mbed TLS v3.4.0
ssl_ticket.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  */
22 #ifndef MBEDTLS_SSL_TICKET_H
23 #define MBEDTLS_SSL_TICKET_H
24 #include "mbedtls/private_access.h"
25 
26 #include "mbedtls/build_info.h"
27 
28 /*
29  * This implementation of the session ticket callbacks includes key
30  * management, rotating the keys periodically in order to preserve forward
31  * secrecy, when MBEDTLS_HAVE_TIME is defined.
32  */
33 
34 #include "mbedtls/ssl.h"
35 #include "mbedtls/cipher.h"
36 
37 #if defined(MBEDTLS_HAVE_TIME)
38 #include "mbedtls/platform_time.h"
39 #endif
40 
41 #if defined(MBEDTLS_USE_PSA_CRYPTO)
42 #include "psa/crypto.h"
43 #endif
44 
45 #if defined(MBEDTLS_THREADING_C)
46 #include "mbedtls/threading.h"
47 #endif
48 
49 #ifdef __cplusplus
50 extern "C" {
51 #endif
52 
53 #define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32
54 #define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4
59 typedef struct mbedtls_ssl_ticket_key {
62 #if defined(MBEDTLS_HAVE_TIME)
63  mbedtls_time_t MBEDTLS_PRIVATE(generation_time);
64 #endif
65 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
67 #else
71  size_t MBEDTLS_PRIVATE(key_bits);
72 #endif
73 }
75 
81  unsigned char MBEDTLS_PRIVATE(active);
83  uint32_t MBEDTLS_PRIVATE(ticket_lifetime);
86  int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
87  void *MBEDTLS_PRIVATE(p_rng);
89 #if defined(MBEDTLS_THREADING_C)
90  mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
91 #endif
92 }
94 
103 
127  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
128  mbedtls_cipher_type_t cipher,
129  uint32_t lifetime);
130 
164  const unsigned char *name, size_t nlength,
165  const unsigned char *k, size_t klength,
166  uint32_t lifetime);
167 
174 
181 
188 
189 #ifdef __cplusplus
190 }
191 #endif
192 
193 #endif /* ssl_ticket.h */
int mbedtls_ssl_ticket_parse_t(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
Callback type: parse and load session ticket.
Definition: ssl.h:2521
struct mbedtls_ssl_ticket_key mbedtls_ssl_ticket_key
Information for session ticket protection.
int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_cipher_type_t cipher, uint32_t lifetime)
Prepare context to be actually used.
#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES
Definition: ssl_ticket.h:54
Platform Security Architecture cryptography module.
#define MBEDTLS_PRIVATE(member)
void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx)
Initialize a ticket context. (Just make it ready for mbedtls_ssl_ticket_setup() or mbedtls_ssl_ticket...
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:96
time_t mbedtls_time_t
Definition: platform_time.h:39
int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, const unsigned char *name, size_t nlength, const unsigned char *k, size_t klength, uint32_t lifetime)
Rotate session ticket encryption key to new specified key. Provides for external control of session t...
Threading abstraction layer.
mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse
Implementation of the ticket parse callback.
Definition: ssl_ticket.h:180
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:139
Macro wrapper for struct's members.
mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write
Implementation of the ticket write callback.
Definition: ssl_ticket.h:173
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
struct mbedtls_ssl_ticket_context mbedtls_ssl_ticket_context
Context for session ticket handling functions.
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:83
Build-time configuration info.
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:297
Information for session ticket protection.
Definition: ssl_ticket.h:59
SSL/TLS functions.
int mbedtls_ssl_ticket_write_t(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
Callback type: generate and write session ticket.
Definition: ssl.h:2491
mbed TLS Platform time abstraction
void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)
Free a context's content and zeroize it.
Context for session ticket handling functions.
Definition: ssl_ticket.h:79