9#include <botan/tls_channel.h>
10#include <botan/tls_policy.h>
11#include <botan/tls_messages.h>
13#include <botan/internal/tls_handshake_state.h>
14#include <botan/internal/tls_record.h>
15#include <botan/internal/tls_seq_numbers.h>
16#include <botan/internal/rounding.h>
17#include <botan/internal/stl_util.h>
18#include <botan/loadstor.h>
32 size_t reserved_io_buffer_size) :
33 m_is_server(is_server),
34 m_is_datagram(is_datagram),
35 m_callbacks(callbacks),
36 m_session_manager(session_manager),
39 m_has_been_closed(false)
41 init(reserved_io_buffer_size);
55 m_is_server(is_server),
56 m_is_datagram(is_datagram),
63 out, app_data_cb, recv_alert_cb, hs_cb, hs_msg_cb)),
64 m_callbacks(*m_compat_callbacks.get()),
65 m_session_manager(session_manager),
68 m_has_been_closed(false)
73void Channel::init(
size_t io_buf_sz)
76 m_write_cipher_states[0] =
nullptr;
77 m_read_cipher_states[0] =
nullptr;
79 m_writebuf.reserve(io_buf_sz);
80 m_readbuf.reserve(io_buf_sz);
83void Channel::reset_state()
85 m_active_state.reset();
86 m_pending_state.reset();
88 m_write_cipher_states.clear();
89 m_read_cipher_states.clear();
96 m_active_state.reset();
97 m_read_cipher_states.clear();
98 m_write_cipher_states.clear();
100 m_write_cipher_states[0] =
nullptr;
101 m_read_cipher_states[0] =
nullptr;
103 if(m_sequence_numbers)
104 m_sequence_numbers->reset();
114 BOTAN_ASSERT(m_sequence_numbers,
"Have a sequence numbers object");
115 return *m_sequence_numbers;
118std::shared_ptr<Connection_Cipher_State> Channel::read_cipher_state_epoch(uint16_t epoch)
const
120 auto i = m_read_cipher_states.find(epoch);
121 if(i == m_read_cipher_states.end())
126std::shared_ptr<Connection_Cipher_State> Channel::write_cipher_state_epoch(uint16_t epoch)
const
128 auto i = m_write_cipher_states.find(epoch);
129 if(i == m_write_cipher_states.end())
130 throw Internal_Error(
"TLS::Channel No write cipherstate for epoch " +
std::to_string(epoch));
136 if(
auto active = active_state())
138 return std::vector<X509_Certificate>();
149 throw Internal_Error(
"create_handshake_state called during handshake");
151 if(
auto active = active_state())
158 "Active state using version " + active_version.
to_string() +
159 " cannot change to " + version.
to_string() +
" in pending");
163 if(!m_sequence_numbers)
171 using namespace std::placeholders;
173 std::unique_ptr<Handshake_IO> io;
177 std::bind(&Channel::send_record_under_epoch,
this, _1, _2, _3),
190 if(
auto active = active_state())
191 m_pending_state->set_version(active->version());
193 return *m_pending_state.get();
199 return m_pending_state->handshake_io().timeout_check();
210 if(
auto active = active_state())
212 if(force_full_renegotiation ==
false)
216 force_full_renegotiation);
219 throw Invalid_State(
"Cannot renegotiate on inactive connection");
224 auto pending = pending_state();
227 "Have received server hello");
229 if(pending->server_hello()->compression_method() != 0)
237 "No read cipher state currently set for next epoch");
240 std::shared_ptr<Connection_Cipher_State> read_state(
244 pending->ciphersuite(),
245 pending->session_keys(),
246 pending->server_hello()->supports_encrypt_then_mac()));
248 m_read_cipher_states[epoch] = read_state;
253 auto pending = pending_state();
256 "Have received server hello");
258 if(pending->server_hello()->compression_method() != 0)
266 "No write cipher state currently set for next epoch");
268 std::shared_ptr<Connection_Cipher_State> write_state(
272 pending->ciphersuite(),
273 pending->session_keys(),
274 pending->server_hello()->supports_encrypt_then_mac()));
276 m_write_cipher_states[epoch] = write_state;
283 return (active_state() !=
nullptr);
288 return m_has_been_closed;
293 std::swap(m_active_state, m_pending_state);
294 m_pending_state.reset();
296 if(!m_active_state->version().is_datagram_protocol())
301 const auto not_current_epoch =
302 [current_epoch](uint16_t epoch) {
return (epoch != current_epoch); };
326 auto get_epoch = [
this](uint16_t epoch) {
return read_cipher_state_epoch(epoch); };
335 m_sequence_numbers.get(),
337 allow_epoch0_restart);
339 const size_t needed = record.
