Botan 3.0.0-alpha0
Crypto and TLS for C&
Classes | Public Member Functions | Protected Member Functions | Protected Attributes | Friends | List of all members
Botan::TLS::Server_Hello_12 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Server_Hello_12:
Botan::TLS::Server_Hello Botan::TLS::Handshake_Message

Classes

class  Settings
 

Public Member Functions

uint16_t ciphersuite () const
 
uint8_t compression_method () const
 
std::set< Handshake_Extension_Typeextension_types () const
 
const Extensionsextensions () const
 
Protocol_Version legacy_version () const
 
std::string next_protocol () const
 
bool prefers_compressed_ec_points () const
 
const std::vector< uint8_t > & random () const
 
std::optional< Protocol_Versionrandom_signals_downgrade () const
 
std::vector< uint8_t > renegotiation_info () const
 
bool secure_renegotiation () const
 
Protocol_Version selected_version () const override
 
std::vector< uint8_t > serialize () const override
 
 Server_Hello_12 (const std::vector< uint8_t > &buf)
 
 Server_Hello_12 (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, const Settings &settings, const std::string &next_protocol)
 
 Server_Hello_12 (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, Session &resumed_session, bool offer_session_ticket, const std::string &next_protocol)
 
const std::vector< uint8_t > & session_id () const
 
uint16_t srtp_profile () const
 
bool supports_certificate_status_message () const
 
bool supports_encrypt_then_mac () const
 
bool supports_extended_master_secret () const
 
bool supports_session_ticket () const
 
Handshake_Type type () const override
 
std::string type_string () const
 
virtual Handshake_Type wire_type () const
 

Protected Member Functions

 Server_Hello_12 (std::unique_ptr< Server_Hello_Internal > data)
 

Protected Attributes

std::unique_ptr< Server_Hello_Internal > m_data
 

Friends

class Server_Hello_13
 

Detailed Description

Definition at line 285 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Server_Hello_12() [1/4]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( Handshake_IO io,
Handshake_Hash hash,
const Policy policy,
Callbacks cb,
RandomNumberGenerator rng,
const std::vector< uint8_t > &  secure_reneg_info,
const Client_Hello_12 client_hello,
const Settings settings,
const std::string &  next_protocol 
)

Definition at line 216 of file msg_server_hello.cpp.

224 :
225 Server_Hello(std::make_unique<Server_Hello_Internal>(
226 server_settings.protocol_version(),
227 server_settings.session_id(),
228 make_server_hello_random(rng, server_settings.protocol_version(), cb, policy),
229 server_settings.ciphersuite(),
230 uint8_t(0)))
231 {
232 if(client_hello.supports_extended_master_secret())
233 {
234 m_data->extensions.add(new Extended_Master_Secret);
235 }
236
237 // Sending the extension back does not commit us to sending a stapled response
238 if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
239 {
240 m_data->extensions.add(new Certificate_Status_Request);
241 }
242
243 if(!next_protocol.empty() && client_hello.supports_alpn())
244 {
245 m_data->extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
246 }
247
248 const auto c = Ciphersuite::by_id(m_data->ciphersuite);
249
250 if(c && c->cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
251 {
252 m_data->extensions.add(new Encrypt_then_MAC);
253 }
254
255 if(c && c->ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
256 {
257 m_data->extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
258 }
259
260 if(client_hello.secure_renegotiation())
261 {
262 m_data->extensions.add(new Renegotiation_Extension(reneg_info));
263 }
264
265 if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket())
266 {
267 m_data->extensions.add(new Session_Ticket());
268 }
269
270 if(m_data->legacy_version.is_datagram_protocol())
271 {
272 const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
273 const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
274
275 if(!server_srtp.empty() && !client_srtp.empty())
276 {
277 uint16_t shared = 0;
278 // always using server preferences for now
279 for(auto s_srtp : server_srtp)
280 for(auto c_srtp : client_srtp)
281 {
282 if(shared == 0 && s_srtp == c_srtp)
283 { shared = s_srtp; }
284 }
285
286 if(shared)
287 {
288 m_data->extensions.add(new SRTP_Protection_Profiles(shared));
289 }
290 }
291 }
292
293 cb.tls_modify_extensions(m_data->extensions, SERVER);
294
295 hash.update(io.send(*this));
296 }
static std::optional< Ciphersuite > by_id(uint16_t suite)
std::string next_protocol() const
Server_Hello(const Server_Hello &)=delete
std::unique_ptr< Server_Hello_Internal > m_data
Definition: tls_messages.h:282
@ TLSEXT_EC_POINT_FORMATS
MechanismType hash

References Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Client_Hello::extension_types(), Botan::TLS::Server_Hello::m_data, Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), Botan::TLS::Server_Hello_12::Settings::offer_session_ticket(), Botan::TLS::Client_Hello_12::secure_renegotiation(), Botan::TLS::Client_Hello::srtp_profiles(), Botan::TLS::Policy::srtp_profiles(), Botan::TLS::Policy::support_cert_status_message(), Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello_12::supports_cert_status_message(), Botan::TLS::Client_Hello_12::supports_encrypt_then_mac(), Botan::TLS::Client_Hello_12::supports_extended_master_secret(), Botan::TLS::Client_Hello_12::supports_session_ticket(), Botan::TLS::TLSEXT_EC_POINT_FORMATS, and Botan::TLS::Policy::use_ecc_point_compression().

◆ Server_Hello_12() [2/4]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( Handshake_IO io,
Handshake_Hash hash,
const Policy policy,
Callbacks cb,
RandomNumberGenerator rng,
const std::vector< uint8_t > &  secure_reneg_info,
const Client_Hello_12 client_hello,
Session resumed_session,
bool  offer_session_ticket,
const std::string &  next_protocol 
)

Definition at line 299 of file msg_server_hello.cpp.

308 :
309 Server_Hello(std::make_unique<Server_Hello_Internal>(
310 resumed_session.version(),
311 client_hello.session_id(),
312 make_hello_random(rng, cb, policy),
313 resumed_session.ciphersuite_code(),
314 uint8_t(0)))
315 {
316 if(client_hello.supports_extended_master_secret())
317 {
318 m_data->extensions.add(new Extended_Master_Secret);
319 }
320
321 if(!next_protocol.empty() && client_hello.supports_alpn())
322 {
323 m_data->extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
324 }
325
326 if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
327 {
328 Ciphersuite c = resumed_session.ciphersuite();
329 if(c.cbc_ciphersuite())
330 {
331 m_data->extensions.add(new Encrypt_then_MAC);
332 }
333 }
334
335 if(resumed_session.ciphersuite().ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
336 {
337 m_data->extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
338 }
339
340 if(client_hello.secure_renegotiation())
341 {
342 m_data->extensions.add(new Renegotiation_Extension(reneg_info));
343 }
344
345 if(client_hello.supports_session_ticket() && offer_session_ticket)
346 {
347 m_data->extensions.add(new Session_Ticket());
348 }
349
350 cb.tls_modify_extensions(m_data->extensions, SERVER);
351
352 hash.update(io.send(*this));
353 }
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, Callbacks &cb, const Policy &policy)
std::unique_ptr< Session > resumed_session

References Botan::TLS::Ciphersuite::cbc_ciphersuite(), Botan::TLS::Client_Hello::extension_types(), hash, Botan::TLS::Server_Hello::m_data, Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), resumed_session, Botan::TLS::Client_Hello_12::secure_renegotiation(), Botan::TLS::Handshake_IO::send(), Botan::TLS::SERVER, Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello_12::supports_encrypt_then_mac(), Botan::TLS::Client_Hello_12::supports_extended_master_secret(), Botan::TLS::Client_Hello_12::supports_session_ticket(), Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::TLSEXT_EC_POINT_FORMATS, and Botan::TLS::Policy::use_ecc_point_compression().

◆ Server_Hello_12() [3/4]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( const std::vector< uint8_t > &  buf)
explicit

Definition at line 356 of file msg_server_hello.cpp.

357 : Server_Hello_12(std::make_unique<Server_Hello_Internal>(buf))
358 {}
Server_Hello_12(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, const Settings &settings, const std::string &next_protocol)

◆ Server_Hello_12() [4/4]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( std::unique_ptr< Server_Hello_Internal >  data)
explicitprotected

Definition at line 360 of file msg_server_hello.cpp.

361 : Server_Hello(std::move(data))
362 {
363 if(!m_data->version().is_pre_tls_13())
364 {
365 throw TLS_Exception(Alert::PROTOCOL_VERSION, "Expected server hello of (D)TLS 1.2 or lower");
366 }
367 }

References Botan::TLS::Server_Hello::m_data, and Botan::TLS::Alert::PROTOCOL_VERSION.

Member Function Documentation

◆ ciphersuite()

uint16_t Botan::TLS::Server_Hello::ciphersuite ( ) const
inherited

Definition at line 200 of file msg_server_hello.cpp.

201 {
202 return m_data->ciphersuite;
203 }

References Botan::TLS::Server_Hello::m_data.

◆ compression_method()

uint8_t Botan::TLS::Server_Hello::compression_method ( ) const

Definition at line 278 of file msg_server_hello.cpp.

191 {
192 return m_data->comp_method;
193 }

◆ extension_types()

std::set< Handshake_Extension_Type > Botan::TLS::Server_Hello::extension_types ( ) const

Definition at line 276 of file msg_server_hello.cpp.

206 {
207 return m_data->extensions.extension_types();
208 }

◆ extensions()

const Extensions & Botan::TLS::Server_Hello::extensions ( ) const
inherited

Definition at line 210 of file msg_server_hello.cpp.

211 {
212 return m_data->extensions;
213 }

References Botan::TLS::Server_Hello::m_data.

◆ legacy_version()

Protocol_Version Botan::TLS::Server_Hello::legacy_version ( ) const

Definition at line 279 of file msg_server_hello.cpp.

181 {
182 return m_data->legacy_version;
183 }

Referenced by selected_version().

◆ next_protocol()

std::string Botan::TLS::Server_Hello_12::next_protocol ( ) const

Definition at line 419 of file msg_server_hello.cpp.

420 {
421 if(auto alpn = m_data->extensions.get<Application_Layer_Protocol_Notification>())
422 {
423 return alpn->single_protocol();
424 }
425 return "";
426 }

References Botan::TLS::Server_Hello::m_data.

Referenced by Server_Hello_12().

◆ prefers_compressed_ec_points()

bool Botan::TLS::Server_Hello_12::prefers_compressed_ec_points ( ) const

Definition at line 428 of file msg_server_hello.cpp.

429 {
430 if(auto ecc_formats = m_data->extensions.get<Supported_Point_Formats>())
431 {
432 return ecc_formats->prefers_compressed();
433 }
434 return false;
435 }

References Botan::TLS::Server_Hello::m_data.

◆ random()

const std::vector< uint8_t > & Botan::TLS::Server_Hello::random ( ) const

Definition at line 277 of file msg_server_hello.cpp.

186 {
187 return m_data->random;
188 }

◆ random_signals_downgrade()

std::optional< Protocol_Version > Botan::TLS::Server_Hello_12::random_signals_downgrade ( ) const

Return desired downgrade version indicated by hello random, if any.

Definition at line 437 of file msg_server_hello.cpp.

438 {
439 const uint64_t last8 = load_be<uint64_t>(m_data->random.data(), 3);
440 if(last8 == DOWNGRADE_TLS11)
441 { return Protocol_Version::TLS_V11; }
442 if(last8 == DOWNGRADE_TLS12)
443 { return Protocol_Version::TLS_V12; }
444
445 return std::nullopt;
446 }
constexpr uint64_t load_be< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:228

References Botan::load_be< uint64_t >(), Botan::TLS::Server_Hello::m_data, Botan::TLS::Protocol_Version::TLS_V11, and Botan::TLS::Protocol_Version::TLS_V12.

◆ renegotiation_info()

std::vector< uint8_t > Botan::TLS::Server_Hello_12::renegotiation_info ( ) const

Definition at line 379 of file msg_server_hello.cpp.

380 {
381 if(Renegotiation_Extension* reneg = m_data->extensions.get<Renegotiation_Extension>())
382 { return reneg->renegotiation_info(); }
383 return std::vector<uint8_t>();
384 }

References Botan::TLS::Server_Hello::m_data.

Referenced by Botan::TLS::Channel_Impl_12::secure_renegotiation_check().

◆ secure_renegotiation()

bool Botan::TLS::Server_Hello_12::secure_renegotiation ( ) const

Definition at line 374 of file msg_server_hello.cpp.

375 {
376 return m_data->extensions.has<Renegotiation_Extension>();
377 }

References Botan::TLS::Server_Hello::m_data.

Referenced by Botan::TLS::Channel_Impl_12::secure_renegotiation_check().

◆ selected_version()

Protocol_Version Botan::TLS::Server_Hello_12::selected_version ( ) const
overridevirtual
Returns
the selected version as indicated in the legacy_version field

Implements Botan::TLS::Server_Hello.

Definition at line 369 of file msg_server_hello.cpp.

370 {
371 return legacy_version();
372 }
Protocol_Version legacy_version() const

References legacy_version().

◆ serialize()

std::vector< uint8_t > Botan::TLS::Server_Hello::serialize ( ) const
overridevirtualinherited
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 154 of file msg_server_hello.cpp.

155 {
156 std::vector<uint8_t> buf;
157
158 buf.push_back(m_data->legacy_version.major_version());
159 buf.push_back(m_data->legacy_version.minor_version());
160 buf += m_data->random;
161
162 append_tls_length_value(buf, m_data->session_id, 1);
163
164 buf.push_back(get_byte<0>(m_data->ciphersuite));
165 buf.push_back(get_byte<1>(m_data->ciphersuite));
166
167 buf.push_back(m_data->comp_method);
168
169 buf += m_data->extensions.serialize(Connection_Side::SERVER);
170
171 return buf;
172 }
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:212

References Botan::TLS::append_tls_length_value(), Botan::TLS::Server_Hello::m_data, and Botan::TLS::SERVER.

◆ session_id()

const std::vector< uint8_t > & Botan::TLS::Server_Hello::session_id ( ) const
inherited

Definition at line 195 of file msg_server_hello.cpp.

196 {
197 return m_data->session_id;
198 }

References Botan::TLS::Server_Hello::m_data.

◆ srtp_profile()

uint16_t Botan::TLS::Server_Hello_12::srtp_profile ( ) const

Definition at line 406 of file msg_server_hello.cpp.

407 {
408 if(auto srtp = m_data->extensions.get<SRTP_Protection_Profiles>())
409 {
410 auto prof = srtp->profiles();
411 if(prof.size() != 1 || prof[0] == 0)
412 { throw Decoding_Error("Server sent malformed DTLS-SRTP extension"); }
413 return prof[0];
414 }
415
416 return 0;
417 }

References Botan::TLS::Server_Hello::m_data.

◆ supports_certificate_status_message()

bool Botan::TLS::Server_Hello_12::supports_certificate_status_message ( ) const

Definition at line 396 of file msg_server_hello.cpp.

397 {
398 return m_data->extensions.has<Certificate_Status_Request>();
399 }

References Botan::TLS::Server_Hello::m_data.

◆ supports_encrypt_then_mac()

bool Botan::TLS::Server_Hello_12::supports_encrypt_then_mac ( ) const

Definition at line 391 of file msg_server_hello.cpp.

392 {
393 return m_data->extensions.has<Encrypt_then_MAC>();
394 }

References Botan::TLS::Server_Hello::m_data.

◆ supports_extended_master_secret()

bool Botan::TLS::Server_Hello_12::supports_extended_master_secret ( ) const

Definition at line 386 of file msg_server_hello.cpp.

387 {
388 return m_data->extensions.has<Extended_Master_Secret>();
389 }

References Botan::TLS::Server_Hello::m_data.

◆ supports_session_ticket()

bool Botan::TLS::Server_Hello_12::supports_session_ticket ( ) const

Definition at line 401 of file msg_server_hello.cpp.

402 {
403 return m_data->extensions.has<Session_Ticket>();
404 }

References Botan::TLS::Server_Hello::m_data.

◆ type()

Handshake_Type Botan::TLS::Server_Hello::type ( ) const
overridevirtualinherited
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 175 of file msg_server_hello.cpp.

176 {
177 return SERVER_HELLO;
178 }
@ SERVER_HELLO
Definition: tls_magic.h:66

References Botan::TLS::SERVER_HELLO.

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 18 of file tls_handshake_state.cpp.

19 {
21 }
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Definition at line 42 of file tls_handshake_msg.h.

43 {
44 // Usually equal to the Handshake_Type enum value,
45 // with the exception of TLS 1.3 Hello Retry Request.
46 return type();
47 }

References type.

Referenced by Botan::TLS::Stream_Handshake_IO::send().

Friends And Related Function Documentation

◆ Server_Hello_13

friend class Server_Hello_13
friend

Definition at line 336 of file tls_messages.h.

Member Data Documentation

◆ m_data

std::unique_ptr<Server_Hello_Internal> Botan::TLS::Server_Hello::m_data
protectedinherited

The documentation for this class was generated from the following files: