Move to callback for session tickets
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3f3a369..17bdede 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -563,9 +563,6 @@
typedef struct mbedtls_ssl_context mbedtls_ssl_context;
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-typedef struct mbedtls_ssl_ticket_keys mbedtls_ssl_ticket_keys;
-#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
#endif
@@ -750,20 +747,6 @@
#endif
};
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-/*
- * Parameters needed to secure session tickets
- */
-struct mbedtls_ssl_ticket_keys
-{
- unsigned char key_name[16]; /*!< name to quickly discard bad tickets */
- mbedtls_aes_context enc; /*!< encryption context */
- mbedtls_aes_context dec; /*!< decryption context */
- unsigned char mac_key[16]; /*!< authentication key */
- uint32_t ticket_lifetime;
-};
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
* List of certificate + private key pairs
@@ -844,6 +827,15 @@
void *p_cookie; /*!< context for the cookie callbacks */
#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ /** Callback to create & write a session ticket */
+ int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
+ unsigned char *, const unsigned char *, size_t *, uint32_t * );
+ /** Callback to parse a session ticket into a session structure */
+ int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+ void *p_ticket; /*!< context for the ticket callbacks */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
@@ -870,10 +862,6 @@
const char **alpn_list; /*!< ordered list of protocols */
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- mbedtls_ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
/*
* Numerical settings (int then char)
*/
@@ -1334,6 +1322,76 @@
void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
int (*f_get_timer)(void *) );
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+/**
+ * \brief Callback type: generate and write session ticket
+ *
+ * \note This describes what a callback implementation should do.
+ * This callback should generate and encrypted and
+ * authenticated ticket for the session and write it to the
+ * output buffer. Here, ticket means the opaque ticket part
+ * of the NewSessionTicket structure of RFC 5077.
+ *
+ * \param p_ticket Context for the callback
+ * \param session SSL session to bo written in the ticket
+ * \param start Start of the outpur buffer
+ * \param end End of the output buffer
+ * \param tlen On exit, holds the length written
+ * \param lifetime On exit, holds the lifetime of the ticket in seconds
+ *
+ * \return 0 if successful, or
+ * a specific MBEDTLS_ERR_XXX code.
+ */
+typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
+ const mbedtls_ssl_session *session,
+ unsigned char *start,
+ const unsigned char *end,
+ size_t *tlen,
+ uint32_t *lifetime );
+
+/**
+ * \brief Callback type: parse and load session ticket
+ *
+ * \note This describes what a callback implementation should do.
+ * This callback should parse a session ticket as generated
+ * by the corresponding mbedtls_ssl_ticket_write_t function,
+ * and, if the ticket is authentic and valid, load the
+ * session.
+ *
+ * \note The implementation is allowed to modify the first len
+ * of the input buffer, eg to use it as a temporary area for
+ * the decrypted ticket contents.
+ *
+ * \param p_ticket Context for the callback
+ * \param session SSL session to be loaded
+ * \param buf Start of the buffer containing the ticket
+ * \param len Length of the ticket.
+ *
+ * \return 0 if successful, or
+ * MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
+ * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
+ * any other non-zero code for other failures.
+ */
+typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
+ mbedtls_ssl_session *session,
+ unsigned char *buf,
+ size_t len );
+
+/**
+ * \brief Configure SSL session ticket callbacks
+ *
+ * \param conf SSL configuration context
+ * \param f_ticket_write Callback for writing a ticket
+ * \param f_ticket_parse Callback for parsing a ticket
+ * \param p_ticket Context shared by the two callbacks
+ */
+void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
+ mbedtls_ssl_ticket_write_t *f_ticket_write,
+ mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+ void *p_ticket );
+
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
/**
* \brief Set client's transport-level identification info.
@@ -2008,15 +2066,6 @@
* or a specific error code (server only).
*/
int mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
-
-/**
- * \brief Set session ticket lifetime (server only)
- * (Default: MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
- *
- * \param conf SSL configuration
- * \param lifetime session ticket lifetime
- */
-void mbedtls_ssl_conf_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime );
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 0e69513..1bbd646 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -30,19 +30,69 @@
extern "C" {
#endif
-/* Temporary, WIP */
-int mbedtls_ssl_ticket_write( void *p_ticket,
- const mbedtls_ssl_session *session,
- unsigned char *start,
- const unsigned char *end,
- size_t *tlen,
- uint32_t *ticket_lifetime );
-/* Temporary, WIP */
-int mbedtls_ssl_ticket_parse( void *p_ticket,
- mbedtls_ssl_session *session,
- unsigned char *buf,
- size_t len );
+/**
+ * \brief Context for session ticket handling functions
+ */
+typedef struct
+{
+ unsigned char key_name[16]; /*!< name to quickly reject bad tickets */
+ mbedtls_aes_context enc; /*!< encryption context */
+ mbedtls_aes_context dec; /*!< decryption context */
+ unsigned char mac_key[16]; /*!< authentication key */
+
+ uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
+
+ /** Callback for getting (pseudo-)random numbers */
+ int (*f_rng)(void *, unsigned char *, size_t);
+ void *p_rng; /*!< context for the RNG function */
+}
+mbedtls_ssl_ticket_context;
+
+/**
+ * \brief Initialize a ticket context.
+ * (Just make it ready for mbedtls_ssl_ticket_setup()
+ * or mbedtls_ssl_ticket_free().)
+ *
+ * \param ctx Context to be initialized
+ */
+void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
+
+/**
+ * \brief Prepare context to be actually used
+ *
+ * \param ctx Context to be set up
+ * \param f_rng RNG callback function
+ * \param p_rng RNG callback context
+ * \param lifetime Tickets lifetime in seconds
+ *
+ * \return 0 is successful,
+ * or a specific MBEDTLS_ERR_XXX error code
+ */
+int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ uint32_t lifetime );
+
+/**
+ * \brief Implementation of the ticket write callback
+ *
+ * \note See \c mbedlts_ssl_ticket_write_t for description
+ */
+mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
+
+/**
+ * \brief Implementation of the ticket parse callback
+ *
+ * \note See \c mbedlts_ssl_ticket_parse_t for description
+ */
+mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
+
+/**
+ * \brief Free a context's content and zeroize it.
+ *
+ * \param ctx Context to be cleaned up
+ */
+void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
#ifdef __cplusplus
}
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 688248f..06a6c0b 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -413,8 +413,11 @@
int ret;
mbedtls_ssl_session session;
- if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
+ if( ssl->conf->f_ticket_parse == NULL ||
+ ssl->conf->f_ticket_write == NULL )
+ {
return( 0 );
+ }
/* Remember the client asked us to send a new ticket */
ssl->handshake->new_session_ticket = 1;
@@ -435,11 +438,18 @@
/*
* Failures are ok: just ignore the ticket and proceed.
*/
- if( ( ret = mbedtls_ssl_ticket_parse( ssl->conf->ticket_keys, &session,
- buf, len ) ) != 0 )
+ if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session,
+ buf, len ) ) != 0 )
{
mbedtls_ssl_session_free( &session );
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_parse", ret );
+
+ if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) );
+ else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED )
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) );
+ else
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_parse", ret );
+
return( 0 );
}
@@ -3525,7 +3535,7 @@
* 10 . 9+n ticket content
*/
- if( ( ret = mbedtls_ssl_ticket_write( ssl->conf->ticket_keys,
+ if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket,
ssl->session_negotiate,
ssl->out_msg + 10,
ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN,
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 181f045..c1881b7 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -39,6 +39,56 @@
#include <string.h>
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * Initialze context
+ */
+void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
+{
+ memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) );
+}
+
+/*
+ * Setup context for actual use
+ */
+int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ uint32_t lifetime )
+{
+ int ret;
+ unsigned char buf[16];
+
+ ctx->f_rng = f_rng;
+ ctx->p_rng = p_rng;
+
+ ctx->ticket_lifetime = lifetime;
+
+ mbedtls_aes_init( &ctx->enc );
+ mbedtls_aes_init( &ctx->dec );
+
+ if( ( ret = f_rng( p_rng, ctx->key_name, 16 ) != 0 ) ||
+ ( ret = f_rng( p_rng, ctx->mac_key, 16 ) != 0 ) ||
+ ( ret = f_rng( p_rng, buf, 16 ) != 0 ) )
+ {
+ return( ret );
+ }
+
+ if( ( ret = mbedtls_aes_setkey_enc( &ctx->enc, buf, 128 ) ) != 0 ||
+ ( ret = mbedtls_aes_setkey_dec( &ctx->dec, buf, 128 ) ) != 0 )
+ {
+ mbedtls_ssl_ticket_free( ctx );
+ return( ret );
+ }
+
+ mbedtls_zeroize( buf, sizeof( buf ) );
+
+ return( 0 );
+}
+
/*
* Serialize a session in the following format:
* 0 . n-1 session structure, n = sizeof(mbedtls_ssl_session)
@@ -170,7 +220,7 @@
uint32_t *ticket_lifetime )
{
int ret;
- mbedtls_ssl_ticket_keys *ctx = p_ticket;
+ mbedtls_ssl_ticket_context *ctx = p_ticket;
unsigned char *p = start;
unsigned char *state;
unsigned char iv[16];
@@ -194,7 +244,8 @@
p += 16;
/* Generate and write IV (with a copy for aes_crypt) */
- memset( p, 0x2a, 16 ); /* Temporary WIP */
+ if( ( ret = ctx->f_rng( ctx->p_rng, p, 16 ) ) != 0 )
+ return( ret );
memcpy( iv, p, 16 );
p += 16;
@@ -244,7 +295,7 @@
size_t len )
{
int ret;
- mbedtls_ssl_ticket_keys *ctx = p_ticket;
+ mbedtls_ssl_ticket_context *ctx = p_ticket;
unsigned char *key_name = buf;
unsigned char *iv = buf + 16;
unsigned char *enc_len_p = iv + 16;
@@ -317,4 +368,15 @@
return( 0 );
}
+/*
+ * Free context
+ */
+void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
+{
+ mbedtls_aes_free( &ctx->enc );
+ mbedtls_aes_free( &ctx->dec );
+
+ mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
+}
+
#endif /* MBEDTLS_SSL_TICKET_C */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 25a4deb..8241100 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5146,56 +5146,6 @@
return( 0 );
}
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static void ssl_ticket_keys_free( mbedtls_ssl_ticket_keys *tkeys )
-{
- mbedtls_aes_free( &tkeys->enc );
- mbedtls_aes_free( &tkeys->dec );
-
- mbedtls_zeroize( tkeys, sizeof(mbedtls_ssl_ticket_keys) );
-}
-
-/*
- * Allocate and initialize ticket keys
- */
-static int ssl_ticket_keys_init( mbedtls_ssl_config *conf )
-{
- int ret;
- mbedtls_ssl_ticket_keys *tkeys;
- unsigned char buf[16];
-
- if( conf->ticket_keys != NULL )
- return( 0 );
-
- tkeys = mbedtls_malloc( sizeof(mbedtls_ssl_ticket_keys) );
- if( tkeys == NULL )
- return( MBEDTLS_ERR_SSL_MALLOC_FAILED );
-
- mbedtls_aes_init( &tkeys->enc );
- mbedtls_aes_init( &tkeys->dec );
-
- /* Temporary WIP! Using hardcoded keys. This is to remove the dependency
- * on the RNG and allow puttint the keys in conf. Key generation will soon
- * be move outside the main SSL module anyway. */
-
- memset( tkeys->key_name, 'x', 16 );
- memset( tkeys->mac_key, 0x2a, 16 );
- memset( buf, 0x2a, 16 );
-
- if( ( ret = mbedtls_aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 ||
- ( ret = mbedtls_aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 )
- {
- ssl_ticket_keys_free( tkeys );
- mbedtls_free( tkeys );
- return( ret );
- }
-
- conf->ticket_keys = tkeys;
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
/*
* SSL set accessors
*/
@@ -5691,20 +5641,17 @@
{
conf->session_tickets = use_tickets;
-#if defined(MBEDTLS_SSL_CLI_C)
- if( conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- return( 0 );
-#endif
-
- if( use_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
- return( 0 );
-
- return( ssl_ticket_keys_init( conf ) );
+ return( 0 );
}
-void mbedtls_ssl_conf_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime )
+void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
+ mbedtls_ssl_ticket_write_t *f_ticket_write,
+ mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+ void *p_ticket )
{
- conf->ticket_keys->ticket_lifetime = lifetime;
+ conf->f_ticket_write = f_ticket_write;
+ conf->f_ticket_parse = f_ticket_parse;
+ conf->p_ticket = p_ticket;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
@@ -6699,11 +6646,6 @@
conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- ssl_ticket_keys_init( &conf );
- conf->ticket_keys->ticket_lifetime = MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME;
-#endif
-
#if defined(MBEDTLS_SSL_SET_CURVES)
conf->curve_list = mbedtls_ecp_grp_id_list( );
#endif
@@ -6765,14 +6707,6 @@
}
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( conf->ticket_keys )
- {
- ssl_ticket_keys_free( conf->ticket_keys );
- mbedtls_free( conf->ticket_keys );
- }
-#endif
-
#if defined(MBEDTLS_X509_CRT_PARSE_C)
ssl_key_cert_free( conf->key_cert );
#endif
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index f0ef851..5f66d51 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -69,6 +69,10 @@
#include "mbedtls/ssl_cache.h"
#endif
+#if defined(MBEDTLS_SSL_TICKET_C)
+#include "mbedtls/ssl_ticket.h"
+#endif
+
#if defined(MBEDTLS_SSL_COOKIE_C)
#include "mbedtls/ssl_cookie.h"
#endif
@@ -114,7 +118,7 @@
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
-#define DFL_TICKET_TIMEOUT -1
+#define DFL_TICKET_TIMEOUT 86400
#define DFL_CACHE_MAX -1
#define DFL_CACHE_TIMEOUT -1
#define DFL_SNI NULL
@@ -190,7 +194,7 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n" \
- " ticket_timeout=%%d default: ticket default (1d)\n"
+ " ticket_timeout=%%d default: 86400 (one day)\n"
#else
#define USAGE_TICKETS ""
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
@@ -740,6 +744,9 @@
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_context ticket_ctx;
+#endif
#if defined(SNI_OPTION)
sni_entry *sni_info = NULL;
#endif
@@ -778,6 +785,9 @@
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_init( &ticket_ctx );
+#endif
#if defined(MBEDTLS_SSL_ALPN)
memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
#endif
@@ -1584,14 +1594,21 @@
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( ( ret = mbedtls_ssl_conf_session_tickets( &conf, opt.tickets ) ) != 0 )
+ if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session_tickets returned %d\n\n", ret );
- goto exit;
- }
+ if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
+ mbedtls_ctr_drbg_random, &ctr_drbg,
+ opt.ticket_timeout ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
+ goto exit;
+ }
- if( opt.ticket_timeout != -1 )
- mbedtls_ssl_conf_session_ticket_lifetime( &conf, opt.ticket_timeout );
+ mbedtls_ssl_conf_session_tickets_cb( &conf,
+ mbedtls_ssl_ticket_write,
+ mbedtls_ssl_ticket_parse,
+ &ticket_ctx );
+ }
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -2203,6 +2220,9 @@
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_free( &ticket_ctx );
+#endif
#if defined(MBEDTLS_SSL_COOKIE_C)
mbedtls_ssl_cookie_free( &cookie_ctx );
#endif