1 /*
2    BAREOS® - Backup Archiving REcovery Open Sourced
3 
4    Copyright (C) 2005-2010 Free Software Foundation Europe e.V.
5    Copyright (C) 2018-2020 Bareos GmbH & Co. KG
6 
7    This program is Free Software; you can redistribute it and/or
8    modify it under the terms of version three of the GNU Affero General Public
9    License as published by the Free Software Foundation and included
10    in the file LICENSE.
11 
12    This program is distributed in the hope that it will be useful, but
13    WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15    Affero General Public License for more details.
16 
17    You should have received a copy of the GNU Affero General Public License
18    along with this program; if not, write to the Free Software
19    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20    02110-1301, USA.
21 */
22 
23 #ifndef BAREOS_LIB_TLS_OPENSSL_PRIVATE_H_
24 #define BAREOS_LIB_TLS_OPENSSL_PRIVATE_H_
25 
26 #include "include/bareos.h"
27 #include <string>
28 
29 #include <openssl/ssl.h>
30 #include <openssl/x509v3.h>
31 
32 class TlsOpenSslPrivate {
33  public:
34   TlsOpenSslPrivate();
35   ~TlsOpenSslPrivate();
36 
37   bool init();
38 
39   enum SslCtxExDataIndex : int
40   {
41     kConfigurationParserPtr = 0
42   };
43 
44   int OpensslBsockReadwrite(BareosSocket* bsock,
45                             char* ptr,
46                             int nbytes,
47                             bool write);
48   bool OpensslBsockSessionStart(BareosSocket* bsock, bool server);
49 
50   void ClientContextInsertCredentials(const PskCredentials& cred);
51   void ServerContextInsertCredentials(const PskCredentials& cred);
52 
53   /* callbacks */
54   static int tls_pem_callback_dispatch(char* buf,
55                                        int size,
56                                        int rwflag,
57                                        void* userdata);
58   static int OpensslVerifyPeer(int ok, X509_STORE_CTX* store);
59   static unsigned int psk_server_cb(SSL* ssl,
60                                     const char* identity,
61                                     unsigned char* psk,
62                                     unsigned int max_psk_len);
63   static unsigned int psk_client_cb(SSL* ssl,
64                                     const char* /*hint*/,
65                                     char* identity,
66                                     unsigned int max_identity_len,
67                                     unsigned char* psk,
68                                     unsigned int max_psk_len);
69 
70   /* each TCP connection has its own SSL_CTX object and SSL object */
71   SSL* openssl_;
72   SSL_CTX* openssl_ctx_;
73   SSL_CONF_CTX* openssl_conf_ctx_;
74 
75   /* PskCredentials lookup map for all connections */
76   static std::map<const SSL_CTX*, PskCredentials> psk_client_credentials_;
77   static std::mutex psk_client_credentials_mutex_;
78   static std::mutex file_access_mutex_;
79 
80   /* tls_default_ciphers_ if no user ciphers given  */
81   static const std::string tls_default_ciphers_;
82 
83   /* openssl protocol command */
84   std::string protocol_;
85 
86   /* cert attributes */
87   int tcp_file_descriptor_;
88   std::string ca_certfile_;
89   std::string ca_certdir_;
90   std::string crlfile_;
91   std::string certfile_;
92   std::string keyfile_;
93   CRYPTO_PEM_PASSWD_CB* pem_callback_;
94   void* pem_userdata_;
95   std::string dhfile_;
96   std::string cipherlist_;
97   bool verify_peer_;
98   /* *************** */
99 };
100 
101 #endif /* BAREOS_LIB_TLS_OPENSSL_PRIVATE_H_ */
102