aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_handshake_state.h
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-08-06 10:50:41 +0000
committerlloyd <[email protected]>2012-08-06 10:50:41 +0000
commit943ecbcce90b504f3ef9fe328136323b0d248c17 (patch)
tree0aa0c4611f7d0c75965af3abe2bc521c82f25ae0 /src/tls/tls_handshake_state.h
parenta250506355588554dbd84181a94bb3a96234376e (diff)
Have all the TLS handshake messages stored in unique_ptrs with only
const access after setting them. Fix some const issues.
Diffstat (limited to 'src/tls/tls_handshake_state.h')
-rw-r--r--src/tls/tls_handshake_state.h117
1 files changed, 91 insertions, 26 deletions
diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h
index 49470fecb..7dea555cc 100644
--- a/src/tls/tls_handshake_state.h
+++ b/src/tls/tls_handshake_state.h
@@ -1,6 +1,6 @@
/*
* TLS Handshake State
-* (C) 2004-2006 Jack Lloyd
+* (C) 2004-2006,2011,2012 Jack Lloyd
*
* Released under the terms of the Botan license
*/
@@ -16,6 +16,7 @@
#include <functional>
#include <utility>
+#include <memory>
namespace Botan {
@@ -25,6 +26,19 @@ namespace TLS {
class Policy;
+class Client_Hello;
+class Server_Hello;
+class Certificate;
+class Server_Key_Exchange;
+class Certificate_Req;
+class Server_Hello_Done;
+class Certificate;
+class Client_Key_Exchange;
+class Certificate_Verify;
+class Next_Protocol;
+class New_Session_Ticket;
+class Finished;
+
/**
* SSL/TLS Handshake State
*/
@@ -38,6 +52,8 @@ class Handshake_State
Handshake_State(const Handshake_State&) = delete;
Handshake_State& operator=(const Handshake_State&) = delete;
+ Handshake_IO& handshake_io() { return *m_handshake_io; }
+
bool received_handshake_msg(Handshake_Type handshake_msg) const;
void confirm_transition_to(Handshake_Type handshake_msg);
@@ -49,70 +65,119 @@ class Handshake_State
understand_sig_format(const Public_Key* key,
std::string hash_algo,
std::string sig_algo,
- bool for_client_auth);
+ bool for_client_auth) const;
std::pair<std::string, Signature_Format>
choose_sig_format(const Private_Key* key,
std::string& hash_algo,
std::string& sig_algo,
bool for_client_auth,
- const Policy& policy);
+ const Policy& policy) const;
std::string srp_identifier() const;
- KDF* protocol_specific_prf();
+ KDF* protocol_specific_prf() const;
Protocol_Version version() const { return m_version; }
void set_version(const Protocol_Version& version);
- class Client_Hello* client_hello = nullptr;
- class Server_Hello* server_hello = nullptr;
- class Certificate* server_certs = nullptr;
- class Server_Key_Exchange* server_kex = nullptr;
- class Certificate_Req* cert_req = nullptr;
- class Server_Hello_Done* server_hello_done = nullptr;
+ void client_hello(Client_Hello* client_hello);
+ void server_hello(Server_Hello* server_hello);
+ void server_certs(Certificate* server_certs);
+ void server_kex(Server_Key_Exchange* server_kex);
+ void cert_req(Certificate_Req* cert_req);
+ void server_hello_done(Server_Hello_Done* server_hello_done);
+ void client_certs(Certificate* client_certs);
+ void client_kex(Client_Key_Exchange* client_kex);
+ void client_verify(Certificate_Verify* client_verify);
+ void next_protocol(Next_Protocol* next_protocol);
+ void new_session_ticket(New_Session_Ticket* new_session_ticket);
+ void server_finished(Finished* server_finished);
+ void client_finished(Finished* client_finished);
+
+ const Client_Hello* client_hello() const
+ { return m_client_hello.get(); }
+
+ const Server_Hello* server_hello() const
+ { return m_server_hello.get(); }
+
+ const Certificate* server_certs() const
+ { return m_server_certs.get(); }
+
+ const Server_Key_Exchange* server_kex() const
+ { return m_server_kex.get(); }
+
+ const Certificate_Req* cert_req() const
+ { return m_cert_req.get(); }
- class Certificate* client_certs = nullptr;
- class Client_Key_Exchange* client_kex = nullptr;
- class Certificate_Verify* client_verify = nullptr;
+ const Server_Hello_Done* server_hello_done() const
+ { return m_server_hello_done.get(); }
- class Next_Protocol* next_protocol = nullptr;
- class New_Session_Ticket* new_session_ticket = nullptr;
+ const Certificate* client_certs() const
+ { return m_client_certs.get(); }
- class Finished* client_finished = nullptr;
- class Finished* server_finished = nullptr;
+ const Client_Key_Exchange* client_kex() const
+ { return m_client_kex.get(); }
+
+ const Certificate_Verify* client_verify() const
+ { return m_client_verify.get(); }
+
+ const Next_Protocol* next_protocol() const
+ { return m_next_protocol.get(); }
+
+ const New_Session_Ticket* new_session_ticket() const
+ { return m_new_session_ticket.get(); }
+
+ const Finished* server_finished() const
+ { return m_server_finished.get(); }
+
+ const Finished* client_finished() const
+ { return m_client_finished.get(); }
// Used by the server only, in case of RSA key exchange
- Private_Key* server_rsa_kex_key = nullptr;
+ Private_Key* server_rsa_kex_key = nullptr; // FIXME make private
- Ciphersuite suite;
- Session_Keys keys;
- Handshake_Hash hash;
+ Ciphersuite suite; // FIXME make private
+ Session_Keys keys; // FIXME make private
+ Handshake_Hash hash; // FIXME make private
/*
* Only used by clients for session resumption
*/
- secure_vector<byte> resume_master_secret;
+ secure_vector<byte> resume_master_secret; // FIXME make private
/*
* Used by the server to know if resumption should be allowed on
* a server-initiated renegotiation
*/
- bool allow_session_resumption = true;
+ bool allow_session_resumption = true; // FIXME make private
/**
- * Used by client using NPN
+ * Used by client using NPN FIXME make private
*/
std::function<std::string (std::vector<std::string>)> client_npn_cb;
- Handshake_IO& handshake_io() { return *m_handshake_io; }
private:
- Handshake_IO* m_handshake_io = nullptr;
+ std::unique_ptr<Handshake_IO> m_handshake_io;
u32bit m_hand_expecting_mask = 0;
u32bit m_hand_received_mask = 0;
Protocol_Version m_version;
+
+ std::unique_ptr<Client_Hello> m_client_hello;
+ std::unique_ptr<Server_Hello> m_server_hello;
+ std::unique_ptr<Certificate> m_server_certs;
+ std::unique_ptr<Server_Key_Exchange> m_server_kex;
+ std::unique_ptr<Certificate_Req> m_cert_req;
+ std::unique_ptr<Server_Hello_Done> m_server_hello_done;
+ std::unique_ptr<Certificate> m_client_certs;
+ std::unique_ptr<Client_Key_Exchange> m_client_kex;
+ std::unique_ptr<Certificate_Verify> m_client_verify;
+ std::unique_ptr<Next_Protocol> m_next_protocol;
+ std::unique_ptr<New_Session_Ticket> m_new_session_ticket;
+ std::unique_ptr<Finished> m_server_finished;
+ std::unique_ptr<Finished> m_client_finished;
};
}