Botan 3.7.1
Crypto and TLS for C&
Botan::TLS::Session Class Referencefinal

#include <tls_session.h>

Inheritance diagram for Botan::TLS::Session:
Botan::TLS::Session_Base

Public Member Functions

Ciphersuite ciphersuite () const
 
uint16_t ciphersuite_code () const
 
secure_vector< uint8_t > DER_encode () const
 
uint16_t dtls_srtp_profile () const
 
std::vector< uint8_t > encrypt (const SymmetricKey &key, RandomNumberGenerator &rng) const
 
secure_vector< uint8_t > extract_master_secret ()
 
std::chrono::seconds lifetime_hint () const
 
const secure_vector< uint8_t > & master_secret () const
 
uint32_t max_early_data_bytes () const
 
const std::vector< X509_Certificate > & peer_certs () const
 
std::shared_ptr< const Public_Keypeer_raw_public_key () const
 
std::string PEM_encode () const
 
const Server_Informationserver_info () const
 
 Session (const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
 
 Session (const secure_vector< uint8_t > &session_psk, const std::optional< uint32_t > &max_early_data_bytes, uint32_t ticket_age_add, std::chrono::seconds lifetime_hint, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Server_Information &server_info, std::chrono::system_clock::time_point current_timestamp)
 
 Session (secure_vector< uint8_t > &&session_psk, const std::optional< uint32_t > &max_early_data_bytes, std::chrono::seconds lifetime_hint, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, const Client_Hello_13 &client_hello, const Server_Hello_13 &server_hello, Callbacks &callbacks, RandomNumberGenerator &rng)
 
 Session (std::span< const uint8_t > ber_data)
 
 Session (std::string_view pem)
 
uint32_t session_age_add () const
 
Connection_Side side () const
 
std::chrono::system_clock::time_point start_time () const
 
bool supports_early_data () const
 
bool supports_encrypt_then_mac () const
 
bool supports_extended_master_secret () const
 
Protocol_Version version () const
 

Static Public Member Functions

static Session decrypt (const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
 
static Session decrypt (std::span< const uint8_t > ctext, const SymmetricKey &key)
 

Protected Attributes

uint16_t m_ciphersuite
 
Connection_Side m_connection_side
 
bool m_encrypt_then_mac
 
bool m_extended_master_secret
 
std::vector< X509_Certificatem_peer_certs
 
std::shared_ptr< const Public_Keym_peer_raw_public_key
 
Server_Information m_server_info
 
uint16_t m_srtp_profile
 
std::chrono::system_clock::time_point m_start_time
 
Protocol_Version m_version
 

Detailed Description

Represents a session's negotiated features along with all resumption information to re-establish a TLS connection later on.

Definition at line 336 of file tls_session.h.

Constructor & Destructor Documentation

◆ Session() [1/5]

Botan::TLS::Session::Session ( const secure_vector< uint8_t > & master_secret,
Protocol_Version version,
uint16_t ciphersuite,
Connection_Side side,
bool supports_extended_master_secret,
bool supports_encrypt_then_mac,
const std::vector< X509_Certificate > & peer_certs,
const Server_Information & server_info,
uint16_t srtp_profile,
std::chrono::system_clock::time_point current_timestamp,
std::chrono::seconds lifetime_hint = std::chrono::seconds::max() )

New TLS 1.2 session (sets session start time)

Definition at line 202 of file tls_session.cpp.

212 :
213 Session_Base(current_timestamp,
214 version,
216 side,
217 srtp_profile,
218 extended_master_secret,
219 encrypt_then_mac,
220 certs,
221 nullptr, // RFC 7250 (raw public keys) is NYI for TLS 1.2
223 m_master_secret(master_secret),
224 m_early_data_allowed(false),
225 m_max_early_data_bytes(0),
226 m_ticket_age_add(0),
227 m_lifetime_hint(lifetime_hint) {
228 BOTAN_ARG_CHECK(version.is_pre_tls_13(), "Instantiated a TLS 1.2 session object with a TLS version newer than 1.2");
229}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Protocol_Version version() const
Connection_Side side() const
Ciphersuite ciphersuite() const
const Server_Information & server_info() const
std::chrono::seconds lifetime_hint() const
const secure_vector< uint8_t > & master_secret() const

References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::version().

Referenced by decrypt().

