diff options
| author | Jack Lloyd <[email protected]> | 2020-11-21 15:54:03 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2020-11-23 07:16:43 -0500 |
| commit | 8c20294f75a60046daebf4b6811cf7f7cecda4e4 (patch) | |
| tree | 453d51a5550844bcc5a1955465e493d7194029f7 /src | |
| parent | d6956012d1f2993b27a0be58b098327902a0a7f4 (diff) | |
Remove SRP support from TLS
Diffstat (limited to 'src')
29 files changed, 36 insertions, 514 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index c62bc8e67..4a043c91d 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -1009,8 +1009,7 @@ class Shim_Policy final : public Botan::TLS::Policy return true; } - std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version, - bool have_srp) const override; + std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version) const override; size_t dtls_default_mtu() const override { @@ -1044,8 +1043,7 @@ class Shim_Policy final : public Botan::TLS::Policy size_t m_sessions; }; -std::vector<uint16_t> Shim_Policy::ciphersuite_list(Botan::TLS::Protocol_Version version, - bool have_srp) const +std::vector<uint16_t> Shim_Policy::ciphersuite_list(Botan::TLS::Protocol_Version version) const { std::vector<uint16_t> ciphersuite_codes; @@ -1080,10 +1078,6 @@ std::vector<uint16_t> Shim_Policy::ciphersuite_list(Botan::TLS::Protocol_Version if(suite.valid() == false) continue; - // Are we doing SRP? - if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA) - continue; - if(cipher_limit != "") { if(cipher_limit == "DEFAULT:!AES") diff --git a/src/cli/tls_helpers.h b/src/cli/tls_helpers.h index 653a106e0..f23a70798 100644 --- a/src/cli/tls_helpers.h +++ b/src/cli/tls_helpers.h @@ -182,7 +182,7 @@ class TLS_All_Policy final : public Botan::TLS::Policy std::vector<std::string> allowed_key_exchange_methods() const override { - return { "SRP_SHA", "ECDHE_PSK", "DHE_PSK", "PSK", "CECPQ1", "ECDH", "DH", "RSA" }; + return { "ECDHE_PSK", "DHE_PSK", "PSK", "CECPQ1", "ECDH", "DH", "RSA" }; } std::vector<std::string> allowed_signature_methods() const override diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp index b7340c404..698c625e1 100644 --- a/src/cli/tls_utils.cpp +++ b/src/cli/tls_utils.cpp @@ -67,7 +67,6 @@ class TLS_Ciphersuites final : public Command { const std::string policy_type = get_arg("policy"); const Botan::TLS::Protocol_Version version(tls_version_from_str(get_arg("version"))); - const bool with_srp = false; // fixme auto policy = load_tls_policy(policy_type); @@ -77,7 +76,7 @@ class TLS_Ciphersuites final : public Command return; } - for(uint16_t suite_id : policy->ciphersuite_list(version, with_srp)) + for(uint16_t suite_id : policy->ciphersuite_list(version)) { const Botan::TLS::Ciphersuite suite(Botan::TLS::Ciphersuite::by_id(suite_id)); output() << suite.to_string() << "\n"; diff --git a/src/fuzzer/tls_client.cpp b/src/fuzzer/tls_client.cpp index c8e5839f4..abbd2c72f 100644 --- a/src/fuzzer/tls_client.cpp +++ b/src/fuzzer/tls_client.cpp @@ -21,8 +21,7 @@ class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager class Fuzzer_TLS_Policy : public Botan::TLS::Policy { public: - std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version, - bool have_srp) const override + std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version) const override { std::vector<uint16_t> ciphersuites; @@ -31,10 +30,6 @@ class Fuzzer_TLS_Policy : public Botan::TLS::Policy if(suite.valid() == false) continue; - // Are we doing SRP? - if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA) - continue; - if(!version.supports_aead_modes()) { // Are we doing AEAD in a non-AEAD version? diff --git a/src/fuzzer/tls_server.cpp b/src/fuzzer/tls_server.cpp index 9df6151a7..d933153a7 100644 --- a/src/fuzzer/tls_server.cpp +++ b/src/fuzzer/tls_server.cpp @@ -112,8 +112,7 @@ class Fuzzer_TLS_Server_Creds : public Botan::Credentials_Manager class Fuzzer_TLS_Policy : public Botan::TLS::Policy { public: - std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version, - bool have_srp) const override + std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version) const override { std::vector<uint16_t> ciphersuites; @@ -122,10 +121,6 @@ class Fuzzer_TLS_Policy : public Botan::TLS::Policy if(suite.valid() == false) continue; - // Are we doing SRP? - if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA) - continue; - if(!version.supports_aead_modes()) { // Are we doing AEAD in a non-AEAD version? diff --git a/src/lib/tls/credentials_manager.cpp b/src/lib/tls/credentials_manager.cpp index 0c5ae9718..aca751d00 100644 --- a/src/lib/tls/credentials_manager.cpp +++ b/src/lib/tls/credentials_manager.cpp @@ -30,36 +30,6 @@ SymmetricKey Credentials_Manager::psk(const std::string&, throw Internal_Error("No PSK set for identity " + identity); } -bool Credentials_Manager::attempt_srp(const