1/*	$NetBSD: tls_scache.h,v 1.2 2017/02/14 01:16:48 christos Exp $	*/
2
3#ifndef _TLS_SCACHE_H_INCLUDED_
4#define _TLS_SCACHE_H_INCLUDED_
5
6/*++
7/* NAME
8/*	tls_scache 3h
9/* SUMMARY
10/*	TLS session cache manager
11/* SYNOPSIS
12/*	#include <tls_scache.h>
13/* DESCRIPTION
14/* .nf
15
16 /*
17  * Utility library.
18  */
19#include <dict.h>
20#include <vstring.h>
21
22 /*
23  * External interface.
24  */
25typedef struct {
26    int     flags;			/* see below */
27    DICT   *db;				/* database handle */
28    char   *cache_label;		/* "smtpd", "smtp" or "lmtp" */
29    int     verbose;			/* enable verbose logging */
30    int     timeout;			/* smtp(d)_tls_session_cache_timeout */
31    char   *saved_cursor;		/* cursor cache ID */
32} TLS_SCACHE;
33
34#define TLS_TICKET_NAMELEN	16	/* RFC 5077 ticket key name length */
35#define TLS_TICKET_IVLEN	16	/* RFC 5077 ticket IV length */
36#define TLS_TICKET_KEYLEN	32	/* AES-256-CBC key size */
37#define TLS_TICKET_MACLEN	32	/* RFC 5077 HMAC key size */
38#define TLS_SESSION_LIFEMIN	120	/* May you live to 120! */
39
40typedef struct TLS_TICKET_KEY {
41    unsigned char name[TLS_TICKET_NAMELEN];
42    unsigned char bits[TLS_TICKET_KEYLEN];
43    unsigned char hmac[TLS_TICKET_MACLEN];
44    time_t  tout;
45} TLS_TICKET_KEY;
46
47#define TLS_SCACHE_FLAG_DEL_SAVED_CURSOR	(1<<0)
48
49extern TLS_SCACHE *tls_scache_open(const char *, const char *, int, int);
50extern void tls_scache_close(TLS_SCACHE *);
51extern int tls_scache_lookup(TLS_SCACHE *, const char *, VSTRING *);
52extern int tls_scache_update(TLS_SCACHE *, const char *, const char *, ssize_t);
53extern int tls_scache_delete(TLS_SCACHE *, const char *);
54extern int tls_scache_sequence(TLS_SCACHE *, int, char **, VSTRING *);
55extern TLS_TICKET_KEY *tls_scache_key(unsigned char *, time_t, int);
56extern TLS_TICKET_KEY *tls_scache_key_rotate(TLS_TICKET_KEY *);
57
58#define TLS_SCACHE_DONT_NEED_CACHE_ID		((char **) 0)
59#define TLS_SCACHE_DONT_NEED_SESSION		((VSTRING *) 0)
60
61#define TLS_SCACHE_SEQUENCE_NOTHING \
62	TLS_SCACHE_DONT_NEED_CACHE_ID, TLS_SCACHE_DONT_NEED_SESSION
63
64/* LICENSE
65/* .ad
66/* .fi
67/*	The Secure Mailer license must be distributed with this software.
68/* AUTHOR(S)
69/*	Wietse Venema
70/*	IBM T.J. Watson Research
71/*	P.O. Box 704
72/*	Yorktown Heights, NY 10598, USA
73/*--*/
74
75#endif
76