Botan  1.11.15
src/lib/tls/tls_handshake_state.h
Go to the documentation of this file.
00001 /*
00002 * TLS Handshake State
00003 * (C) 2004-2006,2011,2012 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_TLS_HANDSHAKE_STATE_H__
00009 #define BOTAN_TLS_HANDSHAKE_STATE_H__
00010 
00011 #include <botan/internal/tls_handshake_hash.h>
00012 #include <botan/internal/tls_handshake_io.h>
00013 #include <botan/internal/tls_session_key.h>
00014 #include <botan/tls_ciphersuite.h>
00015 #include <botan/tls_exceptn.h>
00016 #include <botan/tls_handshake_msg.h>
00017 #include <botan/pk_keys.h>
00018 #include <botan/pubkey.h>
00019 #include <functional>
00020 
00021 namespace Botan {
00022 
00023 class KDF;
00024 
00025 namespace TLS {
00026 
00027 class Policy;
00028 
00029 class Hello_Verify_Request;
00030 class Client_Hello;
00031 class Server_Hello;
00032 class Certificate;
00033 class Server_Key_Exchange;
00034 class Certificate_Req;
00035 class Server_Hello_Done;
00036 class Certificate;
00037 class Client_Key_Exchange;
00038 class Certificate_Verify;
00039 class Next_Protocol;
00040 class New_Session_Ticket;
00041 class Finished;
00042 
00043 /**
00044 * SSL/TLS Handshake State
00045 */
00046 class Handshake_State
00047    {
00048    public:
00049       typedef std::function<void (const Handshake_Message&)> hs_msg_cb;
00050 
00051       Handshake_State(Handshake_IO* io, hs_msg_cb cb);
00052 
00053       virtual ~Handshake_State();
00054 
00055       Handshake_State(const Handshake_State&) = delete;
00056       Handshake_State& operator=(const Handshake_State&) = delete;
00057 
00058       Handshake_IO& handshake_io() { return *m_handshake_io; }
00059 
00060       /**
00061       * Return true iff we have received a particular message already
00062       * @param msg_type the message type
00063       */
00064       bool received_handshake_msg(Handshake_Type msg_type) const;
00065 
00066       /**
00067       * Confirm that we were expecting this message type
00068       * @param msg_type the message type
00069       */
00070       void confirm_transition_to(Handshake_Type msg_type);
00071 
00072       /**
00073       * Record that we are expecting a particular message type next
00074       * @param msg_type the message type
00075       */
00076       void set_expected_next(Handshake_Type msg_type);
00077 
00078       std::pair<Handshake_Type, std::vector<byte>>
00079          get_next_handshake_msg();
00080 
00081       std::vector<byte> session_ticket() const;
00082 
00083       std::pair<std::string, Signature_Format>
00084          understand_sig_format(const Public_Key& key,
00085                                std::string hash_algo,
00086                                std::string sig_algo) const;
00087 
00088       std::pair<std::string, Signature_Format>
00089          choose_sig_format(const Private_Key& key,
00090                            std::string& hash_algo,
00091                            std::string& sig_algo,
00092                            bool for_client_auth,
00093                            const Policy& policy) const;
00094 
00095       std::string srp_identifier() const;
00096 
00097       KDF* protocol_specific_prf() const;
00098 
00099       Protocol_Version version() const { return m_version; }
00100 
00101       void set_version(const Protocol_Version& version);
00102 
00103       void hello_verify_request(const Hello_Verify_Request& hello_verify);
00104 
00105       void client_hello(Client_Hello* client_hello);
00106       void server_hello(Server_Hello* server_hello);
00107       void server_certs(Certificate* server_certs);
00108       void server_kex(Server_Key_Exchange* server_kex);
00109       void cert_req(Certificate_Req* cert_req);
00110       void server_hello_done(Server_Hello_Done* server_hello_done);
00111       void client_certs(Certificate* client_certs);
00112       void client_kex(Client_Key_Exchange* client_kex);
00113       void client_verify(Certificate_Verify* client_verify);
00114       void next_protocol(Next_Protocol* next_protocol);
00115       void new_session_ticket(New_Session_Ticket* new_session_ticket);
00116       void server_finished(Finished* server_finished);
00117       void client_finished(Finished* client_finished);
00118 
00119       const Client_Hello* client_hello() const
00120          { return m_client_hello.get(); }
00121 
00122       const Server_Hello* server_hello() const
00123          { return m_server_hello.get(); }
00124 
00125       const Certificate* server_certs() const
00126          { return m_server_certs.get(); }
00127 
00128       const Server_Key_Exchange* server_kex() const
00129          { return m_server_kex.get(); }
00130 
00131       const Certificate_Req* cert_req() const
00132          { return m_cert_req.get(); }
00133 
00134       const Server_Hello_Done* server_hello_done() const
00135          { return m_server_hello_done.get(); }
00136 
00137       const Certificate* client_certs() const
00138          { return m_client_certs.get(); }
00139 
00140       const Client_Key_Exchange* client_kex() const
00141          { return m_client_kex.get(); }
00142 
00143       const Certificate_Verify* client_verify() const
00144          { return m_client_verify.get(); }
00145 
00146       const Next_Protocol* next_protocol() const
00147          { return m_next_protocol.get(); }
00148 
00149       const New_Session_Ticket* new_session_ticket() const
00150          { return m_new_session_ticket.get(); }
00151 
00152       const Finished* server_finished() const
00153          { return m_server_finished.get(); }
00154 
00155       const Finished* client_finished() const
00156          { return m_client_finished.get(); }
00157 
00158       const Ciphersuite& ciphersuite() const { return m_ciphersuite; }
00159 
00160       const Session_Keys& session_keys() const { return m_session_keys; }
00161 
00162       void compute_session_keys();
00163 
00164       void compute_session_keys(const secure_vector<byte>& resume_master_secret);
00165 
00166       Handshake_Hash& hash() { return m_handshake_hash; }
00167 
00168       const Handshake_Hash& hash() const { return m_handshake_hash; }
00169 
00170       void note_message(const Handshake_Message& msg)
00171          {
00172          if(m_msg_callback)
00173             m_msg_callback(msg);
00174          }
00175 
00176    private:
00177 
00178       hs_msg_cb m_msg_callback;
00179 
00180       std::unique_ptr<Handshake_IO> m_handshake_io;
00181 
00182       u32bit m_hand_expecting_mask = 0;
00183       u32bit m_hand_received_mask = 0;
00184       Protocol_Version m_version;
00185       Ciphersuite m_ciphersuite;
00186       Session_Keys m_session_keys;
00187       Handshake_Hash m_handshake_hash;
00188 
00189       std::unique_ptr<Client_Hello> m_client_hello;
00190       std::unique_ptr<Server_Hello> m_server_hello;
00191       std::unique_ptr<Certificate> m_server_certs;
00192       std::unique_ptr<Server_Key_Exchange> m_server_kex;
00193       std::unique_ptr<Certificate_Req> m_cert_req;
00194       std::unique_ptr<Server_Hello_Done> m_server_hello_done;
00195       std::unique_ptr<Certificate> m_client_certs;
00196       std::unique_ptr<Client_Key_Exchange> m_client_kex;
00197       std::unique_ptr<Certificate_Verify> m_client_verify;
00198       std::unique_ptr<Next_Protocol> m_next_protocol;
00199       std::unique_ptr<New_Session_Ticket> m_new_session_ticket;
00200       std::unique_ptr<Finished> m_server_finished;
00201       std::unique_ptr<Finished> m_client_finished;
00202    };
00203 
00204 }
00205 
00206 }
00207 
00208 #endif