Botan 3.9.0
Crypto and TLS for C&
Botan::TLS::Session Class Referencefinal

#include <tls_session.h>

Inheritance diagram for Botan::TLS::Session:
Botan::TLS::Session_Base

Public Member Functions

Ciphersuite ciphersuite () const
uint16_t ciphersuite_code () const
secure_vector< uint8_t > DER_encode () const
uint16_t dtls_srtp_profile () const
std::vector< uint8_t > encrypt (const SymmetricKey &key, RandomNumberGenerator &rng) const
secure_vector< uint8_t > extract_master_secret ()
std::chrono::seconds lifetime_hint () const
const secure_vector< uint8_t > & master_secret () const
uint32_t max_early_data_bytes () const
const std::vector< X509_Certificate > & peer_certs () const
std::shared_ptr< const Public_Keypeer_raw_public_key () const
std::string PEM_encode () const
const Server_Informationserver_info () const
 Session (const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
 Session (const secure_vector< uint8_t > &session_psk, const std::optional< uint32_t > &max_early_data_bytes, uint32_t ticket_age_add, std::chrono::seconds lifetime_hint, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Server_Information &server_info, std::chrono::system_clock::time_point current_timestamp)
 Session (secure_vector< uint8_t > &&session_psk, const std::optional< uint32_t > &max_early_data_bytes, std::chrono::seconds lifetime_hint, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Client_Hello_13 &client_hello, const Server_Hello_13 &server_hello, Callbacks &callbacks, RandomNumberGenerator &rng)
BOTAN_FUTURE_EXPLICIT Session (std::span< const uint8_t > ber_data)
 Session (std::string_view pem)
uint32_t session_age_add () const
Connection_Side side () const
std::chrono::system_clock::time_point start_time () const
bool supports_early_data () const
bool supports_encrypt_then_mac () const
bool supports_extended_master_secret () const
Protocol_Version version () const

Static Public Member Functions

static Session decrypt (const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
static Session decrypt (std::span< const uint8_t > ctext, const SymmetricKey &key)

Protected Attributes

uint16_t m_ciphersuite = 0
Connection_Side m_connection_side {}
bool m_encrypt_then_mac = false
bool m_extended_master_secret = false
std::vector< X509_Certificatem_peer_certs
std::shared_ptr< const Public_Keym_peer_raw_public_key
Server_Information m_server_info
uint16_t m_srtp_profile = 0
std::chrono::system_clock::time_point m_start_time
Protocol_Version m_version

Detailed Description

Represents a session's negotiated features along with all resumption information to re-establish a TLS connection later on.

Definition at line 339 of file tls_session.h.

Constructor & Destructor Documentation

◆ Session() [1/5]

Botan::TLS::Session::Session ( const secure_vector< uint8_t > & master_secret,
Protocol_Version version,
uint16_t ciphersuite,
Connection_Side side,
bool supports_extended_master_secret,
bool supports_encrypt_then_mac,
const std::vector< X509_Certificate > & peer_certs,
const Server_Information & server_info,
uint16_t srtp_profile,
std::chrono::system_clock::time_point current_timestamp,
std::chrono::seconds lifetime_hint = std::chrono::seconds::max() )

New TLS 1.2 session (sets session start time)

Definition at line 202 of file tls_session.cpp.

212 :
213 Session_Base(current_timestamp,
214 version,
216 side,
217 srtp_profile,
218 extended_master_secret,
219 encrypt_then_mac,
220 certs,
221 nullptr, // RFC 7250 (raw public keys) is NYI for TLS 1.2
223 m_master_secret(master_secret),
224 m_early_data_allowed(false),
225 m_max_early_data_bytes(0),
226 m_ticket_age_add(0),
227 m_lifetime_hint(lifetime_hint) {
228 BOTAN_ARG_CHECK(version.is_pre_tls_13(), "Instantiated a TLS 1.2 session object with a TLS version newer than 1.2");
229}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Protocol_Version version() const
Connection_Side side() const
Ciphersuite ciphersuite() const
const Server_Information & server_info() const
std::chrono::seconds lifetime_hint() const
const secure_vector< uint8_t > & master_secret() const

References BOTAN_ARG_CHECK, Botan::TLS::Session_Base::ciphersuite(), lifetime_hint(), master_secret(), Botan::TLS::Session_Base::server_info(), Botan::TLS::Session_Base::Session_Base(), Botan::TLS::Session_Base::side(), and Botan::TLS::Session_Base::version().

