10#ifndef BOTAN_ASIO_STREAM_H_
11#define BOTAN_ASIO_STREAM_H_
13#include <botan/asio_compat.h>
14#if !defined(BOTAN_FOUND_COMPATIBLE_BOOST_ASIO_VERSION)
15 #error Available boost headers are too old for the boost asio stream.
18 #include <botan/asio_async_ops.h>
19 #include <botan/asio_context.h>
20 #include <botan/asio_error.h>
22 #include <botan/tls_callbacks.h>
23 #include <botan/tls_channel.h>
24 #include <botan/tls_client.h>
25 #include <botan/tls_magic.h>
26 #include <botan/tls_server.h>
30 #define BOOST_ASIO_DISABLE_SERIAL_PORT
31 #include <boost/asio.hpp>
32 #include <boost/beast/core.hpp>
35 #include <type_traits>
39template <
class SL,
class C>
61 void tls_emit_data(std::span<const uint8_t> data)
final {
62 m_send_buffer.commit(boost::asio::buffer_copy(m_send_buffer.prepare(data.size()),
63 boost::asio::buffer(data.data(), data.size())));
66 void tls_record_received(uint64_t, std::span<const uint8_t> data)
final {
67 m_receive_buffer.commit(boost::asio::buffer_copy(m_receive_buffer.prepare(data.size()),
68 boost::asio::const_buffer(data.data(), data.size())));
71 bool tls_peer_closed_connection() final {
85 void tls_alert(TLS::Alert alert)
final {
86 if(alert.is_fatal() || alert.type() == TLS::AlertType::CloseNotify) {
91 m_alert_from_peer = alert;
95 void tls_verify_cert_chain(
const std::vector<X509_Certificate>& cert_chain,
96 const std::vector<std::optional<OCSP::Response>>& ocsp_responses,
97 const std::vector<Certificate_Store*>& trusted_roots,
99 std::string_view hostname,
100 const TLS::Policy& policy)
override {
101 auto ctx = m_context.lock();
103 if(ctx && ctx->has_verify_callback()) {
104 ctx->get_verify_callback()(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
106 Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
112 template <
class SL,
class C>
115 void set_context(std::weak_ptr<Botan::TLS::Context> context) { m_context = std::move(context); }
117 void consume_send_buffer() { m_send_buffer.consume(m_send_buffer.size()); }
119 boost::beast::flat_buffer& send_buffer() {
return m_send_buffer; }
121 const boost::beast::flat_buffer& send_buffer()
const {
return m_send_buffer; }
123 boost::beast::flat_buffer& receive_buffer() {
return m_receive_buffer; }
125 const boost::beast::flat_buffer& receive_buffer()
const {
return m_receive_buffer; }
127 bool shutdown_received()
const {
128 return m_alert_from_peer && m_alert_from_peer->type() == AlertType::CloseNotify;
131 std::optional<Alert> alert_from_peer()
const {
return m_alert_from_peer; }
134 std::optional<Alert> m_alert_from_peer;
135 boost::beast::flat_buffer m_receive_buffer;
136 boost::beast::flat_buffer m_send_buffer;
138 std::weak_ptr<TLS::Context> m_context;
144concept basic_completion_token = boost::asio::completion_token_for<T, void(boost::system::error_code)>;
147concept byte_size_completion_token = boost::asio::completion_token_for<T, void(boost::system::error_code,
size_t)>;
157template <
class StreamLayer,
class ChannelT = Channel>
160 using default_completion_token =
161 boost::asio::default_completion_token_t<boost::beast::executor_type<StreamLayer>>;
179 template <
typename... Args>
180 explicit Stream(std::shared_ptr<Context> context, std::shared_ptr<StreamCallbacks> callbacks, Args&&... args) :
181 m_context(std::move(context)),
182 m_nextLayer(std::forward<Args>(args)...),
183 m_core(std::move(callbacks)),
185 m_input_buffer(m_input_buffer_space.data(), m_input_buffer_space.size()) {
186 m_core->set_context(m_context);
195 template <
typename... Args>
196 explicit Stream(std::shared_ptr<Context> context, Args&&... args) :
197 Stream(std::move(context), std::make_shared<StreamCallbacks>(), std::forward<Args>(args)...) {}
210 template <
typename Arg>
211 explicit Stream(Arg&& arg,
212 std::shared_ptr<Context> context,
213 std::shared_ptr<StreamCallbacks> callbacks = std::make_shared<StreamCallbacks>()) :
214 Stream(std::move(context), std::move(callbacks), std::forward<Arg>(arg)) {}
216 #if defined(BOTAN_HAS_HAS_DEFAULT_TLS_CONTEXT)
227 template <
typename... Args>
228 explicit Stream(Server_Information server_info, Args&&... args) :
229 Stream(std::make_shared<Context>(std::move(server_info)), std::forward<Args>(args)...) {}
232 virtual ~Stream() =
default;
234 Stream(Stream&& other) =
default;
235 Stream& operator=(Stream&& other) =
default;
237 Stream(
const Stream& other) =
delete;
238 Stream& operator=(
const Stream& other) =
delete;
244 using next_layer_type =
typename std::remove_reference<StreamLayer>::type;
246 const next_layer_type& next_layer()
const {
return m_nextLayer; }
248 next_layer_type& next_layer() {
return m_nextLayer; }
250 using lowest_layer_type =
typename boost::beast::lowest_layer_type<StreamLayer>;
252 lowest_layer_type& lowest_layer() {
return boost::beast::get_lowest_layer(m_nextLayer); }
254 const lowest_layer_type& lowest_layer()
const {
return boost::beast::get_lowest_layer(m_nextLayer); }
256 using executor_type =
typename next_layer_type::executor_type;
258 executor_type get_executor() noexcept {
return m_nextLayer.get_executor(); }
260 using native_handle_type =
typename std::add_pointer<ChannelT>::type;
262 native_handle_type native_handle() {
263 if(m_native_handle ==
nullptr) {
264 throw Botan::Invalid_State(
"ASIO native handle unexpectedly null");
266 return m_native_handle.get();
282 void set_verify_callback(Context::Verify_Callback callback) {
283 m_context->set_verify_callback(std::move(callback));
292 void set_verify_callback(Context::Verify_Callback callback, [[maybe_unused]] boost::system::error_code& ec) {
293 m_context->set_verify_callback(std::move(callback));
301 void set_verify_depth([[maybe_unused]]
int depth) {
302 throw Not_Implemented(
"set_verify_depth is not implemented");
310 void set_verify_depth([[maybe_unused]]
int depth, boost::system::error_code& ec) {
311 ec = ErrorType::NotImplemented;
319 template <
typename verify_mode>
320 void set_verify_mode([[maybe_unused]] verify_mode v) {
321 throw Not_Implemented(
"set_verify_mode is not implemented");
329 template <
typename verify_mode>
330 void set_verify_mode([[maybe_unused]] verify_mode v, boost::system::error_code& ec) {
331 ec = ErrorType::NotImplemented;
346 void handshake(Connection_Side side) {
347 boost::system::error_code ec;
349 boost::asio::detail::throw_error(ec,
"handshake");
360 void handshake(Connection_Side side, boost::system::error_code& ec) {
361 setup_native_handle(side, ec);
370 if(has_data_to_send()) {
371 send_pending_encrypted_data(ec);
376 if(native_handle()->is_handshake_complete()) {
384 handle_tls_protocol_errors(ec);
390 read_and_process_encrypted_data_from_peer(ec);
403 template <detail::basic_completion_token CompletionToken = default_completion_token>
405 CompletionToken&& completion_token = default_completion_token{}) {
406 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code)>(
407 [
this](
auto&& completion_handler, TLS::Connection_Side connection_side) {
408 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
410 boost::system::error_code ec;
411 setup_native_handle(connection_side, ec);
413 detail::AsyncHandshakeOperation<completion_handler_t, Stream> op{
414 std::forward<completion_handler_t>(completion_handler), *
this, ec};
424 template <
typename ConstBufferSequence, detail::basic_completion_token BufferedHandshakeHandler>
425 auto async_handshake([[maybe_unused]] Connection_Side side,
426 [[maybe_unused]]
const ConstBufferSequence& buffers,
427 [[maybe_unused]] BufferedHandshakeHandler&& handler) {
428 throw Not_Implemented(
"buffered async handshake is not implemented");
445 void shutdown(boost::system::error_code& ec) {
446 try_with_error_code([&] { native_handle()->close(); }, ec);
448 send_pending_encrypted_data(ec);
462 boost::system::error_code ec;
464 boost::asio::detail::throw_error(ec,
"shutdown");
475 template <
typename Handler,
typename Executor>
477 void operator()(boost::system::error_code ec, std::size_t) { handler(ec); }
479 using executor_type = boost::asio::associated_executor_t<Handler, Executor>;
481 executor_type get_executor() const noexcept {
482 return boost::asio::get_associated_executor(handler, io_executor);
485 using allocator_type = boost::asio::associated_allocator_t<Handler>;
487 allocator_type get_allocator() const noexcept {
