2015-05-15 12:09:00 +02:00
|
|
|
/**
|
|
|
|
|
* \file ssl_ticket.h
|
|
|
|
|
*
|
|
|
|
|
* \brief TLS server ticket callbacks implementation
|
2018-01-05 16:33:17 +01:00
|
|
|
*/
|
|
|
|
|
/*
|
2020-08-07 13:07:28 +02:00
|
|
|
* Copyright The Mbed TLS Contributors
|
2015-09-04 14:21:07 +02:00
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
2015-05-15 12:09:00 +02:00
|
|
|
*
|
2015-09-04 14:21:07 +02:00
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
2015-05-15 12:09:00 +02:00
|
|
|
*
|
2015-09-04 14:21:07 +02:00
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
2015-05-15 12:09:00 +02:00
|
|
|
*
|
2015-09-04 14:21:07 +02:00
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
2015-05-15 12:09:00 +02:00
|
|
|
*/
|
|
|
|
|
#ifndef MBEDTLS_SSL_TICKET_H
|
|
|
|
|
#define MBEDTLS_SSL_TICKET_H
|
2021-05-19 19:44:07 +02:00
|
|
|
#include "mbedtls/private_access.h"
|
2015-05-15 12:09:00 +02:00
|
|
|
|
2021-05-27 11:25:03 +02:00
|
|
|
#include "mbedtls/build_info.h"
|
2018-02-14 15:02:41 +01:00
|
|
|
|
2015-05-25 19:34:49 +02:00
|
|
|
/*
|
|
|
|
|
* This implementation of the session ticket callbacks includes key
|
|
|
|
|
* management, rotating the keys periodically in order to preserve forward
|
|
|
|
|
* secrecy, when MBEDTLS_HAVE_TIME is defined.
|
|
|
|
|
*/
|
|
|
|
|
|
2019-07-04 21:01:14 +02:00
|
|
|
#include "mbedtls/ssl.h"
|
|
|
|
|
#include "mbedtls/cipher.h"
|
2022-08-17 15:20:36 +02:00
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
2022-08-17 12:19:41 +02:00
|
|
|
#include "mbedtls/platform_time.h"
|
2022-08-17 15:20:36 +02:00
|
|
|
#endif
|
2015-05-15 12:09:00 +02:00
|
|
|
|
2022-03-10 15:15:46 +01:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
|
#include "psa/crypto.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-05-20 11:34:54 +02:00
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
2019-07-04 21:01:14 +02:00
|
|
|
#include "mbedtls/threading.h"
|
2015-05-20 11:34:54 +02:00
|
|
|
#endif
|
|
|
|
|
|
2015-05-15 12:09:00 +02:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2022-02-09 21:24:56 +01:00
|
|
|
#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 /*!< Max supported key length in bytes */
|
|
|
|
|
#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 /*!< key name length in bytes */
|
|
|
|
|
|
2015-05-25 11:00:19 +02:00
|
|
|
/**
|
|
|
|
|
* \brief Information for session ticket protection
|
|
|
|
|
*/
|
2018-07-24 10:02:47 +02:00
|
|
|
typedef struct mbedtls_ssl_ticket_key
|
2015-05-25 11:00:19 +02:00
|
|
|
{
|
2022-02-09 21:24:56 +01:00
|
|
|
unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
|
|
|
|
|
/*!< random key identifier */
|
2022-08-17 15:20:36 +02:00
|
|
|
#if defined(MBEDTLS_HAVE_TIME)
|
2022-08-17 12:19:41 +02:00
|
|
|
mbedtls_time_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
|
2022-08-17 15:20:36 +02:00
|
|
|
#endif
|
2022-03-10 15:15:46 +01:00
|
|
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
2021-05-19 19:44:07 +02:00
|
|
|
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
|
2022-03-10 15:15:46 +01:00
|
|
|
#else
|
|
|
|
|
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key); /*!< key used for auth enc/decryption */
|
|
|
|
|
psa_algorithm_t MBEDTLS_PRIVATE(alg); /*!< algorithm of auth enc/decryption */
|
|
|
|
|
psa_key_type_t MBEDTLS_PRIVATE(key_type); /*!< key type */
|
|
|
|
|
size_t MBEDTLS_PRIVATE(key_bits); /*!< key length in bits */
|
|
|
|
|
#endif
|
2015-05-25 11:00:19 +02:00
|
|
|
}
|
|
|
|
|
mbedtls_ssl_ticket_key;
|
|
|
|
|
|
2015-05-19 15:28:00 +02:00
|
|
|
/**
|
|
|
|
|
* \brief Context for session ticket handling functions
|
|
|
|
|
*/
|
2018-07-24 10:02:47 +02:00
|
|
|
typedef struct mbedtls_ssl_ticket_context
|
2015-05-19 15:28:00 +02:00
|
|
|
{
|
2021-05-19 19:44:07 +02:00
|
|
|
mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
|
|
|
|
|
unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
|
2015-05-19 15:28:00 +02:00
|
|
|
|
2021-05-19 19:44:07 +02:00
|
|
|
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
|
2015-05-19 15:28:00 +02:00
|
|
|
|
|
|
|
|
/** Callback for getting (pseudo-)random numbers */
|
2021-05-19 19:44:07 +02:00
|
|
|
int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
|
|
|
|
|
void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
|
2015-05-20 11:34:54 +02:00
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_THREADING_C)
|
2021-05-19 19:44:07 +02:00
|
|
|
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
|
2015-05-20 11:34:54 +02:00
|
|
|
#endif
|
2015-05-19 15:28:00 +02:00
|
|
|
}
|
|
|
|
|
mbedtls_ssl_ticket_context;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Initialize a ticket context.
