Botan 3.5.0
Crypto and TLS for C&
Botan::TLS::Channel_Impl_13 Class Referenceabstract

#include <tls_channel_impl_13.h>

Inheritance diagram for Botan::TLS::Channel_Impl_13:
Botan::TLS::Channel_Impl Botan::TLS::Secret_Logger Botan::TLS::Client_Impl_13 Botan::TLS::Server_Impl_13

Classes

class  AggregatedHandshakeMessages
 
class  AggregatedMessages
 
class  AggregatedPostHandshakeMessages
 

Public Member Functions

virtual std::string application_protocol () const =0
 
 Channel_Impl_13 (const Channel_Impl_13 &)=delete
 
 Channel_Impl_13 (const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< Credentials_Manager > &credentials_manager, const std::shared_ptr< RandomNumberGenerator > &rng, const std::shared_ptr< const Policy > &policy, bool is_server)
 
void close ()
 
bool expects_downgrade () const
 
virtual std::optional< std::string > external_psk_identity () const =0
 
std::unique_ptr< Downgrade_Informationextract_downgrade_info ()
 
size_t from_peer (std::span< const uint8_t > data) override
 
bool is_active () const override
 
bool is_closed () const override
 
bool is_closed_for_reading () const override
 
bool is_closed_for_writing () const override
 
bool is_downgrading () const
 
virtual bool is_handshake_complete () const =0
 
SymmetricKey key_material_export (std::string_view label, std::string_view context, size_t length) const override
 
virtual bool new_session_ticket_supported () const
 
Channel_Impl_13operator= (const Channel_Impl_13 &)=delete
 
virtual std::vector< X509_Certificatepeer_cert_chain () const =0
 
virtual std::shared_ptr< const Public_Keypeer_raw_public_key () const =0
 
void renegotiate (bool) override
 
bool secure_renegotiation_supported () const override
 
void send_alert (const Alert &alert) override
 
void send_fatal_alert (Alert::Type type)
 
virtual size_t send_new_session_tickets (const size_t)
 
void send_warning_alert (Alert::Type type)
 
bool timeout_check () override
 
void to_peer (std::span< const uint8_t > data) override
 
void update_traffic_keys (bool request_peer_update=false) override
 
 ~Channel_Impl_13 () override
 

Protected Member Functions

AggregatedHandshakeMessages aggregate_handshake_messages ()
 
AggregatedPostHandshakeMessages aggregate_post_handshake_messages ()
 
Callbackscallbacks () const
 
Credentials_Managercredentials_manager ()
 
void expect_downgrade (const Server_Information &server_info, const std::vector< std::string > &next_protocols)
 
void handle (const Key_Update &key_update)
 
virtual void maybe_log_secret (std::string_view label, std::span< const uint8_t > secret) const =0
 
void opportunistically_update_traffic_keys ()
 
const Policypolicy () const
 
virtual bool prepend_ccs ()
 
void preserve_client_hello (std::span< const uint8_t > msg)
 
void preserve_peer_transcript (std::span< const uint8_t > input)
 
virtual void process_dummy_change_cipher_spec ()=0
 
virtual void process_handshake_msg (Handshake_Message_13 msg)=0
 
virtual void process_post_handshake_msg (Post_Handshake_Message_13 msg)=0
 
void request_downgrade ()
 
void request_downgrade_for_resumption (Session_with_Handle session)
 
RandomNumberGeneratorrng ()
 
void send_dummy_change_cipher_spec ()
 
template<typename... MsgTs>
std::vector< uint8_t > send_handshake_message (const std::variant< MsgTs... > &message)
 
template<typename MsgT >
std::vector< uint8_t > send_handshake_message (std::reference_wrapper< MsgT > message)
 
std::vector< uint8_t > send_post_handshake_message (Post_Handshake_Message_13 message)
 
Session_Managersession_manager ()
 
void set_io_buffer_size (size_t io_buf_sz)
 
void set_record_size_limits (uint16_t outgoing_limit, uint16_t incoming_limit)
 
void set_selected_certificate_type (Certificate_Type cert_type)
 

Protected Attributes

std::unique_ptr< Cipher_Statem_cipher_state
 
std::unique_ptr< Downgrade_Informationm_downgrade_info
 
const Connection_Side m_side
 
Transcript_Hash_State m_transcript_hash
 

Detailed Description

Generic interface for TLS 1.3 endpoint

Definition at line 48 of file tls_channel_impl_13.h.

Constructor & Destructor Documentation

◆ Channel_Impl_13() [1/2]

Botan::TLS::Channel_Impl_13::Channel_Impl_13 ( const std::shared_ptr< Callbacks > & callbacks,
const std::shared_ptr< Session_Manager > & session_manager,
const std::shared_ptr< Credentials_Manager > & credentials_manager,
const std::shared_ptr< RandomNumberGenerator > & rng,
const std::shared_ptr< const Policy > & policy,
bool is_server )
explicit

Set up a new TLS 1.3 session

Parameters
callbackscontains a set of callback function references required by the TLS endpoint.
session_managermanages session state
credentials_managermanages application/user credentials
rnga random number generator
policyspecifies other connection policy information
is_serverwhether this is a server session or not

Definition at line 40 of file tls_channel_impl_13.cpp.

