Botan::TLS::Server_Impl_12 Class Reference

#include <tls_server_impl_12.h>

Inheritance diagram for Botan::TLS::Server_Impl_12:

Public Types
typedef std::function< void(Alert, const uint8_t[], size_t)>	alert_cb
typedef std::function< void(const uint8_t[], size_t)>	data_cb
typedef std::function< bool(const Session &)>	handshake_cb
typedef std::function< void(const Handshake_Message &)>	handshake_msg_cb
typedef std::function< std::string(std::vector< std::string >)>	next_protocol_fn
typedef std::function< void(const uint8_t[], size_t)>	output_fn

Public Member Functions
void	close ()
bool	expects_downgrade () const
std::optional< std::string >	external_psk_identity () const override
std::unique_ptr< Downgrade_Information >	extract_downgrade_info ()
size_t	from_peer (std::span< const uint8_t > data) override
bool	is_active () const override
bool	is_closed () const override
bool	is_closed_for_reading () const override
bool	is_closed_for_writing () const override
bool	is_downgrading () const
bool	is_handshake_complete () const override
SymmetricKey	key_material_export (std::string_view label, std::string_view context, size_t length) const override
virtual bool	new_session_ticket_supported () const
std::vector< X509_Certificate >	peer_cert_chain () const override
std::shared_ptr< const Public_Key >	peer_raw_public_key () const override
void	renegotiate (bool force_full_renegotiation=false) override
bool	secure_renegotiation_supported () const override
void	send_alert (const Alert &alert) override
void	send_fatal_alert (Alert::Type type)
virtual size_t	send_new_session_tickets (const size_t)
void	send_warning_alert (Alert::Type type)
	Server_Impl_12 (const Channel_Impl::Downgrade_Information &downgrade_info)
	Server_Impl_12 (const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< Credentials_Manager > &creds, const std::shared_ptr< const Policy > &policy, const std::shared_ptr< RandomNumberGenerator > &rng, bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Channel::IO_BUF_DEFAULT_SIZE)
bool	timeout_check () override
void	to_peer (std::span< const uint8_t > data) override
void	update_traffic_keys (bool request_peer_update=false) override

Protected Member Functions
void	activate_session ()
Callbacks &	callbacks () const
void	change_cipher_spec_reader (Connection_Side side)
void	change_cipher_spec_writer (Connection_Side side)
Handshake_State &	create_handshake_state (Protocol_Version version)
void	inspect_handshake_message (const Handshake_Message &msg)
virtual std::unique_ptr< Handshake_State >	new_handshake_state (std::unique_ptr< class Handshake_IO > io)=0
const Policy &	policy () const
void	preserve_client_hello (std::span< const uint8_t > msg)
void	preserve_peer_transcript (std::span< const uint8_t > input)
void	request_downgrade ()
void	request_downgrade_for_resumption (Session_with_Handle session)
void	reset_active_association_state ()
RandomNumberGenerator &	rng ()
void	secure_renegotiation_check (const Client_Hello_12 *client_hello)
void	secure_renegotiation_check (const Server_Hello_12 *server_hello)
std::vector< uint8_t >	secure_renegotiation_data_for_client_hello () const
std::vector< uint8_t >	secure_renegotiation_data_for_server_hello () const
Session_Manager &	session_manager ()
void	set_io_buffer_size (size_t io_buf_sz)

Protected Attributes
std::unique_ptr< Downgrade_Information >	m_downgrade_info

Detailed Description

SSL/TLS Server 1.2 implementation

Definition at line 24 of file tls_server_impl_12.h.

Member Typedef Documentation

alert_cb

typedef std::function<void(Alert, const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::alert_cb

inherited

Definition at line 44 of file tls_channel_impl_12.h.

data_cb

typedef std::function<void(const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::data_cb

inherited

Definition at line 43 of file tls_channel_impl_12.h.

handshake_cb

typedef std::function<bool(const Session&)> Botan::TLS::Channel_Impl_12::handshake_cb

inherited

Definition at line 45 of file tls_channel_impl_12.h.

handshake_msg_cb

typedef std::function<void(const Handshake_Message&)> Botan::TLS::Channel_Impl_12::handshake_msg_cb

inherited

Definition at line 46 of file tls_channel_impl_12.h.

next_protocol_fn

typedef std::function<std::string(std::vector<std::string>)> Botan::TLS::Server_Impl_12::next_protocol_fn

Definition at line 26 of file tls_server_impl_12.h.

output_fn

typedef std::function<void(const uint8_t[], size_t)> Botan::TLS::Channel_Impl_12::output_fn

inherited

Definition at line 42 of file tls_channel_impl_12.h.

Constructor & Destructor Documentation

Server_Impl_12() [1/2]

Botan::TLS::Server_Impl_12::Server_Impl_12 ( const std::shared_ptr< Callbacks > & callbacks, const std::shared_ptr< Session_Manager > & session_manager, const std::shared_ptr< Credentials_Manager > & creds, const std::shared_ptr< const Policy > & policy, const std::shared_ptr< RandomNumberGenerator > & rng, bool is_datagram = false, size_t reserved_io_buffer_size = TLS::Channel::IO_BUF_DEFAULT_SIZE )

explicit

Server initialization

Parameters

callbacks	contains a set of callback function references required by the TLS server.
session_manager	manages session state
creds	manages application/user credentials
policy	specifies other connection policy information
rng	a random number generator
is_datagram	set to true if this server should expect DTLS connections. Otherwise TLS connections are expected.
reserved_io_buffer_size	This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely.

Definition at line 235 of file tls_server_impl_12.cpp.

                                                 :
      Channel_Impl_12(callbacks, session_manager, rng, policy, true, is_datagram, io_buf_sz), m_creds(creds) {
   BOTAN_ASSERT_NONNULL(m_creds);
}

References BOTAN_ASSERT_NONNULL, Botan::TLS::Channel_Impl_12::callbacks(), Botan::TLS::Channel_Impl_12::Channel_Impl_12(), Botan::TLS::Channel_Impl_12::policy(), Botan::TLS::Channel_Impl_12::rng(), and Botan::TLS::Channel_Impl_12::session_manager().

Server_Impl_12() [2/2]

Botan::TLS::Server_Impl_12::Server_Impl_12 ( const Channel_Impl::Downgrade_Information & downgrade_info )

explicit

Definition at line 246 of file tls_server_impl_12.cpp.

                                                                                      :
      Channel_Impl_12(downgrade_info.callbacks,
                      downgrade_info.session_manager,
                      downgrade_info.rng,
                      downgrade_info.policy,
                      true /* is_server*/,
                      false /* TLS 1.3 does not support DTLS yet */,
                      downgrade_info.io_buffer_size),
      m_creds(downgrade_info.creds) {}

References Botan::TLS::Channel_Impl_12::callbacks(), Botan::TLS::Channel_Impl_12::Channel_Impl_12(), Botan::TLS::Channel_Impl_12::policy(), Botan::TLS::Channel_Impl_12::rng(), and Botan::TLS::Channel_Impl_12::session_manager().

Member Function Documentation

activate_session()

void Botan::TLS::Channel_Impl_12::activate_session ( )

protectedinherited

Definition at line 252 of file tls_channel_impl_12.cpp.

                                       {
   std::swap(m_active_state, m_pending_state);
   m_pending_state.reset();
 
   if(!m_active_state->version().is_datagram_protocol()) {
      // TLS is easy just remove all but the current state
      const uint16_t current_epoch = sequence_numbers().current_write_epoch();
 
      const auto not_current_epoch = [current_epoch](uint16_t epoch) { return (epoch != current_epoch); };
 
      map_remove_if(not_current_epoch, m_write_cipher_states);
      map_remove_if(not_current_epoch, m_read_cipher_states);
   }
 
   callbacks().tls_session_activated();
}

References callbacks(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().

callbacks()

Callbacks & Botan::TLS::Channel_Impl_12::callbacks ( ) const

inlineprotectedinherited

Definition at line 190 of file tls_channel_impl_12.h.

{ return *m_callbacks; }

Referenced by activate_session(), Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

change_cipher_spec_reader()

void Botan::TLS::Channel_Impl_12::change_cipher_spec_reader ( Connection_Side side )

protectedinherited

Definition at line 187 of file tls_channel_impl_12.cpp.

                                                                    {
   auto pending = pending_state();
 
   BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello");
 
   if(pending->server_hello()->compression_method() != 0) {
      throw Internal_Error("Negotiated unknown compression algorithm");
   }
 
   sequence_numbers().new_read_cipher_state();
 
   const uint16_t epoch = sequence_numbers().current_read_epoch();
 
   BOTAN_ASSERT(!m_read_cipher_states.contains(epoch), "No read cipher state currently set for next epoch");
 
   // flip side as we are reading
   std::shared_ptr<Connection_Cipher_State> read_state(
      new Connection_Cipher_State(pending->version(),
                                  (side == Connection_Side::Client) ? Connection_Side::Server : Connection_Side::Client,
                                  false,
                                  pending->ciphersuite(),
                                  pending->session_keys(),
                                  pending->server_hello()->supports_encrypt_then_mac()));
 
   m_read_cipher_states[epoch] = read_state;
}

References BOTAN_ASSERT, Botan::TLS::Client, and Botan::TLS::Server.

change_cipher_spec_writer()

void Botan::TLS::Channel_Impl_12::change_cipher_spec_writer ( Connection_Side side )

protectedinherited

Definition at line 214 of file tls_channel_impl_12.cpp.

                                                                    {
   auto pending = pending_state();
 
   BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello");
 
   if(pending->server_hello()->compression_method() != 0) {
      throw Internal_Error("Negotiated unknown compression algorithm");
   }
 
   sequence_numbers().new_write_cipher_state();
 
   const uint16_t epoch = sequence_numbers().current_write_epoch();
 
   BOTAN_ASSERT(!m_write_cipher_states.contains(epoch), "No write cipher state currently set for next epoch");
 
   std::shared_ptr<Connection_Cipher_State> write_state(
      new Connection_Cipher_State(pending->version(),
                                  side,
                                  true,
                                  pending->ciphersuite(),
                                  pending->session_keys(),
                                  pending->server_hello()->supports_encrypt_then_mac()));
 
   m_write_cipher_states[epoch] = write_state;
}

References BOTAN_ASSERT.

close()

void Botan::TLS::Channel_Impl::close ( )

inlineinherited

Send a close notification alert

Definition at line 81 of file tls_channel_impl.h.

{ send_warning_alert(Alert::CloseNotify); }

References send_warning_alert().

create_handshake_state()

Handshake_State & Botan::TLS::Channel_Impl_12::create_handshake_state ( Protocol_Version version )

protectedinherited

Definition at line 112 of file tls_channel_impl_12.cpp.

                                                                                 {
   if(pending_state()) {
      throw Internal_Error("create_handshake_state called during handshake");
   }
 
   if(auto active = active_state()) {
      Protocol_Version active_version = active->version();
 
      if(active_version.is_datagram_protocol() != version.is_datagram_protocol()) {
         throw TLS_Exception(Alert::ProtocolVersion,
                             "Active state using version " + active_version.to_string() + " cannot change to " +
                                version.to_string() + " in pending");
      }
   }
 
   if(!m_sequence_numbers) {
      if(version.is_datagram_protocol()) {
         m_sequence_numbers = std::make_unique<Datagram_Sequence_Numbers>();
      } else {
         m_sequence_numbers = std::make_unique<Stream_Sequence_Numbers>();
      }
   }
 
   using namespace std::placeholders;
 
   std::unique_ptr<Handshake_IO> io;
   if(version.is_datagram_protocol()) {
      io =
         std::make_unique<Datagram_Handshake_IO>(std::bind(&Channel_Impl_12::send_record_under_epoch, this, _1, _2, _3),
                                                 sequence_numbers(),
                                                 static_cast<uint16_t>(policy().dtls_default_mtu()),
                                                 policy().dtls_initial_timeout(),
                                                 policy().dtls_maximum_timeout());
   } else {
      io = std::make_unique<Stream_Handshake_IO>(std::bind(&Channel_Impl_12::send_record, this, _1, _2));
   }
 
   m_pending_state = new_handshake_state(std::move(io));
 
   if(auto active = active_state()) {
      m_pending_state->set_version(active->version());
   }
 
   return *m_pending_state;
}

References Botan::TLS::Protocol_Version::is_datagram_protocol(), new_handshake_state(), policy(), and Botan::TLS::Protocol_Version::to_string().

Referenced by Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), and renegotiate().

expects_downgrade()

bool Botan::TLS::Channel_Impl::expects_downgrade ( ) const

inlineinherited

Definition at line 279 of file tls_channel_impl.h.

{ return m_downgrade_info != nullptr; }

References m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13(), and Botan::TLS::Channel_Impl_13::from_peer().

external_psk_identity()

std::optional< std::string > Botan::TLS::Channel_Impl_12::external_psk_identity ( ) const

overridevirtualinherited

Returns

identity of the PSK used for this connection or std::nullopt if no PSK was used.

Implements Botan::TLS::Channel_Impl.

Definition at line 103 of file tls_channel_impl_12.cpp.

                                                                    {
   const auto* state = (active_state() != nullptr) ? active_state() : pending_state();
   if(state) {
      return state->psk_identity();
   } else {
      return std::nullopt;
   }
}

extract_downgrade_info()

std::unique_ptr< Downgrade_Information > Botan::TLS::Channel_Impl::extract_downgrade_info ( )

inlineinherited

See also

Downgrade_Information

Definition at line 277 of file tls_channel_impl.h.

{ return std::exchange(m_downgrade_info, {}); }

References m_downgrade_info.

from_peer()

size_t Botan::TLS::Channel_Impl_12::from_peer ( std::span< const uint8_t > data )

overridevirtualinherited

Inject TLS traffic received from counterparty

Returns

a hint as the how many more bytes we need to q the current record (this may be 0 if on a record boundary)

Implements Botan::TLS::Channel_Impl.

Definition at line 269 of file tls_channel_impl_12.cpp.

                                                             {
   const bool allow_epoch0_restart = m_is_datagram && m_is_server && policy().allow_dtls_epoch0_restart();
 
   auto input = data.data();
   auto input_size = data.size();
 
   try {
      while(input_size) {
         size_t consumed = 0;
 
         auto get_epoch = [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); };
 
         const Record_Header record = read_record(m_is_datagram,
                                                  m_readbuf,
                                                  input,
                                                  input_size,
                                                  consumed,
                                                  m_record_buf,
                                                  m_sequence_numbers.get(),
                                                  get_epoch,
                                                  allow_epoch0_restart);
 
         const size_t needed = record.needed();
 
         BOTAN_ASSERT(consumed > 0, "Got to eat something");
 
         BOTAN_ASSERT(consumed <= input_size, "Record reader consumed sane amount");
 
         input += consumed;
         input_size -= consumed;
 
         BOTAN_ASSERT(input_size == 0 || needed == 0, "Got a full record or consumed all input");
 
         if(input_size == 0 && needed != 0) {
            return needed;  // need more data to complete record
         }
 
         // Ignore invalid records in DTLS
         if(m_is_datagram && record.type() == Record_Type::Invalid) {
            return 0;
         }
 
         if(m_record_buf.size() > MAX_PLAINTEXT_SIZE) {
            throw TLS_Exception(Alert::RecordOverflow, "TLS plaintext record is larger than allowed maximum");
         }
 
         const bool epoch0_restart = m_is_datagram && record.epoch() == 0 && active_state();
         BOTAN_ASSERT_IMPLICATION(epoch0_restart, allow_epoch0_restart, "Allowed state");
 
         const bool initial_record = epoch0_restart || (!pending_state() && !active_state());
         bool initial_handshake_message = false;
         if(record.type() == Record_Type::Handshake && !m_record_buf.empty()) {
            Handshake_Type type = static_cast<Handshake_Type>(m_record_buf[0]);
            initial_handshake_message = (type == Handshake_Type::ClientHello);
         }
 
         if(record.type() != Record_Type::Alert) {
            if(initial_record) {
               // For initial records just check for basic sanity
               if(record.version().major_version() != 3 && record.version().major_version() != 0xFE) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version in initial record");
               }
            } else if(auto pending = pending_state()) {
               if(pending->server_hello() != nullptr && !initial_handshake_message &&
                  record.version() != pending->version()) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version");
               }
            } else if(auto active = active_state()) {
               if(record.version() != active->version() && !initial_handshake_message) {
                  throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version");
               }
            }
         }
 
         if(record.type() == Record_Type::Handshake || record.type() == Record_Type::ChangeCipherSpec) {
            if(m_has_been_closed) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Received handshake data after connection closure");
            }
            process_handshake_ccs(m_record_buf, record.sequence(), record.type(), record.version(), epoch0_restart);
         } else if(record.type() == Record_Type::ApplicationData) {
            if(m_has_been_closed) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Received application data after connection closure");
            }
            if(pending_state() != nullptr) {
               throw TLS_Exception(Alert::UnexpectedMessage, "Can't interleave application and handshake data");
            }
            process_application_data(record.sequence(), m_record_buf);
         } else if(record.type() == Record_Type::Alert) {
            process_alert(m_record_buf);
         } else if(record.type() != Record_Type::Invalid) {
            throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast<size_t>(record.type())) +
                                     " from counterparty");
         }
      }
 
      return 0;  // on a record boundary
   } catch(TLS_Exception& e) {
      send_fatal_alert(e.type());
      throw;
   } catch(Invalid_Authentication_Tag&) {
      send_fatal_alert(Alert::BadRecordMac);
      throw;
   } catch(Decoding_Error&) {
      send_fatal_alert(Alert::DecodeError);
      throw;
   } catch(...) {
      send_fatal_alert(Alert::InternalError);
      throw;
   }
}

References Botan::TLS::Alert, Botan::TLS::Policy::allow_dtls_epoch0_restart(), Botan::TLS::ApplicationData, BOTAN_ASSERT, BOTAN_ASSERT_IMPLICATION, Botan::TLS::ChangeCipherSpec, Botan::TLS::ClientHello, Botan::TLS::Record_Header::epoch(), Botan::TLS::Handshake, Botan::TLS::Invalid, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Record_Header::needed(), policy(), Botan::TLS::read_record(), Botan::TLS::Channel_Impl::send_fatal_alert(), Botan::TLS::Record_Header::sequence(), Botan::TLS::Record_Header::type(), Botan::TLS::TLS_Exception::type(), and Botan::TLS::Record_Header::version().

inspect_handshake_message()

void Botan::TLS::Channel_Impl_12::inspect_handshake_message ( const Handshake_Message & msg )

protectedinherited

is_active()

bool Botan::TLS::Channel_Impl_12::is_active ( ) const

overridevirtualinherited

Returns

true iff the connection is active for sending application data

Implements Botan::TLS::Channel_Impl.

Definition at line 244 of file tls_channel_impl_12.cpp.

                                      {
   return !is_closed() && is_handshake_complete();
}

References is_closed(), and is_handshake_complete().

Referenced by to_peer().

is_closed()

bool Botan::TLS::Channel_Impl_12::is_closed ( ) const

overridevirtualinherited

Returns

true iff the connection has been definitely closed

Implements Botan::TLS::Channel_Impl.

Definition at line 248 of file tls_channel_impl_12.cpp.

                                      {
   return m_has_been_closed;
}

Referenced by is_active(), is_closed_for_reading(), is_closed_for_writing(), and send_alert().

is_closed_for_reading()

bool Botan::TLS::Channel_Impl_12::is_closed_for_reading ( ) const

inlineoverridevirtualinherited

Returns

true iff the connection is active for sending application data

Implements Botan::TLS::Channel_Impl.

Definition at line 101 of file tls_channel_impl_12.h.

{ return is_closed(); }

References is_closed().

is_closed_for_writing()

bool Botan::TLS::Channel_Impl_12::is_closed_for_writing ( ) const

inlineoverridevirtualinherited

Returns

true iff the connection has been definitely closed

Implements Botan::TLS::Channel_Impl.

Definition at line 103 of file tls_channel_impl_12.h.

{ return is_closed(); }

References is_closed().

is_downgrading()

bool Botan::TLS::Channel_Impl::is_downgrading ( ) const

inlineinherited

Indicates whether a downgrade to TLS 1.2 or lower is in progress

See also

Downgrade_Information

Definition at line 272 of file tls_channel_impl.h.

{ return m_downgrade_info && m_downgrade_info->will_downgrade; }

References m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer(), Botan::TLS::Channel_Impl_13::key_material_export(), and Botan::TLS::Channel_Impl_13::update_traffic_keys().

is_handshake_complete()

bool Botan::TLS::Channel_Impl_12::is_handshake_complete ( ) const

overridevirtualinherited

Returns

true iff the TLS handshake completed successfully

Implements Botan::TLS::Channel_Impl.

Definition at line 240 of file tls_channel_impl_12.cpp.

                                                  {
   return (active_state() != nullptr);
}

Referenced by is_active().

key_material_export()

SymmetricKey Botan::TLS::Channel_Impl_12::key_material_export ( std::string_view label, std::string_view context, size_t length ) const

overridevirtualinherited

Key material export (RFC 5705)

Parameters

label	a disambiguating label string
context	a per-association context value
length	the length of the desired key in bytes

Returns

key of length bytes

Implements Botan::TLS::Channel_Impl.

Definition at line 623 of file tls_channel_impl_12.cpp.

                                                                       {
   if(auto active = active_state()) {
      if(pending_state() != nullptr) {
         throw Invalid_State("Channel_Impl_12::key_material_export cannot export during renegotiation");
      }
 
      auto prf = active->protocol_specific_prf();
 
      const secure_vector<uint8_t>& master_secret = active->session_keys().master_secret();
 
      std::vector<uint8_t> salt;
      salt += active->client_hello()->random();
      salt += active->server_hello()->random();
 
      if(!context.empty()) {
         size_t context_size = context.length();
         if(context_size > 0xFFFF) {
            throw Invalid_Argument("key_material_export context is too long");
         }
         salt.push_back(get_byte<0>(static_cast<uint16_t>(context_size)));
         salt.push_back(get_byte<1>(static_cast<uint16_t>(context_size)));
         salt += to_byte_vector(context);
      }
 
      return SymmetricKey(prf->derive_key(length, master_secret, salt, to_byte_vector(label)));
   } else {
      throw Invalid_State("Channel_Impl_12::key_material_export connection not active");
   }
}

References Botan::get_byte(), and Botan::to_byte_vector().

new_handshake_state()

virtual std::unique_ptr< Handshake_State > Botan::TLS::Channel_Impl_12::new_handshake_state ( std::unique_ptr< class Handshake_IO > io )

protectedpure virtualinherited

Referenced by create_handshake_state().

new_session_ticket_supported()

virtual bool Botan::TLS::Channel_Impl::new_session_ticket_supported ( ) const

inlinevirtualinherited

Returns

true if this channel can issue TLS 1.3 style session tickets.

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 145 of file tls_channel_impl.h.

{ return false; }

peer_cert_chain()

std::vector< X509_Certificate > Botan::TLS::Channel_Impl_12::peer_cert_chain ( ) const

overridevirtualinherited

Returns

certificate chain of the peer (may be empty)

Implements Botan::TLS::Channel_Impl.

Definition at line 96 of file tls_channel_impl_12.cpp.

                                                                   {
   if(auto active = active_state()) {
      return get_peer_cert_chain(*active);
   }
   return std::vector<X509_Certificate>();
}

References get_peer_cert_chain().

peer_raw_public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Channel_Impl_12::peer_raw_public_key ( ) const

inlineoverridevirtualinherited

Note: Raw public key for authentication (RFC7250) is currently not implemented for TLS 1.2.

Returns

raw public key of the peer (will be nullptr)

Implements Botan::TLS::Channel_Impl.

Definition at line 116 of file tls_channel_impl_12.h.

{ return nullptr; }

policy()

const Policy & Botan::TLS::Channel_Impl_12::policy ( ) const

inlineprotectedinherited

Definition at line 188 of file tls_channel_impl_12.h.

{ return *m_policy; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), create_handshake_state(), from_peer(), renegotiate(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

preserve_client_hello()

void Botan::TLS::Channel_Impl::preserve_client_hello ( std::span< const uint8_t > msg )

inlineprotectedinherited

Definition at line 232 of file tls_channel_impl.h.

                                                             {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->client_hello_message.assign(msg.begin(), msg.end());
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

preserve_peer_transcript()

void Botan::TLS::Channel_Impl::preserve_peer_transcript ( std::span< const uint8_t > input )

inlineprotectedinherited

Definition at line 227 of file tls_channel_impl.h.

                                                                  {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->peer_transcript.insert(m_downgrade_info->peer_transcript.end(), input.begin(), input.end());
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by Botan::TLS::Channel_Impl_13::from_peer().

renegotiate()

void Botan::TLS::Channel_Impl_12::renegotiate ( bool force_full_renegotiation = false )

overridevirtualinherited

Attempt to renegotiate the session

Parameters

force_full_renegotiation

if true, require a full renegotiation, otherwise allow session resumption

Implements Botan::TLS::Channel_Impl.

Definition at line 167 of file tls_channel_impl_12.cpp.

                                                               {
   if(pending_state()) {  // currently in handshake?
      return;
   }
 
   if(auto active = active_state()) {
      if(force_full_renegotiation == false) {
         force_full_renegotiation = !policy().allow_resumption_for_renegotiation();
      }
 
      initiate_handshake(create_handshake_state(active->version()), force_full_renegotiation);
   } else {
      throw Invalid_State("Cannot renegotiate on inactive connection");
   }
}

References Botan::TLS::Policy::allow_resumption_for_renegotiation(), create_handshake_state(), initiate_handshake(), and policy().

request_downgrade()

void Botan::TLS::Channel_Impl::request_downgrade ( )

inlineprotectedinherited

Implementations use this to signal that the peer indicated a protocol version downgrade. After calling request_downgrade() no further state changes must be perfomed by the implementation. Particularly, no further handshake messages must be emitted. Instead, they must yield control flow back to the underlying Channel implementation to perform the protocol version downgrade.

Definition at line 253 of file tls_channel_impl.h.

                               {
         BOTAN_STATE_CHECK(m_downgrade_info && !m_downgrade_info->will_downgrade);
         m_downgrade_info->will_downgrade = true;
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

Referenced by request_downgrade_for_resumption().

request_downgrade_for_resumption()

void Botan::TLS::Channel_Impl::request_downgrade_for_resumption ( Session_with_Handle session )

inlineprotectedinherited

Definition at line 258 of file tls_channel_impl.h.

                                                                         {
         BOTAN_STATE_CHECK(m_downgrade_info && m_downgrade_info->client_hello_message.empty() &&
                           m_downgrade_info->peer_transcript.empty() && !m_downgrade_info->tls12_session.has_value());
         BOTAN_ASSERT_NOMSG(session.session.version().is_pre_tls_13());
         m_downgrade_info->tls12_session = std::move(session);
         request_downgrade();
      }

References BOTAN_ASSERT_NOMSG, BOTAN_STATE_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), m_downgrade_info, request_downgrade(), Botan::TLS::Session_with_Handle::session, and Botan::TLS::Session_Base::version().

Referenced by Botan::TLS::Client_Impl_13::Client_Impl_13().

reset_active_association_state()

void Botan::TLS::Channel_Impl_12::reset_active_association_state ( )

protectedinherited

Definition at line 58 of file tls_channel_impl_12.cpp.

                                                     {
   // This operation only makes sense for DTLS
   BOTAN_ASSERT_NOMSG(m_is_datagram);
   m_active_state.reset();
   m_read_cipher_states.clear();
   m_write_cipher_states.clear();
 
   m_write_cipher_states[0] = nullptr;
   m_read_cipher_states[0] = nullptr;
 
   if(m_sequence_numbers) {
      m_sequence_numbers->reset();
   }
}

References BOTAN_ASSERT_NOMSG.

rng()

RandomNumberGenerator & Botan::TLS::Channel_Impl_12::rng ( )

inlineprotectedinherited

Definition at line 184 of file tls_channel_impl_12.h.

{ return *m_rng; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

secure_renegotiation_check() [1/2]

void Botan::TLS::Channel_Impl_12::secure_renegotiation_check ( const Client_Hello_12 * client_hello )

protectedinherited

Definition at line 552 of file tls_channel_impl_12.cpp.

                                                                                    {
   const bool secure_renegotiation = client_hello->secure_renegotiation();
 
   if(auto active = active_state()) {
      const bool active_sr = active->client_hello()->secure_renegotiation();
 
      if(active_sr != secure_renegotiation) {
         throw TLS_Exception(Alert::HandshakeFailure, "Client changed its mind about secure renegotiation");
      }
   }
 
   if(secure_renegotiation) {
      const std::vector<uint8_t>& data = client_hello->renegotiation_info();
 
      if(data != secure_renegotiation_data_for_client_hello()) {
         throw TLS_Exception(Alert::HandshakeFailure, "Client sent bad values for secure renegotiation");
      }
   }
}

References Botan::TLS::Client_Hello_12::renegotiation_info(), Botan::TLS::Client_Hello_12::secure_renegotiation(), and secure_renegotiation_data_for_client_hello().

Referenced by Botan::TLS::Client_Impl_12::Client_Impl_12().

secure_renegotiation_check() [2/2]

void Botan::TLS::Channel_Impl_12::secure_renegotiation_check ( const Server_Hello_12 * server_hello )

protectedinherited

Definition at line 572 of file tls_channel_impl_12.cpp.

                                                                                    {
   const bool secure_renegotiation = server_hello->secure_renegotiation();
 
   if(auto active = active_state()) {
      const bool active_sr = active->server_hello()->secure_renegotiation();
 
      if(active_sr != secure_renegotiation) {
         throw TLS_Exception(Alert::HandshakeFailure, "Server changed its mind about secure renegotiation");
      }
   }
 
   if(secure_renegotiation) {
      const std::vector<uint8_t>& data = server_hello->renegotiation_info();
 
      if(data != secure_renegotiation_data_for_server_hello()) {
         throw TLS_Exception(Alert::HandshakeFailure, "Server sent bad values for secure renegotiation");
      }
   }
}

References Botan::TLS::Server_Hello_12::renegotiation_info(), Botan::TLS::Server_Hello_12::secure_renegotiation(), and secure_renegotiation_data_for_server_hello().

secure_renegotiation_data_for_client_hello()

std::vector< uint8_t > Botan::TLS::Channel_Impl_12::secure_renegotiation_data_for_client_hello ( ) const

protectedinherited

Definition at line 592 of file tls_channel_impl_12.cpp.

                                                                                     {
   if(auto active = active_state()) {
      return active->client_finished()->verify_data();
   }
   return std::vector<uint8_t>();
}

Referenced by secure_renegotiation_check().

secure_renegotiation_data_for_server_hello()

std::vector< uint8_t > Botan::TLS::Channel_Impl_12::secure_renegotiation_data_for_server_hello ( ) const

protectedinherited

Definition at line 599 of file tls_channel_impl_12.cpp.

                                                                                     {
   if(auto active = active_state()) {
      std::vector<uint8_t> buf = active->client_finished()->verify_data();
      buf += active->server_finished()->verify_data();
      return buf;
   }
 
   return std::vector<uint8_t>();
}

Referenced by secure_renegotiation_check().

secure_renegotiation_supported()

bool Botan::TLS::Channel_Impl_12::secure_renegotiation_supported ( ) const

overridevirtualinherited

Returns

true iff the counterparty supports the secure renegotiation extensions.

Implements Botan::TLS::Channel_Impl.

Definition at line 609 of file tls_channel_impl_12.cpp.

                                                           {
   if(auto active = active_state()) {
      return active->server_hello()->secure_renegotiation();
   }
 
   if(auto pending = pending_state()) {
      if(auto hello = pending->server_hello()) {
         return hello->secure_renegotiation();
      }
   }
 
   return false;
}

send_alert()

void Botan::TLS::Channel_Impl_12::send_alert ( const Alert & alert )

overridevirtualinherited

Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.

Parameters

alert

the Alert to send

Implements Botan::TLS::Channel_Impl.

Definition at line 524 of file tls_channel_impl_12.cpp.

                                                   {
   const bool ready_to_send_anything = !is_closed() && m_sequence_numbers;
   if(alert.is_valid() && ready_to_send_anything) {
      try {
         send_record(Record_Type::Alert, alert.serialize());
      } catch(...) { /* swallow it */
      }
   }
 
   if(alert.type() == Alert::NoRenegotiation) {
      m_pending_state.reset();
   }
 
   if(alert.is_fatal()) {
      if(auto active = active_state()) {
         const auto& session_id = active->server_hello()->session_id();
         if(!session_id.empty()) {
            session_manager().remove(Session_ID(session_id));
         }
      }
      reset_state();
   }
 
   if(alert.type() == Alert::CloseNotify || alert.is_fatal()) {
      m_has_been_closed = true;
   }
}

References Botan::TLS::Alert, is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Session_Manager::remove(), Botan::TLS::Alert::serialize(), session_manager(), and Botan::TLS::Alert::type().

send_fatal_alert()

void Botan::TLS::Channel_Impl::send_fatal_alert ( Alert::Type type )

inlineinherited

Send a fatal alert

Definition at line 76 of file tls_channel_impl.h.

{ send_alert(Alert(type, true)); }

References Botan::TLS::Alert, and send_alert().

Referenced by Botan::TLS::Channel_Impl_12::from_peer(), and Botan::TLS::Channel_Impl_13::from_peer().

send_new_session_tickets()

virtual size_t Botan::TLS::Channel_Impl::send_new_session_tickets ( const size_t )

inlinevirtualinherited

Send tickets new session tickets to the peer. This is only supported on TLS 1.3 servers.

If the server's Session_Manager does not accept the generated Session objects, the server implementation won't be able to send new tickets. Additionally, anything but TLS 1.3 servers will return 0 (because they don't support sending such session tickets).

Returns

the number of session tickets successfully sent to the client

Reimplemented in Botan::TLS::Server_Impl_13.

Definition at line 158 of file tls_channel_impl.h.

{ return 0; }

send_warning_alert()

void Botan::TLS::Channel_Impl::send_warning_alert ( Alert::Type type )

inlineinherited

Send a warning alert

Definition at line 71 of file tls_channel_impl.h.

{ send_alert(Alert(type, false)); }

References Botan::TLS::Alert, and send_alert().

Referenced by close().

session_manager()

Session_Manager & Botan::TLS::Channel_Impl_12::session_manager ( )

inlineprotectedinherited

Definition at line 186 of file tls_channel_impl_12.h.

{ return *m_session_manager; }

Referenced by Channel_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), Botan::TLS::Client_Impl_12::Client_Impl_12(), send_alert(), Botan::TLS::Server_Impl_12::Server_Impl_12(), and Botan::TLS::Server_Impl_12::Server_Impl_12().

set_io_buffer_size()

void Botan::TLS::Channel_Impl::set_io_buffer_size ( size_t io_buf_sz )

inlineprotectedinherited

Definition at line 240 of file tls_channel_impl.h.

                                                {
         BOTAN_STATE_CHECK(m_downgrade_info);
         m_downgrade_info->io_buffer_size = io_buf_sz;
      }

References BOTAN_STATE_CHECK, and m_downgrade_info.

timeout_check()

bool Botan::TLS::Channel_Impl_12::timeout_check ( )

overridevirtualinherited

Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.

Implements Botan::TLS::Channel_Impl.

Definition at line 158 of file tls_channel_impl_12.cpp.

                                    {
   if(m_pending_state) {
      return m_pending_state->handshake_io().timeout_check();
   }
 
   //FIXME: scan cipher suites and remove epochs older than 2*MSL
   return false;
}

to_peer()

void Botan::TLS::Channel_Impl_12::to_peer ( std::span< const uint8_t > data )

overridevirtualinherited

Inject plaintext intended for counterparty Throws an exception if is_active() is false

Implements Botan::TLS::Channel_Impl.

Definition at line 516 of file tls_channel_impl_12.cpp.

                                                         {
   if(!is_active()) {
      throw Invalid_State("Data cannot be sent on inactive TLS connection");
   }
 
   send_record_array(sequence_numbers().current_write_epoch(), Record_Type::ApplicationData, data.data(), data.size());
}

References Botan::TLS::ApplicationData, and is_active().

update_traffic_keys()

void Botan::TLS::Channel_Impl_12::update_traffic_keys ( bool request_peer_update = false )

overridevirtualinherited

Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.

Parameters

request_peer_update

if true, require a reciprocal key update

Implements Botan::TLS::Channel_Impl.

Definition at line 183 of file tls_channel_impl_12.cpp.

                                              {
   throw Invalid_Argument("cannot update traffic keys on a TLS 1.2 channel");
}

Member Data Documentation

m_downgrade_info

std::unique_ptr<Downgrade_Information> Botan::TLS::Channel_Impl::m_downgrade_info

protectedinherited

Definition at line 225 of file tls_channel_impl.h.

Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade(), expects_downgrade(), extract_downgrade_info(), Botan::TLS::Channel_Impl_13::from_peer(), is_downgrading(), preserve_client_hello(), preserve_peer_transcript(), request_downgrade(), request_downgrade_for_resumption(), and set_io_buffer_size().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls12/tls_server_impl_12.h
• src/lib/tls/tls12/tls_server_impl_12.cpp