From eaba1a22b8552f0410fe1519d7d0b606dc9ef3bb Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Wed, 6 Mar 2019 15:02:02 +0000
Subject: [tls] Support stateless session resumption

Add support for RFC5077 session ticket extensions to allow for
stateless TLS session resumption.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/include/ipxe/tls.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/include')

diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 0375a722..4bffde7c 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -63,6 +63,7 @@ struct tls_header {
 #define TLS_HELLO_REQUEST 0
 #define TLS_CLIENT_HELLO 1
 #define TLS_SERVER_HELLO 2
+#define TLS_NEW_SESSION_TICKET 4
 #define TLS_CERTIFICATE 11
 #define TLS_SERVER_KEY_EXCHANGE 12
 #define TLS_CERTIFICATE_REQUEST 13
@@ -108,6 +109,9 @@ struct tls_header {
 /* TLS signature algorithms extension */
 #define TLS_SIGNATURE_ALGORITHMS 13
 
+/* TLS session ticket extension */
+#define TLS_SESSION_TICKET 35
+
 /* TLS renegotiation information extension */
 #define TLS_RENEGOTIATION_INFO 0xff01
 
@@ -255,6 +259,10 @@ struct tls_session {
 	uint8_t id[32];
 	/** Length of session ID */
 	size_t id_len;
+	/** Session ticket */
+	void *ticket;
+	/** Length of session ticket */
+	size_t ticket_len;
 	/** Master secret */
 	uint8_t master_secret[48];
 
@@ -275,6 +283,10 @@ struct tls_connection {
 	uint8_t session_id[32];
 	/** Length of session ID */
 	size_t session_id_len;
+	/** New session ticket */
+	void *new_session_ticket;
+	/** Length of new session ticket */
+	size_t new_session_ticket_len;
 
 	/** Plaintext stream */
 	struct interface plainstream;
-- 
cgit v1.2.3-55-g7522