8 #include <botan/internal/tls_handshake_state.h>
9 #include <botan/internal/tls_record.h>
10 #include <botan/tls_messages.h>
11 #include <botan/tls_callbacks.h>
27 return "hello_verify_request";
30 return "hello_request";
33 return "client_hello";
36 return "server_hello";
42 return "certificate_url";
45 return "certificate_status";
48 return "server_key_exchange";
51 return "certificate_request";
54 return "server_hello_done";
57 return "certificate_verify";
60 return "client_key_exchange";
63 return "new_session_ticket";
66 return "change_cipher_spec";
134 throw Internal_Error(
"Unknown handshake type " +
std::to_string(type));
137 std::string handshake_mask_to_string(uint32_t mask)
156 std::ostringstream o;
159 for(
auto&& t : types)
161 if(mask & bitmask_for_handshake_type(t))
181 m_version(m_handshake_io->initial_record_version())
194 m_client_hello->update_hello_cookie(hello_verify);
202 m_client_hello.reset(client_hello);
208 m_server_hello.reset(server_hello);
215 m_server_certs.reset(server_certs);
221 m_server_cert_status.reset(server_cert_status);
227 m_server_kex.reset(server_kex);
233 m_cert_req.reset(cert_req);
239 m_server_hello_done.reset(server_hello_done);
245 m_client_certs.reset(client_certs);
251 m_client_kex.reset(client_kex);
257 m_client_verify.reset(client_verify);
263 m_new_session_ticket.reset(new_session_ticket);
269 m_server_finished.reset(server_finished);
275 m_client_finished.reset(client_finished);
291 m_session_keys =
Session_Keys(
this, resume_master_secret,
true);
296 const uint32_t mask = bitmask_for_handshake_type(handshake_msg);
298 m_hand_received_mask |= mask;
300 const bool ok = (m_hand_expecting_mask & mask) != 0;
305 " expected " + handshake_mask_to_string(m_hand_expecting_mask) +
306 " received " + handshake_mask_to_string(m_hand_received_mask));
312 m_hand_expecting_mask = 0;
317 m_hand_expecting_mask |= bitmask_for_handshake_type(handshake_msg);
322 const uint32_t mask = bitmask_for_handshake_type(handshake_msg);
324 return (m_hand_received_mask & mask) != 0;
327 std::pair<Handshake_Type, std::vector<uint8_t>>
330 const bool expecting_ccs =
331 (bitmask_for_handshake_type(
HANDSHAKE_CCS) & m_hand_expecting_mask) != 0;
333 return m_handshake_io->get_next_record(expecting_ccs);
338 #if defined(BOTAN_HAS_SRP6)
358 if(
version().supports_ciphersuite_specific_prf())
362 if(prf_algo ==
"MD5" || prf_algo ==
"SHA-1")
363 return get_kdf(
"TLS-12-PRF(SHA-256)");
365 return get_kdf(
"TLS-12-PRF(" + prf_algo +
")");
374 std::string choose_hash(
const std::string& sig_algo,
377 bool for_client_auth,
383 if(sig_algo ==
"RSA")
384 return "Parallel(MD5,SHA-160)";
386 if(sig_algo ==
"DSA")
389 if(sig_algo ==
"ECDSA")
395 const auto supported_algos = for_client_auth ?
399 if(!supported_algos.empty())
407 for(
auto hash : hashes)
409 for(
auto algo : supported_algos)
411 if(algo.first ==
hash && algo.second == sig_algo)
423 std::pair<std::string, Signature_Format>
425 std::string& hash_algo_out,
426 std::string& sig_algo_out,
427 bool for_client_auth,
428 const Policy& policy)
const
430 const std::string sig_algo = key.
algo_name();
432 const std::string hash_algo =
433 choose_hash(sig_algo,
440 if(this->
version().supports_negotiable_signature_algorithms())
442 hash_algo_out = hash_algo;
443 sig_algo_out = sig_algo;
446 if(sig_algo ==
"RSA")
448 const std::string padding =
"EMSA3(" + hash_algo +
")";
450 return std::make_pair(padding,
IEEE_1363);
452 else if(sig_algo ==
"DSA" || sig_algo ==
"ECDSA")
454 const std::string padding =
"EMSA1(" + hash_algo +
")";
459 throw Invalid_Argument(sig_algo +
" is invalid/unknown for TLS signatures");
464 bool supported_algos_include(
465 const std::vector<std::pair<std::string, std::string>>& algos,
466 const std::string& key_type,
467 const std::string& hash_type)
469 for(
auto&& algo : algos)
471 if(algo.first == hash_type && algo.second == key_type)
482 std::pair<std::string, Signature_Format>
484 const std::string& input_hash_algo,
485 const std::string& input_sig_algo,
486 bool for_client_auth,
487 const Policy& policy)
const
489 const std::string key_type = key.
algo_name();
494 "Rejecting " + key_type +
" signature");
497 std::string hash_algo;
499 if(this->
version().supports_negotiable_signature_algorithms())
501 if(input_sig_algo != key_type)
502 throw Decoding_Error(
"Counterparty sent inconsistent key and sig types");
504 if(input_hash_algo ==
"")
507 hash_algo = input_hash_algo;
512 "No certificate verify set");
520 const auto supported_algos =
524 if(!supported_algos_include(supported_algos, key_type, hash_algo))
527 "TLS signature extension did not allow for " +
528 key_type +
"/" + hash_algo +
" signature");
533 if(input_hash_algo !=
"" || input_sig_algo !=
"")
534 throw Decoding_Error(
"Counterparty sent hash/sig IDs with old version");
536 if(key_type ==
"RSA")
538 hash_algo =
"Parallel(MD5,SHA-160)";
540 else if(key_type ==
"DSA" || key_type ==
"ECDSA")
546 throw Invalid_Argument(key_type +
" is invalid/unknown for TLS signatures");
555 if(key_type ==
"RSA")
557 const std::string padding =
"EMSA3(" + hash_algo +
")";
558 return std::make_pair(padding,
IEEE_1363);
560 else if(key_type ==
"DSA" || key_type ==
"ECDSA")
562 const std::string padding =
"EMSA1(" + hash_algo +
")";
566 throw Invalid_Argument(key_type +
" is invalid/unknown for TLS signatures");
std::pair< std::string, Signature_Format > parse_sig_format(const Public_Key &key, const std::string &hash_algo, const std::string &sig_algo, bool for_client_auth, const Policy &policy) const
const Server_Hello_Done * server_hello_done() const
const Finished * client_finished() const
const Server_Hello * server_hello() const
std::vector< std::pair< std::string, std::string > > supported_algos() const
const Finished * server_finished() const
bool allowed_signature_method(const std::string &sig_method) const
const std::vector< uint8_t > & ticket() const
virtual std::string algo_name() const =0
const Certificate * server_certs() const
std::string to_string(const BER_Object &obj)
Handshake_State(Handshake_IO *io, Callbacks &callbacks)
const Certificate_Status * server_cert_status() const
KDF * protocol_specific_prf() const
void compute_session_keys()
void set_version(const Protocol_Version &version)
const Server_Key_Exchange * server_kex() const
std::string prf_algo() const
std::vector< T, secure_allocator< T >> secure_vector
std::pair< Handshake_Type, std::vector< uint8_t > > get_next_handshake_msg()
const Certificate_Verify * client_verify() const
void update(const uint8_t in[], size_t length)
virtual std::vector< std::string > allowed_signature_hashes() const
void confirm_transition_to(Handshake_Type msg_type)
std::vector< uint8_t > session_ticket() const
secure_vector< uint8_t > resume_master_secret
virtual Handshake_Type type() const =0
void note_message(const Handshake_Message &msg)
static Ciphersuite by_id(uint16_t suite)
Handshake_IO & handshake_io()
void hello_verify_request(const Hello_Verify_Request &hello_verify)
std::string type_string() const
std::string srp_identifier() const
std::vector< std::pair< std::string, std::string > > supported_algos() const
std::pair< std::string, Signature_Format > choose_sig_format(const Private_Key &key, std::string &hash_algo, std::string &sig_algo, bool for_client_auth, const Policy &policy) const
virtual void tls_inspect_handshake_msg(const Handshake_Message &message)
const New_Session_Ticket * new_session_ticket() const
bool supports_negotiable_signature_algorithms() const
const Ciphersuite & ciphersuite() const
bool received_handshake_msg(Handshake_Type msg_type) const
const Certificate * client_certs() const
KDF * get_kdf(const std::string &algo_spec)
const char * handshake_type_to_string(Handshake_Type type)
void set_expected_next(Handshake_Type msg_type)
const Certificate_Req * cert_req() const
Protocol_Version version() const
const Client_Hello * client_hello() const
const Client_Key_Exchange * client_kex() const
std::vector< uint8_t > session_ticket() const