42 void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx)  in mbedtls_ssl_ticket_init()  argument
44     memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context));  in mbedtls_ssl_ticket_init()
47     mbedtls_mutex_init(&ctx->mutex);  in mbedtls_ssl_ticket_init()
70 static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx,  in ssl_ticket_gen_key()  argument
75     mbedtls_ssl_ticket_key *key = ctx->keys + index;  in ssl_ticket_gen_key()
85     if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) {  in ssl_ticket_gen_key()
89     if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) {  in ssl_ticket_gen_key()
106     ret = mbedtls_cipher_setkey(&key->ctx, buf,  in ssl_ticket_gen_key()
107                                 mbedtls_cipher_get_key_bitlen(&key->ctx),  in ssl_ticket_gen_key()
120 static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx)  in ssl_ticket_update_keys()  argument
123     ((void) ctx);  in ssl_ticket_update_keys()
125     if (ctx->ticket_lifetime != 0) {  in ssl_ticket_update_keys()
127         mbedtls_time_t key_time = ctx->keys[ctx->active].generation_time;  in ssl_ticket_update_keys()
134             (uint64_t) (current_time - key_time) < ctx->ticket_lifetime) {  in ssl_ticket_update_keys()
138         ctx->active = 1 - ctx->active;  in ssl_ticket_update_keys()
141         if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) {  in ssl_ticket_update_keys()
146         return ssl_ticket_gen_key(ctx, ctx->active);  in ssl_ticket_update_keys()
155 int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx,  in mbedtls_ssl_ticket_rotate()  argument
160     const unsigned char idx = 1 - ctx->active;  in mbedtls_ssl_ticket_rotate()
161     mbedtls_ssl_ticket_key * const key = ctx->keys + idx;  in mbedtls_ssl_ticket_rotate()
169     const int bitlen = mbedtls_cipher_get_key_bitlen(&key->ctx);  in mbedtls_ssl_ticket_rotate()
195     ret = mbedtls_cipher_setkey(&key->ctx, k, bitlen, MBEDTLS_ENCRYPT);  in mbedtls_ssl_ticket_rotate()
201     ctx->active = idx;  in mbedtls_ssl_ticket_rotate()
202     ctx->ticket_lifetime = lifetime;  in mbedtls_ssl_ticket_rotate()
213 int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,  in mbedtls_ssl_ticket_setup()  argument
253     ctx->f_rng = f_rng;  in mbedtls_ssl_ticket_setup()
254     ctx->p_rng = p_rng;  in mbedtls_ssl_ticket_setup()
256     ctx->ticket_lifetime = lifetime;  in mbedtls_ssl_ticket_setup()
259     ctx->keys[0].alg = alg;  in mbedtls_ssl_ticket_setup()
260     ctx->keys[0].key_type = key_type;  in mbedtls_ssl_ticket_setup()
261     ctx->keys[0].key_bits = key_bits;  in mbedtls_ssl_ticket_setup()
263     ctx->keys[1].alg = alg;  in mbedtls_ssl_ticket_setup()
264     ctx->keys[1].key_type = key_type;  in mbedtls_ssl_ticket_setup()
265     ctx->keys[1].key_bits = key_bits;  in mbedtls_ssl_ticket_setup()
267     if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) != 0) {  in mbedtls_ssl_ticket_setup()
271     if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) != 0) {  in mbedtls_ssl_ticket_setup()
276     if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 ||  in mbedtls_ssl_ticket_setup()
277         (ret = ssl_ticket_gen_key(ctx, 1)) != 0) {  in mbedtls_ssl_ticket_setup()
306     mbedtls_ssl_ticket_context *ctx = p_ticket;  in mbedtls_ssl_ticket_write()  local
320     if (ctx == NULL || ctx->f_rng == NULL) {  in mbedtls_ssl_ticket_write()
329     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {  in mbedtls_ssl_ticket_write()
334     if ((ret = ssl_ticket_update_keys(ctx)) != 0) {  in mbedtls_ssl_ticket_write()
338     key = &ctx->keys[ctx->active];  in mbedtls_ssl_ticket_write()
340     *ticket_lifetime = ctx->ticket_lifetime;  in mbedtls_ssl_ticket_write()
344     if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) {  in mbedtls_ssl_ticket_write()
368     if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx,  in mbedtls_ssl_ticket_write()
388     if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {  in mbedtls_ssl_ticket_write()
400     mbedtls_ssl_ticket_context *ctx,  in ssl_ticket_select_key()  argument
405     for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) {  in ssl_ticket_select_key()
406         if (memcmp(name, ctx->keys[i].name, 4) == 0) {  in ssl_ticket_select_key()
407             return &ctx->keys[i];  in ssl_ticket_select_key()
423     mbedtls_ssl_ticket_context *ctx = p_ticket;  in mbedtls_ssl_ticket_parse()  local
435     if (ctx == NULL || ctx->f_rng == NULL) {  in mbedtls_ssl_ticket_parse()
444     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {  in mbedtls_ssl_ticket_parse()
449     if ((ret = ssl_ticket_update_keys(ctx)) != 0) {  in mbedtls_ssl_ticket_parse()
461     if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) {  in mbedtls_ssl_ticket_parse()
478     if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx,  in mbedtls_ssl_ticket_parse()
509             (uint32_t) (current_time - session->start) > ctx->ticket_lifetime) {  in mbedtls_ssl_ticket_parse()
518     if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {  in mbedtls_ssl_ticket_parse()
529 void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)  in mbedtls_ssl_ticket_free()  argument
532     psa_destroy_key(ctx->keys[0].key);  in mbedtls_ssl_ticket_free()
533     psa_destroy_key(ctx->keys[1].key);  in mbedtls_ssl_ticket_free()
535     mbedtls_cipher_free(&ctx->keys[0].ctx);  in mbedtls_ssl_ticket_free()
536     mbedtls_cipher_free(&ctx->keys[1].ctx);  in mbedtls_ssl_ticket_free()
540     mbedtls_mutex_free(&ctx->mutex);  in mbedtls_ssl_ticket_free()
543     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context));  in mbedtls_ssl_ticket_free()