mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 15:25:29 +00:00
Make cipher used in ssl tickets configurable
This commit is contained in:
parent
1041a39338
commit
a0adc1bbe4
|
@ -70,13 +70,20 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
|
||||||
* \param ctx Context to be set up
|
* \param ctx Context to be set up
|
||||||
* \param f_rng RNG callback function
|
* \param f_rng RNG callback function
|
||||||
* \param p_rng RNG callback context
|
* \param p_rng RNG callback context
|
||||||
|
* \param cipher AEAD cipher to use for ticket protection, eg
|
||||||
|
* MBEDTLS_CIPHER_AES_256_GCM or MBEDTLS_CIPHER_AES_256_CCM.
|
||||||
* \param lifetime Tickets lifetime in seconds
|
* \param lifetime Tickets lifetime in seconds
|
||||||
*
|
*
|
||||||
|
* \note It is highly recommended to select a cipher that is at
|
||||||
|
* least as strong as the the strongest ciphersuite
|
||||||
|
* supported. Usually that means a 256-bit key.
|
||||||
|
*
|
||||||
* \return 0 is successful,
|
* \return 0 is successful,
|
||||||
* or a specific MBEDTLS_ERR_XXX error code
|
* or a specific MBEDTLS_ERR_XXX error code
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||||
|
mbedtls_cipher_type_t cipher,
|
||||||
uint32_t lifetime );
|
uint32_t lifetime );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -61,10 +61,13 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||||
|
mbedtls_cipher_type_t cipher,
|
||||||
uint32_t lifetime )
|
uint32_t lifetime )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char buf[32];
|
unsigned char buf[32];
|
||||||
|
mbedtls_cipher_mode_t mode;
|
||||||
|
size_t key_bits;
|
||||||
|
|
||||||
ctx->f_rng = f_rng;
|
ctx->f_rng = f_rng;
|
||||||
ctx->p_rng = p_rng;
|
ctx->p_rng = p_rng;
|
||||||
|
@ -72,19 +75,32 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
||||||
ctx->ticket_lifetime = lifetime;
|
ctx->ticket_lifetime = lifetime;
|
||||||
|
|
||||||
if( ( ret = mbedtls_cipher_setup( &ctx->cipher,
|
if( ( ret = mbedtls_cipher_setup( &ctx->cipher,
|
||||||
mbedtls_cipher_info_from_type(
|
mbedtls_cipher_info_from_type( cipher) ) ) != 0 )
|
||||||
MBEDTLS_CIPHER_AES_256_GCM ) ) ) != 0 )
|
|
||||||
{
|
{
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mode = mbedtls_cipher_get_cipher_mode( &ctx->cipher );
|
||||||
|
if( mode != MBEDTLS_MODE_GCM && mode != MBEDTLS_MODE_CCM )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
key_bits = mbedtls_cipher_get_key_size( &ctx->cipher );
|
||||||
|
if( key_bits > 8 * sizeof( buf ) )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
if( ( ret = f_rng( p_rng, buf, sizeof( buf ) ) != 0 ) )
|
if( ( ret = f_rng( p_rng, buf, sizeof( buf ) ) != 0 ) )
|
||||||
{
|
{
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* With GCM and CCM, same context can encrypt & decrypt */
|
/* With GCM and CCM, same context can encrypt & decrypt */
|
||||||
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, 256,
|
if( ( ret = mbedtls_cipher_setkey( &ctx->cipher, buf, key_bits,
|
||||||
MBEDTLS_ENCRYPT ) ) != 0 )
|
MBEDTLS_ENCRYPT ) ) != 0 )
|
||||||
{
|
{
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
|
@ -1598,6 +1598,7 @@ int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
|
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg,
|
mbedtls_ctr_drbg_random, &ctr_drbg,
|
||||||
|
MBEDTLS_CIPHER_AES_256_GCM,
|
||||||
opt.ticket_timeout ) ) != 0 )
|
opt.ticket_timeout ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
|
||||||
|
|
Loading…
Reference in a new issue