9#ifndef BOTAN_TLS_MESSAGES_H_
10#define BOTAN_TLS_MESSAGES_H_
12#include <botan/tls_extensions.h>
13#include <botan/tls_handshake_msg.h>
14#include <botan/tls_session.h>
15#include <botan/tls_policy.h>
16#include <botan/tls_ciphersuite.h>
17#include <botan/pk_keys.h>
18#include <botan/x509cert.h>
19#include <botan/ocsp.h>
24#if defined(BOTAN_HAS_CECPQ1)
25 #include <botan/cecpq1.h>
28#if defined(BOTAN_HAS_SRP6)
29 #include <botan/srp6.h>
35class Credentials_Manager;
45 const Policy& policy);
53 std::vector<uint8_t> serialize()
const override;
56 const std::vector<uint8_t>&
cookie()
const {
return m_cookie; }
61 const std::string& client_identity,
64 std::vector<uint8_t> m_cookie;
77 const std::string& hostname =
"",
78 const std::string& srp_identifier =
"") :
79 m_new_session_version(version),
81 m_srp_identifier(srp_identifier) {}
84 const std::string&
hostname()
const {
return m_hostname; }
89 const std::string m_hostname;
90 const std::string m_srp_identifier;
97 std::vector<Protocol_Version> supported_versions()
const;
99 const std::vector<uint8_t>&
random()
const {
return m_random; }
101 const std::vector<uint8_t>&
session_id()
const {
return m_session_id; }
107 bool offered_suite(uint16_t ciphersuite)
const;
109 bool sent_fallback_scsv()
const;
111 std::vector<Signature_Scheme> signature_schemes()
const;
113 std::vector<Group_Params> supported_ecc_curves()
const;
115 std::vector<Group_Params> supported_dh_groups()
const;
117 bool prefers_compressed_ec_points()
const;
119 std::string sni_hostname()
const;
121#if defined(BOTAN_HAS_SRP6)
122 std::string srp_identifier()
const;
125 bool secure_renegotiation()
const;
127 std::vector<uint8_t> renegotiation_info()
const;
129 bool supports_session_ticket()
const;
131 std::vector<uint8_t> session_ticket()
const;
133 bool supports_alpn()
const;
135 bool supports_extended_master_secret()
const;
137 bool supports_cert_status_message()
const;
139 bool supports_encrypt_then_mac()
const;
141 bool sent_signature_algorithms()
const;
143 std::vector<std::string> next_protocols()
const;
145 std::vector<uint16_t> srtp_profiles()
const;
149 const std::vector<uint8_t>&
cookie()
const {
return m_hello_cookie; }
151 std::vector<uint8_t> cookie_input_data()
const;
154 {
return m_extensions.extension_types(); }
163 const std::vector<uint8_t>& reneg_info,
165 const std::vector<std::string>& next_protocols);
172 const std::vector<uint8_t>& reneg_info,
174 const std::vector<std::string>& next_protocols);
179 std::vector<uint8_t> serialize()
const override;
182 std::vector<uint8_t> m_session_id;
183 std::vector<uint8_t> m_random;
184 std::vector<uint16_t> m_suites;
185 std::vector<uint8_t> m_comp_methods;
186 std::vector<uint8_t> m_hello_cookie;
200 Settings(
const std::vector<uint8_t> new_session_id,
202 uint16_t ciphersuite,
203 bool offer_session_ticket) :
204 m_new_session_id(new_session_id),
205 m_new_session_version(new_session_version),
206 m_ciphersuite(ciphersuite),
207 m_offer_session_ticket(offer_session_ticket) {}
209 const std::vector<uint8_t>&
session_id()
const {
return m_new_session_id; }
215 const std::vector<uint8_t> m_new_session_id;
217 uint16_t m_ciphersuite;
218 bool m_offer_session_ticket;
226 const std::vector<uint8_t>&
random()
const {
return m_random; }
228 const std::vector<uint8_t>&
session_id()
const {
return m_session_id; }
242 return reneg->renegotiation_info();
243 return std::vector<uint8_t>();
270 auto prof = srtp->profiles();
271 if(prof.size() != 1 || prof[0] == 0)
272 throw Decoding_Error(
"Server sent malformed DTLS-SRTP extension");
282 return alpn->single_protocol();
287 {
return m_extensions.extension_types(); }
295 return ecc_formats->prefers_compressed();
300 bool random_signals_downgrade()
const;
307 const std::vector<uint8_t>& secure_reneg_info,
310 const std::string next_protocol);
317 const std::vector<uint8_t>& secure_reneg_info,
320 bool offer_session_ticket,
321 const std::string& next_protocol);
325 std::vector<uint8_t> serialize()
const override;
328 std::vector<uint8_t> m_session_id, m_random;
329 uint16_t m_ciphersuite;
330 uint8_t m_comp_method;
344 {
return m_pre_master; }
351 const std::string& hostname,
362 std::vector<uint8_t> serialize()
const override
363 {
return m_key_material; }
365 std::vector<uint8_t> m_key_material;
376 const std::vector<X509_Certificate>&
cert_chain()
const {
return m_certs; }
378 size_t count()
const {
return m_certs.size(); }
379 bool empty()
const {
return m_certs.empty(); }
383 const std::vector<X509_Certificate>& certs);
387 std::vector<uint8_t> serialize()
const override;
389 std::vector<X509_Certificate> m_certs;
402 const std::vector<uint8_t>&
response()
const {
return m_response; }
408 std::shared_ptr<const OCSP::Response> response);
415 std::vector<uint8_t>
const& raw_response_bytes );
418 std::vector<uint8_t> serialize()
const override;
419 std::vector<uint8_t> m_response;
431 {
return m_cert_key_types; }
443 const std::vector<X509_DN>& allowed_cas,
449 std::vector<uint8_t> serialize()
const override;
451 std::vector<X509_DN> m_names;
452 std::vector<std::string> m_cert_key_types;
454 std::vector<Signature_Scheme> m_schemes;
473 const Policy& policy)
const;
484 std::vector<uint8_t> serialize()
const override;
486 std::vector<uint8_t> m_signature;
499 {
return m_verification_data; }
508 explicit Finished(
const std::vector<uint8_t>& buf);
510 std::vector<uint8_t> serialize()
const override;
512 std::vector<uint8_t> m_verification_data;
526 std::vector<uint8_t> serialize()
const override;
537 const std::vector<uint8_t>&
params()
const {
return m_params; }
541 const Policy& policy)
const;
546#if defined(BOTAN_HAS_SRP6)
551 return *m_srp_params;
555#if defined(BOTAN_HAS_CECPQ1)
560 return *m_cecpq1_key;
564 Server_Key_Exchange(Handshake_IO& io,
565 Handshake_State& state,
566 const Policy& policy,
567 Credentials_Manager& creds,
568 RandomNumberGenerator& rng,
569 const Private_Key* signing_key =
nullptr);
571 Server_Key_Exchange(
const std::vector<uint8_t>& buf,
574 Protocol_Version version);
578 std::vector<uint8_t> serialize()
const override;
580#if defined(BOTAN_HAS_SRP6)
581 std::unique_ptr<SRP6_Server_Session> m_srp_params;
584#if defined(BOTAN_HAS_CECPQ1)
585 std::unique_ptr<CECPQ1_key> m_cecpq1_key;
588 std::unique_ptr<Private_Key> m_kex_key;
590 std::vector<uint8_t> m_params;
592 std::vector<uint8_t> m_signature;
607 std::vector<uint8_t> serialize()
const override;
619 const std::vector<uint8_t>&
ticket()
const {
return m_ticket; }
623 const std::vector<uint8_t>& ticket,
631 std::vector<uint8_t> serialize()
const override;
633 uint32_t m_ticket_lifetime_hint = 0;
634 std::vector<uint8_t> m_ticket;
646 {
return std::vector<uint8_t>(1, 1); }
#define BOTAN_ASSERT_NONNULL(ptr)
Handshake_Type type() const override
const std::vector< X509_DN > & acceptable_CAs() const
const std::vector< std::string > & acceptable_cert_types() const
const std::vector< Signature_Scheme > & signature_schemes() const
const std::vector< uint8_t > & response() const
Handshake_Type type() const override
Handshake_Type type() const override
Handshake_Type type() const override
const std::vector< X509_Certificate > & cert_chain() const
std::vector< uint8_t > serialize() const override
Handshake_Type type() const override
const std::string & srp_identifier() const
Settings(const Protocol_Version version, const std::string &hostname="", const std::string &srp_identifier="")
const Protocol_Version protocol_version() const
const std::string & hostname() const
const std::vector< uint8_t > & cookie() const
const std::vector< uint8_t > & random() const
const Extensions & extensions() const
Protocol_Version version() const
const std::vector< uint16_t > & ciphersuites() const
const std::vector< uint8_t > & session_id() const
std::set< Handshake_Extension_Type > extension_types() const
const std::vector< uint8_t > & compression_methods() const
Handshake_Type type() const override
Handshake_Type type() const override
const secure_vector< uint8_t > & pre_master_secret() const
std::vector< uint8_t > verify_data() const
Handshake_Type type() const override
Handshake_Type type() const override
Handshake_Type type() const override
const std::vector< uint8_t > & cookie() const
Handshake_Type type() const override
const std::vector< uint8_t > & ticket() const
uint32_t ticket_lifetime_hint() const
uint16_t ciphersuite() const
bool offer_session_ticket() const
Settings(const std::vector< uint8_t > new_session_id, Protocol_Version new_session_version, uint16_t ciphersuite, bool offer_session_ticket)
Protocol_Version protocol_version() const
const std::vector< uint8_t > & session_id() const
Handshake_Type type() const override
std::string next_protocol() const
uint16_t ciphersuite() const
const std::vector< uint8_t > & session_id() const
Handshake_Type type() const override
const std::vector< uint8_t > & random() const
uint8_t compression_method() const
uint16_t srtp_profile() const
bool prefers_compressed_ec_points() const
bool supports_encrypt_then_mac() const
bool supports_session_ticket() const
bool supports_certificate_status_message() const
std::vector< uint8_t > renegotiation_info() const
std::set< Handshake_Extension_Type > extension_types() const
const Extensions & extensions() const
bool secure_renegotiation() const
Protocol_Version version() const
bool supports_extended_master_secret() const
Handshake_Type type() const override
~Server_Key_Exchange()=default
const std::vector< uint8_t > & params() const
int(* final)(unsigned char *, CTX *)
#define BOTAN_UNSTABLE_API
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
std::vector< T, secure_allocator< T > > secure_vector
std::unique_ptr< Session > resumed_session
std::unique_ptr< Public_Key > server_public_key