std::string&, - const std::string&) - { - return false; - } - -std::string Credentials_Manager::srp_identifier(const std::string&, - const std::string&) - { - return ""; - } - -std::string Credentials_Manager::srp_password(const std::string&, - const std::string&, - const std::string&) - { - return ""; - } - -bool Credentials_Manager::srp_verifier(const std::string&, - const std::string&, - const std::string&, - std::string&, - BigInt&, - std::vector<uint8_t>&, - bool) - { - return false; - } - std::vector<X509_Certificate> Credentials_Manager::find_cert_chain( const std::vector<std::string>& key_types, const std::vector<X509_DN>&, diff --git a/src/lib/tls/credentials_manager.h b/src/lib/tls/credentials_manager.h index 627894a87..d036a1524 100644 --- a/src/lib/tls/credentials_manager.h +++ b/src/lib/tls/credentials_manager.h @@ -121,48 +121,6 @@ class BOTAN_PUBLIC_API(2,0) Credentials_Manager /** * @param type specifies the type of operation occurring * @param context specifies a context relative to type. - * @return true if we should attempt SRP authentication - */ - virtual bool attempt_srp(const std::string& type, - const std::string& context); - - /** - * @param type specifies the type of operation occurring - * @param context specifies a context relative to type. - * @return identifier for client-side SRP auth, if available - for this type/context. Should return empty string - if password auth not desired/available. - */ - virtual std::string srp_identifier(const std::string& type, - const std::string& context); - - /** - * @param type specifies the type of operation occurring - * @param context specifies a context relative to type. - * @param identifier specifies what identifier we want the - * password for. This will be a value previously returned - * by srp_identifier. - * @return password for client-side SRP auth, if available - for this identifier/type/context. - */ - virtual std::string srp_password(const std::string& type, - const std::string& context, - const std::string& identifier); - - /** - * Retrieve SRP verifier parameters - */ - virtual bool srp_verifier(const std::string& type, - const std::string& context, - const std::string& identifier, - std::string& group_name, - BigInt& verifier, - std::vector<uint8_t>& salt, - bool generate_fake_on_unknown); - - /** - * @param type specifies the type of operation occurring - * @param context specifies a context relative to type. * @return the PSK identity hint for this type/context */ virtual std::string psk_identity_hint(const std::string& type, diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 149f3f0d4..3eee06e69 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -89,7 +89,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, const std::vector<std::string>& next_protocols) : m_version(client_settings.protocol_version()), m_random(make_hello_random(rng, policy)), - m_suites(policy.ciphersuite_list(m_version, !client_settings.srp_identifier().empty())), + m_suites(policy.ciphersuite_list(m_version)), m_comp_methods(1) { if(!policy.acceptable_protocol_version(m_version)) @@ -125,15 +125,6 @@ Client_Hello::Client_Hello(Handshake_IO& io, if(m_version.is_datagram_protocol()) m_extensions.add(new SRTP_Protection_Profiles(policy.srtp_profiles())); -#if defined(BOTAN_HAS_SRP6) - m_extensions.add(new SRP_Identifier(client_settings.srp_identifier())); -#else - if(!client_settings.srp_identifier().empty()) - { - throw Invalid_State("Attempting to initiate SRP session but TLS-SRP support disabled"); - } -#endif - std::unique_ptr<Supported_Groups> supported_groups(new Supported_Groups(policy.key_exchange_groups())); if(supported_groups->ec_groups().size() > 0) @@ -165,7 +156,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_version(session.version()), m_session_id(session.session_id()), m_random(make_hello_random(rng, policy)), - m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))), + m_suites(policy.ciphersuite_list(m_version)), m_comp_methods(1) { if(!policy.acceptable_protocol_version(m_version)) @@ -201,15 +192,6 @@ Client_Hello::Client_Hello(Handshake_IO& io, if(session.supports_encrypt_then_mac()) m_extensions.add(new Encrypt_then_MAC); -#if defined(BOTAN_HAS_SRP6) - m_extensions.add(new SRP_Identifier(session.srp_identifier())); -#else - if(!session.srp_identifier().empty()) - { - throw Invalid_State("Attempting to resume SRP session but TLS-SRP support disabled"); - } -#endif - if(m_version.supports_negotiable_signature_algorithms()) m_extensions.add(new Signature_Algorithms(policy.allowed_signature_schemes())); @@ -380,15 +362,6 @@ std::string Client_Hello::sni_hostname() const return ""; } -#if defined(BOTAN_HAS_SRP6) -std::string Client_Hello::srp_identifier() const - { - if(SRP_Identifier* srp = m_extensions.get<SRP_Identifier>()) - return srp->identifier(); - return ""; - } -#endif - bool Client_Hello::secure_renegotiation() const { return m_extensions.has<Renegotiation_Extension>(); diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 39266962b..beeede31f 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -23,10 +23,6 @@ #include <botan/cecpq1.h> #endif -#if defined(BOTAN_HAS_SRP6) - #include <botan/srp6.h> -#endif - namespace Botan { namespace TLS { @@ -146,36 +142,6 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_key_material, ecdh_result.second, 1); } -#if defined(BOTAN_HAS_SRP6) - else if(kex_algo == Kex_Algo::SRP_SHA) - { - const BigInt N = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); - const BigInt g = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); - std::vector<uint8_t> salt = reader.get_range<uint8_t>(1, 1, 255); - const BigInt B = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); - - const std::string srp_group = srp6_group_identifier(N, g); - - const std::string srp_identifier = - creds.srp_identifier("tls-client", hostname); - - const std::string srp_password = - creds.srp_password("tls-client", hostname, srp_identifier); - - std::pair<BigInt, SymmetricKey> srp_vals = - srp6_client_agree(srp_identifier, - srp_password, - srp_group, - "SHA-1", - salt, - B, - rng); - - append_tls_length_value(m_key_material, BigInt::encode(srp_vals.first), 2); - m_pre_master = srp_vals.second.bits_of(); - } -#endif - #if defined(BOTAN_HAS_CECPQ1) else if(kex_algo == Kex_Algo::CECPQ1) { @@ -313,14 +279,6 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents, append_tls_length_value(m_pre_master, zeros, 2); append_tls_length_value(m_pre_master, psk.bits_of(), 2); } -#if defined(BOTAN_HAS_SRP6) - else if(kex_algo == Kex_Algo::SRP_SHA) - { - SRP6_Server_Session& srp = state.server_kex()->server_srp_params(); - - m_pre_master = srp.step2(BigInt::decode(reader.get_range<uint8_t>(2, 0, 65535))).bits_of(); - } -#endif #if defined(BOTAN_HAS_CECPQ1) else if(kex_algo == Kex_Algo::CECPQ1) { diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index cefb88904..35bd94d1b 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -26,10 +26,6 @@ #include <botan/cecpq1.h> #endif -#if defined(BOTAN_HAS_SRP6) - #include <botan/srp6.h> -#endif - namespace Botan { namespace TLS { @@ -137,37 +133,6 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, append_tls_length_value(m_params, ecdh_public_val, 1); } -#if defined(BOTAN_HAS_SRP6) - else if(kex_algo == Kex_Algo::SRP_SHA) - { - const std::string srp_identifier = state.client_hello()->srp_identifier(); - - std::string group_id; - BigInt v; - std::vector<uint8_t> salt; - - const bool found = creds.srp_verifier("tls-server", hostname, - srp_identifier, - group_id, v, salt, - policy.hide_unknown_users()); - - if(!found) - throw TLS_Exception(Alert::UNKNOWN_PSK_IDENTITY, - "Unknown SRP user " + srp_identifier); - - m_srp_params.reset(new SRP6_Server_Session); - - BigInt B = m_srp_params->step1(v, group_id, - "SHA-1", rng); - - DL_Group group(group_id); - - append_tls_length_value(m_params, BigInt::encode(group.get_p()), 2); - append_tls_length_value(m_params, BigInt::encode(group.get_g()), 2); - append_tls_length_value(m_params, salt, 1); - append_tls_length_value(m_params, BigInt::encode(B), 2); - } -#endif #if defined(BOTAN_HAS_CECPQ1) else if(kex_algo == Kex_Algo::CECPQ1) { @@ -239,15 +204,6 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector<uint8_t>& buf, reader.get_uint16_t(); // curve id reader.get_range<uint8_t>(1, 1, 255); // public key } - else if(kex_algo == Kex_Algo::SRP_SHA) - { - // 2 bigints (N,g) then salt, then server B - - reader.get_range<uint8_t>(2, 1, 65535); - reader.get_range<uint8_t>(2, 1, 65535); - reader.get_range<uint8_t>(1, 1, 255); - reader.get_range<uint8_t>(2, 1, 65535); - } else if(kex_algo == Kex_Algo::CECPQ1) { // u16 blob diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp index 5c383807b..cdd6cc1b9 100644 --- a/src/lib/tls/tls_algos.cpp +++ b/src/lib/tls/tls_algos.cpp @@ -38,8 +38,6 @@ std::string kex_method_to_string(Kex_Algo method) return "ECDH"; case Kex_Algo::CECPQ1: return "CECPQ1"; - case Kex_Algo::SRP_SHA: - return "SRP_SHA"; case Kex_Algo::PSK: return "PSK"; case Kex_Algo::DHE_PSK: @@ -65,9 +63,6 @@ Kex_Algo kex_method_from_string(const std::string& str) if(str == "CECPQ1") return Kex_Algo::CECPQ1; - if(str == "SRP_SHA") - return Kex_Algo::SRP_SHA; - if(str == "PSK") return Kex_Algo::PSK; diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h index 0d3a02304..80bb55224 100644 --- a/src/lib/tls/tls_algos.h +++ b/src/lib/tls/tls_algos.h @@ -141,7 +141,6 @@ enum class Kex_Algo { DH, ECDH, CECPQ1, - SRP_SHA, PSK, DHE_PSK, ECDHE_PSK, diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 738be110b..3e54bcb89 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -199,13 +199,7 @@ bool Ciphersuite::is_usable() const return false; } - if(kex_method() == Kex_Algo::SRP_SHA) - { -#if !defined(BOTAN_HAS_SRP6) - return false; -#endif - } - else if(kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK) + if(kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK) { #if !defined(BOTAN_HAS_ECDH) return false; diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 091e649a9..7b668d48a 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -75,11 +75,8 @@ Client::Client(Callbacks& callbacks, m_creds(creds), m_info(info) { - const std::string srp_identifier = m_creds.srp_identifier("tls-client", m_info.hostname()); - Handshake_State& state = create_handshake_state(offer_version); - send_client_hello(state, false, offer_version, - srp_identifier, next_protocols); + send_client_hello(state, false, offer_version, next_protocols); } Handshake_State* Client::new_handshake_state(Handshake_IO* io) @@ -113,7 +110,6 @@ void Client::initiate_handshake(Handshake_State& state, void Client::send_client_hello(Handshake_State& state_base, bool force_full_renegotiation, Protocol_Version version, - const std::string& srp_identifier, const std::vector<std::string>& next_protocols) { Client_Handshake_State& state = dynamic_cast<Client_Handshake_State&>(state_base); @@ -140,27 +136,24 @@ void Client::send_client_hello(Handshake_State& state_base, if(policy().acceptable_ciphersuite(session_info->ciphersuite()) && session_version_ok) { - if(srp_identifier == "" || session_info->srp_identifier() == srp_identifier) - { - state.client_hello( - new Client_Hello(state.handshake_io(), - state.hash(), - policy(), - callbacks(), - rng(), - secure_renegotiation_data_for_client_hello(), - *session_info, - next_protocols)); - - state.resumed_session = std::move(session_info); - } + state.client_hello( + new Client_Hello(state.handshake_io(), + state.hash(), + policy(), + callbacks(), + rng(), + secure_renegotiation_data_for_client_hello(), + *session_info, + next_protocols)); + + state.resumed_session = std::move(session_info); } } } if(!state.client_hello()) // not resuming { - Client_Hello::Settings client_settings(version, m_info.hostname(), srp_identifier); + Client_Hello::Settings client_settings(version, m_info.hostname()); state.client_hello(new Client_Hello( state.handshake_io(), state.hash(), @@ -709,7 +702,6 @@ void Client::process_handshake_msg(const Handshake_State* active_state, get_peer_cert_chain(state), session_ticket, m_info, - "", state.server_hello()->srtp_profile() ); diff --git a/src/lib/tls/tls_client.h b/src/lib/tls/tls_client.h index 7440e59ef..8528491ce 100644 --- a/src/lib/tls/tls_client.h +++ b/src/lib/tls/tls_client.h @@ -75,7 +75,6 @@ class BOTAN_PUBLIC_API(2,0) Client final : public Channel void send_client_hello(Handshake_State& state, bool force_full_renegotiation, Protocol_Version version, - const std::string& srp_identifier = "", const std::vector<std::string>& next_protocols = {}); void process_handshake_msg(const Handshake_State* active_state, diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 631868703..ce067d7c0 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -24,11 +24,6 @@ Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size, case TLSEXT_SERVER_NAME_INDICATION: return new Server_Name_Indicator(reader, size); -#if defined(BOTAN_HAS_SRP6) - case TLSEXT_SRP_IDENTIFIER: - return new SRP_Identifier(reader, size); -#endif - case TLSEXT_SUPPORTED_GROUPS: return new Supported_Groups(reader, size); @@ -213,27 +208,6 @@ std::vector<uint8_t> Server_Name_Indicator::serialize(Connection_Side /*whoami*/ return buf; } -#if defined(BOTAN_HAS_SRP6) - -SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, - uint16_t extension_size) : m_srp_identifier(reader.get_string(1, 1, 255)) - { - if(m_srp_identifier.size() + 1 != extension_size) - throw Decoding_Error("Bad encoding for SRP identifier extension"); - } - -std::vector<uint8_t> SRP_Identifier::serialize(Connection_Side /*whoami*/) const - { - std::vector<uint8_t> buf; - - const uint8_t* srp_bytes = cast_char_ptr_to_uint8(m_srp_identifier.data()); - append_tls_length_value(buf, srp_bytes, m_srp_identifier.size(), 1); - - return buf; - } - -#endif - Renegotiation_Extension::Renegotiation_Extension(TLS_Data_Reader& reader, uint16_t extension_size) : m_reneg_data(reader.get_range<uint8_t>(1, 0, 255)) { diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index a426c8e56..fefa8af77 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -36,7 +36,6 @@ enum Handshake_Extension_Type { TLSEXT_CERTIFICATE_TYPES = 9, TLSEXT_SUPPORTED_GROUPS = 10, TLSEXT_EC_POINT_FORMATS = 11, - TLSEXT_SRP_IDENTIFIER = 12, TLSEXT_SIGNATURE_ALGORITHMS = 13, TLSEXT_USE_SRTP = 14, TLSEXT_ALPN = 16, @@ -101,34 +100,6 @@ class BOTAN_UNSTABLE_API Server_Name_Indicator final : public Extension std::string m_sni_host_name; }; -#if defined(BOTAN_HAS_SRP6) -/** -* SRP identifier extension (RFC 5054) -*/ -class BOTAN_UNSTABLE_API SRP_Identifier final : public Extension - { - public: - static Handshake_Extension_Type static_type() - { return TLSEXT_SRP_IDENTIFIER; } - - Handshake_Extension_Type type() const override { return static_type(); } - - explicit SRP_Identifier(const std::string& identifier) : - m_srp_identifier(identifier) {} - - SRP_Identifier(TLS_Data_Reader& reader, - uint16_t extension_size); - - std::string identifier() const { return m_srp_identifier; } - - std::vector<uint8_t> serialize(Connection_Side whoami) const override; - - bool empty() const override { return m_srp_identifier.empty(); } - private: - std::string m_srp_identifier; - }; -#endif - /** * Renegotiation Indication Extension (RFC 5746) */ diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 7c1264511..ee54000f7 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -359,18 +359,6 @@ Handshake_State::get_next_handshake_msg() return m_handshake_io->get_next_record(expecting_ccs); } -std::string Handshake_State::srp_identifier() const - { -#if defined(BOTAN_HAS_SRP6) - // Authenticated via the successful key exchange - if(ciphersuite().valid() && ciphersuite().kex_method() == Kex_Algo::SRP_SHA) - return client_hello()->srp_identifier(); -#endif - - return ""; - } - - std::vector<uint8_t> Handshake_State::session_ticket() const { if(new_session_ticket() && !new_session_ticket()->ticket().empty()) diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h index 3321a6210..0238ebd2b 100644 --- a/src/lib/tls/tls_handshake_state.h +++ b/src/lib/tls/tls_handshake_state.h @@ -93,8 +93,6 @@ class Handshake_State bool for_client_auth, const Policy& policy) const; - std::string srp_identifier() const; - KDF* protocol_specific_prf() const; Protocol_Version version() const { return m_version; } diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index fc95a1c02..5de15f0a2 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -25,10 +25,6 @@ #include <botan/cecpq1.h> #endif -#if defined(BOTAN_HAS_SRP6) - #include <botan/srp6.h> -#endif - namespace Botan { class Public_Key; @@ -74,20 +70,16 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message { public: Settings(const Protocol_Version version, - const std::string& hostname = "", - const std::string& srp_identifier = "") : + const std::string& hostname = "") : m_new_session_version(version), - m_hostname(hostname), - m_srp_identifier(srp_identifier) {} + m_hostname(hostname) {} const Protocol_Version protocol_version() const { return m_new_session_version; } const std::string& hostname() const { return m_hostname; } - const std::string& srp_identifier() const { return m_srp_identifier; } private: const Protocol_Version m_new_session_version; const std::string m_hostname; - const std::string m_srp_identifier; }; Handshake_Type type() const override { return CLIENT_HELLO; } @@ -118,10 +110,6 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message std::string sni_hostname() const; -#if defined(BOTAN_HAS_SRP6) - std::string srp_identifier() const; -#endif - bool secure_renegotiation() const; std::vector<uint8_t> renegotiation_info() const; @@ -543,15 +531,6 @@ class BOTAN_UNSTABLE_API Server_Key_Exchange final : public Handshake_Message // Only valid for certain kex types const Private_Key& server_kex_key() const; -#if defined(BOTAN_HAS_SRP6) - // Only valid for SRP negotiation - SRP6_Server_Session& server_srp_params() const - { - BOTAN_ASSERT_NONNULL(m_srp_params); - return *m_srp_params; - } -#endif - #if defined(BOTAN_HAS_CECPQ1) // Only valid for CECPQ1 negotiation const CECPQ1_key& cecpq1_key() const @@ -577,10 +556,6 @@ class BOTAN_UNSTABLE_API Server_Key_Exchange final : public Handshake_Message private: std::vector<uint8_t> serialize() const override; -#if defined(BOTAN_HAS_SRP6) - std::unique_ptr<SRP6_Server_Session> m_srp_params; -#endif - #if defined(BOTAN_HAS_CECPQ1) std::unique_ptr<CECPQ1_key> m_cecpq1_key; #endif diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index a63c73101..b2e8a86f7 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -92,7 +92,6 @@ std::vector<std::string> Policy::allowed_macs() const std::vector<std::string> Policy::allowed_key_exchange_methods() const { return { - //"SRP_SHA", //"ECDHE_PSK", //"DHE_PSK", //"PSK", @@ -428,8 +427,7 @@ class Ciphersuite_Preference_Ordering final } -std::vector<uint16_t> Policy::ciphersuite_list(Protocol_Version version, - bool have_srp) const +std::vector<uint16_t> Policy::ciphersuite_list(Protocol_Version version) const { const std::vector<std::string> ciphers = allowed_ciphers(); const std::vector<std::string> macs = allowed_macs(); @@ -452,10 +450,6 @@ std::vector<uint16_t> Policy::ciphersuite_list(Protocol_Version version, if(!this->acceptable_ciphersuite(suite)) continue; - // Are we doing SRP? - if(!have_srp && suite.kex_method() == Kex_Algo::SRP_SHA) - continue; - if(!value_exists(kex, suite.kex_algo())) continue; // unsupported key exchange diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index c0f618e0f..209e814c2 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -205,7 +205,7 @@ class BOTAN_PUBLIC_API(2,0) Policy virtual void check_peer_key_acceptable(const Public_Key& public_key) const; /** - * If this function returns false, unknown SRP/PSK identifiers + * If this function returns false, unknown PSK identifiers * will be rejected with an unknown_psk_identifier alert as soon * as the non-existence is identified. Otherwise, a false * identifier value will be used and the protocol allowed to @@ -295,8 +295,7 @@ class BOTAN_PUBLIC_API(2,0) Policy /** * Return allowed ciphersuites, in order of preference */ - virtual std::vector<uint16_t> ciphersuite_list(Protocol_Version version, - bool have_srp) const; + virtual std::vector<uint16_t> ciphersuite_list(Protocol_Version version) const; /** * @return the default MTU for DTLS diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 3fd4565fd..c62053857 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -104,15 +104,6 @@ bool check_for_resume(Session& session_info, session_info.ciphersuite_code())) return false; -#if defined(BOTAN_HAS_SRP6) - // client sent a different SRP identity - if(client_hello->srp_identifier() != "") - { - if(client_hello->srp_identifier() != session_info.srp_identifier()) - return false; - } -#endif - // client sent a different SNI hostname if(client_hello->sni_hostname() != "") { @@ -158,14 +149,12 @@ bool check_for_resume(Session& session_info, uint16_t choose_ciphersuite( const Policy& policy, Protocol_Version version, - Credentials_Manager& creds, const std::map<std::string, std::vector<X509_Certificate>>& cert_chains, const Client_Hello& client_hello) { const bool our_choice = policy.server_uses_own_ciphersuite_preferences(); - const bool have_srp = creds.attempt_srp("tls-server", client_hello.sni_hostname()); const std::vector<uint16_t> client_suites = client_hello.ciphersuites(); - const std::vector<uint16_t> server_suites = policy.ciphersuite_list(version, have_srp); + const std::vector<uint16_t> server_suites = policy.ciphersuite_list(version); if(server_suites.empty()) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, @@ -248,20 +237,6 @@ uint16_t choose_ciphersuite( } } -#if defined(BOTAN_HAS_SRP6) - /* - The client may offer SRP cipher suites in the hello message but - omit the SRP extension. If the server would like to select an - SRP cipher suite in this case, the server SHOULD return a fatal - "unknown_psk_identity" alert immediately after processing the - client hello message. - - RFC 5054 section 2.5.1.2 - */ - if(suite.kex_method() == Kex_Algo::SRP_SHA && client_hello.srp_identifier() == "") - throw TLS_Exception(Alert::UNKNOWN_PSK_IDENTITY, - "Client wanted SRP but did not send username"); -#endif - return suite_id; } @@ -686,7 +661,6 @@ void Server::process_finished_msg(Server_Handshake_State& pending_state, get_peer_cert_chain(pending_state), std::vector<uint8_t>(), Server_Information(pending_state.client_hello()->sni_hostname()), - pending_state.srp_identifier(), pending_state.server_hello()->srtp_profile()); if(save_session(session_info)) @@ -871,7 +845,7 @@ void Server::session_create(Server_Handshake_State& pending_state, } const uint16_t ciphersuite = choose_ciphersuite(policy(), pending_state.version(), - m_creds, cert_chains, + cert_chains, *pending_state.client_hello()); Server_Hello::Settings srv_settings( diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index bd817687c..de118f778 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -29,7 +29,6 @@ Session::Session(const std::vector<uint8_t>& session_identifier, const std::vector<X509_Certificate>& certs, const std::vector<uint8_t>& ticket, const Server_Information& server_info, - const std::string& srp_identifier, uint16_t srtp_profile) : m_start_time(std::chrono::system_clock::now()), m_identifier(session_identifier), @@ -42,8 +41,7 @@ Session::Session(const std::vector<uint8_t>& session_identifier, m_extended_master_secret(extended_master_secret), m_encrypt_then_mac(encrypt_then_mac), m_peer_certs(certs), - m_server_info(server_info), - m_srp_identifier(srp_identifier) + m_server_info(server_info) { } @@ -124,8 +122,6 @@ Session::Session(const uint8_t ber[], size_t ber_len) server_service.value(), static_cast<uint16_t>(server_port)); - m_srp_identifier = srp_identifier_str.value(); - if(!peer_cert_bits.empty()) { DataSource_Memory certs(peer_cert_bits.data(), peer_cert_bits.size()); @@ -160,7 +156,7 @@ secure_vector<uint8_t> Session::DER_encode() const .encode(ASN1_String(m_server_info.hostname(), UTF8_STRING)) .encode(ASN1_String(m_server_info.service(), UTF8_STRING)) .encode(static_cast<size_t>(m_server_info.port())) - .encode(ASN1_String(m_srp_identifier, UTF8_STRING)) + .encode(ASN1_String("", UTF8_STRING)) // old srp identifier .encode(static_cast<size_t>(m_srtp_profile)) .end_cons() .get_contents(); diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h index 5a75e6a32..5cb1f44be 100644 --- a/src/lib/tls/tls_session.h +++ b/src/lib/tls/tls_session.h @@ -54,7 +54,6 @@ class BOTAN_PUBLIC_API(2,0) Session final const std::vector<X509_Certificate>& peer_certs, const std::vector<uint8_t>& session_ticket, const Server_Information& server_info, - const std::string& srp_identifier, uint16_t srtp_profile); /** @@ -134,11 +133,6 @@ class BOTAN_PUBLIC_API(2,0) Session final Connection_Side side() const { return m_connection_side; } /** - * Get the SRP identity (if sent by the client in the initial handshake) - */ - const std::string& srp_identifier() const { return m_srp_identifier; } - - /** * Get the saved master secret */ const secure_vector<uint8_t>& master_secret() const { return m_master_secret; } @@ -200,7 +194,6 @@ class BOTAN_PUBLIC_API(2,0) Session final std::vector<X509_Certificate> m_peer_certs; Server_Information m_server_info; // optional - std::string m_srp_identifier; // optional }; } diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index 4c49f72ad..7c07720ec 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -3,7 +3,7 @@ * * This file was automatically generated from the IANA assignments * (tls-parameters.txt sha256 6412d7a966151d409d463681e5427e706cd9066f13d34ca7a89f8cc2f7dff4b2) -* by ./src/scripts/tls_suite_info.py on 2020-11-17 +* by ./src/scripts/tls_suite_info.py on 2020-11-21 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -65,12 +65,6 @@ const std::vector<Ciphersuite>& Ciphersuite::all_known_ciphersuites() Ciphersuite(0xC012, "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), Ciphersuite(0xC013, "ECDHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), Ciphersuite(0xC014, "ECDHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), - Ciphersuite(0xC01A, "SRP_SHA_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::SRP_SHA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), - Ciphersuite(0xC01B, "SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::SRP_SHA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), - Ciphersuite(0xC01D, "SRP_SHA_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::SRP_SHA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), - Ciphersuite(0xC01E, "SRP_SHA_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::SRP_SHA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), - Ciphersuite(0xC020, "SRP_SHA_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::SRP_SHA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), - Ciphersuite(0xC021, "SRP_SHA_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::SRP_SHA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), Ciphersuite(0xC023, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), Ciphersuite(0xC024, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), Ciphersuite(0xC027, "ECDHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index 3e3c40307..8d5184539 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -176,11 +176,6 @@ def process_command_line(args): parser.add_option('--without-cecpq1', action='store_false', dest='with_cecpq1', help='disable CECPQ1 suites') - parser.add_option('--with-srp-aead', action='store_true', default=False, - help='add SRP AEAD suites') - parser.add_option('--without-srp-aead', action='store_false', dest='with_srp_aead', - help='disable SRP AEAD suites') - parser.add_option('--save-download', action='store_true', default=False, help='save downloaded tls-parameters.txt to cwd') @@ -194,11 +189,12 @@ def main(args = None): if args is None: args = sys.argv - weak_crypto = ['EXPORT', 'RC2', 'IDEA', 'RC4', '_DES_', 'WITH_NULL', 'GOST', '_anon_', '_DSS_'] + weak_crypto = ['EXPORT', 'RC2', 'IDEA', 'RC4', '_DES_', 'WITH_NULL', 'GOST', '_anon_'] static_dh = ['ECDH_ECDSA', 'ECDH_RSA', 'DH_DSS', 'DH_RSA'] # not supported + removed_algos = ['_DSS_', 'SRP_'] protocol_goop = ['SCSV', 'KRB5'] maybe_someday = ['RSA_PSK', 'ECCPWD'] - not_supported = weak_crypto + static_dh + protocol_goop + maybe_someday + not_supported = weak_crypto + static_dh + protocol_goop + maybe_someday + removed_algos (options, args) = process_command_line(args) @@ -269,19 +265,6 @@ def main(args = None): define_custom_ciphersuite('CECPQ1_ECDSA_WITH_AES_256_OCB_SHA256', 'FFCD') #define_custom_ciphersuite('CECPQ1_PSK_WITH_AES_256_OCB_SHA256', 'FFCE') - if options.with_srp_aead: - # SRP using GCM or OCB - Botan extension - define_custom_ciphersuite('SRP_SHA_WITH_AES_256_GCM_SHA384', 'FFA0') - define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_GCM_SHA384', 'FFA1') - define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_GCM_SHA384', 'FFA2') - define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_GCM_SHA384', 'FFA3') - - if options.with_ocb: - define_custom_ciphersuite('SRP_SHA_WITH_AES_256_OCB_SHA256', 'FFA4') - define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_OCB_SHA256', 'FFA5') - define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_OCB_SHA256', 'FFA6') - define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_OCB_SHA256', 'FFA7') - suite_info = '' def header(): diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp index 454388d0a..69cbf2095 100644 --- a/src/tests/test_tls.cpp +++ b/src/tests/test_tls.cpp @@ -50,7 +50,6 @@ class TLS_Session_Tests final : public Test std::vector<Botan::X509_Certificate>(), std::vector<uint8_t>(), Botan::TLS::Server_Information("server"), - "SRP username", 0x0000); const std::string pem = session.PEM_encode(); @@ -73,7 +72,6 @@ class TLS_Session_Tests final : public Test ctext2.data(), 12, expected_hdr.data(), 12); Botan::TLS::Session dsession = Botan::TLS::Session::decrypt(ctext1.data(), ctext1.size(), key); - result.test_eq("Decrypted session access works", dsession.srp_identifier(), "SRP username"); Fixed_Output_RNG frng1("00112233445566778899AABBCCDDEEFF802802802802802802802802"); const std::vector<uint8_t> ctextf1 = session.encrypt(key, frng1); @@ -466,7 +464,6 @@ class Test_TLS_Algo_Strings : public Test Botan::TLS::Kex_Algo::DH, Botan::TLS::Kex_Algo::ECDH, Botan::TLS::Kex_Algo::CECPQ1, - Botan::TLS::Kex_Algo::SRP_SHA, Botan::TLS::Kex_Algo::PSK, Botan::TLS::Kex_Algo::DHE_PSK, Botan::TLS::Kex_Algo::ECDHE_PSK diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 8ecd305e9..b9057c23f 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -28,10 +28,6 @@ #include <botan/x509_ca.h> #include <botan/x509self.h> - #if defined(BOTAN_HAS_SRP6) - #include <botan/srp6.h> - #endif - #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) #include <botan/tls_session_manager_sqlite.h> #endif @@ -237,88 +233,6 @@ create_creds(Botan::RandomNumberGenerator& rng, return cmt; } -#if defined(BOTAN_HAS_SRP6) -Botan::Credentials_Manager* -create_srp6_creds(Botan::RandomNumberGenerator& rng) - { - class Credentials_Manager_SRP6 : public Botan::Credentials_Manager - { - public: - Credentials_Manager_SRP6(Botan::RandomNumberGenerator& rng) - { - m_group_id = "modp/srp/1024"; - m_username = "srp6_username"; - m_password = "srp6_password"; - m_salt.resize(16); - rng.randomize(m_salt.data(), m_salt.size()); - - m_verifier = Botan::generate_srp6_verifier(m_username, - m_password, - m_salt, - m_group_id, - "SHA-1"); - } - - bool attempt_srp(const std::string& /*type*/, - const std::string& /*context*/) override - { - return true; - } - - std::string srp_identifier(const std::string& /*type*/, - const std::string& /*context*/) override - { - return m_username; - } - - std::string srp_password(const std::string& /*type*/, - const std::string& /*context*/, - const std::string& identifier) override - { - if(identifier == m_username) - return m_password; - return ""; - } - - bool srp_verifier(const std::string& /*type*/, - const std::string& /*context*/, - const std::string& identifier, - std::string& group_name, - Botan::BigInt& verifier, - std::vector<uint8_t>& salt, - bool generate_fake_on_unknown) override - { - // FIXME test generate_fake_on_unknown behavior - if(identifier == m_username) - { - group_name = m_group_id; - verifier = m_verifier; - salt = m_salt; - return true; - } - else if(generate_fake_on_unknown) - { - group_name = m_group_id; - verifier = m_verifier + 1; - salt = m_salt; - return true; - } - else - return false; - } - - std::string m_username; - std::string m_password; - std::vector<uint8_t> m_salt; - std::string m_group_id; - Botan::BigInt m_verifier; - }; - - return new Credentials_Manager_SRP6(rng); - } -#endif - - class TLS_Handshake_Test final { public: @@ -783,7 +697,7 @@ class TLS_Unit_Tests final : public Test policy.set("allow_dtls10", "true"); policy.set("allow_dtls12", "true"); - if(kex_policy.find("RSA") != std::string::npos || kex_policy.find("SRP") != std::string::npos) + if(kex_policy.find("RSA") != std::string::npos) { policy.set("signature_methods", "IMPLICIT"); } @@ -908,11 +822,6 @@ class TLS_Unit_Tests final : public Test test_modern_versions("AES-128 DH", results, *client_ses, *server_ses, *creds, "DH", "AES-128", "SHA-256"); -#if defined(BOTAN_HAS_SRP6) - std::unique_ptr<Botan::Credentials_Manager> srp6_creds(create_srp6_creds(rng)); - test_all_versions("SRP6 AES", results, *client_ses, *server_ses, *srp6_creds, "SRP_SHA", "AES-128", "SHA-1", "false"); -#endif - #endif Botan::TLS::Strict_Policy strict_policy; |