10#ifndef BOTAN_ASIO_STREAM_H_
11#define BOTAN_ASIO_STREAM_H_
13#include <botan/asio_compat.h>
14#if !defined(BOTAN_FOUND_COMPATIBLE_BOOST_ASIO_VERSION)
15 #error Available boost headers are too old for the boost asio stream.
18 #include <botan/asio_async_ops.h>
19 #include <botan/asio_context.h>
20 #include <botan/asio_error.h>
22 #include <botan/tls_callbacks.h>
23 #include <botan/tls_channel.h>
24 #include <botan/tls_client.h>
25 #include <botan/tls_magic.h>
26 #include <botan/tls_server.h>
30 #define BOOST_ASIO_DISABLE_SERIAL_PORT
31 #include <boost/asio.hpp>
32 #include <boost/beast/core.hpp>
36 #include <type_traits>
40template <
class SL,
class C>
58class StreamCallbacks :
public Callbacks {
62 void tls_emit_data(std::span<const uint8_t> data)
final {
63 m_send_buffer.commit(boost::asio::buffer_copy(m_send_buffer.prepare(data.size()),
64 boost::asio::buffer(data.data(), data.size())));
67 void tls_record_received(uint64_t, std::span<const uint8_t> data)
final {
68 m_receive_buffer.commit(boost::asio::buffer_copy(m_receive_buffer.prepare(data.size()),
69 boost::asio::const_buffer(data.data(), data.size())));
72 bool tls_peer_closed_connection()
final {
86 void tls_alert(TLS::Alert alert)
final {
87 if(alert.is_fatal() || alert.type() == TLS::AlertType::CloseNotify) {
92 m_alert_from_peer = alert;
96 void tls_verify_cert_chain(
const std::vector<X509_Certificate>& cert_chain,
97 const std::vector<std::optional<OCSP::Response>>& ocsp_responses,
98 const std::vector<Certificate_Store*>& trusted_roots,
100 std::string_view hostname,
101 const TLS::Policy& policy)
override {
102 auto ctx = m_context.lock();
104 if(ctx && ctx->has_verify_callback()) {
105 ctx->get_verify_callback()(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
107 Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
113 template <
class SL,
class C>
116 void set_context(std::weak_ptr<Botan::TLS::Context> context) { m_context = std::move(context); }
118 void consume_send_buffer() { m_send_buffer.consume(m_send_buffer.size()); }
120 boost::beast::flat_buffer& send_buffer() {
return m_send_buffer; }
122 const boost::beast::flat_buffer& send_buffer()
const {
return m_send_buffer; }
124 boost::beast::flat_buffer& receive_buffer() {
return m_receive_buffer; }
126 const boost::beast::flat_buffer& receive_buffer()
const {
return m_receive_buffer; }
128 bool shutdown_received()
const {
129 return m_alert_from_peer && m_alert_from_peer->type() == AlertType::CloseNotify;
132 std::optional<Alert> alert_from_peer()
const {
return m_alert_from_peer; }
135 std::optional<Alert> m_alert_from_peer;
136 boost::beast::flat_buffer m_receive_buffer;
137 boost::beast::flat_buffer m_send_buffer;
139 std::weak_ptr<TLS::Context> m_context;
145concept basic_completion_token = boost::asio::completion_token_for<
T, void(boost::system::error_code)>;
148concept byte_size_completion_token = boost::asio::completion_token_for<
T, void(boost::system::error_code,
size_t)>;
158template <
class StreamLayer,
class ChannelT = Channel>
161 using default_completion_token =
162 boost::asio::default_completion_token_t<boost::beast::executor_type<StreamLayer>>;
180 template <
typename... Args>
181 explicit Stream(std::shared_ptr<Context> context, std::shared_ptr<StreamCallbacks> callbacks, Args&&... args) :
182 m_context(std::move(context)),
183 m_nextLayer(std::forward<Args>(args)...),
184 m_core(std::move(callbacks)),
186 m_input_buffer(m_input_buffer_space.data(), m_input_buffer_space.size()) {
187 m_core->set_context(m_context);
196 template <
typename... Args>
197 explicit Stream(std::shared_ptr<Context> context, Args&&... args) :
198 Stream(std::move(context), std::make_shared<StreamCallbacks>(), std::forward<Args>(args)...) {}
211 template <
typename Arg>
212 explicit Stream(Arg&& arg,
213 std::shared_ptr<Context> context,
214 std::shared_ptr<StreamCallbacks> callbacks = std::make_shared<StreamCallbacks>()) :
215 Stream(std::move(context), std::move(callbacks), std::forward<Arg>(arg)) {}
217 #if defined(BOTAN_HAS_HAS_DEFAULT_TLS_CONTEXT)
228 template <
