Botan
2.17.3
Crypto and TLS for C++11
|
#include <tls_channel.h>
Public Types | |
typedef std::function< void(Alert, const uint8_t[], size_t)> | alert_cb |
typedef std::function< void(const uint8_t[], size_t)> | data_cb |
typedef std::function< bool(const Session &)> | handshake_cb |
typedef std::function< void(const Handshake_Message &)> | handshake_msg_cb |
typedef std::function< void(const uint8_t[], size_t)> | output_fn |
Public Member Functions | |
virtual std::string | application_protocol () const =0 |
Channel (Callbacks &callbacks, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_server, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE) | |
Channel (output_fn out, data_cb app_data_cb, alert_cb alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_server, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE) | |
Channel (const Channel &)=delete | |
void | close () |
bool | is_active () const |
bool | is_closed () const |
SymmetricKey | key_material_export (const std::string &label, const std::string &context, size_t length) const |
Channel & | operator= (const Channel &)=delete |
std::vector< X509_Certificate > | peer_cert_chain () const |
size_t | received_data (const uint8_t buf[], size_t buf_size) |
size_t | received_data (const std::vector< uint8_t > &buf) |
void | renegotiate (bool force_full_renegotiation=false) |
bool | secure_renegotiation_supported () const |
void | send (const uint8_t buf[], size_t buf_size) |
void | send (const std::string &val) |
template<typename Alloc > | |
void | send (const std::vector< unsigned char, Alloc > &val) |
void | send_alert (const Alert &alert) |
void | send_fatal_alert (Alert::Type type) |
void | send_warning_alert (Alert::Type type) |
bool | timeout_check () |
virtual | ~Channel () |
Static Public Attributes | |
static size_t | IO_BUF_DEFAULT_SIZE = 10*1024 |
Generic interface for TLS endpoint
Definition at line 37 of file tls_channel.h.
typedef std::function<void (Alert, const uint8_t[], size_t)> Botan::TLS::Channel::alert_cb |
Definition at line 42 of file tls_channel.h.
typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::data_cb |
Definition at line 41 of file tls_channel.h.
typedef std::function<bool (const Session&)> Botan::TLS::Channel::handshake_cb |
Definition at line 43 of file tls_channel.h.
typedef std::function<void (const Handshake_Message&)> Botan::TLS::Channel::handshake_msg_cb |
Definition at line 44 of file tls_channel.h.
typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::output_fn |
Definition at line 40 of file tls_channel.h.
Botan::TLS::Channel::Channel | ( | Callbacks & | callbacks, |
Session_Manager & | session_manager, | ||
RandomNumberGenerator & | rng, | ||
const Policy & | policy, | ||
bool | is_server, | ||
bool | is_datagram, | ||
size_t | io_buf_sz = IO_BUF_DEFAULT_SIZE |
||
) |
Set up a new TLS session
callbacks | contains a set of callback function references required by the TLS endpoint. |
session_manager | manages session state |
rng | a random number generator |
policy | specifies other connection policy information |
is_server | whether this is a server session or not |
is_datagram | whether this is a DTLS session |
io_buf_sz | This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely. |
Definition at line 26 of file tls_channel.cpp.
Botan::TLS::Channel::Channel | ( | output_fn | out, |
data_cb | app_data_cb, | ||
alert_cb | alert_cb, | ||
handshake_cb | hs_cb, | ||
handshake_msg_cb | hs_msg_cb, | ||
Session_Manager & | session_manager, | ||
RandomNumberGenerator & | rng, | ||
const Policy & | policy, | ||
bool | is_server, | ||
bool | is_datagram, | ||
size_t | io_buf_sz = IO_BUF_DEFAULT_SIZE |
||
) |
DEPRECATED. This constructor is only provided for backward compatibility and should not be used in new implementations. (Not marked deprecated since it is only called internally, by other deprecated constructors)
Definition at line 44 of file tls_channel.cpp.
|
delete |
|
virtual |
Definition at line 107 of file tls_channel.cpp.
|
protected |
Definition at line 291 of file tls_channel.cpp.
References callbacks(), Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().
|
pure virtual |
Implemented in Botan::TLS::Client, and Botan::TLS::Server.
|
inlineprotected |
Definition at line 242 of file tls_channel.h.
Referenced by activate_session(), and save_session().
|
protected |
Definition at line 222 of file tls_channel.cpp.
References BOTAN_ASSERT, Botan::TLS::CLIENT, Botan::TLS::Connection_Sequence_Numbers::current_read_epoch(), Botan::TLS::Connection_Sequence_Numbers::new_read_cipher_state(), and Botan::TLS::SERVER.
|
protected |
Definition at line 251 of file tls_channel.cpp.
References BOTAN_ASSERT, Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), and Botan::TLS::Connection_Sequence_Numbers::new_write_cipher_state().
|
inline |
Send a close notification alert
Definition at line 149 of file tls_channel.h.
References Botan::TLS::Alert::CLOSE_NOTIFY.
|
protected |
Definition at line 146 of file tls_channel.cpp.
References Botan::TLS::Protocol_Version::is_datagram_protocol(), new_handshake_state(), Botan::TLS::Alert::PROTOCOL_VERSION, and Botan::TLS::Protocol_Version::to_string().
Referenced by renegotiate().
|
protectedpure virtual |
Referenced by peer_cert_chain().
|
protectedpure virtual |
Referenced by renegotiate().
|
protected |
bool Botan::TLS::Channel::is_active | ( | ) | const |
Definition at line 279 of file tls_channel.cpp.
