8 #include <botan/tls_server.h>
9 #include <botan/internal/tls_alerts.h>
10 #include <botan/internal/tls_state.h>
11 #include <botan/loadstor.h>
12 #include <botan/rsa.h>
26 "Client version is unacceptable by policy");
39 class State_Transition_Error :
public Unexpected_Message
42 State_Transition_Error(
const std::string& err) :
43 Unexpected_Message(
"State transition error from " + err) {}
48 if(state->server_hello)
49 throw State_Transition_Error(
"ClientHello");
53 if(!state->do_client_auth || !state->cert_req ||
54 !state->server_hello_done || state->client_kex)
55 throw State_Transition_Error(
"ClientCertificate");
59 if(!state->server_hello_done || state->client_verify ||
60 state->got_client_ccs)
61 throw State_Transition_Error(
"ClientKeyExchange");
65 if(!state->cert_req || !state->client_certs || !state->client_kex ||
66 state->got_client_ccs)
67 throw State_Transition_Error(
"CertificateVerify");
71 if(!state->client_kex || state->client_finished)
72 throw State_Transition_Error(
"ClientChangeCipherSpec");
76 if(!state->got_client_ccs)
77 throw State_Transition_Error(
"ClientFinished");
80 throw Unexpected_Message(
"Unexpected message in handshake");
89 std::tr1::function<
void (
const byte[],
size_t)> output_fn,
101 cert_chain.push_back(cert);
110 catch(std::exception& e)
163 while(read_buf.
size() == 0)
170 size_t got = std::min<size_t>(read_buf.
size(), length);
171 read_buf.
read(out, got);
202 writer.
alert(level, alert_code);
212 void TLS_Server::state_machine()
215 SecureVector<byte> record(1024);
217 size_t bytes_needed = reader.
get_record(rec_type, record);
221 size_t to_get = std::min<size_t>(record.size(), bytes_needed);
222 size_t got = input_fn(&record[0], to_get);
232 bytes_needed = reader.
get_record(rec_type, record);
244 read_buf.
write(&record[0], record.size());
246 throw Unexpected_Message(
"Application data before handshake done");
249 read_handshake(rec_type, record);
250 else if(rec_type ==
ALERT)
265 throw Unexpected_Message(
"Unknown message type received");
271 void TLS_Server::read_handshake(
byte rec_type,
272 const MemoryRegion<byte>& rec_buf)
277 state =
new Handshake_State;
278 state->queue.write(&rec_buf[0], rec_buf.size());
284 SecureVector<byte> contents;
288 if(state->queue.size() >= 4)
290 byte head[4] = { 0 };
291 state->queue.peek(head, 4);
293 const size_t length =
make_u32bit(0, head[1], head[2], head[3]);
295 if(state->queue.size() >= length + 4)
298 contents.resize(length);
299 state->queue.read(head, 4);
300 state->queue.read(&contents[0], contents.size());
306 if(state->queue.size() == 0 && rec_buf.size() == 1 && rec_buf[0] == 1)
309 throw Decoding_Error(
"Malformed ChangeCipherSpec message");
312 throw Decoding_Error(
"Unknown message type in handshake processing");
317 process_handshake_msg(type, contents);
328 const MemoryRegion<byte>& contents)
333 throw Unexpected_Message(
"Unexpected handshake message");
347 state->hash.update(static_cast<byte>(type));
349 const size_t record_length = contents.size();
350 for(
size_t i = 0; i != 3; i++)
351 state->hash.update(get_byte<u32bit>(i+1, record_length));
354 state->hash.update(contents);
359 server_check_state(type, state);
361 state->client_hello =
new Client_Hello(contents, type);
363 client_requested_hostname = state->client_hello->hostname();
365 state->version = choose_version(state->client_hello->version(),
371 state->server_hello =
new Server_Hello(rng, writer,
373 *(state->client_hello),
374 state->version, state->hash);
376 state->suite = CipherSuite(state->server_hello->ciphersuite());
381 state->server_certs =
new Certificate(writer, cert_chain,
390 state->kex_priv =
new RSA_PrivateKey(rng,
395 state->kex_priv =
new DH_PrivateKey(rng, policy.
dh_group());
398 throw Internal_Error(
"TLS_Server: Unknown ciphersuite kex type");
401 new Server_Key_Exchange(rng, writer,
402 state->kex_priv, private_key,
403 state->client_hello->random(),
404 state->server_hello->random(),
410 state->do_client_auth =
true;
411 throw Internal_Error(
"Client auth not implemented");
415 state->server_hello_done =
new Server_Hello_Done(writer, state->hash);
419 server_check_state(type, state);
424 server_check_state(type, state);
426 state->client_kex =
new Client_Key_Exchange(contents, state->suite,
429 SecureVector<byte> pre_master =
430 state->client_kex->pre_master_secret(rng, state->kex_priv,
431 state->server_hello->version());
433 state->keys = SessionKeys(state->suite, state->version, pre_master,
434 state->client_hello->random(),
435 state->server_hello->random());
439 server_check_state(type, state);
444 server_check_state(type, state);
447 state->got_client_ccs =
true;
451 server_check_state(type, state);
453 state->client_finished =
new Finished(contents);
455 if(!state->client_finished->verify(state->keys.master_secret(),
456 state->version, state->hash,
CLIENT))
458 "Finished message didn't verify");
460 state->hash.update(static_cast<byte>(type));
462 const size_t record_length = contents.size();
463 for(
size_t i = 0; i != 3; i++)
464 state->hash.update(get_byte<u32bit>(i+1, record_length));
466 state->hash.update(contents);
473 state->server_finished =
new Finished(writer, state->version,
SERVER,
474 state->keys.master_secret(),
482 throw Unexpected_Message(
"Unknown handshake message received");
488 void TLS_Server::do_handshake()
497 if(!active && !state)
virtual bool require_client_auth() const
size_t read(byte buf[], size_t buf_len)
size_t get_record(byte &msg_type, MemoryRegion< byte > &buffer)
size_t read(byte[], size_t)
virtual void add_entropy(const byte in[], size_t length)=0
virtual Version_Code min_version() const
void add_input(const byte input[], size_t input_size)
std::vector< X509_Certificate > peer_cert_chain() const
void set_version(Version_Code)
void set_keys(const CipherSuite &, const SessionKeys &, Connection_Side)
virtual DL_Group dh_group() const
void set_version(Version_Code version)
RandomNumberGenerator * rng
void write(const byte buf[], size_t buf_len)
void set_keys(const CipherSuite &suite, const SessionKeys &keys, Connection_Side side)
Private_Key * copy_key(const Private_Key &key, RandomNumberGenerator &rng)
void write(const byte[], size_t)
TLS_Server(std::tr1::function< size_t(byte[], size_t)> input_fn, std::tr1::function< void(const byte[], size_t)> output_fn, const TLS_Policy &policy, RandomNumberGenerator &rng, const X509_Certificate &cert, const Private_Key &cert_key)
void alert(Alert_Level, Alert_Type)
u32bit make_u32bit(byte i0, byte i1, byte i2, byte i3)
virtual size_t rsa_export_keysize() const
void send(byte type, const byte input[], size_t length)