Botan 2.19.3
Crypto and TLS for C&
tls_messages.h
Go to the documentation of this file.
1/*
2* TLS Messages
3* (C) 2004-2011,2015 Jack Lloyd
4* 2016 Matthias Gierlings
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TLS_MESSAGES_H_
10#define BOTAN_TLS_MESSAGES_H_
11
12#include <botan/tls_extensions.h>
13#include <botan/tls_handshake_msg.h>
14#include <botan/tls_session.h>
15#include <botan/tls_policy.h>
16#include <botan/tls_ciphersuite.h>
17#include <botan/pk_keys.h>
18#include <botan/x509cert.h>
19#include <botan/ocsp.h>
20#include <vector>
21#include <string>
22#include <set>
23
24#if defined(BOTAN_HAS_CECPQ1)
25 #include <botan/cecpq1.h>
26#endif
27
28#if defined(BOTAN_HAS_SRP6)
29 #include <botan/srp6.h>
30#endif
31
32namespace Botan {
33
34class Public_Key;
35class Credentials_Manager;
36
37namespace TLS {
38
39class Session;
40class Handshake_IO;
41class Handshake_State;
42class Callbacks;
43
44std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng,
45 const Policy& policy);
46
47/**
48* DTLS Hello Verify Request
49*/
51 {
52 public:
53 std::vector<uint8_t> serialize() const override;
54 Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; }
55
56 const std::vector<uint8_t>& cookie() const { return m_cookie; }
57
58 explicit Hello_Verify_Request(const std::vector<uint8_t>& buf);
59
60 Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits,
61 const std::string& client_identity,
62 const SymmetricKey& secret_key);
63 private:
64 std::vector<uint8_t> m_cookie;
65 };
66
67/**
68* Client Hello Message
69*/
71 {
72 public:
74 {
75 public:
77 const std::string& hostname = "",
78 const std::string& srp_identifier = "") :
79 m_new_session_version(version),
80 m_hostname(hostname),
81 m_srp_identifier(srp_identifier) {}
82
83 const Protocol_Version protocol_version() const { return m_new_session_version; }
84 const std::string& hostname() const { return m_hostname; }
85 const std::string& srp_identifier() const { return m_srp_identifier; }
86
87 private:
88 const Protocol_Version m_new_session_version;
89 const std::string m_hostname;
90 const std::string m_srp_identifier;
91 };
92
93 Handshake_Type type() const override { return CLIENT_HELLO; }
94
95 Protocol_Version version() const { return m_version; }
96
97 std::vector<Protocol_Version> supported_versions() const;
98
99 const std::vector<uint8_t>& random() const { return m_random; }
100
101 const std::vector<uint8_t>& session_id() const { return m_session_id; }
102
103 const std::vector<uint8_t>& compression_methods() const { return m_comp_methods; }
104
105 const std::vector<uint16_t>& ciphersuites() const { return m_suites; }
106
107 bool offered_suite(uint16_t ciphersuite) const;
108
109 bool sent_fallback_scsv() const;
110
111 std::vector<Signature_Scheme> signature_schemes() const;
112
113 std::vector<Group_Params> supported_ecc_curves() const;
114
115 std::vector<Group_Params> supported_dh_groups() const;
116
117 bool prefers_compressed_ec_points() const;
118
119 std::string sni_hostname() const;
120
121#if defined(BOTAN_HAS_SRP6)
122 std::string srp_identifier() const;
123#endif
124
125 bool secure_renegotiation() const;
126
127 std::vector<uint8_t> renegotiation_info() const;
128
129 bool supports_session_ticket() const;
130
131 std::vector<uint8_t> session_ticket() const;
132
133 bool supports_alpn() const;
134
135 bool supports_extended_master_secret() const;
136
137 bool supports_cert_status_message() const;
138
139 bool supports_encrypt_then_mac() const;
140
141 bool sent_signature_algorithms() const;
142
143 std::vector<std::string> next_protocols() const;
144
145 std::vector<uint16_t> srtp_profiles() const;
146
147 void update_hello_cookie(const Hello_Verify_Request& hello_verify);
148
149 const std::vector<uint8_t>& cookie() const { return m_hello_cookie; }
150
151 std::vector<uint8_t> cookie_input_data() const;
152
153 std::set<Handshake_Extension_Type> extension_types() const
154 { return m_extensions.extension_types(); }
155
156 const Extensions& extensions() const { return m_extensions; }
157
160 const Policy& policy,
161 Callbacks& cb,
163 const std::vector<uint8_t>& reneg_info,
164 const Client_Hello::Settings& client_settings,
165 const std::vector<std::string>& next_protocols);
166
169 const Policy& policy,
170 Callbacks& cb,
172 const std::vector<uint8_t>& reneg_info,
174 const std::vector<std::string>& next_protocols);
175
176 explicit Client_Hello(const std::vector<uint8_t>& buf);
177
178 private:
179 std::vector<uint8_t> serialize() const override;
180
181 Protocol_Version m_version;
182 std::vector<uint8_t> m_session_id;
183 std::vector<uint8_t> m_random;
184 std::vector<uint16_t> m_suites;
185 std::vector<uint8_t> m_comp_methods;
186 std::vector<uint8_t> m_hello_cookie; // DTLS only
187
188 Extensions m_extensions;
189 };
190
191/**
192* Server Hello Message
193*/
195 {
196 public:
198 {
199 public:
200 Settings(const std::vector<uint8_t> new_session_id,
201 Protocol_Version new_session_version,
202 uint16_t ciphersuite,
203 bool offer_session_ticket) :
204 m_new_session_id(new_session_id),
205 m_new_session_version(new_session_version),
206 m_ciphersuite(ciphersuite),
207 m_offer_session_ticket(offer_session_ticket) {}
208
209 const std::vector<uint8_t>& session_id() const { return m_new_session_id; }
210 Protocol_Version protocol_version() const { return m_new_session_version; }
211 uint16_t ciphersuite() const { return m_ciphersuite; }
212 bool offer_session_ticket() const { return m_offer_session_ticket; }
213
214 private:
215 const std::vector<uint8_t> m_new_session_id;
216 Protocol_Version m_new_session_version;
217 uint16_t m_ciphersuite;
218 bool m_offer_session_ticket;
219 };
220
221
222 Handshake_Type type() const override { return SERVER_HELLO; }
223
224 Protocol_Version version() const { return m_version; }
225
226 const std::vector<uint8_t>& random() const { return m_random; }
227
228 const std::vector<uint8_t>& session_id() const { return m_session_id; }
229
230 uint16_t ciphersuite() const { return m_ciphersuite; }
231
232 uint8_t compression_method() const { return m_comp_method; }
233
235 {
236 return m_extensions.has<Renegotiation_Extension>();
237 }
238
239 std::vector<uint8_t> renegotiation_info() const
240 {
241 if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
242 return reneg->renegotiation_info();
243 return std::vector<uint8_t>();
244 }
245
247 {
248 return m_extensions.has<Extended_Master_Secret>();
249 }
250
252 {
253 return m_extensions.has<Encrypt_then_MAC>();
254 }
255
257 {
258 return m_extensions.has<Certificate_Status_Request>();
259 }
260
262 {
263 return m_extensions.has<Session_Ticket>();
264 }
265
266 uint16_t srtp_profile() const
267 {
268 if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
269 {
270 auto prof = srtp->profiles();
271 if(prof.size() != 1 || prof[0] == 0)
272 throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
273 return prof[0];
274 }
275
276 return 0;
277 }
278
279 std::string next_protocol() const
280 {
281 if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
282 return alpn->single_protocol();
283 return "";
284 }
285
286 std::set<Handshake_Extension_Type> extension_types() const
287 { return m_extensions.extension_types(); }
288
289 const Extensions& extensions() const { return m_extensions; }
290
292 {
293 if(auto ecc_formats = m_extensions.get<Supported_Point_Formats>())
294 {
295 return ecc_formats->prefers_compressed();
296 }
297 return false;
298 }
299
300 bool random_signals_downgrade() const;
