Botan 3.11.0
Crypto and TLS for C&
tls_handshake_layer_13.cpp
Go to the documentation of this file.
1/*
2* TLS handshake state (machine) implementation for TLS 1.3
3* (C) 2022 Jack Lloyd
4* 2022 Hannes Rantzsch, René Meusel - neXenio GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/tls_handshake_layer_13.h>
10
11#include <botan/tls_alert.h>
12#include <botan/tls_exceptn.h>
13#include <botan/internal/concat_util.h>
14#include <botan/internal/stl_util.h>
15#include <botan/internal/tls_reader.h>
16#include <botan/internal/tls_transcript_hash_13.h>
17
18namespace Botan::TLS {
19
20void Handshake_Layer::copy_data(std::span<const uint8_t> data_from_peer) {
21 m_read_buffer.insert(m_read_buffer.end(), data_from_peer.begin(), data_from_peer.end());
22}
23
24namespace {
25
26constexpr size_t HEADER_LENGTH = 4;
27
28template <typename Msg_Type>
29Handshake_Type handshake_type_from_byte(uint8_t byte_value) {
30 const auto type = static_cast<Handshake_Type>(byte_value);
31
32 if constexpr(std::is_same_v<Msg_Type, Handshake_Message_13>) {
33 switch(type) {
34 case Handshake_Type::ClientHello:
35 case Handshake_Type::ServerHello:
36 // case Handshake_Type::EndOfEarlyData: // NYI: needs PSK/resumption support -- won't be offered in Client Hello for now
37 case Handshake_Type::EncryptedExtensions:
38 case Handshake_Type::Certificate:
39 case Handshake_Type::CertificateRequest:
40 case Handshake_Type::CertificateVerify:
41 case Handshake_Type::Finished:
42 return type;
43 default:
44 throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown handshake message received");
45 }
46 } else {
47 switch(type) {
48 case Handshake_Type::NewSessionTicket:
49 case Handshake_Type::KeyUpdate:
50 // case Handshake_Type::CertificateRequest: // NYI: post-handshake client auth (RFC 8446 4.6.2) -- won't be offered in Client Hello for now
51 return type;
52 default:
53 throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown post-handshake message received");
54 }
55 }
56}
57
58template <typename Msg_Type>
59std::optional<Msg_Type> parse_message(TLS::TLS_Data_Reader& reader,
60 const Policy& policy,
61 const Connection_Side peer_side,
62 const Certificate_Type cert_type) {
63 // read the message header
64 if(reader.remaining_bytes() < HEADER_LENGTH) {
65 return std::nullopt;
66 }
67
68 const Handshake_Type type = handshake_type_from_byte<Msg_Type>(reader.get_byte());
69
70 // make sure we have received the full message
71 const size_t msg_len = reader.get_uint24_t();
72 if(reader.remaining_bytes() < msg_len) {
73 return std::nullopt;
74 }
75
76 // create the message
77 const auto msg = reader.get_fixed<uint8_t>(msg_len);
78 if constexpr(std::is_same_v<Msg_Type, Handshake_Message_13>) {
79 switch(type) {
80 // Client Hello and Server Hello messages are ambiguous. Both may come
81 // from non-TLS 1.3 peers. Hence, their parsing is somewhat different.
82 case Handshake_Type::ClientHello:
83 // ... might be TLS 1.2 Client Hello or TLS 1.3 Client Hello
84 return generalize_to<Handshake_Message_13>(Client_Hello_13::parse(msg));
85 case Handshake_Type::ServerHello:
86 // ... might be TLS 1.2 Server Hello or TLS 1.3 Server Hello or
87 // a TLS 1.3 Hello Retry Request disguising as a Server Hello
88 return generalize_to<Handshake_Message_13>(Server_Hello_13::parse(msg));
89 // case Handshake_Type::EndOfEarlyData:
90 // return End_Of_Early_Data(msg);
91 case Handshake_Type::EncryptedExtensions:
92 return Encrypted_Extensions(msg);
93 case Handshake_Type::Certificate:
94 return Certificate_13(msg, policy, peer_side, cert_type);
95 case Handshake_Type::CertificateRequest:
96 return Certificate_Request_13(msg, peer_side);
97 case Handshake_Type::CertificateVerify:
98 return Certificate_Verify_13(msg, peer_side);
99 case Handshake_Type::Finished:
100 return Finished_13(msg);
101 default:
102 BOTAN_ASSERT(false, "cannot be reached"); // make sure to update handshake_type_from_byte
103 }
104 } else {
105 BOTAN_UNUSED(peer_side);
106
107 switch(type) {
108 case Handshake_Type::NewSessionTicket:
109 return New_Session_Ticket_13(msg, peer_side);
110 case Handshake_Type::KeyUpdate:
111 return Key_Update(msg);
112 default:
113 BOTAN_ASSERT(false, "cannot be reached"); // make sure to update handshake_type_from_byte
114 }
115 }
116}
117
118} // namespace
119
120std::optional<Handshake_Message_13> Handshake_Layer::next_message(const Policy& policy,
121 Transcript_Hash_State& transcript_hash) {
122 TLS::TLS_Data_Reader reader("handshake message", m_read_buffer);
123
124 auto msg = parse_message<Handshake_Message_13>(reader, policy, m_peer, m_certificate_type);
125 if(msg.has_value()) {
126 BOTAN_ASSERT_NOMSG(m_read_buffer.size() >= reader.read_so_far());
127 transcript_hash.update(std::span{m_read_buffer.data(), reader.read_so_far()});
128 m_read_buffer.erase(m_read_buffer.cbegin(), m_read_buffer.cbegin() + reader.read_so_far());
129 }
130
131 return msg;
132}
133
134std::optional<Post_Handshake_Message_13> Handshake_Layer::next_post_handshake_message(const Policy& policy) {
135 TLS::TLS_Data_Reader reader("post handshake message", m_read_buffer);
136
137 auto msg = parse_message<Post_Handshake_Message_13>(reader, policy, m_peer, m_certificate_type);
138 if(msg.has_value()) {
139 m_read_buffer.erase(m_read_buffer.cbegin(), m_read_buffer.cbegin() + reader.read_so_far());
140 }
141
142 return msg;
143}
144
145namespace {
146
147template <typename T>
148const T& get(const std::reference_wrapper<T>& v) {
149 return v.get();
150}
151
152template <typename T>
153const T& get(const T& v) {
154 // NOLINTNEXTLINE(bugprone-return-const-ref-from-parameter)
155 return v;
156}
157
158template <typename T>
159std::vector<uint8_t> marshall_message(const T& message) {
160 auto [type, serialized] =
161 std::visit([](const auto& msg) { return std::pair(get(msg).wire_type(), get(msg).serialize()); }, message);
162
163 BOTAN_ASSERT_NOMSG(serialized.size() <= 0xFFFFFF);
164 const uint32_t msg_size = static_cast<uint32_t>(serialized.size());
165
166 std::vector<uint8_t> header{
167 static_cast<uint8_t>(type), get_byte<1>(msg_size), get_byte<2>(msg_size), get_byte<3>(msg_size)};
168
169 return concat(header, serialized);
170}
171
172} //namespace
173
174std::vector<uint8_t> Handshake_Layer::prepare_message(const Handshake_Message_13_Ref message,
175 Transcript_Hash_State& transcript_hash) {
176 auto msg = marshall_message(message);
177 transcript_hash.update(msg);
178 return msg;
179}
180
181std::vector<uint8_t> Handshake_Layer::prepare_post_handshake_message(const Post_Handshake_Message_13& message) {
182 return marshall_message(message);
183}
184
185} // namespace Botan::TLS
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
Botan::TLS::Certificate_13
Definition tls_messages_13.h:166
Botan::TLS::Certificate_Request_13
Definition tls_messages_13.h:290
Botan::TLS::Certificate_Verify_13
Definition tls_messages_13.h:324
Botan::TLS::Client_Hello_13::parse
static std::variant< Client_Hello_13, Client_Hello_12_Shim > parse(const std::vector< uint8_t > &buf)
Definition msg_client_hello_13.cpp:272
Botan::TLS::Encrypted_Extensions
Definition tls_messages_13.h:146
Botan::TLS::Finished_13
Definition tls_messages_13.h:349
Botan::TLS::Handshake_Layer::prepare_message
static std::vector< uint8_t > prepare_message(Handshake_Message_13_Ref message, Transcript_Hash_State &transcript_hash)
Definition tls_handshake_layer_13.cpp:174
Botan::TLS::Handshake_Layer::next_message
std::optional< Handshake_Message_13 > next_message(const Policy &policy, Transcript_Hash_State &transcript_hash)
Definition tls_handshake_layer_13.cpp:120
Botan::TLS::Handshake_Layer::next_post_handshake_message
std::optional< Post_Handshake_Message_13 > next_post_handshake_message(const Policy &policy)
Definition tls_handshake_layer_13.cpp:134
Botan::TLS::Handshake_Layer::prepare_post_handshake_message
static std::vector< uint8_t > prepare_post_handshake_message(const Post_Handshake_Message_13 &message)
Definition tls_handshake_layer_13.cpp:181
Botan::TLS::Handshake_Layer::copy_data
void copy_data(std::span< const uint8_t > data_from_peer)
Definition tls_handshake_layer_13.cpp:20
Botan::TLS::Key_Update
Definition tls_messages_13.h:401
Botan::TLS::New_Session_Ticket_13
Definition tls_messages_13.h:357
Botan::TLS::Server_Hello_13::parse
static std::variant< Hello_Retry_Request, Server_Hello_13, Server_Hello_12_Shim > parse(const std::vector< uint8_t > &buf)
Definition msg_server_hello_13.cpp:84
Botan::TLS::TLS_Data_Reader
Definition tls_reader.h:24
Botan::TLS::TLS_Data_Reader::read_so_far
size_t read_so_far() const
Definition tls_reader.h:35
Botan::TLS::TLS_Exception
Definition tls_exceptn.h:19
Botan::TLS::Transcript_Hash_State
Definition tls_transcript_hash_13.h:32
Botan::TLS::Transcript_Hash_State::update
void update(std::span< const uint8_t > serialized_message_s)
Definition tls_transcript_hash_13.cpp:155
Botan::TLS::Handshake_Message_13_Ref
detail::as_wrapped_references_t< Handshake_Message_13 > Handshake_Message_13_Ref
Definition tls_messages_13.h:441
Botan::TLS::Post_Handshake_Message_13
std::variant< New_Session_Ticket_13, Key_Update > Post_Handshake_Message_13
Definition tls_messages_13.h:443
Botan::get_byte
constexpr uint8_t get_byte(T input)
Definition loadstor.h:79
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition concat_util.h:90
Botan::generalize_to
constexpr GeneralVariantT generalize_to(SpecialT &&specific)
Converts a given variant into another variant-ish whose type states are a super set of the given vari...
Definition stl_util.h:87
Generated by doxygen 1.15.0