Referenced by decrypt(), decrypt(), and Session().

◆ Session() [2/5]

Botan::TLS::Session::Session ( const secure_vector< uint8_t > & session_psk,
const std::optional< uint32_t > & max_early_data_bytes,
uint32_t ticket_age_add,
std::chrono::seconds lifetime_hint,
Protocol_Version version,
uint16_t ciphersuite,
Connection_Side side,
const std::vector< X509_Certificate > & peer_certs,
std::shared_ptr< const Public_Key > peer_raw_public_key,
const Server_Information & server_info,
std::chrono::system_clock::time_point current_timestamp )

New TLS 1.3 session (sets session start time)

Definition at line 233 of file tls_session.cpp.

243 :
244 Session_Base(current_timestamp,
245 version,
247 side,
248
249 // TODO: SRTP might become necessary when DTLS 1.3 is being implemented
250 0,
251
252 // RFC 8446 Appendix D
253 // Because TLS 1.3 always hashes in the transcript up to the server
254 // Finished, implementations which support both TLS 1.3 and earlier
255 // versions SHOULD indicate the use of the Extended Master Secret
256 // extension in their APIs whenever TLS 1.3 is used.
257 true,
258
259 // TLS 1.3 uses AEADs, so technically encrypt-then-MAC is not applicable.
260 false,
262 std::move(peer_raw_public_key),
264 m_master_secret(session_psk),
265 m_early_data_allowed(max_early_data_bytes.has_value()),
266 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
267 m_ticket_age_add(ticket_age_add),
268 m_lifetime_hint(lifetime_hint) {
269 BOTAN_ARG_CHECK(!version.is_pre_tls_13(), "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
270}
std::shared_ptr< const Public_Key > peer_raw_public_key() const
const std::vector< X509_Certificate > & peer_certs() const
uint32_t max_early_data_bytes() const

References BOTAN_ARG_CHECK, Botan::TLS::Session_Base::ciphersuite(), lifetime_hint(), max_early_data_bytes(), Botan::TLS::Session_Base::peer_certs(), Botan::TLS::Session_Base::peer_raw_public_key(), Botan::TLS::Session_Base::server_info(), Botan::TLS::Session_Base::Session_Base(), Botan::TLS::Session_Base::side(), and Botan::TLS::Session_Base::version().

◆ Session() [3/5]

Botan::TLS::Session::Session ( secure_vector< uint8_t > && session_psk,
const std::optional< uint32_t > & max_early_data_bytes,
std::chrono::seconds lifetime_hint,
const std::vector< X509_Certificate > & peer_certs,
std::shared_ptr< const Public_Key > peer_raw_public_key,
const Client_Hello_13 & client_hello,
const Server_Hello_13 & server_hello,
Callbacks & callbacks,
RandomNumberGenerator & rng )

Create a new TLS 1.3 session object from server data structures after a successful handshake with a TLS 1.3 client

Definition at line 272 of file tls_session.cpp.

