Botan  1.11.15
src/lib/tls/tls_messages.h
Go to the documentation of this file.
00001 /*
00002 * TLS Messages
00003 * (C) 2004-2011,2015 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_TLS_MESSAGES_H__
00009 #define BOTAN_TLS_MESSAGES_H__
00010 
00011 #include <botan/internal/tls_handshake_state.h>
00012 #include <botan/internal/tls_extensions.h>
00013 #include <botan/tls_handshake_msg.h>
00014 #include <botan/tls_session.h>
00015 #include <botan/tls_policy.h>
00016 #include <botan/tls_ciphersuite.h>
00017 #include <botan/bigint.h>
00018 #include <botan/pkcs8.h>
00019 #include <botan/x509cert.h>
00020 #include <vector>
00021 #include <string>
00022 
00023 namespace Botan {
00024 
00025 class Credentials_Manager;
00026 class SRP6_Server_Session;
00027 
00028 namespace TLS {
00029 
00030 class Session;
00031 class Handshake_IO;
00032 
00033 std::vector<byte> make_hello_random(RandomNumberGenerator& rng,
00034                                     const Policy& policy);
00035 
00036 /**
00037 * DTLS Hello Verify Request
00038 */
00039 class Hello_Verify_Request : public Handshake_Message
00040    {
00041    public:
00042       std::vector<byte> serialize() const override;
00043       Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; }
00044 
00045       std::vector<byte> cookie() const { return m_cookie; }
00046 
00047       Hello_Verify_Request(const std::vector<byte>& buf);
00048 
00049       Hello_Verify_Request(const std::vector<byte>& client_hello_bits,
00050                            const std::string& client_identity,
00051                            const SymmetricKey& secret_key);
00052    private:
00053       std::vector<byte> m_cookie;
00054    };
00055 
00056 /**
00057 * Client Hello Message
00058 */
00059 class Client_Hello : public Handshake_Message
00060    {
00061    public:
00062       Handshake_Type type() const override { return CLIENT_HELLO; }
00063 
00064       Protocol_Version version() const { return m_version; }
00065 
00066       const std::vector<byte>& random() const { return m_random; }
00067 
00068       const std::vector<byte>& session_id() const { return m_session_id; }
00069 
00070       std::vector<u16bit> ciphersuites() const { return m_suites; }
00071 
00072       std::vector<byte> compression_methods() const { return m_comp_methods; }
00073 
00074       bool offered_suite(u16bit ciphersuite) const;
00075 
00076       bool sent_fallback_scsv() const;
00077 
00078       std::vector<std::pair<std::string, std::string>> supported_algos() const
00079          {
00080          if(Signature_Algorithms* sigs = m_extensions.get<Signature_Algorithms>())
00081             return sigs->supported_signature_algorthms();
00082          return std::vector<std::pair<std::string, std::string>>();
00083          }
00084 
00085       std::vector<std::string> supported_ecc_curves() const
00086          {
00087          if(Supported_Elliptic_Curves* ecc = m_extensions.get<Supported_Elliptic_Curves>())
00088             return ecc->curves();
00089          return std::vector<std::string>();
00090          }
00091 
00092       std::string sni_hostname() const
00093          {
00094          if(Server_Name_Indicator* sni = m_extensions.get<Server_Name_Indicator>())
00095             return sni->host_name();
00096          return "";
00097          }
00098 
00099       std::string srp_identifier() const
00100          {
00101          if(SRP_Identifier* srp = m_extensions.get<SRP_Identifier>())
00102             return srp->identifier();
00103          return "";
00104          }
00105 
00106       bool secure_renegotiation() const
00107          {
00108          return m_extensions.has<Renegotiation_Extension>();
00109          }
00110 
00111       std::vector<byte> renegotiation_info() const
00112          {
00113          if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
00114             return reneg->renegotiation_info();
00115          return std::vector<byte>();
00116          }
00117 
00118       bool next_protocol_notification() const
00119          {
00120          return m_extensions.has<Next_Protocol_Notification>();
00121          }
00122 
00123       size_t fragment_size() const
00124          {
00125          if(Maximum_Fragment_Length* frag = m_extensions.get<Maximum_Fragment_Length>())
00126             return frag->fragment_size();
00127          return 0;
00128          }
00129 
00130       bool supports_session_ticket() const
00131          {
00132          return m_extensions.has<Session_Ticket>();
00133          }
00134 
00135       std::vector<byte> session_ticket() const
00136          {
00137          if(Session_Ticket* ticket = m_extensions.get<Session_Ticket>())
00138             return ticket->contents();
00139          return std::vector<byte>();
00140          }
00141 
00142       bool supports_heartbeats() const
00143          {
00144          return m_extensions.has<Heartbeat_Support_Indicator>();
00145          }
00146 
00147       bool peer_can_send_heartbeats() const
00148          {
00149          if(Heartbeat_Support_Indicator* hb = m_extensions.get<Heartbeat_Support_Indicator>())
00150             return hb->peer_allowed_to_send();
00151          return false;
00152          }
00153 
00154       std::vector<u16bit> srtp_profiles() const
00155          {
00156          if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>())
00157             return srtp->profiles();
00158          return std::vector<u16bit>();
00159          }
00160 
00161       void update_hello_cookie(const Hello_Verify_Request& hello_verify);
00162 
00163       std::set<Handshake_Extension_Type> extension_types() const
00164          { return m_extensions.extension_types(); }
00165 
00166       Client_Hello(Handshake_IO& io,
00167                    Handshake_Hash& hash,
00168                    Protocol_Version version,
00169                    const Policy& policy,
00170                    RandomNumberGenerator& rng,
00171                    const std::vector<byte>& reneg_info,
00172                    bool next_protocol = false,
00173                    const std::string& hostname = "",
00174                    const std::string& srp_identifier = "");
00175 
00176       Client_Hello(Handshake_IO& io,
00177                    Handshake_Hash& hash,
00178                    const Policy& policy,
00179                    RandomNumberGenerator& rng,
00180                    const std::vector<byte>& reneg_info,
00181                    const Session& resumed_session,
00182                    bool next_protocol = false);
00183 
00184       Client_Hello(const std::vector<byte>& buf);
00185 
00186    private:
00187       std::vector<byte> serialize() const override;
00188 
00189       Protocol_Version m_version;
00190       std::vector<byte> m_session_id;
00191       std::vector<byte> m_random;
00192       std::vector<u16bit> m_suites;
00193       std::vector<byte> m_comp_methods;
00194       std::vector<byte> m_hello_cookie; // DTLS only
00195 
00196       Extensions m_extensions;
00197    };
00198 
00199 /**
00200 * Server Hello Message
00201 */
00202 class Server_Hello : public Handshake_Message
00203    {
00204    public:
00205       Handshake_Type type() const override { return SERVER_HELLO; }
00206 
00207       Protocol_Version version() const { return m_version; }
00208 
00209       const std::vector<byte>& random() const { return m_random; }
00210 
00211       const std::vector<byte>& session_id() const { return m_session_id; }
00212 
00213       u16bit ciphersuite() const { return m_ciphersuite; }
00214 
00215       byte compression_method() const { return m_comp_method; }
00216 
00217       bool secure_renegotiation() const
00218          {
00219          return m_extensions.has<Renegotiation_Extension>();
00220          }
00221 
00222       std::vector<byte> renegotiation_info() const
00223          {
00224          if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
00225             return reneg->renegotiation_info();
00226          return std::vector<byte>();
00227          }
00228 
00229       bool next_protocol_notification() const
00230          {
00231          return m_extensions.has<Next_Protocol_Notification>();
00232          }
00233 
00234       std::vector<std::string> next_protocols() const
00235          {
00236          if(Next_Protocol_Notification* npn = m_extensions.get<Next_Protocol_Notification>())
00237             return npn->protocols();
00238          return std::vector<std::string>();
00239          }
00240 
00241       size_t fragment_size() const
