From e763c3ef1485404585b923365f93314aab4e8dd6 Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Sun, 30 May 2021 09:19:26 +0000
Subject:  Start work on bearssl server-side sni

---
 src/include/s6-networking/sbearssl.h | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'src/include')

diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h
index 8de12ab..83bc376 100644
--- a/src/include/s6-networking/sbearssl.h
+++ b/src/include/s6-networking/sbearssl.h
@@ -13,6 +13,7 @@
 #include <skalibs/stralloc.h>
 #include <skalibs/genalloc.h>
 #include <skalibs/tai.h>
+#include <skalibs/avltree.h>
 
  /*
   * Support library for bearssl.
@@ -153,6 +154,7 @@ extern int sbearssl_skey_from (sbearssl_skey *, br_skey const *, stralloc *) ;
 extern int sbearssl_skey_to (sbearssl_skey const *, br_skey *, char *) ;
 
 extern int sbearssl_skey_readfile (char const *, sbearssl_skey *, stralloc *) ;
+extern void sbearssl_skey_wipe (sbearssl_skey, char *) ;
 
 
  /* Public keys */
@@ -262,6 +264,36 @@ extern int sbearssl_send_environment (br_ssl_engine_context *, sbearssl_handshak
 extern void sbearssl_run (br_ssl_engine_context *, int *, tain_t const *, uint32_t, unsigned int, sbearssl_handshake_cbfunc_ref, sbearssl_handshake_cbarg *) gccattr_noreturn ;
 
 
+ /* Generic server policy class and server-side SNI implementation */
+
+typedef struct sbearssl_sni_map_s sbearssl_sni_map, *sbearssl_sni_map_ref ;
+struct sbearssl_sni_map_s
+{
+  char const *servername ;
+  sbearssl_skey skey ;
+  size_t chainindex ;
+  size_t chainlen ;
+} ;
+
+typedef struct sbearssl_sni_policy_context_s sbearssl_sni_policy_context, *sbearssl_sni_policy_context_ref ;
+struct sbearssl_sni_policy_context_s
+{
+  br_ssl_server_policy_class const *vtable ;
+  br_skey skey ;
+  avltree map ;
+  genalloc mapga ;
+  genalloc certga ;
+  stralloc storage ;
+}
+
+extern br_ssl_server_policy_class const sbearssl_sni_policy_vtable ;
+extern int sbearssl_sni_policy_init (sbearssl_sni_policy_context *) ;
+extern int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *, char const *, char const *, char const *) ;
+
+extern void sbearssl_sctx_init_full_generic (br_ssl_server_context *) ;
+extern void sbearssl_sctx_set_policy_sni (br_ssl_server_context *, sbearssl_sni_policy_context *) ;
+
+
  /* s6-tlsc-io and s6-tlsd-io implementations */
 
 extern void sbearssl_client_init_and_run (int *, tain_t const *, uint32_t, uint32_t, unsigned int, char const *, sbearssl_handshake_cbfunc_ref, sbearssl_handshake_cbarg *) gccattr_noreturn ;
-- 
cgit v1.2.3