diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 5596cc1b4..b51cc876c 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -328,6 +328,7 @@ typedef struct _ssl_session ssl_session; typedef struct _ssl_context ssl_context; typedef struct _ssl_transform ssl_transform; typedef struct _ssl_handshake_params ssl_handshake_params; +typedef struct _ssl_ticket_keys ssl_ticket_keys; /* * This structure is used for storing current session data. @@ -445,6 +446,14 @@ struct _ssl_handshake_params int new_session_ticket; /*!< use NewSessionTicket? */ }; +/* + * Parameters needed to secure session tickets + */ +struct _ssl_ticket_keys +{ + unsigned char key_name[16]; /*!< name to quickly discard bad tickets */ +}; + struct _ssl_context { /* @@ -553,6 +562,11 @@ struct _ssl_context const char *peer_cn; /*!< expected peer CN */ #endif /* POLARSSL_X509_PARSE_C */ + /* + * Support for generating and checking session tickets + */ + ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */ + /* * User settings */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 5b7db1718..117830980 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -165,7 +165,10 @@ static int ssl_write_ticket( ssl_context *ssl, size_t *tlen ) unsigned char *p = start; size_t clear_len, enc_len; - memset( p, 0, 16 ); // TODO: key_name + if( ssl->ticket_keys == NULL ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + + memcpy( p, ssl->ticket_keys->key_name, 16 ); p += 16; memset( p, 0, 16 ); // TODO: iv @@ -208,7 +211,7 @@ static int ssl_parse_ticket( ssl_context *ssl, const unsigned char *mac; size_t enc_len, clear_len; - if( len < 34 ) + if( len < 34 || ssl->ticket_keys == NULL ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1]; @@ -217,8 +220,8 @@ static int ssl_parse_ticket( ssl_context *ssl, if( len != enc_len + 66 ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); - // TODO: check key_name - (void) key_name; + if( memcmp( key_name, ssl->ticket_keys->key_name, 16 ) != 0 ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); // TODO: check hmac (void) mac; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f7b9bd99c..f4d6e2489 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2972,6 +2972,28 @@ int ssl_session_reset( ssl_context *ssl ) return( 0 ); } +/* + * Allocate and initialize ticket keys + */ +static int ssl_ticket_keys_init( ssl_context *ssl ) +{ + int ret; + ssl_ticket_keys *tkeys; + + if( ssl->ticket_keys != NULL ) + return( 0 ); + + if( ( tkeys = polarssl_malloc( sizeof( ssl_ticket_keys ) ) ) == NULL ) + return( POLARSSL_ERR_SSL_MALLOC_FAILED ); + + if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 ) + return( ret ); + + ssl->ticket_keys = tkeys; + + return( 0 ); +} + /* * SSL set accessors */ @@ -3232,7 +3254,13 @@ int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ) { ssl->session_tickets = use_tickets; - return( 0 ); + if( ssl->endpoint == SSL_IS_CLIENT ) + return( 0 ); + + if( ssl->f_rng == NULL ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + + return( ssl_ticket_keys_init( ssl ) ); } /* @@ -3671,6 +3699,8 @@ void ssl_free( ssl_context *ssl ) polarssl_free( ssl->session ); } + polarssl_free( ssl->ticket_keys ); + if ( ssl->hostname != NULL) { memset( ssl->hostname, 0, ssl->hostname_len );