Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::TLS::Handshake_State Class Reference

#include <tls_handshake_state.h>

Inherited by Botan::TLS::Server_Handshake_State.

Public Member Functions

void cert_req (Certificate_Req *cert_req)
 
const Certificate_Reqcert_req () const
 
std::pair< std::string, Signature_Formatchoose_sig_format (const Private_Key &key, std::string &hash_algo, std::string &sig_algo, bool for_client_auth, const Policy &policy) const
 
const Ciphersuiteciphersuite () const
 
void client_certs (Certificate *client_certs)
 
const Certificateclient_certs () const
 
void client_finished (Finished *client_finished)
 
const Finishedclient_finished () const
 
void client_hello (Client_Hello *client_hello)
 
const Client_Helloclient_hello () const
 
void client_kex (Client_Key_Exchange *client_kex)
 
const Client_Key_Exchangeclient_kex () const
 
void client_verify (Certificate_Verify *client_verify)
 
const Certificate_Verifyclient_verify () const
 
void compute_session_keys ()
 
void compute_session_keys (const secure_vector< uint8_t > &resume_master_secret)
 
void confirm_transition_to (Handshake_Type msg_type)
 
std::pair< Handshake_Type, std::vector< uint8_t > > get_next_handshake_msg ()
 
Handshake_IOhandshake_io ()
 
 Handshake_State (Handshake_IO *io, Callbacks &callbacks)
 
 Handshake_State (const Handshake_State &)=delete
 
Handshake_Hashhash ()
 
const Handshake_Hashhash () const
 
void hello_verify_request (const Hello_Verify_Request &hello_verify)
 
void new_session_ticket (New_Session_Ticket *new_session_ticket)
 
const New_Session_Ticketnew_session_ticket () const
 
void note_message (const Handshake_Message &msg)
 
Handshake_Stateoperator= (const Handshake_State &)=delete
 
std::pair< std::string, Signature_Formatparse_sig_format (const Public_Key &key, const std::string &hash_algo, const std::string &sig_algo, bool for_client_auth, const Policy &policy) const
 
KDFprotocol_specific_prf () const
 
bool received_handshake_msg (Handshake_Type msg_type) const
 
void server_cert_status (Certificate_Status *server_cert_status)
 
const Certificate_Statusserver_cert_status () const
 
void server_certs (Certificate *server_certs)
 
const Certificateserver_certs () const
 
void server_finished (Finished *server_finished)
 
const Finishedserver_finished () const
 
void server_hello (Server_Hello *server_hello)
 
const Server_Helloserver_hello () const
 
void server_hello_done (Server_Hello_Done *server_hello_done)
 
const Server_Hello_Doneserver_hello_done () const
 
void server_kex (Server_Key_Exchange *server_kex)
 
const Server_Key_Exchangeserver_kex () const
 
const Session_Keyssession_keys () const
 
std::vector< uint8_t > session_ticket () const
 
void set_expected_next (Handshake_Type msg_type)
 
void set_version (const Protocol_Version &version)
 
std::string srp_identifier () const
 
Protocol_Version version () const
 
virtual ~Handshake_State ()=default
 

Detailed Description

SSL/TLS Handshake State

Definition at line 47 of file tls_handshake_state.h.

Constructor & Destructor Documentation

Botan::TLS::Handshake_State::Handshake_State ( Handshake_IO io,
Callbacks callbacks 
)

Definition at line 178 of file tls_handshake_state.cpp.

178  :
179  m_callbacks(cb),
180  m_handshake_io(io),
181  m_version(m_handshake_io->initial_record_version())
182  {
183  }
virtual Botan::TLS::Handshake_State::~Handshake_State ( )
virtualdefault
Botan::TLS::Handshake_State::Handshake_State ( const Handshake_State )
delete

Member Function Documentation

void Botan::TLS::Handshake_State::cert_req ( Certificate_Req cert_req)

Definition at line 231 of file tls_handshake_state.cpp.

References note_message().

232  {
233  m_cert_req.reset(cert_req);
234  note_message(*m_cert_req);
235  }
void note_message(const Handshake_Message &msg)
const Certificate_Req * cert_req() const
const Certificate_Req* Botan::TLS::Handshake_State::cert_req ( ) const
inline

Definition at line 132 of file tls_handshake_state.h.

Referenced by choose_sig_format(), and parse_sig_format().

133  { return m_cert_req.get(); }
std::pair< std::string, Signature_Format > Botan::TLS::Handshake_State::choose_sig_format ( const Private_Key key,
std::string &  hash_algo,
std::string &  sig_algo,
bool  for_client_auth,
const Policy policy 
) const

Definition at line 424 of file tls_handshake_state.cpp.

References Botan::Public_Key::algo_name(), cert_req(), client_hello(), Botan::DER_SEQUENCE, Botan::IEEE_1363, and version().

Referenced by Botan::TLS::Certificate_Verify::Certificate_Verify(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

429  {
430  const std::string sig_algo = key.algo_name();
431 
432  const std::string hash_algo =
433  choose_hash(sig_algo,
434  this->version(),
435  policy,
436  for_client_auth,
437  client_hello(),
438  cert_req());
439 
440  if(this->version().supports_negotiable_signature_algorithms())
441  {
442  hash_algo_out = hash_algo;
443  sig_algo_out = sig_algo;
444  }
445 
446  if(sig_algo == "RSA")
447  {
448  const std::string padding = "EMSA3(" + hash_algo + ")";
449 
450  return std::make_pair(padding, IEEE_1363);
451  }
452  else if(sig_algo == "DSA" || sig_algo == "ECDSA")
453  {
454  const std::string padding = "EMSA1(" + hash_algo + ")";
455 
456  return std::make_pair(padding, DER_SEQUENCE);
457  }
458 
459  throw Invalid_Argument(sig_algo + " is invalid/unknown for TLS signatures");
460  }
const Certificate_Req * cert_req() const
Protocol_Version version() const
const Client_Hello * client_hello() const
const Ciphersuite& Botan::TLS::Handshake_State::ciphersuite ( ) const
inline
void Botan::TLS::Handshake_State::client_certs ( Certificate client_certs)

Definition at line 243 of file tls_handshake_state.cpp.

References note_message().

244  {
245  m_client_certs.reset(client_certs);
246  note_message(*m_client_certs);
247  }
void note_message(const Handshake_Message &msg)
const Certificate * client_certs() const
const Certificate* Botan::TLS::Handshake_State::client_certs ( ) const
inline

Definition at line 138 of file tls_handshake_state.h.

139  { return m_client_certs.get(); }
void Botan::TLS::Handshake_State::client_finished ( Finished client_finished)

Definition at line 273 of file tls_handshake_state.cpp.

References note_message().

274  {
275  m_client_finished.reset(client_finished);
276  note_message(*m_client_finished);
277  }
const Finished * client_finished() const
void note_message(const Handshake_Message &msg)
const Finished* Botan::TLS::Handshake_State::client_finished ( ) const
inline

Definition at line 156 of file tls_handshake_state.h.

157  { return m_client_finished.get(); }
void Botan::TLS::Handshake_State::client_hello ( Client_Hello client_hello)
const Client_Hello* Botan::TLS::Handshake_State::client_hello ( ) const
inline

Definition at line 120 of file tls_handshake_state.h.

Referenced by choose_sig_format(), parse_sig_format(), session_ticket(), and srp_identifier().

121  { return m_client_hello.get(); }
void Botan::TLS::Handshake_State::client_kex ( Client_Key_Exchange client_kex)

Definition at line 249 of file tls_handshake_state.cpp.

References note_message().

250  {
251  m_client_kex.reset(client_kex);
252  note_message(*m_client_kex);
253  }
void note_message(const Handshake_Message &msg)
const Client_Key_Exchange * client_kex() const
const Client_Key_Exchange* Botan::TLS::Handshake_State::client_kex ( ) const
inline

Definition at line 141 of file tls_handshake_state.h.

Referenced by compute_session_keys().

142  { return m_client_kex.get(); }
void Botan::TLS::Handshake_State::client_verify ( Certificate_Verify client_verify)

Definition at line 255 of file tls_handshake_state.cpp.

References note_message().

256  {
257  m_client_verify.reset(client_verify);
258  note_message(*m_client_verify);
259  }
const Certificate_Verify * client_verify() const
void note_message(const Handshake_Message &msg)
const Certificate_Verify* Botan::TLS::Handshake_State::client_verify ( ) const
inline

Definition at line 144 of file tls_handshake_state.h.

145  { return m_client_verify.get(); }
void Botan::TLS::Handshake_State::compute_session_keys ( )

Definition at line 284 of file tls_handshake_state.cpp.

References client_kex().

285  {
286  m_session_keys = Session_Keys(this, client_kex()->pre_master_secret(), false);
287  }
const Client_Key_Exchange * client_kex() const
void Botan::TLS::Handshake_State::compute_session_keys ( const secure_vector< uint8_t > &  resume_master_secret)

Definition at line 289 of file tls_handshake_state.cpp.

290  {
291  m_session_keys = Session_Keys(this, resume_master_secret, true);
292  }
secure_vector< uint8_t > resume_master_secret
Definition: tls_client.cpp:38
void Botan::TLS::Handshake_State::confirm_transition_to ( Handshake_Type  msg_type)

Confirm that we were expecting this message type

Parameters
msg_typethe message type

Definition at line 294 of file tls_handshake_state.cpp.

References Botan::ASN1::to_string().

295  {
296  const uint32_t mask = bitmask_for_handshake_type(handshake_msg);
297 
298  m_hand_received_mask |= mask;
299 
300  const bool ok = (m_hand_expecting_mask & mask) != 0; // overlap?
301 
302  if(!ok)
303  throw Unexpected_Message("Unexpected state transition in handshake, got type " +
304  std::to_string(handshake_msg) +
305  " expected " + handshake_mask_to_string(m_hand_expecting_mask) +
306  " received " + handshake_mask_to_string(m_hand_received_mask));
307 
308  /* We don't know what to expect next, so force a call to
309  set_expected_next; if it doesn't happen, the next transition
310  check will always fail which is what we want.
311  */
312  m_hand_expecting_mask = 0;
313  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
std::pair< Handshake_Type, std::vector< uint8_t > > Botan::TLS::Handshake_State::get_next_handshake_msg ( )

Definition at line 328 of file tls_handshake_state.cpp.

References Botan::TLS::HANDSHAKE_CCS.

329  {
330  const bool expecting_ccs =
331  (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask) != 0;
332 
333  return m_handshake_io->get_next_record(expecting_ccs);
334  }
Handshake_IO& Botan::TLS::Handshake_State::handshake_io ( )
inline

Definition at line 57 of file tls_handshake_state.h.

Referenced by hello_verify_request().

57 { return *m_handshake_io; }
Handshake_Hash& Botan::TLS::Handshake_State::hash ( )
inline
const Handshake_Hash& Botan::TLS::Handshake_State::hash ( ) const
inline

Definition at line 169 of file tls_handshake_state.h.

169 { return m_handshake_hash; }
void Botan::TLS::Handshake_State::hello_verify_request ( const Hello_Verify_Request hello_verify)

Definition at line 190 of file tls_handshake_state.cpp.

References handshake_io(), hash(), note_message(), Botan::TLS::Handshake_Hash::reset(), and Botan::TLS::Handshake_Hash::update().

191  {
192  note_message(hello_verify);
193 
194  m_client_hello->update_hello_cookie(hello_verify);
195  hash().reset();
196  hash().update(handshake_io().send(*m_client_hello));
197  note_message(*m_client_hello);
198  }
void update(const uint8_t in[], size_t length)
void note_message(const Handshake_Message &msg)
void Botan::TLS::Handshake_State::new_session_ticket ( New_Session_Ticket new_session_ticket)

Definition at line 261 of file tls_handshake_state.cpp.

References note_message().

262  {
263  m_new_session_ticket.reset(new_session_ticket);
264  note_message(*m_new_session_ticket);
265  }
void note_message(const Handshake_Message &msg)
const New_Session_Ticket * new_session_ticket() const
const New_Session_Ticket* Botan::TLS::Handshake_State::new_session_ticket ( ) const
inline

Definition at line 150 of file tls_handshake_state.h.

Referenced by session_ticket().

151  { return m_new_session_ticket.get(); }
void Botan::TLS::Handshake_State::note_message ( const Handshake_Message msg)
Handshake_State& Botan::TLS::Handshake_State::operator= ( const Handshake_State )
delete
std::pair< std::string, Signature_Format > Botan::TLS::Handshake_State::parse_sig_format ( const Public_Key key,
const std::string &  hash_algo,
const std::string &  sig_algo,
bool  for_client_auth,
const Policy policy 
) const

Definition at line 483 of file tls_handshake_state.cpp.

References Botan::Public_Key::algo_name(), Botan::TLS::Policy::allowed_signature_method(), cert_req(), client_hello(), Botan::DER_SEQUENCE, Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::IEEE_1363, Botan::TLS::Client_Hello::supported_algos(), Botan::TLS::Certificate_Req::supported_algos(), and version().

Referenced by Botan::TLS::Certificate_Verify::verify(), and Botan::TLS::Server_Key_Exchange::verify().

488  {
489  const std::string key_type = key.algo_name();
490 
491  if(!policy.allowed_signature_method(key_type))
492  {
493  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
494  "Rejecting " + key_type + " signature");
495  }
496 
497  std::string hash_algo;
498 
499  if(this->version().supports_negotiable_signature_algorithms())
500  {
501  if(input_sig_algo != key_type)
502  throw Decoding_Error("Counterparty sent inconsistent key and sig types");
503 
504  if(input_hash_algo == "")
505  throw Decoding_Error("Counterparty did not send hash/sig IDS");
506 
507  hash_algo = input_hash_algo;
508 
509  if(for_client_auth && !cert_req())
510  {
511  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
512  "No certificate verify set");
513  }
514 
515  /*
516  Confirm the signature type we just received against the
517  supported_algos list that we sent; it better be there.
518  */
519 
520  const auto supported_algos =
521  for_client_auth ? cert_req()->supported_algos() :
523 
524  if(!supported_algos_include(supported_algos, key_type, hash_algo))
525  {
526  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
527  "TLS signature extension did not allow for " +
528  key_type + "/" + hash_algo + " signature");
529  }
530  }
531  else
532  {
533  if(input_hash_algo != "" || input_sig_algo != "")
534  throw Decoding_Error("Counterparty sent hash/sig IDs with old version");
535 
536  if(key_type == "RSA")
537  {
538  hash_algo = "Parallel(MD5,SHA-160)";
539  }
540  else if(key_type == "DSA" || key_type == "ECDSA")
541  {
542  hash_algo = "SHA-1";
543  }
544  else
545  {
546  throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures");
547  }
548 
549  /*
550  There is no check on the acceptability of a v1.0/v1.1 hash type,
551  since it's implicit with use of the protocol
552  */
553  }
554 
555  if(key_type == "RSA")
556  {
557  const std::string padding = "EMSA3(" + hash_algo + ")";
558  return std::make_pair(padding, IEEE_1363);
559  }
560  else if(key_type == "DSA" || key_type == "ECDSA")
561  {
562  const std::string padding = "EMSA1(" + hash_algo + ")";
563  return std::make_pair(padding, DER_SEQUENCE);
564  }
565 
566  throw Invalid_Argument(key_type + " is invalid/unknown for TLS signatures");
567  }
std::vector< std::pair< std::string, std::string > > supported_algos() const
Definition: tls_messages.h:106
std::vector< std::pair< std::string, std::string > > supported_algos() const
Definition: tls_messages.h:485
const Certificate_Req * cert_req() const
Protocol_Version version() const
const Client_Hello * client_hello() const
KDF * Botan::TLS::Handshake_State::protocol_specific_prf ( ) const

Definition at line 356 of file tls_handshake_state.cpp.

References ciphersuite(), Botan::get_kdf(), Botan::TLS::Ciphersuite::prf_algo(), and version().

Referenced by Botan::TLS::Session_Keys::Session_Keys().

357  {
358  if(version().supports_ciphersuite_specific_prf())
359  {
360  const std::string prf_algo = ciphersuite().prf_algo();
361 
362  if(prf_algo == "MD5" || prf_algo == "SHA-1")
363  return get_kdf("TLS-12-PRF(SHA-256)");
364 
365  return get_kdf("TLS-12-PRF(" + prf_algo + ")");
366  }
367 
368  // Old PRF used in TLS v1.0, v1.1 and DTLS v1.0
369  return get_kdf("TLS-PRF");
370  }
std::string prf_algo() const
const Ciphersuite & ciphersuite() const
KDF * get_kdf(const std::string &algo_spec)
Definition: kdf.cpp:226
Protocol_Version version() const
bool Botan::TLS::Handshake_State::received_handshake_msg ( Handshake_Type  msg_type) const

Return true iff we have received a particular message already

Parameters
msg_typethe message type

Definition at line 320 of file tls_handshake_state.cpp.

321  {
322  const uint32_t mask = bitmask_for_handshake_type(handshake_msg);
323 
324  return (m_hand_received_mask & mask) != 0;
325  }
void Botan::TLS::Handshake_State::server_cert_status ( Certificate_Status server_cert_status)

Definition at line 219 of file tls_handshake_state.cpp.

References note_message().

220  {
221  m_server_cert_status.reset(server_cert_status);
222  note_message(*m_server_cert_status);
223  }
const Certificate_Status * server_cert_status() const
void note_message(const Handshake_Message &msg)
const Certificate_Status* Botan::TLS::Handshake_State::server_cert_status ( ) const
inline

Definition at line 147 of file tls_handshake_state.h.

148  { return m_server_cert_status.get(); }
void Botan::TLS::Handshake_State::server_certs ( Certificate server_certs)

Definition at line 213 of file tls_handshake_state.cpp.

References note_message().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

214  {
215  m_server_certs.reset(server_certs);
216  note_message(*m_server_certs);
217  }
const Certificate * server_certs() const
void note_message(const Handshake_Message &msg)
const Certificate* Botan::TLS::Handshake_State::server_certs ( ) const
inline

Definition at line 126 of file tls_handshake_state.h.

127  { return m_server_certs.get(); }
void Botan::TLS::Handshake_State::server_finished ( Finished server_finished)

Definition at line 267 of file tls_handshake_state.cpp.

References note_message().

268  {
269  m_server_finished.reset(server_finished);
270  note_message(*m_server_finished);
271  }
const Finished * server_finished() const
void note_message(const Handshake_Message &msg)
const Finished* Botan::TLS::Handshake_State::server_finished ( ) const
inline

Definition at line 153 of file tls_handshake_state.h.

154  { return m_server_finished.get(); }
void Botan::TLS::Handshake_State::server_hello ( Server_Hello server_hello)

Definition at line 206 of file tls_handshake_state.cpp.

References Botan::TLS::Ciphersuite::by_id(), and note_message().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), Botan::TLS::Session_Keys::Session_Keys(), and Botan::TLS::Server_Key_Exchange::verify().

207  {
208  m_server_hello.reset(server_hello);
209  m_ciphersuite = Ciphersuite::by_id(m_server_hello->ciphersuite());
210  note_message(*m_server_hello);
211  }
const Server_Hello * server_hello() const
void note_message(const Handshake_Message &msg)
static Ciphersuite by_id(uint16_t suite)
const Server_Hello* Botan::TLS::Handshake_State::server_hello ( ) const
inline

Definition at line 123 of file tls_handshake_state.h.

124  { return m_server_hello.get(); }
void Botan::TLS::Handshake_State::server_hello_done ( Server_Hello_Done server_hello_done)

Definition at line 237 of file tls_handshake_state.cpp.

References note_message().

238  {
239  m_server_hello_done.reset(server_hello_done);
240  note_message(*m_server_hello_done);
241  }
const Server_Hello_Done * server_hello_done() const
void note_message(const Handshake_Message &msg)
const Server_Hello_Done* Botan::TLS::Handshake_State::server_hello_done ( ) const
inline

Definition at line 135 of file tls_handshake_state.h.

136  { return m_server_hello_done.get(); }
void Botan::TLS::Handshake_State::server_kex ( Server_Key_Exchange server_kex)

Definition at line 225 of file tls_handshake_state.cpp.

References note_message().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

226  {
227  m_server_kex.reset(server_kex);
228  note_message(*m_server_kex);
229  }
const Server_Key_Exchange * server_kex() const
void note_message(const Handshake_Message &msg)
const Server_Key_Exchange* Botan::TLS::Handshake_State::server_kex ( ) const
inline

Definition at line 129 of file tls_handshake_state.h.

130  { return m_server_kex.get(); }
const Session_Keys& Botan::TLS::Handshake_State::session_keys ( ) const
inline

Definition at line 161 of file tls_handshake_state.h.

161 { return m_session_keys; }
std::vector< uint8_t > Botan::TLS::Handshake_State::session_ticket ( ) const

Definition at line 348 of file tls_handshake_state.cpp.

References client_hello(), new_session_ticket(), Botan::TLS::Client_Hello::session_ticket(), and Botan::TLS::New_Session_Ticket::ticket().

349  {
350  if(new_session_ticket() && !new_session_ticket()->ticket().empty())
351  return new_session_ticket()->ticket();
352 
353  return client_hello()->session_ticket();
354  }
const std::vector< uint8_t > & ticket() const
Definition: tls_messages.h:669
const New_Session_Ticket * new_session_ticket() const
const Client_Hello * client_hello() const
std::vector< uint8_t > session_ticket() const
Definition: tls_messages.h:170
void Botan::TLS::Handshake_State::set_expected_next ( Handshake_Type  msg_type)

Record that we are expecting a particular message type next

Parameters
msg_typethe message type

Definition at line 315 of file tls_handshake_state.cpp.

316  {
317  m_hand_expecting_mask |= bitmask_for_handshake_type(handshake_msg);
318  }
void Botan::TLS::Handshake_State::set_version ( const Protocol_Version version)

Definition at line 279 of file tls_handshake_state.cpp.

References version().

280  {
281  m_version = version;
282  }
Protocol_Version version() const
std::string Botan::TLS::Handshake_State::srp_identifier ( ) const

Definition at line 336 of file tls_handshake_state.cpp.

References ciphersuite(), and client_hello().

337  {
338 #if defined(BOTAN_HAS_SRP6)
339  // Authenticated via the successful key exchange
340  if(ciphersuite().valid() && ciphersuite().kex_algo() == "SRP_SHA")
341  return client_hello()->srp_identifier();
342 #endif
343 
344  return "";
345  }
const Ciphersuite & ciphersuite() const
const Client_Hello * client_hello() const
Protocol_Version Botan::TLS::Handshake_State::version ( ) const
inline

The documentation for this class was generated from the following files: