Botan
1.11.15
|
00001 /* 00002 * TLS Messages 00003 * (C) 2004-2011,2015 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_TLS_MESSAGES_H__ 00009 #define BOTAN_TLS_MESSAGES_H__ 00010 00011 #include <botan/internal/tls_handshake_state.h> 00012 #include <botan/internal/tls_extensions.h> 00013 #include <botan/tls_handshake_msg.h> 00014 #include <botan/tls_session.h> 00015 #include <botan/tls_policy.h> 00016 #include <botan/tls_ciphersuite.h> 00017 #include <botan/bigint.h> 00018 #include <botan/pkcs8.h> 00019 #include <botan/x509cert.h> 00020 #include <vector> 00021 #include <string> 00022 00023 namespace Botan { 00024 00025 class Credentials_Manager; 00026 class SRP6_Server_Session; 00027 00028 namespace TLS { 00029 00030 class Session; 00031 class Handshake_IO; 00032 00033 std::vector<byte> make_hello_random(RandomNumberGenerator& rng, 00034 const Policy& policy); 00035 00036 /** 00037 * DTLS Hello Verify Request 00038 */ 00039 class Hello_Verify_Request : public Handshake_Message 00040 { 00041 public: 00042 std::vector<byte> serialize() const override; 00043 Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; } 00044 00045 std::vector<byte> cookie() const { return m_cookie; } 00046 00047 Hello_Verify_Request(const std::vector<byte>& buf); 00048 00049 Hello_Verify_Request(const std::vector<byte>& client_hello_bits, 00050 const std::string& client_identity, 00051 const SymmetricKey& secret_key); 00052 private: 00053 std::vector<byte> m_cookie; 00054 }; 00055 00056 /** 00057 * Client Hello Message 00058 */ 00059 class Client_Hello : public Handshake_Message 00060 { 00061 public: 00062 Handshake_Type type() const override { return CLIENT_HELLO; } 00063 00064 Protocol_Version version() const { return m_version; } 00065 00066 const std::vector<byte>& random() const { return m_random; } 00067 00068 const std::vector<byte>& session_id() const { return m_session_id; } 00069 00070 std::vector<u16bit> ciphersuites() const { return m_suites; } 00071 00072 std::vector<byte> compression_methods() const { return m_comp_methods; } 00073 00074 bool offered_suite(u16bit ciphersuite) const; 00075 00076 bool sent_fallback_scsv() const; 00077 00078 std::vector<std::pair<std::string, std::string>> supported_algos() const 00079 { 00080 if(Signature_Algorithms* sigs = m_extensions.get<Signature_Algorithms>()) 00081 return sigs->supported_signature_algorthms(); 00082 return std::vector<std::pair<std::string, std::string>>(); 00083 } 00084 00085 std::vector<std::string> supported_ecc_curves() const 00086 { 00087 if(Supported_Elliptic_Curves* ecc = m_extensions.get<Supported_Elliptic_Curves>()) 00088 return ecc->curves(); 00089 return std::vector<std::string>(); 00090 } 00091 00092 std::string sni_hostname() const 00093 { 00094 if(Server_Name_Indicator* sni = m_extensions.get<Server_Name_Indicator>()) 00095 return sni->host_name(); 00096 return ""; 00097 } 00098 00099 std::string srp_identifier() const 00100 { 00101 if(SRP_Identifier* srp = m_extensions.get<SRP_Identifier>()) 00102 return srp->identifier(); 00103 return ""; 00104 } 00105 00106 bool secure_renegotiation() const 00107 { 00108 return m_extensions.has<Renegotiation_Extension>(); 00109 } 00110 00111 std::vector<byte> renegotiation_info() const 00112 { 00113 if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>()) 00114 return reneg->renegotiation_info(); 00115 return std::vector<byte>(); 00116 } 00117 00118 bool next_protocol_notification() const 00119 { 00120 return