Mbed TLS v3.6.0
|
TLS server ticket callbacks implementation. More...
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include "mbedtls/ssl.h"
#include "mbedtls/cipher.h"
#include "mbedtls/platform_time.h"
#include "psa/crypto.h"
#include "mbedtls/threading.h"
Go to the source code of this file.
Data Structures | |
struct | mbedtls_ssl_ticket_key |
Information for session ticket protection. More... | |
struct | mbedtls_ssl_ticket_context |
Context for session ticket handling functions. More... | |
Macros | |
#define | MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 |
#define | MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 |
Typedefs | |
typedef struct mbedtls_ssl_ticket_key | mbedtls_ssl_ticket_key |
Information for session ticket protection. More... | |
typedef struct mbedtls_ssl_ticket_context | mbedtls_ssl_ticket_context |
Context for session ticket handling functions. More... | |
Functions | |
void | mbedtls_ssl_ticket_init (mbedtls_ssl_ticket_context *ctx) |
Initialize a ticket context. (Just make it ready for mbedtls_ssl_ticket_setup() or mbedtls_ssl_ticket_free().) More... | |
int | mbedtls_ssl_ticket_setup (mbedtls_ssl_ticket_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_cipher_type_t cipher, uint32_t lifetime) |
Prepare context to be actually used. More... | |
int | mbedtls_ssl_ticket_rotate (mbedtls_ssl_ticket_context *ctx, const unsigned char *name, size_t nlength, const unsigned char *k, size_t klength, uint32_t lifetime) |
Rotate session ticket encryption key to new specified key. Provides for external control of session ticket encryption key rotation, e.g. for synchronization between different machines. If this function is not used, or if not called before ticket lifetime expires, then a new session ticket encryption key is generated internally in order to avoid unbounded session ticket encryption key lifetimes. More... | |
void | mbedtls_ssl_ticket_free (mbedtls_ssl_ticket_context *ctx) |
Free a context's content and zeroize it. More... | |
Variables | |
mbedtls_ssl_ticket_write_t | mbedtls_ssl_ticket_write |
Implementation of the ticket write callback. More... | |
mbedtls_ssl_ticket_parse_t | mbedtls_ssl_ticket_parse |
Implementation of the ticket parse callback. More... | |
TLS server ticket callbacks implementation.
Definition in file ssl_ticket.h.
#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES 4 |
key name length in bytes
Definition at line 42 of file ssl_ticket.h.
#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES 32 |
Max supported key length in bytes
Definition at line 41 of file ssl_ticket.h.
typedef struct mbedtls_ssl_ticket_context mbedtls_ssl_ticket_context |
Context for session ticket handling functions.
typedef struct mbedtls_ssl_ticket_key mbedtls_ssl_ticket_key |
Information for session ticket protection.
void mbedtls_ssl_ticket_free | ( | mbedtls_ssl_ticket_context * | ctx | ) |
Free a context's content and zeroize it.
ctx | Context to be cleaned up |
void mbedtls_ssl_ticket_init | ( | mbedtls_ssl_ticket_context * | ctx | ) |
Initialize a ticket context. (Just make it ready for mbedtls_ssl_ticket_setup() or mbedtls_ssl_ticket_free().)
ctx | Context to be initialized |
int mbedtls_ssl_ticket_rotate | ( | mbedtls_ssl_ticket_context * | ctx, |
const unsigned char * | name, | ||
size_t | nlength, | ||
const unsigned char * | k, | ||
size_t | klength, | ||
uint32_t | lifetime | ||
) |
Rotate session ticket encryption key to new specified key. Provides for external control of session ticket encryption key rotation, e.g. for synchronization between different machines. If this function is not used, or if not called before ticket lifetime expires, then a new session ticket encryption key is generated internally in order to avoid unbounded session ticket encryption key lifetimes.
ctx | Context to be set up |
name | Session ticket encryption key name |
nlength | Session ticket encryption key name length in bytes |
k | Session ticket encryption key |
klength | Session ticket encryption key length in bytes |
lifetime | Tickets lifetime in seconds Recommended value: 86400 (one day). |
name
and k
are recommended to be cryptographically random data.nlength
must match sizeof( ctx->name )klength
must be sufficient for use by cipher specified to mbedtls_ssl_ticket_setup
int mbedtls_ssl_ticket_setup | ( | mbedtls_ssl_ticket_context * | ctx, |
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng, | ||
mbedtls_cipher_type_t | cipher, | ||
uint32_t | lifetime | ||
) |
Prepare context to be actually used.
ctx | Context to be set up |
f_rng | RNG callback function (mandatory) |
p_rng | RNG callback context |
cipher | AEAD cipher to use for ticket protection. Recommended value: MBEDTLS_CIPHER_AES_256_GCM. |
lifetime | Tickets lifetime in seconds Recommended value: 86400 (one day). |
mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse |
Implementation of the ticket parse callback.
mbedtls_ssl_ticket_parse_t
for description Definition at line 184 of file ssl_ticket.h.
mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write |
Implementation of the ticket write callback.
mbedtls_ssl_ticket_write_t
for description Definition at line 177 of file ssl_ticket.h.