| Antonio de Angelis | 8bb9851 | 2024-01-16 14:13:36 +0000 | [diff] [blame] | 1 | /** |
| 2 | * \file ssl_cookie.h |
| 3 | * |
| 4 | * \brief DTLS cookie callbacks implementation |
| 5 | */ |
| 6 | /* |
| 7 | * Copyright The Mbed TLS Contributors |
| 8 | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| 9 | */ |
| 10 | #ifndef MBEDTLS_SSL_COOKIE_H |
| 11 | #define MBEDTLS_SSL_COOKIE_H |
| 12 | #include "mbedtls/private_access.h" |
| 13 | |
| 14 | #include "mbedtls/build_info.h" |
| 15 | |
| 16 | #include "mbedtls/ssl.h" |
| 17 | |
| 18 | #if !defined(MBEDTLS_USE_PSA_CRYPTO) |
| 19 | #if defined(MBEDTLS_THREADING_C) |
| 20 | #include "mbedtls/threading.h" |
| 21 | #endif |
| 22 | #endif /* !MBEDTLS_USE_PSA_CRYPTO */ |
| 23 | |
| 24 | /** |
| 25 | * \name SECTION: Module settings |
| 26 | * |
| 27 | * The configuration options you can set for this module are in this section. |
| 28 | * Either change them in mbedtls_config.h or define them on the compiler command line. |
| 29 | * \{ |
| 30 | */ |
| 31 | #ifndef MBEDTLS_SSL_COOKIE_TIMEOUT |
| 32 | #define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ |
| 33 | #endif |
| 34 | |
| 35 | /** \} name SECTION: Module settings */ |
| 36 | |
| 37 | #ifdef __cplusplus |
| 38 | extern "C" { |
| 39 | #endif |
| 40 | |
| 41 | /** |
| 42 | * \brief Context for the default cookie functions. |
| 43 | */ |
| 44 | typedef struct mbedtls_ssl_cookie_ctx { |
| 45 | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
| 46 | mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */ |
| 47 | psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */ |
| 48 | #else |
| 49 | mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */ |
| 50 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
| 51 | #if !defined(MBEDTLS_HAVE_TIME) |
| 52 | unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */ |
| 53 | #endif |
| 54 | unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, |
| 55 | or in number of tickets issued */ |
| 56 | |
| 57 | #if !defined(MBEDTLS_USE_PSA_CRYPTO) |
| 58 | #if defined(MBEDTLS_THREADING_C) |
| 59 | mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); |
| 60 | #endif |
| 61 | #endif /* !MBEDTLS_USE_PSA_CRYPTO */ |
| 62 | } mbedtls_ssl_cookie_ctx; |
| 63 | |
| 64 | /** |
| 65 | * \brief Initialize cookie context |
| 66 | */ |
| 67 | void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx); |
| 68 | |
| 69 | /** |
| 70 | * \brief Setup cookie context (generate keys) |
| 71 | */ |
| 72 | int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, |
| 73 | int (*f_rng)(void *, unsigned char *, size_t), |
| 74 | void *p_rng); |
| 75 | |
| 76 | /** |
| 77 | * \brief Set expiration delay for cookies |
| 78 | * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) |
| 79 | * |
| 80 | * \param ctx Cookie context |
| 81 | * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies |
| 82 | * issued in the meantime. |
| 83 | * 0 to disable expiration (NOT recommended) |
| 84 | */ |
| 85 | void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay); |
| 86 | |
| 87 | /** |
| 88 | * \brief Free cookie context |
| 89 | */ |
| 90 | void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx); |
| 91 | |
| 92 | /** |
| 93 | * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t |
| 94 | */ |
| 95 | mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write; |
| 96 | |
| 97 | /** |
| 98 | * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t |
| 99 | */ |
| 100 | mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check; |
| 101 | |
| 102 | #ifdef __cplusplus |
| 103 | } |
| 104 | #endif |
| 105 | |
| 106 | #endif /* ssl_cookie.h */ |