summaryrefslogtreecommitdiffstatsabout
path: root/include/mod_gnutls.h
blob: 743a43f56a472a354e71b6084223bddc534eaab8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
/* ====================================================================
 *  Copyright 2004 Paul Querna
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 */

#ifndef __mod_gnutls_h_inc
#define __mod_gnutls_h_inc

#include "httpd.h"
#include "http_config.h"
#include "http_protocol.h"
#include "http_connection.h"
#include "http_request.h"
#include "http_core.h"
#include "http_log.h"
#include "apr_buckets.h"
#include "apr_strings.h"
#include "apr_tables.h"

#include "apr_memcache.h"

#include <gcrypt.h>
#include <gnutls/gnutls.h>

module AP_MODULE_DECLARE_DATA gnutls_module;

#define GNUTLS_OUTPUT_FILTER_NAME "gnutls_output_filter"
#define GNUTLS_INPUT_FILTER_NAME "gnutls_input_filter"

#define GNUTLS_ENABLED_FALSE 0
#define GNUTLS_ENABLED_TRUE  1


/**
 * GnuTLS changed the names of several structures between 1.0.X and 1.1.X
 * This is just a simple hack so we can compile with both versions.
 * There is a full list in <gnutls/compat.h>, But I am just
 * doing this for a few types we use.
 */
#ifndef gnutls_certificate_credentials_t
#define gnutls_certificate_credentials_t    gnutls_certificate_credentials
#define gnutls_anon_server_credentials_t    gnutls_anon_server_credentials
#define gnutls_session_t                    gnutls_session
#define gnutls_transport_ptr_t              gnutls_transport_ptr
#define gnutls_dh_params_t                  gnutls_dh_params
#define gnutls_rsa_params_t                 gnutls_rsa_params
#endif

typedef struct
{
    gnutls_certificate_credentials_t certs;
    gnutls_anon_server_credentials_t anoncred;
    char *key_file;
    char *cert_file;
    int enabled;
    int ciphers[16];
    int key_exchange[16];
    int macs[16];
    int protocol[16];
    int compression[16];
    const char* cache_config;
} mod_gnutls_srvconf_rec;

typedef struct {
    int length;
    char *value;
} mod_gnutls_char_buffer_t;

typedef struct
{
    mod_gnutls_srvconf_rec *sc;
    conn_rec* c;
    gnutls_session_t session;

    apr_status_t input_rc;
    ap_filter_t *input_filter;
    apr_bucket_brigade *input_bb;
    apr_read_type_e input_block;
    ap_input_mode_t input_mode;
    mod_gnutls_char_buffer_t input_cbuf;
    char input_buffer[AP_IOBUFSIZE];

    apr_status_t output_rc;
    ap_filter_t *output_filter;
    apr_bucket_brigade *output_bb;
    char output_buffer[AP_IOBUFSIZE];
    apr_size_t output_blen;
    apr_size_t output_length;

    int status;
    int non_https;
} mod_gnutls_handle_t;

/** Functions in gnutls_io.c **/

/**
 * mod_gnutls_filter_input will filter the input data
 * by decrypting it using GnuTLS and passes it cleartext.
 *
 * @param f     the filter info record
 * @param bb    the bucket brigade, where to store the result to
 * @param mode  what shall we read?
 * @param block a block index we shall read from?
 * @return result status
 */
apr_status_t mod_gnutls_filter_input(ap_filter_t * f,
                                     apr_bucket_brigade * bb,
                                     ap_input_mode_t mode,
                                     apr_read_type_e block,
                                     apr_off_t readbytes);

/**
 * mod_gnutls_filter_output will filter the encrypt
 * the incoming bucket using GnuTLS and passes it onto the next filter.
 *
 * @param f     the filter info record
 * @param bb    the bucket brigade, where to store the result to
 * @return result status
 */
apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
                                      apr_bucket_brigade * bb);


/**
 * mod_gnutls_transport_read is called from GnuTLS to provide encrypted
 * data from the client.
 *
 * @param ptr     pointer to the filter context
 * @param buffer  place to put data
 * @param len     maximum size
 * @return size   length of the data stored in buffer
 */
ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
                                  void *buffer, size_t len);

/**
 * mod_gnutls_transport_write is called from GnuTLS to
 * write data to the client.
 *
 * @param ptr     pointer to the filter context
 * @param buffer  buffer to write to the client
 * @param len     size of the buffer
 * @return size   length of the data written
 */
ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
                                   const void *buffer, size_t len);


/**
 * Init the Cache inside each Process
 */
int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,
                                mod_gnutls_srvconf_rec *sc);
/**
 * Setup the Session Caching
 */
int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt);
#endif /*  __mod_gnutls_h_inc */