m_extensions.has<Next_Protocol_Notification>(); 00121 } 00122 00123 size_t fragment_size() const 00124 { 00125 if(Maximum_Fragment_Length* frag = m_extensions.get<Maximum_Fragment_Length>()) 00126 return frag->fragment_size(); 00127 return 0; 00128 } 00129 00130 bool supports_session_ticket() const 00131 { 00132 return m_extensions.has<Session_Ticket>(); 00133 } 00134 00135 std::vector<byte> session_ticket() const 00136 { 00137 if(Session_Ticket* ticket = m_extensions.get<Session_Ticket>()) 00138 return ticket->contents(); 00139 return std::vector<byte>(); 00140 } 00141 00142 bool supports_heartbeats() const 00143 { 00144 return m_extensions.has<Heartbeat_Support_Indicator>(); 00145 } 00146 00147 bool peer_can_send_heartbeats() const 00148 { 00149 if(Heartbeat_Support_Indicator* hb = m_extensions.get<Heartbeat_Support_Indicator>()) 00150 return hb->peer_allowed_to_send(); 00151 return false; 00152 } 00153 00154 std::vector<u16bit> srtp_profiles() const 00155 { 00156 if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>()) 00157 return srtp->profiles(); 00158 return std::vector<u16bit>(); 00159 } 00160 00161 void update_hello_cookie(const Hello_Verify_Request& hello_verify); 00162 00163 std::set<Handshake_Extension_Type> extension_types() const 00164 { return m_extensions.extension_types(); } 00165 00166 Client_Hello(Handshake_IO& io, 00167 Handshake_Hash& hash, 00168 Protocol_Version version, 00169 const Policy& policy, 00170 RandomNumberGenerator& rng, 00171 const std::vector<byte>& reneg_info, 00172 bool next_protocol = false, 00173 const std::string& hostname = "", 00174 const std::string& srp_identifier = ""); 00175 00176 Client_Hello(Handshake_IO& io, 00177 Handshake_Hash& hash, 00178 const Policy& policy, 00179 RandomNumberGenerator& rng, 00180 const std::vector<byte>& reneg_info, 00181 const Session& resumed_session, 00182 bool next_protocol = false); 00183 00184 Client_Hello(const std::vector<byte>& buf); 00185 00186 private: 00187 std::vector<byte> serialize() const override; 00188 00189 Protocol_Version m_version; 00190 std::vector<byte> m_session_id; 00191 std::vector<byte> m_random; 00192 std::vector<u16bit> m_suites; 00193 std::vector<byte> m_comp_methods; 00194 std::vector<byte> m_hello_cookie; // DTLS only 00195 00196 Extensions m_extensions; 00197 }; 00198 00199 /** 00200 * Server Hello Message 00201 */ 00202 class Server_Hello : public Handshake_Message 00203 { 00204 public: 00205 Handshake_Type type() const override { return SERVER_HELLO; } 00206 00207 Protocol_Version version() const { return m_version; } 00208 00209 const std::vector<byte>& random() const { return m_random; } 00210 00211 const std::vector<byte>& session_id() const { return m_session_id; } 00212 00213 u16bit ciphersuite() const { return m_ciphersuite; } 00214 00215 byte compression_method() const { return m_comp_method; } 00216 00217 bool secure_renegotiation() const 00218 { 00219 return m_extensions.has<Renegotiation_Extension>(); 00220 } 00221 00222 std::vector<byte> renegotiation_info() const 00223 { 00224 if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>()) 00225 return reneg->renegotiation_info(); 00226 return std::vector<byte>(); 00227 } 00228 00229 bool next_protocol_notification() const 00230 { 00231 return m_extensions.has<Next_Protocol_Notification>(); 00232 } 00233 00234 std::vector<std::string> next_protocols() const 00235 { 00236 if(Next_Protocol_Notification* npn = m_extensions.get<Next_Protocol_Notification>()) 00237 return npn->protocols(); 00238 return std::vector<std::string>(); 00239 } 00240 00241 size_t fragment_size() const 00242 { 00243 if(Maximum_Fragment_Length* frag = m_extensions.get<Maximum_Fragment_Length>()) 00244 return frag->fragment_size(); 00245 return 0; 00246 } 00247 00248 bool supports_session_ticket() const 00249 { 00250 return m_extensions.has<Session_Ticket>(); 00251 } 00252 00253 bool supports_heartbeats() const 00254 { 00255 return m_extensions.has<Heartbeat_Support_Indicator>(); 00256 } 00257 00258 bool peer_can_send_heartbeats() const 00259 { 00260 if(Heartbeat_Support_Indicator* hb = m_extensions.get<Heartbeat_Support_Indicator>()) 00261 return hb->peer_allowed_to_send(); 00262 return false; 00263 } 00264 00265 u16bit srtp_profile() const 00266 { 00267 if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>()) 00268 { 00269 auto prof = srtp->profiles(); 00270 if(prof.size() != 1 || prof[0] == 0) 00271 throw Decoding_Error("Server sent malformed DTLS-SRTP extension"); 00272 return prof[0]; 00273 } 00274 00275 return 0; 00276 } 00277 00278 std::set<Handshake_Extension_Type> extension_types() const 00279 { return m_extensions.extension_types(); } 00280 00281 Server_Hello(Handshake_IO& io, 00282 Handshake_Hash& hash, 00283 const Policy& policy, 00284 RandomNumberGenerator& rng, 00285 const std::vector<byte>& secure_reneg_info, 00286 const Client_Hello& client_hello, 00287 const std::vector<byte>& new_session_id, 00288 Protocol_Version new_session_version, 00289 u16bit ciphersuite, 00290 byte compression, 00291 bool offer_session_ticket, 00292 const std::vector<std::string>& next_protocols); 00293 00294 Server_Hello(Handshake_IO& io, 00295 Handshake_Hash& hash, 00296 const Policy& policy, 00297 RandomNumberGenerator& rng, 00298 const std::vector<byte>& secure_reneg_info, 00299 const Client_Hello& client_hello, 00300 Session& resumed_session, 00301 bool offer_session_ticket, 00302 const std::vector<std::string>& next_protocols); 00303 00304 Server_Hello(const std::vector<byte>& buf); 00305 private: 00306 std::vector<byte> serialize() const override; 00307 00308 Protocol_Version m_version; 00309 std::vector<byte> m_session_id, m_random; 00310 u16bit m_ciphersuite; 00311 byte m_comp_method; 00312 00313 Extensions m_extensions; 00314 }; 00315 00316 /** 00317 * Client Key Exchange Message 00318 */ 00319 class Client_Key_Exchange : public Handshake_Message 00320 { 00321 public: 00322 Handshake_Type type() const override { return CLIENT_KEX; } 00323 00324 const secure_vector<byte>& pre_master_secret() const 00325 { return m_pre_master; } 00326 00327 Client_Key_Exchange(Handshake_IO& io, 00328 Handshake_State& state, 00329 const Policy& policy, 00330 Credentials_Manager& creds, 00331 const Public_Key* server_public_key, 00332 const std::string& hostname, 00333 RandomNumberGenerator& rng); 00334 00335 Client_Key_Exchange(const std::vector<byte>& buf, 00336 const Handshake_State& state, 00337 const Private_Key* server_rsa_kex_key, 00338 Credentials_Manager& creds, 00339 const Policy& policy, 00340 RandomNumberGenerator& rng); 00341 00342 private: 00343 std::vector<byte> serialize() const override 00344 { return m_key_material; } 00345 00346 std::vector<byte> m_key_material; 00347 secure_vector<byte> m_pre_master; 00348 }; 00349 00350 /** 00351 * Certificate Message 00352 */ 00353 class Certificate : public Handshake_Message 00354 { 00355 public: 00356 Handshake_Type type() const override { return CERTIFICATE; } 00357 const std::vector<X509_Certificate>& cert_chain() const { return m_certs; } 00358 00359 size_t count() const { return m_certs.size(); } 00360 bool empty() const { return m_certs.empty(); } 00361 00362 Certificate(Handshake_IO& io, 00363 Handshake_Hash& hash, 00364 const std::vector<X509_Certificate>& certs); 00365 00366 Certificate(const std::vector<byte>& buf); 00367 private: 00368 std::vector<byte> serialize() const override; 00369 00370 std::vector<X509_Certificate> m_certs; 00371 }; 00372 00373 /** 00374 * Certificate Request Message 00375 */ 00376 class Certificate_Req : public Handshake_Message 00377 { 00378 public: 00379 Handshake_Type type() const override { return CERTIFICATE_REQUEST; } 00380 00381 const std::vector<std::string>& acceptable_cert_types() const 00382 { return m_cert_key_types; } 00383 00384 std::vector<X509_DN> acceptable_CAs() const { return m_names; } 00385 00386 std::vector<std::pair<std::string, std::string> > supported_algos() const 00387 { return m_supported_algos; } 00388 00389 Certificate_Req(Handshake_IO& io, 00390 Handshake_Hash& hash, 00391 const Policy& policy, 00392 const std::vector<X509_DN>& allowed_cas, 00393 Protocol_Version version); 00394 00395 Certificate_Req(const std::vector<byte>& buf, 00396 Protocol_Version version); 00397 private: 00398 std::vector<byte> serialize() const override; 00399 00400 std::vector<X509_DN> m_names; 00401 std::vector<std::string> m_cert_key_types; 00402 00403 std::vector<std::pair<std::string, std::string> > m_supported_algos; 00404 }; 00405 00406 /** 00407 * Certificate Verify Message 00408 */ 00409 class Certificate_Verify : public Handshake_Message 00410 { 00411 public: 00412 Handshake_Type type() const override { return CERTIFICATE_VERIFY; } 00413 00414 /** 00415 * Check the signature on a certificate verify message 00416 * @param cert the purported certificate 00417 * @param state the handshake state 00418 */ 00419 bool verify(const X509_Certificate& cert, 00420 const Handshake_State& state) const; 00421 00422 Certificate_Verify(Handshake_IO& io, 00423 Handshake_State& state, 00424 const Policy& policy, 00425 RandomNumberGenerator& rng, 00426 const Private_Key* key); 00427 00428 Certificate_Verify(const std::vector<byte>& buf, 00429 Protocol_Version version); 00430 private: 00431 std::vector<byte> serialize() const override; 00432 00433 std::string m_sig_algo; // sig algo used to create signature 00434 std::string m_hash_algo; // hash used to create signature 00435 std::vector<byte> m_signature; 00436 }; 00437 00438 /** 00439 * Finished Message 00440 */ 00441 class Finished : public Handshake_Message 00442 { 00443 public: 00444 Handshake_Type type() const override { return FINISHED; } 00445 00446 std::vector<byte> verify_data() const 00447 { return m_verification_data; } 00448 00449 bool verify(const Handshake_State& state, 00450 Connection_Side side) const; 00451 00452 Finished(Handshake_IO& io, 00453 Handshake_State& state, 00454 Connection_Side side); 00455 00456 Finished(const std::vector<byte>& buf); 00457 private: 00458 std::vector<byte> serialize() const override; 00459 00460 std::vector<byte> m_verification_data; 00461 }; 00462 00463 /** 00464 * Hello Request Message 00465 */ 00466 class Hello_Request : public Handshake_Message 00467 { 00468 public: 00469 Handshake_Type type() const override { return HELLO_REQUEST; } 00470 00471 Hello_Request(Handshake_IO& io); 00472 Hello_Request(const std::vector<byte>& buf); 00473 private: 00474 std::vector<byte> serialize() const override; 00475 }; 00476 00477 /** 00478 * Server Key Exchange Message 00479 */ 00480 class Server_Key_Exchange : public Handshake_Message 00481 { 00482 public: 00483 Handshake_Type type() const override { return SERVER_KEX; } 00484 00485 const std::vector<byte>& params() const { return m_params; } 00486 00487 bool verify(const Public_Key& server_key, 00488 const Handshake_State& state) const; 00489 00490 // Only valid for certain kex types 00491 const Private_Key& server_kex_key() const; 00492 00493 // Only valid for SRP negotiation 00494 SRP6_Server_Session& server_srp_params() const; 00495 00496 Server_Key_Exchange(Handshake_IO& io, 00497 Handshake_State& state, 00498 const Policy& policy, 00499 Credentials_Manager& creds, 00500 RandomNumberGenerator& rng, 00501 const Private_Key* signing_key = nullptr); 00502 00503 Server_Key_Exchange(const std::vector<byte>& buf, 00504 const std::string& kex_alg, 00505 const std::string& sig_alg, 00506 Protocol_Version version); 00507 00508 ~Server_Key_Exchange(); 00509 private: 00510 std::vector<byte> serialize() const override; 00511 00512 std::unique_ptr<Private_Key> m_kex_key; 00513 std::unique_ptr<SRP6_Server_Session> m_srp_params; 00514 00515 std::vector<byte> m_params; 00516 00517 std::string m_sig_algo; // sig algo used to create signature 00518 std::string m_hash_algo; // hash used to create signature 00519 std::vector<byte> m_signature; 00520 }; 00521 00522 /** 00523 * Server Hello Done Message 00524 */ 00525 class Server_Hello_Done : public Handshake_Message 00526 { 00527 public: 00528 Handshake_Type type() const override { return SERVER_HELLO_DONE; } 00529 00530 Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash); 00531 Server_Hello_Done(const std::vector<byte>& buf); 00532 private: 00533 std::vector<byte> serialize() const override; 00534 }; 00535 00536 /** 00537 * Next Protocol Message 00538 */ 00539 class Next_Protocol : public Handshake_Message 00540 { 00541 public: 00542 Handshake_Type type() const override { return NEXT_PROTOCOL; } 00543 00544 std::string protocol() const { return m_protocol; } 00545 00546 Next_Protocol(Handshake_IO& io, 00547 Handshake_Hash& hash, 00548 const std::string& protocol); 00549 00550 Next_Protocol(const std::vector<byte>& buf); 00551 private: 00552 std::vector<byte> serialize() const override; 00553 00554 std::string m_protocol; 00555 }; 00556 00557 /** 00558 * New Session Ticket Message 00559 */ 00560 class New_Session_Ticket : public Handshake_Message 00561 { 00562 public: 00563 Handshake_Type type() const override { return NEW_SESSION_TICKET; } 00564 00565 u32bit ticket_lifetime_hint() const { return m_ticket_lifetime_hint; } 00566 const std::vector<byte>& ticket() const { return m_ticket; } 00567 00568 New_Session_Ticket(Handshake_IO& io, 00569 Handshake_Hash& hash, 00570 const std::vector<byte>& ticket, 00571 u32bit lifetime); 00572 00573 New_Session_Ticket(Handshake_IO& io, 00574 Handshake_Hash& hash); 00575 00576 New_Session_Ticket(const std::vector<byte>& buf); 00577 private: 00578 std::vector<byte> serialize() const override; 00579 00580 u32bit m_ticket_lifetime_hint = 0; 00581 std::vector<byte> m_ticket; 00582 }; 00583 00584 /** 00585 * Change Cipher Spec 00586 */ 00587 class Change_Cipher_Spec : public Handshake_Message 00588 { 00589 public: 00590 Handshake_Type type() const override { return HANDSHAKE_CCS; } 00591 00592 std::vector<byte> serialize() const override 00593 { return std::vector<byte>(1, 1); } 00594 }; 00595 00596 } 00597 00598 } 00599 00600 #endif