1 #ifndef _TLS_SCACHE_H_INCLUDED_
2 #define _TLS_SCACHE_H_INCLUDED_
3 
4 /*++
5 /* NAME
6 /*	tls_scache 3h
7 /* SUMMARY
8 /*	TLS session cache manager
9 /* SYNOPSIS
10 /*	#include <tls_scache.h>
11 /* DESCRIPTION
12 /* .nf
13 
14  /*
15   * Utility library.
16   */
17 #include <dict.h>
18 #include <vstring.h>
19 
20  /*
21   * External interface.
22   */
23 typedef struct {
24     int     flags;			/* see below */
25     DICT   *db;				/* database handle */
26     char   *cache_label;		/* "smtpd", "smtp" or "lmtp" */
27     int     verbose;			/* enable verbose logging */
28     int     timeout;			/* smtp(d)_tls_session_cache_timeout */
29     char   *saved_cursor;		/* cursor cache ID */
30 } TLS_SCACHE;
31 
32 #define TLS_TICKET_NAMELEN	16	/* RFC 5077 ticket key name length */
33 #define TLS_TICKET_IVLEN	16	/* RFC 5077 ticket IV length */
34 #define TLS_TICKET_KEYLEN	32	/* AES-256-CBC key size */
35 #define TLS_TICKET_MACLEN	32	/* RFC 5077 HMAC key size */
36 #define TLS_SESSION_LIFEMIN	120	/* May you live to 120! */
37 
38 typedef struct TLS_TICKET_KEY {
39     unsigned char name[TLS_TICKET_NAMELEN];
40     unsigned char bits[TLS_TICKET_KEYLEN];
41     unsigned char hmac[TLS_TICKET_MACLEN];
42     time_t  tout;
43 } TLS_TICKET_KEY;
44 
45 #define TLS_SCACHE_FLAG_DEL_SAVED_CURSOR	(1<<0)
46 
47 extern TLS_SCACHE *tls_scache_open(const char *, const char *, int, int);
48 extern void tls_scache_close(TLS_SCACHE *);
49 extern int tls_scache_lookup(TLS_SCACHE *, const char *, VSTRING *);
50 extern int tls_scache_update(TLS_SCACHE *, const char *, const char *, ssize_t);
51 extern int tls_scache_delete(TLS_SCACHE *, const char *);
52 extern int tls_scache_sequence(TLS_SCACHE *, int, char **, VSTRING *);
53 extern TLS_TICKET_KEY *tls_scache_key(unsigned char *, time_t, int);
54 extern TLS_TICKET_KEY *tls_scache_key_rotate(TLS_TICKET_KEY *);
55 
56 #define TLS_SCACHE_DONT_NEED_CACHE_ID		((char **) 0)
57 #define TLS_SCACHE_DONT_NEED_SESSION		((VSTRING *) 0)
58 
59 #define TLS_SCACHE_SEQUENCE_NOTHING \
60 	TLS_SCACHE_DONT_NEED_CACHE_ID, TLS_SCACHE_DONT_NEED_SESSION
61 
62 /* LICENSE
63 /* .ad
64 /* .fi
65 /*	The Secure Mailer license must be distributed with this software.
66 /* AUTHOR(S)
67 /*	Wietse Venema
68 /*	IBM T.J. Watson Research
69 /*	P.O. Box 704
70 /*	Yorktown Heights, NY 10598, USA
71 /*--*/
72 
73 #endif
74