Botan 3.11.0
Crypto and TLS for C&
Classes | Public Member Functions | Protected Attributes | List of all members
Botan::TLS::Server_Hello_12 Class Referencefinal

#include <tls_messages_12.h>

Inheritance diagram for Botan::TLS::Server_Hello_12:
Botan::TLS::Server_Hello_12_Shim Botan::TLS::Server_Hello Botan::TLS::Handshake_Message

Classes

class  Settings

Public Member Functions

uint16_t ciphersuite () const
uint8_t compression_method () const
std::set< Extension_Codeextension_types () const
const Extensionsextensions () const
Protocol_Version legacy_version () const
std::string next_protocol () const
bool prefers_compressed_ec_points () const
const std::vector< uint8_t > & random () const
std::optional< Protocol_Versionrandom_signals_downgrade () const
std::vector< uint8_t > renegotiation_info () const
bool secure_renegotiation () const
Protocol_Version selected_version () const final
std::vector< uint8_t > serialize () const override
 Server_Hello_12 (const std::vector< uint8_t > &buf)
 Server_Hello_12 (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, const Session &resumed_session, bool offer_session_ticket, std::string_view next_protocol)
 Server_Hello_12 (Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, const Settings &settings, std::string_view next_protocol)
const Session_IDsession_id () const
uint16_t srtp_profile () const
bool supports_certificate_status_message () const
bool supports_encrypt_then_mac () const
bool supports_extended_master_secret () const
bool supports_session_ticket () const
Handshake_Type type () const override
std::string type_string () const
virtual Handshake_Type wire_type () const

Protected Attributes

std::unique_ptr< Server_Hello_Internalm_data

Detailed Description

Definition at line 89 of file tls_messages_12.h.

Constructor & Destructor Documentation

◆ Server_Hello_12() [1/3]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( Handshake_IO & io,
Handshake_Hash & hash,
const Policy & policy,
Callbacks & cb,
RandomNumberGenerator & rng,
const std::vector< uint8_t > & secure_reneg_info,
const Client_Hello_12 & client_hello,
const Settings & settings,
std::string_view next_protocol )

Definition at line 22 of file msg_server_hello_12.cpp.

30 :
31 Server_Hello_12(std::make_unique<Server_Hello_Internal>(
32 server_settings.protocol_version(),
33 server_settings.session_id(),
34 make_server_hello_random(rng, server_settings.protocol_version(), cb, policy),
35 server_settings.ciphersuite(),
36 uint8_t(0))) {
37 // NOLINTBEGIN(*-owning-memory)
38 if(client_hello.supports_extended_master_secret()) {
39 m_data->extensions().add(new Extended_Master_Secret);
40 }
41
42 // Sending the extension back does not commit us to sending a stapled response
43 if(client_hello.supports_cert_status_message() && policy.support_cert_status_message()) {
44 m_data->extensions().add(new Certificate_Status_Request);
45 }
46
47 if(!next_protocol.empty() && client_hello.supports_alpn()) {
48 m_data->extensions().add(new Application_Layer_Protocol_Notification(next_protocol));
49 }
50
51 const auto c = Ciphersuite::by_id(m_data->ciphersuite());
52
53 if(c && c->cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac()) {
54 m_data->extensions().add(new Encrypt_then_MAC);
55 }
56
57 if(c && c->ecc_ciphersuite() && client_hello.extension_types().contains(Extension_Code::EcPointFormats)) {
58 m_data->extensions().add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
59 }
60
61 if(client_hello.secure_renegotiation()) {
62 m_data->extensions().add(new Renegotiation_Extension(reneg_info));
63 }
64
65 if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket()) {
66 m_data->extensions().add(new Session_Ticket_Extension());
67 }
68
69 if(m_data->legacy_version().is_datagram_protocol()) {
70 const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
71 const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
72
73 if(!server_srtp.empty() && !client_srtp.empty()) {
74 uint16_t shared = 0;
75 // always using server preferences for now
76 for(auto s_srtp : server_srtp) {
77 for(auto c_srtp : client_srtp) {
78 if(shared == 0 && s_srtp == c_srtp) {
79 shared = s_srtp;
80 }
81 }
82 }
83
84 if(shared != 0) {
85 m_data->extensions().add(new SRTP_Protection_Profiles(shared));
86 }
87 }
88 }
89 // NOLINTEND(*-owning-memory)
90
91 cb.tls_modify_extensions(m_data->extensions(), Connection_Side::Server, type());
92
93 hash.update(io.send(*this));
94}
Botan::TLS::Ciphersuite::by_id
static std::optional< Ciphersuite > by_id(uint16_t suite)
Definition tls_ciphersuite.cpp:98
Botan::TLS::Handshake_Message::type
virtual Handshake_Type type() const =0
Botan::TLS::Server_Hello_12::next_protocol
std::string next_protocol() const
Definition msg_server_hello_12.cpp:191
Botan::TLS::Server_Hello_12::Server_Hello_12
Server_Hello_12(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello_12 &client_hello, const Settings &settings, std::string_view next_protocol)
Definition msg_server_hello_12.cpp:22
Botan::TLS::Server_Hello::m_data
std::unique_ptr< Server_Hello_Internal > m_data
Definition tls_messages.h:202
Botan::TLS::make_server_hello_random
std::vector< uint8_t > make_server_hello_random(RandomNumberGenerator &rng, Protocol_Version offered_version, Callbacks &cb, const Policy &policy)
Definition msg_server_hello.cpp:24

References Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Server_Hello::ciphersuite(), Botan::TLS::EcPointFormats, Botan::TLS::Client_Hello::extension_types(), Botan::TLS::Server_Hello::m_data, Botan::TLS::make_server_hello_random(), Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), Botan::TLS::Server_Hello_12::Settings::offer_session_ticket(), Botan::TLS::Client_Hello_12::secure_renegotiation(), Server_Hello_12(), Botan::TLS::Server_Hello::session_id(), Botan::TLS::Policy::support_cert_status_message(), Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello_12::supports_cert_status_message(), Botan::TLS::Client_Hello_12::supports_encrypt_then_mac(), Botan::TLS::Client_Hello_12::supports_extended_master_secret(), and Botan::TLS::Client_Hello_12::supports_session_ticket().

Referenced by Server_Hello_12(), Server_Hello_12(), and Server_Hello_12().

◆ Server_Hello_12() [2/3]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( Handshake_IO & io,
Handshake_Hash & hash,
const Policy & policy,
Callbacks & cb,
RandomNumberGenerator & rng,
const std::vector< uint8_t > & secure_reneg_info,
const Client_Hello_12 & client_hello,
const Session & resumed_session,
bool offer_session_ticket,
std::string_view next_protocol )

Definition at line 97 of file msg_server_hello_12.cpp.

106 :
107 Server_Hello_12(std::make_unique<Server_Hello_Internal>(resumed_session.version(),
108 client_hello.session_id(),
109 make_hello_random(rng, cb, policy),
110 resumed_session.ciphersuite_code(),
111 uint8_t(0))) {
112 // NOLINTBEGIN(*-owning-memory)
113 if(client_hello.supports_extended_master_secret()) {
114 m_data->extensions().add(new Extended_Master_Secret);
115 }
116
117 if(!next_protocol.empty() && client_hello.supports_alpn()) {
118 m_data->extensions().add(new Application_Layer_Protocol_Notification(next_protocol));
119 }
120
121 if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac()) {
122 const Ciphersuite c = resumed_session.ciphersuite();
123 if(c.cbc_ciphersuite()) {
124 m_data->extensions().add(new Encrypt_then_MAC);
125 }
126 }
127
128 if(resumed_session.ciphersuite().ecc_ciphersuite() &&
129 client_hello.extension_types().contains(Extension_Code::EcPointFormats)) {
130 m_data->extensions().add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
131 }
132
133 if(client_hello.secure_renegotiation()) {
134 m_data->extensions().add(new Renegotiation_Extension(reneg_info));
135 }
136
137 if(client_hello.supports_session_ticket() && offer_session_ticket) {
138 m_data->extensions().add(new Session_Ticket_Extension());
139 }
140 // NOLINTEND(*-owning-memory)
141
142 cb.tls_modify_extensions(m_data->extensions(), Connection_Side::Server, type());
143
144 hash.update(io.send(*this));
145}
Botan::TLS::make_hello_random
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, Callbacks &cb, const Policy &policy)
Definition msg_client_hello.cpp:25