45 :
47 m_callbacks(callbacks),
48 m_session_manager(session_manager),
49 m_credentials_manager(credentials_manager),
50 m_rng(rng),
51 m_policy(policy),
52 m_record_layer(m_side),
53 m_handshake_layer(m_side),
54 m_can_read(true),
55 m_can_write(true),
56 m_opportunistic_key_update(false),
57 m_first_message_sent(false),
58 m_first_message_received(false) {
59 BOTAN_ASSERT_NONNULL(m_callbacks);
60 BOTAN_ASSERT_NONNULL(m_session_manager);
61 BOTAN_ASSERT_NONNULL(m_credentials_manager);
63 BOTAN_ASSERT_NONNULL(m_policy);
64}
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86
const Policy & policy() const
Credentials_Manager & credentials_manager()
RandomNumberGenerator & rng()
Session_Manager & session_manager()

References BOTAN_ASSERT_NONNULL.

◆ Channel_Impl_13() [2/2]

Botan::TLS::Channel_Impl_13::Channel_Impl_13 ( const Channel_Impl_13 & )
explicitdelete

◆ ~Channel_Impl_13()

Botan::TLS::Channel_Impl_13::~Channel_Impl_13 ( )
overridedefault

Member Function Documentation

◆ aggregate_handshake_messages()

AggregatedHandshakeMessages Botan::TLS::Channel_Impl_13::aggregate_handshake_messages ( )
inlineprotected

Definition at line 256 of file tls_channel_impl_13.h.

256 {
257 return AggregatedHandshakeMessages(*this, m_handshake_layer, m_transcript_hash);
258 }
Transcript_Hash_State m_transcript_hash

References m_transcript_hash.

Referenced by send_handshake_message().

◆ aggregate_post_handshake_messages()

AggregatedPostHandshakeMessages Botan::TLS::Channel_Impl_13::aggregate_post_handshake_messages ( )
inlineprotected

Definition at line 260 of file tls_channel_impl_13.h.

260 {
261 return AggregatedPostHandshakeMessages(*this, m_handshake_layer);
262 }

Referenced by Botan::TLS::Server_Impl_13::send_new_session_tickets(), and send_post_handshake_message().

◆ application_protocol()

virtual std::string Botan::TLS::Channel_Impl::application_protocol ( ) const
pure virtualinherited

Return the protocol notification set for this connection, if any (ALPN). This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.

Implemented in Botan::TLS::Client_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ callbacks()

Callbacks & Botan::TLS::Channel_Impl_13::callbacks ( ) const
inlineprotected

◆ close()

void Botan::TLS::Channel_Impl::close ( )
inlineinherited

Send a close notification alert

Definition at line 80 of file tls_channel_impl.h.

80{ send_warning_alert(Alert::CloseNotify); }
void send_warning_alert(Alert::Type type)

References Botan::TLS::Channel_Impl::send_warning_alert().

◆ credentials_manager()

Credentials_Manager & Botan::TLS::Channel_Impl_13::credentials_manager ( )
inlineprotected

Definition at line 268 of file tls_channel_impl_13.h.

268{ return *m_credentials_manager; }

◆ expect_downgrade()

void Botan::TLS::Channel_Impl_13::expect_downgrade ( const Server_Information & server_info,
const std::vector< std::string > & next_protocols )
protected

Indicate that we have to expect a downgrade to TLS 1.2. In which case the current implementation (i.e. Client_Impl_13 or Server_Impl_13) will need to be replaced by their respective counter parts.

This will prepare an internal structure where any information required to downgrade can be preserved.

See also
Channel_Impl::Downgrade_Information

Definition at line 402 of file tls_channel_impl_13.cpp.

403 {
404 Downgrade_Information di{
405 {},
406 {},
407 {},
408 server_info,
409 next_protocols,
411 m_callbacks,
412 m_session_manager,
413 m_credentials_manager,
414 m_rng,
415 m_policy,
416 false, // received_tls_13_error_alert
417 false // will_downgrade
418 };
419 m_downgrade_info = std::make_unique<Downgrade_Information>(std::move(di));
420}
std::unique_ptr< Downgrade_Information > m_downgrade_info
static constexpr size_t IO_BUF_DEFAULT_SIZE
Definition tls_channel.h:32

References Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE, and Botan::TLS::Channel_Impl::m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and Botan::TLS::Server_Impl_13::Server_Impl_13().

◆ expects_downgrade()

bool Botan::TLS::Channel_Impl::expects_downgrade ( ) const
inlineinherited

Definition at line 278 of file tls_channel_impl.h.

