Authenticate session tickets.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index cbec795..f94fda5 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -204,8 +204,8 @@
*p++ = (unsigned char)( ( enc_len ) & 0xFF );
p = state + enc_len;
- /* Compute and write MAC */
- memset( p, 0, 32 );
+ /* Compute and write MAC( key_name + iv + enc_state_len + enc_state ) */
+ sha256_hmac( ssl->ticket_keys->mac_key, 16, start, p - start, p, 0 );
p += 32;
*tlen = p - start;
@@ -229,6 +229,7 @@
unsigned char *enc_len_p = iv + 16;
unsigned char *ticket = enc_len_p + 2;
unsigned char *mac;
+ unsigned char computed_mac[16];
size_t enc_len, clear_len, i;
unsigned char pad_len;
@@ -247,8 +248,15 @@
if( memcmp( key_name, ssl->ticket_keys->key_name, 16 ) != 0 )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
- // TODO: check hmac
- (void) mac;
+ /* Check mac */
+ sha256_hmac( ssl->ticket_keys->mac_key, 16, buf, len - 32,
+ computed_mac, 0 );
+ ret = 0;
+ for( i = 0; i < 32; i++ )
+ if( mac[i] != computed_mac[i] )
+ ret = POLARSSL_ERR_SSL_INVALID_MAC;
+ if( ret != 0 )
+ return( ret );
/* Decrypt */
if( ( ret = aes_crypt_cbc( &ssl->ticket_keys->dec, AES_DECRYPT,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fb01c6c..a0bf9ce 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2979,7 +2979,7 @@
{
int ret;
ssl_ticket_keys *tkeys;
- unsigned char buf[32];
+ unsigned char buf[16];
if( ssl->ticket_keys != NULL )
return( 0 );
@@ -2997,6 +2997,9 @@
return( ret );
}
+ if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 )
+ return( ret );
+
ssl->ticket_keys = tkeys;
return( 0 );