/src/botan/build/include/botan/internal/tls_handshake_state.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS Handshake State |
3 | | * (C) 2004-2006,2011,2012 Jack Lloyd |
4 | | * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #ifndef BOTAN_TLS_HANDSHAKE_STATE_H_ |
10 | | #define BOTAN_TLS_HANDSHAKE_STATE_H_ |
11 | | |
12 | | #include <botan/internal/tls_handshake_hash.h> |
13 | | #include <botan/internal/tls_handshake_io.h> |
14 | | #include <botan/internal/tls_session_key.h> |
15 | | #include <botan/tls_ciphersuite.h> |
16 | | #include <botan/tls_exceptn.h> |
17 | | #include <botan/tls_handshake_msg.h> |
18 | | #include <botan/tls_callbacks.h> |
19 | | #include <botan/pk_keys.h> |
20 | | #include <botan/pubkey.h> |
21 | | #include <functional> |
22 | | |
23 | | namespace Botan { |
24 | | |
25 | | class KDF; |
26 | | |
27 | | namespace TLS { |
28 | | |
29 | | class Callbacks; |
30 | | class Policy; |
31 | | |
32 | | class Hello_Verify_Request; |
33 | | class Client_Hello; |
34 | | class Server_Hello; |
35 | | class Certificate; |
36 | | class Certificate_Status; |
37 | | class Server_Key_Exchange; |
38 | | class Certificate_Req; |
39 | | class Server_Hello_Done; |
40 | | class Certificate; |
41 | | class Client_Key_Exchange; |
42 | | class Certificate_Verify; |
43 | | class New_Session_Ticket; |
44 | | class Finished; |
45 | | |
46 | | /** |
47 | | * SSL/TLS Handshake State |
48 | | */ |
49 | | class Handshake_State |
50 | | { |
51 | | public: |
52 | | Handshake_State(Handshake_IO* io, Callbacks& callbacks); |
53 | | |
54 | 48.1k | virtual ~Handshake_State() = default; |
55 | | |
56 | | Handshake_State(const Handshake_State&) = delete; |
57 | | Handshake_State& operator=(const Handshake_State&) = delete; |
58 | | |
59 | 235k | Handshake_IO& handshake_io() { return *m_handshake_io; } |
60 | | |
61 | | /** |
62 | | * Return true iff we have received a particular message already |
63 | | * @param msg_type the message type |
64 | | */ |
65 | | bool received_handshake_msg(Handshake_Type msg_type) const; |
66 | | |
67 | | /** |
68 | | * Confirm that we were expecting this message type |
69 | | * @param msg_type the message type |
70 | | */ |
71 | | void confirm_transition_to(Handshake_Type msg_type); |
72 | | |
73 | | /** |
74 | | * Record that we are expecting a particular message type next |
75 | | * @param msg_type the message type |
76 | | */ |
77 | | void set_expected_next(Handshake_Type msg_type); |
78 | | |
79 | | std::pair<Handshake_Type, std::vector<uint8_t>> |
80 | | get_next_handshake_msg(); |
81 | | |
82 | | std::vector<uint8_t> session_ticket() const; |
83 | | |
84 | | std::pair<std::string, Signature_Format> |
85 | | parse_sig_format(const Public_Key& key, |
86 | | Signature_Scheme scheme, |
87 | | bool for_client_auth, |
88 | | const Policy& policy) const; |
89 | | |
90 | | std::pair<std::string, Signature_Format> |
91 | | choose_sig_format(const Private_Key& key, |
92 | | Signature_Scheme& scheme, |
93 | | bool for_client_auth, |
94 | | const Policy& policy) const; |
95 | | |
96 | | std::string srp_identifier() const; |
97 | | |
98 | | KDF* protocol_specific_prf() const; |
99 | | |
100 | 209k | Protocol_Version version() const { return m_version; } |
101 | | |
102 | | void set_version(const Protocol_Version& version); |
103 | | |
104 | | void hello_verify_request(const Hello_Verify_Request& hello_verify); |
105 | | |
106 | | void client_hello(Client_Hello* client_hello); |
107 | | void server_hello(Server_Hello* server_hello); |
108 | | void server_certs(Certificate* server_certs); |
109 | | void server_cert_status(Certificate_Status* server_cert_status); |
110 | | void server_kex(Server_Key_Exchange* server_kex); |
111 | | void cert_req(Certificate_Req* cert_req); |
112 | | void server_hello_done(Server_Hello_Done* server_hello_done); |
113 | | void client_certs(Certificate* client_certs); |
114 | | void client_kex(Client_Key_Exchange* client_kex); |
115 | | void client_verify(Certificate_Verify* client_verify); |
116 | | void new_session_ticket(New_Session_Ticket* new_session_ticket); |
117 | | void server_finished(Finished* server_finished); |
118 | | void client_finished(Finished* client_finished); |
119 | | |
120 | | const Client_Hello* client_hello() const |
121 | 475k | { return m_client_hello.get(); } |
122 | | |
123 | | const Server_Hello* server_hello() const |
124 | 187k | { return m_server_hello.get(); } |
125 | | |
126 | | const Certificate* server_certs() const |
127 | 3.08k | { return m_server_certs.get(); } |
128 | | |
129 | | const Server_Key_Exchange* server_kex() const |
130 | 16.3k | { return m_server_kex.get(); } |
131 | | |
132 | | const Certificate_Req* cert_req() const |
133 | 14 | { return m_cert_req.get(); } |
134 | | |
135 | | const Server_Hello_Done* server_hello_done() const |
136 | 0 | { return m_server_hello_done.get(); } |
137 | | |
138 | | const Certificate* client_certs() const |
139 | 451 | { return m_client_certs.get(); } |
140 | | |
141 | | const Client_Key_Exchange* client_kex() const |
142 | 14.9k | { return m_client_kex.get(); } |
143 | | |
144 | | const Certificate_Verify* client_verify() const |
145 | 0 | { return m_client_verify.get(); } |
146 | | |
147 | | const Certificate_Status* server_cert_status() const |
148 | 24 | { return m_server_cert_status.get(); } |
149 | | |
150 | | const New_Session_Ticket* new_session_ticket() const |
151 | 528 | { return m_new_session_ticket.get(); } |
152 | | |
153 | | const Finished* server_finished() const |
154 | 527 | { return m_server_finished.get(); } |
155 | | |
156 | | const Finished* client_finished() const |
157 | 527 | { return m_client_finished.get(); } |
158 | | |
159 | 179k | const Ciphersuite& ciphersuite() const { return m_ciphersuite; } |
160 | | |
161 | 5.64k | const Session_Keys& session_keys() const { return m_session_keys; } |
162 | | |
163 | 25.6k | Callbacks& callbacks() const { return m_callbacks; } |
164 | | |
165 | | void compute_session_keys(); |
166 | | |
167 | | void compute_session_keys(const secure_vector<uint8_t>& resume_master_secret); |
168 | | |
169 | 150k | Handshake_Hash& hash() { return m_handshake_hash; } |
170 | | |
171 | 5.78k | const Handshake_Hash& hash() const { return m_handshake_hash; } |
172 | | |
173 | | void note_message(const Handshake_Message& msg); |
174 | | private: |
175 | | |
176 | | Callbacks& m_callbacks; |
177 | | |
178 | | std::unique_ptr<Handshake_IO> m_handshake_io; |
179 | | |
180 | | uint32_t m_hand_expecting_mask = 0; |
181 | | uint32_t m_hand_received_mask = 0; |
182 | | Protocol_Version m_version; |
183 | | Ciphersuite m_ciphersuite; |
184 | | Session_Keys m_session_keys; |
185 | | Handshake_Hash m_handshake_hash; |
186 | | |
187 | | std::unique_ptr<Client_Hello> m_client_hello; |
188 | | std::unique_ptr<Server_Hello> m_server_hello; |
189 | | std::unique_ptr<Certificate> m_server_certs; |
190 | | std::unique_ptr<Certificate_Status> m_server_cert_status; |
191 | | std::unique_ptr<Server_Key_Exchange> m_server_kex; |
192 | | std::unique_ptr<Certificate_Req> m_cert_req; |
193 | | std::unique_ptr<Server_Hello_Done> m_server_hello_done; |
194 | | std::unique_ptr<Certificate> m_client_certs; |
195 | | std::unique_ptr<Client_Key_Exchange> m_client_kex; |
196 | | std::unique_ptr<Certificate_Verify> m_client_verify; |
197 | | std::unique_ptr<New_Session_Ticket> m_new_session_ticket; |
198 | | std::unique_ptr<Finished> m_server_finished; |
199 | | std::unique_ptr<Finished> m_client_finished; |
200 | | }; |
201 | | |
202 | | } |
203 | | |
204 | | } |
205 | | |
206 | | #endif |