From a0adc1bbe473644c9a2b5c149a193843d7bbff80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 25 May 2015 10:35:16 +0200 Subject: [PATCH] Make cipher used in ssl tickets configurable --- include/mbedtls/ssl_ticket.h | 7 +++++++ library/ssl_ticket.c | 22 +++++++++++++++++++--- programs/ssl/ssl_server2.c | 1 + 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 42842c5186..3612a92eba 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -70,13 +70,20 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); * \param ctx Context to be set up * \param f_rng RNG callback function * \param p_rng RNG callback context + * \param cipher AEAD cipher to use for ticket protection, eg + * MBEDTLS_CIPHER_AES_256_GCM or MBEDTLS_CIPHER_AES_256_CCM. * \param lifetime Tickets lifetime in seconds * + * \note It is highly recommended to select a cipher that is at + * least as strong as the the strongest ciphersuite + * supported. Usually that means a 256-bit key. + * * \return 0 is successful, * or a specific MBEDTLS_ERR_XXX error code */ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_cipher_type_t cipher, uint32_t lifetime ); /** diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 99550601a5..8994cef5ab 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -61,10 +61,13 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) */ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_cipher_type_t cipher, uint32_t lifetime ) { int ret; unsigned char buf[32]; + mbedtls_cipher_mode_t mode; + size_t key_bits; ctx->f_rng = f_rng; ctx->p_rng = p_rng; @@ -72,19 +75,32 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, ctx->ticket_lifetime = lifetime; if( ( ret = mbedtls_cipher_setup( &ctx->cipher, - mbedtls_cipher_info_from_type( - MBEDTLS_CIPHER_AES_256_GCM ) ) ) != 0 ) + mbedtls_cipher_info_from_type( cipher) ) ) != 0 ) { goto cleanup; } + mode = mbedtls_cipher_get_cipher_mode( &ctx->cipher ); + if( mode != MBEDTLS_MODE_GCM && mode != MBEDTLS_MODE_CCM ) + { + ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + goto cleanup; + } + + key_bits = mbedtls_cipher_get_key_size( &ctx->cipher ); + if( key_bits > 8 * sizeof( buf ) ) + { + ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + goto cleanup; + } + if( ( ret = f_rng( p_rng, buf, sizeof( buf ) ) != 0 ) ) { goto cleanup; } /* With GCM and CCM, same context can encrypt & decrypt */ - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, 256, + if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, key_bits, MBEDTLS_ENCRYPT ) ) != 0 ) { goto cleanup; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5f66d51a4c..390450bf2e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1598,6 +1598,7 @@ int main( int argc, char *argv[] ) { if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx, mbedtls_ctr_drbg_random, &ctr_drbg, + MBEDTLS_CIPHER_AES_256_GCM, opt.ticket_timeout ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );