Botan 3.4.0
Crypto and TLS for C&
|
#include <tls_session.h>
Public Member Functions | |
Ciphersuite | ciphersuite () const |
uint16_t | ciphersuite_code () const |
secure_vector< uint8_t > | DER_encode () const |
uint16_t | dtls_srtp_profile () const |
std::vector< uint8_t > | encrypt (const SymmetricKey &key, RandomNumberGenerator &rng) const |
secure_vector< uint8_t > | extract_master_secret () |
std::chrono::seconds | lifetime_hint () const |
const secure_vector< uint8_t > & | master_secret () const |
uint32_t | max_early_data_bytes () const |
const std::vector< X509_Certificate > & | peer_certs () const |
std::shared_ptr< const Public_Key > | peer_raw_public_key () const |
std::string | PEM_encode () const |
const Server_Information & | server_info () const |
Session (const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max()) | |
Session (const secure_vector< uint8_t > &session_psk, const std::optional< uint32_t > &max_early_data_bytes, uint32_t ticket_age_add, std::chrono::seconds lifetime_hint, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Server_Information &server_info, std::chrono::system_clock::time_point current_timestamp) | |
Session (secure_vector< uint8_t > &&session_psk, const std::optional< uint32_t > &max_early_data_bytes, std::chrono::seconds lifetime_hint, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Client_Hello_13 &client_hello, const Server_Hello_13 &server_hello, Callbacks &callbacks, RandomNumberGenerator &rng) | |
Session (std::span< const uint8_t > ber_data) | |
Session (std::string_view pem) | |
uint32_t | session_age_add () const |
Connection_Side | side () const |
std::chrono::system_clock::time_point | start_time () const |
bool | supports_early_data () const |
bool | supports_encrypt_then_mac () const |
bool | supports_extended_master_secret () const |
Protocol_Version | version () const |
Static Public Member Functions | |
static Session | decrypt (const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key) |
static Session | decrypt (std::span< const uint8_t > ctext, const SymmetricKey &key) |
Protected Attributes | |
uint16_t | m_ciphersuite |
Connection_Side | m_connection_side |
bool | m_encrypt_then_mac |
bool | m_extended_master_secret |
std::vector< X509_Certificate > | m_peer_certs |
std::shared_ptr< const Public_Key > | m_peer_raw_public_key |
Server_Information | m_server_info |
uint16_t | m_srtp_profile |
std::chrono::system_clock::time_point | m_start_time |
Protocol_Version | m_version |
Represents a session's negotiated features along with all resumption information to re-establish a TLS connection later on.
Definition at line 328 of file tls_session.h.
Botan::TLS::Session::Session | ( | const secure_vector< uint8_t > & | master_secret, |
Protocol_Version | version, | ||
uint16_t | ciphersuite, | ||
Connection_Side | side, | ||
bool | supports_extended_master_secret, | ||
bool | supports_encrypt_then_mac, | ||
const std::vector< X509_Certificate > & | peer_certs, | ||
const Server_Information & | server_info, | ||
uint16_t | srtp_profile, | ||
std::chrono::system_clock::time_point | current_timestamp, | ||
std::chrono::seconds | lifetime_hint = std::chrono::seconds::max() ) |
New TLS 1.2 session (sets session start time)
Definition at line 178 of file tls_session.cpp.
References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::version().
Referenced by decrypt().
Botan::TLS::Session::Session | ( | const secure_vector< uint8_t > & | session_psk, |
const std::optional< uint32_t > & | max_early_data_bytes, | ||
uint32_t | ticket_age_add, | ||
std::chrono::seconds | lifetime_hint, | ||
Protocol_Version | version, | ||
uint16_t | ciphersuite, | ||
Connection_Side | side, | ||
const std::vector< X509_Certificate > & | peer_certs, | ||
std::shared_ptr< const Public_Key > | peer_raw_public_key, | ||
const Server_Information & | server_info, | ||
std::chrono::system_clock::time_point | current_timestamp ) |
New TLS 1.3 session (sets session start time)
Definition at line 209 of file tls_session.cpp.
References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::version().
Botan::TLS::Session::Session | ( | secure_vector< uint8_t > && | session_psk, |
const std::optional< uint32_t > & | max_early_data_bytes, | ||
std::chrono::seconds | lifetime_hint, | ||
const std::vector< X509_Certificate > & | peer_certs, | ||
std::shared_ptr< const Public_Key > | peer_raw_public_key, | ||
const Client_Hello_13 & | client_hello, | ||
const Server_Hello_13 & | server_hello, | ||
Callbacks & | callbacks, | ||
RandomNumberGenerator & | rng ) |
Create a new TLS 1.3 session object from server data structures after a successful handshake with a TLS 1.3 client
Definition at line 248 of file tls_session.cpp.
References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::m_version.
Botan::TLS::Session::Session | ( | std::span< const uint8_t > | ber_data | ) |
Load a session from DER representation (created by DER_encode)
ber_data | DER representation buffer |
Definition at line 280 of file tls_session.cpp.
References Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Session_Base::ciphersuite_code(), Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_and_check(), Botan::BER_Decoder::decode_integer_type(), Botan::BER_Decoder::decode_list(), lifetime_hint(), Botan::X509::load_key(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::OctetString, Botan::BER_Decoder::start_sequence(), Botan::TLS::Session_Base::start_time(), and Botan::ASN1_String::value().
|
explicit |
Load a session from PEM representation (created by PEM_encode)
pem | PEM representation |
Definition at line 278 of file tls_session.cpp.
|
inherited |
Get the ciphersuite info of the negotiated TLS session
Definition at line 86 of file tls_session.cpp.
References Botan::TLS::Ciphersuite::by_id(), and Botan::TLS::Session_Base::m_ciphersuite.
Referenced by Botan::TLS::Server_Hello_12::Server_Hello_12().
|
inlineinherited |
Get the ciphersuite code of the negotiated TLS session
Definition at line 177 of file tls_session.h.
Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and Session().
|
inlinestatic |
Decrypt a session created by encrypt
ctext | the ciphertext returned by encrypt |
ctext_size | the size of ctext in bytes |
key | the same key used by the encrypting side |
Definition at line 408 of file tls_session.h.
Referenced by Botan::TLS::Session_Manager_SQL::find_some(), Botan::TLS::Session_Manager_SQL::retrieve_one(), and Botan::TLS::Session_Manager_Stateless::retrieve_one().
|
static |
Decrypt a session created by encrypt
ctext | the ciphertext returned by encrypt |
key | the same key used by the encrypting side |
Definition at line 450 of file tls_session.cpp.
References Botan::BufferSlicer::copy_as_secure_vector(), Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::CT::is_equal(), Botan::BufferSlicer::remaining(), Session(), and Botan::BufferSlicer::take().
secure_vector< uint8_t > Botan::TLS::Session::DER_encode | ( | ) | const |
Encode this session data for storage
Definition at line 344 of file tls_session.cpp.
References Botan::DER_Encoder::encode(), Botan::DER_Encoder::encode_list(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::TLS::Server_Information::hostname(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), Botan::OctetString, Botan::TLS::Server_Information::port(), Botan::TLS::Server_Information::service(), Botan::DER_Encoder::start_sequence(), and Botan::Utf8String.
Referenced by encrypt(), and PEM_encode().
|
inlineinherited |
std::vector< uint8_t > Botan::TLS::Session::encrypt | ( | const SymmetricKey & | key, |
RandomNumberGenerator & | rng ) const |
Encrypt a session (useful for serialization or session tickets)
Definition at line 407 of file tls_session.cpp.
References BOTAN_ASSERT_NOMSG, Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), DER_encode(), Botan::Encryption, Botan::RandomNumberGenerator::random_vec(), and Botan::store_be().
Referenced by Botan::TLS::Session_Manager_Stateless::establish(), and Botan::TLS::Session_Manager_SQL::store().
secure_vector< uint8_t > Botan::TLS::Session::extract_master_secret | ( | ) |
Get the contained master secret as a moved-out object
Definition at line 381 of file tls_session.cpp.
References BOTAN_STATE_CHECK.
|
inline |
Definition at line 454 of file tls_session.h.
Referenced by Session(), and Botan::TLS::Callbacks::tls_should_persist_resumption_information().
|
inline |
Get a reference to the contained master secret
Definition at line 429 of file tls_session.h.
|
inline |
Return the number of bytes allowed for 0-RTT early data
Definition at line 449 of file tls_session.h.
|
inlineinherited |
Return the certificate chain of the peer (possibly empty)
Definition at line 209 of file tls_session.h.
|
inlineinherited |
Return the raw public key of the peer (possibly empty)
Definition at line 214 of file tls_session.h.
std::string Botan::TLS::Session::PEM_encode | ( | ) | const |
Encode this session data for storage
Definition at line 377 of file tls_session.cpp.
References DER_encode(), and Botan::PEM_Code::encode().
|
inlineinherited |
Get information about the TLS server
Definition at line 219 of file tls_session.h.
Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Session_Manager_SQL::store().
|
inline |
Return the ticket obfuscation adder
Definition at line 444 of file tls_session.h.
|
inlineinherited |
Get which side of the connection we are/were acting as.
Definition at line 187 of file tls_session.h.
Referenced by Botan::TLS::Session_Manager::establish(), and Botan::TLS::Session_Manager_Stateless::establish().
|
inlineinherited |
Get the wall clock time this session began
Definition at line 167 of file tls_session.h.
Referenced by Session(), and Botan::TLS::Session_Manager_SQL::store().
|
inline |
Get whether the saved session supports sending/receiving of early data
Definition at line 439 of file tls_session.h.
|
inlineinherited |
Returns true if a TLS 1.2 session negotiated "encrypt then MAC"; TLS 1.3 sessions will always return false as they always use an AEAD.
Definition at line 198 of file tls_session.h.
Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().
|
inlineinherited |
Returns true if a TLS 1.2 session negotiated "extended master secret"; TLS 1.3 sessions will always return true (see RFC 8446 Appendix D).
Definition at line 204 of file tls_session.h.
|
inlineinherited |
Get the negotiated protocol version of the TLS session
Definition at line 172 of file tls_session.h.
Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Session_Manager_Hybrid::establish(), Botan::TLS::Channel_Impl::request_downgrade_for_resumption(), Session(), Session(), and Botan::TLS::Callbacks::tls_should_persist_resumption_information().
|
protectedinherited |
Definition at line 225 of file tls_session.h.
Referenced by Botan::TLS::Session_Base::ciphersuite(), DER_encode(), and Session().
|
protectedinherited |
Definition at line 226 of file tls_session.h.
Referenced by DER_encode(), and Session().
|
protectedinherited |
Definition at line 230 of file tls_session.h.
Referenced by DER_encode(), and Session().
|
protectedinherited |
Definition at line 229 of file tls_session.h.
Referenced by DER_encode(), and Session().
|
protectedinherited |
Definition at line 232 of file tls_session.h.
Referenced by DER_encode(), and Session().
|
protectedinherited |
Definition at line 233 of file tls_session.h.
Referenced by DER_encode(), and Session().
|
protectedinherited |
Definition at line 234 of file tls_session.h.
Referenced by DER_encode(), and Session().
|
protectedinherited |
Definition at line 227 of file tls_session.h.
Referenced by DER_encode(), and Session().
|
protectedinherited |
Definition at line 222 of file tls_session.h.
Referenced by DER_encode(), and Session().
|
protectedinherited |
Definition at line 224 of file tls_session.h.
Referenced by DER_encode(), Session(), and Session().