[gnutls-devel] GnuTLS | Session ticket key rotation with TOTP (!695)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Sep 16 22:03:08 CEST 2018


Ander Juaristi commented on a discussion on lib/gnutls_int.h:

>  	int auth_info_size;	/* needed in order to store to db for restoring
>  				 */
>  	auth_cred_st *cred;	/* used to specify keys/certificates etc */
> +
> +	struct {
> +		/*
> +		 * The time step - we're rotating the session ticket key
> +		 * after every this amount of seconds
> +		 */
> +		unsigned int x;
> +		uint64_t last_result;
> +		uint8_t initialized;
> +		int was_rotated;
> +		gnutls_stek_rotation_callback_t cb;
> +	} totp;

> We can also make the intialized a tri-state, so that value of 1 means initialized, and 2 means initialized + rotated, to get rid of `was_rotated`.

I've removed the `initialized` variable instead, which was not being used.

I've also removed the `x` variable. Thanks for pointing this out.

Removing `session_ticket_key` and `previous_ticket_key` seems feasible, but will need a bit more work, and I don't have time now. I can write this down and address it later if you want.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/695#note_101696488
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180916/d223c77b/attachment-0001.html>


More information about the Gnutls-devel mailing list