Botan  2.8.0
Crypto and TLS for C++11
msg_server_hello.cpp
Go to the documentation of this file.
1 /*
2 * TLS Server Hello and Server Hello Done
3 * (C) 2004-2011,2015,2016 Jack Lloyd
4 * 2016 Matthias Gierlings
5 * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9 
10 #include <botan/tls_messages.h>
11 #include <botan/tls_extensions.h>
12 #include <botan/tls_callbacks.h>
13 #include <botan/internal/tls_reader.h>
14 #include <botan/internal/tls_session_key.h>
15 #include <botan/internal/tls_handshake_io.h>
16 #include <botan/internal/tls_handshake_hash.h>
17 #include <botan/internal/stl_util.h>
18 
19 namespace Botan {
20 
21 namespace TLS {
22 
23 // New session case
26  const Policy& policy,
27  Callbacks& cb,
29  const std::vector<uint8_t>& reneg_info,
30  const Client_Hello& client_hello,
31  const Server_Hello::Settings& server_settings,
32  const std::string next_protocol) :
33  m_version(server_settings.protocol_version()),
34  m_session_id(server_settings.session_id()),
35  m_random(make_hello_random(rng, policy)),
36  m_ciphersuite(server_settings.ciphersuite()),
37  m_comp_method(0)
38  {
39  if(client_hello.supports_extended_master_secret())
40  m_extensions.add(new Extended_Master_Secret);
41 
42  // Sending the extension back does not commit us to sending a stapled response
43  if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
44  m_extensions.add(new Certificate_Status_Request);
45 
46  Ciphersuite c = Ciphersuite::by_id(m_ciphersuite);
47 
48  if(c.cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
49  {
50  m_extensions.add(new Encrypt_then_MAC);
51  }
52 
53  if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
54  {
55  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
56  }
57 
58  if(client_hello.secure_renegotiation())
59  m_extensions.add(new Renegotiation_Extension(reneg_info));
60 
61  if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket())
62  m_extensions.add(new Session_Ticket());
63 
64  if(!next_protocol.empty() && client_hello.supports_alpn())
66 
67  if(m_version.is_datagram_protocol())
68  {
69  const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
70  const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
71 
72  if(!server_srtp.empty() && !client_srtp.empty())
73  {
74  uint16_t shared = 0;
75  // always using server preferences for now
76  for(auto s_srtp : server_srtp)
77  for(auto c_srtp : client_srtp)
78  {
79  if(shared == 0 && s_srtp == c_srtp)
80  shared = s_srtp;
81  }
82 
83  if(shared)
84  m_extensions.add(new SRTP_Protection_Profiles(shared));
85  }
86  }
87 
88  cb.tls_modify_extensions(m_extensions, SERVER);
89 
90  hash.update(io.send(*this));
91  }
92 
93 // Resuming
96  const Policy& policy,
97  Callbacks& cb,
99  const std::vector<uint8_t>& reneg_info,
100  const Client_Hello& client_hello,
101  Session& resumed_session,
102  bool offer_session_ticket,
103  const std::string& next_protocol) :
104  m_version(resumed_session.version()),
105  m_session_id(client_hello.session_id()),
106  m_random(make_hello_random(rng, policy)),
107  m_ciphersuite(resumed_session.ciphersuite_code()),
108  m_comp_method(0)
109  {
110  if(client_hello.supports_extended_master_secret())
111  m_extensions.add(new Extended_Master_Secret);
112 
113  // Sending the extension back does not commit us to sending a stapled response
114  if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
115  m_extensions.add(new Certificate_Status_Request);
116 
117  if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
118  {
119  Ciphersuite c = resumed_session.ciphersuite();
120  if(c.cbc_ciphersuite())
121  m_extensions.add(new Encrypt_then_MAC);
122  }
123 
124  if(resumed_session.ciphersuite().ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
125  {
126  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
127  }
128 
129  if(client_hello.secure_renegotiation())
130  m_extensions.add(new Renegotiation_Extension(reneg_info));
131 
132  if(client_hello.supports_session_ticket() && offer_session_ticket)
133  m_extensions.add(new Session_Ticket());
134 
135  if(!next_protocol.empty() && client_hello.supports_alpn())
137 
138  cb.tls_modify_extensions(m_extensions, SERVER);
139 
140  hash.update(io.send(*this));
141  }
142 
143 /*
144 * Deserialize a Server Hello message
145 */
146 Server_Hello::Server_Hello(const std::vector<uint8_t>& buf)
147  {
148  if(buf.size() < 38)
149  throw Decoding_Error("Server_Hello: Packet corrupted");
150 
151  TLS_Data_Reader reader("ServerHello", buf);
152 
153  const uint8_t major_version = reader.get_byte();
154  const uint8_t minor_version = reader.get_byte();
155 
156  m_version = Protocol_Version(major_version, minor_version);
157 
158  m_random = reader.get_fixed<uint8_t>(32);
159 
160  m_session_id = reader.get_range<uint8_t>(1, 0, 32);
161 
162  m_ciphersuite = reader.get_uint16_t();
163 
164  m_comp_method = reader.get_byte();
165 
166  m_extensions.deserialize(reader);
167  }
168 
169 /*
170 * Serialize a Server Hello message
171 */
172 std::vector<uint8_t> Server_Hello::serialize() const
173  {
174  std::vector<uint8_t> buf;
175 
176  buf.push_back(m_version.major_version());
177  buf.push_back(m_version.minor_version());
178  buf += m_random;
179 
180  append_tls_length_value(buf, m_session_id, 1);
181 
182  buf.push_back(get_byte(0, m_ciphersuite));
183  buf.push_back(get_byte(1, m_ciphersuite));
184 
185  buf.push_back(m_comp_method);
186 
187  buf += m_extensions.serialize();
188 
189  return buf;
190  }
191 
192 /*
193 * Create a new Server Hello Done message
194 */
197  {
198  hash.update(io.send(*this));
199  }
200 
201 /*
202 * Deserialize a Server Hello Done message
203 */
204 Server_Hello_Done::Server_Hello_Done(const std::vector<uint8_t>& buf)
205  {
206  if(buf.size())
207  throw Decoding_Error("Server_Hello_Done: Must be empty, and is not");
208  }
209 
210 /*
211 * Serialize a Server Hello Done message
212 */
213 std::vector<uint8_t> Server_Hello_Done::serialize() const
214  {
215  return std::vector<uint8_t>();
216  }
217 
218 }
219 
220 }
std::vector< uint8_t > serialize() const
std::string next_protocol() const
Definition: tls_messages.h:271
std::vector< T > get_fixed(size_t size)
Definition: tls_reader.h:126
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
Server_Hello_Done(Handshake_IO &io, Handshake_Hash &hash)
uint8_t minor_version() const
Definition: tls_version.h:82
bool supports_encrypt_then_mac() const
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:145
void add(Extension *extn)
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:330
virtual std::vector< uint16_t > srtp_profiles() const
Definition: tls_policy.cpp:343
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:125
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:94
Server_Hello(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, const Server_Hello::Settings &settings, const std::string next_protocol)
Definition: alg_id.cpp:13
Ciphersuite ciphersuite() const
Definition: tls_session.h:128
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:331
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side)
static Ciphersuite by_id(uint16_t suite)
bool supports_cert_status_message() const
uint8_t major_version() const
Definition: tls_version.h:77
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
std::vector< uint16_t > srtp_profiles() const
void deserialize(TLS_Data_Reader &reader)
bool supports_extended_master_secret() const
MechanismType hash
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:185