/src/botan/src/lib/tls/msg_client_hello.cpp

Source (jump to first uncovered line)
/*
* TLS Hello Request and Client Hello Messages
* (C) 2004-2011,2015,2016 Jack Lloyd
*     2016 Matthias Gierlings
*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tls_messages.h>
#include <botan/tls_alert.h>
#include <botan/tls_exceptn.h>
#include <botan/tls_callbacks.h>
#include <botan/rng.h>
#include <botan/hash.h>

#include <botan/internal/tls_reader.h>
#include <botan/internal/tls_session_key.h>
#include <botan/internal/tls_handshake_io.h>
#include <botan/internal/tls_handshake_hash.h>
#include <botan/internal/stl_util.h>
#include <chrono>

namespace Botan {

namespace TLS {

enum {
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV        = 0x00FF,
   TLS_FALLBACK_SCSV                        = 0x5600
};

std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng,
                                       const Policy& policy)
   {
   std::vector<uint8_t> buf(32);
   rng.randomize(buf.data(), buf.size());

   std::unique_ptr<HashFunction> sha256 = HashFunction::create_or_throw("SHA-256");
   sha256->update(buf);
   sha256->final(buf);

   if(policy.include_time_in_hello_random())
      {
      const uint32_t time32 = static_cast<uint32_t>(
         std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));

      store_be(time32, buf.data());
      }

   return buf;
   }

/*
* Create a new Hello Request message
*/
Hello_Request::Hello_Request(Handshake_IO& io)
   {
   io.send(*this);
   }

/*
* Deserialize a Hello Request message
*/
Hello_Request::Hello_Request(const std::vector<uint8_t>& buf)
   {
   if(buf.size())
      throw Decoding_Error("Bad Hello_Request, has non-zero size");
   }

/*
* Serialize a Hello Request message
*/
std::vector<uint8_t> Hello_Request::serialize() const
   {
   return std::vector<uint8_t>();
   }

/*
* Create a new Client Hello message
*/
Client_Hello::Client_Hello(Handshake_IO& io,
                           Handshake_Hash& hash,
                           const Policy& policy,
                           Callbacks& cb,
                           RandomNumberGenerator& rng,
                           const std::vector<uint8_t>& reneg_info,
                           const Client_Hello::Settings& client_settings,
                           const std::vector<std::string>& next_protocols) :
   m_version(client_settings.protocol_version()),
   m_random(make_hello_random(rng, policy)),
   m_suites(policy.ciphersuite_list(m_version)),
   m_comp_methods(1)
   {
   if(!policy.acceptable_protocol_version(m_version))
      throw Internal_Error("Offering " + m_version.to_string() +
                           " but our own policy does not accept it");

   /*
   * Place all empty extensions in front to avoid a bug in some systems
   * which reject hellos when the last extension in the list is empty.
   */
   m_extensions.add(new Extended_Master_Secret);
   m_extensions.add(new Session_Ticket());

   if(policy.negotiate_encrypt_then_mac())
      m_extensions.add(new Encrypt_then_MAC);

   m_extensions.add(new Renegotiation_Extension(reneg_info));

   m_extensions.add(new Supported_Versions(m_version, policy));

   if(client_settings.hostname() != "")
      m_extensions.add(new Server_Name_Indicator(client_settings.hostname()));

   if(policy.support_cert_status_message())
      m_extensions.add(new Certificate_Status_Request({}, {}));

   if(reneg_info.empty() && !next_protocols.empty())
      m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols));

   if(m_version.supports_negotiable_signature_algorithms())
      m_extensions.add(new Signature_Algorithms(policy.acceptable_signature_schemes()));

   if(m_version.is_datagram_protocol())
      m_extensions.add(new SRTP_Protection_Profiles(policy.srtp_profiles()));

   std::unique_ptr<Supported_Groups> supported_groups(new Supported_Groups(policy.key_exchange_groups()));

   if(supported_groups->ec_groups().size() > 0)
      {
      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
      }

   m_extensions.add(supported_groups.release());

   cb.tls_modify_extensions(m_extensions, CLIENT);

   if(policy.send_fallback_scsv(client_settings.protocol_version()))
      m_suites.push_back(TLS_FALLBACK_SCSV);

