Botan 3.3.0
Crypto and TLS for C&
tls_handshake_state.h
Go to the documentation of this file.
1/*
2* TLS Handshake State
3* (C) 2004-2006,2011,2012 Jack Lloyd
4* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TLS_HANDSHAKE_STATE_H_
10#define BOTAN_TLS_HANDSHAKE_STATE_H_
11
12#include <botan/pk_keys.h>
13#include <botan/pubkey.h>
14#include <botan/tls_callbacks.h>
15#include <botan/tls_ciphersuite.h>
16#include <botan/tls_exceptn.h>
17#include <botan/tls_handshake_msg.h>
18#include <botan/internal/tls_handshake_hash.h>
19#include <botan/internal/tls_handshake_io.h>
20#include <botan/internal/tls_handshake_transitions.h>
21#include <botan/internal/tls_session_key.h>
22#include <functional>
23#include <optional>
24
25namespace Botan {
26
27class KDF;
28
29namespace TLS {
30
31class Callbacks;
32class Policy;
33class Signature_Scheme;
34
35class Hello_Verify_Request;
36class Client_Hello_12;
37class Server_Hello_12;
38class Certificate_12;
39class Certificate_Status;
40class Server_Key_Exchange;
41class Certificate_Request_12;
42class Server_Hello_Done;
43class Client_Key_Exchange;
44class Certificate_Verify_12;
45class New_Session_Ticket_12;
46class Finished_12;
47
48/**
49* SSL/TLS Handshake State
50*
51* This is a data holder object for all state aggregated during the handshake,
52* both on client and server side and across protocol versions.
53* It does not implement any logic and offers no guarantees regarding state
54* consistency and legal TLS state transitions.
55*
56* TODO: currently it implements some logic for TLS 1.2, which should be removed
57* TODO: investigate moving the handshake_io to the channel
58*/
60 public:
61 Handshake_State(std::unique_ptr<Handshake_IO> io, Callbacks& callbacks);
63
66
67 Handshake_IO& handshake_io() { return *m_handshake_io; }
68
69 /**
70 * Return true iff we have received a particular message already
71 * @param msg_type the message type
72 */
73 bool received_handshake_msg(Handshake_Type msg_type) const;
74
75 /**
76 * Confirm that we were expecting this message type
77 * @param msg_type the message type
78 */
80
81 /**
82 * Record that we are expecting a particular message type next
83 * @param msg_type the message type
84 */
85 void set_expected_next(Handshake_Type msg_type);
86
87 std::pair<Handshake_Type, std::vector<uint8_t>> get_next_handshake_msg();
88
90
91 std::pair<std::string, Signature_Format> parse_sig_format(const Public_Key& key,
92 Signature_Scheme scheme,
93 const std::vector<Signature_Scheme>& offered_schemes,
94 bool for_client_auth,
95 const Policy& policy) const;
96
97 std::pair<std::string, Signature_Format> choose_sig_format(const Private_Key& key,
98 Signature_Scheme& scheme,
99 bool for_client_auth,
100 const Policy& policy) const;
101
102 std::unique_ptr<KDF> protocol_specific_prf() const;
103
104 Protocol_Version version() const { return m_version; }
105
107
108 void hello_verify_request(const Hello_Verify_Request& hello_verify);
109
110 // TODO: take unique_ptr instead of raw pointers for all of these, as
111 // we're taking the ownership
119
122
125
128
130
131 const Client_Hello_12* client_hello() const { return m_client_hello.get(); }
132
133 const Server_Hello_12* server_hello() const { return m_server_hello.get(); }
134
135 const Certificate_12* server_certs() const { return m_server_certs.get(); }
136
137 const Server_Key_Exchange* server_kex() const { return m_server_kex.get(); }
138
139 const Certificate_Request_12* cert_req() const { return m_cert_req.get(); }
140
141 const Server_Hello_Done* server_hello_done() const { return m_server_hello_done.get(); }
142
143 const Certificate_12* client_certs() const { return m_client_certs.get(); }
144
145 const Client_Key_Exchange* client_kex() const { return m_client_kex.get(); }
146
147 const Certificate_Verify_12* client_verify() const { return m_client_verify.get(); }
148
149 const Certificate_Verify_12* server_verify() const { return m_server_verify.get(); }
150
151 const Certificate_Status* server_cert_status() const { return m_server_cert_status.get(); }
152
153 const New_Session_Ticket_12* new_session_ticket() const { return m_new_session_ticket.get(); }
154
155 const Finished_12* server_finished() const { return m_server_finished.get(); }
156
157 const Finished_12* client_finished() const { return m_client_finished.get(); }
158
159 const Ciphersuite& ciphersuite() const;
160
161 std::optional<std::string> psk_identity() const;
162
163 const Session_Keys& session_keys() const { return m_session_keys; }
164
165 Callbacks& callbacks() const { return m_callbacks; }
166
168
169 void compute_session_keys(const secure_vector<uint8_t>& resume_master_secret);
170
171 Handshake_Hash& hash() { return m_handshake_hash; }
172
173 const Handshake_Hash& hash() const { return m_handshake_hash; }
174
175 void note_message(const Handshake_Message& msg);
176
177 private:
178 Callbacks& m_callbacks;
179
180 std::unique_ptr<Handshake_IO> m_handshake_io;
181
182 Handshake_Transitions m_transitions;
183 Protocol_Version m_version;
184 std::optional<Ciphersuite> m_ciphersuite;
185 Session_Keys m_session_keys;
186 Handshake_Hash m_handshake_hash;
187
188 std::unique_ptr<Client_Hello_12> m_client_hello;
189 std::unique_ptr<Server_Hello_12> m_server_hello;
190
191 std::unique_ptr<Certificate_12> m_server_certs;
192 std::unique_ptr<Certificate_Status> m_server_cert_status;
193 std::unique_ptr<Server_Key_Exchange> m_server_kex;
194 std::unique_ptr<Certificate_Request_12> m_cert_req;
195 std::unique_ptr<Server_Hello_Done> m_server_hello_done;
196 std::unique_ptr<Certificate_12> m_client_certs;
197 std::unique_ptr<Client_Key_Exchange> m_client_kex;
198 std::unique_ptr<Certificate_Verify_12> m_client_verify;
199 std::unique_ptr<Certificate_Verify_12> m_server_verify;
200 std::unique_ptr<New_Session_Ticket_12> m_new_session_ticket;
201 std::unique_ptr<Finished_12> m_server_finished;
202 std::unique_ptr<Finished_12> m_client_finished;
203};
204
205} // namespace TLS
206
207} // namespace Botan
208
209#endif
std::pair< std::string, Signature_Format > parse_sig_format(const Public_Key &key, Signature_Scheme scheme, const std::vector< Signature_Scheme > &offered_schemes, bool for_client_auth, const Policy &policy) const
std::pair< Handshake_Type, std::vector< uint8_t > > get_next_handshake_msg()
const Server_Hello_Done * server_hello_done() const
void hello_verify_request(const Hello_Verify_Request &hello_verify)
void set_expected_next(Handshake_Type msg_type)
void note_message(const Handshake_Message &msg)
const Server_Key_Exchange * server_kex() const
const Certificate_Status * server_cert_status() const
const Certificate_Verify_12 * server_verify() const
Handshake_State(std::unique_ptr< Handshake_IO > io, Callbacks &callbacks)
const Certificate_Verify_12 * client_verify() const
const Finished_12 * server_finished() const
Handshake_State & operator=(const Handshake_State &)=delete
const Session_Keys & session_keys() const
const Client_Hello_12 * client_hello() const
Handshake_State(const Handshake_State &)=delete
const Client_Key_Exchange * client_kex() const
const Handshake_Hash & hash() const
void confirm_transition_to(Handshake_Type msg_type)
void set_version(const Protocol_Version &version)
std::optional< std::string > psk_identity() const
const Certificate_12 * server_certs() const
const Certificate_12 * client_certs() const
const Finished_12 * client_finished() const
const Certificate_Request_12 * cert_req() const
const Ciphersuite & ciphersuite() const
Session_Ticket session_ticket() const
const Server_Hello_12 * server_hello() const
bool received_handshake_msg(Handshake_Type msg_type) const
std::unique_ptr< KDF > protocol_specific_prf() const
const New_Session_Ticket_12 * new_session_ticket() const
std::pair< std::string, Signature_Format > choose_sig_format(const Private_Key &key, Signature_Scheme &scheme, bool for_client_auth, const Policy &policy) const
Protocol_Version version() const
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61