1 /*        $NetBSD: tls_scache.h,v 1.2 2017/02/14 01:16:48 christos Exp $        */
2 
3 #ifndef _TLS_SCACHE_H_INCLUDED_
4 #define _TLS_SCACHE_H_INCLUDED_
5 
6 /*++
7 /* NAME
8 /*        tls_scache 3h
9 /* SUMMARY
10 /*        TLS session cache manager
11 /* SYNOPSIS
12 /*        #include <tls_scache.h>
13 /* DESCRIPTION
14 /* .nf
15 
16  /*
17   * Utility library.
18   */
19 #include <dict.h>
20 #include <vstring.h>
21 
22  /*
23   * External interface.
24   */
25 typedef struct {
26     int     flags;                      /* see below */
27     DICT   *db;                                   /* database handle */
28     char   *cache_label;                /* "smtpd", "smtp" or "lmtp" */
29     int     verbose;                              /* enable verbose logging */
30     int     timeout;                              /* smtp(d)_tls_session_cache_timeout */
31     char   *saved_cursor;               /* cursor cache ID */
32 } TLS_SCACHE;
33 
34 #define TLS_TICKET_NAMELEN    16        /* RFC 5077 ticket key name length */
35 #define TLS_TICKET_IVLEN      16        /* RFC 5077 ticket IV length */
36 #define TLS_TICKET_KEYLEN     32        /* AES-256-CBC key size */
37 #define TLS_TICKET_MACLEN     32        /* RFC 5077 HMAC key size */
38 #define TLS_SESSION_LIFEMIN   120       /* May you live to 120! */
39 
40 typedef struct TLS_TICKET_KEY {
41     unsigned char name[TLS_TICKET_NAMELEN];
42     unsigned char bits[TLS_TICKET_KEYLEN];
43     unsigned char hmac[TLS_TICKET_MACLEN];
44     time_t  tout;
45 } TLS_TICKET_KEY;
46 
47 #define TLS_SCACHE_FLAG_DEL_SAVED_CURSOR          (1<<0)
48 
49 extern TLS_SCACHE *tls_scache_open(const char *, const char *, int, int);
50 extern void tls_scache_close(TLS_SCACHE *);
51 extern int tls_scache_lookup(TLS_SCACHE *, const char *, VSTRING *);
52 extern int tls_scache_update(TLS_SCACHE *, const char *, const char *, ssize_t);
53 extern int tls_scache_delete(TLS_SCACHE *, const char *);
54 extern int tls_scache_sequence(TLS_SCACHE *, int, char **, VSTRING *);
55 extern TLS_TICKET_KEY *tls_scache_key(unsigned char *, time_t, int);
56 extern TLS_TICKET_KEY *tls_scache_key_rotate(TLS_TICKET_KEY *);
57 
58 #define TLS_SCACHE_DONT_NEED_CACHE_ID             ((char **) 0)
59 #define TLS_SCACHE_DONT_NEED_SESSION              ((VSTRING *) 0)
60 
61 #define TLS_SCACHE_SEQUENCE_NOTHING \
62           TLS_SCACHE_DONT_NEED_CACHE_ID, TLS_SCACHE_DONT_NEED_SESSION
63 
64 /* LICENSE
65 /* .ad
66 /* .fi
67 /*        The Secure Mailer license must be distributed with this software.
68 /* AUTHOR(S)
69 /*        Wietse Venema
70 /*        IBM T.J. Watson Research
71 /*        P.O. Box 704
72 /*        Yorktown Heights, NY 10598, USA
73 /*--*/
74 
75 #endif
76