aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-08-06 15:59:50 +0000
committerlloyd <[email protected]>2012-08-06 15:59:50 +0000
commit5c35bdbb373a5db27299e64abf906409699a1adb (patch)
treece165aaeab3cb7792c896c239e9b36d1c80aca99 /src/tls
parent45f6afea689eba9a1d3cc3703c2b4250495d4b96 (diff)
Expose Handshake_Message as an API type.
Use override as appropriate in tls_messages.h Add a callback to Handshake_State which, if set, is called for each Handshake_Message& as it is received or sent. Not yet exposed at the application level. Use default values in client and server hellos to minimize the need for explicit settings in constructors.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/info.txt1
-rw-r--r--src/tls/msg_client_hello.cpp7
-rw-r--r--src/tls/msg_server_hello.cpp4
-rw-r--r--src/tls/tls_client.cpp9
-rw-r--r--src/tls/tls_handshake_msg.h36
-rw-r--r--src/tls/tls_handshake_state.cpp17
-rw-r--r--src/tls/tls_handshake_state.h14
-rw-r--r--src/tls/tls_messages.h93
-rw-r--r--src/tls/tls_server.cpp2
9 files changed, 117 insertions, 66 deletions
diff --git a/src/tls/info.txt b/src/tls/info.txt
index 5294d3026..ffd0f5ad1 100644
--- a/src/tls/info.txt
+++ b/src/tls/info.txt
@@ -13,6 +13,7 @@ tls_channel.h
tls_ciphersuite.h
tls_client.h
tls_exceptn.h
+tls_handshake_msg.h
tls_magic.h
tls_policy.h
tls_record.h
diff --git a/src/tls/msg_client_hello.cpp b/src/tls/msg_client_hello.cpp
index 52536e79c..30d34ef78 100644
--- a/src/tls/msg_client_hello.cpp
+++ b/src/tls/msg_client_hello.cpp
@@ -143,13 +143,6 @@ Client_Hello::Client_Hello(Handshake_IO& io,
*/
Client_Hello::Client_Hello(const std::vector<byte>& buf, Handshake_Type type)
{
- m_next_protocol = false;
- m_secure_renegotiation = false;
- m_supports_session_ticket = false;
- m_supports_heartbeats = false;
- m_peer_can_send_heartbeats = false;
- m_fragment_size = 0;
-
if(type == CLIENT_HELLO)
deserialize(buf);
else
diff --git a/src/tls/msg_server_hello.cpp b/src/tls/msg_server_hello.cpp
index 8d151b2b0..941fee8e4 100644
--- a/src/tls/msg_server_hello.cpp
+++ b/src/tls/msg_server_hello.cpp
@@ -55,10 +55,6 @@ Server_Hello::Server_Hello(Handshake_IO& io,
*/
Server_Hello::Server_Hello(const std::vector<byte>& buf)
{
- m_secure_renegotiation = false;
- m_supports_session_ticket = false;
- m_next_protocol = false;
-
if(buf.size() < 38)
throw Decoding_Error("Server_Hello: Packet corrupted");
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 61156d71b..aed524dbe 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -20,7 +20,12 @@ namespace {
class Client_Handshake_State : public Handshake_State
{
public:
- Client_Handshake_State(Handshake_IO* io) : Handshake_State(io) {}
+ // using Handshake_State::Handshake_State;
+
+ Client_Handshake_State(Handshake_IO* io,
+ std::function<void (const Handshake_Message&)> msg_callback =
+ std::function<void (const Handshake_Message&)>()) :
+ Handshake_State(io, msg_callback) {}
// Used during session resumption
secure_vector<byte> resume_master_secret;
@@ -186,6 +191,8 @@ void Client::process_handshake_msg(Handshake_Type type,
Hello_Verify_Request hello_verify_request(contents);
+ m_state->note_message(hello_verify_request);
+
std::unique_ptr<Client_Hello> client_hello_w_cookie(
new Client_Hello(m_state->handshake_io(),
m_state->hash(),
diff --git a/src/tls/tls_handshake_msg.h b/src/tls/tls_handshake_msg.h
new file mode 100644
index 000000000..1c44554d3
--- /dev/null
+++ b/src/tls/tls_handshake_msg.h
@@ -0,0 +1,36 @@
+/*
+* TLS Handshake Message
+* (C) 2012 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#ifndef BOTAN_TLS_HANDSHAKE_MSG_H__
+#define BOTAN_TLS_HANDSHAKE_MSG_H__
+
+#include <botan/tls_magic.h>
+#include <vector>
+#include <string>
+
+namespace Botan {
+
+namespace TLS {
+
+/**
+* TLS Handshake Message Base Class
+*/
+class BOTAN_DLL Handshake_Message
+ {
+ public:
+ virtual Handshake_Type type() const = 0;
+
+ virtual std::vector<byte> serialize() const = 0;
+
+ virtual ~Handshake_Message() {}
+ };
+
+}
+
+}
+
+#endif
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 4be0c58e7..082461dc9 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -85,8 +85,10 @@ u32bit bitmask_for_handshake_type(Handshake_Type type)
/*
* Initialize the SSL/TLS Handshake State
*/
-Handshake_State::Handshake_State(Handshake_IO* io) :
+Handshake_State::Handshake_State(Handshake_IO* io,
+ std::function<void (const Handshake_Message&)> msg_callback) :
m_handshake_io(io),
+ m_msg_callback(msg_callback),
m_version(m_handshake_io->initial_record_version())
{
}
@@ -96,67 +98,80 @@ Handshake_State::~Handshake_State() {}
void Handshake_State::client_hello(Client_Hello* client_hello)
{
m_client_hello.reset(client_hello);
+ note_message(*m_client_hello);
}
void Handshake_State::server_hello(Server_Hello* server_hello)
{
m_server_hello.reset(server_hello);
m_ciphersuite = Ciphersuite::by_id(m_server_hello->ciphersuite());
+ note_message(*m_server_hello);
}
void Handshake_State::server_certs(Certificate* server_certs)
{
m_server_certs.reset(server_certs);
+ note_message(*m_server_certs);
}
void Handshake_State::server_kex(Server_Key_Exchange* server_kex)
{
m_server_kex.reset(server_kex);
+ note_message(*m_server_kex);
}
void Handshake_State::cert_req(Certificate_Req* cert_req)
{
m_cert_req.reset(cert_req);
+ note_message(*m_cert_req);
}
void Handshake_State::server_hello_done(Server_Hello_Done* server_hello_done)
{
m_server_hello_done.reset(server_hello_done);
+ note_message(*m_server_hello_done);
}
void Handshake_State::client_certs(Certificate* client_certs)
{
m_client_certs.reset(client_certs);
+ note_message(*m_client_certs);
}
void Handshake_State::client_kex(Client_Key_Exchange* client_kex)
{
m_client_kex.reset(client_kex);
+ note_message(*m_client_kex);
}
void Handshake_State::client_verify(Certificate_Verify* client_verify)
{
m_client_verify.reset(client_verify);
+ note_message(*m_client_verify);
}
void Handshake_State::next_protocol(Next_Protocol* next_protocol)
{
m_next_protocol.reset(next_protocol);
+ note_message(*m_next_protocol);
}
void Handshake_State::new_session_ticket(New_Session_Ticket* new_session_ticket)
{
m_new_session_ticket.reset(new_session_ticket);
+ note_message(*m_new_session_ticket);
}
void Handshake_State::server_finished(Finished* server_finished)
{
m_server_finished.reset(server_finished);
+ note_message(*m_server_finished);
}
void Handshake_State::client_finished(Finished* client_finished)
{
m_client_finished.reset(client_finished);
+ note_message(*m_client_finished);
}
void Handshake_State::set_version(const Protocol_Version& version)
diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h
index d0a03e2d9..81a603c6f 100644
--- a/src/tls/tls_handshake_state.h
+++ b/src/tls/tls_handshake_state.h
@@ -11,6 +11,7 @@
#include <botan/internal/tls_handshake_hash.h>
#include <botan/internal/tls_handshake_io.h>
#include <botan/internal/tls_session_key.h>
+#include <botan/tls_handshake_msg.h>
#include <botan/pk_keys.h>
