Documentation

Documentation

Includes

config.h

#include "config.h"
#include "config.h"

MBEDTLS_CONFIG_FILE

#include MBEDTLS_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE

ssl.h

#include "ssl.h"
#include "ssl.h"

cipher.h

#include "cipher.h"
#include "cipher.h"

threading.h

#include "threading.h"
#include "threading.h"

Macros

Marco MBEDTLS_SSL_TICKET_H

#define MBEDTLS_SSL_TICKET_H

      

Functions

Func mbedtls_ssl_ticket_init

void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
/**
 * \brief           Initialize a ticket context.
 *                  (Just make it ready for mbedtls_ssl_ticket_setup()
 *                  or mbedtls_ssl_ticket_free().)
 *
 * \param ctx       Context to be initialized
 */

Func mbedtls_ssl_ticket_setup

int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
   mbedtls_cipher_type_t cipher,
   uint32_t lifetime );
/**
 * \brief           Prepare context to be actually used
 *
 * \param ctx       Context to be set up
 * \param f_rng     RNG callback function
 * \param p_rng     RNG callback context
 * \param cipher    AEAD cipher to use for ticket protection.
 *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
 * \param lifetime  Tickets lifetime in seconds
 *                  Recommended value: 86400 (one day).
 *
 * \note            It is highly recommended to select a cipher that is at
 *                  least as strong as the the strongest ciphersuite
 *                  supported. Usually that means a 256-bit key.
 *
 * \note            The lifetime of the keys is twice the lifetime of tickets.
 *                  It is recommended to pick a reasonnable lifetime so as not
 *                  to negate the benefits of forward secrecy.
 *
 * \return          0 if successful,
 *                  or a specific MBEDTLS_ERR_XXX error code
 */

Func mbedtls_ssl_ticket_free

void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
/**
 * \brief           Free a context's content and zeroize it.
 *
 * \param ctx       Context to be cleaned up
 */

Vars

Variable mbedtls_ssl_ticket_write

mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
/**
 * \brief           Implementation of the ticket write callback
 *
 * \note            See \c mbedlts_ssl_ticket_write_t for description
 */

Variable mbedtls_ssl_ticket_parse

mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
/**
 * \brief           Implementation of the ticket parse callback
 *
 * \note            See \c mbedlts_ssl_ticket_parse_t for description
 */

Consts

Types

Typedefs

Typedef mbedtls_ssl_ticket_key;

typedef struct mbedtls_ssl_ticket_key
{
   unsigned char name[4];         /*!< random key identifier              */
   uint32_t generation_time;      /*!< key generation timestamp (seconds) */
   mbedtls_cipher_context_t ctx;  /*!< context for auth enc/decryption    */
}
mbedtls_ssl_ticket_key;
/**
 * \brief   Information for session ticket protection
 */

Typedef mbedtls_ssl_ticket_context;

typedef struct mbedtls_ssl_ticket_context
{
   mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
   unsigned char active;          /*!< index of the currently active key  */

   uint32_t ticket_lifetime;      /*!< lifetime of tickets in seconds     */

   /** Callback for getting (pseudo-)random numbers                        */
   int (*f_rng)(void *, unsigned char *, size_t);
   void *p_rng;                   /*!< context for the RNG function       */

#if defined(MBEDTLS_THREADING_C)
   mbedtls_threading_mutex_t mutex;
#endif
}
mbedtls_ssl_ticket_context;
/**
 * \brief   Context for session ticket handling functions
 */