Botan 3.4.0
Crypto and TLS for C&
Classes | Public Member Functions | Protected Member Functions | Protected Attributes | Friends | List of all members
Botan::TLS::Channel_Impl Class Referenceabstract

#include <tls_channel_impl.h>

Inheritance diagram for Botan::TLS::Channel_Impl:
Botan::TLS::Channel_Impl_12 Botan::TLS::Channel_Impl_13 Botan::TLS::Client_Impl_12 Botan::TLS::Server_Impl_12 Botan::TLS::Client_Impl_13 Botan::TLS::Server_Impl_13

Classes

struct  Downgrade_Information
 

Public Member Functions

virtual std::string application_protocol () const =0
 
void close ()
 
bool expects_downgrade () const
 
virtual std::optional< std::string > external_psk_identity () const =0
 
std::unique_ptr< Downgrade_Informationextract_downgrade_info ()
 
virtual size_t from_peer (std::span< const uint8_t > data)=0
 
virtual bool is_active () const =0
 
virtual bool is_closed () const =0
 
virtual bool is_closed_for_reading () const =0
 
virtual bool is_closed_for_writing () const =0
 
bool is_downgrading () const
 
virtual bool is_handshake_complete () const =0
 
virtual SymmetricKey key_material_export (std::string_view label, std::string_view context, size_t length) const =0
 
virtual bool new_session_ticket_supported () const
 
virtual std::vector< X509_Certificatepeer_cert_chain () const =0
 
virtual std::shared_ptr< const Public_Keypeer_raw_public_key () const =0
 
virtual void renegotiate (bool force_full_renegotiation=false)=0
 
virtual bool secure_renegotiation_supported () const =0
 
virtual void send_alert (const Alert &alert)=0
 
void send_fatal_alert (Alert::Type type)
 
virtual size_t send_new_session_tickets (const size_t)
 
void send_warning_alert (Alert::Type type)
 
virtual bool timeout_check ()=0
 
virtual void to_peer (std::span< const uint8_t > data)=0
 
virtual void update_traffic_keys (bool request_peer_update=false)=0
 
virtual ~Channel_Impl ()=default
 

Protected Member Functions

void preserve_client_hello (std::span< const uint8_t > msg)
 
void preserve_peer_transcript (std::span< const uint8_t > input)
 
void request_downgrade ()
 
void request_downgrade_for_resumption (Session_with_Handle session)
 
void set_io_buffer_size (size_t io_buf_sz)
 

Protected Attributes

std::unique_ptr< Downgrade_Informationm_downgrade_info
 

Friends

class Client
 
class Server
 

Detailed Description

Definition at line 43 of file tls_channel_impl.h.

Constructor & Destructor Documentation

◆ ~Channel_Impl()

virtual Botan::TLS::Channel_Impl::~Channel_Impl ( )
virtualdefault

Member Function Documentation

◆ application_protocol()

virtual std::string Botan::TLS::Channel_Impl::application_protocol ( ) const
pure virtual

Return the protocol notification set for this connection, if any (ALPN). This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.

Implemented in Botan::TLS::Client_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ close()

void Botan::TLS::Channel_Impl::close ( )
inline

Send a close notification alert

Definition at line 80 of file tls_channel_impl.h.

80{ send_warning_alert(Alert::CloseNotify); }
Botan::TLS::Channel_Impl::send_warning_alert
void send_warning_alert(Alert::Type type)
Definition tls_channel_impl.h:70

References send_warning_alert().

◆ expects_downgrade()

bool Botan::TLS::Channel_Impl::expects_downgrade ( ) const
inline

Definition at line 278 of file tls_channel_impl.h.

278{ return m_downgrade_info != nullptr; }
Botan::TLS::Channel_Impl::m_downgrade_info
std::unique_ptr< Downgrade_Information > m_downgrade_info
Definition tls_channel_impl.h:224

References m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and Botan::TLS::Channel_Impl_13::from_peer().

◆ external_psk_identity()

virtual std::optional< std::string > Botan::TLS::Channel_Impl::external_psk_identity ( ) const
pure virtual
Returns
identity of the PSK used for this connection or std::nullopt if no PSK was used.

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ extract_downgrade_info()

std::unique_ptr< Downgrade_Information > Botan::TLS::Channel_Impl::extract_downgrade_info ( )
inline
See also
Downgrade_Information

Definition at line 276 of file tls_channel_impl.h.

276{ return std::exchange(m_downgrade_info, {}); }

References m_downgrade_info.

◆ from_peer()

virtual size_t Botan::TLS::Channel_Impl::from_peer ( std::span< const uint8_t > data)
pure virtual

Inject TLS traffic received from counterparty

Returns
a hint as the how many more bytes we need to q the current record (this may be 0 if on a record boundary)

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_active()

virtual bool Botan::TLS::Channel_Impl::is_active ( ) const
pure virtual
Returns
true iff the connection is active for sending application data

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_closed()

virtual bool Botan::TLS::Channel_Impl::is_closed ( ) const
pure virtual
Returns
true iff the connection has been definitely closed

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_closed_for_reading()

virtual bool Botan::TLS::Channel_Impl::is_closed_for_reading ( ) const
pure virtual
Returns
true iff the connection is active for sending application data

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_closed_for_writing()

virtual bool Botan::TLS::Channel_Impl::is_closed_for_writing ( ) const
pure virtual
Returns
true iff the connection has been definitely closed

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_downgrading()

bool Botan::TLS::Channel_Impl::is_downgrading ( ) const
inline

Indicates whether a downgrade to TLS 1.2 or lower is in progress

See also
Downgrade_Information

Definition at line 271 of file tls_channel_impl.h.

271{ return m_downgrade_info && m_downgrade_info->will_downgrade; }

References m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer(), Botan::TLS::Channel_Impl_13::key_material_export(), and Botan::TLS::Channel_Impl_13::update_traffic_keys().

◆ is_handshake_complete()

virtual bool Botan::TLS::Channel_Impl::is_handshake_complete ( ) const
pure virtual
Returns
true iff the TLS handshake has finished successfully

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

Referenced by Botan::TLS::Channel_Impl_13::from_peer(), and Botan::TLS::Channel_Impl_13::update_traffic_keys().

◆ key_material_export()

virtual SymmetricKey Botan::TLS::Channel_Impl::key_material_export ( std::string_view label,
std::string_view context,
size_t length ) const
pure virtual

Key material export (RFC 5705)

Parameters
labela disambiguating label string
contexta per-association context value
lengththe length of the desired key in bytes
Returns
key of length bytes

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ new_session_ticket_supported()

virtual bool Botan::TLS::Channel_Impl::new_session_ticket_supported ( ) const
inlinevirtual
Returns
true if this channel can issue TLS 1.3 style session tickets.

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 144 of file tls_channel_impl.h.

144{ return false; }

◆ peer_cert_chain()

virtual std::vector< X509_Certificate > Botan::TLS::Channel_Impl::peer_cert_chain ( ) const
pure virtual
Returns
certificate chain of the peer (may be empty)

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ peer_raw_public_key()

virtual std::shared_ptr< const Public_Key > Botan::TLS::Channel_Impl::peer_raw_public_key ( ) const
pure virtual
Returns
raw public key of the peer (may be nullptr)

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ preserve_client_hello()

void Botan::TLS::Channel_Impl::preserve_client_hello ( std::span< const uint8_t > msg)
inlineprotected

Definition at line 231 of file tls_channel_impl.h.

231 {
232 BOTAN_STATE_CHECK(m_downgrade_info);
233 m_downgrade_info->client_hello_message.assign(msg.begin(), msg.end());
234 }
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

◆ preserve_peer_transcript()

void Botan::TLS::Channel_Impl::preserve_peer_transcript ( std::span< const uint8_t > input)
inlineprotected

Definition at line 226 of file tls_channel_impl.h.

226 {
227 BOTAN_STATE_CHECK(m_downgrade_info);
228 m_downgrade_info->peer_transcript.insert(m_downgrade_info->peer_transcript.end(), input.begin(), input.end());
229 }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer().

◆ renegotiate()

virtual void Botan::TLS::Channel_Impl::renegotiate ( bool force_full_renegotiation = false)
pure virtual

Attempt to renegotiate the session

Parameters
force_full_renegotiationif true, require a full renegotiation, otherwise allow session resumption

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ request_downgrade()

void Botan::TLS::Channel_Impl::request_downgrade ( )
inlineprotected

Implementations use this to signal that the peer indicated a protocol version downgrade. After calling request_downgrade() no further state changes must be perfomed by the implementation. Particularly, no further handshake messages must be emitted. Instead, they must yield control flow back to the underlying Channel implementation to perform the protocol version downgrade.

Definition at line 252 of file tls_channel_impl.h.

252 {
253 BOTAN_STATE_CHECK(m_downgrade_info && !m_downgrade_info->will_downgrade);
254 m_downgrade_info->will_downgrade = true;
255 }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by request_downgrade_for_resumption().

◆ request_downgrade_for_resumption()

void Botan::TLS::Channel_Impl::request_downgrade_for_resumption ( Session_with_Handle session)
inlineprotected

Definition at line 257 of file tls_channel_impl.h.

257 {
258 BOTAN_STATE_CHECK(m_downgrade_info && m_downgrade_info->client_hello_message.empty() &&
259 m_downgrade_info->peer_transcript.empty() && !m_downgrade_info->tls12_session.has_value());
260 BOTAN_ASSERT_NOMSG(session.session.version().is_pre_tls_13());
261 m_downgrade_info->tls12_session = std::move(session);
262 request_downgrade();
263 }
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
Botan::TLS::Channel_Impl::request_downgrade
void request_downgrade()
Definition tls_channel_impl.h:252

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), m_downgrade_info, request_downgrade(), Botan::TLS::Session_with_Handle::session, and Botan::TLS::Session_Base::version().

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

◆ secure_renegotiation_supported()

virtual bool Botan::TLS::Channel_Impl::secure_renegotiation_supported ( ) const
pure virtual
Returns
true iff the counterparty supports the secure renegotiation extensions.

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ send_alert()

virtual void Botan::TLS::Channel_Impl::send_alert ( const Alert & alert)
pure virtual

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters
alertthe Alert to send

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

Referenced by send_fatal_alert(), and send_warning_alert().

◆ send_fatal_alert()

void Botan::TLS::Channel_Impl::send_fatal_alert ( Alert::Type type)
inline

Send a fatal alert

Definition at line 75 of file tls_channel_impl.h.

75{ send_alert(Alert(type, true)); }
Botan::TLS::Channel_Impl::send_alert
virtual void send_alert(const Alert &alert)=0

References Botan::TLS::Alert, and send_alert().

Referenced by Botan::TLS::Channel_Impl_12::from_peer(), and Botan::TLS::Channel_Impl_13::from_peer().

◆ send_new_session_tickets()

virtual size_t Botan::TLS::Channel_Impl::send_new_session_tickets ( const size_t )
inlinevirtual

Send tickets new session tickets to the peer. This is only supported on TLS 1.3 servers.

If the server's Session_Manager does not accept the generated Session objects, the server implementation won't be able to send new tickets. Additionally, anything but TLS 1.3 servers will return 0 (because they don't support sending such session tickets).

Returns
the number of session tickets successfully sent to the client

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 157 of file tls_channel_impl.h.

157{ return 0; }

◆ send_warning_alert()

void Botan::TLS::Channel_Impl::send_warning_alert ( Alert::Type type)
inline

Send a warning alert

Definition at line 70 of file tls_channel_impl.h.

70{ send_alert(Alert(type, false)); }

References Botan::TLS::Alert, and send_alert().

Referenced by close().

◆ set_io_buffer_size()

void Botan::TLS::Channel_Impl::set_io_buffer_size ( size_t io_buf_sz)
inlineprotected

Definition at line 239 of file tls_channel_impl.h.

239 {
240 BOTAN_STATE_CHECK(m_downgrade_info);
241 m_downgrade_info->io_buffer_size = io_buf_sz;
242 }

References BOTAN_STATE_CHECK, and m_downgrade_info.

◆ timeout_check()

virtual bool Botan::TLS::Channel_Impl::timeout_check ( )
pure virtual

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ to_peer()

virtual void Botan::TLS::Channel_Impl::to_peer ( std::span< const uint8_t > data)
pure virtual

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ update_traffic_keys()

virtual void Botan::TLS::Channel_Impl::update_traffic_keys ( bool request_peer_update = false)
pure virtual

Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.

Parameters
request_peer_updateif true, require a reciprocal key update

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

Friends And Related Symbol Documentation

◆ Client

friend class Client
friend

Definition at line 236 of file tls_channel_impl.h.

◆ Server

friend class Server
friend

Definition at line 237 of file tls_channel_impl.h.

Member Data Documentation

◆ m_downgrade_info

std::unique_ptr<Downgrade_Information> Botan::TLS::Channel_Impl::m_downgrade_info
protected

Definition at line 224 of file tls_channel_impl.h.

Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade(), expects_downgrade(), extract_downgrade_info(), Botan::TLS::Channel_Impl_13::from_peer(), is_downgrading(), preserve_client_hello(), preserve_peer_transcript(), request_downgrade(), request_downgrade_for_resumption(), and set_io_buffer_size().

The documentation for this class was generated from the following file:
Generated by doxygen 1.10.0