randombit · hrantzsch · Feb 24, 2022 · Jul 16, 2021 · Sep 29, 2021 · Oct 25, 2021
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp
@@ -148,12 +148,12 @@ std::string map_to_bogo_error(const std::string& e)
  { "Server changed its mind about extended master secret", ":RENEGOTIATION_EMS_MISMATCH:" },
  { "Server changed its mind about secure renegotiation", ":RENEGOTIATION_MISMATCH:" },
  { "Server changed version after renegotiation", ":WRONG_SSL_VERSION:" },
- { "Server downgraded version after renegotiation", ":WRONG_SSL_VERSION:" },
  { "Server policy prohibits renegotiation", ":NO_RENEGOTIATION:" },
  { "Server replied using a ciphersuite not allowed in version it offered", ":WRONG_CIPHER_RETURNED:" },
  { "Server replied with DTLS-SRTP alg we did not send", ":BAD_SRTP_PROTECTION_PROFILE_LIST:" },
  { "Server replied with ciphersuite we didn't send", ":WRONG_CIPHER_RETURNED:" },
- { "Server replied with later version than client offered", ":UNSUPPORTED_PROTOCOL:" },
+ { "Server replied with an invalid version", ":UNSUPPORTED_PROTOCOL:" }, // bogus version from "ServerBogusVersion"
+ { "Server version SSL v3 is unacceptable by policy", ":UNSUPPORTED_PROTOCOL:" }, // "NoSSL3-Client-Unsolicited"
  { "Server replied with non-null compression method", ":UNSUPPORTED_COMPRESSION_ALGORITHM:" },
  { "Server replied with some unknown ciphersuite", ":UNKNOWN_CIPHER_RETURNED:" },
  { "Server replied with unsupported extensions: 0", ":UNEXPECTED_EXTENSION:" },
@@ -941,6 +941,12 @@ class Shim_Policy final : public Botan::TLS::Policy
  return !m_args.flag_set("dtls") && !m_args.flag_set("no-tls12") && allow_version(Botan::TLS::Protocol_Version::TLS_V12);
  }
 
+ bool allow_tls13() const override
+ {
+ //TODO: No TLS 1.3 allowed until it is implemented
+ return false;
+ }
+
  bool allow_dtls12() const override
  {
  return m_args.flag_set("dtls") && !m_args.flag_set("no-tls12") && allow_version(Botan::TLS::Protocol_Version::DTLS_V12);
@@ -1067,6 +1073,12 @@ std::vector<uint16_t> Shim_Policy::ciphersuite_list(Botan::TLS::Protocol_Version
  for(auto i = ciphersuites.rbegin(); i != ciphersuites.rend(); ++i)
  {
  const auto suite = *i;
+
+ //TODO: Dummy way of skipping TLS 1.3 cipher suites
+ if(suite.kex_method() == Botan::TLS::Kex_Algo::UNDEFINED &&
+ suite.auth_method() == Botan::TLS::Auth_Method::UNDEFINED)
+ continue;
+
  // Can we use it?
  if(suite.valid() == false)
  continue;

diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
@@ -33,8 +33,8 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
  {
  public:
  TLS_Client()
- : Command("tls_client host --port=443 --print-certs --policy=default "
- "--skip-system-cert-store --trusted-cas= "
+ : Command("tls_client host --port=443 --print-certs --debug --policy=default "
+ "--skip-system-cert-store --trusted-cas= --tls-version=default "
  "--session-db= --session-db-pass= --next-protocols= --type=tcp")
  {
  init_sockets();
@@ -68,6 +68,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
  const std::string next_protos = get_arg("next-protocols");
  const bool use_system_cert_store = flag_set("skip-system-cert-store") == false;
  const std::string trusted_CAs = get_arg("trusted-cas");
+ const auto tls_version = get_arg("tls-version");
 
  if(!sessions_db.empty())
  {
@@ -91,22 +92,25 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
  throw CLI_Usage_Error("Invalid transport type '" + transport + "' for TLS");
  }
 
- const bool use_tcp = (transport == "tcp");
-
  const std::vector<std::string> protocols_to_offer = Command::split_on(next_protos, ',');
 
- Botan::TLS::Protocol_Version version =
- use_tcp ? Botan::TLS::Protocol_Version::TLS_V12 : Botan::TLS::Protocol_Version::DTLS_V12;
-
  if(!policy)
  {
  policy.reset(new Botan::TLS::Policy);
  }
 
- if(policy->acceptable_protocol_version(version) == false)
- {
- throw CLI_Usage_Error("The policy specified does not allow the requested TLS version");
+ const bool use_tcp = (transport == "tcp");
+ Botan::TLS::Protocol_Version version = policy->latest_supported_version(!use_tcp);
+
+ if(tls_version != "default") {
+ if(tls_version == "1.2") {
+ version = Botan::TLS::Protocol_Version::TLS_V12;
+ } else if (tls_version == "1.3") {
+ version = Botan::TLS::Protocol_Version::TLS_V13;
+ } else {
+ error_output() << "Unknown TLS protocol version " << tls_version << '\n';
  }
+ }
 
  struct sockaddr_storage addrbuf;
  std::string hostname;
@@ -168,6 +172,12 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
  continue;
  }
 
+ if (flag_set("debug"))
+ {
+ output() << "<<< received (" << got << " bytes)\n"
+ << Botan::hex_encode(buf, got) << "\n<<<\n";
+ }
+
  client.received_data(buf, got);
  }
 
@@ -347,6 +357,11 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
  {
  size_t offset = 0;
 
+ if (flag_set("debug"))
+ {
+ output() << ">>> sending (" << length << " bytes)\n" << Botan::hex_encode(buf,length);
+ }
+
  while(length)
  {
  ssize_t sent = ::send(m_sockfd, buf + offset, length, MSG_NOSIGNAL);
@@ -366,6 +381,11 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
  offset += sent;
  length -= sent;
  }
+
+ if(flag_set("debug"))
+ {
+ output() << "\n>>> sending done\n";
+ }
  }
 
  void tls_alert(Botan::TLS::Alert alert) override

diff --git a/src/cli/tls_utils.cpp b/src/cli/tls_utils.cpp
@@ -140,7 +140,7 @@ class TLS_Client_Hello_Reader final : public Command
 
  try
  {
- Botan::TLS::Client_Hello hello(input);
+ Botan::TLS::Client_Hello_12 hello(input);
 
  output() << format_hello(hello);
  }
@@ -151,10 +151,10 @@ class TLS_Client_Hello_Reader final : public Command
  }
 
  private:
- std::string format_hello(const Botan::TLS::Client_Hello& hello)
+ std::string format_hello(const Botan::TLS::Client_Hello_12& hello)
  {
  std::ostringstream oss;
- oss << "Version: " << hello.version().to_string() << "\n"
+ oss << "Version: " << hello.legacy_version().to_string() << "\n"
  << "Random: " << Botan::hex_encode(hello.random()) << "\n";
 
  if(!hello.session_id().empty())

diff --git a/src/configs/pylint.rc b/src/configs/pylint.rc
@@ -60,7 +60,7 @@ confidence=
 # no Warning level messages displayed, use"--disable=all --enable=classes
 # --disable=W"
 
-disable=missing-docstring,no-else-return,locally-disabled,import-outside-toplevel,super-with-arguments,raise-missing-from,duplicate-code,consider-using-f-string
+disable=missing-docstring,no-else-return,locally-disabled,import-outside-toplevel,super-with-arguments,raise-missing-from,duplicate-code,consider-using-f-string,fixme
 
 
 [REPORTS]

diff --git a/src/fuzzer/tls_client_hello.cpp b/src/fuzzer/tls_client_hello.cpp
@@ -12,7 +12,7 @@ void fuzz(const uint8_t in[], size_t len)
  try
  {
  std::vector<uint8_t> v(in, in + len);
- Botan::TLS::Client_Hello ch(v);
+ Botan::TLS::Client_Hello_12 ch(v); // TODO: We might want to do that for TLS 1.3 as well
  }
  catch(Botan::Exception& e) {}
  }
diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h
@@ -423,7 +423,7 @@ class BOTAN_PUBLIC_API(2,0) PK_Key_Agreement final
 
  /**
  * Perform Key Agreement Operation
- * @param key_len the desired key output size
+ * @param key_len the desired key output size (ignored if "Raw" KDF is used)
  * @param in the other parties key
  * @param in_len the length of in in bytes
  * @param params extra derivation params
@@ -437,7 +437,7 @@ class BOTAN_PUBLIC_API(2,0) PK_Key_Agreement final
 
  /**
  * Perform Key Agreement Operation
- * @param key_len the desired key output size
+ * @param key_len the desired key output size (ignored if "Raw" KDF is used)
  * @param in the other parties key
  * @param params extra derivation params
  * @param params_len the length of params in bytes
@@ -453,7 +453,7 @@ class BOTAN_PUBLIC_API(2,0) PK_Key_Agreement final
 
  /**
  * Perform Key Agreement Operation
- * @param key_len the desired key output size
+ * @param key_len the desired key output size (ignored if "Raw" KDF is used)
  * @param in the other parties key
  * @param in_len the length of in in bytes
  * @param params extra derivation params
@@ -469,7 +469,7 @@ class BOTAN_PUBLIC_API(2,0) PK_Key_Agreement final
 
  /**
  * Perform Key Agreement Operation
- * @param key_len the desired key output size
+ * @param key_len the desired key output size (ignored if "Raw" KDF is used)
  * @param in the other parties key
  * @param params extra derivation params
  */

diff --git a/src/lib/stream/ctr/ctr.h b/src/lib/stream/ctr/ctr.h
@@ -35,9 +35,6 @@ class CTR_BE final : public StreamCipher
 
  void clear() override;
 
- /**
- * @param cipher the block cipher to use
- */
  explicit CTR_BE(std::unique_ptr<BlockCipher>);
 
  CTR_BE(std::unique_ptr<BlockCipher> cipher, size_t ctr_size);

diff --git a/src/lib/tls/asio/asio_stream.h b/src/lib/tls/asio/asio_stream.h
@@ -716,7 +716,7 @@ class Stream
  m_context.m_policy,
  m_context.m_rng,
  m_context.m_server_info,
- Protocol_Version::latest_tls_version()));
+ Protocol_Version::TLS_V12)); // TODO don't hardcode
  }
  else
  {

diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt
@@ -24,23 +24,10 @@ tls_version.h
 </header:public>
 
 <header:internal>
-msg_client_hello_impl.h
-msg_certificate_impl.h
-msg_cert_verify_impl.h
-msg_cert_req_impl.h
-msg_finished_impl.h
-msg_server_hello_impl.h
 tls_channel_impl.h
-tls_client_impl.h
-tls_handshake_hash.h
-tls_handshake_io.h
-tls_handshake_state.h
+tls_handshake_transitions.h
 tls_reader.h
 tls_server_impl.h
-tls_seq_numbers.h
-tls_session_key.h
-tls_message_factory.h
-tls_mock_msg_impl_13.h
 </header:internal>
 
 <requires>
@@ -54,11 +41,9 @@ eme_pkcs1
 emsa_pkcs1
 gcm
 hmac
-prf_tls
 rng
 rsa
 sha2_32
 sha2_64
-tls12
 x509
 </requires>