Botan::TLS::Client_Impl_12 Class Reference

#include <tls_client_impl_12.h>

Inheritance diagram for Botan::TLS::Client_Impl_12:

Public Member Functions
std::string	application_protocol () const override
	Client_Impl_12 (const Channel_Impl::Downgrade_Information &downgrade_info)
	Client_Impl_12 (const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< Credentials_Manager > &creds, const std::shared_ptr< const Policy > &policy, const std::shared_ptr< RandomNumberGenerator > &rng, Server_Information server_info=Server_Information(), bool datagram=false, const std::vector< std::string > &next_protocols={}, size_t reserved_io_buffer_size=TLS::Channel::IO_BUF_DEFAULT_SIZE)
void	close ()
bool	expects_downgrade () const
std::optional< std::string >	external_psk_identity () const override
std::unique_ptr< Downgrade_Information >	extract_downgrade_info ()
size_t	from_peer (std::span< const uint8_t > data) override
bool	is_active () const override
bool	is_closed () const override
bool	is_closed_for_reading () const override
bool	is_closed_for_writing () const override
bool	is_downgrading () const
bool	is_handshake_complete () const override
SymmetricKey	key_material_export (std::string_view label, std::string_view context, size_t length) const override
virtual bool	new_session_ticket_supported () const
std::vector< X509_Certificate >	peer_cert_chain () const override
std::shared_ptr< const Public_Key >	peer_raw_public_key () const override
void	renegotiate (bool force_full_renegotiation=false) override
bool	secure_renegotiation_supported () const override
void	send_alert (const Alert &alert) override
void	send_fatal_alert (Alert::Type type)
virtual size_t	send_new_session_tickets (const size_t)
void	send_warning_alert (Alert::Type type)
bool	timeout_check () override
void	to_peer (std::span< const uint8_t > data) override
void	update_traffic_keys (bool request_peer_update=false) override

Protected Member Functions
void	activate_session ()
Callbacks &	callbacks () const
void	change_cipher_spec_reader (Connection_Side side)
void	change_cipher_spec_writer (Connection_Side side)
Handshake_State &	create_handshake_state (Protocol_Version version)
void	inspect_handshake_message (const Handshake_Message &msg)
virtual std::unique_ptr< Handshake_State >	new_handshake_state (std::unique_ptr< class Handshake_IO > io)=0
const Policy &	policy () const
void	preserve_client_hello (std::span< const uint8_t > msg)
void	preserve_peer_transcript (std::span< const uint8_t > input)
void	request_downgrade ()
void	request_downgrade_for_resumption (Session_with_Handle session)
void	reset_active_association_state ()
RandomNumberGenerator &	rng ()
void	secure_renegotiation_check (const Client_Hello_12 *client_hello)
void	secure_renegotiation_check (const Server_Hello_12 *server_hello)
std::vector< uint8_t >	secure_renegotiation_data_for_client_hello () const
std::vector< uint8_t >	secure_renegotiation_data_for_server_hello () const
Session_Manager &	session_manager ()
void	set_io_buffer_size (size_t io_buf_sz)

Protected Attributes
std::unique_ptr< Downgrade_Information >	m_downgrade_info

Detailed Description

SSL/TLS Client 1.2 implementation

Definition at line 23 of file tls_client_impl_12.h.

Constructor & Destructor Documentation

Client_Impl_12() [1/2]

Botan::TLS::Client_Impl_12::Client_Impl_12 ( const std::shared_ptr< Callbacks > & callbacks, const std::shared_ptr< Session_Manager > & session_manager, const std::shared_ptr< Credentials_Manager > & creds, const std::shared_ptr< const Policy > & policy, const std::shared_ptr< RandomNumberGenerator > & rng, Server_Information server_info = Server_Information(), bool datagram = false, const std::vector< std::string > & next_protocols = {}, size_t reserved_io_buffer_size = TLS::Channel::IO_BUF_DEFAULT_SIZE )

explicit

Set up a new TLS client session

Parameters

callbacks	contains a set of callback function references required by the TLS client.
session_manager	manages session state
creds	manages application/user credentials
policy	specifies other connection policy information
rng	a random number generator
server_info	is identifying information about the TLS server
datagram	specifies whether to use TLS 1.2 or DTLS 1.2
next_protocols	specifies protocols to advertise with ALPN
reserved_io_buffer_size	This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely.

Definition at line 85 of file tls_client_impl_12.cpp.

                                                 :
      Channel_Impl_12(callbacks, session_manager, rng, policy, false, datagram, io_buf_sz),
      m_creds(creds),
      m_info(std::move(info)) {
   BOTAN_ASSERT_NONNULL(m_creds);
   const auto version = datagram ? Protocol_Version::DTLS_V12 : Protocol_Version::TLS_V12;
   Handshake_State& state = create_handshake_state(version);
   send_client_hello(state, false, version, std::nullopt /* no a-priori session to resume */, next_protocols);
}

References BOTAN_ASSERT_NONNULL, Botan::TLS::Channel_Impl_12::callbacks(), Botan::TLS::Channel_Impl_12::Channel_Impl_12(), Botan::TLS::Channel_Impl_12::create_handshake_state(), Botan::TLS::Channel_Impl_12::policy(), Botan::TLS::Channel_Impl_12::rng(), and Botan::TLS::Channel_Impl_12::session_manager().

Client_Impl_12() [2/2]

Botan::TLS::Client_Impl_12::Client_Impl_12 ( const Channel_Impl::Downgrade_Information & downgrade_info )

explicit

Definition at line 103 of file tls_client_impl_12.cpp.

                                                                                      :
      Channel_Impl_12(downgrade_info.callbacks,
                      downgrade_info.session_manager,
                      downgrade_info.rng,
                      downgrade_info.policy,
                      false /* is_server */,
                      false /* datagram -- not supported by Botan in TLS 1.3 */,
                      downgrade_info.io_buffer_size),
      m_creds(downgrade_info.creds),
      m_info(downgrade_info.server_info) {
   Handshake_State& state = create_handshake_state(Protocol_Version::TLS_V12);
 
   if(!downgrade_info.client_hello_message.empty()) {
      // Downgrade detected after receiving a TLS 1.2 server hello. We need to
      // recreate the state as if this implementation issued the client hello.
      const std::vector<uint8_t> client_hello_msg(
         downgrade_info.client_hello_message.begin() + 4 /* handshake header length */,
         downgrade_info.client_hello_message.end());
 
      state.client_hello(std::make_unique<Client_Hello_12>(client_hello_msg));
      state.hash().update(downgrade_info.client_hello_message);
 
      secure_renegotiation_check(state.client_hello());
      state.set_expected_next(Handshake_Type::ServerHello);
   } else {
      // Downgrade initiated after a TLS 1.2 session was found. No communication
      // has happened yet but the found session should be used for resumption.
      BOTAN_ASSERT_NOMSG(downgrade_info.tls12_session.has_value() &&
                         downgrade_info.tls12_session->session.version().is_pre_tls_13());
      send_client_hello(state,
                        false,
                        downgrade_info.tls12_session->session.version(),
                        downgrade_info.tls12_session,
                        downgrade_info.next_protocols);
   }
}

References BOTAN_ASSERT_NOMSG, Botan::TLS::Channel_Impl_12::callbacks(), Botan::TLS::Channel_Impl_12::Channel_Impl_12(), Botan::TLS::Handshake_State::client_hello(), Botan::TLS::Channel_Impl::Downgrade_Information::client_hello_message, Botan::TLS::Channel_Impl_12::create_handshake_state(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Channel_Impl::Downgrade_Information::next_protocols, Botan::TLS::Channel_Impl_12::policy(), Botan::TLS::Channel_Impl_12::rng(), Botan::TLS::Channel_Impl_12::secure_renegotiation_check(), Botan::TLS::ServerHello, Botan::TLS::Channel_Impl_12::session_manager(), Botan::TLS::Handshake_State::set_expected_next(), Botan::TLS::Channel_Impl::Downgrade_Information::tls12_session, and Botan::TLS::Handshake_Hash::update().

Member Function Documentation

activate_session()

void Botan::TLS::Channel_Impl_12::activate_session ( )

protectedinherited

Definition at line 259 of file tls_channel_impl_12.cpp.

                                       {
   std::swap(m_active_state, m_pending_state);
   m_pending_state.reset();
 
   if(!m_active_state->version().is_datagram_protocol()) {
      // TLS is easy just remove all but the current state
      const uint16_t current_epoch = sequence_numbers().current_write_epoch();
 
      const auto not_current_epoch = [current_epoch](uint16_t epoch) { return (epoch != current_epoch); };
 
      map_remove_if(not_current_epoch, m_write_cipher_states);
      map_remove_if(not_current_epoch, m_read_cipher_states);
   }
 
   callbacks().tls_session_activated();
}

References callbacks(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().

application_protocol()

std::string Botan::TLS::Client_Impl_12::application_protocol ( ) const

inlineoverridevirtual

Returns

network protocol as advertised by the TLS server, if server sent the ALPN extension

Implements Botan::TLS::Channel_Impl.

Definition at line 64 of file tls_client_impl_12.h.

{ return m_application_protocol; }

callbacks()

Callbacks & Botan::TLS::Channel_Impl_12::callbacks ( ) const

inlineprotectedinherited

Definition at line 183 of file tls_channel_impl_12.h.

{ return *m_callbacks; }

Referenced by activate_session(), Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

change_cipher_spec_reader()

void Botan::TLS::Channel_Impl_12::change_cipher_spec_reader ( Connection_Side side )

protectedinherited

Definition at line 195 of file tls_channel_impl_12.cpp.

                                                                    {
   const auto* pending = pending_state();
 
   BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello");
 
   if(pending->server_hello()->compression_method() != 0) {
      throw Internal_Error("Negotiated unknown compression algorithm");
   }
 
   sequence_numbers().new_read_cipher_state();
 
   const uint16_t epoch = sequence_numbers().current_read_epoch();
 
   BOTAN_ASSERT(!m_read_cipher_states.contains(epoch), "No read cipher state currently set for next epoch");
 
   // flip side as we are reading
   auto read_state = std::make_shared<Connection_Cipher_State>(
      pending->version(),
      (side == Connection_Side::Client) ? Connection_Side::Server : Connection_Side::Client,
      false,
      pending->ciphersuite(),
      pending->session_keys(),
      pending->server_hello()->supports_encrypt_then_mac());
 
   m_read_cipher_states[epoch] = read_state;
}

References BOTAN_ASSERT, Botan::TLS::Client, and Botan::TLS::Server.

change_cipher_spec_writer()

void Botan::TLS::Channel_Impl_12::change_cipher_spec_writer ( Connection_Side side )

protectedinherited

Definition at line 222 of file tls_channel_impl_12.cpp.

                                                                    {
   const auto* pending = pending_state();
 
   BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello");
 
   if(pending->server_hello()->compression_method() != 0) {
      throw Internal_Error("Negotiated unknown compression algorithm");
   }
 
   sequence_numbers().new_write_cipher_state();
 
   const uint16_t epoch = sequence_numbers().current_write_epoch();
 
   BOTAN_ASSERT(!m_write_cipher_states.contains(epoch), "No write cipher state currently set for next epoch");
 
   auto write_state = std::make_shared<Connection_Cipher_State>(pending->version(),
                                                                side,
                                                                true,
                                                                pending->ciphersuite(),
                                                                pending->session_keys(),
                                                                pending->server_hello()->supports_encrypt_then_mac());
 
   m_write_cipher_states[epoch] = write_state;
}

References BOTAN_ASSERT.

close()

void Botan::TLS::Channel_Impl::close ( )

inlineinherited

Send a close notification alert

Definition at line 76 of file tls_channel_impl.h.

{ send_warning_alert(Alert::CloseNotify); }

References send_warning_alert().

create_handshake_state()

Handshake_State & Botan::TLS::Channel_Impl_12::create_handshake_state ( Protocol_Version version )

protectedinherited

Definition at line 114 of file tls_channel_impl_12.cpp.

                                                                                 {
   if(pending_state() != nullptr) {
      throw Internal_Error("create_handshake_state called during handshake");
   }
 
   if(const auto* active = active_state()) {
      const Protocol_Version active_version = active->version();
 
      if(active_version.is_datagram_protocol() != version.is_datagram_protocol()) {
         throw TLS_Exception(Alert::ProtocolVersion,
                             "Active state using version " + active_version.to_string() + " cannot change to " +
                                version.to_string() + " in pending");
      }
   }
 
   if(!m_sequence_numbers) {
      if(version.is_datagram_protocol()) {
         m_sequence_numbers = std::make_unique<Datagram_Sequence_Numbers>();
      } else {
         m_sequence_numbers = std::make_unique<Stream_Sequence_Numbers>();
      }
   }
 
   using namespace std::placeholders;
 
   std::unique_ptr<Handshake_IO> io;
   if(version.is_datagram_protocol()) {
      const uint16_t mtu = static_cast<uint16_t>(policy().dtls_default_mtu());
      const size_t initial_timeout_ms = policy().dtls_initial_timeout();
      const size_t max_timeout_ms = policy().dtls_maximum_timeout();
 
      auto send_record_f = [this](uint16_t epoch, Record_Type record_type, const std::vector<uint8_t>& record) {
         send_record_under_epoch(epoch, record_type, record);
      };
      io = std::make_unique<Datagram_Handshake_IO>(
         send_record_f, sequence_numbers(), mtu, initial_timeout_ms, max_timeout_ms);
   } else {
      auto send_record_f = [this](Record_Type rec_type, const std::vector<uint8_t>& record) {
         send_record(rec_type, record);
      };
      io = std::make_unique<Stream_Handshake_IO>(send_record_f);
   }
 
   m_pending_state = new_handshake_state(std::move(io));
 
   if(const auto* active = active_state()) {
      m_pending_state->set_version(active->version());
   }
 
   return *m_pending_state;
}

References Botan::TLS::Policy::dtls_default_mtu(), Botan::TLS::Policy::dtls_initial_timeout(), Botan::TLS::Policy::dtls_maximum_timeout(), Botan::TLS::Protocol_Version::is_datagram_protocol(), new_handshake_state(), policy(), and Botan::TLS::Protocol_Version::to_string().

Referenced by Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), and renegotiate().

expects_downgrade()

bool Botan::TLS::Channel_Impl::expects_downgrade ( ) const

inlineinherited

Definition at line 276 of file tls_channel_impl.h.

{ return m_downgrade_info != nullptr; }

References m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and Botan::TLS::Channel_Impl_13::from_peer().

external_psk_identity()

std::optional< std::string > Botan::TLS::Channel_Impl_12::external_psk_identity ( ) const

overridevirtualinherited

Returns

identity of the PSK used for this connection or std::nullopt if no PSK was used.

Implements Botan::TLS::Channel_Impl.

Definition at line 105 of file tls_channel_impl_12.cpp.

                                                                    {
   const auto* state = (active_state() != nullptr) ? active_state() : pending_state();
   if(state != nullptr) {
      return state->psk_identity();
   } else {
      return std::nullopt;
   }
}

extract_downgrade_info()

std::unique_ptr< Downgrade_Information > Botan::TLS::Channel_Impl::extract_downgrade_info ( )

inlineinherited

See also

Downgrade_Information

Definition at line 274 of file tls_channel_impl.h.

{ return std::exchange(m_downgrade_info, {}); }

References m_downgrade_info.

from_peer()

size_t Botan::TLS::Channel_Impl_12::from_peer ( std::span< const uint8_t > data )

overridevirtualinherited

Inject TLS traffic received from counterparty

Returns

a hint as the how many more bytes we need to q the current record (this may be 0 if on a record boundary)

Implements Botan::TLS::Channel_Impl.

Definition at line 276 of file tls_channel_impl_12.cpp.

                                                             {
   const bool allow_epoch0_restart = m_is_datagram && m_is_server && policy().allow_dtls_epoch0_restart();
 
   const auto* input = data.data();
   auto input_size = data.size();
 
   try {
      while(input_size > 0) {
         size_t consumed = 0;
 
         auto get_epoch = [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); };
 
         const Record_Header record = read_record(m_is_datagram,
                                                  m_readbuf,
                                                  input,
                                                  input_size,
                                                  consumed,
                                                  m_record_buf,
                                                  m_sequence_numbers.get(),
                                                  get_epoch,
                                                  allow_epoch0_restart);
 
         const size_t needed = record.needed();
 
         BOTAN_ASSERT(consumed > 0, "Got to eat something");
 
         BOTAN_ASSERT(consumed <= input_size, "Record reader consumed sane amount");
 
         input += consumed;
         input_size -= consumed;
 
         BOTAN_ASSERT(input_size == 0 || needed == 0, "Got a full record or consumed all input");
 
         if(input_size == 0 && needed != 0) {
            return needed;  // need more data to complete record
         }
 
         // Ignore invalid records in DTLS
         if(m_is_datagram && record.type() == Record_Type::Invalid) {
            return 0;
         }
 
         if(m_record_buf.size() > MAX_PLAINTEXT_SIZE) {
            throw TLS_Exception(Alert::RecordOverflow, "TLS plaintext record is larger than allowed maximum");
         }
 
         const bool epoch0_restart = m_is_datagram && record.epoch() == 0 && active_state() != nullptr;
         BOTAN_ASSERT_IMPLICATION(epoch0_restart, allow_epoch0_restart, "Allowed state");
 
         const bool initial_record = epoch0_restart || (pending_state() == nullptr && active_state() == nullptr);
         bool initial_handshake_message = false;
         if(record.type() == Record_Type::Handshake && !m_record_buf.empty()) {
            const Handshake_Type type = static_cast<Handshake_Type>(m_record_buf[0]);
            initial_handshake_message = (type == Handshake_Type::ClientHello);
         }
 
         if(record.type() != Record_Type::Alert) {
            if(initial_record) {
               // For initial records just check for basic sanity
               if(record.version().major_version() != 3 && record.version().major_version() != 0xFE) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version in initial record");
               }
            } else if(const auto* pending = pending_state()) {
               if(pending->server_hello() != nullptr && !initial_handshake_message &&
                  record.version() != pending->version()) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version");
               }
            } else if(const auto* active = active_state()) {
               if(record.version() != active->version() && !initial_handshake_message) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version");
               }
            }
         }
 
         if(record.type() == Record_Type::Handshake || record.type() == Record_Type::ChangeCipherSpec) {
            if(m_has_been_closed) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Received handshake data after connection closure");
            }
            process_handshake_ccs(m_record_buf, record.sequence(), record.type(), record.version(), epoch0_restart);
         } else if(record.type() == Record_Type::ApplicationData) {
            if(m_has_been_closed) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Received application data after connection closure");
            }
            if(pending_state() != nullptr) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Can't interleave application and handshake data");
            }
            process_application_data(record.sequence(), m_record_buf);
         } else if(record.type() == Record_Type::Alert) {
            process_alert(m_record_buf);
         } else if(record.type() != Record_Type::Invalid) {
            throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast<size_t>(record.type())) +
                                     " from counterparty");
         }
      }
 
      return 0;  // on a record boundary
   } catch(TLS_Exception& e) {
      send_fatal_alert(e.type());
      throw;
   } catch(Invalid_Authentication_Tag&) {
      send_fatal_alert(Alert::BadRecordMac);
      throw;
   } catch(Decoding_Error&) {
      send_fatal_alert(Alert::DecodeError);
      throw;
   } catch(...) {
      send_fatal_alert(Alert::InternalError);
      throw;
   }
}

References Botan::TLS::Alert, Botan::TLS::Policy::allow_dtls_epoch0_restart(), Botan::TLS::ApplicationData, BOTAN_ASSERT, BOTAN_ASSERT_IMPLICATION, Botan::TLS::ChangeCipherSpec, Botan::TLS::ClientHello, Botan::TLS::Record_Header::epoch(), Botan::TLS::Handshake, Botan::TLS::Invalid, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Record_Header::needed(), policy(), Botan::TLS::read_record(), Botan::TLS::Channel_Impl::send_fatal_alert(), Botan::TLS::Record_Header::sequence(), Botan::TLS::Record_Header::type(), Botan::TLS::TLS_Exception::type(), and Botan::TLS::Record_Header::version().

inspect_handshake_message()

void Botan::TLS::Channel_Impl_12::inspect_handshake_message ( const Handshake_Message & msg )

protectedinherited

is_active()

bool Botan::TLS::Channel_Impl_12::is_active ( ) const

overridevirtualinherited

Returns

true iff the connection is active for sending application data

Implements Botan::TLS::Channel_Impl.

Definition at line 251 of file tls_channel_impl_12.cpp.

                                      {
   return !is_closed() && is_handshake_complete();
}

References is_closed(), and is_handshake_complete().

Referenced by to_peer().

is_closed()

bool Botan::TLS::Channel_Impl_12::is_closed ( ) const

overridevirtualinherited

Returns

true iff the connection has been definitely closed

Implements Botan::TLS::Channel_Impl.

Definition at line 255 of file tls_channel_impl_12.cpp.

                                      {
   return m_has_been_closed;
}

Referenced by is_active(), is_closed_for_reading(), is_closed_for_writing(), and send_alert().

is_closed_for_reading()

bool Botan::TLS::Channel_Impl_12::is_closed_for_reading ( ) const

inlineoverridevirtualinherited

Returns

true iff the connection is active for sending application data

Implements Botan::TLS::Channel_Impl.

Definition at line 94 of file tls_channel_impl_12.h.

{ return is_closed(); }

References is_closed().

is_closed_for_writing()

bool Botan::TLS::Channel_Impl_12::is_closed_for_writing ( ) const

inlineoverridevirtualinherited

Returns

true iff the connection has been definitely closed

Implements Botan::TLS::Channel_Impl.

Definition at line 96 of file tls_channel_impl_12.h.

{ return is_closed(); }

References is_closed().

is_downgrading()

bool Botan::TLS::Channel_Impl::is_downgrading ( ) const

inlineinherited

Indicates whether a downgrade to TLS 1.2 or lower is in progress

See also

Downgrade_Information

Definition at line 269 of file tls_channel_impl.h.

{ return m_downgrade_info && m_downgrade_info->will_downgrade; }

References m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer(), Botan::TLS::Channel_Impl_13::key_material_export(), and Botan::TLS::Channel_Impl_13::update_traffic_keys().

is_handshake_complete()

bool Botan::TLS::Channel_Impl_12::is_handshake_complete ( ) const

overridevirtualinherited

Returns

true iff the TLS handshake completed successfully

Implements Botan::TLS::Channel_Impl.

Definition at line 247 of file tls_channel_impl_12.cpp.

                                                  {
   return (active_state() != nullptr);
}

Referenced by is_active().

key_material_export()

SymmetricKey Botan::TLS::Channel_Impl_12::key_material_export ( std::string_view label, std::string_view context, size_t length ) const

overridevirtualinherited

Key material export (RFC 5705)

Parameters

label	a disambiguating label string
context	a per-association context value
length	the length of the desired key in bytes

Returns

key of length bytes

Implements Botan::TLS::Channel_Impl.

Definition at line 639 of file tls_channel_impl_12.cpp.

                                                                       {
   if(const auto* active = active_state()) {
      if(pending_state() != nullptr) {
         throw Invalid_State("Channel_Impl_12::key_material_export cannot export during renegotiation");
      }
 
      auto prf = active->protocol_specific_prf();
 
      const secure_vector<uint8_t>& master_secret = active->session_keys().master_secret();
 
      BOTAN_ASSERT_NONNULL(active->client_hello());
      BOTAN_ASSERT_NONNULL(active->server_hello());
      std::vector<uint8_t> salt;
      salt += active->client_hello()->random();
      salt += active->server_hello()->random();
 
      if(!context.empty()) {
         const size_t context_size = context.length();
         if(context_size > 0xFFFF) {
            throw Invalid_Argument("key_material_export context is too long");
         }
         salt.push_back(get_byte<0>(static_cast<uint16_t>(context_size)));
         salt.push_back(get_byte<1>(static_cast<uint16_t>(context_size)));
         salt += as_span_of_bytes(context);
      }
 
      return SymmetricKey(prf->derive_key(length, master_secret, salt, as_span_of_bytes(label)));
   } else {
      throw Invalid_State("Channel_Impl_12::key_material_export connection not active");
   }
}

References Botan::as_span_of_bytes(), BOTAN_ASSERT_NONNULL, and Botan::get_byte().

new_handshake_state()

virtual std::unique_ptr< Handshake_State > Botan::TLS::Channel_Impl_12::new_handshake_state ( std::unique_ptr< class Handshake_IO > io )

protectedpure virtualinherited

Referenced by create_handshake_state().

new_session_ticket_supported()

virtual bool Botan::TLS::Channel_Impl::new_session_ticket_supported ( ) const

inlinevirtualinherited

Returns

true if this channel can issue TLS 1.3 style session tickets.

