Botan  2.12.1
Crypto and TLS for C++11
Classes | Public Member Functions | List of all members
Botan::TLS::Server_Hello Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Server_Hello:
Botan::TLS::Handshake_Message

Classes

class  Settings
 

Public Member Functions

uint16_t ciphersuite () const
 
uint8_t compression_method () const
 
std::set< Handshake_Extension_Typeextension_types () const
 
const Extensionsextensions () const
 
std::string next_protocol () const
 
bool prefers_compressed_ec_points () const
 
const std::vector< uint8_t > & random () const
 
bool random_signals_downgrade () const
 
std::vector< uint8_t > renegotiation_info () const
 
bool secure_renegotiation () const
 
 Server_Hello (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, const Server_Hello::Settings &settings, const std::string next_protocol)
 
 Server_Hello (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, Session &resumed_session, bool offer_session_ticket, const std::string &next_protocol)
 
 Server_Hello (const std::vector< uint8_t > &buf)
 
const std::vector< uint8_t > & session_id () const
 
uint16_t srtp_profile () const
 
bool supports_certificate_status_message () const
 
bool supports_encrypt_then_mac () const
 
bool supports_extended_master_secret () const
 
bool supports_session_ticket () const
 
Handshake_Type type () const override
 
std::string type_string () const
 
Protocol_Version version () const
 

Detailed Description

Server Hello Message

Definition at line 194 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Server_Hello() [1/3]

Botan::TLS::Server_Hello::Server_Hello ( Handshake_IO io,
Handshake_Hash hash,
const Policy policy,
Callbacks cb,
RandomNumberGenerator rng,
const std::vector< uint8_t > &  secure_reneg_info,
const Client_Hello client_hello,
const Server_Hello::Settings settings,
const std::string  next_protocol 
)

Definition at line 53 of file msg_server_hello.cpp.

References Botan::TLS::Extensions::add(), Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Ciphersuite::cbc_ciphersuite(), Botan::TLS::Ciphersuite::ecc_ciphersuite(), Botan::TLS::Client_Hello::extension_types(), hash, Botan::TLS::Protocol_Version::is_datagram_protocol(), Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), Botan::TLS::Server_Hello::Settings::offer_session_ticket(), Botan::TLS::Client_Hello::secure_renegotiation(), Botan::TLS::Handshake_IO::send(), Botan::TLS::SERVER, Botan::TLS::Client_Hello::srtp_profiles(), Botan::TLS::Policy::srtp_profiles(), Botan::TLS::Policy::support_cert_status_message(), Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello::supports_cert_status_message(), Botan::TLS::Client_Hello::supports_encrypt_then_mac(), Botan::TLS::Client_Hello::supports_extended_master_secret(), Botan::TLS::Client_Hello::supports_session_ticket(), Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::TLSEXT_EC_POINT_FORMATS, and Botan::TLS::Policy::use_ecc_point_compression().

61  :
62  m_version(server_settings.protocol_version()),
63  m_session_id(server_settings.session_id()),
64  m_random(make_server_hello_random(rng, m_version, policy)),
65  m_ciphersuite(server_settings.ciphersuite()),
66  m_comp_method(0)
67  {
68  if(client_hello.supports_extended_master_secret())
69  m_extensions.add(new Extended_Master_Secret);
70 
71  // Sending the extension back does not commit us to sending a stapled response
72  if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
73  m_extensions.add(new Certificate_Status_Request);
74 
75  Ciphersuite c = Ciphersuite::by_id(m_ciphersuite);
76 
77  if(c.cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
78  {
79  m_extensions.add(new Encrypt_then_MAC);
80  }
81 
82  if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
83  {
84  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
85  }
86 
87  if(client_hello.secure_renegotiation())
88  m_extensions.add(new Renegotiation_Extension(reneg_info));
89 
90  if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket())
91  m_extensions.add(new Session_Ticket());
92 
93  if(!next_protocol.empty() && client_hello.supports_alpn())
94  m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
95 
96  if(m_version.is_datagram_protocol())
97  {
98  const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
99  const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
100 
101  if(!server_srtp.empty() && !client_srtp.empty())
102  {
103  uint16_t shared = 0;
104  // always using server preferences for now
105  for(auto s_srtp : server_srtp)
106  for(auto c_srtp : client_srtp)
107  {
108  if(shared == 0 && s_srtp == c_srtp)
109  shared = s_srtp;
110  }
111 
112  if(shared)
113  m_extensions.add(new SRTP_Protection_Profiles(shared));
114  }
115  }
116 
117  cb.tls_modify_extensions(m_extensions, SERVER);
118 
119  hash.update(io.send(*this));
120  }
std::string next_protocol() const
Definition: tls_messages.h:279
void add(Extension *extn)
static Ciphersuite by_id(uint16_t suite)
MechanismType hash

