8 #include <botan/tls_server.h> 9 #include <botan/internal/tls_alerts.h> 10 #include <botan/internal/tls_state.h> 11 #include <botan/loadstor.h> 12 #include <botan/rsa.h> 26 "Client version is unacceptable by policy");
37 void server_check_state(
Handshake_Type new_msg, Handshake_State* state)
39 class State_Transition_Error :
public Unexpected_Message
42 State_Transition_Error(
const std::string& err) :
43 Unexpected_Message(
"State transition error from " + err) {}
48 if(state->server_hello)
49 throw State_Transition_Error(
"ClientHello");
53 if(!state->do_client_auth || !state->cert_req ||
54 !state->server_hello_done || state->client_kex)
55 throw State_Transition_Error(
"ClientCertificate");
59 if(!state->server_hello_done || state->client_verify ||
60 state->got_client_ccs)
61 throw State_Transition_Error(
"ClientKeyExchange");
65 if(!state->cert_req || !state->client_certs || !state->client_kex ||
66 state->got_client_ccs)
67 throw State_Transition_Error(
"CertificateVerify");
71 if(!state->client_kex || state->client_finished)
72 throw State_Transition_Error(
"ClientChangeCipherSpec");
76 if(!state->got_client_ccs)
77 throw State_Transition_Error(
"ClientFinished");
80 throw Unexpected_Message(
"Unexpected message in handshake");
89 std::tr1::function<
void (
const byte[],
size_t)> output_fn,
101 cert_chain.push_back(cert);
110 catch(std::exception& e)
163 while(read_buf.
size() == 0)
170 size_t got = std::min<size_t>(read_buf.
size(), length);
171 read_buf.
read(out, got);
202 writer.
alert(level, alert_code);
212 void TLS_Server::state_machine()
217 size_t bytes_needed = reader.
get_record(rec_type, record);
221 size_t to_get = std::min<size_t>(record.
size(), bytes_needed);
222 size_t got = input_fn(&record[0], to_get);
232 bytes_needed = reader.
get_record(rec_type, record);
244 read_buf.
write(&record[0], record.
size());
249 read_handshake(rec_type, record);
250 else if(rec_type ==
ALERT)
271 void TLS_Server::read_handshake(
byte rec_type,
288 if(state->queue.size() >= 4)
290 byte head[4] = { 0 };
291 state->queue.peek(head, 4);
293 const size_t length =
make_u32bit(0, head[1], head[2], head[3]);
295 if(state->queue.size() >= length + 4)
299 state->queue.read(head, 4);
300 state->queue.read(&contents[0], contents.
size());
306 if(state->queue.size() == 0 && rec_buf.
size() == 1 && rec_buf[0] == 1)
312 throw Decoding_Error(
"Unknown message type in handshake processing");
317 process_handshake_msg(type, contents);
347 state->hash.update(static_cast<byte>(type));
349 const size_t record_length = contents.
size();
350 for(
size_t i = 0; i != 3; i++)
351 state->hash.update(get_byte<u32bit>(i+1, record_length));
354 state->hash.update(contents);
359 server_check_state(type, state);
363 client_requested_hostname = state->client_hello->hostname();
365 state->version = choose_version(state->client_hello->version(),
373 *(state->client_hello),
374 state->version, state->hash);
376 state->suite =
CipherSuite(state->server_hello->ciphersuite());
381 state->server_certs =
new Certificate(writer, cert_chain,
402 state->kex_priv, private_key,
403 state->client_hello->random(),
404 state->server_hello->random(),
410 state->do_client_auth =
true;
419 server_check_state(type, state);
424 server_check_state(type, state);
430 state->client_kex->pre_master_secret(rng, state->kex_priv,
431 state->server_hello->version());
433 state->keys =
SessionKeys(state->suite, state->version, pre_master,
434 state->client_hello->random(),
435 state->server_hello->random());
439 server_check_state(type, state);
444 server_check_state(type, state);
447 state->got_client_ccs =
true;
451 server_check_state(type, state);
453 state->client_finished =
new Finished(contents);
455 if(!state->client_finished->verify(state->keys.master_secret(),
456 state->version, state->hash,
CLIENT))
458 "Finished message didn't verify");
460 state->hash.update(static_cast<byte>(type));
462 const size_t record_length = contents.
size();
463 for(
size_t i = 0; i != 3; i++)
464 state->hash.update(get_byte<u32bit>(i+1, record_length));
466 state->hash.update(contents);
473 state->server_finished =
new Finished(writer, state->version,
SERVER,
474 state->keys.master_secret(),
488 void TLS_Server::do_handshake()
497 if(!active && !state)
size_t read(byte buf[], size_t buf_len)
size_t get_record(byte &msg_type, MemoryRegion< byte > &buffer)
size_t read(byte[], size_t)
virtual void add_entropy(const byte in[], size_t length)=0
void add_input(const byte input[], size_t input_size)
void set_version(Version_Code)
void set_keys(const CipherSuite &, const SessionKeys &, Connection_Side)
void set_version(Version_Code version)
std::vector< X509_Certificate > peer_cert_chain() const
void write(const byte buf[], size_t buf_len)
virtual Version_Code min_version() const
virtual size_t rsa_export_keysize() const
void set_keys(const CipherSuite &suite, const SessionKeys &keys, Connection_Side side)
Private_Key * copy_key(const Private_Key &key, RandomNumberGenerator &rng)
void write(const byte[], size_t)
virtual DL_Group dh_group() const
TLS_Server(std::tr1::function< size_t(byte[], size_t)> input_fn, std::tr1::function< void(const byte[], size_t)> output_fn, const TLS_Policy &policy, RandomNumberGenerator &rng, const X509_Certificate &cert, const Private_Key &cert_key)
void alert(Alert_Level, Alert_Type)
virtual bool require_client_auth() const
u32bit make_u32bit(byte i0, byte i1, byte i2, byte i3)
void send(byte type, const byte input[], size_t length)