1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef tls_proto_h
#define tls_proto_h
#include "tls_util.h"
#define TLS_VERSION_1_2 0x0303
#define TLS_VERSION_1_3 0x0304
/**
* Specification of a TLS cipher by name, possible alias and its 16 bit value
* as assigned by IANA.
*/
typedef struct {
apr_uint16_t id; /* IANA 16-bit assigned value as used on the wire */
const char *name; /* IANA given name of the cipher */
const char *alias; /* Optional, commonly known alternate name */
} tls_cipher_t;
/**
* TLS protocol related definitions constructed
* by querying crustls lib.
*/
typedef struct tls_proto_conf_t tls_proto_conf_t;
struct tls_proto_conf_t {
apr_array_header_t *supported_versions; /* supported protocol versions (apr_uint16_t) */
apr_hash_t *known_ciphers_by_name; /* hash by name of known tls_cipher_t* */
apr_hash_t *known_ciphers_by_id; /* hash by id of known tls_cipher_t* */
apr_hash_t *rustls_ciphers_by_id; /* hash by id of rustls rustls_supported_ciphersuite* */
apr_array_header_t *supported_cipher_ids; /* cipher ids (apr_uint16_t) supported by rustls */
const rustls_root_cert_store *native_roots;
};
/**
* Create and populate the protocol configuration.
*/
tls_proto_conf_t *tls_proto_init(apr_pool_t *p, server_rec *s);
/**
* Called during pre-config phase to start initialization
* of the tls protocol configuration.
*/
apr_status_t tls_proto_pre_config(apr_pool_t *pool, apr_pool_t *ptemp);
/**
* Called during post-config phase to conclude the initialization
* of the tls protocol configuration.
*/
apr_status_t tls_proto_post_config(apr_pool_t *p, apr_pool_t *ptemp, server_rec *s);
/**
* Get the TLS protocol identifier (as used on the wire) for the TLS
* protocol of the given name. Returns 0 if protocol is unknown.
*/
apr_uint16_t tls_proto_get_version_by_name(tls_proto_conf_t *conf, const char *name);
/**
* Get the name of the protocol version identified by its identifier. This
* will return the name from the protocol configuration or, if unknown, create
* the string `TLSv0x%04x` from the 16bit identifier.
*/
const char *tls_proto_get_version_name(
tls_proto_conf_t *conf, apr_uint16_t id, apr_pool_t *pool);
/**
* Create an array of the given TLS protocol version identifier `min_version`
* and all supported new ones. The array carries apr_uint16_t values.
*/
apr_array_header_t *tls_proto_create_versions_plus(
tls_proto_conf_t *conf, apr_uint16_t min_version, apr_pool_t *pool);
/**
* Get a TLS cipher spec by name/alias.
*/
apr_status_t tls_proto_get_cipher_by_name(
tls_proto_conf_t *conf, const char *name, apr_uint16_t *pcipher);
/**
* Return != 0 iff the cipher is supported by the rustls library.
*/
int tls_proto_is_cipher_supported(tls_proto_conf_t *conf, apr_uint16_t cipher);
/**
* Get the name of a TLS cipher for the IANA assigned 16bit value. This will
* return the name in the protocol configuration, if the cipher is known, and
* create the string `TLS_CIPHER_0x%04x` for the 16bit cipher value.
*/
const char *tls_proto_get_cipher_name(
tls_proto_conf_t *conf, apr_uint16_t cipher, apr_pool_t *pool);
/**
* Get the concatenated names with ':' as separator of all TLS cipher identifiers
* as given in `ciphers`.
* @param conf the TLS protocol configuration
* @param ciphers the 16bit values of the TLS ciphers
* @param pool to use for allocation the string.
*/
const char *tls_proto_get_cipher_names(
tls_proto_conf_t *conf, const apr_array_header_t *ciphers, apr_pool_t *pool);
/**
* Convert an array of TLS cipher 16bit identifiers into the `rustls_supported_ciphersuite`
* instances that can be passed to crustls in session configurations.
* Any cipher identifier not supported by rustls we be silently omitted.
*/
apr_array_header_t *tls_proto_get_rustls_suites(
tls_proto_conf_t *conf, const apr_array_header_t *ids, apr_pool_t *pool);
#endif /* tls_proto_h */
|