Botan  2.4.0
Crypto and TLS for C++11
Public Types | Public Member Functions | Static Public Attributes | Protected Member Functions | List of all members
Botan::TLS::Server Class Referencefinal

#include <tls_server.h>

Inheritance diagram for Botan::TLS::Server:
Botan::TLS::Channel

Public Types

typedef std::function< void(Alert, const uint8_t[], size_t)> alert_cb
 
typedef std::function< void(const uint8_t[], size_t)> data_cb
 
typedef std::function< bool(const Session &)> handshake_cb
 
typedef std::function< void(const Handshake_Message &)> handshake_msg_cb
 
typedef std::function< std::string(std::vector< std::string >)> next_protocol_fn
 
typedef std::function< void(const uint8_t[], size_t)> output_fn
 

Public Member Functions

void close ()
 
bool is_active () const
 
bool is_closed () const
 
SymmetricKey key_material_export (const std::string &label, const std::string &context, size_t length) const
 
std::string next_protocol () const
 
std::vector< X509_Certificatepeer_cert_chain () const
 
size_t received_data (const uint8_t buf[], size_t buf_size)
 
size_t received_data (const std::vector< uint8_t > &buf)
 
void renegotiate (bool force_full_renegotiation=false)
 
bool secure_renegotiation_supported () const
 
void send (const uint8_t buf[], size_t buf_size)
 
void send (const std::string &val)
 
template<typename Alloc >
void send (const std::vector< unsigned char, Alloc > &val)
 
void send_alert (const Alert &alert)
 
void send_fatal_alert (Alert::Type type)
 
void send_warning_alert (Alert::Type type)
 
 Server (Callbacks &callbacks, Session_Manager &session_manager, Credentials_Manager &creds, const Policy &policy, RandomNumberGenerator &rng, bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Server::IO_BUF_DEFAULT_SIZE)
 
 Server (output_fn output, data_cb data_cb, alert_cb alert_cb, handshake_cb handshake_cb, Session_Manager &session_manager, Credentials_Manager &creds, const Policy &policy, RandomNumberGenerator &rng, next_protocol_fn next_proto=next_protocol_fn(), bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Server::IO_BUF_DEFAULT_SIZE)
 
 Server (output_fn output, data_cb data_cb, alert_cb alert_cb, handshake_cb handshake_cb, handshake_msg_cb hs_msg_cb, Session_Manager &session_manager, Credentials_Manager &creds, const Policy &policy, RandomNumberGenerator &rng, next_protocol_fn next_proto=next_protocol_fn(), bool is_datagram=false)
 
bool timeout_check ()
 

Static Public Attributes

static size_t IO_BUF_DEFAULT_SIZE = 10*1024
 

Protected Member Functions

void activate_session ()
 
Callbackscallbacks () const
 
void change_cipher_spec_reader (Connection_Side side)
 
void change_cipher_spec_writer (Connection_Side side)
 
Handshake_Statecreate_handshake_state (Protocol_Version version)
 
void inspect_handshake_message (const Handshake_Message &msg)
 
const Policypolicy () const
 
RandomNumberGeneratorrng ()
 
bool save_session (const Session &session)
 
void secure_renegotiation_check (const Client_Hello *client_hello)
 
void secure_renegotiation_check (const Server_Hello *server_hello)
 
std::vector< uint8_t > secure_renegotiation_data_for_client_hello () const
 
std::vector< uint8_t > secure_renegotiation_data_for_server_hello () const
 
Session_Managersession_manager ()
 

Detailed Description

TLS Server

Definition at line 26 of file tls_server.h.

Member Typedef Documentation

◆ alert_cb

typedef std::function<void (Alert, const uint8_t[], size_t)> Botan::TLS::Channel::alert_cb
inherited

Definition at line 42 of file tls_channel.h.

◆ data_cb

typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::data_cb
inherited

Definition at line 41 of file tls_channel.h.

◆ handshake_cb

typedef std::function<bool (const Session&)> Botan::TLS::Channel::handshake_cb
inherited

Definition at line 43 of file tls_channel.h.

◆ handshake_msg_cb

typedef std::function<void (const Handshake_Message&)> Botan::TLS::Channel::handshake_msg_cb
inherited

Definition at line 44 of file tls_channel.h.

◆ next_protocol_fn

typedef std::function<std::string (std::vector<std::string>)> Botan::TLS::Server::next_protocol_fn

Definition at line 29 of file tls_server.h.