return boost::asio::get_associated_allocator(handler); }
490 Executor io_executor;
504 template <detail::basic_completion_token CompletionToken = default_completion_token>
505 auto async_shutdown(CompletionToken&& completion_token = default_completion_token{}) {
506 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code)>(
507 [
this](
auto&& completion_handler) {
508 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
510 boost::system::error_code ec;
511 try_with_error_code([&] { native_handle()->close(); }, ec);
513 using write_handler_t = Wrapper<completion_handler_t, typename Stream::executor_type>;
515 TLS::detail::AsyncWriteOperation<write_handler_t, Stream> op{
516 write_handler_t{std::forward<completion_handler_t>(completion_handler), get_executor()},
518 boost::asio::buffer_size(send_buffer()),
539 template <
typename MutableBufferSequence>
540 std::size_t read_some(
const MutableBufferSequence& buffers, boost::system::error_code& ec) {
546 if(has_received_data()) {
547 return copy_received_data(buffers);
556 handle_tls_protocol_errors(ec);
563 read_and_process_encrypted_data_from_peer(ec);
579 template <
typename MutableBufferSequence>
580 std::size_t read_some(
const MutableBufferSequence& buffers) {
581 boost::system::error_code ec;
582 const auto n = read_some(buffers, ec);
583 boost::asio::detail::throw_error(ec,
"read_some");
597 template <
typename ConstBufferSequence>
598 std::size_t write_some(
const ConstBufferSequence& buffers, boost::system::error_code& ec) {
599 tls_encrypt(buffers, ec);
600 send_pending_encrypted_data(ec);
601 return !ec ? boost::asio::buffer_size(buffers) : 0;
614 template <
typename ConstBufferSequence>
615 std::size_t write_some(
const ConstBufferSequence& buffers) {
616 boost::system::error_code ec;
617 const auto n = write_some(buffers, ec);
618 boost::asio::detail::throw_error(ec,
"write_some");
630 template <
typename ConstBufferSequence,
631 detail::byte_size_completion_token CompletionToken = default_completion_token>
632 auto async_write_some(
const ConstBufferSequence& buffers,
633 CompletionToken&& completion_token = default_completion_token{}) {
634 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code, std::size_t)>(
635 [
this](
auto&& completion_handler,
const auto& bufs) {
636 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
638 boost::system::error_code ec;
639 tls_encrypt(bufs, ec);
644 m_core->send_buffer().consume(m_core->send_buffer().size());
647 detail::AsyncWriteOperation<completion_handler_t, Stream> op{
648 std::forward<completion_handler_t>(completion_handler),
650 ec ? 0 : boost::asio::buffer_size(bufs),
666 template <
typename MutableBufferSequence,
667 detail::byte_size_completion_token CompletionToken = default_completion_token>
668 auto async_read_some(
const MutableBufferSequence& buffers,
669 CompletionToken&& completion_token = default_completion_token{}) {
670 return boost::asio::async_initiate<CompletionToken, void(boost::system::error_code, std::size_t)>(
671 [
this](
auto&& completion_handler,
const auto& bufs) {
672 using completion_handler_t = std::decay_t<
decltype(completion_handler)>;
674 detail::AsyncReadOperation<completion_handler_t, Stream, MutableBufferSequence> op{
675 std::forward<completion_handler_t>(completion_handler), *
this, bufs};
687 bool shutdown_received()
const {
return m_core->shutdown_received(); }
690 template <
class H,
class S,
class M,
class A>
691 friend class detail::AsyncReadOperation;
692 template <
class H,
class S,
class A>
693 friend class detail::AsyncWriteOperation;
694 template <
class H,
class S,
class A>
695 friend class detail::AsyncHandshakeOperation;
697 const boost::asio::mutable_buffer& input_buffer() {
return m_input_buffer; }
699 boost::asio::const_buffer send_buffer()
const {
return m_core->send_buffer().data(); }
702 bool has_received_data()
const {
return m_core->receive_buffer().size() > 0; }
705 template <
typename MutableBufferSequence>
706 std::size_t copy_received_data(MutableBufferSequence buffers) {
711 const auto copiedBytes = boost::asio::buffer_copy(buffers, m_core->receive_buffer().data());
712 m_core->receive_buffer().consume(copiedBytes);
717 bool has_data_to_send()
const {
return m_core->send_buffer().size() > 0; }
720 void consume_send_buffer(std::size_t bytesConsumed) { m_core->send_buffer().consume(bytesConsumed); }
731 void setup_native_handle(Connection_Side side, boost::system::error_code& ec) {
734 if constexpr(std::is_same<ChannelT, Channel>::value) {
735 if(m_native_handle !=
nullptr) {
736 throw Botan::Invalid_State(
"ASIO native handle unexpectedly set");
741 if(side == Connection_Side::Client) {
742 m_native_handle = std::unique_ptr<Client>(
744 m_context->m_session_manager,
745 m_context->m_credentials_manager,
748 m_context->m_server_info,
749 m_context->m_policy->latest_supported_version(
false )));
751 m_native_handle = std::unique_ptr<Server>(
new Server(m_core,
752 m_context->m_session_manager,
753 m_context->m_credentials_manager,
779 void handle_tls_protocol_errors(boost::system::error_code& ec) {
788 else if(
auto error = error_from_us()) {
800 else if(
auto alert = alert_from_peer()) {
801 if(alert->type() == AlertType::CloseNotify) {
802 ec = boost::asio::error::eof;
818 void read_and_process_encrypted_data_from_peer(boost::system::error_code& ec) {
826 if(has_received_data()) {
827 throw Botan::Invalid_State(
"ASIO receive buffer not empty");
830 if(error_from_us() || alert_from_peer()) {
831 throw Botan::Invalid_State(
"ASIO TLS session no longer healthy");
838 boost::asio::const_buffer read_buffer{input_buffer().data(), m_nextLayer.read_some(input_buffer(), ec)};
840 process_encrypted_data(read_buffer);
841 }
else if(ec == boost::asio::error::eof) {
842 ec = StreamError::StreamTruncated;
854 size_t send_pending_encrypted_data(boost::system::error_code& ec) {
859 auto writtenBytes = boost::asio::write(m_nextLayer, send_buffer(), ec);
860 consume_send_buffer(writtenBytes);
862 if(ec == boost::asio::error::eof && !shutdown_received()) {
864 ec = StreamError::StreamTruncated;
875 template <
typename ConstBufferSequence>
876 void tls_encrypt(
const ConstBufferSequence& buffers, boost::system::error_code& ec) {
880 std::vector<uint8_t> copy_buffer;
881 auto unpack = [©_buffer](
const auto& bufs) -> std::span<const uint8_t> {
882 const auto buffers_in_sequence =
883 std::distance(boost::asio::buffer_sequence_begin(bufs), boost::asio::buffer_sequence_end(bufs));
885 if(buffers_in_sequence == 0) {
887 }
else if(buffers_in_sequence == 1) {
888 const boost::asio::const_buffer buf = *boost::asio::buffer_sequence_begin(bufs);
889 return {
static_cast<const uint8_t*
>(buf.data()), buf.size()};
891 copy_buffer.resize(boost::asio::buffer_size(bufs));
892 boost::asio::buffer_copy(boost::asio::buffer(copy_buffer), bufs);
900 try_with_error_code([&] { native_handle()->send(
unpack(buffers)); }, ec);
914 void process_encrypted_data(
const boost::asio::const_buffer& read_buffer) {
915 if(alert_from_peer() || error_from_us()) {
916 throw Botan::Invalid_State(
"ASIO TLS session no longer healthy");
925 native_handle()->received_data({
static_cast<const uint8_t*
>(read_buffer.data()), read_buffer.size()});
927 m_ec_from_last_read);
931 template <
typename Fun>
932 void try_with_error_code(Fun f, boost::system::error_code& ec) {
935 }
catch(
const TLS_Exception& e) {
937 }
catch(
const Exception& e) {
939 }
catch(
const std::exception&) {
940 ec = ErrorType::Unknown;
950 std::optional<Alert> alert_from_peer()
const {
return m_core->alert_from_peer(); }
958 boost::system::error_code error_from_us()
const {
return m_ec_from_last_read; }
961 std::shared_ptr<Context> m_context;
962 StreamLayer m_nextLayer;
964 std::shared_ptr<StreamCallbacks> m_core;
965 std::unique_ptr<ChannelT> m_native_handle;
966 boost::system::error_code m_ec_from_last_read;
969 std::vector<uint8_t> m_input_buffer_space;
970 const boost::asio::mutable_buffer m_input_buffer;
978Stream(std::shared_ptr<Context>, std::shared_ptr<StreamCallbacks>, T) -> Stream<T>;
980Stream(std::shared_ptr<Context>, T) -> Stream<T>;
982Stream(T, std::shared_ptr<Context>) -> Stream<T>;
constexpr void unpack(Polynomial< PolyTrait, D > &p, ByteSourceT &byte_source, UnmapFnT unmap)