Botan  2.11.0
Crypto and TLS for C++11
msg_server_hello.cpp
Go to the documentation of this file.
1 /*
2 * TLS Server Hello and Server Hello Done
3 * (C) 2004-2011,2015,2016 Jack Lloyd
4 * 2016 Matthias Gierlings
5 * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9 
10 #include <botan/tls_messages.h>
11 #include <botan/tls_extensions.h>
12 #include <botan/tls_callbacks.h>
13 #include <botan/internal/tls_reader.h>
14 #include <botan/internal/tls_session_key.h>
15 #include <botan/internal/tls_handshake_io.h>
16 #include <botan/internal/tls_handshake_hash.h>
17 #include <botan/internal/stl_util.h>
18 
19 namespace Botan {
20 
21 namespace TLS {
22 
23 // New session case
26  const Policy& policy,
27  Callbacks& cb,
29  const std::vector<uint8_t>& reneg_info,
30  const Client_Hello& client_hello,
31  const Server_Hello::Settings& server_settings,
32  const std::string next_protocol) :
33  m_version(server_settings.protocol_version()),
34  m_session_id(server_settings.session_id()),
35  m_random(make_hello_random(rng, policy)),
36  m_ciphersuite(server_settings.ciphersuite()),
37  m_comp_method(0)
38  {
39  if(client_hello.supports_extended_master_secret())
40  m_extensions.add(new Extended_Master_Secret);
41 
42  // Sending the extension back does not commit us to sending a stapled response
43  if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
44  m_extensions.add(new Certificate_Status_Request);
45 
46  Ciphersuite c = Ciphersuite::by_id(m_ciphersuite);
47 
48  if(c.cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
49  {
50  m_extensions.add(new Encrypt_then_MAC);
51  }
52 
53  if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
54  {
55  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
56  }
57 
58  if(client_hello.secure_renegotiation())
59  m_extensions.add(new Renegotiation_Extension(reneg_info));
60 
61  if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket())
62  m_extensions.add(new Session_Ticket());
63 
64  if(!next_protocol.empty() && client_hello.supports_alpn())
66 
67  if(m_version.is_datagram_protocol())
68  {
69  const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
70  const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
71 
72  if(!server_srtp.empty() && !client_srtp.empty())
73  {
74  uint16_t shared = 0;
75  // always using server preferences for now
76  for(auto s_srtp : server_srtp)
77  for(auto c_srtp : client_srtp)
78  {
79  if(shared == 0 && s_srtp == c_srtp)
80  shared = s_srtp;
81  }
82 
83  if(shared)
84  m_extensions.add(new SRTP_Protection_Profiles(shared));
85  }
86  }
87 
88  cb.tls_modify_extensions(m_extensions, SERVER);
89 
90  hash.update(io.send(*this));
91  }
92 
93 // Resuming
96  const Policy& policy,
97  Callbacks& cb,
99  const std::vector<uint8_t>& reneg_info,
100  const Client_Hello& client_hello,
102  bool offer_session_ticket,
103  const std::string& next_protocol) :
104  m_version(resumed_session.version()),
105  m_session_id(client_hello.session_id()),
106  m_random(make_hello_random(rng, policy)),
107  m_ciphersuite(resumed_session.ciphersuite_code()),
108  m_comp_method(0)
109  {
110  if(client_hello.supports_extended_master_secret())
111  m_extensions.add(new Extended_Master_Secret);
112 
113  if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
114  {
115  Ciphersuite c = resumed_session.ciphersuite();
116  if(c.cbc_ciphersuite())
117  m_extensions.add(new Encrypt_then_MAC);
118  }
119 
120  if(resumed_session.ciphersuite().ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
121  {
122  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
123  }
124 
125  if(client_hello.secure_renegotiation())
126  m_extensions.add(new Renegotiation_Extension(reneg_info));
127 
128  if(client_hello.supports_session_ticket() && offer_session_ticket)
129  m_extensions.add(new Session_Ticket());
130 
131  if(!next_protocol.empty() && client_hello.supports_alpn())
133 
134  cb.tls_modify_extensions(m_extensions, SERVER);
135 
136  hash.update(io.send(*this));
137  }
138 
139 /*
140 * Deserialize a Server Hello message
141 */
142 Server_Hello::Server_Hello(const std::vector<uint8_t>& buf)
143  {
144  if(buf.size() < 38)
145  throw Decoding_Error("Server_Hello: Packet corrupted");
146 
147  TLS_Data_Reader reader("ServerHello", buf);
148 
149  const uint8_t major_version = reader.get_byte();
150  const uint8_t minor_version = reader.get_byte();
151 
152  m_version = Protocol_Version(major_version, minor_version);
153 
154  m_random = reader.get_fixed<uint8_t>(32);
155 
156  m_session_id = reader.get_range<uint8_t>(1, 0, 32);
157 
158  m_ciphersuite = reader.get_uint16_t();
159 
160  m_comp_method = reader.get_byte();
161 
162  m_extensions.deserialize(reader, Connection_Side::SERVER);
163  }
164 
165 /*
166 * Serialize a Server Hello message
167 */
168 std::vector<uint8_t> Server_Hello::serialize() const
169  {
170  std::vector<uint8_t> buf;
171 
172  buf.push_back(m_version.major_version());
173  buf.push_back(m_version.minor_version());
174  buf += m_random;
175 
176  append_tls_length_value(buf, m_session_id, 1);
177 
178  buf.push_back(get_byte(0, m_ciphersuite));
179  buf.push_back(get_byte(1, m_ciphersuite));
180 
181  buf.push_back(m_comp_method);
182 
183  buf += m_extensions.serialize(Connection_Side::SERVER);
184 
185  return buf;
186  }
187 
188 /*
189 * Create a new Server Hello Done message
190 */
193  {
194  hash.update(io.send(*this));
195  }
196 
197 /*
198 * Deserialize a Server Hello Done message
199 */
200 Server_Hello_Done::Server_Hello_Done(const std::vector<uint8_t>& buf)
201  {
202  if(buf.size())
203  throw Decoding_Error("Server_Hello_Done: Must be empty, and is not");
204  }
205 
206 /*
207 * Serialize a Server Hello Done message
208 */
209 std::vector<uint8_t> Server_Hello_Done::serialize() const
210  {
211  return std::vector<uint8_t>();
212  }
213 
214 }
215 
216 }
std::string next_protocol() const
Definition: tls_messages.h:279
std::vector< T > get_fixed(size_t size)
Definition: tls_reader.h:126
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
Server_Hello_Done(Handshake_IO &io, Handshake_Hash &hash)
uint8_t minor_version() const
Definition: tls_version.h:84
bool supports_encrypt_then_mac() const
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:153
std::vector< uint8_t > serialize(Connection_Side whoami) const
void add(Extension *extn)
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:332
std::unique_ptr< Session > resumed_session
Definition: tls_client.cpp:55
constexpr uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
virtual std::vector< uint16_t > srtp_profiles() const
Definition: tls_policy.cpp:352
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:127
void deserialize(TLS_Data_Reader &reader, Connection_Side from)
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:94
Server_Hello(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, const Server_Hello::Settings &settings, const std::string next_protocol)
Definition: alg_id.cpp:13
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:333
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side)
static Ciphersuite by_id(uint16_t suite)
bool supports_cert_status_message() const
uint8_t major_version() const
Definition: tls_version.h:79
std::vector< uint16_t > srtp_profiles() const
bool supports_extended_master_secret() const
MechanismType hash
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:185