/src/botan/build/include/botan/tls_channel.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS Channel |
3 | | * (C) 2011,2012,2014,2015 Jack Lloyd |
4 | | * 2016 Matthias Gierlings |
5 | | * 2021 Elektrobit Automotive GmbH |
6 | | * 2022 René Meusel, Hannes Rantzsch - neXenio GmbH |
7 | | * |
8 | | * Botan is released under the Simplified BSD License (see license.txt) |
9 | | */ |
10 | | |
11 | | #ifndef BOTAN_TLS_CHANNEL_H_ |
12 | | #define BOTAN_TLS_CHANNEL_H_ |
13 | | |
14 | | #include <botan/tls_session.h> |
15 | | #include <botan/tls_alert.h> |
16 | | #include <botan/tls_session_manager.h> |
17 | | #include <botan/tls_callbacks.h> |
18 | | #include <botan/x509cert.h> |
19 | | |
20 | | #include <vector> |
21 | | #include <string> |
22 | | |
23 | | namespace Botan::TLS { |
24 | | |
25 | | /** |
26 | | * Generic interface for TLS endpoint |
27 | | */ |
28 | | class BOTAN_PUBLIC_API(2,0) Channel |
29 | | { |
30 | | public: |
31 | | static constexpr size_t IO_BUF_DEFAULT_SIZE = 10*1024; |
32 | | |
33 | 8.48k | virtual ~Channel() = default; |
34 | | |
35 | | /** |
36 | | * Inject TLS traffic received from counterparty |
37 | | * @return a hint as the how many more bytes we need to process the |
38 | | * current record (this may be 0 if on a record boundary) |
39 | | */ |
40 | | virtual size_t received_data(const uint8_t buf[], size_t buf_size) = 0; |
41 | | |
42 | | /** |
43 | | * Inject TLS traffic received from counterparty |
44 | | * @return a hint as the how many more bytes we need to process the |
45 | | * current record (this may be 0 if on a record boundary) |
46 | | */ |
47 | | size_t received_data(const std::vector<uint8_t>& buf) |
48 | 0 | { |
49 | 0 | return this->received_data(buf.data(), buf.size()); |
50 | 0 | } |
51 | | |
52 | | /** |
53 | | * Inject plaintext intended for counterparty |
54 | | * Throws an exception if is_active() is false |
55 | | */ |
56 | | virtual void send(const uint8_t buf[], size_t buf_size) = 0; |
57 | | |
58 | | /** |
59 | | * Inject plaintext intended for counterparty |
60 | | * Throws an exception if is_active() is false |
61 | | */ |
62 | | void send(const std::string& val) |
63 | 0 | { |
64 | 0 | this->send(cast_char_ptr_to_uint8(val.data()), val.size()); |
65 | 0 | } |
66 | | |
67 | | /** |
68 | | * Inject plaintext intended for counterparty |
69 | | * Throws an exception if is_active() is false |
70 | | */ |
71 | | template<typename Alloc> |
72 | | void send(const std::vector<unsigned char, Alloc>& val) |
73 | | { |
74 | | send(val.data(), val.size()); |
75 | | } |
76 | | |
77 | | /** |
78 | | * Send a TLS alert message. If the alert is fatal, the internal |
79 | | * state (keys, etc) will be reset. |
80 | | * @param alert the Alert to send |
81 | | */ |
82 | | virtual void send_alert(const Alert& alert) = 0; |
83 | | |
84 | | /** |
85 | | * Send a warning alert |
86 | | */ |
87 | | virtual void send_warning_alert(Alert::Type type) = 0; |
88 | | |
89 | | /** |
90 | | * Send a fatal alert |
91 | | */ |
92 | | virtual void send_fatal_alert(Alert::Type type) = 0; |
93 | | |
94 | | /** |
95 | | * Send a close notification alert |
96 | | */ |
97 | | virtual void close() = 0; |
98 | | |
99 | | /** |
100 | | * @return true iff the connection is active for sending application data |
101 | | */ |
102 | | virtual bool is_active() const = 0; |
103 | | |
104 | | /** |
105 | | * Note: For TLS 1.3 a connection is closed only after both peers have |
106 | | * signaled a "close_notify". While TLS 1.2 automatically responded |
107 | | * in suit once the peer had sent "close_notify", TLS 1.3 allows to |
108 | | * continue transmitting data even if the peer closed their writing |
109 | | * end. |
110 | | * |
111 | | * @return true iff the connection has been definitely closed |
112 | | */ |
113 | | virtual bool is_closed() const = 0; |
114 | | |
115 | | /** |
116 | | * @return true iff the peer closed their channel |
117 | | * (i.e. no more incoming data expected) |
118 | | */ |
119 | | virtual bool is_closed_for_reading() const = 0; |
120 | | |
121 | | /** |
122 | | * @return true iff we closed our channel |
123 | | * (i.e. no more outgoing data allowed) |
124 | | */ |
125 | | virtual bool is_closed_for_writing() const = 0; |
126 | | |
127 | | /** |
128 | | * @return certificate chain of the peer (may be empty) |
129 | | */ |
130 | | virtual std::vector<X509_Certificate> peer_cert_chain() const = 0; |
131 | | |
132 | | /** |
133 | | * Key material export (RFC 5705) |
134 | | * @param label a disambiguating label string |
135 | | * @param context a per-association context value |
136 | | * @param length the length of the desired key in bytes |
137 | | * @return key of length bytes |
138 | | */ |
139 | | virtual SymmetricKey key_material_export(const std::string& label, |
140 | | const std::string& context, |
141 | | size_t length) const = 0; |
142 | | |
143 | | /** |
144 | | * Attempt to renegotiate the session |
145 | | * @param force_full_renegotiation if true, require a full renegotiation, |
146 | | * otherwise allow session resumption |
147 | | */ |
148 | | virtual void renegotiate(bool force_full_renegotiation = false) = 0; |
149 | | |
150 | | /** |
151 | | * Attempt to update the session's traffic key material |
152 | | * Note that this is possible with a TLS 1.3 channel, only. |
153 | | * |
154 | | * @param request_peer_update if true, require a reciprocal key update |
155 | | */ |
156 | | virtual void update_traffic_keys(bool request_peer_update = false) = 0; |
157 | | |
158 | | /** |
159 | | * @return true iff the counterparty supports the secure |
160 | | * renegotiation extensions. |
161 | | */ |
162 | | virtual bool secure_renegotiation_supported() const = 0; |
163 | | |
164 | | /** |
165 | | * Perform a handshake timeout check. This does nothing unless |
166 | | * this is a DTLS channel with a pending handshake state, in |
167 | | * which case we check for timeout and potentially retransmit |
168 | | * handshake packets. |
169 | | */ |
170 | | virtual bool timeout_check() = 0; |
171 | | |
172 | | virtual std::string application_protocol() const = 0; |
173 | | }; |
174 | | } |
175 | | |
176 | | #endif |