10#ifndef BOTAN_ASIO_STREAM_H_
11#define BOTAN_ASIO_STREAM_H_
13#include <botan/asio_compat.h>
14#if !defined(BOTAN_FOUND_COMPATIBLE_BOOST_ASIO_VERSION)
15 #error Available boost headers are too old for the boost asio stream.
18 #include <botan/asio_async_ops.h>
19 #include <botan/asio_context.h>
20 #include <botan/asio_error.h>
22 #include <botan/tls_callbacks.h>
23 #include <botan/tls_channel.h>
24 #include <botan/tls_client.h>
25 #include <botan/tls_magic.h>
26 #include <botan/tls_server.h>
30 #define BOOST_ASIO_DISABLE_SERIAL_PORT
31 #include <boost/asio.hpp>
32 #include <boost/beast/core.hpp>
36 #include <type_traits>
40template <
class SL,
class C>
58class StreamCallbacks :
public Callbacks {
62 void tls_emit_data(std::span<const uint8_t> data)
final {
63 m_send_buffer.commit(boost::asio::buffer_copy(m_send_buffer.prepare(data.size()),
64 boost::asio::buffer(data.data(), data.size())));
67 void tls_record_received(uint64_t, std::span<const uint8_t> data)
final {
68 m_receive_buffer.commit(boost::asio::buffer_copy(m_receive_buffer.prepare(data.size()),
69 boost::asio::const_buffer(data.data(), data.size())));
72 bool tls_peer_closed_connection()
final {
86 void tls_alert(TLS::Alert alert)
final {
87 if(alert.is_fatal() || alert.type() == TLS::AlertType::CloseNotify) {
92 m_alert_from_peer = alert;
96 void tls_verify_cert_chain(
const std::vector<X509_Certificate>& cert_chain,
97 const std::vector<std::optional<OCSP::Response>>& ocsp_responses,
98 const std::vector<Certificate_Store*>& trusted_roots,
100 std::string_view hostname,
101 const TLS::Policy& policy)
override {
102 auto ctx = m_context.lock();
104 if(ctx && ctx->has_verify_callback()) {
105 ctx->get_verify_callback()(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
107 Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
113 template <
class SL,
class C>
116 void set_context(std::weak_ptr<Botan::TLS::Context> context) { m_context = std::move(context); }
118 void consume_send_buffer() { m_send_buffer.consume(m_send_buffer.size()); }
120 boost::beast::flat_buffer& send_buffer() {
return m_send_buffer; }
122 const boost::beast::flat_buffer& send_buffer()
const {
return m_send_buffer; }
124 boost::beast::flat_buffer& receive_buffer() {
return m_receive_buffer; }
126 const boost::beast::flat_buffer& receive_buffer()
const {
return m_receive_buffer; }
128 bool shutdown_received()
const {
129 return m_alert_from_peer && m_alert_from_peer->type() == AlertType::CloseNotify;
132 std::optional<Alert> alert_from_peer()
const {
return m_alert_from_peer; }
135 std::optional<Alert> m_alert_from_peer;
136 boost::beast::flat_buffer m_receive_buffer;
137 boost::beast::flat_buffer m_send_buffer;
139 std::weak_ptr<TLS::Context> m_context;
145concept basic_completion_token = boost::asio::completion_token_for<
T, void(boost::system::error_code)>;
148concept byte_size_completion_token = boost::asio::completion_token_for<
T, void(boost::system::error_code,
size_t)>;
158template <
class StreamLayer,
class ChannelT = Channel>
161 using default_completion_token =
162 boost::asio::default_completion_token_t<boost::beast::executor_type<StreamLayer>>;
180 template <
typename... Args>
181 explicit Stream(std::shared_ptr<Context> context, std::shared_ptr<StreamCallbacks> callbacks, Args&&... args) :
182 m_context(std::move(context)),
183 m_nextLayer(std::forward<Args>(args)...),
184 m_core(std::move(callbacks)),
186 m_input_buffer(m_input_buffer_space.data(), m_input_buffer_space.size()) {
187 m_core->set_context(m_context);
196 template <
typename... Args>
197 explicit Stream(std::shared_ptr<Context> context, Args&&... args) :
198 Stream(std::move(context), std::make_shared<StreamCallbacks>(), std::forward<Args>(args)...) {}
211 template <
typename Arg>
212 explicit Stream(Arg&& arg,
213 std::shared_ptr<Context> context,
214 std::shared_ptr<StreamCallbacks> callbacks = std::make_shared<StreamCallbacks>()) :
215 Stream(std::move(context), std::move(callbacks), std::forward<Arg>(arg)) {}
217 virtual ~Stream() =
default;
219 Stream(Stream&& other) =
default;
220 Stream& operator=(Stream&& other) =
default;
222 Stream(
const Stream& other) =
delete;
223 Stream& operator=(
const Stream& other) =
delete;
229 using next_layer_type =
typename std::remove_reference<StreamLayer>::type;
231 const next_layer_type& next_layer()
const {
return m_nextLayer; }
233 next_layer_type& next_layer() {
return m_nextLayer; }
235 using lowest_layer_type =
typename boost::beast::lowest_layer_type<StreamLayer>;
237 lowest_layer_type& lowest_layer() {
return boost::beast::get_lowest_layer(m_nextLayer); }
239 const lowest_layer_type& lowest_layer()
const {
return boost::beast::get_lowest_layer(m_nextLayer); }
241 using executor_type =
typename next_layer_type::executor_type;
243 executor_type get_executor() noexcept {
return m_nextLayer.get_executor(); }
245 using native_handle_type =
typename std::add_pointer<ChannelT>::type;
247 native_handle_type native_handle() {
249 return m_native_handle.get();
265 void set_verify_callback(Context::Verify_Callback callback) {
266 m_context->set_verify_callback(std::move(callback));
275 void set_verify_callback(Context::Verify_Callback callback, boost::system::error_code& ec) {
277 m_context->set_verify_callback(std::move(callback));
281 void set_verify_depth(
int depth) {
283 throw Not_Implemented(
"set_verify_depth is not implemented");
291 void set_verify_depth(
int depth, boost::system::error_code& ec) {
293 ec = ErrorType::NotImplemented;
297 template <
typename verify_mode>
298 void set_verify_mode(verify_mode v) {
300 throw Not_Implemented(
"set_verify_mode is not implemented");
308 template <
typename verify_mode>
309 void set_verify_mode(verify_mode v, boost::system::error_code& ec) {
311 ec = ErrorType::NotImplemented;
326 void handshake(Connection_Side side) {
327 boost::system::error_code ec;
329 boost::asio::detail::throw_error(ec,
"handshake");
340 void handshake(Connection_Side side, boost::system::error_code& ec) {
341 setup_native_handle(side, ec);
350 if(has_data_to_send()) {
351 send_pending_encrypted_data(ec);
356 if(native_handle()->is_handshake_complete()) {
364 handle_tls_protocol_errors(ec);
370 read_and_process_encrypted_data_from_peer(ec);
385 template <detail::basic_completion_token CompletionToken = default_completion_token>
387 CompletionToken&& completion_token = default_completion_token{}) {
388 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code)>(
389 [
this](
auto&& completion_handler, TLS::Connection_Side connection_side) {
390 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
392 boost::system::error_code ec;
393 setup_native_handle(connection_side, ec);
395 detail::AsyncHandshakeOperation<completion_handler_t, Stream> op{
396 std::forward<completion_handler_t>(completion_handler), *
this, ec};
403 template <
typename ConstBufferSequence, detail::basic_completion_token BufferedHandshakeHandler>
404 auto async_handshake(Connection_Side side,
405 const ConstBufferSequence& buffers,
406 BufferedHandshakeHandler&& handler) {
408 throw Not_Implemented(
"buffered async handshake is not implemented");
425 void shutdown(boost::system::error_code& ec) {
426 try_with_error_code([&] { native_handle()->close(); }, ec);
428 send_pending_encrypted_data(ec);
442 boost::system::error_code ec;
444 boost::asio::detail::throw_error(ec,
"shutdown");
455 template <
typename Handler,
typename Executor>
457 void operator()(boost::system::error_code ec, std::size_t) { handler(ec); }
459 using executor_type = boost::asio::associated_executor_t<Handler, Executor>;
461 executor_type get_executor() const noexcept {
462 return boost::asio::get_associated_executor(handler, io_executor);
465 using allocator_type = boost::asio::associated_allocator_t<Handler>;
467 allocator_type get_allocator() const noexcept {
return boost::asio::get_associated_allocator(handler); }
470 Executor io_executor;
484 template <detail::basic_completion_token CompletionToken = default_completion_token>
485 auto async_shutdown(CompletionToken&& completion_token = default_completion_token{}) {
486 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code)>(
487 [
this](
auto&& completion_handler) {
488 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
490 boost::system::error_code ec;
491 try_with_error_code([&] { native_handle()->close(); }, ec);
493 using write_handler_t = Wrapper<completion_handler_t, typename Stream::executor_type>;
495 TLS::detail::AsyncWriteOperation<write_handler_t, Stream> op{
496 write_handler_t{std::forward<completion_handler_t>(completion_handler), get_executor()},
498 boost::asio::buffer_size(send_buffer()),
519 template <
typename MutableBufferSequence>
520 std::size_t read_some(
const MutableBufferSequence& buffers, boost::system::error_code& ec) {
526 if(has_received_data()) {
527 return copy_received_data(buffers);
536 handle_tls_protocol_errors(ec);
543 read_and_process_encrypted_data_from_peer(ec);
560 template <
typename MutableBufferSequence>
561 std::size_t read_some(
const MutableBufferSequence& buffers) {
562 boost::system::error_code ec;
563 const auto n = read_some(buffers, ec);
564 boost::asio::detail::throw_error(ec,
"read_some");
578 template <
typename ConstBufferSequence>
579 std::size_t write_some(
const ConstBufferSequence& buffers, boost::system::error_code& ec) {
580 tls_encrypt(buffers, ec);
581 send_pending_encrypted_data(ec);
582 return !ec ? boost::asio::buffer_size(buffers) : 0;
595 template <
typename ConstBufferSequence>
596 std::size_t write_some(
const ConstBufferSequence& buffers) {
597 boost::system::error_code ec;
598 const auto n = write_some(buffers, ec);
599 boost::asio::detail::throw_error(ec,
"write_some");
611 template <
typename ConstBufferSequence,
612 detail::byte_size_completion_token CompletionToken = default_completion_token>
613 auto async_write_some(
const ConstBufferSequence& buffers,
614 CompletionToken&& completion_token = default_completion_token{}) {
615 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code, std::size_t)>(
616 [
this](
auto&& completion_handler,
const auto& bufs) {
617 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
619 boost::system::error_code ec;
620 tls_encrypt(bufs, ec);
625 m_core->send_buffer().consume(m_core->send_buffer().size());
628 detail::AsyncWriteOperation<completion_handler_t, Stream> op{
629 std::forward<completion_handler_t>(completion_handler),
631 ec ? 0 : boost::asio::buffer_size(bufs),
647 template <
typename MutableBufferSequence,
648 detail::byte_size_completion_token CompletionToken = default_completion_token>
649 auto async_read_some(
const MutableBufferSequence& buffers,
650 CompletionToken&& completion_token = default_completion_token{}) {
651 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code, std::size_t)>(
652 [
this](
auto&& completion_handler,
const auto& bufs) {
653 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
655 detail::AsyncReadOperation<completion_handler_t, Stream, MutableBufferSequence> op{
656 std::forward<completion_handler_t>(completion_handler), *
this, bufs};
668 bool shutdown_received()
const {
return m_core->shutdown_received(); }
671 template <
class H,
class S,
class M,
class A>
672 friend class detail::AsyncReadOperation;
673 template <
class H,
class S,
class A>
674 friend class detail::AsyncWriteOperation;
675 template <
class H,
class S,
class A>
676 friend class detail::AsyncHandshakeOperation;
678 const boost::asio::mutable_buffer& input_buffer() {
return m_input_buffer; }
680 boost::asio::const_buffer send_buffer()
const {
return m_core->send_buffer().data(); }
683 bool has_received_data()
const {
return m_core->receive_buffer().size() > 0; }
686 template <
typename MutableBufferSequence>
687 std::size_t copy_received_data(MutableBufferSequence buffers) {
692 const auto copiedBytes = boost::asio::buffer_copy(buffers, m_core->receive_buffer().data());
693 m_core->receive_buffer().consume(copiedBytes);
698 bool has_data_to_send()
const {
return m_core->send_buffer().size() > 0; }
701 void consume_send_buffer(std::size_t bytesConsumed) { m_core->send_buffer().consume(bytesConsumed); }
712 void setup_native_handle(Connection_Side side, boost::system::error_code& ec) {
715 if constexpr(std::is_same<ChannelT, Channel>::value) {
720 if(side == Connection_Side::Client) {
721 m_native_handle = std::unique_ptr<Client>(
723 m_context->m_session_manager,
724 m_context->m_credentials_manager,
727 m_context->m_server_info,
728 m_context->m_policy->latest_supported_version(
false )));
730 m_native_handle = std::unique_ptr<Server>(
new Server(m_core,
731 m_context->m_session_manager,
732 m_context->m_credentials_manager,
758 void handle_tls_protocol_errors(boost::system::error_code& ec) {
767 else if(
auto error = error_from_us()) {
779 else if(
auto alert = alert_from_peer()) {
780 if(alert->type() == AlertType::CloseNotify) {
781 ec = boost::asio::error::eof;
797 void read_and_process_encrypted_data_from_peer(boost::system::error_code& ec) {
805 BOTAN_ASSERT(!has_received_data(),
"receive buffer is empty");
806 BOTAN_ASSERT(!error_from_us() && !alert_from_peer(),
"TLS session is healthy");
812 boost::asio::const_buffer read_buffer{input_buffer().data(), m_nextLayer.read_some(input_buffer(), ec)};
814 process_encrypted_data(read_buffer);
815 }
else if(ec == boost::asio::error::eof) {
816 ec = StreamError::StreamTruncated;
828 size_t send_pending_encrypted_data(boost::system::error_code& ec) {
833 auto writtenBytes = boost::asio::write(m_nextLayer, send_buffer(), ec);
834 consume_send_buffer(writtenBytes);
836 if(ec == boost::asio::error::eof && !shutdown_received()) {
838 ec = StreamError::StreamTruncated;
849 template <
typename ConstBufferSequence>
850 void tls_encrypt(
const ConstBufferSequence& buffers, boost::system::error_code& ec) {
854 std::vector<uint8_t> copy_buffer;
855 auto unpack = [©_buffer](
const auto& bufs) -> std::span<const uint8_t> {
856 const auto buffers_in_sequence =
857 std::distance(boost::asio::buffer_sequence_begin(bufs), boost::asio::buffer_sequence_end(bufs));
859 if(buffers_in_sequence == 0) {
861 }
else if(buffers_in_sequence == 1) {
862 const boost::asio::const_buffer buf = *boost::asio::buffer_sequence_begin(bufs);
863 return {
static_cast<const uint8_t*
>(buf.data()), buf.size()};
865 copy_buffer.resize(boost::asio::buffer_size(bufs));
866 boost::asio::buffer_copy(boost::asio::buffer(copy_buffer), bufs);
874 try_with_error_code([&] { native_handle()->send(unpack(buffers)); }, ec);
888 void process_encrypted_data(
const boost::asio::const_buffer& read_buffer) {
890 "no one sent an alert before (no data allowed after that)");
898 native_handle()->received_data({
static_cast<const uint8_t*
>(read_buffer.data()), read_buffer.size()});
900 m_ec_from_last_read);
904 template <
typename Fun>
905 void try_with_error_code(Fun f, boost::system::error_code& ec) {
908 }
catch(
const TLS_Exception& e) {
910 }
catch(
const Exception& e) {
912 }
catch(
const std::exception&) {
913 ec = ErrorType::Unknown;
923 std::optional<Alert> alert_from_peer()
const {
return m_core->alert_from_peer(); }
931 boost::system::error_code error_from_us()
const {
return m_ec_from_last_read; }
934 std::shared_ptr<Context> m_context;
935 StreamLayer m_nextLayer;
937 std::shared_ptr<StreamCallbacks> m_core;
938 std::unique_ptr<ChannelT> m_native_handle;
939 boost::system::error_code m_ec_from_last_read;
942 std::vector<uint8_t> m_input_buffer_space;
943 const boost::asio::mutable_buffer m_input_buffer;
949Stream(std::shared_ptr<Context>, std::shared_ptr<StreamCallbacks>,
T) -> Stream<T>;
951Stream(std::shared_ptr<Context>,
T) -> Stream<T>;
953Stream(
T, std::shared_ptr<Context>) -> Stream<T>;
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_STATE_CHECK(expr)
#define BOTAN_ASSERT(expr, assertion_made)
int(* final)(unsigned char *, CTX *)