278{ return m_downgrade_info != nullptr; }

References Botan::TLS::Channel_Impl::m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and from_peer().

◆ external_psk_identity()

virtual std::optional< std::string > Botan::TLS::Channel_Impl::external_psk_identity ( ) const
pure virtualinherited
Returns
identity of the PSK used for this connection or std::nullopt if no PSK was used.

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ extract_downgrade_info()

std::unique_ptr< Downgrade_Information > Botan::TLS::Channel_Impl::extract_downgrade_info ( )
inlineinherited
See also
Downgrade_Information

Definition at line 276 of file tls_channel_impl.h.

276{ return std::exchange(m_downgrade_info, {}); }

References Botan::TLS::Channel_Impl::m_downgrade_info.

◆ from_peer()

size_t Botan::TLS::Channel_Impl_13::from_peer ( std::span< const uint8_t > data)
overridevirtual

Inject TLS traffic received from counterparty

Returns
a hint as the how many more bytes we need to q the current record (this may be 0 if on a record boundary)

Implements Botan::TLS::Channel_Impl.

Definition at line 68 of file tls_channel_impl_13.cpp.

68 {
70
71 // RFC 8446 6.1
72 // Any data received after a closure alert has been received MUST be ignored.
73 if(!m_can_read) {
74 return 0;
75 }
76
77 try {
78 if(expects_downgrade()) {
80 }
81
82 m_record_layer.copy_data(data);
83
84 while(true) {
85 // RFC 8446 6.1
86 // Any data received after a closure alert has been received MUST be ignored.
87 //
88 // ... this data might already be in the record layer's read buffer.
89 if(!m_can_read) {
90 return 0;
91 }
92
93 auto result = m_record_layer.next_record(m_cipher_state.get());
94
95 if(std::holds_alternative<BytesNeeded>(result)) {
96 return std::get<BytesNeeded>(result);
97 }
98
99 const auto& record = std::get<Record>(result);
100
101 // RFC 8446 5.1
102 // Handshake messages MUST NOT be interleaved with other record types.
103 if(record.type != Record_Type::Handshake && m_handshake_layer.has_pending_data()) {
104 throw Unexpected_Message("Expected remainder of a handshake message");
105 }
106
107 if(record.type == Record_Type::Handshake) {
108 m_handshake_layer.copy_data(record.fragment);
109
110 if(!is_handshake_complete()) {
111 while(auto handshake_msg = m_handshake_layer.next_message(policy(), m_transcript_hash)) {
112 // RFC 8446 5.1
113 // Handshake messages MUST NOT span key changes. Implementations
114 // MUST verify that all messages immediately preceding a key change
115 // align with a record boundary; if not, then they MUST terminate the
116 // connection with an "unexpected_message" alert. Because the
117 // ClientHello, EndOfEarlyData, ServerHello, Finished, and KeyUpdate
118 // messages can immediately precede a key change, implementations
119 // MUST send these messages in alignment with a record boundary.
120 //
121 // Note: Hello_Retry_Request was added to the list below although it cannot immediately precede a key change.
122 // However, there cannot be any further sensible messages in the record after HRR.
123 //
124 // Note: Server_Hello_12 was deliberately not included in the check below because in TLS 1.2 Server Hello and
125 // other handshake messages can be legally coalesced in a single record.
126 //
127 if(holds_any_of<Client_Hello_12,
128 Client_Hello_13 /*, EndOfEarlyData,*/,
129 Server_Hello_13,
130 Hello_Retry_Request,
131 Finished_13>(handshake_msg.value()) &&
132 m_handshake_layer.has_pending_data()) {
133 throw Unexpected_Message("Unexpected additional handshake message data found in record");
134 }
135
136 process_handshake_msg(std::move(handshake_msg.value()));
137
138 if(is_downgrading()) {
139 // Downgrade to TLS 1.2 was detected. Stop everything we do and await being replaced by a 1.2 implementation.
140 return 0;
141 } else if(m_downgrade_info != nullptr) {
142 // We received a TLS 1.3 error alert that could have been a TLS 1.2 warning alert.
143 // Now that we know that we are talking to a TLS 1.3 server, shut down.
144 if(m_downgrade_info->received_tls_13_error_alert) {
145 shutdown();
146 }
147
148 // Downgrade can only be indicated in the first received peer message. This was not the case.
149 m_downgrade_info.reset();
150 }
151
152 // After the initial handshake message is received, the record
153 // layer must be more restrictive.
154 // See RFC 8446 5.1 regarding "legacy_record_version"
155 if(!m_first_message_received) {
156 m_record_layer.disable_receiving_compat_mode();
157 m_first_message_received = true;
158 }
159 }
160 } else {
161 while(auto handshake_msg = m_handshake_layer.next_post_handshake_message(policy())) {
162 process_post_handshake_msg(std::move(handshake_msg.value()));
163 }
164 }
165 } else if(record.type == Record_Type::ChangeCipherSpec) {
167 } else if(record.type == Record_Type::ApplicationData) {
168 BOTAN_ASSERT(record.seq_no.has_value(), "decrypted application traffic had a sequence number");
169 callbacks().tls_record_received(record.seq_no.value(), record.fragment);
170 } else if(record.type == Record_Type::Alert) {
171 process_alert(record.fragment);
172 } else {
173 throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast<size_t>(record.type)) +
174 " from counterparty");
175 }
176 }
177 } catch(TLS_Exception& e) {
178 send_fatal_alert(e.type());
179 throw;
180 } catch(Invalid_Authentication_Tag&) {
181 // RFC 8446 5.2
182 // If the decryption fails, the receiver MUST terminate the connection
183 // with a "bad_record_mac" alert.
184 send_fatal_alert(Alert::BadRecordMac);
185 throw;
186 } catch(Decoding_Error&) {
187 send_fatal_alert(Alert::DecodeError);
188 throw;
189 } catch(...) {
190 send_fatal_alert(Alert::InternalError);
191 throw;
192 }
193}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
virtual void tls_record_received(uint64_t seq_no, std::span< const uint8_t > data)=0
virtual void process_post_handshake_msg(Post_Handshake_Message_13 msg)=0
virtual void process_handshake_msg(Handshake_Message_13 msg)=0
virtual void process_dummy_change_cipher_spec()=0
std::unique_ptr< Cipher_State > m_cipher_state
void preserve_peer_transcript(std::span< const uint8_t > input)
void send_fatal_alert(Alert::Type type)
virtual bool is_handshake_complete() const =0
std::optional< Handshake_Message_13 > next_message(const Policy &policy, Transcript_Hash_State &transcript_hash)
std::optional< Post_Handshake_Message_13 > next_post_handshake_message(const Policy &policy)
void copy_data(std::span< const uint8_t > data_from_peer)
void copy_data(std::span< const uint8_t > data_from_peer)
ReadResult< Record > next_record(Cipher_State *cipher_state=nullptr)
constexpr bool holds_any_of(const std::variant< Ts... > &v) noexcept
Definition stl_util.h:292

References Botan::TLS::Alert, Botan::TLS::ApplicationData, BOTAN_ASSERT, BOTAN_STATE_CHECK, callbacks(), Botan::TLS::ChangeCipherSpec, Botan::TLS::Handshake_Layer::copy_data(), Botan::TLS::Record_Layer::copy_data(), Botan::TLS::Record_Layer::disable_receiving_compat_mode(), Botan::TLS::Channel_Impl::expects_downgrade(), Botan::TLS::Handshake, Botan::TLS::Handshake_Layer::has_pending_data(), Botan::holds_any_of(), Botan::TLS::Channel_Impl::is_downgrading(), Botan::TLS::Channel_Impl::is_handshake_complete(), m_cipher_state, Botan::TLS::Channel_Impl::m_downgrade_info, m_transcript_hash, Botan::TLS::Handshake_Layer::next_message(), Botan::TLS::Handshake_Layer::next_post_handshake_message(), Botan::TLS::Record_Layer::next_record(), policy(), Botan::TLS::Channel_Impl::preserve_peer_transcript(), process_dummy_change_cipher_spec(), process_handshake_msg(), process_post_handshake_msg(), Botan::TLS::Channel_Impl::send_fatal_alert(), Botan::TLS::Callbacks::tls_record_received(), and Botan::TLS::TLS_Exception::type().

◆ handle()

void Botan::TLS::Channel_Impl_13::handle ( const Key_Update & key_update)
protected

Definition at line 195 of file tls_channel_impl_13.cpp.

195 {
196 // make sure Key_Update appears only at the end of a record; see description above
197 if(m_handshake_layer.has_pending_data()) {
198 throw Unexpected_Message("Unexpected additional post-handshake message data found in record");
199 }
200
201 m_cipher_state->update_read_keys(*this);
202
203 // TODO: introduce some kind of rate limit of key updates, otherwise we
204 // might be forced into an endless loop of key updates.
205
206 // RFC 8446 4.6.3
207 // If the request_update field is set to "update_requested", then the
208 // receiver MUST send a KeyUpdate of its own with request_update set to
209 // "update_not_requested" prior to sending its next Application Data
210 // record.
211 if(key_update.expects_reciprocation()) {
212 // RFC 8446 4.6.3
213 // This mechanism allows either side to force an update to the
214 // multiple KeyUpdates while it is silent to respond with a single
215 // update.
217 }
218}

References Botan::TLS::Key_Update::expects_reciprocation(), Botan::TLS::Handshake_Layer::has_pending_data(), m_cipher_state, and opportunistically_update_traffic_keys().

◆ is_active()

bool Botan::TLS::Channel_Impl_13::is_active ( ) const
overridevirtual
Returns
true iff the connection is active for sending application data

Note that the connection is active until the application has called close(), even if a CloseNotify has been received from the peer.

Implements Botan::TLS::Channel_Impl.

Definition at line 304 of file tls_channel_impl_13.cpp.

304 {
305 return m_cipher_state != nullptr && m_cipher_state->can_encrypt_application_traffic() // handshake done
306 && m_can_write; // close() hasn't been called
307}

References m_cipher_state.

Referenced by to_peer().

◆ is_closed()

bool Botan::TLS::Channel_Impl_13::is_closed ( ) const
inlineoverridevirtual
Returns
true iff the connection has been closed, i.e. CloseNotify has been received from the peer.

Implements Botan::TLS::Channel_Impl.

Definition at line 167 of file tls_channel_impl_13.h.

bool is_closed_for_reading() const override
bool is_closed_for_writing() const override

References is_closed_for_reading(), and is_closed_for_writing().

◆ is_closed_for_reading()

bool Botan::TLS::Channel_Impl_13::is_closed_for_reading ( ) const
inlineoverridevirtual
Returns
true iff the connection is active for sending application data

Implements Botan::TLS::Channel_Impl.

Definition at line 169 of file tls_channel_impl_13.h.

169{ return !m_can_read; }

Referenced by is_closed().

◆ is_closed_for_writing()

bool Botan::TLS::Channel_Impl_13::is_closed_for_writing ( ) const
inlineoverridevirtual
Returns
true iff the connection has been definitely closed

Implements Botan::TLS::Channel_Impl.

Definition at line 171 of file tls_channel_impl_13.h.

171{ return !m_can_write; }

Referenced by is_closed().

◆ is_downgrading()

bool Botan::TLS::Channel_Impl::is_downgrading ( ) const
inlineinherited

Indicates whether a downgrade to TLS 1.2 or lower is in progress

See also
Downgrade_Information

Definition at line 271 of file tls_channel_impl.h.

271{ return m_downgrade_info && m_downgrade_info->will_downgrade; }

References Botan::TLS::Channel_Impl::m_downgrade_info.

Referenced by from_peer(), key_material_export(), and update_traffic_keys().

◆ is_handshake_complete()

virtual bool Botan::TLS::Channel_Impl::is_handshake_complete ( ) const
pure virtualinherited
Returns
true iff the TLS handshake has finished successfully

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

Referenced by from_peer(), and update_traffic_keys().

◆ key_material_export()

SymmetricKey Botan::TLS::Channel_Impl_13::key_material_export ( std::string_view label,
std::string_view context,
size_t length ) const
overridevirtual

Key material export (RFC 5705)

Parameters
labela disambiguating label string
contexta per-association context value
lengththe length of the desired key in bytes
Returns
key of length bytes

Implements Botan::TLS::Channel_Impl.

Definition at line 309 of file tls_channel_impl_13.cpp.

311 {
313 BOTAN_STATE_CHECK(m_cipher_state != nullptr && m_cipher_state->can_export_keys());
314 return SymmetricKey(m_cipher_state->export_key(label, context, length));
315}
OctetString SymmetricKey
Definition symkey.h:140

References BOTAN_STATE_CHECK, Botan::TLS::Channel_Impl::is_downgrading(), and m_cipher_state.

◆ maybe_log_secret()

virtual void Botan::TLS::Secret_Logger::maybe_log_secret ( std::string_view label,
std::span< const uint8_t > secret ) const
protectedpure virtualinherited

◆ new_session_ticket_supported()

virtual bool Botan::TLS::Channel_Impl::new_session_ticket_supported ( ) const
inlinevirtualinherited
Returns
true if this channel can issue TLS 1.3 style session tickets.

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 144 of file tls_channel_impl.h.

144{ return false; }

◆ operator=()

Channel_Impl_13 & Botan::TLS::Channel_Impl_13::operator= ( const Channel_Impl_13 & )
delete

◆ opportunistically_update_traffic_keys()

void Botan::TLS::Channel_Impl_13::opportunistically_update_traffic_keys ( )
inlineprotected

Schedule a traffic key update to opportunistically happen before the channel sends application data the next time. Such a key update will never request a reciprocal key update from the peer.

Definition at line 238 of file tls_channel_impl_13.h.

238{ m_opportunistic_key_update = true; }

Referenced by handle().

◆ peer_cert_chain()

virtual std::vector< X509_Certificate > Botan::TLS::Channel_Impl::peer_cert_chain ( ) const
pure virtualinherited
Returns
certificate chain of the peer (may be empty)

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ peer_raw_public_key()

virtual std::shared_ptr< const Public_Key > Botan::TLS::Channel_Impl::peer_raw_public_key ( ) const
pure virtualinherited
Returns
raw public key of the peer (may be nullptr)

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ policy()

const Policy & Botan::TLS::Channel_Impl_13::policy ( ) const
inlineprotected

◆ prepend_ccs()

virtual bool Botan::TLS::Channel_Impl_13::prepend_ccs ( )
inlineprotectedvirtual
Returns
whether a change cipher spec record should be prepended now

This method can be used by subclasses to indicate that send_record should prepend a CCS before the actual record. This is useful for middlebox compatibility mode. See RFC 8446 D.4.

Definition at line 229 of file tls_channel_impl_13.h.

229{ return false; }

◆ preserve_client_hello()

void Botan::TLS::Channel_Impl::preserve_client_hello ( std::span< const uint8_t > msg)
inlineprotectedinherited

Definition at line 231 of file tls_channel_impl.h.

231 {
233 m_downgrade_info->client_hello_message.assign(msg.begin(), msg.end());
234 }

References BOTAN_STATE_CHECK, and Botan::TLS::Channel_Impl::m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

◆ preserve_peer_transcript()

void Botan::TLS::Channel_Impl::preserve_peer_transcript ( std::span< const uint8_t > input)
inlineprotectedinherited

Definition at line 226 of file tls_channel_impl.h.

226 {
228 m_downgrade_info->peer_transcript.insert(m_downgrade_info->peer_transcript.end(), input.begin(), input.end());
229 }

References BOTAN_STATE_CHECK, and Botan::TLS::Channel_Impl::m_downgrade_info.

Referenced by from_peer().

◆ process_dummy_change_cipher_spec()

virtual void Botan::TLS::Channel_Impl_13::process_dummy_change_cipher_spec ( )
protectedpure virtual

Referenced by from_peer().

◆ process_handshake_msg()

virtual void Botan::TLS::Channel_Impl_13::process_handshake_msg ( Handshake_Message_13 msg)
protectedpure virtual

Referenced by from_peer().

◆ process_post_handshake_msg()

virtual void Botan::TLS::Channel_Impl_13::process_post_handshake_msg ( Post_Handshake_Message_13 msg)
protectedpure virtual

Referenced by from_peer().

◆ renegotiate()

void Botan::TLS::Channel_Impl_13::renegotiate ( bool )
inlineoverridevirtual

Attempt to renegotiate the session

Implements Botan::TLS::Channel_Impl.

Definition at line 185 of file tls_channel_impl_13.h.

185 {
186 throw Invalid_Argument("renegotiation is not allowed in TLS 1.3");
187 }

◆ request_downgrade()

void Botan::TLS::Channel_Impl::request_downgrade ( )
inlineprotectedinherited

Implementations use this to signal that the peer indicated a protocol version downgrade. After calling request_downgrade() no further state changes must be perfomed by the implementation. Particularly, no further handshake messages must be emitted. Instead, they must yield control flow back to the underlying Channel implementation to perform the protocol version downgrade.

Definition at line 252 of file tls_channel_impl.h.

252 {
254 m_downgrade_info->will_downgrade = true;
255 }

References BOTAN_STATE_CHECK, and Botan::TLS::Channel_Impl::m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl::request_downgrade_for_resumption().

◆ request_downgrade_for_resumption()

void Botan::TLS::Channel_Impl::request_downgrade_for_resumption ( Session_with_Handle session)
inlineprotectedinherited

Definition at line 257 of file tls_channel_impl.h.

257 {
258 BOTAN_STATE_CHECK(m_downgrade_info && m_downgrade_info->client_hello_message.empty() &&
259 m_downgrade_info->peer_transcript.empty() && !m_downgrade_info->tls12_session.has_value());
260 BOTAN_ASSERT_NOMSG(session.session.version().is_pre_tls_13());
261 m_downgrade_info->tls12_session = std::move(session);
263 }
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), Botan::TLS::Channel_Impl::m_downgrade_info, Botan::TLS::Channel_Impl::request_downgrade(), Botan::TLS::Session_with_Handle::session, and Botan::TLS::Session_Base::version().

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

◆ rng()

RandomNumberGenerator & Botan::TLS::Channel_Impl_13::rng ( )
inlineprotected

◆ secure_renegotiation_supported()

bool Botan::TLS::Channel_Impl_13::secure_renegotiation_supported ( ) const
inlineoverridevirtual
Returns
true iff the counterparty supports the secure renegotiation extensions.

Implements Botan::TLS::Channel_Impl.

Definition at line 201 of file tls_channel_impl_13.h.

201 {
202 // Secure renegotiation is not supported in TLS 1.3, though BoGo
203 // tests expect us to claim that it is available.
204 return true;
205 }

◆ send_alert()

void Botan::TLS::Channel_Impl_13::send_alert ( const Alert & alert)
overridevirtual

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters
alertthe Alert to send

Implements Botan::TLS::Channel_Impl.

Definition at line 279 of file tls_channel_impl_13.cpp.

279 {
280 if(alert.is_valid() && m_can_write) {
281 try {
282 send_record(Record_Type::Alert, alert.serialize());
283 } catch(...) { /* swallow it */
284 }
285 }
286
287 // Note: In TLS 1.3 sending a CloseNotify must not immediately lead to closing the reading end.
288 // RFC 8446 6.1
289 // Each party MUST send a "close_notify" alert before closing its write
290 // side of the connection, unless it has already sent some error alert.
291 // This does not have any effect on its read side of the connection.
292 if(is_close_notify_alert(alert) && m_can_write) {
293 m_can_write = false;
294 if(m_cipher_state) {
295 m_cipher_state->clear_write_keys();
296 }
297 }
298
299 if(is_error_alert(alert)) {
300 shutdown();
301 }
302}

References Botan::TLS::Alert, Botan::TLS::Alert::is_valid(), m_cipher_state, and Botan::TLS::Alert::serialize().

◆ send_dummy_change_cipher_spec()

void Botan::TLS::Channel_Impl_13::send_dummy_change_cipher_spec ( )
protected

Definition at line 248 of file tls_channel_impl_13.cpp.

248 {
249 // RFC 8446 5.
250 // The change_cipher_spec record is used only for compatibility purposes
251 // (see Appendix D.4).
252 //
253 // The only allowed CCS message content is 0x01, all other CCS records MUST
254 // be rejected by TLS 1.3 implementations.
255 send_record(Record_Type::ChangeCipherSpec, {0x01});
256}

References Botan::TLS::ChangeCipherSpec.

◆ send_fatal_alert()

void Botan::TLS::Channel_Impl::send_fatal_alert ( Alert::Type type)
inlineinherited

Send a fatal alert

Definition at line 75 of file tls_channel_impl.h.

75{ send_alert(Alert(type, true)); }
virtual void send_alert(const Alert &alert)=0

References Botan::TLS::Alert, and Botan::TLS::Channel_Impl::send_alert().

Referenced by Botan::TLS::Channel_Impl_12::from_peer(), and from_peer().

◆ send_handshake_message() [1/2]

template<typename... MsgTs>
std::vector< uint8_t > Botan::TLS::Channel_Impl_13::send_handshake_message ( const std::variant< MsgTs... > & message)
inlineprotected

Definition at line 241 of file tls_channel_impl_13.h.

241 {
243 }
AggregatedHandshakeMessages & add(Handshake_Message_13_Ref message)
AggregatedHandshakeMessages aggregate_handshake_messages()
constexpr GeneralVariantT generalize_to(SpecialT &&specific) noexcept
Converts a given variant into another variant-ish whose type states are a super set of the given vari...
Definition stl_util.h:314

References Botan::TLS::Channel_Impl_13::AggregatedHandshakeMessages::add(), aggregate_handshake_messages(), Botan::generalize_to(), and Botan::TLS::Channel_Impl_13::AggregatedMessages::send().

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and send_handshake_message().

◆ send_handshake_message() [2/2]

template<typename MsgT >
std::vector< uint8_t > Botan::TLS::Channel_Impl_13::send_handshake_message ( std::reference_wrapper< MsgT > message)
inlineprotected

Definition at line 246 of file tls_channel_impl_13.h.

246 {
248 }
std::vector< uint8_t > send_handshake_message(const std::variant< MsgTs... > &message)

References Botan::generalize_to(), and send_handshake_message().

◆ send_new_session_tickets()

virtual size_t Botan::TLS::Channel_Impl::send_new_session_tickets ( const size_t )
inlinevirtualinherited

Send tickets new session tickets to the peer. This is only supported on TLS 1.3 servers.

If the server's Session_Manager does not accept the generated Session objects, the server implementation won't be able to send new tickets. Additionally, anything but TLS 1.3 servers will return 0 (because they don't support sending such session tickets).

Returns
the number of session tickets successfully sent to the client

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 157 of file tls_channel_impl.h.

157{ return 0; }

◆ send_post_handshake_message()

std::vector< uint8_t > Botan::TLS::Channel_Impl_13::send_post_handshake_message ( Post_Handshake_Message_13 message)
inlineprotected

Definition at line 250 of file tls_channel_impl_13.h.

250 {
251 return aggregate_post_handshake_messages().add(std::move(message)).send();
252 }
AggregatedPostHandshakeMessages & add(Post_Handshake_Message_13 message)
AggregatedPostHandshakeMessages aggregate_post_handshake_messages()

References Botan::TLS::Channel_Impl_13::AggregatedPostHandshakeMessages::add(), aggregate_post_handshake_messages(), and Botan::TLS::Channel_Impl_13::AggregatedMessages::send().

Referenced by update_traffic_keys().

◆ send_warning_alert()

void Botan::TLS::Channel_Impl::send_warning_alert ( Alert::Type type)
inlineinherited

Send a warning alert

Definition at line 70 of file tls_channel_impl.h.

70{ send_alert(Alert(type, false)); }

References Botan::TLS::Alert, and Botan::TLS::Channel_Impl::send_alert().

Referenced by Botan::TLS::Channel_Impl::close().

◆ session_manager()

Session_Manager & Botan::TLS::Channel_Impl_13::session_manager ( )
inlineprotected

Definition at line 266 of file tls_channel_impl_13.h.

266{ return *m_session_manager; }

Referenced by Botan::TLS::Server_Impl_13::send_new_session_tickets().

◆ set_io_buffer_size()

void Botan::TLS::Channel_Impl::set_io_buffer_size ( size_t io_buf_sz)
inlineprotectedinherited

Definition at line 239 of file tls_channel_impl.h.

239 {
241 m_downgrade_info->io_buffer_size = io_buf_sz;
242 }

References BOTAN_STATE_CHECK, and Botan::TLS::Channel_Impl::m_downgrade_info.

◆ set_record_size_limits()

void Botan::TLS::Channel_Impl_13::set_record_size_limits ( uint16_t outgoing_limit,
uint16_t incoming_limit )
protected

Set the record size limits as negotiated by the "record_size_limit" extension (RFC 8449).

Parameters
outgoing_limitthe maximal number of plaintext bytes to be sent in a protected record
incoming_limitthe maximal number of plaintext bytes to be accepted in a received protected record

Definition at line 422 of file tls_channel_impl_13.cpp.

422 {
423 m_record_layer.set_record_size_limits(outgoing_limit, incoming_limit);
424}
void set_record_size_limits(uint16_t outgoing_limit, uint16_t incoming_limit)

References Botan::TLS::Record_Layer::set_record_size_limits().

◆ set_selected_certificate_type()

void Botan::TLS::Channel_Impl_13::set_selected_certificate_type ( Certificate_Type cert_type)
protected

Set the expected certificate type needed to parse Certificate messages in the handshake layer. See RFC 7250 and 8446 4.4.2 for further details.

Definition at line 426 of file tls_channel_impl_13.cpp.

426 {
427 m_handshake_layer.set_selected_certificate_type(cert_type);
428}
void set_selected_certificate_type(Certificate_Type cert_type)

References Botan::TLS::Handshake_Layer::set_selected_certificate_type().

◆ timeout_check()

bool Botan::TLS::Channel_Impl_13::timeout_check ( )
inlineoverridevirtual

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

In the TLS 1.3 implementation, this always returns false.

Implements Botan::TLS::Channel_Impl.

Definition at line 215 of file tls_channel_impl_13.h.

215{ return false; }

◆ to_peer()

void Botan::TLS::Channel_Impl_13::to_peer ( std::span< const uint8_t > data)
overridevirtual

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Implements Botan::TLS::Channel_Impl.

Definition at line 258 of file tls_channel_impl_13.cpp.

258 {
259 if(!is_active()) {
260 throw Invalid_State("Data cannot be sent on inactive TLS connection");
261 }
262
263 // RFC 8446 4.6.3
264 // If the request_update field [of a received KeyUpdate] is set to
265 // "update_requested", then the receiver MUST send a KeyUpdate of its own
266 // with request_update set to "update_not_requested" prior to sending its
267 // next Application Data record.
268 // This mechanism allows either side to force an update to the entire
269 // connection, but causes an implementation which receives multiple
270 // KeyUpdates while it is silent to respond with a single update.
271 if(m_opportunistic_key_update) {
272 update_traffic_keys(false /* update_requested */);
273 m_opportunistic_key_update = false;
274 }
275
276 send_record(Record_Type::ApplicationData, {data.begin(), data.end()});
277}
void update_traffic_keys(bool request_peer_update=false) override

References Botan::TLS::ApplicationData, is_active(), and update_traffic_keys().

◆ update_traffic_keys()

void Botan::TLS::Channel_Impl_13::update_traffic_keys ( bool request_peer_update = false)
overridevirtual

Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.

Parameters
request_peer_updateif true, require a reciprocal key update

Implements Botan::TLS::Channel_Impl.

Definition at line 317 of file tls_channel_impl_13.cpp.

317 {
321 send_post_handshake_message(Key_Update(request_peer_update));
322 m_cipher_state->update_write_keys(*this);
323}
std::vector< uint8_t > send_post_handshake_message(Post_Handshake_Message_13 message)

References BOTAN_ASSERT_NONNULL, BOTAN_STATE_CHECK, Botan::TLS::Channel_Impl::is_downgrading(), Botan::TLS::Channel_Impl::is_handshake_complete(), m_cipher_state, and send_post_handshake_message().

Referenced by to_peer().

Member Data Documentation

◆ m_cipher_state

std::unique_ptr<Cipher_State> Botan::TLS::Channel_Impl_13::m_cipher_state
protected

◆ m_downgrade_info

◆ m_side

const Connection_Side Botan::TLS::Channel_Impl_13::m_side
protected

Definition at line 286 of file tls_channel_impl_13.h.

◆ m_transcript_hash

Transcript_Hash_State Botan::TLS::Channel_Impl_13::m_transcript_hash
protected

The documentation for this class was generated from the following files: