Botan::TLS::Channel_Impl_12 Class Reference

#include <tls_channel_impl_12.h>

Inheritance diagram for Botan::TLS::Channel_Impl_12:

Public Types
typedef std::function< void(Alert, const uint8_t[], size_t)>	alert_cb
typedef std::function< void(const uint8_t[], size_t)>	data_cb
typedef std::function< bool(const Session &)>	handshake_cb
typedef std::function< void(const Handshake_Message &)>	handshake_msg_cb
typedef std::function< void(const uint8_t[], size_t)>	output_fn

Public Member Functions
virtual std::string	application_protocol () const =0
	Channel_Impl_12 (Channel_Impl_12 &&other)=delete
	Channel_Impl_12 (const Channel_Impl_12 &other)=delete
	Channel_Impl_12 (const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< RandomNumberGenerator > &rng, const std::shared_ptr< const Policy > &policy, bool is_server, bool is_datagram, size_t io_buf_sz=TLS::Channel::IO_BUF_DEFAULT_SIZE)
void	close ()
bool	expects_downgrade () const
std::optional< std::string >	external_psk_identity () const override
std::unique_ptr< Downgrade_Information >	extract_downgrade_info ()
size_t	from_peer (std::span< const uint8_t > data) override
bool	is_active () const override
bool	is_closed () const override
bool	is_closed_for_reading () const override
bool	is_closed_for_writing () const override
bool	is_downgrading () const
bool	is_handshake_complete () const override
SymmetricKey	key_material_export (std::string_view label, std::string_view context, size_t length) const override
virtual bool	new_session_ticket_supported () const
Channel_Impl_12 &	operator= (Channel_Impl_12 &&other)=delete
Channel_Impl_12 &	operator= (const Channel_Impl_12 &other)=delete
std::vector< X509_Certificate >	peer_cert_chain () const override
std::shared_ptr< const Public_Key >	peer_raw_public_key () const override
void	renegotiate (bool force_full_renegotiation=false) override
bool	secure_renegotiation_supported () const override
void	send_alert (const Alert &alert) override
void	send_fatal_alert (Alert::Type type)
virtual size_t	send_new_session_tickets (const size_t)
void	send_warning_alert (Alert::Type type)
bool	timeout_check () override
void	to_peer (std::span< const uint8_t > data) override
void	update_traffic_keys (bool request_peer_update=false) override
	~Channel_Impl_12 () override

Protected Member Functions
void	activate_session ()
Callbacks &	callbacks () const
void	change_cipher_spec_reader (Connection_Side side)
void	change_cipher_spec_writer (Connection_Side side)
Handshake_State &	create_handshake_state (Protocol_Version version)
virtual std::vector< X509_Certificate >	get_peer_cert_chain (const Handshake_State &state) const =0
virtual void	initiate_handshake (Handshake_State &state, bool force_full_renegotiation)=0
void	inspect_handshake_message (const Handshake_Message &msg)
virtual std::unique_ptr< Handshake_State >	new_handshake_state (std::unique_ptr< class Handshake_IO > io)=0
const Policy &	policy () const
void	preserve_client_hello (std::span< const uint8_t > msg)
void	preserve_peer_transcript (std::span< const uint8_t > input)
virtual void	process_handshake_msg (const Handshake_State *active_state, Handshake_State &pending_state, Handshake_Type type, const std::vector< uint8_t > &contents, bool epoch0_restart)=0
void	request_downgrade ()
void	request_downgrade_for_resumption (Session_with_Handle session)
void	reset_active_association_state ()
RandomNumberGenerator &	rng ()
void	secure_renegotiation_check (const Client_Hello_12 *client_hello)
void	secure_renegotiation_check (const Server_Hello_12 *server_hello)
std::vector< uint8_t >	secure_renegotiation_data_for_client_hello () const
std::vector< uint8_t >	secure_renegotiation_data_for_server_hello () const
Session_Manager &	session_manager ()
void	set_io_buffer_size (size_t io_buf_sz)

Protected Attributes
std::unique_ptr< Downgrade_Information >	m_downgrade_info

Detailed Description

Generic interface for TLSv.12 endpoint

Definition at line 40 of file tls_channel_impl_12.h.

Member Typedef Documentation

alert_cb

typedef std::function<void(Alert, const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::alert_cb

Definition at line 44 of file tls_channel_impl_12.h.

data_cb

typedef std::function<void(const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::data_cb

Definition at line 43 of file tls_channel_impl_12.h.

handshake_cb

typedef std::function<bool(const Session&)> Botan::TLS::Channel_Impl_12::handshake_cb

Definition at line 45 of file tls_channel_impl_12.h.

handshake_msg_cb

typedef std::function<void(const Handshake_Message&)> Botan::TLS::Channel_Impl_12::handshake_msg_cb

Definition at line 46 of file tls_channel_impl_12.h.

output_fn

typedef std::function<void(const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::output_fn

Definition at line 42 of file tls_channel_impl_12.h.

Constructor & Destructor Documentation

Channel_Impl_12() [1/3]

Botan::TLS::Channel_Impl_12::Channel_Impl_12 ( const std::shared_ptr< Callbacks > & callbacks, const std::shared_ptr< Session_Manager > & session_manager, const std::shared_ptr< RandomNumberGenerator > & rng, const std::shared_ptr< const Policy > & policy, bool is_server, bool is_datagram, size_t io_buf_sz = TLS::Channel::IO_BUF_DEFAULT_SIZE )

explicit

Set up a new TLS session

Parameters

callbacks	contains a set of callback function references required by the TLS endpoint.
session_manager	manages session state
rng	a random number generator
policy	specifies other connection policy information
is_server	whether this is a server session or not
is_datagram	whether this is a DTLS session
io_buf_sz	This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely.

Definition at line 24 of file tls_channel_impl_12.cpp.

                                                                 :
      m_is_server(is_server),
      m_is_datagram(is_datagram),
      m_callbacks(callbacks),
      m_session_manager(session_manager),
      m_policy(policy),
      m_rng(rng),
      m_has_been_closed(false) {
   BOTAN_ASSERT_NONNULL(m_callbacks);
   BOTAN_ASSERT_NONNULL(m_session_manager);
   BOTAN_ASSERT_NONNULL(m_rng);
   BOTAN_ASSERT_NONNULL(m_policy);
 
   /* epoch 0 is plaintext, thus null cipher state */
   m_write_cipher_states[0] = nullptr;
   m_read_cipher_states[0] = nullptr;
 
   m_writebuf.reserve(reserved_io_buffer_size);
   m_readbuf.reserve(reserved_io_buffer_size);
}

References BOTAN_ASSERT_NONNULL, callbacks(), policy(), rng(), and session_manager().

Referenced by Channel_Impl_12(), Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), operator=(), operator=(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

Channel_Impl_12() [2/3]

Botan::TLS::Channel_Impl_12::Channel_Impl_12 ( const Channel_Impl_12 & other )

delete

References Channel_Impl_12().

Channel_Impl_12() [3/3]

Botan::TLS::Channel_Impl_12::Channel_Impl_12 ( Channel_Impl_12 && other )

delete

References Channel_Impl_12().

~Channel_Impl_12()

Botan::TLS::Channel_Impl_12::~Channel_Impl_12 ( )

overridedefault

Member Function Documentation

activate_session()

void Botan::TLS::Channel_Impl_12::activate_session ( )

protected

Definition at line 259 of file tls_channel_impl_12.cpp.

                                       {
   std::swap(m_active_state, m_pending_state);
   m_pending_state.reset();
 
   if(!m_active_state->version().is_datagram_protocol()) {
      // TLS is easy just remove all but the current state
      const uint16_t current_epoch = sequence_numbers().current_write_epoch();
 
      const auto not_current_epoch = [current_epoch](uint16_t epoch) { return (epoch != current_epoch); };
 
      map_remove_if(not_current_epoch, m_write_cipher_states);
      map_remove_if(not_current_epoch, m_read_cipher_states);
   }
 
   callbacks().tls_session_activated();
}

References callbacks(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().

application_protocol()

virtual std::string Botan::TLS::Channel_Impl::application_protocol ( ) const

pure virtualinherited

Return the protocol notification set for this connection, if any (ALPN). This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.

Implemented in Botan::TLS::Client_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

callbacks()

Callbacks & Botan::TLS::Channel_Impl_12::callbacks ( ) const

inlineprotected

Definition at line 191 of file tls_channel_impl_12.h.

{ return *m_callbacks; }

Referenced by activate_session(), Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

change_cipher_spec_reader()

void Botan::TLS::Channel_Impl_12::change_cipher_spec_reader ( Connection_Side side )

protected

Definition at line 194 of file tls_channel_impl_12.cpp.

                                                                    {
   const auto* pending = pending_state();
 
   BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello");
 
   if(pending->server_hello()->compression_method() != 0) {
      throw Internal_Error("Negotiated unknown compression algorithm");
   }
 
   sequence_numbers().new_read_cipher_state();
 
   const uint16_t epoch = sequence_numbers().current_read_epoch();
 
   BOTAN_ASSERT(!m_read_cipher_states.contains(epoch), "No read cipher state currently set for next epoch");
 
   // flip side as we are reading
   std::shared_ptr<Connection_Cipher_State> read_state(
      new Connection_Cipher_State(pending->version(),
                                  (side == Connection_Side::Client) ? Connection_Side::Server : Connection_Side::Client,
                                  false,
                                  pending->ciphersuite(),
                                  pending->session_keys(),
                                  pending->server_hello()->supports_encrypt_then_mac()));
 
   m_read_cipher_states[epoch] = read_state;
}

References BOTAN_ASSERT, Botan::TLS::Client, and Botan::TLS::Server.

change_cipher_spec_writer()

void Botan::TLS::Channel_Impl_12::change_cipher_spec_writer ( Connection_Side side )

protected

Definition at line 221 of file tls_channel_impl_12.cpp.

