mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 18:25:44 +01:00
Implement key rotation
This commit is contained in:
parent
887674a33b
commit
1e9c4db524
@ -52,6 +52,7 @@ mbedtls_ssl_ticket_key;
|
|||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
|
mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
|
||||||
|
unsigned char active; /*!< index of the currently active key */
|
||||||
|
|
||||||
uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
|
uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
|
||||||
|
|
||||||
|
@ -88,6 +88,34 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Rotate/generate keys if necessary
|
||||||
|
*/
|
||||||
|
static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
|
||||||
|
{
|
||||||
|
#if !defined(MBEDTLS_HAVE_TIME)
|
||||||
|
((void) ctx);
|
||||||
|
#else
|
||||||
|
if( ctx->ticket_lifetime != 0 )
|
||||||
|
{
|
||||||
|
uint32_t current_time = (uint32_t) time( NULL );
|
||||||
|
uint32_t key_time = ctx->keys[ctx->active].generation_time;
|
||||||
|
|
||||||
|
if( current_time > key_time &&
|
||||||
|
current_time - key_time < ctx->ticket_lifetime )
|
||||||
|
{
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx->active = 1 - ctx->active;
|
||||||
|
|
||||||
|
return( ssl_ticket_gen_key( ctx, ctx->active ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* MBEDTLS_HAVE_TIME */
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Setup context for actual use
|
* Setup context for actual use
|
||||||
*/
|
*/
|
||||||
@ -263,7 +291,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_ssl_ticket_context *ctx = p_ticket;
|
mbedtls_ssl_ticket_context *ctx = p_ticket;
|
||||||
mbedtls_ssl_ticket_key *key = ctx->keys;
|
mbedtls_ssl_ticket_key *key;
|
||||||
unsigned char *key_name = start;
|
unsigned char *key_name = start;
|
||||||
unsigned char *iv = start + 4;
|
unsigned char *iv = start + 4;
|
||||||
unsigned char *state_len_bytes = iv + 12;
|
unsigned char *state_len_bytes = iv + 12;
|
||||||
@ -286,6 +314,11 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
|
|||||||
return( ret );
|
return( ret );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
key = &ctx->keys[ctx->active];
|
||||||
|
|
||||||
*ticket_lifetime = ctx->ticket_lifetime;
|
*ticket_lifetime = ctx->ticket_lifetime;
|
||||||
|
|
||||||
memcpy( key_name, key->name, 4 );
|
memcpy( key_name, key->name, 4 );
|
||||||
@ -328,6 +361,22 @@ cleanup:
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Select key based on name
|
||||||
|
*/
|
||||||
|
static mbedtls_ssl_ticket_key *ssl_ticket_select_key(
|
||||||
|
mbedtls_ssl_ticket_context *ctx,
|
||||||
|
const unsigned char name[4] )
|
||||||
|
{
|
||||||
|
unsigned char i;
|
||||||
|
|
||||||
|
for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ )
|
||||||
|
if( memcmp( name, ctx->keys[i].name, 4 ) == 0 )
|
||||||
|
return( &ctx->keys[i] );
|
||||||
|
|
||||||
|
return( NULL );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Load session ticket (see mbedtls_ssl_ticket_write for structure)
|
* Load session ticket (see mbedtls_ssl_ticket_write for structure)
|
||||||
*/
|
*/
|
||||||
@ -338,7 +387,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_ssl_ticket_context *ctx = p_ticket;
|
mbedtls_ssl_ticket_context *ctx = p_ticket;
|
||||||
mbedtls_ssl_ticket_key *key = ctx->keys;
|
mbedtls_ssl_ticket_key *key;
|
||||||
unsigned char *key_name = buf;
|
unsigned char *key_name = buf;
|
||||||
unsigned char *iv = buf + 4;
|
unsigned char *iv = buf + 4;
|
||||||
unsigned char *enc_len_p = iv + 12;
|
unsigned char *enc_len_p = iv + 12;
|
||||||
@ -346,17 +395,21 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
|
|||||||
unsigned char *tag;
|
unsigned char *tag;
|
||||||
size_t enc_len, clear_len;
|
size_t enc_len, clear_len;
|
||||||
|
|
||||||
if( ctx == NULL || ctx->f_rng == NULL ||
|
if( ctx == NULL || ctx->f_rng == NULL )
|
||||||
len < 4 + 12 + 2 + 16 )
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
{
|
|
||||||
|
/* See mbedtls_ssl_ticket_write() */
|
||||||
|
if( len < 4 + 12 + 2 + 16 )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_THREADING_C)
|
#if defined(MBEDTLS_THREADING_C)
|
||||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
|
enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
|
||||||
tag = ticket + enc_len;
|
tag = ticket + enc_len;
|
||||||
|
|
||||||
@ -366,10 +419,12 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check name (public data) */
|
/* Select key */
|
||||||
if( memcmp( key_name, key->name, 4 ) != 0 )
|
if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL )
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
|
/* We can't know for sure but this is a likely option unless we're
|
||||||
|
* under attack - this is only informative anyway */
|
||||||
|
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -378,7 +433,9 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
|
|||||||
key_name, 4 + 12 + 2, ticket, enc_len,
|
key_name, 4 + 12 + 2, ticket, enc_len,
|
||||||
ticket, &clear_len, tag, 16 ) ) != 0 )
|
ticket, &clear_len, tag, 16 ) ) != 0 )
|
||||||
{
|
{
|
||||||
/* TODO: convert AUTH_FAILED to INVALID_MAC */
|
if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
|
||||||
|
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
|
||||||
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
if( clear_len != enc_len )
|
if( clear_len != enc_len )
|
||||||
|
Loading…
Reference in New Issue
Block a user