Botan::TLS::Channel Class Reference

#include <tls_channel.h>

Inheritance diagram for Botan::TLS::Channel:

Public Types
typedef std::function< void(Alert, const uint8_t[], size_t)>	alert_cb
typedef std::function< void(const uint8_t[], size_t)>	data_cb
typedef std::function< bool(const Session &)>	handshake_cb
typedef std::function< void(const Handshake_Message &)>	handshake_msg_cb
typedef std::function< void(const uint8_t[], size_t)>	output_fn

Public Member Functions
	Channel (Callbacks &callbacks, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE)
	Channel (output_fn out, data_cb app_data_cb, alert_cb alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE)
	Channel (const Channel &)=delete
void	close ()
bool	is_active () const
bool	is_closed () const
SymmetricKey	key_material_export (const std::string &label, const std::string &context, size_t length) const
Channel &	operator= (const Channel &)=delete
std::vector< X509_Certificate >	peer_cert_chain () const
size_t	received_data (const uint8_t buf[], size_t buf_size)
size_t	received_data (const std::vector< uint8_t > &buf)
void	renegotiate (bool force_full_renegotiation=false)
bool	secure_renegotiation_supported () const
void	send (const uint8_t buf[], size_t buf_size)
void	send (const std::string &val)
template<typename Alloc >
void	send (const std::vector< unsigned char, Alloc > &val)
void	send_alert (const Alert &alert)
void	send_fatal_alert (Alert::Type type)
void	send_warning_alert (Alert::Type type)
bool	timeout_check ()
virtual	~Channel ()

Static Public Attributes
static size_t	IO_BUF_DEFAULT_SIZE = 10*1024

Protected Member Functions
void	activate_session ()
Callbacks &	callbacks () const
void	change_cipher_spec_reader (Connection_Side side)
void	change_cipher_spec_writer (Connection_Side side)
Handshake_State &	create_handshake_state (Protocol_Version version)
virtual std::vector< X509_Certificate >	get_peer_cert_chain (const Handshake_State &state) const =0
virtual void	initiate_handshake (Handshake_State &state, bool force_full_renegotiation)=0
void	inspect_handshake_message (const Handshake_Message &msg)
virtual Handshake_State *	new_handshake_state (class Handshake_IO *io)=0
const Policy &	policy () const
virtual void	process_handshake_msg (const Handshake_State *active_state, Handshake_State &pending_state, Handshake_Type type, const std::vector< uint8_t > &contents)=0
RandomNumberGenerator &	rng ()
bool	save_session (const Session &session)
void	secure_renegotiation_check (const Client_Hello *client_hello)
void	secure_renegotiation_check (const Server_Hello *server_hello)
std::vector< uint8_t >	secure_renegotiation_data_for_client_hello () const
std::vector< uint8_t >	secure_renegotiation_data_for_server_hello () const
Session_Manager &	session_manager ()

Detailed Description

Generic interface for TLS endpoint

Definition at line 37 of file tls_channel.h.

Member Typedef Documentation

alert_cb

typedef std::function<void (Alert, const uint8_t[], size_t)> Botan::TLS::Channel::alert_cb

Definition at line 42 of file tls_channel.h.

data_cb

typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::data_cb

Definition at line 41 of file tls_channel.h.

handshake_cb

typedef std::function<bool (const Session&)> Botan::TLS::Channel::handshake_cb

Definition at line 43 of file tls_channel.h.

handshake_msg_cb

typedef std::function<void (const Handshake_Message&)> Botan::TLS::Channel::handshake_msg_cb

Definition at line 44 of file tls_channel.h.

output_fn

typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::output_fn

Definition at line 40 of file tls_channel.h.

Constructor & Destructor Documentation

Channel() [1/3]

Botan::TLS::Channel::Channel	(	Callbacks &	callbacks,
		Session_Manager &	session_manager,
		RandomNumberGenerator &	rng,
		const Policy &	policy,
		bool	is_datagram,
		size_t	io_buf_sz = IO_BUF_DEFAULT_SIZE
	)

Set up a new TLS session

Parameters

callbacks	contains a set of callback function references required by the TLS endpoint.
session_manager	manages session state
rng	a random number generator
policy	specifies other connection policy information
is_datagram	whether this is a DTLS session
io_buf_sz	This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely.

Definition at line 26 of file tls_channel.cpp.

                                                 :
   m_is_datagram(is_datagram),
   m_callbacks(callbacks),
   m_session_manager(session_manager),
   m_policy(policy),
   m_rng(rng)
   {
   init(reserved_io_buffer_size);
   }

Channel() [2/3]

Botan::TLS::Channel::Channel	(	output_fn	out,
		data_cb	app_data_cb,
		alert_cb	alert_cb,
		handshake_cb	hs_cb,
		handshake_msg_cb	hs_msg_cb,
		Session_Manager &	session_manager,
		RandomNumberGenerator &	rng,
		const Policy &	policy,
		bool	is_datagram,
		size_t	io_buf_sz = IO_BUF_DEFAULT_SIZE
	)

DEPRECATED. This constructor is only provided for backward compatibility and should not be used in new implementations. (Not marked deprecated since it is only called internally, by other deprecated constructors)

Definition at line 41 of file tls_channel.cpp.

                                   :
    m_is_datagram(is_datagram),
    m_compat_callbacks(new Compat_Callbacks(
                          /*
                          this Channel constructor is also deprecated so its ok that it
                          relies on a deprecated API
                          */
                          Compat_Callbacks::SILENCE_DEPRECATION_WARNING::PLEASE,
                          out, app_data_cb, recv_alert_cb, hs_cb, hs_msg_cb)),
    m_callbacks(*m_compat_callbacks.get()),
    m_session_manager(session_manager),
    m_policy(policy),
    m_rng(rng)
    {
    init(io_buf_sz);
    }

Channel() [3/3]

Botan::TLS::Channel::Channel ( const Channel &  )

delete

~Channel()

Botan::TLS::Channel::~Channel ( )

virtual

Definition at line 86 of file tls_channel.cpp.

   {
   // So unique_ptr destructors run correctly
   }

Member Function Documentation

activate_session()

void Botan::TLS::Channel::activate_session ( )

protected

Definition at line 272 of file tls_channel.cpp.

References callbacks(), Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().

   {
   std::swap(m_active_state, m_pending_state);
   m_pending_state.reset();

   if(!m_active_state->version().is_datagram_protocol())
      {
      // TLS is easy just remove all but the current state
      const uint16_t current_epoch = sequence_numbers().current_write_epoch();

      const auto not_current_epoch =
         [current_epoch](uint16_t epoch) { return (epoch != current_epoch); };

      map_remove_if(not_current_epoch, m_write_cipher_states);
      map_remove_if(not_current_epoch, m_read_cipher_states);
      }

   callbacks().tls_session_activated();
   }

callbacks()

Callbacks& Botan::TLS::Channel::callbacks ( ) const

inlineprotected

Definition at line 242 of file tls_channel.h.

Referenced by activate_session(), and save_session().

{ return m_callbacks; }

change_cipher_spec_reader()

void Botan::TLS::Channel::change_cipher_spec_reader ( Connection_Side  side )

protected

Definition at line 196 of file tls_channel.cpp.

References BOTAN_ASSERT, Botan::TLS::CLIENT, Botan::TLS::Connection_Sequence_Numbers::current_read_epoch(), Botan::TLS::Connection_Sequence_Numbers::new_read_cipher_state(), and Botan::TLS::SERVER.

   {
   auto pending = pending_state();

   BOTAN_ASSERT(pending && pending->server_hello(),
                "Have received server hello");

   if(pending->server_hello()->compression_method() != 0)
      throw Internal_Error("Negotiated unknown compression algorithm");

   sequence_numbers().new_read_cipher_state();

   const uint16_t epoch = sequence_numbers().current_read_epoch();

   BOTAN_ASSERT(m_read_cipher_states.count(epoch) == 0,
                "No read cipher state currently set for next epoch");

   // flip side as we are reading
   std::shared_ptr<Connection_Cipher_State> read_state(
      new Connection_Cipher_State(pending->version(),
                                  (side == CLIENT) ? SERVER : CLIENT,
                                  false,
                                  pending->ciphersuite(),
                                  pending->session_keys(),
                                  pending->server_hello()->supports_encrypt_then_mac()));

   m_read_cipher_states[epoch] = read_state;
   }

change_cipher_spec_writer()

void Botan::TLS::Channel::change_cipher_spec_writer ( Connection_Side  side )

protected

Definition at line 225 of file tls_channel.cpp.

References BOTAN_ASSERT, Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), and Botan::TLS::Connection_Sequence_Numbers::new_write_cipher_state().

