Botan 3.1.1
Crypto and TLS for C&
Classes | Public Member Functions | Protected Member Functions | Protected Attributes | Friends | List of all members
Botan::TLS::Server_Hello_12 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Server_Hello_12:
Botan::TLS::Server_Hello Botan::TLS::Handshake_Message

Classes

class  Settings
 

Public Member Functions

uint16_t ciphersuite () const
 
uint8_t compression_method () const
 
std::set< Extension_Codeextension_types () const
 
const Extensionsextensions () const
 
Protocol_Version legacy_version () const
 
std::string next_protocol () const
 
bool prefers_compressed_ec_points () const
 
const std::vector< uint8_t > & random () const
 
std::optional< Protocol_Versionrandom_signals_downgrade () const
 
std::vector< uint8_t > renegotiation_info () const
 
bool secure_renegotiation () const
 
Protocol_Version selected_version () const override
 
std::vector< uint8_t > serialize () const override
 
 Server_Hello_12 (const std::vector< uint8_t > &buf)
 
 Server_Hello_12 (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, const Session &resumed_session, bool offer_session_ticket, std::string_view next_protocol)
 
 Server_Hello_12 (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, const Settings &settings, std::string_view next_protocol)
 
const Session_IDsession_id () const
 
uint16_t srtp_profile () const
 
bool supports_certificate_status_message () const
 
bool supports_encrypt_then_mac () const
 
bool supports_extended_master_secret () const
 
bool supports_session_ticket () const
 
Handshake_Type type () const override
 
std::string type_string () const
 
virtual Handshake_Type wire_type () const
 

Protected Member Functions

 Server_Hello_12 (std::unique_ptr< Server_Hello_Internal > data)
 

Protected Attributes

std::unique_ptr< Server_Hello_Internal > m_data
 

Friends

class Server_Hello_13
 

Detailed Description

Definition at line 302 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Server_Hello_12() [1/4]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( Handshake_IO io,
Handshake_Hash hash,
const Policy policy,
Callbacks cb,
RandomNumberGenerator rng,
const std::vector< uint8_t > &  secure_reneg_info,
const Client_Hello_12 client_hello,
const Settings settings,
std::string_view  next_protocol 
)

Definition at line 230 of file msg_server_hello.cpp.

238 :
239 Server_Hello(std::make_unique<Server_Hello_Internal>(
240 server_settings.protocol_version(),
241 server_settings.session_id(),
242 make_server_hello_random(rng, server_settings.protocol_version(), cb, policy),
243 server_settings.ciphersuite(),
244 uint8_t(0))) {
245 if(client_hello.supports_extended_master_secret()) {
246 m_data->extensions().add(new Extended_Master_Secret);
247 }
248
249 // Sending the extension back does not commit us to sending a stapled response
250 if(client_hello.supports_cert_status_message() && policy.support_cert_status_message()) {
251 m_data->extensions().add(new Certificate_Status_Request);
252 }
253
254 if(!next_protocol.empty() && client_hello.supports_alpn()) {
255 m_data->extensions().add(new Application_Layer_Protocol_Notification(next_protocol));
256 }
257
258 const auto c = Ciphersuite::by_id(m_data->ciphersuite());
259
260 if(c && c->cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac()) {
261 m_data->extensions().add(new Encrypt_then_MAC);
262 }
263
264 if(c && c->ecc_ciphersuite() && client_hello.extension_types().contains(Extension_Code::EcPointFormats)) {
265 m_data->extensions().add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
266 }
267
268 if(client_hello.secure_renegotiation()) {
269 m_data->extensions().add(new Renegotiation_Extension(reneg_info));
270 }
271
272 if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket()) {
273 m_data->extensions().add(new Session_Ticket_Extension());
274 }
275
276 if(m_data->legacy_version().is_datagram_protocol()) {
277 const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
278 const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
279
280 if(!server_srtp.empty() && !client_srtp.empty()) {
281 uint16_t shared = 0;
282 // always using server preferences for now
283 for(auto s_srtp : server_srtp) {
284 for(auto c_srtp : client_srtp) {
285 if(shared == 0 && s_srtp == c_srtp) {
286 shared = s_srtp;
287 }
288 }
289 }
290
291 if(shared) {
292 m_data->extensions().add(new SRTP_Protection_Profiles(shared));
293 }
294 }
295 }
296
297 cb.tls_modify_extensions(m_data->extensions(), Connection_Side::Server, type());
298
299 hash.update(io.send(*this));
300}
static std::optional< Ciphersuite > by_id(uint16_t suite)
std::string next_protocol() const
Server_Hello(const Server_Hello &)=delete
Handshake_Type type() const override
std::unique_ptr< Server_Hello_Internal > m_data
Definition: tls_messages.h:299

