aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/tls/msg_client_hello.cpp20
-rw-r--r--src/lib/tls/msg_server_hello.cpp2
-rw-r--r--src/lib/tls/tls_extensions.cpp93
-rw-r--r--src/lib/tls/tls_extensions.h41
-rw-r--r--src/lib/tls/tls_messages.h2
-rw-r--r--src/lib/tls/tls_reader.h6
-rw-r--r--src/lib/tls/tls_server.cpp34
-rw-r--r--src/lib/tls/tls_version.h6
8 files changed, 174 insertions, 30 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index 539e2a780..657fe01b2 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -108,6 +108,8 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_extensions.add(new Renegotiation_Extension(reneg_info));
+ m_extensions.add(new Supported_Versions(m_version, policy));
+
if(client_settings.hostname() != "")
m_extensions.add(new Server_Name_Indicator(client_settings.hostname()));
@@ -280,7 +282,7 @@ Client_Hello::Client_Hello(const std::vector<uint8_t>& buf)
m_comp_methods = reader.get_range_vector<uint8_t>(1, 1, 255);
- m_extensions.deserialize(reader, Connection_Side::SERVER);
+ m_extensions.deserialize(reader, Connection_Side::CLIENT);
if(offered_suite(static_cast<uint16_t>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)))
{
@@ -296,15 +298,6 @@ Client_Hello::Client_Hello(const std::vector<uint8_t>& buf)
m_extensions.add(new Renegotiation_Extension());
}
}
-
- // Parsing complete, now any additional decoding checks
-
- if(m_version.supports_negotiable_signature_algorithms() == false)
- {
- if(m_extensions.has<Signature_Algorithms>())
- throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
- "Client sent signature_algorithms extension in version that doesn't support it");
- }
}
bool Client_Hello::sent_fallback_scsv() const
@@ -386,6 +379,13 @@ std::vector<uint8_t> Client_Hello::renegotiation_info() const
return std::vector<uint8_t>();
}
+std::vector<Protocol_Version> Client_Hello::supported_versions() const
+ {
+ if(Supported_Versions* versions = m_extensions.get<Supported_Versions>())
+ return versions->versions();
+ return {};
+ }
+
bool Client_Hello::supports_session_ticket() const
{
return m_extensions.has<Session_Ticket>();
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index 933ee8af7..f3ef45f50 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -159,7 +159,7 @@ Server_Hello::Server_Hello(const std::vector<uint8_t>& buf)
m_comp_method = reader.get_byte();
- m_extensions.deserialize(reader, Connection_Side::CLIENT);
+ m_extensions.deserialize(reader, Connection_Side::SERVER);
}
/*
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index ca4e1200f..54f006c74 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -9,6 +9,7 @@
#include <botan/tls_extensions.h>
#include <botan/internal/tls_reader.h>
#include <botan/tls_exceptn.h>
+#include <botan/tls_policy.h>
namespace Botan {
@@ -16,10 +17,8 @@ namespace TLS {
namespace {
-Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size, Connection_Side side)
+Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size, Connection_Side from)
{
- BOTAN_UNUSED(side);
-
switch(code)
{
case TLSEXT_SERVER_NAME_INDICATION:
@@ -34,7 +33,7 @@ Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size,
return new Supported_Groups(reader, size);
case TLSEXT_CERT_STATUS_REQUEST:
- return new Certificate_Status_Request(reader, size, side);
+ return new Certificate_Status_Request(reader, size, from);
case TLSEXT_EC_POINT_FORMATS:
return new Supported_Point_Formats(reader, size);
@@ -59,6 +58,9 @@ Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size,
case TLSEXT_SESSION_TICKET:
return new Session_Ticket(reader, size);
+
+ case TLSEXT_SUPPORTED_VERSIONS:
+ return new Supported_Versions(reader, size, from);
}
return new Unknown_Extension(static_cast<Handshake_Extension_Type>(code),
@@ -67,7 +69,7 @@ Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size,
}
-void Extensions::deserialize(TLS_Data_Reader& reader, Connection_Side side)
+void Extensions::deserialize(TLS_Data_Reader& reader, Connection_Side from)
{
if(reader.has_remaining())
{
@@ -88,7 +90,7 @@ void Extensions::deserialize(TLS_Data_Reader& reader, Connection_Side side)
"Peer sent duplicated extensions");
Extension* extn = make_extension(
- reader, extension_code, extension_size, side);
+ reader, extension_code, extension_size, from);
this->add(extn);
}
@@ -539,8 +541,8 @@ std::vector<uint8_t> Certificate_Status_Request::serialize() const
Certificate_Status_Request::Certificate_Status_Request(TLS_Data_Reader& reader,
uint16_t extension_size,
- Connection_Side side) :
- m_server_side(side == SERVER)
+ Connection_Side from) :
+ m_server_side(from == SERVER)
{
if(extension_size > 0)
{
@@ -573,6 +575,81 @@ Certificate_Status_Request::Certificate_Status_Request() : m_server_side(true)
}
+std::vector<uint8_t> Supported_Versions::serialize() const
+ {
+ std::vector<uint8_t> buf;
+
+ if(m_server_side)
+ {
+ BOTAN_ASSERT_NOMSG(m_versions.size() == 1);
+ buf.push_back(m_versions[0].major_version());
+ buf.push_back(m_versions[0].minor_version());
+ }
+ else
+ {
+ const uint8_t len = static_cast<uint8_t>(m_versions.size() * 2);
+
+ buf.push_back(len);
+
+ for(Protocol_Version version : m_versions)
+ {
+ buf.push_back(get_byte(0, version.major_version()));
+ buf.push_back(get_byte(1, version.minor_version()));
+ }
+ }
+
+ return buf;
+ }
+
+Supported_Versions::Supported_Versions(Protocol_Version offer, const Policy& policy) :
+ m_server_side(false)
+ {
+ if(offer.is_datagram_protocol())
+ {
+ if(offer >= Protocol_Version::DTLS_V12 && policy.allow_dtls12())
+ m_versions.push_back(Protocol_Version::DTLS_V12);
+ if(offer >= Protocol_Version::DTLS_V10 && policy.allow_dtls10())
+ m_versions.push_back(Protocol_Version::DTLS_V10);
+ }
+ else
+ {
+ if(offer >= Protocol_Version::TLS_V12 && policy.allow_tls12())
+ m_versions.push_back(Protocol_Version::TLS_V12);
+ if(offer >= Protocol_Version::TLS_V11 && policy.allow_tls11())
+ m_versions.push_back(Protocol_Version::TLS_V11);
+ if(offer >= Protocol_Version::TLS_V10 && policy.allow_tls10())
+ m_versions.push_back(Protocol_Version::TLS_V10);
+ }
+ }
+
+Supported_Versions::Supported_Versions(TLS_Data_Reader& reader,
+ uint16_t extension_size,
+ Connection_Side from)
+ {
+ if(from == Connection_Side::SERVER)
+ {
+ m_server_side = true;
+ m_versions.push_back(Protocol_Version(reader.get_uint16_t()));
+ }
+ else
+ {
+ m_server_side = false;
+
+ auto versions = reader.get_range<uint16_t>(1, 1, 127);
+
+ for(auto v : versions)
+ m_versions.push_back(Protocol_Version(v));
+ }
+ }
+
+bool Supported_Versions::supports(Protocol_Version version) const
+ {
+ for(auto v : m_versions)
+ if(version == v)
+ return true;
+ return false;
+ }
+
}
}
diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h
index 5920a1576..e015f7b82 100644
--- a/src/lib/tls/tls_extensions.h
+++ b/src/lib/tls/tls_extensions.h
@@ -12,6 +12,7 @@
#include <botan/tls_algos.h>
#include <botan/tls_magic.h>
+#include <botan/tls_version.h>
#include <botan/secmem.h>
#include <botan/x509_dn.h>
#include <vector>
@@ -23,6 +24,8 @@ namespace Botan {
namespace TLS {
+class Policy;
+
class TLS_Data_Reader;
enum Handshake_Extension_Type {
@@ -42,6 +45,8 @@ enum Handshake_Extension_Type {
TLSEXT_SESSION_TICKET = 35,
+ TLSEXT_SUPPORTED_VERSIONS = 43,
+
TLSEXT_SAFE_RENEGOTIATION = 65281,
};
@@ -425,6 +430,40 @@ class BOTAN_UNSTABLE_API Certificate_Status_Request final : public Extension
};
/**
+* Supported Versions from RFC 8446
+*/
+class BOTAN_UNSTABLE_API Supported_Versions final : public Extension
+ {
+ public:
+ static Handshake_Extension_Type static_type()
+ { return TLSEXT_SUPPORTED_VERSIONS; }
+
+ Handshake_Extension_Type type() const override { return static_type(); }
+
+ std::vector<uint8_t> serialize() const override;
+
+ bool empty() const override { return m_versions.empty(); }
+
+ Supported_Versions(Protocol_Version version, const Policy& policy);
+
+ Supported_Versions(Protocol_Version version) : m_server_side(true)
+ {
+ m_versions.push_back(version);
+ }
+
+ Supported_Versions(TLS_Data_Reader& reader,
+ uint16_t extension_size,
+ Connection_Side from);
+
+ bool supports(Protocol_Version version) const;
+
+ const std::vector<Protocol_Version> versions() const { return m_versions; }
+ private:
+ std::vector<Protocol_Version> m_versions;
+ bool m_server_side;
+ };
+
+/**
* Unknown extensions are deserialized as this type
*/
class BOTAN_UNSTABLE_API Unknown_Extension final : public Extension
@@ -484,7 +523,7 @@ class BOTAN_UNSTABLE_API Extensions final
std::vector<uint8_t> serialize() const;
- void deserialize(TLS_Data_Reader& reader, Connection_Side side);
+ void deserialize(TLS_Data_Reader& reader, Connection_Side from);
/**
* Remvoe an extension from this extensions object, if it exists.
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index 31c067696..7c35bff87 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -94,6 +94,8 @@ class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message
Protocol_Version version() const { return m_version; }
+ std::vector<Protocol_Version> supported_versions() const;
+
const std::vector<uint8_t>& random() const { return m_random; }
const std::vector<uint8_t>& session_id() const { return m_session_id; }
diff --git a/src/lib/tls/tls_reader.h b/src/lib/tls/tls_reader.h
index 8474f1308..c6cffed32 100644
--- a/src/lib/tls/tls_reader.h
+++ b/src/lib/tls/tls_reader.h
@@ -98,7 +98,7 @@ class TLS_Data_Reader final
const size_t num_elems =
get_num_elems(len_bytes, sizeof(T), min_elems, max_elems);
- return get_elem<T, std::vector<T> >(num_elems);
+ return get_elem<T, std::vector<T>>(num_elems);
}
template<typename T>
@@ -109,7 +109,7 @@ class TLS_Data_Reader final
const size_t num_elems =
get_num_elems(len_bytes, sizeof(T), min_elems, max_elems);
- return get_elem<T, std::vector<T> >(num_elems);
+ return get_elem<T, std::vector<T>>(num_elems);
}
std::string get_string(size_t len_bytes,
@@ -125,7 +125,7 @@ class TLS_Data_Reader final
template<typename T>
std::vector<T> get_fixed(size_t size)
{
- return get_elem<T, std::vector<T> >(size);
+ return get_elem<T, std::vector<T>>(size);
}
private:
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index fb0b5eacc..d2474c225 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -382,10 +382,13 @@ namespace {
Protocol_Version select_version(const Botan::TLS::Policy& policy,
Protocol_Version client_offer,
Protocol_Version active_version,
- bool is_fallback)
+ bool is_fallback,
+ const std::vector<Protocol_Version>& supported_versions)
{
- const Protocol_Version latest_supported =
- policy.latest_supported_version(client_offer.is_datagram_protocol());
+ const bool is_datagram = client_offer.is_datagram_protocol();
+ const bool initial_handshake = (active_version.valid() == false);
+
+ const Protocol_Version latest_supported = policy.latest_supported_version(is_datagram);
if(is_fallback)
{
@@ -394,7 +397,27 @@ Protocol_Version select_version(const Botan::TLS::Policy& policy,
"Client signalled fallback SCSV, possible attack");
}
- const bool initial_handshake = (active_version.valid() == false);
+ if(supported_versions.size() > 0)
+ {
+ if(is_datagram)
+ {
+ if(policy.allow_dtls12() && value_exists(supported_versions, Protocol_Version(Protocol_Version::DTLS_V12)))
+ return Protocol_Version::DTLS_V12;
+ if(policy.allow_dtls10() && value_exists(supported_versions, Protocol_Version(Protocol_Version::DTLS_V10)))
+ return Protocol_Version::DTLS_V10;
+ throw TLS_Exception(Alert::PROTOCOL_VERSION, "No shared DTLS version");
+ }
+ else
+ {
+ if(policy.allow_tls12() && value_exists(supported_versions, Protocol_Version(Protocol_Version::TLS_V12)))
+ return Protocol_Version::TLS_V12;
+ if(policy.allow_tls11() && value_exists(supported_versions, Protocol_Version(Protocol_Version::TLS_V11)))
+ return Protocol_Version::TLS_V11;
+ if(policy.allow_tls10() && value_exists(supported_versions, Protocol_Version(Protocol_Version::TLS_V10)))
+ return Protocol_Version::TLS_V10;
+ throw TLS_Exception(Alert::PROTOCOL_VERSION, "No shared TLS version");
+ }
+ }
const bool client_offer_acceptable =
client_offer.known_version() && policy.acceptable_protocol_version(client_offer);
@@ -487,7 +510,8 @@ void Server::process_client_hello_msg(const Handshake_State* active_state,
const Protocol_Version negotiated_version =
select_version(policy(), client_offer,
active_state ? active_state->version() : Protocol_Version(),
- pending_state.client_hello()->sent_fallback_scsv());
+ pending_state.client_hello()->sent_fallback_scsv(),
+ pending_state.client_hello()->supported_versions());
const auto compression_methods = pending_state.client_hello()->compression_methods();
if(!value_exists(compression_methods, uint8_t(0)))
diff --git a/src/lib/tls/tls_version.h b/src/lib/tls/tls_version.h
index 13be64316..4d56f94ca 100644
--- a/src/lib/tls/tls_version.h
+++ b/src/lib/tls/tls_version.h
@@ -48,18 +48,20 @@ class BOTAN_PUBLIC_API(2,0) Protocol_Version final
Protocol_Version() : m_version(0) {}
+ explicit Protocol_Version(uint16_t code) : m_version(code) {}
+
/**
* @param named_version a specific named version of the protocol
*/
Protocol_Version(Version_Code named_version) :
- m_version(static_cast<uint16_t>(named_version)) {}
+ Protocol_Version(static_cast<uint16_t>(named_version)) {}
/**
* @param major the major version
* @param minor the minor version
*/
Protocol_Version(uint8_t major, uint8_t minor) :
- m_version(static_cast<uint16_t>((static_cast<uint16_t>(major) << 8) | minor)) {}
+ Protocol_Version(static_cast<uint16_t>((static_cast<uint16_t>(major) << 8) | minor)) {}
/**
* @return true if this is a valid protocol version
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 00:04:04 +0000