1/* $NetBSD: tls_scache.h,v 1.2 2017/02/14 01:16:48 christos Exp $ */ 2 3#ifndef _TLS_SCACHE_H_INCLUDED_ 4#define _TLS_SCACHE_H_INCLUDED_ 5 6/*++ 7/* NAME 8/* tls_scache 3h 9/* SUMMARY 10/* TLS session cache manager 11/* SYNOPSIS 12/* #include <tls_scache.h> 13/* DESCRIPTION 14/* .nf 15 16 /* 17 * Utility library. 18 */ 19#include <dict.h> 20#include <vstring.h> 21 22 /* 23 * External interface. 24 */ 25typedef struct { 26 int flags; /* see below */ 27 DICT *db; /* database handle */ 28 char *cache_label; /* "smtpd", "smtp" or "lmtp" */ 29 int verbose; /* enable verbose logging */ 30 int timeout; /* smtp(d)_tls_session_cache_timeout */ 31 char *saved_cursor; /* cursor cache ID */ 32} TLS_SCACHE; 33 34#define TLS_TICKET_NAMELEN 16 /* RFC 5077 ticket key name length */ 35#define TLS_TICKET_IVLEN 16 /* RFC 5077 ticket IV length */ 36#define TLS_TICKET_KEYLEN 32 /* AES-256-CBC key size */ 37#define TLS_TICKET_MACLEN 32 /* RFC 5077 HMAC key size */ 38#define TLS_SESSION_LIFEMIN 120 /* May you live to 120! */ 39 40typedef struct TLS_TICKET_KEY { 41 unsigned char name[TLS_TICKET_NAMELEN]; 42 unsigned char bits[TLS_TICKET_KEYLEN]; 43 unsigned char hmac[TLS_TICKET_MACLEN]; 44 time_t tout; 45} TLS_TICKET_KEY; 46 47#define TLS_SCACHE_FLAG_DEL_SAVED_CURSOR (1<<0) 48 49extern TLS_SCACHE *tls_scache_open(const char *, const char *, int, int); 50extern void tls_scache_close(TLS_SCACHE *); 51extern int tls_scache_lookup(TLS_SCACHE *, const char *, VSTRING *); 52extern int tls_scache_update(TLS_SCACHE *, const char *, const char *, ssize_t); 53extern int tls_scache_delete(TLS_SCACHE *, const char *); 54extern int tls_scache_sequence(TLS_SCACHE *, int, char **, VSTRING *); 55extern TLS_TICKET_KEY *tls_scache_key(unsigned char *, time_t, int); 56extern TLS_TICKET_KEY *tls_scache_key_rotate(TLS_TICKET_KEY *); 57 58#define TLS_SCACHE_DONT_NEED_CACHE_ID ((char **) 0) 59#define TLS_SCACHE_DONT_NEED_SESSION ((VSTRING *) 0) 60 61#define TLS_SCACHE_SEQUENCE_NOTHING \ 62 TLS_SCACHE_DONT_NEED_CACHE_ID, TLS_SCACHE_DONT_NEED_SESSION 63 64/* LICENSE 65/* .ad 66/* .fi 67/* The Secure Mailer license must be distributed with this software. 68/* AUTHOR(S) 69/* Wietse Venema 70/* IBM T.J. Watson Research 71/* P.O. Box 704 72/* Yorktown Heights, NY 10598, USA 73/*--*/ 74 75#endif 76