needed();
344 "Record reader consumed sane amount");
347 input_size -= consumed;
350 "Got a full record or consumed all input");
352 if(input_size == 0 && needed != 0)
363 "TLS plaintext record is larger than allowed maximum");
366 const bool epoch0_restart = m_is_datagram && record.
epoch() == 0 && active_state();
369 const bool initial_record = epoch0_restart || (!pending_state() && !active_state());
380 "Received unexpected record version in initial record");
383 else if(
auto pending = pending_state())
385 if(pending->server_hello() !=
nullptr && record.
version() != pending->version())
387 if(record.
version() != pending->version())
390 "Received unexpected record version");
394 else if(
auto active = active_state())
396 if(record.
version() != active->version())
399 "Received unexpected record version");
406 if(m_has_been_closed)
408 process_handshake_ccs(m_record_buf, record.
sequence(), record.
type(), record.
version(), epoch0_restart);
412 if(m_has_been_closed)
414 if(pending_state() !=
nullptr)
416 process_application_data(record.
sequence(), m_record_buf);
420 process_alert(m_record_buf);
425 " from counterparty");
453 uint64_t record_sequence,
463 if(m_sequence_numbers)
471 const uint16_t epoch = record_sequence >> 48;
473 if(epoch == sequence_numbers().current_read_epoch())
477 else if(epoch == sequence_numbers().current_read_epoch() - 1)
480 m_active_state->handshake_io().add_record(record.data(),
500 m_pending_state->handshake_io().add_record(record.data(),
505 while(
auto pending = m_pending_state.get())
507 auto msg = pending->get_next_handshake_msg();
513 msg.first, msg.second, epoch0_restart);
521void Channel::process_application_data(uint64_t seq_no,
const secure_vector<uint8_t>& record)
524 throw Unexpected_Message(
"Application data before handshake done");
529void Channel::process_alert(
const secure_vector<uint8_t>& record)
531 Alert alert_msg(record);
534 m_pending_state.reset();
538 if(alert_msg.is_fatal())
540 if(
auto active = active_state())
541 m_session_manager.
remove_entry(active->server_hello()->session_id());
549 m_has_been_closed =
true;
553void Channel::write_record(Connection_Cipher_State* cipher_state, uint16_t epoch,
554 uint8_t record_type,
const uint8_t input[],
size_t length)
556 BOTAN_ASSERT(m_pending_state || m_active_state,
"Some connection state exists");
558 const Protocol_Version record_version =
559 (m_pending_state) ? (m_pending_state->version()) : (m_active_state->version());
563 if(cipher_state ==
nullptr)
571 input, length, *cipher_state, m_rng);
577void Channel::send_record_array(uint16_t epoch, uint8_t
type,
const uint8_t input[],
size_t length)
595 auto cipher_state = write_cipher_state_epoch(epoch);
601 write_record(cipher_state.get(), epoch,
type, input, 1);
606 write_record(cipher_state.get(), epoch,
type, input, sending);
617 write_record(cipher_state.get(), epoch,
type, input, sending);
625void Channel::send_record(uint8_t record_type,
const std::vector<uint8_t>& record)
627 send_record_array(sequence_numbers().current_write_epoch(),
628 record_type, record.data(), record.size());
631void Channel::send_record_under_epoch(uint16_t epoch, uint8_t record_type,
632 const std::vector<uint8_t>& record)
634 send_record_array(epoch, record_type, record.data(), record.size());
640 throw Invalid_State(
"Data cannot be sent on inactive TLS connection");
642 send_record_array(sequence_numbers().current_write_epoch(),
663 m_pending_state.reset();
667 if(
auto active = active_state())
669 m_session_manager.
remove_entry(active->server_hello()->session_id());
676 m_has_been_closed =
true;
684 if(
auto active = active_state())
686 const bool active_sr = active->client_hello()->secure_renegotiation();
688 if(active_sr != secure_renegotiation)
690 "Client changed its mind about secure renegotiation");
693 if(secure_renegotiation)
699 "Client sent bad values for secure renegotiation");
707 if(
auto active = active_state())
709 const bool active_sr = active->server_hello()->secure_renegotiation();
711 if(active_sr != secure_renegotiation)
713 "Server changed its mind about secure renegotiation");
716 if(secure_renegotiation)
722 "Server sent bad values for secure renegotiation");
728 if(
auto active = active_state())
729 return active->client_finished()->verify_data();
730 return std::vector<uint8_t>();
735 if(
auto active = active_state())
737 std::vector<uint8_t> buf = active->client_finished()->verify_data();
738 buf += active->server_finished()->verify_data();
742 return std::vector<uint8_t>();
747 if(
auto active = active_state())
748 return active->server_hello()->secure_renegotiation();
750 if(
auto pending = pending_state())
751 if(
auto hello = pending->server_hello())
752 return hello->secure_renegotiation();
758 const std::string& context,
761 if(
auto active = active_state())
763 if(pending_state() !=
nullptr)
764 throw Invalid_State(
"Channel::key_material_export cannot export during renegotiation");
766 std::unique_ptr<KDF> prf(active->protocol_specific_prf());
769 active->session_keys().master_secret();
771 std::vector<uint8_t> salt;
772 salt += active->client_hello()->random();
773 salt += active->server_hello()->random();
777 size_t context_size = context.length();
778 if(context_size > 0xFFFF)
780 salt.push_back(
get_byte(0,
static_cast<uint16_t
>(context_size)));
781 salt.push_back(
get_byte(1,
static_cast<uint16_t
>(context_size)));
785 return prf->derive_key(length, master_secret, salt,
to_byte_vector(label));
789 throw Invalid_State(
"Channel::key_material_export connection not active");
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_ASSERT_IMPLICATION(expr1, expr2, msg)
#define BOTAN_ASSERT(expr, assertion_made)
std::vector< uint8_t > serialize() const
virtual void tls_emit_data(const uint8_t data[], size_t size)=0
virtual void tls_session_activated()
virtual bool tls_session_established(const Session &session)=0
virtual void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size)=0
virtual void tls_alert(Alert alert)=0
void renegotiate(bool force_full_renegotiation=false)
std::vector< X509_Certificate > peer_cert_chain() const
bool secure_renegotiation_supported() const
virtual Handshake_State * new_handshake_state(class Handshake_IO *io)=0
virtual std::vector< X509_Certificate > get_peer_cert_chain(const Handshake_State &state) const =0
Handshake_State & create_handshake_state(Protocol_Version version)
void send(const uint8_t buf[], size_t buf_size)
Channel(Callbacks &callbacks, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_server, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE)
void send_warning_alert(Alert::Type type)
Callbacks & callbacks() const
virtual void initiate_handshake(Handshake_State &state, bool force_full_renegotiation)=0
std::vector< uint8_t > secure_renegotiation_data_for_client_hello() const
std::vector< uint8_t > secure_renegotiation_data_for_server_hello() const
bool save_session(const Session &session)
void send_alert(const Alert &alert)
std::function< bool(const Session &)> handshake_cb
virtual void process_handshake_msg(const Handshake_State *active_state, Handshake_State &pending_state, Handshake_Type type, const std::vector< uint8_t > &contents, bool epoch0_restart)=0
void change_cipher_spec_writer(Connection_Side side)
size_t received_data(const uint8_t buf[], size_t buf_size)
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
std::function< void(const Handshake_Message &)> handshake_msg_cb
void send_fatal_alert(Alert::Type type)
const Policy & policy() const
void reset_active_association_state()
void change_cipher_spec_reader(Connection_Side side)
std::function< void(const uint8_t[], size_t)> output_fn
static size_t IO_BUF_DEFAULT_SIZE
void secure_renegotiation_check(const Client_Hello *client_hello)
SymmetricKey key_material_export(const std::string &label, const std::string &context, size_t length) const
std::function< void(const uint8_t[], size_t)> data_cb
std::vector< uint8_t > renegotiation_info() const
bool secure_renegotiation() const
virtual uint16_t current_read_epoch() const =0
virtual void read_accept(uint64_t seq)=0
virtual uint16_t current_write_epoch() const =0
virtual void new_read_cipher_state()=0
virtual void new_write_cipher_state()=0
virtual uint64_t next_write_sequence(uint16_t)=0
virtual size_t dtls_maximum_timeout() const
virtual size_t dtls_default_mtu() const
virtual bool allow_dtls_epoch0_restart() const
virtual size_t dtls_initial_timeout() const
virtual bool allow_resumption_for_renegotiation() const
std::string to_string() const
uint8_t major_version() const
bool is_datagram_protocol() const
std::vector< uint8_t > renegotiation_info() const
bool secure_renegotiation() const
virtual void remove_entry(const std::vector< uint8_t > &session_id)=0
std::string to_string(const BER_Object &obj)
void write_record(secure_vector< uint8_t > &output, uint8_t record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len, Connection_Cipher_State &cs, RandomNumberGenerator &rng)
void write_unencrypted_record(secure_vector< uint8_t > &output, uint8_t record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len)
Record_Header read_record(bool is_datagram, secure_vector< uint8_t > &readbuf, const uint8_t input[], size_t input_len, size_t &consumed, secure_vector< uint8_t > &recbuf, Connection_Sequence_Numbers *sequence_numbers, get_cipherstate_fn get_cipherstate, bool allow_epoch0_restart)
void map_remove_if(Pred pred, T &assoc)
constexpr uint8_t get_byte(size_t byte_num, T input)
std::vector< uint8_t > to_byte_vector(const std::string &s)
std::vector< T, secure_allocator< T > > secure_vector
const uint8_t * cast_char_ptr_to_uint8(const char *s)