/src/botan/build/include/botan/internal/tls_transcript_hash_13.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS transcript hash implementation for TLS 1.3 |
3 | | * (C) 2022 Jack Lloyd |
4 | | * 2022 Hannes Rantzsch, René Meusel - neXenio GmbH |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #ifndef BOTAN_TLS_TRANSCRIPT_HASH_13_H_ |
10 | | #define BOTAN_TLS_TRANSCRIPT_HASH_13_H_ |
11 | | |
12 | | #include <memory> |
13 | | #include <string> |
14 | | #include <vector> |
15 | | |
16 | | #include <botan/hash.h> |
17 | | #include <botan/tls_magic.h> |
18 | | |
19 | | namespace Botan::TLS { |
20 | | |
21 | | /** |
22 | | * Wraps the behaviour of the TLS 1.3 transcript hash as described in |
23 | | * RFC 8446 4.4.1. Particularly, it hides the complexity that the |
24 | | * utilized hash algorithm might become evident only after receiving |
25 | | * a server hello message. |
26 | | */ |
27 | | class BOTAN_TEST_API Transcript_Hash_State |
28 | | { |
29 | | public: |
30 | 0 | Transcript_Hash_State() = default; |
31 | | Transcript_Hash_State(const std::string &algo_spec); |
32 | 5.13k | ~Transcript_Hash_State() = default; |
33 | | |
34 | | /** |
35 | | * Recreates a Transcript_Hash_State after receiving a Hello Retry Request. |
36 | | * Note that the `prev_transcript_hash_state` must not have an hash algorithm |
37 | | * set, yet. Furthermore it must contain exactly TWO unprocessed messages: |
38 | | * * Client Hello 1, and |
39 | | * * Hello Retry Request |
40 | | * The result of this function is an ordinary transcript hash that can replace |
41 | | * the previously used object in client and server implementations. |
42 | | */ |
43 | | static Transcript_Hash_State recreate_after_hello_retry_request( |
44 | | const std::string& algo_spec, |
45 | | const Transcript_Hash_State& prev_transcript_hash_state); |
46 | | |
47 | | Transcript_Hash_State& operator=(const Transcript_Hash_State&) = delete; |
48 | | |
49 | | Transcript_Hash_State(Transcript_Hash_State&&) = default; |
50 | 0 | Transcript_Hash_State& operator=(Transcript_Hash_State&&) = default; |
51 | | |
52 | | void update(const std::vector<uint8_t>& serialized_message) |
53 | 0 | { |
54 | 0 | update(serialized_message.data(), serialized_message.size()); |
55 | 0 | } |
56 | | |
57 | | // TODO: C++20 replace this C-style API with std::span |
58 | | void update(const uint8_t* serialized_message, const size_t serialized_message_length); |
59 | | |
60 | | /** |
61 | | * returns the latest transcript hash |
62 | | * (given an algorithm was already specified and some data was provided to `update`) |
63 | | */ |
64 | | const Transcript_Hash& current() const; |
65 | | |
66 | | /** |
67 | | * returns the second-latest transcript hash |
68 | | * throws if no 'current' was ever replaced by a call to `update` |
69 | | */ |
70 | | const Transcript_Hash& previous() const; |
71 | | |
72 | | /** |
73 | | * returns a truncated transcript hash (see RFC 8446 4.2.11.2) |
74 | | * |
75 | | * This is useful for implementing PSK binders in the PSK extension of |
76 | | * client hello. It is a transcript over a partially marshalled client |
77 | | * hello message. This hash is available only if the last processed |
78 | | * message was a client hello with a PSK extension. |
79 | | * |
80 | | * throws if no 'truncated' hash is available |
81 | | */ |
82 | | const Transcript_Hash& truncated() const; |
83 | | |
84 | | void set_algorithm(const std::string& algo_spec); |
85 | | |
86 | | Transcript_Hash_State clone() const; |
87 | | |
88 | | private: |
89 | | Transcript_Hash_State(const Transcript_Hash_State& other); |
90 | | |
91 | | private: |
92 | | std::unique_ptr<HashFunction> m_hash; |
93 | | |
94 | | // This buffer is filled with the data that is passed into |
95 | | // `update()` before `set_algorithm()` was called. |
96 | | std::vector<std::vector<uint8_t>> m_unprocessed_transcript; |
97 | | |
98 | | Transcript_Hash m_current; |
99 | | Transcript_Hash m_previous; |
100 | | Transcript_Hash m_truncated; |
101 | | }; |
102 | | |
103 | | } |
104 | | |
105 | | #endif // BOTAN_TLS_TRANSCRIPT_HASH_13_H_ |