xref: /third_party/mbedtls/library/ssl_ticket.c

36 void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx)
38     memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context));
41     mbedtls_mutex_init(&ctx->mutex);
64 static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx,
69     mbedtls_ssl_ticket_key *key = ctx->keys + index;
81     key->lifetime = ctx->ticket_lifetime;
83     if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) {
87     if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) {
104     ret = mbedtls_cipher_setkey(&key->ctx, buf,
105                                 mbedtls_cipher_get_key_bitlen(&key->ctx),
118 static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx)
121     ((void) ctx);
123     mbedtls_ssl_ticket_key * const key = ctx->keys + ctx->active;
137         ctx->active = 1 - ctx->active;
140         if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) {
145         return ssl_ticket_gen_key(ctx, ctx->active);
154 int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx,
159     const unsigned char idx = 1 - ctx->active;
160     mbedtls_ssl_ticket_key * const key = ctx->keys + idx;
168     const int bitlen = mbedtls_cipher_get_key_bitlen(&key->ctx);
194     ret = mbedtls_cipher_setkey(&key->ctx, k, bitlen, MBEDTLS_ENCRYPT);
200     ctx->active = idx;
201     ctx->ticket_lifetime = lifetime;
214 int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
254     ctx->f_rng = f_rng;
255     ctx->p_rng = p_rng;
257     ctx->ticket_lifetime = lifetime;
260     ctx->keys[0].alg = alg;
261     ctx->keys[0].key_type = key_type;
262     ctx->keys[0].key_bits = key_bits;
264     ctx->keys[1].alg = alg;
265     ctx->keys[1].key_type = key_type;
266     ctx->keys[1].key_bits = key_bits;
268     if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) != 0) {
272     if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) != 0) {
277     if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 ||
278         (ret = ssl_ticket_gen_key(ctx, 1)) != 0) {
307     mbedtls_ssl_ticket_context *ctx = p_ticket;
321     if (ctx == NULL || ctx->f_rng == NULL) {
330     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
335     if ((ret = ssl_ticket_update_keys(ctx)) != 0) {
339     key = &ctx->keys[ctx->active];
345     if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) {
369     if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx,
389     if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
401     mbedtls_ssl_ticket_context *ctx,
406     for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) {
407         if (memcmp(name, ctx->keys[i].name, 4) == 0) {
408             return &ctx->keys[i];
424     mbedtls_ssl_ticket_context *ctx = p_ticket;
436     if (ctx == NULL || ctx->f_rng == NULL) {
445     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
450     if ((ret = ssl_ticket_update_keys(ctx)) != 0) {
462     if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) {
479     if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx,
524     if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
535 void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)
538     psa_destroy_key(ctx->keys[0].key);
539     psa_destroy_key(ctx->keys[1].key);
541     mbedtls_cipher_free(&ctx->keys[0].ctx);
542     mbedtls_cipher_free(&ctx->keys[1].ctx);
546     mbedtls_mutex_free(&ctx->mutex);
549     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context));

Indexes created Thu Nov 07 10:32:03 CST 2024