← Back to branch summary

~ubuntu-branches/debian/sid/botan/sid

« back to all changes in this revision

Viewing changes to src/lib/tls/msg_server_hello.cpp

  • Committer: Package Import Robot
  • Author(s): Laszlo Boszormenyi (GCS)
  • Date: 2018-03-01 22:23:25 UTC
  • mfrom: (1.2.2)
  • Revision ID: package-import@ubuntu.com-20180301222325-7p7vc45gu3hta34d
Tags: 2.4.0-2
* Don't remove .doctrees from the manual if it doesn't exist.
* Don't specify parallel to debhelper.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/lib/tls/msg_server_hello.cpp
 
1
/*
 
2
* TLS Server Hello and Server Hello Done
 
3
* (C) 2004-2011,2015,2016 Jack Lloyd
 
4
*     2016 Matthias Gierlings
 
5
*     2017 Harry Reimann, Rohde & Schwarz Cybersecurity
 
6
*
 
7
* Botan is released under the Simplified BSD License (see license.txt)
 
8
*/
 
9
 
 
10
#include <botan/tls_messages.h>
 
11
#include <botan/tls_extensions.h>
 
12
#include <botan/internal/tls_reader.h>
 
13
#include <botan/internal/tls_session_key.h>
 
14
#include <botan/internal/tls_handshake_io.h>
 
15
#include <botan/internal/tls_handshake_hash.h>
 
16
#include <botan/internal/stl_util.h>
 
17
 
 
18
namespace Botan {
 
19
 
 
20
namespace TLS {
 
21
 
 
22
// New session case
 
23
Server_Hello::Server_Hello(Handshake_IO& io,
 
24
                           Handshake_Hash& hash,
 
25
                           const Policy& policy,
 
26
                           RandomNumberGenerator& rng,
 
27
                           const std::vector<uint8_t>& reneg_info,
 
28
                           const Client_Hello& client_hello,
 
29
                           const Server_Hello::Settings& server_settings,
 
30
                           const std::string next_protocol) :
 
31
   m_version(server_settings.protocol_version()),
 
32
   m_session_id(server_settings.session_id()),
 
33
   m_random(make_hello_random(rng, policy)),
 
34
   m_ciphersuite(server_settings.ciphersuite()),
 
35
   m_comp_method(server_settings.compression())
 
36
   {
 
37
   if(client_hello.supports_extended_master_secret())
 
38
      m_extensions.add(new Extended_Master_Secret);
 
39
 
 
40
   // Sending the extension back does not commit us to sending a stapled response
 
41
   if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
 
42
      m_extensions.add(new Certificate_Status_Request);
 
43
 
 
44
   Ciphersuite c = Ciphersuite::by_id(m_ciphersuite);
 
45
 
 
46
   if(c.cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
 
47
      {
 
48
      m_extensions.add(new Encrypt_then_MAC);
 
49
      }
 
50
 
 
51
   if(c.ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
 
52
      {
 
53
      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
 
54
      }
 
55
 
 
56
   if(client_hello.secure_renegotiation())
 
57
      m_extensions.add(new Renegotiation_Extension(reneg_info));
 
58
 
 
59
   if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket())
 
60
      m_extensions.add(new Session_Ticket());
 
61
 
 
62
   if(!next_protocol.empty() && client_hello.supports_alpn())
 
63
      m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
 
64
 
 
65
   if(m_version.is_datagram_protocol())
 
66
      {
 
67
      const std::vector<uint16_t> server_srtp = policy.srtp_profiles();
 
68
      const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles();
 
69
 
 
70
      if(!server_srtp.empty() && !client_srtp.empty())
 
71
         {
 
72
         uint16_t shared = 0;
 
73
         // always using server preferences for now
 
74
         for(auto s_srtp : server_srtp)
 
75
            for(auto c_srtp : client_srtp)
 
76
               {
 
77
               if(shared == 0 && s_srtp == c_srtp)
 
78
                  shared = s_srtp;
 
79
               }
 
80
 
 
81
         if(shared)
 
82
            m_extensions.add(new SRTP_Protection_Profiles(shared));
 
83
         }
 
84
      }
 
85
 
 
86
   hash.update(io.send(*this));
 
87
   }
 
88
 
 
89
// Resuming
 
90
Server_Hello::Server_Hello(Handshake_IO& io,
 
91
                           Handshake_Hash& hash,
 
92
                           const Policy& policy,
 
93
                           RandomNumberGenerator& rng,
 
94
                           const std::vector<uint8_t>& reneg_info,
 
95
                           const Client_Hello& client_hello,
 
96
                           Session& resumed_session,
 
97
                           bool offer_session_ticket,
 
98
                           const std::string& next_protocol) :
 
