Skip to content

Commit

Permalink
Revert: No backward compatibility for TLS sessions
Browse files Browse the repository at this point in the history
  • Loading branch information
@reneme
reneme committed Oct 19, 2022
1 parent b6bc1a9 commit a66393b
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 71 deletions.
50 changes: 13 additions & 37 deletions src/lib/tls/tls_session.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,13 +137,10 @@ Session::Session(const uint8_t ber[], size_t ber_len)
size_t compression_method = 0;
uint16_t ciphersuite_code = 0;

size_t struct_version = 0;

BER_Decoder dec(ber, ber_len);
auto seqdec = dec.start_sequence();

seqdec
.decode_integer_type(struct_version)
BER_Decoder(ber, ber_len)
.start_sequence()
.decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
"Unknown version in serialized TLS session")
.decode_integer_type(start_time)
.decode_integer_type(major_version)
.decode_integer_type(minor_version)
Expand All @@ -161,35 +158,13 @@ Session::Session(const uint8_t ber[], size_t ber_len)
.decode(server_service)
.decode(server_port)
.decode(srp_identifier_str)
.decode(srtp_profile);

m_version = Protocol_Version(major_version, minor_version);

if(struct_version == TLS_SESSION_PARAM_STRUCT_VERSION_TLS12)
{
if(!m_version.is_pre_tls_13())
throw Decoding_Error("Serialized TLS session scheme does not match the protocol version expectations");

m_early_data_allowed = false;
m_max_early_data_bytes = 0;
m_ticket_age_add = 0;
m_lifetime_hint = 0;
}
else if(struct_version == TLS_SESSION_PARAM_STRUCT_VERSION_TLS13)
{
seqdec
.decode(m_early_data_allowed)
.decode_integer_type(m_max_early_data_bytes)
.decode_integer_type(m_ticket_age_add)
.decode_integer_type(m_lifetime_hint);
}
else
{
throw Decoding_Error("Unknown TLS Session object revision: " + std::to_string(struct_version));
}

seqdec.end_cons();
dec.verify_end();
.decode(srtp_profile)
.decode(m_early_data_allowed)
.decode_integer_type(m_max_early_data_bytes)
.decode_integer_type(m_ticket_age_add)
.decode_integer_type(m_lifetime_hint)
.end_cons()
.verify_end();

/*
* Compression is not supported and must be zero
Expand All @@ -216,6 +191,7 @@ Session::Session(const uint8_t ber[], size_t ber_len)
}

m_ciphersuite = ciphersuite_code;
m_version = Protocol_Version(major_version, minor_version);
m_start_time = std::chrono::system_clock::from_time_t(start_time);
m_connection_side = static_cast<Connection_Side>(side_code);
m_srtp_profile = static_cast<uint16_t>(srtp_profile);
Expand Down Expand Up @@ -245,7 +221,7 @@ secure_vector<uint8_t> Session::DER_encode() const

return DER_Encoder()
.start_sequence()
.encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION_TLS13))
.encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
.encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
.encode(static_cast<size_t>(m_version.major_version()))
.encode(static_cast<size_t>(m_version.minor_version()))
Expand Down
3 changes: 1 addition & 2 deletions src/lib/tls/tls_session.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,8 +211,7 @@ class BOTAN_PUBLIC_API(2,0) Session final
// - m_lifetime_hint
enum
{
TLS_SESSION_PARAM_STRUCT_VERSION_TLS12 = 20160812,
TLS_SESSION_PARAM_STRUCT_VERSION_TLS13 = 20220505
TLS_SESSION_PARAM_STRUCT_VERSION = 20220505
};

std::chrono::system_clock::time_point m_start_time;
Expand Down
32 changes: 0 additions & 32 deletions src/tests/test_tls.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,22 +29,6 @@ namespace Botan_Tests {

class TLS_Session_Tests final : public Test
{
private:
std::string session_rev20160812 =
"-----BEGIN TLS SESSION-----\n"
"MIICCQIEATOhLAIEYoOgCgIBAwIBAwQCqrsEEEJCQkJCQkJCQkJCQkJCQkICAwDA\n"
"LwIBAAIBAQIBAAEB/wEBAAQCEAIEggG2MIIBsjCCARugAwIBAgIBATANBgkqhkiG\n"
"9w0BAQsFADARMQ8wDQYDVQQDEwZjbGllbnQwHhcNMTYwNzMwMDEyMzU5WhcNMjYw\n"
"NzMwMDEyMzU5WjARMQ8wDQYDVQQDEwZjbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQAD\n"
"gY0AMIGJAoGBAMOBdeAEpo0JP4I7nDedIB+8C7ehx5GQXj+/doR+ROdR67zTYL2U\n"
"XIHlIivMiEbTqKD5Ppv1vrq9ku3x3h/xkCFwPnq2wJAVE/l+ObER8JyTSJcceyEZ\n"
"hKdUzUX+CVrw6kI2gpvM96f+myiI54q0d2kKW54cy+kcakoPl6fgKEIBAgMBAAGj\n"
"GjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBABp6\n"
"WgGFMrAirwdn1IYWDP8tFnoZFdI4NbVFlJFtxoC+XS5iYHbF1Sci68x3XX2Z+YC+\n"
"L8lNNKz2zAC6kMvPsGCKoefjlx7wwHpB1HrYNF0fgf5Bihz0EFRCn9IXvXd9wc8I\n"
"8F35B5nGWTYeDxqO5KwPeJdCC9vII9qAovK6IwgcDANyc2EMAAIBAAwAAgEA\n"
"-----END TLS SESSION-----\n";

public:
std::vector<Test::Result> run() override
{
Expand Down Expand Up @@ -121,22 +105,6 @@ class TLS_Session_Tests final : public Test
"Serialized TLS session contains unknown cipher suite (47789)",
[&] { Botan::TLS::Session{pem_with_unknown_ciphersuite}; });

Botan::TLS::Session legacy_session(session_rev20160812);

// check a few fields that were present in this revision already
result.confirm("protocol version", legacy_session.version().is_pre_tls_13());
result.test_eq("master secret", legacy_session.master_secret(), Botan::secure_vector<uint8_t>{0x10, 0x02});
result.confirm("encrypt_then_mac", legacy_session.supports_extended_master_secret());
result.test_eq("peer certificate", legacy_session.peer_certs().at(0).subject_info("CN").at(0), "client");
result.test_eq("ticket", legacy_session.session_ticket(), std::vector<uint8_t>(16, 0x42));
result.test_is_eq("SRTP profile", legacy_session.dtls_srtp_profile(), uint16_t(0x0000));

// check newly added fields (default values are added)
result.confirm("no early data", !legacy_session.supports_early_data());
result.test_is_eq("no early data bytes", legacy_session.max_early_data_bytes(), uint32_t(0));
result.test_is_eq("no age adder", legacy_session.session_age_add(), uint32_t(0));
result.confirm("no lifetime hint", legacy_session.lifetime_hint().count() == 0);

return {result};
}
};
Expand Down

0 comments on commit a66393b

Please sign in to comment.