ticketKeyFromBytes converts from the external representation of a session ticket key to a ticketKey. Externally, session ticket keys are 32 random bytes and this function expands that into sufficient name and key material.
(b [32]byte)
| 946 | // ticket key to a ticketKey. Externally, session ticket keys are 32 random |
| 947 | // bytes and this function expands that into sufficient name and key material. |
| 948 | func (c *Config) ticketKeyFromBytes(b [32]byte) (key ticketKey) { |
| 949 | hashed := sha512.Sum512(b[:]) |
| 950 | // The first 16 bytes of the hash used to be exposed on the wire as a ticket |
| 951 | // prefix. They MUST NOT be used as a secret. In the future, it would make |
| 952 | // sense to use a proper KDF here, like HKDF with a fixed salt. |
| 953 | const legacyTicketKeyNameLen = 16 |
| 954 | copy(key.aesKey[:], hashed[legacyTicketKeyNameLen:]) |
| 955 | copy(key.hmacKey[:], hashed[legacyTicketKeyNameLen+len(key.aesKey):]) |
| 956 | key.created = c.time() |
| 957 | return key |
| 958 | } |
| 959 | |
| 960 | // maxSessionTicketLifetime is the maximum allowed lifetime of a TLS 1.3 session |
| 961 | // ticket, and the lifetime we set for all tickets we send. |
no test coverage detected