Botan 3.4.0
Crypto and TLS for C&
tls_handshake_transitions.cpp
Go to the documentation of this file.
1/*
2* TLS Handshake State Transitions
3* (C) 2004-2006,2011,2012 Jack Lloyd
4* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/tls_handshake_transitions.h>
10
11#include <botan/tls_exceptn.h>
12
13#include <sstream>
14
15namespace Botan::TLS {
16
17namespace {
18
19uint32_t bitmask_for_handshake_type(Handshake_Type type) {
20 switch(type) {
21 case Handshake_Type::HelloVerifyRequest:
22 return (1 << 0);
23
24 case Handshake_Type::HelloRequest:
25 return (1 << 1);
26
27 case Handshake_Type::ClientHello:
28 return (1 << 2);
29
30 case Handshake_Type::ServerHello:
31 return (1 << 3);
32
33 case Handshake_Type::Certificate:
34 return (1 << 4);
35
36 case Handshake_Type::CertificateUrl:
37 return (1 << 5);
38
39 case Handshake_Type::CertificateStatus:
40 return (1 << 6);
41
42 case Handshake_Type::ServerKeyExchange:
43 return (1 << 7);
44
45 case Handshake_Type::CertificateRequest:
46 return (1 << 8);
47
48 case Handshake_Type::ServerHelloDone:
49 return (1 << 9);
50
51 case Handshake_Type::CertificateVerify:
52 return (1 << 10);
53
54 case Handshake_Type::ClientKeyExchange:
55 return (1 << 11);
56
57 case Handshake_Type::NewSessionTicket:
58 return (1 << 12);
59
60 case Handshake_Type::HandshakeCCS:
61 return (1 << 13);
62
63 case Handshake_Type::Finished:
64 return (1 << 14);
65
66 case Handshake_Type::EndOfEarlyData: // RFC 8446
67 return (1 << 15);
68
69 case Handshake_Type::EncryptedExtensions: // RFC 8446
70 return (1 << 16);
71
72 case Handshake_Type::KeyUpdate: // RFC 8446
73 return (1 << 17);
74
75 case Handshake_Type::HelloRetryRequest: // RFC 8446
76 return (1 << 18);
77
78 // allow explicitly disabling new handshakes
79 case Handshake_Type::None:
80 return 0;
81 }
82
83 throw TLS_Exception(Alert::UnexpectedMessage,
84 "Unknown TLS handshake message type " + std::to_string(static_cast<size_t>(type)));
85}
86
87std::string handshake_mask_to_string(uint32_t mask, char combiner) {
88 const Handshake_Type types[] = {Handshake_Type::HelloVerifyRequest,
89 Handshake_Type::HelloRequest,
90 Handshake_Type::ClientHello,
91 Handshake_Type::ServerHello,
92 Handshake_Type::Certificate,
93 Handshake_Type::CertificateUrl,
94 Handshake_Type::CertificateStatus,
95 Handshake_Type::ServerKeyExchange,
96 Handshake_Type::CertificateRequest,
97 Handshake_Type::ServerHelloDone,
98 Handshake_Type::CertificateVerify,
99 Handshake_Type::ClientKeyExchange,
100 Handshake_Type::NewSessionTicket,
101 Handshake_Type::HandshakeCCS,
102 Handshake_Type::Finished,
103 Handshake_Type::EndOfEarlyData,
104 Handshake_Type::EncryptedExtensions,
105 Handshake_Type::KeyUpdate};
106
107 std::ostringstream o;
108 bool empty = true;
109
110 for(auto&& t : types) {
111 if(mask & bitmask_for_handshake_type(t)) {
112 if(!empty) {
113 o << combiner;
114 }
115 o << handshake_type_to_string(t);
116 empty = false;
117 }
118 }
119
120 return o.str();
121}
122
123} // namespace
124
125bool Handshake_Transitions::received_handshake_msg(Handshake_Type msg_type) const {
126 const uint32_t mask = bitmask_for_handshake_type(msg_type);
127
128 return (m_hand_received_mask & mask) != 0;
129}
130
131void Handshake_Transitions::confirm_transition_to(Handshake_Type msg_type) {
132 const uint32_t mask = bitmask_for_handshake_type(msg_type);
133
134 m_hand_received_mask |= mask;
135
136 const bool ok = (m_hand_expecting_mask & mask) != 0; // overlap?
137
138 if(!ok) {
139 const uint32_t seen_so_far = m_hand_received_mask & ~mask;
140
141 std::ostringstream msg;
142
143 msg << "Unexpected state transition in handshake got a " << handshake_type_to_string(msg_type);
144
145 if(m_hand_expecting_mask == 0) {
146 msg << " not expecting messages";
147 } else {
148 msg << " expected " << handshake_mask_to_string(m_hand_expecting_mask, '|');
149 }
150
151 if(seen_so_far != 0) {
152 msg << " seen " << handshake_mask_to_string(seen_so_far, '+');
153 }
154
155 throw Unexpected_Message(msg.str());
156 }
157
158 /* We don't know what to expect next, so force a call to
159 set_expected_next; if it doesn't happen, the next transition
160 check will always fail which is what we want.
161 */
162 m_hand_expecting_mask = 0;
163}
164
165void Handshake_Transitions::set_expected_next(Handshake_Type msg_type) {
166 m_hand_expecting_mask |= bitmask_for_handshake_type(msg_type);
167}
168
169void Handshake_Transitions::set_expected_next(const std::vector<Handshake_Type>& msg_types) {
170 for(const auto type : msg_types) {
171 set_expected_next(type);
172 }
173}
174
175bool Handshake_Transitions::change_cipher_spec_expected() const {
176 return (bitmask_for_handshake_type(Handshake_Type::HandshakeCCS) & m_hand_expecting_mask) != 0;
177}
178
179} // namespace Botan::TLS
Botan::TLS::Handshake_Transitions::confirm_transition_to
void confirm_transition_to(Handshake_Type msg_type)
Definition tls_handshake_transitions.cpp:131
Botan::TLS::Handshake_Transitions::received_handshake_msg
bool received_handshake_msg(Handshake_Type msg_type) const
Definition tls_handshake_transitions.cpp:125
Botan::TLS::Handshake_Transitions::set_expected_next
void set_expected_next(Handshake_Type msg_type)
Definition tls_handshake_transitions.cpp:165
Botan::TLS::Handshake_Transitions::change_cipher_spec_expected
bool change_cipher_spec_expected() const
Definition tls_handshake_transitions.cpp:175
Botan::TLS::Unexpected_Message
Definition tls_exceptn.h:37
Botan::TLS::handshake_type_to_string
const char * handshake_type_to_string(Handshake_Type type)
Definition tls_handshake_state.cpp:23
Generated by doxygen 1.10.0