Botan  2.4.0
Crypto and TLS for C++11
msg_server_hello.cpp
Go to the documentation of this file.
1 /*
2 * TLS Server Hello and Server Hello Done
3 * (C) 2004-2011,2015,2016 Jack Lloyd
4 * 2016 Matthias Gierlings
5 * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9 
10 #include <botan/tls_messages.h>
11 #include <botan/tls_extensions.h>
12 #include <botan/internal/tls_reader.h>
13 #include <botan/internal/tls_session_key.h>
14 #include <botan/internal/tls_handshake_io.h>
15 #include <botan/internal/tls_handshake_hash.h>
16 #include <botan/internal/stl_util.h>
17 
18 namespace Botan {
19 
20 namespace TLS {
21 
22 // New session case
25  const Policy& policy,
27  const std::vector<uint8_t>& reneg_info,
28  const Client_Hello& client_hello,
29  const Server_Hello::Settings& server_settings,
30  const std::string next_protocol) :
31  m_version(server_settings.protocol_version()),
32  m_session_id(server_settings.session_id()),
33  m_random(make_hello_random(rng, policy)),
34  m_ciphersuite(server_settings.ciphersuite()),
35  m_comp_method(server_settings.compression())
36  {
37  if(client_hello.supports_extended_master_secret())
38  m_extensions.add(new Extended_Master_Secret);
39 
40  // Sending the extension back does not commit us to sending a stapled response
41  if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
42  m_extensions.add(new Certificate_Status_Request);
43 
44  Ciphersuite c = Ciphersuite::by_id(m_ciphersuite);
45 
46  if(c.cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
47  {
48  m_extensions.add(new Encrypt_then_MAC);
49  }
50 
51  if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
52  {
53  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
54  }
55 
56  if(client_hello.secure_renegotiation())
57  m_extensions.add(new Renegotiation_Extension(reneg_info));
58 
59  if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket())
60  m_extensions.add(new Session_Ticket());
61 
62  if(!next_protocol.empty() && client_hello.supports_alpn())
63  m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
64 
65  if(m_version.is_datagram_protocol())
66  {
67  const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
68  const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
69 
70  if(!server_srtp.empty() && !client_srtp.empty())
71  {
72  uint16_t shared = 0;
73  // always using server preferences for now
74  for(auto s_srtp : server_srtp)
75  for(auto c_srtp : client_srtp)
76  {
77  if(shared == 0 && s_srtp == c_srtp)
78  shared = s_srtp;
79  }
80 
81  if(shared)
82  m_extensions.add(new SRTP_Protection_Profiles(shared));
83  }
84  }
85 
86  hash.update(io.send(*this));
87  }
88 
89 // Resuming
92  const Policy& policy,
94  const std::vector<uint8_t>& reneg_info,
95  const Client_Hello& client_hello,
96  Session& resumed_session,
97  bool offer_session_ticket,
98  const std::string& next_protocol) :
99  m_version(resumed_session.version()),
100  m_session_id(client_hello.session_id()),
101  m_random(make_hello_random(rng, policy)),
102  m_ciphersuite(resumed_session.ciphersuite_code()),
103  m_comp_method(resumed_session.compression_method())
104  {
105  if(client_hello.supports_extended_master_secret())
106  m_extensions.add(new Extended_Master_Secret);
107 
108  // Sending the extension back does not commit us to sending a stapled response
109  if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
110  m_extensions.add(new Certificate_Status_Request);
111 
112  if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
113  {
114  Ciphersuite c = resumed_session.ciphersuite();
115  if(c.cbc_ciphersuite())
116  m_extensions.add(new Encrypt_then_MAC);
117  }
118 
119  if(resumed_session.ciphersuite().ecc_ciphersuite())
120  {
121  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
122  }
123 
124  if(client_hello.secure_renegotiation())
125  m_extensions.add(new Renegotiation_Extension(reneg_info));
126 
127  if(client_hello.supports_session_ticket() && offer_session_ticket)
128  m_extensions.add(new Session_Ticket());
129 
130  if(!next_protocol.empty() && client_hello.supports_alpn())
131  m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
132 
133  hash.update(io.send(*this));
134  }
135 
136 /*
137 * Deserialize a Server Hello message
138 */
139 Server_Hello::Server_Hello(const std::vector<uint8_t>& buf)
140  {
141  if(buf.size() < 38)
142  throw Decoding_Error("Server_Hello: Packet corrupted");
143 
144  TLS_Data_Reader reader("ServerHello", buf);
145 
146  const uint8_t major_version = reader.get_byte();
147  const uint8_t minor_version = reader.get_byte();
148 
149  m_version = Protocol_Version(major_version, minor_version);
150 
151  m_random = reader.get_fixed<uint8_t>(32);
152 
153  m_session_id = reader.get_range<uint8_t>(1, 0, 32);
154 
155  m_ciphersuite = reader.get_uint16_t();
156 
157  m_comp_method = reader.get_byte();
158 
159  m_extensions.deserialize(reader);
160  }
161 
162 /*
163 * Serialize a Server Hello message
164 */
165 std::vector<uint8_t> Server_Hello::serialize() const
166  {
167  std::vector<uint8_t> buf;
168 
169  buf.push_back(m_version.major_version());
170  buf.push_back(m_version.minor_version());
171  buf += m_random;
172 
173  append_tls_length_value(buf, m_session_id, 1);
174 
175  buf.push_back(get_byte(0, m_ciphersuite));
176  buf.push_back(get_byte(1, m_ciphersuite));
177 
178  buf.push_back(m_comp_method);
179 
180  buf += m_extensions.serialize();
181 
182  return buf;
183  }
184 
185 /*
186 * Create a new Server Hello Done message
187 */
190  {
191  hash.update(io.send(*this));
192  }
193 
194 /*
195 * Deserialize a Server Hello Done message
196 */
197 Server_Hello_Done::Server_Hello_Done(const std::vector<uint8_t>& buf)
198  {
199  if(buf.size())
200  throw Decoding_Error("Server_Hello_Done: Must be empty, and is not");
201  }
202 
203 /*
204 * Serialize a Server Hello Done message
205 */
206 std::vector<uint8_t> Server_Hello_Done::serialize() const
207  {
208  return std::vector<uint8_t>();
209  }
210 
211 }
212 
213 }
std::vector< uint8_t > serialize() const
std::string next_protocol() const
Definition: tls_messages.h:273
std::vector< T > get_fixed(size_t size)
Definition: tls_reader.h:126
Protocol_Version version() const
Definition: tls_messages.h:218
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
Server_Hello_Done(Handshake_IO &io, Handshake_Hash &hash)
uint8_t minor_version() const
Definition: tls_version.h:82
bool supports_encrypt_then_mac() const
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:147
void add(Extension *extn)
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:344
virtual std::vector< uint16_t > srtp_profiles() const
Definition: tls_policy.cpp:357
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:131
Server_Hello(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, const Server_Hello::Settings &settings, const std::string next_protocol)
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:222
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:94
void update(const uint8_t in[], size_t length)
Definition: alg_id.cpp:13
Ciphersuite ciphersuite() const
Definition: tls_session.h:130
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:345
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
static Ciphersuite by_id(uint16_t suite)
uint8_t compression_method() const
Definition: tls_messages.h:226
bool supports_cert_status_message() const
uint8_t major_version() const
Definition: tls_version.h:77
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
std::vector< uint16_t > srtp_profiles() const
void deserialize(TLS_Data_Reader &reader)
bool supports_extended_master_secret() const
MechanismType hash
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:185