| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 1 | /** | 
|  | 2 | * \file ssl_ticket.h | 
|  | 3 | * | 
|  | 4 | * \brief TLS server ticket callbacks implementation | 
| Darryl Green | a40a101 | 2018-01-05 15:33:17 +0000 | [diff] [blame] | 5 | */ | 
|  | 6 | /* | 
| Bence Szépkúti | 1e14827 | 2020-08-07 13:07:28 +0200 | [diff] [blame] | 7 | *  Copyright The Mbed TLS Contributors | 
| Dave Rodgman | 16799db | 2023-11-02 19:47:20 +0000 | [diff] [blame] | 8 | *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 9 | */ | 
|  | 10 | #ifndef MBEDTLS_SSL_TICKET_H | 
|  | 11 | #define MBEDTLS_SSL_TICKET_H | 
| Mateusz Starzyk | 846f021 | 2021-05-19 19:44:07 +0200 | [diff] [blame] | 12 | #include "mbedtls/private_access.h" | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 13 |  | 
| Bence Szépkúti | c662b36 | 2021-05-27 11:25:03 +0200 | [diff] [blame] | 14 | #include "mbedtls/build_info.h" | 
| Ron Eldor | 8b0cf2e | 2018-02-14 16:02:41 +0200 | [diff] [blame] | 15 |  | 
| Manuel Pégourié-Gonnard | 4214e3a | 2015-05-25 19:34:49 +0200 | [diff] [blame] | 16 | /* | 
|  | 17 | * This implementation of the session ticket callbacks includes key | 
|  | 18 | * management, rotating the keys periodically in order to preserve forward | 
|  | 19 | * secrecy, when MBEDTLS_HAVE_TIME is defined. | 
|  | 20 | */ | 
|  | 21 |  | 
| Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 22 | #include "mbedtls/ssl.h" | 
| Dave Rodgman | 536f28c | 2022-08-17 14:20:36 +0100 | [diff] [blame] | 23 |  | 
|  | 24 | #if defined(MBEDTLS_HAVE_TIME) | 
| Dave Rodgman | 392f714 | 2022-08-17 11:19:41 +0100 | [diff] [blame] | 25 | #include "mbedtls/platform_time.h" | 
| Dave Rodgman | 536f28c | 2022-08-17 14:20:36 +0100 | [diff] [blame] | 26 | #endif | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 27 |  | 
| Gabor Mezei | 2a02051 | 2022-03-10 15:15:46 +0100 | [diff] [blame] | 28 | #include "psa/crypto.h" | 
| Gabor Mezei | 2a02051 | 2022-03-10 15:15:46 +0100 | [diff] [blame] | 29 |  | 
| Manuel Pégourié-Gonnard | 0849a0a | 2015-05-20 11:34:54 +0200 | [diff] [blame] | 30 | #if defined(MBEDTLS_THREADING_C) | 
| Jaeden Amero | 6609aef | 2019-07-04 20:01:14 +0100 | [diff] [blame] | 31 | #include "mbedtls/threading.h" | 
| Manuel Pégourié-Gonnard | 0849a0a | 2015-05-20 11:34:54 +0200 | [diff] [blame] | 32 | #endif | 
|  | 33 |  | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 34 | #ifdef __cplusplus | 
|  | 35 | extern "C" { | 
|  | 36 | #endif | 
|  | 37 |  | 
| Glenn Strauss | a941b62 | 2022-02-09 15:24:56 -0500 | [diff] [blame] | 38 | #define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32          /*!< Max supported key length in bytes */ | 
|  | 39 | #define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4          /*!< key name length in bytes */ | 
|  | 40 |  | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 41 | /** | 
| Manuel Pégourié-Gonnard | 887674a | 2015-05-25 11:00:19 +0200 | [diff] [blame] | 42 | * \brief   Information for session ticket protection | 
|  | 43 | */ | 
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 44 | typedef struct mbedtls_ssl_ticket_key { | 
| Glenn Strauss | a941b62 | 2022-02-09 15:24:56 -0500 | [diff] [blame] | 45 | unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; | 
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 46 | /*!< random key identifier              */ | 
| Dave Rodgman | 536f28c | 2022-08-17 14:20:36 +0100 | [diff] [blame] | 47 | #if defined(MBEDTLS_HAVE_TIME) | 
| Dave Rodgman | 392f714 | 2022-08-17 11:19:41 +0100 | [diff] [blame] | 48 | mbedtls_time_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ | 
| Dave Rodgman | 536f28c | 2022-08-17 14:20:36 +0100 | [diff] [blame] | 49 | #endif | 
| Ronald Cron | ba5165e | 2023-11-21 13:53:18 +0100 | [diff] [blame] | 50 | /*! Lifetime of the key in seconds. This is also the lifetime of the | 
|  | 51 | *  tickets created under that key. | 
|  | 52 | */ | 
|  | 53 | uint32_t MBEDTLS_PRIVATE(lifetime); | 
| Gabor Mezei | 2a02051 | 2022-03-10 15:15:46 +0100 | [diff] [blame] | 54 | mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key);       /*!< key used for auth enc/decryption   */ | 
|  | 55 | psa_algorithm_t MBEDTLS_PRIVATE(alg);            /*!< algorithm of auth enc/decryption   */ | 
|  | 56 | psa_key_type_t MBEDTLS_PRIVATE(key_type);        /*!< key type                           */ | 
|  | 57 | size_t MBEDTLS_PRIVATE(key_bits);                /*!< key length in bits                 */ | 
| Manuel Pégourié-Gonnard | 887674a | 2015-05-25 11:00:19 +0200 | [diff] [blame] | 58 | } | 
|  | 59 | mbedtls_ssl_ticket_key; | 
|  | 60 |  | 
|  | 61 | /** | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 62 | * \brief   Context for session ticket handling functions | 
|  | 63 | */ | 
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 64 | typedef struct mbedtls_ssl_ticket_context { | 
| Mateusz Starzyk | 846f021 | 2021-05-19 19:44:07 +0200 | [diff] [blame] | 65 | mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys             */ | 
|  | 66 | unsigned char MBEDTLS_PRIVATE(active);           /*!< index of the currently active key  */ | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 67 |  | 
| Mateusz Starzyk | 846f021 | 2021-05-19 19:44:07 +0200 | [diff] [blame] | 68 | uint32_t MBEDTLS_PRIVATE(ticket_lifetime);       /*!< lifetime of tickets in seconds     */ | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 69 |  | 
|  | 70 | /** Callback for getting (pseudo-)random numbers                        */ | 
| Manuel Pégourié-Gonnard | 0849a0a | 2015-05-20 11:34:54 +0200 | [diff] [blame] | 71 |  | 
|  | 72 | #if defined(MBEDTLS_THREADING_C) | 
| Mateusz Starzyk | 846f021 | 2021-05-19 19:44:07 +0200 | [diff] [blame] | 73 | mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); | 
| Manuel Pégourié-Gonnard | 0849a0a | 2015-05-20 11:34:54 +0200 | [diff] [blame] | 74 | #endif | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 75 | } | 
|  | 76 | mbedtls_ssl_ticket_context; | 
|  | 77 |  | 
|  | 78 | /** | 
|  | 79 | * \brief           Initialize a ticket context. | 
|  | 80 | *                  (Just make it ready for mbedtls_ssl_ticket_setup() | 
|  | 81 | *                  or mbedtls_ssl_ticket_free().) | 
|  | 82 | * | 
|  | 83 | * \param ctx       Context to be initialized | 
|  | 84 | */ | 
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 85 | void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 86 |  | 
|  | 87 | /** | 
|  | 88 | * \brief           Prepare context to be actually used | 
|  | 89 | * | 
|  | 90 | * \param ctx       Context to be set up | 
| Ben Taylor | d049880 | 2025-02-03 11:33:25 +0000 | [diff] [blame] | 91 | * \param alg       AEAD cipher to use for ticket protection. | 
|  | 92 | * \param key_type  Cryptographic key type to use. | 
|  | 93 | * \param key_bits  Cryptographic key size to use in bits. | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 94 | * \param lifetime  Tickets lifetime in seconds | 
| Manuel Pégourié-Gonnard | dc54ff8 | 2015-06-25 12:44:46 +0200 | [diff] [blame] | 95 | *                  Recommended value: 86400 (one day). | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 96 | * | 
| Manuel Pégourié-Gonnard | a0adc1b | 2015-05-25 10:35:16 +0200 | [diff] [blame] | 97 | * \note            It is highly recommended to select a cipher that is at | 
| Tobias Nießen | 1e8ca12 | 2021-05-10 19:53:15 +0200 | [diff] [blame] | 98 | *                  least as strong as the strongest ciphersuite | 
| Manuel Pégourié-Gonnard | a0adc1b | 2015-05-25 10:35:16 +0200 | [diff] [blame] | 99 | *                  supported. Usually that means a 256-bit key. | 
|  | 100 | * | 
| Ronald Cron | 0050dff | 2024-03-08 16:30:22 +0100 | [diff] [blame] | 101 | * \note            It is recommended to pick a reasonable lifetime so as not | 
| Manuel Pégourié-Gonnard | dc54ff8 | 2015-06-25 12:44:46 +0200 | [diff] [blame] | 102 | *                  to negate the benefits of forward secrecy. | 
|  | 103 | * | 
| Jerry Yu | ce79488 | 2023-11-22 15:01:18 +0800 | [diff] [blame] | 104 | * \note            The TLS 1.3 specification states that ticket lifetime must | 
|  | 105 | *                  be smaller than seven days. If ticket lifetime has been | 
|  | 106 | *                  set to a value greater than seven days in this module then | 
|  | 107 | *                  if the TLS 1.3 is configured to send tickets after the | 
|  | 108 | *                  handshake it will fail the connection when trying to send | 
|  | 109 | *                  the first ticket. | 
|  | 110 | * | 
| Manuel Pégourié-Gonnard | 81abefd | 2015-05-29 12:53:47 +0200 | [diff] [blame] | 111 | * \return          0 if successful, | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 112 | *                  or a specific MBEDTLS_ERR_XXX error code | 
|  | 113 | */ | 
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 114 | int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, | 
| Ben Taylor | 0c29cf8 | 2025-01-29 08:18:43 +0000 | [diff] [blame] | 115 | psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, | 
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 116 | uint32_t lifetime); | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 117 |  | 
|  | 118 | /** | 
| Glenn Strauss | a950938 | 2022-02-02 23:32:18 -0500 | [diff] [blame] | 119 | * \brief           Rotate session ticket encryption key to new specified key. | 
|  | 120 | *                  Provides for external control of session ticket encryption | 
|  | 121 | *                  key rotation, e.g. for synchronization between different | 
|  | 122 | *                  machines.  If this function is not used, or if not called | 
|  | 123 | *                  before ticket lifetime expires, then a new session ticket | 
|  | 124 | *                  encryption key is generated internally in order to avoid | 
|  | 125 | *                  unbounded session ticket encryption key lifetimes. | 
|  | 126 | * | 
|  | 127 | * \param ctx       Context to be set up | 
|  | 128 | * \param name      Session ticket encryption key name | 
|  | 129 | * \param nlength   Session ticket encryption key name length in bytes | 
|  | 130 | * \param k         Session ticket encryption key | 
|  | 131 | * \param klength   Session ticket encryption key length in bytes | 
|  | 132 | * \param lifetime  Tickets lifetime in seconds | 
|  | 133 | *                  Recommended value: 86400 (one day). | 
|  | 134 | * | 
|  | 135 | * \note            \c name and \c k are recommended to be cryptographically | 
|  | 136 | *                  random data. | 
|  | 137 | * | 
|  | 138 | * \note            \c nlength must match sizeof( ctx->name ) | 
|  | 139 | * | 
|  | 140 | * \note            \c klength must be sufficient for use by cipher specified | 
|  | 141 | *                  to \c mbedtls_ssl_ticket_setup | 
|  | 142 | * | 
| Ronald Cron | 0050dff | 2024-03-08 16:30:22 +0100 | [diff] [blame] | 143 | * \note            It is recommended to pick a reasonable lifetime so as not | 
| Glenn Strauss | a950938 | 2022-02-02 23:32:18 -0500 | [diff] [blame] | 144 | *                  to negate the benefits of forward secrecy. | 
|  | 145 | * | 
| Jerry Yu | ce79488 | 2023-11-22 15:01:18 +0800 | [diff] [blame] | 146 | * \note            The TLS 1.3 specification states that ticket lifetime must | 
|  | 147 | *                  be smaller than seven days. If ticket lifetime has been | 
|  | 148 | *                  set to a value greater than seven days in this module then | 
|  | 149 | *                  if the TLS 1.3 is configured to send tickets after the | 
|  | 150 | *                  handshake it will fail the connection when trying to send | 
|  | 151 | *                  the first ticket. | 
|  | 152 | * | 
| Glenn Strauss | a950938 | 2022-02-02 23:32:18 -0500 | [diff] [blame] | 153 | * \return          0 if successful, | 
|  | 154 | *                  or a specific MBEDTLS_ERR_XXX error code | 
|  | 155 | */ | 
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 156 | int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, | 
|  | 157 | const unsigned char *name, size_t nlength, | 
|  | 158 | const unsigned char *k, size_t klength, | 
|  | 159 | uint32_t lifetime); | 
| Glenn Strauss | a950938 | 2022-02-02 23:32:18 -0500 | [diff] [blame] | 160 |  | 
|  | 161 | /** | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 162 | * \brief           Implementation of the ticket write callback | 
|  | 163 | * | 
| Antonin Décimo | 36e89b5 | 2019-01-23 15:24:37 +0100 | [diff] [blame] | 164 | * \note            See \c mbedtls_ssl_ticket_write_t for description | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 165 | */ | 
|  | 166 | mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; | 
|  | 167 |  | 
|  | 168 | /** | 
|  | 169 | * \brief           Implementation of the ticket parse callback | 
|  | 170 | * | 
| Antonin Décimo | 36e89b5 | 2019-01-23 15:24:37 +0100 | [diff] [blame] | 171 | * \note            See \c mbedtls_ssl_ticket_parse_t for description | 
| Manuel Pégourié-Gonnard | d59675d | 2015-05-19 15:28:00 +0200 | [diff] [blame] | 172 | */ | 
|  | 173 | mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; | 
|  | 174 |  | 
|  | 175 | /** | 
|  | 176 | * \brief           Free a context's content and zeroize it. | 
|  | 177 | * | 
|  | 178 | * \param ctx       Context to be cleaned up | 
|  | 179 | */ | 
| Gilles Peskine | 449bd83 | 2023-01-11 14:50:10 +0100 | [diff] [blame] | 180 | void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx); | 
| Manuel Pégourié-Gonnard | fd6d897 | 2015-05-15 12:09:00 +0200 | [diff] [blame] | 181 |  | 
|  | 182 | #ifdef __cplusplus | 
|  | 183 | } | 
|  | 184 | #endif | 
|  | 185 |  | 
|  | 186 | #endif /* ssl_ticket.h */ |