Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Changes ticket encryption scheme to be nonce-reuse resistant #4663

Merged
merged 19 commits into from
Aug 7, 2024

Conversation

maddeleine
Copy link
Contributor

@maddeleine maddeleine commented Jul 23, 2024

Resolved issues:

N/A

Description of changes:

This PR changes the pre-encryption schema for session tickets to prepend a version number. This allows us to update tickets in the future without as much disruption to existing resumption deployments. It also includes a change to how the ticket key is calculated, now we generate a unique key per ticket using an hkdf. It also includes a rust bindings function that I forgot to add in my last stek PR.

Call-outs:

Note that the integration batch job is failing. This is because this change will cause the cross-compatibility test to fail because the test asserts successful resumption between old and new servers. However this change breaks that test. I think we should just override and merge this PR rather than changing the test because that property should be true for most of our PRs. Integ passing without cross-compatibility: https://us-west-2.console.aws.amazon.com/codesuite/codebuild/024603541914/projects/S2nIntegrationV2SmallBatch/batch/S2nIntegrationV2SmallBatch%3A34e42b29-cd9f-44b7-9764-04d23c746379?region=us-west-2

The specific line that fails is "assert S2N_RESUMPTION_MARKER in results.stdout"

Testing:

Adds extra tests to ensure we error if we don't recognize the pre-encrypted ticket schema version number or if the bytes needed to generate the ticket key changes.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Jul 23, 2024
bindings/rust/s2n-tls/src/config.rs Outdated Show resolved Hide resolved
tls/s2n_resume.c Outdated Show resolved Hide resolved
tls/s2n_resume.c Outdated Show resolved Hide resolved
tls/s2n_resume.h Show resolved Hide resolved
tests/unit/s2n_session_ticket_test.c Outdated Show resolved Hide resolved
tests/unit/s2n_resume_test.c Show resolved Hide resolved
Copy link
Contributor

@lrstewart lrstewart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably do a minor version bump for this, since it's going to cause a temporary drop in resumption rates during deployments.

tls/s2n_resume.c Outdated Show resolved Hide resolved
tls/s2n_resume.c Outdated Show resolved Hide resolved
tls/s2n_resume.c Outdated Show resolved Hide resolved
tls/s2n_resume.c Outdated Show resolved Hide resolved
tls/s2n_resume.c Outdated Show resolved Hide resolved
tests/unit/s2n_resume_test.c Show resolved Hide resolved
tests/unit/s2n_resume_test.c Outdated Show resolved Hide resolved
tls/s2n_resume.c Outdated Show resolved Hide resolved
tests/unit/s2n_resume_test.c Show resolved Hide resolved
maddeleine and others added 2 commits August 5, 2024 12:22
Co-authored-by: Sam Clark <3758302+goatgoose@users.noreply.github.com>
@maddeleine maddeleine enabled auto-merge (squash) August 5, 2024 19:24
@maddeleine maddeleine merged commit 87deea1 into main Aug 7, 2024
38 checks passed
@maddeleine maddeleine deleted the stek_nonce_misuse_2 branch August 7, 2024 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants