Botan::TLS::Server Class Reference

#include <tls_server.h>

Inheritance diagram for Botan::TLS::Server:

Public Member Functions
std::string	application_protocol () const override
void	close () override
size_t	from_peer (std::span< const uint8_t > data) override
bool	is_active () const override
bool	is_closed () const override
bool	is_closed_for_reading () const override
bool	is_closed_for_writing () const override
SymmetricKey	key_material_export (std::string_view label, std::string_view context, size_t length) const override
bool	new_session_ticket_supported () const
std::vector< X509_Certificate >	peer_cert_chain () const override
size_t	received_data (const uint8_t buf[], size_t buf_size)
size_t	received_data (std::span< const uint8_t > data)
void	renegotiate (bool force_full_renegotiation=false) override
bool	secure_renegotiation_supported () const override
void	send (const uint8_t buf[], size_t buf_size)
void	send (std::span< const uint8_t > data)
void	send (std::string_view val)
void	send_alert (const Alert &alert) override
void	send_fatal_alert (Alert::Type type) override
size_t	send_new_session_tickets (const size_t tickets=1)
void	send_warning_alert (Alert::Type type) override
	Server (const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< Credentials_Manager > &creds, const std::shared_ptr< const Policy > &policy, const std::shared_ptr< RandomNumberGenerator > &rng, bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Channel::IO_BUF_DEFAULT_SIZE)
bool	timeout_check () override
void	to_peer (std::span< const uint8_t > data) override
void	update_traffic_keys (bool request_peer_update=false) override
	~Server ()

Static Public Attributes
static constexpr size_t	IO_BUF_DEFAULT_SIZE = 10*1024

Detailed Description

TLS Server

Definition at line 28 of file tls_server.h.

Constructor & Destructor Documentation

Server()

Botan::TLS::Server::Server	(	const std::shared_ptr< Callbacks > &	callbacks,
		const std::shared_ptr< Session_Manager > &	session_manager,
		const std::shared_ptr< Credentials_Manager > &	creds,
		const std::shared_ptr< const Policy > &	policy,
		const std::shared_ptr< RandomNumberGenerator > &	rng,
		bool	is_datagram = false,
		size_t	reserved_io_buffer_size = TLS::Channel::IO_BUF_DEFAULT_SIZE
	)

Server initialization

Parameters

callbacks	contains a set of callback function references required by the TLS server.
session_manager	manages session state
creds	manages application/user credentials
policy	specifies other connection policy information
rng	a random number generator
is_datagram	set to true if this server should expect DTLS connections. Otherwise TLS connections are expected.
reserved_io_buffer_size	This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely.

Definition at line 27 of file tls_server.cpp.

   {
   const auto max_version = policy->latest_supported_version(is_datagram);
 
   if(!max_version.is_pre_tls_13())
      {
#if defined(BOTAN_HAS_TLS_13)
      m_impl = std::make_unique<Server_Impl_13>(
         callbacks, session_manager, creds, policy, rng);
 
      if(m_impl->expects_downgrade())
         { m_impl->set_io_buffer_size(io_buf_sz); }
#else
      throw Not_Implemented("TLS 1.3 server is not available in this build");
#endif
      }
   else
      {
      m_impl = std::make_unique<Server_Impl_12>(
         callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz);
      }
   }

~Server()

Botan::TLS::Server::~Server ( )

default

Member Function Documentation

application_protocol()

std::string Botan::TLS::Server::application_protocol ( ) const

overridevirtual

Return the protocol notification set by the client (using the ALPN extension) for this connection, if any. This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.

Implements Botan::TLS::Channel.

Definition at line 161 of file tls_server.cpp.

   {
   return m_impl->application_protocol();
   }

close()

void Botan::TLS::Server::close ( )

overridevirtual

Send a close notification alert

Implements Botan::TLS::Channel.

Definition at line 151 of file tls_server.cpp.

   {
   m_impl->close();
   }

from_peer()

size_t Botan::TLS::Server::from_peer ( std::span< const uint8_t >  data )

overridevirtual

Implements Botan::TLS::Channel.

Definition at line 58 of file tls_server.cpp.

   {
   auto read = m_impl->from_peer(data);
 
   if(m_impl->is_downgrading())
      {
      auto info = m_impl->extract_downgrade_info();
      m_impl = std::make_unique<Server_Impl_12>(*info);
 
      // replay peer data received so far
      read = m_impl->from_peer(info->peer_transcript);
      }
 
   return read;
   }

is_active()

bool Botan::TLS::Server::is_active ( ) const

overridevirtual

Returns

true iff the connection is active for sending application data

Implements Botan::TLS::Channel.

Definition at line 74 of file tls_server.cpp.

   {
   return m_impl->is_active();
   }

is_closed()

bool Botan::TLS::Server::is_closed ( ) const

overridevirtual

Note: For TLS 1.3 a connection is closed only after both peers have signaled a "close_notify". While TLS 1.2 automatically responded in suit once the peer had sent "close_notify", TLS 1.3 allows to continue transmitting data even if the peer closed their writing end.

Returns

true iff the connection has been definitely closed

Implements Botan::TLS::Channel.

Definition at line 79 of file tls_server.cpp.

   {
   return m_impl->is_closed();
   }

is_closed_for_reading()

bool Botan::TLS::Server::is_closed_for_reading ( ) const

overridevirtual

Returns

true iff the peer closed their channel (i.e. no more incoming data expected)

Implements Botan::TLS::Channel.

Definition at line 84 of file tls_server.cpp.

