| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 1 | /** | 
|  | 2 | * \file ssl_ticket.h | 
|  | 3 | * | 
|  | 4 | * \brief TLS server ticket callbacks implementation | 
| Darryl Green | a40a101 | 2018-01-05 15:33:17 +0000 | [diff] [blame] | 5 | */ | 
|  | 6 | /* | 
| Bence Szépkúti | 1e14827 | 2020-08-07 13:07:28 +0200 | [diff] [blame] | 7 | *  Copyright The Mbed TLS Contributors | 
| Dave Rodgman | 7ff7965 | 2023-11-03 12:04:52 +0000 | [diff] [blame] | 8 | *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 9 | */ | 
|  | 10 | #ifndef MBEDTLS_SSL_TICKET_H | 
|  | 11 | #define MBEDTLS_SSL_TICKET_H | 
|  | 12 |  | 
| Ron Eldor | 8b0cf2e | 2018-02-14 16:02:41 +0200 | [diff] [blame] | 13 | #if !defined(MBEDTLS_CONFIG_FILE) | 
| Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 14 | #include "mbedtls/config.h" | 
| Ron Eldor | 8b0cf2e | 2018-02-14 16:02:41 +0200 | [diff] [blame] | 15 | #else | 
|  | 16 | #include MBEDTLS_CONFIG_FILE | 
|  | 17 | #endif | 
|  | 18 |  | 
| Manuel Pégourié-Gonnard | 4214e3a | 2015-05-25 19:34:49 +0200 | [diff] [blame] | 19 | /* | 
|  | 20 | * This implementation of the session ticket callbacks includes key | 
|  | 21 | * management, rotating the keys periodically in order to preserve forward | 
|  | 22 | * secrecy, when MBEDTLS_HAVE_TIME is defined. | 
|  | 23 | */ | 
|  | 24 |  | 
| Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 25 | #include "mbedtls/ssl.h" | 
|  | 26 | #include "mbedtls/cipher.h" | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 27 |  | 
| Manuel Pégourié-Gonnard | 0849a0a | 2015-05-20 11:34:54 +0200 | [diff] [blame] | 28 | #if defined(MBEDTLS_THREADING_C) | 
| Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 29 | #include "mbedtls/threading.h" | 
| Manuel Pégourié-Gonnard | 0849a0a | 2015-05-20 11:34:54 +0200 | [diff] [blame] | 30 | #endif | 
|  | 31 |  | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 32 | #ifdef __cplusplus | 
|  | 33 | extern "C" { | 
|  | 34 | #endif | 
|  | 35 |  | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 36 | /** | 
| Manuel Pégourié-Gonnard | 887674a | 2015-05-25 11:00:19 +0200 | [diff] [blame] | 37 | * \brief   Information for session ticket protection | 
|  | 38 | */ | 
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 39 | typedef struct mbedtls_ssl_ticket_key { | 
| Manuel Pégourié-Gonnard | 887674a | 2015-05-25 11:00:19 +0200 | [diff] [blame] | 40 | unsigned char name[4];          /*!< random key identifier              */ | 
|  | 41 | uint32_t generation_time;       /*!< key generation timestamp (seconds) */ | 
|  | 42 | mbedtls_cipher_context_t ctx;   /*!< context for auth enc/decryption    */ | 
|  | 43 | } | 
|  | 44 | mbedtls_ssl_ticket_key; | 
|  | 45 |  | 
|  | 46 | /** | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 47 | * \brief   Context for session ticket handling functions | 
|  | 48 | */ | 
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 49 | typedef struct mbedtls_ssl_ticket_context { | 
| Manuel Pégourié-Gonnard | 887674a | 2015-05-25 11:00:19 +0200 | [diff] [blame] | 50 | mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */ | 
| Manuel Pégourié-Gonnard | 1e9c4db | 2015-05-25 14:07:08 +0200 | [diff] [blame] | 51 | unsigned char active;           /*!< index of the currently active key  */ | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 52 |  | 
|  | 53 | uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */ | 
|  | 54 |  | 
|  | 55 | /** Callback for getting (pseudo-)random numbers                        */ | 
|  | 56 | int  (*f_rng)(void *, unsigned char *, size_t); | 
|  | 57 | void *p_rng;                    /*!< context for the RNG function       */ | 
| Manuel Pégourié-Gonnard | 0849a0a | 2015-05-20 11:34:54 +0200 | [diff] [blame] | 58 |  | 
|  | 59 | #if defined(MBEDTLS_THREADING_C) | 
|  | 60 | mbedtls_threading_mutex_t mutex; | 
|  | 61 | #endif | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 62 | } | 
|  | 63 | mbedtls_ssl_ticket_context; | 
|  | 64 |  | 
|  | 65 | /** | 
|  | 66 | * \brief           Initialize a ticket context. | 
|  | 67 | *                  (Just make it ready for mbedtls_ssl_ticket_setup() | 
|  | 68 | *                  or mbedtls_ssl_ticket_free().) | 
|  | 69 | * | 
|  | 70 | * \param ctx       Context to be initialized | 
|  | 71 | */ | 
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 72 | void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 73 |  | 
|  | 74 | /** | 
|  | 75 | * \brief           Prepare context to be actually used | 
|  | 76 | * | 
|  | 77 | * \param ctx       Context to be set up | 
|  | 78 | * \param f_rng     RNG callback function | 
|  | 79 | * \param p_rng     RNG callback context | 
| Manuel Pégourié-Gonnard | dc54ff8 | 2015-06-25 12:44:46 +0200 | [diff] [blame] | 80 | * \param cipher    AEAD cipher to use for ticket protection. | 
|  | 81 | *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM. | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 82 | * \param lifetime  Tickets lifetime in seconds | 
| Manuel Pégourié-Gonnard | dc54ff8 | 2015-06-25 12:44:46 +0200 | [diff] [blame] | 83 | *                  Recommended value: 86400 (one day). | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 84 | * | 
| Manuel Pégourié-Gonnard | a0adc1b | 2015-05-25 10:35:16 +0200 | [diff] [blame] | 85 | * \note            It is highly recommended to select a cipher that is at | 
| Tobias Nießen | 02b6fba | 2021-05-10 19:53:15 +0200 | [diff] [blame] | 86 | *                  least as strong as the strongest ciphersuite | 
| Manuel Pégourié-Gonnard | a0adc1b | 2015-05-25 10:35:16 +0200 | [diff] [blame] | 87 | *                  supported. Usually that means a 256-bit key. | 
|  | 88 | * | 
| Manuel Pégourié-Gonnard | dc54ff8 | 2015-06-25 12:44:46 +0200 | [diff] [blame] | 89 | * \note            The lifetime of the keys is twice the lifetime of tickets. | 
| Adam Wolf | ef30d90 | 2019-09-10 09:53:08 -0500 | [diff] [blame] | 90 | *                  It is recommended to pick a reasonable lifetime so as not | 
| Manuel Pégourié-Gonnard | dc54ff8 | 2015-06-25 12:44:46 +0200 | [diff] [blame] | 91 | *                  to negate the benefits of forward secrecy. | 
|  | 92 | * | 
| Manuel Pégourié-Gonnard | 81abefd | 2015-05-29 12:53:47 +0200 | [diff] [blame] | 93 | * \return          0 if successful, | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 94 | *                  or a specific MBEDTLS_ERR_XXX error code | 
|  | 95 | */ | 
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 96 | int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, | 
|  | 97 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, | 
|  | 98 | mbedtls_cipher_type_t cipher, | 
|  | 99 | uint32_t lifetime); | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 100 |  | 
|  | 101 | /** | 
|  | 102 | * \brief           Implementation of the ticket write callback | 
|  | 103 | * | 
| Antonin Décimo | 36e89b5 | 2019-01-23 15:24:37 +0100 | [diff] [blame] | 104 | * \note            See \c mbedtls_ssl_ticket_write_t for description | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 105 | */ | 
|  | 106 | mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; | 
|  | 107 |  | 
|  | 108 | /** | 
|  | 109 | * \brief           Implementation of the ticket parse callback | 
|  | 110 | * | 
| Antonin Décimo | 36e89b5 | 2019-01-23 15:24:37 +0100 | [diff] [blame] | 111 | * \note            See \c mbedtls_ssl_ticket_parse_t for description | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 112 | */ | 
|  | 113 | mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; | 
|  | 114 |  | 
|  | 115 | /** | 
|  | 116 | * \brief           Free a context's content and zeroize it. | 
|  | 117 | * | 
|  | 118 | * \param ctx       Context to be cleaned up | 
|  | 119 | */ | 
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 120 | void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx); | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 121 |  | 
|  | 122 | #ifdef __cplusplus | 
|  | 123 | } | 
|  | 124 | #endif | 
|  | 125 |  | 
|  | 126 | #endif /* ssl_ticket.h */ |