00242          {
00243          if(Maximum_Fragment_Length* frag = m_extensions.get<Maximum_Fragment_Length>())
00244             return frag->fragment_size();
00245          return 0;
00246          }
00247 
00248       bool supports_session_ticket() const
00249          {
00250          return m_extensions.has<Session_Ticket>();
00251          }
00252 
00253       bool supports_heartbeats() const
00254          {
00255          return m_extensions.has<Heartbeat_Support_Indicator>();
00256          }
00257 
00258       bool peer_can_send_heartbeats() const
00259          {
00260          if(Heartbeat_Support_Indicator* hb = m_extensions.get<Heartbeat_Support_Indicator>())
00261             return hb->peer_allowed_to_send();
00262          return false;
00263          }
00264 
00265       u16bit srtp_profile() const
00266          {
00267          if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>())
00268             {
00269             auto prof = srtp->profiles();
00270             if(prof.size() != 1 || prof[0] == 0)
00271                throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
00272             return prof[0];
00273             }
00274 
00275          return 0;
00276          }
00277 
00278       std::set<Handshake_Extension_Type> extension_types() const
00279          { return m_extensions.extension_types(); }
00280 
00281       Server_Hello(Handshake_IO& io,
00282                    Handshake_Hash& hash,
00283                    const Policy& policy,
00284                    RandomNumberGenerator& rng,
00285                    const std::vector<byte>& secure_reneg_info,
00286                    const Client_Hello& client_hello,
00287                    const std::vector<byte>& new_session_id,
00288                    Protocol_Version new_session_version,
00289                    u16bit ciphersuite,
00290                    byte compression,
00291                    bool offer_session_ticket,
00292                    const std::vector<std::string>& next_protocols);
00293 
00294       Server_Hello(Handshake_IO& io,
00295                    Handshake_Hash& hash,
00296                    const Policy& policy,
00297                    RandomNumberGenerator& rng,
00298                    const std::vector<byte>& secure_reneg_info,
00299                    const Client_Hello& client_hello,
00300                    Session& resumed_session,
00301                    bool offer_session_ticket,
00302                    const std::vector<std::string>& next_protocols);
00303 
00304       Server_Hello(const std::vector<byte>& buf);
00305    private:
00306       std::vector<byte> serialize() const override;
00307 
00308       Protocol_Version m_version;
00309       std::vector<byte> m_session_id, m_random;
00310       u16bit m_ciphersuite;
00311       byte m_comp_method;
00312 
00313       Extensions m_extensions;
00314    };
00315 
00316 /**
00317 * Client Key Exchange Message
00318 */
00319 class Client_Key_Exchange : public Handshake_Message
00320    {
00321    public:
00322       Handshake_Type type() const override { return CLIENT_KEX; }
00323 
00324       const secure_vector<byte>& pre_master_secret() const
00325          { return m_pre_master; }
00326 
00327       Client_Key_Exchange(Handshake_IO& io,
00328                           Handshake_State& state,
00329                           const Policy& policy,
00330                           Credentials_Manager& creds,
00331                           const Public_Key* server_public_key,
00332                           const std::string& hostname,
00333                           RandomNumberGenerator& rng);
00334 
00335       Client_Key_Exchange(const std::vector<byte>& buf,
00336                           const Handshake_State& state,
00337                           const Private_Key* server_rsa_kex_key,
00338                           Credentials_Manager& creds,
00339                           const Policy& policy,
00340                           RandomNumberGenerator& rng);
00341 
00342    private:
00343       std::vector<byte> serialize() const override
00344          { return m_key_material; }
00345 
00346       std::vector<byte> m_key_material;
00347       secure_vector<byte> m_pre_master;
00348    };
00349 
00350 /**
00351 * Certificate Message
