Botan  2.1.0
Crypto and TLS for C++11
msg_server_hello.cpp
Go to the documentation of this file.
1 /*
2 * TLS Server Hello and Server Hello Done
3 * (C) 2004-2011,2015,2016 Jack Lloyd
4 * 2016 Matthias Gierlings
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/tls_messages.h>
10 #include <botan/tls_extensions.h>
11 #include <botan/internal/tls_reader.h>
12 #include <botan/internal/tls_session_key.h>
13 #include <botan/internal/tls_handshake_io.h>
14 #include <botan/internal/tls_handshake_hash.h>
15 #include <botan/internal/stl_util.h>
16 
17 namespace Botan {
18 
19 namespace TLS {
20 
21 // New session case
24  const Policy& policy,
26  const std::vector<uint8_t>& reneg_info,
27  const Client_Hello& client_hello,
28  const Server_Hello::Settings& server_settings,
29  const std::string next_protocol) :
30  m_version(server_settings.protocol_version()),
31  m_session_id(server_settings.session_id()),
32  m_random(make_hello_random(rng, policy)),
33  m_ciphersuite(server_settings.ciphersuite()),
34  m_comp_method(server_settings.compression())
35  {
36  if(client_hello.supports_extended_master_secret())
37  m_extensions.add(new Extended_Master_Secret);
38 
39  // Sending the extension back does not commit us to sending a stapled response
40  if(client_hello.supports_cert_status_message())
41  m_extensions.add(new Certificate_Status_Request);
42 
43  Ciphersuite c = Ciphersuite::by_id(m_ciphersuite);
44 
45  if(c.cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
46  {
47  m_extensions.add(new Encrypt_then_MAC);
48  }
49 
50  if(c.ecc_ciphersuite())
51  {
52  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
53  }
54 
55  if(client_hello.secure_renegotiation())
56  m_extensions.add(new Renegotiation_Extension(reneg_info));
57 
58  if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket())
59  m_extensions.add(new Session_Ticket());
60 
61  if(!next_protocol.empty() && client_hello.supports_alpn())
62  m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
63 
64  if(m_version.is_datagram_protocol())
65  {
66  const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
67  const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
68 
69  if(!server_srtp.empty() && !client_srtp.empty())
70  {
71  uint16_t shared = 0;
72  // always using server preferences for now
73  for(auto s_srtp : server_srtp)
74  for(auto c_srtp : client_srtp)
75  {
76  if(shared == 0 && s_srtp == c_srtp)
77  shared = s_srtp;
78  }
79 
80  if(shared)
81  m_extensions.add(new SRTP_Protection_Profiles(shared));
82  }
83  }
84 
85  hash.update(io.send(*this));
86  }
87 
88 // Resuming
91  const Policy& policy,
93  const std::vector<uint8_t>& reneg_info,
94  const Client_Hello& client_hello,
95  Session& resumed_session,
96  bool offer_session_ticket,
97  const std::string& next_protocol) :
98  m_version(resumed_session.version()),
99  m_session_id(client_hello.session_id()),
100  m_random(make_hello_random(rng, policy)),
101  m_ciphersuite(resumed_session.ciphersuite_code()),
102  m_comp_method(resumed_session.compression_method())
103  {
104  if(client_hello.supports_extended_master_secret())
105  m_extensions.add(new Extended_Master_Secret);
106 
107  // Sending the extension back does not commit us to sending a stapled response
108  if(client_hello.supports_cert_status_message())
109  m_extensions.add(new Certificate_Status_Request);
110 
111  if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
112  {
113  Ciphersuite c = resumed_session.ciphersuite();
114  if(c.cbc_ciphersuite())
115  m_extensions.add(new Encrypt_then_MAC);
116  }
117 
118  if(client_hello.supports_cert_status_message())
119  {
120  m_extensions.add(new Certificate_Status_Request);
121  }
122 
123  if(resumed_session.ciphersuite().ecc_ciphersuite())
124  {
125  m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
126  }
127 
128  if(client_hello.secure_renegotiation())
129  m_extensions.add(new Renegotiation_Extension(reneg_info));
130 
131  if(client_hello.supports_session_ticket() && offer_session_ticket)
132  m_extensions.add(new Session_Ticket());
133 
134  if(!next_protocol.empty() && client_hello.supports_alpn())
135  m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
136 
137  hash.update(io.send(*this));
138  }
139 
140 /*
141 * Deserialize a Server Hello message
142 */
143 Server_Hello::Server_Hello(const std::vector<uint8_t>& buf)
144  {
145  if(buf.size() < 38)
146  throw Decoding_Error("Server_Hello: Packet corrupted");
147 
148  TLS_Data_Reader reader("ServerHello", buf);
149 
150  const uint8_t major_version = reader.get_byte();
151  const uint8_t minor_version = reader.get_byte();
152 
153  m_version = Protocol_Version(major_version, minor_version);
154 
155  m_random = reader.get_fixed<uint8_t>(32);
156 
157  m_session_id = reader.get_range<uint8_t>(1, 0, 32);
158 
159  m_ciphersuite = reader.get_uint16_t();
160 
161  m_comp_method = reader.get_byte();
162 
163  m_extensions.deserialize(reader);
164  }
165 
166 /*
167 * Serialize a Server Hello message
168 */
169 std::vector<uint8_t> Server_Hello::serialize() const
170  {
171  std::vector<uint8_t> buf;
172 
173  buf.push_back(m_version.major_version());
174  buf.push_back(m_version.minor_version());
175  buf += m_random;
176 
177  append_tls_length_value(buf, m_session_id, 1);
178 
179  buf.push_back(get_byte(0, m_ciphersuite));
180  buf.push_back(get_byte(1, m_ciphersuite));
181 
182  buf.push_back(m_comp_method);
183 
184  buf += m_extensions.serialize();
185 
186  return buf;
187  }
188 
189 /*
190 * Create a new Server Hello Done message
191 */
194  {
195  hash.update(io.send(*this));
196  }
197 
198 /*
199 * Deserialize a Server Hello Done message
200 */
201 Server_Hello_Done::Server_Hello_Done(const std::vector<uint8_t>& buf)
202  {
203  if(buf.size())
204  throw Decoding_Error("Server_Hello_Done: Must be empty, and is not");
205  }
206 
207 /*
208 * Serialize a Server Hello Done message
209 */
210 std::vector<uint8_t> Server_Hello_Done::serialize() const
211  {
212  return std::vector<uint8_t>();
213  }
214 
215 }
216 
217 }
std::vector< uint8_t > serialize() const
bool supports_cert_status_message() const
Definition: tls_messages.h:187
std::vector< T > get_fixed(size_t size)
Definition: tls_reader.h:126
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
uint8_t minor_version() const
Definition: tls_version.h:82
Server_Hello_Done(Handshake_IO &io, Handshake_Hash &hash)
bool supports_session_ticket() const
Definition: tls_messages.h:165
Ciphersuite ciphersuite() const
Definition: tls_session.h:130
virtual std::vector< uint16_t > srtp_profiles() const
Definition: tls_policy.cpp:291
void add(Extension *extn)
bool supports_alpn() const
Definition: tls_messages.h:177
Server_Hello(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, RandomNumberGenerator &rng, const std::vector< uint8_t > &secure_reneg_info, const Client_Hello &client_hello, const Server_Hello::Settings &settings, const std::string next_protocol)
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:94
void update(const uint8_t in[], size_t length)
uint8_t major_version() const
Definition: tls_version.h:77
bool supports_encrypt_then_mac() const
Definition: tls_messages.h:192
Definition: alg_id.cpp:13
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:116
static Ciphersuite by_id(uint16_t suite)
bool supports_extended_master_secret() const
Definition: tls_messages.h:182
std::vector< uint16_t > srtp_profiles() const
Definition: tls_messages.h:209
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void deserialize(TLS_Data_Reader &reader)
bool is_datagram_protocol() const
Definition: tls_version.cpp:34
MechanismType hash
bool secure_renegotiation() const
Definition: tls_messages.h:153
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:279
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:185