Willie Solano / mbedtls-slave-prot-prod

mbed TLS Build

Dependents:   Slave-prot-prod

include/mbedtls/ssl_ticket.h@0:cdf462088d13, 2017-01-05 (annotated)

Committer:
markrad
Date:
Thu Jan 05 00:18:44 2017 +0000
Revision:
0:cdf462088d13
Initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
markrad 0:cdf462088d13 1 /**
markrad 0:cdf462088d13 2 * \file ssl_ticket.h
markrad 0:cdf462088d13 3 *
markrad 0:cdf462088d13 4 * \brief TLS server ticket callbacks implementation
markrad 0:cdf462088d13 5 *
markrad 0:cdf462088d13 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
markrad 0:cdf462088d13 7 * SPDX-License-Identifier: Apache-2.0
markrad 0:cdf462088d13 8 *
markrad 0:cdf462088d13 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
markrad 0:cdf462088d13 10 * not use this file except in compliance with the License.
markrad 0:cdf462088d13 11 * You may obtain a copy of the License at
markrad 0:cdf462088d13 12 *
markrad 0:cdf462088d13 13 * http://www.apache.org/licenses/LICENSE-2.0
markrad 0:cdf462088d13 14 *
markrad 0:cdf462088d13 15 * Unless required by applicable law or agreed to in writing, software
markrad 0:cdf462088d13 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
markrad 0:cdf462088d13 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
markrad 0:cdf462088d13 18 * See the License for the specific language governing permissions and
markrad 0:cdf462088d13 19 * limitations under the License.
markrad 0:cdf462088d13 20 *
markrad 0:cdf462088d13 21 * This file is part of mbed TLS (https://tls.mbed.org)
markrad 0:cdf462088d13 22 */
markrad 0:cdf462088d13 23 #ifndef MBEDTLS_SSL_TICKET_H
markrad 0:cdf462088d13 24 #define MBEDTLS_SSL_TICKET_H
markrad 0:cdf462088d13 25
markrad 0:cdf462088d13 26 /*
markrad 0:cdf462088d13 27 * This implementation of the session ticket callbacks includes key
markrad 0:cdf462088d13 28 * management, rotating the keys periodically in order to preserve forward
markrad 0:cdf462088d13 29 * secrecy, when MBEDTLS_HAVE_TIME is defined.
markrad 0:cdf462088d13 30 */
markrad 0:cdf462088d13 31
markrad 0:cdf462088d13 32 #include "ssl.h"
markrad 0:cdf462088d13 33 #include "cipher.h"
markrad 0:cdf462088d13 34
markrad 0:cdf462088d13 35 #if defined(MBEDTLS_THREADING_C)
markrad 0:cdf462088d13 36 #include "threading.h"
markrad 0:cdf462088d13 37 #endif
markrad 0:cdf462088d13 38
markrad 0:cdf462088d13 39 #ifdef __cplusplus
markrad 0:cdf462088d13 40 extern "C" {
markrad 0:cdf462088d13 41 #endif
markrad 0:cdf462088d13 42
markrad 0:cdf462088d13 43 /**
markrad 0:cdf462088d13 44 * \brief Information for session ticket protection
markrad 0:cdf462088d13 45 */
markrad 0:cdf462088d13 46 typedef struct
markrad 0:cdf462088d13 47 {
markrad 0:cdf462088d13 48 unsigned char name[4]; /*!< random key identifier */
markrad 0:cdf462088d13 49 uint32_t generation_time; /*!< key generation timestamp (seconds) */
markrad 0:cdf462088d13 50 mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
markrad 0:cdf462088d13 51 }
markrad 0:cdf462088d13 52 mbedtls_ssl_ticket_key;
markrad 0:cdf462088d13 53
markrad 0:cdf462088d13 54 /**
markrad 0:cdf462088d13 55 * \brief Context for session ticket handling functions
markrad 0:cdf462088d13 56 */
markrad 0:cdf462088d13 57 typedef struct
markrad 0:cdf462088d13 58 {
markrad 0:cdf462088d13 59 mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
markrad 0:cdf462088d13 60 unsigned char active; /*!< index of the currently active key */
markrad 0:cdf462088d13 61
markrad 0:cdf462088d13 62 uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
markrad 0:cdf462088d13 63
markrad 0:cdf462088d13 64 /** Callback for getting (pseudo-)random numbers */
markrad 0:cdf462088d13 65 int (*f_rng)(void *, unsigned char *, size_t);
