10#include <botan/tls_messages.h>
11#include <botan/tls_extensions.h>
12#include <botan/tls_callbacks.h>
13#include <botan/internal/tls_reader.h>
14#include <botan/internal/tls_session_key.h>
15#include <botan/internal/tls_handshake_io.h>
16#include <botan/internal/tls_handshake_hash.h>
17#include <botan/internal/stl_util.h>
25const uint64_t DOWNGRADE_TLS11 = 0x444F574E47524400;
29make_server_hello_random(RandomNumberGenerator& rng,
30 Protocol_Version offered_version,
39 store_be(DOWNGRADE_TLS11, &random[24]);
44 store_be(DOWNGRADE_TLS11, &random[24]);
58 const std::vector<uint8_t>& reneg_info,
61 const std::string next_protocol) :
62 m_version(server_settings.protocol_version()),
63 m_session_id(server_settings.session_id()),
64 m_random(make_server_hello_random(rng, m_version, policy)),
65 m_ciphersuite(server_settings.ciphersuite()),
98 const std::vector<uint16_t> server_srtp = policy.
srtp_profiles();
99 const std::vector<uint16_t> client_srtp = client_hello.
srtp_profiles();
101 if(!server_srtp.empty() && !client_srtp.empty())
105 for(
auto s_srtp : server_srtp)
106 for(
auto c_srtp : client_srtp)
108 if(shared == 0 && s_srtp == c_srtp)
128 const std::vector<uint8_t>& reneg_info,
131 bool offer_session_ticket,
132 const std::string& next_protocol) :
134 m_session_id(client_hello.session_id()),
178 const uint8_t major_version = reader.
get_byte();
179 const uint8_t minor_version = reader.
get_byte();
183 m_random = reader.
get_fixed<uint8_t>(32);
185 m_session_id = reader.
get_range<uint8_t>(1, 0, 32);
197std::vector<uint8_t> Server_Hello::serialize()
const
199 std::vector<uint8_t> buf;
207 buf.push_back(
get_byte(0, m_ciphersuite));
208 buf.push_back(
get_byte(1, m_ciphersuite));
210 buf.push_back(m_comp_method);
220 return (last8 == DOWNGRADE_TLS11);
238 throw Decoding_Error(
"Server_Hello_Done: Must be empty, and is not");
244std::vector<uint8_t> Server_Hello_Done::serialize()
const
246 return std::vector<uint8_t>();
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side)
bool cbc_ciphersuite() const
bool ecc_ciphersuite() const
static Ciphersuite by_id(uint16_t suite)
bool supports_session_ticket() const
bool supports_alpn() const
bool supports_cert_status_message() const
bool supports_extended_master_secret() const
std::set< Handshake_Extension_Type > extension_types() const
bool supports_encrypt_then_mac() const
std::vector< uint16_t > srtp_profiles() const
bool secure_renegotiation() const
void add(Extension *extn)
std::vector< uint8_t > serialize(Connection_Side whoami) const
void deserialize(TLS_Data_Reader &reader, Connection_Side from)
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
virtual bool negotiate_encrypt_then_mac() const
virtual std::vector< uint16_t > srtp_profiles() const
virtual bool support_cert_status_message() const
virtual bool use_ecc_point_compression() const
uint8_t major_version() const
bool is_datagram_protocol() const
uint8_t minor_version() const
bool offer_session_ticket() const
Server_Hello_Done(Handshake_IO &io, Handshake_Hash &hash)
std::string next_protocol() const
Server_Hello(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, Callbacks &cb, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, const Server_Hello::Settings &settings, const std::string next_protocol)
bool random_signals_downgrade() const
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
std::vector< T > get_fixed(size_t size)
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
@ TLSEXT_EC_POINT_FORMATS
void store_be(uint16_t in, uint8_t out[2])
uint64_t load_be< uint64_t >(const uint8_t in[], size_t off)
constexpr uint8_t get_byte(size_t byte_num, T input)
std::unique_ptr< Session > resumed_session