280 :
281 Session_Base(callbacks.tls_current_timestamp(),
282 server_hello.selected_version(),
283 server_hello.ciphersuite(),
285 0,
286 true,
287 false, // see constructor above for rationales
289 std::move(peer_raw_public_key),
290 Server_Information(client_hello.sni_hostname())),
291 m_master_secret(std::move(session_psk)),
292 m_early_data_allowed(max_early_data_bytes.has_value()),
293 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
294 m_ticket_age_add(load_be<uint32_t>(rng.random_vec(4).data(), 0)),
295 m_lifetime_hint(lifetime_hint) {
296 BOTAN_ARG_CHECK(!m_version.is_pre_tls_13(),
297 "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
298}
Protocol_Version m_version
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504

References BOTAN_ARG_CHECK, Botan::TLS::Session_Base::ciphersuite(), lifetime_hint(), Botan::load_be(), Botan::TLS::Session_Base::m_version, max_early_data_bytes(), Botan::TLS::Session_Base::peer_certs(), Botan::TLS::Session_Base::peer_raw_public_key(), and Botan::TLS::Session_Base::Session_Base().

◆ Session() [4/5]

Botan::TLS::Session::Session ( std::span< const uint8_t > ber_data)

Load a session from DER representation (created by DER_encode)

Parameters
ber_dataDER representation buffer

Definition at line 304 of file tls_session.cpp.

304 {
305 uint8_t side_code = 0;
306
307 std::vector<uint8_t> raw_pubkey_or_empty;
308
309 ASN1_String server_hostname;
310 ASN1_String server_service;
311 size_t server_port = 0;
312
313 uint8_t major_version = 0;
314 uint8_t minor_version = 0;
315
316 size_t start_time = 0;
317 size_t srtp_profile = 0;
318 uint16_t ciphersuite_code = 0;
319 uint64_t lifetime_hint = 0;
320
321 BER_Decoder(ber_data.data(), ber_data.size())
322 .start_sequence()
323 .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
324 "Unknown version in serialized TLS session")
325 .decode_integer_type(start_time)
326 .decode_integer_type(major_version)
327 .decode_integer_type(minor_version)
328 .decode_integer_type(ciphersuite_code)
329 .decode_integer_type(side_code)
331 .decode(m_encrypt_then_mac)
332 .decode(m_master_secret, ASN1_Type::OctetString)
333 .decode_list<X509_Certificate>(m_peer_certs)
334 .decode(raw_pubkey_or_empty, ASN1_Type::OctetString)
335 .decode(server_hostname)
336 .decode(server_service)
337 .decode(server_port)
338 .decode(srtp_profile)
339 .decode(m_early_data_allowed)
340 .decode_integer_type(m_max_early_data_bytes)
341 .decode_integer_type(m_ticket_age_add)
342 .decode_integer_type(lifetime_hint)
343 .end_cons()
344 .verify_end();
345
347 throw Decoding_Error(
348 "Serialized TLS session contains unknown cipher suite "
349 "(" +
350 std::to_string(ciphersuite_code) + ")");
351 }
352
354 m_version = Protocol_Version(major_version, minor_version);
355 m_start_time = std::chrono::system_clock::from_time_t(start_time);
356 m_connection_side = static_cast<Connection_Side>(side_code);
357 m_srtp_profile = static_cast<uint16_t>(srtp_profile);
358
360 Server_Information(server_hostname.value(), server_service.value(), static_cast<uint16_t>(server_port));
361
362 if(!raw_pubkey_or_empty.empty()) {
363 m_peer_raw_public_key = X509::load_key(raw_pubkey_or_empty);
364 }
365
366 m_lifetime_hint = std::chrono::seconds(lifetime_hint);
367}
static std::optional< Ciphersuite > by_id(uint16_t suite)
std::vector< X509_Certificate > m_peer_certs
std::chrono::system_clock::time_point m_start_time
Server_Information m_server_info
std::chrono::system_clock::time_point start_time() const
uint16_t ciphersuite_code() const
std::shared_ptr< const Public_Key > m_peer_raw_public_key
Connection_Side m_connection_side
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28

References Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Session_Base::ciphersuite_code(), Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_and_check(), Botan::BER_Decoder::decode_integer_type(), Botan::BER_Decoder::decode_list(), lifetime_hint(), Botan::X509::load_key(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::OctetString, Botan::BER_Decoder::start_sequence(), Botan::TLS::Session_Base::start_time(), and Botan::ASN1_String::value().

◆ Session() [5/5]

Botan::TLS::Session::Session ( std::string_view pem)
explicit

Load a session from PEM representation (created by PEM_encode)

Parameters
pemPEM representation

Definition at line 302 of file tls_session.cpp.

302: Session(PEM_Code::decode_check_label(pem, "TLS SESSION")) {}
Session(const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49

References Session().

Member Function Documentation

◆ ciphersuite()

Ciphersuite Botan::TLS::Session_Base::ciphersuite ( ) const
inherited

Get the ciphersuite info of the negotiated TLS session

Definition at line 86 of file tls_session.cpp.

86 {
88 if(!suite.has_value()) {
89 throw Decoding_Error("Failed to find cipher suite for ID " + std::to_string(m_ciphersuite));
90 }
91 return suite.value();
92}

References Botan::TLS::Ciphersuite::by_id(), and m_ciphersuite.

Referenced by Botan::TLS::Session_Summary::cipher_algo(), Botan::TLS::Session_Summary::mac_algo(), Botan::TLS::Session_Summary::prf_algo(), Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), and Session_Base().

◆ ciphersuite_code()

uint16_t Botan::TLS::Session_Base::ciphersuite_code ( ) const
inlineinherited

Get the ciphersuite code of the negotiated TLS session

Definition at line 180 of file tls_session.h.

180{ return m_ciphersuite; }

References m_ciphersuite.

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Session::Session().

◆ decrypt() [1/2]

Session Botan::TLS::Session::decrypt ( const uint8_t ctext[],
size_t ctext_size,
const SymmetricKey & key )
inlinestatic

Decrypt a session created by encrypt

Parameters
ctextthe ciphertext returned by encrypt
ctext_sizethe size of ctext in bytes
keythe same key used by the encrypting side

Definition at line 419 of file tls_session.h.

419 {
420 return Session::decrypt(std::span(ctext, ctext_size), key);
421 }
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)

References decrypt(), and Session().

Referenced by decrypt(), Botan::TLS::Session_Manager_SQL::find_some(), Botan::TLS::Session_Manager_SQL::retrieve_one(), and Botan::TLS::Session_Manager_Stateless::retrieve_one().

◆ decrypt() [2/2]

Session Botan::TLS::Session::decrypt ( std::span< const uint8_t > ctext,
const SymmetricKey & key )
static

Decrypt a session created by encrypt

Parameters
ctextthe ciphertext returned by encrypt
keythe same key used by the encrypting side

Definition at line 475 of file tls_session.cpp.

475 {
476 try {
477 const size_t min_session_size = 48 + 4; // serious under-estimate
478 if(in.size() < TLS_SESSION_CRYPT_OVERHEAD + min_session_size) {
479 throw Decoding_Error("Encrypted session too short to be valid");
480 }
481
482 BufferSlicer sub(in);
483 const auto* const magic = sub.take(TLS_SESSION_CRYPT_MAGIC_LEN).data();
484 const auto* const key_name = sub.take(TLS_SESSION_CRYPT_KEY_NAME_LEN).data();
485 const auto* const key_seed = sub.take(TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN).data();
486 const auto* const aead_nonce = sub.take(TLS_SESSION_CRYPT_AEAD_NONCE_LEN).data();
487 auto ctext = sub.copy_as_secure_vector(sub.remaining());
488
489 if(load_be<uint64_t>(magic, 0) != TLS_SESSION_CRYPT_MAGIC) {
490 throw Decoding_Error("Missing expected magic numbers");
491 }
492
493 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
494 hmac->set_key(key);
495
496 // First derive and check the "key name"
497 std::vector<uint8_t> cmp_key_name(hmac->output_length());
498 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
499 hmac->final(cmp_key_name.data());
500
501 if(CT::is_equal(cmp_key_name.data(), key_name, TLS_SESSION_CRYPT_KEY_NAME_LEN).as_bool() == false) {
502 throw Decoding_Error("Wrong key name for encrypted session");
503 }
504
505 hmac->update(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
506 const secure_vector<uint8_t> aead_key = hmac->final();
507
508 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Decryption);
509 aead->set_key(aead_key);
510 aead->set_associated_data(in.data(), TLS_SESSION_CRYPT_HDR_LEN);
511 aead->start(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
512 aead->finish(ctext, 0);
513 return Session(ctext);
514 } catch(std::exception& e) {
515 throw Decoding_Error("Failed to decrypt serialized TLS session: " + std::string(e.what()));
516 }
517}
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:44
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:148
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:826
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69

References Botan::BufferSlicer::copy_as_secure_vector(), Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::CT::is_equal(), Botan::load_be(), Botan::BufferSlicer::remaining(), Session(), and Botan::BufferSlicer::take().

◆ DER_encode()

secure_vector< uint8_t > Botan::TLS::Session::DER_encode ( ) const

Encode this session data for storage

Warning
if the master secret is compromised so is the session traffic

Definition at line 369 of file tls_session.cpp.

369 {
370 const auto raw_pubkey_or_empty =
371 m_peer_raw_public_key ? m_peer_raw_public_key->subject_public_key() : std::vector<uint8_t>{};
372
373 return DER_Encoder()
374 .start_sequence()
375 .encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
376 .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
377 .encode(static_cast<size_t>(m_version.major_version()))
378 .encode(static_cast<size_t>(m_version.minor_version()))
379 .encode(static_cast<size_t>(m_ciphersuite))
380 .encode(static_cast<size_t>(m_connection_side))
382 .encode(m_encrypt_then_mac)
383 .encode(m_master_secret, ASN1_Type::OctetString)
384 .start_sequence()
385 .encode_list(m_peer_certs)
386 .end_cons()
387 .encode(raw_pubkey_or_empty, ASN1_Type::OctetString)
388 .encode(ASN1_String(m_server_info.hostname(), ASN1_Type::Utf8String))
389 .encode(ASN1_String(m_server_info.service(), ASN1_Type::Utf8String))
390 .encode(static_cast<size_t>(m_server_info.port()))
391 .encode(static_cast<size_t>(m_srtp_profile))
392
393 // the fields below were introduced for TLS 1.3 session tickets
394 .encode(m_early_data_allowed)
395 .encode(static_cast<size_t>(m_max_early_data_bytes))
396 .encode(static_cast<size_t>(m_ticket_age_add))
397 .encode(static_cast<size_t>(m_lifetime_hint.count()))
398 .end_cons()
399 .get_contents();
400}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::encode_list(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::OctetString, Botan::DER_Encoder::start_sequence(), and Botan::Utf8String.

Referenced by encrypt(), and PEM_encode().

◆ dtls_srtp_profile()

uint16_t Botan::TLS::Session_Base::dtls_srtp_profile ( ) const
inlineinherited

Get the negotiated DTLS-SRTP algorithm (RFC 5764)

Definition at line 195 of file tls_session.h.

195{ return m_srtp_profile; }

References m_srtp_profile.

◆ encrypt()

std::vector< uint8_t > Botan::TLS::Session::encrypt ( const SymmetricKey & key,
RandomNumberGenerator & rng ) const

Encrypt a session (useful for serialization or session tickets)

Definition at line 432 of file tls_session.cpp.

432 {
433 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
434 hmac->set_key(key);
435
436 // First derive the "key name"
437 std::vector<uint8_t> key_name(hmac->output_length());
438 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
439 hmac->final(key_name.data());
440 key_name.resize(TLS_SESSION_CRYPT_KEY_NAME_LEN);
441
442 std::vector<uint8_t> aead_nonce;
443 std::vector<uint8_t> key_seed;
444
445 rng.random_vec(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
446 rng.random_vec(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
447
448 hmac->update(key_seed);
449 const secure_vector<uint8_t> aead_key = hmac->final();
450
451 secure_vector<uint8_t> bits = this->DER_encode();
452
453 // create the header
454 std::vector<uint8_t> buf;
455 buf.reserve(TLS_SESSION_CRYPT_OVERHEAD + bits.size());
456 buf.resize(TLS_SESSION_CRYPT_MAGIC_LEN);
457 store_be(TLS_SESSION_CRYPT_MAGIC, &buf[0]); // NOLINT(*container-data-pointer)
458 buf += key_name;
459 buf += key_seed;
460 buf += aead_nonce;
461
462 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Encryption);
463 BOTAN_ASSERT_NOMSG(aead->valid_nonce_length(TLS_SESSION_CRYPT_AEAD_NONCE_LEN));
464 BOTAN_ASSERT_NOMSG(aead->tag_size() == TLS_SESSION_CRYPT_AEAD_TAG_SIZE);
465 aead->set_key(aead_key);
466 aead->set_associated_data(buf);
467 aead->start(aead_nonce);
468 aead->finish(bits, 0);
469
470 // append the ciphertext
471 buf += bits;
472 return buf;
473}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
secure_vector< uint8_t > DER_encode() const
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745

References BOTAN_ASSERT_NOMSG, Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), DER_encode(), Botan::Encryption, Botan::RandomNumberGenerator::random_vec(), and Botan::store_be().

Referenced by Botan::TLS::Session_Manager_Stateless::establish(), and Botan::TLS::Session_Manager_SQL::store().

◆ extract_master_secret()

secure_vector< uint8_t > Botan::TLS::Session::extract_master_secret ( )

Get the contained master secret as a moved-out object

Definition at line 406 of file tls_session.cpp.

406 {
407 BOTAN_STATE_CHECK(!m_master_secret.empty());
408 return std::exchange(m_master_secret, {});
409}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49

References BOTAN_STATE_CHECK.

◆ lifetime_hint()

std::chrono::seconds Botan::TLS::Session::lifetime_hint ( ) const
inline
Returns
the lifetime of the ticket as defined by the TLS server

Definition at line 465 of file tls_session.h.

465{ return m_lifetime_hint; }

Referenced by Session(), Session(), Session(), Session(), and Botan::TLS::Callbacks::tls_should_persist_resumption_information().

◆ master_secret()

const secure_vector< uint8_t > & Botan::TLS::Session::master_secret ( ) const
inline

Get a reference to the contained master secret

Definition at line 440 of file tls_session.h.

440{ return m_master_secret; }

Referenced by Session().

◆ max_early_data_bytes()

uint32_t Botan::TLS::Session::max_early_data_bytes ( ) const
inline

Return the number of bytes allowed for 0-RTT early data

Definition at line 460 of file tls_session.h.

460{ return m_max_early_data_bytes; }

Referenced by Session(), and Session().

◆ peer_certs()

const std::vector< X509_Certificate > & Botan::TLS::Session_Base::peer_certs ( ) const
inlineinherited

Return the certificate chain of the peer (possibly empty)

Definition at line 212 of file tls_session.h.

212{ return m_peer_certs; }

References m_peer_certs.

Referenced by Botan::TLS::Session_Summary::Client_Impl_13, Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), and Session_Base().

◆ peer_raw_public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Session_Base::peer_raw_public_key ( ) const
inlineinherited

Return the raw public key of the peer (possibly empty)

Definition at line 217 of file tls_session.h.

217{ return m_peer_raw_public_key; }

References m_peer_raw_public_key.

Referenced by Botan::TLS::Session_Summary::Client_Impl_13, Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), and Session_Base().

◆ PEM_encode()

std::string Botan::TLS::Session::PEM_encode ( ) const

Encode this session data for storage

Warning
if the master secret is compromised so is the session traffic

Definition at line 402 of file tls_session.cpp.

402 {
403 return PEM_Code::encode(this->DER_encode(), "TLS SESSION");
404}
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References DER_encode(), and Botan::PEM_Code::encode().

◆ server_info()

const Server_Information & Botan::TLS::Session_Base::server_info ( ) const
inlineinherited

Get information about the TLS server

Returns information that identifies the server side of the connection. This is useful for the client in that it identifies what was originally passed to the constructor. For the server, it includes the name the client specified in the server name indicator extension.

Definition at line 227 of file tls_session.h.

227{ return m_server_info; }

References m_server_info.

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Session_Summary::Client_Impl_13, Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), Session_Base(), and Botan::TLS::Session_Manager_SQL::store().

◆ session_age_add()

uint32_t Botan::TLS::Session::session_age_add ( ) const
inline

Return the ticket obfuscation adder

Definition at line 455 of file tls_session.h.

455{ return m_ticket_age_add; }

◆ side()

Connection_Side Botan::TLS::Session_Base::side ( ) const
inlineinherited

◆ start_time()

std::chrono::system_clock::time_point Botan::TLS::Session_Base::start_time ( ) const
inlineinherited

Get the wall clock time this session began

Definition at line 170 of file tls_session.h.

170{ return m_start_time; }

References m_start_time.

Referenced by Botan::TLS::Session::Session(), Session_Base(), and Botan::TLS::Session_Manager_SQL::store().

◆ supports_early_data()

bool Botan::TLS::Session::supports_early_data ( ) const
inline

Get whether the saved session supports sending/receiving of early data

Definition at line 450 of file tls_session.h.

450{ return m_early_data_allowed; }

◆ supports_encrypt_then_mac()

bool Botan::TLS::Session_Base::supports_encrypt_then_mac ( ) const
inlineinherited

Returns true if a TLS 1.2 session negotiated "encrypt then MAC"; TLS 1.3 sessions will always return false as they always use an AEAD.

Definition at line 201 of file tls_session.h.

201{ return m_encrypt_then_mac; }

References m_encrypt_then_mac.

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().

◆ supports_extended_master_secret()

bool Botan::TLS::Session_Base::supports_extended_master_secret ( ) const
inlineinherited

Returns true if a TLS 1.2 session negotiated "extended master secret"; TLS 1.3 sessions will always return true (see RFC 8446 Appendix D).

Definition at line 207 of file tls_session.h.

207{ return m_extended_master_secret; }

References m_extended_master_secret.

◆ version()

Member Data Documentation

◆ m_ciphersuite

uint16_t Botan::TLS::Session_Base::m_ciphersuite = 0
protectedinherited

◆ m_connection_side

Connection_Side Botan::TLS::Session_Base::m_connection_side {}
protectedinherited

Definition at line 234 of file tls_session.h.

234{}; // NOLINT(*non-private-member-variable*)

Referenced by Botan::TLS::Session::DER_encode(), Botan::TLS::Session::Session(), Session_Base(), and side().

◆ m_encrypt_then_mac

bool Botan::TLS::Session_Base::m_encrypt_then_mac = false
protectedinherited

◆ m_extended_master_secret

bool Botan::TLS::Session_Base::m_extended_master_secret = false
protectedinherited

◆ m_peer_certs

std::vector<X509_Certificate> Botan::TLS::Session_Base::m_peer_certs
protectedinherited

◆ m_peer_raw_public_key

std::shared_ptr<const Public_Key> Botan::TLS::Session_Base::m_peer_raw_public_key
protectedinherited

◆ m_server_info

Server_Information Botan::TLS::Session_Base::m_server_info
protectedinherited

◆ m_srtp_profile

uint16_t Botan::TLS::Session_Base::m_srtp_profile = 0
protectedinherited

◆ m_start_time

std::chrono::system_clock::time_point Botan::TLS::Session_Base::m_start_time
protectedinherited

◆ m_version

Protocol_Version Botan::TLS::Session_Base::m_version
protectedinherited

The documentation for this class was generated from the following files: