Botan 2.19.3
Crypto and TLS for C&
|
#include <tls_server.h>
Public Types | |
typedef std::function< void(Alert, const uint8_t[], size_t)> | alert_cb |
typedef std::function< void(const uint8_t[], size_t)> | data_cb |
typedef std::function< bool(const Session &)> | handshake_cb |
typedef std::function< void(const Handshake_Message &)> | handshake_msg_cb |
typedef std::function< std::string(std::vector< std::string >)> | next_protocol_fn |
typedef std::function< void(const uint8_t[], size_t)> | output_fn |
Public Member Functions | |
std::string | application_protocol () const override |
void | close () |
bool | is_active () const |
bool | is_closed () const |
SymmetricKey | key_material_export (const std::string &label, const std::string &context, size_t length) const |
std::string | next_protocol () const |
std::vector< X509_Certificate > | peer_cert_chain () const |
size_t | received_data (const std::vector< uint8_t > &buf) |
size_t | received_data (const uint8_t buf[], size_t buf_size) |
void | renegotiate (bool force_full_renegotiation=false) |
bool | secure_renegotiation_supported () const |
void | send (const std::string &val) |
template<typename Alloc > | |
void | send (const std::vector< unsigned char, Alloc > &val) |
void | send (const uint8_t buf[], size_t buf_size) |
void | send_alert (const Alert &alert) |
void | send_fatal_alert (Alert::Type type) |
void | send_warning_alert (Alert::Type type) |
Server (Callbacks &callbacks, Session_Manager &session_manager, Credentials_Manager &creds, const Policy &policy, RandomNumberGenerator &rng, bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Server::IO_BUF_DEFAULT_SIZE) | |
Server (output_fn output, data_cb data_cb, alert_cb recv_alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb, Session_Manager &session_manager, Credentials_Manager &creds, const Policy &policy, RandomNumberGenerator &rng, next_protocol_fn next_proto=next_protocol_fn(), bool is_datagram=false) | |
Server (output_fn output, data_cb data_cb, alert_cb recv_alert_cb, handshake_cb hs_cb, Session_Manager &session_manager, Credentials_Manager &creds, const Policy &policy, RandomNumberGenerator &rng, next_protocol_fn next_proto=next_protocol_fn(), bool is_datagram=false, size_t reserved_io_buffer_size=TLS::Server::IO_BUF_DEFAULT_SIZE) | |
bool | timeout_check () |
Static Public Attributes | |
static size_t | IO_BUF_DEFAULT_SIZE = 10*1024 |
Protected Member Functions | |
void | activate_session () |
Callbacks & | callbacks () const |
void | change_cipher_spec_reader (Connection_Side side) |
void | change_cipher_spec_writer (Connection_Side side) |
Handshake_State & | create_handshake_state (Protocol_Version version) |
void | inspect_handshake_message (const Handshake_Message &msg) |
const Policy & | policy () const |
void | reset_active_association_state () |
RandomNumberGenerator & | rng () |
bool | save_session (const Session &session) |
void | secure_renegotiation_check (const Client_Hello *client_hello) |
void | secure_renegotiation_check (const Server_Hello *server_hello) |
std::vector< uint8_t > | secure_renegotiation_data_for_client_hello () const |
std::vector< uint8_t > | secure_renegotiation_data_for_server_hello () const |
Session_Manager & | session_manager () |
Definition at line 26 of file tls_server.h.
|
inherited |
Definition at line 42 of file tls_channel.h.
|
inherited |
Definition at line 41 of file tls_channel.h.
|
inherited |
Definition at line 43 of file tls_channel.h.
|
inherited |
Definition at line 44 of file tls_channel.h.
typedef std::function<std::string (std::vector<std::string>)> Botan::TLS::Server::next_protocol_fn |
Definition at line 29 of file tls_server.h.
|
inherited |
Definition at line 40 of file tls_channel.h.
Botan::TLS::Server::Server | ( | Callbacks & | callbacks, |
Session_Manager & | session_manager, | ||
Credentials_Manager & | creds, | ||
const Policy & | policy, | ||
RandomNumberGenerator & | rng, | ||
bool | is_datagram = false , |
||
size_t | reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE |
||
) |
Server initialization
callbacks | contains a set of callback function references required by the TLS client. |
session_manager | manages session state |
creds | manages application/user credentials |
policy | specifies other connection policy information |
rng | a random number generator |
is_datagram | set to true if this server should expect DTLS connections. Otherwise TLS connections are expected. |
reserved_io_buffer_size | This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely. |
Definition at line 298 of file tls_server.cpp.
Botan::TLS::Server::Server | ( | output_fn | output, |
data_cb | data_cb, | ||
alert_cb | recv_alert_cb, | ||
handshake_cb | hs_cb, | ||
Session_Manager & | session_manager, | ||
Credentials_Manager & | creds, | ||
const Policy & | policy, | ||
RandomNumberGenerator & | rng, | ||
next_protocol_fn | next_proto = next_protocol_fn() , |
||
bool | is_datagram = false , |
||
size_t | reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE |
||
) |
DEPRECATED. This constructor is only provided for backward compatibility and should not be used in new implementations. It will be removed in a future release.
Definition at line 311 of file tls_server.cpp.
Botan::TLS::Server::Server | ( | output_fn | output, |
data_cb | data_cb, | ||
alert_cb | recv_alert_cb, | ||
handshake_cb | hs_cb, | ||
handshake_msg_cb | hs_msg_cb, | ||
Session_Manager & | session_manager, | ||
Credentials_Manager & | creds, | ||
const Policy & | policy, | ||
RandomNumberGenerator & | rng, | ||
next_protocol_fn | next_proto = next_protocol_fn() , |
||
bool | is_datagram = false |
||
) |
DEPRECATED. This constructor is only provided for backward compatibility and should not be used in new implementations. It will be removed in a future release.
Definition at line 330 of file tls_server.cpp.
|
protectedinherited |
Definition at line 291 of file tls_channel.cpp.
References Botan::TLS::Channel::callbacks(), Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().
|
inlineoverridevirtual |
Return the protocol notification set by the client (using the ALPN extension) for this connection, if any. This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.
Implements Botan::TLS::Channel.
Definition at line 113 of file tls_server.h.
|
inlineprotectedinherited |
Definition at line 242 of file tls_channel.h.
Referenced by Botan::TLS::Channel::activate_session(), and Botan::TLS::Channel::save_session().
|
protectedinherited |
Definition at line 222 of file tls_channel.cpp.
References BOTAN_ASSERT, Botan::TLS::CLIENT, Botan::TLS::Connection_Sequence_Numbers::current_read_epoch(), Botan::TLS::Connection_Sequence_Numbers::new_read_cipher_state(), and Botan::TLS::SERVER.
|
protectedinherited |
Definition at line 251 of file tls_channel.cpp.
References BOTAN_ASSERT, Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), and Botan::TLS::Connection_Sequence_Numbers::new_write_cipher_state().
|
inlineinherited |
Send a close notification alert
Definition at line 149 of file tls_channel.h.
|
protectedinherited |
Definition at line 146 of file tls_channel.cpp.
References Botan::TLS::Policy::dtls_default_mtu(), Botan::TLS::Policy::dtls_initial_timeout(), Botan::TLS::Policy::dtls_maximum_timeout(), Botan::TLS::Protocol_Version::is_datagram_protocol(), Botan::TLS::Channel::new_handshake_state(), Botan::TLS::Alert::PROTOCOL_VERSION, and Botan::TLS::Protocol_Version::to_string().
Referenced by Botan::TLS::Channel::renegotiate().
|
protectedinherited |
|
inherited |
Definition at line 279 of file tls_channel.cpp.
References Botan::TLS::Channel::is_closed().
Referenced by Botan::TLS::Blocking_Client::do_handshake(), and Botan::TLS::Channel::send().
|
inherited |
Definition at line 286 of file tls_channel.cpp.
Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Channel::is_active(), Botan::TLS::Blocking_Client::read(), and Botan::TLS::Channel::send_alert().
|
inherited |
Key material export (RFC 5705)
label | a disambiguating label string |
context | a per-association context value |
length | the length of the desired key in bytes |
Definition at line 757 of file tls_channel.cpp.
References Botan::get_byte(), and Botan::to_byte_vector().
|
inline |
Return the protocol notification set by the client (using the ALPN extension) for this connection, if any. This value is not tied to the session and a later renegotiation of the same session can choose a new protocol.
Definition at line 105 of file tls_server.h.
|
inherited |
Definition at line 134 of file tls_channel.cpp.
References Botan::TLS::Channel::get_peer_cert_chain().
|
inlineprotectedinherited |
Definition at line 238 of file tls_channel.h.
Referenced by Botan::TLS::Channel::received_data(), and Botan::TLS::Channel::renegotiate().
|
inherited |
Inject TLS traffic received from counterparty
Definition at line 311 of file tls_channel.cpp.
References Botan::TLS::Channel::received_data().
|
inherited |
Inject TLS traffic received from counterparty
Definition at line 316 of file tls_channel.cpp.
References Botan::TLS::ALERT, Botan::TLS::Policy::allow_dtls_epoch0_restart(), Botan::TLS::APPLICATION_DATA, Botan::TLS::Alert::BAD_RECORD_MAC, BOTAN_ASSERT, BOTAN_ASSERT_IMPLICATION, Botan::TLS::CHANGE_CIPHER_SPEC, Botan::TLS::Alert::DECODE_ERROR, Botan::TLS::Record_Header::epoch(), Botan::TLS::HANDSHAKE, Botan::TLS::Alert::INTERNAL_ERROR, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::Record_Header::needed(), Botan::TLS::NO_RECORD, Botan::TLS::Channel::policy(), Botan::TLS::Alert::PROTOCOL_VERSION, Botan::TLS::read_record(), Botan::TLS::Alert::RECORD_OVERFLOW, Botan::TLS::Channel::send_fatal_alert(), Botan::TLS::Record_Header::sequence(), Botan::TLS::TLS_Exception::type(), Botan::TLS::Record_Header::type(), Botan::TLS::Alert::UNEXPECTED_MESSAGE, and Botan::TLS::Record_Header::version().
Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), and Botan::TLS::Channel::received_data().
|
inherited |
Attempt to renegotiate the session
force_full_renegotiation | if true, require a full renegotiation, otherwise allow session resumption |
Definition at line 205 of file tls_channel.cpp.
References Botan::TLS::Policy::allow_resumption_for_renegotiation(), Botan::TLS::Channel::create_handshake_state(), Botan::TLS::Channel::initiate_handshake(), and Botan::TLS::Channel::policy().
|
protectedinherited |
Definition at line 92 of file tls_channel.cpp.
References BOTAN_ASSERT_NOMSG.
|
inlineprotectedinherited |
Definition at line 234 of file tls_channel.h.
|
protectedinherited |
Definition at line 141 of file tls_channel.cpp.
References Botan::TLS::Channel::callbacks(), and Botan::TLS::Callbacks::tls_session_established().
|
protectedinherited |
Definition at line 680 of file tls_channel.cpp.
References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Client_Hello::renegotiation_info(), Botan::TLS::Client_Hello::secure_renegotiation(), and Botan::TLS::Channel::secure_renegotiation_data_for_client_hello().
|
protectedinherited |
Definition at line 703 of file tls_channel.cpp.
References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Server_Hello::renegotiation_info(), Botan::TLS::Server_Hello::secure_renegotiation(), and Botan::TLS::Channel::secure_renegotiation_data_for_server_hello().
|
protectedinherited |
Definition at line 726 of file tls_channel.cpp.
Referenced by Botan::TLS::Channel::secure_renegotiation_check().
|
protectedinherited |
Definition at line 733 of file tls_channel.cpp.
Referenced by Botan::TLS::Channel::secure_renegotiation_check().
|
inherited |
Definition at line 745 of file tls_channel.cpp.
|
inherited |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 646 of file tls_channel.cpp.
References Botan::cast_char_ptr_to_uint8(), and Botan::TLS::Channel::send().
|
inlineinherited |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 124 of file tls_channel.h.
|
inherited |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 637 of file tls_channel.cpp.
References Botan::TLS::APPLICATION_DATA, and Botan::TLS::Channel::is_active().
Referenced by Botan::TLS::Channel::send().
|
inherited |
Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.
alert | the Alert to send |
Definition at line 651 of file tls_channel.cpp.
References Botan::TLS::ALERT, Botan::TLS::Alert::CLOSE_NOTIFY, Botan::TLS::Channel::is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Alert::NO_RENEGOTIATION, Botan::TLS::Session_Manager::remove_entry(), Botan::TLS::Alert::serialize(), and Botan::TLS::Alert::type().
|
inlineinherited |
Send a fatal alert
Definition at line 144 of file tls_channel.h.
References type.
Referenced by Botan::TLS::Channel::received_data().
|
inlineinherited |
|
inlineprotectedinherited |
Definition at line 236 of file tls_channel.h.
|
inherited |
Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.
Definition at line 196 of file tls_channel.cpp.
|
staticinherited |
Definition at line 45 of file tls_channel.h.