Botan  1.11.15
Public Types | Public Member Functions
Botan::TLS::Handshake_State Class Reference

#include <tls_handshake_state.h>

List of all members.

Public Types

typedef std::function< void(const
Handshake_Message &)> 
hs_msg_cb

Public Member Functions

void cert_req (Certificate_Req *cert_req)
const Certificate_Reqcert_req () const
std::pair< std::string,
Signature_Format
choose_sig_format (const Private_Key &key, std::string &hash_algo, std::string &sig_algo, bool for_client_auth, const Policy &policy) const
const Ciphersuiteciphersuite () const
void client_certs (Certificate *client_certs)
const Certificateclient_certs () const
void client_finished (Finished *client_finished)
const Finishedclient_finished () const
void client_hello (Client_Hello *client_hello)
const Client_Helloclient_hello () const
void client_kex (Client_Key_Exchange *client_kex)
const Client_Key_Exchangeclient_kex () const
void client_verify (Certificate_Verify *client_verify)
const Certificate_Verifyclient_verify () const
void compute_session_keys ()
void compute_session_keys (const secure_vector< byte > &resume_master_secret)
void confirm_transition_to (Handshake_Type msg_type)
std::pair< Handshake_Type,
std::vector< byte > > 
get_next_handshake_msg ()
Handshake_IOhandshake_io ()
 Handshake_State (Handshake_IO *io, hs_msg_cb cb)
 Handshake_State (const Handshake_State &)
Handshake_Hashhash ()
const Handshake_Hashhash () const
void hello_verify_request (const Hello_Verify_Request &hello_verify)
void new_session_ticket (New_Session_Ticket *new_session_ticket)
const New_Session_Ticketnew_session_ticket () const
void next_protocol (Next_Protocol *next_protocol)
const Next_Protocolnext_protocol () const
void note_message (const Handshake_Message &msg)
Handshake_Stateoperator= (const Handshake_State &)
KDFprotocol_specific_prf () const
bool received_handshake_msg (Handshake_Type msg_type) const
void server_certs (Certificate *server_certs)
const Certificateserver_certs () const
void server_finished (Finished *server_finished)
const Finishedserver_finished () const
void server_hello (Server_Hello *server_hello)
const Server_Helloserver_hello () const
void server_hello_done (Server_Hello_Done *server_hello_done)
const Server_Hello_Doneserver_hello_done () const
void server_kex (Server_Key_Exchange *server_kex)
const Server_Key_Exchangeserver_kex () const
const Session_Keyssession_keys () const
std::vector< bytesession_ticket () const
void set_expected_next (Handshake_Type msg_type)
void set_version (const Protocol_Version &version)
std::string srp_identifier () const
std::pair< std::string,
Signature_Format
understand_sig_format (const Public_Key &key, std::string hash_algo, std::string sig_algo) const
Protocol_Version version () const
virtual ~Handshake_State ()

Detailed Description

SSL/TLS Handshake State

Definition at line 46 of file tls_handshake_state.h.


Member Typedef Documentation

typedef std::function<void (const Handshake_Message&)> Botan::TLS::Handshake_State::hs_msg_cb

Definition at line 49 of file tls_handshake_state.h.


Constructor & Destructor Documentation

Definition at line 86 of file tls_handshake_state.cpp.

                                                               :
   m_msg_callback(cb),
   m_handshake_io(io),
   m_version(m_handshake_io->initial_record_version())
   {
   }

Definition at line 93 of file tls_handshake_state.cpp.

{}

Member Function Documentation

Definition at line 130 of file tls_handshake_state.cpp.

References note_message().

   {
   m_cert_req.reset(cert_req);
   note_message(*m_cert_req);
   }

Definition at line 131 of file tls_handshake_state.h.

Referenced by choose_sig_format().

         { return m_cert_req.get(); }
std::pair< std::string, Signature_Format > Botan::TLS::Handshake_State::choose_sig_format ( const Private_Key key,
std::string &  hash_algo,
std::string &  sig_algo,
bool  for_client_auth,
const Policy policy 
) const

Definition at line 325 of file tls_handshake_state.cpp.

References Botan::Public_Key::algo_name(), cert_req(), client_hello(), Botan::DER_SEQUENCE, Botan::IEEE_1363, and version().

Referenced by Botan::TLS::Certificate_Verify::Certificate_Verify(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

   {
   const std::string sig_algo = key.algo_name();

   const std::string hash_algo =
      choose_hash(sig_algo,
                  this->version(),
                  policy,
                  for_client_auth,
                  client_hello(),
                  cert_req());

   if(this->version().supports_negotiable_signature_algorithms())
      {
      hash_algo_out = hash_algo;
      sig_algo_out = sig_algo;
      }

   if(sig_algo == "RSA")
      {
      const std::string padding = "EMSA3(" + hash_algo + ")";

      return std::make_pair(padding, IEEE_1363);
      }
   else if(sig_algo == "DSA" || sig_algo == "ECDSA")
      {
      const std::string padding = "EMSA1(" + hash_algo + ")";

      return std::make_pair(padding, DER_SEQUENCE);
      }

   throw Invalid_Argument(sig_algo + " is invalid/unknown for TLS signatures");
   }

Definition at line 142 of file tls_handshake_state.cpp.

References note_message().

   {
   m_client_certs.reset(client_certs);
   note_message(*m_client_certs);
   }

Definition at line 137 of file tls_handshake_state.h.

         { return m_client_certs.get(); }

Definition at line 178 of file tls_handshake_state.cpp.

References note_message().

   {
   m_client_finished.reset(client_finished);
   note_message(*m_client_finished);
   }

Definition at line 155 of file tls_handshake_state.h.

         { return m_client_finished.get(); }

Definition at line 119 of file tls_handshake_state.h.

Referenced by choose_sig_format(), session_ticket(), and srp_identifier().

         { return m_client_hello.get(); }

Definition at line 148 of file tls_handshake_state.cpp.

References note_message().

   {
   m_client_kex.reset(client_kex);
   note_message(*m_client_kex);
   }

Definition at line 140 of file tls_handshake_state.h.

Referenced by compute_session_keys().

         { return m_client_kex.get(); }

Definition at line 154 of file tls_handshake_state.cpp.

References note_message().

   {
   m_client_verify.reset(client_verify);
   note_message(*m_client_verify);
   }

Definition at line 143 of file tls_handshake_state.h.

         { return m_client_verify.get(); }

Definition at line 189 of file tls_handshake_state.cpp.

References client_kex().

   {
   m_session_keys = Session_Keys(this, client_kex()->pre_master_secret(), false);
   }
void Botan::TLS::Handshake_State::compute_session_keys ( const secure_vector< byte > &  resume_master_secret)

Definition at line 194 of file tls_handshake_state.cpp.

   {
   m_session_keys = Session_Keys(this, resume_master_secret, true);
   }

Confirm that we were expecting this message type

Parameters:
msg_typethe message type

Definition at line 199 of file tls_handshake_state.cpp.

References Botan::ASN1::to_string().

   {
   const u32bit mask = bitmask_for_handshake_type(handshake_msg);

   m_hand_received_mask |= mask;

   const bool ok = (m_hand_expecting_mask & mask); // overlap?

   if(!ok)
      throw Unexpected_Message("Unexpected state transition in handshake, got " +
                               std::to_string(handshake_msg) +
                               " expected " + std::to_string(m_hand_expecting_mask) +
                               " received " + std::to_string(m_hand_received_mask));

   /* We don't know what to expect next, so force a call to
      set_expected_next; if it doesn't happen, the next transition
      check will always fail which is what we want.
   */
   m_hand_expecting_mask = 0;
   }

Definition at line 233 of file tls_handshake_state.cpp.

References Botan::TLS::HANDSHAKE_CCS.

   {
   const bool expecting_ccs =
      (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask);

   return m_handshake_io->get_next_record(expecting_ccs);
   }

Definition at line 58 of file tls_handshake_state.h.

Referenced by hello_verify_request().

{ return *m_handshake_io; }

Definition at line 168 of file tls_handshake_state.h.

{ return m_handshake_hash; }

Definition at line 95 of file tls_handshake_state.cpp.

References handshake_io(), hash(), note_message(), Botan::TLS::Handshake_Hash::reset(), and Botan::TLS::Handshake_Hash::update().

   {
   note_message(hello_verify);

   m_client_hello->update_hello_cookie(hello_verify);
   hash().reset();
   hash().update(handshake_io().send(*m_client_hello));
   note_message(*m_client_hello);
   }

Definition at line 166 of file tls_handshake_state.cpp.

References note_message().

   {
   m_new_session_ticket.reset(new_session_ticket);
   note_message(*m_new_session_ticket);
   }

Definition at line 149 of file tls_handshake_state.h.

Referenced by session_ticket().

         { return m_new_session_ticket.get(); }

Definition at line 160 of file tls_handshake_state.cpp.

References note_message().

   {
   m_next_protocol.reset(next_protocol);
   note_message(*m_next_protocol);
   }

Definition at line 146 of file tls_handshake_state.h.

         { return m_next_protocol.get(); }
Handshake_State& Botan::TLS::Handshake_State::operator= ( const Handshake_State )

Definition at line 257 of file tls_handshake_state.cpp.

References ciphersuite(), Botan::get_kdf(), Botan::TLS::Ciphersuite::prf_algo(), and version().

   {
   if(version().supports_ciphersuite_specific_prf())
      {
      const std::string prf_algo = ciphersuite().prf_algo();

      if(prf_algo == "MD5" || prf_algo == "SHA-1")
         return get_kdf("TLS-12-PRF(SHA-256)");

      return get_kdf("TLS-12-PRF(" + prf_algo + ")");
      }

   // Old PRF used in TLS v1.0, v1.1 and DTLS v1.0
   return get_kdf("TLS-PRF");
   }

Return true iff we have received a particular message already

Parameters:
msg_typethe message type

Definition at line 225 of file tls_handshake_state.cpp.

   {
   const u32bit mask = bitmask_for_handshake_type(handshake_msg);

   return (m_hand_received_mask & mask);
   }

Definition at line 118 of file tls_handshake_state.cpp.

References note_message().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

   {
   m_server_certs.reset(server_certs);
   note_message(*m_server_certs);
   }

Definition at line 125 of file tls_handshake_state.h.

         { return m_server_certs.get(); }

Definition at line 172 of file tls_handshake_state.cpp.

References note_message().

   {
   m_server_finished.reset(server_finished);
   note_message(*m_server_finished);
   }

Definition at line 152 of file tls_handshake_state.h.

         { return m_server_finished.get(); }

Definition at line 111 of file tls_handshake_state.cpp.

References Botan::TLS::Ciphersuite::by_id(), and note_message().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), and Botan::TLS::Server_Key_Exchange::verify().

   {
   m_server_hello.reset(server_hello);
   m_ciphersuite = Ciphersuite::by_id(m_server_hello->ciphersuite());
   note_message(*m_server_hello);
   }

Definition at line 122 of file tls_handshake_state.h.

         { return m_server_hello.get(); }

Definition at line 136 of file tls_handshake_state.cpp.

References note_message().

   {
   m_server_hello_done.reset(server_hello_done);
   note_message(*m_server_hello_done);
   }

Definition at line 134 of file tls_handshake_state.h.

         { return m_server_hello_done.get(); }

Definition at line 124 of file tls_handshake_state.cpp.

References note_message().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

   {
   m_server_kex.reset(server_kex);
   note_message(*m_server_kex);
   }

Definition at line 128 of file tls_handshake_state.h.

         { return m_server_kex.get(); }

Definition at line 160 of file tls_handshake_state.h.

{ return m_session_keys; }

Record that we are expecting a particular message type next

Parameters:
msg_typethe message type

Definition at line 220 of file tls_handshake_state.cpp.

   {
   m_hand_expecting_mask |= bitmask_for_handshake_type(handshake_msg);
   }

Definition at line 184 of file tls_handshake_state.cpp.

References version().

   {
   m_version = version;
   }

Definition at line 241 of file tls_handshake_state.cpp.

References ciphersuite(), client_hello(), Botan::TLS::Client_Hello::srp_identifier(), and valid.

   {
   if(ciphersuite().valid() && ciphersuite().kex_algo() == "SRP_SHA")
      return client_hello()->srp_identifier();

   return "";
   }
std::pair< std::string, Signature_Format > Botan::TLS::Handshake_State::understand_sig_format ( const Public_Key key,
std::string  hash_algo,
std::string  sig_algo 
) const

Definition at line 364 of file tls_handshake_state.cpp.

References Botan::Public_Key::algo_name(), Botan::DER_SEQUENCE, Botan::IEEE_1363, and version().

Referenced by Botan::TLS::Certificate_Verify::verify(), and Botan::TLS::Server_Key_Exchange::verify().

   {
   const std::string algo_name = key.algo_name();

   /*
   FIXME: This should check what was sent against the client hello
   preferences, or the certificate request, to ensure it was allowed
   by those restrictions.

   Or not?
   */

   if(this->version().supports_negotiable_signature_algorithms())
      {
      if(hash_algo == "")
         throw Decoding_Error("Counterparty did not send hash/sig IDS");

      if(sig_algo != algo_name)
         throw Decoding_Error("Counterparty sent inconsistent key and sig types");
      }
   else
      {
      if(hash_algo != "" || sig_algo != "")
         throw Decoding_Error("Counterparty sent hash/sig IDs with old version");
      }

   if(algo_name == "RSA")
      {
      if(!this->version().supports_negotiable_signature_algorithms())
         {
         hash_algo = "Parallel(MD5,SHA-160)";
         }

      const std::string padding = "EMSA3(" + hash_algo + ")";
      return std::make_pair(padding, IEEE_1363);
      }
   else if(algo_name == "DSA" || algo_name == "ECDSA")
      {
      if(!this->version().supports_negotiable_signature_algorithms())
         {
         hash_algo = "SHA-1";
         }

      const std::string padding = "EMSA1(" + hash_algo + ")";

      return std::make_pair(padding, DER_SEQUENCE);
      }

   throw Invalid_Argument(algo_name + " is invalid/unknown for TLS signatures");
   }

Definition at line 99 of file tls_handshake_state.h.

Referenced by choose_sig_format(), protocol_specific_prf(), set_version(), and understand_sig_format().

{ return m_version; }

The documentation for this class was generated from the following files: