Botan 2.19.0
Crypto and TLS for C&
Classes | Public Member Functions | List of all members
Botan::TLS::Server_Hello Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Server_Hello:
Botan::TLS::Handshake_Message

Classes

class  Settings
 

Public Member Functions

uint16_t ciphersuite () const
 
uint8_t compression_method () const
 
std::set< Handshake_Extension_Typeextension_types () const
 
const Extensionsextensions () const
 
std::string next_protocol () const
 
bool prefers_compressed_ec_points () const
 
const std::vector< uint8_t > & random () const
 
bool random_signals_downgrade () const
 
std::vector< uint8_t > renegotiation_info () const
 
bool secure_renegotiation () const
 
 Server_Hello (const std::vector< uint8_t > &buf)
 
 Server_Hello (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, const Server_Hello::Settings &settings, const std::string next_protocol)
 
 Server_Hello (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, Session &resumed_session, bool offer_session_ticket, const std::string &next_protocol)
 
const std::vector< uint8_t > & session_id () const
 
uint16_t srtp_profile () const
 
bool supports_certificate_status_message () const
 
bool supports_encrypt_then_mac () const
 
bool supports_extended_master_secret () const
 
bool supports_session_ticket () const
 
Handshake_Type type () const override
 
std::string type_string () const
 
Protocol_Version version () const
 

Detailed Description

Server Hello Message

Definition at line 194 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Server_Hello() [1/3]

Botan::TLS::Server_Hello::Server_Hello ( Handshake_IO io,
Handshake_Hash hash,
const Policy policy,
Callbacks cb,
RandomNumberGenerator rng,
const std::vector< uint8_t > &  secure_reneg_info,
const Client_Hello client_hello,
const Server_Hello::Settings settings,
const std::string  next_protocol 
)

Definition at line 53 of file msg_server_hello.cpp.

61 :
62 m_version(server_settings.protocol_version()),
63 m_session_id(server_settings.session_id()),
64 m_random(make_server_hello_random(rng, m_version, policy)),
65 m_ciphersuite(server_settings.ciphersuite()),
66 m_comp_method(0)
67 {
68 if(client_hello.supports_extended_master_secret())
69 m_extensions.add(new Extended_Master_Secret);
70
71 // Sending the extension back does not commit us to sending a stapled response
72 if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
73 m_extensions.add(new Certificate_Status_Request);
74
75 Ciphersuite c = Ciphersuite::by_id(m_ciphersuite);
76
77 if(c.cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
78 {
79 m_extensions.add(new Encrypt_then_MAC);
80 }
81
82 if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
83 {
84 m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
85 }
86
87 if(client_hello.secure_renegotiation())
88 m_extensions.add(new Renegotiation_Extension(reneg_info));
89
90 if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket())
91 m_extensions.add(new Session_Ticket());
92
93 if(!next_protocol.empty() && client_hello.supports_alpn())
94 m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
95
96 if(m_version.is_datagram_protocol())
97 {
98 const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
99 const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
100
101 if(!server_srtp.empty() && !client_srtp.empty())
102 {
103 uint16_t shared = 0;
104 // always using server preferences for now
105 for(auto s_srtp : server_srtp)
106 for(auto c_srtp : client_srtp)
107 {
108 if(shared == 0 && s_srtp == c_srtp)
109 shared = s_srtp;
110 }
111
112 if(shared)
113 m_extensions.add(new SRTP_Protection_Profiles(shared));
114 }
115 }
116
117 cb.tls_modify_extensions(m_extensions, SERVER);
118
119 hash.update(io.send(*this));
120 }
static Ciphersuite by_id(uint16_t suite)
void add(Extension *extn)
std::string next_protocol() const
Definition: tls_messages.h:279
@ TLSEXT_EC_POINT_FORMATS
MechanismType hash

References Botan::TLS::Extensions::add(), Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Ciphersuite::cbc_ciphersuite(), Botan::TLS::Ciphersuite::ecc_ciphersuite(), Botan::TLS::Client_Hello::extension_types(), hash, Botan::TLS::Protocol_Version::is_datagram_protocol(), Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), Botan::TLS::Server_Hello::Settings::offer_session_ticket(), Botan::TLS::Client_Hello::secure_renegotiation(), Botan::TLS::Handshake_IO::send(), Botan::TLS::SERVER, Botan::TLS::Client_Hello::srtp_profiles(), Botan::TLS::Policy::srtp_profiles(), Botan::TLS::Policy::support_cert_status_message(), Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello::supports_cert_status_message(), Botan::TLS::Client_Hello::supports_encrypt_then_mac(), Botan::TLS::Client_Hello::supports_extended_master_secret(), Botan::TLS::Client_Hello::supports_session_ticket(), Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::TLSEXT_EC_POINT_FORMATS, and Botan::TLS::Policy::use_ecc_point_compression().

