| /* Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| #ifndef tls_proto_h |
| #define tls_proto_h |
| |
| #include "tls_util.h" |
| |
| |
| #define TLS_VERSION_1_2 0x0303 |
| #define TLS_VERSION_1_3 0x0304 |
| |
| /** |
| * Specification of a TLS cipher by name, possible alias and its 16 bit value |
| * as assigned by IANA. |
| */ |
| typedef struct { |
| apr_uint16_t id; /* IANA 16-bit assigned value as used on the wire */ |
| const char *name; /* IANA given name of the cipher */ |
| const char *alias; /* Optional, commonly known alternate name */ |
| } tls_cipher_t; |
| |
| /** |
| * TLS protocol related definitions constructed |
| * by querying crustls lib. |
| */ |
| typedef struct tls_proto_conf_t tls_proto_conf_t; |
| struct tls_proto_conf_t { |
| apr_array_header_t *supported_versions; /* supported protocol versions (apr_uint16_t) */ |
| apr_hash_t *known_ciphers_by_name; /* hash by name of known tls_cipher_t* */ |
| apr_hash_t *known_ciphers_by_id; /* hash by id of known tls_cipher_t* */ |
| apr_hash_t *rustls_ciphers_by_id; /* hash by id of rustls rustls_supported_ciphersuite* */ |
| apr_array_header_t *supported_cipher_ids; /* cipher ids (apr_uint16_t) supported by rustls */ |
| const rustls_root_cert_store *native_roots; |
| }; |
| |
| /** |
| * Create and populate the protocol configuration. |
| */ |
| tls_proto_conf_t *tls_proto_init(apr_pool_t *p, server_rec *s); |
| |
| /** |
| * Called during pre-config phase to start initialization |
| * of the tls protocol configuration. |
| */ |
| apr_status_t tls_proto_pre_config(apr_pool_t *pool, apr_pool_t *ptemp); |
| |
| /** |
| * Called during post-config phase to conclude the initialization |
| * of the tls protocol configuration. |
| */ |
| apr_status_t tls_proto_post_config(apr_pool_t *p, apr_pool_t *ptemp, server_rec *s); |
| |
| /** |
| * Get the TLS protocol identifier (as used on the wire) for the TLS |
| * protocol of the given name. Returns 0 if protocol is unknown. |
| */ |
| apr_uint16_t tls_proto_get_version_by_name(tls_proto_conf_t *conf, const char *name); |
| |
| /** |
| * Get the name of the protocol version identified by its identifier. This |
| * will return the name from the protocol configuration or, if unknown, create |
| * the string `TLSv0x%04x` from the 16bit identifier. |
| */ |
| const char *tls_proto_get_version_name( |
| tls_proto_conf_t *conf, apr_uint16_t id, apr_pool_t *pool); |
| |
| /** |
| * Create an array of the given TLS protocol version identifier `min_version` |
| * and all supported new ones. The array carries apr_uint16_t values. |
| */ |
| apr_array_header_t *tls_proto_create_versions_plus( |
| tls_proto_conf_t *conf, apr_uint16_t min_version, apr_pool_t *pool); |
| |
| /** |
| * Get a TLS cipher spec by name/alias. |
| */ |
| apr_status_t tls_proto_get_cipher_by_name( |
| tls_proto_conf_t *conf, const char *name, apr_uint16_t *pcipher); |
| |
| /** |
| * Return != 0 iff the cipher is supported by the rustls library. |
| */ |
| int tls_proto_is_cipher_supported(tls_proto_conf_t *conf, apr_uint16_t cipher); |
| |
| /** |
| * Get the name of a TLS cipher for the IANA assigned 16bit value. This will |
| * return the name in the protocol configuration, if the cipher is known, and |
| * create the string `TLS_CIPHER_0x%04x` for the 16bit cipher value. |
| */ |
| const char *tls_proto_get_cipher_name( |
| tls_proto_conf_t *conf, apr_uint16_t cipher, apr_pool_t *pool); |
| |
| /** |
| * Get the concatenated names with ':' as separator of all TLS cipher identifiers |
| * as given in `ciphers`. |
| * @param conf the TLS protocol configuration |
| * @param ciphers the 16bit values of the TLS ciphers |
| * @param pool to use for allocation the string. |
| */ |
| const char *tls_proto_get_cipher_names( |
| tls_proto_conf_t *conf, const apr_array_header_t *ciphers, apr_pool_t *pool); |
| |
| /** |
| * Convert an array of TLS cipher 16bit identifiers into the `rustls_supported_ciphersuite` |
| * instances that can be passed to crustls in session configurations. |
| * Any cipher identifier not supported by rustls we be silently omitted. |
| */ |
| apr_array_header_t *tls_proto_get_rustls_suites( |
| tls_proto_conf_t *conf, const apr_array_header_t *ids, apr_pool_t *pool); |
| |
| #endif /* tls_proto_h */ |