|
|
|
|
|
* (Just make it ready for mbedtls_ssl_ticket_setup()
|
|
|
|
|
* or mbedtls_ssl_ticket_free().)
|
|
|
|
|
*
|
|
|
|
|
* \param ctx Context to be initialized
|
|
|
|
|
*/
|
|
|
|
|
void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Prepare context to be actually used
|
|
|
|
|
*
|
|
|
|
|
* \param ctx Context to be set up
|
2021-06-15 11:29:26 +02:00
|
|
|
* \param f_rng RNG callback function (mandatory)
|
2015-05-19 15:28:00 +02:00
|
|
|
* \param p_rng RNG callback context
|
2015-06-25 12:44:46 +02:00
|
|
|
* \param cipher AEAD cipher to use for ticket protection.
|
|
|
|
|
* Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
|
2015-05-19 15:28:00 +02:00
|
|
|
* \param lifetime Tickets lifetime in seconds
|
2015-06-25 12:44:46 +02:00
|
|
|
* Recommended value: 86400 (one day).
|
2015-05-19 15:28:00 +02:00
|
|
|
*
|
2015-05-25 10:35:16 +02:00
|
|
|
* \note It is highly recommended to select a cipher that is at
|
2021-05-10 19:53:15 +02:00
|
|
|
* least as strong as the strongest ciphersuite
|
2015-05-25 10:35:16 +02:00
|
|
|
* supported. Usually that means a 256-bit key.
|
|
|
|
|
*
|
2015-06-25 12:44:46 +02:00
|
|
|
* \note The lifetime of the keys is twice the lifetime of tickets.
|
2022-02-03 05:32:18 +01:00
|
|
|
* It is recommended to pick a reasonable lifetime so as not
|
2015-06-25 12:44:46 +02:00
|
|
|
* to negate the benefits of forward secrecy.
|
|
|
|
|
*
|
2015-05-29 12:53:47 +02:00
|
|
|
* \return 0 if successful,
|
2015-05-19 15:28:00 +02:00
|
|
|
* or a specific MBEDTLS_ERR_XXX error code
|
|
|
|
|
*/
|
|
|
|
|
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
2015-05-25 10:35:16 +02:00
|
|
|
mbedtls_cipher_type_t cipher,
|
2015-05-19 15:28:00 +02:00
|
|
|
uint32_t lifetime );
|
|
|
|
|
|
2022-02-03 05:32:18 +01:00
|
|
|
/**
|
|
|
|
|
* \brief Rotate session ticket encryption key to new specified key.
|
|
|
|
|
* Provides for external control of session ticket encryption
|
|
|
|
|
* key rotation, e.g. for synchronization between different
|
|
|
|
|
* machines. If this function is not used, or if not called
|
|
|
|
|
* before ticket lifetime expires, then a new session ticket
|
|
|
|
|
* encryption key is generated internally in order to avoid
|
|
|
|
|
* unbounded session ticket encryption key lifetimes.
|
|
|
|
|
*
|
|
|
|
|
* \param ctx Context to be set up
|
|
|
|
|
* \param name Session ticket encryption key name
|
|
|
|
|
* \param nlength Session ticket encryption key name length in bytes
|
|
|
|
|
* \param k Session ticket encryption key
|
|
|
|
|
* \param klength Session ticket encryption key length in bytes
|
|
|
|
|
* \param lifetime Tickets lifetime in seconds
|
|
|
|
|
* Recommended value: 86400 (one day).
|
|
|
|
|
*
|
|
|
|
|
* \note \c name and \c k are recommended to be cryptographically
|
|
|
|
|
* random data.
|
|
|
|
|
*
|
|
|
|
|
* \note \c nlength must match sizeof( ctx->name )
|
|
|
|
|
*
|
|
|
|
|
* \note \c klength must be sufficient for use by cipher specified
|
|
|
|
|
* to \c mbedtls_ssl_ticket_setup
|
|
|
|
|
*
|
|
|
|
|
* \note The lifetime of the keys is twice the lifetime of tickets.
|
|
|
|
|
* It is recommended to pick a reasonable lifetime so as not
|
|
|
|
|
* to negate the benefits of forward secrecy.
|
|
|
|
|
*
|
|
|
|
|
* \return 0 if successful,
|
|
|
|
|
* or a specific MBEDTLS_ERR_XXX error code
|
|
|
|
|
*/
|
|
|
|
|
int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
|
|
|
|
|
const unsigned char *name, size_t nlength,
|
|
|
|
|
const unsigned char *k, size_t klength,
|
|
|
|
|
uint32_t lifetime );
|
|
|
|
|
|
2015-05-19 15:28:00 +02:00
|
|
|
/**
|
|
|
|
|
* \brief Implementation of the ticket write callback
|
|
|
|
|
*
|
2019-01-23 15:24:37 +01:00
|
|
|
* \note See \c mbedtls_ssl_ticket_write_t for description
|
2015-05-19 15:28:00 +02:00
|
|
|
*/
|
|
|
|
|
mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Implementation of the ticket parse callback
|
|
|
|
|
*
|
2019-01-23 15:24:37 +01:00
|
|
|
* \note See \c mbedtls_ssl_ticket_parse_t for description
|
2015-05-19 15:28:00 +02:00
|
|
|
*/
|
|
|
|
|
mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Free a context's content and zeroize it.
|
|
|
|
|
*
|
|
|
|
|
* \param ctx Context to be cleaned up
|
|
|
|
|
*/
|
|
|
|
|
void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
|
2015-05-15 12:09:00 +02:00
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#endif /* ssl_ticket.h */
|
