[tls] Support stateless session resumption

Add support for RFC5077 session ticket extensions to allow for
stateless TLS session resumption.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 12 insertions, 0 deletions

diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 0375a722..4bffde7c 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -63,6 +63,7 @@ struct tls_header {
 #define TLS_HELLO_REQUEST 0
 #define TLS_CLIENT_HELLO 1
 #define TLS_SERVER_HELLO 2
+#define TLS_NEW_SESSION_TICKET 4
 #define TLS_CERTIFICATE 11
 #define TLS_SERVER_KEY_EXCHANGE 12
 #define TLS_CERTIFICATE_REQUEST 13
@@ -108,6 +109,9 @@ struct tls_header {
 /* TLS signature algorithms extension */
 #define TLS_SIGNATURE_ALGORITHMS 13
 
+/* TLS session ticket extension */
+#define TLS_SESSION_TICKET 35
+
 /* TLS renegotiation information extension */
 #define TLS_RENEGOTIATION_INFO 0xff01
 
@@ -255,6 +259,10 @@ struct tls_session {
 	uint8_t id[32];
 	/** Length of session ID */
 	size_t id_len;
+	/** Session ticket */
+	void *ticket;
+	/** Length of session ticket */
+	size_t ticket_len;
 	/** Master secret */
 	uint8_t master_secret[48];
 
@@ -275,6 +283,10 @@ struct tls_connection {
 	uint8_t session_id[32];
 	/** Length of session ID */
 	size_t session_id_len;
+	/** New session ticket */
+	void *new_session_ticket;
+	/** Length of new session ticket */
+	size_t new_session_ticket_len;
 
 	/** Plaintext stream */
 	struct interface plainstream;