   {
   return m_impl->is_closed_for_reading();
   }

is_closed_for_writing()

bool Botan::TLS::Server::is_closed_for_writing ( ) const

overridevirtual

Returns

true iff we closed our channel (i.e. no more outgoing data allowed)

Implements Botan::TLS::Channel.

Definition at line 89 of file tls_server.cpp.

   {
   return m_impl->is_closed_for_writing();
   }

key_material_export()

SymmetricKey Botan::TLS::Server::key_material_export ( std::string_view  label, std::string_view  context, size_t  length  ) const

overridevirtual

Key material export (RFC 5705)

Parameters

label	a disambiguating label string
context	a per-association context value
length	the length of the desired key in bytes

Returns

key of length bytes

Implements Botan::TLS::Channel.

Definition at line 99 of file tls_server.cpp.

   {
   return m_impl->key_material_export(label, context, length);
   }

new_session_ticket_supported()

bool Botan::TLS::Server::new_session_ticket_supported

(

)

const

Definition at line 111 of file tls_server.cpp.

   {
   return m_impl->new_session_ticket_supported();
   }

peer_cert_chain()

std::vector< X509_Certificate > Botan::TLS::Server::peer_cert_chain ( ) const

overridevirtual

Returns

certificate chain of the peer (may be empty)

Implements Botan::TLS::Channel.

Definition at line 94 of file tls_server.cpp.

   {
   return m_impl->peer_cert_chain();
   }

received_data() [1/2]

size_t Botan::TLS::Channel::received_data ( const uint8_t  buf[], size_t  buf_size  )

inlineinherited

Definition at line 49 of file tls_channel.h.

         { return this->from_peer(std::span(buf, buf_size)); }

received_data() [2/2]

size_t Botan::TLS::Channel::received_data ( std::span< const uint8_t >  data )

inlineinherited

Inject TLS traffic received from counterparty

Returns

a hint as to how many more bytes we need to process the current record (this may be 0 if on a record boundary)

Definition at line 47 of file tls_channel.h.

         { return this->from_peer(data); }

renegotiate()

void Botan::TLS::Server::renegotiate ( bool  force_full_renegotiation = false )

overridevirtual

Attempt to renegotiate the session

Parameters

force_full_renegotiation

if true, require a full renegotiation, otherwise allow session resumption

Implements Botan::TLS::Channel.

Definition at line 106 of file tls_server.cpp.

   {
   m_impl->renegotiate(force_full_renegotiation);
   }

secure_renegotiation_supported()

bool Botan::TLS::Server::secure_renegotiation_supported ( ) const

overridevirtual

Returns

true iff the counterparty supports the secure renegotiation extensions.

Implements Botan::TLS::Channel.

Definition at line 126 of file tls_server.cpp.

   {
   return m_impl->secure_renegotiation_supported();
   }

send() [1/3]

void Botan::TLS::Channel::send ( const uint8_t  buf[], size_t  buf_size  )

inlineinherited

Definition at line 58 of file tls_channel.h.

         { this->to_peer(std::span(buf, buf_size)); }

send() [2/3]

void Botan::TLS::Channel::send ( std::span< const uint8_t >  data )

inlineinherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 56 of file tls_channel.h.

         { this->to_peer(data); }

send() [3/3]

void Botan::TLS::Channel::send ( std::string_view  val )

inlineinherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 65 of file tls_channel.h.

         { this->send(std::span(cast_char_ptr_to_uint8(val.data()), val.size())); }

References Botan::cast_char_ptr_to_uint8().

send_alert()

void Botan::TLS::Server::send_alert ( const Alert &  alert )

overridevirtual

Inject plaintext intended for counterparty Throws an exception if is_active() is false Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters

alert

the Alert to send

Implements Botan::TLS::Channel.

Definition at line 136 of file tls_server.cpp.

   {
   m_impl->send_alert(alert);
   }

send_fatal_alert()

void Botan::TLS::Server::send_fatal_alert ( Alert::Type  type )

overridevirtual

Send a fatal alert

Implements Botan::TLS::Channel.

Definition at line 146 of file tls_server.cpp.

   {
   m_impl->send_fatal_alert(type);
   }

send_new_session_tickets()

size_t Botan::TLS::Server::send_new_session_tickets

(

const size_t

tickets = 1

)

Definition at line 116 of file tls_server.cpp.

   {
   return m_impl->send_new_session_tickets(tickets);
   }

send_warning_alert()

void Botan::TLS::Server::send_warning_alert ( Alert::Type  type )

overridevirtual

Send a warning alert

Implements Botan::TLS::Channel.

Definition at line 141 of file tls_server.cpp.

   {
   m_impl->send_warning_alert(type);
   }

timeout_check()

bool Botan::TLS::Server::timeout_check ( )

overridevirtual

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Implements Botan::TLS::Channel.

Definition at line 156 of file tls_server.cpp.

   {
   return m_impl->timeout_check();
   }

to_peer()

void Botan::TLS::Server::to_peer ( std::span< const uint8_t >  data )

overridevirtual

Implements Botan::TLS::Channel.

Definition at line 131 of file tls_server.cpp.

   {
   m_impl->to_peer(data);
   }

update_traffic_keys()

void Botan::TLS::Server::update_traffic_keys ( bool  request_peer_update = false )

overridevirtual

Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.

Parameters

request_peer_update

if true, require a reciprocal key update

Implements Botan::TLS::Channel.

Definition at line 121 of file tls_server.cpp.

   {
   m_impl->update_traffic_keys(request_peer_update);
   }

Member Data Documentation

IO_BUF_DEFAULT_SIZE

constexpr size_t Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE = 10*1024

staticconstexprinherited

Definition at line 33 of file tls_channel.h.

Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls_server.h
• src/lib/tls/tls_server.cpp