Coverage Report

Created: 2022-06-23 06:44

/src/botan/build/include/botan/tls_messages.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
* TLS Messages
3
* (C) 2004-2011,2015 Jack Lloyd
4
*     2016 Matthias Gierlings
5
*
6
* Botan is released under the Simplified BSD License (see license.txt)
7
*/
8
9
#ifndef BOTAN_TLS_MESSAGES_H_
10
#define BOTAN_TLS_MESSAGES_H_
11
12
#include <vector>
13
#include <string>
14
#include <set>
15
#include <memory>
16
#include <optional>
17
#include <variant>
18
19
#include <botan/tls_extensions.h>
20
#include <botan/tls_handshake_msg.h>
21
#include <botan/tls_session.h>
22
#include <botan/tls_policy.h>
23
#include <botan/tls_ciphersuite.h>
24
#include <botan/pk_keys.h>
25
#include <botan/x509cert.h>
26
27
#if defined(BOTAN_HAS_CECPQ1)
28
  #include <botan/cecpq1.h>
29
#endif
30
31
namespace Botan {
32
33
class Public_Key;
34
class Credentials_Manager;
35
36
namespace OCSP {
37
class Response;
38
}
39
40
namespace TLS {
41
42
class Session;
43
class Handshake_IO;
44
class Handshake_State;
45
class Hello_Retry_Request;
46
class Callbacks;
47
class Cipher_State;
48
49
std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng,
50
                                       Callbacks& cb,
51
                                       const Policy& policy);
52
53
/**
54
* DTLS Hello Verify Request
55
*/
56
class BOTAN_UNSTABLE_API Hello_Verify_Request final : public Handshake_Message
57
   {
58
   public:
59
      std::vector<uint8_t> serialize() const override;
60
2.33k
      Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; }
61
62
1.17k
      const std::vector<uint8_t>& cookie() const { return m_cookie; }
63
64
      explicit Hello_Verify_Request(const std::vector<uint8_t>& buf);
65
66
      Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits,
67
                           const std::string& client_identity,
68
                           const SymmetricKey& secret_key);
69
70
   private:
71
      std::vector<uint8_t> m_cookie;
72
   };
73
74
/**
75
* Client Hello Message
76
*/
77
class BOTAN_UNSTABLE_API Client_Hello : public Handshake_Message
78
   {
79
   public:
80
      Handshake_Type type() const override;
81
82
      /**
83
       * Return the version indicated in the ClientHello.
84
       * This may differ from the version indicated in the supported_versions extension.
85
       *
86
       * See RFC 8446 4.1.2:
87
       *   TLS 1.3, the client indicates its version preferences in the
88
       *   "supported_versions" extension (Section 4.2.1) and the
89
       *   legacy_version field MUST be set to 0x0303, which is the version
90
       *   number for TLS 1.2.
91
       */
92
      Protocol_Version legacy_version() const;
93
94
      const std::vector<uint8_t>& random() const;
95
96
      const std::vector<uint8_t>& session_id() const;
97
98
      const std::vector<uint16_t>& ciphersuites() const;
99
100
      bool offered_suite(uint16_t ciphersuite) const;
101
102
      std::vector<Signature_Scheme> signature_schemes() const;
103
104
      std::vector<Group_Params> supported_ecc_curves() const;
105
106
      std::vector<Group_Params> supported_dh_groups() const;
107
108
      std::vector<Protocol_Version> supported_versions() const;
109
110
      std::string sni_hostname() const;
111
112
      bool supports_alpn() const;
113
114
      bool sent_signature_algorithms() const;
115
116
      std::vector<std::string> next_protocols() const;
117
118
      std::vector<uint16_t> srtp_profiles() const;
119
120
      std::vector<uint8_t> serialize() const override;
121
122
123
      const std::vector<uint8_t>& cookie() const;
124
125
      std::vector<uint8_t> cookie_input_data() const;
126
127
      std::set<Handshake_Extension_Type> extension_types() const;
128
129
      const Extensions& extensions() const;
130
131
   protected:
132
1.42k
      Client_Hello() : m_comp_methods({ 0 }) {}
133
134
      explicit Client_Hello(const std::vector<uint8_t>& buf);
135
136
      const std::vector<uint8_t>& compression_methods() const;
137
138
   protected:
139
      Protocol_Version m_legacy_version;
140
      std::vector<uint8_t> m_session_id;
141
      std::vector<uint8_t> m_random;
142
      std::vector<uint16_t> m_suites;
143
      std::vector<uint8_t> m_comp_methods;
144
      Extensions m_extensions;
145
146
      std::vector<uint8_t> m_hello_cookie; // DTLS only
147
      std::vector<uint8_t> m_cookie_input_bits; // DTLS only
148
   };
149
150
class BOTAN_UNSTABLE_API Client_Hello_12 final : public Client_Hello
151
   {
152
   public:
153
      class Settings final
154
         {
155
         public:
156
            Settings(const Protocol_Version version,
157
                     const std::string& hostname = ""):
158
               m_new_session_version(version),
159
1.42k
               m_hostname(hostname) {}
160
161
2.85k
            const Protocol_Version protocol_version() const { return m_new_session_version; }
162
2.85k
            const std::string& hostname() const { return m_hostname; }
163
164
         private:
165
            const Protocol_Version m_new_session_version;
166
            const std::string m_hostname;
167
         };
168
169
   public:
170
22.8k
      explicit Client_Hello_12(const std::vector<uint8_t>& buf) : Client_Hello(buf) {}
171
172
      Client_Hello_12(Handshake_IO& io,
173
                      Handshake_Hash& hash,
174
                      const Policy& policy,
175
                      Callbacks& cb,
176
                      RandomNumberGenerator& rng,
177
                      const std::vector<uint8_t>& reneg_info,
178
                      const Settings& client_settings,
179
                      const std::vector<std::string>& next_protocols);
180
181
      Client_Hello_12(Handshake_IO& io,
182
                      Handshake_Hash& hash,
183
                      const Policy& policy,
184
                      Callbacks& cb,
185
                      RandomNumberGenerator& rng,
186
                      const std::vector<uint8_t>& reneg_info,
187
                      const Session& session,
188
                      const std::vector<std::string>& next_protocols);
189
190
      using Client_Hello::random;
191
      using Client_Hello::compression_methods;
192
193
      bool prefers_compressed_ec_points() const;
194
195
      bool secure_renegotiation() const;
196
197
      std::vector<uint8_t> renegotiation_info() const;
198
199
      bool supports_session_ticket() const;
200
201
      std::vector<uint8_t> session_ticket() const;
202
203
      bool supports_extended_master_secret() const;
204
205
      bool supports_cert_status_message() const;
206
207
      bool supports_encrypt_then_mac() const;
208
209
      void update_hello_cookie(const Hello_Verify_Request& hello_verify);
210
   };
211
212
/**
213
* Server Hello Message
214
*/
215
class BOTAN_UNSTABLE_API Server_Hello : public Handshake_Message
216
   {
217
   public:
218
      std::vector<uint8_t> serialize() const override;
219
220
      Handshake_Type type() const override;
221
222
      // methods available in both subclasses' interface
223
      uint16_t ciphersuite() const;
224
      const Extensions& extensions() const;
225
      const std::vector<uint8_t>& session_id() const;
226
227
      virtual Protocol_Version selected_version() const = 0;
228
229
   protected:
230
      /**
231
       * Version-agnostic internal server hello data container that allows
232
       * parsing Server_Hello messages without prior knowledge of the contained
233
       * protocol version.
234
       */
235
      class Internal
236
         {
237
         public:
238
            Internal(const std::vector<uint8_t>& buf);
239
240
            Internal(Protocol_Version legacy_version,
241
                     std::vector<uint8_t> session_id,
242
                     std::vector<uint8_t> random,
243
                     const uint16_t ciphersuite,
244
                     const uint8_t comp_method);
245
246
            Protocol_Version version() const;
247
248
         public:
249
            Protocol_Version legacy_version;
250
            std::vector<uint8_t> session_id;
251
            std::vector<uint8_t> random;
252
            bool is_hello_retry_request;
253
            uint16_t ciphersuite;
254
            uint8_t  comp_method;
255
256
            Extensions  extensions;
257
         };
258
259
   protected:
260
      explicit Server_Hello(std::unique_ptr<Internal> data)
261
19.9k
         : m_data(std::move(data)) {}
262
263
      // methods used internally and potentially exposed by one of the subclasses
264
      std::set<Handshake_Extension_Type> extension_types() const;
265
      const std::vector<uint8_t>& random() const;
266
      uint8_t compression_method() const;
267
      Protocol_Version legacy_version() const;
268
269
   protected:
270
      std::unique_ptr<Internal> m_data;
271
   };
272
273
class BOTAN_UNSTABLE_API Server_Hello_12 final : public Server_Hello
274
   {
275
   public:
276
      class Settings final
277
         {
278
         public:
279
            Settings(const std::vector<uint8_t> new_session_id,
280
                     Protocol_Version new_session_version,
281
                     uint16_t ciphersuite,
282
                     bool offer_session_ticket) :
283
               m_new_session_id(new_session_id),
284
               m_new_session_version(new_session_version),
285
               m_ciphersuite(ciphersuite),
286
19.7k
               m_offer_session_ticket(offer_session_ticket) {}
287
288
19.7k
            const std::vector<uint8_t>& session_id() const { return m_new_session_id; }
289
39.5k
            Protocol_Version protocol_version() const { return m_new_session_version; }
290
19.7k
            uint16_t ciphersuite() const { return m_ciphersuite; }
291
6.63k
            bool offer_session_ticket() const { return m_offer_session_ticket; }
292
293
         private:
294
            const std::vector<uint8_t> m_new_session_id;
295
            Protocol_Version m_new_session_version;
296
            uint16_t m_ciphersuite;
297
            bool m_offer_session_ticket;
298
         };
299
300
      Server_Hello_12(Handshake_IO& io,
301
                      Handshake_Hash& hash,
302
                      const Policy& policy,
303
                      Callbacks& cb,
304
                      RandomNumberGenerator& rng,
305
                      const std::vector<uint8_t>& secure_reneg_info,
306
                      const Client_Hello_12& client_hello,
307
                      const Settings& settings,
308
                      const std::string& next_protocol);
309
310
      Server_Hello_12(Handshake_IO& io,
311
                      Handshake_Hash& hash,
312
                      const Policy& policy,
313
                      Callbacks& cb,
314
                      RandomNumberGenerator& rng,
315
                      const std::vector<uint8_t>& secure_reneg_info,
316
                      const Client_Hello_12& client_hello,
317
                      Session& resumed_session,
318
                      bool offer_session_ticket,
319
                      const std::string& next_protocol);
320
321
      explicit Server_Hello_12(const std::vector<uint8_t> &buf);
322
323
   protected:
324
      friend class Server_Hello_13;  // to allow construction by Server_Hello_13::parse()
325
      explicit Server_Hello_12(std::unique_ptr<Server_Hello::Internal> data);
326
327
   public:
328
      using Server_Hello::random;
329
      using Server_Hello::compression_method;
330
      using Server_Hello::extension_types;
331
      using Server_Hello::legacy_version;
332
333
      /**
334
       * @returns the selected version as indicated in the legacy_version field
335
       */
336
      Protocol_Version selected_version() const override;
337
338
      bool secure_renegotiation() const;
339
340
      std::vector<uint8_t> renegotiation_info() const;
341
342
      std::string next_protocol() const;
343
344
      bool supports_extended_master_secret() const;
345
346
      bool supports_encrypt_then_mac() const;
347
348
      bool supports_certificate_status_message() const;
349
350
      bool supports_session_ticket() const;
351
352
      uint16_t srtp_profile() const;
353
      bool prefers_compressed_ec_points() const;
354
355
      /**
356
       * Return desired downgrade version indicated by hello random, if any.
357
       */
358
      std::optional<Protocol_Version> random_signals_downgrade() const;
359
   };
360
361
/**
362
* Client Key Exchange Message
363
*/
364
class BOTAN_UNSTABLE_API Client_Key_Exchange final : public Handshake_Message
365
   {
366
   public:
367
0
      Handshake_Type type() const override { return CLIENT_KEX; }
368
369
      const secure_vector<uint8_t>& pre_master_secret() const
370
13.5k
         { return m_pre_master; }
371
372
      Client_Key_Exchange(Handshake_IO& io,
373
                          Handshake_State& state,
374
                          const Policy& policy,
375
                          Credentials_Manager& creds,
376
                          const Public_Key* server_public_key,
377
                          const std::string& hostname,
378
                          RandomNumberGenerator& rng);
379
380
      Client_Key_Exchange(const std::vector<uint8_t>& buf,
381
                          const Handshake_State& state,
382
                          const Private_Key* server_rsa_kex_key,
383
                          Credentials_Manager& creds,
384
                          const Policy& policy,
385
                          RandomNumberGenerator& rng);
386
387
   private:
388
      std::vector<uint8_t> serialize() const override
389
0
         { return m_key_material; }
390
391
      std::vector<uint8_t> m_key_material;
392
      secure_vector<uint8_t> m_pre_master;
393
   };
394
395
/**
396
* Certificate Message of TLS 1.2
397
*/
398
class BOTAN_UNSTABLE_API Certificate_12 final : public Handshake_Message
399
   {
400
   public:
401
181
      Handshake_Type type() const override { return CERTIFICATE; }
402
91
      const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
403
404
0
      size_t count() const { return m_certs.size(); }
405
0
      bool empty() const { return m_certs.empty(); }
406
407
      Certificate_12(Handshake_IO& io,
408
                     Handshake_Hash& hash,
409
                     const std::vector<X509_Certificate>& certs);
410
411
      Certificate_12(const std::vector<uint8_t>& buf, const Policy& policy);
412
413
      std::vector<uint8_t> serialize() const override;
414
415
   private:
416
      std::vector<X509_Certificate> m_certs;
417
   };
418
419
/**
420
* Certificate Status (RFC 6066)
421
*/
422
class BOTAN_UNSTABLE_API Certificate_Status final : public Handshake_Message
423
   {
424
   public:
425
0
      Handshake_Type type() const override { return CERTIFICATE_STATUS; }
426
427
      //std::shared_ptr<const OCSP::Response> response() const { return m_response; }
428
429
0
      const std::vector<uint8_t>& response() const { return m_response; }
430
431
      explicit Certificate_Status(const std::vector<uint8_t>& buf);
432
433
      Certificate_Status(Handshake_IO& io,
434
                         Handshake_Hash& hash,
435
                         const OCSP::Response& response);
436
437
      /*
438
       * Create a Certificate_Status message using an already DER encoded OCSP response.
439
       */
440
      Certificate_Status(Handshake_IO& io,
441
                         Handshake_Hash& hash,
442
                         const std::vector<uint8_t>& raw_response_bytes);
443
444
   private:
445
      std::vector<uint8_t> serialize() const override;
446
      std::vector<uint8_t> m_response;
447
   };
448
449
/**
450
* Certificate Request Message
451
* TODO: this is 1.2 only
452
*/
453
class BOTAN_UNSTABLE_API Certificate_Req final : public Handshake_Message
454
   {
455
   public:
456
      Handshake_Type type() const override;
457
458
      const std::vector<std::string>& acceptable_cert_types() const;
459
460
      const std::vector<X509_DN>& acceptable_CAs() const;
461
462
      const std::vector<Signature_Scheme>& signature_schemes() const;
463
464
      Certificate_Req(Handshake_IO& io,
465
                      Handshake_Hash& hash,
466
                      const Policy& policy,
467
                      const std::vector<X509_DN>& allowed_cas);
468
469
      explicit Certificate_Req(const std::vector<uint8_t>& buf);
470
471
      std::vector<uint8_t> serialize() const override;
472
473
   private:
474
      std::vector<X509_DN> m_names;
475
      std::vector<std::string> m_cert_key_types;
476
      std::vector<Signature_Scheme> m_schemes;
477
   };
478
479
class BOTAN_UNSTABLE_API Certificate_Verify : public Handshake_Message
480
   {
481
   public:
482
0
      Handshake_Type type() const override { return CERTIFICATE_VERIFY; }
483
484
      Certificate_Verify(Handshake_IO& io,
485
                         Handshake_State& state,
486
                         const Policy& policy,
487
                         RandomNumberGenerator& rng,
488
                         const Private_Key* key);
489
490
      Certificate_Verify(const std::vector<uint8_t>& buf);
491
492
      std::vector<uint8_t> serialize() const override;
493
494
   protected:
495
      std::vector<uint8_t> m_signature;
496
      Signature_Scheme m_scheme = Signature_Scheme::NONE;
497
   };
498
499
/**
500
* Certificate Verify Message
501
*/
502
class BOTAN_UNSTABLE_API Certificate_Verify_12 final : public Certificate_Verify
503
   {
504
   public:
505
      using Certificate_Verify::Certificate_Verify;
506
507
      /**
508
      * Check the signature on a certificate verify message
509
      * @param cert the purported certificate
510
      * @param state the handshake state
511
      * @param policy the TLS policy
512
      */
513
      bool verify(const X509_Certificate& cert,
514
                  const Handshake_State& state,
515
                  const Policy& policy) const;
516
   };
517
518
/**
519
* Finished Message
520
*/
521
class BOTAN_UNSTABLE_API Finished : public Handshake_Message
522
   {
523
   public:
524
      explicit Finished(const std::vector<uint8_t>& buf);
525
526
616
      Handshake_Type type() const override { return FINISHED; }
527
528
      std::vector<uint8_t> verify_data() const;
529
530
      std::vector<uint8_t> serialize() const override;
531
532
   protected:
533
      using Handshake_Message::Handshake_Message;
534
      std::vector<uint8_t> m_verification_data;
535
   };
536
537
class BOTAN_UNSTABLE_API Finished_12 final : public Finished
538
   {
539
   public:
540
      using Finished::Finished;
541
      Finished_12(Handshake_IO& io,
542
                  Handshake_State& state,
543
                  Connection_Side side);
544
545
      bool verify(const Handshake_State& state, Connection_Side side) const;
546
   };
547
548
/**
549
* Hello Request Message
550
*/
551
class BOTAN_UNSTABLE_API Hello_Request final : public Handshake_Message
552
   {
553
   public:
554
0
      Handshake_Type type() const override { return HELLO_REQUEST; }
555
556
      explicit Hello_Request(Handshake_IO& io);
557
      explicit Hello_Request(const std::vector<uint8_t>& buf);
558
559
   private:
560
      std::vector<uint8_t> serialize() const override;
561
   };
562
563
/**
564
* Server Key Exchange Message
565
*/
566
class BOTAN_UNSTABLE_API Server_Key_Exchange final : public Handshake_Message
567
   {
568
   public:
569
39.3k
      Handshake_Type type() const override { return SERVER_KEX; }
570
571
19.6k
      const std::vector<uint8_t>& params() const { return m_params; }
572
573
      bool verify(const Public_Key& server_key,
574
                  const Handshake_State& state,
575
                  const Policy& policy) const;
576
577
      // Only valid for certain kex types
578
      const Private_Key& server_kex_key() const;
579
580
#if defined(BOTAN_HAS_CECPQ1)
581
      // Only valid for CECPQ1 negotiation
582
      const CECPQ1_key& cecpq1_key() const
583
0
         {
584
0
         BOTAN_ASSERT_NONNULL(m_cecpq1_key);
585
0
         return *m_cecpq1_key;
586
0
         }
Unexecuted instantiation: Botan::TLS::Server_Key_Exchange::cecpq1_key() const
Unexecuted instantiation: Botan::TLS::Server_Key_Exchange::cecpq1_key() const
587
#endif
588
589
      Server_Key_Exchange(Handshake_IO& io,
590
                          Handshake_State& state,
591
                          const Policy& policy,
592
                          Credentials_Manager& creds,
593
                          RandomNumberGenerator& rng,
594
                          const Private_Key* signing_key = nullptr);
595
596
      Server_Key_Exchange(const std::vector<uint8_t>& buf,
597
                          Kex_Algo kex_alg,
598
                          Auth_Method sig_alg,
599
                          Protocol_Version version);
600
601
   private:
602
      std::vector<uint8_t> serialize() const override;
603
604
#if defined(BOTAN_HAS_CECPQ1)
605
      std::unique_ptr<CECPQ1_key> m_cecpq1_key;
606
#endif
607
608
      std::unique_ptr<Private_Key> m_kex_key;
609
610
      std::vector<uint8_t> m_params;
611
612
      std::vector<uint8_t> m_signature;
613
      Signature_Scheme m_scheme = Signature_Scheme::NONE;
614
   };
615
616
/**
617
* Server Hello Done Message
618
*/
619
class BOTAN_UNSTABLE_API Server_Hello_Done final : public Handshake_Message
620
   {
621
   public:
622
39.3k
      Handshake_Type type() const override { return SERVER_HELLO_DONE; }
623
624
      explicit Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash);
625
      explicit Server_Hello_Done(const std::vector<uint8_t>& buf);
626
627
   private:
628
      std::vector<uint8_t> serialize() const override;
629
   };
630
631
/**
632
* New Session Ticket Message
633
*/
634
class BOTAN_UNSTABLE_API New_Session_Ticket_12 final : public Handshake_Message
635
   {
636
   public:
637
362
      Handshake_Type type() const override { return NEW_SESSION_TICKET; }
638
639
0
      uint32_t ticket_lifetime_hint() const { return m_ticket_lifetime_hint; }
640
0
      const std::vector<uint8_t>& ticket() const { return m_ticket; }
641
642
      New_Session_Ticket_12(Handshake_IO& io,
643
                            Handshake_Hash& hash,
644
                            const std::vector<uint8_t>& ticket,
645
                            uint32_t lifetime);
646
647
      New_Session_Ticket_12(Handshake_IO& io,
648
                            Handshake_Hash& hash);
649
650
      explicit New_Session_Ticket_12(const std::vector<uint8_t>& buf);
651
652
      std::vector<uint8_t> serialize() const override;
653
654
   private:
655
      uint32_t m_ticket_lifetime_hint = 0;
656
      std::vector<uint8_t> m_ticket;
657
   };
658
659
/**
660
* Change Cipher Spec
661
*/
662
class BOTAN_UNSTABLE_API Change_Cipher_Spec final : public Handshake_Message
663
   {
664
   public:
665
308
      Handshake_Type type() const override { return HANDSHAKE_CCS; }
666
667
      std::vector<uint8_t> serialize() const override
668
308
         { return std::vector<uint8_t>(1, 1); }
669
   };
670
671
}
672
673
}
674
675
#endif