Make cipher used in ssl tickets configurable

2024-11-22 16:35:41 +01:00 · 2015-05-25 10:35:16 +02:00 · 2015-05-25 10:35:16 +02:00 · a0adc1bbe4
commit a0adc1bbe4
parent 1041a39338
3 changed files with 27 additions and 3 deletions
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@ -70,13 +70,20 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
 * \param ctx       Context to be set up
 * \param f_rng     RNG callback function
 * \param p_rng     RNG callback context
+ * \param cipher    AEAD cipher to use for ticket protection, eg
+ *                  MBEDTLS_CIPHER_AES_256_GCM or MBEDTLS_CIPHER_AES_256_CCM.
 * \param lifetime  Tickets lifetime in seconds
 *
+ * \note            It is highly recommended to select a cipher that is at
+ *                  least as strong as the the strongest ciphersuite
+ *                  supported. Usually that means a 256-bit key.
+ *
 * \return          0 is successful,
 *                  or a specific MBEDTLS_ERR_XXX error code
 */
 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
    uint32_t lifetime );

 /**
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -61,10 +61,13 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
 */
 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
    uint32_t lifetime )
 {
    int ret;
    unsigned char buf[32];
+    mbedtls_cipher_mode_t mode;
+    size_t key_bits;

    ctx->f_rng = f_rng;
    ctx->p_rng = p_rng;
@ -72,19 +75,32 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
    ctx->ticket_lifetime = lifetime;

    if( ( ret = mbedtls_cipher_setup( &ctx->cipher,
-                mbedtls_cipher_info_from_type(
-                    MBEDTLS_CIPHER_AES_256_GCM ) ) ) != 0 )
+                mbedtls_cipher_info_from_type( cipher) ) ) != 0 )
    {
        goto cleanup;
    }

+    mode = mbedtls_cipher_get_cipher_mode( &ctx->cipher );
+    if( mode != MBEDTLS_MODE_GCM && mode != MBEDTLS_MODE_CCM )
+    {
+        ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    key_bits = mbedtls_cipher_get_key_size( &ctx->cipher );
+    if( key_bits > 8 * sizeof( buf ) )
+    {
+        ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
    if( ( ret = f_rng( p_rng, buf, sizeof( buf ) ) != 0 ) )
    {
        goto cleanup;
    }

    /* With GCM and CCM, same context can encrypt & decrypt */
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, 256,
+    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, key_bits,
                                       MBEDTLS_ENCRYPT ) ) != 0 )
    {
        goto cleanup;
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -1598,6 +1598,7 @@ int main( int argc, char *argv[] )
    {
        if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
                        mbedtls_ctr_drbg_random, &ctr_drbg,
+                        MBEDTLS_CIPHER_AES_256_GCM,
                        opt.ticket_timeout ) ) != 0 )
        {
            mbedtls_printf( " failed\n  ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );