Certificate_Status::Certificate_Status(Handshake_IO& io,
Handshake_Hash& hash,
const std::vector<uint8_t>& raw_response_bytes) :
m_response(raw_response_bytes)
{
hash.update(io.send(*this));
}
/**
* Create a new Certificate message
*/
Certificate::Certificate(Handshake_IO& io,
Handshake_Hash& hash,
const std::vector<X509_Certificate>& cert_list) :
m_certs(cert_list)
{
hash.update(io.send(*this));
}
// Resuming
Server_Hello::Server_Hello(Handshake_IO& io,
Handshake_Hash& hash,
const Policy& policy,
RandomNumberGenerator& rng,
const std::vector<byte>& reneg_info,
const Client_Hello& client_hello,
Session& resumed_session,
bool offer_session_ticket,
const std::string& next_protocol) :
m_version(resumed_session.version()),
m_session_id(client_hello.session_id()),
m_random(make_hello_random(rng, policy)),
m_ciphersuite(resumed_session.ciphersuite_code()),
m_comp_method(resumed_session.compression_method())
{
if(client_hello.supports_extended_master_secret())
m_extensions.add(new Extended_Master_Secret);
if(client_hello.secure_renegotiation())
m_extensions.add(new Renegotiation_Extension(reneg_info));
if(client_hello.supports_session_ticket() && offer_session_ticket)
m_extensions.add(new Session_Ticket());
if(!next_protocol.empty() && client_hello.supports_alpn())
m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
hash.update(io.send(*this));
}
Certificate_Status::Certificate_Status(Handshake_IO& io,
Handshake_Hash& hash,
std::shared_ptr<const OCSP::Response> ocsp) :
m_response(ocsp->raw_bits())
{
hash.update(io.send(*this));
}
New_Session_Ticket::New_Session_Ticket(Handshake_IO& io,
Handshake_Hash& hash,
const std::vector<byte>& ticket,
u32bit lifetime) :
m_ticket_lifetime_hint(lifetime),
m_ticket(ticket)
{
hash.update(io.send(*this));
}
/*
* Create a new Client Hello message (session resumption case)
*/
Client_Hello::Client_Hello(Handshake_IO& io,
Handshake_Hash& hash,
const Policy& policy,
RandomNumberGenerator& rng,
const std::vector<uint8_t>& reneg_info,
const Session& session,
const std::vector<std::string>& next_protocols) :
m_version(session.version()),
m_session_id(session.session_id()),
m_random(make_hello_random(rng, policy)),
m_suites(policy.ciphersuite_list(m_version, (session.srp_identifier() != ""))),
m_comp_methods(policy.compression())
{
if(!value_exists(m_suites, session.ciphersuite_code()))
m_suites.push_back(session.ciphersuite_code());
if(!value_exists(m_comp_methods, session.compression_method()))
m_comp_methods.push_back(session.compression_method());
/*
We always add the EMS extension, even if not used in the original session.
If the server understands it and follows the RFC it should reject our resume
attempt and upgrade us to a new session with the EMS protection.
*/
m_extensions.add(new Extended_Master_Secret);
m_extensions.add(new Renegotiation_Extension(reneg_info));
m_extensions.add(new Server_Name_Indicator(session.server_info().hostname()));
m_extensions.add(new Session_Ticket(session.session_ticket()));
m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
if(!policy.allowed_ecc_curves().empty())
{
m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
}
if(session.supports_encrypt_then_mac())
m_extensions.add(new Encrypt_then_MAC);
#if defined(BOTAN_HAS_SRP6)
m_extensions.add(new SRP_Identifier(session.srp_identifier()));
#else
if(!session.srp_identifier().empty())
{
throw Invalid_State("Attempting to resume SRP session but TLS-SRP support disabled");
}
#endif
if(m_version.supports_negotiable_signature_algorithms())
m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(),
policy.allowed_signature_methods()));
if(reneg_info.empty() && !next_protocols.empty())
m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols));
hash.update(io.send(*this));
}
// New session case
Server_Hello::Server_Hello(Handshake_IO& io,
Handshake_Hash& hash,
const Policy& policy,
RandomNumberGenerator& rng,
const std::vector<byte>& reneg_info,
const Client_Hello& client_hello,
const std::vector<byte>& new_session_id,
Protocol_Version new_session_version,
u16bit ciphersuite,
byte compression,
bool offer_session_ticket,
const std::string next_protocol) :
m_version(new_session_version),
m_session_id(new_session_id),
m_random(make_hello_random(rng, policy)),
m_ciphersuite(ciphersuite),
m_comp_method(compression)
{
if(client_hello.supports_extended_master_secret())
m_extensions.add(new Extended_Master_Secret);
if(client_hello.secure_renegotiation())
m_extensions.add(new Renegotiation_Extension(reneg_info));
if(client_hello.supports_session_ticket() && offer_session_ticket)
m_extensions.add(new Session_Ticket());
if(!next_protocol.empty() && client_hello.supports_alpn())
m_extensions.add(new Application_Layer_Protocol_Notification(next_protocol));
if(m_version.is_datagram_protocol())
{
const std::vector<u16bit> server_srtp = policy.srtp_profiles();
const std::vector<u16bit> client_srtp = client_hello.srtp_profiles();
if(!server_srtp.empty() && !client_srtp.empty())
{
u16bit shared = 0;
// always using server preferences for now
for(auto s : server_srtp)
for(auto c : client_srtp)
{
if(shared == 0 && s == c)
shared = s;
}
if(shared)
m_extensions.add(new SRTP_Protection_Profiles(shared));
}
}
hash.update(io.send(*this));
}
/**
* Create a new Certificate Request message
*/
Certificate_Req::Certificate_Req(Handshake_IO& io,
Handshake_Hash& hash,
const Policy& policy,
const std::vector<X509_DN>& ca_certs,
Protocol_Version version) :
m_names(ca_certs),
m_cert_key_types({ "RSA", "DSA", "ECDSA" })
{
if(version.supports_negotiable_signature_algorithms())
{
std::vector<std::string> hashes = policy.allowed_signature_hashes();
std::vector<std::string> sigs = policy.allowed_signature_methods();
for(size_t i = 0; i != hashes.size(); ++i)
for(size_t j = 0; j != sigs.size(); ++j)
m_supported_algos.push_back(std::make_pair(hashes[i], sigs[j]));
}
hash.update(io.send(*this));
}
New_Session_Ticket::New_Session_Ticket(Handshake_IO& io,
Handshake_Hash& hash)
{
hash.update(io.send(*this));
}
/*
* Create a new Server Hello Done message
*/
Server_Hello_Done::Server_Hello_Done(Handshake_IO& io,
Handshake_Hash& hash)
{
hash.update(io.send(*this));
}
/*
* Create a new Client Hello message
*/
Client_Hello::Client_Hello(Handshake_IO& io,
Handshake_Hash& hash,
const Policy& policy,
RandomNumberGenerator& rng,
const std::vector<uint8_t>& reneg_info,
const Client_Hello::Settings& client_settings,
const std::vector<std::string>& next_protocols) :
m_version(client_settings.protocol_version()),
m_random(make_hello_random(rng, policy)),
m_suites(policy.ciphersuite_list(m_version, !client_settings.srp_identifier().empty())),
m_comp_methods(policy.compression())
{
BOTAN_ASSERT(policy.acceptable_protocol_version(client_settings.protocol_version()),
"Our policy accepts the version we are offering");
/*
* Place all empty extensions in front to avoid a bug in some systems
* which reject hellos when the last extension in the list is empty.
*/
m_extensions.add(new Extended_Master_Secret);
m_extensions.add(new Session_Ticket());
if(policy.negotiate_encrypt_then_mac())
m_extensions.add(new Encrypt_then_MAC);
m_extensions.add(new Renegotiation_Extension(reneg_info));
m_extensions.add(new Server_Name_Indicator(client_settings.hostname()));
if(policy.support_cert_status_message())
m_extensions.add(new Certificate_Status_Request({}, {}));
if(reneg_info.empty() && !next_protocols.empty())
m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols));
if(m_version.supports_negotiable_signature_algorithms())
m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(),
policy.allowed_signature_methods()));
if(m_version.is_datagram_protocol())
m_extensions.add(new SRTP_Protection_Profiles(policy.srtp_profiles()));
#if defined(BOTAN_HAS_SRP6)
m_extensions.add(new SRP_Identifier(client_settings.srp_identifier()));
#else
if(!client_settings.srp_identifier().empty())
{
throw Invalid_State("Attempting to initiate SRP session but TLS-SRP support disabled");
}
#endif
Supported_Groups* supported_groups = new Supported_Groups(policy.allowed_groups());
m_extensions.add(supported_groups);
if(!supported_groups->curves().empty())
{
m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
}
if(m_version.supports_negotiable_signature_algorithms())
m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(),
policy.allowed_signature_methods()));
if(policy.send_fallback_scsv(client_settings.protocol_version()))
m_suites.push_back(TLS_FALLBACK_SCSV);
hash.update(io.send(*this));
}
