NCBI C++ ToolKit
Classes | Macros | Typedefs | Functions | Variables
ssl_ticket.h File Reference

TLS server ticket callbacks implementation. More...

#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include "mbedtls/ssl.h"
#include "mbedtls/cipher.h"
+ Include dependency graph for ssl_ticket.h:

Go to the source code of this file.

Go to the SVN repository for this file.

Classes

struct  mbedtls_ssl_ticket_key
 Information for session ticket protection. More...
 
struct  mbedtls_ssl_ticket_context
 Context for session ticket handling functions. More...
 

Macros

#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES   32
 
#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES   4
 

Typedefs

typedef struct mbedtls_ssl_ticket_key mbedtls_ssl_ticket_key
 Information for session ticket protection. More...
 
typedef struct mbedtls_ssl_ticket_context mbedtls_ssl_ticket_context
 Context for session ticket handling functions. More...
 

Functions

void mbedtls_ssl_ticket_init (mbedtls_ssl_ticket_context *ctx)
 Initialize a ticket context. More...
 
int mbedtls_ssl_ticket_setup (mbedtls_ssl_ticket_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_cipher_type_t cipher, uint32_t lifetime)
 Prepare context to be actually used. More...
 
int mbedtls_ssl_ticket_rotate (mbedtls_ssl_ticket_context *ctx, const unsigned char *name, size_t nlength, const unsigned char *k, size_t klength, uint32_t lifetime)
 Rotate session ticket encryption key to new specified key. More...
 
void mbedtls_ssl_ticket_free (mbedtls_ssl_ticket_context *ctx)
 Free a context's content and zeroize it. More...
 

Variables

mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write
 Implementation of the ticket write callback. More...
 
mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse
 Implementation of the ticket parse callback. More...
 

Detailed Description

TLS server ticket callbacks implementation.

Definition in file ssl_ticket.h.

Macro Definition Documentation

◆ MBEDTLS_SSL_TICKET_KEY_NAME_BYTES

#define MBEDTLS_SSL_TICKET_KEY_NAME_BYTES   4

key name length in bytes

Definition at line 42 of file ssl_ticket.h.

◆ MBEDTLS_SSL_TICKET_MAX_KEY_BYTES

#define MBEDTLS_SSL_TICKET_MAX_KEY_BYTES   32

Max supported key length in bytes

Definition at line 41 of file ssl_ticket.h.

Typedef Documentation

◆ mbedtls_ssl_ticket_context

Context for session ticket handling functions.

◆ mbedtls_ssl_ticket_key

Information for session ticket protection.

Function Documentation

◆ mbedtls_ssl_ticket_free()

void mbedtls_ssl_ticket_free ( mbedtls_ssl_ticket_context ctx)

Free a context's content and zeroize it.

Parameters
ctxContext to be cleaned up

◆ mbedtls_ssl_ticket_init()

void mbedtls_ssl_ticket_init ( mbedtls_ssl_ticket_context ctx)

Initialize a ticket context.

(Just make it ready for mbedtls_ssl_ticket_setup() or mbedtls_ssl_ticket_free().)

Parameters
ctxContext to be initialized

◆ mbedtls_ssl_ticket_rotate()

int mbedtls_ssl_ticket_rotate ( mbedtls_ssl_ticket_context ctx,
const unsigned char *  name,
size_t  nlength,
const unsigned char *  k,
size_t  klength,
uint32_t  lifetime 
)

Rotate session ticket encryption key to new specified key.

Provides for external control of session ticket encryption key rotation, e.g. for synchronization between different machines. If this function is not used, or if not called before ticket lifetime expires, then a new session ticket encryption key is generated internally in order to avoid unbounded session ticket encryption key lifetimes.

Parameters
ctxContext to be set up
nameSession ticket encryption key name
nlengthSession ticket encryption key name length in bytes
kSession ticket encryption key
klengthSession ticket encryption key length in bytes
lifetimeTickets lifetime in seconds Recommended value: 86400 (one day).
Note
name and k are recommended to be cryptographically random data.
nlength must match sizeof( ctx->name )
klength must be sufficient for use by cipher specified to mbedtls_ssl_ticket_setup
It is recommended to pick a reasonable lifetime so as not to negate the benefits of forward secrecy.
The TLS 1.3 specification states that ticket lifetime must be smaller than seven days. If ticket lifetime has been set to a value greater than seven days in this module then if the TLS 1.3 is configured to send tickets after the handshake it will fail the connection when trying to send the first ticket.
Returns
0 if successful, or a specific MBEDTLS_ERR_XXX error code

◆ mbedtls_ssl_ticket_setup()

int mbedtls_ssl_ticket_setup ( mbedtls_ssl_ticket_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
mbedtls_cipher_type_t  cipher,
uint32_t  lifetime 
)

Prepare context to be actually used.

Parameters
ctxContext to be set up
f_rngRNG callback function (mandatory)
p_rngRNG callback context
cipherAEAD cipher to use for ticket protection. Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
lifetimeTickets lifetime in seconds Recommended value: 86400 (one day).
Note
It is highly recommended to select a cipher that is at least as strong as the strongest ciphersuite supported. Usually that means a 256-bit key.
It is recommended to pick a reasonable lifetime so as not to negate the benefits of forward secrecy.
The TLS 1.3 specification states that ticket lifetime must be smaller than seven days. If ticket lifetime has been set to a value greater than seven days in this module then if the TLS 1.3 is configured to send tickets after the handshake it will fail the connection when trying to send the first ticket.
Returns
0 if successful, or a specific MBEDTLS_ERR_XXX error code

Variable Documentation

◆ mbedtls_ssl_ticket_parse

mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse

Implementation of the ticket parse callback.

Note
See mbedtls_ssl_ticket_parse_t for description

Definition at line 184 of file ssl_ticket.h.

◆ mbedtls_ssl_ticket_write

mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write

Implementation of the ticket write callback.

Note
See mbedtls_ssl_ticket_write_t for description

Definition at line 177 of file ssl_ticket.h.

Modified on Mon May 27 04:39:41 2024 by modify_doxy.py rev. 669887