TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 81abefd46c7c61463644545f50fc1d975f784d10 / . / include / mbedtls / ssl_ticket.h
blob: caa838089c2bb323ea4e6bddf2b4be997f923326 [file] [log] [blame]
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]1/**
2 * \file ssl_ticket.h
3 *
4 * \brief TLS server ticket callbacks implementation
5 *
6 * Copyright (C) 2015, ARM Limited, All Rights Reserved
7 *
8 * This file is part of mbed TLS (https://tls.mbed.org)
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24#ifndef MBEDTLS_SSL_TICKET_H
25#define MBEDTLS_SSL_TICKET_H
26
Manuel Pégourié-Gonnard4214e3a2015-05-25 19:34:49 +0200[diff] [blame]27/*
28 * This implementation of the session ticket callbacks includes key
29 * management, rotating the keys periodically in order to preserve forward
30 * secrecy, when MBEDTLS_HAVE_TIME is defined.
31 */
32
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]33#include "ssl.h"
Manuel Pégourié-Gonnard1041a392015-05-20 19:59:39 +0200[diff] [blame]34#include "cipher.h"
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]35
Manuel Pégourié-Gonnard0849a0a2015-05-20 11:34:54 +0200[diff] [blame]36#if defined(MBEDTLS_THREADING_C)
37#include "threading.h"
38#endif
39
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]40#ifdef __cplusplus
41extern "C" {
42#endif
43
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]44/**
Manuel Pégourié-Gonnard887674a2015-05-25 11:00:19 +0200[diff] [blame]45 * \brief Information for session ticket protection
46 */
47typedef struct
48{
49 unsigned char name[4]; /*!< random key identifier */
50 uint32_t generation_time; /*!< key generation timestamp (seconds) */
51 mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
52}
53mbedtls_ssl_ticket_key;
54
55/**
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]56 * \brief Context for session ticket handling functions
57 */
58typedef struct
59{
Manuel Pégourié-Gonnard887674a2015-05-25 11:00:19 +0200[diff] [blame]60 mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
Manuel Pégourié-Gonnard1e9c4db2015-05-25 14:07:08 +0200[diff] [blame]61 unsigned char active; /*!< index of the currently active key */
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]62
63 uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
64
65 /** Callback for getting (pseudo-)random numbers */
66 int (*f_rng)(void *, unsigned char *, size_t);
67 void *p_rng; /*!< context for the RNG function */
Manuel Pégourié-Gonnard0849a0a2015-05-20 11:34:54 +0200[diff] [blame]68
69#if defined(MBEDTLS_THREADING_C)
70 mbedtls_threading_mutex_t mutex;
71#endif
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]72}
73mbedtls_ssl_ticket_context;
74
75/**
76 * \brief Initialize a ticket context.
77 * (Just make it ready for mbedtls_ssl_ticket_setup()
78 * or mbedtls_ssl_ticket_free().)
79 *
80 * \param ctx Context to be initialized
81 */
82void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
83
84/**
85 * \brief Prepare context to be actually used
86 *
87 * \param ctx Context to be set up
88 * \param f_rng RNG callback function
89 * \param p_rng RNG callback context
Manuel Pégourié-Gonnarda0adc1b2015-05-25 10:35:16 +0200[diff] [blame]90 * \param cipher AEAD cipher to use for ticket protection, eg
91 * MBEDTLS_CIPHER_AES_256_GCM or MBEDTLS_CIPHER_AES_256_CCM.
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]92 * \param lifetime Tickets lifetime in seconds
93 *
Manuel Pégourié-Gonnarda0adc1b2015-05-25 10:35:16 +0200[diff] [blame]94 * \note It is highly recommended to select a cipher that is at
95 * least as strong as the the strongest ciphersuite
96 * supported. Usually that means a 256-bit key.
97 *
Manuel Pégourié-Gonnard81abefd2015-05-29 12:53:47 +0200[diff] [blame^]98 * \return 0 if successful,
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]99 * or a specific MBEDTLS_ERR_XXX error code
100 */
101int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
102 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
Manuel Pégourié-Gonnarda0adc1b2015-05-25 10:35:16 +0200[diff] [blame]103 mbedtls_cipher_type_t cipher,
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]104 uint32_t lifetime );
105
106/**
107 * \brief Implementation of the ticket write callback
108 *
109 * \note See \c mbedlts_ssl_ticket_write_t for description
110 */
111mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
112
113/**
114 * \brief Implementation of the ticket parse callback
115 *
116 * \note See \c mbedlts_ssl_ticket_parse_t for description
117 */
118mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
119
120/**
121 * \brief Free a context's content and zeroize it.
122 *
123 * \param ctx Context to be cleaned up
124 */
125void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]126
127#ifdef __cplusplus
128}
129#endif
130
131#endif /* ssl_ticket.h */