Botan 2.19.3
Crypto and TLS for C&
tls_server.h
Go to the documentation of this file.
1/*
2* TLS Server
3* (C) 2004-2011 Jack Lloyd
4* 2016 Matthias Gierlings
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TLS_SERVER_H_
10#define BOTAN_TLS_SERVER_H_
11
12#include <botan/tls_channel.h>
13#include <botan/tls_policy.h>
14#include <botan/credentials_manager.h>
15#include <vector>
16
17namespace Botan {
18
19namespace TLS {
20
21class Server_Handshake_State;
22
23/**
24* TLS Server
25*/
27 {
28 public:
29 typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn;
30
31 /**
32 * Server initialization
33 *
34 * @param callbacks contains a set of callback function references
35 * required by the TLS client.
36 *
37 * @param session_manager manages session state
38 *
39 * @param creds manages application/user credentials
40 *
41 * @param policy specifies other connection policy information
42 *
43 * @param rng a random number generator
44 *
45 * @param is_datagram set to true if this server should expect DTLS
46 * connections. Otherwise TLS connections are expected.
47 *
48 * @param reserved_io_buffer_size This many bytes of memory will
49 * be preallocated for the read and write buffers. Smaller
50 * values just mean reallocations and copies are more likely.
51 */
52 Server(Callbacks& callbacks,
53 Session_Manager& session_manager,
55 const Policy& policy,
57 bool is_datagram = false,
58 size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE
59 );
60
61 /**
62 * DEPRECATED. This constructor is only provided for backward
63 * compatibility and should not be used in new implementations.
64 * It will be removed in a future release.
65 */
66 BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)")
67 Server(output_fn output,
69 alert_cb recv_alert_cb,
70 handshake_cb hs_cb,
71 Session_Manager& session_manager,
73 const Policy& policy,
76 bool is_datagram = false,
77 size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE
78 );
79
80 /**
81 * DEPRECATED. This constructor is only provided for backward
82 * compatibility and should not be used in new implementations.
83 * It will be removed in a future release.
84 */
85 BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)")
86 Server(output_fn output,
88 alert_cb recv_alert_cb,
89 handshake_cb hs_cb,
90 handshake_msg_cb hs_msg_cb,
91 Session_Manager& session_manager,
93 const Policy& policy,
96 bool is_datagram = false
97 );
98
99 /**
100 * Return the protocol notification set by the client (using the
101 * ALPN extension) for this connection, if any. This value is not
102 * tied to the session and a later renegotiation of the same
103 * session can choose a new protocol.
104 */
105 std::string next_protocol() const { return m_next_protocol; }
106
107 /**
108 * Return the protocol notification set by the client (using the
109 * ALPN extension) for this connection, if any. This value is not
110 * tied to the session and a later renegotiation of the same
111 * session can choose a new protocol.
112 */
113 std::string application_protocol() const override { return m_next_protocol; }
114
115 private:
116 std::vector<X509_Certificate>
117 get_peer_cert_chain(const Handshake_State& state) const override;
118
119 void initiate_handshake(Handshake_State& state,
120 bool force_full_renegotiation) override;
121
122 void process_handshake_msg(const Handshake_State* active_state,
123 Handshake_State& pending_state,
125 const std::vector<uint8_t>& contents,
126 bool epoch0_restart) override;
127
128 void process_client_hello_msg(const Handshake_State* active_state,
129 Server_Handshake_State& pending_state,
130 const std::vector<uint8_t>& contents,
131 bool epoch0_restart);
132
133 void process_certificate_msg(Server_Handshake_State& pending_state,
134 const std::vector<uint8_t>& contents);
135
136 void process_client_key_exchange_msg(Server_Handshake_State& pending_state,
137 const std::vector<uint8_t>& contents);
138
139 void process_change_cipher_spec_msg(Server_Handshake_State& pending_state);
140
141 void process_certificate_verify_msg(Server_Handshake_State& pending_state,
143 const std::vector<uint8_t>& contents);
144
145 void process_finished_msg(Server_Handshake_State& pending_state,
147 const std::vector<uint8_t>& contents);
148
149 void session_resume(Server_Handshake_State& pending_state,
150 bool have_session_ticket_key,
151 Session& session_info);
152
153 void session_create(Server_Handshake_State& pending_state,
154 bool have_session_ticket_key);
155
156 Handshake_State* new_handshake_state(Handshake_IO* io) override;
157
158 Credentials_Manager& m_creds;
159 std::string m_next_protocol;
160
161 // Set by deprecated constructor, Server calls both this fn and Callbacks version
162 next_protocol_fn m_choose_next_protocol;
163 };
164
165}
166
167}
168
169#endif
std::function< bool(const Session &)> handshake_cb
Definition tls_channel.h:43
std::function< void(Alert, const uint8_t[], size_t)> alert_cb
Definition tls_channel.h:42
std::function< void(const Handshake_Message &)> handshake_msg_cb
Definition tls_channel.h:44
std::function< void(const uint8_t[], size_t)> output_fn
Definition tls_channel.h:40
std::function< void(const uint8_t[], size_t)> data_cb
Definition tls_channel.h:41
std::string application_protocol() const override
Definition tls_server.h:113
std::function< std::string(std::vector< std::string >)> next_protocol_fn
Definition tls_server.h:29
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
Definition bigint.h:1143
MechanismType type