[gnutls-devel] GnuTLS | Session ticket key rotation with TOTP (!695)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sun Sep 16 22:03:08 CEST 2018
Ander Juaristi commented on a discussion on lib/gnutls_int.h:
> int auth_info_size; /* needed in order to store to db for restoring
> */
> auth_cred_st *cred; /* used to specify keys/certificates etc */
> +
> + struct {
> + /*
> + * The time step - we're rotating the session ticket key
> + * after every this amount of seconds
> + */
> + unsigned int x;
> + uint64_t last_result;
> + uint8_t initialized;
> + int was_rotated;
> + gnutls_stek_rotation_callback_t cb;
> + } totp;
> We can also make the intialized a tri-state, so that value of 1 means initialized, and 2 means initialized + rotated, to get rid of `was_rotated`.
I've removed the `initialized` variable instead, which was not being used.
I've also removed the `x` variable. Thanks for pointing this out.
Removing `session_ticket_key` and `previous_ticket_key` seems feasible, but will need a bit more work, and I don't have time now. I can write this down and address it later if you want.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/695#note_101696488
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180916/d223c77b/attachment-0001.html>
More information about the Gnutls-devel
mailing list