Botan 3.1.1
Crypto and TLS for C&
tls_channel_impl_12.cpp
Go to the documentation of this file.
1/*
2* TLS Channels
3* (C) 2011,2012,2014,2015,2016 Jack Lloyd
4* 2016 Matthias Gierlings
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/tls_channel_impl_12.h>
10
11#include <botan/kdf.h>
12#include <botan/tls_messages.h>
13#include <botan/tls_policy.h>
14#include <botan/x509cert.h>
15#include <botan/internal/loadstor.h>
16#include <botan/internal/stl_util.h>
17#include <botan/internal/tls_handshake_state.h>
18#include <botan/internal/tls_record.h>
19#include <botan/internal/tls_seq_numbers.h>
20
21namespace Botan::TLS {
22
23Channel_Impl_12::Channel_Impl_12(const std::shared_ptr<Callbacks>& callbacks,
24 const std::shared_ptr<Session_Manager>& session_manager,
25 const std::shared_ptr<RandomNumberGenerator>& rng,
26 const std::shared_ptr<const Policy>& policy,
27 bool is_server,
28 bool is_datagram,
29 size_t reserved_io_buffer_size) :
30 m_is_server(is_server),
31 m_is_datagram(is_datagram),
32 m_callbacks(callbacks),
33 m_session_manager(session_manager),
34 m_policy(policy),
35 m_rng(rng),
36 m_has_been_closed(false) {
37 BOTAN_ASSERT_NONNULL(m_callbacks);
38 BOTAN_ASSERT_NONNULL(m_session_manager);
40 BOTAN_ASSERT_NONNULL(m_policy);
41
42 /* epoch 0 is plaintext, thus null cipher state */
43 m_write_cipher_states[0] = nullptr;
44 m_read_cipher_states[0] = nullptr;
45
46 m_writebuf.reserve(reserved_io_buffer_size);
47 m_readbuf.reserve(reserved_io_buffer_size);
48}
49
50void Channel_Impl_12::reset_state() {
51 m_active_state.reset();
52 m_pending_state.reset();
53 m_readbuf.clear();
54 m_write_cipher_states.clear();
55 m_read_cipher_states.clear();
56}
57
59 // This operation only makes sense for DTLS
60 BOTAN_ASSERT_NOMSG(m_is_datagram);
61 m_active_state.reset();
62 m_read_cipher_states.clear();
63 m_write_cipher_states.clear();
64
65 m_write_cipher_states[0] = nullptr;
66 m_read_cipher_states[0] = nullptr;
67
68 if(m_sequence_numbers) {
69 m_sequence_numbers->reset();
70 }
71}
72
74
75Connection_Sequence_Numbers& Channel_Impl_12::sequence_numbers() const {
76 BOTAN_ASSERT(m_sequence_numbers, "Have a sequence numbers object");
77 return *m_sequence_numbers;
78}
79
80std::shared_ptr<Connection_Cipher_State> Channel_Impl_12::read_cipher_state_epoch(uint16_t epoch) const {
81 auto i = m_read_cipher_states.find(epoch);
82 if(i == m_read_cipher_states.end()) {
83 throw Internal_Error("TLS::Channel_Impl_12 No read cipherstate for epoch " + std::to_string(epoch));
84 }
85 return i->second;
86}
87
88std::shared_ptr<Connection_Cipher_State> Channel_Impl_12::write_cipher_state_epoch(uint16_t epoch) const {
89 auto i = m_write_cipher_states.find(epoch);
90 if(i == m_write_cipher_states.end()) {
91 throw Internal_Error("TLS::Channel_Impl_12 No write cipherstate for epoch " + std::to_string(epoch));
92 }
93 return i->second;
94}
95
96std::vector<X509_Certificate> Channel_Impl_12::peer_cert_chain() const {
97 if(auto active = active_state()) {
98 return get_peer_cert_chain(*active);
99 }
100 return std::vector<X509_Certificate>();
101}
102
104 if(pending_state()) {
105 throw Internal_Error("create_handshake_state called during handshake");
106 }
107
108 if(auto active = active_state()) {
109 Protocol_Version active_version = active->version();
110
111 if(active_version.is_datagram_protocol() != version.is_datagram_protocol()) {
112 throw TLS_Exception(Alert::ProtocolVersion,
113 "Active state using version " + active_version.to_string() + " cannot change to " +
114 version.to_string() + " in pending");
115 }
116 }
117
118 if(!m_sequence_numbers) {
119 if(version.is_datagram_protocol()) {
120 m_sequence_numbers = std::make_unique<Datagram_Sequence_Numbers>();
121 } else {
122 m_sequence_numbers = std::make_unique<Stream_Sequence_Numbers>();
123 }
124 }
125
126 using namespace std::placeholders;
127
128 std::unique_ptr<Handshake_IO> io;
129 if(version.is_datagram_protocol()) {
130 io =
131 std::make_unique<Datagram_Handshake_IO>(std::bind(&Channel_Impl_12::send_record_under_epoch, this, _1, _2, _3),
