xref: /netbsd-src/external/ibm-public/postfix/dist/src/tls/tls_scache.h (revision e89934bbf778a6d6d6894877c4da59d0c7835b0f) 
1 /*	$NetBSD: tls_scache.h,v 1.2 2017/02/14 01:16:48 christos Exp $	*/
2 
3 #ifndef _TLS_SCACHE_H_INCLUDED_
4 #define _TLS_SCACHE_H_INCLUDED_
5 
6 /*++
7 /* NAME
8 /*	tls_scache 3h
9 /* SUMMARY
10 /*	TLS session cache manager
11 /* SYNOPSIS
12 /*	#include <tls_scache.h>
13 /* DESCRIPTION
14 /* .nf
15 
16  /*
17   * Utility library.
18   */
19 #include <dict.h>
20 #include <vstring.h>
21 
22  /*
23   * External interface.
24   */
25 typedef struct {
26     int     flags;			/* see below */
27     DICT   *db;				/* database handle */
28     char   *cache_label;		/* "smtpd", "smtp" or "lmtp" */
29     int     verbose;			/* enable verbose logging */
30     int     timeout;			/* smtp(d)_tls_session_cache_timeout */
31     char   *saved_cursor;		/* cursor cache ID */
32 } TLS_SCACHE;
33 
34 #define TLS_TICKET_NAMELEN	16	/* RFC 5077 ticket key name length */
35 #define TLS_TICKET_IVLEN	16	/* RFC 5077 ticket IV length */
36 #define TLS_TICKET_KEYLEN	32	/* AES-256-CBC key size */
37 #define TLS_TICKET_MACLEN	32	/* RFC 5077 HMAC key size */
38 #define TLS_SESSION_LIFEMIN	120	/* May you live to 120! */
39 
40 typedef struct TLS_TICKET_KEY {
41     unsigned char name[TLS_TICKET_NAMELEN];
42     unsigned char bits[TLS_TICKET_KEYLEN];
43     unsigned char hmac[TLS_TICKET_MACLEN];
44     time_t  tout;
45 } TLS_TICKET_KEY;
46 
47 #define TLS_SCACHE_FLAG_DEL_SAVED_CURSOR	(1<<0)
48 
49 extern TLS_SCACHE *tls_scache_open(const char *, const char *, int, int);
50 extern void tls_scache_close(TLS_SCACHE *);
51 extern int tls_scache_lookup(TLS_SCACHE *, const char *, VSTRING *);
52 extern int tls_scache_update(TLS_SCACHE *, const char *, const char *, ssize_t);
53 extern int tls_scache_delete(TLS_SCACHE *, const char *);
54 extern int tls_scache_sequence(TLS_SCACHE *, int, char **, VSTRING *);
55 extern TLS_TICKET_KEY *tls_scache_key(unsigned char *, time_t, int);
56 extern TLS_TICKET_KEY *tls_scache_key_rotate(TLS_TICKET_KEY *);
57 
58 #define TLS_SCACHE_DONT_NEED_CACHE_ID		((char **) 0)
59 #define TLS_SCACHE_DONT_NEED_SESSION		((VSTRING *) 0)
60 
61 #define TLS_SCACHE_SEQUENCE_NOTHING \
62 	TLS_SCACHE_DONT_NEED_CACHE_ID, TLS_SCACHE_DONT_NEED_SESSION
63 
64 /* LICENSE
65 /* .ad
66 /* .fi
67 /*	The Secure Mailer license must be distributed with this software.
68 /* AUTHOR(S)
69 /*	Wietse Venema
70 /*	IBM T.J. Watson Research
71 /*	P.O. Box 704
72 /*	Yorktown Heights, NY 10598, USA
73 /*--*/
74 
75 #endif
76