1 /* 2 * TLS Messages 3 * (C) 2004-2011,2015 Jack Lloyd 4 * 2016 Matthias Gierlings 5 * 6 * Botan is released under the Simplified BSD License (see license.txt) 7 */ 8 9 #ifndef BOTAN_TLS_MESSAGES_H_ 10 #define BOTAN_TLS_MESSAGES_H_ 11 12 #include <botan/tls_extensions.h> 13 #include <botan/tls_handshake_msg.h> 14 #include <botan/tls_session.h> 15 #include <botan/tls_policy.h> 16 #include <botan/tls_ciphersuite.h> 17 #include <botan/pk_keys.h> 18 #include <botan/x509cert.h> 19 #include <botan/ocsp.h> 20 #include <vector> 21 #include <string> 22 #include <set> 23 24 #if defined(BOTAN_HAS_CECPQ1) 25 #include <botan/cecpq1.h> 26 #endif 27 28 #if defined(BOTAN_HAS_SRP6) 29 #include <botan/srp6.h> 30 #endif 31 32 namespace Botan { 33 34 class Public_Key; 35 class Credentials_Manager; 36 37 namespace TLS { 38 39 class Session; 40 class Handshake_IO; 41 class Handshake_State; 42 class Callbacks; 43 44 std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng, 45 const Policy& policy); 46 47 /** 48 * DTLS Hello Verify Request 49 */ 50 class BOTAN_UNSTABLE_API Hello_Verify_Request final : public Handshake_Message 51 { 52 public: 53 std::vector<uint8_t> serialize() const override; type()54 Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; } 55 cookie()56 const std::vector<uint8_t>& cookie() const { return m_cookie; } 57 58 explicit Hello_Verify_Request(const std::vector<uint8_t>& buf); 59 60 Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits, 61 const std::string& client_identity, 62 const SymmetricKey& secret_key); 63 private: 64 std::vector<uint8_t> m_cookie; 65 }; 66 67 /** 68 * Client Hello Message 69 */ 70 class BOTAN_UNSTABLE_API Client_Hello final : public Handshake_Message 71 { 72 public: 73 class Settings final 74 { 75 public: 76 Settings(const Protocol_Version version, 77 const std::string& hostname = "", 78 const std::string& srp_identifier = "") : m_new_session_version(version)79 m_new_session_version(version), 80 m_hostname(hostname), 81 m_srp_identifier(srp_identifier) {} 82 protocol_version()83 const Protocol_Version protocol_version() const { return m_new_session_version; } hostname()84 const std::string& hostname() const { return m_hostname; } srp_identifier()85 const std::string& srp_identifier() const { return m_srp_identifier; } 86 87 private: 88 const Protocol_Version m_new_session_version; 89 const std::string m_hostname; 90 const std::string m_srp_identifier; 91 }; 92 type()93 Handshake_Type type() const override { return CLIENT_HELLO; } 94 version()95 Protocol_Version version() const { return m_version; } 96 97 std::vector<Protocol_Version> supported_versions() const; 98 random()99 const std::vector<uint8_t>& random() const { return m_random; } 100 session_id()101 const std::vector<uint8_t>& session_id() const { return m_session_id; } 102 compression_methods()103 const std::vector<uint8_t>& compression_methods() const { return m_comp_methods; } 104 ciphersuites()105 const std::vector<uint16_t>& ciphersuites() const { return m_suites; } 106 107 bool offered_suite(uint16_t ciphersuite) const; 108 109 bool sent_fallback_scsv() const; 110 111 std::vector<Signature_Scheme> signature_schemes() const; 112 113 std::vector<Group_Params> supported_ecc_curves() const; 114 115 std::vector<Group_Params> supported_dh_groups() const; 116 117 bool prefers_compressed_ec_points() const; 118 119 std::string sni_hostname() const; 120 121 #if defined(BOTAN_HAS_SRP6) 122 std::string srp_identifier() const; 123 #endif 124 125 bool secure_renegotiation() const; 126 127 std::vector<uint8_t> renegotiation_info() const; 128 129 bool supports_session_ticket() const; 130 131 std::vector<uint8_t> session_ticket() const; 132 133 bool supports_alpn() const; 134 135 bool supports_extended_master_secret() const; 136 137 bool supports_cert_status_message() const; 138 139 bool supports_encrypt_then_mac() const; 140 141 bool sent_signature_algorithms() const; 142 143 std::vector<std::string> next_protocols() const; 144 145 std::vector<uint16_t> srtp_profiles() const; 146 147 void update_hello_cookie(const Hello_Verify_Request& hello_verify); 148 cookie()149 const std::vector<uint8_t>& cookie() const { return m_hello_cookie; } 150 151 std::vector<uint8_t> cookie_input_data() const; 152 extension_types()153 std::set<Handshake_Extension_Type> extension_types() const 154 { return m_extensions.extension_types(); } 155 extensions()156 const Extensions& extensions() const { return m_extensions; } 157 158 Client_Hello(Handshake_IO& io, 159 Handshake_Hash& hash, 160 const Policy& policy, 161 Callbacks& cb, 162 RandomNumberGenerator& rng, 163 const std::vector<uint8_t>& reneg_info, 164 const Client_Hello::Settings& client_settings, 165 const std::vector<std::string>& next_protocols); 166 167 Client_Hello(Handshake_IO& io, 168 Handshake_Hash& hash, 169 const Policy& policy, 170 Callbacks& cb, 171 RandomNumberGenerator& rng, 172 const std::vector<uint8_t>& reneg_info, 173 const Session& resumed_session, 174 const std::vector<std::string>& next_protocols); 175 176 explicit Client_Hello(const std::vector<uint8_t>& buf); 177 178 private: 179 std::vector<uint8_t> serialize() const override; 180 181 Protocol_Version m_version; 182 std::vector<uint8_t> m_session_id; 183 std::vector<uint8_t> m_random; 184 std::vector<uint16_t> m_suites; 185 std::vector<uint8_t> m_comp_methods; 186 std::vector<uint8_t> m_hello_cookie; // DTLS only 187 188 Extensions m_extensions; 189 }; 190 191 /** 192 * Server Hello Message 193 */ 194 class BOTAN_UNSTABLE_API Server_Hello final : public Handshake_Message 195 { 196 public: 197 class Settings final 198 { 199 public: Settings(const std::vector<uint8_t> new_session_id,Protocol_Version new_session_version,uint16_t ciphersuite,bool offer_session_ticket)200 Settings(const std::vector<uint8_t> new_session_id, 201 Protocol_Version new_session_version, 202 uint16_t ciphersuite, 203 bool offer_session_ticket) : 204 m_new_session_id(new_session_id), 205 m_new_session_version(new_session_version), 206 m_ciphersuite(ciphersuite), 207 m_offer_session_ticket(offer_session_ticket) {} 208 session_id()209 const std::vector<uint8_t>& session_id() const { return m_new_session_id; } protocol_version()210 Protocol_Version protocol_version() const { return m_new_session_version; } ciphersuite()211 uint16_t ciphersuite() const { return m_ciphersuite; } offer_session_ticket()212 bool offer_session_ticket() const { return m_offer_session_ticket; } 213 214 private: 215 const std::vector<uint8_t> m_new_session_id; 216 Protocol_Version m_new_session_version; 217 uint16_t m_ciphersuite; 218 bool m_offer_session_ticket; 219 }; 220 221 type()222 Handshake_Type type() const override { return SERVER_HELLO; } 223 version()224 Protocol_Version version() const { return m_version; } 225 random()226 const std::vector<uint8_t>& random() const { return m_random; } 227 session_id()228 const std::vector<uint8_t>& session_id() const { return m_session_id; } 229 ciphersuite()230 uint16_t ciphersuite() const { return m_ciphersuite; } 231 compression_method()232 uint8_t compression_method() const { return m_comp_method; } 233 secure_renegotiation()234 bool secure_renegotiation() const 235 { 236 return m_extensions.has<Renegotiation_Extension>(); 237 } 238 renegotiation_info()239 std::vector<uint8_t> renegotiation_info() const 240 { 241 if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>()) 242 return reneg->renegotiation_info(); 243 return std::vector<uint8_t>(); 244 } 245 supports_extended_master_secret()246 bool supports_extended_master_secret() const 247 { 248 return m_extensions.has<Extended_Master_Secret>(); 249 } 250 supports_encrypt_then_mac()251 bool supports_encrypt_then_mac() const 252 { 253 return m_extensions.has<Encrypt_then_MAC>(); 254 } 255 supports_certificate_status_message()256 bool supports_certificate_status_message() const 257 { 258 return m_extensions.has<Certificate_Status_Request>(); 259 } 260 supports_session_ticket()261 bool supports_session_ticket() const 262 { 263 return m_extensions.has<Session_Ticket>(); 264 } 265 srtp_profile()266 uint16_t srtp_profile() const 267 { 268 if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>()) 269 { 270 auto prof = srtp->profiles(); 271 if(prof.size() != 1 || prof[0] == 0) 272 throw Decoding_Error("Server sent malformed DTLS-SRTP extension"); 273 return prof[0]; 274 } 275 276 return 0; 277 } 278 next_protocol()279 std::string next_protocol() const 280 { 281 if(auto alpn = m_extensions.get<Application_Layer_Protocol_Notification>()) 282 return alpn->single_protocol(); 283 return ""; 284 } 285 extension_types()286 std::set<Handshake_Extension_Type> extension_types() const 287 { return m_extensions.extension_types(); } 288 extensions()289 const Extensions& extensions() const { return m_extensions; } 290 prefers_compressed_ec_points()291 bool prefers_compressed_ec_points() const 292 { 293 if(auto ecc_formats = m_extensions.get<Supported_Point_Formats>()) 294 { 295 return ecc_formats->prefers_compressed(); 296 } 297 return false; 298 } 299 300 bool random_signals_downgrade() const; 301 302 Server_Hello(Handshake_IO& io, 303 Handshake_Hash& hash, 304 const Policy& policy, 305 Callbacks& cb, 306 RandomNumberGenerator& rng, 307 const std::vector<uint8_t>& secure_reneg_info, 308 const Client_Hello& client_hello, 309 const Server_Hello::Settings& settings, 310 const std::string next_protocol); 311 312 Server_Hello(Handshake_IO& io, 313 Handshake_Hash& hash, 314 const Policy& policy, 315 Callbacks& cb, 316 RandomNumberGenerator& rng, 317 const std::vector<uint8_t>& secure_reneg_info, 318 const Client_Hello& client_hello, 319 Session& resumed_session, 320 bool offer_session_ticket, 321 const std::string& next_protocol); 322 323 explicit Server_Hello(const std::vector<uint8_t>& buf); 324 private: 325 std::vector<uint8_t> serialize() const override; 326 327 Protocol_Version m_version; 328 std::vector<uint8_t> m_session_id, m_random; 329 uint16_t m_ciphersuite; 330 uint8_t m_comp_method; 331 332 Extensions m_extensions; 333 }; 334 335 /** 336 * Client Key Exchange Message 337 */ 338 class BOTAN_UNSTABLE_API Client_Key_Exchange final : public Handshake_Message 339 { 340 public: type()341 Handshake_Type type() const override { return CLIENT_KEX; } 342 pre_master_secret()343 const secure_vector<uint8_t>& pre_master_secret() const 344 { return m_pre_master; } 345 346 Client_Key_Exchange(Handshake_IO& io, 347 Handshake_State& state, 348 const Policy& policy, 349 Credentials_Manager& creds, 350 const Public_Key* server_public_key, 351 const std::string& hostname, 352 RandomNumberGenerator& rng); 353 354 Client_Key_Exchange(const std::vector<uint8_t>& buf, 355 const Handshake_State& state, 356 const Private_Key* server_rsa_kex_key, 357 Credentials_Manager& creds, 358 const Policy& policy, 359 RandomNumberGenerator& rng); 360 361 private: serialize()362 std::vector<uint8_t> serialize() const override 363 { return m_key_material; } 364 365 std::vector<uint8_t> m_key_material; 366 secure_vector<uint8_t> m_pre_master; 367 }; 368 369 /** 370 * Certificate Message 371 */ 372 class BOTAN_UNSTABLE_API Certificate final : public Handshake_Message 373 { 374 public: type()375 Handshake_Type type() const override { return CERTIFICATE; } cert_chain()376 const std::vector<X509_Certificate>& cert_chain() const { return m_certs; } 377 count()378 size_t count() const { return m_certs.size(); } empty()379 bool empty() const { return m_certs.empty(); } 380 381 Certificate(Handshake_IO& io, 382 Handshake_Hash& hash, 383 const std::vector<X509_Certificate>& certs); 384 385 explicit Certificate(const std::vector<uint8_t>& buf, const Policy &policy); 386 private: 387 std::vector<uint8_t> serialize() const override; 388 389 std::vector<X509_Certificate> m_certs; 390 }; 391 392 /** 393 * Certificate Status (RFC 6066) 394 */ 395 class BOTAN_UNSTABLE_API Certificate_Status final : public Handshake_Message 396 { 397 public: type()398 Handshake_Type type() const override { return CERTIFICATE_STATUS; } 399 400 //std::shared_ptr<const OCSP::Response> response() const { return m_response; } 401 response()402 const std::vector<uint8_t>& response() const { return m_response; } 403 404 Certificate_Status(const std::vector<uint8_t>& buf); 405 406 Certificate_Status(Handshake_IO& io, 407 Handshake_Hash& hash, 408 std::shared_ptr<const OCSP::Response> response); 409 410 /* 411 * Create a Certificate_Status message using an already DER encoded OCSP response. 412 */ 413 Certificate_Status(Handshake_IO& io, 414 Handshake_Hash& hash, 415 std::vector<uint8_t> const& raw_response_bytes ); 416 417 private: 418 std::vector<uint8_t> serialize() const override; 419 std::vector<uint8_t> m_response; 420 }; 421 422 /** 423 * Certificate Request Message 424 */ 425 class BOTAN_UNSTABLE_API Certificate_Req final : public Handshake_Message 426 { 427 public: type()428 Handshake_Type type() const override { return CERTIFICATE_REQUEST; } 429 acceptable_cert_types()430 const std::vector<std::string>& acceptable_cert_types() const 431 { return m_cert_key_types; } 432 acceptable_CAs()433 const std::vector<X509_DN>& acceptable_CAs() const { return m_names; } 434 signature_schemes()435 const std::vector<Signature_Scheme>& signature_schemes() const 436 { 437 return m_schemes; 438 } 439 440 Certificate_Req(Handshake_IO& io, 441 Handshake_Hash& hash, 442 const Policy& policy, 443 const std::vector<X509_DN>& allowed_cas, 444 Protocol_Version version); 445 446 Certificate_Req(const std::vector<uint8_t>& buf, 447 Protocol_Version version); 448 private: 449 std::vector<uint8_t> serialize() const override; 450 451 std::vector<X509_DN> m_names; 452 std::vector<std::string> m_cert_key_types; 453 454 std::vector<Signature_Scheme> m_schemes; 455 }; 456 457 /** 458 * Certificate Verify Message 459 */ 460 class BOTAN_UNSTABLE_API Certificate_Verify final : public Handshake_Message 461 { 462 public: type()463 Handshake_Type type() const override { return CERTIFICATE_VERIFY; } 464 465 /** 466 * Check the signature on a certificate verify message 467 * @param cert the purported certificate 468 * @param state the handshake state 469 * @param policy the TLS policy 470 */ 471 bool verify(const X509_Certificate& cert, 472 const Handshake_State& state, 473 const Policy& policy) const; 474 475 Certificate_Verify(Handshake_IO& io, 476 Handshake_State& state, 477 const Policy& policy, 478 RandomNumberGenerator& rng, 479 const Private_Key* key); 480 481 Certificate_Verify(const std::vector<uint8_t>& buf, 482 Protocol_Version version); 483 private: 484 std::vector<uint8_t> serialize() const override; 485 486 std::vector<uint8_t> m_signature; 487 Signature_Scheme m_scheme = Signature_Scheme::NONE; 488 }; 489 490 /** 491 * Finished Message 492 */ 493 class BOTAN_UNSTABLE_API Finished final : public Handshake_Message 494 { 495 public: type()496 Handshake_Type type() const override { return FINISHED; } 497 verify_data()498 std::vector<uint8_t> verify_data() const 499 { return m_verification_data; } 500 501 bool verify(const Handshake_State& state, 502 Connection_Side side) const; 503 504 Finished(Handshake_IO& io, 505 Handshake_State& state, 506 Connection_Side side); 507 508 explicit Finished(const std::vector<uint8_t>& buf); 509 private: 510 std::vector<uint8_t> serialize() const override; 511 512 std::vector<uint8_t> m_verification_data; 513 }; 514 515 /** 516 * Hello Request Message 517 */ 518 class BOTAN_UNSTABLE_API Hello_Request final : public Handshake_Message 519 { 520 public: type()521 Handshake_Type type() const override { return HELLO_REQUEST; } 522 523 explicit Hello_Request(Handshake_IO& io); 524 explicit Hello_Request(const std::vector<uint8_t>& buf); 525 private: 526 std::vector<uint8_t> serialize() const override; 527 }; 528 529 /** 530 * Server Key Exchange Message 531 */ 532 class BOTAN_UNSTABLE_API Server_Key_Exchange final : public Handshake_Message 533 { 534 public: type()535 Handshake_Type type() const override { return SERVER_KEX; } 536 params()537 const std::vector<uint8_t>& params() const { return m_params; } 538 539 bool verify(const Public_Key& server_key, 540 const Handshake_State& state, 541 const Policy& policy) const; 542 543 // Only valid for certain kex types 544 const Private_Key& server_kex_key() const; 545 546 #if defined(BOTAN_HAS_SRP6) 547 // Only valid for SRP negotiation server_srp_params()548 SRP6_Server_Session& server_srp_params() const 549 { 550 BOTAN_ASSERT_NONNULL(m_srp_params); 551 return *m_srp_params; 552 } 553 #endif 554 555 #if defined(BOTAN_HAS_CECPQ1) 556 // Only valid for CECPQ1 negotiation cecpq1_key()557 const CECPQ1_key& cecpq1_key() const 558 { 559 BOTAN_ASSERT_NONNULL(m_cecpq1_key); 560 return *m_cecpq1_key; 561 } 562 #endif 563 564 Server_Key_Exchange(Handshake_IO& io, 565 Handshake_State& state, 566 const Policy& policy, 567 Credentials_Manager& creds, 568 RandomNumberGenerator& rng, 569 const Private_Key* signing_key = nullptr); 570 571 Server_Key_Exchange(const std::vector<uint8_t>& buf, 572 Kex_Algo kex_alg, 573 Auth_Method sig_alg, 574 Protocol_Version version); 575 576 ~Server_Key_Exchange() = default; 577 private: 578 std::vector<uint8_t> serialize() const override; 579 580 #if defined(BOTAN_HAS_SRP6) 581 std::unique_ptr<SRP6_Server_Session> m_srp_params; 582 #endif 583 584 #if defined(BOTAN_HAS_CECPQ1) 585 std::unique_ptr<CECPQ1_key> m_cecpq1_key; 586 #endif 587 588 std::unique_ptr<Private_Key> m_kex_key; 589 590 std::vector<uint8_t> m_params; 591 592 std::vector<uint8_t> m_signature; 593 Signature_Scheme m_scheme = Signature_Scheme::NONE; 594 }; 595 596 /** 597 * Server Hello Done Message 598 */ 599 class BOTAN_UNSTABLE_API Server_Hello_Done final : public Handshake_Message 600 { 601 public: type()602 Handshake_Type type() const override { return SERVER_HELLO_DONE; } 603 604 Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash); 605 explicit Server_Hello_Done(const std::vector<uint8_t>& buf); 606 private: 607 std::vector<uint8_t> serialize() const override; 608 }; 609 610 /** 611 * New Session Ticket Message 612 */ 613 class BOTAN_UNSTABLE_API New_Session_Ticket final : public Handshake_Message 614 { 615 public: type()616 Handshake_Type type() const override { return NEW_SESSION_TICKET; } 617 ticket_lifetime_hint()618 uint32_t ticket_lifetime_hint() const { return m_ticket_lifetime_hint; } ticket()619 const std::vector<uint8_t>& ticket() const { return m_ticket; } 620 621 New_Session_Ticket(Handshake_IO& io, 622 Handshake_Hash& hash, 623 const std::vector<uint8_t>& ticket, 624 uint32_t lifetime); 625 626 New_Session_Ticket(Handshake_IO& io, 627 Handshake_Hash& hash); 628 629 explicit New_Session_Ticket(const std::vector<uint8_t>& buf); 630 private: 631 std::vector<uint8_t> serialize() const override; 632 633 uint32_t m_ticket_lifetime_hint = 0; 634 std::vector<uint8_t> m_ticket; 635 }; 636 637 /** 638 * Change Cipher Spec 639 */ 640 class BOTAN_UNSTABLE_API Change_Cipher_Spec final : public Handshake_Message 641 { 642 public: type()643 Handshake_Type type() const override { return HANDSHAKE_CCS; } 644 serialize()645 std::vector<uint8_t> serialize() const override 646 { return std::vector<uint8_t>(1, 1); } 647 }; 648 649 } 650 651 } 652 653 #endif 654