doxygen/tls__server_8h_source.html

/*

* TLS Server

* (C) 2004-2011 Jack Lloyd

*     2016 Matthias Gierlings

*     2021 Elektrobit Automotive GmbH

*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_TLS_SERVER_H_

#define BOTAN_TLS_SERVER_H_


#include <botan/credentials_manager.h>

#include <botan/tls_callbacks.h>  // TODO(Botan4) not necessary here, remove

#include <botan/tls_channel.h>

#include <botan/tls_policy.h>  // TODO(Botan4) not necessary here, remove

#include <vector>


namespace Botan::TLS {


class Callbacks;

class Session_Manager;

class Channel_Impl;

class Policy;


/**

* TLS Server

*/


class BOTAN_PUBLIC_API(2, 0) Server final : public Channel {

   public:

      /**

      * Server initialization

      *

      * The first 5 arguments as well as the final argument

      * @p reserved_io_buffer_size, are treated similarly to the TLS::Client().

      *

      * If a client sends the ALPN extension, the

      * TLS::Callbacks::tls_server_choose_app_protocol() will be called and the

      * result sent back to the client. If the empty string is returned, the

      * server will not send an ALPN response. The function can also throw an

      * exception to abort the handshake entirely, the ALPN specification says

      * that if this occurs the alert should be of type

      * TLS::AlertType::NoApplicationProtocol.

      *

      * The optional argument @p is_datagram specifies if this is a TLS or DTLS

      * server; unlike clients, which know what type of protocol (TLS vs DTLS)

      * they are negotiating from the start via the @p offer_version, servers

      * would not until they actually received a client hello.

      *

      * @param callbacks contains a set of callback function references required

      *        by the TLS server.

      *

      * @param session_manager manages session state

      *

      * @param creds manages application/user credentials

      *

      * @param policy specifies other connection policy information

      *

      * @param rng a random number generator

      *

      * @param is_datagram set to true if this server should expect DTLS

      *        connections. Otherwise TLS connections are expected.

      *

      * @param reserved_io_buffer_size This many bytes of memory will be

      *        preallocated for the read and write buffers. Smaller values just

      *        mean reallocations and copies are more likely.

      */

      Server(const std::shared_ptr<Callbacks>& callbacks,

             const std::shared_ptr<Session_Manager>& session_manager,

             const std::shared_ptr<Credentials_Manager>& creds,

             const std::shared_ptr<const Policy>& policy,

             const std::shared_ptr<RandomNumberGenerator>& rng,

             bool is_datagram = false,

             size_t reserved_io_buffer_size = TLS::Channel::IO_BUF_DEFAULT_SIZE);


      ~Server() override;


      /**

      * Return the protocol notification set by the client (using the

      * ALPN extension) for this connection, if any. This value is not

      * tied to the session and a later renegotiation of the same

      * session can choose a new protocol.

      */

      std::string application_protocol() const override;


      size_t from_peer(std::span<const uint8_t> data) override;


      bool is_handshake_complete() const override;


      bool is_active() const override;


      bool is_closed() const override;


      bool is_closed_for_reading() const override;

      bool is_closed_for_writing() const override;


      std::vector<X509_Certificate> peer_cert_chain() const override;

      std::shared_ptr<const Public_Key> peer_raw_public_key() const override;

      std::optional<std::string> external_psk_identity() const override;


      SymmetricKey key_material_export(std::string_view label, std::string_view context, size_t length) const override;


      void renegotiate(bool force_full_renegotiation = false) override;


      bool new_session_ticket_supported() const;

      size_t send_new_session_tickets(size_t tickets = 1);


      void update_traffic_keys(bool request_peer_update = false) override;


      bool secure_renegotiation_supported() const override;


      void to_peer(std::span<const uint8_t> data) override;


      void send_alert(const Alert& alert) override;


      void send_warning_alert(Alert::Type type) override;


      void send_fatal_alert(Alert::Type type) override;


      void close() override;


      bool timeout_check() override;


      Server(const Server& other) = delete;

      Server(Server&& other) = default;

      Server& operator=(const Server& other) = delete;

      Server& operator=(Server&& other) = delete;


   private:

      std::unique_ptr<Channel_Impl> m_impl;

};


}  // namespace Botan::TLS


#endif

BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21

Botan::TLS::Alert
Definition tls_alert.h:70

Botan::TLS::Alert::Type
AlertType Type
Definition tls_alert.h:72

Botan::TLS::Callbacks
Definition tls_callbacks.h:57

Botan::TLS::Channel_Impl
Definition tls_channel_impl.h:34

Botan::TLS::Channel::Channel
Channel(const Channel &other)=delete

Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE
static constexpr size_t IO_BUF_DEFAULT_SIZE
Definition tls_channel.h:37

Botan::TLS::Policy
Definition tls_policy.h:33

Botan::TLS::Server::update_traffic_keys
void update_traffic_keys(bool request_peer_update=false) override
Definition tls_server.cpp:129

Botan::TLS::Server::key_material_export
SymmetricKey key_material_export(std::string_view label, std::string_view context, size_t length) const override
Definition tls_server.cpp:113

Botan::TLS::Server::~Server
~Server() override

Botan::TLS::Server::timeout_check
bool timeout_check() override
Definition tls_server.cpp:157

Botan::TLS::Server::close
void close() override
Definition tls_server.cpp:153

Botan::TLS::Server::secure_renegotiation_supported
bool secure_renegotiation_supported() const override
Definition tls_server.cpp:133

Botan::TLS::Server::send_fatal_alert
void send_fatal_alert(Alert::Type type) override
Definition tls_server.cpp:149

Botan::TLS::Server::is_closed
bool is_closed() const override
Definition tls_server.cpp:89

Botan::TLS::Server::Server
Server(Server &&other)=default

Botan::TLS::Server::is_closed_for_writing
bool is_closed_for_writing() const override
Definition tls_server.cpp:97

Botan::TLS::Server::operator=
Server & operator=(const Server &other)=delete

Botan::TLS::Server::application_protocol
std::string application_protocol() const override
Definition tls_server.cpp:161

Botan::TLS::Server::send_new_session_tickets
size_t send_new_session_tickets(size_t tickets=1)
Definition tls_server.cpp:125

Botan::TLS::Server::Server
Server(const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< Credentials_Manager > &creds, const std::shared_ptr< const Policy > &policy, const std::shared_ptr< RandomNumberGenerator > &rng, bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Channel::IO_BUF_DEFAULT_SIZE)
Definition tls_server.cpp:29

Botan::TLS::Server::is_handshake_complete
bool is_handshake_complete() const override
Definition tls_server.cpp:81

Botan::TLS::Server::Server
Server(const Server &other)=delete

Botan::TLS::Server::renegotiate
void renegotiate(bool force_full_renegotiation=false) override
Definition tls_server.cpp:117

Botan::TLS::Server::external_psk_identity
std::optional< std::string > external_psk_identity() const override
Definition tls_server.cpp:109

Botan::TLS::Server::peer_raw_public_key
std::shared_ptr< const Public_Key > peer_raw_public_key() const override
Definition tls_server.cpp:105

Botan::TLS::Server::send_alert
void send_alert(const Alert &alert) override
Definition tls_server.cpp:141

Botan::TLS::Server::send_warning_alert
void send_warning_alert(Alert::Type type) override
Definition tls_server.cpp:145

Botan::TLS::Server::new_session_ticket_supported
bool new_session_ticket_supported() const
Definition tls_server.cpp:121

Botan::TLS::Server::peer_cert_chain
std::vector< X509_Certificate > peer_cert_chain() const override
Definition tls_server.cpp:101

Botan::TLS::Server::to_peer
void to_peer(std::span< const uint8_t > data) override
Definition tls_server.cpp:137

Botan::TLS::Server::operator=
Server & operator=(Server &&other)=delete

Botan::TLS::Server::is_active
bool is_active() const override
Definition tls_server.cpp:85

Botan::TLS::Server::from_peer
size_t from_peer(std::span< const uint8_t > data) override
Definition tls_server.cpp:63

Botan::TLS::Server::is_closed_for_reading
bool is_closed_for_reading() const override
Definition tls_server.cpp:93

Botan::TLS::Session_Manager
Definition tls_session_manager.h:46

Botan::TLS
Definition asio_context.cpp:18

Botan::SymmetricKey
OctetString SymmetricKey
Definition symkey.h:140