/* * TLS Messages * (C) 2004-2011 Jack Lloyd * * Released under the terms of the Botan license */ #ifndef BOTAN_TLS_MESSAGES_H__ #define BOTAN_TLS_MESSAGES_H__ #include #include #include #include #include #include #include #include namespace Botan { class Record_Writer; class Record_Reader; /** * TLS Handshake Message Base Class */ class HandshakeMessage { public: void send(Record_Writer& writer, TLS_Handshake_Hash& hash) const; virtual Handshake_Type type() const = 0; virtual ~HandshakeMessage() {} private: HandshakeMessage& operator=(const HandshakeMessage&) { return (*this); } virtual MemoryVector serialize() const = 0; virtual void deserialize(const MemoryRegion&) = 0; }; /** * Client Hello Message */ class Client_Hello : public HandshakeMessage { public: Handshake_Type type() const { return CLIENT_HELLO; } Version_Code version() const { return c_version; } const MemoryVector& session_id() const { return sess_id; } std::vector session_id_vector() const { std::vector v; v.insert(v.begin(), &sess_id[0], &sess_id[sess_id.size()]); return v; } std::vector ciphersuites() const { return suites; } std::vector compression_methods() const { return comp_methods; } const MemoryVector& random() const { return c_random; } std::string sni_hostname() const { return requested_hostname; } std::string srp_identifier() const { return requested_srp_id; } bool secure_renegotiation() const { return has_secure_renegotiation; } const MemoryVector& renegotiation_info() { return renegotiation_info_bits; } bool offered_suite(u16bit ciphersuite) const; size_t fragment_size() const { return m_fragment_size; } Client_Hello(Record_Writer& writer, TLS_Handshake_Hash& hash, const TLS_Policy& policy, RandomNumberGenerator& rng, const MemoryRegion& reneg_info, const std::string& hostname = "", const std::string& srp_identifier = ""); Client_Hello(const MemoryRegion& buf, Handshake_Type type) { if(type == CLIENT_HELLO) deserialize(buf); else deserialize_sslv2(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion& buf); void deserialize_sslv2(const MemoryRegion& buf); Version_Code c_version; MemoryVector sess_id, c_random; std::vector suites; std::vector comp_methods; std::string requested_hostname; std::string requested_srp_id; size_t m_fragment_size; bool has_secure_renegotiation; MemoryVector renegotiation_info_bits; }; /** * Server Hello Message */ class Server_Hello : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_HELLO; } Version_Code version() { return s_version; } const MemoryVector& session_id() const { return sess_id; } u16bit ciphersuite() const { return suite; } byte compression_method() const { return comp_method; } std::vector session_id_vector() const { std::vector v; v.insert(v.begin(), &sess_id[0], &sess_id[sess_id.size()]); return v; } bool secure_renegotiation() const { return has_secure_renegotiation; } size_t fragment_size() const { return m_fragment_size; } const MemoryVector& renegotiation_info() { return renegotiation_info_bits; } const MemoryVector& random() const { return s_random; } Server_Hello(Record_Writer& writer, TLS_Handshake_Hash& hash, const TLS_Policy& policies, RandomNumberGenerator& rng, bool client_has_secure_renegotiation, const MemoryRegion& reneg_info, const std::vector& certs, const Client_Hello& other, const MemoryRegion& session_id, Version_Code version); Server_Hello(Record_Writer& writer, TLS_Handshake_Hash& hash, RandomNumberGenerator& rng, bool client_has_secure_renegotiation, const MemoryRegion& reneg_info, const MemoryRegion& session_id, size_t max_fragment_size, u16bit ciphersuite, byte compression, Version_Code ver); Server_Hello(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); Version_Code s_version; MemoryVector sess_id, s_random; u16bit suite; byte comp_method; size_t m_fragment_size; bool has_secure_renegotiation; MemoryVector renegotiation_info_bits; }; /** * Client Key Exchange Message */ class Client_Key_Exchange : public HandshakeMessage { public: Handshake_Type type() const { return CLIENT_KEX; } const SecureVector& pre_master_secret() const { return pre_master; } SecureVector pre_master_secret(RandomNumberGenerator& rng, const Private_Key* key, Version_Code version); Client_Key_Exchange(Record_Writer& output, TLS_Handshake_Hash& hash, RandomNumberGenerator& rng, const Public_Key* my_key, Version_Code using_version, Version_Code pref_version); Client_Key_Exchange(const MemoryRegion& buf, const CipherSuite& suite, Version_Code using_version); private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); SecureVector key_material, pre_master; bool include_length; }; /** * Certificate Message */ class Certificate : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE; } const std::vector& cert_chain() const { return certs; } size_t count() const { return certs.size(); } bool empty() const { return certs.empty(); } Certificate(Record_Writer& writer, TLS_Handshake_Hash& hash, const std::vector& certs); Certificate(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); std::vector certs; }; /** * Certificate Request Message */ class Certificate_Req : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE_REQUEST; } std::vector acceptable_types() const { return types; } std::vector acceptable_CAs() const { return names; } Certificate_Req(Record_Writer& writer, TLS_Handshake_Hash& hash, const std::vector& allowed_cas, const std::vector& types = std::vector()); Certificate_Req(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); std::vector names; std::vector types; }; /** * Certificate Verify Message */ class Certificate_Verify : public HandshakeMessage { public: Handshake_Type type() const { return CERTIFICATE_VERIFY; } /** * Check the signature on a certificate verify message * @param cert the purported certificate * @param hash the running handshake message hash * @param version the version number we negotiated * @param master_secret the session key (only used if version is SSL_V3) */ bool verify(const X509_Certificate& cert, TLS_Handshake_Hash& hash, Version_Code version, const SecureVector& master_secret); Certificate_Verify(Record_Writer& writer, TLS_Handshake_Hash& hash, RandomNumberGenerator& rng, const Private_Key* key); Certificate_Verify(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); MemoryVector signature; }; /** * Finished Message */ class Finished : public HandshakeMessage { public: Handshake_Type type() const { return FINISHED; } MemoryVector verify_data() const { return verification_data; } bool verify(const MemoryRegion& buf, Version_Code version, const TLS_Handshake_Hash& hash, Connection_Side side); Finished(Record_Writer& writer, TLS_Handshake_Hash& hash, Version_Code version, Connection_Side side, const MemoryRegion& master_secret); Finished(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); MemoryVector compute_verify(const MemoryRegion& master_secret, TLS_Handshake_Hash hash, Connection_Side side, Version_Code version); Connection_Side side; MemoryVector verification_data; }; /** * Hello Request Message */ class Hello_Request : public HandshakeMessage { public: Handshake_Type type() const { return HELLO_REQUEST; } Hello_Request(Record_Writer& writer); Hello_Request(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); }; /** * Server Key Exchange Message */ class Server_Key_Exchange : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_KEX; } Public_Key* key() const; bool verify(const X509_Certificate& cert, const MemoryRegion& c_random, const MemoryRegion& s_random) const; Server_Key_Exchange(Record_Writer& writer, TLS_Handshake_Hash& hash, RandomNumberGenerator& rng, const Public_Key* kex_key, const Private_Key* priv_key, const MemoryRegion& c_random, const MemoryRegion& s_random); Server_Key_Exchange(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; MemoryVector serialize_params() const; void deserialize(const MemoryRegion&); std::vector params; MemoryVector signature; }; /** * Server Hello Done Message */ class Server_Hello_Done : public HandshakeMessage { public: Handshake_Type type() const { return SERVER_HELLO_DONE; } Server_Hello_Done(Record_Writer& writer, TLS_Handshake_Hash& hash); Server_Hello_Done(const MemoryRegion& buf) { deserialize(buf); } private: MemoryVector serialize() const; void deserialize(const MemoryRegion&); }; } #endif