[gnutls-devel] GnuTLS | Session ticket key rotation with TOTP (!695)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Sep 14 14:00:48 CEST 2018
Nikos Mavrogiannopoulos started a new discussion on lib/gnutls_int.h:
> int auth_info_size; /* needed in order to store to db for restoring
> */
> auth_cred_st *cred; /* used to specify keys/certificates etc */
> +
> + struct {
> + /*
> + * The time step - we're rotating the session ticket key
> + * after every this amount of seconds
> + */
> + unsigned int x;
> + uint64_t last_result;
> + uint8_t initialized;
> + int was_rotated;
> + gnutls_stek_rotation_callback_t cb;
> + } totp;
This increases the size of the state significantly. Are there any variables here we can eliminate? I think that at least the `.x` can go as it equivalent to `session->internals.expire_time * STEK_ROTATION_PERIOD_PRODUCT` right? We can also make the intialized a tri-state, so that value of 1 means initialized, and 2 means initialized + rotated, to get rid of `was_rotated`.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/695#note_101418431
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180914/5164eb3c/attachment.html>
More information about the Gnutls-devel
mailing list