aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-11-04 22:29:20 +0000
committerlloyd <[email protected]>2014-11-04 22:29:20 +0000
commitc05e81c5d12de651dee8b752a0bd709ffed45785 (patch)
treedce791a33091728314c72af77900768cae46dd8f
parent757a72a79b31e3a18e2d48f43c7436e0566c75a0 (diff)
Let TLS policy disable putting the timestamp in the hello random fields
-rw-r--r--src/lib/tls/msg_client_hello.cpp19
-rw-r--r--src/lib/tls/msg_server_hello.cpp2
-rw-r--r--src/lib/tls/tls_client.cpp2
-rw-r--r--src/lib/tls/tls_messages.h3
-rw-r--r--src/lib/tls/tls_policy.h8
-rw-r--r--src/lib/tls/tls_server.cpp2
6 files changed, 25 insertions, 11 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index 2e0ef9cde..605e094c4 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -21,15 +21,20 @@ enum {
TLS_FALLBACK_SCSV = 0x5600
};
-std::vector<byte> make_hello_random(RandomNumberGenerator& rng)
+std::vector<byte> make_hello_random(RandomNumberGenerator& rng,
+ const Policy& policy)
{
std::vector<byte> buf(32);
+ rng.randomize(&buf[0], buf.size());
- const u32bit time32 = static_cast<u32bit>(
- std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));
+ if(policy.include_time_in_hello_random())
+ {
+ const u32bit time32 = static_cast<u32bit>(
+ std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));
+
+ store_be(time32, &buf[0]);
+ }
- store_be(time32, &buf[0]);
- rng.randomize(&buf[4], buf.size() - 4);
return buf;
}
@@ -71,7 +76,7 @@ Client_Hello::Client_Hello(Handshake_IO& io,
const std::string& hostname,
const std::string& srp_identifier) :
m_version(version),
- m_random(make_hello_random(rng)),
+ m_random(make_hello_random(rng, policy)),
m_suites(policy.ciphersuite_list(m_version, (srp_identifier != ""))),
m_comp_methods(policy.compression())
{
@@ -112,7 +117,7 @@ Client_Hello::Client_Hello(Handshake_IO& io,
bool next_protocol) :
m_version(session.version()),
m_session_id(session.session_id()),
- m_random(make_hello_random(rng)),
+ m_random(make_hello_random(rng, policy)),
m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))),
m_comp_methods(policy.compression())
{
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index f4acc5481..79c16e53a 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -36,7 +36,7 @@ Server_Hello::Server_Hello(Handshake_IO& io,
RandomNumberGenerator& rng) :
m_version(ver),
m_session_id(session_id),
- m_random(make_hello_random(rng)),
+ m_random(make_hello_random(rng, policy)),
m_ciphersuite(ciphersuite),
m_comp_method(compression)
{
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 7cc0dddbd..86d1998e1 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -502,7 +502,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
const std::vector<byte>& session_ticket = state.session_ticket();
if(session_id.empty() && !session_ticket.empty())
- session_id = make_hello_random(rng());
+ session_id = make_hello_random(rng(), m_policy);
Session session_info(
session_id,
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index a1634c8ad..3083605e4 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -29,7 +29,8 @@ namespace TLS {
class Handshake_IO;
-std::vector<byte> make_hello_random(RandomNumberGenerator& rng);
+std::vector<byte> make_hello_random(RandomNumberGenerator& rng,
+ const Policy& policy);
/**
* DTLS Hello Verify Request
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 378b9ee94..c3401b8cc 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -90,6 +90,14 @@ class BOTAN_DLL Policy
virtual bool allow_insecure_renegotiation() const { return false; }
/**
+ * The protocol dictates that the first 32 bits of the random
+ * field are the current time in seconds. However this allows
+ * client fingerprinting attacks. Set to false to disable, in
+ * which case random bytes will be used instead.
+ */
+ virtual bool include_time_in_hello_random() const { return true; }
+
+ /**
* Allow servers to initiate a new handshake
*/
virtual bool allow_server_initiated_renegotiation() const;
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 71e8d1d14..ff285881a 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -484,7 +484,7 @@ void Server::process_handshake_msg(const Handshake_State* active_state,
state.handshake_io(),
state.hash(),
m_policy,
- make_hello_random(rng()), // new session ID
+ make_hello_random(rng(), m_policy), // new session ID
state.version(),
choose_ciphersuite(m_policy,
state.version(),