                                                                    {
   const auto* pending = pending_state();
 
   BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello");
 
   if(pending->server_hello()->compression_method() != 0) {
      throw Internal_Error("Negotiated unknown compression algorithm");
   }
 
   sequence_numbers().new_write_cipher_state();
 
   const uint16_t epoch = sequence_numbers().current_write_epoch();
 
   BOTAN_ASSERT(!m_write_cipher_states.contains(epoch), "No write cipher state currently set for next epoch");
 
   std::shared_ptr<Connection_Cipher_State> write_state(
      new Connection_Cipher_State(pending->version(),
                                  side,
                                  true,
                                  pending->ciphersuite(),
                                  pending->session_keys(),
                                  pending->server_hello()->supports_encrypt_then_mac()));
 
   m_write_cipher_states[epoch] = write_state;
}

References BOTAN_ASSERT.

close()

void Botan::TLS::Channel_Impl::close ( )

inlineinherited

Send a close notification alert

Definition at line 86 of file tls_channel_impl.h.

{ send_warning_alert(Alert::CloseNotify); }

References send_warning_alert().

create_handshake_state()

Handshake_State & Botan::TLS::Channel_Impl_12::create_handshake_state ( Protocol_Version version )

protected

Definition at line 113 of file tls_channel_impl_12.cpp.

                                                                                 {
   if(pending_state() != nullptr) {
      throw Internal_Error("create_handshake_state called during handshake");
   }
 
   if(const auto* active = active_state()) {
      Protocol_Version active_version = active->version();
 
      if(active_version.is_datagram_protocol() != version.is_datagram_protocol()) {
         throw TLS_Exception(Alert::ProtocolVersion,
                             "Active state using version " + active_version.to_string() + " cannot change to " +
                                version.to_string() + " in pending");
      }
   }
 
   if(!m_sequence_numbers) {
      if(version.is_datagram_protocol()) {
         m_sequence_numbers = std::make_unique<Datagram_Sequence_Numbers>();
      } else {
         m_sequence_numbers = std::make_unique<Stream_Sequence_Numbers>();
      }
   }
 
   using namespace std::placeholders;
 
   std::unique_ptr<Handshake_IO> io;
   if(version.is_datagram_protocol()) {
      const uint16_t mtu = static_cast<uint16_t>(policy().dtls_default_mtu());
      const size_t initial_timeout_ms = policy().dtls_initial_timeout();
      const size_t max_timeout_ms = policy().dtls_maximum_timeout();
 
      auto send_record_f = [this](uint16_t epoch, Record_Type record_type, const std::vector<uint8_t>& record) {
         send_record_under_epoch(epoch, record_type, record);
      };
      io = std::make_unique<Datagram_Handshake_IO>(
         send_record_f, sequence_numbers(), mtu, initial_timeout_ms, max_timeout_ms);
   } else {
      auto send_record_f = [this](Record_Type rec_type, const std::vector<uint8_t>& record) {
         send_record(rec_type, record);
      };
      io = std::make_unique<Stream_Handshake_IO>(send_record_f);
   }
 
   m_pending_state = new_handshake_state(std::move(io));
 
   if(const auto* active = active_state()) {
      m_pending_state->set_version(active->version());
   }
 
   return *m_pending_state;
}

References Botan::TLS::Policy::dtls_default_mtu(), Botan::TLS::Policy::dtls_initial_timeout(), Botan::TLS::Policy::dtls_maximum_timeout(), Botan::TLS::Protocol_Version::is_datagram_protocol(), new_handshake_state(), policy(), and Botan::TLS::Protocol_Version::to_string().

Referenced by Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), and renegotiate().

expects_downgrade()

bool Botan::TLS::Channel_Impl::expects_downgrade ( ) const

inlineinherited

Definition at line 286 of file tls_channel_impl.h.

{ return m_downgrade_info != nullptr; }

References m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and Botan::TLS::Channel_Impl_13::from_peer().

external_psk_identity()

std::optional< std::string > Botan::TLS::Channel_Impl_12::external_psk_identity ( ) const

overridevirtual

Returns

identity of the PSK used for this connection or std::nullopt if no PSK was used.

Implements Botan::TLS::Channel_Impl.

Definition at line 104 of file tls_channel_impl_12.cpp.

                                                                    {
   const auto* state = (active_state() != nullptr) ? active_state() : pending_state();
   if(state != nullptr) {
      return state->psk_identity();
   } else {
      return std::nullopt;
   }
}

extract_downgrade_info()

std::unique_ptr< Downgrade_Information > Botan::TLS::Channel_Impl::extract_downgrade_info ( )

inlineinherited

See also

Downgrade_Information

Definition at line 284 of file tls_channel_impl.h.

{ return std::exchange(m_downgrade_info, {}); }

References m_downgrade_info.

from_peer()

size_t Botan::TLS::Channel_Impl_12::from_peer ( std::span< const uint8_t > data )

overridevirtual

Inject TLS traffic received from counterparty

Returns

a hint as the how many more bytes we need to q the current record (this may be 0 if on a record boundary)

Implements Botan::TLS::Channel_Impl.

Definition at line 276 of file tls_channel_impl_12.cpp.

                                                             {
   const bool allow_epoch0_restart = m_is_datagram && m_is_server && policy().allow_dtls_epoch0_restart();
 
   const auto* input = data.data();
   auto input_size = data.size();
 
   try {
      while(input_size > 0) {
         size_t consumed = 0;
 
         auto get_epoch = [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); };
 
         const Record_Header record = read_record(m_is_datagram,
                                                  m_readbuf,
                                                  input,
                                                  input_size,
                                                  consumed,
                                                  m_record_buf,
                                                  m_sequence_numbers.get(),
                                                  get_epoch,
                                                  allow_epoch0_restart);
 
         const size_t needed = record.needed();
 
         BOTAN_ASSERT(consumed > 0, "Got to eat something");
 
         BOTAN_ASSERT(consumed <= input_size, "Record reader consumed sane amount");
 
         input += consumed;
         input_size -= consumed;
 
         BOTAN_ASSERT(input_size == 0 || needed == 0, "Got a full record or consumed all input");
 
         if(input_size == 0 && needed != 0) {
            return needed;  // need more data to complete record
         }
 
         // Ignore invalid records in DTLS
         if(m_is_datagram && record.type() == Record_Type::Invalid) {
            return 0;
         }
 
         if(m_record_buf.size() > MAX_PLAINTEXT_SIZE) {
            throw TLS_Exception(Alert::RecordOverflow, "TLS plaintext record is larger than allowed maximum");
         }
 
         const bool epoch0_restart = m_is_datagram && record.epoch() == 0 && active_state() != nullptr;
         BOTAN_ASSERT_IMPLICATION(epoch0_restart, allow_epoch0_restart, "Allowed state");
 
         const bool initial_record = epoch0_restart || (pending_state() == nullptr && active_state() == nullptr);
         bool initial_handshake_message = false;
         if(record.type() == Record_Type::Handshake && !m_record_buf.empty()) {
            Handshake_Type type = static_cast<Handshake_Type>(m_record_buf[0]);
            initial_handshake_message = (type == Handshake_Type::ClientHello);
         }
 
         if(record.type() != Record_Type::Alert) {
            if(initial_record) {
               // For initial records just check for basic sanity
               if(record.version().major_version() != 3 && record.version().major_version() != 0xFE) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version in initial record");
               }
            } else if(const auto* pending = pending_state()) {
               if(pending->server_hello() != nullptr && !initial_handshake_message &&
                  record.version() != pending->version()) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version");
               }
            } else if(const auto* active = active_state()) {
               if(record.version() != active->version() && !initial_handshake_message) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version");
               }
            }
         }
 
         if(record.type() == Record_Type::Handshake || record.type() == Record_Type::ChangeCipherSpec) {
            if(m_has_been_closed) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Received handshake data after connection closure");
            }
            process_handshake_ccs(m_record_buf, record.sequence(), record.type(), record.version(), epoch0_restart);
         } else if(record.type() == Record_Type::ApplicationData) {
            if(m_has_been_closed) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Received application data after connection closure");
            }
            if(pending_state() != nullptr) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Can't interleave application and handshake data");
            }
            process_application_data(record.sequence(), m_record_buf);
         } else if(record.type() == Record_Type::Alert) {
            process_alert(m_record_buf);
         } else if(record.type() != Record_Type::Invalid) {
            throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast<size_t>(record.type())) +
                                     " from counterparty");
         }
      }
 
      return 0;  // on a record boundary
   } catch(TLS_Exception& e) {
      send_fatal_alert(e.type());
      throw;
   } catch(Invalid_Authentication_Tag&) {
      send_fatal_alert(Alert::BadRecordMac);
      throw;
   } catch(Decoding_Error&) {
      send_fatal_alert(Alert::DecodeError);
      throw;
   } catch(...) {
      send_fatal_alert(Alert::InternalError);
      throw;
   }
}

References Botan::TLS::Alert, Botan::TLS::Policy::allow_dtls_epoch0_restart(), Botan::TLS::ApplicationData, BOTAN_ASSERT, BOTAN_ASSERT_IMPLICATION, Botan::TLS::ChangeCipherSpec, Botan::TLS::ClientHello, Botan::TLS::Record_Header::epoch(), Botan::TLS::Handshake, Botan::TLS::Invalid, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Record_Header::needed(), policy(), Botan::TLS::read_record(), Botan::TLS::Channel_Impl::send_fatal_alert(), Botan::TLS::Record_Header::sequence(), Botan::TLS::Record_Header::type(), Botan::TLS::TLS_Exception::type(), and Botan::TLS::Record_Header::version().

get_peer_cert_chain()

virtual std::vector< X509_Certificate > Botan::TLS::Channel_Impl_12::get_peer_cert_chain ( const Handshake_State & state ) const

protectedpure virtual

Referenced by peer_cert_chain().

initiate_handshake()

virtual void Botan::TLS::Channel_Impl_12::initiate_handshake ( Handshake_State & state, bool force_full_renegotiation )

protectedpure virtual

Referenced by renegotiate().

inspect_handshake_message()

void Botan::TLS::Channel_Impl_12::inspect_handshake_message ( const Handshake_Message & msg )

protected

is_active()

bool Botan::TLS::Channel_Impl_12::is_active ( ) const

overridevirtual

Returns

true iff the connection is active for sending application data

Implements Botan::TLS::Channel_Impl.

Definition at line 251 of file tls_channel_impl_12.cpp.

                                      {
   return !is_closed() && is_handshake_complete();
}

References is_closed(), and is_handshake_complete().

Referenced by to_peer().

is_closed()

bool Botan::TLS::Channel_Impl_12::is_closed ( ) const

overridevirtual

Returns

true iff the connection has been definitely closed

Implements Botan::TLS::Channel_Impl.

Definition at line 255 of file tls_channel_impl_12.cpp.

                                      {
   return m_has_been_closed;
}

Referenced by is_active(), is_closed_for_reading(), is_closed_for_writing(), and send_alert().

is_closed_for_reading()

bool Botan::TLS::Channel_Impl_12::is_closed_for_reading ( ) const

inlineoverridevirtual

Returns

true iff the connection is active for sending application data

Implements Botan::TLS::Channel_Impl.

Definition at line 102 of file tls_channel_impl_12.h.

{ return is_closed(); }

References is_closed().

is_closed_for_writing()

bool Botan::TLS::Channel_Impl_12::is_closed_for_writing ( ) const

inlineoverridevirtual

Returns

true iff the connection has been definitely closed

Implements Botan::TLS::Channel_Impl.

Definition at line 104 of file tls_channel_impl_12.h.

{ return is_closed(); }

References is_closed().

is_downgrading()

bool Botan::TLS::Channel_Impl::is_downgrading ( ) const

inlineinherited

Indicates whether a downgrade to TLS 1.2 or lower is in progress

See also

Downgrade_Information

Definition at line 279 of file tls_channel_impl.h.

{ return m_downgrade_info && m_downgrade_info->will_downgrade; }

References m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer(), Botan::TLS::Channel_Impl_13::key_material_export(), and Botan::TLS::Channel_Impl_13::update_traffic_keys().

is_handshake_complete()

bool Botan::TLS::Channel_Impl_12::is_handshake_complete ( ) const

overridevirtual

Returns

true iff the TLS handshake completed successfully

Implements Botan::TLS::Channel_Impl.

Definition at line 247 of file tls_channel_impl_12.cpp.

                                                  {
   return (active_state() != nullptr);
}

Referenced by is_active().

key_material_export()

SymmetricKey Botan::TLS::Channel_Impl_12::key_material_export ( std::string_view label, std::string_view context, size_t length ) const

overridevirtual

Key material export (RFC 5705)

Parameters

label	a disambiguating label string
context	a per-association context value
length	the length of the desired key in bytes

Returns

key of length bytes

Implements Botan::TLS::Channel_Impl.

Definition at line 630 of file tls_channel_impl_12.cpp.

                                                                       {
   if(const auto* active = active_state()) {
      if(pending_state() != nullptr) {
         throw Invalid_State("Channel_Impl_12::key_material_export cannot export during renegotiation");
      }
 
      auto prf = active->protocol_specific_prf();
 
      const secure_vector<uint8_t>& master_secret = active->session_keys().master_secret();
 
      std::vector<uint8_t> salt;
      salt += active->client_hello()->random();
      salt += active->server_hello()->random();
 
      if(!context.empty()) {
         size_t context_size = context.length();
         if(context_size > 0xFFFF) {
            throw Invalid_Argument("key_material_export context is too long");
         }
         salt.push_back(get_byte<0>(static_cast<uint16_t>(context_size)));
         salt.push_back(get_byte<1>(static_cast<uint16_t>(context_size)));
         salt += as_span_of_bytes(context);
      }
 
      return SymmetricKey(prf->derive_key(length, master_secret, salt, as_span_of_bytes(label)));
   } else {
      throw Invalid_State("Channel_Impl_12::key_material_export connection not active");
   }
}

References Botan::as_span_of_bytes(), and Botan::get_byte().

new_handshake_state()

virtual std::unique_ptr< Handshake_State > Botan::TLS::Channel_Impl_12::new_handshake_state ( std::unique_ptr< class Handshake_IO > io )

protectedpure virtual

Referenced by create_handshake_state().

new_session_ticket_supported()

virtual bool Botan::TLS::Channel_Impl::new_session_ticket_supported ( ) const

inlinevirtualinherited

Returns

true if this channel can issue TLS 1.3 style session tickets.

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 150 of file tls_channel_impl.h.

{ return false; }

operator=() [1/2]

Channel_Impl_12 & Botan::TLS::Channel_Impl_12::operator= ( Channel_Impl_12 && other )

delete

References Channel_Impl_12().

operator=() [2/2]

Channel_Impl_12 & Botan::TLS::Channel_Impl_12::operator= ( const Channel_Impl_12 & other )

delete

References Channel_Impl_12().

peer_cert_chain()

std::vector< X509_Certificate > Botan::TLS::Channel_Impl_12::peer_cert_chain ( ) const

overridevirtual

Returns

certificate chain of the peer (may be empty)

Implements Botan::TLS::Channel_Impl.

Definition at line 97 of file tls_channel_impl_12.cpp.

                                                                   {
   if(const auto* active = active_state()) {
      return get_peer_cert_chain(*active);
   }
   return std::vector<X509_Certificate>();
}

References get_peer_cert_chain().

peer_raw_public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Channel_Impl_12::peer_raw_public_key ( ) const

inlineoverridevirtual

Note: Raw public key for authentication (RFC7250) is currently not implemented for TLS 1.2.

Returns

raw public key of the peer (will be nullptr)

Implements Botan::TLS::Channel_Impl.

Definition at line 117 of file tls_channel_impl_12.h.

{ return nullptr; }

policy()

const Policy & Botan::TLS::Channel_Impl_12::policy ( ) const

inlineprotected

Definition at line 189 of file tls_channel_impl_12.h.

{ return *m_policy; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), create_handshake_state(), from_peer(), renegotiate(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

preserve_client_hello()

void Botan::TLS::Channel_Impl::preserve_client_hello ( std::span< const uint8_t > msg )

inlineprotectedinherited

Definition at line 239 of file tls_channel_impl.h.

                                                             {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->client_hello_message.assign(msg.begin(), msg.end());
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

preserve_peer_transcript()

void Botan::TLS::Channel_Impl::preserve_peer_transcript ( std::span< const uint8_t > input )

inlineprotectedinherited

Definition at line 234 of file tls_channel_impl.h.

                                                                  {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->peer_transcript.insert(m_downgrade_info->peer_transcript.end(), input.begin(), input.end());
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer().

process_handshake_msg()

virtual void Botan::TLS::Channel_Impl_12::process_handshake_msg ( const Handshake_State * active_state, Handshake_State & pending_state, Handshake_Type type, const std::vector< uint8_t > & contents, bool epoch0_restart )

protectedpure virtual

renegotiate()

void Botan::TLS::Channel_Impl_12::renegotiate ( bool force_full_renegotiation = false )

overridevirtual

Attempt to renegotiate the session

Parameters

force_full_renegotiation

if true, require a full renegotiation, otherwise allow session resumption

Implements Botan::TLS::Channel_Impl.

Definition at line 174 of file tls_channel_impl_12.cpp.

                                                               {
   if(pending_state() != nullptr) {  // currently in handshake?
      return;
   }
 
   if(const auto* active = active_state()) {
      if(!force_full_renegotiation) {
         force_full_renegotiation = !policy().allow_resumption_for_renegotiation();
      }
 
      initiate_handshake(create_handshake_state(active->version()), force_full_renegotiation);
   } else {
      throw Invalid_State("Cannot renegotiate on inactive connection");
   }
}

References Botan::TLS::Policy::allow_resumption_for_renegotiation(), create_handshake_state(), initiate_handshake(), and policy().

request_downgrade()

void Botan::TLS::Channel_Impl::request_downgrade ( )

inlineprotectedinherited

Implementations use this to signal that the peer indicated a protocol version downgrade. After calling request_downgrade() no further state changes must be perfomed by the implementation. Particularly, no further handshake messages must be emitted. Instead, they must yield control flow back to the underlying Channel implementation to perform the protocol version downgrade.

Definition at line 260 of file tls_channel_impl.h.

                               {
         BOTAN_STATE_CHECK(m_downgrade_info && !m_downgrade_info->will_downgrade);
         m_downgrade_info->will_downgrade = true;
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by request_downgrade_for_resumption().

request_downgrade_for_resumption()

void Botan::TLS::Channel_Impl::request_downgrade_for_resumption ( Session_with_Handle session )

inlineprotectedinherited

Definition at line 265 of file tls_channel_impl.h.

                                                                         {
         BOTAN_STATE_CHECK(m_downgrade_info && m_downgrade_info->client_hello_message.empty() &&
                           m_downgrade_info->peer_transcript.empty() && !m_downgrade_info->tls12_session.has_value());
         BOTAN_ASSERT_NOMSG(session.session.version().is_pre_tls_13());
         m_downgrade_info->tls12_session = std::move(session);
         request_downgrade();
      }

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), m_downgrade_info, request_downgrade(), Botan::TLS::Session_with_Handle::session, and Botan::TLS::Session_Base::version().

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

reset_active_association_state()

void Botan::TLS::Channel_Impl_12::reset_active_association_state ( )

protected

Definition at line 59 of file tls_channel_impl_12.cpp.

                                                     {
   // This operation only makes sense for DTLS
   BOTAN_ASSERT_NOMSG(m_is_datagram);
   m_active_state.reset();
   m_read_cipher_states.clear();
   m_write_cipher_states.clear();
 
   m_write_cipher_states[0] = nullptr;
   m_read_cipher_states[0] = nullptr;
 
   if(m_sequence_numbers) {
      m_sequence_numbers->reset();
   }
}

References BOTAN_ASSERT_NOMSG.

rng()

RandomNumberGenerator & Botan::TLS::Channel_Impl_12::rng ( )

inlineprotected

Definition at line 185 of file tls_channel_impl_12.h.

{ return *m_rng; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

secure_renegotiation_check() [1/2]

void Botan::TLS::Channel_Impl_12::secure_renegotiation_check ( const Client_Hello_12 * client_hello )

protected

Definition at line 559 of file tls_channel_impl_12.cpp.

                                                                                    {
   const bool secure_renegotiation = client_hello->secure_renegotiation();
 
   if(const auto* active = active_state()) {
      const bool active_sr = active->client_hello()->secure_renegotiation();
 
      if(active_sr != secure_renegotiation) {
         throw TLS_Exception(Alert::HandshakeFailure, "Client changed its mind about secure renegotiation");
      }
   }
 
   if(secure_renegotiation) {
      const std::vector<uint8_t>& data = client_hello->renegotiation_info();
 
      if(data != secure_renegotiation_data_for_client_hello()) {
         throw TLS_Exception(Alert::HandshakeFailure, "Client sent bad values for secure renegotiation");
      }
   }
}

References Botan::TLS::Client_Hello_12::renegotiation_info(), Botan::TLS::Client_Hello_12::secure_renegotiation(), and secure_renegotiation_data_for_client_hello().

Referenced by Botan::TLS::Client_Impl_12::Client_Impl_12().

secure_renegotiation_check() [2/2]

void Botan::TLS::Channel_Impl_12::secure_renegotiation_check ( const Server_Hello_12 * server_hello )

protected

Definition at line 579 of file tls_channel_impl_12.cpp.

                                                                                    {
   const bool secure_renegotiation = server_hello->secure_renegotiation();
 
   if(const auto* active = active_state()) {
      const bool active_sr = active->server_hello()->secure_renegotiation();
 
      if(active_sr != secure_renegotiation) {
         throw TLS_Exception(Alert::HandshakeFailure, "Server changed its mind about secure renegotiation");
      }
   }
 
   if(secure_renegotiation) {
      const std::vector<uint8_t>& data = server_hello->renegotiation_info();
 
      if(data != secure_renegotiation_data_for_server_hello()) {
         throw TLS_Exception(Alert::HandshakeFailure, "Server sent bad values for secure renegotiation");
      }
   }
}

References Botan::TLS::Server_Hello_12::renegotiation_info(), Botan::TLS::Server_Hello_12::secure_renegotiation(), and secure_renegotiation_data_for_server_hello().

secure_renegotiation_data_for_client_hello()

std::vector< uint8_t > Botan::TLS::Channel_Impl_12::secure_renegotiation_data_for_client_hello ( ) const

protected

Definition at line 599 of file tls_channel_impl_12.cpp.

                                                                                     {
   if(const auto* active = active_state()) {
      return active->client_finished()->verify_data();
   }
   return std::vector<uint8_t>();
}

Referenced by secure_renegotiation_check().

secure_renegotiation_data_for_server_hello()

std::vector< uint8_t > Botan::TLS::Channel_Impl_12::secure_renegotiation_data_for_server_hello ( ) const

protected

Definition at line 606 of file tls_channel_impl_12.cpp.

                                                                                     {
   if(const auto* active = active_state()) {
      std::vector<uint8_t> buf = active->client_finished()->verify_data();
      buf += active->server_finished()->verify_data();
      return buf;
   }
 
   return std::vector<uint8_t>();
}

Referenced by secure_renegotiation_check().

secure_renegotiation_supported()

bool Botan::TLS::Channel_Impl_12::secure_renegotiation_supported ( ) const

overridevirtual

Returns

true iff the counterparty supports the secure renegotiation extensions.

Implements Botan::TLS::Channel_Impl.

Definition at line 616 of file tls_channel_impl_12.cpp.

                                                           {
   if(const auto* active = active_state()) {
      return active->server_hello()->secure_renegotiation();
   }
 
   if(const auto* pending = pending_state()) {
      if(const auto* hello = pending->server_hello()) {
         return hello->secure_renegotiation();
      }
   }
 
   return false;
}

send_alert()

void Botan::TLS::Channel_Impl_12::send_alert ( const Alert & alert )

overridevirtual

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters

alert

the Alert to send

Implements Botan::TLS::Channel_Impl.

Definition at line 531 of file tls_channel_impl_12.cpp.

                                                   {
   const bool ready_to_send_anything = !is_closed() && m_sequence_numbers;
   if(alert.is_valid() && ready_to_send_anything) {
      try {
         send_record(Record_Type::Alert, alert.serialize());
      } catch(...) { /* swallow it */
      }
   }
 
   if(alert.type() == Alert::NoRenegotiation) {
      m_pending_state.reset();
   }
 
   if(alert.is_fatal()) {
      if(const auto* active = active_state()) {
         const auto& session_id = active->server_hello()->session_id();
         if(!session_id.empty()) {
            session_manager().remove(Session_Handle(Session_ID(session_id)));
         }
      }
      reset_state();
   }
 
   if(alert.type() == Alert::CloseNotify || alert.is_fatal()) {
      m_has_been_closed = true;
   }
}

References Botan::TLS::Alert, is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Session_Manager::remove(), Botan::TLS::Alert::serialize(), session_manager(), and Botan::TLS::Alert::type().

send_fatal_alert()

void Botan::TLS::Channel_Impl::send_fatal_alert ( Alert::Type type )

inlineinherited

Send a fatal alert

Definition at line 81 of file tls_channel_impl.h.

{ send_alert(Alert(type, true)); }

References Botan::TLS::Alert, and send_alert().

Referenced by Botan::TLS::Channel_Impl_12::from_peer(), and Botan::TLS::Channel_Impl_13::from_peer().

send_new_session_tickets()

virtual size_t Botan::TLS::Channel_Impl::send_new_session_tickets ( const size_t )

inlinevirtualinherited

Send tickets new session tickets to the peer. This is only supported on TLS 1.3 servers.

If the server's Session_Manager does not accept the generated Session objects, the server implementation won't be able to send new tickets. Additionally, anything but TLS 1.3 servers will return 0 (because they don't support sending such session tickets).

Returns

the number of session tickets successfully sent to the client

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 163 of file tls_channel_impl.h.

{ return 0; }

send_warning_alert()

void Botan::TLS::Channel_Impl::send_warning_alert ( Alert::Type type )

inlineinherited

Send a warning alert

Definition at line 76 of file tls_channel_impl.h.

{ send_alert(Alert(type, false)); }

References Botan::TLS::Alert, and send_alert().

Referenced by close().

session_manager()

Session_Manager & Botan::TLS::Channel_Impl_12::session_manager ( )

inlineprotected

Definition at line 187 of file tls_channel_impl_12.h.

{ return *m_session_manager; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), send_alert(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

set_io_buffer_size()

void Botan::TLS::Channel_Impl::set_io_buffer_size ( size_t io_buf_sz )

inlineprotectedinherited

Definition at line 247 of file tls_channel_impl.h.

                                                {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->io_buffer_size = io_buf_sz;
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

timeout_check()

bool Botan::TLS::Channel_Impl_12::timeout_check ( )

overridevirtual

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Implements Botan::TLS::Channel_Impl.

Definition at line 165 of file tls_channel_impl_12.cpp.

                                    {
   if(m_pending_state) {
      return m_pending_state->handshake_io().timeout_check();
   }
 
   //FIXME: scan cipher suites and remove epochs older than 2*MSL
   return false;
}

to_peer()

void Botan::TLS::Channel_Impl_12::to_peer ( std::span< const uint8_t > data )

overridevirtual

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Implements Botan::TLS::Channel_Impl.

Definition at line 523 of file tls_channel_impl_12.cpp.

                                                         {
   if(!is_active()) {
      throw Invalid_State("Data cannot be sent on inactive TLS connection");
   }
 
   send_record_array(sequence_numbers().current_write_epoch(), Record_Type::ApplicationData, data.data(), data.size());
}

References Botan::TLS::ApplicationData, and is_active().

update_traffic_keys()

void Botan::TLS::Channel_Impl_12::update_traffic_keys ( bool request_peer_update = false )

overridevirtual

Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.

Parameters

request_peer_update

if true, require a reciprocal key update

Implements Botan::TLS::Channel_Impl.

Definition at line 190 of file tls_channel_impl_12.cpp.

                                                {
   throw Invalid_Argument("cannot update traffic keys on a TLS 1.2 channel");
}

Member Data Documentation

m_downgrade_info

std::unique_ptr<Downgrade_Information> Botan::TLS::Channel_Impl::m_downgrade_info

protectedinherited

Definition at line 232 of file tls_channel_impl.h.

Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade(), expects_downgrade(), extract_downgrade_info(), Botan::TLS::Channel_Impl_13::from_peer(), is_downgrading(), preserve_client_hello(), preserve_peer_transcript(), request_downgrade(), request_downgrade_for_resumption(), and set_io_buffer_size().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls12/tls_channel_impl_12.h
• src/lib/tls/tls12/tls_channel_impl_12.cpp