Botan 3.3.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Attributes | List of all members
Botan::TLS::Session Class Referencefinal

#include <tls_session.h>

Inheritance diagram for Botan::TLS::Session:
Botan::TLS::Session_Base

Public Member Functions

Ciphersuite ciphersuite () const
 
uint16_t ciphersuite_code () const
 
secure_vector< uint8_t > DER_encode () const
 
uint16_t dtls_srtp_profile () const
 
std::vector< uint8_t > encrypt (const SymmetricKey &key, RandomNumberGenerator &rng) const
 
secure_vector< uint8_t > extract_master_secret ()
 
std::chrono::seconds lifetime_hint () const
 
const secure_vector< uint8_t > & master_secret () const
 
uint32_t max_early_data_bytes () const
 
const std::vector< X509_Certificate > & peer_certs () const
 
std::shared_ptr< const Public_Keypeer_raw_public_key () const
 
std::string PEM_encode () const
 
const Server_Informationserver_info () const
 
 Session (const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
 
 Session (const secure_vector< uint8_t > &session_psk, const std::optional< uint32_t > &max_early_data_bytes, uint32_t ticket_age_add, std::chrono::seconds lifetime_hint, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Server_Information &server_info, std::chrono::system_clock::time_point current_timestamp)
 
 Session (secure_vector< uint8_t > &&session_psk, const std::optional< uint32_t > &max_early_data_bytes, std::chrono::seconds lifetime_hint, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Client_Hello_13 &client_hello, const Server_Hello_13 &server_hello, Callbacks &callbacks, RandomNumberGenerator &rng)
 
 Session (std::span< const uint8_t > ber_data)
 
 Session (std::string_view pem)
 
uint32_t session_age_add () const
 
Connection_Side side () const
 
std::chrono::system_clock::time_point start_time () const
 
bool supports_early_data () const
 
bool supports_encrypt_then_mac () const
 
bool supports_extended_master_secret () const
 
Protocol_Version version () const
 

Static Public Member Functions

static Session decrypt (const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
 
static Session decrypt (std::span< const uint8_t > ctext, const SymmetricKey &key)
 

Protected Attributes

uint16_t m_ciphersuite
 
Connection_Side m_connection_side
 
bool m_encrypt_then_mac
 
bool m_extended_master_secret
 
std::vector< X509_Certificatem_peer_certs
 
std::shared_ptr< const Public_Keym_peer_raw_public_key
 
Server_Information m_server_info
 
uint16_t m_srtp_profile
 
std::chrono::system_clock::time_point m_start_time
 
Protocol_Version m_version
 

Detailed Description

Represents a session's negotiated features along with all resumption information to re-establish a TLS connection later on.

Definition at line 328 of file tls_session.h.

Constructor & Destructor Documentation

◆ Session() [1/5]

Botan::TLS::Session::Session ( const secure_vector< uint8_t > & master_secret,
Protocol_Version version,
uint16_t ciphersuite,
Connection_Side side,
bool supports_extended_master_secret,
bool supports_encrypt_then_mac,
const std::vector< X509_Certificate > & peer_certs,
const Server_Information & server_info,
uint16_t srtp_profile,
std::chrono::system_clock::time_point current_timestamp,
std::chrono::seconds lifetime_hint = std::chrono::seconds::max() )

New TLS 1.2 session (sets session start time)

Definition at line 178 of file tls_session.cpp.

188 :
189 Session_Base(current_timestamp,
190 version,
192 side,
193 srtp_profile,
194 extended_master_secret,
195 encrypt_then_mac,
196 certs,
197 nullptr, // RFC 7250 (raw public keys) is NYI for TLS 1.2
199 m_master_secret(master_secret),
200 m_early_data_allowed(false),
201 m_max_early_data_bytes(0),
202 m_ticket_age_add(0),
203 m_lifetime_hint(lifetime_hint) {
204 BOTAN_ARG_CHECK(version.is_pre_tls_13(), "Instantiated a TLS 1.2 session object with a TLS version newer than 1.2");
205}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Protocol_Version version() const
Connection_Side side() const
Ciphersuite ciphersuite() const
const Server_Information & server_info() const
std::chrono::seconds lifetime_hint() const
const secure_vector< uint8_t > & master_secret() const

References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::version().

Referenced by decrypt().

◆ Session() [2/5]

Botan::TLS::Session::Session ( const secure_vector< uint8_t > & session_psk,
const std::optional< uint32_t > & max_early_data_bytes,
uint32_t ticket_age_add,
std::chrono::seconds lifetime_hint,
Protocol_Version version,
uint16_t ciphersuite,
Connection_Side side,
const std::vector< X509_Certificate > & peer_certs,
std::shared_ptr< const Public_Key > peer_raw_public_key,
const Server_Information & server_info,
std::chrono::system_clock::time_point current_timestamp )

New TLS 1.3 session (sets session start time)

Definition at line 209 of file tls_session.cpp.

219 :
220 Session_Base(current_timestamp,
221 version,
223 side,
224
225 // TODO: SRTP might become necessary when DTLS 1.3 is being implemented
226 0,
227
228 // RFC 8446 Appendix D
229 // Because TLS 1.3 always hashes in the transcript up to the server
230 // Finished, implementations which support both TLS 1.3 and earlier
231 // versions SHOULD indicate the use of the Extended Master Secret
232 // extension in their APIs whenever TLS 1.3 is used.
233 true,
234
235 // TLS 1.3 uses AEADs, so technically encrypt-then-MAC is not applicable.
236 false,
238 std::move(peer_raw_public_key),
240 m_master_secret(session_psk),
241 m_early_data_allowed(max_early_data_bytes.has_value()),
242 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
243 m_ticket_age_add(ticket_age_add),
244 m_lifetime_hint(lifetime_hint) {
245 BOTAN_ARG_CHECK(!version.is_pre_tls_13(), "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
246}
std::shared_ptr< const Public_Key > peer_raw_public_key() const
const std::vector< X509_Certificate > & peer_certs() const
uint32_t max_early_data_bytes() const

References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::version().

◆ Session() [3/5]

Botan::TLS::Session::Session ( secure_vector< uint8_t > && session_psk,
const std::optional< uint32_t > & max_early_data_bytes,
std::chrono::seconds lifetime_hint,
const std::vector< X509_Certificate > & peer_certs,
std::shared_ptr< const Public_Key > peer_raw_public_key,
const Client_Hello_13 & client_hello,
const Server_Hello_13 & server_hello,
Callbacks & callbacks,
RandomNumberGenerator & rng )

Create a new TLS 1.3 session object from server data structures after a successful handshake with a TLS 1.3 client

Definition at line 248 of file tls_session.cpp.

256 :
257 Session_Base(callbacks.tls_current_timestamp(),
258 server_hello.selected_version(),
259 server_hello.ciphersuite(),
261 0,
262 true,
263 false, // see constructor above for rationales
265 std::move(peer_raw_public_key),
266 Server_Information(client_hello.sni_hostname())),
267 m_master_secret(std::move(session_psk)),
268 m_early_data_allowed(max_early_data_bytes.has_value()),
269 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
270 m_ticket_age_add(load_be<uint32_t>(rng.random_vec(4).data(), 0)),
271 m_lifetime_hint(lifetime_hint) {
273 "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
274}
Protocol_Version m_version

References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::m_version.

◆ Session() [4/5]

Botan::TLS::Session::Session ( std::span< const uint8_t > ber_data)

Load a session from DER representation (created by DER_encode)

Parameters
ber_dataDER representation buffer

Definition at line 280 of file tls_session.cpp.

280 {
281 uint8_t side_code = 0;
282
283 std::vector<uint8_t> raw_pubkey_or_empty;
284
285 ASN1_String server_hostname;
286 ASN1_String server_service;
287 size_t server_port;
288
289 uint8_t major_version = 0, minor_version = 0;
290
291 size_t start_time = 0;
292 size_t srtp_profile = 0;
293 uint16_t ciphersuite_code = 0;
294 uint64_t lifetime_hint = 0;
295
296 BER_Decoder(ber_data.data(), ber_data.size())
297 .start_sequence()
298 .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
299 "Unknown version in serialized TLS session")
300 .decode_integer_type(start_time)
301 .decode_integer_type(major_version)
302 .decode_integer_type(minor_version)
303 .decode_integer_type(ciphersuite_code)
304 .decode_integer_type(side_code)
306 .decode(m_encrypt_then_mac)
307 .decode(m_master_secret, ASN1_Type::OctetString)
308 .decode_list<X509_Certificate>(m_peer_certs)
309 .decode(raw_pubkey_or_empty, ASN1_Type::OctetString)
310 .decode(server_hostname)
311 .decode(server_service)
312 .decode(server_port)
313 .decode(srtp_profile)
314 .decode(m_early_data_allowed)
315 .decode_integer_type(m_max_early_data_bytes)
316 .decode_integer_type(m_ticket_age_add)
317 .decode_integer_type(lifetime_hint)
318 .end_cons()
319 .verify_end();
320
322 throw Decoding_Error(
323 "Serialized TLS session contains unknown cipher suite "
324 "(" +
325 std::to_string(ciphersuite_code) + ")");
326 }
327
329 m_version = Protocol_Version(major_version, minor_version);
330 m_start_time = std::chrono::system_clock::from_time_t(start_time);
331 m_connection_side = static_cast<Connection_Side>(side_code);
332 m_srtp_profile = static_cast<uint16_t>(srtp_profile);
333
335 Server_Information(server_hostname.value(), server_service.value(), static_cast<uint16_t>(server_port));
336
337 if(!raw_pubkey_or_empty.empty()) {
338 m_peer_raw_public_key = X509::load_key(raw_pubkey_or_empty);
339 }
340
341 m_lifetime_hint = std::chrono::seconds(lifetime_hint);
342}
static std::optional< Ciphersuite > by_id(uint16_t suite)
std::vector< X509_Certificate > m_peer_certs
std::chrono::system_clock::time_point m_start_time
Server_Information m_server_info
std::chrono::system_clock::time_point start_time() const
uint16_t ciphersuite_code() const
std::shared_ptr< const Public_Key > m_peer_raw_public_key
Connection_Side m_connection_side
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28

References Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Session_Base::ciphersuite_code(), Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_and_check(), Botan::BER_Decoder::decode_integer_type(), Botan::BER_Decoder::decode_list(), lifetime_hint(), Botan::X509::load_key(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::OctetString, Botan::BER_Decoder::start_sequence(), Botan::TLS::Session_Base::start_time(), and Botan::ASN1_String::value().

◆ Session() [5/5]

Botan::TLS::Session::Session ( std::string_view pem)
explicit

Load a session from PEM representation (created by PEM_encode)

Parameters
pemPEM representation

Definition at line 278 of file tls_session.cpp.

278: Session(PEM_Code::decode_check_label(pem, "TLS SESSION")) {}
Session(const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49

Member Function Documentation

◆ ciphersuite()

Ciphersuite Botan::TLS::Session_Base::ciphersuite ( ) const
inherited

Get the ciphersuite info of the negotiated TLS session

Definition at line 86 of file tls_session.cpp.

86 {
88 if(!suite.has_value()) {
89 throw Decoding_Error("Failed to find cipher suite for ID " + std::to_string(m_ciphersuite));
90 }
91 return suite.value();
92}

References Botan::TLS::Ciphersuite::by_id(), and Botan::TLS::Session_Base::m_ciphersuite.

Referenced by Botan::TLS::Server_Hello_12::Server_Hello_12().

◆ ciphersuite_code()

uint16_t Botan::TLS::Session_Base::ciphersuite_code ( ) const
inlineinherited

Get the ciphersuite code of the negotiated TLS session

Definition at line 177 of file tls_session.h.

177{ return m_ciphersuite; }

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and Session().

◆ decrypt() [1/2]

static Session Botan::TLS::Session::decrypt ( const uint8_t ctext[],
size_t ctext_size,
const SymmetricKey & key )
inlinestatic

Decrypt a session created by encrypt

Parameters
ctextthe ciphertext returned by encrypt
ctext_sizethe size of ctext in bytes
keythe same key used by the encrypting side

Definition at line 408 of file tls_session.h.

408 {
409 return Session::decrypt(std::span(ctext, ctext_size), key);
410 }
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)

Referenced by Botan::TLS::Session_Manager_SQL::find_some(), Botan::TLS::Session_Manager_SQL::retrieve_one(), and Botan::TLS::Session_Manager_Stateless::retrieve_one().

◆ decrypt() [2/2]

Session Botan::TLS::Session::decrypt ( std::span< const uint8_t > ctext,
const SymmetricKey & key )
static

Decrypt a session created by encrypt

Parameters
ctextthe ciphertext returned by encrypt
keythe same key used by the encrypting side

Definition at line 450 of file tls_session.cpp.

450 {
451 try {
452 const size_t min_session_size = 48 + 4; // serious under-estimate
453 if(in.size() < TLS_SESSION_CRYPT_OVERHEAD + min_session_size) {
454 throw Decoding_Error("Encrypted session too short to be valid");
455 }
456
457 BufferSlicer sub(in);
458 const auto magic = sub.take(TLS_SESSION_CRYPT_MAGIC_LEN).data();
459 const auto key_name = sub.take(TLS_SESSION_CRYPT_KEY_NAME_LEN).data();
460 const auto key_seed = sub.take(TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN).data();
461 const auto aead_nonce = sub.take(TLS_SESSION_CRYPT_AEAD_NONCE_LEN).data();
462 auto ctext = sub.copy_as_secure_vector(sub.remaining());
463
464 if(load_be<uint64_t>(magic, 0) != TLS_SESSION_CRYPT_MAGIC) {
465 throw Decoding_Error("Missing expected magic numbers");
466 }
467
468 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
469 hmac->set_key(key);
470
471 // First derive and check the "key name"
472 std::vector<uint8_t> cmp_key_name(hmac->output_length());
473 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
474 hmac->final(cmp_key_name.data());
475
476 if(CT::is_equal(cmp_key_name.data(), key_name, TLS_SESSION_CRYPT_KEY_NAME_LEN).as_bool() == false) {
477 throw Decoding_Error("Wrong key name for encrypted session");
478 }
479
480 hmac->update(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
481 const secure_vector<uint8_t> aead_key = hmac->final();
482
483 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Decryption);
484 aead->set_key(aead_key);
485 aead->set_associated_data(in.data(), TLS_SESSION_CRYPT_HDR_LEN);
486 aead->start(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
487 aead->finish(ctext, 0);
488 return Session(ctext);
489 } catch(std::exception& e) {
490 throw Decoding_Error("Failed to decrypt serialized TLS session: " + std::string(e.what()));
491 }
492}
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:43
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:148
CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:339

References Botan::BufferSlicer::copy_as_secure_vector(), Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::CT::is_equal(), Botan::BufferSlicer::remaining(), Session(), and Botan::BufferSlicer::take().

◆ DER_encode()

secure_vector< uint8_t > Botan::TLS::Session::DER_encode ( ) const

Encode this session data for storage

Warning
if the master secret is compromised so is the session traffic

Definition at line 344 of file tls_session.cpp.

344 {
345 const auto raw_pubkey_or_empty =
346 m_peer_raw_public_key ? m_peer_raw_public_key->subject_public_key() : std::vector<uint8_t>{};
347
348 return DER_Encoder()
349 .start_sequence()
350 .encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
351 .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
352 .encode(static_cast<size_t>(m_version.major_version()))
353 .encode(static_cast<size_t>(m_version.minor_version()))
354 .encode(static_cast<size_t>(m_ciphersuite))
355 .encode(static_cast<size_t>(m_connection_side))
357 .encode(m_encrypt_then_mac)
358 .encode(m_master_secret, ASN1_Type::OctetString)
359 .start_sequence()
360 .encode_list(m_peer_certs)
361 .end_cons()
362 .encode(raw_pubkey_or_empty, ASN1_Type::OctetString)
363 .encode(ASN1_String(m_server_info.hostname(), ASN1_Type::Utf8String))
364 .encode(ASN1_String(m_server_info.service(), ASN1_Type::Utf8String))
365 .encode(static_cast<size_t>(m_server_info.port()))
366 .encode(static_cast<size_t>(m_srtp_profile))
367
368 // the fields below were introduced for TLS 1.3 session tickets
369 .encode(m_early_data_allowed)
370 .encode(static_cast<size_t>(m_max_early_data_bytes))
371 .encode(static_cast<size_t>(m_ticket_age_add))
372 .encode(static_cast<size_t>(m_lifetime_hint.count()))
373 .end_cons()
374 .get_contents();
375}
uint8_t major_version() const
Definition tls_version.h:78
uint8_t minor_version() const
Definition tls_version.h:83

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::encode_list(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::TLS::Server_Information::hostname(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), Botan::OctetString, Botan::TLS::Server_Information::port(), Botan::TLS::Server_Information::service(), Botan::DER_Encoder::start_sequence(), and Botan::Utf8String.

Referenced by encrypt(), and PEM_encode().

◆ dtls_srtp_profile()

uint16_t Botan::TLS::Session_Base::dtls_srtp_profile ( ) const
inlineinherited

Get the negotiated DTLS-SRTP algorithm (RFC 5764)

Definition at line 192 of file tls_session.h.

192{ return m_srtp_profile; }

◆ encrypt()

std::vector< uint8_t > Botan::TLS::Session::encrypt ( const SymmetricKey & key,
RandomNumberGenerator & rng ) const

Encrypt a session (useful for serialization or session tickets)

Definition at line 407 of file tls_session.cpp.

407 {
408 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
409 hmac->set_key(key);
410
411 // First derive the "key name"
412 std::vector<uint8_t> key_name(hmac->output_length());
413 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
414 hmac->final(key_name.data());
415 key_name.resize(TLS_SESSION_CRYPT_KEY_NAME_LEN);
416
417 std::vector<uint8_t> aead_nonce;
418 std::vector<uint8_t> key_seed;
419
420 rng.random_vec(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
421 rng.random_vec(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
422
423 hmac->update(key_seed);
424 const secure_vector<uint8_t> aead_key = hmac->final();
425
426 secure_vector<uint8_t> bits = this->DER_encode();
427
428 // create the header
429 std::vector<uint8_t> buf;
430 buf.reserve(TLS_SESSION_CRYPT_OVERHEAD + bits.size());
431 buf.resize(TLS_SESSION_CRYPT_MAGIC_LEN);
432 store_be(TLS_SESSION_CRYPT_MAGIC, &buf[0]);
433 buf += key_name;
434 buf += key_seed;
435 buf += aead_nonce;
436
437 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Encryption);
438 BOTAN_ASSERT_NOMSG(aead->valid_nonce_length(TLS_SESSION_CRYPT_AEAD_NONCE_LEN));
439 BOTAN_ASSERT_NOMSG(aead->tag_size() == TLS_SESSION_CRYPT_AEAD_TAG_SIZE);
440 aead->set_key(aead_key);
441 aead->set_associated_data(buf);
442 aead->start(aead_nonce);
443 aead->finish(bits, 0);
444
445 // append the ciphertext
446 buf += bits;
447 return buf;
448}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
secure_vector< uint8_t > DER_encode() const
constexpr void store_be(T in, OutR &&out_range)
Definition loadstor.h:358

References BOTAN_ASSERT_NOMSG, Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), DER_encode(), Botan::Encryption, Botan::RandomNumberGenerator::random_vec(), and Botan::store_be().

Referenced by Botan::TLS::Session_Manager_Stateless::establish(), and Botan::TLS::Session_Manager_SQL::store().

◆ extract_master_secret()

secure_vector< uint8_t > Botan::TLS::Session::extract_master_secret ( )

Get the contained master secret as a moved-out object

Definition at line 381 of file tls_session.cpp.

381 {
382 BOTAN_STATE_CHECK(!m_master_secret.empty());
383 return std::exchange(m_master_secret, {});
384}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41

References BOTAN_STATE_CHECK.

◆ lifetime_hint()

std::chrono::seconds Botan::TLS::Session::lifetime_hint ( ) const
inline
Returns
the lifetime of the ticket as defined by the TLS server

Definition at line 454 of file tls_session.h.

454{ return m_lifetime_hint; }

Referenced by Session(), and Botan::TLS::Callbacks::tls_should_persist_resumption_information().

◆ master_secret()

const secure_vector< uint8_t > & Botan::TLS::Session::master_secret ( ) const
inline

Get a reference to the contained master secret

Definition at line 429 of file tls_session.h.

429{ return m_master_secret; }

◆ max_early_data_bytes()

uint32_t Botan::TLS::Session::max_early_data_bytes ( ) const
inline

Return the number of bytes allowed for 0-RTT early data

Definition at line 449 of file tls_session.h.

449{ return m_max_early_data_bytes; }

◆ peer_certs()

const std::vector< X509_Certificate > & Botan::TLS::Session_Base::peer_certs ( ) const
inlineinherited

Return the certificate chain of the peer (possibly empty)

Definition at line 209 of file tls_session.h.

209{ return m_peer_certs; }

◆ peer_raw_public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Session_Base::peer_raw_public_key ( ) const
inlineinherited

Return the raw public key of the peer (possibly empty)

Definition at line 214 of file tls_session.h.

214{ return m_peer_raw_public_key; }

◆ PEM_encode()

std::string Botan::TLS::Session::PEM_encode ( ) const

Encode this session data for storage

Warning
if the master secret is compromised so is the session traffic

Definition at line 377 of file tls_session.cpp.

377 {
378 return PEM_Code::encode(this->DER_encode(), "TLS SESSION");
379}
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References DER_encode(), and Botan::PEM_Code::encode().

◆ server_info()

const Server_Information & Botan::TLS::Session_Base::server_info ( ) const
inlineinherited

Get information about the TLS server

Definition at line 219 of file tls_session.h.

219{ return m_server_info; }

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Session_Manager_SQL::store().

◆ session_age_add()

uint32_t Botan::TLS::Session::session_age_add ( ) const
inline

Return the ticket obfuscation adder

Definition at line 444 of file tls_session.h.

444{ return m_ticket_age_add; }

◆ side()

Connection_Side Botan::TLS::Session_Base::side ( ) const
inlineinherited

Get which side of the connection we are/were acting as.

Definition at line 187 of file tls_session.h.

187{ return m_connection_side; }

Referenced by Botan::TLS::Session_Manager::establish(), and Botan::TLS::Session_Manager_Stateless::establish().

◆ start_time()

std::chrono::system_clock::time_point Botan::TLS::Session_Base::start_time ( ) const
inlineinherited

Get the wall clock time this session began

Definition at line 167 of file tls_session.h.

167{ return m_start_time; }

Referenced by Session(), and Botan::TLS::Session_Manager_SQL::store().

◆ supports_early_data()

bool Botan::TLS::Session::supports_early_data ( ) const
inline

Get whether the saved session supports sending/receiving of early data

Definition at line 439 of file tls_session.h.

439{ return m_early_data_allowed; }

◆ supports_encrypt_then_mac()

bool Botan::TLS::Session_Base::supports_encrypt_then_mac ( ) const
inlineinherited

Returns true if a TLS 1.2 session negotiated "encrypt then MAC"; TLS 1.3 sessions will always return false as they always use an AEAD.

Definition at line 198 of file tls_session.h.

198{ return m_encrypt_then_mac; }

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().

◆ supports_extended_master_secret()

bool Botan::TLS::Session_Base::supports_extended_master_secret ( ) const
inlineinherited

Returns true if a TLS 1.2 session negotiated "extended master secret"; TLS 1.3 sessions will always return true (see RFC 8446 Appendix D).

Definition at line 204 of file tls_session.h.

204{ return m_extended_master_secret; }

◆ version()

Protocol_Version Botan::TLS::Session_Base::version ( ) const
inlineinherited

Member Data Documentation

◆ m_ciphersuite

uint16_t Botan::TLS::Session_Base::m_ciphersuite
protectedinherited

Definition at line 225 of file tls_session.h.

Referenced by Botan::TLS::Session_Base::ciphersuite(), DER_encode(), and Session().

◆ m_connection_side

Connection_Side Botan::TLS::Session_Base::m_connection_side
protectedinherited

Definition at line 226 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_encrypt_then_mac

bool Botan::TLS::Session_Base::m_encrypt_then_mac
protectedinherited

Definition at line 230 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_extended_master_secret

bool Botan::TLS::Session_Base::m_extended_master_secret
protectedinherited

Definition at line 229 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_peer_certs

std::vector<X509_Certificate> Botan::TLS::Session_Base::m_peer_certs
protectedinherited

Definition at line 232 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_peer_raw_public_key

std::shared_ptr<const Public_Key> Botan::TLS::Session_Base::m_peer_raw_public_key
protectedinherited

Definition at line 233 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_server_info

Server_Information Botan::TLS::Session_Base::m_server_info
protectedinherited

Definition at line 234 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_srtp_profile

uint16_t Botan::TLS::Session_Base::m_srtp_profile
protectedinherited

Definition at line 227 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_start_time

std::chrono::system_clock::time_point Botan::TLS::Session_Base::m_start_time
protectedinherited

Definition at line 222 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_version

Protocol_Version Botan::TLS::Session_Base::m_version
protectedinherited

Definition at line 224 of file tls_session.h.

Referenced by DER_encode(), Session(), and Session().


The documentation for this class was generated from the following files: