/src/botan/build/include/internal/botan/internal/tls_handshake_layer_13.h

Source (jump to first uncovered line)
/*
* TLS handshake layer implementation for TLS 1.3
* (C) 2022 Jack Lloyd
*     2022 Hannes Rantzsch, René Meusel - neXenio GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_TLS_HANDSHAKE_LAYER_13_H_
#define BOTAN_TLS_HANDSHAKE_LAYER_13_H_

#include <optional>
#include <vector>

#include <botan/tls_magic.h>
#include <botan/tls_messages.h>

namespace Botan::TLS {

class Transcript_Hash_State;

/**
 * Implementation of the TLS 1.3 handshake protocol layer
 *
 * This component transforms payload bytes received in TLS records
 * from the peer into parsed handshake messages and vice versa.
 */
class BOTAN_TEST_API Handshake_Layer {
   public:
      Handshake_Layer(Connection_Side whoami) :
            m_peer(whoami == Connection_Side::Server ? Connection_Side::Client : Connection_Side::Server)
            // RFC 8446 4.4.2
            //    If the corresponding certificate type extension
            //    ("server_certificate_type" or "client_certificate_type") was not
            //    negotiated in EncryptedExtensions, or the X.509 certificate type
            //    was negotiated, then each CertificateEntry contains a DER-encoded
            //    X.509 certificate.
            //
            // We need the certificate_type info to parse Certificate messages.
            ,
            m_certificate_type(Certificate_Type::X509) {}

      /**
       * Reads data that was received in handshake records and stores it internally for further
       * processing during the invocation of `next_message()`.
       *
       * @param data_from_peer  The data to be parsed.
       */
      void copy_data(std::span<const uint8_t> data_from_peer);

      /**
       * Parses one handshake message off the internal buffer that is being filled using `copy_data`.
       *
       * @param policy the TLS policy
       * @param transcript_hash the transcript hash state to be updated
       *
       * @return the parsed handshake message, or nullopt if more data is needed to complete the message
       */
      std::optional<Handshake_Message_13> next_message(const Policy& policy, Transcript_Hash_State& transcript_hash);

      /**
       * Parses one post-handshake message off the internal buffer that is being filled using `copy_data`.
       *
       * @param policy the TLS policy
       *
       * @return the parsed post-handshake message, or nullopt if more data is needed to complete the message
       */
      std::optional<Post_Handshake_Message_13> next_post_handshake_message(const Policy& policy);

      /**
       * Marshalls one handshake message for sending in an (encrypted) record and updates the
       * provided transcript hash state accordingly.
       *
       * @param message the handshake message to be marshalled
       * @param transcript_hash the transcript hash state to be updated
       *
       * @return the marshalled handshake message
       */
      static std::vector<uint8_t> prepare_message(Handshake_Message_13_Ref message,
                                                  Transcript_Hash_State& transcript_hash);

      /**
       * Marshalls one post-handshake message for sending in an (encrypted) record.
       *
       * @param message the post handshake message to be marshalled
       *
       * @return the marshalled post-handshake message
       */
      static std::vector<uint8_t> prepare_post_handshake_message(const Post_Handshake_Message_13& message);

      /**
       * Check if the Handshake_Layer has stored a partial message in its internal buffer.
       * This can happen if a handshake message spans multiple records.
       */
      bool has_pending_data() const { return !m_read_buffer.empty(); }

      /**
       * Set the certificate_type used for parsing Certificate messages. This
       * is determined via (client/server)_certificate_type extensions during
       * the handshake.
       *
       * RFC 7250 4.3 and 4.4
       *    When the TLS server has specified RawPublicKey as the
       *    [client_certificate_type/server_certificate_type], authentication
       *    of the TLS [client/server] to the TLS [server/client] is supported
       *    only through authentication of the received client
       *    SubjectPublicKeyInfo via an out-of-band method.
       *
       * If the peer sends a Certificate message containing an incompatible
       * means of authentication, a 'decode_error' will be generated.
       */
      void set_selected_certificate_type(Certificate_Type cert_type) { m_certificate_type = cert_type; }

   private:
      std::vector<uint8_t> m_read_buffer;
      Connection_Side m_peer;
      Certificate_Type m_certificate_type;
};

}  // namespace Botan::TLS

#endif

Line	Count	Source (jump to first uncovered line)
1		/*
2		* TLS handshake layer implementation for TLS 1.3
3		* (C) 2022 Jack Lloyd
4		* 2022 Hannes Rantzsch, René Meusel - neXenio GmbH
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		*/
8
9		#ifndef BOTAN_TLS_HANDSHAKE_LAYER_13_H_
10		#define BOTAN_TLS_HANDSHAKE_LAYER_13_H_
11
12		#include <optional>
13		#include <vector>
14
15		#include <botan/tls_magic.h>
16		#include <botan/tls_messages.h>
17
18		namespace Botan::TLS {
19
20		class Transcript_Hash_State;
21
22		/**
23		* Implementation of the TLS 1.3 handshake protocol layer
24		*
25		* This component transforms payload bytes received in TLS records
26		* from the peer into parsed handshake messages and vice versa.
27		*/
28		class BOTAN_TEST_API Handshake_Layer {
29		public:
30		Handshake_Layer(Connection_Side whoami) :
31	13.4k	m_peer(whoami == Connection_Side::Server ? Connection_Side::Client : Connection_Side::Server)
32		// RFC 8446 4.4.2
33		// If the corresponding certificate type extension
34		// ("server_certificate_type" or "client_certificate_type") was not
35		// negotiated in EncryptedExtensions, or the X.509 certificate type
36		// was negotiated, then each CertificateEntry contains a DER-encoded
37		// X.509 certificate.
38		//
39		// We need the certificate_type info to parse Certificate messages.
40		,
41	13.4k	m_certificate_type(Certificate_Type::X509) {}
42
43		/**
44		* Reads data that was received in handshake records and stores it internally for further
45		* processing during the invocation of `next_message()`.
46		*
47		* @param data_from_peer The data to be parsed.
48		*/
49		void copy_data(std::span<const uint8_t> data_from_peer);
50
51		/**
52		* Parses one handshake message off the internal buffer that is being filled using `copy_data`.
53		*
54		* @param policy the TLS policy
55		* @param transcript_hash the transcript hash state to be updated
56		*
57		* @return the parsed handshake message, or nullopt if more data is needed to complete the message
58		*/
59		std::optional<Handshake_Message_13> next_message(const Policy& policy, Transcript_Hash_State& transcript_hash);
60
61		/**
62		* Parses one post-handshake message off the internal buffer that is being filled using `copy_data`.
63		*
64		* @param policy the TLS policy
65		*
66		* @return the parsed post-handshake message, or nullopt if more data is needed to complete the message
67		*/
68		std::optional<Post_Handshake_Message_13> next_post_handshake_message(const Policy& policy);
69
70		/**
71		* Marshalls one handshake message for sending in an (encrypted) record and updates the
72		* provided transcript hash state accordingly.
73		*
74		* @param message the handshake message to be marshalled
75		* @param transcript_hash the transcript hash state to be updated
76		*
77		* @return the marshalled handshake message
78		*/
79		static std::vector<uint8_t> prepare_message(Handshake_Message_13_Ref message,
80		Transcript_Hash_State& transcript_hash);
81
82		/**
83		* Marshalls one post-handshake message for sending in an (encrypted) record.
84		*
85		* @param message the post handshake message to be marshalled
86		*
87		* @return the marshalled post-handshake message
88		*/
89		static std::vector<uint8_t> prepare_post_handshake_message(const Post_Handshake_Message_13& message);
90
91		/**
92		* Check if the Handshake_Layer has stored a partial message in its internal buffer.
93		* This can happen if a handshake message spans multiple records.
94		*/
95	4.38k	bool has_pending_data() const { return !m_read_buffer.empty(); }
96
97		/**
98		* Set the certificate_type used for parsing Certificate messages. This
99		* is determined via (client/server)_certificate_type extensions during
100		* the handshake.
101		*
102		* RFC 7250 4.3 and 4.4
103		* When the TLS server has specified RawPublicKey as the
104		* [client_certificate_type/server_certificate_type], authentication
105		* of the TLS [client/server] to the TLS [server/client] is supported
106		* only through authentication of the received client
107		* SubjectPublicKeyInfo via an out-of-band method.
108		*
109		* If the peer sends a Certificate message containing an incompatible
110		* means of authentication, a 'decode_error' will be generated.
111		*/
112	0	void set_selected_certificate_type(Certificate_Type cert_type) { m_certificate_type = cert_type; }
113
114		private:
115		std::vector<uint8_t> m_read_buffer;
116		Connection_Side m_peer;
117		Certificate_Type m_certificate_type;
118		};
119
120		} // namespace Botan::TLS
121
122		#endif

Coverage Report

Created: 2025-04-11 06:34