#include <botan/pubkey.h>
#include <functional>
@@ -44,7 +45,9 @@ class Finished;
class Handshake_State
{
public:
- Handshake_State(Handshake_IO* io);
+ Handshake_State(Handshake_IO* io,
+ std::function<void (const Handshake_Message&)> msg_callback =
+ std::function<void (const Handshake_Message&)>());
virtual ~Handshake_State();
@@ -146,9 +149,18 @@ class Handshake_State
const Handshake_Hash& hash() const { return m_handshake_hash; }
+ void note_message(const Handshake_Message& msg)
+ {
+ if(m_msg_callback)
+ m_msg_callback(msg);
+ }
+
private:
+
std::unique_ptr<Handshake_IO> m_handshake_io;
+ std::function<void (const Handshake_Message&)> m_msg_callback;
+
u32bit m_hand_expecting_mask = 0;
u32bit m_hand_received_mask = 0;
Protocol_Version m_version;
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index 29f75c58e..f162a8cce 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -9,15 +9,16 @@
#define BOTAN_TLS_MESSAGES_H__
#include <botan/internal/tls_handshake_state.h>
+#include <botan/tls_handshake_msg.h>
#include <botan/tls_session.h>
#include <botan/tls_policy.h>
-#include <botan/tls_magic.h>
#include <botan/tls_ciphersuite.h>
#include <botan/bigint.h>
#include <botan/pkcs8.h>
#include <botan/x509cert.h>
#include <vector>
#include <memory>
+#include <string>
namespace Botan {
@@ -28,19 +29,6 @@ namespace TLS {
class Handshake_IO;
-/**
-* TLS Handshake Message Base Class
-*/
-class Handshake_Message
- {
- public:
- virtual std::vector<byte> serialize() const = 0;
- virtual Handshake_Type type() const = 0;
-
- Handshake_Message() {}
- virtual ~Handshake_Message() {}
- };
-
std::vector<byte> make_hello_random(RandomNumberGenerator& rng);
/**
@@ -49,8 +37,8 @@ std::vector<byte> make_hello_random(RandomNumberGenerator& rng);
class Hello_Verify_Request : public Handshake_Message
{
public:
- std::vector<byte> serialize() const;
- Handshake_Type type() const { return HELLO_VERIFY_REQUEST; }
+ std::vector<byte> serialize() const override;
+ Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; }
std::vector<byte> cookie() const { return m_cookie; }
@@ -69,7 +57,7 @@ class Hello_Verify_Request : public Handshake_Message
class Client_Hello : public Handshake_Message
{
public:
- Handshake_Type type() const { return CLIENT_HELLO; }
+ Handshake_Type type() const override { return CLIENT_HELLO; }
Protocol_Version version() const { return m_version; }
@@ -137,7 +125,7 @@ class Client_Hello : public Handshake_Message
Handshake_Type type);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
void deserialize(const std::vector<byte>& buf);
void deserialize_sslv2(const std::vector<byte>& buf);
@@ -147,22 +135,22 @@ class Client_Hello : public Handshake_Message
std::vector<byte> m_comp_methods;
std::string m_hostname;
std::string m_srp_identifier;
- bool m_next_protocol;
+ bool m_next_protocol = false;
- size_t m_fragment_size;
- bool m_secure_renegotiation;
+ size_t m_fragment_size = 0;
+ bool m_secure_renegotiation = false;
std::vector<byte> m_renegotiation_info;
std::vector<std::pair<std::string, std::string> > m_supported_algos;
std::vector<std::string> m_supported_curves;
- bool m_supports_session_ticket;
+ bool m_supports_session_ticket = false;
std::vector<byte> m_session_ticket;
std::vector<byte> m_hello_cookie;
- bool m_supports_heartbeats;
- bool m_peer_can_send_heartbeats;
+ bool m_supports_heartbeats = false;
+ bool m_peer_can_send_heartbeats = false;
};
/**
@@ -171,7 +159,7 @@ class Client_Hello : public Handshake_Message
class Server_Hello : public Handshake_Message
{
public:
- Handshake_Type type() const { return SERVER_HELLO; }
+ Handshake_Type type() const override { return SERVER_HELLO; }
Protocol_Version version() const { return m_version; }
@@ -218,23 +206,23 @@ class Server_Hello : public Handshake_Message
Server_Hello(const std::vector<byte>& buf);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
Protocol_Version m_version;
std::vector<byte> m_session_id, m_random;
u16bit m_ciphersuite;
byte m_comp_method;
- size_t m_fragment_size;
- bool m_secure_renegotiation;
+ size_t m_fragment_size = 0;
+ bool m_secure_renegotiation = false;
std::vector<byte> m_renegotiation_info;
- bool m_next_protocol;
+ bool m_next_protocol = false;
std::vector<std::string> m_next_protocols;
- bool m_supports_session_ticket;
+ bool m_supports_session_ticket = false;
- bool m_supports_heartbeats;
- bool m_peer_can_send_heartbeats;
+ bool m_supports_heartbeats = false;
+ bool m_peer_can_send_heartbeats = false;
};
/**
@@ -243,7 +231,7 @@ class Server_Hello : public Handshake_Message
class Client_Key_Exchange : public Handshake_Message
{
public:
- Handshake_Type type() const { return CLIENT_KEX; }
+ Handshake_Type type() const override { return CLIENT_KEX; }
const secure_vector<byte>& pre_master_secret() const
{ return m_pre_master; }
@@ -264,7 +252,8 @@ class Client_Key_Exchange : public Handshake_Message
RandomNumberGenerator& rng);
private:
- std::vector<byte> serialize() const { return m_key_material; }
+ std::vector<byte> serialize() const override
+ { return m_key_material; }
std::vector<byte> m_key_material;
secure_vector<byte> m_pre_master;
@@ -276,7 +265,7 @@ class Client_Key_Exchange : public Handshake_Message
class Certificate : public Handshake_Message
{
public:
- Handshake_Type type() const { return CERTIFICATE; }
+ Handshake_Type type() const override { return CERTIFICATE; }
const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
size_t count() const { return m_certs.size(); }
@@ -288,7 +277,7 @@ class Certificate : public Handshake_Message
Certificate(const std::vector<byte>& buf);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
std::vector<X509_Certificate> m_certs;
};
@@ -299,7 +288,7 @@ class Certificate : public Handshake_Message
class Certificate_Req : public Handshake_Message
{
public:
- Handshake_Type type() const { return CERTIFICATE_REQUEST; }
+ Handshake_Type type() const override { return CERTIFICATE_REQUEST; }
const std::vector<std::string>& acceptable_cert_types() const
{ return m_cert_key_types; }
@@ -318,7 +307,7 @@ class Certificate_Req : public Handshake_Message
Certificate_Req(const std::vector<byte>& buf,
Protocol_Version version);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
std::vector<X509_DN> m_names;
std::vector<std::string> m_cert_key_types;
@@ -332,7 +321,7 @@ class Certificate_Req : public Handshake_Message
class Certificate_Verify : public Handshake_Message
{
public:
- Handshake_Type type() const { return CERTIFICATE_VERIFY; }
+ Handshake_Type type() const override { return CERTIFICATE_VERIFY; }
/**
* Check the signature on a certificate verify message
@@ -351,7 +340,7 @@ class Certificate_Verify : public Handshake_Message
Certificate_Verify(const std::vector<byte>& buf,
Protocol_Version version);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
std::string m_sig_algo; // sig algo used to create signature
std::string m_hash_algo; // hash used to create signature
@@ -364,7 +353,7 @@ class Certificate_Verify : public Handshake_Message
class Finished : public Handshake_Message
{
public:
- Handshake_Type type() const { return FINISHED; }
+ Handshake_Type type() const override { return FINISHED; }
std::vector<byte> verify_data() const
{ return m_verification_data; }
@@ -378,7 +367,7 @@ class Finished : public Handshake_Message
Finished(const std::vector<byte>& buf);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
Connection_Side m_side;
std::vector<byte> m_verification_data;
@@ -390,12 +379,12 @@ class Finished : public Handshake_Message
class Hello_Request : public Handshake_Message
{
public:
- Handshake_Type type() const { return HELLO_REQUEST; }
+ Handshake_Type type() const override { return HELLO_REQUEST; }
Hello_Request(Handshake_IO& io);
Hello_Request(const std::vector<byte>& buf);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
};
/**
@@ -404,7 +393,7 @@ class Hello_Request : public Handshake_Message
class Server_Key_Exchange : public Handshake_Message
{
public:
- Handshake_Type type() const { return SERVER_KEX; }
+ Handshake_Type type() const override { return SERVER_KEX; }
const std::vector<byte>& params() const { return m_params; }
@@ -431,7 +420,7 @@ class Server_Key_Exchange : public Handshake_Message
~Server_Key_Exchange();
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
std::unique_ptr<Private_Key> m_kex_key;
std::unique_ptr<SRP6_Server_Session> m_srp_params;
@@ -449,12 +438,12 @@ class Server_Key_Exchange : public Handshake_Message
class Server_Hello_Done : public Handshake_Message
{
public:
- Handshake_Type type() const { return SERVER_HELLO_DONE; }
+ Handshake_Type type() const override { return SERVER_HELLO_DONE; }
Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash);
Server_Hello_Done(const std::vector<byte>& buf);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
};
/**
@@ -463,7 +452,7 @@ class Server_Hello_Done : public Handshake_Message
class Next_Protocol : public Handshake_Message
{
public:
- Handshake_Type type() const { return NEXT_PROTOCOL; }
+ Handshake_Type type() const override { return NEXT_PROTOCOL; }
std::string protocol() const { return m_protocol; }
@@ -473,7 +462,7 @@ class Next_Protocol : public Handshake_Message
Next_Protocol(const std::vector<byte>& buf);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
std::string m_protocol;
};
@@ -481,7 +470,7 @@ class Next_Protocol : public Handshake_Message
class New_Session_Ticket : public Handshake_Message
{
public:
- Handshake_Type type() const { return NEW_SESSION_TICKET; }
+ Handshake_Type type() const override { return NEW_SESSION_TICKET; }
u32bit ticket_lifetime_hint() const { return m_ticket_lifetime_hint; }
const std::vector<byte>& ticket() const { return m_ticket; }
@@ -496,7 +485,7 @@ class New_Session_Ticket : public Handshake_Message
New_Session_Ticket(const std::vector<byte>& buf);
private:
- std::vector<byte> serialize() const;
+ std::vector<byte> serialize() const override;
u32bit m_ticket_lifetime_hint;
std::vector<byte> m_ticket;
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 61a7642df..aabafaaaa 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -21,6 +21,8 @@ namespace {
class Server_Handshake_State : public Handshake_State
{
public:
+ // using Handshake_State::Handshake_State;
+
Server_Handshake_State(Handshake_IO* io) : Handshake_State(io) {}
// Used by the server only, in case of RSA key exchange. Not owned