Botan  2.4.0
Crypto and TLS for C++11
tls_messages.h
Go to the documentation of this file.
1 /*
2 * TLS Messages
3 * (C) 2004-2011,2015 Jack Lloyd
4 * 2016 Matthias Gierlings
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TLS_MESSAGES_H_
10 #define BOTAN_TLS_MESSAGES_H_
11 
12 #include <botan/tls_extensions.h>
13 #include <botan/tls_handshake_msg.h>
14 #include <botan/tls_session.h>
15 #include <botan/tls_policy.h>
16 #include <botan/tls_ciphersuite.h>
17 #include <botan/pk_keys.h>
18 #include <botan/x509cert.h>
19 #include <vector>
20 #include <string>
21 #include <set>
22 
23 #if defined(BOTAN_HAS_CECPQ1)
24  #include <botan/cecpq1.h>
25 #endif
26 
27 #if defined(BOTAN_HAS_SRP6)
28  #include <botan/srp6.h>
29 #endif
30 
31 namespace Botan {
32 
33 class Public_Key;
34 class Credentials_Manager;
35 
36 namespace TLS {
37 
38 class Session;
39 class Handshake_IO;
40 class Handshake_State;
41 
42 std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng,
43  const Policy& policy);
44 
45 /**
46 * DTLS Hello Verify Request
47 */
49  {
50  public:
51  std::vector<uint8_t> serialize() const override;
52  Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; }
53 
54  std::vector<uint8_t> cookie() const { return m_cookie; }
55 
56  explicit Hello_Verify_Request(const std::vector<uint8_t>& buf);
57 
58  Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits,
59  const std::string& client_identity,
60  const SymmetricKey& secret_key);
61  private:
62  std::vector<uint8_t> m_cookie;
63  };
64 
65 /**
66 * Client Hello Message
67 */
69  {
70  public:
71  class Settings final
72  {
73  public:
74  Settings(const Protocol_Version version,
75  const std::string& hostname = "",
76  const std::string& srp_identifier = "")
77  : m_new_session_version(version),
78  m_hostname(hostname),
79  m_srp_identifier(srp_identifier) {}
80 
81  const Protocol_Version protocol_version() const { return m_new_session_version; }
82  const std::string& hostname() const { return m_hostname; }
83  const std::string& srp_identifier() const { return m_srp_identifier; }
84 
85  private:
86  const Protocol_Version m_new_session_version;
87  const std::string m_hostname;
88  const std::string m_srp_identifier;
89  };
90 
91  Handshake_Type type() const override { return CLIENT_HELLO; }
92 
93  Protocol_Version version() const { return m_version; }
94 
95  const std::vector<uint8_t>& random() const { return m_random; }
96 
97  const std::vector<uint8_t>& session_id() const { return m_session_id; }
98 
99  const std::vector<uint16_t>& ciphersuites() const { return m_suites; }
100 
101  const std::vector<uint8_t>& compression_methods() const { return m_comp_methods; }
102 
103  bool offered_suite(uint16_t ciphersuite) const;
104 
105  bool sent_fallback_scsv() const;
106 
107  std::vector<std::pair<std::string, std::string>> supported_algos() const;
108 
109  std::set<std::string> supported_sig_algos() const;
110 
111  std::vector<std::string> supported_ecc_curves() const;
112 
113  std::vector<std::string> supported_dh_groups() const;
114 
115  bool prefers_compressed_ec_points() const;
116 
117  std::string sni_hostname() const;
118 
119 #if defined(BOTAN_HAS_SRP6)
120  std::string srp_identifier() const;
121 #endif
122 
123  bool secure_renegotiation() const;
124 
125  std::vector<uint8_t> renegotiation_info() const;
126 
127  bool supports_session_ticket() const;
128 
129  std::vector<uint8_t> session_ticket() const;
130 
131  bool supports_alpn() const;
132 
133  bool supports_extended_master_secret() const;
134 
135  bool supports_cert_status_message() const;
136 
137  bool supports_encrypt_then_mac() const;
138 
139  bool sent_signature_algorithms() const;
140 
141  std::vector<std::string> next_protocols() const;
142 
143  std::vector<uint16_t> srtp_profiles() const;
144 
145  void update_hello_cookie(const Hello_Verify_Request& hello_verify);
146 
147  std::set<Handshake_Extension_Type> extension_types() const
148  { return m_extensions.extension_types(); }
149 
152  const Policy& policy,
154  const std::vector<uint8_t>& reneg_info,
155  const Client_Hello::Settings& client_settings,
156  const std::vector<std::string>& next_protocols);
157 
159  Handshake_Hash& hash,
160  const Policy& policy,
162  const std::vector<uint8_t>& reneg_info,
163  const Session& resumed_session,
164  const std::vector<std::string>& next_protocols);
165 
166  explicit Client_Hello(const std::vector<uint8_t>& buf);
167 
168  private:
169  std::vector<uint8_t> serialize() const override;
170 
171  Protocol_Version m_version;
172  std::vector<uint8_t> m_session_id;
173  std::vector<uint8_t> m_random;
174  std::vector<uint16_t> m_suites;
175  std::vector<uint8_t> m_comp_methods;
176  std::vector<uint8_t> m_hello_cookie; // DTLS only
177 
178  Extensions m_extensions;
179  };
180 
181 /**
182 * Server Hello Message
183 */
185  {
186  public:
187  class Settings final
188  {
189  public:
190  Settings(const std::vector<uint8_t> new_session_id,
191  Protocol_Version new_session_version,
192  uint16_t ciphersuite,
193  uint8_t compression,
194  bool offer_session_ticket)
195  : m_new_session_id(new_session_id),
196  m_new_session_version(new_session_version),
197  m_ciphersuite(ciphersuite),
198  m_compression(compression),
199  m_offer_session_ticket(offer_session_ticket) {}
200 
201  const std::vector<uint8_t>& session_id() const { return m_new_session_id; }
202  Protocol_Version protocol_version() const { return m_new_session_version; }
203  uint16_t ciphersuite() const { return m_ciphersuite; }
204  uint8_t compression() const { return m_compression; }
205  bool offer_session_ticket() const { return m_offer_session_ticket; }
206 
207  private:
208  const std::vector<uint8_t> m_new_session_id;
209  Protocol_Version m_new_session_version;
210  uint16_t m_ciphersuite;
211  uint8_t m_compression;
212  bool m_offer_session_ticket;
213  };
214 
215 
216  Handshake_Type type() const override { return SERVER_HELLO; }
217 
218  Protocol_Version version() const { return m_version; }
219 
220  const std::vector<uint8_t>& random() const { return m_random; }
221 
222  const std::vector<uint8_t>& session_id() const { return m_session_id; }
223 
224  uint16_t ciphersuite() const { return m_ciphersuite; }
225 
226  uint8_t compression_method() const { return m_comp_method; }
227 
228  bool secure_renegotiation() const
229  {
230  return m_extensions.has<Renegotiation_Extension>();
231  }
232 
233  std::vector<uint8_t> renegotiation_info() const
234  {
235  if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
236  return reneg->renegotiation_info();
237  return std::vector<uint8_t>();
238  }
239 
241  {
242  return m_extensions.has<Extended_Master_Secret>();
243  }
244 
246  {
247  return m_extensions.has<Encrypt_then_MAC>();
248  }
249 
251  {
252  return m_extensions.has<Certificate_Status_Request>();
253  }
254 
256  {
257  return m_extensions.has<Session_Ticket>();
258  }
259 
260  uint16_t srtp_profile() const
261  {
262  if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
263  {
264  auto prof = srtp->profiles();
265  if(prof.size() != 1 || prof[0] == 0)
266  throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
267  return prof[0];
268  }
269 
270  return 0;
271  }
272 
273  std::string next_protocol() const
274  {
275  if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
276  return alpn->single_protocol();
277  return "";
278  }
279 
280  std::set<Handshake_Extension_Type> extension_types() const
281  { return m_extensions.extension_types(); }
282 
284  {
285  if(auto ecc_formats = m_extensions.get<Supported_Point_Formats>())
286  {
287  return ecc_formats->prefers_compressed();
288  }
289  return false;
290  }
291 
294  const Policy& policy,
296  const std::vector<uint8_t>& secure_reneg_info,
297  const Client_Hello& client_hello,
298  const Server_Hello::Settings& settings,
299  const std::string next_protocol);
300 
302  Handshake_Hash& hash,
303  const Policy& policy,
305  const std::vector<uint8_t>& secure_reneg_info,
306  const Client_Hello& client_hello,
307  Session& resumed_session,
308  bool offer_session_ticket,
309  const std::string& next_protocol);
310 
311  explicit Server_Hello(const std::vector<uint8_t>& buf);
312  private:
313  std::vector<uint8_t> serialize() const override;
314 
315  Protocol_Version m_version;
316  std::vector<uint8_t> m_session_id, m_random;
317  uint16_t m_ciphersuite;
318  uint8_t m_comp_method;
319 
320  Extensions m_extensions;
321  };
322 
323 /**
324 * Client Key Exchange Message
325 */
327  {
328  public:
329  Handshake_Type type() const override { return CLIENT_KEX; }
330 
332  { return m_pre_master; }
333 
335  Handshake_State& state,
336  const Policy& policy,
337  Credentials_Manager& creds,
339  const std::string& hostname,
340  RandomNumberGenerator& rng);
341 
342  Client_Key_Exchange(const std::vector<uint8_t>& buf,
343  const Handshake_State& state,
344  const Private_Key* server_rsa_kex_key,
345  Credentials_Manager& creds,
346  const Policy& policy,
347  RandomNumberGenerator& rng);
348 
349  private:
350  std::vector<uint8_t> serialize() const override
351  { return m_key_material; }
352 
353  std::vector<uint8_t> m_key_material;
354  secure_vector<uint8_t> m_pre_master;
355  };
356 
357 /**
358 * Certificate Message
359 */
361  {
362  public:
363  Handshake_Type type() const override { return CERTIFICATE; }
364  const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
365 
366  size_t count() const { return m_certs.size(); }
367  bool empty() const { return m_certs.empty(); }
368 
371  const std::vector<X509_Certificate>& certs);
372 
373  explicit Certificate(const std::vector<uint8_t>& buf, const Policy &policy);
374  private:
375  std::vector<uint8_t> serialize() const override;
376 
377  std::vector<X509_Certificate> m_certs;
378  };
379 
380 /**
381 * Certificate Status (RFC 6066)
382 */
384  {
385  public:
386  Handshake_Type type() const override { return CERTIFICATE_STATUS; }
387 
388  std::shared_ptr<const OCSP::Response> response() const { return m_response; }
389 
390  Certificate_Status(const std::vector<uint8_t>& buf);
391 
394  std::shared_ptr<const OCSP::Response> response);
395 
396  private:
397  std::vector<uint8_t> serialize() const override;
398  std::shared_ptr<const OCSP::Response> m_response;
399  };
400 
401 /**
402 * Certificate Request Message
403 */
405  {
406  public:
407  Handshake_Type type() const override { return CERTIFICATE_REQUEST; }
408 
409  const std::vector<std::string>& acceptable_cert_types() const
410  { return m_cert_key_types; }
411 
412  std::vector<X509_DN> acceptable_CAs() const { return m_names; }
413 
414  std::vector<std::pair<std::string, std::string> > supported_algos() const
415  { return m_supported_algos; }
416 
419  const Policy& policy,
420  const std::vector<X509_DN>& allowed_cas,
421  Protocol_Version version);
422 
423  Certificate_Req(const std::vector<uint8_t>& buf,
424  Protocol_Version version);
425  private:
426  std::vector<uint8_t> serialize() const override;
427 
428  std::vector<X509_DN> m_names;
429  std::vector<std::string> m_cert_key_types;
430 
431  std::vector<std::pair<std::string, std::string> > m_supported_algos;
432  };
433 
434 /**
435 * Certificate Verify Message
436 */
438  {
439  public:
440  Handshake_Type type() const override { return CERTIFICATE_VERIFY; }
441 
442  /**
443  * Check the signature on a certificate verify message
444  * @param cert the purported certificate
445  * @param state the handshake state
446  * @param policy the TLS policy
447  */
448  bool verify(const X509_Certificate& cert,
449  const Handshake_State& state,
450  const Policy& policy) const;
451 
453  Handshake_State& state,
454  const Policy& policy,
456  const Private_Key* key);
457 
458  Certificate_Verify(const std::vector<uint8_t>& buf,
459  Protocol_Version version);
460  private:
461  std::vector<uint8_t> serialize() const override;
462 
463  std::string m_sig_algo; // sig algo used to create signature
464  std::string m_hash_algo; // hash used to create signature
465  std::vector<uint8_t> m_signature;
466  };
467 
468 /**
469 * Finished Message
470 */
472  {
473  public:
474  Handshake_Type type() const override { return FINISHED; }
475 
476  std::vector<uint8_t> verify_data() const
477  { return m_verification_data; }
478 
479  bool verify(const Handshake_State& state,
480  Connection_Side side) const;
481 
483  Handshake_State& state,
484  Connection_Side side);
485 
486  explicit Finished(const std::vector<uint8_t>& buf);
487  private:
488  std::vector<uint8_t> serialize() const override;
489 
490  std::vector<uint8_t> m_verification_data;
491  };
492 
493 /**
494 * Hello Request Message
495 */
497  {
498  public:
499  Handshake_Type type() const override { return HELLO_REQUEST; }
500 
501  explicit Hello_Request(Handshake_IO& io);
502  explicit Hello_Request(const std::vector<uint8_t>& buf);
503  private:
504  std::vector<uint8_t> serialize() const override;
505  };
506 
507 /**
508 * Server Key Exchange Message
509 */
511  {
512  public:
513  Handshake_Type type() const override { return SERVER_KEX; }
514 
515  const std::vector<uint8_t>& params() const { return m_params; }
516 
517  bool verify(const Public_Key& server_key,
518  const Handshake_State& state,
519  const Policy& policy) const;
520 
521  // Only valid for certain kex types
522  const Private_Key& server_kex_key() const;
523 
524 #if defined(BOTAN_HAS_SRP6)
525  // Only valid for SRP negotiation
526  SRP6_Server_Session& server_srp_params() const
527  {
528  BOTAN_ASSERT_NONNULL(m_srp_params);
529  return *m_srp_params;
530  }
531 #endif
532 
533 #if defined(BOTAN_HAS_CECPQ1)
534  // Only valid for CECPQ1 negotiation
535  const CECPQ1_key& cecpq1_key() const
536  {
537  BOTAN_ASSERT_NONNULL(m_cecpq1_key);
538  return *m_cecpq1_key;
539  }
540 #endif
541 
543  Handshake_State& state,
544  const Policy& policy,
545  Credentials_Manager& creds,
547  const Private_Key* signing_key = nullptr);
548 
549  Server_Key_Exchange(const std::vector<uint8_t>& buf,
550  const std::string& kex_alg,
551  const std::string& sig_alg,
552  Protocol_Version version);
553 
554  ~Server_Key_Exchange() = default;
555  private:
556  std::vector<uint8_t> serialize() const override;
557 
558 #if defined(BOTAN_HAS_SRP6)
559  std::unique_ptr<SRP6_Server_Session> m_srp_params;
560 #endif
561 
562 #if defined(BOTAN_HAS_CECPQ1)
563  std::unique_ptr<CECPQ1_key> m_cecpq1_key;
564 #endif
565 
566  std::unique_ptr<Private_Key> m_kex_key;
567 
568  std::vector<uint8_t> m_params;
569 
570  std::string m_sig_algo; // sig algo used to create signature
571  std::string m_hash_algo; // hash used to create signature
572  std::vector<uint8_t> m_signature;
573  };
574 
575 /**
576 * Server Hello Done Message
577 */
579  {
580  public:
581  Handshake_Type type() const override { return SERVER_HELLO_DONE; }
582 
584  explicit Server_Hello_Done(const std::vector<uint8_t>& buf);
585  private:
586  std::vector<uint8_t> serialize() const override;
587  };
588 
589 /**
590 * New Session Ticket Message
591 */
593  {
594  public:
595  Handshake_Type type() const override { return NEW_SESSION_TICKET; }
596 
597  uint32_t ticket_lifetime_hint() const { return m_ticket_lifetime_hint; }
598  const std::vector<uint8_t>& ticket() const { return m_ticket; }
599 
602  const std::vector<uint8_t>& ticket,
603  uint32_t lifetime);
604 
606  Handshake_Hash& hash);
607 
608  explicit New_Session_Ticket(const std::vector<uint8_t>& buf);
609  private:
610  std::vector<uint8_t> serialize() const override;
611 
612  uint32_t m_ticket_lifetime_hint = 0;
613  std::vector<uint8_t> m_ticket;
614  };
615 
616 /**
617 * Change Cipher Spec
618 */
620  {
621  public:
622  Handshake_Type type() const override { return HANDSHAKE_CCS; }
623 
624  std::vector<uint8_t> serialize() const override
625  { return std::vector<uint8_t>(1, 1); }
626  };
627 
628 }
629 
630 }
631 
632 #endif
std::string next_protocol() const
Definition: tls_messages.h:273
const Protocol_Version protocol_version() const
Definition: tls_messages.h:81
#define BOTAN_UNSTABLE_API
Definition: compiler.h:34
Handshake_Type type() const override
Definition: tls_messages.h:52
Handshake_Type type() const override
Definition: tls_messages.h:581
const std::vector< uint8_t > & random() const
Definition: tls_messages.h:220
Protocol_Version version() const
Definition: tls_messages.h:218
bool supports_certificate_status_message() const
Definition: tls_messages.h:250
const std::vector< uint8_t > & params() const
Definition: tls_messages.h:515
bool supports_extended_master_secret() const
Definition: tls_messages.h:240
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:201
Handshake_Type type() const override
Definition: tls_messages.h:386
Handshake_Type type() const override
Definition: tls_messages.h:329
const std::vector< X509_Certificate > & cert_chain() const
Definition: tls_messages.h:364
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:147
Protocol_Version version() const
Definition: tls_messages.h:93
bool prefers_compressed_ec_points() const
Definition: tls_messages.h:283
uint16_t ciphersuite() const
Definition: tls_messages.h:224
Settings(const Protocol_Version version, const std::string &hostname="", const std::string &srp_identifier="")
Definition: tls_messages.h:74
Handshake_Type type() const override
Definition: tls_messages.h:513
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:97
Handshake_Type type() const override
Definition: tls_messages.h:440
uint16_t srtp_profile() const
Definition: tls_messages.h:260
const std::string & hostname() const
Definition: tls_messages.h:82
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:280
Settings(const std::vector< uint8_t > new_session_id, Protocol_Version new_session_version, uint16_t ciphersuite, uint8_t compression, bool offer_session_ticket)
Definition: tls_messages.h:190
uint32_t ticket_lifetime_hint() const
Definition: tls_messages.h:597
std::vector< uint8_t > verify_data() const
Definition: tls_messages.h:476
Handshake_Type type() const override
Definition: tls_messages.h:595
const secure_vector< uint8_t > & pre_master_secret() const
Definition: tls_messages.h:331
Handshake_Type type() const override
Definition: tls_messages.h:363
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:81
Handshake_Type type() const override
Definition: tls_messages.h:474
bool supports_session_ticket() const
Definition: tls_messages.h:255
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:222
bool supports_encrypt_then_mac() const
Definition: tls_messages.h:245
std::vector< uint8_t > renegotiation_info() const
Definition: tls_messages.h:233
const std::string & srp_identifier() const
Definition: tls_messages.h:83
Handshake_Type type() const override
Definition: tls_messages.h:499
const std::vector< uint16_t > & ciphersuites() const
Definition: tls_messages.h:99
Definition: alg_id.cpp:13
Handshake_Type type() const override
Definition: tls_messages.h:407
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
std::unique_ptr< Public_Key > server_public_key
Definition: tls_client.cpp:38
bool secure_renegotiation() const
Definition: tls_messages.h:228
const std::vector< uint8_t > & ticket() const
Definition: tls_messages.h:598
std::vector< X509_DN > acceptable_CAs() const
Definition: tls_messages.h:412
std::vector< uint8_t > serialize() const override
Definition: tls_messages.h:624
const std::vector< std::string > & acceptable_cert_types() const
Definition: tls_messages.h:409
uint8_t compression_method() const
Definition: tls_messages.h:226
Protocol_Version protocol_version() const
Definition: tls_messages.h:202
size_t count() const
Definition: tls_messages.h:366
std::shared_ptr< const OCSP::Response > response() const
Definition: tls_messages.h:388
std::vector< std::pair< std::string, std::string > > supported_algos() const
Definition: tls_messages.h:414
Handshake_Type type() const override
Definition: tls_messages.h:216
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
const std::vector< uint8_t > & compression_methods() const
Definition: tls_messages.h:101
const std::vector< uint8_t > & random() const
Definition: tls_messages.h:95
MechanismType hash
std::vector< uint8_t > cookie() const
Definition: tls_messages.h:54
Handshake_Type type() const override
Definition: tls_messages.h:622
Handshake_Type type() const override
Definition: tls_messages.h:91