132 sequence_numbers(),
133 static_cast<uint16_t>(policy().dtls_default_mtu()),
134 policy().dtls_initial_timeout(),
135 policy().dtls_maximum_timeout());
136 } else {
137 io = std::make_unique<Stream_Handshake_IO>(std::bind(&Channel_Impl_12::send_record, this, _1, _2));
138 }
139
140 m_pending_state = new_handshake_state(std::move(io));
141
142 if(auto active = active_state()) {
143 m_pending_state->set_version(active->version());
144 }
145
146 return *m_pending_state;
147}
148
150 if(m_pending_state) {
151 return m_pending_state->handshake_io().timeout_check();
152 }
153
154 //FIXME: scan cipher suites and remove epochs older than 2*MSL
155 return false;
156}
157
158void Channel_Impl_12::renegotiate(bool force_full_renegotiation) {
159 if(pending_state()) { // currently in handshake?
160 return;
161 }
162
163 if(auto active = active_state()) {
164 if(force_full_renegotiation == false) {
165 force_full_renegotiation = !policy().allow_resumption_for_renegotiation();
166 }
167
168 initiate_handshake(create_handshake_state(active->version()), force_full_renegotiation);
169 } else {
170 throw Invalid_State("Cannot renegotiate on inactive connection");
171 }
172}
173
175 throw Invalid_Argument("cannot update traffic keys on a TLS 1.2 channel");
176}
177
179 auto pending = pending_state();
180
181 BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello");
182
183 if(pending->server_hello()->compression_method() != 0) {
184 throw Internal_Error("Negotiated unknown compression algorithm");
185 }
186
187 sequence_numbers().new_read_cipher_state();
188
189 const uint16_t epoch = sequence_numbers().current_read_epoch();
190
191 BOTAN_ASSERT(!m_read_cipher_states.contains(epoch), "No read cipher state currently set for next epoch");
192
193 // flip side as we are reading
194 std::shared_ptr<Connection_Cipher_State> read_state(
195 new Connection_Cipher_State(pending->version(),
197 false,
198 pending->ciphersuite(),
199 pending->session_keys(),
200 pending->server_hello()->supports_encrypt_then_mac()));
201
202 m_read_cipher_states[epoch] = read_state;
203}
204
206 auto pending = pending_state();
207
208 BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello");
209
210 if(pending->server_hello()->compression_method() != 0) {
211 throw Internal_Error("Negotiated unknown compression algorithm");
212 }
213
214 sequence_numbers().new_write_cipher_state();
215
216 const uint16_t epoch = sequence_numbers().current_write_epoch();
217
218 BOTAN_ASSERT(!m_write_cipher_states.contains(epoch), "No write cipher state currently set for next epoch");
219
220 std::shared_ptr<Connection_Cipher_State> write_state(
221 new Connection_Cipher_State(pending->version(),
222 side,
223 true,
224 pending->ciphersuite(),
225 pending->session_keys(),
226 pending->server_hello()->supports_encrypt_then_mac()));
227
228 m_write_cipher_states[epoch] = write_state;
229}
230
232 if(is_closed()) {
233 return false;
234 }
235 return (active_state() != nullptr);
236}
237
239 return m_has_been_closed;
240}
241
243 std::swap(m_active_state, m_pending_state);
244 m_pending_state.reset();
245
246 if(!m_active_state->version().is_datagram_protocol()) {
247 // TLS is easy just remove all but the current state
248 const uint16_t current_epoch = sequence_numbers().current_write_epoch();
249
250 const auto not_current_epoch = [current_epoch](uint16_t epoch) { return (epoch != current_epoch); };
251
252 map_remove_if(not_current_epoch, m_write_cipher_states);
253 map_remove_if(not_current_epoch, m_read_cipher_states);
254 }
255
257}
258
259size_t Channel_Impl_12::from_peer(std::span<const uint8_t> data) {
260 const bool allow_epoch0_restart = m_is_datagram && m_is_server && policy().allow_dtls_epoch0_restart();
261
262 auto input = data.data();
263 auto input_size = data.size();
264
265 try {
266 while(input_size) {
267 size_t consumed = 0;
268
269 auto get_epoch = [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); };
270
271 const Record_Header record = read_record(m_is_datagram,
272 m_readbuf,
273 input,
274 input_size,