◆ output_fn

typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::output_fn
inherited

Definition at line 40 of file tls_channel.h.

Constructor & Destructor Documentation

◆ Server() [1/3]

Botan::TLS::Server::Server ( Callbacks callbacks,
Session_Manager session_manager,
Credentials_Manager creds,
const Policy policy,
RandomNumberGenerator rng,
bool  is_datagram = false,
size_t  reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE 
)

Server initialization

Parameters
callbackscontains a set of callback function references required by the TLS client.
session_managermanages session state
credsmanages application/user credentials
policyspecifies other connection policy information
rnga random number generator
is_datagramset to true if this server should expect DTLS connections. Otherwise TLS connections are expected.
reserved_io_buffer_sizeThis many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely.

Definition at line 309 of file tls_server.cpp.

315  :
317  is_datagram, io_buf_sz),
318  m_creds(creds)
319  {
320  }
RandomNumberGenerator & rng()
Definition: tls_channel.h:234
Channel(Callbacks &callbacks, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE)
Definition: tls_channel.cpp:26
Callbacks & callbacks() const
Definition: tls_channel.h:242
const Policy & policy() const
Definition: tls_channel.h:238
Session_Manager & session_manager()
Definition: tls_channel.h:236

◆ Server() [2/3]

Botan::TLS::Server::Server ( output_fn  output,
data_cb  data_cb,
alert_cb  alert_cb,
handshake_cb  handshake_cb,
Session_Manager session_manager,
Credentials_Manager creds,
const Policy policy,
RandomNumberGenerator rng,
next_protocol_fn  next_proto = next_protocol_fn(),
bool  is_datagram = false,
size_t  reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE 
)

DEPRECATED. This constructor is only provided for backward compatibility and should not be used in new implementations.

Definition at line 322 of file tls_server.cpp.

332  :
335  rng, policy, is_datagram, io_buf_sz),
336  m_creds(creds),
337  m_choose_next_protocol(next_proto)
338  {
339  }
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
Definition: tls_channel.h:42
RandomNumberGenerator & rng()
Definition: tls_channel.h:234
std::function< bool(const Session &)> handshake_cb
Definition: tls_channel.h:43
std::function< void(const uint8_t[], size_t)> data_cb
Definition: tls_channel.h:41
Channel(Callbacks &callbacks, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE)
Definition: tls_channel.cpp:26
const Policy & policy() const
Definition: tls_channel.h:238
Session_Manager & session_manager()
Definition: tls_channel.h:236
std::function< void(const Handshake_Message &)> handshake_msg_cb
Definition: tls_channel.h:44

◆ Server() [3/3]

Botan::TLS::Server::Server ( output_fn  output,
data_cb  data_cb,
alert_cb  alert_cb,
handshake_cb  handshake_cb,
handshake_msg_cb  hs_msg_cb,
Session_Manager session_manager,
Credentials_Manager creds,
const Policy policy,
RandomNumberGenerator rng,
next_protocol_fn  next_proto = next_protocol_fn(),
bool  is_datagram = false 
)

DEPRECATED. This constructor is only provided for backward compatibility and should not be used in new implementations.

Definition at line 342 of file tls_server.cpp.

References Botan::TLS::Channel::activate_session(), Botan::TLS::Alert::BAD_CERTIFICATE, BOTAN_ASSERT, Botan::TLS::Channel::callbacks(), Botan::TLS::CERTIFICATE, Botan::TLS::CERTIFICATE_VERIFY, Botan::TLS::Channel::change_cipher_spec_reader(), Botan::TLS::Channel::change_cipher_spec_writer(), Botan::TLS::CLIENT, Botan::TLS::CLIENT_HELLO, Botan::TLS::CLIENT_KEX, Botan::TLS::Alert::DECRYPT_ERROR, Botan::TLS::Session::encrypt(), Botan::TLS::FINISHED, Botan::TLS::HANDSHAKE_CCS, Botan::TLS::Handshake_State::handshake_io(), Botan::TLS::HANDSHAKE_NONE, Botan::TLS::Alert::INAPPROPRIATE_FALLBACK, Botan::TLS::Protocol_Version::is_datagram_protocol(), Botan::TLS::Protocol_Version::known_version(), Botan::TLS::Policy::latest_supported_version(), Botan::OctetString::length(), Botan::TLS::Protocol_Version::major_version(), Botan::TLS::make_hello_random(), Botan::TLS::Session::master_secret(), Botan::TLS::Protocol_Version::minor_version(), Botan::TLS::Alert::NO_RENEGOTIATION, Botan::TLS::Session::peer_certs(), Botan::TLS::Channel::policy(), Botan::Credentials_Manager::private_key_for(), Botan::TLS::Alert::PROTOCOL_VERSION, Botan::Credentials_Manager::psk(), Botan::TLS::Session_Manager::remove_entry(), Botan::TLS::Channel::rng(), Botan::TLS::Session_Manager::save(), Botan::TLS::Channel::save_session(), Botan::TLS::Channel::secure_renegotiation_check(), Botan::TLS::Channel::secure_renegotiation_data_for_server_hello(), Botan::TLS::Channel::secure_renegotiation_supported(), Botan::TLS::Channel::send_alert(), Botan::TLS::Channel::send_warning_alert(), Botan::TLS::SERVER, Botan::TLS::Session::session_id(), Botan::TLS::Channel::session_manager(), Botan::TLS::Policy::session_ticket_lifetime(), Botan::TLS_CLIENT_AUTH, Botan::TLS::Callbacks::tls_server_choose_app_protocol(), Botan::TLS::Callbacks::tls_verify_cert_chain(), Botan::TLS::Protocol_Version::to_string(), Botan::Credentials_Manager::trusted_certificate_authorities(), type, Botan::TLS::Alert::UNRECOGNIZED_NAME, and Botan::TLS::Handshake_State::version().

352  :
353  Channel(output, data_cb, alert_cb, handshake_cb, hs_msg_cb,
354  session_manager, rng, policy, is_datagram),
355  m_creds(creds),
356  m_choose_next_protocol(next_proto)
357  {
358  }
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
Definition: tls_channel.h:42
RandomNumberGenerator & rng()
Definition: tls_channel.h:234
std::function< bool(const Session &)> handshake_cb
Definition: tls_channel.h:43
std::function< void(const uint8_t[], size_t)> data_cb
Definition: tls_channel.h:41
Channel(Callbacks &callbacks, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE)
Definition: tls_channel.cpp:26
const Policy & policy() const
Definition: tls_channel.h:238
Session_Manager & session_manager()
Definition: tls_channel.h:236

Member Function Documentation

◆ activate_session()

void Botan::TLS::Channel::activate_session ( )
protectedinherited

Definition at line 272 of file tls_channel.cpp.

References Botan::TLS::Channel::callbacks(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().

Referenced by Botan::TLS::Client::Client(), and Server().

273  {
274  std::swap(m_active_state, m_pending_state);
275  m_pending_state.reset();
276 
277  if(!m_active_state->version().is_datagram_protocol())
278  {
279  // TLS is easy just remove all but the current state
280  const uint16_t current_epoch = sequence_numbers().current_write_epoch();
281 
282  const auto not_current_epoch =
283  [current_epoch](uint16_t epoch) { return (epoch != current_epoch); };
284 
285  map_remove_if(not_current_epoch, m_write_cipher_states);
286  map_remove_if(not_current_epoch, m_read_cipher_states);
287  }
288 
290  }
virtual void tls_session_activated()
Definition: tls_callbacks.h:95
void map_remove_if(Pred pred, T &assoc)
Definition: stl_util.h:96
Callbacks & callbacks() const
Definition: tls_channel.h:242
virtual uint16_t current_write_epoch() const =0

◆ callbacks()

Callbacks& Botan::TLS::Channel::callbacks ( ) const
inlineprotectedinherited

◆ change_cipher_spec_reader()

void Botan::TLS::Channel::change_cipher_spec_reader ( Connection_Side  side)
protectedinherited

Definition at line 196 of file tls_channel.cpp.

References BOTAN_ASSERT, Botan::TLS::CLIENT, Botan::TLS::NO_COMPRESSION, and Botan::TLS::SERVER.

Referenced by Botan::TLS::Client::Client(), and Server().

197  {
198  auto pending = pending_state();
199 
200  BOTAN_ASSERT(pending && pending->server_hello(),
201  "Have received server hello");
202 
203  if(pending->server_hello()->compression_method() != NO_COMPRESSION)
204  throw Internal_Error("Negotiated unknown compression algorithm");
205 
206  sequence_numbers().new_read_cipher_state();
207 
208  const uint16_t epoch = sequence_numbers().current_read_epoch();
209 
210  BOTAN_ASSERT(m_read_cipher_states.count(epoch) == 0,
211  "No read cipher state currently set for next epoch");
212 
213  // flip side as we are reading
214  std::shared_ptr<Connection_Cipher_State> read_state(
215  new Connection_Cipher_State(pending->version(),
216  (side == CLIENT) ? SERVER : CLIENT,
217  false,
218  pending->ciphersuite(),
219  pending->session_keys(),
220  pending->server_hello()->supports_encrypt_then_mac()));
221 
222  m_read_cipher_states[epoch] = read_state;
223  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29
virtual uint16_t current_read_epoch() const =0

◆ change_cipher_spec_writer()

void Botan::TLS::Channel::change_cipher_spec_writer ( Connection_Side  side)
protectedinherited

Definition at line 225 of file tls_channel.cpp.

