1 /**
2  * \file ssl_cookie.h
3  *
4  * \brief DTLS cookie callbacks implementation
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 #ifndef MBEDTLS_SSL_COOKIE_H
11 #define MBEDTLS_SSL_COOKIE_H
12 #include "mbedtls/private_access.h"
13 
14 #include "mbedtls/build_info.h"
15 
16 #include "mbedtls/ssl.h"
17 
18 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
19 #if defined(MBEDTLS_THREADING_C)
20 #include "mbedtls/threading.h"
21 #endif
22 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
23 
24 /**
25  * \name SECTION: Module settings
26  *
27  * The configuration options you can set for this module are in this section.
28  * Either change them in mbedtls_config.h or define them on the compiler command line.
29  * \{
30  */
31 #ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
32 #define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
33 #endif
34 
35 /** \} name SECTION: Module settings */
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 /**
42  * \brief          Context for the default cookie functions.
43  */
44 typedef struct mbedtls_ssl_cookie_ctx {
45 #if defined(MBEDTLS_USE_PSA_CRYPTO)
46     mbedtls_svc_key_id_t    MBEDTLS_PRIVATE(psa_hmac_key);  /*!< key id for the HMAC portion   */
47     psa_algorithm_t         MBEDTLS_PRIVATE(psa_hmac_alg);  /*!< key algorithm for the HMAC portion   */
48 #else
49     mbedtls_md_context_t    MBEDTLS_PRIVATE(hmac_ctx);   /*!< context for the HMAC portion   */
50 #endif /* MBEDTLS_USE_PSA_CRYPTO */
51 #if !defined(MBEDTLS_HAVE_TIME)
52     unsigned long   MBEDTLS_PRIVATE(serial);     /*!< serial number for expiration   */
53 #endif
54     unsigned long   MBEDTLS_PRIVATE(timeout);    /*!< timeout delay, in seconds if HAVE_TIME,
55                                                     or in number of tickets issued */
56 
57 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
58 #if defined(MBEDTLS_THREADING_C)
59     mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
60 #endif
61 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
62 } mbedtls_ssl_cookie_ctx;
63 
64 /**
65  * \brief          Initialize cookie context
66  */
67 void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx);
68 
69 /**
70  * \brief          Setup cookie context (generate keys)
71  */
72 int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
73                              int (*f_rng)(void *, unsigned char *, size_t),
74                              void *p_rng);
75 
76 /**
77  * \brief          Set expiration delay for cookies
78  *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
79  *
80  * \param ctx      Cookie context
81  * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
82  *                 issued in the meantime.
83  *                 0 to disable expiration (NOT recommended)
84  */
85 void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay);
86 
87 /**
88  * \brief          Free cookie context
89  */
90 void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx);
91 
92 /**
93  * \brief          Generate cookie, see \c mbedtls_ssl_cookie_write_t
94  */
95 mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;
96 
97 /**
98  * \brief          Verify cookie, see \c mbedtls_ssl_cookie_write_t
99  */
100 mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;
101 
102 #ifdef __cplusplus
103 }
104 #endif
105 
106 #endif /* ssl_cookie.h */
107