   {
   auto pending = pending_state();

   BOTAN_ASSERT(pending && pending->server_hello(),
                "Have received server hello");

   if(pending->server_hello()->compression_method() != 0)
      throw Internal_Error("Negotiated unknown compression algorithm");

   sequence_numbers().new_write_cipher_state();

   const uint16_t epoch = sequence_numbers().current_write_epoch();

   BOTAN_ASSERT(m_write_cipher_states.count(epoch) == 0,
                "No write cipher state currently set for next epoch");

   std::shared_ptr<Connection_Cipher_State> write_state(
      new Connection_Cipher_State(pending->version(),
                                  side,
                                  true,
                                  pending->ciphersuite(),
                                  pending->session_keys(),
                                  pending->server_hello()->supports_encrypt_then_mac()));

   m_write_cipher_states[epoch] = write_state;
   }

close()

void Botan::TLS::Channel::close ( )

inline

Send a close notification alert

Definition at line 151 of file tls_channel.h.

References Botan::TLS::Alert::CLOSE_NOTIFY.

{ send_warning_alert(Alert::CLOSE_NOTIFY); }

create_handshake_state()

Handshake_State & Botan::TLS::Channel::create_handshake_state ( Protocol_Version  version )

protected

Definition at line 125 of file tls_channel.cpp.

References Botan::TLS::Protocol_Version::is_datagram_protocol(), new_handshake_state(), and Botan::TLS::Protocol_Version::to_string().

Referenced by renegotiate().

   {
   if(pending_state())
      throw Internal_Error("create_handshake_state called during handshake");

   if(auto active = active_state())
      {
      Protocol_Version active_version = active->version();

      if(active_version.is_datagram_protocol() != version.is_datagram_protocol())
         throw Exception("Active state using version " +
                                  active_version.to_string() +
                                  " cannot change to " +
                                  version.to_string() +
                                  " in pending");
      }

   if(!m_sequence_numbers)
      {
      if(version.is_datagram_protocol())
         m_sequence_numbers.reset(new Datagram_Sequence_Numbers);
      else
         m_sequence_numbers.reset(new Stream_Sequence_Numbers);
      }

   using namespace std::placeholders;

   std::unique_ptr<Handshake_IO> io;
   if(version.is_datagram_protocol())
      {
      io.reset(new Datagram_Handshake_IO(
                  std::bind(&Channel::send_record_under_epoch, this, _1, _2, _3),
                  sequence_numbers(),
                  static_cast<uint16_t>(m_policy.dtls_default_mtu()),
                  m_policy.dtls_initial_timeout(),
                  m_policy.dtls_maximum_timeout()));
      }
   else
      {
      io.reset(new Stream_Handshake_IO(std::bind(&Channel::send_record, this, _1, _2)));
      }

   m_pending_state.reset(new_handshake_state(io.release()));

   if(auto active = active_state())
      m_pending_state->set_version(active->version());

   return *m_pending_state.get();
   }

get_peer_cert_chain()

virtual std::vector<X509_Certificate> Botan::TLS::Channel::get_peer_cert_chain ( const Handshake_State &  state ) const

protectedpure virtual

Referenced by peer_cert_chain().

initiate_handshake()

virtual void Botan::TLS::Channel::initiate_handshake ( Handshake_State &  state, bool  force_full_renegotiation  )

protectedpure virtual

Referenced by renegotiate().

inspect_handshake_message()

void Botan::TLS::Channel::inspect_handshake_message ( const Handshake_Message &  msg )

protected

is_active()

bool Botan::TLS::Channel::is_active

(

)

const

Returns

true iff the connection is active for sending application data

Definition at line 253 of file tls_channel.cpp.

Referenced by Botan::TLS::Blocking_Client::do_handshake(), and send().

   {
   return (active_state() != nullptr);
   }

is_closed()

bool Botan::TLS::Channel::is_closed

(

)

const

Returns

true iff the connection has been definitely closed

Definition at line 258 of file tls_channel.cpp.

Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), received_data(), and send_alert().

   {
   if(active_state() || pending_state())
      return false;

   /*
   * If no active or pending state, then either we had a connection
   * and it has been closed, or we are a server which has never
   * received a connection. This case is detectable by also lacking
   * m_sequence_numbers
   */
   return (m_sequence_numbers != nullptr);
   }

key_material_export()

SymmetricKey Botan::TLS::Channel::key_material_export	(	const std::string &	label,
		const std::string &	context,
		size_t	length
	)		const

Key material export (RFC 5705)

Parameters

label	a disambiguating label string
context	a per-association context value
length	the length of the desired key in bytes

Returns

key of length bytes

Definition at line 663 of file tls_channel.cpp.