References BOTAN_ASSERT, and Botan::TLS::NO_COMPRESSION.

Referenced by Botan::TLS::Client::Client(), and Server().

226  {
227  auto pending = pending_state();
228 
229  BOTAN_ASSERT(pending && pending->server_hello(),
230  "Have received server hello");
231 
232  if(pending->server_hello()->compression_method() != NO_COMPRESSION)
233  throw Internal_Error("Negotiated unknown compression algorithm");
234 
235  sequence_numbers().new_write_cipher_state();
236 
237  const uint16_t epoch = sequence_numbers().current_write_epoch();
238 
239  BOTAN_ASSERT(m_write_cipher_states.count(epoch) == 0,
240  "No write cipher state currently set for next epoch");
241 
242  std::shared_ptr<Connection_Cipher_State> write_state(
243  new Connection_Cipher_State(pending->version(),
244  side,
245  true,
246  pending->ciphersuite(),
247  pending->session_keys(),
248  pending->server_hello()->supports_encrypt_then_mac()));
249 
250  m_write_cipher_states[epoch] = write_state;
251  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29
virtual uint16_t current_write_epoch() const =0

◆ close()

void Botan::TLS::Channel::close ( )
inlineinherited

Send a close notification alert

Definition at line 151 of file tls_channel.h.

References Botan::TLS::Alert::CLOSE_NOTIFY, and type.

◆ create_handshake_state()

Handshake_State & Botan::TLS::Channel::create_handshake_state ( Protocol_Version  version)
protectedinherited

Definition at line 125 of file tls_channel.cpp.

References Botan::TLS::Protocol_Version::is_datagram_protocol(), Botan::TLS::Channel::new_handshake_state(), and Botan::TLS::Protocol_Version::to_string().

Referenced by Botan::TLS::Client::Client(), Botan::TLS::Channel::received_data(), and Botan::TLS::Channel::renegotiate().

126  {
127  if(pending_state())
128  throw Internal_Error("create_handshake_state called during handshake");
129 
130  if(auto active = active_state())
131  {
132  Protocol_Version active_version = active->version();
133 
134  if(active_version.is_datagram_protocol() != version.is_datagram_protocol())
135  throw Exception("Active state using version " +
136  active_version.to_string() +
137  " cannot change to " +
138  version.to_string() +
139  " in pending");
140  }
141 
142  if(!m_sequence_numbers)
143  {
144  if(version.is_datagram_protocol())
145  m_sequence_numbers.reset(new Datagram_Sequence_Numbers);
146  else
147  m_sequence_numbers.reset(new Stream_Sequence_Numbers);
148  }
149 
150  using namespace std::placeholders;
151 
152  std::unique_ptr<Handshake_IO> io;
153  if(version.is_datagram_protocol())
154  {
155  io.reset(new Datagram_Handshake_IO(
156  std::bind(&Channel::send_record_under_epoch, this, _1, _2, _3),
157  sequence_numbers(),
158  static_cast<uint16_t>(m_policy.dtls_default_mtu()),
159  m_policy.dtls_initial_timeout(),
160  m_policy.dtls_maximum_timeout()));
161  }
162  else
163  {
164  io.reset(new Stream_Handshake_IO(std::bind(&Channel::send_record, this, _1, _2)));
165  }
166 
167  m_pending_state.reset(new_handshake_state(io.release()));
168 
169  if(auto active = active_state())
170  m_pending_state->set_version(active->version());
171 
172  return *m_pending_state.get();
173  }
virtual Handshake_State * new_handshake_state(class Handshake_IO *io)=0

◆ inspect_handshake_message()

void Botan::TLS::Channel::inspect_handshake_message ( const Handshake_Message msg)
protectedinherited

◆ is_active()

bool Botan::TLS::Channel::is_active ( ) const
inherited
Returns
true iff the connection is active for sending application data

Definition at line 253 of file tls_channel.cpp.

Referenced by Botan::TLS::Blocking_Client::do_handshake(), and Botan::TLS::Channel::send().

254  {
255  return (active_state() != nullptr);
256  }

◆ is_closed()

bool Botan::TLS::Channel::is_closed ( ) const
inherited
Returns
true iff the connection has been definitely closed

Definition at line 258 of file tls_channel.cpp.

Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), Botan::TLS::Channel::received_data(), and Botan::TLS::Channel::send_alert().

259  {
260  if(active_state() || pending_state())
261  return false;
262 
263  /*
264  * If no active or pending state, then either we had a connection
265  * and it has been closed, or we are a server which has never
266  * received a connection. This case is detectable by also lacking
267  * m_sequence_numbers
268  */
269  return (m_sequence_numbers != nullptr);
270  }

◆ key_material_export()

SymmetricKey Botan::TLS::Channel::key_material_export ( const std::string &  label,
const std::string &  context,
size_t  length 
) const
inherited

Key material export (RFC 5705)

Parameters
labela disambiguating label string
contexta per-association context value
lengththe length of the desired key in bytes
Returns
key of length bytes

Definition at line 664 of file tls_channel.cpp.

References Botan::get_byte(), Botan::OctetString::length(), and Botan::to_byte_vector().

667  {
668  if(auto active = active_state())
669  {
670  std::unique_ptr<KDF> prf(active->protocol_specific_prf());
671 
672  const secure_vector<uint8_t>& master_secret =
673  active->session_keys().master_secret();
674 
675  std::vector<uint8_t> salt;
676  salt += active->client_hello()->random();
677  salt += active->server_hello()->random();
678 
679  if(context != "")
680  {
681  size_t context_size = context.length();
682  if(context_size > 0xFFFF)
683  throw Exception("key_material_export context is too long");
684  salt.push_back(get_byte(0, static_cast<uint16_t>(context_size)));
685  salt.push_back(get_byte(1, static_cast<uint16_t>(context_size)));
686  salt += to_byte_vector(context);
687  }
688 
689  return prf->derive_key(length, master_secret, salt, to_byte_vector(label));
690  }
691  else
692  throw Exception("Channel::key_material_export connection not active");
693  }
std::vector< uint8_t > to_byte_vector(const std::string &s)
Definition: stl_util.h:20
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39

◆ next_protocol()

std::string Botan::TLS::Server::next_protocol ( ) const
inline

Return the protocol notification set by the client (using the NPN extension) for this connection, if any. This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.

Definition at line 103 of file tls_server.h.

References type.

103 { return m_next_protocol; }

◆ peer_cert_chain()

std::vector< X509_Certificate > Botan::TLS::Channel::peer_cert_chain ( ) const
inherited
Returns
certificate chain of the peer (may be empty)

Definition at line 113 of file tls_channel.cpp.

References Botan::TLS::Channel::get_peer_cert_chain().

114  {
115  if(auto active = active_state())
116  return get_peer_cert_chain(*active);
117  return std::vector<X509_Certificate>();
118  }
virtual std::vector< X509_Certificate > get_peer_cert_chain(const Handshake_State &state) const =0

◆ policy()

const Policy& Botan::TLS::Channel::policy ( ) const
inlineprotectedinherited

Definition at line 238 of file tls_channel.h.

Referenced by Botan::TLS::Client::Client(), and Server().

238 { return m_policy; }

◆ received_data() [1/2]

size_t Botan::TLS::Channel::received_data ( const uint8_t  buf[],
size_t  buf_size 
)
inherited

Inject TLS traffic received from counterparty

Returns
a hint as the how many more bytes we need to process the current record (this may be 0 if on a record boundary)

Definition at line 297 of file tls_channel.cpp.

References Botan::TLS::ALERT, Botan::TLS::APPLICATION_DATA, Botan::TLS::Alert::BAD_RECORD_MAC, BOTAN_ASSERT, Botan::TLS::Channel::callbacks(), Botan::TLS::CHANGE_CIPHER_SPEC, Botan::TLS::Alert::CLOSE_NOTIFY, Botan::TLS::Channel::create_handshake_state(), Botan::TLS::Alert::DECODE_ERROR, Botan::TLS::HANDSHAKE, Botan::TLS::HANDSHAKE_NONE, Botan::TLS::Alert::INTERNAL_ERROR, Botan::TLS::Channel::is_closed(), Botan::TLS::Protocol_Version::is_datagram_protocol(), Botan::TLS::Alert::is_fatal(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::NO_RECORD, Botan::TLS::Alert::NO_RENEGOTIATION, Botan::TLS::Channel::process_handshake_msg(), Botan::TLS::read_record(), Botan::TLS::Alert::RECORD_OVERFLOW, Botan::TLS::Channel::send_fatal_alert(), Botan::TLS::Channel::send_warning_alert(), Botan::TLS::Callbacks::tls_alert(), Botan::TLS::Callbacks::tls_emit_data(), Botan::TLS::Callbacks::tls_record_received(), Botan::ASN1::to_string(), Botan::TLS::TLS_Exception::type(), type, Botan::TLS::Alert::type(), Botan::unlock(), and Botan::TLS::write_record().

Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), and Botan::TLS::Channel::received_data().

298  {
299  try
300  {
301  while(!is_closed() && input_size)
302  {
303  secure_vector<uint8_t> record_data;
304  uint64_t record_sequence = 0;
305  Record_Type record_type = NO_RECORD;
306  Protocol_Version record_version;
307 
308  size_t consumed = 0;
309 
310  Record_Raw_Input raw_input(input, input_size, consumed, m_is_datagram);
311  Record record(record_data, &record_sequence, &record_version, &record_type);
312  const size_t needed =
313  read_record(m_readbuf,
314  raw_input,
315  record,
316  m_sequence_numbers.get(),
317  std::bind(&TLS::Channel::read_cipher_state_epoch, this,
318  std::placeholders::_1));
319 
320  BOTAN_ASSERT(consumed > 0, "Got to eat something");
321 
322  BOTAN_ASSERT(consumed <= input_size,
323  "Record reader consumed sane amount");
324 
325  input += consumed;
326  input_size -= consumed;
327 
328  BOTAN_ASSERT(input_size == 0 || needed == 0,
329  "Got a full record or consumed all input");
330 
331  if(input_size == 0 && needed != 0)
332  return needed; // need more data to complete record
333 
334  if(record_data.size() > MAX_PLAINTEXT_SIZE)
335  throw TLS_Exception(Alert::RECORD_OVERFLOW,
336  "TLS plaintext record is larger than allowed maximum");
337 
338  if(record_type == HANDSHAKE || record_type == CHANGE_CIPHER_SPEC)
339  {
340  process_handshake_ccs(record_data, record_sequence, record_type, record_version);
341  }
342  else if(record_type == APPLICATION_DATA)
343  {
344  process_application_data(record_sequence, record_data);
345  }
346  else if(record_type == ALERT)
347  {
348  process_alert(record_data);
349  }
350  else if(record_type != NO_RECORD)
351  throw Unexpected_Message("Unexpected record type " +
352  std::to_string(record_type) +
353  " from counterparty");
354  }
355 
356  return 0; // on a record boundary
357  }
358  catch(TLS_Exception& e)
359  {
360  send_fatal_alert(e.type());
361  throw;
362  }
363  catch(Integrity_Failure&)
364  {
366  throw;
367  }
368  catch(Decoding_Error&)
369  {
371  throw;
372  }
373  catch(...)
374  {
376  throw;
377  }
378  }
bool is_closed() const
size_t read_record(secure_vector< uint8_t > &readbuf, Record_Raw_Input &raw_input, Record &rec, Connection_Sequence_Numbers *sequence_numbers, get_cipherstate_fn get_cipherstate)
Definition: tls_record.cpp:500
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:108
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29
void send_fatal_alert(Alert::Type type)
Definition: tls_channel.h:146

◆ received_data() [2/2]

size_t Botan::TLS::Channel::received_data ( const std::vector< uint8_t > &  buf)
inherited

Inject TLS traffic received from counterparty

Returns
a hint as the how many more bytes we need to process the current record (this may be 0 if on a record boundary)

Definition at line 292 of file tls_channel.cpp.

References Botan::TLS::Channel::received_data().

293  {
294  return this->received_data(buf.data(), buf.size());
295  }
size_t received_data(const uint8_t buf[], size_t buf_size)

◆ renegotiate()

void Botan::TLS::Channel::renegotiate ( bool  force_full_renegotiation = false)
inherited

Attempt to renegotiate the session

Parameters
force_full_renegotiationif true, require a full renegotiation, otherwise allow session resumption

Definition at line 184 of file tls_channel.cpp.

References Botan::TLS::Channel::create_handshake_state(), and Botan::TLS::Channel::initiate_handshake().