99
   m_version(resumed_session.version()),
 
100
   m_session_id(client_hello.session_id()),
 
101
   m_random(make_hello_random(rng, policy)),
 
102
   m_ciphersuite(resumed_session.ciphersuite_code()),
 
103
   m_comp_method(resumed_session.compression_method())
 
104
   {
 
105
   if(client_hello.supports_extended_master_secret())
 
106
      m_extensions.add(new Extended_Master_Secret);
 
107
 
 
108
   // Sending the extension back does not commit us to sending a stapled response
 
109
   if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
 
110
      m_extensions.add(new Certificate_Status_Request);
 
111
 
 
112
   if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
 
113
      {
 
114
      Ciphersuite c = resumed_session.ciphersuite();
 
115
      if(c.cbc_ciphersuite())
 
116
         m_extensions.add(new Encrypt_then_MAC);
 
117
      }
 
118
 
 
119
   if(resumed_session.ciphersuite().ecc_ciphersuite())
 
120
      {
 
121
      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
 
122
      }
 
123
 
 
124
   if(client_hello.secure_renegotiation())
 
125
      m_extensions.add(new Renegotiation_Extension(reneg_info));
 
126
 
 
127
   if(client_hello.supports_session_ticket() && offer_session_ticket)
 
128
      m_extensions.add(new Session_Ticket());
 
129
 
 
130
   if(!next_protocol.empty() && client_hello.supports_alpn())
 
131
      m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
 
132
 
 
133
   hash.update(io.send(*this));
 
134
   }
 
135
 
 
136
/*
 
137
* Deserialize a Server Hello message
 
138
*/
 
139
Server_Hello::Server_Hello(const std::vector<uint8_t>& buf)
 
140
   {
 
141
   if(buf.size() < 38)
 
142
      throw Decoding_Error("Server_Hello: Packet corrupted");
 
143
 
 
144
   TLS_Data_Reader reader("ServerHello", buf);
 
145
 
 
146
   const uint8_t major_version = reader.get_byte();
 
147
   const uint8_t minor_version = reader.get_byte();
 
148
 
 
149
   m_version = Protocol_Version(major_version, minor_version);
 
150
 
 
151
   m_random = reader.get_fixed<uint8_t>(32);
 
152
 
 
153
   m_session_id = reader.get_range<uint8_t>(1, 0, 32);
 
154
 
 
155
   m_ciphersuite = reader.get_uint16_t();
 
156
 
 
157
   m_comp_method = reader.get_byte();
 
158
 
 
159
   m_extensions.deserialize(reader);
 
160
   }
 
161
 
 
162
/*
 
163
* Serialize a Server Hello message
 
164
*/
 
165
std::vector<uint8_t> Server_Hello::serialize() const
 
166
   {
 
167
   std::vector<uint8_t> buf;
 
168
 
 
169
   buf.push_back(m_version.major_version());
 
170
   buf.push_back(m_version.minor_version());
 
171
   buf += m_random;
 
172
 
 
173
   append_tls_length_value(buf, m_session_id, 1);
 
174
 
 
175
   buf.push_back(get_byte(0, m_ciphersuite));
 
176
   buf.push_back(get_byte(1, m_ciphersuite));
 
177
 
 
178
   buf.push_back(m_comp_method);
 
179
 
 
180
   buf += m_extensions.serialize();
 
181
 
 
182
   return buf;
 
183
   }
 
184
 
 
185
/*
 
186
* Create a new Server Hello Done message
 
187
*/
 
188
Server_Hello_Done::Server_Hello_Done(Handshake_IO& io,
 
189
                                     Handshake_Hash& hash)
 
190
   {
 
191
   hash.update(io.send(*this));
 
192
   }
 
193
 
 
194
/*
 
195
* Deserialize a Server Hello Done message
 
196
*/
 
197
Server_Hello_Done::Server_Hello_Done(const std::vector<uint8_t>& buf)
 
198
   {
 
199
   if(buf.size())
 
200
      throw Decoding_Error("Server_Hello_Done: Must be empty, and is not");
 
201
   }
 
202
 
 
203
/*
 
204
* Serialize a Server Hello Done message
 
205
*/
 
206
std::vector<uint8_t> Server_Hello_Done::serialize() const
 
207
   {
 
208
   return std::vector<uint8_t>();
 
209
   }
 
210
 
 
211
}
 
212
 
 
213
}