/src/botan/build/include/internal/botan/internal/tls_transcript_hash_13.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS transcript hash implementation for TLS 1.3 |
3 | | * (C) 2022 Jack Lloyd |
4 | | * 2022 Hannes Rantzsch, René Meusel - neXenio GmbH |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #ifndef BOTAN_TLS_TRANSCRIPT_HASH_13_H_ |
10 | | #define BOTAN_TLS_TRANSCRIPT_HASH_13_H_ |
11 | | |
12 | | #include <botan/hash.h> |
13 | | #include <botan/tls_magic.h> |
14 | | |
15 | | #include <memory> |
16 | | #include <span> |
17 | | #include <string> |
18 | | #include <vector> |
19 | | |
20 | | namespace Botan::TLS { |
21 | | |
22 | | /** |
23 | | * Wraps the behaviour of the TLS 1.3 transcript hash as described in |
24 | | * RFC 8446 4.4.1. Particularly, it hides the complexity that the |
25 | | * utilized hash algorithm might become evident only after receiving |
26 | | * a server hello message. |
27 | | */ |
28 | | class BOTAN_TEST_API Transcript_Hash_State { |
29 | | public: |
30 | 5.94k | Transcript_Hash_State() = default; |
31 | | Transcript_Hash_State(std::string_view algo_spec); |
32 | 11.9k | ~Transcript_Hash_State() = default; |
33 | | |
34 | | /** |
35 | | * Recreates a Transcript_Hash_State after receiving a Hello Retry Request. |
36 | | * Note that the `prev_transcript_hash_state` must not have an hash algorithm |
37 | | * set, yet. Furthermore it must contain exactly TWO unprocessed messages: |
38 | | * * Client Hello 1, and |
39 | | * * Hello Retry Request |
40 | | * The result of this function is an ordinary transcript hash that can replace |
41 | | * the previously used object in client and server implementations. |
42 | | */ |
43 | | static Transcript_Hash_State recreate_after_hello_retry_request( |
44 | | std::string_view algo_spec, const Transcript_Hash_State& prev_transcript_hash_state); |
45 | | |
46 | | Transcript_Hash_State& operator=(const Transcript_Hash_State&) = delete; |
47 | | |
48 | | Transcript_Hash_State(Transcript_Hash_State&&) = default; |
49 | 0 | Transcript_Hash_State& operator=(Transcript_Hash_State&&) = default; |
50 | | |
51 | | void update(std::span<const uint8_t> serialized_message_s); |
52 | | |
53 | | /** |
54 | | * returns the latest transcript hash |
55 | | * (given an algorithm was already specified and some data was provided to `update`) |
56 | | */ |
57 | | const Transcript_Hash& current() const; |
58 | | |
59 | | /** |
60 | | * returns the second-latest transcript hash |
61 | | * throws if no 'current' was ever replaced by a call to `update` |
62 | | */ |
63 | | const Transcript_Hash& previous() const; |
64 | | |
65 | | /** |
66 | | * returns a truncated transcript hash (see RFC 8446 4.2.11.2) |
67 | | * |
68 | | * This is useful for implementing PSK binders in the PSK extension of |
69 | | * client hello. It is a transcript over a partially marshalled client |
70 | | * hello message. This hash is available only if the last processed |
71 | | * message was a client hello with a PSK extension. |
72 | | * |
73 | | * throws if no 'truncated' hash is available |
74 | | */ |
75 | | const Transcript_Hash& truncated() const; |
76 | | |
77 | | void set_algorithm(std::string_view algo_spec); |
78 | | |
79 | | Transcript_Hash_State clone() const; |
80 | | |
81 | | private: |
82 | | Transcript_Hash_State(const Transcript_Hash_State& other); |
83 | | |
84 | | private: |
85 | | std::unique_ptr<HashFunction> m_hash; |
86 | | |
87 | | // This buffer is filled with the data that is passed into |
88 | | // `update()` before `set_algorithm()` was called. |
89 | | std::vector<std::vector<uint8_t>> m_unprocessed_transcript; |
90 | | |
91 | | Transcript_Hash m_current; |
92 | | Transcript_Hash m_previous; |
93 | | Transcript_Hash m_truncated; |
94 | | }; |
95 | | |
96 | | } // namespace Botan::TLS |
97 | | |
98 | | #endif // BOTAN_TLS_TRANSCRIPT_HASH_13_H_ |