275 consumed,
276 m_record_buf,
277 m_sequence_numbers.get(),
278 get_epoch,
279 allow_epoch0_restart);
280
281 const size_t needed = record.needed();
282
283 BOTAN_ASSERT(consumed > 0, "Got to eat something");
284
285 BOTAN_ASSERT(consumed <= input_size, "Record reader consumed sane amount");
286
287 input += consumed;
288 input_size -= consumed;
289
290 BOTAN_ASSERT(input_size == 0 || needed == 0, "Got a full record or consumed all input");
291
292 if(input_size == 0 && needed != 0) {
293 return needed; // need more data to complete record
294 }
295
296 // Ignore invalid records in DTLS
297 if(m_is_datagram && record.type() == Record_Type::Invalid) {
298 return 0;
299 }
300
301 if(m_record_buf.size() > MAX_PLAINTEXT_SIZE) {
302 throw TLS_Exception(Alert::RecordOverflow, "TLS plaintext record is larger than allowed maximum");
303 }
304
305 const bool epoch0_restart = m_is_datagram && record.epoch() == 0 && active_state();
306 BOTAN_ASSERT_IMPLICATION(epoch0_restart, allow_epoch0_restart, "Allowed state");
307
308 const bool initial_record = epoch0_restart || (!pending_state() && !active_state());
309
310 if(record.type() != Record_Type::Alert) {
311 if(initial_record) {
312 // For initial records just check for basic sanity
313 if(record.version().major_version() != 3 && record.version().major_version() != 0xFE) {
314 throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version in initial record");
315 }
316 } else if(auto pending = pending_state()) {
317 if(pending->server_hello() != nullptr && record.version() != pending->version()) {
318 throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version");
319 }
320 } else if(auto active = active_state()) {
321 if(record.version() != active->version()) {
322 throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version");
323 }
324 }
325 }
326
327 if(record.type() == Record_Type::Handshake || record.type() == Record_Type::ChangeCipherSpec) {
328 if(m_has_been_closed) {
329 throw TLS_Exception(Alert::UnexpectedMessage, "Received handshake data after connection closure");
330 }
331 process_handshake_ccs(m_record_buf, record.sequence(), record.type(), record.version(), epoch0_restart);
332 } else if(record.type() == Record_Type::ApplicationData) {
333 if(m_has_been_closed) {
334 throw TLS_Exception(Alert::UnexpectedMessage, "Received application data after connection closure");
335 }
336 if(pending_state() != nullptr) {
337 throw TLS_Exception(Alert::UnexpectedMessage, "Can't interleave application and handshake data");
338 }
339 process_application_data(record.sequence(), m_record_buf);
340 } else if(record.type() == Record_Type::Alert) {
341 process_alert(m_record_buf);
342 } else if(record.type() != Record_Type::Invalid) {
343 throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast<size_t>(record.type())) +
344 " from counterparty");
345 }
346 }
347
348 return 0; // on a record boundary
349 } catch(TLS_Exception& e) {
351 throw;
353 send_fatal_alert(Alert::BadRecordMac);
354 throw;
355 } catch(Decoding_Error&) {
356 send_fatal_alert(Alert::DecodeError);
357 throw;
358 } catch(...) {
359 send_fatal_alert(Alert::InternalError);
360 throw;
361 }
362}
363
364void Channel_Impl_12::process_handshake_ccs(const secure_vector<uint8_t>& record,
365 uint64_t record_sequence,
366 Record_Type record_type,
367 Protocol_Version record_version,
368 bool epoch0_restart) {
369 if(!m_pending_state) {
370 // No pending handshake, possibly new:
371 if(record_version.is_datagram_protocol() && !epoch0_restart) {
372 if(m_sequence_numbers) {
373 /*
374 * Might be a peer retransmit under epoch - 1 in which
375 * case we must retransmit last flight
376 */
377 sequence_numbers().read_accept(record_sequence);
378
379 const uint16_t epoch = record_sequence >> 48;
380
381 if(epoch == sequence_numbers().current_read_epoch()) {
382 create_handshake_state(record_version);
383 } else if(epoch == sequence_numbers().current_read_epoch() - 1) {
384 BOTAN_ASSERT(m_active_state, "Have active state here");
385 m_active_state->handshake_io().add_record(record.data(), record.size(), record_type, record_sequence);
386 }
387 } else {
388 create_handshake_state(record_version);
389 }
390 } else {
391 create_handshake_state(record_version);
392 }
393 }
394
395 // May have been created in above conditional
396 if(m_pending_state) {
397 m_pending_state->handshake_io().add_record(record.data(), record.size(), record_type, record_sequence);
398
399 while(auto pending = m_pending_state.get()) {
400 auto msg = pending->get_next_handshake_msg();
401
402 if(msg.first == Handshake_Type::None) { // no full handshake yet
403 break;
404 }
405
406 process_handshake_msg(active_state(), *pending, msg.first, msg.second, epoch0_restart);
407
408 if(!m_pending_state) {
409 break;
410 }
411 }
412 }
413}
414
415void Channel_Impl_12::process_application_data(uint64_t seq_no, const secure_vector<uint8_t>& record) {
416 if(!active_state()) {
417 throw Unexpected_Message("Application data before handshake done");
418 }
419
420 callbacks().tls_record_received(seq_no, record);
421}
422
423void Channel_Impl_12::process_alert(const secure_vector<uint8_t>& record) {
424 Alert alert_msg(record);
425
426 if(alert_msg.type() == Alert::NoRenegotiation) {
427 m_pending_state.reset();
428 }
429
430 callbacks().tls_alert(alert_msg);
431
432 if(alert_msg.is_fatal()) {
433 if(auto active = active_state()) {
434 const auto& session_id = active->server_hello()->session_id();
435 if(!session_id.empty()) {
436 session_manager().remove(session_id);
437 }
438 }
439 }
440
441 if(alert_msg.type() == Alert::CloseNotify) {
442 // TLS 1.2 requires us to immediately react with our "close_notify",
443 // the return value of the application's callback has no effect on that.
445 send_warning_alert(Alert::CloseNotify); // reply in kind
446 }
447
448 if(alert_msg.type() == Alert::CloseNotify || alert_msg.is_fatal()) {
449 m_has_been_closed = true;
450 }
451}
452
453void Channel_Impl_12::write_record(Connection_Cipher_State* cipher_state,
454 uint16_t epoch,
455 Record_Type record_type,
456 const uint8_t input[],
457 size_t length) {
458 BOTAN_ASSERT(m_pending_state || m_active_state, "Some connection state exists");
459
460 const Protocol_Version record_version =
461 (m_pending_state) ? (m_pending_state->version()) : (m_active_state->version());
462
463 const uint64_t next_seq = sequence_numbers().next_write_sequence(epoch);
464
465 if(cipher_state == nullptr) {
466 TLS::write_unencrypted_record(m_writebuf, record_type, record_version, next_seq, input, length);
467 } else {
468 TLS::write_record(m_writebuf, record_type, record_version, next_seq, input, length, *cipher_state, rng());
469 }
470
471 callbacks().tls_emit_data(m_writebuf);
472}
473
474void Channel_Impl_12::send_record_array(uint16_t epoch, Record_Type type, const uint8_t input[], size_t length) {
475 if(length == 0) {
476 return;
477 }
478
479 auto cipher_state = write_cipher_state_epoch(epoch);
480
481 while(length) {
482 const size_t sending = std::min<size_t>(length, MAX_PLAINTEXT_SIZE);
483 write_record(cipher_state.get(), epoch, type, input, sending);
484
485 input += sending;
486 length -= sending;
487 }
488}
489
490void Channel_Impl_12::send_record(Record_Type record_type, const std::vector<uint8_t>& record) {
491 send_record_array(sequence_numbers().current_write_epoch(), record_type, record.data(), record.size());
492}
493
494void Channel_Impl_12::send_record_under_epoch(uint16_t epoch,
495 Record_Type record_type,
496 const std::vector<uint8_t>& record) {
497 send_record_array(epoch, record_type, record.data(), record.size());
498}
499
500void Channel_Impl_12::to_peer(std::span<const uint8_t> data) {
501 if(!is_active()) {
502 throw Invalid_State("Data cannot be sent on inactive TLS connection");
503 }
504
505 send_record_array(sequence_numbers().current_write_epoch(), Record_Type::ApplicationData, data.data(), data.size());
506}
507
509 const bool ready_to_send_anything = !is_closed() && m_sequence_numbers;
510 if(alert.is_valid() && ready_to_send_anything) {
511 try {
512 send_record(Record_Type::Alert, alert.serialize());
513 } catch(...) { /* swallow it */
514 }
515 }
516
517 if(alert.type() == Alert::NoRenegotiation) {
518 m_pending_state.reset();
519 }
520
521 if(alert.is_fatal()) {
522 if(auto active = active_state()) {
523 const auto& session_id = active->server_hello()->session_id();
524 if(!session_id.empty()) {
525 session_manager().remove(Session_ID(session_id));
526 }
527 }
528 reset_state();
529 }
530
531 if(alert.type() == Alert::CloseNotify || alert.is_fatal()) {
532 m_has_been_closed = true;
533 }
534}
535
537 const bool secure_renegotiation = client_hello->secure_renegotiation();
538
539 if(auto active = active_state()) {
540 const bool active_sr = active->client_hello()->secure_renegotiation();
541
542 if(active_sr != secure_renegotiation) {
543 throw TLS_Exception(Alert::HandshakeFailure, "Client changed its mind about secure renegotiation");
544 }
545 }
546
547 if(secure_renegotiation) {
548 const std::vector<uint8_t>& data = client_hello->renegotiation_info();
549
551 throw TLS_Exception(Alert::HandshakeFailure, "Client sent bad values for secure renegotiation");
552 }
553 }
554}
555
557 const bool secure_renegotiation = server_hello->secure_renegotiation();
558
559 if(auto active = active_state()) {
560 const bool active_sr = active->server_hello()->secure_renegotiation();
561
562 if(active_sr != secure_renegotiation) {
563 throw TLS_Exception(Alert::HandshakeFailure, "Server changed its mind about secure renegotiation");
564 }
565 }
566
567 if(secure_renegotiation) {
568 const std::vector<uint8_t>& data = server_hello->renegotiation_info();
569
571 throw TLS_Exception(Alert::HandshakeFailure, "Server sent bad values for secure renegotiation");
572 }
573 }
574}
575
577 if(auto active = active_state()) {
578 return active->client_finished()->verify_data();
579 }
580 return std::vector<uint8_t>();
581}
582
584 if(auto active = active_state()) {
585 std::vector<uint8_t> buf = active->client_finished()->verify_data();
586 buf += active->server_finished()->verify_data();
587 return buf;
588 }
589
590 return std::vector<uint8_t>();
591}
592
594 if(auto active = active_state()) {
595 return active->server_hello()->secure_renegotiation();
596 }
597
598 if(auto pending = pending_state()) {
599 if(auto hello = pending->server_hello()) {
600 return hello->secure_renegotiation();
601 }
602 }
603
604 return false;
605}
606
608 std::string_view context,
609 size_t length) const {
610 if(auto active = active_state()) {
611 if(pending_state() != nullptr) {
612 throw Invalid_State("Channel_Impl_12::key_material_export cannot export during renegotiation");
613 }
614
615 auto prf = active->protocol_specific_prf();
616
617 const secure_vector<uint8_t>& master_secret = active->session_keys().master_secret();
618
619 std::vector<uint8_t> salt;
620 salt += active->client_hello()->random();
621 salt += active->server_hello()->random();
622
623 if(!context.empty()) {
624 size_t context_size = context.length();
625 if(context_size > 0xFFFF) {
626 throw Invalid_Argument("key_material_export context is too long");
627 }
628 salt.push_back(get_byte<0>(static_cast<uint16_t>(context_size)));
629 salt.push_back(get_byte<1>(static_cast<uint16_t>(context_size)));
630 salt += to_byte_vector(context);
631 }
632
633 return SymmetricKey(prf->derive_key(length, master_secret, salt, to_byte_vector(label)));
634 } else {
635 throw Invalid_State("Channel_Impl_12::key_material_export connection not active");
636 }
637}
638
639} // namespace Botan::TLS
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:59
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:86
#define BOTAN_ASSERT_IMPLICATION(expr1, expr2, msg)
Definition: assert.h:77
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:50
bool is_valid() const
Definition: tls_alert.h:79
std::vector< uint8_t > serialize() const
Definition: tls_alert.cpp:32
bool is_fatal() const
Definition: tls_alert.h:90
Type type() const
Definition: tls_alert.h:95
virtual void tls_session_activated()
Definition: tls_callbacks.h:93
virtual void tls_record_received(uint64_t seq_no, std::span< const uint8_t > data)=0
virtual void tls_alert(Alert alert)=0
virtual bool tls_peer_closed_connection()
virtual void tls_emit_data(std::span< const uint8_t > data)=0
RandomNumberGenerator & rng()
virtual std::vector< X509_Certificate > get_peer_cert_chain(const Handshake_State &state) const =0
void change_cipher_spec_reader(Connection_Side side)
void update_traffic_keys(bool request_peer_update=false) override
Handshake_State & create_handshake_state(Protocol_Version version)
std::vector< uint8_t > secure_renegotiation_data_for_server_hello() const
size_t from_peer(std::span< const uint8_t > data) override
void secure_renegotiation_check(const Client_Hello_12 *client_hello)
Session_Manager & session_manager()
const Policy & policy() const
void send_alert(const Alert &alert) override
virtual void initiate_handshake(Handshake_State &state, bool force_full_renegotiation)=0
std::vector< X509_Certificate > peer_cert_chain() const override
void to_peer(std::span< const uint8_t > data) override
void change_cipher_spec_writer(Connection_Side side)
std::vector< uint8_t > secure_renegotiation_data_for_client_hello() const
virtual std::unique_ptr< Handshake_State > new_handshake_state(std::unique_ptr< class Handshake_IO > io)=0
Channel_Impl_12(const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< RandomNumberGenerator > &rng, const std::shared_ptr< const Policy > &policy, bool is_server, bool is_datagram, size_t io_buf_sz=TLS::Channel::IO_BUF_DEFAULT_SIZE)
SymmetricKey key_material_export(std::string_view label, std::string_view context, size_t length) const override
virtual void process_handshake_msg(const Handshake_State *active_state, Handshake_State &pending_state, Handshake_Type type, const std::vector< uint8_t > &contents, bool epoch0_restart)=0
bool secure_renegotiation_supported() const override
void renegotiate(bool force_full_renegotiation=false) override
void send_warning_alert(Alert::Type type)
void send_fatal_alert(Alert::Type type)
std::vector< uint8_t > renegotiation_info() const
virtual uint16_t current_read_epoch() const =0
virtual void read_accept(uint64_t seq)=0
virtual uint16_t current_write_epoch() const =0
virtual uint64_t next_write_sequence(uint16_t)=0
virtual bool allow_dtls_epoch0_restart() const
Definition: tls_policy.cpp:390
virtual bool allow_resumption_for_renegotiation() const
Definition: tls_policy.cpp:362
std::string to_string() const
Definition: tls_version.cpp:16
uint8_t major_version() const
Definition: tls_version.h:80
Protocol_Version version() const
Definition: tls_record.h:82
Record_Type type() const
Definition: tls_record.h:94
uint64_t sequence() const
Definition: tls_record.h:87
size_t needed() const
Definition: tls_record.h:80
uint16_t epoch() const
Definition: tls_record.h:92
std::vector< uint8_t > renegotiation_info() const
virtual size_t remove(const Session_Handle &handle)=0
Alert::Type type() const
Definition: tls_exceptn.h:23
Record_Header read_record(bool is_datagram, secure_vector< uint8_t > &readbuf, const uint8_t input[], size_t input_len, size_t &consumed, secure_vector< uint8_t > &recbuf, Connection_Sequence_Numbers *sequence_numbers, const get_cipherstate_fn &get_cipherstate, bool allow_epoch0_restart)
Definition: tls_record.cpp:491
@ MAX_PLAINTEXT_SIZE
Definition: tls_magic.h:32
void write_unencrypted_record(secure_vector< uint8_t > &output, Record_Type record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len)
Definition: tls_record.cpp:186
void write_record(secure_vector< uint8_t > &output, Record_Type record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len, Connection_Cipher_State &cs, RandomNumberGenerator &rng)
Definition: tls_record.cpp:200
Strong< std::vector< uint8_t >, struct Session_ID_ > Session_ID
holds a TLS 1.2 session ID for stateful resumption
Definition: tls_session.h:34
void map_remove_if(Pred pred, T &assoc)
Definition: stl_util.h:101
std::vector< uint8_t > to_byte_vector(std::string_view s)
Definition: stl_util.h:26
OctetString SymmetricKey
Definition: symkey.h:141
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:61