Botan 3.9.0
Crypto and TLS for C&
Classes | Public Member Functions | Protected Member Functions | Protected Attributes | Friends | List of all members
Botan::TLS::Channel_Impl Class Referenceabstract

#include <tls_channel_impl.h>

Inheritance diagram for Botan::TLS::Channel_Impl:
Botan::TLS::Channel_Impl_12 Botan::TLS::Channel_Impl_13 Botan::TLS::Client_Impl_12 Botan::TLS::Server_Impl_12 Botan::TLS::Client_Impl_13 Botan::TLS::Server_Impl_13

Classes

struct  Downgrade_Information

Public Member Functions

virtual std::string application_protocol () const =0
 Channel_Impl (Channel_Impl &&other)=default
 Channel_Impl (const Channel_Impl &other)=delete
void close ()
bool expects_downgrade () const
virtual std::optional< std::string > external_psk_identity () const =0
std::unique_ptr< Downgrade_Informationextract_downgrade_info ()
virtual size_t from_peer (std::span< const uint8_t > data)=0
virtual bool is_active () const =0
virtual bool is_closed () const =0
virtual bool is_closed_for_reading () const =0
virtual bool is_closed_for_writing () const =0
bool is_downgrading () const
virtual bool is_handshake_complete () const =0
virtual SymmetricKey key_material_export (std::string_view label, std::string_view context, size_t length) const =0
virtual bool new_session_ticket_supported () const
Channel_Imploperator= (Channel_Impl &&other)=delete
Channel_Imploperator= (const Channel_Impl &other)=delete
virtual std::vector< X509_Certificatepeer_cert_chain () const =0
virtual std::shared_ptr< const Public_Keypeer_raw_public_key () const =0
virtual void renegotiate (bool force_full_renegotiation=false)=0
virtual bool secure_renegotiation_supported () const =0
virtual void send_alert (const Alert &alert)=0
void send_fatal_alert (Alert::Type type)
virtual size_t send_new_session_tickets (const size_t)
void send_warning_alert (Alert::Type type)
virtual bool timeout_check ()=0
virtual void to_peer (std::span< const uint8_t > data)=0
virtual void update_traffic_keys (bool request_peer_update=false)=0
virtual ~Channel_Impl ()=default

Protected Member Functions

 Channel_Impl ()=default
void preserve_client_hello (std::span< const uint8_t > msg)
void preserve_peer_transcript (std::span< const uint8_t > input)
void request_downgrade ()
void request_downgrade_for_resumption (Session_with_Handle session)
void set_io_buffer_size (size_t io_buf_sz)

Protected Attributes

std::unique_ptr< Downgrade_Informationm_downgrade_info

Friends

class Client
class Server

Detailed Description

Definition at line 44 of file tls_channel_impl.h.

Constructor & Destructor Documentation

◆ ~Channel_Impl()

virtual Botan::TLS::Channel_Impl::~Channel_Impl ( )
virtualdefault

◆ Channel_Impl() [1/3]

Botan::TLS::Channel_Impl::Channel_Impl ( const Channel_Impl & other)
delete

References Channel_Impl().

Referenced by Channel_Impl(), Channel_Impl(), operator=(), and operator=().

◆ Channel_Impl() [2/3]

Botan::TLS::Channel_Impl::Channel_Impl ( Channel_Impl && other)
default

References Channel_Impl().

◆ Channel_Impl() [3/3]

Botan::TLS::Channel_Impl::Channel_Impl ( )
protecteddefault

Member Function Documentation

◆ application_protocol()

virtual std::string Botan::TLS::Channel_Impl::application_protocol ( ) const
pure virtual

Return the protocol notification set for this connection, if any (ALPN). This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.

Implemented in Botan::TLS::Client_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ close()

void Botan::TLS::Channel_Impl::close ( )
inline

Send a close notification alert

Definition at line 86 of file tls_channel_impl.h.

86{ send_warning_alert(Alert::CloseNotify); }
Botan::TLS::Channel_Impl::send_warning_alert
void send_warning_alert(Alert::Type type)
Definition tls_channel_impl.h:76

References send_warning_alert().

◆ expects_downgrade()

bool Botan::TLS::Channel_Impl::expects_downgrade ( ) const
inline

Definition at line 286 of file tls_channel_impl.h.

286{ return m_downgrade_info != nullptr; }
Botan::TLS::Channel_Impl::m_downgrade_info
std::unique_ptr< Downgrade_Information > m_downgrade_info
Definition tls_channel_impl.h:232

References m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and Botan::TLS::Channel_Impl_13::from_peer().

◆ external_psk_identity()

virtual std::optional< std::string > Botan::TLS::Channel_Impl::external_psk_identity ( ) const
pure virtual
Returns
identity of the PSK used for this connection or std::nullopt if no PSK was used.

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ extract_downgrade_info()

std::unique_ptr< Downgrade_Information > Botan::TLS::Channel_Impl::extract_downgrade_info ( )
inline
See also
Downgrade_Information

Definition at line 284 of file tls_channel_impl.h.

284{ return std::exchange(m_downgrade_info, {}); }

References m_downgrade_info.

◆ from_peer()

virtual size_t Botan::TLS::Channel_Impl::from_peer ( std::span< const uint8_t > data)
pure virtual

Inject TLS traffic received from counterparty

Returns
a hint as the how many more bytes we need to q the current record (this may be 0 if on a record boundary)

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_active()

virtual bool Botan::TLS::Channel_Impl::is_active ( ) const
pure virtual
Returns
true iff the connection is active for sending application data

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_closed()

virtual bool Botan::TLS::Channel_Impl::is_closed ( ) const
pure virtual
Returns
true iff the connection has been definitely closed

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_closed_for_reading()

virtual bool Botan::TLS::Channel_Impl::is_closed_for_reading ( ) const
pure virtual
Returns
true iff the connection is active for sending application data

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_closed_for_writing()

virtual bool Botan::TLS::Channel_Impl::is_closed_for_writing ( ) const
pure virtual
Returns
true iff the connection has been definitely closed

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ is_downgrading()

bool Botan::TLS::Channel_Impl::is_downgrading ( ) const
inline

Indicates whether a downgrade to TLS 1.2 or lower is in progress

See also
Downgrade_Information

Definition at line 279 of file tls_channel_impl.h.

279{ return m_downgrade_info && m_downgrade_info->will_downgrade; }

References m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer(), Botan::TLS::Channel_Impl_13::key_material_export(), and Botan::TLS::Channel_Impl_13::update_traffic_keys().

◆ is_handshake_complete()

virtual bool Botan::TLS::Channel_Impl::is_handshake_complete ( ) const
pure virtual
Returns
true iff the TLS handshake has finished successfully

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

Referenced by Botan::TLS::Channel_Impl_13::from_peer(), and Botan::TLS::Channel_Impl_13::update_traffic_keys().

◆ key_material_export()

virtual SymmetricKey Botan::TLS::Channel_Impl::key_material_export ( std::string_view label,
std::string_view context,
size_t length ) const
pure virtual

Key material export (RFC 5705)

Parameters
labela disambiguating label string
contexta per-association context value
lengththe length of the desired key in bytes
Returns
key of length bytes

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ new_session_ticket_supported()

virtual bool Botan::TLS::Channel_Impl::new_session_ticket_supported ( ) const
inlinevirtual
Returns
true if this channel can issue TLS 1.3 style session tickets.

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 150 of file tls_channel_impl.h.

150{ return false; }

◆ operator=() [1/2]

Channel_Impl & Botan::TLS::Channel_Impl::operator= ( Channel_Impl && other)
delete

References Channel_Impl().

◆ operator=() [2/2]

Channel_Impl & Botan::TLS::Channel_Impl::operator= ( const Channel_Impl & other)
delete

References Channel_Impl().

◆ peer_cert_chain()

virtual std::vector< X509_Certificate > Botan::TLS::Channel_Impl::peer_cert_chain ( ) const
pure virtual
Returns
certificate chain of the peer (may be empty)

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ peer_raw_public_key()

virtual std::shared_ptr< const Public_Key > Botan::TLS::Channel_Impl::peer_raw_public_key ( ) const
pure virtual
Returns
raw public key of the peer (may be nullptr)

Implemented in Botan::TLS::Channel_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.

◆ preserve_client_hello()

void Botan::TLS::Channel_Impl::preserve_client_hello ( std::span< const uint8_t > msg)
inlineprotected

Definition at line 239 of file tls_channel_impl.h.

239 {
240 BOTAN_STATE_CHECK(m_downgrade_info);
241 m_downgrade_info->client_hello_message.assign(msg.begin(), msg.end());
242 }
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

◆ preserve_peer_transcript()

void Botan::TLS::Channel_Impl::preserve_peer_transcript ( std::span< const uint8_t > input)
inlineprotected

Definition at line 234 of file tls_channel_impl.h.

234 {
235 BOTAN_STATE_CHECK(m_downgrade_info);
236 m_downgrade_info->peer_transcript.insert(m_downgrade_info->peer_transcript.end(), input.begin(), input.end());
237 }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer().

◆ renegotiate()

virtual void Botan::TLS::Channel_Impl::renegotiate ( bool force_full_renegotiation = false)
pure virtual

Attempt to renegotiate the session

Parameters
force_full_renegotiationif true, require a full renegotiation, otherwise allow session resumption

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ request_downgrade()

void Botan::TLS::Channel_Impl::request_downgrade ( )
inlineprotected

Implementations use this to signal that the peer indicated a protocol version downgrade. After calling request_downgrade() no further state changes must be perfomed by the implementation. Particularly, no further handshake messages must be emitted. Instead, they must yield control flow back to the underlying Channel implementation to perform the protocol version downgrade.

Definition at line 260 of file tls_channel_impl.h.

260 {
261 BOTAN_STATE_CHECK(m_downgrade_info && !m_downgrade_info->will_downgrade);
262 m_downgrade_info->will_downgrade = true;
263 }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by request_downgrade_for_resumption().

◆ request_downgrade_for_resumption()

void Botan::TLS::Channel_Impl::request_downgrade_for_resumption ( Session_with_Handle session)
inlineprotected

Definition at line 265 of file tls_channel_impl.h.

265 {
266 BOTAN_STATE_CHECK(m_downgrade_info && m_downgrade_info->client_hello_message.empty() &&
267 m_downgrade_info->peer_transcript.empty() && !m_downgrade_info->tls12_session.has_value());
268 BOTAN_ASSERT_NOMSG(session.session.version().is_pre_tls_13());
269 m_downgrade_info->tls12_session = std::move(session);
270 request_downgrade();
271 }
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::TLS::Channel_Impl::request_downgrade
void request_downgrade()
Definition tls_channel_impl.h:260

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), m_downgrade_info, request_downgrade(), Botan::TLS::Session_with_Handle::session, and Botan::TLS::Session_Base::version().

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

◆ secure_renegotiation_supported()

virtual bool Botan::TLS::Channel_Impl::secure_renegotiation_supported ( ) const
pure virtual
Returns
true iff the counterparty supports the secure renegotiation extensions.

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ send_alert()

virtual void Botan::TLS::Channel_Impl::send_alert ( const Alert & alert)
pure virtual

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters
alertthe Alert to send

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

Referenced by send_fatal_alert(), and send_warning_alert().

◆ send_fatal_alert()

void Botan::TLS::Channel_Impl::send_fatal_alert ( Alert::Type type)
inline

Send a fatal alert

Definition at line 81 of file tls_channel_impl.h.

81{ send_alert(Alert(type, true)); }
Botan::TLS::Channel_Impl::send_alert
virtual void send_alert(const Alert &alert)=0

References Botan::TLS::Alert, and send_alert().

Referenced by Botan::TLS::Channel_Impl_12::from_peer(), and Botan::TLS::Channel_Impl_13::from_peer().

◆ send_new_session_tickets()

virtual size_t Botan::TLS::Channel_Impl::send_new_session_tickets ( const size_t )
inlinevirtual

Send tickets new session tickets to the peer. This is only supported on TLS 1.3 servers.

If the server's Session_Manager does not accept the generated Session objects, the server implementation won't be able to send new tickets. Additionally, anything but TLS 1.3 servers will return 0 (because they don't support sending such session tickets).

Returns
the number of session tickets successfully sent to the client

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 163 of file tls_channel_impl.h.

163{ return 0; }

◆ send_warning_alert()

void Botan::TLS::Channel_Impl::send_warning_alert ( Alert::Type type)
inline

Send a warning alert

Definition at line 76 of file tls_channel_impl.h.

76{ send_alert(Alert(type, false)); }

References Botan::TLS::Alert, and send_alert().

Referenced by close().

◆ set_io_buffer_size()

void Botan::TLS::Channel_Impl::set_io_buffer_size ( size_t io_buf_sz)
inlineprotected

Definition at line 247 of file tls_channel_impl.h.

247 {
248 BOTAN_STATE_CHECK(m_downgrade_info);
249 m_downgrade_info->io_buffer_size = io_buf_sz;
250 }

References BOTAN_STATE_CHECK, and m_downgrade_info.

◆ timeout_check()

virtual bool Botan::TLS::Channel_Impl::timeout_check ( )
pure virtual

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ to_peer()

virtual void Botan::TLS::Channel_Impl::to_peer ( std::span< const uint8_t > data)
pure virtual

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ update_traffic_keys()

virtual void Botan::TLS::Channel_Impl::update_traffic_keys ( bool request_peer_update = false)
pure virtual

Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.

Parameters
request_peer_updateif true, require a reciprocal key update

Implemented in Botan::TLS::Channel_Impl_12, and Botan::TLS::Channel_Impl_13.

◆ Client

friend class Client
friend

Definition at line 244 of file tls_channel_impl.h.

References Client.

Referenced by Botan::TLS::Channel_Impl_13::Channel_Impl_13(), and Client.

◆ Server

friend class Server
friend

Definition at line 245 of file tls_channel_impl.h.

References Server.

Referenced by Botan::TLS::Channel_Impl_13::Channel_Impl_13(), and Server.

Member Data Documentation

◆ m_downgrade_info

std::unique_ptr<Downgrade_Information> Botan::TLS::Channel_Impl::m_downgrade_info
protected

Definition at line 232 of file tls_channel_impl.h.

Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade(), expects_downgrade(), extract_downgrade_info(), Botan::TLS::Channel_Impl_13::from_peer(), is_downgrading(), preserve_client_hello(), preserve_peer_transcript(), request_downgrade(), request_downgrade_for_resumption(), and set_io_buffer_size().

The documentation for this class was generated from the following file:
Generated by doxygen 1.14.0