Botan  2.7.0
Crypto and TLS for C++11
tls_handshake_state.h
Go to the documentation of this file.
1 /*
2 * TLS Handshake State
3 * (C) 2004-2006,2011,2012 Jack Lloyd
4 * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TLS_HANDSHAKE_STATE_H_
10 #define BOTAN_TLS_HANDSHAKE_STATE_H_
11 
12 #include <botan/internal/tls_handshake_hash.h>
13 #include <botan/internal/tls_handshake_io.h>
14 #include <botan/internal/tls_session_key.h>
15 #include <botan/tls_ciphersuite.h>
16 #include <botan/tls_exceptn.h>
17 #include <botan/tls_handshake_msg.h>
18 #include <botan/tls_callbacks.h>
19 #include <botan/pk_keys.h>
20 #include <botan/pubkey.h>
21 #include <functional>
22 
23 namespace Botan {
24 
25 class KDF;
26 
27 namespace TLS {
28 
29 class Callbacks;
30 class Policy;
31 
32 class Hello_Verify_Request;
33 class Client_Hello;
34 class Server_Hello;
35 class Certificate;
36 class Certificate_Status;
37 class Server_Key_Exchange;
38 class Certificate_Req;
39 class Server_Hello_Done;
40 class Certificate;
41 class Client_Key_Exchange;
42 class Certificate_Verify;
43 class New_Session_Ticket;
44 class Finished;
45 
46 /**
47 * SSL/TLS Handshake State
48 */
50  {
51  public:
53 
54  virtual ~Handshake_State() = default;
55 
56  Handshake_State(const Handshake_State&) = delete;
57  Handshake_State& operator=(const Handshake_State&) = delete;
58 
59  Handshake_IO& handshake_io() { return *m_handshake_io; }
60 
61  /**
62  * Return true iff we have received a particular message already
63  * @param msg_type the message type
64  */
65  bool received_handshake_msg(Handshake_Type msg_type) const;
66 
67  /**
68  * Confirm that we were expecting this message type
69  * @param msg_type the message type
70  */
72 
73  /**
74  * Record that we are expecting a particular message type next
75  * @param msg_type the message type
76  */
77  void set_expected_next(Handshake_Type msg_type);
78 
79  std::pair<Handshake_Type, std::vector<uint8_t>>
81 
82  std::vector<uint8_t> session_ticket() const;
83 
84  std::pair<std::string, Signature_Format>
85  parse_sig_format(const Public_Key& key,
86  Signature_Scheme scheme,
87  bool for_client_auth,
88  const Policy& policy) const;
89 
90  std::pair<std::string, Signature_Format>
91  choose_sig_format(const Private_Key& key,
92  Signature_Scheme& scheme,
93  bool for_client_auth,
94  const Policy& policy) const;
95 
96  std::string srp_identifier() const;
97 
98  KDF* protocol_specific_prf() const;
99 
100  Protocol_Version version() const { return m_version; }
101 
102  void set_version(const Protocol_Version& version);
103 
104  void hello_verify_request(const Hello_Verify_Request& hello_verify);
105 
119 
120  const Client_Hello* client_hello() const
121  { return m_client_hello.get(); }
122 
123  const Server_Hello* server_hello() const
124  { return m_server_hello.get(); }
125 
126  const Certificate* server_certs() const
127  { return m_server_certs.get(); }
128 
130  { return m_server_kex.get(); }
131 
132  const Certificate_Req* cert_req() const
133  { return m_cert_req.get(); }
134 
136  { return m_server_hello_done.get(); }
137 
138  const Certificate* client_certs() const
139  { return m_client_certs.get(); }
140 
142  { return m_client_kex.get(); }
143 
145  { return m_client_verify.get(); }
146 
148  { return m_server_cert_status.get(); }
149 
151  { return m_new_session_ticket.get(); }
152 
153  const Finished* server_finished() const
154  { return m_server_finished.get(); }
155 
156  const Finished* client_finished() const
157  { return m_client_finished.get(); }
158 
159  const Ciphersuite& ciphersuite() const { return m_ciphersuite; }
160 
161  const Session_Keys& session_keys() const { return m_session_keys; }
162 
163  Callbacks& callbacks() const { return m_callbacks; }
164 
165  void compute_session_keys();
166 
168 
169  Handshake_Hash& hash() { return m_handshake_hash; }
170 
171  const Handshake_Hash& hash() const { return m_handshake_hash; }
172 
173  void note_message(const Handshake_Message& msg);
174  private:
175 
176  Callbacks& m_callbacks;
177 
178  std::unique_ptr<Handshake_IO> m_handshake_io;
179 
180  uint32_t m_hand_expecting_mask = 0;
181  uint32_t m_hand_received_mask = 0;
182  Protocol_Version m_version;
183  Ciphersuite m_ciphersuite;
184  Session_Keys m_session_keys;
185  Handshake_Hash m_handshake_hash;
186 
187  std::unique_ptr<Client_Hello> m_client_hello;
188  std::unique_ptr<Server_Hello> m_server_hello;
189  std::unique_ptr<Certificate> m_server_certs;
190  std::unique_ptr<Certificate_Status> m_server_cert_status;
191  std::unique_ptr<Server_Key_Exchange> m_server_kex;
192  std::unique_ptr<Certificate_Req> m_cert_req;
193  std::unique_ptr<Server_Hello_Done> m_server_hello_done;
194  std::unique_ptr<Certificate> m_client_certs;
195  std::unique_ptr<Client_Key_Exchange> m_client_kex;
196  std::unique_ptr<Certificate_Verify> m_client_verify;
197  std::unique_ptr<New_Session_Ticket> m_new_session_ticket;
198  std::unique_ptr<Finished> m_server_finished;
199  std::unique_ptr<Finished> m_client_finished;
200  };
201 
202 }
203 
204 }
205 
206 #endif
Handshake_State & operator=(const Handshake_State &)=delete
virtual ~Handshake_State()=default
const Client_Key_Exchange * client_kex() const
std::pair< std::string, Signature_Format > parse_sig_format(const Public_Key &key, Signature_Scheme scheme, bool for_client_auth, const Policy &policy) const
std::vector< uint8_t > session_ticket() const
Signature_Scheme
Definition: tls_algos.h:84
std::pair< std::string, Signature_Format > choose_sig_format(const Private_Key &key, Signature_Scheme &scheme, bool for_client_auth, const Policy &policy) const
const Server_Hello * server_hello() const
const Certificate * server_certs() const
Handshake_State(Handshake_IO *io, Callbacks &callbacks)
const Finished * server_finished() const
const Server_Key_Exchange * server_kex() const
const Ciphersuite & ciphersuite() const
void set_version(const Protocol_Version &version)
const Certificate_Req * cert_req() const
const Certificate_Verify * client_verify() const
const Certificate_Status * server_cert_status() const
std::pair< Handshake_Type, std::vector< uint8_t > > get_next_handshake_msg()
const Finished * client_finished() const
const Session_Keys & session_keys() const
const Certificate * client_certs() const
Definition: alg_id.cpp:13
bool received_handshake_msg(Handshake_Type msg_type) const
void confirm_transition_to(Handshake_Type msg_type)
secure_vector< uint8_t > resume_master_secret
Definition: tls_client.cpp:41
void note_message(const Handshake_Message &msg)
Definition: kdf.h:20
const New_Session_Ticket * new_session_ticket() const
const Server_Hello_Done * server_hello_done() const
void hello_verify_request(const Hello_Verify_Request &hello_verify)
const Handshake_Hash & hash() const
Protocol_Version version() const
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
const Client_Hello * client_hello() const
void set_expected_next(Handshake_Type msg_type)