typename... Args>
229 explicit Stream(Server_Information server_info, Args&&... args) :
230 Stream(std::make_shared<Context>(std::move(server_info)), std::forward<Args>(args)...) {}
233 virtual ~Stream() =
default;
235 Stream(Stream&& other) =
default;
236 Stream& operator=(Stream&& other) =
default;
238 Stream(
const Stream& other) =
delete;
239 Stream& operator=(
const Stream& other) =
delete;
245 using next_layer_type =
typename std::remove_reference<StreamLayer>::type;
247 const next_layer_type& next_layer()
const {
return m_nextLayer; }
249 next_layer_type& next_layer() {
return m_nextLayer; }
251 using lowest_layer_type =
typename boost::beast::lowest_layer_type<StreamLayer>;
253 lowest_layer_type& lowest_layer() {
return boost::beast::get_lowest_layer(m_nextLayer); }
255 const lowest_layer_type& lowest_layer()
const {
return boost::beast::get_lowest_layer(m_nextLayer); }
257 using executor_type =
typename next_layer_type::executor_type;
259 executor_type get_executor() noexcept {
return m_nextLayer.get_executor(); }
261 using native_handle_type =
typename std::add_pointer<ChannelT>::type;
263 native_handle_type native_handle() {
265 return m_native_handle.get();
281 void set_verify_callback(Context::Verify_Callback callback) {
282 m_context->set_verify_callback(std::move(callback));
291 void set_verify_callback(Context::Verify_Callback callback, boost::system::error_code& ec) {
293 m_context->set_verify_callback(std::move(callback));
301 void set_verify_depth(
int depth) {
303 throw Not_Implemented(
"set_verify_depth is not implemented");
311 void set_verify_depth(
int depth, boost::system::error_code& ec) {
313 ec = ErrorType::NotImplemented;
321 template <
typename verify_mode>
322 void set_verify_mode(verify_mode v) {
324 throw Not_Implemented(
"set_verify_mode is not implemented");
332 template <
typename verify_mode>
333 void set_verify_mode(verify_mode v, boost::system::error_code& ec) {
335 ec = ErrorType::NotImplemented;
350 void handshake(Connection_Side side) {
351 boost::system::error_code ec;
353 boost::asio::detail::throw_error(ec,
"handshake");
364 void handshake(Connection_Side side, boost::system::error_code& ec) {
365 setup_native_handle(side, ec);
374 if(has_data_to_send()) {
375 send_pending_encrypted_data(ec);
380 if(native_handle()->is_handshake_complete()) {
388 handle_tls_protocol_errors(ec);
394 read_and_process_encrypted_data_from_peer(ec);
409 template <detail::basic_completion_token CompletionToken = default_completion_token>
411 CompletionToken&& completion_token = default_completion_token{}) {
412 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code)>(
413 [
this](
auto&& completion_handler, TLS::Connection_Side connection_side) {
414 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
416 boost::system::error_code ec;
417 setup_native_handle(connection_side, ec);
419 detail::AsyncHandshakeOperation<completion_handler_t, Stream> op{
420 std::forward<completion_handler_t>(completion_handler), *
this, ec};
430 template <
typename ConstBufferSequence, detail::basic_completion_token BufferedHandshakeHandler>
431 auto async_handshake(Connection_Side side,
432 const ConstBufferSequence& buffers,
433 BufferedHandshakeHandler&& handler) {
435 throw Not_Implemented(
"buffered async handshake is not implemented");
452 void shutdown(boost::system::error_code& ec) {
453 try_with_error_code([&] { native_handle()->close(); }, ec);
455 send_pending_encrypted_data(ec);
469 boost::system::error_code ec;
471 boost::asio::detail::throw_error(ec,
"shutdown");
482 template <
typename Handler,
typename Executor>
484 void operator()(boost::system::error_code ec, std::size_t) { handler(ec); }
486 using executor_type = boost::asio::associated_executor_t<Handler, Executor>;
488 executor_type get_executor() const noexcept {
489 return boost::asio::get_associated_executor(handler, io_executor);
492 using allocator_type = boost::asio::associated_allocator_t<Handler>;
494 allocator_type get_allocator() const noexcept {
return boost::asio::get_associated_allocator(handler); }
497 Executor io_executor;
511 template <detail::basic_completion_token CompletionToken = default_completion_token>
512 auto async_shutdown(CompletionToken&& completion_token = default_completion_token{}) {
513 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code)>(
514 [
this](
auto&& completion_handler) {
515 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
517 boost::system::error_code ec;
518 try_with_error_code([&] { native_handle()->close(); }, ec);
520 using write_handler_t = Wrapper<completion_handler_t, typename Stream::executor_type>;
522 TLS::detail::AsyncWriteOperation<write_handler_t, Stream> op{
523 write_handler_t{std::forward<completion_handler_t>(completion_handler), get_executor()},
525 boost::asio::buffer_size(send_buffer()),
546 template <
typename MutableBufferSequence>
547 std::size_t read_some(
const MutableBufferSequence& buffers, boost::system::error_code& ec) {
553 if(has_received_data()) {
554 return copy_received_data(buffers);
563 handle_tls_protocol_errors(ec);
570 read_and_process_encrypted_data_from_peer(ec);
587 template <
typename MutableBufferSequence>
588 std::size_t read_some(
const MutableBufferSequence& buffers) {
589 boost::system::error_code ec;
590 const auto n = read_some(buffers, ec);
591 boost::asio::detail::throw_error(ec,
"read_some");
605 template <
typename ConstBufferSequence>
606 std::size_t write_some(
const ConstBufferSequence& buffers, boost::system::error_code& ec) {
607 tls_encrypt(buffers, ec);
608 send_pending_encrypted_data(ec);
609 return !ec ? boost::asio::buffer_size(buffers) : 0;
622 template <
typename ConstBufferSequence>
623 std::size_t write_some(
const ConstBufferSequence& buffers) {
624 boost::system::error_code ec;
625 const auto n = write_some(buffers, ec);
626 boost::asio::detail::throw_error(ec,
"write_some");
638 template <
typename ConstBufferSequence,
639 detail::byte_size_completion_token CompletionToken = default_completion_token>
640 auto async_write_some(
const ConstBufferSequence& buffers,
641 CompletionToken&& completion_token = default_completion_token{}) {
642 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code, std::size_t)>(
643 [
this](
auto&& completion_handler,
const auto& bufs) {
644 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
646 boost::system::error_code ec;
647 tls_encrypt(bufs, ec);
652 m_core->send_buffer().consume(m_core->send_buffer().size());
655 detail::AsyncWriteOperation<completion_handler_t, Stream> op{
656 std::forward<completion_handler_t>(completion_handler),
658 ec ? 0 : boost::asio::buffer_size(bufs),
674 template <
typename MutableBufferSequence,
675 detail::byte_size_completion_token CompletionToken = default_completion_token>
676 auto async_read_some(
const MutableBufferSequence& buffers,
677 CompletionToken&& completion_token = default_completion_token{}) {
678 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code, std::size_t)>(
679 [
this](
auto&& completion_handler,
const auto& bufs) {
680 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
682 detail::AsyncReadOperation<completion_handler_t, Stream, MutableBufferSequence> op{
683 std::forward<completion_handler_t>(completion_handler), *
this, bufs};
695 bool shutdown_received()
const {
return m_core->shutdown_received(); }
698 template <
class H,
class S,
class M,
class A>
699 friend class detail::AsyncReadOperation;
700 template <
class H,
class S,
class A>
701 friend class detail::AsyncWriteOperation;
702 template <
class H,
class S,
class A>
703 friend class detail::AsyncHandshakeOperation;
705 const boost::asio::mutable_buffer& input_buffer() {
return m_input_buffer; }
707 boost::asio::const_buffer send_buffer()
const {
return m_core->send_buffer().data(); }
710 bool has_received_data()
const {
return m_core->receive_buffer().size() > 0; }
713 template <
typename MutableBufferSequence>
714 std::size_t copy_received_data(MutableBufferSequence buffers) {
719 const auto copiedBytes = boost::asio::buffer_copy(buffers, m_core->receive_buffer().data());
720 m_core->receive_buffer().consume(copiedBytes);
725 bool has_data_to_send()
const {
return m_core->send_buffer().size() > 0; }
728 void consume_send_buffer(std::size_t bytesConsumed) { m_core->send_buffer().consume(bytesConsumed); }
739 void setup_native_handle(Connection_Side side, boost::system::error_code& ec) {
742 if constexpr(std::is_same<ChannelT, Channel>::value) {
747 if(side == Connection_Side::Client) {
748 m_native_handle = std::unique_ptr<Client>(
750 m_context->m_session_manager,
751 m_context->m_credentials_manager,
754 m_context->m_server_info,
755 m_context->m_policy->latest_supported_version(
false )));
757 m_native_handle = std::unique_ptr<Server>(
new Server(m_core,
758 m_context->m_session_manager,
759 m_context->m_credentials_manager,
785 void handle_tls_protocol_errors(boost::system::error_code& ec) {
794 else if(
auto error = error_from_us()) {
806 else if(
auto alert = alert_from_peer()) {
807 if(alert->type() == AlertType::CloseNotify) {
808 ec = boost::asio::error::eof;
824 void read_and_process_encrypted_data_from_peer(boost::system::error_code& ec) {
832 BOTAN_ASSERT(!has_received_data(),
"receive buffer is empty");
833 BOTAN_ASSERT(!error_from_us() && !alert_from_peer(),
"TLS session is healthy");
839 boost::asio::const_buffer read_buffer{input_buffer().data(), m_nextLayer.read_some(input_buffer(), ec)};
841 process_encrypted_data(read_buffer);
842 }
else if(ec == boost::asio::error::eof) {
843 ec = StreamError::StreamTruncated;
855 size_t send_pending_encrypted_data(boost::system::error_code& ec) {
860 auto writtenBytes = boost::asio::write(m_nextLayer, send_buffer(), ec);
861 consume_send_buffer(writtenBytes);
863 if(ec == boost::asio::error::eof && !shutdown_received()) {
865 ec = StreamError::StreamTruncated;
876 template <
typename ConstBufferSequence>
877 void tls_encrypt(
const ConstBufferSequence& buffers, boost::system::error_code& ec) {
881 std::vector<uint8_t> copy_buffer;
882 auto unpack = [©_buffer](
const auto& bufs) -> std::span<const uint8_t> {
883 const auto buffers_in_sequence =
884 std::distance(boost::asio::buffer_sequence_begin(bufs), boost::asio::buffer_sequence_end(bufs));
886 if(buffers_in_sequence == 0) {
888 }
else if(buffers_in_sequence == 1) {
889 const boost::asio::const_buffer buf = *boost::asio::buffer_sequence_begin(bufs);
890 return {
static_cast<const uint8_t*
>(buf.data()), buf.size()};
892 copy_buffer.resize(boost::asio::buffer_size(bufs));
893 boost::asio::buffer_copy(boost::asio::buffer(copy_buffer), bufs);
901 try_with_error_code([&] { native_handle()->send(
unpack(buffers)); }, ec);
915 void process_encrypted_data(
const boost::asio::const_buffer& read_buffer) {
917 "no one sent an alert before (no data allowed after that)");
925 native_handle()->received_data({
static_cast<const uint8_t*
>(read_buffer.data()), read_buffer.size()});
927 m_ec_from_last_read);
931 template <
typename Fun>
932 void try_with_error_code(Fun f, boost::system::error_code& ec) {
935 }
catch(
const TLS_Exception& e) {
937 }
catch(
const Exception& e) {
939 }
catch(
const std::exception&) {
940 ec = ErrorType::Unknown;
950 std::optional<Alert> alert_from_peer()
const {
return m_core->alert_from_peer(); }
958 boost::system::error_code error_from_us()
const {
return m_ec_from_last_read; }
961 std::shared_ptr<Context> m_context;
962 StreamLayer m_nextLayer;
964 std::shared_ptr<StreamCallbacks> m_core;
965 std::unique_ptr<ChannelT> m_native_handle;
966 boost::system::error_code m_ec_from_last_read;
969 std::vector<uint8_t> m_input_buffer_space;
970 const boost::asio::mutable_buffer m_input_buffer;
976Stream(Server_Information,
T) -> Stream<T>;
978Stream(std::shared_ptr<Context>, std::shared_ptr<StreamCallbacks>,
T) -> Stream<T>;
980Stream(std::shared_ptr<Context>,
T) -> Stream<T>;
982Stream(
T, std::shared_ptr<Context>) -> Stream<T>;
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_STATE_CHECK(expr)
#define BOTAN_ASSERT(expr, assertion_made)
int(* final)(unsigned char *, CTX *)
constexpr void unpack(Polynomial< PolyTrait, D > &p, ByteSourceT &byte_source, UnmapFnT unmap)