diff options
| author | lloyd <[email protected]> | 2012-08-06 12:42:01 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-08-06 12:42:01 +0000 |
| commit | 55285c8e3ffcd78d4f9bc543648eb215205b3ae7 (patch) | |
| tree | 8a888dbab4891915857132d9ced0bed39e16c90c /src | |
| parent | 43c8e8cc60d1b58a715c81d985f3419548d485ed (diff) | |
Move server-specific parts of the handshake state to a server subclass.
Diffstat (limited to 'src')
| -rw-r--r-- | src/tls/msg_client_kex.cpp | 11 | ||||
| -rw-r--r-- | src/tls/tls_handshake_state.h | 10 | ||||
| -rw-r--r-- | src/tls/tls_messages.h | 1 | ||||
| -rw-r--r-- | src/tls/tls_server.cpp | 28 |
4 files changed, 29 insertions, 21 deletions
diff --git a/src/tls/msg_client_kex.cpp b/src/tls/msg_client_kex.cpp index 16aa2e5a5..8469708d6 100644 --- a/src/tls/msg_client_kex.cpp +++ b/src/tls/msg_client_kex.cpp @@ -267,6 +267,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, */ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, const Handshake_State* state, + const Private_Key* server_rsa_kex_key, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng) @@ -278,15 +279,13 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, BOTAN_ASSERT(state->server_certs() && !state->server_certs()->cert_chain().empty(), "RSA key exchange negotiated so server sent a certificate"); - const Private_Key* private_key = state->server_rsa_kex_key; - - if(!private_key) + if(!server_rsa_kex_key) throw Internal_Error("Expected RSA kex but no server kex key set"); - if(!dynamic_cast<const RSA_PrivateKey*>(private_key)) - throw Internal_Error("Expected RSA key but got " + private_key->algo_name()); + if(!dynamic_cast<const RSA_PrivateKey*>(server_rsa_kex_key)) + throw Internal_Error("Expected RSA key but got " + server_rsa_kex_key->algo_name()); - PK_Decryptor_EME decryptor(*private_key, "PKCS1v15"); + PK_Decryptor_EME decryptor(*server_rsa_kex_key, "PKCS1v15"); Protocol_Version client_version = state->client_hello()->version(); diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 6710e1ce6..d0a03e2d9 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -13,7 +13,6 @@ #include <botan/internal/tls_session_key.h> #include <botan/pk_keys.h> #include <botan/pubkey.h> - #include <functional> #include <utility> #include <memory> @@ -147,15 +146,6 @@ class Handshake_State const Handshake_Hash& hash() const { return m_handshake_hash; } - // Used by the server only, in case of RSA key exchange - Private_Key* server_rsa_kex_key = nullptr; // FIXME make private - - /* - * Used by the server to know if resumption should be allowed on - * a server-initiated renegotiation - */ - bool allow_session_resumption = true; // FIXME make private - private: std::unique_ptr<Handshake_IO> m_handshake_io; diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 4e9d13803..29f75c58e 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -258,6 +258,7 @@ class Client_Key_Exchange : public Handshake_Message Client_Key_Exchange(const std::vector<byte>& buf, const Handshake_State* state, + const Private_Key* server_rsa_kex_key, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng); diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 12de34cdd..61a7642df 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -18,6 +18,21 @@ namespace TLS { namespace { +class Server_Handshake_State : public Handshake_State + { + public: + Server_Handshake_State(Handshake_IO* io) : Handshake_State(io) {} + + // Used by the server only, in case of RSA key exchange. Not owned + Private_Key* server_rsa_kex_key = nullptr; + + /* + * Used by the server to know if resumption should be allowed on + * a server-initiated renegotiation + */ + bool allow_session_resumption = true; + }; + bool check_for_resume(Session& session_info, Session_Manager& session_manager, Credentials_Manager& credentials, @@ -207,7 +222,7 @@ Server::Server(std::function<void (const byte[], size_t)> output_fn, Handshake_State* Server::new_handshake_state() { - Handshake_State* state = new Handshake_State(new Stream_Handshake_IO(m_writer)); + Handshake_State* state = new Server_Handshake_State(new Stream_Handshake_IO(m_writer)); state->set_expected_next(CLIENT_HELLO); return state; } @@ -221,7 +236,8 @@ void Server::renegotiate(bool force_full_renegotiation) return; // currently in handshake m_state.reset(new_handshake_state()); - m_state->allow_session_resumption = !force_full_renegotiation; + dynamic_cast<Server_Handshake_State&>(*m_state).allow_session_resumption = + !force_full_renegotiation; Hello_Request hello_req(m_state->handshake_io()); } @@ -338,7 +354,7 @@ void Server::process_handshake_msg(Handshake_Type type, Session session_info; const bool resuming = - m_state->allow_session_resumption && + dynamic_cast<Server_Handshake_State&>(*m_state).allow_session_resumption && check_for_resume(session_info, m_session_manager, m_creds, @@ -521,7 +537,7 @@ void Server::process_handshake_msg(Handshake_Type type, if(kex_algo == "RSA") { - m_state->server_rsa_kex_key = private_key; + dynamic_cast<Server_Handshake_State&>(*m_state).server_rsa_kex_key = private_key; } else { @@ -577,7 +593,9 @@ void Server::process_handshake_msg(Handshake_Type type, m_state->set_expected_next(HANDSHAKE_CCS); m_state->client_kex( - new Client_Key_Exchange(contents, m_state.get(), m_creds, m_policy, m_rng) + new Client_Key_Exchange(contents, m_state.get(), + dynamic_cast<Server_Handshake_State&>(*m_state).server_rsa_kex_key, + m_creds, m_policy, m_rng) ); m_state->compute_session_keys(); |