1 /** 2 * \file ssl_cookie.h 3 * 4 * \brief DTLS cookie callbacks implementation 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 9 * 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 * not use this file except in compliance with the License. 12 * You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, software 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 * See the License for the specific language governing permissions and 20 * limitations under the License. 21 */ 22 #ifndef MBEDTLS_SSL_COOKIE_H 23 #define MBEDTLS_SSL_COOKIE_H 24 #include "mbedtls/private_access.h" 25 26 #include "mbedtls/build_info.h" 27 28 #include "mbedtls/ssl.h" 29 30 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 31 #if defined(MBEDTLS_THREADING_C) 32 #include "mbedtls/threading.h" 33 #endif 34 #endif /* !MBEDTLS_USE_PSA_CRYPTO */ 35 36 /** 37 * \name SECTION: Module settings 38 * 39 * The configuration options you can set for this module are in this section. 40 * Either change them in mbedtls_config.h or define them on the compiler command line. 41 * \{ 42 */ 43 #ifndef MBEDTLS_SSL_COOKIE_TIMEOUT 44 #define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ 45 #endif 46 47 /** \} name SECTION: Module settings */ 48 49 #ifdef __cplusplus 50 extern "C" { 51 #endif 52 53 /** 54 * \brief Context for the default cookie functions. 55 */ 56 typedef struct mbedtls_ssl_cookie_ctx 57 { 58 #if defined(MBEDTLS_USE_PSA_CRYPTO) 59 mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */ 60 psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */ 61 #else 62 mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */ 63 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 64 #if !defined(MBEDTLS_HAVE_TIME) 65 unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */ 66 #endif 67 unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, 68 or in number of tickets issued */ 69 70 #if !defined(MBEDTLS_USE_PSA_CRYPTO) 71 #if defined(MBEDTLS_THREADING_C) 72 mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); 73 #endif 74 #endif /* !MBEDTLS_USE_PSA_CRYPTO */ 75 } mbedtls_ssl_cookie_ctx; 76 77 /** 78 * \brief Initialize cookie context 79 */ 80 void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ); 81 82 /** 83 * \brief Setup cookie context (generate keys) 84 */ 85 int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, 86 int (*f_rng)(void *, unsigned char *, size_t), 87 void *p_rng ); 88 89 /** 90 * \brief Set expiration delay for cookies 91 * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) 92 * 93 * \param ctx Cookie context 94 * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies 95 * issued in the meantime. 96 * 0 to disable expiration (NOT recommended) 97 */ 98 void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ); 99 100 /** 101 * \brief Free cookie context 102 */ 103 void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ); 104 105 /** 106 * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t 107 */ 108 mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write; 109 110 /** 111 * \brief Verify cookie, see \c mbedtls_ssl_cookie_write_t 112 */ 113 mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check; 114 115 #ifdef __cplusplus 116 } 117 #endif 118 119 #endif /* ssl_cookie.h */ 120
