9 #ifndef BOTAN_TLS_MESSAGES_H__
10 #define BOTAN_TLS_MESSAGES_H__
12 #include <botan/tls_extensions.h>
13 #include <botan/tls_handshake_msg.h>
14 #include <botan/tls_session.h>
15 #include <botan/tls_policy.h>
16 #include <botan/tls_ciphersuite.h>
17 #include <botan/bigint.h>
18 #include <botan/x509cert.h>
23 #if defined(BOTAN_HAS_CECPQ1)
24 #include <botan/cecpq1.h>
27 #if defined(BOTAN_HAS_SRP6)
28 #include <botan/srp6.h>
33 class Credentials_Manager;
39 class Handshake_State;
42 const Policy& policy);
50 std::vector<uint8_t> serialize()
const override;
53 std::vector<uint8_t>
cookie()
const {
return m_cookie; }
58 const std::string& client_identity,
61 std::vector<uint8_t> m_cookie;
74 const std::string& hostname =
"",
75 const std::string& srp_identifier =
"")
76 : m_new_session_version(version),
78 m_srp_identifier(srp_identifier) {}
81 const std::string&
hostname()
const {
return m_hostname; }
86 const std::string m_hostname;
87 const std::string m_srp_identifier;
94 const std::vector<uint8_t>&
random()
const {
return m_random; }
96 const std::vector<uint8_t>&
session_id()
const {
return m_session_id; }
102 bool offered_suite(uint16_t ciphersuite)
const;
104 bool sent_fallback_scsv()
const;
109 return sigs->supported_signature_algorthms();
110 return std::vector<std::pair<std::string, std::string>>();
115 std::set<std::string> sig;
116 for(
auto&& hash_and_sig : supported_algos())
117 sig.insert(hash_and_sig.second);
124 return ecc->curves();
125 return std::vector<std::string>();
132 return ecc_formats->prefers_compressed();
140 return sni->host_name();
144 #if defined(BOTAN_HAS_SRP6)
145 std::string srp_identifier()
const
147 if(SRP_Identifier* srp = m_extensions.get<SRP_Identifier>())
148 return srp->identifier();
161 return reneg->renegotiation_info();
162 return std::vector<uint8_t>();
173 return ticket->contents();
174 return std::vector<uint8_t>();
205 return alpn->protocols();
206 return std::vector<std::string>();
212 return srtp->profiles();
213 return std::vector<uint16_t>();
219 {
return m_extensions.extension_types(); }
225 const std::vector<uint8_t>& reneg_info,
227 const std::vector<std::string>& next_protocols);
233 const std::vector<uint8_t>& reneg_info,
234 const Session& resumed_session,
235 const std::vector<std::string>& next_protocols);
240 std::vector<uint8_t> serialize()
const override;
243 std::vector<uint8_t> m_session_id;
244 std::vector<uint8_t> m_random;
245 std::vector<uint16_t> m_suites;
246 std::vector<uint8_t> m_comp_methods;
247 std::vector<uint8_t> m_hello_cookie;
261 Settings(
const std::vector<uint8_t> new_session_id,
263 uint16_t ciphersuite,
265 bool offer_session_ticket)
266 : m_new_session_id(new_session_id),
267 m_new_session_version(new_session_version),
268 m_ciphersuite(ciphersuite),
269 m_compression(compression),
270 m_offer_session_ticket(offer_session_ticket) {}
272 const std::vector<uint8_t>&
session_id()
const {
return m_new_session_id; }
279 const std::vector<uint8_t> m_new_session_id;
281 uint16_t m_ciphersuite;
282 uint8_t m_compression;
283 bool m_offer_session_ticket;
291 const std::vector<uint8_t>&
random()
const {
return m_random; }
293 const std::vector<uint8_t>&
session_id()
const {
return m_session_id; }
307 return reneg->renegotiation_info();
308 return std::vector<uint8_t>();
335 auto prof = srtp->profiles();
336 if(prof.size() != 1 || prof[0] == 0)
337 throw Decoding_Error(
"Server sent malformed DTLS-SRTP extension");
347 return alpn->single_protocol();
352 {
return m_extensions.extension_types(); }
358 return ecc_formats->prefers_compressed();
367 const std::vector<uint8_t>& secure_reneg_info,
370 const std::string next_protocol);
376 const std::vector<uint8_t>& secure_reneg_info,
379 bool offer_session_ticket,
380 const std::string& next_protocol);
384 std::vector<uint8_t> serialize()
const override;
387 std::vector<uint8_t> m_session_id, m_random;
388 uint16_t m_ciphersuite;
389 uint8_t m_comp_method;
403 {
return m_pre_master; }
410 const std::string& hostname,
421 std::vector<uint8_t> serialize()
const override
422 {
return m_key_material; }
424 std::vector<uint8_t> m_key_material;
435 const std::vector<X509_Certificate>&
cert_chain()
const {
return m_certs; }
437 size_t count()
const {
return m_certs.size(); }
438 bool empty()
const {
return m_certs.empty(); }
442 const std::vector<X509_Certificate>& certs);
446 std::vector<uint8_t> serialize()
const override;
448 std::vector<X509_Certificate> m_certs;
459 std::shared_ptr<const OCSP::Response>
response()
const {
return m_response; }
465 std::shared_ptr<const OCSP::Response> response);
468 std::vector<uint8_t> serialize()
const override;
469 std::shared_ptr<const OCSP::Response> m_response;
481 {
return m_cert_key_types; }
486 {
return m_supported_algos; }
491 const std::vector<X509_DN>& allowed_cas,
497 std::vector<uint8_t> serialize()
const override;
499 std::vector<X509_DN> m_names;
500 std::vector<std::string> m_cert_key_types;
502 std::vector<std::pair<std::string, std::string> > m_supported_algos;
521 const Policy& policy)
const;
532 std::vector<uint8_t> serialize()
const override;
534 std::string m_sig_algo;
535 std::string m_hash_algo;
536 std::vector<uint8_t> m_signature;
548 {
return m_verification_data; }
557 explicit Finished(
const std::vector<uint8_t>& buf);
559 std::vector<uint8_t> serialize()
const override;
561 std::vector<uint8_t> m_verification_data;
575 std::vector<uint8_t> serialize()
const override;
586 const std::vector<uint8_t>&
params()
const {
return m_params; }
590 const Policy& policy)
const;
595 #if defined(BOTAN_HAS_SRP6)
600 return *m_srp_params;
604 #if defined(BOTAN_HAS_CECPQ1)
609 return *m_cecpq1_key;
613 Server_Key_Exchange(Handshake_IO& io,
614 Handshake_State& state,
615 const Policy& policy,
616 Credentials_Manager& creds,
617 RandomNumberGenerator& rng,
618 const Private_Key* signing_key =
nullptr);
620 Server_Key_Exchange(
const std::vector<uint8_t>& buf,
621 const std::string& kex_alg,
622 const std::string& sig_alg,
623 Protocol_Version version);
625 ~Server_Key_Exchange() =
default;
627 std::vector<uint8_t> serialize()
const override;
629 #if defined(BOTAN_HAS_SRP6)
630 std::unique_ptr<SRP6_Server_Session> m_srp_params;
633 #if defined(BOTAN_HAS_CECPQ1)
634 std::unique_ptr<CECPQ1_key> m_cecpq1_key;
637 std::unique_ptr<Private_Key> m_kex_key;
639 std::vector<uint8_t> m_params;
641 std::string m_sig_algo;
642 std::string m_hash_algo;
643 std::vector<uint8_t> m_signature;
657 std::vector<uint8_t> serialize()
const override;
669 const std::vector<uint8_t>&
ticket()
const {
return m_ticket; }
673 const std::vector<uint8_t>& ticket,
681 std::vector<uint8_t> serialize()
const override;
683 uint32_t m_ticket_lifetime_hint = 0;
684 std::vector<uint8_t> m_ticket;
696 {
return std::vector<uint8_t>(1, 1); }
Handshake_Type type() const override
bool supports_cert_status_message() const
Handshake_Type type() const override
uint8_t compression_method() const
std::vector< X509_DN > acceptable_CAs() const
bool supports_encrypt_then_mac() const
std::string next_protocol() const
Handshake_Type type() const override
Handshake_Type type() const override
const std::vector< X509_Certificate > & cert_chain() const
bool supports_session_ticket() const
std::vector< std::pair< std::string, std::string > > supported_algos() const
Settings(const Protocol_Version version, const std::string &hostname="", const std::string &srp_identifier="")
Handshake_Type type() const override
const std::vector< uint8_t > & ticket() const
const std::vector< uint8_t > & params() const
Protocol_Version protocol_version() const
Handshake_Type type() const override
uint32_t ticket_lifetime_hint() const
const secure_vector< uint8_t > & pre_master_secret() const
bool prefers_compressed_ec_points() const
Settings(const std::vector< uint8_t > new_session_id, Protocol_Version new_session_version, uint16_t ciphersuite, uint8_t compression, bool offer_session_ticket)
Handshake_Type type() const override
bool supports_extended_master_secret() const
std::vector< uint8_t > renegotiation_info() const
uint8_t compression() const
const std::vector< uint8_t > & random() const
bool supports_alpn() const
std::vector< T, secure_allocator< T >> secure_vector
Handshake_Type type() const override
#define BOTAN_ASSERT_NONNULL(ptr)
Handshake_Type type() const override
const std::vector< uint8_t > & session_id() const
std::string sni_hostname() const
bool offer_session_ticket() const
std::vector< std::string > next_protocols() const
const std::vector< uint8_t > & random() const
std::vector< uint8_t > cookie() const
Protocol_Version version() const
Handshake_Type type() const override
bool supports_encrypt_then_mac() const
uint16_t srtp_profile() const
Handshake_Type type() const override
bool sent_signature_algorithms() const
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
std::unique_ptr< Public_Key > server_public_key
Protocol_Version version() const
const std::vector< std::string > & acceptable_cert_types() const
std::vector< uint8_t > serialize() const override
const Protocol_Version protocol_version() const
bool supports_session_ticket() const
bool supports_extended_master_secret() const
std::vector< uint16_t > srtp_profiles() const
std::set< Handshake_Extension_Type > extension_types() const
std::set< Handshake_Extension_Type > extension_types() const
std::vector< std::pair< std::string, std::string > > supported_algos() const
Handshake_Type type() const override
bool secure_renegotiation() const
std::vector< uint8_t > renegotiation_info() const
std::shared_ptr< const OCSP::Response > response() const
const std::vector< uint8_t > & session_id() const
const std::vector< uint8_t > & session_id() const
std::vector< uint8_t > verify_data() const
bool supports_certificate_status_message() const
std::set< std::string > supported_sig_algos() const
bool secure_renegotiation() const
uint16_t ciphersuite() const
Handshake_Type type() const override
uint16_t ciphersuite() const
std::vector< std::string > supported_ecc_curves() const
const std::string & srp_identifier() const
std::vector< uint8_t > session_ticket() const
const std::string & hostname() const
bool prefers_compressed_ec_points() const
Handshake_Type type() const override
std::vector< uint16_t > ciphersuites() const
std::vector< uint8_t > compression_methods() const