diff options
| author | lloyd <[email protected]> | 2015-01-07 13:05:20 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2015-01-07 13:05:20 +0000 |
| commit | bb1228d8a9e6f823f4875a1f6bafa9726ef506ae (patch) | |
| tree | dee0b5414eb8eb7d29b85768cf22c54b78e34a31 /src/lib/tls/tls_channel.h | |
| parent | 5fd3c7adffa9fe705e493f81def04d9d57db4442 (diff) | |
Support setting the number of pad bytes in a heartbeat message. Use
random instead of all-zero padding. Check on sanity of received pads
to the extent possible. Bugzilla 269.
Diffstat (limited to 'src/lib/tls/tls_channel.h')
| -rw-r--r-- | src/lib/tls/tls_channel.h | 96 |
1 files changed, 49 insertions, 47 deletions
diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 8aea2dab0..c5da583a1 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -1,6 +1,6 @@ /* * TLS Channel -* (C) 2011,2012,2014 Jack Lloyd +* (C) 2011,2012,2014,2015 Jack Lloyd * * Released under the terms of the Botan license */ @@ -31,6 +31,21 @@ class Handshake_State; class BOTAN_DLL Channel { public: + Channel(std::function<void (const byte[], size_t)> socket_output_fn, + std::function<void (const byte[], size_t)> data_cb, + std::function<void (Alert, const byte[], size_t)> alert_cb, + std::function<bool (const Session&)> handshake_cb, + Session_Manager& session_manager, + RandomNumberGenerator& rng, + bool is_datagram, + size_t reserved_io_buffer_size); + + Channel(const Channel&) = delete; + + Channel& operator=(const Channel&) = delete; + + virtual ~Channel(); + /** * Inject TLS traffic received from counterparty * @return a hint as the how many more bytes we need to process the @@ -46,14 +61,6 @@ class BOTAN_DLL Channel size_t received_data(const std::vector<byte>& buf); /** - * Perform a handshake timeout check. This does nothing unless - * this is a DTLS channel with a pending handshake state, in - * which case we check for timeout and potentially retransmit - * handshake packets. - */ - bool timeout_check(); - - /** * Inject plaintext intended for counterparty * Throws an exception if is_active() is false */ @@ -107,22 +114,29 @@ class BOTAN_DLL Channel */ bool is_closed() const; + /** - * Attempt to renegotiate the session - * @param force_full_renegotiation if true, require a full renegotiation, - * otherwise allow session resumption + * @return certificate chain of the peer (may be empty) */ - void renegotiate(bool force_full_renegotiation = false); + std::vector<X509_Certificate> peer_cert_chain() const; /** - * @return true iff the peer supports heartbeat messages + * Key material export (RFC 5705) + * @param label a disambiguating label string + * @param context a per-association context value + * @param length the length of the desired key in bytes + * @return key of length bytes */ - bool peer_supports_heartbeats() const; + SymmetricKey key_material_export(const std::string& label, + const std::string& context, + size_t length) const; /** - * @return true iff we are allowed to send heartbeat messages + * Attempt to renegotiate the session + * @param force_full_renegotiation if true, require a full renegotiation, + * otherwise allow session resumption */ - bool heartbeat_sending_allowed() const; + void renegotiate(bool force_full_renegotiation = false); /** * @return true iff the counterparty supports the secure @@ -131,47 +145,35 @@ class BOTAN_DLL Channel bool secure_renegotiation_supported() const; /** - * Attempt to send a heartbeat message (if negotiated with counterparty) - * @param payload will be echoed back - * @param payload_size size of payload in bytes + * Perform a handshake timeout check. This does nothing unless + * this is a DTLS channel with a pending handshake state, in + * which case we check for timeout and potentially retransmit + * handshake packets. */ - void heartbeat(const byte payload[], size_t payload_size); + bool timeout_check(); /** - * Attempt to send a heartbeat message (if negotiated with counterparty) + * @return true iff the peer supports heartbeat messages */ - void heartbeat() { heartbeat(nullptr, 0); } + bool peer_supports_heartbeats() const; /** - * @return certificate chain of the peer (may be empty) + * @return true iff we are allowed to send heartbeat messages */ - std::vector<X509_Certificate> peer_cert_chain() const; + bool heartbeat_sending_allowed() const; /** - * Key material export (RFC 5705) - * @param label a disambiguating label string - * @param context a per-association context value - * @param length the length of the desired key in bytes - * @return key of length bytes + * Attempt to send a heartbeat message (if negotiated with counterparty) + * @param payload will be echoed back + * @param payload_size size of payload in bytes + * @param pad_bytes include 16 + pad_bytes extra bytes in the message (not echoed) */ - SymmetricKey key_material_export(const std::string& label, - const std::string& context, - size_t length) const; - - Channel(std::function<void (const byte[], size_t)> socket_output_fn, - std::function<void (const byte[], size_t)> data_cb, - std::function<void (Alert, const byte[], size_t)> alert_cb, - std::function<bool (const Session&)> handshake_cb, - Session_Manager& session_manager, - RandomNumberGenerator& rng, - bool is_datagram, - size_t reserved_io_buffer_size); - - Channel(const Channel&) = delete; - - Channel& operator=(const Channel&) = delete; + void heartbeat(const byte payload[], size_t payload_size, size_t pad_bytes = 0); - virtual ~Channel(); + /** + * Attempt to send a heartbeat message (if negotiated with counterparty) + */ + void heartbeat() { heartbeat(nullptr, 0); } protected: virtual void process_handshake_msg(const Handshake_State* active_state, |