Botan 3.3.0
Crypto and TLS for C&
Public Member Functions | Static Public Attributes | List of all members
Botan::TLS::Server Class Referencefinal

#include <tls_server.h>

Inheritance diagram for Botan::TLS::Server:
Botan::TLS::Channel

Public Member Functions

std::string application_protocol () const override
 
void close () override
 
std::optional< std::string > external_psk_identity () const override
 
size_t from_peer (std::span< const uint8_t > data) override
 
bool is_active () const override
 
bool is_closed () const override
 
bool is_closed_for_reading () const override
 
bool is_closed_for_writing () const override
 
bool is_handshake_complete () const override
 
SymmetricKey key_material_export (std::string_view label, std::string_view context, size_t length) const override
 
bool new_session_ticket_supported () const
 
std::vector< X509_Certificatepeer_cert_chain () const override
 
std::shared_ptr< const Public_Keypeer_raw_public_key () const override
 
size_t received_data (const uint8_t buf[], size_t buf_size)
 
size_t received_data (std::span< const uint8_t > data)
 
void renegotiate (bool force_full_renegotiation=false) override
 
bool secure_renegotiation_supported () const override
 
void send (const uint8_t buf[], size_t buf_size)
 
void send (std::span< const uint8_t > data)
 
void send (std::string_view val)
 
void send_alert (const Alert &alert) override
 
void send_fatal_alert (Alert::Type type) override
 
size_t send_new_session_tickets (size_t tickets=1)
 
void send_warning_alert (Alert::Type type) override
 
 Server (const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< Credentials_Manager > &creds, const std::shared_ptr< const Policy > &policy, const std::shared_ptr< RandomNumberGenerator > &rng, bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Channel::IO_BUF_DEFAULT_SIZE)
 
bool timeout_check () override
 
void to_peer (std::span< const uint8_t > data) override
 
void update_traffic_keys (bool request_peer_update=false) override
 
 ~Server () override
 

Static Public Attributes

static constexpr size_t IO_BUF_DEFAULT_SIZE = 10 * 1024
 

Detailed Description

TLS Server

Definition at line 26 of file tls_server.h.

Constructor & Destructor Documentation

◆ Server()

Botan::TLS::Server::Server ( const std::shared_ptr< Callbacks > & callbacks,
const std::shared_ptr< Session_Manager > & session_manager,
const std::shared_ptr< Credentials_Manager > & creds,
const std::shared_ptr< const Policy > & policy,
const std::shared_ptr< RandomNumberGenerator > & rng,
bool is_datagram = false,
size_t reserved_io_buffer_size = TLS::Channel::IO_BUF_DEFAULT_SIZE )

Server initialization

Parameters
callbackscontains a set of callback function references required by the TLS server.
session_managermanages session state
credsmanages application/user credentials
policyspecifies other connection policy information
rnga random number generator
is_datagramset to true if this server should expect DTLS connections. Otherwise TLS connections are expected.
reserved_io_buffer_sizeThis many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely.

Definition at line 28 of file tls_server.cpp.

34 {
35 const auto max_version = policy->latest_supported_version(is_datagram);
36
37 if(!max_version.is_pre_tls_13()) {
38#if defined(BOTAN_HAS_TLS_13)
39 m_impl = std::make_unique<Server_Impl_13>(callbacks, session_manager, creds, policy, rng);
40
41 if(m_impl->expects_downgrade()) {
42 m_impl->set_io_buffer_size(io_buf_sz);
43 }
44#else
45 throw Not_Implemented("TLS 1.3 server is not available in this build");
46#endif
47 } else {
48 m_impl = std::make_unique<Server_Impl_12>(callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz);
49 }
50}

◆ ~Server()

Botan::TLS::Server::~Server ( )
overridedefault

Member Function Documentation

◆ application_protocol()

std::string Botan::TLS::Server::application_protocol ( ) const
overridevirtual

Return the protocol notification set by the client (using the ALPN extension) for this connection, if any. This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.

Implements Botan::TLS::Channel.

Definition at line 148 of file tls_server.cpp.

148 {
149 return m_impl->application_protocol();
150}

◆ close()

void Botan::TLS::Server::close ( )
overridevirtual

Send a close notification alert

Implements Botan::TLS::Channel.

Definition at line 140 of file tls_server.cpp.

140 {
141 m_impl->close();
142}

◆ external_psk_identity()

std::optional< std::string > Botan::TLS::Server::external_psk_identity ( ) const
overridevirtual
Returns
identity of the PSK used for this connection or std::nullopt if no PSK was used.

Implements Botan::TLS::Channel.

Definition at line 96 of file tls_server.cpp.

96 {
97 return m_impl->external_psk_identity();
98}

◆ from_peer()

size_t Botan::TLS::Server::from_peer ( std::span< const uint8_t > data)
overridevirtual

Implements Botan::TLS::Channel.

Definition at line 54 of file tls_server.cpp.

54 {
55 auto read = m_impl->from_peer(data);
56
57 if(m_impl->is_downgrading()) {
58 auto info = m_impl->extract_downgrade_info();
59 m_impl = std::make_unique<Server_Impl_12>(*info);
60
61 // replay peer data received so far
62 read = m_impl->from_peer(info->peer_transcript);
63 }
64
65 return read;
66}

◆ is_active()

bool Botan::TLS::Server::is_active ( ) const
overridevirtual

Check whether the connection is ready to send application data. Note that a TLS 1.3 server MAY send data before receiving the client's Finished message. Only after receiving the client's Finished, can the server be sure about the client's liveness and (optional) identity.

Consider using is_handshake_complete() if you need to wait until the handshake if fully complete.

Returns
true iff the connection is active for sending application data

Implements Botan::TLS::Channel.

Definition at line 72 of file tls_server.cpp.

72 {
73 return m_impl->is_active();
74}

◆ is_closed()

bool Botan::TLS::Server::is_closed ( ) const
overridevirtual

Note: For TLS 1.3 a connection is closed only after both peers have signaled a "close_notify". While TLS 1.2 automatically responded in suit once the peer had sent "close_notify", TLS 1.3 allows to continue transmitting data even if the peer closed their writing end.

Returns
true iff the connection has been definitely closed

Implements Botan::TLS::Channel.

Definition at line 76 of file tls_server.cpp.

76 {
77 return m_impl->is_closed();
78}

◆ is_closed_for_reading()

bool Botan::TLS::Server::is_closed_for_reading ( ) const
overridevirtual
Returns
true iff the peer closed their channel (i.e. no more incoming data expected)

Implements Botan::TLS::Channel.

Definition at line 80 of file tls_server.cpp.

80 {
81 return m_impl->is_closed_for_reading();
82}

◆ is_closed_for_writing()

bool Botan::TLS::Server::is_closed_for_writing ( ) const
overridevirtual
Returns
true iff we closed our channel (i.e. no more outgoing data allowed)

Implements Botan::TLS::Channel.

Definition at line 84 of file tls_server.cpp.

84 {
85 return m_impl->is_closed_for_writing();
86}

◆ is_handshake_complete()

bool Botan::TLS::Server::is_handshake_complete ( ) const
overridevirtual

Becomes true as soon as the TLS handshake is fully complete and all security assurances TLS provides can be guaranteed.

Returns
true once the TLS handshake has finished successfully

Implements Botan::TLS::Channel.

Definition at line 68 of file tls_server.cpp.

68 {
69 return m_impl->is_handshake_complete();
70}

◆ key_material_export()

SymmetricKey Botan::TLS::Server::key_material_export ( std::string_view label,
std::string_view context,
size_t length ) const
overridevirtual

Key material export (RFC 5705)

Parameters
labela disambiguating label string
contexta per-association context value
lengththe length of the desired key in bytes
Returns
key of length bytes

Implements Botan::TLS::Channel.

Definition at line 100 of file tls_server.cpp.

100 {
101 return m_impl->key_material_export(label, context, length);
102}

◆ new_session_ticket_supported()

bool Botan::TLS::Server::new_session_ticket_supported ( ) const

Definition at line 108 of file tls_server.cpp.

108 {
109 return m_impl->new_session_ticket_supported();
110}

◆ peer_cert_chain()

std::vector< X509_Certificate > Botan::TLS::Server::peer_cert_chain ( ) const
overridevirtual
Returns
certificate chain of the peer (may be empty)

Implements Botan::TLS::Channel.

Definition at line 88 of file tls_server.cpp.

88 {
89 return m_impl->peer_cert_chain();
90}

◆ peer_raw_public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Server::peer_raw_public_key ( ) const
overridevirtual
Returns
raw public key of the peer (may be nullptr)

Implements Botan::TLS::Channel.

Definition at line 92 of file tls_server.cpp.

92 {
93 return m_impl->peer_raw_public_key();
94}

◆ received_data() [1/2]

size_t Botan::TLS::Channel::received_data ( const uint8_t buf[],
size_t buf_size )
inlineinherited

Definition at line 48 of file tls_channel.h.

48{ return this->from_peer(std::span(buf, buf_size)); }
virtual size_t from_peer(std::span< const uint8_t > data)=0

◆ received_data() [2/2]

size_t Botan::TLS::Channel::received_data ( std::span< const uint8_t > data)
inlineinherited

Inject TLS traffic received from counterparty

Returns
a hint as to how many more bytes we need to process the current record (this may be 0 if on a record boundary)

Definition at line 46 of file tls_channel.h.

46{ return this->from_peer(data); }

◆ renegotiate()

void Botan::TLS::Server::renegotiate ( bool force_full_renegotiation = false)
overridevirtual

Attempt to renegotiate the session

Parameters
force_full_renegotiationif true, require a full renegotiation, otherwise allow session resumption

Implements Botan::TLS::Channel.

Definition at line 104 of file tls_server.cpp.

104 {
105 m_impl->renegotiate(force_full_renegotiation);
106}

◆ secure_renegotiation_supported()

bool Botan::TLS::Server::secure_renegotiation_supported ( ) const
overridevirtual
Returns
true iff the counterparty supports the secure renegotiation extensions.

Implements Botan::TLS::Channel.

Definition at line 120 of file tls_server.cpp.

120 {
121 return m_impl->secure_renegotiation_supported();
122}

◆ send() [1/3]

void Botan::TLS::Channel::send ( const uint8_t buf[],
size_t buf_size )
inlineinherited

Definition at line 56 of file tls_channel.h.

56{ this->to_peer(std::span(buf, buf_size)); }
virtual void to_peer(std::span< const uint8_t > data)=0

◆ send() [2/3]

void Botan::TLS::Channel::send ( std::span< const uint8_t > data)
inlineinherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 54 of file tls_channel.h.

54{ this->to_peer(data); }

◆ send() [3/3]

void Botan::TLS::Channel::send ( std::string_view val)
inlineinherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 62 of file tls_channel.h.

62{ this->send(std::span(cast_char_ptr_to_uint8(val.data()), val.size())); }
void send(std::span< const uint8_t > data)
Definition tls_channel.h:54
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:272

References Botan::cast_char_ptr_to_uint8(), and Botan::TLS::Channel::send().

Referenced by Botan::TLS::Channel::send().

◆ send_alert()

void Botan::TLS::Server::send_alert ( const Alert & alert)
overridevirtual

Inject plaintext intended for counterparty Throws an exception if is_active() is false Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters
alertthe Alert to send

Implements Botan::TLS::Channel.

Definition at line 128 of file tls_server.cpp.

128 {
129 m_impl->send_alert(alert);
130}

◆ send_fatal_alert()

void Botan::TLS::Server::send_fatal_alert ( Alert::Type type)
overridevirtual

Send a fatal alert

Implements Botan::TLS::Channel.

Definition at line 136 of file tls_server.cpp.

136 {
137 m_impl->send_fatal_alert(type);
138}

◆ send_new_session_tickets()

size_t Botan::TLS::Server::send_new_session_tickets ( size_t tickets = 1)

Definition at line 112 of file tls_server.cpp.

112 {
113 return m_impl->send_new_session_tickets(tickets);
114}

◆ send_warning_alert()

void Botan::TLS::Server::send_warning_alert ( Alert::Type type)
overridevirtual

Send a warning alert

Implements Botan::TLS::Channel.

Definition at line 132 of file tls_server.cpp.

132 {
133 m_impl->send_warning_alert(type);
134}

◆ timeout_check()

bool Botan::TLS::Server::timeout_check ( )
overridevirtual

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Implements Botan::TLS::Channel.

Definition at line 144 of file tls_server.cpp.

144 {
145 return m_impl->timeout_check();
146}

◆ to_peer()

void Botan::TLS::Server::to_peer ( std::span< const uint8_t > data)
overridevirtual

Implements Botan::TLS::Channel.

Definition at line 124 of file tls_server.cpp.

124 {
125 m_impl->to_peer(data);
126}

◆ update_traffic_keys()

void Botan::TLS::Server::update_traffic_keys ( bool request_peer_update = false)
overridevirtual

Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.

Parameters
request_peer_updateif true, require a reciprocal key update

Implements Botan::TLS::Channel.

Definition at line 116 of file tls_server.cpp.

116 {
117 m_impl->update_traffic_keys(request_peer_update);
118}

Member Data Documentation

◆ IO_BUF_DEFAULT_SIZE

constexpr size_t Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE = 10 * 1024
staticconstexprinherited

Definition at line 32 of file tls_channel.h.

Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade().


The documentation for this class was generated from the following files: