diff options
author | lloyd <[email protected]> | 2014-11-04 22:29:20 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-11-04 22:29:20 +0000 |
commit | c05e81c5d12de651dee8b752a0bd709ffed45785 (patch) | |
tree | dce791a33091728314c72af77900768cae46dd8f | |
parent | 757a72a79b31e3a18e2d48f43c7436e0566c75a0 (diff) |
Let TLS policy disable putting the timestamp in the hello random fields
-rw-r--r-- | src/lib/tls/msg_client_hello.cpp | 19 | ||||
-rw-r--r-- | src/lib/tls/msg_server_hello.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_client.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_messages.h | 3 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.h | 8 | ||||
-rw-r--r-- | src/lib/tls/tls_server.cpp | 2 |
6 files changed, 25 insertions, 11 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 2e0ef9cde..605e094c4 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -21,15 +21,20 @@ enum { TLS_FALLBACK_SCSV = 0x5600 }; -std::vector<byte> make_hello_random(RandomNumberGenerator& rng) +std::vector<byte> make_hello_random(RandomNumberGenerator& rng, + const Policy& policy) { std::vector<byte> buf(32); + rng.randomize(&buf[0], buf.size()); - const u32bit time32 = static_cast<u32bit>( - std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); + if(policy.include_time_in_hello_random()) + { + const u32bit time32 = static_cast<u32bit>( + std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); + + store_be(time32, &buf[0]); + } - store_be(time32, &buf[0]); - rng.randomize(&buf[4], buf.size() - 4); return buf; } @@ -71,7 +76,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, const std::string& hostname, const std::string& srp_identifier) : m_version(version), - m_random(make_hello_random(rng)), + m_random(make_hello_random(rng, policy)), m_suites(policy.ciphersuite_list(m_version, (srp_identifier != ""))), m_comp_methods(policy.compression()) { @@ -112,7 +117,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, bool next_protocol) : m_version(session.version()), m_session_id(session.session_id()), - m_random(make_hello_random(rng)), + m_random(make_hello_random(rng, policy)), m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))), m_comp_methods(policy.compression()) { diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index f4acc5481..79c16e53a 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -36,7 +36,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, RandomNumberGenerator& rng) : m_version(ver), m_session_id(session_id), - m_random(make_hello_random(rng)), + m_random(make_hello_random(rng, policy)), m_ciphersuite(ciphersuite), m_comp_method(compression) { diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 7cc0dddbd..86d1998e1 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -502,7 +502,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, const std::vector<byte>& session_ticket = state.session_ticket(); if(session_id.empty() && !session_ticket.empty()) - session_id = make_hello_random(rng()); + session_id = make_hello_random(rng(), m_policy); Session session_info( session_id, diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index a1634c8ad..3083605e4 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -29,7 +29,8 @@ namespace TLS { class Handshake_IO; -std::vector<byte> make_hello_random(RandomNumberGenerator& rng); +std::vector<byte> make_hello_random(RandomNumberGenerator& rng, + const Policy& policy); /** * DTLS Hello Verify Request diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 378b9ee94..c3401b8cc 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -90,6 +90,14 @@ class BOTAN_DLL Policy virtual bool allow_insecure_renegotiation() const { return false; } /** + * The protocol dictates that the first 32 bits of the random + * field are the current time in seconds. However this allows + * client fingerprinting attacks. Set to false to disable, in + * which case random bytes will be used instead. + */ + virtual bool include_time_in_hello_random() const { return true; } + + /** * Allow servers to initiate a new handshake */ virtual bool allow_server_initiated_renegotiation() const; diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 71e8d1d14..ff285881a 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -484,7 +484,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state, state.handshake_io(), state.hash(), m_policy, - make_hello_random(rng()), // new session ID + make_hello_random(rng(), m_policy), // new session ID state.version(), choose_ciphersuite(m_policy, state.version(), |