cosmopolitan/third_party/mbedtls/ssl_ticket.h

#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
#include "third_party/mbedtls/cipher.h"
#include "third_party/mbedtls/config.h"
#include "third_party/mbedtls/ssl.h"

/*
 * This implementation of the session ticket callbacks includes key
 * management, rotating the keys periodically in order to preserve forward
 * secrecy, when MBEDTLS_HAVE_TIME is defined.
 */

#ifdef __cplusplus
extern "C" {
#endif

/**
 * \brief   Information for session ticket protection
 */
typedef struct mbedtls_ssl_ticket_key
{
    unsigned char name[4];          /*!< random key identifier              */
    uint32_t generation_time;       /*!< key generation timestamp (seconds) */
    mbedtls_cipher_context_t ctx;   /*!< context for auth enc/decryption    */
}
mbedtls_ssl_ticket_key;

/**
 * \brief   Context for session ticket handling functions
 */
typedef struct mbedtls_ssl_ticket_context
{
    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
    unsigned char active;           /*!< index of the currently active key  */

    uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */

    /** Callback for getting (pseudo-)random numbers                        */
    int  (*f_rng)(void *, unsigned char *, size_t);
    void *p_rng;                    /*!< context for the RNG function       */
}
mbedtls_ssl_ticket_context;

/**
 * \brief           Initialize a ticket context.
 *                  (Just make it ready for mbedtls_ssl_ticket_setup()
 *                  or mbedtls_ssl_ticket_free().)
 *
 * \param ctx       Context to be initialized
 */
void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );

int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
    mbedtls_cipher_type_t cipher,
    uint32_t lifetime );

/**
 * \brief           Implementation of the ticket write callback
 *
 * \note            See \c mbedtls_ssl_ticket_write_t for description
 */
extern mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;

/**
 * \brief           Implementation of the ticket parse callback
 *
 * \note            See \c mbedtls_ssl_ticket_parse_t for description
 */
extern mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;

/**
 * \brief           Free a context's content and zeroize it.
 *
 * \param ctx       Context to be cleaned up
 */
void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );

#ifdef __cplusplus
}
#endif

#endif /* ssl_ticket.h */
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`#ifndef MBEDTLS_SSL_TICKET_H`
			`#define MBEDTLS_SSL_TICKET_H`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#include "third_party/mbedtls/cipher.h"`
Flatten Mbed TLS directory structure 2021-06-16 03:18:59 +00:00			`#include "third_party/mbedtls/config.h"`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#include "third_party/mbedtls/ssl.h"`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/*`
			`* This implementation of the session ticket callbacks includes key`
			`* management, rotating the keys periodically in order to preserve forward`
			`* secrecy, when MBEDTLS_HAVE_TIME is defined.`
			`*/`

			`#ifdef __cplusplus`
			`extern "C" {`
			`#endif`

			`/**`
			`* \brief Information for session ticket protection`
			`*/`
			`typedef struct mbedtls_ssl_ticket_key`
			`{`
			`unsigned char name[4]; /!< random key identifier /`
			`uint32_t generation_time; /!< key generation timestamp (seconds) /`
			`mbedtls_cipher_context_t ctx; /!< context for auth enc/decryption /`
			`}`
			`mbedtls_ssl_ticket_key;`

			`/**`
			`* \brief Context for session ticket handling functions`
			`*/`
			`typedef struct mbedtls_ssl_ticket_context`
			`{`
			`mbedtls_ssl_ticket_key keys[2]; /!< ticket protection keys /`
			`unsigned char active; /!< index of the currently active key /`

			`uint32_t ticket_lifetime; /!< lifetime of tickets in seconds /`

			`/** Callback for getting (pseudo-)random numbers */`
			`int (f_rng)(void , unsigned char *, size_t);`
			`void p_rng; /!< context for the RNG function */`
			`}`
			`mbedtls_ssl_ticket_context;`

			`/**`
			`* \brief Initialize a ticket context.`
			`* (Just make it ready for mbedtls_ssl_ticket_setup()`
			`* or mbedtls_ssl_ticket_free().)`
			`*`
			`* \param ctx Context to be initialized`
			`*/`
			`void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );`

			`int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,`
			`int (f_rng)(void , unsigned char , size_t), void p_rng,`
			`mbedtls_cipher_type_t cipher,`
			`uint32_t lifetime );`

			`/**`
			`* \brief Implementation of the ticket write callback`
			`*`
			`* \note See \c mbedtls_ssl_ticket_write_t for description`
			`*/`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`extern mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* \brief Implementation of the ticket parse callback`
			`*`
			`* \note See \c mbedtls_ssl_ticket_parse_t for description`
			`*/`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`extern mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* \brief Free a context's content and zeroize it.`
			`*`
			`* \param ctx Context to be cleaned up`
			`*/`
			`void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );`

			`#ifdef __cplusplus`
			`}`
			`#endif`

			`#endif /* ssl_ticket.h */`