36 void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx)  in mbedtls_ssl_ticket_init()  argument
38     memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context));  in mbedtls_ssl_ticket_init()
41     mbedtls_mutex_init(&ctx->mutex);  in mbedtls_ssl_ticket_init()
64 static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx,  in ssl_ticket_gen_key()  argument
69     mbedtls_ssl_ticket_key *key = ctx->keys + index;  in ssl_ticket_gen_key()
81     key->lifetime = ctx->ticket_lifetime;  in ssl_ticket_gen_key()
83     if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) {  in ssl_ticket_gen_key()
87     if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) {  in ssl_ticket_gen_key()
104     ret = mbedtls_cipher_setkey(&key->ctx, buf,  in ssl_ticket_gen_key()
105                                 mbedtls_cipher_get_key_bitlen(&key->ctx),  in ssl_ticket_gen_key()
118 static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx)  in ssl_ticket_update_keys()  argument
121     ((void) ctx);  in ssl_ticket_update_keys()
123     mbedtls_ssl_ticket_key * const key = ctx->keys + ctx->active;  in ssl_ticket_update_keys()
137         ctx->active = 1 - ctx->active;  in ssl_ticket_update_keys()
140         if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) {  in ssl_ticket_update_keys()
145         return ssl_ticket_gen_key(ctx, ctx->active);  in ssl_ticket_update_keys()
154 int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx,  in mbedtls_ssl_ticket_rotate()  argument
159     const unsigned char idx = 1 - ctx->active;  in mbedtls_ssl_ticket_rotate()
160     mbedtls_ssl_ticket_key * const key = ctx->keys + idx;  in mbedtls_ssl_ticket_rotate()
168     const int bitlen = mbedtls_cipher_get_key_bitlen(&key->ctx);  in mbedtls_ssl_ticket_rotate()
194     ret = mbedtls_cipher_setkey(&key->ctx, k, bitlen, MBEDTLS_ENCRYPT);  in mbedtls_ssl_ticket_rotate()
200     ctx->active = idx;  in mbedtls_ssl_ticket_rotate()
201     ctx->ticket_lifetime = lifetime;  in mbedtls_ssl_ticket_rotate()
214 int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,  in mbedtls_ssl_ticket_setup()  argument
254     ctx->f_rng = f_rng;  in mbedtls_ssl_ticket_setup()
255     ctx->p_rng = p_rng;  in mbedtls_ssl_ticket_setup()
257     ctx->ticket_lifetime = lifetime;  in mbedtls_ssl_ticket_setup()
260     ctx->keys[0].alg = alg;  in mbedtls_ssl_ticket_setup()
261     ctx->keys[0].key_type = key_type;  in mbedtls_ssl_ticket_setup()
262     ctx->keys[0].key_bits = key_bits;  in mbedtls_ssl_ticket_setup()
264     ctx->keys[1].alg = alg;  in mbedtls_ssl_ticket_setup()
265     ctx->keys[1].key_type = key_type;  in mbedtls_ssl_ticket_setup()
266     ctx->keys[1].key_bits = key_bits;  in mbedtls_ssl_ticket_setup()
268     if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) != 0) {  in mbedtls_ssl_ticket_setup()
272     if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) != 0) {  in mbedtls_ssl_ticket_setup()
277     if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 ||  in mbedtls_ssl_ticket_setup()
278         (ret = ssl_ticket_gen_key(ctx, 1)) != 0) {  in mbedtls_ssl_ticket_setup()
307     mbedtls_ssl_ticket_context *ctx = p_ticket;  in mbedtls_ssl_ticket_write()  local
321     if (ctx == NULL || ctx->f_rng == NULL) {  in mbedtls_ssl_ticket_write()
330     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {  in mbedtls_ssl_ticket_write()
335     if ((ret = ssl_ticket_update_keys(ctx)) != 0) {  in mbedtls_ssl_ticket_write()
339     key = &ctx->keys[ctx->active];  in mbedtls_ssl_ticket_write()
345     if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) {  in mbedtls_ssl_ticket_write()
369     if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx,  in mbedtls_ssl_ticket_write()
389     if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {  in mbedtls_ssl_ticket_write()
401     mbedtls_ssl_ticket_context *ctx,  in ssl_ticket_select_key()  argument
406     for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) {  in ssl_ticket_select_key()
407         if (memcmp(name, ctx->keys[i].name, 4) == 0) {  in ssl_ticket_select_key()
408             return &ctx->keys[i];  in ssl_ticket_select_key()
424     mbedtls_ssl_ticket_context *ctx = p_ticket;  in mbedtls_ssl_ticket_parse()  local
436     if (ctx == NULL || ctx->f_rng == NULL) {  in mbedtls_ssl_ticket_parse()
445     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {  in mbedtls_ssl_ticket_parse()
450     if ((ret = ssl_ticket_update_keys(ctx)) != 0) {  in mbedtls_ssl_ticket_parse()
462     if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) {  in mbedtls_ssl_ticket_parse()
479     if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx,  in mbedtls_ssl_ticket_parse()
524     if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {  in mbedtls_ssl_ticket_parse()
535 void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)  in mbedtls_ssl_ticket_free()  argument
537     if (ctx == NULL) {  in mbedtls_ssl_ticket_free()
542     psa_destroy_key(ctx->keys[0].key);  in mbedtls_ssl_ticket_free()
543     psa_destroy_key(ctx->keys[1].key);  in mbedtls_ssl_ticket_free()
545     mbedtls_cipher_free(&ctx->keys[0].ctx);  in mbedtls_ssl_ticket_free()
546     mbedtls_cipher_free(&ctx->keys[1].ctx);  in mbedtls_ssl_ticket_free()
550     mbedtls_mutex_free(&ctx->mutex);  in mbedtls_ssl_ticket_free()
553     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context));  in mbedtls_ssl_ticket_free()