References Botan::TLS::Ciphersuite::by_id(), Botan::TLS::EcPointFormats, Botan::TLS::Client_Hello::extension_types(), Botan::TLS::Server_Hello::m_data, Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), Botan::TLS::Server_Hello_12::Settings::offer_session_ticket(), Botan::TLS::Client_Hello_12::secure_renegotiation(), Botan::TLS::Client_Hello::srtp_profiles(), Botan::TLS::Policy::srtp_profiles(), Botan::TLS::Policy::support_cert_status_message(), Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello_12::supports_cert_status_message(), Botan::TLS::Client_Hello_12::supports_encrypt_then_mac(), Botan::TLS::Client_Hello_12::supports_extended_master_secret(), Botan::TLS::Client_Hello_12::supports_session_ticket(), and Botan::TLS::Policy::use_ecc_point_compression().

◆ Server_Hello_12() [2/4]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( Handshake_IO io,
Handshake_Hash hash,
const Policy policy,
Callbacks cb,
RandomNumberGenerator rng,
const std::vector< uint8_t > &  secure_reneg_info,
const Client_Hello_12 client_hello,
const Session resumed_session,
bool  offer_session_ticket,
std::string_view  next_protocol 
)

Definition at line 303 of file msg_server_hello.cpp.

312 :
313 Server_Hello(std::make_unique<Server_Hello_Internal>(resumed_session.version(),
314 client_hello.session_id(),
315 make_hello_random(rng, cb, policy),
316 resumed_session.ciphersuite_code(),
317 uint8_t(0))) {
318 if(client_hello.supports_extended_master_secret()) {
319 m_data->extensions().add(new Extended_Master_Secret);
320 }
321
322 if(!next_protocol.empty() && client_hello.supports_alpn()) {
323 m_data->extensions().add(new Application_Layer_Protocol_Notification(next_protocol));
324 }
325
326 if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac()) {
327 Ciphersuite c = resumed_session.ciphersuite();
328 if(c.cbc_ciphersuite()) {
329 m_data->extensions().add(new Encrypt_then_MAC);
330 }
331 }
332
333 if(resumed_session.ciphersuite().ecc_ciphersuite() &&
334 client_hello.extension_types().contains(Extension_Code::EcPointFormats)) {
335 m_data->extensions().add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
336 }
337
338 if(client_hello.secure_renegotiation()) {
339 m_data->extensions().add(new Renegotiation_Extension(reneg_info));
340 }
341
342 if(client_hello.supports_session_ticket() && offer_session_ticket) {
343 m_data->extensions().add(new Session_Ticket_Extension());
344 }
345
346 cb.tls_modify_extensions(m_data->extensions(), Connection_Side::Server, type());
347
348 hash.update(io.send(*this));
349}
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, Callbacks &cb, const Policy &policy)

References Botan::TLS::Ciphersuite::cbc_ciphersuite(), Botan::TLS::Session_Base::ciphersuite(), Botan::TLS::Ciphersuite::ecc_ciphersuite(), Botan::TLS::EcPointFormats, Botan::TLS::Client_Hello::extension_types(), Botan::TLS::Server_Hello::m_data, Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), Botan::TLS::Client_Hello_12::secure_renegotiation(), Botan::TLS::Handshake_IO::send(), Botan::TLS::Server, Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello_12::supports_encrypt_then_mac(), Botan::TLS::Client_Hello_12::supports_extended_master_secret(), Botan::TLS::Client_Hello_12::supports_session_ticket(), Botan::TLS::Callbacks::tls_modify_extensions(), Botan::TLS::Server_Hello::type(), Botan::TLS::Handshake_Hash::update(), and Botan::TLS::Policy::use_ecc_point_compression().

◆ Server_Hello_12() [3/4]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( const std::vector< uint8_t > &  buf)
explicit

Definition at line 351 of file msg_server_hello.cpp.

351 :
352 Server_Hello_12(std::make_unique<Server_Hello_Internal>(buf)) {}
Server_Hello_12(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, const Settings &settings, std::string_view next_protocol)

◆ Server_Hello_12() [4/4]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( std::unique_ptr< Server_Hello_Internal >  data)
explicitprotected

Definition at line 354 of file msg_server_hello.cpp.

354 : Server_Hello(std::move(data)) {
355 if(!m_data->version().is_pre_tls_13()) {
356 throw TLS_Exception(Alert::ProtocolVersion, "Expected server hello of (D)TLS 1.2 or lower");
357 }
358}

References Botan::TLS::Server_Hello::m_data.

Member Function Documentation

◆ ciphersuite()

uint16_t Botan::TLS::Server_Hello::ciphersuite ( ) const
inherited

Definition at line 217 of file msg_server_hello.cpp.

217 {
218 return m_data->ciphersuite();
219}

References Botan::TLS::Server_Hello::m_data.

◆ compression_method()

uint8_t Botan::TLS::Server_Hello::compression_method ( ) const

Definition at line 295 of file msg_server_hello.cpp.

209 {
210 return m_data->comp_method();
211}

◆ extension_types()

std::set< Extension_Code > Botan::TLS::Server_Hello::extension_types ( ) const

Definition at line 293 of file msg_server_hello.cpp.

221 {
222 return m_data->extensions().extension_types();
223}

◆ extensions()

const Extensions & Botan::TLS::Server_Hello::extensions ( ) const
inherited

Definition at line 225 of file msg_server_hello.cpp.

225 {
226 return m_data->extensions();
227}

References Botan::TLS::Server_Hello::m_data.

◆ legacy_version()

Protocol_Version Botan::TLS::Server_Hello::legacy_version ( ) const

Definition at line 296 of file msg_server_hello.cpp.

201 {
202 return m_data->legacy_version();
203}

Referenced by selected_version().

◆ next_protocol()

std::string Botan::TLS::Server_Hello_12::next_protocol ( ) const

Definition at line 403 of file msg_server_hello.cpp.

403 {
404 if(auto alpn = m_data->extensions().get<Application_Layer_Protocol_Notification>()) {
405 return alpn->single_protocol();
406 }
407 return "";
408}

References Botan::TLS::Server_Hello::m_data.

Referenced by Server_Hello_12().

◆ prefers_compressed_ec_points()

bool Botan::TLS::Server_Hello_12::prefers_compressed_ec_points ( ) const

Definition at line 410 of file msg_server_hello.cpp.

410 {
411 if(auto ecc_formats = m_data->extensions().get<Supported_Point_Formats>()) {
412 return ecc_formats->prefers_compressed();
413 }
414 return false;
415}

References Botan::TLS::Server_Hello::m_data.

◆ random()

const std::vector< uint8_t > & Botan::TLS::Server_Hello::random ( ) const

Definition at line 294 of file msg_server_hello.cpp.

205 {
206 return m_data->random();
207}

◆ random_signals_downgrade()

std::optional< Protocol_Version > Botan::TLS::Server_Hello_12::random_signals_downgrade ( ) const

Return desired downgrade version indicated by hello random, if any.

Definition at line 417 of file msg_server_hello.cpp.

417 {
418 const uint64_t last8 = load_be<uint64_t>(m_data->random().data(), 3);
419 if(last8 == DOWNGRADE_TLS11) {
420 return Protocol_Version::TLS_V11;
421 }
422 if(last8 == DOWNGRADE_TLS12) {
423 return Protocol_Version::TLS_V12;
424 }
425
426 return std::nullopt;
427}
constexpr uint64_t load_be< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:210

References Botan::load_be< uint64_t >(), and Botan::TLS::Server_Hello::m_data.

◆ renegotiation_info()

std::vector< uint8_t > Botan::TLS::Server_Hello_12::renegotiation_info ( ) const

Definition at line 368 of file msg_server_hello.cpp.

368 {
369 if(Renegotiation_Extension* reneg = m_data->extensions().get<Renegotiation_Extension>()) {
370 return reneg->renegotiation_info();
371 }
372 return std::vector<uint8_t>();
373}

References Botan::TLS::Server_Hello::m_data.

Referenced by Botan::TLS::Channel_Impl_12::secure_renegotiation_check().

◆ secure_renegotiation()

bool Botan::TLS::Server_Hello_12::secure_renegotiation ( ) const

Definition at line 364 of file msg_server_hello.cpp.

364 {
365 return m_data->extensions().has<Renegotiation_Extension>();
366}

References Botan::TLS::Server_Hello::m_data.

Referenced by Botan::TLS::Channel_Impl_12::secure_renegotiation_check().

◆ selected_version()

Protocol_Version Botan::TLS::Server_Hello_12::selected_version ( ) const
overridevirtual
Returns
the selected version as indicated in the legacy_version field

Implements Botan::TLS::Server_Hello.

Definition at line 360 of file msg_server_hello.cpp.

360 {
361 return legacy_version();
362}
Protocol_Version legacy_version() const

References legacy_version().

◆ serialize()

std::vector< uint8_t > Botan::TLS::Server_Hello::serialize ( ) const
overridevirtualinherited
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 177 of file msg_server_hello.cpp.

177 {
178 std::vector<uint8_t> buf;
179 buf.reserve(1024); // working around GCC warning
180
181 buf.push_back(m_data->legacy_version().major_version());
182 buf.push_back(m_data->legacy_version().minor_version());
183 buf += m_data->random();
184
185 append_tls_length_value(buf, m_data->session_id().get(), 1);
186
187 buf.push_back(get_byte<0>(m_data->ciphersuite()));
188 buf.push_back(get_byte<1>(m_data->ciphersuite()));
189
190 buf.push_back(m_data->comp_method());
191
192 buf += m_data->extensions().serialize(Connection_Side::Server);
193
194 return buf;
195}
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:176

References Botan::TLS::append_tls_length_value(), Botan::TLS::Server_Hello::random(), and Botan::TLS::Server.

◆ session_id()

const Session_ID & Botan::TLS::Server_Hello::session_id ( ) const
inherited

Definition at line 213 of file msg_server_hello.cpp.

213 {
214 return m_data->session_id();
215}

References Botan::TLS::Server_Hello::m_data.

◆ srtp_profile()

uint16_t Botan::TLS::Server_Hello_12::srtp_profile ( ) const

Definition at line 391 of file msg_server_hello.cpp.

391 {
392 if(auto srtp = m_data->extensions().get<SRTP_Protection_Profiles>()) {
393 auto prof = srtp->profiles();
394 if(prof.size() != 1 || prof[0] == 0) {
395 throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
396 }
397 return prof[0];
398 }
399
400 return 0;
401}

References Botan::TLS::Server_Hello::m_data.

◆ supports_certificate_status_message()

bool Botan::TLS::Server_Hello_12::supports_certificate_status_message ( ) const

Definition at line 383 of file msg_server_hello.cpp.

383 {
384 return m_data->extensions().has<Certificate_Status_Request>();
385}

References Botan::TLS::Server_Hello::m_data.

◆ supports_encrypt_then_mac()

bool Botan::TLS::Server_Hello_12::supports_encrypt_then_mac ( ) const

Definition at line 379 of file msg_server_hello.cpp.

379 {
380 return m_data->extensions().has<Encrypt_then_MAC>();
381}

References Botan::TLS::Server_Hello::m_data.

◆ supports_extended_master_secret()

bool Botan::TLS::Server_Hello_12::supports_extended_master_secret ( ) const

Definition at line 375 of file msg_server_hello.cpp.

375 {
376 return m_data->extensions().has<Extended_Master_Secret>();
377}

References Botan::TLS::Server_Hello::m_data.

◆ supports_session_ticket()

bool Botan::TLS::Server_Hello_12::supports_session_ticket ( ) const

Definition at line 387 of file msg_server_hello.cpp.

387 {
388 return m_data->extensions().has<Session_Ticket_Extension>();
389}

References Botan::TLS::Server_Hello::m_data.

◆ type()

Handshake_Type Botan::TLS::Server_Hello::type ( ) const
overridevirtualinherited
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 197 of file msg_server_hello.cpp.

References Botan::TLS::ServerHello.

Referenced by Server_Hello_12().

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

19 {
21}
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Definition at line 41 of file tls_handshake_msg.h.

41 {
42 // Usually equal to the Handshake_Type enum value,
43 // with the exception of TLS 1.3 Hello Retry Request.
44 return type();
45 }

Referenced by Botan::TLS::Stream_Handshake_IO::send().

Friends And Related Function Documentation

◆ Server_Hello_13

friend class Server_Hello_13
friend

Definition at line 354 of file tls_messages.h.

Member Data Documentation

◆ m_data

std::unique_ptr<Server_Hello_Internal> Botan::TLS::Server_Hello::m_data
protectedinherited

The documentation for this class was generated from the following files: