Botan 3.3.0
Crypto and TLS for C&
tls_server.cpp
Go to the documentation of this file.
1/*
2* TLS Server
3* (C) 2004-2011,2012,2016 Jack Lloyd
4* 2016 Matthias Gierlings
5* 2021 Elektrobit Automotive GmbH
6* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#include <botan/tls_server.h>
12
13#include <botan/tls_magic.h>
14#include <botan/tls_messages.h>
15#include <botan/internal/stl_util.h>
16#include <botan/internal/tls_handshake_state.h>
17
18#include <botan/internal/tls_server_impl_12.h>
19#if defined(BOTAN_HAS_TLS_13)
20 #include <botan/internal/tls_server_impl_13.h>
21#endif
22
23namespace Botan::TLS {
24
25/*
26* TLS Server Constructor
27*/
28Server::Server(const std::shared_ptr<Callbacks>& callbacks,
29 const std::shared_ptr<Session_Manager>& session_manager,
30 const std::shared_ptr<Credentials_Manager>& creds,
31 const std::shared_ptr<const Policy>& policy,
32 const std::shared_ptr<RandomNumberGenerator>& rng,
33 bool is_datagram,
34 size_t io_buf_sz) {
35 const auto max_version = policy->latest_supported_version(is_datagram);
36
37 if(!max_version.is_pre_tls_13()) {
38#if defined(BOTAN_HAS_TLS_13)
39 m_impl = std::make_unique<Server_Impl_13>(callbacks, session_manager, creds, policy, rng);
40
41 if(m_impl->expects_downgrade()) {
42 m_impl->set_io_buffer_size(io_buf_sz);
43 }
44#else
45 throw Not_Implemented("TLS 1.3 server is not available in this build");
46#endif
47 } else {
48 m_impl = std::make_unique<Server_Impl_12>(callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz);
49 }
50}
51
52Server::~Server() = default;
53
54size_t Server::from_peer(std::span<const uint8_t> data) {
55 auto read = m_impl->from_peer(data);
56
57 if(m_impl->is_downgrading()) {
58 auto info = m_impl->extract_downgrade_info();
59 m_impl = std::make_unique<Server_Impl_12>(*info);
60
61 // replay peer data received so far
62 read = m_impl->from_peer(info->peer_transcript);
63 }
64
65 return read;
66}
67
69 return m_impl->is_handshake_complete();
70}
71
72bool Server::is_active() const {
73 return m_impl->is_active();
74}
75
76bool Server::is_closed() const {
77 return m_impl->is_closed();
78}
79
81 return m_impl->is_closed_for_reading();
82}
83
85 return m_impl->is_closed_for_writing();
86}
87
88std::vector<X509_Certificate> Server::peer_cert_chain() const {
89 return m_impl->peer_cert_chain();
90}
91
92std::shared_ptr<const Public_Key> Server::peer_raw_public_key() const {
93 return m_impl->peer_raw_public_key();
94}
95
96std::optional<std::string> Server::external_psk_identity() const {
97 return m_impl->external_psk_identity();
98}
99
100SymmetricKey Server::key_material_export(std::string_view label, std::string_view context, size_t length) const {
101 return m_impl->key_material_export(label, context, length);
102}
103
104void Server::renegotiate(bool force_full_renegotiation) {
105 m_impl->renegotiate(force_full_renegotiation);
106}
107
109 return m_impl->new_session_ticket_supported();
110}
111
112size_t Server::send_new_session_tickets(const size_t tickets) {
113 return m_impl->send_new_session_tickets(tickets);
114}
115
116void Server::update_traffic_keys(bool request_peer_update) {
117 m_impl->update_traffic_keys(request_peer_update);
118}
119
121 return m_impl->secure_renegotiation_supported();
122}
123
124void Server::to_peer(std::span<const uint8_t> data) {
125 m_impl->to_peer(data);
126}
127
128void Server::send_alert(const Alert& alert) {
129 m_impl->send_alert(alert);
130}
131
133 m_impl->send_warning_alert(type);
134}
135
137 m_impl->send_fatal_alert(type);
138}
139
141 m_impl->close();
142}
143
145 return m_impl->timeout_check();
146}
147
148std::string Server::application_protocol() const {
149 return m_impl->application_protocol();
150}
151} // namespace Botan::TLS
void update_traffic_keys(bool request_peer_update=false) override
SymmetricKey key_material_export(std::string_view label, std::string_view context, size_t length) const override
~Server() override
bool timeout_check() override
void close() override
bool secure_renegotiation_supported() const override
void send_fatal_alert(Alert::Type type) override
bool is_closed() const override
bool is_closed_for_writing() const override
std::string application_protocol() const override
size_t send_new_session_tickets(size_t tickets=1)
Server(const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< Credentials_Manager > &creds, const std::shared_ptr< const Policy > &policy, const std::shared_ptr< RandomNumberGenerator > &rng, bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Channel::IO_BUF_DEFAULT_SIZE)
bool is_handshake_complete() const override
void renegotiate(bool force_full_renegotiation=false) override
std::optional< std::string > external_psk_identity() const override
std::shared_ptr< const Public_Key > peer_raw_public_key() const override
void send_alert(const Alert &alert) override
void send_warning_alert(Alert::Type type) override
bool new_session_ticket_supported() const
std::vector< X509_Certificate > peer_cert_chain() const override
void to_peer(std::span< const uint8_t > data) override
bool is_active() const override
size_t from_peer(std::span< const uint8_t > data) override
bool is_closed_for_reading() const override