diff options
Diffstat (limited to 'comm/third_party/botan/src/lib/tls/tls_server.h')
-rw-r--r-- | comm/third_party/botan/src/lib/tls/tls_server.h | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/lib/tls/tls_server.h b/comm/third_party/botan/src/lib/tls/tls_server.h new file mode 100644 index 0000000000..c601e8c6e3 --- /dev/null +++ b/comm/third_party/botan/src/lib/tls/tls_server.h @@ -0,0 +1,169 @@ +/* +* TLS Server +* (C) 2004-2011 Jack Lloyd +* 2016 Matthias Gierlings +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_TLS_SERVER_H_ +#define BOTAN_TLS_SERVER_H_ + +#include <botan/tls_channel.h> +#include <botan/tls_policy.h> +#include <botan/credentials_manager.h> +#include <vector> + +namespace Botan { + +namespace TLS { + +class Server_Handshake_State; + +/** +* TLS Server +*/ +class BOTAN_PUBLIC_API(2,0) Server final : public Channel + { + public: + typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn; + + /** + * Server initialization + * + * @param callbacks contains a set of callback function references + * required by the TLS client. + * + * @param session_manager manages session state + * + * @param creds manages application/user credentials + * + * @param policy specifies other connection policy information + * + * @param rng a random number generator + * + * @param is_datagram set to true if this server should expect DTLS + * connections. Otherwise TLS connections are expected. + * + * @param reserved_io_buffer_size This many bytes of memory will + * be preallocated for the read and write buffers. Smaller + * values just mean reallocations and copies are more likely. + */ + Server(Callbacks& callbacks, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + bool is_datagram = false, + size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE + ); + + /** + * DEPRECATED. This constructor is only provided for backward + * compatibility and should not be used in new implementations. + * It will be removed in a future release. + */ + BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)") + Server(output_fn output, + data_cb data_cb, + alert_cb recv_alert_cb, + handshake_cb hs_cb, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + next_protocol_fn next_proto = next_protocol_fn(), + bool is_datagram = false, + size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE + ); + + /** + * DEPRECATED. This constructor is only provided for backward + * compatibility and should not be used in new implementations. + * It will be removed in a future release. + */ + BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)") + Server(output_fn output, + data_cb data_cb, + alert_cb recv_alert_cb, + handshake_cb hs_cb, + handshake_msg_cb hs_msg_cb, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + next_protocol_fn next_proto = next_protocol_fn(), + bool is_datagram = false + ); + + /** + * Return the protocol notification set by the client (using the + * ALPN extension) for this connection, if any. This value is not + * tied to the session and a later renegotiation of the same + * session can choose a new protocol. + */ + std::string next_protocol() const { return m_next_protocol; } + + /** + * Return the protocol notification set by the client (using the + * ALPN extension) for this connection, if any. This value is not + * tied to the session and a later renegotiation of the same + * session can choose a new protocol. + */ + std::string application_protocol() const override { return m_next_protocol; } + + private: + std::vector<X509_Certificate> + get_peer_cert_chain(const Handshake_State& state) const override; + + void initiate_handshake(Handshake_State& state, + bool force_full_renegotiation) override; + + void process_handshake_msg(const Handshake_State* active_state, + Handshake_State& pending_state, + Handshake_Type type, + const std::vector<uint8_t>& contents, + bool epoch0_restart) override; + + void process_client_hello_msg(const Handshake_State* active_state, + Server_Handshake_State& pending_state, + const std::vector<uint8_t>& contents, + bool epoch0_restart); + + void process_certificate_msg(Server_Handshake_State& pending_state, + const std::vector<uint8_t>& contents); + + void process_client_key_exchange_msg(Server_Handshake_State& pending_state, + const std::vector<uint8_t>& contents); + + void process_change_cipher_spec_msg(Server_Handshake_State& pending_state); + + void process_certificate_verify_msg(Server_Handshake_State& pending_state, + Handshake_Type type, + const std::vector<uint8_t>& contents); + + void process_finished_msg(Server_Handshake_State& pending_state, + Handshake_Type type, + const std::vector<uint8_t>& contents); + + void session_resume(Server_Handshake_State& pending_state, + bool have_session_ticket_key, + Session& session_info); + + void session_create(Server_Handshake_State& pending_state, + bool have_session_ticket_key); + + Handshake_State* new_handshake_state(Handshake_IO* io) override; + + Credentials_Manager& m_creds; + std::string m_next_protocol; + + // Set by deprecated constructor, Server calls both this fn and Callbacks version + next_protocol_fn m_choose_next_protocol; + }; + +} + +} + +#endif |