Botan
2.1.0
Crypto and TLS for C++11
|
#include <tls_channel.h>
Public Types | |
typedef std::function< void(Alert, const uint8_t[], size_t)> | alert_cb |
typedef std::function< void(const uint8_t[], size_t)> | data_cb |
typedef std::function< bool(const Session &)> | handshake_cb |
typedef std::function< void(const Handshake_Message &)> | handshake_msg_cb |
typedef std::function< void(const uint8_t[], size_t)> | output_fn |
Public Member Functions | |
Channel (Callbacks &callbacks, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE) | |
Channel (output_fn out, data_cb app_data_cb, alert_cb alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb, Session_Manager &session_manager, RandomNumberGenerator &rng, const Policy &policy, bool is_datagram, size_t io_buf_sz=IO_BUF_DEFAULT_SIZE) | |
Channel (const Channel &)=delete | |
void | close () |
bool | is_active () const |
bool | is_closed () const |
SymmetricKey | key_material_export (const std::string &label, const std::string &context, size_t length) const |
Channel & | operator= (const Channel &)=delete |
std::vector< X509_Certificate > | peer_cert_chain () const |
size_t | received_data (const uint8_t buf[], size_t buf_size) |
size_t | received_data (const std::vector< uint8_t > &buf) |
void | renegotiate (bool force_full_renegotiation=false) |
bool | secure_renegotiation_supported () const |
void | send (const uint8_t buf[], size_t buf_size) |
void | send (const std::string &val) |
template<typename Alloc > | |
void | send (const std::vector< unsigned char, Alloc > &val) |
void | send_alert (const Alert &alert) |
void | send_fatal_alert (Alert::Type type) |
void | send_warning_alert (Alert::Type type) |
bool | timeout_check () |
virtual | ~Channel () |
Static Public Attributes | |
static size_t | IO_BUF_DEFAULT_SIZE = 10*1024 |
Generic interface for TLS endpoint
Definition at line 36 of file tls_channel.h.
typedef std::function<void (Alert, const uint8_t[], size_t)> Botan::TLS::Channel::alert_cb |
Definition at line 41 of file tls_channel.h.
typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::data_cb |
Definition at line 40 of file tls_channel.h.
typedef std::function<bool (const Session&)> Botan::TLS::Channel::handshake_cb |
Definition at line 42 of file tls_channel.h.
typedef std::function<void (const Handshake_Message&)> Botan::TLS::Channel::handshake_msg_cb |
Definition at line 43 of file tls_channel.h.
typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Channel::output_fn |
Definition at line 39 of file tls_channel.h.
Botan::TLS::Channel::Channel | ( | Callbacks & | callbacks, |
Session_Manager & | session_manager, | ||
RandomNumberGenerator & | rng, | ||
const Policy & | policy, | ||
bool | is_datagram, | ||
size_t | io_buf_sz = IO_BUF_DEFAULT_SIZE |
||
) |
Set up a new TLS session
callbacks | contains a set of callback function references required by the TLS endpoint. |
session_manager | manages session state |
rng | a random number generator |
policy | specifies other connection policy information |
is_datagram | whether this is a DTLS session |
io_buf_sz | This many bytes of memory will be preallocated for the read and write buffers. Smaller values just mean reallocations and copies are more likely. |
Definition at line 24 of file tls_channel.cpp.
Botan::TLS::Channel::Channel | ( | output_fn | out, |
data_cb | app_data_cb, | ||
alert_cb | alert_cb, | ||
handshake_cb | hs_cb, | ||
handshake_msg_cb | hs_msg_cb, | ||
Session_Manager & | session_manager, | ||
RandomNumberGenerator & | rng, | ||
const Policy & | policy, | ||
bool | is_datagram, | ||
size_t | io_buf_sz = IO_BUF_DEFAULT_SIZE |
||
) |
DEPRECATED. This constructor is only provided for backward compatibility and should not be used in new implementations. (Not marked deprecated since it is only called internally, by other deprecated constructors)
Definition at line 39 of file tls_channel.cpp.
|
delete |
|
virtual |
Definition at line 78 of file tls_channel.cpp.
|
protected |
Definition at line 259 of file tls_channel.cpp.
References callbacks(), Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), Botan::map_remove_if(), and Botan::TLS::Callbacks::tls_session_activated().
|
inlineprotected |
Definition at line 241 of file tls_channel.h.
Referenced by activate_session().
|
protected |
Definition at line 183 of file tls_channel.cpp.
References BOTAN_ASSERT, Botan::TLS::CLIENT, Botan::TLS::Connection_Sequence_Numbers::current_read_epoch(), Botan::TLS::Connection_Sequence_Numbers::new_read_cipher_state(), Botan::TLS::NO_COMPRESSION, and Botan::TLS::SERVER.
|
protected |
Definition at line 212 of file tls_channel.cpp.
References BOTAN_ASSERT, Botan::TLS::Connection_Sequence_Numbers::current_write_epoch(), Botan::TLS::Connection_Sequence_Numbers::new_write_cipher_state(), and Botan::TLS::NO_COMPRESSION.
|
inline |
Send a close notification alert
Definition at line 150 of file tls_channel.h.
References Botan::TLS::Alert::CLOSE_NOTIFY.
|
protected |
Definition at line 112 of file tls_channel.cpp.
References Botan::TLS::Protocol_Version::is_datagram_protocol(), new_handshake_state(), and Botan::TLS::Protocol_Version::to_string().
Referenced by renegotiate().
|
protectedpure virtual |
Referenced by peer_cert_chain().
|
protectedpure virtual |
Referenced by renegotiate().
|
protected |
bool Botan::TLS::Channel::is_active | ( | ) | const |
Definition at line 240 of file tls_channel.cpp.
Referenced by Botan::TLS::Blocking_Client::do_handshake(), and send().
bool Botan::TLS::Channel::is_closed | ( | ) | const |
Definition at line 245 of file tls_channel.cpp.
Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), received_data(), and send_alert().
SymmetricKey Botan::TLS::Channel::key_material_export | ( | const std::string & | label, |
const std::string & | context, | ||
size_t | length | ||
) | const |
Key material export (RFC 5705)
label | a disambiguating label string |
context | a per-association context value |
length | the length of the desired key in bytes |
Definition at line 651 of file tls_channel.cpp.
References Botan::get_byte(), Botan::OctetString::length(), and Botan::to_byte_vector().
|
protectedpure virtual |
Referenced by create_handshake_state().
std::vector< X509_Certificate > Botan::TLS::Channel::peer_cert_chain | ( | ) | const |
Definition at line 105 of file tls_channel.cpp.
References get_peer_cert_chain().
|
inlineprotected |
Definition at line 237 of file tls_channel.h.
|
protectedpure virtual |
size_t Botan::TLS::Channel::received_data | ( | const uint8_t | buf[], |
size_t | buf_size | ||
) |
Inject TLS traffic received from counterparty
Definition at line 284 of file tls_channel.cpp.
References Botan::TLS::ALERT, Botan::TLS::APPLICATION_DATA, Botan::TLS::Alert::BAD_RECORD_MAC, BOTAN_ASSERT, Botan::TLS::CHANGE_CIPHER_SPEC, Botan::TLS::Alert::DECODE_ERROR, Botan::TLS::HANDSHAKE, Botan::TLS::Alert::INTERNAL_ERROR, is_closed(), Botan::TLS::MAX_PLAINTEXT_SIZE, Botan::TLS::NO_RECORD, Botan::TLS::read_record(), Botan::TLS::Alert::RECORD_OVERFLOW, send_fatal_alert(), Botan::ASN1::to_string(), and Botan::TLS::TLS_Exception::type().
Referenced by Botan::TLS::Blocking_Client::do_handshake(), Botan::TLS::Blocking_Client::read(), and received_data().
size_t Botan::TLS::Channel::received_data | ( | const std::vector< uint8_t > & | buf | ) |
Inject TLS traffic received from counterparty
Definition at line 279 of file tls_channel.cpp.
References received_data().
void Botan::TLS::Channel::renegotiate | ( | bool | force_full_renegotiation = false | ) |
Attempt to renegotiate the session
force_full_renegotiation | if true, require a full renegotiation, otherwise allow session resumption |
Definition at line 171 of file tls_channel.cpp.
References create_handshake_state(), and initiate_handshake().
|
inlineprotected |
|
inlineprotected |
Definition at line 239 of file tls_channel.h.
|
protected |
Definition at line 574 of file tls_channel.cpp.
References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Client_Hello::renegotiation_info(), Botan::TLS::Client_Hello::secure_renegotiation(), and secure_renegotiation_data_for_client_hello().
|
protected |
Definition at line 597 of file tls_channel.cpp.
References Botan::TLS::Alert::HANDSHAKE_FAILURE, Botan::TLS::Server_Hello::renegotiation_info(), Botan::TLS::Server_Hello::secure_renegotiation(), and secure_renegotiation_data_for_server_hello().
|
protected |
Definition at line 620 of file tls_channel.cpp.
Referenced by secure_renegotiation_check().
|
protected |
Definition at line 627 of file tls_channel.cpp.
Referenced by secure_renegotiation_check().
bool Botan::TLS::Channel::secure_renegotiation_supported | ( | ) | const |
Definition at line 639 of file tls_channel.cpp.
void Botan::TLS::Channel::send | ( | const uint8_t | buf[], |
size_t | buf_size | ||
) |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 538 of file tls_channel.cpp.
References Botan::TLS::APPLICATION_DATA, and is_active().
Referenced by send().
void Botan::TLS::Channel::send | ( | const std::string & | val | ) |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 547 of file tls_channel.cpp.
References send().
|
inline |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 125 of file tls_channel.h.
void Botan::TLS::Channel::send_alert | ( | const Alert & | alert | ) |
Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.
alert | the Alert to send |
Definition at line 552 of file tls_channel.cpp.
References Botan::TLS::ALERT, Botan::TLS::Alert::CLOSE_NOTIFY, is_closed(), Botan::TLS::Alert::is_fatal(), Botan::TLS::Alert::is_valid(), Botan::TLS::Alert::NO_RENEGOTIATION, Botan::TLS::Session_Manager::remove_entry(), Botan::TLS::Alert::serialize(), and Botan::TLS::Alert::type().
|
inline |
|
inline |
|
inlineprotected |
Definition at line 235 of file tls_channel.h.
bool Botan::TLS::Channel::timeout_check | ( | ) |
Perform a handshake timeout check. This does nothing unless this is a DTLS channel with a pending handshake state, in which case we check for timeout and potentially retransmit handshake packets.
Definition at line 162 of file tls_channel.cpp.
|
static |
Definition at line 44 of file tls_channel.h.