◆ Server_Hello() [2/3]

Botan::TLS::Server_Hello::Server_Hello ( Handshake_IO io,
Handshake_Hash hash,
const Policy policy,
Callbacks cb,
RandomNumberGenerator rng,
const std::vector< uint8_t > &  secure_reneg_info,
const Client_Hello client_hello,
Session resumed_session,
bool  offer_session_ticket,
const std::string &  next_protocol 
)

Definition at line 123 of file msg_server_hello.cpp.

References Botan::TLS::Extensions::add(), Botan::TLS::Ciphersuite::cbc_ciphersuite(), Botan::TLS::Client_Hello::extension_types(), hash, Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), resumed_session, Botan::TLS::Client_Hello::secure_renegotiation(), Botan::TLS::Handshake_IO::send(), Botan::TLS::SERVER, Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello::supports_encrypt_then_mac(), Botan::TLS::Client_Hello::supports_extended_master_secret(), Botan::TLS::Client_Hello::supports_session_ticket(), Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::TLSEXT_EC_POINT_FORMATS, and Botan::TLS::Policy::use_ecc_point_compression().

132  :
133  m_version(resumed_session.version()),
134  m_session_id(client_hello.session_id()),
135  m_random(make_hello_random(rng, policy)),
136  m_ciphersuite(resumed_session.ciphersuite_code()),
137  m_comp_method(0)
138  {
139  if(client_hello.supports_extended_master_secret())
140  m_extensions.add(new Extended_Master_Secret);
141 
142  if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
143  {
144  Ciphersuite c = resumed_session.ciphersuite();
145  if(c.cbc_ciphersuite())
146  m_extensions.add(new Encrypt_then_MAC);
147  }
148 
149  if(resumed_session.ciphersuite().ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
150  {
151  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
152  }
153 
154  if(client_hello.secure_renegotiation())
155  m_extensions.add(new Renegotiation_Extension(reneg_info));
156 
157  if(client_hello.supports_session_ticket() && offer_session_ticket)
158  m_extensions.add(new Session_Ticket());
159 
160  if(!next_protocol.empty() && client_hello.supports_alpn())
161  m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
162 
163  cb.tls_modify_extensions(m_extensions, SERVER);
164 
165  hash.update(io.send(*this));
166  }
std::string next_protocol() const
Definition: tls_messages.h:279
void add(Extension *extn)
std::unique_ptr< Session > resumed_session
Definition: tls_client.cpp:55
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
MechanismType hash

◆ Server_Hello() [3/3]

Botan::TLS::Server_Hello::Server_Hello ( const std::vector< uint8_t > &  buf)
explicit

Definition at line 171 of file msg_server_hello.cpp.

References Botan::TLS::Extensions::deserialize(), Botan::TLS::TLS_Data_Reader::get_byte(), Botan::TLS::TLS_Data_Reader::get_fixed(), Botan::TLS::TLS_Data_Reader::get_range(), Botan::TLS::TLS_Data_Reader::get_uint16_t(), and Botan::TLS::SERVER.

172  {
173  if(buf.size() < 38)
174  throw Decoding_Error("Server_Hello: Packet corrupted");
175 
176  TLS_Data_Reader reader("ServerHello", buf);
177 
178  const uint8_t major_version = reader.get_byte();
179  const uint8_t minor_version = reader.get_byte();
180 
181  m_version = Protocol_Version(major_version, minor_version);
182 
183  m_random = reader.get_fixed<uint8_t>(32);
184 
185  m_session_id = reader.get_range<uint8_t>(1, 0, 32);
186 
187  m_ciphersuite = reader.get_uint16_t();
188 
189  m_comp_method = reader.get_byte();
190 
191  m_extensions.deserialize(reader, Connection_Side::SERVER);
192  }
void deserialize(TLS_Data_Reader &reader, Connection_Side from)

Member Function Documentation

◆ ciphersuite()

uint16_t Botan::TLS::Server_Hello::ciphersuite ( ) const
inline

Definition at line 230 of file tls_messages.h.

230 { return m_ciphersuite; }

◆ compression_method()

uint8_t Botan::TLS::Server_Hello::compression_method ( ) const
inline

Definition at line 232 of file tls_messages.h.

