[gnutls-devel] GnuTLS | Session ticket key rotation with TOTP (!695)
Ander Juaristi
gitlab at mg.gitlab.com
Mon Jul 16 15:52:52 CEST 2018
Ander Juaristi commented on a discussion on lib/stek.c:
> + };
> +
> + if (unlikely(session == NULL || ticket_data == NULL || ticket_data->data == NULL))
> + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
> +
> + if (ticket_data->size < TICKET_KEY_NAME_SIZE)
> + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
> +
> + if ((retval = rotate(session)) < 0)
> + return gnutls_assert_val(retval);
> +
> + /*
> + * Is current key valid?
> + * We compare the first 16 bytes --> The key_name field.
> + */
> + if (memcmp(ticket_data->data,
@nmav you are right. I had some code that did this initially, but then thought that would never happen and thrown that code away!
But you are right. This can happen and we need to check for it. What the previous code did was (in `_gnutls_get_session_ticket_decryption_key`):
1. Check current key. If it matches, use it to decrypt the ticket.
2. If it doesn't match, compute the previous key. This is easy - you only need the T parameter, so you just do `--t` and re-compute TOTP with that value.
3. Check the previous key. If it matches, use it to decrypt the ticket.
4. Else throw the ticket away.
I will re-implement this algorithm and push again.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/695#note_88239904
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180716/904f09aa/attachment.html>
More information about the Gnutls-devel
mailing list