Botan 3.5.0
Crypto and TLS for C&
tls_transcript_hash_13.h
Go to the documentation of this file.
1/*
2* TLS transcript hash implementation for TLS 1.3
3* (C) 2022 Jack Lloyd
4* 2022 Hannes Rantzsch, René Meusel - neXenio GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TLS_TRANSCRIPT_HASH_13_H_
10#define BOTAN_TLS_TRANSCRIPT_HASH_13_H_
11
12#include <botan/hash.h>
13#include <botan/tls_magic.h>
14
15#include <memory>
16#include <span>
17#include <string>
18#include <vector>
19
20namespace Botan::TLS {
21
22/**
23 * Wraps the behaviour of the TLS 1.3 transcript hash as described in
24 * RFC 8446 4.4.1. Particularly, it hides the complexity that the
25 * utilized hash algorithm might become evident only after receiving
26 * a server hello message.
27 */
29 public:
31 Transcript_Hash_State(std::string_view algo_spec);
33
34 /**
35 * Recreates a Transcript_Hash_State after receiving a Hello Retry Request.
36 * Note that the `prev_transcript_hash_state` must not have an hash algorithm
37 * set, yet. Furthermore it must contain exactly TWO unprocessed messages:
38 * * Client Hello 1, and
39 * * Hello Retry Request
40 * The result of this function is an ordinary transcript hash that can replace
41 * the previously used object in client and server implementations.
42 */
43 static Transcript_Hash_State recreate_after_hello_retry_request(
44 std::string_view algo_spec, const Transcript_Hash_State& prev_transcript_hash_state);
45
47
50
51 void update(std::span<const uint8_t> serialized_message_s);
52
53 /**
54 * returns the latest transcript hash
55 * (given an algorithm was already specified and some data was provided to `update`)
56 */
57 const Transcript_Hash& current() const;
58
59 /**
60 * returns the second-latest transcript hash
61 * throws if no 'current' was ever replaced by a call to `update`
62 */
63 const Transcript_Hash& previous() const;
64
65 /**
66 * returns a truncated transcript hash (see RFC 8446 4.2.11.2)
67 *
68 * This is useful for implementing PSK binders in the PSK extension of
69 * client hello. It is a transcript over a partially marshalled client
70 * hello message. This hash is available only if the last processed
71 * message was a client hello with a PSK extension.
72 *
73 * throws if no 'truncated' hash is available
74 */
75 const Transcript_Hash& truncated() const;
76
77 void set_algorithm(std::string_view algo_spec);
78
79 Transcript_Hash_State clone() const;
80
81 private:
83
84 private:
85 std::unique_ptr<HashFunction> m_hash;
86
87 // This buffer is filled with the data that is passed into
88 // `update()` before `set_algorithm()` was called.
89 std::vector<std::vector<uint8_t>> m_unprocessed_transcript;
90
91 Transcript_Hash m_current;
92 Transcript_Hash m_previous;
93 Transcript_Hash m_truncated;
94};
95
96} // namespace Botan::TLS
97
98#endif // BOTAN_TLS_TRANSCRIPT_HASH_13_H_
Transcript_Hash_State(Transcript_Hash_State &&)=default
Transcript_Hash_State & operator=(Transcript_Hash_State &&)=default
Transcript_Hash_State & operator=(const Transcript_Hash_State &)=delete
int(* update)(CTX *, const void *, CC_LONG len)
#define BOTAN_TEST_API
Definition compiler.h:51
std::vector< uint8_t > Transcript_Hash
Definition tls_magic.h:81