1 /* 2 * TLS Server 3 * (C) 2004-2011 Jack Lloyd 4 * 2016 Matthias Gierlings 5 * 6 * Botan is released under the Simplified BSD License (see license.txt) 7 */ 8 9 #ifndef BOTAN_TLS_SERVER_H_ 10 #define BOTAN_TLS_SERVER_H_ 11 12 #include <botan/tls_channel.h> 13 #include <botan/tls_policy.h> 14 #include <botan/credentials_manager.h> 15 #include <vector> 16 17 namespace Botan { 18 19 namespace TLS { 20 21 class Server_Handshake_State; 22 23 /** 24 * TLS Server 25 */ 26 class BOTAN_PUBLIC_API(2,0) Server final : public Channel 27 { 28 public: 29 typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn; 30 31 /** 32 * Server initialization 33 * 34 * @param callbacks contains a set of callback function references 35 * required by the TLS client. 36 * 37 * @param session_manager manages session state 38 * 39 * @param creds manages application/user credentials 40 * 41 * @param policy specifies other connection policy information 42 * 43 * @param rng a random number generator 44 * 45 * @param is_datagram set to true if this server should expect DTLS 46 * connections. Otherwise TLS connections are expected. 47 * 48 * @param reserved_io_buffer_size This many bytes of memory will 49 * be preallocated for the read and write buffers. Smaller 50 * values just mean reallocations and copies are more likely. 51 */ 52 Server(Callbacks& callbacks, 53 Session_Manager& session_manager, 54 Credentials_Manager& creds, 55 const Policy& policy, 56 RandomNumberGenerator& rng, 57 bool is_datagram = false, 58 size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE 59 ); 60 61 /** 62 * DEPRECATED. This constructor is only provided for backward 63 * compatibility and should not be used in new implementations. 64 * It will be removed in a future release. 65 */ 66 BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)") 67 Server(output_fn output, 68 data_cb data_cb, 69 alert_cb recv_alert_cb, 70 handshake_cb hs_cb, 71 Session_Manager& session_manager, 72 Credentials_Manager& creds, 73 const Policy& policy, 74 RandomNumberGenerator& rng, 75 next_protocol_fn next_proto = next_protocol_fn(), 76 bool is_datagram = false, 77 size_t reserved_io_buffer_size = TLS::Server::IO_BUF_DEFAULT_SIZE 78 ); 79 80 /** 81 * DEPRECATED. This constructor is only provided for backward 82 * compatibility and should not be used in new implementations. 83 * It will be removed in a future release. 84 */ 85 BOTAN_DEPRECATED("Use TLS::Server(TLS::Callbacks ...)") 86 Server(output_fn output, 87 data_cb data_cb, 88 alert_cb recv_alert_cb, 89 handshake_cb hs_cb, 90 handshake_msg_cb hs_msg_cb, 91 Session_Manager& session_manager, 92 Credentials_Manager& creds, 93 const Policy& policy, 94 RandomNumberGenerator& rng, 95 next_protocol_fn next_proto = next_protocol_fn(), 96 bool is_datagram = false 97 ); 98 99 /** 100 * Return the protocol notification set by the client (using the 101 * ALPN extension) for this connection, if any. This value is not 102 * tied to the session and a later renegotiation of the same 103 * session can choose a new protocol. 104 */ next_protocol()105 std::string next_protocol() const { return m_next_protocol; } 106 107 /** 108 * Return the protocol notification set by the client (using the 109 * ALPN extension) for this connection, if any. This value is not 110 * tied to the session and a later renegotiation of the same 111 * session can choose a new protocol. 112 */ application_protocol()113 std::string application_protocol() const override { return m_next_protocol; } 114 115 private: 116 std::vector<X509_Certificate> 117 get_peer_cert_chain(const Handshake_State& state) const override; 118 119 void initiate_handshake(Handshake_State& state, 120 bool force_full_renegotiation) override; 121 122 void process_handshake_msg(const Handshake_State* active_state, 123 Handshake_State& pending_state, 124 Handshake_Type type, 125 const std::vector<uint8_t>& contents, 126 bool epoch0_restart) override; 127 128 void process_client_hello_msg(const Handshake_State* active_state, 129 Server_Handshake_State& pending_state, 130 const std::vector<uint8_t>& contents, 131 bool epoch0_restart); 132 133 void process_certificate_msg(Server_Handshake_State& pending_state, 134 const std::vector<uint8_t>& contents); 135 136 void process_client_key_exchange_msg(Server_Handshake_State& pending_state, 137 const std::vector<uint8_t>& contents); 138 139 void process_change_cipher_spec_msg(Server_Handshake_State& pending_state); 140 141 void process_certificate_verify_msg(Server_Handshake_State& pending_state, 142 Handshake_Type type, 143 const std::vector<uint8_t>& contents); 144 145 void process_finished_msg(Server_Handshake_State& pending_state, 146 Handshake_Type type, 147 const std::vector<uint8_t>& contents); 148 149 void session_resume(Server_Handshake_State& pending_state, 150 bool have_session_ticket_key, 151 Session& session_info); 152 153 void session_create(Server_Handshake_State& pending_state, 154 bool have_session_ticket_key); 155 156 Handshake_State* new_handshake_state(Handshake_IO* io) override; 157 158 Credentials_Manager& m_creds; 159 std::string m_next_protocol; 160 161 // Set by deprecated constructor, Server calls both this fn and Callbacks version 162 next_protocol_fn m_choose_next_protocol; 163 }; 164 165 } 166 167 } 168 169 #endif 170