301
304 const Policy& policy,
305 Callbacks& cb,
307 const std::vector<uint8_t>& secure_reneg_info,
308 const Client_Hello& client_hello,
309 const Server_Hello::Settings& settings,
310 const std::string next_protocol);
311
314 const Policy& policy,
315 Callbacks& cb,
317 const std::vector<uint8_t>& secure_reneg_info,
318 const Client_Hello& client_hello,
320 bool offer_session_ticket,
321 const std::string& next_protocol);
322
323 explicit Server_Hello(const std::vector<uint8_t>& buf);
324 private:
325 std::vector<uint8_t> serialize() const override;
326
327 Protocol_Version m_version;
328 std::vector<uint8_t> m_session_id, m_random;
329 uint16_t m_ciphersuite;
330 uint8_t m_comp_method;
331
332 Extensions m_extensions;
333 };
334
335/**
336* Client Key Exchange Message
337*/
339 {
340 public:
341 Handshake_Type type() const override { return CLIENT_KEX; }
342
344 { return m_pre_master; }
345
347 Handshake_State& state,
348 const Policy& policy,
349 Credentials_Manager& creds,
351 const std::string& hostname,
353
354 Client_Key_Exchange(const std::vector<uint8_t>& buf,
355 const Handshake_State& state,
356 const Private_Key* server_rsa_kex_key,
357 Credentials_Manager& creds,
358 const Policy& policy,
360
361 private:
362 std::vector<uint8_t> serialize() const override
363 { return m_key_material; }
364
365 std::vector<uint8_t> m_key_material;
366 secure_vector<uint8_t> m_pre_master;
367 };
368
369/**
370* Certificate Message
371*/
373 {
374 public:
375 Handshake_Type type() const override { return CERTIFICATE; }
376 const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
377
378 size_t count() const { return m_certs.size(); }
379 bool empty() const { return m_certs.empty(); }
380
383 const std::vector<X509_Certificate>& certs);
384
385 explicit Certificate(const std::vector<uint8_t>& buf, const Policy &policy);
386 private:
387 std::vector<uint8_t> serialize() const override;
388
389 std::vector<X509_Certificate> m_certs;
390 };
391
392/**
393* Certificate Status (RFC 6066)
394*/
396 {
397 public:
398 Handshake_Type type() const override { return CERTIFICATE_STATUS; }
399
400 //std::shared_ptr<const OCSP::Response> response() const { return m_response; }
401
402 const std::vector<uint8_t>& response() const { return m_response; }
403
404 Certificate_Status(const std::vector<uint8_t>& buf);
405
408 std::shared_ptr<const OCSP::Response> response);
409
410 /*
411 * Create a Certificate_Status message using an already DER encoded OCSP response.
412 */
415 std::vector<uint8_t> const& raw_response_bytes );
416
417 private:
418 std::vector<uint8_t> serialize() const override;
419 std::vector<uint8_t> m_response;
420 };
421
422/**
423* Certificate Request Message
424*/
426 {
427 public:
428 Handshake_Type type() const override { return CERTIFICATE_REQUEST; }
429
430 const std::vector<std::string>& acceptable_cert_types() const
431 { return m_cert_key_types; }
432
433 const std::vector<X509_DN>& acceptable_CAs() const { return m_names; }
434
435 const std::vector<Signature_Scheme>& signature_schemes() const
436 {
437 return m_schemes;
438 }
439
442 const Policy& policy,
443 const std::vector<X509_DN>& allowed_cas,
444 Protocol_Version version);
445
446 Certificate_Req(const std::vector<uint8_t>& buf,
447 Protocol_Version version);
448 private:
449 std::vector<uint8_t> serialize() const override;
450
451 std::vector<X509_DN> m_names;
452 std::vector<std::string> m_cert_key_types;
453
454 std::vector<Signature_Scheme> m_schemes;
455 };
456
457/**
458* Certificate Verify Message
459*/
461 {
462 public:
463 Handshake_Type type() const override { return CERTIFICATE_VERIFY; }
464
465 /**
466 * Check the signature on a certificate verify message
467 * @param cert the purported certificate