References Botan::get_byte(), Botan::OctetString::length(), and Botan::to_byte_vector().

   {
   if(auto active = active_state())
      {
      std::unique_ptr<KDF> prf(active->protocol_specific_prf());

      const secure_vector<uint8_t>& master_secret =
         active->session_keys().master_secret();

      std::vector<uint8_t> salt;
      salt += active->client_hello()->random();
      salt += active->server_hello()->random();

      if(context != "")
         {
         size_t context_size = context.length();
         if(context_size > 0xFFFF)
            throw Exception("key_material_export context is too long");
         salt.push_back(get_byte(0, static_cast<uint16_t>(context_size)));
         salt.push_back(get_byte(1, static_cast<uint16_t>(context_size)));
         salt += to_byte_vector(context);
         }

      return prf->derive_key(length, master_secret, salt, to_byte_vector(label));
      }
   else
      throw Exception("Channel::key_material_export connection not active");
   }

new_handshake_state()

virtual Handshake_State* Botan::TLS::Channel::new_handshake_state ( class Handshake_IO *  io )

protectedpure virtual

Referenced by create_handshake_state().

operator=()

Channel& Botan::TLS::Channel::operator= ( const Channel &  )

delete

peer_cert_chain()

std::vector< X509_Certificate > Botan::TLS::Channel::peer_cert_chain

(

)

const

Returns

certificate chain of the peer (may be empty)

Definition at line 113 of file tls_channel.cpp.

References get_peer_cert_chain().

   {
   if(auto active = active_state())
      return get_peer_cert_chain(*active);
   return std::vector<X509_Certificate>();
   }

policy()

const Policy& Botan::TLS::Channel::policy ( ) const

inlineprotected

Definition at line 238 of file tls_channel.h.

{ return m_policy; }

process_handshake_msg()

virtual void Botan::TLS::Channel::process_handshake_msg ( const Handshake_State *  active_state, Handshake_State &  pending_state, Handshake_Type  type, const std::vector< uint8_t > &  contents  )

protectedpure virtual

received_data() [1/2]

size_t Botan::TLS::Channel::received_data	(	const uint8_t	buf[],
		size_t	buf_size
	)

Inject TLS traffic received from counterparty

Returns

a hint as the how many more bytes we need to process the current record (this may be 0 if on a record boundary)

Definition at line 297 of file tls_channel.cpp.

References Botan::TLS::ALERT, Botan::TLS::APPLICATION_DATA, Botan::TLS::Alert::BAD_RECORD_MAC, BOTAN_ASSERT, Botan::TLS::CHANGE_CIPHER_SPEC, Botan::TLS::Alert::DECODE_ERROR, Botan::TLS::HANDSHAKE, Botan::TLS::Alert::INTERNAL_ERROR, is_closed(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::NO_RECORD, Botan::TLS::read_record(), Botan::TLS::Alert::RECORD_OVERFLOW, send_fatal_alert(), Botan::ASN1::to_string(), and Botan::TLS::TLS_Exception::type().

Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), and received_data().

   {
   try
      {
      while(!is_closed() && input_size)
         {
         secure_vector<uint8_t> record_data;
         uint64_t record_sequence = 0;
         Record_Type record_type = NO_RECORD;
         Protocol_Version record_version;

         size_t consumed = 0;

         Record_Raw_Input raw_input(input, input_size, consumed, m_is_datagram);
         Record record(record_data, &record_sequence, &record_version, &record_type);
         const size_t needed =
            read_record(m_readbuf,
                        raw_input,
                        record,
                        m_sequence_numbers.get(),
                        [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); });

         BOTAN_ASSERT(consumed > 0, "Got to eat something");

         BOTAN_ASSERT(consumed <= input_size,
                      "Record reader consumed sane amount");

         input += consumed;
         input_size -= consumed;

         BOTAN_ASSERT(input_size == 0 || needed == 0,
                      "Got a full record or consumed all input");

         if(input_size == 0 && needed != 0)
            return needed; // need more data to complete record

         if(record_data.size() > MAX_PLAINTEXT_SIZE)
            throw TLS_Exception(Alert::RECORD_OVERFLOW,
                                "TLS plaintext record is larger than allowed maximum");

         if(record_type == HANDSHAKE || record_type == CHANGE_CIPHER_SPEC)
            {
            process_handshake_ccs(record_data, record_sequence, record_type, record_version);
            }
         else if(record_type == APPLICATION_DATA)
            {
            process_application_data(record_sequence, record_data);
            }
         else if(record_type == ALERT)
            {
            process_alert(record_data);
            }
         else if(record_type != NO_RECORD)
            throw Unexpected_Message("Unexpected record type " +
                                     std::to_string(record_type) +
                                     " from counterparty");
         }

      return 0; // on a record boundary
      }
   catch(TLS_Exception& e)
      {
      send_fatal_alert(e.type());
      throw;
      }
   catch(Integrity_Failure&)
      {
      send_fatal_alert(Alert::BAD_RECORD_MAC);
      throw;
      }
   catch(Decoding_Error&)
      {
      send_fatal_alert(Alert::DECODE_ERROR);
      throw;
      }
   catch(...)
      {
      send_fatal_alert(Alert::INTERNAL_ERROR);
      throw;
      }
   }

received_data() [2/2]

size_t Botan::TLS::Channel::received_data

(

const std::vector< uint8_t > &

buf

)

Inject TLS traffic received from counterparty

Returns

a hint as the how many more bytes we need to process the current record (this may be 0 if on a record boundary)

Definition at line 292 of file tls_channel.cpp.

References received_data().

   {
   return this->received_data(buf.data(), buf.size());
   }

renegotiate()

void Botan::TLS::Channel::renegotiate

(

bool

force_full_renegotiation = false

)

Attempt to renegotiate the session

Parameters

force_full_renegotiation

if true, require a full renegotiation, otherwise allow session resumption

Definition at line 184 of file tls_channel.cpp.

References create_handshake_state(), and initiate_handshake().

   {
   if(pending_state()) // currently in handshake?
      return;

   if(auto active = active_state())
      initiate_handshake(create_handshake_state(active->version()),
                         force_full_renegotiation);
   else
      throw Exception("Cannot renegotiate on inactive connection");
   }

rng()

RandomNumberGenerator& Botan::TLS::Channel::rng ( )

inlineprotected

Definition at line 234 of file tls_channel.h.

{ return m_rng; }

save_session()

bool Botan::TLS::Channel::save_session ( const Session &  session )

protected

Definition at line 120 of file tls_channel.cpp.

References callbacks(), and Botan::TLS::Callbacks::tls_session_established().

   {
   return callbacks().tls_session_established(session);
   }

secure_renegotiation_check() [1/2]

void Botan::TLS::Channel::secure_renegotiation_check ( const Client_Hello *  client_hello )

protected

Definition at line 586 of file tls_channel.cpp.

References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Client_Hello::renegotiation_info(), Botan::TLS::Client_Hello::secure_renegotiation(), and secure_renegotiation_data_for_client_hello().

   {
   const bool secure_renegotiation = client_hello->secure_renegotiation();

   if(auto active = active_state())
      {
      const bool active_sr = active->client_hello()->secure_renegotiation();

      if(active_sr != secure_renegotiation)
         throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
                             "Client changed its mind about secure renegotiation");
      }

   if(secure_renegotiation)
      {
      const std::vector<uint8_t>& data = client_hello->renegotiation_info();

      if(data != secure_renegotiation_data_for_client_hello())
         throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
                             "Client sent bad values for secure renegotiation");
      }
   }

secure_renegotiation_check() [2/2]

void Botan::TLS::Channel::secure_renegotiation_check ( const Server_Hello *  server_hello )

protected

Definition at line 609 of file tls_channel.cpp.

References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Server_Hello::renegotiation_info(), Botan::TLS::Server_Hello::secure_renegotiation(), and secure_renegotiation_data_for_server_hello().

   {
   const bool secure_renegotiation = server_hello->secure_renegotiation();

   if(auto active = active_state())
      {
      const bool active_sr = active->server_hello()->secure_renegotiation();

      if(active_sr != secure_renegotiation)
         throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
                             "Server changed its mind about secure renegotiation");
      }

   if(secure_renegotiation)
      {
      const std::vector<uint8_t>& data = server_hello->renegotiation_info();

      if(data != secure_renegotiation_data_for_server_hello())
         throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
                             "Server sent bad values for secure renegotiation");
      }
   }

secure_renegotiation_data_for_client_hello()

std::vector< uint8_t > Botan::TLS::Channel::secure_renegotiation_data_for_client_hello ( ) const

protected

Definition at line 632 of file tls_channel.cpp.

Referenced by secure_renegotiation_check().

   {
   if(auto active = active_state())
      return active->client_finished()->verify_data();
   return std::vector<uint8_t>();
   }

secure_renegotiation_data_for_server_hello()

std::vector< uint8_t > Botan::TLS::Channel::secure_renegotiation_data_for_server_hello ( ) const

protected

Definition at line 639 of file tls_channel.cpp.

Referenced by secure_renegotiation_check().

   {
   if(auto active = active_state())
      {
      std::vector<uint8_t> buf = active->client_finished()->verify_data();
      buf += active->server_finished()->verify_data();
      return buf;
      }

   return std::vector<uint8_t>();
   }

secure_renegotiation_supported()

bool Botan::TLS::Channel::secure_renegotiation_supported

(

)

const

Returns

true iff the counterparty supports the secure renegotiation extensions.

Definition at line 651 of file tls_channel.cpp.

   {
   if(auto active = active_state())
      return active->server_hello()->secure_renegotiation();

   if(auto pending = pending_state())
      if(auto hello = pending->server_hello())
         return hello->secure_renegotiation();

   return false;
   }

send() [1/3]

void Botan::TLS::Channel::send	(	const uint8_t	buf[],
		size_t	buf_size
	)

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 550 of file tls_channel.cpp.

References Botan::TLS::APPLICATION_DATA, and is_active().

Referenced by send().

   {
   if(!is_active())
      throw Exception("Data cannot be sent on inactive TLS connection");

   send_record_array(sequence_numbers().current_write_epoch(),
                     APPLICATION_DATA, buf, buf_size);
   }

send() [2/3]

void Botan::TLS::Channel::send

(

const std::string &

val

)

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 559 of file tls_channel.cpp.

References Botan::cast_char_ptr_to_uint8(), and send().

   {
   this->send(cast_char_ptr_to_uint8(string.data()), string.size());
   }

send() [3/3]

template<typename Alloc >

void Botan::TLS::Channel::send ( const std::vector< unsigned char, Alloc > &  val )

inline

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 126 of file tls_channel.h.

         {
         send(val.data(), val.size());
         }

send_alert()

void Botan::TLS::Channel::send_alert

(

const Alert &

alert

)

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters

alert

the Alert to send

Definition at line 564 of file tls_channel.cpp.

References Botan::TLS::ALERT, Botan::TLS::Alert::CLOSE_NOTIFY, is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Alert::NO_RENEGOTIATION, Botan::TLS::Session_Manager::remove_entry(), Botan::TLS::Alert::serialize(), and Botan::TLS::Alert::type().

   {
   if(alert.is_valid() && !is_closed())
      {
      try
         {
         send_record(ALERT, alert.serialize());
         }
      catch(...) { /* swallow it */ }
      }

   if(alert.type() == Alert::NO_RENEGOTIATION)
      m_pending_state.reset();

   if(alert.is_fatal())
      if(auto active = active_state())
         m_session_manager.remove_entry(active->server_hello()->session_id());

   if(alert.type() == Alert::CLOSE_NOTIFY || alert.is_fatal())
      reset_state();
   }

send_fatal_alert()

void Botan::TLS::Channel::send_fatal_alert ( Alert::Type  type )

inline

Send a fatal alert

Definition at line 146 of file tls_channel.h.

References type.

Referenced by received_data().

{ send_alert(Alert(type, true)); }

send_warning_alert()

void Botan::TLS::Channel::send_warning_alert ( Alert::Type  type )

inline

Send a warning alert

Definition at line 141 of file tls_channel.h.

References type.

{ send_alert(Alert(type, false)); }

session_manager()

Session_Manager& Botan::TLS::Channel::session_manager ( )

inlineprotected

Definition at line 236 of file tls_channel.h.

{ return m_session_manager; }

timeout_check()

bool Botan::TLS::Channel::timeout_check

(

)

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Definition at line 175 of file tls_channel.cpp.

   {
   if(m_pending_state)
      return m_pending_state->handshake_io().timeout_check();

   //FIXME: scan cipher suites and remove epochs older than 2*MSL
   return false;
   }

Member Data Documentation

IO_BUF_DEFAULT_SIZE

size_t Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE = 10*1024

static

Definition at line 45 of file tls_channel.h.

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls_channel.h
• src/lib/tls/tls_channel.cpp