Botan 3.6.1
Crypto and TLS for C&
tls_record.h
Go to the documentation of this file.
1/*
2* TLS Record Handling
3* (C) 2004-2012 Jack Lloyd
4* 2016 Matthias Gierlings
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TLS_RECORDS_H_
10#define BOTAN_TLS_RECORDS_H_
11
12#include <botan/aead.h>
13#include <botan/tls_algos.h>
14#include <botan/tls_magic.h>
15#include <botan/tls_version.h>
16#include <botan/internal/tls_channel_impl.h>
17#include <chrono>
18#include <functional>
19#include <vector>
20
21namespace Botan::TLS {
22
23class Callbacks;
24class Ciphersuite;
25class Session_Keys;
26
27class Connection_Sequence_Numbers;
28
29/**
30* TLS Cipher State
31*/
32class Connection_Cipher_State final {
33 public:
34 /**
35 * Initialize a new cipher state
36 */
37 Connection_Cipher_State(Protocol_Version version,
38 Connection_Side which_side,
39 bool is_our_side,
40 const Ciphersuite& suite,
41 const Session_Keys& keys,
42 bool uses_encrypt_then_mac);
43
44 AEAD_Mode& aead() {
45 BOTAN_ASSERT_NONNULL(m_aead.get());
46 return *m_aead;
47 }
48
49 std::vector<uint8_t> aead_nonce(uint64_t seq, RandomNumberGenerator& rng);
50
51 std::vector<uint8_t> aead_nonce(const uint8_t record[], size_t record_len, uint64_t seq);
52
53 std::vector<uint8_t> format_ad(uint64_t seq, Record_Type type, Protocol_Version version, uint16_t ptext_length);
54
55 size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; }
56
57 size_t nonce_bytes_from_record() const { return m_nonce_bytes_from_record; }
58
59 Nonce_Format nonce_format() const { return m_nonce_format; }
60
61 private:
62 std::unique_ptr<AEAD_Mode> m_aead;
63
64 std::vector<uint8_t> m_nonce;
65 Nonce_Format m_nonce_format;
66 size_t m_nonce_bytes_from_handshake;
67 size_t m_nonce_bytes_from_record;
68};
69
70class Record_Header final {
71 public:
72 Record_Header(uint64_t sequence, Protocol_Version version, Record_Type type) :
73 m_needed(0), m_sequence(sequence), m_version(version), m_type(type) {}
74
75 Record_Header(size_t needed) :
76 m_needed(needed), m_sequence(0), m_version(Protocol_Version()), m_type(Record_Type::Invalid) {}
77
78 size_t needed() const { return m_needed; }
79
80 Protocol_Version version() const {
81 BOTAN_ASSERT_NOMSG(m_needed == 0);
82 return m_version;
83 }
84
85 uint64_t sequence() const {
86 BOTAN_ASSERT_NOMSG(m_needed == 0);
87 return m_sequence;
88 }
89
90 uint16_t epoch() const { return static_cast<uint16_t>(sequence() >> 48); }
91
92 Record_Type type() const {
93 BOTAN_ASSERT_NOMSG(m_needed == 0);
94 return m_type;
95 }
96
97 private:
98 size_t m_needed;
99 uint64_t m_sequence;
100 Protocol_Version m_version;
101 Record_Type m_type;
102};
103
104/**
105* Create an initial (unencrypted) TLS handshake record
106* @param write_buffer the output record is placed here
107* @param record_type the record layer type
108* @param record_version the record layer version
109* @param record_sequence the record layer sequence number
110* @param message the record contents
111* @param message_len is size of message
112*/
113void write_unencrypted_record(secure_vector<uint8_t>& write_buffer,
114 Record_Type record_type,
115 Protocol_Version record_version,
116 uint64_t record_sequence,
117 const uint8_t* message,
118 size_t message_len);
119
120/**
121* Create a TLS record
122* @param write_buffer the output record is placed here
123* @param record_type the record layer type
124* @param record_version the record layer version
125* @param record_sequence the record layer sequence number
126* @param message the record contents
127* @param message_len is size of message
128* @param cipherstate is the writing cipher state
129* @param rng is a random number generator
130*/
131void write_record(secure_vector<uint8_t>& write_buffer,
132 Record_Type record_type,
133 Protocol_Version record_version,
134 uint64_t record_sequence,
135 const uint8_t* message,
136 size_t message_len,
137 Connection_Cipher_State& cipherstate,
138 RandomNumberGenerator& rng);
139
140// epoch -> cipher state
141typedef std::function<std::shared_ptr<Connection_Cipher_State>(uint16_t)> get_cipherstate_fn;
142
143/**
144* Decode a TLS record
145* @return zero if full message, else number of bytes still needed
146*/
147Record_Header read_record(bool is_datagram,
148 secure_vector<uint8_t>& read_buffer,
149 const uint8_t input[],
150 size_t input_len,
151 size_t& consumed,
152 secure_vector<uint8_t>& record_buf,
153 Connection_Sequence_Numbers* sequence_numbers,
154 const get_cipherstate_fn& get_cipherstate,
155 bool allow_epoch0_restart);
156
157} // namespace Botan::TLS
158
159#endif
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86
Botan::AEAD_Mode
Definition aead.h:24
Botan::TLS::Connection_Cipher_State
Definition tls_record.h:32
Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record
size_t nonce_bytes_from_record() const
Definition tls_record.h:57
Botan::TLS::Connection_Cipher_State::nonce_format
Nonce_Format nonce_format() const
Definition tls_record.h:59
Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake
size_t nonce_bytes_from_handshake() const
Definition tls_record.h:55
Botan::TLS::Connection_Cipher_State::Connection_Cipher_State
Connection_Cipher_State(Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys, bool uses_encrypt_then_mac)
Definition tls_record.cpp:28
Botan::TLS::Connection_Cipher_State::aead_nonce
std::vector< uint8_t > aead_nonce(uint64_t seq, RandomNumberGenerator &rng)
Definition tls_record.cpp:77
Botan::TLS::Connection_Cipher_State::aead
AEAD_Mode & aead()
Definition tls_record.h:44
Botan::TLS::Connection_Cipher_State::format_ad
std::vector< uint8_t > format_ad(uint64_t seq, Record_Type type, Protocol_Version version, uint16_t ptext_length)
Definition tls_record.cpp:142
Botan::TLS::Connection_Sequence_Numbers
Definition tls_seq_numbers.h:16
Botan::TLS::Protocol_Version
Definition tls_version.h:34
Botan::TLS::Record_Header
Definition tls_record.h:70
Botan::TLS::Record_Header::version
Protocol_Version version() const
Definition tls_record.h:80
Botan::TLS::Record_Header::type
Record_Type type() const
Definition tls_record.h:92
Botan::TLS::Record_Header::Record_Header
Record_Header(size_t needed)
Definition tls_record.h:75
Botan::TLS::Record_Header::sequence
uint64_t sequence() const
Definition tls_record.h:85
Botan::TLS::Record_Header::needed
size_t needed() const
Definition tls_record.h:78
Botan::TLS::Record_Header::epoch
uint16_t epoch() const
Definition tls_record.h:90
Botan::TLS::Record_Header::Record_Header
Record_Header(uint64_t sequence, Protocol_Version version, Record_Type type)
Definition tls_record.h:72
Botan::TLS::Session_Keys
Definition tls_session_key.h:21
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
Botan::TLS::read_record
Record_Header read_record(bool is_datagram, secure_vector< uint8_t > &readbuf, const uint8_t input[], size_t input_len, size_t &consumed, secure_vector< uint8_t > &recbuf, Connection_Sequence_Numbers *sequence_numbers, const get_cipherstate_fn &get_cipherstate, bool allow_epoch0_restart)
Definition tls_record.cpp:488
Botan::TLS::write_unencrypted_record
void write_unencrypted_record(secure_vector< uint8_t > &output, Record_Type record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len)
Definition tls_record.cpp:186
Botan::TLS::get_cipherstate_fn
std::function< std::shared_ptr< Connection_Cipher_State >(uint16_t)> get_cipherstate_fn
Definition tls_record.h:141
Botan::TLS::write_record
void write_record(secure_vector< uint8_t > &output, Record_Type record_type, Protocol_Version version, uint64_t record_sequence, const uint8_t *message, size_t message_len, Connection_Cipher_State &cs, RandomNumberGenerator &rng)
Definition tls_record.cpp:200
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Generated by doxygen 1.12.0