Coverage Report

Created: 2021-02-21 07:20

/src/botan/build/include/botan/tls_messages.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
* TLS Messages
3
* (C) 2004-2011,2015 Jack Lloyd
4
*     2016 Matthias Gierlings
5
*
6
* Botan is released under the Simplified BSD License (see license.txt)
7
*/
8
9
#ifndef BOTAN_TLS_MESSAGES_H_
10
#define BOTAN_TLS_MESSAGES_H_
11
12
#include <botan/tls_extensions.h>
13
#include <botan/tls_handshake_msg.h>
14
#include <botan/tls_session.h>
15
#include <botan/tls_policy.h>
16
#include <botan/tls_ciphersuite.h>
17
#include <botan/pk_keys.h>
18
#include <botan/x509cert.h>
19
#include <botan/ocsp.h>
20
#include <vector>
21
#include <string>
22
#include <set>
23
24
#if defined(BOTAN_HAS_CECPQ1)
25
  #include <botan/cecpq1.h>
26
#endif
27
28
namespace Botan {
29
30
class Public_Key;
31
class Credentials_Manager;
32
33
namespace TLS {
34
35
class Session;
36
class Handshake_IO;
37
class Handshake_State;
38
class Callbacks;
39
40
std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng,
41
                                       const Policy& policy);
42
43
/**
44
* DTLS Hello Verify Request
45
*/
46
class BOTAN_UNSTABLE_API Hello_Verify_Request final : public Handshake_Message
47
   {
48
   public:
49
      std::vector<uint8_t> serialize() const override;
50
16.6k
      Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; }
51
52
8.34k
      const std::vector<uint8_t>& cookie() const { return m_cookie; }
53
54
      explicit Hello_Verify_Request(const std::vector<uint8_t>& buf);
55
56
      Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits,
57
                           const std::string& client_identity,
58
                           const SymmetricKey& secret_key);
59
   private:
60
      std::vector<uint8_t> m_cookie;
61
   };
62
63
/**
64
* Client Hello Message
65
*/
66
class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message
67
   {
68
   public:
69
      class Settings final
70
         {
71
         public:
72
            Settings(const Protocol_Version version,
73
                     const std::string& hostname = "") :
74
               m_new_session_version(version),
75
6.31k
               m_hostname(hostname) {}
76
77
12.6k
            const Protocol_Version protocol_version() const { return m_new_session_version; }
78
12.6k
            const std::string& hostname() const { return m_hostname; }
79
80
         private:
81
            const Protocol_Version m_new_session_version;
82
            const std::string m_hostname;
83
         };
84
85
12.6k
      Handshake_Type type() const override { return CLIENT_HELLO; }
86
87
44.9k
      Protocol_Version version() const { return m_version; }
88
89
      std::vector<Protocol_Version> supported_versions() const;
90
91
19.9k
      const std::vector<uint8_t>& random() const { return m_random; }
92
93
23.1k
      const std::vector<uint8_t>& session_id() const { return m_session_id; }
94
95
30.3k
      const std::vector<uint8_t>& compression_methods() const { return m_comp_methods; }
96
97
21.9k
      const std::vector<uint16_t>& ciphersuites() const { return m_suites; }
98
99
      bool offered_suite(uint16_t ciphersuite) const;
100
101
      bool sent_fallback_scsv() const;
102
103
      std::vector<Signature_Scheme> signature_schemes() const;
104
105
      std::vector<Group_Params> supported_ecc_curves() const;
106
107
      std::vector<Group_Params> supported_dh_groups() const;
108
109
      bool prefers_compressed_ec_points() const;
110
111
      std::string sni_hostname() const;
112
113
      bool secure_renegotiation() const;
114
115
      std::vector<uint8_t> renegotiation_info() const;
116
117
      bool supports_session_ticket() const;
118
119
      std::vector<uint8_t> session_ticket() const;
120
121
      bool supports_alpn() const;
122
123
      bool supports_extended_master_secret() const;
124
125
      bool supports_cert_status_message() const;
126
127
      bool supports_encrypt_then_mac() const;
128
129
      bool sent_signature_algorithms() const;
130
131
      std::vector<std::string> next_protocols() const;
132
133
      std::vector<uint16_t> srtp_profiles() const;
134
135
      void update_hello_cookie(const Hello_Verify_Request& hello_verify);
136
137
8.34k
      const std::vector<uint8_t>& cookie() const { return m_hello_cookie; }
138
139
      std::vector<uint8_t> cookie_input_data() const;
140
141
      std::set<Handshake_Extension_Type> extension_types() const
142
25.7k
         { return m_extensions.extension_types(); }
143
144
21.9k
      const Extensions& extensions() const { return m_extensions; }
145
146
      Client_Hello(Handshake_IO& io,
147
                   Handshake_Hash& hash,
148
                   const Policy& policy,
149
                   Callbacks& cb,
150
                   RandomNumberGenerator& rng,
151
                   const std::vector<uint8_t>& reneg_info,
152
                   const Client_Hello::Settings& client_settings,
153
                   const std::vector<std::string>& next_protocols);
154
155
      Client_Hello(Handshake_IO& io,
156
                   Handshake_Hash& hash,
157
                   const Policy& policy,
158
                   Callbacks& cb,
159
                   RandomNumberGenerator& rng,
160
                   const std::vector<uint8_t>& reneg_info,
161
                   const Session& resumed_session,
162
                   const std::vector<std::string>& next_protocols);
163
164
      explicit Client_Hello(const std::vector<uint8_t>& buf);
165
166
   private:
167
      std::vector<uint8_t> serialize() const override;
168
169
      Protocol_Version m_version;
170
      std::vector<uint8_t> m_session_id;
171
      std::vector<uint8_t> m_random;
172
      std::vector<uint16_t> m_suites;
173
      std::vector<uint8_t> m_comp_methods;
174
      std::vector<uint8_t> m_hello_cookie; // DTLS only
175
      std::vector<uint8_t> m_cookie_input_bits; // DTLS only
176
177
      Extensions m_extensions;
178
   };
179
180
/**
181
* Server Hello Message
182
*/
183
class BOTAN_UNSTABLE_API Server_Hello final : public Handshake_Message
184
   {
185
   public:
186
      class Settings final
187
         {
188
         public:
189
            Settings(const std::vector<uint8_t> new_session_id,
190
                     Protocol_Version new_session_version,
191
                     uint16_t ciphersuite,
192
                     bool offer_session_ticket) :
193
               m_new_session_id(new_session_id),
194
               m_new_session_version(new_session_version),
195
               m_ciphersuite(ciphersuite),
196
21.6k
               m_offer_session_ticket(offer_session_ticket) {}
197
198
21.6k
            const std::vector<uint8_t>& session_id() const { return m_new_session_id; }
199
21.6k
            Protocol_Version protocol_version() const { return m_new_session_version; }
200
21.6k
            uint16_t ciphersuite() const { return m_ciphersuite; }
201
1.93k
            bool offer_session_ticket() const { return m_offer_session_ticket; }
202
203
         private:
204
            const std::vector<uint8_t> m_new_session_id;
205
            Protocol_Version m_new_session_version;
206
            uint16_t m_ciphersuite;
207
            bool m_offer_session_ticket;
208
         };
209
210
211
43.2k
      Handshake_Type type() const override { return SERVER_HELLO; }
212
213
19.7k
      Protocol_Version version() const { return m_version; }
214
215
19.9k
      const std::vector<uint8_t>& random() const { return m_random; }
216
217
6.58k
      const std::vector<uint8_t>& session_id() const { return m_session_id; }
218
219
41.6k
      uint16_t ciphersuite() const { return m_ciphersuite; }
220
221
7.61k
      uint8_t compression_method() const { return m_comp_method; }
222
223
      bool secure_renegotiation() const
224
26.4k
         {
225
26.4k
         return m_extensions.has<Renegotiation_Extension>();
226
26.4k
         }
227
228
      std::vector<uint8_t> renegotiation_info() const
229
16.4k
         {
230
16.4k
         if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
231
16.4k
            return reneg->renegotiation_info();
232
0
         return std::vector<uint8_t>();
233
0
         }
234
235
      bool supports_extended_master_secret() const
236
10.5k
         {
237
10.5k
         return m_extensions.has<Extended_Master_Secret>();
238
10.5k
         }
239
240
      bool supports_encrypt_then_mac() const
241
3.04k
         {
242
3.04k
         return m_extensions.has<Encrypt_then_MAC>();
243
3.04k
         }
244
245
      bool supports_certificate_status_message() const
246
879
         {
247
879
         return m_extensions.has<Certificate_Status_Request>();
248
879
         }
249
250
      bool supports_session_ticket() const
251
1.61k
         {
252
1.61k
         return m_extensions.has<Session_Ticket>();
253
1.61k
         }
254
255
      uint16_t srtp_profile() const
256
5.14k
         {
257
5.14k
         if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>())
258
0
            {
259
0
            auto prof = srtp->profiles();
260
0
            if(prof.size() != 1 || prof[0] == 0)
261
0
               throw Decoding_Error("Server sent malformed DTLS-SRTP extension");
262
0
            return prof[0];
263
0
            }
264
265
5.14k
         return 0;
266
5.14k
         }
267
268
      std::string next_protocol() const
269
4.80k
         {
270
4.80k
         if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
271
0
            return alpn->single_protocol();
272
4.80k
         return "";
273
4.80k
         }
274
275
      std::set<Handshake_Extension_Type> extension_types() const
276
4.88k
         { return m_extensions.extension_types(); }
277
278
4.80k
      const Extensions& extensions() const { return m_extensions; }
279
280
      bool prefers_compressed_ec_points() const
281
754
         {
282
754
         if(auto ecc_formats = m_extensions.get<Supported_Point_Formats>())
283
11
            {
284
11
            return ecc_formats->prefers_compressed();
285
11
            }
286
743
         return false;
287
743
         }
288
289
      bool random_signals_downgrade() const;
290
291
      Server_Hello(Handshake_IO& io,
292
                   Handshake_Hash& hash,
293
                   const Policy& policy,
294
                   Callbacks& cb,
295
                   RandomNumberGenerator& rng,
296
                   const std::vector<uint8_t>& secure_reneg_info,
297
                   const Client_Hello& client_hello,
298
                   const Server_Hello::Settings& settings,
299
                   const std::string next_protocol);
300
301
      Server_Hello(Handshake_IO& io,
302
                   Handshake_Hash& hash,
303
                   const Policy& policy,
304
                   Callbacks& cb,
305
                   RandomNumberGenerator& rng,
306
                   const std::vector<uint8_t>& secure_reneg_info,
307
                   const Client_Hello& client_hello,
308
                   Session& resumed_session,
309
                   bool offer_session_ticket,
310
                   const std::string& next_protocol);
311
312
      explicit Server_Hello(const std::vector<uint8_t>& buf);
313
   private:
314
      std::vector<uint8_t> serialize() const override;
315
316
      Protocol_Version m_version;
317
      std::vector<uint8_t> m_session_id, m_random;
318
      uint16_t m_ciphersuite;
319
      uint8_t m_comp_method;
320
321
      Extensions m_extensions;
322
   };
323
324
/**
325
* Client Key Exchange Message
326
*/
327
class BOTAN_UNSTABLE_API Client_Key_Exchange final : public Handshake_Message
328
   {
329
   public:
330
2.39k
      Handshake_Type type() const override { return CLIENT_KEX; }
331
332
      const secure_vector<uint8_t>& pre_master_secret() const
333
10.1k
         { return m_pre_master; }
334
335
      Client_Key_Exchange(Handshake_IO& io,
336
                          Handshake_State& state,
337
                          const Policy& policy,
338
                          Credentials_Manager& creds,
339
                          const Public_Key* server_public_key,
340
                          const std::string& hostname,
341
                          RandomNumberGenerator& rng);
342
343
      Client_Key_Exchange(const std::vector<uint8_t>& buf,
344
                          const Handshake_State& state,
345
                          const Private_Key* server_rsa_kex_key,
346
                          Credentials_Manager& creds,
347
                          const Policy& policy,
348
                          RandomNumberGenerator& rng);
349
350
   private:
351
      std::vector<uint8_t> serialize() const override
352
1.19k
         { return m_key_material; }
353
354
      std::vector<uint8_t> m_key_material;
355
      secure_vector<uint8_t> m_pre_master;
356
   };
357
358
/**
359
* Certificate Message
360
*/
361
class BOTAN_UNSTABLE_API Certificate final : public Handshake_Message
362
   {
363
   public:
364
306
      Handshake_Type type() const override { return CERTIFICATE; }
365
1.77k
      const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
366
367
0
      size_t count() const { return m_certs.size(); }
368
0
      bool empty() const { return m_certs.empty(); }
369
370
      Certificate(Handshake_IO& io,
371
                  Handshake_Hash& hash,
372
                  const std::vector<X509_Certificate>& certs);
373
374
      explicit Certificate(const std::vector<uint8_t>& buf, const Policy &policy);
375
   private:
376
      std::vector<uint8_t> serialize() const override;
377
378
      std::vector<X509_Certificate> m_certs;
379
   };
380
381
/**
382
* Certificate Status (RFC 6066)
383
*/
384
class BOTAN_UNSTABLE_API Certificate_Status final : public Handshake_Message
385
   {
386
   public:
387
0
      Handshake_Type type() const override { return CERTIFICATE_STATUS; }
388
389
      //std::shared_ptr<const OCSP::Response> response() const { return m_response; }
390
391
0
      const std::vector<uint8_t>& response() const { return m_response; }
392
393
      Certificate_Status(const std::vector<uint8_t>& buf);
394
395
      Certificate_Status(Handshake_IO& io,
396
                         Handshake_Hash& hash,
397
                         std::shared_ptr<const OCSP::Response> response);
398
399
      /*
400
       * Create a Certificate_Status message using an already DER encoded OCSP response.
401
       */
402
      Certificate_Status(Handshake_IO& io,
403
                         Handshake_Hash& hash,
404
                         std::vector<uint8_t> const& raw_response_bytes );
405
406
   private:
407
      std::vector<uint8_t> serialize() const override;
408
      std::vector<uint8_t> m_response;
409
   };
410
411
/**
412
* Certificate Request Message
413
*/
414
class BOTAN_UNSTABLE_API Certificate_Req final : public Handshake_Message
415
   {
416
   public:
417
0
      Handshake_Type type() const override { return CERTIFICATE_REQUEST; }
418
419
      const std::vector<std::string>& acceptable_cert_types() const
420
0
         { return m_cert_key_types; }
421
422
0
      const std::vector<X509_DN>& acceptable_CAs() const { return m_names; }
423
424
      const std::vector<Signature_Scheme>& signature_schemes() const
425
0
         {
426
0
         return m_schemes;
427
0
         }
428
429
      Certificate_Req(Handshake_IO& io,
430
                      Handshake_Hash& hash,
431
                      const Policy& policy,
432
                      const std::vector<X509_DN>& allowed_cas,
433
                      Protocol_Version version);
434
435
      Certificate_Req(const std::vector<uint8_t>& buf,
436
                      Protocol_Version version);
437
   private:
438
      std::vector<uint8_t> serialize() const override;
439
440
      std::vector<X509_DN> m_names;
441
      std::vector<std::string> m_cert_key_types;
442
443
      std::vector<Signature_Scheme> m_schemes;
444
   };
445
446
/**
447
* Certificate Verify Message
448
*/
449
class BOTAN_UNSTABLE_API Certificate_Verify final : public Handshake_Message
450
   {
451
   public:
452
0
      Handshake_Type type() const override { return CERTIFICATE_VERIFY; }
453
454
      /**
455
      * Check the signature on a certificate verify message
456
      * @param cert the purported certificate
457
      * @param state the handshake state
458
      * @param policy the TLS policy
459
      */
460
      bool verify(const X509_Certificate& cert,
461
                  const Handshake_State& state,
462
                  const Policy& policy) const;
463
464
      Certificate_Verify(Handshake_IO& io,
465
                         Handshake_State& state,
466
                         const Policy& policy,
467
                         RandomNumberGenerator& rng,
468
                         const Private_Key* key);
469
470
      Certificate_Verify(const std::vector<uint8_t>& buf,
471
                         Protocol_Version version);
472
   private:
473
      std::vector<uint8_t> serialize() const override;
474
475
      std::vector<uint8_t> m_signature;
476
      Signature_Scheme m_scheme = Signature_Scheme::NONE;
477
   };
478
479
/**
480
* Finished Message
481
*/
482
class BOTAN_UNSTABLE_API Finished final : public Handshake_Message
483
   {
484
   public:
485
2.96k
      Handshake_Type type() const override { return FINISHED; }
486
487
      std::vector<uint8_t> verify_data() const
488
0
         { return m_verification_data; }
489
490
      bool verify(const Handshake_State& state,
491
                  Connection_Side side) const;
492
493
      Finished(Handshake_IO& io,
494
               Handshake_State& state,
495
               Connection_Side side);
496
497
      explicit Finished(const std::vector<uint8_t>& buf);
498
   private:
499
      std::vector<uint8_t> serialize() const override;
500
501
      std::vector<uint8_t> m_verification_data;
502
   };
503
504
/**
505
* Hello Request Message
506
*/
507
class BOTAN_UNSTABLE_API Hello_Request final : public Handshake_Message
508
   {
509
   public:
510
0
      Handshake_Type type() const override { return HELLO_REQUEST; }
511
512
      explicit Hello_Request(Handshake_IO& io);
513
      explicit Hello_Request(const std::vector<uint8_t>& buf);
514
   private:
515
      std::vector<uint8_t> serialize() const override;
516
   };
517
518
/**
519
* Server Key Exchange Message
520
*/
521
class BOTAN_UNSTABLE_API Server_Key_Exchange final : public Handshake_Message
522
   {
523
   public:
524
42.9k
      Handshake_Type type() const override { return SERVER_KEX; }
525
526
22.8k
      const std::vector<uint8_t>& params() const { return m_params; }
527
528
      bool verify(const Public_Key& server_key,
529
                  const Handshake_State& state,
530
                  const Policy& policy) const;
531
532
      // Only valid for certain kex types
533
      const Private_Key& server_kex_key() const;
534
535
#if defined(BOTAN_HAS_CECPQ1)
536
      // Only valid for CECPQ1 negotiation
537
      const CECPQ1_key& cecpq1_key() const
538
0
         {
539
0
         BOTAN_ASSERT_NONNULL(m_cecpq1_key);
540
0
         return *m_cecpq1_key;
541
0
         }
Unexecuted instantiation: Botan::TLS::Server_Key_Exchange::cecpq1_key() const
Unexecuted instantiation: Botan::TLS::Server_Key_Exchange::cecpq1_key() const
542
#endif
543
544
      Server_Key_Exchange(Handshake_IO& io,
545
                          Handshake_State& state,
546
                          const Policy& policy,
547
                          Credentials_Manager& creds,
548
                          RandomNumberGenerator& rng,
549
                          const Private_Key* signing_key = nullptr);
550
551
      Server_Key_Exchange(const std::vector<uint8_t>& buf,
552
                          Kex_Algo kex_alg,
553
                          Auth_Method sig_alg,
554
                          Protocol_Version version);
555
556
22.8k
      ~Server_Key_Exchange() = default;
557
   private:
558
      std::vector<uint8_t> serialize() const override;
559
560
#if defined(BOTAN_HAS_CECPQ1)
561
      std::unique_ptr<CECPQ1_key> m_cecpq1_key;
562
#endif
563
564
      std::unique_ptr<Private_Key> m_kex_key;
565
566
      std::vector<uint8_t> m_params;
567
568
      std::vector<uint8_t> m_signature;
569
      Signature_Scheme m_scheme = Signature_Scheme::NONE;
570
   };
571
572
/**
573
* Server Hello Done Message
574
*/
575
class BOTAN_UNSTABLE_API Server_Hello_Done final : public Handshake_Message
576
   {
577
   public:
578
42.9k
      Handshake_Type type() const override { return SERVER_HELLO_DONE; }
579
580
      Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash);
581
      explicit Server_Hello_Done(const std::vector<uint8_t>& buf);
582
   private:
583
      std::vector<uint8_t> serialize() const override;
584
   };
585
586
/**
587
* New Session Ticket Message
588
*/
589
class BOTAN_UNSTABLE_API New_Session_Ticket final : public Handshake_Message
590
   {
591
   public:
592
314
      Handshake_Type type() const override { return NEW_SESSION_TICKET; }
593
594
0
      uint32_t ticket_lifetime_hint() const { return m_ticket_lifetime_hint; }
595
0
      const std::vector<uint8_t>& ticket() const { return m_ticket; }
596
597
      New_Session_Ticket(Handshake_IO& io,
598
                         Handshake_Hash& hash,
599
                         const std::vector<uint8_t>& ticket,
600
                         uint32_t lifetime);
601
602
      New_Session_Ticket(Handshake_IO& io,
603
                         Handshake_Hash& hash);
604
605
      explicit New_Session_Ticket(const std::vector<uint8_t>& buf);
606
   private:
607
      std::vector<uint8_t> serialize() const override;
608
609
      uint32_t m_ticket_lifetime_hint = 0;
610
      std::vector<uint8_t> m_ticket;
611
   };
612
613
/**
614
* Change Cipher Spec
615
*/
616
class BOTAN_UNSTABLE_API Change_Cipher_Spec final : public Handshake_Message
617
   {
618
   public:
619
1.48k
      Handshake_Type type() const override { return HANDSHAKE_CCS; }
620
621
      std::vector<uint8_t> serialize() const override
622
1.48k
         { return std::vector<uint8_t>(1, 1); }
623
   };
624
625
}
626
627
}
628
629
#endif