Botan  2.7.0
Crypto and TLS for C++11
Public Types | Public Member Functions | Static Public Attributes | Protected Member Functions | List of all members
Botan::TLS::Channel Class Referenceabstract

#include <tls_channel.h>

Inheritance diagram for Botan::TLS::Channel:
Botan::TLS::Client Botan::TLS::Server

Public Types

typedef std::function< void(Alert, const uint8_t[], size_t)> alert_cb
 
typedef std::function< void(const uint8_t[], size_t)> data_cb
 
typedef std::function< bool(const Session &)> handshake_cb
 
typedef std::function< void(const Handshake_Message &)> handshake_msg_cb
 
typedef std::function< void(const uint8_t[], size_t)> output_fn
 

Public Member Functions

 Channel (Callbacks &callbacks, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE)
 
 Channel (output_fn out, data_cb app_data_cb, alert_cb alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE)
 
 Channel (const Channel &)=delete
 
void close ()
 
bool is_active () const
 
bool is_closed () const
 
SymmetricKey key_material_export (const std::string &label, const std::string &context, size_t length) const
 
Channeloperator= (const Channel &)=delete
 
std::vector< X509_Certificatepeer_cert_chain () const
 
size_t received_data (const uint8_t buf[], size_t buf_size)
 
size_t received_data (const std::vector< uint8_t > &buf)
 
void renegotiate (bool force_full_renegotiation=false)
 
bool secure_renegotiation_supported () const
 
void send (const uint8_t buf[], size_t buf_size)
 
void send (const std::string &val)
 
template<typename Alloc >
void send (const std::vector< unsigned char, Alloc > &val)
 
void send_alert (const Alert &alert)
 
void send_fatal_alert (Alert::Type type)
 
void send_warning_alert (Alert::Type type)
 
bool timeout_check ()
 
virtual ~Channel ()
 

Static Public Attributes

static size_t IO_BUF_DEFAULT_SIZE = 10*1024
 

Protected Member Functions

void activate_session ()
 
Callbackscallbacks () const
 
void change_cipher_spec_reader (Connection_Side side)
 
void change_cipher_spec_writer (Connection_Side side)
 
Handshake_Statecreate_handshake_state (Protocol_Version version)
 
virtual std::vector< X509_Certificateget_peer_cert_chain (const Handshake_State &state) const =0
 
virtual void initiate_handshake (Handshake_State &state, bool force_full_renegotiation)=0
 
void inspect_handshake_message (const Handshake_Message &msg)
 
virtual Handshake_Statenew_handshake_state (class Handshake_IO *io)=0
 
const Policypolicy () const
 
virtual void process_handshake_msg (const Handshake_State *active_state, Handshake_State &pending_state, Handshake_Type type, const std::vector< uint8_t > &contents)=0
 
RandomNumberGeneratorrng ()
 
bool save_session (const Session &session)
 
void secure_renegotiation_check (const Client_Hello *client_hello)
 
void secure_renegotiation_check (const Server_Hello *server_hello)
 
std::vector< uint8_t > secure_renegotiation_data_for_client_hello () const
 
std::vector< uint8_t > secure_renegotiation_data_for_server_hello () const
 
Session_Managersession_manager ()
 

Detailed Description

Generic interface for TLS endpoint

Definition at line 37 of file tls_channel.h.

Member Typedef Documentation

◆ alert_cb

typedef std::function<void (Alert, const uint8_t[], size_t)> Botan::TLS::Channel::alert_cb

Definition at line 42 of file tls_channel.h.

◆ data_cb

typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::data_cb

Definition at line 41 of file tls_channel.h.

◆ handshake_cb

typedef std::function<bool (const Session&)> Botan::TLS::Channel::handshake_cb

Definition at line 43 of file tls_channel.h.

◆ handshake_msg_cb

typedef std::function<void (const Handshake_Message&)> Botan::TLS::Channel::handshake_msg_cb

Definition at line 44 of file tls_channel.h.

◆ output_fn

typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::output_fn

Definition at line 40 of file tls_channel.h.

Constructor & Destructor Documentation

◆ Channel() [1/3]

Botan::TLS::Channel::Channel ( Callbacks callbacks,
Session_Manager session_manager,
RandomNumberGenerator rng,
const Policy policy,
bool  is_datagram,
size_t  io_buf_sz = IO_BUF_DEFAULT_SIZE 
)

Set up a new TLS session

Parameters
callbackscontains a set of callback function references required by the TLS endpoint.
session_managermanages session state
rnga random number generator
policyspecifies other connection policy information
is_datagramwhether this is a DTLS session
io_buf_szThis many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely.

Definition at line 26 of file tls_channel.cpp.

31  :
32  m_is_datagram(is_datagram),
33  m_callbacks(callbacks),
34  m_session_manager(session_manager),
35  m_policy(policy),
36  m_rng(rng)
37  {
38  init(reserved_io_buffer_size);
39  }
RandomNumberGenerator & rng()
Definition: tls_channel.h:234
Callbacks & callbacks() const
Definition: tls_channel.h:242
const Policy & policy() const
Definition: tls_channel.h:238
Session_Manager & session_manager()
Definition: tls_channel.h:236

◆ Channel() [2/3]

Botan::TLS::Channel::Channel ( output_fn  out,
data_cb  app_data_cb,
alert_cb  alert_cb,
handshake_cb  hs_cb,
handshake_msg_cb  hs_msg_cb,
Session_Manager session_manager,
RandomNumberGenerator rng,
const Policy policy,
bool  is_datagram,
size_t  io_buf_sz = IO_BUF_DEFAULT_SIZE 
)

DEPRECATED. This constructor is only provided for backward compatibility and should not be used in new implementations. (Not marked deprecated since it is only called internally, by other deprecated constructors)

Definition at line 41 of file tls_channel.cpp.

50  :
51  m_is_datagram(is_datagram),
52  m_compat_callbacks(new Compat_Callbacks(
53  /*
54  this Channel constructor is also deprecated so its ok that it
55  relies on a deprecated API
56  */
58  out, app_data_cb, recv_alert_cb, hs_cb, hs_msg_cb)),
59  m_callbacks(*m_compat_callbacks.get()),
60  m_session_manager(session_manager),
61  m_policy(policy),
62  m_rng(rng)
63  {
64  init(io_buf_sz);
65  }
RandomNumberGenerator & rng()
Definition: tls_channel.h:234
const Policy & policy() const
Definition: tls_channel.h:238
Session_Manager & session_manager()
Definition: tls_channel.h:236

◆ Channel() [3/3]

Botan::TLS::Channel::Channel ( const Channel )
delete

◆ ~Channel()

Botan::TLS::Channel::~Channel ( )
virtual

Definition at line 86 of file tls_channel.cpp.

87  {
88  // So unique_ptr destructors run correctly
89  }

Member Function Documentation

◆ activate_session()

void Botan::TLS::Channel::activate_session ( )
protected

Definition at line 272 of file tls_channel.cpp.

References callbacks(), Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().

273  {
274  std::swap(m_active_state, m_pending_state);
275  m_pending_state.reset();
276 
277  if(!m_active_state->version().is_datagram_protocol())
278  {
279  // TLS is easy just remove all but the current state
280  const uint16_t current_epoch = sequence_numbers().current_write_epoch();
281 
282  const auto not_current_epoch =
283  [current_epoch](uint16_t epoch) { return (epoch != current_epoch); };
284 
285  map_remove_if(not_current_epoch, m_write_cipher_states);
286  map_remove_if(not_current_epoch, m_read_cipher_states);
287  }
288 
290  }
virtual void tls_session_activated()
Definition: tls_callbacks.h:96
void map_remove_if(Pred pred, T &assoc)
Definition: stl_util.h:96
Callbacks & callbacks() const
Definition: tls_channel.h:242
virtual uint16_t current_write_epoch() const =0

◆ callbacks()

Callbacks& Botan::TLS::Channel::callbacks ( ) const
inlineprotected

Definition at line 242 of file tls_channel.h.

Referenced by activate_session(), and save_session().

242 { return m_callbacks; }

◆ change_cipher_spec_reader()

void Botan::TLS::Channel::change_cipher_spec_reader ( Connection_Side  side)
protected

Definition at line 196 of file tls_channel.cpp.

References BOTAN_ASSERT, Botan::TLS::CLIENT, Botan::TLS::Connection_Sequence_Numbers::current_read_epoch(), Botan::TLS::Connection_Sequence_Numbers::new_read_cipher_state(), and Botan::TLS::SERVER.

197  {
198  auto pending = pending_state();
199 
200  BOTAN_ASSERT(pending && pending->server_hello(),
201  "Have received server hello");
202 
203  if(pending->server_hello()->compression_method() != 0)
204  throw Internal_Error("Negotiated unknown compression algorithm");
205 
206  sequence_numbers().new_read_cipher_state();
207 
208  const uint16_t epoch = sequence_numbers().current_read_epoch();
209 
210  BOTAN_ASSERT(m_read_cipher_states.count(epoch) == 0,
211  "No read cipher state currently set for next epoch");
212 
213  // flip side as we are reading
214  std::shared_ptr<Connection_Cipher_State> read_state(
215  new Connection_Cipher_State(pending->version(),
216  (side == CLIENT) ? SERVER : CLIENT,
217  false,
218  pending->ciphersuite(),
219  pending->session_keys(),
220  pending->server_hello()->supports_encrypt_then_mac()));
221 
222  m_read_cipher_states[epoch] = read_state;
223  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:43
virtual uint16_t current_read_epoch() const =0

◆ change_cipher_spec_writer()

void Botan::TLS::Channel::change_cipher_spec_writer ( Connection_Side  side)
protected

Definition at line 225 of file tls_channel.cpp.

References BOTAN_ASSERT, Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), and Botan::TLS::Connection_Sequence_Numbers::new_write_cipher_state().

226  {
227  auto pending = pending_state();
228 
229  BOTAN_ASSERT(pending && pending->server_hello(),
230  "Have received server hello");
231 
232  if(pending->server_hello()->compression_method() != 0)
233  throw Internal_Error("Negotiated unknown compression algorithm");
234 
235  sequence_numbers().new_write_cipher_state();
236 
237  const uint16_t epoch = sequence_numbers().current_write_epoch();
238 
239  BOTAN_ASSERT(m_write_cipher_states.count(epoch) == 0,
240  "No write cipher state currently set for next epoch");
241 
242  std::shared_ptr<Connection_Cipher_State> write_state(
243  new Connection_Cipher_State(pending->version(),
244  side,
245  true,
246  pending->ciphersuite(),
247  pending->session_keys(),
248  pending->server_hello()->supports_encrypt_then_mac()));
249 
250  m_write_cipher_states[epoch] = write_state;
251  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:43
virtual uint16_t current_write_epoch() const =0

◆ close()

void Botan::TLS::Channel::close ( )
inline

Send a close notification alert

Definition at line 151 of file tls_channel.h.

References Botan::TLS::Alert::CLOSE_NOTIFY.

◆ create_handshake_state()

Handshake_State & Botan::TLS::Channel::create_handshake_state ( Protocol_Version  version)
protected

Definition at line 125 of file tls_channel.cpp.

References Botan::TLS::Protocol_Version::is_datagram_protocol(), new_handshake_state(), and Botan::TLS::Protocol_Version::to_string().

Referenced by renegotiate().

126  {
127  if(pending_state())
128  throw Internal_Error("create_handshake_state called during handshake");
129 
130  if(auto active = active_state())
131  {
132  Protocol_Version active_version = active->version();
133 
134  if(active_version.is_datagram_protocol() != version.is_datagram_protocol())
135  throw Exception("Active state using version " +
136  active_version.to_string() +
137  " cannot change to " +
138  version.to_string() +
139  " in pending");
140  }
141 
142  if(!m_sequence_numbers)
143  {
144  if(version.is_datagram_protocol())
145  m_sequence_numbers.reset(new Datagram_Sequence_Numbers);
146  else
147  m_sequence_numbers.reset(new Stream_Sequence_Numbers);
148  }
149 
150  using namespace std::placeholders;
151 
152  std::unique_ptr<Handshake_IO> io;
153  if(version.is_datagram_protocol())
154  {
155  io.reset(new Datagram_Handshake_IO(
156  std::bind(&Channel::send_record_under_epoch, this, _1, _2, _3),
157  sequence_numbers(),
158  static_cast<uint16_t>(m_policy.dtls_default_mtu()),
159  m_policy.dtls_initial_timeout(),
160  m_policy.dtls_maximum_timeout()));
161  }
162  else
163  {
164  io.reset(new Stream_Handshake_IO(std::bind(&Channel::send_record, this, _1, _2)));
165  }
166 
167  m_pending_state.reset(new_handshake_state(io.release()));
168 
169  if(auto active = active_state())
170  m_pending_state->set_version(active->version());
171 
172  return *m_pending_state.get();
173  }
virtual Handshake_State * new_handshake_state(class Handshake_IO *io)=0

◆ get_peer_cert_chain()

virtual std::vector<X509_Certificate> Botan::TLS::Channel::get_peer_cert_chain ( const Handshake_State state) const
protectedpure virtual

Referenced by peer_cert_chain().

◆ initiate_handshake()

virtual void Botan::TLS::Channel::initiate_handshake ( Handshake_State state,
bool  force_full_renegotiation 
)
protectedpure virtual

Referenced by renegotiate().

◆ inspect_handshake_message()

void Botan::TLS::Channel::inspect_handshake_message ( const Handshake_Message msg)
protected

◆ is_active()

bool Botan::TLS::Channel::is_active ( ) const
Returns
true iff the connection is active for sending application data

Definition at line 253 of file tls_channel.cpp.

Referenced by Botan::TLS::Blocking_Client::do_handshake(), and send().

254  {
255  return (active_state() != nullptr);
256  }

◆ is_closed()

bool Botan::TLS::Channel::is_closed ( ) const
Returns
true iff the connection has been definitely closed

Definition at line 258 of file tls_channel.cpp.

Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), received_data(), and send_alert().

259  {
260  if(active_state() || pending_state())
261  return false;
262 
263  /*
264  * If no active or pending state, then either we had a connection
265  * and it has been closed, or we are a server which has never
266  * received a connection. This case is detectable by also lacking
267  * m_sequence_numbers
268  */
269  return (m_sequence_numbers != nullptr);
270  }

◆ key_material_export()

SymmetricKey Botan::TLS::Channel::key_material_export ( const std::string &  label,
const std::string &  context,
size_t  length 
) const

Key material export (RFC 5705)

Parameters
labela disambiguating label string
contexta per-association context value
lengththe length of the desired key in bytes
Returns
key of length bytes

Definition at line 663 of file tls_channel.cpp.

References Botan::get_byte(), Botan::OctetString::length(), and Botan::to_byte_vector().

666  {
667  if(auto active = active_state())
668  {
669  std::unique_ptr<KDF> prf(active->protocol_specific_prf());
670 
671  const secure_vector<uint8_t>& master_secret =
672  active->session_keys().master_secret();
673 
674  std::vector<uint8_t> salt;
675  salt += active->client_hello()->random();
676  salt += active->server_hello()->random();
677 
678  if(context != "")
679  {
680  size_t context_size = context.length();
681  if(context_size > 0xFFFF)
682  throw Exception("key_material_export context is too long");
683  salt.push_back(get_byte(0, static_cast<uint16_t>(context_size)));
684  salt.push_back(get_byte(1, static_cast<uint16_t>(context_size)));
685  salt += to_byte_vector(context);
686  }
687 
688  return prf->derive_key(length, master_secret, salt, to_byte_vector(label));
689  }
690  else
691  throw Exception("Channel::key_material_export connection not active");
692  }
std::vector< uint8_t > to_byte_vector(const std::string &s)
Definition: stl_util.h:20
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39

◆ new_handshake_state()

virtual Handshake_State* Botan::TLS::Channel::new_handshake_state ( class Handshake_IO io)
protectedpure virtual

Referenced by create_handshake_state().

◆ operator=()

Channel& Botan::TLS::Channel::operator= ( const Channel )
delete

◆ peer_cert_chain()

std::vector< X509_Certificate > Botan::TLS::Channel::peer_cert_chain ( ) const
Returns
certificate chain of the peer (may be empty)

Definition at line 113 of file tls_channel.cpp.

References get_peer_cert_chain().

114  {
115  if(auto active = active_state())
116  return get_peer_cert_chain(*active);
117  return std::vector<X509_Certificate>();
118  }
virtual std::vector< X509_Certificate > get_peer_cert_chain(const Handshake_State &state) const =0

◆ policy()

const Policy& Botan::TLS::Channel::policy ( ) const
inlineprotected

Definition at line 238 of file tls_channel.h.

238 { return m_policy; }

◆ process_handshake_msg()

virtual void Botan::TLS::Channel::process_handshake_msg ( const Handshake_State active_state,
Handshake_State pending_state,
Handshake_Type  type,
const std::vector< uint8_t > &  contents 
)
protectedpure virtual

◆ received_data() [1/2]

size_t Botan::TLS::Channel::received_data ( const uint8_t  buf[],
size_t  buf_size 
)

Inject TLS traffic received from counterparty

Returns
a hint as the how many more bytes we need to process the current record (this may be 0 if on a record boundary)

Definition at line 297 of file tls_channel.cpp.

References Botan::TLS::ALERT, Botan::TLS::APPLICATION_DATA, Botan::TLS::Alert::BAD_RECORD_MAC, BOTAN_ASSERT, Botan::TLS::CHANGE_CIPHER_SPEC, Botan::TLS::Alert::DECODE_ERROR, Botan::TLS::HANDSHAKE, Botan::TLS::Alert::INTERNAL_ERROR, is_closed(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::NO_RECORD, Botan::TLS::read_record(), Botan::TLS::Alert::RECORD_OVERFLOW, send_fatal_alert(), Botan::ASN1::to_string(), and Botan::TLS::TLS_Exception::type().

Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), and received_data().

298  {
299  try
300  {
301  while(!is_closed() && input_size)
302  {
303  secure_vector<uint8_t> record_data;
304  uint64_t record_sequence = 0;
305  Record_Type record_type = NO_RECORD;
306  Protocol_Version record_version;
307 
308  size_t consumed = 0;
309 
310  Record_Raw_Input raw_input(input, input_size, consumed, m_is_datagram);
311  Record record(record_data, &record_sequence, &record_version, &record_type);
312  const size_t needed =
313  read_record(m_readbuf,
314  raw_input,
315  record,
316  m_sequence_numbers.get(),
317  [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); });
318 
319  BOTAN_ASSERT(consumed > 0, "Got to eat something");
320 
321  BOTAN_ASSERT(consumed <= input_size,
322  "Record reader consumed sane amount");
323 
324  input += consumed;
325  input_size -= consumed;
326 
327  BOTAN_ASSERT(input_size == 0 || needed == 0,
328  "Got a full record or consumed all input");
329 
330  if(input_size == 0 && needed != 0)
331  return needed; // need more data to complete record
332 
333  if(record_data.size() > MAX_PLAINTEXT_SIZE)
334  throw TLS_Exception(Alert::RECORD_OVERFLOW,
335  "TLS plaintext record is larger than allowed maximum");
336 
337  if(record_type == HANDSHAKE || record_type == CHANGE_CIPHER_SPEC)
338  {
339  process_handshake_ccs(record_data, record_sequence, record_type, record_version);
340  }
341  else if(record_type == APPLICATION_DATA)
342  {
343  process_application_data(record_sequence, record_data);
344  }
345  else if(record_type == ALERT)
346  {
347  process_alert(record_data);
348  }
349  else if(record_type != NO_RECORD)
350  throw Unexpected_Message("Unexpected record type " +
351  std::to_string(record_type) +
352  " from counterparty");
353  }
354 
355  return 0; // on a record boundary
356  }
357  catch(TLS_Exception& e)
358  {
359  send_fatal_alert(e.type());
360  throw;
361  }
362  catch(Integrity_Failure&)
363  {
365  throw;
366  }
367  catch(Decoding_Error&)
368  {
370  throw;
371  }
372  catch(...)
373  {
375  throw;
376  }
377  }
bool is_closed() const
size_t read_record(secure_vector< uint8_t > &readbuf, Record_Raw_Input &raw_input, Record &rec, Connection_Sequence_Numbers *sequence_numbers, get_cipherstate_fn get_cipherstate)
Definition: tls_record.cpp:504
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:43
void send_fatal_alert(Alert::Type type)
Definition: tls_channel.h:146

◆ received_data() [2/2]

size_t Botan::TLS::Channel::received_data ( const std::vector< uint8_t > &  buf)

Inject TLS traffic received from counterparty

Returns
a hint as the how many more bytes we need to process the current record (this may be 0 if on a record boundary)

Definition at line 292 of file tls_channel.cpp.

References received_data().

293  {
294  return this->received_data(buf.data(), buf.size());
295  }
size_t received_data(const uint8_t buf[], size_t buf_size)

◆ renegotiate()

void Botan::TLS::Channel::renegotiate ( bool  force_full_renegotiation = false)

Attempt to renegotiate the session

Parameters
force_full_renegotiationif true, require a full renegotiation, otherwise allow session resumption

Definition at line 184 of file tls_channel.cpp.

References create_handshake_state(), and initiate_handshake().

185  {
186  if(pending_state()) // currently in handshake?
187  return;
188 
189  if(auto active = active_state())
190  initiate_handshake(create_handshake_state(active->version()),
191  force_full_renegotiation);
192  else
193  throw Exception("Cannot renegotiate on inactive connection");
194  }
Handshake_State & create_handshake_state(Protocol_Version version)
virtual void initiate_handshake(Handshake_State &state, bool force_full_renegotiation)=0

◆ rng()

RandomNumberGenerator& Botan::TLS::Channel::rng ( )
inlineprotected

Definition at line 234 of file tls_channel.h.

234 { return m_rng; }

◆ save_session()

bool Botan::TLS::Channel::save_session ( const Session session)
protected

Definition at line 120 of file tls_channel.cpp.

References callbacks(), and Botan::TLS::Callbacks::tls_session_established().

121  {
122  return callbacks().tls_session_established(session);
123  }
virtual bool tls_session_established(const Session &session)=0
Callbacks & callbacks() const
Definition: tls_channel.h:242

◆ secure_renegotiation_check() [1/2]

void Botan::TLS::Channel::secure_renegotiation_check ( const Client_Hello client_hello)
protected

Definition at line 586 of file tls_channel.cpp.

References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Client_Hello::renegotiation_info(), Botan::TLS::Client_Hello::secure_renegotiation(), and secure_renegotiation_data_for_client_hello().

587  {
588  const bool secure_renegotiation = client_hello->secure_renegotiation();
589 
590  if(auto active = active_state())
591  {
592  const bool active_sr = active->client_hello()->secure_renegotiation();
593 
594  if(active_sr != secure_renegotiation)
595  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
596  "Client changed its mind about secure renegotiation");
597  }
598 
599  if(secure_renegotiation)
600  {
601  const std::vector<uint8_t>& data = client_hello->renegotiation_info();
602 
604  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
605  "Client sent bad values for secure renegotiation");
606  }
607  }
std::vector< uint8_t > secure_renegotiation_data_for_client_hello() const

◆ secure_renegotiation_check() [2/2]

void Botan::TLS::Channel::secure_renegotiation_check ( const Server_Hello server_hello)
protected

Definition at line 609 of file tls_channel.cpp.

References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Server_Hello::renegotiation_info(), Botan::TLS::Server_Hello::secure_renegotiation(), and secure_renegotiation_data_for_server_hello().

610  {
611  const bool secure_renegotiation = server_hello->secure_renegotiation();
612 
613  if(auto active = active_state())
614  {
615  const bool active_sr = active->server_hello()->secure_renegotiation();
616 
617  if(active_sr != secure_renegotiation)
618  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
619  "Server changed its mind about secure renegotiation");
620  }
621 
622  if(secure_renegotiation)
623  {
624  const std::vector<uint8_t>& data = server_hello->renegotiation_info();
625 
627  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
628  "Server sent bad values for secure renegotiation");
629  }
630  }
std::vector< uint8_t > secure_renegotiation_data_for_server_hello() const

◆ secure_renegotiation_data_for_client_hello()

std::vector< uint8_t > Botan::TLS::Channel::secure_renegotiation_data_for_client_hello ( ) const
protected

Definition at line 632 of file tls_channel.cpp.

Referenced by secure_renegotiation_check().

633  {
634  if(auto active = active_state())
635  return active->client_finished()->verify_data();
636  return std::vector<uint8_t>();
637  }

◆ secure_renegotiation_data_for_server_hello()

std::vector< uint8_t > Botan::TLS::Channel::secure_renegotiation_data_for_server_hello ( ) const
protected

Definition at line 639 of file tls_channel.cpp.

Referenced by secure_renegotiation_check().

640  {
641  if(auto active = active_state())
642  {
643  std::vector<uint8_t> buf = active->client_finished()->verify_data();
644  buf += active->server_finished()->verify_data();
645  return buf;
646  }
647 
648  return std::vector<uint8_t>();
649  }

◆ secure_renegotiation_supported()

bool Botan::TLS::Channel::secure_renegotiation_supported ( ) const
Returns
true iff the counterparty supports the secure renegotiation extensions.

Definition at line 651 of file tls_channel.cpp.

652  {
653  if(auto active = active_state())
654  return active->server_hello()->secure_renegotiation();
655 
656  if(auto pending = pending_state())
657  if(auto hello = pending->server_hello())
658  return hello->secure_renegotiation();
659 
660  return false;
661  }

◆ send() [1/3]

void Botan::TLS::Channel::send ( const uint8_t  buf[],
size_t  buf_size 
)

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 550 of file tls_channel.cpp.

References Botan::TLS::APPLICATION_DATA, and is_active().

Referenced by send().

551  {
552  if(!is_active())
553  throw Exception("Data cannot be sent on inactive TLS connection");
554 
555  send_record_array(sequence_numbers().current_write_epoch(),
556  APPLICATION_DATA, buf, buf_size);
557  }
bool is_active() const

◆ send() [2/3]

void Botan::TLS::Channel::send ( const std::string &  val)

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 559 of file tls_channel.cpp.

References Botan::cast_char_ptr_to_uint8(), and send().

560  {
561  this->send(cast_char_ptr_to_uint8(string.data()), string.size());
562  }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:131
void send(const uint8_t buf[], size_t buf_size)

◆ send() [3/3]

template<typename Alloc >
void Botan::TLS::Channel::send ( const std::vector< unsigned char, Alloc > &  val)
inline

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 126 of file tls_channel.h.

127  {
128  send(val.data(), val.size());
129  }
void send(const uint8_t buf[], size_t buf_size)

◆ send_alert()

void Botan::TLS::Channel::send_alert ( const Alert alert)

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters
alertthe Alert to send

Definition at line 564 of file tls_channel.cpp.

References Botan::TLS::ALERT, Botan::TLS::Alert::CLOSE_NOTIFY, is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Alert::NO_RENEGOTIATION, Botan::TLS::Session_Manager::remove_entry(), Botan::TLS::Alert::serialize(), and Botan::TLS::Alert::type().

565  {
566  if(alert.is_valid() && !is_closed())
567  {
568  try
569  {
570  send_record(ALERT, alert.serialize());
571  }
572  catch(...) { /* swallow it */ }
573  }
574 
575  if(alert.type() == Alert::NO_RENEGOTIATION)
576  m_pending_state.reset();
577 
578  if(alert.is_fatal())
579  if(auto active = active_state())
580  m_session_manager.remove_entry(active->server_hello()->session_id());
581 
582  if(alert.type() == Alert::CLOSE_NOTIFY || alert.is_fatal())
583  reset_state();
584  }
virtual void remove_entry(const std::vector< uint8_t > &session_id)=0
bool is_closed() const

◆ send_fatal_alert()

void Botan::TLS::Channel::send_fatal_alert ( Alert::Type  type)
inline

Send a fatal alert

Definition at line 146 of file tls_channel.h.

References type.

Referenced by received_data().

146 { send_alert(Alert(type, true)); }
MechanismType type
void send_alert(const Alert &alert)

◆ send_warning_alert()

void Botan::TLS::Channel::send_warning_alert ( Alert::Type  type)
inline

Send a warning alert

Definition at line 141 of file tls_channel.h.

References type.

141 { send_alert(Alert(type, false)); }
MechanismType type
void send_alert(const Alert &alert)

◆ session_manager()

Session_Manager& Botan::TLS::Channel::session_manager ( )
inlineprotected

Definition at line 236 of file tls_channel.h.

236 { return m_session_manager; }

◆ timeout_check()

bool Botan::TLS::Channel::timeout_check ( )

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Definition at line 175 of file tls_channel.cpp.

176  {
177  if(m_pending_state)
178  return m_pending_state->handshake_io().timeout_check();
179 
180  //FIXME: scan cipher suites and remove epochs older than 2*MSL
181  return false;
182  }

Member Data Documentation

◆ IO_BUF_DEFAULT_SIZE

size_t Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE = 10*1024
static

Definition at line 45 of file tls_channel.h.


The documentation for this class was generated from the following files: