wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard
verified publisher icon wolfSSL

TLS 1.3: auto rekey

Open SparkiDev opened this issue 3 years ago • 0 comments

Description

When compiled with WOLFSSL_TLS13_AUTO_REKEY, the TLS 1.3 code will rekey, using KeyUpdate message, when the maximum number of invocations of encrypt has been reached and will fail when the maximum number of invocations of decrypt has been reached. Added new APIs to set maximum number of invocations - value is raised to the power of 2. Default is 2^64 but AES-GCM is 2^48. Added a new API to send a KeyUpdate message to update the encryption keys only.

Testing

Tested with and without define. Changed code to allow small values and examples to set 4 (2^4) and used: ./examples/server/server -p 12345 -v 4 -B 45,1 /examples/client/client -p 12345 -v 4 -B 45,1

Checklist

  • [ ] added tests
  • [x] updated/added doxygen
  • [ ] updated appropriate READMEs
  • [ ] Updated manual and documentation

SparkiDev avatar Mar 15 '22 05:03 SparkiDev