References Botan::TLS::make_hello_random(), Botan::TLS::Policy::negotiate_encrypt_then_mac(), next_protocol(), Server_Hello_12(), Botan::TLS::Server_Hello::session_id(), Botan::TLS::Client_Hello::supports_alpn(), Botan::TLS::Client_Hello_12::supports_encrypt_then_mac(), and Botan::TLS::Client_Hello_12::supports_extended_master_secret().

◆ Server_Hello_12() [3/3]

Botan::TLS::Server_Hello_12::Server_Hello_12 ( const std::vector< uint8_t > & buf)
explicit

Definition at line 147 of file msg_server_hello_12.cpp.

147 :
148 Server_Hello_12(std::make_unique<Server_Hello_Internal>(buf)) {}

References Server_Hello_12().

Member Function Documentation

◆ ciphersuite()

uint16_t Botan::TLS::Server_Hello::ciphersuite ( ) const
inherited

Definition at line 145 of file msg_server_hello.cpp.

145 {
146 return m_data->ciphersuite();
147}

References m_data.

Referenced by Botan::TLS::Client_Hello_13::retry(), Botan::TLS::Server_Hello_12::Server_Hello_12(), and ~Server_Hello().

◆ compression_method()

uint8_t Botan::TLS::Server_Hello::compression_method ( ) const

Definition at line 198 of file msg_server_hello.cpp.

137 {
138 return m_data->comp_method();
139}

◆ extension_types()

std::set< Extension_Code > Botan::TLS::Server_Hello::extension_types ( ) const

Definition at line 196 of file msg_server_hello.cpp.

149 {
150 return m_data->extensions().extension_types();
151}

◆ extensions()

const Extensions & Botan::TLS::Server_Hello::extensions ( ) const
inherited

Definition at line 153 of file msg_server_hello.cpp.

153 {
154 return m_data->extensions();
155}

References m_data.

Referenced by Botan::TLS::Server_Hello_13::basic_validation(), Botan::TLS::Client_Hello_13::retry(), Botan::TLS::Server_Hello_13::Server_Hello_13(), Botan::TLS::Server_Hello_13::Server_Hello_13(), and ~Server_Hello().

◆ legacy_version()

Protocol_Version Botan::TLS::Server_Hello::legacy_version ( ) const

Definition at line 199 of file msg_server_hello.cpp.

129 {
130 return m_data->legacy_version();
131}

◆ next_protocol()

std::string Botan::TLS::Server_Hello_12::next_protocol ( ) const

Definition at line 191 of file msg_server_hello_12.cpp.

191 {
192 if(auto* alpn = m_data->extensions().get<Application_Layer_Protocol_Notification>()) {
193 return alpn->single_protocol();
194 }
195 return "";
196}

References Botan::TLS::Server_Hello::m_data.

Referenced by Server_Hello_12(), and Server_Hello_12().

◆ prefers_compressed_ec_points()

bool Botan::TLS::Server_Hello_12::prefers_compressed_ec_points ( ) const

Definition at line 198 of file msg_server_hello_12.cpp.

198 {
199 if(auto* ecc_formats = m_data->extensions().get<Supported_Point_Formats>()) {
200 return ecc_formats->prefers_compressed();
201 }
202 return false;
203}

References Botan::TLS::Server_Hello::m_data.

◆ random()

const std::vector< uint8_t > & Botan::TLS::Server_Hello::random ( ) const

Definition at line 197 of file msg_server_hello.cpp.

133 {
134 return m_data->random();
135}

◆ random_signals_downgrade()

std::optional< Protocol_Version > Botan::TLS::Server_Hello_12_Shim::random_signals_downgrade ( ) const
inherited

Return desired downgrade version indicated by hello random, if any.

Definition at line 171 of file msg_server_hello.cpp.

171 {
172 const uint64_t last8 = load_be<uint64_t>(m_data->random().data(), 3);
173 if(last8 == DOWNGRADE_TLS11) {
174 return Protocol_Version::TLS_V11;
175 }
176 if(last8 == DOWNGRADE_TLS12) {
177 return Protocol_Version::TLS_V12;
178 }
179
180 return std::nullopt;
181}
Botan::TLS::DOWNGRADE_TLS12
constexpr uint64_t DOWNGRADE_TLS12
Definition tls_magic.h:118
Botan::TLS::DOWNGRADE_TLS11
constexpr uint64_t DOWNGRADE_TLS11
Definition tls_magic.h:107
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504

References Botan::TLS::DOWNGRADE_TLS11, Botan::TLS::DOWNGRADE_TLS12, Botan::load_be(), and Botan::TLS::Server_Hello::m_data.

Referenced by Server_Hello_13.

◆ renegotiation_info()

std::vector< uint8_t > Botan::TLS::Server_Hello_12::renegotiation_info ( ) const

Definition at line 156 of file msg_server_hello_12.cpp.

156 {
157 if(const Renegotiation_Extension* reneg = m_data->extensions().get<Renegotiation_Extension>()) {
158 return reneg->renegotiation_info();
159 }
160 return std::vector<uint8_t>();
161}

References Botan::TLS::Server_Hello::m_data.

Referenced by Botan::TLS::Channel_Impl_12::secure_renegotiation_check().

◆ secure_renegotiation()

bool Botan::TLS::Server_Hello_12::secure_renegotiation ( ) const

Definition at line 152 of file msg_server_hello_12.cpp.

152 {
153 return m_data->extensions().has<Renegotiation_Extension>();
154}

References Botan::TLS::Server_Hello::m_data.

Referenced by Botan::TLS::Channel_Impl_12::secure_renegotiation_check().

◆ selected_version()

Protocol_Version Botan::TLS::Server_Hello_12_Shim::selected_version ( ) const
finalvirtualinherited
Returns
the selected version as indicated in the legacy_version field

Implements Botan::TLS::Server_Hello.

Definition at line 167 of file msg_server_hello.cpp.

167 {
168 return legacy_version();
169}
Botan::TLS::Server_Hello::legacy_version
Protocol_Version legacy_version() const
Definition msg_server_hello.cpp:129

References Botan::TLS::Server_Hello::legacy_version().

Referenced by Server_Hello_13.

◆ serialize()

std::vector< uint8_t > Botan::TLS::Server_Hello::serialize ( ) const
overridevirtualinherited
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 105 of file msg_server_hello.cpp.

105 {
106 std::vector<uint8_t> buf;
107 buf.reserve(1024); // working around GCC warning
108
109 buf.push_back(m_data->legacy_version().major_version());
110 buf.push_back(m_data->legacy_version().minor_version());
111 buf += m_data->random();
112
113 append_tls_length_value(buf, m_data->session_id().get(), 1);
114
115 buf.push_back(get_byte<0>(m_data->ciphersuite()));
116 buf.push_back(get_byte<1>(m_data->ciphersuite()));
117
118 buf.push_back(m_data->comp_method());
119
120 buf += m_data->extensions().serialize(Connection_Side::Server);
121
122 return buf;
123}
Botan::TLS::append_tls_length_value
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition tls_reader.h:177
Botan::get_byte
constexpr uint8_t get_byte(T input)
Definition loadstor.h:79

References Botan::TLS::append_tls_length_value(), Botan::get_byte(), m_data, serialize(), Botan::TLS::Server, and Server_Hello().

Referenced by serialize(), and ~Server_Hello().

◆ session_id()

const Session_ID & Botan::TLS::Server_Hello::session_id ( ) const
inherited

Definition at line 141 of file msg_server_hello.cpp.

141 {
142 return m_data->session_id();
143}

References m_data.

Referenced by Botan::TLS::Hello_Retry_Request::Hello_Retry_Request(), Botan::TLS::Server_Hello_12::Server_Hello_12(), Botan::TLS::Server_Hello_12::Server_Hello_12(), Botan::TLS::Server_Hello_13::Server_Hello_13(), and ~Server_Hello().

◆ srtp_profile()

uint16_t Botan::TLS::Server_Hello_12::srtp_profile ( ) const

Definition at line 179 of file msg_server_hello_12.cpp.

179 {
180 if(auto* srtp = m_data->extensions().get<SRTP_Protection_Profiles>()) {
181 auto prof = srtp->profiles();
182 if(prof.size() != 1 || prof[0] == 0) {
183 throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
184 }
185 return prof[0];
186 }
187
188 return 0;
189}

References Botan::TLS::Server_Hello::m_data.

◆ supports_certificate_status_message()

bool Botan::TLS::Server_Hello_12::supports_certificate_status_message ( ) const

Definition at line 171 of file msg_server_hello_12.cpp.

171 {
172 return m_data->extensions().has<Certificate_Status_Request>();
173}

References Botan::TLS::Server_Hello::m_data.

◆ supports_encrypt_then_mac()

bool Botan::TLS::Server_Hello_12::supports_encrypt_then_mac ( ) const

Definition at line 167 of file msg_server_hello_12.cpp.

167 {
168 return m_data->extensions().has<Encrypt_then_MAC>();
169}

References Botan::TLS::Server_Hello::m_data.

◆ supports_extended_master_secret()

bool Botan::TLS::Server_Hello_12::supports_extended_master_secret ( ) const

Definition at line 163 of file msg_server_hello_12.cpp.

163 {
164 return m_data->extensions().has<Extended_Master_Secret>();
165}

References Botan::TLS::Server_Hello::m_data.

◆ supports_session_ticket()

bool Botan::TLS::Server_Hello_12::supports_session_ticket ( ) const

Definition at line 175 of file msg_server_hello_12.cpp.

175 {
176 return m_data->extensions().has<Session_Ticket_Extension>();
177}

References Botan::TLS::Server_Hello::m_data.

◆ type()

Handshake_Type Botan::TLS::Server_Hello::type ( ) const
overridevirtualinherited
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 125 of file msg_server_hello.cpp.

125 {
126 return Handshake_Type::ServerHello;
127}

References Botan::TLS::ServerHello.

Referenced by ~Server_Hello().

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 21 of file tls_handshake_state.cpp.

21 {
22 return handshake_type_to_string(type());
23}
Botan::TLS::handshake_type_to_string
const char * handshake_type_to_string(Handshake_Type type)
Definition tls_magic.cpp:15

References Botan::TLS::handshake_type_to_string(), and type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

References type().

Referenced by Botan::TLS::Stream_Handshake_IO::send().

Member Data Documentation

◆ m_data

std::unique_ptr<Server_Hello_Internal> Botan::TLS::Server_Hello::m_data
protectedinherited

Definition at line 202 of file tls_messages.h.

Referenced by Botan::TLS::Server_Hello_13::basic_validation(), ciphersuite(), compression_method(), extension_types(), extensions(), Botan::TLS::Hello_Retry_Request::Hello_Retry_Request(), legacy_version(), Botan::TLS::Server_Hello_12::next_protocol(), Botan::TLS::Server_Hello_12::prefers_compressed_ec_points(), random(), Botan::TLS::Server_Hello_12_Shim::random_signals_downgrade(), Botan::TLS::Server_Hello_13::random_signals_downgrade(), Botan::TLS::Server_Hello_12::renegotiation_info(), Botan::TLS::Server_Hello_12::secure_renegotiation(), Botan::TLS::Server_Hello_13::selected_version(), serialize(), Server_Hello(), Botan::TLS::Server_Hello_12::Server_Hello_12(), Botan::TLS::Server_Hello_12_Shim::Server_Hello_12_Shim(), Botan::TLS::Server_Hello_13::Server_Hello_13(), Botan::TLS::Server_Hello_13::Server_Hello_13(), Botan::TLS::Server_Hello_13::Server_Hello_13(), session_id(), Botan::TLS::Server_Hello_12::srtp_profile(), Botan::TLS::Server_Hello_12::supports_certificate_status_message(), Botan::TLS::Server_Hello_12::supports_encrypt_then_mac(), Botan::TLS::Server_Hello_12::supports_extended_master_secret(), and Botan::TLS::Server_Hello_12::supports_session_ticket().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0