1 /** 2 * \file ssl_ticket.h 3 * 4 * \brief TLS server ticket callbacks implementation 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 * 10 * This file is provided under the Apache License 2.0, or the 11 * GNU General Public License v2.0 or later. 12 * 13 * ********** 14 * Apache License 2.0: 15 * 16 * Licensed under the Apache License, Version 2.0 (the "License"); you may 17 * not use this file except in compliance with the License. 18 * You may obtain a copy of the License at 19 * 20 * http://www.apache.org/licenses/LICENSE-2.0 21 * 22 * Unless required by applicable law or agreed to in writing, software 23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 25 * See the License for the specific language governing permissions and 26 * limitations under the License. 27 * 28 * ********** 29 * 30 * ********** 31 * GNU General Public License v2.0 or later: 32 * 33 * This program is free software; you can redistribute it and/or modify 34 * it under the terms of the GNU General Public License as published by 35 * the Free Software Foundation; either version 2 of the License, or 36 * (at your option) any later version. 37 * 38 * This program is distributed in the hope that it will be useful, 39 * but WITHOUT ANY WARRANTY; without even the implied warranty of 40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 41 * GNU General Public License for more details. 42 * 43 * You should have received a copy of the GNU General Public License along 44 * with this program; if not, write to the Free Software Foundation, Inc., 45 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 46 * 47 * ********** 48 */ 49 #ifndef MBEDTLS_SSL_TICKET_H 50 #define MBEDTLS_SSL_TICKET_H 51 52 #if !defined(MBEDTLS_CONFIG_FILE) 53 #include "config.h" 54 #else 55 #include MBEDTLS_CONFIG_FILE 56 #endif 57 58 /* 59 * This implementation of the session ticket callbacks includes key 60 * management, rotating the keys periodically in order to preserve forward 61 * secrecy, when MBEDTLS_HAVE_TIME is defined. 62 */ 63 64 #include "ssl.h" 65 #include "cipher.h" 66 67 #if defined(MBEDTLS_THREADING_C) 68 #include "threading.h" 69 #endif 70 71 #ifdef __cplusplus 72 extern "C" { 73 #endif 74 75 /** 76 * \brief Information for session ticket protection 77 */ 78 typedef struct mbedtls_ssl_ticket_key 79 { 80 unsigned char name[4]; /*!< random key identifier */ 81 uint32_t generation_time; /*!< key generation timestamp (seconds) */ 82 mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */ 83 } 84 mbedtls_ssl_ticket_key; 85 86 /** 87 * \brief Context for session ticket handling functions 88 */ 89 typedef struct mbedtls_ssl_ticket_context 90 { 91 mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ 92 unsigned char active; /*!< index of the currently active key */ 93 94 uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */ 95 96 /** Callback for getting (pseudo-)random numbers */ 97 int (*f_rng)(void *, unsigned char *, size_t); 98 void *p_rng; /*!< context for the RNG function */ 99 100 #if defined(MBEDTLS_THREADING_C) 101 mbedtls_threading_mutex_t mutex; 102 #endif 103 } 104 mbedtls_ssl_ticket_context; 105 106 /** 107 * \brief Initialize a ticket context. 108 * (Just make it ready for mbedtls_ssl_ticket_setup() 109 * or mbedtls_ssl_ticket_free().) 110 * 111 * \param ctx Context to be initialized 112 */ 113 void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); 114 115 /** 116 * \brief Prepare context to be actually used 117 * 118 * \param ctx Context to be set up 119 * \param f_rng RNG callback function 120 * \param p_rng RNG callback context 121 * \param cipher AEAD cipher to use for ticket protection. 122 * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. 123 * \param lifetime Tickets lifetime in seconds 124 * Recommended value: 86400 (one day). 125 * 126 * \note It is highly recommended to select a cipher that is at 127 * least as strong as the strongest ciphersuite 128 * supported. Usually that means a 256-bit key. 129 * 130 * \note The lifetime of the keys is twice the lifetime of tickets. 131 * It is recommended to pick a reasonnable lifetime so as not 132 * to negate the benefits of forward secrecy. 133 * 134 * \return 0 if successful, 135 * or a specific MBEDTLS_ERR_XXX error code 136 */ 137 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, 138 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 139 mbedtls_cipher_type_t cipher, 140 uint32_t lifetime ); 141 142 /** 143 * \brief Implementation of the ticket write callback 144 * 145 * \note See \c mbedtls_ssl_ticket_write_t for description 146 */ 147 mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write; 148 149 /** 150 * \brief Implementation of the ticket parse callback 151 * 152 * \note See \c mbedtls_ssl_ticket_parse_t for description 153 */ 154 mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; 155 156 /** 157 * \brief Free a context's content and zeroize it. 158 * 159 * \param ctx Context to be cleaned up 160 */ 161 void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ); 162 163 #ifdef __cplusplus 164 } 165 #endif 166 167 #endif /* ssl_ticket.h */ 168