1 /*
2  * include/types/ssl_sock.h
3  * SSL settings for listeners and servers
4  *
5  * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation, version 2.1
10  * exclusively.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
20  */
21 
22 #ifndef _TYPES_SSL_SOCK_H
23 #define _TYPES_SSL_SOCK_H
24 #ifdef USE_OPENSSL
25 
26 #include <ebmbtree.h>
27 
28 #include <common/hathreads.h>
29 #include <common/openssl-compat.h>
30 
31 struct pkey_info {
32 	uint8_t sig;          /* TLSEXT_signature_[rsa,ecdsa,...] */
33 	uint16_t bits;        /* key size in bits */
34 };
35 
36 struct sni_ctx {
37 	SSL_CTX *ctx;             /* context associated to the certificate */
38 	int order;                /* load order for the certificate */
39 	uint8_t neg;              /* reject if match */
40 	struct pkey_info kinfo;   /* pkey info */
41 	struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */
42 	struct ebmb_node name;    /* node holding the servername value */
43 };
44 
45 struct tls_version_filter {
46 	uint16_t flags;     /* ssl options */
47 	uint8_t  min;      /* min TLS version */
48 	uint8_t  max;      /* max TLS version */
49 };
50 
51 extern struct list tlskeys_reference;
52 
53 struct tls_sess_key_128 {
54 	unsigned char name[16];
55 	unsigned char aes_key[16];
56 	unsigned char hmac_key[16];
57 } __attribute__((packed));
58 
59 struct tls_sess_key_256 {
60 	unsigned char name[16];
61 	unsigned char aes_key[32];
62 	unsigned char hmac_key[32];
63 } __attribute__((packed));
64 
65 union tls_sess_key{
66 	unsigned char name[16];
67 	struct tls_sess_key_128 key_128;
68 	struct tls_sess_key_256 key_256;
69 } __attribute__((packed));
70 
71 struct tls_keys_ref {
72 	struct list list; /* Used to chain refs. */
73 	char *filename;
74 	int unique_id; /* Each pattern reference have unique id. */
75 	int refcount;  /* number of users of this tls_keys_ref. */
76 	union tls_sess_key *tlskeys;
77 	int tls_ticket_enc_index;
78 	int key_size_bits;
79 	__decl_hathreads(HA_RWLOCK_T lock); /* lock used to protect the ref */
80 };
81 
82 /* shared ssl session */
83 struct sh_ssl_sess_hdr {
84 	struct ebmb_node key;
85 	unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH];
86 };
87 
88 #endif /* USE_OPENSSL */
89 #endif /* _TYPES_SSL_SOCK_H */
90