◆ Server_Hello() [2/3]

Botan::TLS::Server_Hello::Server_Hello ( Handshake_IO io,
Handshake_Hash hash,
const Policy policy,
Callbacks cb,
RandomNumberGenerator rng,
const std::vector< uint8_t > &  secure_reneg_info,
const Client_Hello client_hello,
Session resumed_session,
bool  offer_session_ticket,
const std::string &  next_protocol 
)

Definition at line 123 of file msg_server_hello.cpp.

132 :
133 m_version(resumed_session.version()),
134 m_session_id(client_hello.session_id()),
135 m_random(make_hello_random(rng, policy)),
136 m_ciphersuite(resumed_session.ciphersuite_code()),
137 m_comp_method(0)
138 {
139 if(client_hello.supports_extended_master_secret())
140 m_extensions.add(new Extended_Master_Secret);
141
142 if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
143 {
144 Ciphersuite c = resumed_session.ciphersuite();
145 if(c.cbc_ciphersuite())
146 m_extensions.add(new Encrypt_then_MAC);
147 }
148
149 if(resumed_session.ciphersuite().ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
150 {
151 m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
152 }
153
154 if(client_hello.secure_renegotiation())
155 m_extensions.add(new Renegotiation_Extension(reneg_info));
156
157 if(client_hello.supports_session_ticket() && offer_session_ticket)
158 m_extensions.add(new Session_Ticket());
159
160 if(!next_protocol.empty() && client_hello.supports_alpn())
161 m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
162
163 cb.tls_modify_extensions(m_extensions, SERVER);
164
165 hash.update(io.send(*this));
166 }
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
std::unique_ptr< Session > resumed_session
Definition: tls_client.cpp:55

References Botan::TLS::Extensions::add(), Botan::TLS::Ciphersuite::cbc_ciphersuite(), Botan::TLS::Client_Hello::extension_types(), hash, Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), resumed_session, Botan::TLS::Client_Hello::secure_renegotiation(), Botan::TLS::Handshake_IO::send(), Botan::TLS::SERVER, Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello::supports_encrypt_then_mac(), Botan::TLS::Client_Hello::supports_extended_master_secret(), Botan::TLS::Client_Hello::supports_session_ticket(), Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::TLSEXT_EC_POINT_FORMATS, and Botan::TLS::Policy::use_ecc_point_compression().

◆ Server_Hello() [3/3]

Botan::TLS::Server_Hello::Server_Hello ( const std::vector< uint8_t > &  buf)
explicit

Definition at line 171 of file msg_server_hello.cpp.

172 {
173 if(buf.size() < 38)
174 throw Decoding_Error("Server_Hello: Packet corrupted");
175
176 TLS_Data_Reader reader("ServerHello", buf);
177
178 const uint8_t major_version = reader.get_byte();
179 const uint8_t minor_version = reader.get_byte();
180
181 m_version = Protocol_Version(major_version, minor_version);
182
183 m_random = reader.get_fixed<uint8_t>(32);
184
185 m_session_id = reader.get_range<uint8_t>(1, 0, 32);
186
187 m_ciphersuite = reader.get_uint16_t();
188
189 m_comp_method = reader.get_byte();
190
191 m_extensions.deserialize(reader, Connection_Side::SERVER);
192 }
void deserialize(TLS_Data_Reader &reader, Connection_Side from)

References Botan::TLS::Extensions::deserialize(), Botan::TLS::TLS_Data_Reader::get_byte(), Botan::TLS::TLS_Data_Reader::get_fixed(), Botan::TLS::TLS_Data_Reader::get_range(), Botan::TLS::TLS_Data_Reader::get_uint16_t(), and Botan::TLS::SERVER.

Member Function Documentation

◆ ciphersuite()

uint16_t Botan::TLS::Server_Hello::ciphersuite ( ) const
inline

Definition at line 230 of file tls_messages.h.

230{ return m_ciphersuite; }

◆ compression_method()

uint8_t Botan::TLS::Server_Hello::compression_method ( ) const
inline

Definition at line 232 of file tls_messages.h.