468 * @param state the handshake state
469 * @param policy the TLS policy
470 */
471 bool verify(const X509_Certificate& cert,
472 const Handshake_State& state,
473 const Policy& policy) const;
474
476 Handshake_State& state,
477 const Policy& policy,
479 const Private_Key* key);
480
481 Certificate_Verify(const std::vector<uint8_t>& buf,
482 Protocol_Version version);
483 private:
484 std::vector<uint8_t> serialize() const override;
485
486 std::vector<uint8_t> m_signature;
487 Signature_Scheme m_scheme = Signature_Scheme::NONE;
488 };
489
490/**
491* Finished Message
492*/
494 {
495 public:
496 Handshake_Type type() const override { return FINISHED; }
497
498 std::vector<uint8_t> verify_data() const
499 { return m_verification_data; }
500
501 bool verify(const Handshake_State& state,
502 Connection_Side side) const;
503
505 Handshake_State& state,
506 Connection_Side side);
507
508 explicit Finished(const std::vector<uint8_t>& buf);
509 private:
510 std::vector<uint8_t> serialize() const override;
511
512 std::vector<uint8_t> m_verification_data;
513 };
514
515/**
516* Hello Request Message
517*/
519 {
520 public:
521 Handshake_Type type() const override { return HELLO_REQUEST; }
522
523 explicit Hello_Request(Handshake_IO& io);
524 explicit Hello_Request(const std::vector<uint8_t>& buf);
525 private:
526 std::vector<uint8_t> serialize() const override;
527 };
528
529/**
530* Server Key Exchange Message
531*/
533 {
534 public:
535 Handshake_Type type() const override { return SERVER_KEX; }
536
537 const std::vector<uint8_t>& params() const { return m_params; }
538
539 bool verify(const Public_Key& server_key,
540 const Handshake_State& state,
541 const Policy& policy) const;
542
543 // Only valid for certain kex types
544 const Private_Key& server_kex_key() const;
545
546#if defined(BOTAN_HAS_SRP6)
547 // Only valid for SRP negotiation
548 SRP6_Server_Session& server_srp_params() const
549 {
550 BOTAN_ASSERT_NONNULL(m_srp_params);
551 return *m_srp_params;
552 }
553#endif
554
555#if defined(BOTAN_HAS_CECPQ1)
556 // Only valid for CECPQ1 negotiation
557 const CECPQ1_key& cecpq1_key() const
558 {
559 BOTAN_ASSERT_NONNULL(m_cecpq1_key);
560 return *m_cecpq1_key;
561 }
562#endif
563
564 Server_Key_Exchange(Handshake_IO& io,
565 Handshake_State& state,
566 const Policy& policy,
567 Credentials_Manager& creds,
568 RandomNumberGenerator& rng,
569 const Private_Key* signing_key = nullptr);
570
571 Server_Key_Exchange(const std::vector<uint8_t>& buf,
572 Kex_Algo kex_alg,
573 Auth_Method sig_alg,
574 Protocol_Version version);
575
577 private:
578 std::vector<uint8_t> serialize() const override;
579
580#if defined(BOTAN_HAS_SRP6)
581 std::unique_ptr<SRP6_Server_Session> m_srp_params;
582#endif
583
584#if defined(BOTAN_HAS_CECPQ1)
585 std::unique_ptr<CECPQ1_key> m_cecpq1_key;
586#endif
587
588 std::unique_ptr<Private_Key> m_kex_key;
589
590 std::vector<uint8_t> m_params;
591
592 std::vector<uint8_t> m_signature;
593 Signature_Scheme m_scheme = Signature_Scheme::NONE;
594 };
595
596/**
597* Server Hello Done Message
598*/
600 {
601 public:
602 Handshake_Type type() const override { return SERVER_HELLO_DONE; }
603
605 explicit Server_Hello_Done(const std::vector<uint8_t>& buf);
606 private:
607 std::vector<uint8_t> serialize() const override;
608 };
609
610/**
611* New Session Ticket Message
612*/
614 {
615 public:
616 Handshake_Type type() const override { return NEW_SESSION_TICKET; }
617
618 uint32_t ticket_lifetime_hint() const { return m_ticket_lifetime_hint; }
619 const std::vector<uint8_t>& ticket() const { return m_ticket; }
620
623 const std::vector<uint8_t>& ticket,
624 uint32_t lifetime);
625
628
629 explicit New_Session_Ticket(const std::vector<uint8_t>& buf);
630 private:
631 std::vector<uint8_t> serialize() const override;
632
633 uint32_t m_ticket_lifetime_hint = 0;
634 std::vector<uint8_t> m_ticket;
635 };
636
637/**
638* Change Cipher Spec
639*/
641 {
642 public:
643 Handshake_Type type() const override { return HANDSHAKE_CCS; }
644
645 std::vector<uint8_t> serialize() const override
646 { return std::vector<uint8_t>(1, 1); }
647 };
648
649}
650
651}
652
653#endif
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:107
Handshake_Type type() const override
const std::vector< X509_DN > & acceptable_CAs() const
const std::vector< std::string > & acceptable_cert_types() const
const std::vector< Signature_Scheme > & signature_schemes() const
const std::vector< uint8_t > & response() const
Handshake_Type type() const override
Handshake_Type type() const override
Handshake_Type type() const override
const std::vector< X509_Certificate > & cert_chain() const
std::vector< uint8_t > serialize() const override
Handshake_Type type() const override
const std::string & srp_identifier() const
Settings(const Protocol_Version version, const std::string &hostname="", const std::string &srp_identifier="")
const Protocol_Version protocol_version() const
const std::string & hostname() const
const std::vector< uint8_t > & cookie() const
const std::vector< uint8_t > & random() const
const Extensions & extensions() const
Protocol_Version version() const
const std::vector< uint16_t > & ciphersuites() const
const std::vector< uint8_t > & session_id() const
std::set< Handshake_Extension_Type > extension_types() const
const std::vector< uint8_t > & compression_methods() const
Handshake_Type type() const override
Handshake_Type type() const override
const secure_vector< uint8_t > & pre_master_secret() const
std::vector< uint8_t > verify_data() const
Handshake_Type type() const override
Handshake_Type type() const override
Handshake_Type type() const override
const std::vector< uint8_t > & cookie() const
Handshake_Type type() const override
const std::vector< uint8_t > & ticket() const
uint32_t ticket_lifetime_hint() const
Settings(const std::vector< uint8_t > new_session_id, Protocol_Version new_session_version, uint16_t ciphersuite, bool offer_session_ticket)
Protocol_Version protocol_version() const
const std::vector< uint8_t > & session_id() const
Handshake_Type type() const override
std::string next_protocol() const
uint16_t ciphersuite() const
const std::vector< uint8_t > & session_id() const
Handshake_Type type() const override
const std::vector< uint8_t > & random() const
uint8_t compression_method() const
uint16_t srtp_profile() const
bool prefers_compressed_ec_points() const
bool supports_encrypt_then_mac() const
bool supports_session_ticket() const
bool supports_certificate_status_message() const
std::vector< uint8_t > renegotiation_info() const
std::set< Handshake_Extension_Type > extension_types() const
const Extensions & extensions() const
bool secure_renegotiation() const
Protocol_Version version() const
bool supports_extended_master_secret() const
Handshake_Type type() const override
const std::vector< uint8_t > & params() const
int(* final)(unsigned char *, CTX *)
#define BOTAN_UNSTABLE_API
Definition compiler.h:44
@ HELLO_VERIFY_REQUEST
Definition tls_magic.h:49
@ HANDSHAKE_CCS
Definition tls_magic.h:62
@ NEW_SESSION_TICKET
Definition tls_magic.h:50
@ SERVER_HELLO_DONE
Definition tls_magic.h:54
@ HELLO_REQUEST
Definition tls_magic.h:46
@ CERTIFICATE_REQUEST
Definition tls_magic.h:53
@ CERTIFICATE_STATUS
Definition tls_magic.h:60
@ CERTIFICATE_VERIFY
Definition tls_magic.h:55
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
MechanismType hash
std::unique_ptr< Session > resumed_session
std::unique_ptr< Public_Key > server_public_key