00352 */
00353 class Certificate : public Handshake_Message
00354    {
00355    public:
00356       Handshake_Type type() const override { return CERTIFICATE; }
00357       const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
00358 
00359       size_t count() const { return m_certs.size(); }
00360       bool empty() const { return m_certs.empty(); }
00361 
00362       Certificate(Handshake_IO& io,
00363                   Handshake_Hash& hash,
00364                   const std::vector<X509_Certificate>& certs);
00365 
00366       Certificate(const std::vector<byte>& buf);
00367    private:
00368       std::vector<byte> serialize() const override;
00369 
00370       std::vector<X509_Certificate> m_certs;
00371    };
00372 
00373 /**
00374 * Certificate Request Message
00375 */
00376 class Certificate_Req : public Handshake_Message
00377    {
00378    public:
00379       Handshake_Type type() const override { return CERTIFICATE_REQUEST; }
00380 
00381       const std::vector<std::string>& acceptable_cert_types() const
00382          { return m_cert_key_types; }
00383 
00384       std::vector<X509_DN> acceptable_CAs() const { return m_names; }
00385 
00386       std::vector<std::pair<std::string, std::string> > supported_algos() const
00387          { return m_supported_algos; }
00388 
00389       Certificate_Req(Handshake_IO& io,
00390                       Handshake_Hash& hash,
00391                       const Policy& policy,
00392                       const std::vector<X509_DN>& allowed_cas,
00393                       Protocol_Version version);
00394 
00395       Certificate_Req(const std::vector<byte>& buf,
00396                       Protocol_Version version);
00397    private:
00398       std::vector<byte> serialize() const override;
00399 
00400       std::vector<X509_DN> m_names;
00401       std::vector<std::string> m_cert_key_types;
00402 
00403       std::vector<std::pair<std::string, std::string> > m_supported_algos;
00404    };
00405 
00406 /**
00407 * Certificate Verify Message
00408 */
00409 class Certificate_Verify : public Handshake_Message
00410    {
00411    public:
00412       Handshake_Type type() const override { return CERTIFICATE_VERIFY; }
00413 
00414       /**
00415       * Check the signature on a certificate verify message
00416       * @param cert the purported certificate
00417       * @param state the handshake state
00418       */
00419       bool verify(const X509_Certificate& cert,
00420                   const Handshake_State& state) const;
00421 
00422       Certificate_Verify(Handshake_IO& io,
00423                          Handshake_State& state,
00424                          const Policy& policy,
00425                          RandomNumberGenerator& rng,
00426                          const Private_Key* key);
00427 
00428       Certificate_Verify(const std::vector<byte>& buf,
00429                          Protocol_Version version);
00430    private:
00431       std::vector<byte> serialize() const override;
00432 
00433       std::string m_sig_algo; // sig algo used to create signature
00434       std::string m_hash_algo; // hash used to create signature
00435       std::vector<byte> m_signature;
00436    };
00437 
00438 /**
00439 * Finished Message
00440 */
00441 class Finished : public Handshake_Message
00442    {
00443    public:
00444       Handshake_Type type() const override { return FINISHED; }
00445 
00446       std::vector<byte> verify_data() const
00447          { return m_verification_data; }
00448 
00449       bool verify(const Handshake_State& state,
00450                   Connection_Side side) const;
00451 
00452       Finished(Handshake_IO& io,
00453                Handshake_State& state,
00454                Connection_Side side);
00455 
00456       Finished(const std::vector<byte>& buf);
00457    private:
00458       std::vector<byte> serialize() const override;
00459 
00460       std::vector<byte> m_verification_data;
00461    };
00462 
00463 /**
00464 * Hello Request Message
00465 */
00466 class Hello_Request : public Handshake_Message
00467    {
00468    public:
00469       Handshake_Type type() const override { return HELLO_REQUEST; }
00470 
00471       Hello_Request(Handshake_IO& io);
00472       Hello_Request(const std::vector<byte>& buf);
00473    private:
00474       std::vector<byte> serialize() const override;
00475    };
00476 
00477 /**
00478 * Server Key Exchange Message
00479 */
00480 class Server_Key_Exchange : public Handshake_Message
00481    {
00482    public:
00483       Handshake_Type type() const override { return SERVER_KEX; }
00484 
00485       const std::vector<byte>& params() const { return m_params; }
00486 
00487       bool verify(const Public_Key& server_key,
00488                   const Handshake_State& state) const;
00489 
00490       // Only valid for certain kex types
00491       const Private_Key& server_kex_key() const;
00492 
00493       // Only valid for SRP negotiation
00494       SRP6_Server_Session& server_srp_params() const;
00495 
00496       Server_Key_Exchange(Handshake_IO& io,
00497                           Handshake_State& state,
00498                           const Policy& policy,
00499                           Credentials_Manager& creds,
00500                           RandomNumberGenerator& rng,
00501                           const Private_Key* signing_key = nullptr);
00502 
00503       Server_Key_Exchange(const std::vector<byte>& buf,
00504                           const std::string& kex_alg,
00505                           const std::string& sig_alg,
00506                           Protocol_Version version);
00507 
00508       ~Server_Key_Exchange();
00509    private:
00510       std::vector<byte> serialize() const override;
00511 
00512       std::unique_ptr<Private_Key> m_kex_key;
00513       std::unique_ptr<SRP6_Server_Session> m_srp_params;
00514 
00515       std::vector<byte> m_params;
00516 
00517       std::string m_sig_algo; // sig algo used to create signature
00518       std::string m_hash_algo; // hash used to create signature
00519       std::vector<byte> m_signature;
00520    };
00521 
00522 /**
00523 * Server Hello Done Message
00524 */
00525 class Server_Hello_Done : public Handshake_Message
00526    {
00527    public:
00528       Handshake_Type type() const override { return SERVER_HELLO_DONE; }
00529 
00530       Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash);
00531       Server_Hello_Done(const std::vector<byte>& buf);
00532    private:
00533       std::vector<byte> serialize() const override;
00534    };
00535 
00536 /**
00537 * Next Protocol Message
00538 */
00539 class Next_Protocol : public Handshake_Message
00540    {
00541    public:
00542       Handshake_Type type() const override { return NEXT_PROTOCOL; }
00543 
00544       std::string protocol() const { return m_protocol; }
00545 
00546       Next_Protocol(Handshake_IO& io,
00547                     Handshake_Hash& hash,
00548                     const std::string& protocol);
00549 
00550       Next_Protocol(const std::vector<byte>& buf);
00551    private:
00552       std::vector<byte> serialize() const override;
00553 
00554       std::string m_protocol;
00555    };
00556 
00557 /**
00558 * New Session Ticket Message
00559 */
00560 class New_Session_Ticket : public Handshake_Message
00561    {
00562    public:
00563       Handshake_Type type() const override { return NEW_SESSION_TICKET; }
00564 
00565       u32bit ticket_lifetime_hint() const { return m_ticket_lifetime_hint; }
00566       const std::vector<byte>& ticket() const { return m_ticket; }
00567 
00568       New_Session_Ticket(Handshake_IO& io,
00569                          Handshake_Hash& hash,
00570                          const std::vector<byte>& ticket,
00571                          u32bit lifetime);
00572 
00573       New_Session_Ticket(Handshake_IO& io,
00574                          Handshake_Hash& hash);
00575 
00576       New_Session_Ticket(const std::vector<byte>& buf);
00577    private:
00578       std::vector<byte> serialize() const override;
00579 
00580       u32bit m_ticket_lifetime_hint = 0;
00581       std::vector<byte> m_ticket;
00582    };
00583 
00584 /**
00585 * Change Cipher Spec
00586 */
00587 class Change_Cipher_Spec : public Handshake_Message
00588    {
00589    public:
00590       Handshake_Type type() const override { return HANDSHAKE_CCS; }
00591 
00592       std::vector<byte> serialize() const override
00593          { return std::vector<byte>(1, 1); }
00594    };
00595 
00596 }
00597 
00598 }
00599 
00600 #endif