Botan
1.11.15
|
00001 /* 00002 * TLS Handshake State 00003 * (C) 2004-2006,2011,2012 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_TLS_HANDSHAKE_STATE_H__ 00009 #define BOTAN_TLS_HANDSHAKE_STATE_H__ 00010 00011 #include <botan/internal/tls_handshake_hash.h> 00012 #include <botan/internal/tls_handshake_io.h> 00013 #include <botan/internal/tls_session_key.h> 00014 #include <botan/tls_ciphersuite.h> 00015 #include <botan/tls_exceptn.h> 00016 #include <botan/tls_handshake_msg.h> 00017 #include <botan/pk_keys.h> 00018 #include <botan/pubkey.h> 00019 #include <functional> 00020 00021 namespace Botan { 00022 00023 class KDF; 00024 00025 namespace TLS { 00026 00027 class Policy; 00028 00029 class Hello_Verify_Request; 00030 class Client_Hello; 00031 class Server_Hello; 00032 class Certificate; 00033 class Server_Key_Exchange; 00034 class Certificate_Req; 00035 class Server_Hello_Done; 00036 class Certificate; 00037 class Client_Key_Exchange; 00038 class Certificate_Verify; 00039 class Next_Protocol; 00040 class New_Session_Ticket; 00041 class Finished; 00042 00043 /** 00044 * SSL/TLS Handshake State 00045 */ 00046 class Handshake_State 00047 { 00048 public: 00049 typedef std::function<void (const Handshake_Message&)> hs_msg_cb; 00050 00051 Handshake_State(Handshake_IO* io, hs_msg_cb cb); 00052 00053 virtual ~Handshake_State(); 00054 00055 Handshake_State(const Handshake_State&) = delete; 00056 Handshake_State& operator=(const Handshake_State&) = delete; 00057 00058 Handshake_IO& handshake_io() { return *m_handshake_io; } 00059 00060 /** 00061 * Return true iff we have received a particular message already 00062 * @param msg_type the message type 00063 */ 00064 bool received_handshake_msg(Handshake_Type msg_type) const; 00065 00066 /** 00067 * Confirm that we were expecting this message type 00068 * @param msg_type the message type 00069 */ 00070 void confirm_transition_to(Handshake_Type msg_type); 00071 00072 /** 00073 * Record that we are expecting a particular message type next 00074 * @param msg_type the message type 00075 */ 00076 void set_expected_next(Handshake_Type msg_type); 00077 00078 std::pair<Handshake_Type, std::vector<byte>> 00079 get_next_handshake_msg(); 00080 00081 std::vector<byte> session_ticket() const; 00082 00083 std::pair<std::string, Signature_Format> 00084 understand_sig_format(const Public_Key& key, 00085 std::string hash_algo, 00086 std::string sig_algo) const; 00087 00088 std::pair<std::string, Signature_Format> 00089 choose_sig_format(const Private_Key& key, 00090 std::string& hash_algo, 00091 std::string& sig_algo, 00092 bool for_client_auth, 00093 const Policy& policy) const; 00094 00095 std::string srp_identifier() const; 00096 00097 KDF* protocol_specific_prf() const; 00098 00099 Protocol_Version version() const { return m_version; } 00100 00101 void set_version(const Protocol_Version& version); 00102 00103 void hello_verify_request(const Hello_Verify_Request& hello_verify); 00104 00105 void client_hello(Client_Hello* client_hello); 00106 void server_hello(Server_Hello* server_hello); 00107 void server_certs(Certificate* server_certs); 00108 void server_kex(Server_Key_Exchange* server_kex); 00109 void cert_req(Certificate_Req* cert_req); 00110 void server_hello_done(Server_Hello_Done* server_hello_done); 00111 void client_certs(Certificate* client_certs); 00112 void client_kex(Client_Key_Exchange* client_kex); 00113 void client_verify(Certificate_Verify* client_verify); 00114 void next_protocol(Next_Protocol* next_protocol); 00115 void new_session_ticket(New_Session_Ticket* new_session_ticket); 00116 void server_finished(Finished* server_finished); 00117 void client_finished(Finished* client_finished); 00118 00119 const Client_Hello* client_hello() const 00120 { return m_client_hello.get(); } 00121 00122 const Server_Hello* server_hello() const 00123 { return m_server_hello.get(); } 00124 00125 const Certificate* server_certs() const 00126 { return m_server_certs.get(); } 00127 00128 const Server_Key_Exchange* server_kex() const 00129 { return m_server_kex.get(); } 00130 00131 const Certificate_Req* cert_req() const 00132 { return m_cert_req.get(); } 00133 00134 const Server_Hello_Done* server_hello_done() const 00135 { return m_server_hello_done.get(); } 00136 00137 const Certificate* client_certs() const 00138 { return m_client_certs.get(); } 00139 00140 const Client_Key_Exchange* client_kex() const 00141 { return m_client_kex.get(); } 00142 00143 const Certificate_Verify* client_verify() const 00144 { return m_client_verify.get(); } 00145 00146 const Next_Protocol* next_protocol() const 00147 { return m_next_protocol.get(); } 00148 00149 const New_Session_Ticket* new_session_ticket() const 00150 { return m_new_session_ticket.get(); } 00151 00152 const Finished* server_finished() const 00153 { return m_server_finished.get(); } 00154 00155 const Finished* client_finished() const 00156 { return m_client_finished.get(); } 00157 00158 const Ciphersuite& ciphersuite() const { return m_ciphersuite; } 00159 00160 const Session_Keys& session_keys() const { return m_session_keys; } 00161 00162 void compute_session_keys(); 00163 00164 void compute_session_keys(const secure_vector<byte>& resume_master_secret); 00165 00166 Handshake_Hash& hash() { return m_handshake_hash; } 00167 00168 const Handshake_Hash& hash() const { return m_handshake_hash; } 00169 00170 void note_message(const Handshake_Message& msg) 00171 { 00172 if(m_msg_callback) 00173 m_msg_callback(msg); 00174 } 00175 00176 private: 00177 00178 hs_msg_cb m_msg_callback; 00179 00180 std::unique_ptr<Handshake_IO> m_handshake_io; 00181 00182 u32bit m_hand_expecting_mask = 0; 00183 u32bit m_hand_received_mask = 0; 00184 Protocol_Version m_version; 00185 Ciphersuite m_ciphersuite; 00186 Session_Keys m_session_keys; 00187 Handshake_Hash m_handshake_hash; 00188 00189 std::unique_ptr<Client_Hello> m_client_hello; 00190 std::unique_ptr<Server_Hello> m_server_hello; 00191 std::unique_ptr<Certificate> m_server_certs; 00192 std::unique_ptr<Server_Key_Exchange> m_server_kex; 00193 std::unique_ptr<Certificate_Req> m_cert_req; 00194 std::unique_ptr<Server_Hello_Done> m_server_hello_done; 00195 std::unique_ptr<Certificate> m_client_certs; 00196 std::unique_ptr<Client_Key_Exchange> m_client_kex; 00197 std::unique_ptr<Certificate_Verify> m_client_verify; 00198 std::unique_ptr<Next_Protocol> m_next_protocol; 00199 std::unique_ptr<New_Session_Ticket> m_new_session_ticket; 00200 std::unique_ptr<Finished> m_server_finished; 00201 std::unique_ptr<Finished> m_client_finished; 00202 }; 00203 00204 } 00205 00206 } 00207 00208 #endif