9 #include <botan/tls_client.h>
10 #include <botan/tls_messages.h>
11 #include <botan/internal/tls_handshake_state.h>
12 #include <botan/internal/stl_util.h>
16 #include <botan/hex.h>
24 class Client_Handshake_State :
public Handshake_State
29 Client_Handshake_State(Handshake_IO* io, Callbacks& cb) : Handshake_State(io, cb) {}
31 const Public_Key& get_server_public_key()
const
55 const std::vector<std::string>& next_protos,
57 Channel(callbacks, session_manager, rng, policy, offer_version.is_datagram_protocol(),
62 init(offer_version, next_protos);
75 const std::vector<std::string>& next_protos,
78 session_manager, rng, policy, offer_version.is_datagram_protocol(), io_buf_sz),
82 init(offer_version, next_protos);
96 const std::vector<std::string>& next_protos) :
97 Channel(output_fn, proc_cb, alert_cb, handshake_cb, hs_msg_cb,
98 session_manager, rng, policy, offer_version.is_datagram_protocol()),
102 init(offer_version, next_protos);
106 const std::vector<std::string>& next_protocols)
111 send_client_hello(state,
false, protocol_version,
112 srp_identifier, next_protocols);
115 Handshake_State* Client::new_handshake_state(Handshake_IO* io)
117 return new Client_Handshake_State(io,
callbacks());
120 std::vector<X509_Certificate>
121 Client::get_peer_cert_chain(
const Handshake_State& state)
const
123 if(state.server_certs())
124 return state.server_certs()->cert_chain();
125 return std::vector<X509_Certificate>();
131 void Client::initiate_handshake(Handshake_State& state,
132 bool force_full_renegotiation)
134 send_client_hello(state, force_full_renegotiation, state.version());
137 void Client::send_client_hello(Handshake_State& state_base,
138 bool force_full_renegotiation,
139 Protocol_Version version,
140 const std::string& srp_identifier,
141 const std::vector<std::string>& next_protocols)
143 Client_Handshake_State& state =
dynamic_cast<Client_Handshake_State&
>(state_base);
145 if(state.version().is_datagram_protocol())
149 if(!force_full_renegotiation && !m_info.
empty())
151 Session session_info;
158 if(version == session_info.version())
160 if(srp_identifier ==
"" || session_info.srp_identifier() == srp_identifier)
163 new Client_Hello(state.handshake_io(),
171 state.resume_master_secret = session_info.master_secret();
177 if(!state.client_hello())
179 Client_Hello::Settings client_settings(version, m_info.
hostname(), srp_identifier);
180 state.client_hello(
new Client_Hello(
181 state.handshake_io(),
196 void Client::process_handshake_msg(
const Handshake_State* active_state,
197 Handshake_State& state_base,
199 const std::vector<uint8_t>& contents)
201 Client_Handshake_State& state =
dynamic_cast<Client_Handshake_State&
>(state_base);
205 Hello_Request hello_request(contents);
208 if(state.client_hello())
216 this->initiate_handshake(state,
false);
227 state.confirm_transition_to(type);
230 state.hash().update(state.handshake_io().format(contents, type));
237 Hello_Verify_Request hello_verify_request(contents);
239 state.hello_verify_request(hello_verify_request);
243 state.server_hello(
new Server_Hello(contents));
245 if(!state.client_hello()->offered_suite(state.server_hello()->ciphersuite()))
248 "Server replied with ciphersuite we didn't send");
254 "Server replied with a signaling ciphersuite");
257 if(!
value_exists(state.client_hello()->compression_methods(),
258 state.server_hello()->compression_method()))
261 "Server replied with compression method we didn't send");
264 auto client_extn = state.client_hello()->extension_types();
265 auto server_extn = state.server_hello()->extension_types();
267 std::vector<Handshake_Extension_Type> diff;
269 std::set_difference(server_extn.begin(), server_extn.end(),
270 client_extn.begin(), client_extn.end(),
271 std::back_inserter(diff));
277 std::ostringstream msg;
278 msg <<
"Server replied with " << diff.size() <<
" unsupported extensions:";
280 msg <<
" " <<
static_cast<int>(d);
284 if(uint16_t srtp = state.server_hello()->srtp_profile())
286 if(!
value_exists(state.client_hello()->srtp_profiles(), srtp))
288 "Server replied with DTLS-SRTP alg we did not send");
291 state.set_version(state.server_hello()->version());
292 m_application_protocol = state.server_hello()->next_protocol();
296 const bool server_returned_same_session_id =
297 !state.server_hello()->session_id().empty() &&
298 (state.server_hello()->session_id() == state.client_hello()->session_id());
300 if(server_returned_same_session_id)
308 if(state.server_hello()->version() != state.client_hello()->version())
310 "Server resumed session but with wrong version");
312 state.compute_session_keys(state.resume_master_secret);
314 if(state.server_hello()->supports_session_ticket())
325 if(state.client_hello()->version().is_datagram_protocol() !=
326 state.server_hello()->version().is_datagram_protocol())
329 "Server replied with different protocol type than we offered");
332 if(state.version() > state.client_hello()->version())
335 "Server replied with later version than in hello");
338 if(!
policy().acceptable_protocol_version(state.version()))
341 "Server version " + state.version().to_string() +
342 " is unacceptable by policy");
345 if(state.ciphersuite().sig_algo() !=
"")
349 else if(state.ciphersuite().kex_algo() ==
"PSK")
362 else if(state.ciphersuite().kex_algo() !=
"RSA")
377 const std::vector<X509_Certificate>& server_certs =
378 state.server_certs()->cert_chain();
380 if(server_certs.empty())
382 "Client: No certificates sent by server");
389 std::unique_ptr<Public_Key> peer_key(server_certs[0].subject_public_key());
391 if(peer_key->algo_name() != state.ciphersuite().sig_algo())
393 "Certificate key type did not match ciphersuite");
395 state.server_public_key.reset(peer_key.release());
397 if(state.ciphersuite().kex_algo() !=
"RSA")
407 if(state.server_hello()->supports_certificate_status_message())
414 state.server_cert_status(
new Certificate_Status(contents));
416 if(state.ciphersuite().kex_algo() !=
"RSA")
432 new Server_Key_Exchange(contents,
433 state.ciphersuite().kex_algo(),
434 state.ciphersuite().sig_algo(),
438 if(state.ciphersuite().sig_algo() !=
"")
440 const Public_Key& server_key = state.get_server_public_key();
442 if(!state.server_kex()->verify(server_key, state,
policy()))
445 "Bad signature on server key exchange");
452 state.cert_req(
new Certificate_Req(contents, state.version()));
456 state.server_hello_done(
new Server_Hello_Done(contents));
458 if(state.server_certs() !=
nullptr)
464 std::vector<std::shared_ptr<const OCSP::Response>> ocsp;
465 if(state.server_cert_status() !=
nullptr)
466 ocsp.push_back(state.server_cert_status()->response());
475 catch(std::exception& e)
483 const auto& types = state.cert_req()->acceptable_cert_types();
485 std::vector<X509_Certificate> client_certs =
490 state.client_certs(
new Certificate(state.handshake_io(),
496 new Client_Key_Exchange(state.handshake_io(),
500 state.server_public_key.get(),
505 state.compute_session_keys();
508 !state.client_certs()->empty())
510 Private_Key* private_key =
511 m_creds.private_key_for(state.client_certs()->cert_chain()[0],
516 new Certificate_Verify(state.handshake_io(),
524 state.handshake_io().send(Change_Cipher_Spec());
528 state.client_finished(
new Finished(state.handshake_io(), state,
CLIENT));
530 if(state.server_hello()->supports_session_ticket())
537 state.new_session_ticket(
new New_Session_Ticket(contents));
549 state.server_finished(
new Finished(contents));
551 if(!state.server_finished()->verify(state,
SERVER))
553 "Finished message didn't verify");
555 state.hash().update(state.handshake_io().format(contents, type));
557 if(!state.client_finished())
559 state.handshake_io().send(Change_Cipher_Spec());
561 state.client_finished(
new Finished(state.handshake_io(), state,
CLIENT));
564 std::vector<uint8_t> session_id = state.server_hello()->session_id();
566 const std::vector<uint8_t>& session_ticket = state.session_ticket();
568 if(session_id.empty() && !session_ticket.empty())
571 Session session_info(
573 state.session_keys().master_secret(),
574 state.server_hello()->version(),
575 state.server_hello()->ciphersuite(),
576 state.server_hello()->compression_method(),
578 state.server_hello()->supports_extended_master_secret(),
579 state.server_hello()->supports_encrypt_then_mac(),
580 get_peer_cert_chain(state),
584 state.server_hello()->srtp_profile()
589 if(!session_id.empty())
600 throw Unexpected_Message(
"Unknown handshake message received");
Callbacks & callbacks() const
virtual void remove_entry(const std::vector< uint8_t > &session_id)=0
virtual bool allow_insecure_renegotiation() const
std::vector< uint8_t > secure_renegotiation_data_for_client_hello() const
virtual std::string srp_identifier(const std::string &type, const std::string &context)
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
void change_cipher_spec_reader(Connection_Side side)
bool save_session(const Session &session) const
static bool is_scsv(uint16_t suite)
void change_cipher_spec_writer(Connection_Side side)
Client(Callbacks &callbacks, Session_Manager &session_manager, Credentials_Manager &creds, const Policy &policy, RandomNumberGenerator &rng, const Server_Information &server_info=Server_Information(), const Protocol_Version &offer_version=Protocol_Version::latest_tls_version(), const std::vector< std::string > &next_protocols={}, size_t reserved_io_buffer_size=TLS::Client::IO_BUF_DEFAULT_SIZE)
void send_warning_alert(Alert::Type type)
std::function< void(const uint8_t[], size_t)> output_fn
Handshake_State & create_handshake_state(Protocol_Version version)
RandomNumberGenerator & rng()
virtual void tls_verify_cert_chain(const std::vector< X509_Certificate > &cert_chain, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, const std::string &hostname, const TLS::Policy &policy)
#define BOTAN_ASSERT(expr, assertion_made)
virtual std::vector< X509_Certificate > cert_chain(const std::vector< std::string > &cert_key_types, const std::string &type, const std::string &context)
std::function< bool(const Session &)> handshake_cb
virtual bool allow_server_initiated_renegotiation() const
bool secure_renegotiation_supported() const
void secure_renegotiation_check(const Client_Hello *client_hello)
secure_vector< uint8_t > resume_master_secret
std::vector< uint8_t > make_hello_random(RandomNumberGenerator &rng, const Policy &policy)
std::function< void(const uint8_t[], size_t)> data_cb
std::unique_ptr< Public_Key > server_public_key
bool value_exists(const std::vector< T > &vec, const T &val)
virtual std::vector< Certificate_Store * > trusted_certificate_authorities(const std::string &type, const std::string &context)
virtual void save(const Session &session)=0
const Policy & policy() const
Session_Manager & session_manager()
std::function< void(const Handshake_Message &)> handshake_msg_cb
virtual bool load_from_server_info(const Server_Information &info, Session &session)=0