stek: differentiate initial state from valid time window of TOTP

There was a confusion in the TOTP implementation in stek.c.  When the
mechanism is initialized at the first time, it records the timestamp
but doesn't initialize the key.  This removes the timestamp recording
at the initialization phase, so the key is properly set later.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/stek.c b/lib/stek.c
index 2f885cee372d519379d238a4fdd26346c4afcd66..5ab9e7d2d1ce10d7916f11b6851135e8772425ef 100644 (file)
--- a/lib/stek.c
+++ b/lib/stek.c
@@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con
        if (unlikely(session == NULL || key == NULL))
                return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
-       if (session->key.totp.last_result == 0) {
-               int64_t t;
-               memcpy(session->key.initial_stek, key->data, key->size);
-               t = totp_next(session);
-               if (t < 0)
-                       return gnutls_assert_val(t);
+       if (unlikely(session->key.totp.last_result != 0))
+               return GNUTLS_E_INVALID_REQUEST;
 
-               session->key.totp.last_result = t;
-               session->key.totp.was_rotated = 0;
-
-               return GNUTLS_E_SUCCESS;
-       }
+       memcpy(session->key.initial_stek, key->data, key->size);
 
-       return GNUTLS_E_INVALID_REQUEST;
+       session->key.totp.was_rotated = 0;
+       return 0;
 }
 
 /*

diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c
index f212b188b9b63b83215add818610fe15f784f21b..05c1c90868dbe7cff2da7601f29718ba35daeeef 100644 (file)
--- a/tests/resume-with-previous-stek.c
+++ b/tests/resume-with-previous-stek.c
@@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio)
                serverx509cred = NULL;
        }
 
-       if (num_stek_rotations != 2)
-               fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations);
+       if (num_stek_rotations != 3)
+               fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations);
 
        if (serverx509cred)
                gnutls_certificate_free_credentials(serverx509cred);

diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c
index 414b1db5ea3b21dd0b3a2b36dce8fabe0b572826..bc3196248fc24d0d00bafcab08f055c439e8e5ec 100644 (file)
--- a/tests/tls13/prf-early.c
+++ b/tests/tls13/prf-early.c
@@ -123,10 +123,10 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size)
        } \
        }
 
-#define KEY_EXP_VALUE "\xc0\x1e\xc2\xa4\xb7\xb4\x04\xaa\x91\x5d\xaf\xe8\xf7\x4d\x19\xdf\xd0\xe6\x08\xd6\xb4\x3b\xcf\xca\xc9\x32\x75\x3b\xe3\x11\x19\xb1\xac\x68"
-#define HELLO_VALUE "\x77\xdb\x10\x0b\xe8\xd0\xb9\x38\xbc\x49\xe6\xbe\xf2\x47\x2a\xcc\x6b\xea\xce\x85\x04\xd3\x9e\xd8\x06\x16\xad\xff\xcd\xbf\x4b"
-#define CONTEXT_VALUE "\xf2\x17\x9f\xf2\x66\x56\x87\x66\xf9\x5c\x8a\xd7\x4e\x1d\x46\xee\x0e\x44\x41\x4c\xcd\xac\xcb\xc0\x31\x41\x2a\xb6\xd7\x01\x62"
-#define NULL_CONTEXT_VALUE "\xcd\x79\x07\x93\xeb\x96\x07\x3e\xec\x78\x90\x89\xf7\x16\x42\x6d\x27\x87\x56\x7c\x7b\x60\x2b\x20\x44\xd1\xea\x0c\x89\xfb\x8b"
+#define KEY_EXP_VALUE "\xc1\x6b\x6c\xb9\x88\x33\xd5\x28\x80\xec\x27\x87\xa2\x6f\x4b\xd0\x01\x5e\x7f\xca\xd7\xd4\x8a\x3f\xe2\x48\x92\xef\x02\x14\xfb\x81\x90\x04"
+#define HELLO_VALUE "\x2a\x73\xd9\x74\x04\x4e\x0a\x5f\x41\x8a\x09\xcb\x45\x33\x1a\xec\xd3\xfc\xdc\x1b\x2c\x67\x26\xe4\x9c\xfe\x1f\xa5\x74\xf1\x4f"
+#define CONTEXT_VALUE "\x87\xf6\x88\xe3\xd7\xf2\x05\xbc\xa4\x10\xa3\x48\x9f\xf5\xcf\x97\x06\x22\x4e\xfd\x18\x32\x52\x1d\xbd\x26\xf5\x5b\x21\x20\xec"
+#define NULL_CONTEXT_VALUE "\xf9\xca\xfe\x45\x44\x96\xdb\xc5\x41\x8f\x7e\x8e\xd7\xb0\x7d\x19\x45\xaf\x09\xbc\x1e\x82\x94\xac\x55\xe5\xb9\xb4\x3b\xe8\xc0"
 
 static int handshake_callback_called;