markrad 0:cdf462088d13 66 void *p_rng; /*!< context for the RNG function */
markrad 0:cdf462088d13 67
markrad 0:cdf462088d13 68 #if defined(MBEDTLS_THREADING_C)
markrad 0:cdf462088d13 69 mbedtls_threading_mutex_t mutex;
markrad 0:cdf462088d13 70 #endif
markrad 0:cdf462088d13 71 }
markrad 0:cdf462088d13 72 mbedtls_ssl_ticket_context;
markrad 0:cdf462088d13 73
markrad 0:cdf462088d13 74 /**
markrad 0:cdf462088d13 75 * \brief Initialize a ticket context.
markrad 0:cdf462088d13 76 * (Just make it ready for mbedtls_ssl_ticket_setup()
markrad 0:cdf462088d13 77 * or mbedtls_ssl_ticket_free().)
markrad 0:cdf462088d13 78 *
markrad 0:cdf462088d13 79 * \param ctx Context to be initialized
markrad 0:cdf462088d13 80 */
markrad 0:cdf462088d13 81 void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
markrad 0:cdf462088d13 82
markrad 0:cdf462088d13 83 /**
markrad 0:cdf462088d13 84 * \brief Prepare context to be actually used
markrad 0:cdf462088d13 85 *
markrad 0:cdf462088d13 86 * \param ctx Context to be set up
markrad 0:cdf462088d13 87 * \param f_rng RNG callback function
markrad 0:cdf462088d13 88 * \param p_rng RNG callback context
markrad 0:cdf462088d13 89 * \param cipher AEAD cipher to use for ticket protection.
markrad 0:cdf462088d13 90 * Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
markrad 0:cdf462088d13 91 * \param lifetime Tickets lifetime in seconds
markrad 0:cdf462088d13 92 * Recommended value: 86400 (one day).
markrad 0:cdf462088d13 93 *
markrad 0:cdf462088d13 94 * \note It is highly recommended to select a cipher that is at
markrad 0:cdf462088d13 95 * least as strong as the the strongest ciphersuite
markrad 0:cdf462088d13 96 * supported. Usually that means a 256-bit key.
markrad 0:cdf462088d13 97 *
markrad 0:cdf462088d13 98 * \note The lifetime of the keys is twice the lifetime of tickets.
markrad 0:cdf462088d13 99 * It is recommended to pick a reasonnable lifetime so as not
markrad 0:cdf462088d13 100 * to negate the benefits of forward secrecy.
markrad 0:cdf462088d13 101 *
markrad 0:cdf462088d13 102 * \return 0 if successful,
markrad 0:cdf462088d13 103 * or a specific MBEDTLS_ERR_XXX error code
markrad 0:cdf462088d13 104 */
markrad 0:cdf462088d13 105 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
markrad 0:cdf462088d13 106 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
markrad 0:cdf462088d13 107 mbedtls_cipher_type_t cipher,
markrad 0:cdf462088d13 108 uint32_t lifetime );
markrad 0:cdf462088d13 109
markrad 0:cdf462088d13 110 /**
markrad 0:cdf462088d13 111 * \brief Implementation of the ticket write callback
markrad 0:cdf462088d13 112 *
markrad 0:cdf462088d13 113 * \note See \c mbedlts_ssl_ticket_write_t for description
markrad 0:cdf462088d13 114 */
markrad 0:cdf462088d13 115 mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
markrad 0:cdf462088d13 116
markrad 0:cdf462088d13 117 /**
markrad 0:cdf462088d13 118 * \brief Implementation of the ticket parse callback
markrad 0:cdf462088d13 119 *
markrad 0:cdf462088d13 120 * \note See \c mbedlts_ssl_ticket_parse_t for description
markrad 0:cdf462088d13 121 */
markrad 0:cdf462088d13 122 mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
markrad 0:cdf462088d13 123
markrad 0:cdf462088d13 124 /**
markrad 0:cdf462088d13 125 * \brief Free a context's content and zeroize it.
markrad 0:cdf462088d13 126 *
markrad 0:cdf462088d13 127 * \param ctx Context to be cleaned up
markrad 0:cdf462088d13 128 */
markrad 0:cdf462088d13 129 void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
markrad 0:cdf462088d13 130
markrad 0:cdf462088d13 131 #ifdef __cplusplus
markrad 0:cdf462088d13 132 }
markrad 0:cdf462088d13 133 #endif
markrad 0:cdf462088d13 134
markrad 0:cdf462088d13 135 #endif /* ssl_ticket.h */