232{ return m_comp_method; }

◆ extension_types()

std::set< Handshake_Extension_Type > Botan::TLS::Server_Hello::extension_types ( ) const
inline

Definition at line 286 of file tls_messages.h.

287 { return m_extensions.extension_types(); }
std::set< Handshake_Extension_Type > extension_types() const

◆ extensions()

const Extensions & Botan::TLS::Server_Hello::extensions ( ) const
inline

Definition at line 289 of file tls_messages.h.

289{ return m_extensions; }

◆ next_protocol()

std::string Botan::TLS::Server_Hello::next_protocol ( ) const
inline

Definition at line 279 of file tls_messages.h.

280 {
281 if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
282 return alpn->single_protocol();
283 return "";
284 }

Referenced by Server_Hello().

◆ prefers_compressed_ec_points()

bool Botan::TLS::Server_Hello::prefers_compressed_ec_points ( ) const
inline

Definition at line 291 of file tls_messages.h.

292 {
293 if(auto ecc_formats = m_extensions.get<Supported_Point_Formats>())
294 {
295 return ecc_formats->prefers_compressed();
296 }
297 return false;
298 }

◆ random()

const std::vector< uint8_t > & Botan::TLS::Server_Hello::random ( ) const
inline

Definition at line 226 of file tls_messages.h.

226{ return m_random; }

◆ random_signals_downgrade()

bool Botan::TLS::Server_Hello::random_signals_downgrade ( ) const

Definition at line 217 of file msg_server_hello.cpp.

218 {
219 const uint64_t last8 = load_be<uint64_t>(m_random.data(), 3);
220 return (last8 == DOWNGRADE_TLS11);
221 }
uint64_t load_be< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:217

References Botan::load_be< uint64_t >().

◆ renegotiation_info()

std::vector< uint8_t > Botan::TLS::Server_Hello::renegotiation_info ( ) const
inline

Definition at line 239 of file tls_messages.h.

240 {
241 if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
242 return reneg->renegotiation_info();
243 return std::vector<uint8_t>();
244 }

Referenced by Botan::TLS::Channel::secure_renegotiation_check().

◆ secure_renegotiation()

bool Botan::TLS::Server_Hello::secure_renegotiation ( ) const
inline

Definition at line 234 of file tls_messages.h.

235 {
236 return m_extensions.has<Renegotiation_Extension>();
237 }

Referenced by Botan::TLS::Channel::secure_renegotiation_check().

◆ session_id()

const std::vector< uint8_t > & Botan::TLS::Server_Hello::session_id ( ) const
inline

Definition at line 228 of file tls_messages.h.

228{ return m_session_id; }

◆ srtp_profile()

uint16_t Botan::TLS::Server_Hello::srtp_profile ( ) const
inline

Definition at line 266 of file tls_messages.h.

267 {
268 if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
269 {
270 auto prof = srtp->profiles();
271 if(prof.size() != 1 || prof[0] == 0)
272 throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
273 return prof[0];
274 }
275
276 return 0;
277 }

◆ supports_certificate_status_message()

bool Botan::TLS::Server_Hello::supports_certificate_status_message ( ) const
inline

Definition at line 256 of file tls_messages.h.

257 {
258 return m_extensions.has<Certificate_Status_Request>();
259 }

◆ supports_encrypt_then_mac()

bool Botan::TLS::Server_Hello::supports_encrypt_then_mac ( ) const
inline

Definition at line 251 of file tls_messages.h.

252 {
253 return m_extensions.has<Encrypt_then_MAC>();
254 }

◆ supports_extended_master_secret()

bool Botan::TLS::Server_Hello::supports_extended_master_secret ( ) const
inline

Definition at line 246 of file tls_messages.h.

247 {
248 return m_extensions.has<Extended_Master_Secret>();
249 }

◆ supports_session_ticket()

bool Botan::TLS::Server_Hello::supports_session_ticket ( ) const
inline

Definition at line 261 of file tls_messages.h.

262 {
263 return m_extensions.has<Session_Ticket>();
264 }

◆ type()

Handshake_Type Botan::TLS::Server_Hello::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 222 of file tls_messages.h.

222{ return SERVER_HELLO; }
@ SERVER_HELLO
Definition: tls_magic.h:48

References Botan::TLS::SERVER_HELLO.

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

20 {
22 }
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ version()

Protocol_Version Botan::TLS::Server_Hello::version ( ) const
inline

Definition at line 224 of file tls_messages.h.

224{ return m_version; }

The documentation for this class was generated from the following files: