diff options
Diffstat (limited to 'lib/ssl/src/tls_server_session_ticket.erl')
-rw-r--r-- | lib/ssl/src/tls_server_session_ticket.erl | 41 |
1 files changed, 25 insertions, 16 deletions
diff --git a/lib/ssl/src/tls_server_session_ticket.erl b/lib/ssl/src/tls_server_session_ticket.erl index 5f278cb939..b9bafa6e36 100644 --- a/lib/ssl/src/tls_server_session_ticket.erl +++ b/lib/ssl/src/tls_server_session_ticket.erl @@ -31,7 +31,7 @@ -include("ssl_cipher.hrl"). %% API --export([start_link/4, +-export([start_link/5, new/3, use/4 ]). @@ -46,18 +46,19 @@ stateless, stateful, nonce, - lifetime + lifetime, + max_early_data_size }). %%%=================================================================== %%% API %%%=================================================================== --spec start_link(atom(), integer(), integer(), tuple()) -> {ok, Pid :: pid()} | +-spec start_link(atom(), integer(), integer(), integer(), tuple()) -> {ok, Pid :: pid()} | {error, Error :: {already_started, pid()}} | {error, Error :: term()} | ignore. -start_link(Mode, Lifetime, TicketStoreSize, AntiReplay) -> - gen_server:start_link(?MODULE, [Mode, Lifetime, TicketStoreSize, AntiReplay], []). +start_link(Mode, Lifetime, TicketStoreSize, MaxEarlyDataSize, AntiReplay) -> + gen_server:start_link(?MODULE, [Mode, Lifetime, TicketStoreSize, MaxEarlyDataSize, AntiReplay], []). new(Pid, Prf, MasterSecret) -> gen_server:call(Pid, {new_session_ticket, Prf, MasterSecret}, infinity). @@ -81,10 +82,11 @@ init(Args) -> handle_call({new_session_ticket, Prf, MasterSecret}, _From, #state{nonce = Nonce, lifetime = LifeTime, + max_early_data_size = MaxEarlyDataSize, stateful = #{id_generator := IdGen}} = State0) -> Id = stateful_psk_ticket_id(IdGen), PSK = tls_v1:pre_shared_key(MasterSecret, ticket_nonce(Nonce), Prf), - SessionTicket = new_session_ticket(Id, Nonce, LifeTime), + SessionTicket = new_session_ticket(Id, Nonce, LifeTime, MaxEarlyDataSize), State = stateful_ticket_store(Id, SessionTicket, Prf, PSK, State0), {reply, SessionTicket, State}; handle_call({new_session_ticket, Prf, MasterSecret}, _From, @@ -142,27 +144,30 @@ format_status(_Opt, Status) -> %%% Internal functions %%%=================================================================== -inital_state([stateless, Lifetime, _, undefined]) -> +inital_state([stateless, Lifetime, _, MaxEarlyDataSize, undefined]) -> #state{nonce = 0, stateless = #{seed => {crypto:strong_rand_bytes(16), crypto:strong_rand_bytes(32)}, window => undefined}, - lifetime = Lifetime + lifetime = Lifetime, + max_early_data_size = MaxEarlyDataSize }; -inital_state([stateless, Lifetime, _, {Window, K, M}]) -> +inital_state([stateless, Lifetime, _, MaxEarlyDataSize, {Window, K, M}]) -> erlang:send_after(Window * 1000, self(), rotate_bloom_filters), #state{nonce = 0, stateless = #{bloom_filter => tls_bloom_filter:new(K, M), seed => {crypto:strong_rand_bytes(16), crypto:strong_rand_bytes(32)}, window => Window}, - lifetime = Lifetime + lifetime = Lifetime, + max_early_data_size = MaxEarlyDataSize }; -inital_state([stateful, Lifetime, TicketStoreSize|_]) -> +inital_state([stateful, Lifetime, TicketStoreSize, MaxEarlyDataSize|_]) -> %% statfeful servers replay %% protection is that it saves %% all valid tickets #state{lifetime = Lifetime, + max_early_data_size = MaxEarlyDataSize, nonce = 0, stateful = #{db => stateful_store(), max => TicketStoreSize, @@ -187,17 +192,21 @@ ticket_nonce(I) -> <<?UINT64(I)>>. new_session_ticket_base(#state{nonce = Nonce, - lifetime = Lifetime}) -> - new_session_ticket(undefined, Nonce, Lifetime). + lifetime = Lifetime, + max_early_data_size = MaxEarlyDataSize}) -> + new_session_ticket(undefined, Nonce, Lifetime, MaxEarlyDataSize). -new_session_ticket(Id, Nonce, Lifetime) -> +new_session_ticket(Id, Nonce, Lifetime, MaxEarlyDataSize) -> TicketAgeAdd = ticket_age_add(), + Extensions = #{early_data => + #early_data_indication_nst{ + indication = MaxEarlyDataSize}}, #new_session_ticket{ ticket = Id, ticket_lifetime = Lifetime, ticket_age_add = TicketAgeAdd, ticket_nonce = ticket_nonce(Nonce), - extensions = #{} + extensions = Extensions }. @@ -322,7 +331,7 @@ generate_stateless_ticket(#new_session_ticket{ticket_nonce = Nonce, timestamp = Timestamp }, Shard, IV), Ticket#new_session_ticket{ticket = Encrypted}. - + stateless_use(#offered_psks{ identities = Identities, binders = Binders |