Botan  2.6.0
Crypto and TLS for C++11
tls_messages.h
Go to the documentation of this file.
1 /*
2 * TLS Messages
3 * (C) 2004-2011,2015 Jack Lloyd
4 * 2016 Matthias Gierlings
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TLS_MESSAGES_H_
10 #define BOTAN_TLS_MESSAGES_H_
11 
12 #include <botan/tls_extensions.h>
13 #include <botan/tls_handshake_msg.h>
14 #include <botan/tls_session.h>
15 #include <botan/tls_policy.h>
16 #include <botan/tls_ciphersuite.h>
17 #include <botan/pk_keys.h>
18 #include <botan/x509cert.h>
19 #include <botan/ocsp.h>
20 #include <vector>
21 #include <string>
22 #include <set>
23 
24 #if defined(BOTAN_HAS_CECPQ1)
25  #include <botan/cecpq1.h>
26 #endif
27 
28 #if defined(BOTAN_HAS_SRP6)
29  #include <botan/srp6.h>
30 #endif
31 
32 namespace Botan {
33 
34 class Public_Key;
35 class Credentials_Manager;
36 
37 namespace TLS {
38 
39 class Session;
40 class Handshake_IO;
41 class Handshake_State;
42 class Callbacks;
43 
44 std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng,
45  const Policy& policy);
46 
47 /**
48 * DTLS Hello Verify Request
49 */
51  {
52  public:
53  std::vector<uint8_t> serialize() const override;
54  Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; }
55 
56  std::vector<uint8_t> cookie() const { return m_cookie; }
57 
58  explicit Hello_Verify_Request(const std::vector<uint8_t>& buf);
59 
60  Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits,
61  const std::string& client_identity,
62  const SymmetricKey& secret_key);
63  private:
64  std::vector<uint8_t> m_cookie;
65  };
66 
67 /**
68 * Client Hello Message
69 */
71  {
72  public:
73  class Settings final
74  {
75  public:
76  Settings(const Protocol_Version version,
77  const std::string& hostname = "",
78  const std::string& srp_identifier = "") :
79  m_new_session_version(version),
80  m_hostname(hostname),
81  m_srp_identifier(srp_identifier) {}
82 
83  const Protocol_Version protocol_version() const { return m_new_session_version; }
84  const std::string& hostname() const { return m_hostname; }
85  const std::string& srp_identifier() const { return m_srp_identifier; }
86 
87  private:
88  const Protocol_Version m_new_session_version;
89  const std::string m_hostname;
90  const std::string m_srp_identifier;
91  };
92 
93  Handshake_Type type() const override { return CLIENT_HELLO; }
94 
95  Protocol_Version version() const { return m_version; }
96 
97  const std::vector<uint8_t>& random() const { return m_random; }
98 
99  const std::vector<uint8_t>& session_id() const { return m_session_id; }
100 
101  const std::vector<uint16_t>& ciphersuites() const { return m_suites; }
102 
103  bool offered_suite(uint16_t ciphersuite) const;
104 
105  bool sent_fallback_scsv() const;
106 
107  std::vector<Signature_Scheme> signature_schemes() const;
108 
109  std::vector<Group_Params> supported_ecc_curves() const;
110 
111  std::vector<Group_Params> supported_dh_groups() const;
112 
113  bool prefers_compressed_ec_points() const;
114 
115  std::string sni_hostname() const;
116 
117 #if defined(BOTAN_HAS_SRP6)
118  std::string srp_identifier() const;
119 #endif
120 
121  bool secure_renegotiation() const;
122 
123  std::vector<uint8_t> renegotiation_info() const;
124 
125  bool supports_session_ticket() const;
126 
127  std::vector<uint8_t> session_ticket() const;
128 
129  bool supports_alpn() const;
130 
131  bool supports_extended_master_secret() const;
132 
133  bool supports_cert_status_message() const;
134 
135  bool supports_encrypt_then_mac() const;
136 
137  bool sent_signature_algorithms() const;
138 
139  std::vector<std::string> next_protocols() const;
140 
141  std::vector<uint16_t> srtp_profiles() const;
142 
143  void update_hello_cookie(const Hello_Verify_Request& hello_verify);
144 
145  std::set<Handshake_Extension_Type> extension_types() const
146  { return m_extensions.extension_types(); }
147 
148  const Extensions& extensions() const { return m_extensions; }
149 
152  const Policy& policy,
153  Callbacks& cb,
155  const std::vector<uint8_t>& reneg_info,
156  const Client_Hello::Settings& client_settings,
157  const std::vector<std::string>& next_protocols);
158 
161  const Policy& policy,
162  Callbacks& cb,
164  const std::vector<uint8_t>& reneg_info,
165  const Session& resumed_session,
166  const std::vector<std::string>& next_protocols);
167 
168  explicit Client_Hello(const std::vector<uint8_t>& buf);
169 
170  private:
171  std::vector<uint8_t> serialize() const override;
172 
173  Protocol_Version m_version;
174  std::vector<uint8_t> m_session_id;
175  std::vector<uint8_t> m_random;
176  std::vector<uint16_t> m_suites;
177  std::vector<uint8_t> m_comp_methods;
178  std::vector<uint8_t> m_hello_cookie; // DTLS only
179 
180  Extensions m_extensions;
181  };
182 
183 /**
184 * Server Hello Message
185 */
187  {
188  public:
189  class Settings final
190  {
191  public:
192  Settings(const std::vector<uint8_t> new_session_id,
193  Protocol_Version new_session_version,
194  uint16_t ciphersuite,
195  bool offer_session_ticket) :
196  m_new_session_id(new_session_id),
197  m_new_session_version(new_session_version),
198  m_ciphersuite(ciphersuite),
199  m_offer_session_ticket(offer_session_ticket) {}
200 
201  const std::vector<uint8_t>& session_id() const { return m_new_session_id; }
202  Protocol_Version protocol_version() const { return m_new_session_version; }
203  uint16_t ciphersuite() const { return m_ciphersuite; }
204  bool offer_session_ticket() const { return m_offer_session_ticket; }
205 
206  private:
207  const std::vector<uint8_t> m_new_session_id;
208  Protocol_Version m_new_session_version;
209  uint16_t m_ciphersuite;
210  bool m_offer_session_ticket;
211  };
212 
213 
214  Handshake_Type type() const override { return SERVER_HELLO; }
215 
216  Protocol_Version version() const { return m_version; }
217 
218  const std::vector<uint8_t>& random() const { return m_random; }
219 
220  const std::vector<uint8_t>& session_id() const { return m_session_id; }
221 
222  uint16_t ciphersuite() const { return m_ciphersuite; }
223 
224  uint8_t compression_method() const { return m_comp_method; }
225 
226  bool secure_renegotiation() const
227  {
228  return m_extensions.has<Renegotiation_Extension>();
229  }
230 
231  std::vector<uint8_t> renegotiation_info() const
232  {
233  if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
234  return reneg->renegotiation_info();
235  return std::vector<uint8_t>();
236  }
237 
239  {
240  return m_extensions.has<Extended_Master_Secret>();
241  }
242 
244  {
245  return m_extensions.has<Encrypt_then_MAC>();
246  }
247 
249  {
250  return m_extensions.has<Certificate_Status_Request>();
251  }
252 
254  {
255  return m_extensions.has<Session_Ticket>();
256  }
257 
258  uint16_t srtp_profile() const
259  {
260  if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
261  {
262  auto prof = srtp->profiles();
263  if(prof.size() != 1 || prof[0] == 0)
264  throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
265  return prof[0];
266  }
267 
268  return 0;
269  }
270 
271  std::string next_protocol() const
272  {
273  if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
274  return alpn->single_protocol();
275  return "";
276  }
277 
278  std::set<Handshake_Extension_Type> extension_types() const
279  { return m_extensions.extension_types(); }
280 
281  const Extensions& extensions() const { return m_extensions; }
282 
284  {
285  if(auto ecc_formats = m_extensions.get<Supported_Point_Formats>())
286  {
287  return ecc_formats->prefers_compressed();
288  }
289  return false;
290  }
291 
294  const Policy& policy,
295  Callbacks& cb,
297  const std::vector<uint8_t>& secure_reneg_info,
298  const Client_Hello& client_hello,
299  const Server_Hello::Settings& settings,
300  const std::string next_protocol);
301 
304  const Policy& policy,
305  Callbacks& cb,
307  const std::vector<uint8_t>& secure_reneg_info,
308  const Client_Hello& client_hello,
309  Session& resumed_session,
310  bool offer_session_ticket,
311  const std::string& next_protocol);
312 
313  explicit Server_Hello(const std::vector<uint8_t>& buf);
314  private:
315  std::vector<uint8_t> serialize() const override;
316 
317  Protocol_Version m_version;
318  std::vector<uint8_t> m_session_id, m_random;
319  uint16_t m_ciphersuite;
320  uint8_t m_comp_method;
321 
322  Extensions m_extensions;
323  };
324 
325 /**
326 * Client Key Exchange Message
327 */
329  {
330  public:
331  Handshake_Type type() const override { return CLIENT_KEX; }
332 
334  { return m_pre_master; }
335 
337  Handshake_State& state,
338  const Policy& policy,
339  Credentials_Manager& creds,
341  const std::string& hostname,
342  RandomNumberGenerator& rng);
343 
344  Client_Key_Exchange(const std::vector<uint8_t>& buf,
345  const Handshake_State& state,
346  const Private_Key* server_rsa_kex_key,
347  Credentials_Manager& creds,
348  const Policy& policy,
349  RandomNumberGenerator& rng);
350 
351  private:
352  std::vector<uint8_t> serialize() const override
353  { return m_key_material; }
354 
355  std::vector<uint8_t> m_key_material;
356  secure_vector<uint8_t> m_pre_master;
357  };
358 
359 /**
360 * Certificate Message
361 */
363  {
364  public:
365  Handshake_Type type() const override { return CERTIFICATE; }
366  const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
367 
368  size_t count() const { return m_certs.size(); }
369  bool empty() const { return m_certs.empty(); }
370 
373  const std::vector<X509_Certificate>& certs);
374 
375  explicit Certificate(const std::vector<uint8_t>& buf, const Policy &policy);
376  private:
377  std::vector<uint8_t> serialize() const override;
378 
379  std::vector<X509_Certificate> m_certs;
380  };
381 
382 /**
383 * Certificate Status (RFC 6066)
384 */
386  {
387  public:
388  Handshake_Type type() const override { return CERTIFICATE_STATUS; }
389 
390  std::shared_ptr<const OCSP::Response> response() const { return m_response; }
391 
392  Certificate_Status(const std::vector<uint8_t>& buf);
393 
396  std::shared_ptr<const OCSP::Response> response);
397 
398  private:
399  std::vector<uint8_t> serialize() const override;
400  std::shared_ptr<const OCSP::Response> m_response;
401  };
402 
403 /**
404 * Certificate Request Message
405 */
407  {
408  public:
409  Handshake_Type type() const override { return CERTIFICATE_REQUEST; }
410 
411  const std::vector<std::string>& acceptable_cert_types() const
412  { return m_cert_key_types; }
413 
414  const std::vector<X509_DN>& acceptable_CAs() const { return m_names; }
415 
416  const std::vector<Signature_Scheme>& signature_schemes() const
417  {
418  return m_schemes;
419  }
420 
423  const Policy& policy,
424  const std::vector<X509_DN>& allowed_cas,
425  Protocol_Version version);
426 
427  Certificate_Req(const std::vector<uint8_t>& buf,
428  Protocol_Version version);
429  private:
430  std::vector<uint8_t> serialize() const override;
431 
432  std::vector<X509_DN> m_names;
433  std::vector<std::string> m_cert_key_types;
434 
435  std::vector<Signature_Scheme> m_schemes;
436  };
437 
438 /**
439 * Certificate Verify Message
440 */
442  {
443  public:
444  Handshake_Type type() const override { return CERTIFICATE_VERIFY; }
445 
446  /**
447  * Check the signature on a certificate verify message
448  * @param cert the purported certificate
449  * @param state the handshake state
450  * @param policy the TLS policy
451  */
452  bool verify(const X509_Certificate& cert,
453  const Handshake_State& state,
454  const Policy& policy) const;
455 
457  Handshake_State& state,
458  const Policy& policy,
460  const Private_Key* key);
461 
462  Certificate_Verify(const std::vector<uint8_t>& buf,
463  Protocol_Version version);
464  private:
465  std::vector<uint8_t> serialize() const override;
466 
467  std::vector<uint8_t> m_signature;
469  };
470 
471 /**
472 * Finished Message
473 */
475  {
476  public:
477  Handshake_Type type() const override { return FINISHED; }
478 
479  std::vector<uint8_t> verify_data() const
480  { return m_verification_data; }
481 
482  bool verify(const Handshake_State& state,
483  Connection_Side side) const;
484 
486  Handshake_State& state,
487  Connection_Side side);
488 
489  explicit Finished(const std::vector<uint8_t>& buf);
490  private:
491  std::vector<uint8_t> serialize() const override;
492 
493  std::vector<uint8_t> m_verification_data;
494  };
495 
496 /**
497 * Hello Request Message
498 */
500  {
501  public:
502  Handshake_Type type() const override { return HELLO_REQUEST; }
503 
504  explicit Hello_Request(Handshake_IO& io);
505  explicit Hello_Request(const std::vector<uint8_t>& buf);
506  private:
507  std::vector<uint8_t> serialize() const override;
508  };
509 
510 /**
511 * Server Key Exchange Message
512 */
514  {
515  public:
516  Handshake_Type type() const override { return SERVER_KEX; }
517 
518  const std::vector<uint8_t>& params() const { return m_params; }
519 
520  bool verify(const Public_Key& server_key,
521  const Handshake_State& state,
522  const Policy& policy) const;
523 
524  // Only valid for certain kex types
525  const Private_Key& server_kex_key() const;
526 
527 #if defined(BOTAN_HAS_SRP6)
528  // Only valid for SRP negotiation
529  SRP6_Server_Session& server_srp_params() const
530  {
531  BOTAN_ASSERT_NONNULL(m_srp_params);
532  return *m_srp_params;
533  }
534 #endif
535 
536 #if defined(BOTAN_HAS_CECPQ1)
537  // Only valid for CECPQ1 negotiation
538  const CECPQ1_key& cecpq1_key() const
539  {
540  BOTAN_ASSERT_NONNULL(m_cecpq1_key);
541  return *m_cecpq1_key;
542  }
543 #endif
544 
545  Server_Key_Exchange(Handshake_IO& io,
546  Handshake_State& state,
547  const Policy& policy,
548  Credentials_Manager& creds,
549  RandomNumberGenerator& rng,
550  const Private_Key* signing_key = nullptr);
551 
552  Server_Key_Exchange(const std::vector<uint8_t>& buf,
553  Kex_Algo kex_alg,
554  Auth_Method sig_alg,
555  Protocol_Version version);
556 
557  ~Server_Key_Exchange() = default;
558  private:
559  std::vector<uint8_t> serialize() const override;
560 
561 #if defined(BOTAN_HAS_SRP6)
562  std::unique_ptr<SRP6_Server_Session> m_srp_params;
563 #endif
564 
565 #if defined(BOTAN_HAS_CECPQ1)
566  std::unique_ptr<CECPQ1_key> m_cecpq1_key;
567 #endif
568 
569  std::unique_ptr<Private_Key> m_kex_key;
570 
571  std::vector<uint8_t> m_params;
572 
573  std::vector<uint8_t> m_signature;
575  };
576 
577 /**
578 * Server Hello Done Message
579 */
581  {
582  public:
583  Handshake_Type type() const override { return SERVER_HELLO_DONE; }
584 
586  explicit Server_Hello_Done(const std::vector<uint8_t>& buf);
587  private:
588  std::vector<uint8_t> serialize() const override;
589  };
590 
591 /**
592 * New Session Ticket Message
593 */
595  {
596  public:
597  Handshake_Type type() const override { return NEW_SESSION_TICKET; }
598 
599  uint32_t ticket_lifetime_hint() const { return m_ticket_lifetime_hint; }
600  const std::vector<uint8_t>& ticket() const { return m_ticket; }
601 
604  const std::vector<uint8_t>& ticket,
605  uint32_t lifetime);
606 
609 
610  explicit New_Session_Ticket(const std::vector<uint8_t>& buf);
611  private:
612  std::vector<uint8_t> serialize() const override;
613 
614  uint32_t m_ticket_lifetime_hint = 0;
615  std::vector<uint8_t> m_ticket;
616  };
617 
618 /**
619 * Change Cipher Spec
620 */
622  {
623  public:
624  Handshake_Type type() const override { return HANDSHAKE_CCS; }
625 
626  std::vector<uint8_t> serialize() const override
627  { return std::vector<uint8_t>(1, 1); }
628  };
629 
630 }
631 
632 }
633 
634 #endif
const Extensions & extensions() const
Definition: tls_messages.h:148
std::string next_protocol() const
Definition: tls_messages.h:271
const Protocol_Version protocol_version() const
Definition: tls_messages.h:83
#define BOTAN_UNSTABLE_API
Definition: compiler.h:34
Handshake_Type type() const override
Definition: tls_messages.h:54
Handshake_Type type() const override
Definition: tls_messages.h:583
const std::vector< uint8_t > & random() const
Definition: tls_messages.h:218
Protocol_Version version() const
Definition: tls_messages.h:216
bool supports_certificate_status_message() const
Definition: tls_messages.h:248
const std::vector< uint8_t > & params() const
Definition: tls_messages.h:518
bool supports_extended_master_secret() const
Definition: tls_messages.h:238
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:201
Handshake_Type type() const override
Definition: tls_messages.h:388
Handshake_Type type() const override
Definition: tls_messages.h:331
const std::vector< X509_Certificate > & cert_chain() const
Definition: tls_messages.h:366
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:145
Protocol_Version version() const
Definition: tls_messages.h:95
bool prefers_compressed_ec_points() const
Definition: tls_messages.h:283
uint16_t ciphersuite() const
Definition: tls_messages.h:222
Settings(const Protocol_Version version, const std::string &hostname="", const std::string &srp_identifier="")
Definition: tls_messages.h:76
Signature_Scheme
Definition: tls_algos.h:84
Handshake_Type type() const override
Definition: tls_messages.h:516
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:99
Handshake_Type type() const override
Definition: tls_messages.h:444
const std::vector< X509_DN > & acceptable_CAs() const
Definition: tls_messages.h:414
uint16_t srtp_profile() const
Definition: tls_messages.h:258
const std::string & hostname() const
Definition: tls_messages.h:84
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:278
uint32_t ticket_lifetime_hint() const
Definition: tls_messages.h:599
std::vector< uint8_t > verify_data() const
Definition: tls_messages.h:479
Handshake_Type type() const override
Definition: tls_messages.h:597
const secure_vector< uint8_t > & pre_master_secret() const
Definition: tls_messages.h:333
Handshake_Type type() const override
Definition: tls_messages.h:365
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:82
Handshake_Type type() const override
Definition: tls_messages.h:477
bool supports_session_ticket() const
Definition: tls_messages.h:253
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:220
bool supports_encrypt_then_mac() const
Definition: tls_messages.h:243
std::vector< uint8_t > renegotiation_info() const
Definition: tls_messages.h:231
const std::string & srp_identifier() const
Definition: tls_messages.h:85
Handshake_Type type() const override
Definition: tls_messages.h:502
const std::vector< uint16_t > & ciphersuites() const
Definition: tls_messages.h:101
Definition: alg_id.cpp:13
Handshake_Type type() const override
Definition: tls_messages.h:409
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
std::unique_ptr< Public_Key > server_public_key
Definition: tls_client.cpp:38
bool secure_renegotiation() const
Definition: tls_messages.h:226
const std::vector< uint8_t > & ticket() const
Definition: tls_messages.h:600
Settings(const std::vector< uint8_t > new_session_id, Protocol_Version new_session_version, uint16_t ciphersuite, bool offer_session_ticket)
Definition: tls_messages.h:192
std::vector< uint8_t > serialize() const override
Definition: tls_messages.h:626
const std::vector< std::string > & acceptable_cert_types() const
Definition: tls_messages.h:411
uint8_t compression_method() const
Definition: tls_messages.h:224
Protocol_Version protocol_version() const
Definition: tls_messages.h:202
size_t count() const
Definition: tls_messages.h:368
std::shared_ptr< const OCSP::Response > response() const
Definition: tls_messages.h:390
Handshake_Type type() const override
Definition: tls_messages.h:214
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
const std::vector< Signature_Scheme > & signature_schemes() const
Definition: tls_messages.h:416
const std::vector< uint8_t > & random() const
Definition: tls_messages.h:97
MechanismType hash
const Extensions & extensions() const
Definition: tls_messages.h:281
std::vector< uint8_t > cookie() const
Definition: tls_messages.h:56
Handshake_Type type() const override
Definition: tls_messages.h:624
Handshake_Type type() const override
Definition: tls_messages.h:93