References is_closed().
Referenced by Botan::TLS::Blocking_Client::do_handshake(), and send().
bool Botan::TLS::Channel::is_closed | ( | ) | const |
Definition at line 286 of file tls_channel.cpp.
Referenced by Botan::TLS::Blocking_Client::do_handshake(), is_active(), Botan::TLS::Blocking_Client::read(), and send_alert().
SymmetricKey Botan::TLS::Channel::key_material_export | ( | const std::string & | label, |
const std::string & | context, | ||
size_t | length | ||
) | const |
Key material export (RFC 5705)
label | a disambiguating label string |
context | a per-association context value |
length | the length of the desired key in bytes |
Definition at line 757 of file tls_channel.cpp.
References Botan::get_byte(), and Botan::to_byte_vector().
|
protectedpure virtual |
Referenced by create_handshake_state().
std::vector< X509_Certificate > Botan::TLS::Channel::peer_cert_chain | ( | ) | const |
Definition at line 134 of file tls_channel.cpp.
References get_peer_cert_chain().
|
inlineprotected |
Definition at line 238 of file tls_channel.h.
Referenced by received_data(), and renegotiate().
|
protectedpure virtual |
size_t Botan::TLS::Channel::received_data | ( | const uint8_t | buf[], |
size_t | buf_size | ||
) |
Inject TLS traffic received from counterparty
Definition at line 316 of file tls_channel.cpp.
References Botan::TLS::ALERT, Botan::TLS::Policy::allow_dtls_epoch0_restart(), Botan::TLS::APPLICATION_DATA, Botan::TLS::Alert::BAD_RECORD_MAC, BOTAN_ASSERT, BOTAN_ASSERT_IMPLICATION, Botan::TLS::CHANGE_CIPHER_SPEC, Botan::TLS::Alert::DECODE_ERROR, Botan::TLS::Record_Header::epoch(), Botan::TLS::HANDSHAKE, Botan::TLS::Alert::INTERNAL_ERROR, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Record_Header::needed(), Botan::TLS::NO_RECORD, policy(), Botan::TLS::Alert::PROTOCOL_VERSION, Botan::TLS::read_record(), Botan::TLS::Alert::RECORD_OVERFLOW, send_fatal_alert(), Botan::TLS::Record_Header::sequence(), Botan::ASN1::to_string(), Botan::TLS::TLS_Exception::type(), Botan::TLS::Record_Header::type(), Botan::TLS::Alert::UNEXPECTED_MESSAGE, and Botan::TLS::Record_Header::version().
Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), and received_data().
size_t Botan::TLS::Channel::received_data | ( | const std::vector< uint8_t > & | buf | ) |
Inject TLS traffic received from counterparty
Definition at line 311 of file tls_channel.cpp.
References received_data().
void Botan::TLS::Channel::renegotiate | ( | bool | force_full_renegotiation = false | ) |
Attempt to renegotiate the session
force_full_renegotiation | if true, require a full renegotiation, otherwise allow session resumption |
Definition at line 205 of file tls_channel.cpp.
References Botan::TLS::Policy::allow_resumption_for_renegotiation(), create_handshake_state(), initiate_handshake(), and policy().
|
protected |
|
inlineprotected |
Definition at line 234 of file tls_channel.h.
|
protected |
Definition at line 141 of file tls_channel.cpp.
References callbacks(), and Botan::TLS::Callbacks::tls_session_established().
|
protected |
Definition at line 680 of file tls_channel.cpp.
References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Client_Hello::renegotiation_info(), Botan::TLS::Client_Hello::secure_renegotiation(), and secure_renegotiation_data_for_client_hello().
|
protected |
Definition at line 703 of file tls_channel.cpp.
References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Server_Hello::renegotiation_info(), Botan::TLS::Server_Hello::secure_renegotiation(), and secure_renegotiation_data_for_server_hello().
|
protected |
Definition at line 726 of file tls_channel.cpp.
Referenced by secure_renegotiation_check().
|
protected |
Definition at line 733 of file tls_channel.cpp.
Referenced by secure_renegotiation_check().
bool Botan::TLS::Channel::secure_renegotiation_supported | ( | ) | const |
Definition at line 745 of file tls_channel.cpp.
void Botan::TLS::Channel::send | ( | const uint8_t | buf[], |
size_t | buf_size | ||
) |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 637 of file tls_channel.cpp.
References Botan::TLS::APPLICATION_DATA, and is_active().
Referenced by send().
void Botan::TLS::Channel::send | ( | const std::string & | val | ) |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 646 of file tls_channel.cpp.
References Botan::cast_char_ptr_to_uint8(), and send().
|
inline |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 124 of file tls_channel.h.
void Botan::TLS::Channel::send_alert | ( | const Alert & | alert | ) |
Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.
alert | the Alert to send |
Definition at line 651 of file tls_channel.cpp.
References Botan::TLS::ALERT, Botan::TLS::Alert::CLOSE_NOTIFY, is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Alert::NO_RENEGOTIATION, Botan::TLS::Session_Manager::remove_entry(), Botan::TLS::Alert::serialize(), and Botan::TLS::Alert::type().
|
inline |
Send a fatal alert
Definition at line 144 of file tls_channel.h.
References type.
Referenced by received_data().
|
inline |
|
inlineprotected |
Definition at line 236 of file tls_channel.h.
bool Botan::TLS::Channel::timeout_check | ( | ) |
Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.
Definition at line 196 of file tls_channel.cpp.
|
static |
Definition at line 45 of file tls_channel.h.