1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
/*
* TLS Channel
* (C) 2011,2012,2014,2015 Jack Lloyd
* 2016 Matthias Gierlings
* 2021 Elektrobit Automotive GmbH
* 2022 René Meusel, Hannes Rantzsch - neXenio GmbH
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_TLS_CHANNEL_IMPL_H_
#define BOTAN_TLS_CHANNEL_IMPL_H_
#include <botan/tls_channel.h>
#include <botan/tls_version.h>
#include <botan/tls_magic.h>
#include <vector>
#include <memory>
namespace Botan {
class Credentials_Manager;
class X509_Certificate;
namespace TLS {
class Channel_Impl
{
public:
virtual ~Channel_Impl() = default;
/**
* Inject TLS traffic received from counterparty
* @return a hint as the how many more bytes we need to q the
* current record (this may be 0 if on a record boundary)
*/
virtual size_t received_data(const uint8_t buf[], size_t buf_size) = 0;
/**
* Inject plaintext intended for counterparty
* Throws an exception if is_active() is false
*/
virtual void send(const uint8_t buf[], size_t buf_size) = 0;
/**
* Send a TLS alert message. If the alert is fatal, the internal
* state (keys, etc) will be reset.
* @param alert the Alert to send
*/
virtual void send_alert(const Alert& alert) = 0;
/**
* Send a warning alert
*/
void send_warning_alert(Alert::Type type) { send_alert(Alert(type, false)); }
/**
* Send a fatal alert
*/
void send_fatal_alert(Alert::Type type) { send_alert(Alert(type, true)); }
/**
* Send a close notification alert
*/
void close() { send_warning_alert(Alert::CLOSE_NOTIFY); }
/**
* @return true iff the connection is active for sending application data
*/
virtual bool is_active() const = 0;
/**
* @return true iff the connection has been definitely closed
*/
virtual bool is_closed() const = 0;
/**
* @return certificate chain of the peer (may be empty)
*/
virtual std::vector<X509_Certificate> peer_cert_chain() const = 0;
/**
* Key material export (RFC 5705)
* @param label a disambiguating label string
* @param context a per-association context value
* @param length the length of the desired key in bytes
* @return key of length bytes
*/
virtual SymmetricKey key_material_export(const std::string& label,
const std::string& context,
size_t length) const = 0;
/**
* Attempt to renegotiate the session
* @param force_full_renegotiation if true, require a full renegotiation,
* otherwise allow session resumption
*/
virtual void renegotiate(bool force_full_renegotiation = false) = 0;
/**
* @return true iff the counterparty supports the secure
* renegotiation extensions.
*/
virtual bool secure_renegotiation_supported() const = 0;
/**
* Perform a handshake timeout check. This does nothing unless
* this is a DTLS channel with a pending handshake state, in
* which case we check for timeout and potentially retransmit
* handshake packets.
*/
virtual bool timeout_check() = 0;
virtual std::string application_protocol() const = 0;
};
}
}
#endif
|
