Coverage Report

Created: 2022-06-23 06:44

/src/botan/build/include/botan/internal/tls_channel_impl_12.h
Line
Count
Source
1
/*
2
* TLS Channel - implementation for TLS 1.2
3
* (C) 2011,2012,2014,2015 Jack Lloyd
4
*     2016 Matthias Gierlings
5
*
6
* Botan is released under the Simplified BSD License (see license.txt)
7
*/
8
9
#ifndef BOTAN_TLS_CHANNEL_IMPL_12_H_
10
#define BOTAN_TLS_CHANNEL_IMPL_12_H_
11
12
#include <botan/tls_session.h>
13
#include <botan/tls_alert.h>
14
#include <botan/tls_session_manager.h>
15
#include <botan/tls_callbacks.h>
16
#include <botan/internal/tls_channel_impl.h>
17
#include <functional>
18
#include <vector>
19
#include <string>
20
#include <map>
21
#include <memory>
22
23
namespace Botan {
24
25
class X509_Certificate;
26
27
namespace TLS {
28
29
class Connection_Cipher_State;
30
class Connection_Sequence_Numbers;
31
class Handshake_State;
32
class Handshake_Message;
33
class Client_Hello_12;
34
class Server_Hello_12;
35
class Policy;
36
37
/**
38
* Generic interface for TLSv.12 endpoint
39
*/
40
class Channel_Impl_12 : public Channel_Impl
41
   {
42
   public:
43
      typedef std::function<void (const uint8_t[], size_t)> output_fn;
44
      typedef std::function<void (const uint8_t[], size_t)> data_cb;
45
      typedef std::function<void (Alert, const uint8_t[], size_t)> alert_cb;
46
      typedef std::function<bool (const Session&)> handshake_cb;
47
      typedef std::function<void (const Handshake_Message&)> handshake_msg_cb;
48
49
      /**
50
      * Set up a new TLS session
51
      *
52
      * @param callbacks contains a set of callback function references
53
      *        required by the TLS endpoint.
54
      * @param session_manager manages session state
55
      * @param rng a random number generator
56
      * @param policy specifies other connection policy information
57
      * @param is_server whether this is a server session or not
58
      * @param is_datagram whether this is a DTLS session
59
      * @param io_buf_sz This many bytes of memory will
60
      *        be preallocated for the read and write buffers. Smaller
61
      *        values just mean reallocations and copies are more likely.
62
      */
63
      explicit Channel_Impl_12(Callbacks& callbacks,
64
                               Session_Manager& session_manager,
65
                               RandomNumberGenerator& rng,
66
                               const Policy& policy,
67
                               bool is_server,
68
                               bool is_datagram,
69
                               size_t io_buf_sz = Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE);
70
71
      explicit Channel_Impl_12(const Channel_Impl_12&) = delete;
72
73
      Channel_Impl_12& operator=(const Channel_Impl_12&) = delete;
74
75
      virtual ~Channel_Impl_12();
76
77
      size_t received_data(const uint8_t buf[], size_t buf_size) override;
78
79
      /**
80
      * Inject plaintext intended for counterparty
81
      * Throws an exception if is_active() is false
82
      */
83
      void send(const uint8_t buf[], size_t buf_size) override;
84
85
      /**
86
      * Send a TLS alert message. If the alert is fatal, the internal
87
      * state (keys, etc) will be reset.
88
      * @param alert the Alert to send
89
      */
90
      void send_alert(const Alert& alert) override;
91
92
      /**
93
      * @return true iff the connection is active for sending application data
94
      */
95
      bool is_active() const override;
96
97
      /**
98
      * @return true iff the connection has been definitely closed
99
      */
100
      bool is_closed() const override;
101
102
      /**
103
      * @return certificate chain of the peer (may be empty)
104
      */
105
      std::vector<X509_Certificate> peer_cert_chain() const override;
106
107
      /**
108
      * Key material export (RFC 5705)
109
      * @param label a disambiguating label string
110
      * @param context a per-association context value
111
      * @param length the length of the desired key in bytes
112
      * @return key of length bytes
113
      */
114
      SymmetricKey key_material_export(const std::string& label,
115
                                       const std::string& context,
116
                                       size_t length) const override;
117
118
      /**
119
      * Attempt to renegotiate the session
120
      * @param force_full_renegotiation if true, require a full renegotiation,
121
      * otherwise allow session resumption
122
      */
123
      void renegotiate(bool force_full_renegotiation = false) override;
124
125
      /**
126
      * @return true iff the counterparty supports the secure
127
      * renegotiation extensions.
128
      */
129
      bool secure_renegotiation_supported() const override;
130
131
      /**
132
      * Perform a handshake timeout check. This does nothing unless
133
      * this is a DTLS channel with a pending handshake state, in
134
      * which case we check for timeout and potentially retransmit
135
      * handshake packets.
136
      */
137
      bool timeout_check() override;
138
139
   protected:
140
      virtual void process_handshake_msg(const Handshake_State* active_state,
141
                                 Handshake_State& pending_state,
142
                                 Handshake_Type type,
143
                                 const std::vector<uint8_t>& contents,
144
                                 bool epoch0_restart) = 0;
145
146
      Handshake_State& create_handshake_state(Protocol_Version version);
147
      virtual std::unique_ptr<Handshake_State> new_handshake_state(std::unique_ptr<class Handshake_IO> io) = 0;
148
149
      void inspect_handshake_message(const Handshake_Message& msg);
150
151
      void activate_session();
152
153
      void change_cipher_spec_reader(Connection_Side side);
154
155
      void change_cipher_spec_writer(Connection_Side side);
156
157
      /* secure renegotiation handling */
158
159
      void secure_renegotiation_check(const Client_Hello_12* client_hello);
160
      void secure_renegotiation_check(const Server_Hello_12* server_hello);
161
162
      std::vector<uint8_t> secure_renegotiation_data_for_client_hello() const;
163
      std::vector<uint8_t> secure_renegotiation_data_for_server_hello() const;
164
165
75.0k
      RandomNumberGenerator& rng() { return m_rng; }
166
167
21.5k
      Session_Manager& session_manager() { return m_session_manager; }
168
169
178k
      const Policy& policy() const { return m_policy; }
170
171
      bool save_session(const Session& session);
172
173
199k
      Callbacks& callbacks() const { return m_callbacks; }
174
175
      void reset_active_association_state();
176
177
      virtual void initiate_handshake(Handshake_State& state, bool force_full_renegotiation) = 0;
178
179
      virtual std::vector<X509_Certificate> get_peer_cert_chain(const Handshake_State& state) const = 0;
180
181
   private:
182
      void send_record(uint8_t record_type, const std::vector<uint8_t>& record);
183
184
      void send_record_under_epoch(uint16_t epoch, uint8_t record_type,
185
                                   const std::vector<uint8_t>& record);
186
187
      void send_record_array(uint16_t epoch, uint8_t record_type,
188
                             const uint8_t input[], size_t length);
189
190
      void write_record(Connection_Cipher_State* cipher_state,
191
                        uint16_t epoch, uint8_t type, const uint8_t input[], size_t length);
192
193
      void reset_state();
194
195
      Connection_Sequence_Numbers& sequence_numbers() const;
196
197
      std::shared_ptr<Connection_Cipher_State> read_cipher_state_epoch(uint16_t epoch) const;
198
199
      std::shared_ptr<Connection_Cipher_State> write_cipher_state_epoch(uint16_t epoch) const;
200
201
205k
      const Handshake_State* active_state() const { return m_active_state.get(); }
202
203
114k
      const Handshake_State* pending_state() const { return m_pending_state.get(); }
204
205
      /* methods to handle incoming traffic through Channel_Impl_12::receive_data. */
206
      void process_handshake_ccs(const secure_vector<uint8_t>& record,
207
                                 uint64_t record_sequence,
208
                                 Record_Type record_type,
209
                                 Protocol_Version record_version,
210
                                 bool epoch0_restart);
211
212
      void process_application_data(uint64_t req_no, const secure_vector<uint8_t>& record);
213
214
      void process_alert(const secure_vector<uint8_t>& record);
215
216
      const bool m_is_server;
217
      const bool m_is_datagram;
218
219
      /* callbacks */
220
      Callbacks& m_callbacks;
221
222
      /* external state */
223
      Session_Manager& m_session_manager;
224
      const Policy& m_policy;
225
      RandomNumberGenerator& m_rng;
226
227
      /* sequence number state */
228
      std::unique_ptr<Connection_Sequence_Numbers> m_sequence_numbers;
229
230
      /* pending and active connection states */
231
      std::unique_ptr<Handshake_State> m_active_state;
232
      std::unique_ptr<Handshake_State> m_pending_state;
233
234
      /* cipher states for each epoch */
235
      std::map<uint16_t, std::shared_ptr<Connection_Cipher_State>> m_write_cipher_states;
236
      std::map<uint16_t, std::shared_ptr<Connection_Cipher_State>> m_read_cipher_states;
237
238
      /* I/O buffers */
239
      secure_vector<uint8_t> m_writebuf;
240
      secure_vector<uint8_t> m_readbuf;
241
      secure_vector<uint8_t> m_record_buf;
242
243
      bool m_has_been_closed;
244
   };
245
246
}
247
248
}
249
250
#endif