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 140 of file tls_channel_impl.h.

{ return false; }

peer_cert_chain()

std::vector< X509_Certificate > Botan::TLS::Channel_Impl_12::peer_cert_chain ( ) const

overridevirtualinherited

Returns

certificate chain of the peer (may be empty)

Implements Botan::TLS::Channel_Impl.

Definition at line 98 of file tls_channel_impl_12.cpp.

                                                                   {
   if(const auto* active = active_state()) {
      return get_peer_cert_chain(*active);
   }
   return std::vector<X509_Certificate>();
}

References get_peer_cert_chain().

peer_raw_public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Channel_Impl_12::peer_raw_public_key ( ) const

inlineoverridevirtualinherited

Note: Raw public key for authentication (RFC7250) is currently not implemented for TLS 1.2.

Returns

raw public key of the peer (will be nullptr)

Implements Botan::TLS::Channel_Impl.

Definition at line 109 of file tls_channel_impl_12.h.

{ return nullptr; }

policy()

const Policy & Botan::TLS::Channel_Impl_12::policy ( ) const

inlineprotectedinherited

Definition at line 181 of file tls_channel_impl_12.h.

{ return *m_policy; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), create_handshake_state(), from_peer(), renegotiate(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

preserve_client_hello()

void Botan::TLS::Channel_Impl::preserve_client_hello ( std::span< const uint8_t > msg )

inlineprotectedinherited

Definition at line 229 of file tls_channel_impl.h.

                                                             {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->client_hello_message.assign(msg.begin(), msg.end());
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

preserve_peer_transcript()

void Botan::TLS::Channel_Impl::preserve_peer_transcript ( std::span< const uint8_t > input )

inlineprotectedinherited

Definition at line 224 of file tls_channel_impl.h.

                                                                  {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->peer_transcript.insert(m_downgrade_info->peer_transcript.end(), input.begin(), input.end());
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer().

renegotiate()

void Botan::TLS::Channel_Impl_12::renegotiate ( bool force_full_renegotiation = false )

overridevirtualinherited

Attempt to renegotiate the session

Parameters

force_full_renegotiation

if true, require a full renegotiation, otherwise allow session resumption

Implements Botan::TLS::Channel_Impl.

Definition at line 175 of file tls_channel_impl_12.cpp.

                                                               {
   if(pending_state() != nullptr) {  // currently in handshake?
      return;
   }
 
   if(const auto* active = active_state()) {
      if(!force_full_renegotiation) {
         force_full_renegotiation = !policy().allow_resumption_for_renegotiation();
      }
 
      initiate_handshake(create_handshake_state(active->version()), force_full_renegotiation);
   } else {
      throw Invalid_State("Cannot renegotiate on inactive connection");
   }
}

References Botan::TLS::Policy::allow_resumption_for_renegotiation(), create_handshake_state(), initiate_handshake(), and policy().

request_downgrade()

void Botan::TLS::Channel_Impl::request_downgrade ( )

inlineprotectedinherited

Implementations use this to signal that the peer indicated a protocol version downgrade. After calling request_downgrade() no further state changes must be performed by the implementation. Particularly, no further handshake messages must be emitted. Instead, they must yield control flow back to the underlying Channel implementation to perform the protocol version downgrade.

Definition at line 250 of file tls_channel_impl.h.

                               {
         BOTAN_STATE_CHECK(m_downgrade_info && !m_downgrade_info->will_downgrade);
         m_downgrade_info->will_downgrade = true;
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by request_downgrade_for_resumption().

request_downgrade_for_resumption()

void Botan::TLS::Channel_Impl::request_downgrade_for_resumption ( Session_with_Handle session )

inlineprotectedinherited

Definition at line 255 of file tls_channel_impl.h.

                                                                         {
         BOTAN_STATE_CHECK(m_downgrade_info && m_downgrade_info->client_hello_message.empty() &&
                           m_downgrade_info->peer_transcript.empty() && !m_downgrade_info->tls12_session.has_value());
         BOTAN_ASSERT_NOMSG(session.session.version().is_pre_tls_13());
         m_downgrade_info->tls12_session = std::move(session);
         request_downgrade();
      }

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), m_downgrade_info, request_downgrade(), Botan::TLS::Session_with_Handle::session, and Botan::TLS::Session_Base::version().

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

reset_active_association_state()

void Botan::TLS::Channel_Impl_12::reset_active_association_state ( )

protectedinherited

Definition at line 60 of file tls_channel_impl_12.cpp.

                                                     {
   // This operation only makes sense for DTLS
   BOTAN_ASSERT_NOMSG(m_is_datagram);
   m_active_state.reset();
   m_read_cipher_states.clear();
   m_write_cipher_states.clear();
 
   m_write_cipher_states[0] = nullptr;
   m_read_cipher_states[0] = nullptr;
 
   if(m_sequence_numbers) {
      m_sequence_numbers->reset();  // NOLINT(*-ambiguous-smartptr-reset-call)
   }
}

References BOTAN_ASSERT_NOMSG.

rng()

RandomNumberGenerator & Botan::TLS::Channel_Impl_12::rng ( )

inlineprotectedinherited

Definition at line 177 of file tls_channel_impl_12.h.

{ return *m_rng; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

secure_renegotiation_check() [1/2]

void Botan::TLS::Channel_Impl_12::secure_renegotiation_check ( const Client_Hello_12 * client_hello )

protectedinherited

Definition at line 561 of file tls_channel_impl_12.cpp.

                                                                                    {
   BOTAN_ASSERT_NONNULL(client_hello);
   const bool secure_renegotiation = client_hello->secure_renegotiation();
 
   if(const auto* active = active_state()) {
      BOTAN_ASSERT_NONNULL(active->client_hello());
      const bool active_sr = active->client_hello()->secure_renegotiation();
 
      if(active_sr != secure_renegotiation) {
         throw TLS_Exception(Alert::HandshakeFailure, "Client changed its mind about secure renegotiation");
      }
   }
 
   if(secure_renegotiation) {
      const std::vector<uint8_t>& data = client_hello->renegotiation_info();
 
      if(data != secure_renegotiation_data_for_client_hello()) {
         throw TLS_Exception(Alert::HandshakeFailure, "Client sent bad values for secure renegotiation");
      }
   }
}

References BOTAN_ASSERT_NONNULL, Botan::TLS::Client_Hello_12::renegotiation_info(), Botan::TLS::Client_Hello_12::secure_renegotiation(), and secure_renegotiation_data_for_client_hello().

Referenced by Botan::TLS::Client_Impl_12::Client_Impl_12().

secure_renegotiation_check() [2/2]

void Botan::TLS::Channel_Impl_12::secure_renegotiation_check ( const Server_Hello_12 * server_hello )

protectedinherited

Definition at line 583 of file tls_channel_impl_12.cpp.

                                                                                    {
   BOTAN_ASSERT_NONNULL(server_hello);
   const bool secure_renegotiation = server_hello->secure_renegotiation();
 
   if(const auto* active = active_state()) {
      BOTAN_ASSERT_NONNULL(active->server_hello());
      const bool active_sr = active->server_hello()->secure_renegotiation();
 
      if(active_sr != secure_renegotiation) {
         throw TLS_Exception(Alert::HandshakeFailure, "Server changed its mind about secure renegotiation");
      }
   }
 
   if(secure_renegotiation) {
      const std::vector<uint8_t>& data = server_hello->renegotiation_info();
 
      if(data != secure_renegotiation_data_for_server_hello()) {
         throw TLS_Exception(Alert::HandshakeFailure, "Server sent bad values for secure renegotiation");
      }
   }
}

References BOTAN_ASSERT_NONNULL, Botan::TLS::Server_Hello_12::renegotiation_info(), Botan::TLS::Server_Hello_12::secure_renegotiation(), and secure_renegotiation_data_for_server_hello().

secure_renegotiation_data_for_client_hello()

std::vector< uint8_t > Botan::TLS::Channel_Impl_12::secure_renegotiation_data_for_client_hello ( ) const

protectedinherited

Definition at line 605 of file tls_channel_impl_12.cpp.

                                                                                     {
   if(const auto* active = active_state()) {
      BOTAN_ASSERT_NONNULL(active->client_finished());
      return active->client_finished()->verify_data();
   }
   return std::vector<uint8_t>();
}

References BOTAN_ASSERT_NONNULL.

Referenced by secure_renegotiation_check().

secure_renegotiation_data_for_server_hello()

std::vector< uint8_t > Botan::TLS::Channel_Impl_12::secure_renegotiation_data_for_server_hello ( ) const

protectedinherited

Definition at line 613 of file tls_channel_impl_12.cpp.

                                                                                     {
   if(const auto* active = active_state()) {
      BOTAN_ASSERT_NONNULL(active->client_finished());
      BOTAN_ASSERT_NONNULL(active->server_finished());
      std::vector<uint8_t> buf = active->client_finished()->verify_data();
      buf += active->server_finished()->verify_data();
      return buf;
   }
 
   return std::vector<uint8_t>();
}

References BOTAN_ASSERT_NONNULL.

Referenced by secure_renegotiation_check().

secure_renegotiation_supported()

bool Botan::TLS::Channel_Impl_12::secure_renegotiation_supported ( ) const

overridevirtualinherited

Returns

true iff the counterparty supports the secure renegotiation extensions.

Implements Botan::TLS::Channel_Impl.

Definition at line 625 of file tls_channel_impl_12.cpp.

                                                           {
   if(const auto* active = active_state()) {
      return active->server_hello()->secure_renegotiation();
   }
 
   if(const auto* pending = pending_state()) {
      if(const auto* hello = pending->server_hello()) {
         return hello->secure_renegotiation();
      }
   }
 
   return false;
}

send_alert()

void Botan::TLS::Channel_Impl_12::send_alert ( const Alert & alert )

overridevirtualinherited

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters

alert

the Alert to send

Implements Botan::TLS::Channel_Impl.

Definition at line 532 of file tls_channel_impl_12.cpp.

                                                   {
   const bool ready_to_send_anything = !is_closed() && m_sequence_numbers;
   if(alert.is_valid() && ready_to_send_anything) {
      try {
         send_record(Record_Type::Alert, alert.serialize());
      } catch(...) { /* swallow it */
      }
   }
 
   if(alert.type() == Alert::NoRenegotiation) {
      m_pending_state.reset();
   }
 
   if(alert.is_fatal()) {
      if(const auto* active = active_state()) {
         BOTAN_ASSERT_NONNULL(active->server_hello());
         const auto& session_id = active->server_hello()->session_id();
         if(!session_id.empty()) {
            session_manager().remove(Session_Handle(Session_ID(session_id)));
         }
      }
      reset_state();
   }
 
   if(alert.type() == Alert::CloseNotify || alert.is_fatal()) {
      m_has_been_closed = true;
   }
}

References Botan::TLS::Alert, BOTAN_ASSERT_NONNULL, is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Session_Manager::remove(), Botan::TLS::Alert::serialize(), session_manager(), and Botan::TLS::Alert::type().

send_fatal_alert()

void Botan::TLS::Channel_Impl::send_fatal_alert ( Alert::Type type )

inlineinherited

Send a fatal alert

Definition at line 71 of file tls_channel_impl.h.

{ send_alert(Alert(type, true)); }

References Botan::TLS::Alert, and send_alert().

Referenced by Botan::TLS::Channel_Impl_12::from_peer(), and Botan::TLS::Channel_Impl_13::from_peer().

send_new_session_tickets()

virtual size_t Botan::TLS::Channel_Impl::send_new_session_tickets ( const size_t )

inlinevirtualinherited

Send tickets new session tickets to the peer. This is only supported on TLS 1.3 servers.

If the server's Session_Manager does not accept the generated Session objects, the server implementation won't be able to send new tickets. Additionally, anything but TLS 1.3 servers will return 0 (because they don't support sending such session tickets).

Returns

the number of session tickets successfully sent to the client

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 153 of file tls_channel_impl.h.

{ return 0; }

send_warning_alert()

void Botan::TLS::Channel_Impl::send_warning_alert ( Alert::Type type )

inlineinherited

Send a warning alert

Definition at line 66 of file tls_channel_impl.h.

{ send_alert(Alert(type, false)); }

References Botan::TLS::Alert, and send_alert().

Referenced by close().

session_manager()

Session_Manager & Botan::TLS::Channel_Impl_12::session_manager ( )

inlineprotectedinherited

Definition at line 179 of file tls_channel_impl_12.h.

{ return *m_session_manager; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), send_alert(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

set_io_buffer_size()

void Botan::TLS::Channel_Impl::set_io_buffer_size ( size_t io_buf_sz )

inlineprotectedinherited

Definition at line 237 of file tls_channel_impl.h.

                                                {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->io_buffer_size = io_buf_sz;
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

timeout_check()

bool Botan::TLS::Channel_Impl_12::timeout_check ( )

overridevirtualinherited

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Implements Botan::TLS::Channel_Impl.

Definition at line 166 of file tls_channel_impl_12.cpp.

                                    {
   if(m_pending_state) {
      return m_pending_state->handshake_io().timeout_check();
   }
 
   //FIXME: scan cipher suites and remove epochs older than 2*MSL
   return false;
}

to_peer()

void Botan::TLS::Channel_Impl_12::to_peer ( std::span< const uint8_t > data )

overridevirtualinherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Implements Botan::TLS::Channel_Impl.

Definition at line 524 of file tls_channel_impl_12.cpp.

                                                         {
   if(!is_active()) {
      throw Invalid_State("Data cannot be sent on inactive TLS connection");
   }
 
   send_record_array(sequence_numbers().current_write_epoch(), Record_Type::ApplicationData, data.data(), data.size());
}

References Botan::TLS::ApplicationData, and is_active().

update_traffic_keys()

void Botan::TLS::Channel_Impl_12::update_traffic_keys ( bool request_peer_update = false )

overridevirtualinherited

Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.

Parameters

request_peer_update

if true, require a reciprocal key update

Implements Botan::TLS::Channel_Impl.

Definition at line 191 of file tls_channel_impl_12.cpp.

                                                {
   throw Invalid_Argument("cannot update traffic keys on a TLS 1.2 channel");
}

Member Data Documentation

m_downgrade_info

std::unique_ptr<Downgrade_Information> Botan::TLS::Channel_Impl::m_downgrade_info

protectedinherited

Definition at line 222 of file tls_channel_impl.h.

Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade(), expects_downgrade(), extract_downgrade_info(), Botan::TLS::Channel_Impl_13::from_peer(), is_downgrading(), preserve_client_hello(), preserve_peer_transcript(), request_downgrade(), request_downgrade_for_resumption(), and set_io_buffer_size().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls12/tls_client_impl_12.h
• src/lib/tls/tls12/tls_client_impl_12.cpp