   hash.update(io.send(*this));
   }

/*
* Create a new Client Hello message (session resumption case)
*/
Client_Hello::Client_Hello(Handshake_IO& io,
                           Handshake_Hash& hash,
                           const Policy& policy,
                           Callbacks& cb,
                           RandomNumberGenerator& rng,
                           const std::vector<uint8_t>& reneg_info,
                           const Session& session,
                           const std::vector<std::string>& next_protocols) :
   m_version(session.version()),
   m_session_id(session.session_id()),
   m_random(make_hello_random(rng, policy)),
   m_suites(policy.ciphersuite_list(m_version)),
   m_comp_methods(1)
   {
   if(!policy.acceptable_protocol_version(m_version))
      throw Internal_Error("Offering " + m_version.to_string() +
                           " but our own policy does not accept it");

   if(!value_exists(m_suites, session.ciphersuite_code()))
      m_suites.push_back(session.ciphersuite_code());

   /*
   We always add the EMS extension, even if not used in the original session.
   If the server understands it and follows the RFC it should reject our resume
   attempt and upgrade us to a new session with the EMS protection.
   */
   m_extensions.add(new Extended_Master_Secret);

   m_extensions.add(new Renegotiation_Extension(reneg_info));
   m_extensions.add(new Server_Name_Indicator(session.server_info().hostname()));
   m_extensions.add(new Session_Ticket(session.session_ticket()));

   if(policy.support_cert_status_message())
      m_extensions.add(new Certificate_Status_Request({}, {}));

   std::unique_ptr<Supported_Groups> supported_groups(new Supported_Groups(policy.key_exchange_groups()));

   if(supported_groups->ec_groups().size() > 0)
      {
      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
      }

   m_extensions.add(supported_groups.release());

   if(session.supports_encrypt_then_mac())
      m_extensions.add(new Encrypt_then_MAC);

   if(m_version.supports_negotiable_signature_algorithms())
      m_extensions.add(new Signature_Algorithms(policy.acceptable_signature_schemes()));

   if(reneg_info.empty() && !next_protocols.empty())
      m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols));

   cb.tls_modify_extensions(m_extensions, CLIENT);

   hash.update(io.send(*this));
   }

void Client_Hello::update_hello_cookie(const Hello_Verify_Request& hello_verify)
   {
   if(!m_version.is_datagram_protocol())
      throw Invalid_State("Cannot use hello cookie with stream protocol");

   m_hello_cookie = hello_verify.cookie();
   }

/*
* Serialize a Client Hello message
*/
std::vector<uint8_t> Client_Hello::serialize() const
   {
   std::vector<uint8_t> buf;

   buf.push_back(m_version.major_version());
   buf.push_back(m_version.minor_version());
   buf += m_random;

   append_tls_length_value(buf, m_session_id, 1);

   if(m_version.is_datagram_protocol())
      append_tls_length_value(buf, m_hello_cookie, 1);

   append_tls_length_value(buf, m_suites, 2);
   append_tls_length_value(buf, m_comp_methods, 1);

   /*
   * May not want to send extensions at all in some cases. If so,
   * should include SCSV value (if reneg info is empty, if not we are
   * renegotiating with a modern server)
   */

   buf += m_extensions.serialize(Connection_Side::CLIENT);

   return buf;
   }

std::vector<uint8_t> Client_Hello::cookie_input_data() const
   {
   if(m_cookie_input_bits.empty())
      throw Invalid_State("Client_Hello::cookie_input_data called but was not computed");

   return m_cookie_input_bits;
   }

/*
* Read a counterparty client hello
*/
Client_Hello::Client_Hello(const std::vector<uint8_t>& buf)
   {
   if(buf.size() < 41)
      throw Decoding_Error("Client_Hello: Packet corrupted");

   TLS_Data_Reader reader("ClientHello", buf);

   const uint8_t major_version = reader.get_byte();
   const uint8_t minor_version = reader.get_byte();

   m_version = Protocol_Version(major_version, minor_version);
   m_random = reader.get_fixed<uint8_t>(32);
   m_session_id = reader.get_range<uint8_t>(1, 0, 32);

   if(m_version.is_datagram_protocol())
      {
      auto sha256 = HashFunction::create_or_throw("SHA-256");
      sha256->update(reader.get_data_read_so_far());

      m_hello_cookie = reader.get_range<uint8_t>(1, 0, 255);

      sha256->update(reader.get_remaining());
      m_cookie_input_bits.resize(sha256->output_length());
      sha256->final(m_cookie_input_bits.data());
      }

   m_suites = reader.get_range_vector<uint16_t>(2, 1, 32767);

   m_comp_methods = reader.get_range_vector<uint8_t>(1, 1, 255);

   m_extensions.deserialize(reader, Connection_Side::CLIENT);

   if(offered_suite(static_cast<uint16_t>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)))
      {
      if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
         {
         if(!reneg->renegotiation_info().empty())
            throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
                                "Client sent renegotiation SCSV and non-empty extension");
         }
      else
         {
         // add fake extension
         m_extensions.add(new Renegotiation_Extension());
         }
      }
   }

bool Client_Hello::sent_fallback_scsv() const
   {
   return offered_suite(static_cast<uint16_t>(TLS_FALLBACK_SCSV));
   }

/*
* Check if we offered this ciphersuite
*/
bool Client_Hello::offered_suite(uint16_t ciphersuite) const
   {
   for(size_t i = 0; i != m_suites.size(); ++i)
      if(m_suites[i] == ciphersuite)
         return true;
   return false;
   }

std::vector<Signature_Scheme> Client_Hello::signature_schemes() const
   {
   std::vector<Signature_Scheme> schemes;

   if(Signature_Algorithms* sigs = m_extensions.get<Signature_Algorithms>())
      {
      schemes = sigs->supported_schemes();
      }

   return schemes;
   }

std::vector<Group_Params> Client_Hello::supported_ecc_curves() const
   {
   if(Supported_Groups* groups = m_extensions.get<Supported_Groups>())
      return groups->ec_groups();
   return std::vector<Group_Params>();
   }

std::vector<Group_Params> Client_Hello::supported_dh_groups() const
   {
   if(Supported_Groups* groups = m_extensions.get<Supported_Groups>())
      return groups->dh_groups();
   return std::vector<Group_Params>();
   }

bool Client_Hello::prefers_compressed_ec_points() const
   {
   if(Supported_Point_Formats* ecc_formats = m_extensions.get<Supported_Point_Formats>())
      {
      return ecc_formats->prefers_compressed();
      }
   return false;
   }

std::string Client_Hello::sni_hostname() const
   {
   if(Server_Name_Indicator* sni = m_extensions.get<Server_Name_Indicator>())
      return sni->host_name();
   return "";
   }

bool Client_Hello::secure_renegotiation() const
   {
   return m_extensions.has<Renegotiation_Extension>();
   }

std::vector<uint8_t> Client_Hello::renegotiation_info() const
   {
   if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
      return reneg->renegotiation_info();
   return std::vector<uint8_t>();
   }

std::vector<Protocol_Version> Client_Hello::supported_versions() const
   {
   if(Supported_Versions* versions = m_extensions.get<Supported_Versions>())
      return versions->versions();
   return {};
   }

bool Client_Hello::supports_session_ticket() const
   {
   return m_extensions.has<Session_Ticket>();
   }

std::vector<uint8_t> Client_Hello::session_ticket() const
   {
   if(Session_Ticket* ticket = m_extensions.get<Session_Ticket>())
      return ticket->contents();
   return std::vector<uint8_t>();
   }

bool Client_Hello::supports_alpn() const
   {
   return m_extensions.has<Application_Layer_Protocol_Notification>();
   }

bool Client_Hello::supports_extended_master_secret() const
   {
   return m_extensions.has<Extended_Master_Secret>();
   }

bool Client_Hello::supports_cert_status_message() const
   {
   return m_extensions.has<Certificate_Status_Request>();
   }

bool Client_Hello::supports_encrypt_then_mac() const
   {
   return m_extensions.has<Encrypt_then_MAC>();
   }

bool Client_Hello::sent_signature_algorithms() const
   {
   return m_extensions.has<Signature_Algorithms>();
   }

std::vector<std::string> Client_Hello::next_protocols() const
   {
   if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
      return alpn->protocols();
   return std::vector<std::string>();
   }

std::vector<uint16_t> Client_Hello::srtp_profiles() const
   {
   if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>())
      return srtp->profiles();
   return std::vector<uint16_t>();
   }


}

}

Coverage Report

Created: 2021-02-21 07:20

Line	Count	Source (jump to first uncovered line)
1		/*
2		* TLS Hello Request and Client Hello Messages
3		* (C) 2004-2011,2015,2016 Jack Lloyd
4		* 2016 Matthias Gierlings
5		* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
6		*
7		* Botan is released under the Simplified BSD License (see license.txt)
8		*/
9
10		#include <botan/tls_messages.h>
11		#include <botan/tls_alert.h>
12		#include <botan/tls_exceptn.h>
13		#include <botan/tls_callbacks.h>
14		#include <botan/rng.h>
15		#include <botan/hash.h>
16
17		#include <botan/internal/tls_reader.h>
18		#include <botan/internal/tls_session_key.h>
19		#include <botan/internal/tls_handshake_io.h>
20		#include <botan/internal/tls_handshake_hash.h>
21		#include <botan/internal/stl_util.h>
22		#include <chrono>
23
24		namespace Botan {
25
26		namespace TLS {
27
28		enum {
29		TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
30		TLS_FALLBACK_SCSV = 0x5600
31		};
32
33		std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng,
34		const Policy& policy)
35	49.5k	{
36	49.5k	std::vector<uint8_t> buf(32);
37	49.5k	rng.randomize(buf.data(), buf.size());
38
39	49.5k	std::unique_ptr<HashFunction> sha256 = HashFunction::create_or_throw("SHA-256");
40	49.5k	sha256->update(buf);
41	49.5k	sha256->final(buf);
42
43	49.5k	if(policy.include_time_in_hello_random())
44	49.5k	{
45	49.5k	const uint32_t time32 = static_cast<uint32_t>(
46	49.5k	std::chrono::system_clock::to_time_t(std::chrono::system_clock::now()));
47
48	49.5k	store_be(time32, buf.data());
49	49.5k	}
50
51	49.5k	return buf;
52	49.5k	}
53
54		/*
55		* Create a new Hello Request message
56		*/
57		Hello_Request::Hello_Request(Handshake_IO& io)
58	0	{
59	0	io.send(*this);
60	0	}
61
62		/*
63		* Deserialize a Hello Request message
64		*/
65		Hello_Request::Hello_Request(const std::vector<uint8_t>& buf)
66	0	{
67	0	if(buf.size())
68	0	throw Decoding_Error("Bad Hello_Request, has non-zero size");
69	0	}
70
71		/*
72		* Serialize a Hello Request message
73		*/
74		std::vector<uint8_t> Hello_Request::serialize() const
75	0	{
76	0	return std::vector<uint8_t>();
77	0	}
78
79		/*
80		* Create a new Client Hello message
81		*/
82		Client_Hello::Client_Hello(Handshake_IO& io,
83		Handshake_Hash& hash,
84		const Policy& policy,
85		Callbacks& cb,
86		RandomNumberGenerator& rng,
87		const std::vector<uint8_t>& reneg_info,
88		const Client_Hello::Settings& client_settings,
89		const std::vector<std::string>& next_protocols) :
90		m_version(client_settings.protocol_version()),
91		m_random(make_hello_random(rng, policy)),
92		m_suites(policy.ciphersuite_list(m_version)),
93		m_comp_methods(1)
94	6.31k	{
95	6.31k	if(!policy.acceptable_protocol_version(m_version))
96	0	throw Internal_Error("Offering " + m_version.to_string() +
97	0	" but our own policy does not accept it");
98
99		/*
100		* Place all empty extensions in front to avoid a bug in some systems
101		* which reject hellos when the last extension in the list is empty.
102		*/
103	6.31k	m_extensions.add(new Extended_Master_Secret);
104	6.31k	m_extensions.add(new Session_Ticket());
105
106	6.31k	if(policy.negotiate_encrypt_then_mac())
107	6.31k	m_extensions.add(new Encrypt_then_MAC);
108
109	6.31k	m_extensions.add(new Renegotiation_Extension(reneg_info));
110
111	6.31k	m_extensions.add(new Supported_Versions(m_version, policy));
112
113	6.31k	if(client_settings.hostname() != "")
114	6.31k	m_extensions.add(new Server_Name_Indicator(client_settings.hostname()));
115
116	6.31k	if(policy.support_cert_status_message())
117	6.31k	m_extensions.add(new Certificate_Status_Request({}, {}));
118
119	6.31k	if(reneg_info.empty() && !next_protocols.empty())
120	0	m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols));
121
122	6.31k	if(m_version.supports_negotiable_signature_algorithms())
123	6.31k	m_extensions.add(new Signature_Algorithms(policy.acceptable_signature_schemes()));
124
125	6.31k	if(m_version.is_datagram_protocol())
126	0	m_extensions.add(new SRTP_Protection_Profiles(policy.srtp_profiles()));
127
128	6.31k	std::unique_ptr<Supported_Groups> supported_groups(new Supported_Groups(policy.key_exchange_groups()));
129
130	6.31k	if(supported_groups->ec_groups().size() > 0)
131	6.31k	{
132	6.31k	m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
133	6.31k	}
134
135	6.31k	m_extensions.add(supported_groups.release());
136
137	6.31k	cb.tls_modify_extensions(m_extensions, CLIENT);
138
139	6.31k	if(policy.send_fallback_scsv(client_settings.protocol_version()))
140	0	m_suites.push_back(TLS_FALLBACK_SCSV);
141
142	6.31k	hash.update(io.send(*this));
143	6.31k	}
144
145		/*
146		* Create a new Client Hello message (session resumption case)
147		*/
148		Client_Hello::Client_Hello(Handshake_IO& io,
149		Handshake_Hash& hash,
150		const Policy& policy,
151		Callbacks& cb,
152		RandomNumberGenerator& rng,
153		const std::vector<uint8_t>& reneg_info,
154		const Session& session,
155		const std::vector<std::string>& next_protocols) :
156		m_version(session.version()),
157		m_session_id(session.session_id()),
158		m_random(make_hello_random(rng, policy)),
159		m_suites(policy.ciphersuite_list(m_version)),
160		m_comp_methods(1)
161	0	{
162	0	if(!policy.acceptable_protocol_version(m_version))
163	0	throw Internal_Error("Offering " + m_version.to_string() +
164	0	" but our own policy does not accept it");
165
166	0	if(!value_exists(m_suites, session.ciphersuite_code()))
167	0	m_suites.push_back(session.ciphersuite_code());
168
169		/*
170		We always add the EMS extension, even if not used in the original session.
171		If the server understands it and follows the RFC it should reject our resume
172		attempt and upgrade us to a new session with the EMS protection.
173		*/
174	0	m_extensions.add(new Extended_Master_Secret);
175
176	0	m_extensions.add(new Renegotiation_Extension(reneg_info));
177	0	m_extensions.add(new Server_Name_Indicator(session.server_info().hostname()));
178	0	m_extensions.add(new Session_Ticket(session.session_ticket()));
179
180	0	if(policy.support_cert_status_message())
181	0	m_extensions.add(new Certificate_Status_Request({}, {}));
182
183	0	std::unique_ptr<Supported_Groups> supported_groups(new Supported_Groups(policy.key_exchange_groups()));
184
185	0	if(supported_groups->ec_groups().size() > 0)
186	0	{
187	0	m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
188	0	}
189
190	0	m_extensions.add(supported_groups.release());
191
192	0	if(session.supports_encrypt_then_mac())
193	0	m_extensions.add(new Encrypt_then_MAC);
194
195	0	if(m_version.supports_negotiable_signature_algorithms())
196	0	m_extensions.add(new Signature_Algorithms(policy.acceptable_signature_schemes()));
197
198	0	if(reneg_info.empty() && !next_protocols.empty())
199	0	m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols));
200
201	0	cb.tls_modify_extensions(m_extensions, CLIENT);
202
203	0	hash.update(io.send(*this));
204	0	}
205
206		void Client_Hello::update_hello_cookie(const Hello_Verify_Request& hello_verify)
207	0	{
208	0	if(!m_version.is_datagram_protocol())
209	0	throw Invalid_State("Cannot use hello cookie with stream protocol");
210
211	0	m_hello_cookie = hello_verify.cookie();
212	0	}
213
214		/*
215		* Serialize a Client Hello message
216		*/
217		std::vector<uint8_t> Client_Hello::serialize() const
218	6.31k	{
219	6.31k	std::vector<uint8_t> buf;
220
221	6.31k	buf.push_back(m_version.major_version());
222	6.31k	buf.push_back(m_version.minor_version());
223	6.31k	buf += m_random;
224
225	6.31k	append_tls_length_value(buf, m_session_id, 1);
226
227	6.31k	if(m_version.is_datagram_protocol())
228	0	append_tls_length_value(buf, m_hello_cookie, 1);
229
230	6.31k	append_tls_length_value(buf, m_suites, 2);
231	6.31k	append_tls_length_value(buf, m_comp_methods, 1);
232
233		/*
234		* May not want to send extensions at all in some cases. If so,
235		* should include SCSV value (if reneg info is empty, if not we are
236		* renegotiating with a modern server)
237		*/
238
239	6.31k	buf += m_extensions.serialize(Connection_Side::CLIENT);
240
241	6.31k	return buf;
242	6.31k	}
243
244		std::vector<uint8_t> Client_Hello::cookie_input_data() const
245	8.34k	{
246	8.34k	if(m_cookie_input_bits.empty())
247	0	throw Invalid_State("Client_Hello::cookie_input_data called but was not computed");
248
249	8.34k	return m_cookie_input_bits;
250	8.34k	}
251
252		/*
253		* Read a counterparty client hello
254		*/
255		Client_Hello::Client_Hello(const std::vector<uint8_t>& buf)
256	32.2k	{
257	32.2k	if(buf.size() < 41)
258	62	throw Decoding_Error("Client_Hello: Packet corrupted");
259
260	32.2k	TLS_Data_Reader reader("ClientHello", buf);
261
262	32.2k	const uint8_t major_version = reader.get_byte();
263	32.2k	const uint8_t minor_version = reader.get_byte();
264
265	32.2k	m_version = Protocol_Version(major_version, minor_version);
266	32.2k	m_random = reader.get_fixed<uint8_t>(32);
267	32.2k	m_session_id = reader.get_range<uint8_t>(1, 0, 32);
268
269	32.2k	if(m_version.is_datagram_protocol())
270	8.78k	{
271	8.78k	auto sha256 = HashFunction::create_or_throw("SHA-256");
272	8.78k	sha256->update(reader.get_data_read_so_far());
273
274	8.78k	m_hello_cookie = reader.get_range<uint8_t>(1, 0, 255);
275
276	8.78k	sha256->update(reader.get_remaining());
277	8.78k	m_cookie_input_bits.resize(sha256->output_length());
278	8.78k	sha256->final(m_cookie_input_bits.data());
279	8.78k	}
280
281	32.2k	m_suites = reader.get_range_vector<uint16_t>(2, 1, 32767);
282
283	32.2k	m_comp_methods = reader.get_range_vector<uint8_t>(1, 1, 255);
284
285	32.2k	m_extensions.deserialize(reader, Connection_Side::CLIENT);
286
287	32.2k	if(offered_suite(static_cast<uint16_t>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)))
288	13.7k	{
289	13.7k	if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
290	260	{
291	260	if(!reneg->renegotiation_info().empty())
292	2	throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
293	2	"Client sent renegotiation SCSV and non-empty extension");
294	13.5k	}
295	13.5k	else
296	13.5k	{
297		// add fake extension
298	13.5k	m_extensions.add(new Renegotiation_Extension());
299	13.5k	}
300	13.7k	}
301	32.2k	}
302
303		bool Client_Hello::sent_fallback_scsv() const
304	30.3k	{
305	30.3k	return offered_suite(static_cast<uint16_t>(TLS_FALLBACK_SCSV));
306	30.3k	}
307
308		/*
309		* Check if we offered this ciphersuite
310		*/
311		bool Client_Hello::offered_suite(uint16_t ciphersuite) const
312	65.8k	{
313	383k	for(size_t i = 0; i != m_suites.size(); ++i)
314	336k	if(m_suites[i] == ciphersuite)
315	18.9k	return true;
316	46.8k	return false;
317	65.8k	}
318
319		std::vector<Signature_Scheme> Client_Hello::signature_schemes() const
320	353	{
321	353	std::vector<Signature_Scheme> schemes;
322
323	353	if(Signature_Algorithms* sigs = m_extensions.get<Signature_Algorithms>())
324	317	{
325	317	schemes = sigs->supported_schemes();
326	317	}
327
328	353	return schemes;
329	353	}
330
331		std::vector<Group_Params> Client_Hello::supported_ecc_curves() const
332	42.8k	{
333	42.8k	if(Supported_Groups* groups = m_extensions.get<Supported_Groups>())
334	42.3k	return groups->ec_groups();
335	515	return std::vector<Group_Params>();
336	515	}
337
338		std::vector<Group_Params> Client_Hello::supported_dh_groups() const
339	0	{
340	0	if(Supported_Groups* groups = m_extensions.get<Supported_Groups>())
341	0	return groups->dh_groups();
342	0	return std::vector<Group_Params>();
343	0	}
344
345		bool Client_Hello::prefers_compressed_ec_points() const
346	20.3k	{
347	20.3k	if(Supported_Point_Formats* ecc_formats = m_extensions.get<Supported_Point_Formats>())
348	8.95k	{
349	8.95k	return ecc_formats->prefers_compressed();
350	8.95k	}
351	11.3k	return false;
352	11.3k	}
353
354		std::string Client_Hello::sni_hostname() const
355	53.3k	{
356	53.3k	if(Server_Name_Indicator* sni = m_extensions.get<Server_Name_Indicator>())
357	3.08k	return sni->host_name();
358	50.2k	return "";
359	50.2k	}
360
361		bool Client_Hello::secure_renegotiation() const
362	49.8k	{
363	49.8k	return m_extensions.has<Renegotiation_Extension>();
364	49.8k	}
365
366		std::vector<uint8_t> Client_Hello::renegotiation_info() const
367	19.7k	{
368	19.7k	if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>())
369	19.7k	return reneg->renegotiation_info();
370	0	return std::vector<uint8_t>();
371	0	}
372
373		std::vector<Protocol_Version> Client_Hello::supported_versions() const
374	30.3k	{
375	30.3k	if(Supported_Versions* versions = m_extensions.get<Supported_Versions>())
376	1.49k	return versions->versions();
377	28.8k	return {};
378	28.8k	}
379
380		bool Client_Hello::supports_session_ticket() const
381	21.6k	{
382	21.6k	return m_extensions.has<Session_Ticket>();
383	21.6k	}
384
385		std::vector<uint8_t> Client_Hello::session_ticket() const
386	21.9k	{
387	21.9k	if(Session_Ticket* ticket = m_extensions.get<Session_Ticket>())
388	2.07k	return ticket->contents();
389	19.8k	return std::vector<uint8_t>();
390	19.8k	}
391
392		bool Client_Hello::supports_alpn() const
393	33.6k	{
394	33.6k	return m_extensions.has<Application_Layer_Protocol_Notification>();
395	33.6k	}
396
397		bool Client_Hello::supports_extended_master_secret() const
398	21.6k	{
399	21.6k	return m_extensions.has<Extended_Master_Secret>();
400	21.6k	}
401
402		bool Client_Hello::supports_cert_status_message() const
403	21.7k	{
404	21.7k	return m_extensions.has<Certificate_Status_Request>();
405	21.7k	}
406
407		bool Client_Hello::supports_encrypt_then_mac() const
408	15.2k	{
409	15.2k	return m_extensions.has<Encrypt_then_MAC>();
410	15.2k	}
411
412		bool Client_Hello::sent_signature_algorithms() const
413	0	{
414	0	return m_extensions.has<Signature_Algorithms>();
415	0	}
416
417		std::vector<std::string> Client_Hello::next_protocols() const
418	11.8k	{
419	11.8k	if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>())
420	11.8k	return alpn->protocols();
421	0	return std::vector<std::string>();
422	0	}
423
424		std::vector<uint16_t> Client_Hello::srtp_profiles() const
425	0	{
426	0	if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>())
427	0	return srtp->profiles();
428	0	return std::vector<uint16_t>();
429	0	}
430
431
432		}
433
434		}