232 { return m_comp_method; }

◆ extension_types()

std::set<Handshake_Extension_Type> Botan::TLS::Server_Hello::extension_types ( ) const
inline

Definition at line 286 of file tls_messages.h.

287  { return m_extensions.extension_types(); }
std::set< Handshake_Extension_Type > extension_types() const

◆ extensions()

const Extensions& Botan::TLS::Server_Hello::extensions ( ) const
inline

Definition at line 289 of file tls_messages.h.

289 { return m_extensions; }

◆ next_protocol()

std::string Botan::TLS::Server_Hello::next_protocol ( ) const
inline

Definition at line 279 of file tls_messages.h.

Referenced by Server_Hello().

280  {
281  if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
282  return alpn->single_protocol();
283  return "";
284  }

◆ prefers_compressed_ec_points()

bool Botan::TLS::Server_Hello::prefers_compressed_ec_points ( ) const
inline

Definition at line 291 of file tls_messages.h.

292  {
293  if(auto ecc_formats = m_extensions.get<Supported_Point_Formats>())
294  {
295  return ecc_formats->prefers_compressed();
296  }
297  return false;
298  }

◆ random()

const std::vector<uint8_t>& Botan::TLS::Server_Hello::random ( ) const
inline

Definition at line 226 of file tls_messages.h.

226 { return m_random; }

◆ random_signals_downgrade()

bool Botan::TLS::Server_Hello::random_signals_downgrade ( ) const

Definition at line 217 of file msg_server_hello.cpp.

References Botan::load_be< uint64_t >().

218  {
219  const uint64_t last8 = load_be<uint64_t>(m_random.data(), 3);
220  return (last8 == DOWNGRADE_TLS11);
221  }
uint64_t load_be< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:217

◆ renegotiation_info()

std::vector<uint8_t> Botan::TLS::Server_Hello::renegotiation_info ( ) const
inline

Definition at line 239 of file tls_messages.h.

Referenced by Botan::TLS::Channel::secure_renegotiation_check().

240  {
241  if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
242  return reneg->renegotiation_info();
243  return std::vector<uint8_t>();
244  }

◆ secure_renegotiation()

bool Botan::TLS::Server_Hello::secure_renegotiation ( ) const
inline

Definition at line 234 of file tls_messages.h.

Referenced by Botan::TLS::Channel::secure_renegotiation_check().

235  {
236  return m_extensions.has<Renegotiation_Extension>();
237  }

◆ session_id()

const std::vector<uint8_t>& Botan::TLS::Server_Hello::session_id ( ) const
inline

Definition at line 228 of file tls_messages.h.

228 { return m_session_id; }

◆ srtp_profile()

uint16_t Botan::TLS::Server_Hello::srtp_profile ( ) const
inline

Definition at line 266 of file tls_messages.h.

267  {
268  if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
269  {
270  auto prof = srtp->profiles();
271  if(prof.size() != 1 || prof[0] == 0)
272  throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
273  return prof[0];
274  }
275 
276  return 0;
277  }

◆ supports_certificate_status_message()

bool Botan::TLS::Server_Hello::supports_certificate_status_message ( ) const
inline

Definition at line 256 of file tls_messages.h.

257  {
258  return m_extensions.has<Certificate_Status_Request>();
259  }

◆ supports_encrypt_then_mac()

bool Botan::TLS::Server_Hello::supports_encrypt_then_mac ( ) const
inline

Definition at line 251 of file tls_messages.h.

252  {
253  return m_extensions.has<Encrypt_then_MAC>();
254  }

◆ supports_extended_master_secret()

bool Botan::TLS::Server_Hello::supports_extended_master_secret ( ) const
inline

Definition at line 246 of file tls_messages.h.

247  {
248  return m_extensions.has<Extended_Master_Secret>();
249  }

◆ supports_session_ticket()

bool Botan::TLS::Server_Hello::supports_session_ticket ( ) const
inline

Definition at line 261 of file tls_messages.h.

262  {
263  return m_extensions.has<Session_Ticket>();
264  }

◆ type()

Handshake_Type Botan::TLS::Server_Hello::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 222 of file tls_messages.h.

References Botan::TLS::SERVER_HELLO.

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

20  {
22  }
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

◆ version()

Protocol_Version Botan::TLS::Server_Hello::version ( ) const
inline

Definition at line 224 of file tls_messages.h.

224 { return m_version; }

The documentation for this class was generated from the following files: