diff options
| author | Martin Willi <martin@revosec.ch> | 2011-12-31 01:41:56 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-12-31 13:14:49 +0100 |
| commit | 6a5c86b7ada9dd6a57290f228fd06b20cdf7011b (patch) | |
| tree | 5879b5f15615624aef0c62d0c0230b6ca9bdf4e3 /src/libtls/tls_crypto.h | |
| parent | ca5767621ba5491b2a2a0c011178249124f32cf7 (diff) | |
| download | strongswan-6a5c86b7ada9dd6a57290f228fd06b20cdf7011b.tar.bz2 strongswan-6a5c86b7ada9dd6a57290f228fd06b20cdf7011b.tar.xz | |
Implemented TLS session resumption both as client and as server
Diffstat (limited to 'src/libtls/tls_crypto.h')
| -rw-r--r-- | src/libtls/tls_crypto.h | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h index 35c9b6e05..344d08ffb 100644 --- a/src/libtls/tls_crypto.h +++ b/src/libtls/tls_crypto.h @@ -511,27 +511,43 @@ struct tls_crypto_t { * Derive the master secret, MAC and encryption keys. * * @param premaster premaster secret + * @param session session identifier to cache master secret + * @param id identity the session is bound to * @param client_random random data from client hello * @param server_random random data from server hello */ void (*derive_secrets)(tls_crypto_t *this, chunk_t premaster, + chunk_t session, identification_t *id, chunk_t client_random, chunk_t server_random); /** - * Change the cipher used at protection layer. + * Try to resume a TLS session, derive key material. * - * @param inbound TRUE to change inbound cipher, FALSE for outbound + * @param session session identifier + * @param id identity the session is bound to + * @param client_random random data from client hello + * @param server_random random data from server hello + * @param */ - void (*change_cipher)(tls_crypto_t *this, bool inbound); + tls_cipher_suite_t (*resume_session)(tls_crypto_t *this, chunk_t session, + identification_t *id, + chunk_t client_random, + chunk_t server_random); /** - * Derive the EAP-TLS MSK. + * Check if we have a session to resume as a client. * - * @param client_random random data from client hello - * @param server_random random data from server hello + * @param id server identity to get a session for + * @return allocated session identifier, or chunk_empty */ - void (*derive_eap_msk)(tls_crypto_t *this, - chunk_t client_random, chunk_t server_random); + chunk_t (*get_session)(tls_crypto_t *this, identification_t *id); + + /** + * Change the cipher used at protection layer. + * + * @param inbound TRUE to change inbound cipher, FALSE for outbound + */ + void (*change_cipher)(tls_crypto_t *this, bool inbound); /** * Get the MSK to use in EAP-TLS. @@ -548,7 +564,11 @@ struct tls_crypto_t { /** * Create a tls_crypto instance. + * + * @param tls TLS stack + * @param tls_cache TLS session cache + * @return TLS crypto helper */ -tls_crypto_t *tls_crypto_create(tls_t *tls); +tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache); #endif /** TLS_CRYPTO_H_ @}*/ |