corosio/include/boost/corosio/tls_stream.hpp at develop · cppalliance/corosio · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
//
// Copyright (c) 2025 Vinnie Falco (vinnie.falco@gmail.com)
//
// Distributed under the Boost Software License, Version 1.0. (See accompanying
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
//
// Official repository: https://github.com/cppalliance/corosio
//

#ifndef BOOST_COROSIO_TLS_STREAM_HPP
#define BOOST_COROSIO_TLS_STREAM_HPP

#include <boost/corosio/detail/config.hpp>
#include <boost/capy/buffers.hpp>
#include <boost/capy/buffers/buffer_array.hpp>
#include <boost/capy/io/any_stream.hpp>
#include <boost/capy/io_task.hpp>

#include <cstddef>
#include <string_view>

namespace boost::corosio {

/** Abstract base class for TLS streams.

    This class provides a runtime-polymorphic interface for TLS
    implementations. Derived classes (openssl_stream, wolfssl_stream)
    implement the virtual functions to provide backend-specific
    TLS functionality.

    Unlike @ref io_stream which represents OS-level I/O completed
    by the kernel, TLS streams are coroutine-based: their operations
    are implemented as coroutines that orchestrate sub-operations
    on the underlying stream.

    The non-virtual template wrappers (`read_some`, `write_some`)
    satisfy the `capy::Stream` concept, enabling TLS streams to
    be used anywhere a Stream is expected.

    @par Thread Safety
    Distinct objects: Safe.@n
    Shared objects: Unsafe.

    @see openssl_stream, wolfssl_stream
*/
class BOOST_COROSIO_DECL tls_stream
{
public:
    /// Identify the TLS handshake role.
    enum handshake_type
    {
        client, ///< Perform handshaking as a client.
        server  ///< Perform handshaking as a server.
    };

    /// Destroy the TLS stream.
    virtual ~tls_stream() = default;

    tls_stream(tls_stream const&)            = delete;
    tls_stream& operator=(tls_stream const&) = delete;

    /** Initiate an asynchronous read operation.

        Reads decrypted data into the provided buffer sequence. The
        operation completes when at least one byte has been read,
        or an error occurs.

        This non-virtual template wrapper satisfies the `capy::Stream`
        concept by delegating to the virtual `do_read_some`.

        @param buffers The buffer sequence to read data into.

        @return An awaitable yielding `(error_code,std::size_t)`.
    */
    template<capy::MutableBufferSequence Buffers>
    auto read_some(Buffers const& buffers)
    {
        return do_read_some(buffers);
    }

    /** Initiate an asynchronous write operation.

        Encrypts and writes data from the provided buffer sequence.
        The operation completes when at least one byte has been
        written, or an error occurs.

        This non-virtual template wrapper satisfies the `capy::Stream`
        concept by delegating to the virtual `do_write_some`.

        @param buffers The buffer sequence containing data to write.

        @return An awaitable yielding `(error_code,std::size_t)`.
    */
    template<capy::ConstBufferSequence Buffers>
    auto write_some(Buffers const& buffers)
    {
        return do_write_some(buffers);
    }

    /** Perform the TLS handshake asynchronously.

        Initiates the TLS handshake process. For client connections,
        this sends the ClientHello and processes the server's response.
        For server connections, this waits for the ClientHello and
        sends the server's response.

        @param type The type of handshaking to perform (client or server).

        @return An awaitable yielding `(error_code)`.
    */
    virtual capy::io_task<> handshake(handshake_type type) = 0;

    /** Perform a graceful TLS shutdown asynchronously.

        Initiates the TLS shutdown sequence by sending a close_notify
        alert and waiting for the peer's close_notify response.

        @return An awaitable yielding `(error_code)`.
    */
    virtual capy::io_task<> shutdown() = 0;

    /** Reset TLS session state for reuse.

        Releases TLS session state including session keys and peer
        certificates, returning the stream to a state where
        `handshake()` can be called again. Internal memory
        allocations (I/O buffers) are preserved.

        Calling `handshake()` on a previously-used stream
        implicitly performs a reset first, so explicit calls
        are only needed to eagerly release session state.

        @par Preconditions
        No TLS operation (handshake, read, write, shutdown) is
        in progress.

        @par Thread Safety
        Not thread safe. The caller must ensure no concurrent
        operations are in progress on this stream.

        @note If called mid-session before `shutdown()`, pending
            TLS data is discarded and the peer will observe a
            truncated stream.
    */
    virtual void reset() = 0;

    /** Returns a reference to the underlying stream.

        Provides access to the type-erased underlying stream for
        operations like cancellation or accessing native handles.

        @warning Do not reseat (assign to) the returned reference.
            The TLS implementation holds internal state bound to
            the original stream. Replacing it causes undefined
            behavior.

        @return Reference to the wrapped stream.
    */
    virtual capy::any_stream& next_layer() noexcept = 0;

    /** Returns a const reference to the underlying stream.

        @return Const reference to the wrapped stream.
    */
    virtual capy::any_stream const& next_layer() const noexcept = 0;

    /** Returns the name of the TLS backend.

        @return A string identifying the TLS implementation,
            such as "openssl" or "wolfssl".
    */
    virtual std::string_view name() const noexcept = 0;

protected:
    tls_stream() = default;

    /** Virtual read implementation.

        Derived classes override this to perform TLS decryption
        and read operations.

        @param buffers Buffer sequence to read into.

        @return An awaitable yielding `(error_code,std::size_t)`.
    */
    virtual capy::io_task<std::size_t> do_read_some(
        capy::mutable_buffer_array<capy::detail::max_iovec_> buffers) = 0;

    /** Virtual write implementation.

        Derived classes override this to perform TLS encryption
        and write operations.

        @param buffers Buffer sequence to write from.

        @return An awaitable yielding `(error_code,std::size_t)`.
    */
    virtual capy::io_task<std::size_t> do_write_some(
        capy::const_buffer_array<capy::detail::max_iovec_> buffers) = 0;
};

} // namespace boost::corosio

#endif