TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a941b6298555296222fa1c862cfc5d131074c1fd / . / include / mbedtls / ssl_ticket.h
blob: 855930953a06b39fc080215915d6d46323938f57 [file] [log] [blame]
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]1/**
2 * \file ssl_ticket.h
3 *
4 * \brief TLS server ticket callbacks implementation
Darryl Greena40a1012018-01-05 15:33:17 +0000[diff] [blame]5 */
6/*
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]7 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]21 */
22#ifndef MBEDTLS_SSL_TICKET_H
23#define MBEDTLS_SSL_TICKET_H
Mateusz Starzyk846f0212021-05-19 19:44:07 +0200[diff] [blame]24#include "mbedtls/private_access.h"
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]25
Bence Szépkútic662b362021-05-27 11:25:03 +0200[diff] [blame]26#include "mbedtls/build_info.h"
Ron Eldor8b0cf2e2018-02-14 16:02:41 +0200[diff] [blame]27
Manuel Pégourié-Gonnard4214e3a2015-05-25 19:34:49 +0200[diff] [blame]28/*
29 * This implementation of the session ticket callbacks includes key
30 * management, rotating the keys periodically in order to preserve forward
31 * secrecy, when MBEDTLS_HAVE_TIME is defined.
32 */
33
Jaeden Amero6609aef2019-07-04 20:01:14 +0100[diff] [blame]34#include "mbedtls/ssl.h"
35#include "mbedtls/cipher.h"
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]36
Manuel Pégourié-Gonnard0849a0a2015-05-20 11:34:54 +0200[diff] [blame]37#if defined(MBEDTLS_THREADING_C)
Jaeden Amero6609aef2019-07-04 20:01:14 +0100[diff] [blame]38#include "mbedtls/threading.h"
Manuel Pégourié-Gonnard0849a0a2015-05-20 11:34:54 +0200[diff] [blame]39#endif
40
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]41#ifdef __cplusplus
42extern "C" {
43#endif
44
Glenn Straussa941b622022-02-09 15:24:56 -0500[diff] [blame^]45#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 /*!< Max supported key length in bytes */
46#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 /*!< key name length in bytes */
47
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]48/**
Manuel Pégourié-Gonnard887674a2015-05-25 11:00:19 +0200[diff] [blame]49 * \brief Information for session ticket protection
50 */
Dawid Drozd428cc522018-07-24 10:02:47 +0200[diff] [blame]51typedef struct mbedtls_ssl_ticket_key
Manuel Pégourié-Gonnard887674a2015-05-25 11:00:19 +0200[diff] [blame]52{
Glenn Straussa941b622022-02-09 15:24:56 -0500[diff] [blame^]53 unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
54 /*!< random key identifier */
Mateusz Starzyk846f0212021-05-19 19:44:07 +0200[diff] [blame]55 uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
56 mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
Manuel Pégourié-Gonnard887674a2015-05-25 11:00:19 +0200[diff] [blame]57}
58mbedtls_ssl_ticket_key;
59
60/**
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]61 * \brief Context for session ticket handling functions
62 */
Dawid Drozd428cc522018-07-24 10:02:47 +0200[diff] [blame]63typedef struct mbedtls_ssl_ticket_context
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]64{
Mateusz Starzyk846f0212021-05-19 19:44:07 +0200[diff] [blame]65 mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
66 unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]67
Mateusz Starzyk846f0212021-05-19 19:44:07 +0200[diff] [blame]68 uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]69
70 /** Callback for getting (pseudo-)random numbers */
Mateusz Starzyk846f0212021-05-19 19:44:07 +0200[diff] [blame]71 int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
72 void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
Manuel Pégourié-Gonnard0849a0a2015-05-20 11:34:54 +0200[diff] [blame]73
74#if defined(MBEDTLS_THREADING_C)
Mateusz Starzyk846f0212021-05-19 19:44:07 +0200[diff] [blame]75 mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
Manuel Pégourié-Gonnard0849a0a2015-05-20 11:34:54 +0200[diff] [blame]76#endif
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]77}
78mbedtls_ssl_ticket_context;
79
80/**
81 * \brief Initialize a ticket context.
82 * (Just make it ready for mbedtls_ssl_ticket_setup()
83 * or mbedtls_ssl_ticket_free().)
84 *
85 * \param ctx Context to be initialized
86 */
87void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
88
89/**
90 * \brief Prepare context to be actually used
91 *
92 * \param ctx Context to be set up
Manuel Pégourié-Gonnardad5390f2021-06-15 11:29:26 +0200[diff] [blame]93 * \param f_rng RNG callback function (mandatory)
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]94 * \param p_rng RNG callback context
Manuel Pégourié-Gonnarddc54ff82015-06-25 12:44:46 +0200[diff] [blame]95 * \param cipher AEAD cipher to use for ticket protection.
96 * Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]97 * \param lifetime Tickets lifetime in seconds
Manuel Pégourié-Gonnarddc54ff82015-06-25 12:44:46 +0200[diff] [blame]98 * Recommended value: 86400 (one day).
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]99 *
Manuel Pégourié-Gonnarda0adc1b2015-05-25 10:35:16 +0200[diff] [blame]100 * \note It is highly recommended to select a cipher that is at
Tobias Nießen1e8ca122021-05-10 19:53:15 +0200[diff] [blame]101 * least as strong as the strongest ciphersuite
Manuel Pégourié-Gonnarda0adc1b2015-05-25 10:35:16 +0200[diff] [blame]102 * supported. Usually that means a 256-bit key.
103 *
Manuel Pégourié-Gonnarddc54ff82015-06-25 12:44:46 +0200[diff] [blame]104 * \note The lifetime of the keys is twice the lifetime of tickets.
Glenn Straussa9509382022-02-02 23:32:18 -0500[diff] [blame]105 * It is recommended to pick a reasonable lifetime so as not
Manuel Pégourié-Gonnarddc54ff82015-06-25 12:44:46 +0200[diff] [blame]106 * to negate the benefits of forward secrecy.
107 *
Manuel Pégourié-Gonnard81abefd2015-05-29 12:53:47 +0200[diff] [blame]108 * \return 0 if successful,
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]109 * or a specific MBEDTLS_ERR_XXX error code
110 */
111int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
112 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
Manuel Pégourié-Gonnarda0adc1b2015-05-25 10:35:16 +0200[diff] [blame]113 mbedtls_cipher_type_t cipher,
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]114 uint32_t lifetime );
115
116/**
Glenn Straussa9509382022-02-02 23:32:18 -0500[diff] [blame]117 * \brief Rotate session ticket encryption key to new specified key.
118 * Provides for external control of session ticket encryption
119 * key rotation, e.g. for synchronization between different
120 * machines. If this function is not used, or if not called
121 * before ticket lifetime expires, then a new session ticket
122 * encryption key is generated internally in order to avoid
123 * unbounded session ticket encryption key lifetimes.
124 *
125 * \param ctx Context to be set up
126 * \param name Session ticket encryption key name
127 * \param nlength Session ticket encryption key name length in bytes
128 * \param k Session ticket encryption key
129 * \param klength Session ticket encryption key length in bytes
130 * \param lifetime Tickets lifetime in seconds
131 * Recommended value: 86400 (one day).
132 *
133 * \note \c name and \c k are recommended to be cryptographically
134 * random data.
135 *
136 * \note \c nlength must match sizeof( ctx->name )
137 *
138 * \note \c klength must be sufficient for use by cipher specified
139 * to \c mbedtls_ssl_ticket_setup
140 *
141 * \note The lifetime of the keys is twice the lifetime of tickets.
142 * It is recommended to pick a reasonable lifetime so as not
143 * to negate the benefits of forward secrecy.
144 *
145 * \return 0 if successful,
146 * or a specific MBEDTLS_ERR_XXX error code
147 */
148int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
149 const unsigned char *name, size_t nlength,
150 const unsigned char *k, size_t klength,
151 uint32_t lifetime );
152
153/**
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]154 * \brief Implementation of the ticket write callback
155 *
Antonin Décimo36e89b52019-01-23 15:24:37 +0100[diff] [blame]156 * \note See \c mbedtls_ssl_ticket_write_t for description
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]157 */
158mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
159
160/**
161 * \brief Implementation of the ticket parse callback
162 *
Antonin Décimo36e89b52019-01-23 15:24:37 +0100[diff] [blame]163 * \note See \c mbedtls_ssl_ticket_parse_t for description
Manuel Pégourié-Gonnardd59675d2015-05-19 15:28:00 +0200[diff] [blame]164 */
165mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
166
167/**
168 * \brief Free a context's content and zeroize it.
169 *
170 * \param ctx Context to be cleaned up
171 */
172void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
Manuel Pégourié-Gonnardfd6d8972015-05-15 12:09:00 +0200[diff] [blame]173
174#ifdef __cplusplus
175}
176#endif
177
178#endif /* ssl_ticket.h */