aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-03-22 20:40:33 +0000
committerlloyd <[email protected]>2012-03-22 20:40:33 +0000
commit0a07acbfc915971a3da7e8f7e27819be8cbff923 (patch)
tree40f7c6114383bd6da5d793211b0839b24bfa392b
parent34940b08d7328a0baa51256781f5bb802a966217 (diff)
Call Credentials_Manager::psk for the session ticket key.
-rw-r--r--doc/examples/credentials.h16
-rw-r--r--src/tls/tls_server.cpp35
2 files changed, 37 insertions, 14 deletions
diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h
index 82a72406d..0999b251d 100644
--- a/doc/examples/credentials.h
+++ b/doc/examples/credentials.h
@@ -25,8 +25,8 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager
public:
Credentials_Manager_Simple(Botan::RandomNumberGenerator& rng) : rng(rng) {}
- std::string psk_identity_hint(const std::string& type,
- const std::string& context)
+ std::string psk_identity_hint(const std::string&,
+ const std::string&)
{
return "";
}
@@ -37,11 +37,19 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager
return "Client_identity";
}
- Botan::SymmetricKey psk(const std::string&, const std::string&,
+ Botan::SymmetricKey psk(const std::string& type, const std::string& context,
const std::string& identity)
{
+ if(type == "tls-server" && context == "session-ticket")
+ {
+ if(session_ticket_key.length() == 0)
+ session_ticket_key = Botan::SymmetricKey(rng, 32);
+ return session_ticket_key;
+ }
+
if(identity == "Client_identity")
return Botan::SymmetricKey("b5a72e1387552e6dc10766dc0eda12961f5b21e17f98ef4c41e6572e53bd7527");
+
throw Botan::Internal_Error("No PSK set for " + identity);
}
@@ -162,6 +170,8 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager
private:
Botan::RandomNumberGenerator& rng;
+
+ Botan::SymmetricKey session_ticket_key;
std::map<Botan::X509_Certificate, Botan::Private_Key*> certs_and_keys;
};
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 7632dfcdd..a0920fc28 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -20,6 +20,7 @@ namespace {
bool check_for_resume(Session& session_info,
Session_Manager& session_manager,
+ Credentials_Manager& credentials,
Client_Hello* client_hello)
{
const MemoryVector<byte>& client_session_id = client_hello->session_id();
@@ -39,10 +40,11 @@ bool check_for_resume(Session& session_info,
// If a session ticket was sent, ignore client session ID
try
{
-#warning fixed key
- session_info = Session::decrypt(session_ticket, SymmetricKey("ABCDEF"));
+ session_info = Session::decrypt(
+ session_ticket,
+ credentials.psk("tls-server", "session-ticket", ""));
}
- catch(std::exception& e)
+ catch(...)
{
return false;
}
@@ -212,6 +214,7 @@ void Server::process_handshake_msg(Handshake_Type type,
Session session_info;
const bool resuming = check_for_resume(session_info,
session_manager,
+ creds,
state->client_hello);
if(resuming)
@@ -251,12 +254,19 @@ void Server::process_handshake_msg(Handshake_Type type,
session_manager.remove_entry(session_info.session_id());
}
- // Should only send a new ticket if we need too (eg old session)
+ // FIXME: should only send a new ticket if we need too (eg old session)
if(state->server_hello->supports_session_ticket() && !state->new_session_ticket)
{
- state->new_session_ticket =
- new New_Session_Ticket(writer, state->hash,
- session_info.encrypt(SymmetricKey("ABCDEF"), rng));
+ try
+ {
+ SymmetricKey key = creds.psk("tls-server", "session-ticket", "");
+ state->new_session_ticket =
+ new New_Session_Ticket(writer, state->hash, session_info.encrypt(key, rng));
+ }
+ catch(...)
+ {
+ state->new_session_ticket = new New_Session_Ticket(writer, state->hash);
+ }
}
writer.send(CHANGE_CIPHER_SPEC, 1);
@@ -266,7 +276,6 @@ void Server::process_handshake_msg(Handshake_Type type,
state->server_finished = new Finished(writer, state, SERVER);
-
state->set_expected_next(HANDSHAKE_CCS);
}
else // new session
@@ -478,9 +487,13 @@ void Server::process_handshake_msg(Handshake_Type type,
{
if(state->server_hello->supports_session_ticket())
{
- state->new_session_ticket =
- new New_Session_Ticket(writer, state->hash,
- session_info.encrypt(SymmetricKey("ABCDEF"), rng));
+ try
+ {
+ SymmetricKey key = creds.psk("tls-server", "session-ticket", "");
+ state->new_session_ticket =
+ new New_Session_Ticket(writer, state->hash, session_info.encrypt(key, rng));
+ }
+ catch(...) {}
}
else
session_manager.save(session_info);