commit c57f86e1322bc18e5a817ea0b087d82e273af8fb
author Ronald Cron <ronald.cron@arm.com> Wed Nov 22 09:50:01 2023 +0100
committer Ronald Cron <ronald.cron@arm.com> Mon Jan 15 08:58:19 2024 +0100
tree 9ae83b7f29c93486c1368e01606b540879e2dfcc
parent d1c106c787eacbf42563e4c2360d59c1bd861a37

Add ticket creation time to TLS 1.2 session serialization

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7d371bf..8fc4d4d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8951,6 +8951,7 @@
  *    opaque peer_cert<0..2^24-1>;    // length 0 means no peer cert
  *    opaque ticket<0..2^24-1>;       // length 0 means no ticket
  *    uint32 ticket_lifetime;
+ *    uint64 ticket_creation_time;
  *    uint8 mfl_code;                 // up to 255 according to standard
  *    uint8 encrypt_then_mac;         // 0 or 1
  * } serialized_session_tls12;
@@ -9058,7 +9059,8 @@
     /*
      * Session ticket if any, plus associated data
      */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_CLI_C)
     if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
         used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
 
@@ -9076,7 +9078,18 @@
             p += 4;
         }
     }
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
+    if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
+        used += 8;
+
+        if (used <= buf_len) {
+            MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0);
+            p += 8;
+        }
+    }
+#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
     /*
      * Misc extension-related info
@@ -9242,7 +9255,8 @@
     /*
      * Session ticket and associated data
      */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_CLI_C)
     if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
         if (3 > (size_t) (end - p)) {
             return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -9272,7 +9286,17 @@
         session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0);
         p += 4;
     }
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
+    if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
+        if (8 > (size_t) (end - p)) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0);
+        p += 8;
+    }
+#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
     /*
      * Misc extension-related info