185  {
186  if(pending_state()) // currently in handshake?
187  return;
188 
189  if(auto active = active_state())
190  initiate_handshake(create_handshake_state(active->version()),
191  force_full_renegotiation);
192  else
193  throw Exception("Cannot renegotiate on inactive connection");
194  }
Handshake_State & create_handshake_state(Protocol_Version version)
virtual void initiate_handshake(Handshake_State &state, bool force_full_renegotiation)=0

◆ rng()

RandomNumberGenerator& Botan::TLS::Channel::rng ( )
inlineprotectedinherited

Definition at line 234 of file tls_channel.h.

Referenced by Botan::TLS::Client::Client(), and Server().

234 { return m_rng; }

◆ save_session()

bool Botan::TLS::Channel::save_session ( const Session session)
protectedinherited

Definition at line 120 of file tls_channel.cpp.

References Botan::TLS::Channel::callbacks(), and Botan::TLS::Callbacks::tls_session_established().

Referenced by Botan::TLS::Client::Client(), and Server().

121  {
122  return callbacks().tls_session_established(session);
123  }
virtual bool tls_session_established(const Session &session)=0
Callbacks & callbacks() const
Definition: tls_channel.h:242

◆ secure_renegotiation_check() [1/2]

void Botan::TLS::Channel::secure_renegotiation_check ( const Client_Hello client_hello)
protectedinherited

Definition at line 587 of file tls_channel.cpp.

References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Client_Hello::renegotiation_info(), Botan::TLS::Client_Hello::secure_renegotiation(), and Botan::TLS::Channel::secure_renegotiation_data_for_client_hello().

Referenced by Botan::TLS::Client::Client(), and Server().

588  {
589  const bool secure_renegotiation = client_hello->secure_renegotiation();
590 
591  if(auto active = active_state())
592  {
593  const bool active_sr = active->client_hello()->secure_renegotiation();
594 
595  if(active_sr != secure_renegotiation)
596  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
597  "Client changed its mind about secure renegotiation");
598  }
599 
600  if(secure_renegotiation)
601  {
602  const std::vector<uint8_t>& data = client_hello->renegotiation_info();
603 
605  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
606  "Client sent bad values for secure renegotiation");
607  }
608  }
std::vector< uint8_t > secure_renegotiation_data_for_client_hello() const

◆ secure_renegotiation_check() [2/2]

void Botan::TLS::Channel::secure_renegotiation_check ( const Server_Hello server_hello)
protectedinherited

Definition at line 610 of file tls_channel.cpp.

References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Server_Hello::renegotiation_info(), Botan::TLS::Server_Hello::secure_renegotiation(), and Botan::TLS::Channel::secure_renegotiation_data_for_server_hello().

611  {
612  const bool secure_renegotiation = server_hello->secure_renegotiation();
613 
614  if(auto active = active_state())
615  {
616  const bool active_sr = active->server_hello()->secure_renegotiation();
617 
618  if(active_sr != secure_renegotiation)
619  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
620  "Server changed its mind about secure renegotiation");
621  }
622 
623  if(secure_renegotiation)
624  {
625  const std::vector<uint8_t>& data = server_hello->renegotiation_info();
626 
628  throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
629  "Server sent bad values for secure renegotiation");
630  }
631  }
std::vector< uint8_t > secure_renegotiation_data_for_server_hello() const

◆ secure_renegotiation_data_for_client_hello()

std::vector< uint8_t > Botan::TLS::Channel::secure_renegotiation_data_for_client_hello ( ) const
protectedinherited

Definition at line 633 of file tls_channel.cpp.

Referenced by Botan::TLS::Client::Client(), and Botan::TLS::Channel::secure_renegotiation_check().

634  {
635  if(auto active = active_state())
636  return active->client_finished()->verify_data();
637  return std::vector<uint8_t>();
638  }

◆ secure_renegotiation_data_for_server_hello()

std::vector< uint8_t > Botan::TLS::Channel::secure_renegotiation_data_for_server_hello ( ) const
protectedinherited

Definition at line 640 of file tls_channel.cpp.

Referenced by Botan::TLS::Channel::secure_renegotiation_check(), and Server().

641  {
642  if(auto active = active_state())
643  {
644  std::vector<uint8_t> buf = active->client_finished()->verify_data();
645  buf += active->server_finished()->verify_data();
646  return buf;
647  }
648 
649  return std::vector<uint8_t>();
650  }

◆ secure_renegotiation_supported()

bool Botan::TLS::Channel::secure_renegotiation_supported ( ) const
inherited
Returns
true iff the counterparty supports the secure renegotiation extensions.

Definition at line 652 of file tls_channel.cpp.

Referenced by Botan::TLS::Client::Client(), and Server().

653  {
654  if(auto active = active_state())
655  return active->server_hello()->secure_renegotiation();
656 
657  if(auto pending = pending_state())
658  if(auto hello = pending->server_hello())
659  return hello->secure_renegotiation();
660 
661  return false;
662  }

◆ send() [1/3]

void Botan::TLS::Channel::send ( const uint8_t  buf[],
size_t  buf_size 
)
inherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 551 of file tls_channel.cpp.

References Botan::TLS::APPLICATION_DATA, and Botan::TLS::Channel::is_active().

Referenced by Botan::TLS::Channel::send().

552  {
553  if(!is_active())
554  throw Exception("Data cannot be sent on inactive TLS connection");
555 
556  send_record_array(sequence_numbers().current_write_epoch(),
557  APPLICATION_DATA, buf, buf_size);
558  }
bool is_active() const

◆ send() [2/3]

void Botan::TLS::Channel::send ( const std::string &  val)
inherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 560 of file tls_channel.cpp.

References Botan::cast_char_ptr_to_uint8(), and Botan::TLS::Channel::send().

561  {
562  this->send(cast_char_ptr_to_uint8(string.data()), string.size());
563  }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:120
void send(const uint8_t buf[], size_t buf_size)

◆ send() [3/3]

template<typename Alloc >
void Botan::TLS::Channel::send ( const std::vector< unsigned char, Alloc > &  val)
inlineinherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Definition at line 126 of file tls_channel.h.

127  {
128  send(val.data(), val.size());
129  }
void send(const uint8_t buf[], size_t buf_size)

◆ send_alert()

void Botan::TLS::Channel::send_alert ( const Alert alert)
inherited

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters
alertthe Alert to send

Definition at line 565 of file tls_channel.cpp.

References Botan::TLS::ALERT, Botan::TLS::Alert::CLOSE_NOTIFY, Botan::TLS::Channel::is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Alert::NO_RENEGOTIATION, Botan::TLS::Alert::serialize(), and Botan::TLS::Alert::type().

Referenced by Server().

566  {
567  if(alert.is_valid() && !is_closed())
568  {
569  try
570  {
571  send_record(ALERT, alert.serialize());
572  }
573  catch(...) { /* swallow it */ }
574  }
575 
576  if(alert.type() == Alert::NO_RENEGOTIATION)
577  m_pending_state.reset();
578 
579  if(alert.is_fatal())
580  if(auto active = active_state())
581  m_session_manager.remove_entry(active->server_hello()->session_id());
582 
583  if(alert.type() == Alert::CLOSE_NOTIFY || alert.is_fatal())
584  reset_state();
585  }
virtual void remove_entry(const std::vector< uint8_t > &session_id)=0
bool is_closed() const

◆ send_fatal_alert()

void Botan::TLS::Channel::send_fatal_alert ( Alert::Type  type)
inlineinherited

Send a fatal alert

Definition at line 146 of file tls_channel.h.

Referenced by Botan::TLS::Channel::received_data().

146 { send_alert(Alert(type, true)); }
MechanismType type
void send_alert(const Alert &alert)

◆ send_warning_alert()

void Botan::TLS::Channel::send_warning_alert ( Alert::Type  type)
inlineinherited

Send a warning alert

Definition at line 141 of file tls_channel.h.

Referenced by Botan::TLS::Client::Client(), Botan::TLS::Channel::received_data(), and Server().

141 { send_alert(Alert(type, false)); }
MechanismType type
void send_alert(const Alert &alert)

◆ session_manager()

Session_Manager& Botan::TLS::Channel::session_manager ( )
inlineprotectedinherited

Definition at line 236 of file tls_channel.h.

Referenced by Botan::TLS::Client::Client(), and Server().

236 { return m_session_manager; }

◆ timeout_check()

bool Botan::TLS::Channel::timeout_check ( )
inherited

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Definition at line 175 of file tls_channel.cpp.

176  {
177  if(m_pending_state)
178  return m_pending_state->handshake_io().timeout_check();
179 
180  //FIXME: scan cipher suites and remove epochs older than 2*MSL
181  return false;
182  }

Member Data Documentation

◆ IO_BUF_DEFAULT_SIZE

size_t Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE = 10*1024
staticinherited

Definition at line 45 of file tls_channel.h.


The documentation for this class was generated from the following files: