Authenticate session tickets.

2013-08-03 17:16:31 +02:00 · 2013-08-03 17:16:31 +02:00 · 56dc9e8bba
commit 56dc9e8bba
parent 990c51a557
3 changed files with 17 additions and 5 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -455,6 +455,7 @@ struct _ssl_ticket_keys
    unsigned char key_name[16];     /*!< name to quickly discard bad tickets */
    aes_context enc;                /*!< encryption context                  */
    aes_context dec;                /*!< decryption context                  */
+    unsigned char mac_key[16];      /*!< authentication key                  */
 };

 struct _ssl_context
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -204,8 +204,8 @@ static int ssl_write_ticket( ssl_context *ssl, size_t *tlen )
    *p++ = (unsigned char)( ( enc_len      ) & 0xFF );
    p = state + enc_len;

-    /* Compute and write MAC */
-    memset( p, 0, 32 );
+    /* Compute and write MAC( key_name + iv + enc_state_len + enc_state ) */
+    sha256_hmac( ssl->ticket_keys->mac_key, 16, start, p - start, p, 0 );
    p += 32;

    *tlen = p - start;
@ -229,6 +229,7 @@ static int ssl_parse_ticket( ssl_context *ssl,
    unsigned char *enc_len_p = iv + 16;
    unsigned char *ticket = enc_len_p + 2;
    unsigned char *mac;
+    unsigned char computed_mac[16];
    size_t enc_len, clear_len, i;
    unsigned char pad_len;

@ -247,8 +248,15 @@ static int ssl_parse_ticket( ssl_context *ssl,
    if( memcmp( key_name, ssl->ticket_keys->key_name, 16 ) != 0 )
        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );

-    // TODO: check hmac
-    (void) mac;
+    /* Check mac */
+    sha256_hmac( ssl->ticket_keys->mac_key, 16, buf, len - 32,
+                 computed_mac, 0 );
+    ret = 0;
+    for( i = 0; i < 32; i++ )
+        if( mac[i] != computed_mac[i] )
+            ret = POLARSSL_ERR_SSL_INVALID_MAC;
+    if( ret != 0 )
+        return( ret );

    /* Decrypt */
    if( ( ret = aes_crypt_cbc( &ssl->ticket_keys->dec, AES_DECRYPT,
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2979,7 +2979,7 @@ static int ssl_ticket_keys_init( ssl_context *ssl )
 {
    int ret;
    ssl_ticket_keys *tkeys;
-    unsigned char buf[32];
+    unsigned char buf[16];

    if( ssl->ticket_keys != NULL )
        return( 0 );
@ -2997,6 +2997,9 @@ static int ssl_ticket_keys_init( ssl_context *ssl )
            return( ret );
    }

+    if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 )
+        return( ret );
+
    ssl->ticket_keys = tkeys;

    return( 0 );