Botan  2.18.1
Crypto and TLS for C++11
tls_messages.h
Go to the documentation of this file.
1 /*
2 * TLS Messages
3 * (C) 2004-2011,2015 Jack Lloyd
4 * 2016 Matthias Gierlings
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TLS_MESSAGES_H_
10 #define BOTAN_TLS_MESSAGES_H_
11 
12 #include <botan/tls_extensions.h>
13 #include <botan/tls_handshake_msg.h>
14 #include <botan/tls_session.h>
15 #include <botan/tls_policy.h>
16 #include <botan/tls_ciphersuite.h>
17 #include <botan/pk_keys.h>
18 #include <botan/x509cert.h>
19 #include <botan/ocsp.h>
20 #include <vector>
21 #include <string>
22 #include <set>
23 
24 #if defined(BOTAN_HAS_CECPQ1)
25  #include <botan/cecpq1.h>
26 #endif
27 
28 #if defined(BOTAN_HAS_SRP6)
29  #include <botan/srp6.h>
30 #endif
31 
32 namespace Botan {
33 
34 class Public_Key;
35 class Credentials_Manager;
36 
37 namespace TLS {
38 
39 class Session;
40 class Handshake_IO;
41 class Handshake_State;
42 class Callbacks;
43 
44 std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng,
45  const Policy& policy);
46 
47 /**
48 * DTLS Hello Verify Request
49 */
51  {
52  public:
53  std::vector<uint8_t> serialize() const override;
54  Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; }
55 
56  const std::vector<uint8_t>& cookie() const { return m_cookie; }
57 
58  explicit Hello_Verify_Request(const std::vector<uint8_t>& buf);
59 
60  Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits,
61  const std::string& client_identity,
62  const SymmetricKey& secret_key);
63  private:
64  std::vector<uint8_t> m_cookie;
65  };
66 
67 /**
68 * Client Hello Message
69 */
71  {
72  public:
74  {
75  public:
76  Settings(const Protocol_Version version,
77  const std::string& hostname = "",
78  const std::string& srp_identifier = "") :
79  m_new_session_version(version),
80  m_hostname(hostname),
81  m_srp_identifier(srp_identifier) {}
82 
83  const Protocol_Version protocol_version() const { return m_new_session_version; }
84  const std::string& hostname() const { return m_hostname; }
85  const std::string& srp_identifier() const { return m_srp_identifier; }
86 
87  private:
88  const Protocol_Version m_new_session_version;
89  const std::string m_hostname;
90  const std::string m_srp_identifier;
91  };
92 
93  Handshake_Type type() const override { return CLIENT_HELLO; }
94 
95  Protocol_Version version() const { return m_version; }
96 
97  std::vector<Protocol_Version> supported_versions() const;
98 
99  const std::vector<uint8_t>& random() const { return m_random; }
100 
101  const std::vector<uint8_t>& session_id() const { return m_session_id; }
102 
103  const std::vector<uint8_t>& compression_methods() const { return m_comp_methods; }
104 
105  const std::vector<uint16_t>& ciphersuites() const { return m_suites; }
106 
107  bool offered_suite(uint16_t ciphersuite) const;
108 
109  bool sent_fallback_scsv() const;
110 
111  std::vector<Signature_Scheme> signature_schemes() const;
112 
113  std::vector<Group_Params> supported_ecc_curves() const;
114 
115  std::vector<Group_Params> supported_dh_groups() const;
116 
117  bool prefers_compressed_ec_points() const;
118 
119  std::string sni_hostname() const;
120 
121 #if defined(BOTAN_HAS_SRP6)
122  std::string srp_identifier() const;
123 #endif
124 
125  bool secure_renegotiation() const;
126 
127  std::vector<uint8_t> renegotiation_info() const;
128 
129  bool supports_session_ticket() const;
130 
131  std::vector<uint8_t> session_ticket() const;
132 
133  bool supports_alpn() const;
134 
135  bool supports_extended_master_secret() const;
136 
137  bool supports_cert_status_message() const;
138 
139  bool supports_encrypt_then_mac() const;
140 
141  bool sent_signature_algorithms() const;
142 
143  std::vector<std::string> next_protocols() const;
144 
145  std::vector<uint16_t> srtp_profiles() const;
146 
147  void update_hello_cookie(const Hello_Verify_Request& hello_verify);
148 
149  const std::vector<uint8_t>& cookie() const { return m_hello_cookie; }
150 
151  std::vector<uint8_t> cookie_input_data() const;
152 
153  std::set<Handshake_Extension_Type> extension_types() const
154  { return m_extensions.extension_types(); }
155 
156  const Extensions& extensions() const { return m_extensions; }
157 
160  const Policy& policy,
161  Callbacks& cb,
163  const std::vector<uint8_t>& reneg_info,
164  const Client_Hello::Settings& client_settings,
165  const std::vector<std::string>& next_protocols);
166 
169  const Policy& policy,
170  Callbacks& cb,
172  const std::vector<uint8_t>& reneg_info,
173  const Session& resumed_session,
174  const std::vector<std::string>& next_protocols);
175 
176  explicit Client_Hello(const std::vector<uint8_t>& buf);
177 
178  private:
179  std::vector<uint8_t> serialize() const override;
180 
181  Protocol_Version m_version;
182  std::vector<uint8_t> m_session_id;
183  std::vector<uint8_t> m_random;
184  std::vector<uint16_t> m_suites;
185  std::vector<uint8_t> m_comp_methods;
186  std::vector<uint8_t> m_hello_cookie; // DTLS only
187 
188  Extensions m_extensions;
189  };
190 
191 /**
192 * Server Hello Message
193 */
195  {
196  public:
198  {
199  public:
200  Settings(const std::vector<uint8_t> new_session_id,
201  Protocol_Version new_session_version,
202  uint16_t ciphersuite,
203  bool offer_session_ticket) :
204  m_new_session_id(new_session_id),
205  m_new_session_version(new_session_version),
206  m_ciphersuite(ciphersuite),
207  m_offer_session_ticket(offer_session_ticket) {}
208 
209  const std::vector<uint8_t>& session_id() const { return m_new_session_id; }
210  Protocol_Version protocol_version() const { return m_new_session_version; }
211  uint16_t ciphersuite() const { return m_ciphersuite; }
212  bool offer_session_ticket() const { return m_offer_session_ticket; }
213 
214  private:
215  const std::vector<uint8_t> m_new_session_id;
216  Protocol_Version m_new_session_version;
217  uint16_t m_ciphersuite;
218  bool m_offer_session_ticket;
219  };
220 
221 
222  Handshake_Type type() const override { return SERVER_HELLO; }
223 
224  Protocol_Version version() const { return m_version; }
225 
226  const std::vector<uint8_t>& random() const { return m_random; }
227 
228  const std::vector<uint8_t>& session_id() const { return m_session_id; }
229 
230  uint16_t ciphersuite() const { return m_ciphersuite; }
231 
232  uint8_t compression_method() const { return m_comp_method; }
233 
234  bool secure_renegotiation() const
235  {
236  return m_extensions.has<Renegotiation_Extension>();
237  }
238 
239  std::vector<uint8_t> renegotiation_info() const
240  {
241  if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
242  return reneg->renegotiation_info();
243  return std::vector<uint8_t>();
244  }
245 
247  {
248  return m_extensions.has<Extended_Master_Secret>();
249  }
250 
252  {
253  return m_extensions.has<Encrypt_then_MAC>();
254  }
255 
257  {
258  return m_extensions.has<Certificate_Status_Request>();
259  }
260 
262  {
263  return m_extensions.has<Session_Ticket>();
264  }
265 
266  uint16_t srtp_profile() const
267  {
268  if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
269  {
270  auto prof = srtp->profiles();
271  if(prof.size() != 1 || prof[0] == 0)
272  throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
273  return prof[0];
274  }
275 
276  return 0;
277  }
278 
279  std::string next_protocol() const
280  {
281  if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
282  return alpn->single_protocol();
283  return "";
284  }
285 
286  std::set<Handshake_Extension_Type> extension_types() const
287  { return m_extensions.extension_types(); }
288 
289  const Extensions& extensions() const { return m_extensions; }
290 
292  {
293  if(auto ecc_formats = m_extensions.get<Supported_Point_Formats>())
294  {
295  return ecc_formats->prefers_compressed();
296  }
297  return false;
298  }
299 
300  bool random_signals_downgrade() const;
301 
304  const Policy& policy,
305  Callbacks& cb,
307  const std::vector<uint8_t>& secure_reneg_info,
308  const Client_Hello& client_hello,
309  const Server_Hello::Settings& settings,
310  const std::string next_protocol);
311 
314  const Policy& policy,
315  Callbacks& cb,
317  const std::vector<uint8_t>& secure_reneg_info,
318  const Client_Hello& client_hello,
320  bool offer_session_ticket,
321  const std::string& next_protocol);
322 
323  explicit Server_Hello(const std::vector<uint8_t>& buf);
324  private:
325  std::vector<uint8_t> serialize() const override;
326 
327  Protocol_Version m_version;
328  std::vector<uint8_t> m_session_id, m_random;
329  uint16_t m_ciphersuite;
330  uint8_t m_comp_method;
331 
332  Extensions m_extensions;
333  };
334 
335 /**
336 * Client Key Exchange Message
337 */
339  {
340  public:
341  Handshake_Type type() const override { return CLIENT_KEX; }
342 
344  { return m_pre_master; }
345 
347  Handshake_State& state,
348  const Policy& policy,
349  Credentials_Manager& creds,
351  const std::string& hostname,
352  RandomNumberGenerator& rng);
353 
354  Client_Key_Exchange(const std::vector<uint8_t>& buf,
355  const Handshake_State& state,
356  const Private_Key* server_rsa_kex_key,
357  Credentials_Manager& creds,
358  const Policy& policy,
359  RandomNumberGenerator& rng);
360 
361  private:
362  std::vector<uint8_t> serialize() const override
363  { return m_key_material; }
364 
365  std::vector<uint8_t> m_key_material;
366  secure_vector<uint8_t> m_pre_master;
367  };
368 
369 /**
370 * Certificate Message
371 */
373  {
374  public:
375  Handshake_Type type() const override { return CERTIFICATE; }
376  const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
377 
378  size_t count() const { return m_certs.size(); }
379  bool empty() const { return m_certs.empty(); }
380 
383  const std::vector<X509_Certificate>& certs);
384 
385  explicit Certificate(const std::vector<uint8_t>& buf, const Policy &policy);
386  private:
387  std::vector<uint8_t> serialize() const override;
388 
389  std::vector<X509_Certificate> m_certs;
390  };
391 
392 /**
393 * Certificate Status (RFC 6066)
394 */
396  {
397  public:
398  Handshake_Type type() const override { return CERTIFICATE_STATUS; }
399 
400  //std::shared_ptr<const OCSP::Response> response() const { return m_response; }
401 
402  const std::vector<uint8_t>& response() const { return m_response; }
403 
404  Certificate_Status(const std::vector<uint8_t>& buf);
405 
408  std::shared_ptr<const OCSP::Response> response);
409 
410  /*
411  * Create a Certificate_Status message using an already DER encoded OCSP response.
412  */
415  std::vector<uint8_t> const& raw_response_bytes );
416 
417  private:
418  std::vector<uint8_t> serialize() const override;
419  std::vector<uint8_t> m_response;
420  };
421 
422 /**
423 * Certificate Request Message
424 */
426  {
427  public:
428  Handshake_Type type() const override { return CERTIFICATE_REQUEST; }
429 
430  const std::vector<std::string>& acceptable_cert_types() const
431  { return m_cert_key_types; }
432 
433  const std::vector<X509_DN>& acceptable_CAs() const { return m_names; }
434 
435  const std::vector<Signature_Scheme>& signature_schemes() const
436  {
437  return m_schemes;
438  }
439 
442  const Policy& policy,
443  const std::vector<X509_DN>& allowed_cas,
444  Protocol_Version version);
445 
446  Certificate_Req(const std::vector<uint8_t>& buf,
447  Protocol_Version version);
448  private:
449  std::vector<uint8_t> serialize() const override;
450 
451  std::vector<X509_DN> m_names;
452  std::vector<std::string> m_cert_key_types;
453 
454  std::vector<Signature_Scheme> m_schemes;
455  };
456 
457 /**
458 * Certificate Verify Message
459 */
461  {
462  public:
463  Handshake_Type type() const override { return CERTIFICATE_VERIFY; }
464 
465  /**
466  * Check the signature on a certificate verify message
467  * @param cert the purported certificate
468  * @param state the handshake state
469  * @param policy the TLS policy
470  */
471  bool verify(const X509_Certificate& cert,
472  const Handshake_State& state,
473  const Policy& policy) const;
474 
476  Handshake_State& state,
477  const Policy& policy,
479  const Private_Key* key);
480 
481  Certificate_Verify(const std::vector<uint8_t>& buf,
482  Protocol_Version version);
483  private:
484  std::vector<uint8_t> serialize() const override;
485 
486  std::vector<uint8_t> m_signature;
488  };
489 
490 /**
491 * Finished Message
492 */
494  {
495  public:
496  Handshake_Type type() const override { return FINISHED; }
497 
498  std::vector<uint8_t> verify_data() const
499  { return m_verification_data; }
500 
501  bool verify(const Handshake_State& state,
502  Connection_Side side) const;
503 
505  Handshake_State& state,
506  Connection_Side side);
507 
508  explicit Finished(const std::vector<uint8_t>& buf);
509  private:
510  std::vector<uint8_t> serialize() const override;
511 
512  std::vector<uint8_t> m_verification_data;
513  };
514 
515 /**
516 * Hello Request Message
517 */
519  {
520  public:
521  Handshake_Type type() const override { return HELLO_REQUEST; }
522 
523  explicit Hello_Request(Handshake_IO& io);
524  explicit Hello_Request(const std::vector<uint8_t>& buf);
525  private:
526  std::vector<uint8_t> serialize() const override;
527  };
528 
529 /**
530 * Server Key Exchange Message
531 */
533  {
534  public:
535  Handshake_Type type() const override { return SERVER_KEX; }
536 
537  const std::vector<uint8_t>& params() const { return m_params; }
538 
539  bool verify(const Public_Key& server_key,
540  const Handshake_State& state,
541  const Policy& policy) const;
542 
543  // Only valid for certain kex types
544  const Private_Key& server_kex_key() const;
545 
546 #if defined(BOTAN_HAS_SRP6)
547  // Only valid for SRP negotiation
548  SRP6_Server_Session& server_srp_params() const
549  {
550  BOTAN_ASSERT_NONNULL(m_srp_params);
551  return *m_srp_params;
552  }
553 #endif
554 
555 #if defined(BOTAN_HAS_CECPQ1)
556  // Only valid for CECPQ1 negotiation
557  const CECPQ1_key& cecpq1_key() const
558  {
559  BOTAN_ASSERT_NONNULL(m_cecpq1_key);
560  return *m_cecpq1_key;
561  }
562 #endif
563 
564  Server_Key_Exchange(Handshake_IO& io,
565  Handshake_State& state,
566  const Policy& policy,
567  Credentials_Manager& creds,
568  RandomNumberGenerator& rng,
569  const Private_Key* signing_key = nullptr);
570 
571  Server_Key_Exchange(const std::vector<uint8_t>& buf,
572  Kex_Algo kex_alg,
573  Auth_Method sig_alg,
574  Protocol_Version version);
575 
576  ~Server_Key_Exchange() = default;
577  private:
578  std::vector<uint8_t> serialize() const override;
579 
580 #if defined(BOTAN_HAS_SRP6)
581  std::unique_ptr<SRP6_Server_Session> m_srp_params;
582 #endif
583 
584 #if defined(BOTAN_HAS_CECPQ1)
585  std::unique_ptr<CECPQ1_key> m_cecpq1_key;
586 #endif
587 
588  std::unique_ptr<Private_Key> m_kex_key;
589 
590  std::vector<uint8_t> m_params;
591 
592  std::vector<uint8_t> m_signature;
594  };
595 
596 /**
597 * Server Hello Done Message
598 */
600  {
601  public:
602  Handshake_Type type() const override { return SERVER_HELLO_DONE; }
603 
605  explicit Server_Hello_Done(const std::vector<uint8_t>& buf);
606  private:
607  std::vector<uint8_t> serialize() const override;
608  };
609 
610 /**
611 * New Session Ticket Message
612 */
614  {
615  public:
616  Handshake_Type type() const override { return NEW_SESSION_TICKET; }
617 
618  uint32_t ticket_lifetime_hint() const { return m_ticket_lifetime_hint; }
619  const std::vector<uint8_t>& ticket() const { return m_ticket; }
620 
623  const std::vector<uint8_t>& ticket,
624  uint32_t lifetime);
625 
628 
629  explicit New_Session_Ticket(const std::vector<uint8_t>& buf);
630  private:
631  std::vector<uint8_t> serialize() const override;
632 
633  uint32_t m_ticket_lifetime_hint = 0;
634  std::vector<uint8_t> m_ticket;
635  };
636 
637 /**
638 * Change Cipher Spec
639 */
641  {
642  public:
643  Handshake_Type type() const override { return HANDSHAKE_CCS; }
644 
645  std::vector<uint8_t> serialize() const override
646  { return std::vector<uint8_t>(1, 1); }
647  };
648 
649 }
650 
651 }
652 
653 #endif
const Extensions & extensions() const
Definition: tls_messages.h:156
std::string next_protocol() const
Definition: tls_messages.h:279
const Protocol_Version protocol_version() const
Definition: tls_messages.h:83
#define BOTAN_UNSTABLE_API
Definition: compiler.h:44
Handshake_Type type() const override
Definition: tls_messages.h:54
Handshake_Type type() const override
Definition: tls_messages.h:602
const std::vector< uint8_t > & random() const
Definition: tls_messages.h:226
Protocol_Version version() const
Definition: tls_messages.h:224
bool supports_certificate_status_message() const
Definition: tls_messages.h:256
const std::vector< uint8_t > & params() const
Definition: tls_messages.h:537
bool supports_extended_master_secret() const
Definition: tls_messages.h:246
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:209
Handshake_Type type() const override
Definition: tls_messages.h:398
Handshake_Type type() const override
Definition: tls_messages.h:341
const std::vector< uint8_t > & response() const
Definition: tls_messages.h:402
const std::vector< X509_Certificate > & cert_chain() const
Definition: tls_messages.h:376
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:153
Protocol_Version version() const
Definition: tls_messages.h:95
bool prefers_compressed_ec_points() const
Definition: tls_messages.h:291
std::unique_ptr< Session > resumed_session
Definition: tls_client.cpp:55
uint16_t ciphersuite() const
Definition: tls_messages.h:230
Settings(const Protocol_Version version, const std::string &hostname="", const std::string &srp_identifier="")
Definition: tls_messages.h:76
int(* final)(unsigned char *, CTX *)
Signature_Scheme
Definition: tls_algos.h:86
Handshake_Type type() const override
Definition: tls_messages.h:535
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:101
Handshake_Type type() const override
Definition: tls_messages.h:463
const std::vector< X509_DN > & acceptable_CAs() const
Definition: tls_messages.h:433
uint16_t srtp_profile() const
Definition: tls_messages.h:266
const std::string & hostname() const
Definition: tls_messages.h:84
std::set< Handshake_Extension_Type > extension_types() const
Definition: tls_messages.h:286
uint32_t ticket_lifetime_hint() const
Definition: tls_messages.h:618
std::vector< uint8_t > verify_data() const
Definition: tls_messages.h:498
Handshake_Type type() const override
Definition: tls_messages.h:616
const secure_vector< uint8_t > & pre_master_secret() const
Definition: tls_messages.h:343
Handshake_Type type() const override
Definition: tls_messages.h:375
const std::vector< uint8_t > & cookie() const
Definition: tls_messages.h:56
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:107
Handshake_Type type() const override
Definition: tls_messages.h:496
bool supports_session_ticket() const
Definition: tls_messages.h:261
const std::vector< uint8_t > & session_id() const
Definition: tls_messages.h:228
bool supports_encrypt_then_mac() const
Definition: tls_messages.h:251
const std::vector< uint8_t > & cookie() const
Definition: tls_messages.h:149
std::vector< uint8_t > renegotiation_info() const
Definition: tls_messages.h:239
const std::string & srp_identifier() const
Definition: tls_messages.h:85
Handshake_Type type() const override
Definition: tls_messages.h:521
const std::vector< uint16_t > & ciphersuites() const
Definition: tls_messages.h:105
Definition: alg_id.cpp:13
Handshake_Type type() const override
Definition: tls_messages.h:428
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
std::unique_ptr< Public_Key > server_public_key
Definition: tls_client.cpp:53
bool secure_renegotiation() const
Definition: tls_messages.h:234
const std::vector< uint8_t > & ticket() const
Definition: tls_messages.h:619
Settings(const std::vector< uint8_t > new_session_id, Protocol_Version new_session_version, uint16_t ciphersuite, bool offer_session_ticket)
Definition: tls_messages.h:200
std::vector< uint8_t > serialize() const override
Definition: tls_messages.h:645
const std::vector< std::string > & acceptable_cert_types() const
Definition: tls_messages.h:430
uint8_t compression_method() const
Definition: tls_messages.h:232
Protocol_Version protocol_version() const
Definition: tls_messages.h:210
size_t count() const
Definition: tls_messages.h:378
Handshake_Type type() const override
Definition: tls_messages.h:222
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
const std::vector< Signature_Scheme > & signature_schemes() const
Definition: tls_messages.h:435
const std::vector< uint8_t > & compression_methods() const
Definition: tls_messages.h:103
const std::vector< uint8_t > & random() const
Definition: tls_messages.h:99
MechanismType hash
const Extensions & extensions() const
Definition: tls_messages.h:289
Handshake_Type type() const override
Definition: tls_messages.h:643
Handshake_Type type() const override
Definition: tls_messages.h:93