summaryrefslogtreecommitdiffstats
path: root/modules/tls/tls_proto.h
blob: a3fe881dbafe4372f346a10ed637b5ecd94b9bb8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#ifndef tls_proto_h
#define tls_proto_h

#include "tls_util.h"


#define TLS_VERSION_1_2   0x0303
#define TLS_VERSION_1_3   0x0304

/**
 * Specification of a TLS cipher by name, possible alias and its 16 bit value
 * as assigned by IANA.
 */
typedef struct {
    apr_uint16_t id;      /* IANA 16-bit assigned value as used on the wire */
    const char *name;     /* IANA given name of the cipher */
    const char *alias;    /* Optional, commonly known alternate name */
} tls_cipher_t;

/**
 * TLS protocol related definitions constructed
 * by querying crustls lib.
 */
typedef struct tls_proto_conf_t tls_proto_conf_t;
struct tls_proto_conf_t {
    apr_array_header_t *supported_versions; /* supported protocol versions (apr_uint16_t) */
    apr_hash_t *known_ciphers_by_name; /* hash by name of known tls_cipher_t* */
    apr_hash_t *known_ciphers_by_id; /* hash by id of known tls_cipher_t* */
    apr_hash_t *rustls_ciphers_by_id; /* hash by id of rustls rustls_supported_ciphersuite* */
    apr_array_header_t *supported_cipher_ids; /* cipher ids (apr_uint16_t) supported by rustls */
    const rustls_root_cert_store *native_roots;
};

/**
 * Create and populate the protocol configuration.
 */
tls_proto_conf_t *tls_proto_init(apr_pool_t *p, server_rec *s);

/**
 * Called during pre-config phase to start initialization
 * of the tls protocol configuration.
 */
apr_status_t tls_proto_pre_config(apr_pool_t *pool, apr_pool_t *ptemp);

/**
 * Called during post-config phase to conclude the initialization
 * of the tls protocol configuration.
 */
apr_status_t tls_proto_post_config(apr_pool_t *p, apr_pool_t *ptemp, server_rec *s);

/**
 * Get the TLS protocol identifier (as used on the wire) for the TLS
 * protocol of the given name. Returns 0 if protocol is unknown.
 */
apr_uint16_t tls_proto_get_version_by_name(tls_proto_conf_t *conf, const char *name);

/**
 * Get the name of the protocol version identified by its identifier. This
 * will return the name from the protocol configuration or, if unknown, create
 * the string `TLSv0x%04x` from the 16bit identifier.
 */
const char *tls_proto_get_version_name(
    tls_proto_conf_t *conf, apr_uint16_t id, apr_pool_t *pool);

/**
 * Create an array of the given TLS protocol version identifier `min_version`
 * and all supported new ones. The array carries apr_uint16_t values.
 */
apr_array_header_t *tls_proto_create_versions_plus(
    tls_proto_conf_t *conf, apr_uint16_t min_version, apr_pool_t *pool);

/**
 * Get a TLS cipher spec by name/alias.
 */
apr_status_t tls_proto_get_cipher_by_name(
    tls_proto_conf_t *conf, const char *name, apr_uint16_t *pcipher);

/**
 * Return != 0 iff the cipher is supported by the rustls library.
 */
int tls_proto_is_cipher_supported(tls_proto_conf_t *conf, apr_uint16_t cipher);

/**
 * Get the name of a TLS cipher for the IANA assigned 16bit value. This will
 * return the name in the protocol configuration, if the cipher is known, and
 * create the string `TLS_CIPHER_0x%04x` for the 16bit cipher value.
 */
const char *tls_proto_get_cipher_name(
    tls_proto_conf_t *conf, apr_uint16_t cipher, apr_pool_t *pool);

/**
 * Get the concatenated names with ':' as separator of all TLS cipher identifiers
 * as given in `ciphers`.
 * @param conf the TLS protocol configuration
 * @param ciphers the 16bit values of the TLS ciphers
 * @param pool to use for allocation the string.
 */
const char *tls_proto_get_cipher_names(
    tls_proto_conf_t *conf, const apr_array_header_t *ciphers, apr_pool_t *pool);

/**
 * Convert an array of TLS cipher 16bit identifiers into the `rustls_supported_ciphersuite`
 * instances that can be passed to crustls in session configurations.
 * Any cipher identifier not supported by rustls we be silently omitted.
 */
apr_array_header_t *tls_proto_get_rustls_suites(
    tls_proto_conf_t *conf, const apr_array_header_t *ids, apr_pool_t *pool);

#endif /* tls_proto_h */