Botan 3.0.0
Crypto and TLS for C&
|
#include <tls_channel_impl_12.h>
Public Types | |
typedef std::function< void(Alert, const uint8_t[], size_t)> | alert_cb |
typedef std::function< void(const uint8_t[], size_t)> | data_cb |
typedef std::function< bool(const Session &)> | handshake_cb |
typedef std::function< void(const Handshake_Message &)> | handshake_msg_cb |
typedef std::function< void(const uint8_t[], size_t)> | output_fn |
Public Member Functions | |
virtual std::string | application_protocol () const =0 |
Channel_Impl_12 (const Channel_Impl_12 &)=delete | |
Channel_Impl_12 (const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< RandomNumberGenerator > &rng, const std::shared_ptr< const Policy > &policy, bool is_server, bool is_datagram, size_t io_buf_sz=TLS::Channel::IO_BUF_DEFAULT_SIZE) | |
void | close () |
bool | expects_downgrade () const |
std::unique_ptr< Downgrade_Information > | extract_downgrade_info () |
size_t | from_peer (std::span< const uint8_t > data) override |
bool | is_active () const override |
bool | is_closed () const override |
bool | is_closed_for_reading () const override |
bool | is_closed_for_writing () const override |
bool | is_downgrading () const |
SymmetricKey | key_material_export (std::string_view label, std::string_view context, size_t length) const override |
virtual bool | new_session_ticket_supported () const |
Channel_Impl_12 & | operator= (const Channel_Impl_12 &)=delete |
std::vector< X509_Certificate > | peer_cert_chain () const override |
void | renegotiate (bool force_full_renegotiation=false) override |
bool | secure_renegotiation_supported () const override |
void | send_alert (const Alert &alert) override |
void | send_fatal_alert (Alert::Type type) |
virtual size_t | send_new_session_tickets (const size_t) |
void | send_warning_alert (Alert::Type type) |
bool | timeout_check () override |
void | to_peer (std::span< const uint8_t > data) override |
void | update_traffic_keys (bool request_peer_update=false) override |
virtual | ~Channel_Impl_12 () |
Protected Attributes | |
std::unique_ptr< Downgrade_Information > | m_downgrade_info |
Generic interface for TLSv.12 endpoint
Definition at line 40 of file tls_channel_impl_12.h.
typedef std::function<void (Alert, const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::alert_cb |
Definition at line 45 of file tls_channel_impl_12.h.
typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::data_cb |
Definition at line 44 of file tls_channel_impl_12.h.
typedef std::function<bool (const Session&)> Botan::TLS::Channel_Impl_12::handshake_cb |
Definition at line 46 of file tls_channel_impl_12.h.
typedef std::function<void (const Handshake_Message&)> Botan::TLS::Channel_Impl_12::handshake_msg_cb |
Definition at line 47 of file tls_channel_impl_12.h.
typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::output_fn |
Definition at line 43 of file tls_channel_impl_12.h.
|
explicit |
Set up a new TLS session
callbacks | contains a set of callback function references required by the TLS endpoint. |
session_manager | manages session state |
rng | a random number generator |
policy | specifies other connection policy information |
is_server | whether this is a server session or not |
is_datagram | whether this is a DTLS session |
io_buf_sz | This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely. |
Definition at line 22 of file tls_channel_impl_12.cpp.
References BOTAN_ASSERT_NONNULL.
|
explicitdelete |
|
virtualdefault |
|
protected |
Definition at line 255 of file tls_channel_impl_12.cpp.
References callbacks(), Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().
|
pure virtualinherited |
Return the protocol notification set for this connection, if any (ALPN). This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.
Implemented in Botan::TLS::Client_Impl_12, Botan::TLS::Client_Impl_13, and Botan::TLS::Server_Impl_13.
|
inlineprotected |
Definition at line 177 of file tls_channel_impl_12.h.
Referenced by activate_session().
|
protected |
Definition at line 186 of file tls_channel_impl_12.cpp.
References BOTAN_ASSERT, Botan::TLS::Client, Botan::TLS::Connection_Sequence_Numbers::current_read_epoch(), Botan::TLS::Connection_Sequence_Numbers::new_read_cipher_state(), and Botan::TLS::Server.
|
protected |
Definition at line 215 of file tls_channel_impl_12.cpp.
References BOTAN_ASSERT, Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), and Botan::TLS::Connection_Sequence_Numbers::new_write_cipher_state().
|
inlineinherited |
Send a close notification alert
Definition at line 81 of file tls_channel_impl.h.
References Botan::TLS::Channel_Impl::send_warning_alert().
|
protected |
Definition at line 105 of file tls_channel_impl_12.cpp.
References Botan::TLS::Protocol_Version::is_datagram_protocol(), new_handshake_state(), policy(), and Botan::TLS::Protocol_Version::to_string().
Referenced by Botan::TLS::Client_Impl_12::Client_Impl_12(), and renegotiate().
|
inlineinherited |
Definition at line 271 of file tls_channel_impl.h.
References Botan::TLS::Channel_Impl::m_downgrade_info.
Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and Botan::TLS::Channel_Impl_13::from_peer().
|
inlineinherited |
Definition at line 269 of file tls_channel_impl.h.
References Botan::TLS::Channel_Impl::m_downgrade_info.
|
overridevirtual |
Inject TLS traffic received from counterparty
Implements Botan::TLS::Channel_Impl.
Definition at line 275 of file tls_channel_impl_12.cpp.
References Botan::TLS::Alert, Botan::TLS::Policy::allow_dtls_epoch0_restart(), Botan::TLS::ApplicationData, BOTAN_ASSERT, BOTAN_ASSERT_IMPLICATION, Botan::TLS::ChangeCipherSpec, Botan::TLS::Record_Header::epoch(), Botan::TLS::Handshake, Botan::TLS::Invalid, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Record_Header::needed(), policy(), Botan::TLS::read_record(), Botan::TLS::Channel_Impl::send_fatal_alert(), Botan::TLS::Record_Header::sequence(), Botan::TLS::Record_Header::type(), Botan::TLS::TLS_Exception::type(), and Botan::TLS::Record_Header::version().
|
protectedpure virtual |
Referenced by peer_cert_chain().
|
protectedpure virtual |
Referenced by renegotiate().
|
protected |
|
overridevirtual |
Implements Botan::TLS::Channel_Impl.
Definition at line 243 of file tls_channel_impl_12.cpp.
References is_closed().
Referenced by to_peer().
|
overridevirtual |
Implements Botan::TLS::Channel_Impl.
Definition at line 250 of file tls_channel_impl_12.cpp.
Referenced by is_active(), is_closed_for_reading(), is_closed_for_writing(), and send_alert().
|
inlineoverridevirtual |
Implements Botan::TLS::Channel_Impl.
Definition at line 97 of file tls_channel_impl_12.h.
References is_closed().
|
inlineoverridevirtual |
Implements Botan::TLS::Channel_Impl.
Definition at line 98 of file tls_channel_impl_12.h.
References is_closed().
|
inlineinherited |
Indicates whether a downgrade to TLS 1.2 or lower is in progress
Definition at line 264 of file tls_channel_impl.h.
References Botan::TLS::Channel_Impl::m_downgrade_info.
Referenced by Botan::TLS::Channel_Impl_13::from_peer(), Botan::TLS::Channel_Impl_13::key_material_export(), and Botan::TLS::Channel_Impl_13::update_traffic_keys().
|
overridevirtual |
Key material export (RFC 5705)
label | a disambiguating label string |
context | a per-association context value |
length | the length of the desired key in bytes |
Implements Botan::TLS::Channel_Impl.
Definition at line 701 of file tls_channel_impl_12.cpp.
References Botan::to_byte_vector().
|
protectedpure virtual |
Referenced by create_handshake_state().
|
inlinevirtualinherited |
Reimplemented in Botan::TLS::Server_Impl_13.
Definition at line 129 of file tls_channel_impl.h.
|
delete |
|
overridevirtual |
Implements Botan::TLS::Channel_Impl.
Definition at line 98 of file tls_channel_impl_12.cpp.
References get_peer_cert_chain().
|
inlineprotected |
Definition at line 175 of file tls_channel_impl_12.h.
Referenced by create_handshake_state(), from_peer(), and renegotiate().
|
inlineprotectedinherited |
Definition at line 219 of file tls_channel_impl.h.
References BOTAN_STATE_CHECK, and Botan::TLS::Channel_Impl::m_downgrade_info.
Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().
|
inlineprotectedinherited |
Definition at line 212 of file tls_channel_impl.h.
References BOTAN_STATE_CHECK, and Botan::TLS::Channel_Impl::m_downgrade_info.
Referenced by Botan::TLS::Channel_Impl_13::from_peer().
|
protectedpure virtual |
|
overridevirtual |
Attempt to renegotiate the session
force_full_renegotiation | if true, require a full renegotiation, otherwise allow session resumption |
Implements Botan::TLS::Channel_Impl.
Definition at line 164 of file tls_channel_impl_12.cpp.
References Botan::TLS::Policy::allow_resumption_for_renegotiation(), create_handshake_state(), initiate_handshake(), and policy().
|
inlineprotectedinherited |
Implementations use this to signal that the peer indicated a protocol version downgrade. After calling request_downgrade()
no further state changes must be perfomed by the implementation. Particularly, no further handshake messages must be emitted. Instead, they must yield control flow back to the underlying Channel implementation to perform the protocol version downgrade.
Definition at line 241 of file tls_channel_impl.h.
References BOTAN_STATE_CHECK, and Botan::TLS::Channel_Impl::m_downgrade_info.
Referenced by Botan::TLS::Channel_Impl::request_downgrade_for_resumption().
|
inlineprotectedinherited |
Definition at line 247 of file tls_channel_impl.h.
References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), Botan::TLS::Channel_Impl::m_downgrade_info, Botan::TLS::Channel_Impl::request_downgrade(), Botan::TLS::Session_with_Handle::session, and Botan::TLS::Session_Base::version().
Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().
|
protected |
Definition at line 59 of file tls_channel_impl_12.cpp.
References BOTAN_ASSERT_NOMSG.
|
inlineprotected |
Definition at line 171 of file tls_channel_impl_12.h.
|
protected |
Definition at line 624 of file tls_channel_impl_12.cpp.
References Botan::TLS::Client_Hello_12::renegotiation_info(), Botan::TLS::Client_Hello_12::secure_renegotiation(), and secure_renegotiation_data_for_client_hello().
Referenced by Botan::TLS::Client_Impl_12::Client_Impl_12().
|
protected |
Definition at line 647 of file tls_channel_impl_12.cpp.
References Botan::TLS::Server_Hello_12::renegotiation_info(), Botan::TLS::Server_Hello_12::secure_renegotiation(), and secure_renegotiation_data_for_server_hello().
|
protected |
Definition at line 670 of file tls_channel_impl_12.cpp.
Referenced by secure_renegotiation_check().
|
protected |
Definition at line 677 of file tls_channel_impl_12.cpp.
Referenced by secure_renegotiation_check().
|
overridevirtual |
Implements Botan::TLS::Channel_Impl.
Definition at line 689 of file tls_channel_impl_12.cpp.
|
overridevirtual |
Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.
alert | the Alert to send |
Implements Botan::TLS::Channel_Impl.
Definition at line 590 of file tls_channel_impl_12.cpp.
References Botan::TLS::Alert, is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Session_Manager::remove(), Botan::TLS::Alert::serialize(), session_manager(), and Botan::TLS::Alert::type().
|
inlineinherited |
Send a fatal alert
Definition at line 76 of file tls_channel_impl.h.
References Botan::TLS::Channel_Impl::send_alert().
Referenced by from_peer(), and Botan::TLS::Channel_Impl_13::from_peer().
|
inlinevirtualinherited |
Send tickets
new session tickets to the peer. This is only supported on TLS 1.3 servers.
If the server's Session_Manager does not accept the generated Session objects, the server implementation won't be able to send new tickets. Additionally, anything but TLS 1.3 servers will return 0 (because they don't support sending such session tickets).
Reimplemented in Botan::TLS::Server_Impl_13.
Definition at line 142 of file tls_channel_impl.h.
|
inlineinherited |
Send a warning alert
Definition at line 71 of file tls_channel_impl.h.
References Botan::TLS::Channel_Impl::send_alert().
Referenced by Botan::TLS::Channel_Impl::close().
|
inlineprotected |
Definition at line 173 of file tls_channel_impl_12.h.
Referenced by send_alert().
|
inlineprotectedinherited |
Definition at line 227 of file tls_channel_impl.h.
References BOTAN_STATE_CHECK, and Botan::TLS::Channel_Impl::m_downgrade_info.
|
overridevirtual |
Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.
Implements Botan::TLS::Channel_Impl.
Definition at line 155 of file tls_channel_impl_12.cpp.
|
overridevirtual |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Implements Botan::TLS::Channel_Impl.
Definition at line 581 of file tls_channel_impl_12.cpp.
References Botan::TLS::ApplicationData, and is_active().
|
overridevirtual |
Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.
request_peer_update | if true, require a reciprocal key update |
Implements Botan::TLS::Channel_Impl.
Definition at line 181 of file tls_channel_impl_12.cpp.
|
protectedinherited |
Definition at line 210 of file tls_channel_impl.h.
Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade(), Botan::TLS::Channel_Impl::expects_downgrade(), Botan::TLS::Channel_Impl::extract_downgrade_info(), Botan::TLS::Channel_Impl_13::from_peer(), Botan::TLS::Channel_Impl::is_downgrading(), Botan::TLS::Channel_Impl::preserve_client_hello(), Botan::TLS::Channel_Impl::preserve_peer_transcript(), Botan::TLS::Channel_Impl::request_downgrade(), Botan::TLS::Channel_Impl::request_downgrade_for_resumption(), and Botan::TLS::Channel_Impl::set_io_buffer_size().