9#include <botan/internal/tls_handshake_state.h>
10#include <botan/internal/tls_record.h>
11#include <botan/tls_messages.h>
29 return "hello_verify_request";
32 return "hello_request";
35 return "client_hello";
38 return "server_hello";
44 return "certificate_url";
47 return "certificate_status";
50 return "server_key_exchange";
53 return "certificate_request";
56 return "server_hello_done";
59 return "certificate_verify";
62 return "client_key_exchange";
65 return "new_session_ticket";
68 return "change_cipher_spec";
78 "Unknown TLS handshake message type " + std::to_string(
type));
138 "Unknown TLS handshake message type " + std::to_string(
type));
141std::string handshake_mask_to_string(uint32_t mask,
char combiner)
161 std::ostringstream o;
164 for(
auto&& t : types)
166 if(mask & bitmask_for_handshake_type(t))
186 m_version(m_handshake_io->initial_record_version())
199 m_client_hello->update_hello_cookie(hello_verify);
209 m_client_hello.reset();
304 m_session_keys =
Session_Keys(
this, resume_master_secret,
true);
309 const uint32_t mask = bitmask_for_handshake_type(handshake_msg);
311 m_hand_received_mask |= mask;
313 const bool ok = (m_hand_expecting_mask & mask) != 0;
317 const uint32_t seen_so_far = m_hand_received_mask & ~mask;
319 std::ostringstream msg;
323 if(m_hand_expecting_mask == 0)
324 msg <<
" not expecting messages";
326 msg <<
" expected " << handshake_mask_to_string(m_hand_expecting_mask,
'|');
329 msg <<
" seen " << handshake_mask_to_string(seen_so_far,
'+');
338 m_hand_expecting_mask = 0;
343 m_hand_expecting_mask |= bitmask_for_handshake_type(handshake_msg);
348 const uint32_t mask = bitmask_for_handshake_type(handshake_msg);
350 return (m_hand_received_mask & mask) != 0;
353std::pair<Handshake_Type, std::vector<uint8_t>>
356 const bool expecting_ccs =
357 (bitmask_for_handshake_type(
HANDSHAKE_CCS) & m_hand_expecting_mask) != 0;
359 return m_handshake_io->get_next_record(expecting_ccs);
364#if defined(BOTAN_HAS_SRP6)
384 if(
version().supports_ciphersuite_specific_prf())
388 if(prf_algo ==
"MD5" || prf_algo ==
"SHA-1")
389 return get_kdf(
"TLS-12-PRF(SHA-256)");
391 return get_kdf(
"TLS-12-PRF(" + prf_algo +
")");
398std::pair<std::string, Signature_Format>
401 bool for_client_auth,
402 const Policy& policy)
const
404 const std::string sig_algo = key.
algo_name();
406 if(this->
version().supports_negotiable_signature_algorithms())
410 std::vector<Signature_Scheme> requested =
413 if(requested.empty())
430 if(std::find(requested.begin(), requested.end(), scheme) != requested.end())
432 chosen_scheme = scheme;
443 "Policy refuses to accept signing with any hash supported by peer");
446 if(sig_algo ==
"RSA")
450 else if(sig_algo ==
"DSA" || sig_algo ==
"ECDSA")
457 if(sig_algo ==
"RSA")
459 const std::string padding =
"PKCS1v15(Parallel(MD5,SHA-160))";
460 return std::make_pair(padding,
IEEE_1363);
462 else if(sig_algo ==
"DSA" || sig_algo ==
"ECDSA")
464 const std::string padding =
"EMSA1(SHA-1)";
469 throw Invalid_Argument(sig_algo +
" is invalid/unknown for TLS signatures");
474bool supported_algos_include(
475 const std::vector<Signature_Scheme>& schemes,
476 const std::string& key_type,
477 const std::string& hash_type)
494std::pair<std::string, Signature_Format>
497 bool for_client_auth,
498 const Policy& policy)
const
500 const std::string key_type = key.
algo_name();
505 "Rejecting " + key_type +
" signature");
508 if(this->
version().supports_negotiable_signature_algorithms() ==
false)
511 throw Decoding_Error(
"Counterparty sent hash/sig IDs with old version");
518 if(key_type ==
"RSA")
520 const std::string padding =
"PKCS1v15(Parallel(MD5,SHA-160))";
521 return std::make_pair(padding,
IEEE_1363);
523 else if(key_type ==
"DSA" || key_type ==
"ECDSA")
525 const std::string padding =
"EMSA1(SHA-1)";
529 throw Invalid_Argument(key_type +
" is invalid/unknown for TLS signatures");
536 throw Decoding_Error(
"Counterparty sent inconsistent key and sig types");
541 "No certificate verify set");
549 const std::vector<Signature_Scheme> supported_algos =
555 "Peer sent unknown signature scheme");
559 if(!supported_algos_include(supported_algos, key_type,
hash_algo))
562 "TLS signature extension did not allow for " +
563 key_type +
"/" +
hash_algo +
" signature");
566 if(key_type ==
"RSA")
570 else if(key_type ==
"DSA" || key_type ==
"ECDSA")
575 throw Invalid_Argument(key_type +
" is invalid/unknown for TLS signatures");
virtual std::string algo_name() const =0
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
const std::vector< Signature_Scheme > & signature_schemes() const
static Ciphersuite by_id(uint16_t suite)
std::string prf_algo() const
std::vector< Signature_Scheme > signature_schemes() const
std::vector< uint8_t > session_ticket() const
void update(const uint8_t in[], size_t length)
std::string type_string() const
virtual Handshake_Type type() const =0
Handshake_State(Handshake_IO *io, Callbacks &callbacks)
KDF * protocol_specific_prf() const
std::pair< Handshake_Type, std::vector< uint8_t > > get_next_handshake_msg()
const Certificate_Verify * client_verify() const
const Client_Hello * client_hello() const
const Server_Hello_Done * server_hello_done() const
void hello_verify_request(const Hello_Verify_Request &hello_verify)
void set_expected_next(Handshake_Type msg_type)
std::string srp_identifier() const
void note_message(const Handshake_Message &msg)
const Server_Key_Exchange * server_kex() const
const Certificate_Status * server_cert_status() const
const Finished * client_finished() const
const Certificate_Req * cert_req() const
Handshake_IO & handshake_io()
std::vector< uint8_t > session_ticket() const
const Client_Key_Exchange * client_kex() const
const Certificate * client_certs() const
const Finished * server_finished() const
std::pair< std::string, Signature_Format > parse_sig_format(const Public_Key &key, Signature_Scheme scheme, bool for_client_auth, const Policy &policy) const
void confirm_transition_to(Handshake_Type msg_type)
const New_Session_Ticket * new_session_ticket() const
void set_version(const Protocol_Version &version)
void compute_session_keys()
const Ciphersuite & ciphersuite() const
bool received_handshake_msg(Handshake_Type msg_type) const
const Server_Hello * server_hello() const
const Certificate * server_certs() const
std::pair< std::string, Signature_Format > choose_sig_format(const Private_Key &key, Signature_Scheme &scheme, bool for_client_auth, const Policy &policy) const
Protocol_Version version() const
const std::vector< uint8_t > & ticket() const
virtual std::vector< Signature_Scheme > allowed_signature_schemes() const
bool allowed_signature_method(const std::string &sig_method) const
bool allowed_signature_hash(const std::string &hash) const
bool signature_scheme_is_known(Signature_Scheme scheme)
const char * handshake_type_to_string(Handshake_Type type)
std::string hash_function_of_scheme(Signature_Scheme scheme)
std::string padding_string_for_scheme(Signature_Scheme scheme)
std::string signature_algorithm_of_scheme(Signature_Scheme scheme)
KDF * get_kdf(const std::string &algo_spec)
std::vector< T, secure_allocator< T > > secure_vector
AlgorithmIdentifier hash_algo