From a66393b6a4bc906fd35bea0eb37623bb3ff42ed9 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Wed, 19 Oct 2022 09:59:28 +0200 Subject: [PATCH] Revert: No backward compatibility for TLS sessions --- src/lib/tls/tls_session.cpp | 50 ++++++++++--------------------------- src/lib/tls/tls_session.h | 3 +-- src/tests/test_tls.cpp | 32 ------------------------ 3 files changed, 14 insertions(+), 71 deletions(-) diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index 8626f230eb2..fb99fb7377c 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -137,13 +137,10 @@ Session::Session(const uint8_t ber[], size_t ber_len) size_t compression_method = 0; uint16_t ciphersuite_code = 0; - size_t struct_version = 0; - - BER_Decoder dec(ber, ber_len); - auto seqdec = dec.start_sequence(); - - seqdec - .decode_integer_type(struct_version) + BER_Decoder(ber, ber_len) + .start_sequence() + .decode_and_check(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION), + "Unknown version in serialized TLS session") .decode_integer_type(start_time) .decode_integer_type(major_version) .decode_integer_type(minor_version) @@ -161,35 +158,13 @@ Session::Session(const uint8_t ber[], size_t ber_len) .decode(server_service) .decode(server_port) .decode(srp_identifier_str) - .decode(srtp_profile); - - m_version = Protocol_Version(major_version, minor_version); - - if(struct_version == TLS_SESSION_PARAM_STRUCT_VERSION_TLS12) - { - if(!m_version.is_pre_tls_13()) - throw Decoding_Error("Serialized TLS session scheme does not match the protocol version expectations"); - - m_early_data_allowed = false; - m_max_early_data_bytes = 0; - m_ticket_age_add = 0; - m_lifetime_hint = 0; - } - else if(struct_version == TLS_SESSION_PARAM_STRUCT_VERSION_TLS13) - { - seqdec - .decode(m_early_data_allowed) - .decode_integer_type(m_max_early_data_bytes) - .decode_integer_type(m_ticket_age_add) - .decode_integer_type(m_lifetime_hint); - } - else - { - throw Decoding_Error("Unknown TLS Session object revision: " + std::to_string(struct_version)); - } - - seqdec.end_cons(); - dec.verify_end(); + .decode(srtp_profile) + .decode(m_early_data_allowed) + .decode_integer_type(m_max_early_data_bytes) + .decode_integer_type(m_ticket_age_add) + .decode_integer_type(m_lifetime_hint) + .end_cons() + .verify_end(); /* * Compression is not supported and must be zero @@ -216,6 +191,7 @@ Session::Session(const uint8_t ber[], size_t ber_len) } m_ciphersuite = ciphersuite_code; + m_version = Protocol_Version(major_version, minor_version); m_start_time = std::chrono::system_clock::from_time_t(start_time); m_connection_side = static_cast(side_code); m_srtp_profile = static_cast(srtp_profile); @@ -245,7 +221,7 @@ secure_vector Session::DER_encode() const return DER_Encoder() .start_sequence() - .encode(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION_TLS13)) + .encode(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION)) .encode(static_cast(std::chrono::system_clock::to_time_t(m_start_time))) .encode(static_cast(m_version.major_version())) .encode(static_cast(m_version.minor_version())) diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h index 3a661ffe97a..8702e7db2aa 100644 --- a/src/lib/tls/tls_session.h +++ b/src/lib/tls/tls_session.h @@ -211,8 +211,7 @@ class BOTAN_PUBLIC_API(2,0) Session final // - m_lifetime_hint enum { - TLS_SESSION_PARAM_STRUCT_VERSION_TLS12 = 20160812, - TLS_SESSION_PARAM_STRUCT_VERSION_TLS13 = 20220505 + TLS_SESSION_PARAM_STRUCT_VERSION = 20220505 }; std::chrono::system_clock::time_point m_start_time; diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp index 103755128fa..7652bb235fd 100644 --- a/src/tests/test_tls.cpp +++ b/src/tests/test_tls.cpp @@ -29,22 +29,6 @@ namespace Botan_Tests { class TLS_Session_Tests final : public Test { - private: - std::string session_rev20160812 = - "-----BEGIN TLS SESSION-----\n" - "MIICCQIEATOhLAIEYoOgCgIBAwIBAwQCqrsEEEJCQkJCQkJCQkJCQkJCQkICAwDA\n" - "LwIBAAIBAQIBAAEB/wEBAAQCEAIEggG2MIIBsjCCARugAwIBAgIBATANBgkqhkiG\n" - "9w0BAQsFADARMQ8wDQYDVQQDEwZjbGllbnQwHhcNMTYwNzMwMDEyMzU5WhcNMjYw\n" - "NzMwMDEyMzU5WjARMQ8wDQYDVQQDEwZjbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQAD\n" - "gY0AMIGJAoGBAMOBdeAEpo0JP4I7nDedIB+8C7ehx5GQXj+/doR+ROdR67zTYL2U\n" - "XIHlIivMiEbTqKD5Ppv1vrq9ku3x3h/xkCFwPnq2wJAVE/l+ObER8JyTSJcceyEZ\n" - "hKdUzUX+CVrw6kI2gpvM96f+myiI54q0d2kKW54cy+kcakoPl6fgKEIBAgMBAAGj\n" - "GjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4GBABp6\n" - "WgGFMrAirwdn1IYWDP8tFnoZFdI4NbVFlJFtxoC+XS5iYHbF1Sci68x3XX2Z+YC+\n" - "L8lNNKz2zAC6kMvPsGCKoefjlx7wwHpB1HrYNF0fgf5Bihz0EFRCn9IXvXd9wc8I\n" - "8F35B5nGWTYeDxqO5KwPeJdCC9vII9qAovK6IwgcDANyc2EMAAIBAAwAAgEA\n" - "-----END TLS SESSION-----\n"; - public: std::vector run() override { @@ -121,22 +105,6 @@ class TLS_Session_Tests final : public Test "Serialized TLS session contains unknown cipher suite (47789)", [&] { Botan::TLS::Session{pem_with_unknown_ciphersuite}; }); - Botan::TLS::Session legacy_session(session_rev20160812); - - // check a few fields that were present in this revision already - result.confirm("protocol version", legacy_session.version().is_pre_tls_13()); - result.test_eq("master secret", legacy_session.master_secret(), Botan::secure_vector{0x10, 0x02}); - result.confirm("encrypt_then_mac", legacy_session.supports_extended_master_secret()); - result.test_eq("peer certificate", legacy_session.peer_certs().at(0).subject_info("CN").at(0), "client"); - result.test_eq("ticket", legacy_session.session_ticket(), std::vector(16, 0x42)); - result.test_is_eq("SRTP profile", legacy_session.dtls_srtp_profile(), uint16_t(0x0000)); - - // check newly added fields (default values are added) - result.confirm("no early data", !legacy_session.supports_early_data()); - result.test_is_eq("no early data bytes", legacy_session.max_early_data_bytes(), uint32_t(0)); - result.test_is_eq("no age adder", legacy_session.session_age_add(), uint32_t(0)); - result.confirm("no lifetime hint", legacy_session.lifetime_hint().count() == 0); - return {result}; } };