Internal changes in preparation for key rotation

- two sets of keys - separate function for key generation/update
2026-02-18 16:33:01 +00:00 · 2015-05-25 11:00:19 +02:00
parent a0adc1bbe4
commit 887674a33b
2 changed files with 70 additions and 40 deletions
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -35,13 +35,23 @@
 extern "C" {
 #endif

+/**
+ * \brief   Information for session ticket protection
+ */
+typedef struct
+{
+    unsigned char name[4];          /*!< random key identifier              */
+    uint32_t generation_time;       /*!< key generation timestamp (seconds) */
+    mbedtls_cipher_context_t ctx;   /*!< context for auth enc/decryption    */
+}
+mbedtls_ssl_ticket_key;
+
 /**
 * \brief   Context for session ticket handling functions
 */
 typedef struct
 {
-    unsigned char key_name[4];      /*!< name to quickly reject bad tickets */
-    mbedtls_cipher_context_t cipher;/*!< cipher context                     */
+    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */

    uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */