/* * TLS Messages * (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ #ifndef BOTAN_TLS_MESSAGES_H__ #define BOTAN_TLS_MESSAGES_H__ #include #include #include #include #include #include #include #include namespace Botan { class Record_Writer; class Record_Reader; /** * TLS Handshake Message Base Class */ class HandshakeMessage { public: void send(Record_Writer&, TLS_Handshake_Hash&) const; virtual Handshake_Type type() const = 0; virtual ~HandshakeMessage() {} private: HandshakeMessage& operator=(const HandshakeMessage&) { return (*this); } virtual MemoryVector serialize() const = 0; virtual void deserialize(const MemoryRegion&) = 0; }; /** * Client Hello Message */ class Client_Hello : public HandshakeMessage { public: Handshake_Type type() const { return CLIENT_HELLO; } Version_Code version() const { return c_version; } const MemoryVector& session_id() const { return sess_id; } std::vector session_id_vector() const { std::vector v; v.insert(v.begin(), &sess_id[0], &sess_id[sess_id.size()]); return v; } std::vector ciphersuites() const { return suites; } std::vector compression_methods() const { return comp_methods; } const MemoryVector& random() const { return c_random; } std::string sni_hostname() const { return requested_hostname; } std::string srp_identifier() const { return requested_srp_id; } bool offered_suite(u16bit) const; Client_Hello(RandomNumberGenerator& rng, Record_Writer&, const TLS_Policy&, TLS_Handshake_Hash&); Client_Hello(const MemoryRegion& buf, Handshake_Type type) { if(type == CLIENT_HELLO) deserialize(buf); else deserialize_sslv2(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); void deserialize_sslv2(const MemoryRegion&); Version_Code c_version; MemoryVector sess_id, c_random; std::vector suites; std::vector comp_methods; std::string requested_hostname; std::string requested_srp_id; }; /** * Client Key Exchange Message */ class Client_Key_Exchange : public HandshakeMessage { public: Handshake_Type type() const { return CLIENT_KEX; } SecureVector pre_master_secret() const; SecureVector pre_master_secret(RandomNumberGenerator& rng, const Private_Key* key, Version_Code version); Client_Key_Exchange(RandomNumberGenerator& rng, Record_Writer& output, TLS_Handshake_Hash& hash, const Public_Key* my_key, Version_Code using_version, Version_Code pref_version); Client_Key_Exchange(const MemoryRegion& buf, const CipherSuite& suite, Version_Code using_version); private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); SecureVector key_material, pre_master; bool include_length; }; /** * Certificate Message */ class Certificate : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE; } const std::vector& cert_chain() const { return certs; } size_t count() const { return certs.size(); } bool empty() const { return certs.empty(); } Certificate(Record_Writer&, const std::vector&, TLS_Handshake_Hash&); Certificate(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); std::vector certs; }; /** * Certificate Request Message */ class Certificate_Req : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE_REQUEST; } std::vector acceptable_types() const { return types; } std::vector acceptable_CAs() const { return names; } Certificate_Req(Record_Writer& writer, TLS_Handshake_Hash& hash, const std::vector& allowed_cas, const std::vector& types = std::vector()); Certificate_Req(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); std::vector names; std::vector types; }; /** * Certificate Verify Message */ class Certificate_Verify : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE_VERIFY; } /** * Check the signature on a certificate verify message * @param cert the purported certificate * @param hash the running handshake message hash * @param version the version number we negotiated * @param master_secret the session key (only used if version is SSL_V3) */ bool verify(const X509_Certificate& cert, TLS_Handshake_Hash& hash, Version_Code version, const SecureVector& master_secret); Certificate_Verify(RandomNumberGenerator& rng, Record_Writer& writer, TLS_Handshake_Hash& hash, const Private_Key* key); Certificate_Verify(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); MemoryVector signature; }; /** * Finished Message */ class Finished : public HandshakeMessage { public: Handshake_Type type() const { return FINISHED; } bool verify(const MemoryRegion&, Version_Code, const TLS_Handshake_Hash&, Connection_Side); Finished(Record_Writer&, Version_Code, Connection_Side, const MemoryRegion&, TLS_Handshake_Hash&); Finished(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); MemoryVector compute_verify(const MemoryRegion&, TLS_Handshake_Hash, Connection_Side, Version_Code); Connection_Side side; MemoryVector verification_data; }; /** * Hello Request Message */ class Hello_Request : public HandshakeMessage { public: Handshake_Type type() const { return HELLO_REQUEST; } Hello_Request(Record_Writer&); Hello_Request(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); }; /** * Server Hello Message */ class Server_Hello : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_HELLO; } Version_Code version() { return s_version; } const MemoryVector& session_id() const { return sess_id; } u16bit ciphersuite() const { return suite; } byte compression_method() const { return comp_method; } std::vector session_id_vector() const { std::vector v; v.insert(v.begin(), &sess_id[0], &sess_id[sess_id.size()]); return v; } const MemoryVector& random() const { return s_random; } Server_Hello(RandomNumberGenerator& rng, Record_Writer& writer, const TLS_Policy& policies, const std::vector& certs, const Client_Hello& other, const MemoryRegion& session_id, Version_Code version, TLS_Handshake_Hash& hash); Server_Hello(RandomNumberGenerator& rng, Record_Writer& writer, const MemoryRegion& session_id, u16bit ciphersuite, byte compression, Version_Code ver, TLS_Handshake_Hash& hash); Server_Hello(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); Version_Code s_version; MemoryVector sess_id, s_random; u16bit suite; byte comp_method; }; /** * Server Key Exchange Message */ class Server_Key_Exchange : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_KEX; } Public_Key* key() const; bool verify(const X509_Certificate&, const MemoryRegion&, const MemoryRegion&) const; Server_Key_Exchange(RandomNumberGenerator& rng, Record_Writer&, const Public_Key*, const Private_Key*, const MemoryRegion&, const MemoryRegion&, TLS_Handshake_Hash&); Server_Key_Exchange(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; MemoryVector serialize_params() const; void deserialize(const MemoryRegion&); std::vector params; MemoryVector signature; }; /** * Server Hello Done Message */ class Server_Hello_Done : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_HELLO_DONE; } Server_Hello_Done(Record_Writer&, TLS_Handshake_Hash&); Server_Hello_Done(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); }; } #endif