Botan  2.4.0
Crypto and TLS for C++11
tls_server.h
Go to the documentation of this file.
1 /*
2 * TLS Server
3 * (C) 2004-2011 Jack Lloyd
4 * 2016 Matthias Gierlings
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TLS_SERVER_H_
10 #define BOTAN_TLS_SERVER_H_
11 
12 #include <botan/tls_channel.h>
13 #include <botan/tls_policy.h>
14 #include <botan/credentials_manager.h>
15 #include <vector>
16 
17 namespace Botan {
18 
19 namespace TLS {
20 
21 class Server_Handshake_State;
22 
23 /**
24 * TLS Server
25 */
26 class BOTAN_PUBLIC_API(2,0) Server final : public Channel
27  {
28  public:
29  typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn;
30 
31  /**
32  * Server initialization
33  *
34  * @param callbacks contains a set of callback function references
35  * required by the TLS client.
36  *
37  * @param session_manager manages session state
38  *
39  * @param creds manages application/user credentials
40  *
41  * @param policy specifies other connection policy information
42  *
43  * @param rng a random number generator
44  *
45  * @param is_datagram set to true if this server should expect DTLS
46  * connections. Otherwise TLS connections are expected.
47  *
48  * @param reserved_io_buffer_size This many bytes of memory will
49  * be preallocated for the read and write buffers. Smaller
50  * values just mean reallocations and copies are more likely.
51  */
52  Server(Callbacks& callbacks,
53  Session_Manager& session_manager,
54  Credentials_Manager& creds,
55  const Policy& policy,
57  bool is_datagram = false,
58  size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE
59  );
60 
61  /**
62  * DEPRECATED. This constructor is only provided for backward
63  * compatibility and should not be used in new implementations.
64  */
65  BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)")
66  Server(output_fn output,
70  Session_Manager& session_manager,
71  Credentials_Manager& creds,
72  const Policy& policy,
74  next_protocol_fn next_proto = next_protocol_fn(),
75  bool is_datagram = false,
76  size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE
77  );
78 
79  /**
80  * DEPRECATED. This constructor is only provided for backward
81  * compatibility and should not be used in new implementations.
82  */
83  BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)")
84  Server(output_fn output,
85  data_cb data_cb,
86  alert_cb alert_cb,
87  handshake_cb handshake_cb,
88  handshake_msg_cb hs_msg_cb,
89  Session_Manager& session_manager,
90  Credentials_Manager& creds,
91  const Policy& policy,
93  next_protocol_fn next_proto = next_protocol_fn(),
94  bool is_datagram = false
95  );
96 
97  /**
98  * Return the protocol notification set by the client (using the
99  * NPN extension) for this connection, if any. This value is not
100  * tied to the session and a later renegotiation of the same
101  * session can choose a new protocol.
102  */
103  std::string next_protocol() const { return m_next_protocol; }
104 
105  private:
106  std::vector<X509_Certificate>
107  get_peer_cert_chain(const Handshake_State& state) const override;
108 
109  void initiate_handshake(Handshake_State& state,
110  bool force_full_renegotiation) override;
111 
112  void process_handshake_msg(const Handshake_State* active_state,
113  Handshake_State& pending_state,
115  const std::vector<uint8_t>& contents) override;
116 
117  void process_client_hello_msg(const Handshake_State* active_state,
118  Server_Handshake_State& pending_state,
119  const std::vector<uint8_t>& contents);
120 
121  void process_certificate_msg(Server_Handshake_State& pending_state,
122  const std::vector<uint8_t>& contents);
123 
124  void process_client_key_exchange_msg(Server_Handshake_State& pending_state,
125  const std::vector<uint8_t>& contents);
126 
127  void process_change_cipher_spec_msg(Server_Handshake_State& pending_state);
128 
129  void process_certificate_verify_msg(Server_Handshake_State& pending_state,
130  Handshake_Type type,
131  const std::vector<uint8_t>& contents);
132 
133  void process_finished_msg(Server_Handshake_State& pending_state,
134  Handshake_Type type,
135  const std::vector<uint8_t>& contents);
136 
137  void session_resume(Server_Handshake_State& pending_state,
138  bool have_session_ticket_key,
139  Session& session_info);
140 
141  void session_create(Server_Handshake_State& pending_state,
142  bool have_session_ticket_key);
143 
144  Handshake_State* new_handshake_state(Handshake_IO* io) override;
145 
146  Credentials_Manager& m_creds;
147  std::string m_next_protocol;
148 
149  // Set by deprecated constructor, Server calls both this fn and Callbacks version
150  next_protocol_fn m_choose_next_protocol;
151  };
152 
153 }
154 
155 }
156 
157 #endif
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
Definition: tls_channel.h:42
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: bigint.h:635
std::function< void(const uint8_t[], size_t)> output_fn
Definition: tls_channel.h:40
MechanismType type
std::function< bool(const Session &)> handshake_cb
Definition: tls_channel.h:43
static size_t IO_BUF_DEFAULT_SIZE
Definition: tls_channel.h:45
std::function< std::string(std::vector< std::string >)> next_protocol_fn
Definition: tls_server.h:29
Definition: alg_id.cpp:13
std::function< void(const uint8_t[], size_t)> data_cb
Definition: tls_channel.h:41
std::function< void(const Handshake_Message &)> handshake_msg_cb
Definition: tls_channel.h:44