Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session ticket tls12 back up #5063

Closed
wants to merge 32 commits into from
Closed

Session ticket tls12 back up #5063

wants to merge 32 commits into from

Conversation

boquan-fang
Copy link
Contributor

@boquan-fang boquan-fang commented Jan 27, 2025
edited
Loading

Testing:

Merge to main and run the CI. This draft PR is for testing purpose only.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Boquan Fang added 29 commits January 3, 2025 23:25
fix: improper session ticket age calculation
54631eb
fix: s2n_generate_ticket_lifetime function and tests
a5e1181 
* checked the chosen psk keying material expiration.
Fix formats and add checks for keys in s2n_resume_test
5d6cd41
Roll back changes for s2n_resume_encrypt_session_ticket
91e6379
refactor changes for format
5906150
Add config cleanup to fix memory issue
0f47df4
add RESULT_ENSURE_REF check for input key
b13143e
fix the MIN comparison for min lifetime
97f2ec1
address PR comments:
bd9f4b2 
* add reference check for conn->config
* makes the s2n_generate_ticket_lifetime function more readable
* fix the chosen_psk logic
refactor: record current time and retrieve key intro time for TLS1.3
f59b6bf
make s2n_get_ticket_encrypt_decrypt_key not visible
0eb5525
refactor: change the tls13_ticket_fields varaible names to ticket_fields
b31f110
fix: calculation of session ticket age for TLS1.2
938eb66
refactor: prevent sending zero lifetime new session ticket for TLS1.2
1acad6b
refactor: prevent sending zero lifetime new session ticket for TLS1.3
6f2387a
refactor: remove errno changes
ab28660
refactor: use s2n_find_ticket_key to get session ticket key
7332abd
fix: clang-format issue
e80719b
fix: grep simple mistake error
15f08b2
refactor: add key_intro_time to the ticket field
edc611c
refactor: improve generate lifetime ticket lifetime logic
c6b7d78
address PR comments:
e940156 
* assert unsigned integer subtractions
* fix testing: ensure that keying material expiration is one week after
  current time
address PR comments:
3e356d2 
* use s2n_stuffer_reserve_uint32 to skip the session ticket lifetime
  calculation.
* add s2n_stuffer_reserve_uint32 to s2n_stuff.h
fix clang-format issue
1320b95
address PR comments:
1075f98 
* specific errno for lifetime is zero
* renaming variable names in generate lifetime function
* use simple calculation to get key intro time
* add tests for zero lifetime case in tls 1.2 and 1.3
* fix the PSK lifetime is shortest
    * makes it to be half a week
address PR comments:
cfc37af 
* query real time two times for key intro time and current time without
  actually creating a key
address PR comments:
ba5cd74 
* check for server keying material and PSK only for TLS1.3
Make TLS1.2 nst recv compliant with the RFC:
15410c5 
* the client should not accept and should delete the nst if nst's
  lifetime has expired
refactors to fix format
e4f723f
@github-actions github-actions bot added the s2n-core team label Jan 27, 2025
@boquan-fang boquan-fang force-pushed the session-ticket-tls12-back-up branch 5 times, most recently from b5e1a99 to 75cb3f4 Compare January 27, 2025 19:52
@boquan-fang boquan-fang force-pushed the session-ticket-tls12-back-up branch from 75cb3f4 to e972c89 Compare January 27, 2025 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@boquan-fang