◆ Session() [2/5]

Botan::TLS::Session::Session ( const secure_vector< uint8_t > & session_psk,
const std::optional< uint32_t > & max_early_data_bytes,
uint32_t ticket_age_add,
std::chrono::seconds lifetime_hint,
Protocol_Version version,
uint16_t ciphersuite,
Connection_Side side,
const std::vector< X509_Certificate > & peer_certs,
std::shared_ptr< const Public_Key > peer_raw_public_key,
const Server_Information & server_info,
std::chrono::system_clock::time_point current_timestamp )

New TLS 1.3 session (sets session start time)

Definition at line 233 of file tls_session.cpp.

243 :
244 Session_Base(current_timestamp,
245 version,
247 side,
248
249 // TODO: SRTP might become necessary when DTLS 1.3 is being implemented
250 0,
251
252 // RFC 8446 Appendix D
253 // Because TLS 1.3 always hashes in the transcript up to the server
254 // Finished, implementations which support both TLS 1.3 and earlier
255 // versions SHOULD indicate the use of the Extended Master Secret
256 // extension in their APIs whenever TLS 1.3 is used.
257 true,
258
259 // TLS 1.3 uses AEADs, so technically encrypt-then-MAC is not applicable.
260 false,
262 std::move(peer_raw_public_key),
264 m_master_secret(session_psk),
265 m_early_data_allowed(max_early_data_bytes.has_value()),
266 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
267 m_ticket_age_add(ticket_age_add),
268 m_lifetime_hint(lifetime_hint) {
269 BOTAN_ARG_CHECK(!version.is_pre_tls_13(), "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
270}
std::shared_ptr< const Public_Key > peer_raw_public_key() const
const std::vector< X509_Certificate > & peer_certs() const
uint32_t max_early_data_bytes() const

References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::version().

◆ Session() [3/5]

Botan::TLS::Session::Session ( secure_vector< uint8_t > && session_psk,
const std::optional< uint32_t > & max_early_data_bytes,
std::chrono::seconds lifetime_hint,
const std::vector< X509_Certificate > & peer_certs,
std::shared_ptr< const Public_Key > peer_raw_public_key,
const Client_Hello_13 & client_hello,
const Server_Hello_13 & server_hello,
Callbacks & callbacks,
RandomNumberGenerator & rng )

Create a new TLS 1.3 session object from server data structures after a successful handshake with a TLS 1.3 client

Definition at line 272 of file tls_session.cpp.

280 :
281 Session_Base(callbacks.tls_current_timestamp(),
282 server_hello.selected_version(),
283 server_hello.ciphersuite(),
285 0,
286 true,
287 false, // see constructor above for rationales
289 std::move(peer_raw_public_key),
290 Server_Information(client_hello.sni_hostname())),
291 m_master_secret(std::move(session_psk)),
292 m_early_data_allowed(max_early_data_bytes.has_value()),
293 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
294 m_ticket_age_add(load_be<uint32_t>(rng.random_vec(4).data(), 0)),
295 m_lifetime_hint(lifetime_hint) {
297 "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
298}
Protocol_Version m_version
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:530

References BOTAN_ARG_CHECK, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::TLS::Session_Base::m_version.

◆ Session() [4/5]

Botan::TLS::Session::Session ( std::span< const uint8_t > ber_data)

Load a session from DER representation (created by DER_encode)

Parameters
ber_dataDER representation buffer

Definition at line 304 of file tls_session.cpp.

304 {
305 uint8_t side_code = 0;
306
307 std::vector<uint8_t> raw_pubkey_or_empty;
308
309 ASN1_String server_hostname;
310 ASN1_String server_service;
311 size_t server_port;
312
313 uint8_t major_version = 0, minor_version = 0;
314
315 size_t start_time = 0;
316 size_t srtp_profile = 0;
317 uint16_t ciphersuite_code = 0;
318 uint64_t lifetime_hint = 0;
319
320 BER_Decoder(ber_data.data(), ber_data.size())
321 .start_sequence()
322 .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
323 "Unknown version in serialized TLS session")
324 .decode_integer_type(start_time)
325 .decode_integer_type(major_version)
326 .decode_integer_type(minor_version)
327 .decode_integer_type(ciphersuite_code)
328 .decode_integer_type(side_code)
330 .decode(m_encrypt_then_mac)
331 .decode(m_master_secret, ASN1_Type::OctetString)
332 .decode_list<X509_Certificate>(m_peer_certs)
333 .decode(raw_pubkey_or_empty, ASN1_Type::OctetString)
334 .decode(server_hostname)
335 .decode(server_service)
336 .decode(server_port)
337 .decode(srtp_profile)
338 .decode(m_early_data_allowed)
339 .decode_integer_type(m_max_early_data_bytes)
340 .decode_integer_type(m_ticket_age_add)
341 .decode_integer_type(lifetime_hint)
342 .end_cons()
343 .verify_end();
344
346 throw Decoding_Error(
347 "Serialized TLS session contains unknown cipher suite "
348 "(" +
349 std::to_string(ciphersuite_code) + ")");
350 }
351
353 m_version = Protocol_Version(major_version, minor_version);
354 m_start_time = std::chrono::system_clock::from_time_t(start_time);
355 m_connection_side = static_cast<Connection_Side>(side_code);
356 m_srtp_profile = static_cast<uint16_t>(srtp_profile);
357
359 Server_Information(server_hostname.value(), server_service.value(), static_cast<uint16_t>(server_port));
360
361 if(!raw_pubkey_or_empty.empty()) {
362 m_peer_raw_public_key = X509::load_key(raw_pubkey_or_empty);
363 }
364
365 m_lifetime_hint = std::chrono::seconds(lifetime_hint);
366}
static std::optional< Ciphersuite > by_id(uint16_t suite)
std::vector< X509_Certificate > m_peer_certs
std::chrono::system_clock::time_point m_start_time
Server_Information m_server_info
std::chrono::system_clock::time_point start_time() const
uint16_t ciphersuite_code() const
std::shared_ptr< const Public_Key > m_peer_raw_public_key
Connection_Side m_connection_side
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28

References Botan::TLS::Ciphersuite::by_id(), Botan::TLS::Session_Base::ciphersuite_code(), Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_and_check(), Botan::BER_Decoder::decode_integer_type(), Botan::BER_Decoder::decode_list(), lifetime_hint(), Botan::X509::load_key(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::OctetString, Botan::BER_Decoder::start_sequence(), Botan::TLS::Session_Base::start_time(), and Botan::ASN1_String::value().

◆ Session() [5/5]

Botan::TLS::Session::Session ( std::string_view pem)
explicit

Load a session from PEM representation (created by PEM_encode)

Parameters
pemPEM representation

Definition at line 302 of file tls_session.cpp.

302: Session(PEM_Code::decode_check_label(pem, "TLS SESSION")) {}
Session(const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49

Member Function Documentation

◆ ciphersuite()

Ciphersuite Botan::TLS::Session_Base::ciphersuite ( ) const
inherited

Get the ciphersuite info of the negotiated TLS session

Definition at line 86 of file tls_session.cpp.

86 {
88 if(!suite.has_value()) {
89 throw Decoding_Error("Failed to find cipher suite for ID " + std::to_string(m_ciphersuite));
90 }
91 return suite.value();
92}

References Botan::TLS::Ciphersuite::by_id(), and Botan::TLS::Session_Base::m_ciphersuite.

◆ ciphersuite_code()

uint16_t Botan::TLS::Session_Base::ciphersuite_code ( ) const
inlineinherited

Get the ciphersuite code of the negotiated TLS session

Definition at line 177 of file tls_session.h.

177{ return m_ciphersuite; }

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and Session().

◆ decrypt() [1/2]

static Session Botan::TLS::Session::decrypt ( const uint8_t ctext[],
size_t ctext_size,
const SymmetricKey & key )
inlinestatic

Decrypt a session created by encrypt

Parameters
ctextthe ciphertext returned by encrypt
ctext_sizethe size of ctext in bytes
keythe same key used by the encrypting side

Definition at line 416 of file tls_session.h.

416 {
417 return Session::decrypt(std::span(ctext, ctext_size), key);
418 }
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)

Referenced by Botan::TLS::Session_Manager_SQL::find_some(), Botan::TLS::Session_Manager_SQL::retrieve_one(), and Botan::TLS::Session_Manager_Stateless::retrieve_one().

◆ decrypt() [2/2]

Session Botan::TLS::Session::decrypt ( std::span< const uint8_t > ctext,
const SymmetricKey & key )
static

Decrypt a session created by encrypt

Parameters
ctextthe ciphertext returned by encrypt
keythe same key used by the encrypting side

Definition at line 474 of file tls_session.cpp.

474 {
475 try {
476 const size_t min_session_size = 48 + 4; // serious under-estimate
477 if(in.size() < TLS_SESSION_CRYPT_OVERHEAD + min_session_size) {
478 throw Decoding_Error("Encrypted session too short to be valid");
479 }
480
481 BufferSlicer sub(in);
482 const auto magic = sub.take(TLS_SESSION_CRYPT_MAGIC_LEN).data();
483 const auto key_name = sub.take(TLS_SESSION_CRYPT_KEY_NAME_LEN).data();
484 const auto key_seed = sub.take(TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN).data();
485 const auto aead_nonce = sub.take(TLS_SESSION_CRYPT_AEAD_NONCE_LEN).data();
486 auto ctext = sub.copy_as_secure_vector(sub.remaining());
487
488 if(load_be<uint64_t>(magic, 0) != TLS_SESSION_CRYPT_MAGIC) {
489 throw Decoding_Error("Missing expected magic numbers");
490 }
491
492 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
493 hmac->set_key(key);
494
495 // First derive and check the "key name"
496 std::vector<uint8_t> cmp_key_name(hmac->output_length());
497 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
498 hmac->final(cmp_key_name.data());
499
500 if(CT::is_equal(cmp_key_name.data(), key_name, TLS_SESSION_CRYPT_KEY_NAME_LEN).as_bool() == false) {
501 throw Decoding_Error("Wrong key name for encrypted session");
502 }
503
504 hmac->update(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
505 const secure_vector<uint8_t> aead_key = hmac->final();
506
507 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Decryption);
508 aead->set_key(aead_key);
509 aead->set_associated_data(in.data(), TLS_SESSION_CRYPT_HDR_LEN);
510 aead->start(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
511 aead->finish(ctext, 0);
512 return Session(ctext);
513 } catch(std::exception& e) {
514 throw Decoding_Error("Failed to decrypt serialized TLS session: " + std::string(e.what()));
515 }
516}
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:43
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:148
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:788
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

References Botan::BufferSlicer::copy_as_secure_vector(), Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::Decryption, Botan::CT::is_equal(), Botan::load_be(), Botan::BufferSlicer::remaining(), Session(), and Botan::BufferSlicer::take().

◆ DER_encode()

secure_vector< uint8_t > Botan::TLS::Session::DER_encode ( ) const

Encode this session data for storage

Warning
if the master secret is compromised so is the session traffic

Definition at line 368 of file tls_session.cpp.

368 {
369 const auto raw_pubkey_or_empty =
370 m_peer_raw_public_key ? m_peer_raw_public_key->subject_public_key() : std::vector<uint8_t>{};
371
372 return DER_Encoder()
373 .start_sequence()
374 .encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
375 .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
376 .encode(static_cast<size_t>(m_version.major_version()))
377 .encode(static_cast<size_t>(m_version.minor_version()))
378 .encode(static_cast<size_t>(m_ciphersuite))
379 .encode(static_cast<size_t>(m_connection_side))
381 .encode(m_encrypt_then_mac)
382 .encode(m_master_secret, ASN1_Type::OctetString)
383 .start_sequence()
384 .encode_list(m_peer_certs)
385 .end_cons()
386 .encode(raw_pubkey_or_empty, ASN1_Type::OctetString)
387 .encode(ASN1_String(m_server_info.hostname(), ASN1_Type::Utf8String))
388 .encode(ASN1_String(m_server_info.service(), ASN1_Type::Utf8String))
389 .encode(static_cast<size_t>(m_server_info.port()))
390 .encode(static_cast<size_t>(m_srtp_profile))
391
392 // the fields below were introduced for TLS 1.3 session tickets
393 .encode(m_early_data_allowed)
394 .encode(static_cast<size_t>(m_max_early_data_bytes))
395 .encode(static_cast<size_t>(m_ticket_age_add))
396 .encode(static_cast<size_t>(m_lifetime_hint.count()))
397 .end_cons()
398 .get_contents();
399}
uint8_t major_version() const
Definition tls_version.h:89
uint8_t minor_version() const
Definition tls_version.h:94

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::encode_list(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::get_contents(), Botan::TLS::Server_Information::hostname(), Botan::TLS::Session_Base::m_ciphersuite, Botan::TLS::Session_Base::m_connection_side, Botan::TLS::Session_Base::m_encrypt_then_mac, Botan::TLS::Session_Base::m_extended_master_secret, Botan::TLS::Session_Base::m_peer_certs, Botan::TLS::Session_Base::m_peer_raw_public_key, Botan::TLS::Session_Base::m_server_info, Botan::TLS::Session_Base::m_srtp_profile, Botan::TLS::Session_Base::m_start_time, Botan::TLS::Session_Base::m_version, Botan::TLS::Protocol_Version::major_version(), Botan::TLS::Protocol_Version::minor_version(), Botan::OctetString, Botan::TLS::Server_Information::port(), Botan::TLS::Server_Information::service(), Botan::DER_Encoder::start_sequence(), and Botan::Utf8String.

Referenced by encrypt(), and PEM_encode().

◆ dtls_srtp_profile()

uint16_t Botan::TLS::Session_Base::dtls_srtp_profile ( ) const
inlineinherited

Get the negotiated DTLS-SRTP algorithm (RFC 5764)

Definition at line 192 of file tls_session.h.

192{ return m_srtp_profile; }

◆ encrypt()

std::vector< uint8_t > Botan::TLS::Session::encrypt ( const SymmetricKey & key,
RandomNumberGenerator & rng ) const

Encrypt a session (useful for serialization or session tickets)

Definition at line 431 of file tls_session.cpp.

431 {
432 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
433 hmac->set_key(key);
434
435 // First derive the "key name"
436 std::vector<uint8_t> key_name(hmac->output_length());
437 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
438 hmac->final(key_name.data());
439 key_name.resize(TLS_SESSION_CRYPT_KEY_NAME_LEN);
440
441 std::vector<uint8_t> aead_nonce;
442 std::vector<uint8_t> key_seed;
443
444 rng.random_vec(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
445 rng.random_vec(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
446
447 hmac->update(key_seed);
448 const secure_vector<uint8_t> aead_key = hmac->final();
449
450 secure_vector<uint8_t> bits = this->DER_encode();
451
452 // create the header
453 std::vector<uint8_t> buf;
454 buf.reserve(TLS_SESSION_CRYPT_OVERHEAD + bits.size());
455 buf.resize(TLS_SESSION_CRYPT_MAGIC_LEN);
456 store_be(TLS_SESSION_CRYPT_MAGIC, &buf[0]);
457 buf += key_name;
458 buf += key_seed;
459 buf += aead_nonce;
460
461 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Encryption);
462 BOTAN_ASSERT_NOMSG(aead->valid_nonce_length(TLS_SESSION_CRYPT_AEAD_NONCE_LEN));
463 BOTAN_ASSERT_NOMSG(aead->tag_size() == TLS_SESSION_CRYPT_AEAD_TAG_SIZE);
464 aead->set_key(aead_key);
465 aead->set_associated_data(buf);
466 aead->start(aead_nonce);
467 aead->finish(bits, 0);
468
469 // append the ciphertext
470 buf += bits;
471 return buf;
472}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
secure_vector< uint8_t > DER_encode() const
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:773

References BOTAN_ASSERT_NOMSG, Botan::AEAD_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), DER_encode(), Botan::Encryption, Botan::RandomNumberGenerator::random_vec(), and Botan::store_be().

Referenced by Botan::TLS::Session_Manager_Stateless::establish(), and Botan::TLS::Session_Manager_SQL::store().

◆ extract_master_secret()

secure_vector< uint8_t > Botan::TLS::Session::extract_master_secret ( )

Get the contained master secret as a moved-out object

Definition at line 405 of file tls_session.cpp.

405 {
406 BOTAN_STATE_CHECK(!m_master_secret.empty());
407 return std::exchange(m_master_secret, {});
408}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41

References BOTAN_STATE_CHECK.

◆ lifetime_hint()

std::chrono::seconds Botan::TLS::Session::lifetime_hint ( ) const
inline
Returns
the lifetime of the ticket as defined by the TLS server

Definition at line 462 of file tls_session.h.

462{ return m_lifetime_hint; }

Referenced by Session(), and Botan::TLS::Callbacks::tls_should_persist_resumption_information().

◆ master_secret()

const secure_vector< uint8_t > & Botan::TLS::Session::master_secret ( ) const
inline

Get a reference to the contained master secret

Definition at line 437 of file tls_session.h.

437{ return m_master_secret; }

◆ max_early_data_bytes()

uint32_t Botan::TLS::Session::max_early_data_bytes ( ) const
inline

Return the number of bytes allowed for 0-RTT early data

Definition at line 457 of file tls_session.h.

457{ return m_max_early_data_bytes; }

◆ peer_certs()

const std::vector< X509_Certificate > & Botan::TLS::Session_Base::peer_certs ( ) const
inlineinherited

Return the certificate chain of the peer (possibly empty)

Definition at line 209 of file tls_session.h.

209{ return m_peer_certs; }

◆ peer_raw_public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Session_Base::peer_raw_public_key ( ) const
inlineinherited

Return the raw public key of the peer (possibly empty)

Definition at line 214 of file tls_session.h.

214{ return m_peer_raw_public_key; }

◆ PEM_encode()

std::string Botan::TLS::Session::PEM_encode ( ) const

Encode this session data for storage

Warning
if the master secret is compromised so is the session traffic

Definition at line 401 of file tls_session.cpp.

401 {
402 return PEM_Code::encode(this->DER_encode(), "TLS SESSION");
403}
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References DER_encode(), and Botan::PEM_Code::encode().

◆ server_info()

const Server_Information & Botan::TLS::Session_Base::server_info ( ) const
inlineinherited

Get information about the TLS server

Returns information that identifies the server side of the connection. This is useful for the client in that it identifies what was originally passed to the constructor. For the server, it includes the name the client specified in the server name indicator extension.

Definition at line 224 of file tls_session.h.

224{ return m_server_info; }

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Session_Manager_SQL::store().

◆ session_age_add()

uint32_t Botan::TLS::Session::session_age_add ( ) const
inline

Return the ticket obfuscation adder

Definition at line 452 of file tls_session.h.

452{ return m_ticket_age_add; }

◆ side()

Connection_Side Botan::TLS::Session_Base::side ( ) const
inlineinherited

Get which side of the connection we are/were acting as.

Definition at line 187 of file tls_session.h.

187{ return m_connection_side; }

Referenced by Botan::TLS::Session_Manager::establish(), and Botan::TLS::Session_Manager_Stateless::establish().

◆ start_time()

std::chrono::system_clock::time_point Botan::TLS::Session_Base::start_time ( ) const
inlineinherited

Get the wall clock time this session began

Definition at line 167 of file tls_session.h.

167{ return m_start_time; }

Referenced by Session(), and Botan::TLS::Session_Manager_SQL::store().

◆ supports_early_data()

bool Botan::TLS::Session::supports_early_data ( ) const
inline

Get whether the saved session supports sending/receiving of early data

Definition at line 447 of file tls_session.h.

447{ return m_early_data_allowed; }

◆ supports_encrypt_then_mac()

bool Botan::TLS::Session_Base::supports_encrypt_then_mac ( ) const
inlineinherited

Returns true if a TLS 1.2 session negotiated "encrypt then MAC"; TLS 1.3 sessions will always return false as they always use an AEAD.

Definition at line 198 of file tls_session.h.

198{ return m_encrypt_then_mac; }

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().

◆ supports_extended_master_secret()

bool Botan::TLS::Session_Base::supports_extended_master_secret ( ) const
inlineinherited

Returns true if a TLS 1.2 session negotiated "extended master secret"; TLS 1.3 sessions will always return true (see RFC 8446 Appendix D).

Definition at line 204 of file tls_session.h.

204{ return m_extended_master_secret; }

◆ version()

Protocol_Version Botan::TLS::Session_Base::version ( ) const
inlineinherited

Member Data Documentation

◆ m_ciphersuite

uint16_t Botan::TLS::Session_Base::m_ciphersuite
protectedinherited

Definition at line 230 of file tls_session.h.

Referenced by Botan::TLS::Session_Base::ciphersuite(), DER_encode(), and Session().

◆ m_connection_side

Connection_Side Botan::TLS::Session_Base::m_connection_side
protectedinherited

Definition at line 231 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_encrypt_then_mac

bool Botan::TLS::Session_Base::m_encrypt_then_mac
protectedinherited

Definition at line 235 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_extended_master_secret

bool Botan::TLS::Session_Base::m_extended_master_secret
protectedinherited

Definition at line 234 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_peer_certs

std::vector<X509_Certificate> Botan::TLS::Session_Base::m_peer_certs
protectedinherited

Definition at line 237 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_peer_raw_public_key

std::shared_ptr<const Public_Key> Botan::TLS::Session_Base::m_peer_raw_public_key
protectedinherited

Definition at line 238 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_server_info

Server_Information Botan::TLS::Session_Base::m_server_info
protectedinherited

Definition at line 239 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_srtp_profile

uint16_t Botan::TLS::Session_Base::m_srtp_profile
protectedinherited

Definition at line 232 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_start_time

std::chrono::system_clock::time_point Botan::TLS::Session_Base::m_start_time
protectedinherited

Definition at line 227 of file tls_session.h.

Referenced by DER_encode(), and Session().

◆ m_version

Protocol_Version Botan::TLS::Session_Base::m_version
protectedinherited

Definition at line 229 of file tls_session.h.

Referenced by DER_encode(), Session(), and Session().


The documentation for this class was generated from the following files: