From 943ecbcce90b504f3ef9fe328136323b0d248c17 Mon Sep 17 00:00:00 2001 From: lloyd Date: Mon, 6 Aug 2012 10:50:41 +0000 Subject: Have all the TLS handshake messages stored in unique_ptrs with only const access after setting them. Fix some const issues. --- src/tls/tls_handshake_state.h | 117 ++++++++++++++++++++++++++++++++---------- 1 file changed, 91 insertions(+), 26 deletions(-) (limited to 'src/tls/tls_handshake_state.h') diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 49470fecb..7dea555cc 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -1,6 +1,6 @@ /* * TLS Handshake State -* (C) 2004-2006 Jack Lloyd +* (C) 2004-2006,2011,2012 Jack Lloyd * * Released under the terms of the Botan license */ @@ -16,6 +16,7 @@ #include #include +#include namespace Botan { @@ -25,6 +26,19 @@ namespace TLS { class Policy; +class Client_Hello; +class Server_Hello; +class Certificate; +class Server_Key_Exchange; +class Certificate_Req; +class Server_Hello_Done; +class Certificate; +class Client_Key_Exchange; +class Certificate_Verify; +class Next_Protocol; +class New_Session_Ticket; +class Finished; + /** * SSL/TLS Handshake State */ @@ -38,6 +52,8 @@ class Handshake_State Handshake_State(const Handshake_State&) = delete; Handshake_State& operator=(const Handshake_State&) = delete; + Handshake_IO& handshake_io() { return *m_handshake_io; } + bool received_handshake_msg(Handshake_Type handshake_msg) const; void confirm_transition_to(Handshake_Type handshake_msg); @@ -49,70 +65,119 @@ class Handshake_State understand_sig_format(const Public_Key* key, std::string hash_algo, std::string sig_algo, - bool for_client_auth); + bool for_client_auth) const; std::pair choose_sig_format(const Private_Key* key, std::string& hash_algo, std::string& sig_algo, bool for_client_auth, - const Policy& policy); + const Policy& policy) const; std::string srp_identifier() const; - KDF* protocol_specific_prf(); + KDF* protocol_specific_prf() const; Protocol_Version version() const { return m_version; } void set_version(const Protocol_Version& version); - class Client_Hello* client_hello = nullptr; - class Server_Hello* server_hello = nullptr; - class Certificate* server_certs = nullptr; - class Server_Key_Exchange* server_kex = nullptr; - class Certificate_Req* cert_req = nullptr; - class Server_Hello_Done* server_hello_done = nullptr; + void client_hello(Client_Hello* client_hello); + void server_hello(Server_Hello* server_hello); + void server_certs(Certificate* server_certs); + void server_kex(Server_Key_Exchange* server_kex); + void cert_req(Certificate_Req* cert_req); + void server_hello_done(Server_Hello_Done* server_hello_done); + void client_certs(Certificate* client_certs); + void client_kex(Client_Key_Exchange* client_kex); + void client_verify(Certificate_Verify* client_verify); + void next_protocol(Next_Protocol* next_protocol); + void new_session_ticket(New_Session_Ticket* new_session_ticket); + void server_finished(Finished* server_finished); + void client_finished(Finished* client_finished); + + const Client_Hello* client_hello() const + { return m_client_hello.get(); } + + const Server_Hello* server_hello() const + { return m_server_hello.get(); } + + const Certificate* server_certs() const + { return m_server_certs.get(); } + + const Server_Key_Exchange* server_kex() const + { return m_server_kex.get(); } + + const Certificate_Req* cert_req() const + { return m_cert_req.get(); } - class Certificate* client_certs = nullptr; - class Client_Key_Exchange* client_kex = nullptr; - class Certificate_Verify* client_verify = nullptr; + const Server_Hello_Done* server_hello_done() const + { return m_server_hello_done.get(); } - class Next_Protocol* next_protocol = nullptr; - class New_Session_Ticket* new_session_ticket = nullptr; + const Certificate* client_certs() const + { return m_client_certs.get(); } - class Finished* client_finished = nullptr; - class Finished* server_finished = nullptr; + const Client_Key_Exchange* client_kex() const + { return m_client_kex.get(); } + + const Certificate_Verify* client_verify() const + { return m_client_verify.get(); } + + const Next_Protocol* next_protocol() const + { return m_next_protocol.get(); } + + const New_Session_Ticket* new_session_ticket() const + { return m_new_session_ticket.get(); } + + const Finished* server_finished() const + { return m_server_finished.get(); } + + const Finished* client_finished() const + { return m_client_finished.get(); } // Used by the server only, in case of RSA key exchange - Private_Key* server_rsa_kex_key = nullptr; + Private_Key* server_rsa_kex_key = nullptr; // FIXME make private - Ciphersuite suite; - Session_Keys keys; - Handshake_Hash hash; + Ciphersuite suite; // FIXME make private + Session_Keys keys; // FIXME make private + Handshake_Hash hash; // FIXME make private /* * Only used by clients for session resumption */ - secure_vector resume_master_secret; + secure_vector resume_master_secret; // FIXME make private /* * Used by the server to know if resumption should be allowed on * a server-initiated renegotiation */ - bool allow_session_resumption = true; + bool allow_session_resumption = true; // FIXME make private /** - * Used by client using NPN + * Used by client using NPN FIXME make private */ std::function)> client_npn_cb; - Handshake_IO& handshake_io() { return *m_handshake_io; } private: - Handshake_IO* m_handshake_io = nullptr; + std::unique_ptr m_handshake_io; u32bit m_hand_expecting_mask = 0; u32bit m_hand_received_mask = 0; Protocol_Version m_version; + + std::unique_ptr m_client_hello; + std::unique_ptr m_server_hello; + std::unique_ptr m_server_certs; + std::unique_ptr m_server_kex; + std::unique_ptr m_cert_req; + std::unique_ptr m_server_hello_done; + std::unique_ptr m_client_certs; + std::unique_ptr m_client_kex; + std::unique_ptr m_client_verify; + std::unique_ptr m_next_protocol; + std::unique_ptr m_new_session_ticket; + std::unique_ptr m_server_finished; + std::unique_ptr m_client_finished; }; } -- cgit v1.2.3