From d01e13c9dee53c3ab4faf70a215f4d1dcfed9e87 Mon Sep 17 00:00:00 2001
From: Joel Klinghed <the_jk@yahoo.com>
Date: Tue, 28 Mar 2017 22:36:44 +0200
Subject: MITM SSL Interception support using mbedtls

---
 src/ssl.hh | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 src/ssl.hh

(limited to 'src/ssl.hh')

diff --git a/src/ssl.hh b/src/ssl.hh
new file mode 100644
index 0000000..1cd6aea
--- /dev/null
+++ b/src/ssl.hh
@@ -0,0 +1,89 @@
+// -*- mode: c++; c-basic-offset: 2; -*-
+
+#ifndef SSL_HH
+#define SSL_HH
+
+#include <string>
+
+class Buffer;
+class Logger;
+
+class SSLEntropy  {
+public:
+  virtual ~SSLEntropy() {}
+
+  static SSLEntropy* create(Logger* logger);
+
+protected:
+  SSLEntropy() {}
+  SSLEntropy(SSLEntropy const&) = delete;
+};
+
+class SSLCertStore  {
+public:
+  virtual ~SSLCertStore() {}
+
+  static SSLCertStore* create(Logger* logger, std::string const& bundle);
+
+protected:
+  SSLCertStore() {}
+  SSLCertStore(SSLCertStore const&) = delete;
+};
+
+class SSLKey {
+public:
+  virtual ~SSLKey() {}
+  static bool generate(Logger* logger, SSLEntropy* entropy, std::string* key);
+  static SSLKey* load(Logger* logger, std::string const& data);
+
+protected:
+  SSLKey() {}
+  SSLKey(SSLKey const&) = delete;
+};
+
+class SSLCert {
+public:
+  virtual ~SSLCert() {}
+  static bool generate(Logger* logger, SSLEntropy* entropy,
+                       SSLCert* issuer_cert, SSLKey* issuer_key,
+                       std::string const& host, SSLKey* key,
+                       std::string* cert);
+  static SSLCert* load(Logger* logger, std::string const& data);
+
+protected:
+  SSLCert() {}
+  SSLCert(SSLCert const&) = delete;
+};
+
+class SSL {
+public:
+  virtual ~SSL() {}
+
+  // For server: allow SSLv3 and old unsecure certs like RC4
+  // For client: allow self signed certs and missmatched hostname
+  static const uint16_t UNSECURE;
+
+  static SSL* server(Logger* logger, SSLEntropy* entropy,
+                     SSLCert* cert, SSLKey* key,
+                     uint16_t flags);
+  static SSL* client(Logger* logger, SSLEntropy* entropy, SSLCertStore* store,
+                     std::string const& host, uint16_t flags);
+
+  enum TransferResult {
+    NO_ERR,
+    ERR,
+    CLOSED,
+  };
+
+  // reads SSL from ssl_in and writes SSL to ssl_out
+  // reads data from data_in and writes data to data_out
+  virtual TransferResult transfer(Buffer* ssl_in, Buffer* ssl_out,
+                                  Buffer* data_in, Buffer* data_out) = 0;
+  virtual void close() = 0;
+
+protected:
+  SSL() {}
+  SSL(SSL const&) = delete;
+};
+
+#endif  // SSL_HH
-- 
cgit v1.2.3-70-g09d2