125 lines
4.6 KiB
C
125 lines
4.6 KiB
C
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership.
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
* (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
#ifndef tls_proto_h
|
|
#define tls_proto_h
|
|
|
|
#include "tls_util.h"
|
|
|
|
|
|
#define TLS_VERSION_1_2 0x0303
|
|
#define TLS_VERSION_1_3 0x0304
|
|
|
|
/**
|
|
* Specification of a TLS cipher by name, possible alias and its 16 bit value
|
|
* as assigned by IANA.
|
|
*/
|
|
typedef struct {
|
|
apr_uint16_t id; /* IANA 16-bit assigned value as used on the wire */
|
|
const char *name; /* IANA given name of the cipher */
|
|
const char *alias; /* Optional, commonly known alternate name */
|
|
} tls_cipher_t;
|
|
|
|
/**
|
|
* TLS protocol related definitions constructed
|
|
* by querying crustls lib.
|
|
*/
|
|
typedef struct tls_proto_conf_t tls_proto_conf_t;
|
|
struct tls_proto_conf_t {
|
|
apr_array_header_t *supported_versions; /* supported protocol versions (apr_uint16_t) */
|
|
apr_hash_t *known_ciphers_by_name; /* hash by name of known tls_cipher_t* */
|
|
apr_hash_t *known_ciphers_by_id; /* hash by id of known tls_cipher_t* */
|
|
apr_hash_t *rustls_ciphers_by_id; /* hash by id of rustls rustls_supported_ciphersuite* */
|
|
apr_array_header_t *supported_cipher_ids; /* cipher ids (apr_uint16_t) supported by rustls */
|
|
const rustls_root_cert_store *native_roots;
|
|
};
|
|
|
|
/**
|
|
* Create and populate the protocol configuration.
|
|
*/
|
|
tls_proto_conf_t *tls_proto_init(apr_pool_t *p, server_rec *s);
|
|
|
|
/**
|
|
* Called during pre-config phase to start initialization
|
|
* of the tls protocol configuration.
|
|
*/
|
|
apr_status_t tls_proto_pre_config(apr_pool_t *pool, apr_pool_t *ptemp);
|
|
|
|
/**
|
|
* Called during post-config phase to conclude the initialization
|
|
* of the tls protocol configuration.
|
|
*/
|
|
apr_status_t tls_proto_post_config(apr_pool_t *p, apr_pool_t *ptemp, server_rec *s);
|
|
|
|
/**
|
|
* Get the TLS protocol identifier (as used on the wire) for the TLS
|
|
* protocol of the given name. Returns 0 if protocol is unknown.
|
|
*/
|
|
apr_uint16_t tls_proto_get_version_by_name(tls_proto_conf_t *conf, const char *name);
|
|
|
|
/**
|
|
* Get the name of the protocol version identified by its identifier. This
|
|
* will return the name from the protocol configuration or, if unknown, create
|
|
* the string `TLSv0x%04x` from the 16bit identifier.
|
|
*/
|
|
const char *tls_proto_get_version_name(
|
|
tls_proto_conf_t *conf, apr_uint16_t id, apr_pool_t *pool);
|
|
|
|
/**
|
|
* Create an array of the given TLS protocol version identifier `min_version`
|
|
* and all supported new ones. The array carries apr_uint16_t values.
|
|
*/
|
|
apr_array_header_t *tls_proto_create_versions_plus(
|
|
tls_proto_conf_t *conf, apr_uint16_t min_version, apr_pool_t *pool);
|
|
|
|
/**
|
|
* Get a TLS cipher spec by name/alias.
|
|
*/
|
|
apr_status_t tls_proto_get_cipher_by_name(
|
|
tls_proto_conf_t *conf, const char *name, apr_uint16_t *pcipher);
|
|
|
|
/**
|
|
* Return != 0 iff the cipher is supported by the rustls library.
|
|
*/
|
|
int tls_proto_is_cipher_supported(tls_proto_conf_t *conf, apr_uint16_t cipher);
|
|
|
|
/**
|
|
* Get the name of a TLS cipher for the IANA assigned 16bit value. This will
|
|
* return the name in the protocol configuration, if the cipher is known, and
|
|
* create the string `TLS_CIPHER_0x%04x` for the 16bit cipher value.
|
|
*/
|
|
const char *tls_proto_get_cipher_name(
|
|
tls_proto_conf_t *conf, apr_uint16_t cipher, apr_pool_t *pool);
|
|
|
|
/**
|
|
* Get the concatenated names with ':' as separator of all TLS cipher identifiers
|
|
* as given in `ciphers`.
|
|
* @param conf the TLS protocol configuration
|
|
* @param ciphers the 16bit values of the TLS ciphers
|
|
* @param pool to use for allocation the string.
|
|
*/
|
|
const char *tls_proto_get_cipher_names(
|
|
tls_proto_conf_t *conf, const apr_array_header_t *ciphers, apr_pool_t *pool);
|
|
|
|
/**
|
|
* Convert an array of TLS cipher 16bit identifiers into the `rustls_supported_ciphersuite`
|
|
* instances that can be passed to crustls in session configurations.
|
|
* Any cipher identifier not supported by rustls we be silently omitted.
|
|
*/
|
|
apr_array_header_t *tls_proto_get_rustls_suites(
|
|
tls_proto_conf_t *conf, const apr_array_header_t *ids, apr_pool_t *pool);
|
|
|
|
#endif /* tls_proto_h */
|