Botan 3.8.1
Crypto and TLS for C&
|
#include <tls_session.h>
Public Member Functions | |
Ciphersuite | ciphersuite () const |
uint16_t | ciphersuite_code () const |
secure_vector< uint8_t > | DER_encode () const |
uint16_t | dtls_srtp_profile () const |
std::vector< uint8_t > | encrypt (const SymmetricKey &key, RandomNumberGenerator &rng) const |
secure_vector< uint8_t > | extract_master_secret () |
std::chrono::seconds | lifetime_hint () const |
const secure_vector< uint8_t > & | master_secret () const |
uint32_t | max_early_data_bytes () const |
const std::vector< X509_Certificate > & | peer_certs () const |
std::shared_ptr< const Public_Key > | peer_raw_public_key () const |
std::string | PEM_encode () const |
const Server_Information & | server_info () const |
Session (const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max()) | |
Session (const secure_vector< uint8_t > &session_psk, const std::optional< uint32_t > &max_early_data_bytes, uint32_t ticket_age_add, std::chrono::seconds lifetime_hint, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Server_Information &server_info, std::chrono::system_clock::time_point current_timestamp) | |
Session (secure_vector< uint8_t > &&session_psk, const std::optional< uint32_t > &max_early_data_bytes, std::chrono::seconds lifetime_hint, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Client_Hello_13 &client_hello, const Server_Hello_13 &server_hello, Callbacks &callbacks, RandomNumberGenerator &rng) | |
Session (std::span< const uint8_t > ber_data) | |
Session (std::string_view pem) | |
uint32_t | session_age_add () const |
Connection_Side | side () const |
std::chrono::system_clock::time_point | start_time () const |
bool | supports_early_data () const |
bool | supports_encrypt_then_mac () const |
bool | supports_extended_master_secret () const |
Protocol_Version | version () const |
Static Public Member Functions | |
static Session | decrypt (const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key) |
static Session | decrypt (std::span< const uint8_t > ctext, const SymmetricKey &key) |
Protected Attributes | |
uint16_t | m_ciphersuite |
Connection_Side | m_connection_side |
bool | m_encrypt_then_mac |
bool | m_extended_master_secret |
std::vector< X509_Certificate > | m_peer_certs |
std::shared_ptr< const Public_Key > | m_peer_raw_public_key |
Server_Information | m_server_info |
uint16_t | m_srtp_profile |
std::chrono::system_clock::time_point | m_start_time |
Protocol_Version | m_version |
Represents a session's negotiated features along with all resumption information to re-establish a TLS connection later on.
Definition at line 335 of file tls_session.h.
Botan::TLS::Session::Session | ( | const secure_vector< uint8_t > & | master_secret, |
Protocol_Version | version, | ||
uint16_t | ciphersuite, | ||
Connection_Side | side, | ||
bool | supports_extended_master_secret, | ||
bool | supports_encrypt_then_mac, | ||
const std::vector< X509_Certificate > & | peer_certs, | ||
const Server_Information & | server_info, | ||
uint16_t | srtp_profile, | ||
std::chrono::system_clock::time_point | current_timestamp, | ||
std::chrono::seconds | lifetime_hint = std::chrono::seconds::max() ) |
New TLS 1.2 session (sets session start time)
Definition at line 202 of file tls_session.cpp.
References BOTAN_ARG_CHECK, Botan::TLS::Session_Base::ciphersuite(), lifetime_hint(), master_secret(), Botan::TLS::Session_Base::server_info(), Botan::TLS::Session_Base::Session_Base(), Botan::TLS::Session_Base::side(), and Botan::TLS::Session_Base::version().
Botan::TLS::Session::Session | ( | const secure_vector< uint8_t > & | session_psk, |
const std::optional< uint32_t > & | max_early_data_bytes, | ||
uint32_t | ticket_age_add, | ||
std::chrono::seconds | lifetime_hint, | ||
Protocol_Version | version, | ||
uint16_t | ciphersuite, | ||
Connection_Side | side, | ||
const std::vector< X509_Certificate > & | peer_certs, | ||
std::shared_ptr< const Public_Key > | peer_raw_public_key, | ||
const Server_Information & | server_info, | ||
std::chrono::system_clock::time_point | current_timestamp ) |
New TLS 1.3 session (sets session start time)
Definition at line 233 of file tls_session.cpp.
References BOTAN_ARG_CHECK, Botan::TLS::Session_Base::ciphersuite(), lifetime_hint(), max_early_data_bytes(), Botan::TLS::Session_Base::peer_certs(), Botan::TLS::Session_Base::peer_raw_public_key(), Botan::TLS::Session_Base::server_info(), Botan::TLS::Session_Base::Session_Base(), Botan::TLS::Session_Base::side(), and Botan::TLS::Session_Base::version().
Botan::TLS::Session::Session | ( | secure_vector< uint8_t > && | session_psk, |
const std::optional< uint32_t > & | max_early_data_bytes, | ||
std::chrono::seconds | lifetime_hint, | ||
const std::vector< X509_Certificate > & | peer_certs, | ||
std::shared_ptr< const Public_Key > | peer_raw_public_key, | ||
const Client_Hello_13 & | client_hello, | ||
const Server_Hello_13 & | server_hello, | ||
Callbacks & | callbacks, | ||
RandomNumberGenerator & | rng ) |
Create a new TLS 1.3 session object from server data structures after a successful handshake with a TLS 1.3 client
Definition at line 272 of file tls_session.cpp.
References BOTAN_ARG_CHECK, Botan::TLS::Session_Base::ciphersuite(), lifetime_hint(), Botan::load_be(), Botan::TLS::Session_Base::m_version, max_early_data_bytes(), Botan::TLS::Session_Base::peer_certs(), Botan::TLS::Session_Base::peer_raw_public_key(), and Botan::TLS::Session_Base::Session_Base().
Botan::TLS::Session::Session | ( | std::span< const uint8_t > | ber_data | ) |
Load a session from DER representation (created by DER_encode)
ber_data | DER representation buffer |
Definition at line 304 of file tls_session.cpp.
References Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Session_Base::ciphersuite_code(), Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_and_check(), Botan::BER_Decoder::decode_integer_type(), Botan::BER_Decoder::decode_list(), lifetime_hint(), Botan::X509::load_key(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::OctetString, Botan::BER_Decoder::start_sequence(), Botan::TLS::Session_Base::start_time(), and Botan::ASN1_String::value().
|
explicit |
Load a session from PEM representation (created by PEM_encode)
pem | PEM representation |
Definition at line 302 of file tls_session.cpp.
References Session().
|
inherited |
Get the ciphersuite info of the negotiated TLS session
Definition at line 86 of file tls_session.cpp.
References Botan::TLS::Ciphersuite::by_id(), and m_ciphersuite.
Referenced by Botan::TLS::Session_Summary::cipher_algo(), Botan::TLS::Session_Summary::mac_algo(), Botan::TLS::Session_Summary::prf_algo(), Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), and Session_Base().
|
inlineinherited |
Get the ciphersuite code of the negotiated TLS session
Definition at line 176 of file tls_session.h.
References m_ciphersuite.
Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Session::Session().
|
inlinestatic |
Decrypt a session created by encrypt
ctext | the ciphertext returned by encrypt |
ctext_size | the size of ctext in bytes |
key | the same key used by the encrypting side |
Definition at line 415 of file tls_session.h.
References decrypt(), and Session().
Referenced by decrypt(), Botan::TLS::Session_Manager_SQL::find_some(), Botan::TLS::Session_Manager_SQL::retrieve_one(), and Botan::TLS::Session_Manager_Stateless::retrieve_one().
|
static |
Decrypt a session created by encrypt
ctext | the ciphertext returned by encrypt |
key | the same key used by the encrypting side |
Definition at line 474 of file tls_session.cpp.
References Botan::BufferSlicer::copy_as_secure_vector(), Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::CT::is_equal(), Botan::load_be(), Botan::BufferSlicer::remaining(), Session(), and Botan::BufferSlicer::take().
secure_vector< uint8_t > Botan::TLS::Session::DER_encode | ( | ) | const |
Encode this session data for storage
Definition at line 368 of file tls_session.cpp.
References Botan::DER_Encoder::encode(), Botan::DER_Encoder::encode_list(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::OctetString, Botan::DER_Encoder::start_sequence(), and Botan::Utf8String.
Referenced by encrypt(), and PEM_encode().
|
inlineinherited |
Get the negotiated DTLS-SRTP algorithm (RFC 5764)
Definition at line 191 of file tls_session.h.
References m_srtp_profile.
std::vector< uint8_t > Botan::TLS::Session::encrypt | ( | const SymmetricKey & | key, |
RandomNumberGenerator & | rng ) const |
Encrypt a session (useful for serialization or session tickets)
Definition at line 431 of file tls_session.cpp.
References BOTAN_ASSERT_NOMSG, Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), DER_encode(), Botan::Encryption, Botan::RandomNumberGenerator::random_vec(), and Botan::store_be().
Referenced by Botan::TLS::Session_Manager_Stateless::establish(), and Botan::TLS::Session_Manager_SQL::store().
secure_vector< uint8_t > Botan::TLS::Session::extract_master_secret | ( | ) |
Get the contained master secret as a moved-out object
Definition at line 405 of file tls_session.cpp.
References BOTAN_STATE_CHECK.
|
inline |
Definition at line 461 of file tls_session.h.
Referenced by Session(), Session(), Session(), Session(), and Botan::TLS::Callbacks::tls_should_persist_resumption_information().
|
inline |
Get a reference to the contained master secret
Definition at line 436 of file tls_session.h.
Referenced by Session().
|
inline |
Return the number of bytes allowed for 0-RTT early data
Definition at line 456 of file tls_session.h.
|
inlineinherited |
Return the certificate chain of the peer (possibly empty)
Definition at line 208 of file tls_session.h.
References m_peer_certs.
Referenced by Botan::TLS::Session_Summary::Client_Impl_13, Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), and Session_Base().
|
inlineinherited |
Return the raw public key of the peer (possibly empty)
Definition at line 213 of file tls_session.h.
References m_peer_raw_public_key.
Referenced by Botan::TLS::Session_Summary::Client_Impl_13, Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), and Session_Base().
std::string Botan::TLS::Session::PEM_encode | ( | ) | const |
Encode this session data for storage
Definition at line 401 of file tls_session.cpp.
References DER_encode(), and Botan::PEM_Code::encode().
|
inlineinherited |
Get information about the TLS server
Returns information that identifies the server side of the connection. This is useful for the client in that it identifies what was originally passed to the constructor. For the server, it includes the name the client specified in the server name indicator extension.
Definition at line 223 of file tls_session.h.
References m_server_info.
Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Session_Summary::Client_Impl_13, Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), Session_Base(), and Botan::TLS::Session_Manager_SQL::store().
|
inline |
Return the ticket obfuscation adder
Definition at line 451 of file tls_session.h.
|
inlineinherited |
Get which side of the connection we are/were acting as.
Definition at line 186 of file tls_session.h.
References m_connection_side.
Referenced by Botan::TLS::Session_Summary::Client_Impl_13, Botan::TLS::Session_Manager::establish(), Botan::TLS::Session_Manager_Stateless::establish(), Botan::TLS::Session::Session(), and Botan::TLS::Session::Session().
|
inlineinherited |
Get the wall clock time this session began
Definition at line 166 of file tls_session.h.
References m_start_time.
Referenced by Botan::TLS::Session::Session(), Session_Base(), and Botan::TLS::Session_Manager_SQL::store().
|
inline |
Get whether the saved session supports sending/receiving of early data
Definition at line 446 of file tls_session.h.
|
inlineinherited |
Returns true if a TLS 1.2 session negotiated "encrypt then MAC"; TLS 1.3 sessions will always return false as they always use an AEAD.
Definition at line 197 of file tls_session.h.
References m_encrypt_then_mac.
Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().
|
inlineinherited |
Returns true if a TLS 1.2 session negotiated "extended master secret"; TLS 1.3 sessions will always return true (see RFC 8446 Appendix D).
Definition at line 203 of file tls_session.h.
References m_extended_master_secret.
|
inlineinherited |
Get the negotiated protocol version of the TLS session
Definition at line 171 of file tls_session.h.
References m_version.
Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Session_Manager_Hybrid::establish(), Botan::TLS::Channel_Impl::request_downgrade_for_resumption(), Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), Session_Base(), and Botan::TLS::Callbacks::tls_should_persist_resumption_information().
|
protectedinherited |
Definition at line 229 of file tls_session.h.
Referenced by ciphersuite(), ciphersuite_code(), Botan::TLS::Session::DER_encode(), Botan::TLS::Session::Session(), and Session_Base().
|
protectedinherited |
Definition at line 230 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), Botan::TLS::Session::Session(), Session_Base(), and side().
|
protectedinherited |
Definition at line 234 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), Botan::TLS::Session::Session(), Session_Base(), and supports_encrypt_then_mac().
|
protectedinherited |
Definition at line 233 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), Botan::TLS::Session::Session(), Session_Base(), and supports_extended_master_secret().
|
protectedinherited |
Definition at line 236 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), peer_certs(), Botan::TLS::Session::Session(), and Session_Base().
|
protectedinherited |
Definition at line 237 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), peer_raw_public_key(), Botan::TLS::Session::Session(), and Session_Base().
|
protectedinherited |
Definition at line 238 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), server_info(), Botan::TLS::Session::Session(), and Session_Base().
|
protectedinherited |
Definition at line 231 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), dtls_srtp_profile(), Botan::TLS::Session::Session(), and Session_Base().
|
protectedinherited |
Definition at line 226 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), Botan::TLS::Session::Session(), Session_Base(), and start_time().
|
protectedinherited |
Definition at line 228 of file tls_session.h.
Referenced by Botan::TLS::Session::DER_encode(), Botan::TLS::Session::Session(), Botan::TLS::Session::Session(), Session_Base(), and version().