From e7a76d1e7315c886de0959dd629e5bb85de6b0b0 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 25 Oct 2018 12:32:52 +0200
Subject: tls13/session_ticket: calculate ticket_age in milliseconds

Previously we calculated ticket age from the current wall clock in
seconds, multiplying by 1000.  This is conceptually wrong, because
ticket age is designed to be in milliseconds.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/ext/pre_shared_key.c   | 17 +++++++++++------
 lib/gnutls_int.h           |  2 +-
 lib/session_pack.c         |  8 +++++---
 lib/tls13/session_ticket.c |  4 ++--
 4 files changed, 19 insertions(+), 12 deletions(-)

(limited to 'lib')

diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index 445abe4a8d..a58c870bf5 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -201,7 +201,7 @@ client_send_params(gnutls_session_t session,
 	unsigned next_idx;
 	const mac_entry_st *prf_res = NULL;
 	const mac_entry_st *prf_psk = NULL;
-	time_t cur_time;
+	struct timespec cur_time;
 	uint32_t ticket_age, ob_ticket_age;
 	int free_username = 0;
 	psk_auth_info_t info = NULL;
@@ -235,16 +235,21 @@ client_send_params(gnutls_session_t session,
 
 		prf_res = session->internals.tls13_ticket.prf;
 
-		cur_time = gnutls_time(0);
-		if (unlikely(cur_time < session->internals.tls13_ticket.timestamp)) {
+		gnutls_gettime(&cur_time);
+		if (unlikely(_gnutls_timespec_cmp(&cur_time,
+						  &session->internals.
+						  tls13_ticket.
+						  arrival_time) < 0)) {
 			gnutls_assert();
 			_gnutls13_session_ticket_unset(session);
 			goto ignore_ticket;
 		}
 
 		/* Check whether the ticket is stale */
-		ticket_age = cur_time - session->internals.tls13_ticket.timestamp;
-		if (ticket_age > session->internals.tls13_ticket.lifetime) {
+		ticket_age = timespec_sub_ms(&cur_time,
+					     &session->internals.tls13_ticket.
+					     arrival_time);
+		if (ticket_age / 1000 > session->internals.tls13_ticket.lifetime) {
 			_gnutls13_session_ticket_unset(session);
 			goto ignore_ticket;
 		}
@@ -256,7 +261,7 @@ client_send_params(gnutls_session_t session,
 		}
 
 		/* Calculate obfuscated ticket age, in milliseconds, mod 2^32 */
-		ob_ticket_age = ticket_age * 1000 + session->internals.tls13_ticket.age_add;
+		ob_ticket_age = ticket_age + session->internals.tls13_ticket.age_add;
 
 		if ((ret = _gnutls_buffer_append_data_prefix(extdata, 16,
 							     session->internals.tls13_ticket.ticket.data,
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 576eaa6786..2eff31caff 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1017,7 +1017,7 @@ typedef struct gnutls_dh_params_int {
 /* TLS 1.3 session ticket
  */
 typedef struct {
-	time_t timestamp;
+	struct timespec arrival_time;
 	uint32_t lifetime;
 	uint32_t age_add;
 	uint8_t nonce[255];
diff --git a/lib/session_pack.c b/lib/session_pack.c
index 82ec51c0db..b83c9c7440 100644
--- a/lib/session_pack.c
+++ b/lib/session_pack.c
@@ -310,6 +310,7 @@ _gnutls_session_unpack(gnutls_session_t session,
  *      x bytes the ticket
  *      1 bytes the resumption master secret length
  *      x bytes the resumption master secret
+ *     12 bytes the ticket arrival time
  *
  * WE DON'T STORE NewSessionTicket EXTENSIONS, as we don't support them yet.
  *
@@ -329,8 +330,6 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps)
 	BUFFER_APPEND_NUM(ps, 0);
 
 	if (ticket->ticket.data != NULL) {
-		BUFFER_APPEND_NUM(ps, ticket->timestamp);
-		length += 4;
 		BUFFER_APPEND_NUM(ps, ticket->lifetime);
 		length += 4;
 		BUFFER_APPEND_NUM(ps, ticket->age_add);
@@ -347,6 +346,8 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps)
 				   ticket->resumption_master_secret,
 				   ticket->prf->output_size);
 		length += (1 + ticket->prf->output_size);
+		BUFFER_APPEND_TS(ps, ticket->arrival_time);
+		length += 12;
 
 		/* Overwrite the length field */
 		_gnutls_write_uint32(length, ps->data + length_pos);
@@ -366,7 +367,6 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps)
 	BUFFER_POP_NUM(ps, ttl_len);
 
 	if (ttl_len > 0) {
-		BUFFER_POP_NUM(ps, ticket->timestamp);
 		BUFFER_POP_NUM(ps, ticket->lifetime);
 		BUFFER_POP_NUM(ps, ticket->age_add);
 
@@ -394,6 +394,8 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps)
 			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
 		ticket->prf = session->internals.resumed_security_parameters.prf;
+
+		BUFFER_POP_TS(ps, ticket->arrival_time);
 	}
 
 error:
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c
index a28c847c17..ad04a60919 100644
--- a/lib/tls13/session_ticket.c
+++ b/lib/tls13/session_ticket.c
@@ -395,8 +395,8 @@ int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *bu
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	/* Set the ticket timestamp */
-	ticket->timestamp = gnutls_time(0);
+	/* Record the ticket arrival time */
+	gnutls_gettime(&ticket->arrival_time);
 
 	return 0;
 }
-- 
cgit v1.2.1