1 /**
2  * \file ssl_ticket.h
3  *
4  * \brief TLS server ticket callbacks implementation
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0
9  *
10  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
11  *  not use this file except in compliance with the License.
12  *  You may obtain a copy of the License at
13  *
14  *  http://www.apache.org/licenses/LICENSE-2.0
15  *
16  *  Unless required by applicable law or agreed to in writing, software
17  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  *  See the License for the specific language governing permissions and
20  *  limitations under the License.
21  */
22 #ifndef MBEDTLS_SSL_TICKET_H
23 #define MBEDTLS_SSL_TICKET_H
24 #include "mbedtls/private_access.h"
25 
26 #include "mbedtls/build_info.h"
27 
28 /*
29  * This implementation of the session ticket callbacks includes key
30  * management, rotating the keys periodically in order to preserve forward
31  * secrecy, when MBEDTLS_HAVE_TIME is defined.
32  */
33 
34 #include "mbedtls/ssl.h"
35 #include "mbedtls/cipher.h"
36 
37 #if defined(MBEDTLS_THREADING_C)
38 #include "mbedtls/threading.h"
39 #endif
40 
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44 
45 /**
46  * \brief   Information for session ticket protection
47  */
48 typedef struct mbedtls_ssl_ticket_key
49 {
50     unsigned char MBEDTLS_PRIVATE(name)[4];          /*!< random key identifier              */
51     uint32_t MBEDTLS_PRIVATE(generation_time);       /*!< key generation timestamp (seconds) */
52     mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx);   /*!< context for auth enc/decryption    */
53 }
54 mbedtls_ssl_ticket_key;
55 
56 /**
57  * \brief   Context for session ticket handling functions
58  */
59 typedef struct mbedtls_ssl_ticket_context
60 {
61     mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys             */
62     unsigned char MBEDTLS_PRIVATE(active);           /*!< index of the currently active key  */
63 
64     uint32_t MBEDTLS_PRIVATE(ticket_lifetime);       /*!< lifetime of tickets in seconds     */
65 
66     /** Callback for getting (pseudo-)random numbers                        */
67     int  (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
68     void *MBEDTLS_PRIVATE(p_rng);                    /*!< context for the RNG function       */
69 
70 #if defined(MBEDTLS_THREADING_C)
71     mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
72 #endif
73 }
74 mbedtls_ssl_ticket_context;
75 
76 /**
77  * \brief           Initialize a ticket context.
78  *                  (Just make it ready for mbedtls_ssl_ticket_setup()
79  *                  or mbedtls_ssl_ticket_free().)
80  *
81  * \param ctx       Context to be initialized
82  */
83 void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
84 
85 /**
86  * \brief           Prepare context to be actually used
87  *
88  * \param ctx       Context to be set up
89  * \param f_rng     RNG callback function (mandatory)
90  * \param p_rng     RNG callback context
91  * \param cipher    AEAD cipher to use for ticket protection.
92  *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
93  * \param lifetime  Tickets lifetime in seconds
94  *                  Recommended value: 86400 (one day).
95  *
96  * \note            It is highly recommended to select a cipher that is at
97  *                  least as strong as the strongest ciphersuite
98  *                  supported. Usually that means a 256-bit key.
99  *
100  * \note            The lifetime of the keys is twice the lifetime of tickets.
101  *                  It is recommended to pick a reasonnable lifetime so as not
102  *                  to negate the benefits of forward secrecy.
103  *
104  * \return          0 if successful,
105  *                  or a specific MBEDTLS_ERR_XXX error code
106  */
107 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
108     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
109     mbedtls_cipher_type_t cipher,
110     uint32_t lifetime );
111 
112 /**
113  * \brief           Implementation of the ticket write callback
114  *
115  * \note            See \c mbedtls_ssl_ticket_write_t for description
116  */
117 mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
118 
119 /**
120  * \brief           Implementation of the ticket parse callback
121  *
122  * \note            See \c mbedtls_ssl_ticket_parse_t for description
123  */
124 mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
125 
126 /**
127  * \brief           Free a context's content and zeroize it.
128  *
129  * \param ctx       Context to be cleaned up
130  */
131 void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
132 
133 #ifdef __cplusplus
134 }
135 #endif
136 
137 #endif /* ssl_ticket.h */
138