610a58f5d3cd8014bcf8443c0e9 /src/ssl.hh | |
| parent | 87774d8981ae7a079492d8949e205065ba72a8e4 (diff) | |
MITM SSL Interception support using mbedtls
Diffstat (limited to 'src/ssl.hh')
| -rw-r--r-- | src/ssl.hh | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/src/ssl.hh b/src/ssl.hh new file mode 100644 index 0000000..1cd6aea --- /dev/null +++ b/src/ssl.hh @@ -0,0 +1,89 @@ +// -*- mode: c++; c-basic-offset: 2; -*- + +#ifndef SSL_HH +#define SSL_HH + +#include <string> + +class Buffer; +class Logger; + +class SSLEntropy { +public: + virtual ~SSLEntropy() {} + + static SSLEntropy* create(Logger* logger); + +protected: + SSLEntropy() {} + SSLEntropy(SSLEntropy const&) = delete; +}; + +class SSLCertStore { +public: + virtual ~SSLCertStore() {} + + static SSLCertStore* create(Logger* logger, std::string const& bundle); + +protected: + SSLCertStore() {} + SSLCertStore(SSLCertStore const&) = delete; +}; + +class SSLKey { +public: + virtual ~SSLKey() {} + static bool generate(Logger* logger, SSLEntropy* entropy, std::string* key); + static SSLKey* load(Logger* logger, std::string const& data); + +protected: + SSLKey() {} + SSLKey(SSLKey const&) = delete; +}; + +class SSLCert { +public: + virtual ~SSLCert() {} + static bool generate(Logger* logger, SSLEntropy* entropy, + SSLCert* issuer_cert, SSLKey* issuer_key, + std::string const& host, SSLKey* key, + std::string* cert); + static SSLCert* load(Logger* logger, std::string const& data); + +protected: + SSLCert() {} + SSLCert(SSLCert const&) = delete; +}; + +class SSL { +public: + virtual ~SSL() {} + + // For server: allow SSLv3 and old unsecure certs like RC4 + // For client: allow self signed certs and missmatched hostname + static const uint16_t UNSECURE; + + static SSL* server(Logger* logger, SSLEntropy* entropy, + SSLCert* cert, SSLKey* key, + uint16_t flags); + static SSL* client(Logger* logger, SSLEntropy* entropy, SSLCertStore* store, + std::string const& host, uint16_t flags); + + enum TransferResult { + NO_ERR, + ERR, + CLOSED, + }; + + // reads SSL from ssl_in and writes SSL to ssl_out + // reads data from data_in and writes data to data_out + virtual TransferResult transfer(Buffer* ssl_in, Buffer* ssl_out, + Buffer* data_in, Buffer* data_out) = 0; + virtual void close() = 0; + +protected: + SSL() {} + SSL(SSL const&) = delete; +}; + +#endif // SSL_HH |