Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Session_Keys Class Referencefinal

#include <tls_session_key.h>

Public Member Functions

const secure_vector< uint8_t > & aead_key (Connection_Side side) const
 
const secure_vector< uint8_t > & client_aead_key () const
 
const std::vector< uint8_t > & client_nonce () const
 
const secure_vector< uint8_t > & master_secret () const
 
const std::vector< uint8_t > & nonce (Connection_Side side) const
 
const secure_vector< uint8_t > & server_aead_key () const
 
const std::vector< uint8_t > & server_nonce () const
 
 Session_Keys ()=default
 
 Session_Keys (const Handshake_State *state, const secure_vector< uint8_t > &pre_master_secret, bool resuming)
 

Detailed Description

TLS Session Keys

Definition at line 23 of file tls_session_key.h.

Constructor & Destructor Documentation

◆ Session_Keys() [1/2]

Botan::TLS::Session_Keys::Session_Keys ( )
default

◆ Session_Keys() [2/2]

Botan::TLS::Session_Keys::Session_Keys ( const Handshake_State state,
const secure_vector< uint8_t > &  pre_master_secret,
bool  resuming 
)
Parameters
statestate the handshake state
pre_master_secretthe pre-master secret
resumingwhether this TLS session is resumed

Session_Keys Constructor

Definition at line 20 of file tls_session_key.cpp.

23 {
24 const size_t cipher_keylen = state->ciphersuite().cipher_keylen();
25 const size_t mac_keylen = state->ciphersuite().mac_keylen();
26 const size_t cipher_nonce_bytes = state->ciphersuite().nonce_bytes_from_handshake();
27
28 const bool extended_master_secret = state->server_hello()->supports_extended_master_secret();
29
30 const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes);
31
32 const uint8_t MASTER_SECRET_MAGIC[] = {
33 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 };
34
35 const uint8_t EXT_MASTER_SECRET_MAGIC[] = {
36 0x65, 0x78, 0x74, 0x65, 0x6E, 0x64, 0x65, 0x64, 0x20,
37 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 };
38
39 const uint8_t KEY_GEN_MAGIC[] = {
40 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E };
41
42 std::unique_ptr<KDF> prf(state->protocol_specific_prf());
43
44 if(resuming)
45 {
46 // This is actually the master secret saved as part of the session
47 m_master_sec = pre_master_secret;
48 }
49 else
50 {
51 std::vector<uint8_t> salt;
52 std::vector<uint8_t> label;
53 if(extended_master_secret)
54 {
55 label.assign(EXT_MASTER_SECRET_MAGIC, EXT_MASTER_SECRET_MAGIC + sizeof(EXT_MASTER_SECRET_MAGIC));
56 salt += state->hash().final(state->version(),
57 state->ciphersuite().prf_algo());
58 }
59 else
60 {
61 label.assign(MASTER_SECRET_MAGIC, MASTER_SECRET_MAGIC + sizeof(MASTER_SECRET_MAGIC));
62 salt += state->client_hello()->random();
63 salt += state->server_hello()->random();
64 }
65
66 m_master_sec = prf->derive_key(48, pre_master_secret, salt, label);
67 }
68
69 std::vector<uint8_t> salt;
70 std::vector<uint8_t> label;
71 label.assign(KEY_GEN_MAGIC, KEY_GEN_MAGIC + sizeof(KEY_GEN_MAGIC));
72 salt += state->server_hello()->random();
73 salt += state->client_hello()->random();
74
75 const secure_vector<uint8_t> prf_output = prf->derive_key(
76 prf_gen,
77 m_master_sec.data(), m_master_sec.size(),
78 salt.data(), salt.size(),
79 label.data(), label.size());
80
81 const uint8_t* key_data = prf_output.data();
82
83 m_c_aead.resize(mac_keylen + cipher_keylen);
84 m_s_aead.resize(mac_keylen + cipher_keylen);
85
86 copy_mem(&m_c_aead[0], key_data, mac_keylen);
87 copy_mem(&m_s_aead[0], key_data + mac_keylen, mac_keylen);
88
89 copy_mem(&m_c_aead[mac_keylen], key_data + 2*mac_keylen, cipher_keylen);
90 copy_mem(&m_s_aead[mac_keylen], key_data + 2*mac_keylen + cipher_keylen, cipher_keylen);
91
92 m_c_nonce.resize(cipher_nonce_bytes);
93 m_s_nonce.resize(cipher_nonce_bytes);
94
95 copy_mem(&m_c_nonce[0], key_data + 2*(mac_keylen + cipher_keylen), cipher_nonce_bytes);
96 copy_mem(&m_s_nonce[0], key_data + 2*(mac_keylen + cipher_keylen) + cipher_nonce_bytes, cipher_nonce_bytes);
97 }
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:133

References Botan::TLS::Ciphersuite::cipher_keylen(), Botan::TLS::Handshake_State::ciphersuite(), Botan::TLS::Handshake_State::client_hello(), Botan::copy_mem(), Botan::TLS::Handshake_Hash::final(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Ciphersuite::mac_keylen(), Botan::TLS::Ciphersuite::nonce_bytes_from_handshake(), Botan::TLS::Ciphersuite::prf_algo(), Botan::TLS::Handshake_State::protocol_specific_prf(), Botan::TLS::Handshake_State::server_hello(), and Botan::TLS::Handshake_State::version().

Member Function Documentation

◆ aead_key()

const secure_vector< uint8_t > & Botan::TLS::Session_Keys::aead_key ( Connection_Side  side) const
inline

Definition at line 51 of file tls_session_key.h.

52 {
54 }
const secure_vector< uint8_t > & server_aead_key() const
const secure_vector< uint8_t > & client_aead_key() const

References Botan::TLS::CLIENT, client_aead_key(), and server_aead_key().

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

◆ client_aead_key()

const secure_vector< uint8_t > & Botan::TLS::Session_Keys::client_aead_key ( ) const
inline
Returns
client AEAD key

Definition at line 29 of file tls_session_key.h.

29{ return m_c_aead; }

Referenced by aead_key().

◆ client_nonce()

const std::vector< uint8_t > & Botan::TLS::Session_Keys::client_nonce ( ) const
inline
Returns
client nonce

Definition at line 39 of file tls_session_key.h.

39{ return m_c_nonce; }

Referenced by nonce().

◆ master_secret()

const secure_vector< uint8_t > & Botan::TLS::Session_Keys::master_secret ( ) const
inline
Returns
TLS master secret

Definition at line 49 of file tls_session_key.h.

49{ return m_master_sec; }

◆ nonce()

const std::vector< uint8_t > & Botan::TLS::Session_Keys::nonce ( Connection_Side  side) const
inline

Definition at line 56 of file tls_session_key.h.

57 {
58 return (side == Connection_Side::CLIENT) ? client_nonce() : server_nonce();
59 }
const std::vector< uint8_t > & server_nonce() const
const std::vector< uint8_t > & client_nonce() const

References Botan::TLS::CLIENT, client_nonce(), and server_nonce().

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

◆ server_aead_key()

const secure_vector< uint8_t > & Botan::TLS::Session_Keys::server_aead_key ( ) const
inline
Returns
server AEAD key

Definition at line 34 of file tls_session_key.h.

34{ return m_s_aead; }

Referenced by aead_key().

◆ server_nonce()

const std::vector< uint8_t > & Botan::TLS::Session_Keys::server_nonce ( ) const
inline
Returns
server nonce

Definition at line 44 of file tls_session_key.h.

44{ return m_s_nonce; }

Referenced by nonce().


The documentation for this class was generated from the following files: