Botan 3.11.0
Crypto and TLS for C&
tls_session.cpp
Go to the documentation of this file.
1/*
2* TLS Session State
3* (C) 2011-2012,2015,2019 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/tls_session.h>
9
10#include <botan/aead.h>
11#include <botan/asn1_obj.h>
12#include <botan/ber_dec.h>
13#include <botan/der_enc.h>
14#include <botan/mac.h>
15#include <botan/pem.h>
16#include <botan/rng.h>
17#include <botan/tls_callbacks.h>
18#include <botan/x509_key.h>
19#include <botan/x509cert.h>
20#include <botan/internal/buffer_slicer.h>
21#include <botan/internal/ct_utils.h>
22#include <botan/internal/loadstor.h>
23#include <botan/internal/stl_util.h>
24
25#if defined(BOTAN_HAS_TLS_13)
26 #include <botan/tls_extensions_13.h>
27 #include <botan/tls_messages_13.h>
28#endif
29
30#include <utility>
31
32namespace Botan::TLS {
33
34void Session_Handle::validate_constraints() const {
35 std::visit(overloaded{
36 [](const Session_ID& id) {
37 // RFC 5246 7.4.1.2
38 // opaque SessionID<0..32>;
39 BOTAN_ARG_CHECK(!id.empty(), "Session ID must not be empty");
40 BOTAN_ARG_CHECK(id.size() <= 32, "Session ID cannot be longer than 32 bytes");
41 },
42 [](const Session_Ticket& ticket) {
43 BOTAN_ARG_CHECK(!ticket.empty(), "Ticket most not be empty");
44 BOTAN_ARG_CHECK(ticket.size() <= std::numeric_limits<uint16_t>::max(),
45 "Ticket cannot be longer than 64kB");
46 },
47 [](const Opaque_Session_Handle& handle) {
48 // RFC 8446 4.6.1
49 // opaque ticket<1..2^16-1>;
50 BOTAN_ARG_CHECK(!handle.empty(), "Opaque session handle must not be empty");
51 BOTAN_ARG_CHECK(handle.size() <= std::numeric_limits<uint16_t>::max(),
52 "Opaque session handle cannot be longer than 64kB");
53 },
54 },
55 m_handle);
56}
57
58Opaque_Session_Handle Session_Handle::opaque_handle() const {
59 // both a Session_ID and a Session_Ticket could be an Opaque_Session_Handle
60 return Opaque_Session_Handle(std::visit([](const auto& handle) { return handle.get(); }, m_handle));
61}
62
63std::optional<Session_ID> Session_Handle::id() const {
64 if(is_id()) {
65 return std::get<Session_ID>(m_handle);
66 }
67
68 // Opaque handles can mimic as a Session_ID if they are short enough
69 if(is_opaque_handle()) {
70 const auto& handle = std::get<Opaque_Session_Handle>(m_handle);
71 if(handle.size() <= 32) {
72 return Session_ID(handle.get());
73 }
74 }
75
76 return std::nullopt;
77}
78
79std::optional<Session_Ticket> Session_Handle::ticket() const {
80 if(is_ticket()) {
81 return std::get<Session_Ticket>(m_handle);
82 }
83
84 // Opaque handles can mimic 'normal' Session_Tickets at any time
85 if(is_opaque_handle()) {
86 return Session_Ticket(std::get<Opaque_Session_Handle>(m_handle).get());
87 }
88
89 return std::nullopt;
90}
91
92Session_Base::Session_Base() = default;
93
94Session_Base::~Session_Base() = default;
95
96Session_Base::Session_Base(const Session_Base& other) = default;
97Session_Base& Session_Base::operator=(const Session_Base& other) = default;
98
99Session_Base::Session_Base(Session_Base&& other) noexcept = default;
100Session_Base& Session_Base::operator=(Session_Base&& other) noexcept = default;
101
102Session_Base::Session_Base(std::chrono::system_clock::time_point start_time,
103 Protocol_Version version,
104 uint16_t ciphersuite,
105 Connection_Side connection_side,
106 uint16_t srtp_profile,
107 bool extended_master_secret,
108 bool encrypt_then_mac,
109 const std::vector<X509_Certificate>& peer_certs,
110 std::shared_ptr<const Public_Key> peer_raw_public_key,
111 Server_Information server_info) :
112 m_start_time(start_time),
113 m_version(version),
114 m_ciphersuite(ciphersuite),
115 m_connection_side(connection_side),
116 m_srtp_profile(srtp_profile),
117 m_extended_master_secret(extended_master_secret),
118 m_encrypt_then_mac(encrypt_then_mac),
119 m_peer_certs(peer_certs),
120 m_peer_raw_public_key(std::move(peer_raw_public_key)),
121 m_server_info(std::move(server_info)) {}
122
123Ciphersuite Session_Base::ciphersuite() const {
124 auto suite = Ciphersuite::by_id(m_ciphersuite);
125 if(!suite.has_value()) {
126 throw Decoding_Error("Failed to find cipher suite for ID " + std::to_string(m_ciphersuite));
127 }
128 return suite.value();
129}
130
131Session_Summary::Session_Summary(const Session_Base& base,
132 bool was_resumption,
133 std::optional<std::string> psk_identity) :
134 Session_Base(base), m_external_psk_identity(std::move(psk_identity)), m_was_resumption(was_resumption) {
135 BOTAN_ARG_CHECK(version().is_pre_tls_13(), "Instantiated a TLS 1.2 session summary with an newer TLS version");
136
137 const auto cs = ciphersuite();
138 m_kex_algo = cs.kex_algo();
139}
140
141#if defined(BOTAN_HAS_TLS_13)
142
143namespace {
144
145std::string tls13_kex_to_string(bool psk, std::optional<Named_Group> group) {
146 if(psk && group) {
147 if(group->is_dh_named_group()) {
148 return kex_method_to_string(Kex_Algo::DHE_PSK);
149 } else if(group->is_ecdh_named_curve() || group->is_x25519() || group->is_x448()) {
150 return kex_method_to_string(Kex_Algo::ECDHE_PSK);
151 } else if(group->is_pure_ml_kem() || group->is_pure_frodokem()) {
152 return kex_method_to_string(Kex_Algo::KEM_PSK);
153 } else if(group->is_pqc_hybrid()) {
154 return kex_method_to_string(Kex_Algo::HYBRID_PSK);
155 } else if(auto s = group->to_string()) {
156 return *s;
157 }
158 } else if(psk) {
159 return kex_method_to_string(Kex_Algo::PSK);
160 } else {
161 BOTAN_ASSERT_NOMSG(group.has_value());
162 if(group->is_dh_named_group()) {
163 return kex_method_to_string(Kex_Algo::DH);
164 } else if(group->is_ecdh_named_curve() || group->is_x25519() || group->is_x448()) {
165 return kex_method_to_string(Kex_Algo::ECDH);
166 } else if(group->is_pure_ml_kem() || group->is_pure_frodokem()) {
167 return kex_method_to_string(Kex_Algo::KEM);
168 } else if(group->is_pqc_hybrid()) {
169 return kex_method_to_string(Kex_Algo::HYBRID);
170 } else if(auto s = group->to_string()) {
171 return *s;
172 }
173 }
174
175 return kex_method_to_string(Kex_Algo::UNDEFINED);
176}
177
178} // namespace
179
180Session_Summary::Session_Summary(const Server_Hello_13& server_hello,
181 Connection_Side side,
182 const std::vector<X509_Certificate>& peer_certs,
183 std::shared_ptr<const Public_Key> peer_raw_public_key,
184 std::optional<std::string> psk_identity,
185 bool session_was_resumed,
186 Server_Information server_info,
187 std::chrono::system_clock::time_point current_timestamp) :
188 Session_Base(current_timestamp,
189 server_hello.selected_version(),
190 server_hello.ciphersuite(),
191 side,
192
193 // TODO: SRTP might become necessary when DTLS 1.3 is being implemented
194 0,
195
196 // RFC 8446 Appendix D
197 // Because TLS 1.3 always hashes in the transcript up to the server
198 // Finished, implementations which support both TLS 1.3 and earlier
199 // versions SHOULD indicate the use of the Extended Master Secret
200 // extension in their APIs whenever TLS 1.3 is used.
201 true,
202
203 // TLS 1.3 uses AEADs, so technically encrypt-then-MAC is not applicable.
204 false,
205 peer_certs,
206 std::move(peer_raw_public_key),
207 std::move(server_info)),
208 m_external_psk_identity(std::move(psk_identity)),
209 m_was_resumption(session_was_resumed) {
210 BOTAN_ARG_CHECK(version().is_tls_13_or_later(), "Instantiated a TLS 1.3 session summary with an older TLS version");
211 set_session_id(server_hello.session_id());
212
213 // In TLS 1.3 the key exchange algorithm is not negotiated in the ciphersuite
214 // anymore. This provides a compatible identifier for applications to use.
215
216 std::optional<Named_Group> group = [&]() -> std::optional<Named_Group> {
217 if(psk_used() || was_resumption()) {
218 if(auto* const keyshare = server_hello.extensions().get<Key_Share>()) {
219 return keyshare->selected_group();
220 } else {
221 return {};
222 }
223 } else {
224 auto* const keyshare = server_hello.extensions().get<Key_Share>();
225 BOTAN_ASSERT_NONNULL(keyshare);
226 return keyshare->selected_group();
227 }
228 }();
229
230 if(group.has_value()) {
231 m_kex_parameters = group->to_string();
232 }
233
234 m_kex_algo = tls13_kex_to_string(psk_used() || was_resumption(), group);
235}
236
237#endif
238
239Session::Session(const secure_vector<uint8_t>& master_secret,
240 Protocol_Version version,
241 uint16_t ciphersuite,
242 Connection_Side side,
243 bool extended_master_secret,
244 bool encrypt_then_mac,
245 const std::vector<X509_Certificate>& certs,
246 const Server_Information& server_info,
247 uint16_t srtp_profile,
248 std::chrono::system_clock::time_point current_timestamp,
249 std::chrono::seconds lifetime_hint) :
250 Session_Base(current_timestamp,
251 version,
252 ciphersuite,
253 side,
254 srtp_profile,
255 extended_master_secret,
256 encrypt_then_mac,
257 certs,
258 nullptr, // RFC 7250 (raw public keys) is NYI for TLS 1.2
259 server_info),
260 m_master_secret(master_secret),
261 m_early_data_allowed(false),
262 m_max_early_data_bytes(0),
263 m_ticket_age_add(0),
264 m_lifetime_hint(lifetime_hint) {
265 BOTAN_ARG_CHECK(version.is_pre_tls_13(), "Instantiated a TLS 1.2 session object with a TLS version newer than 1.2");
266}
267
268#if defined(BOTAN_HAS_TLS_13)
269
270Session::Session(const secure_vector<uint8_t>& session_psk,
271 const std::optional<uint32_t>& max_early_data_bytes,
272 uint32_t ticket_age_add,
273 std::chrono::seconds lifetime_hint,
274 Protocol_Version version,
275 uint16_t ciphersuite,
276 Connection_Side side,
277 const std::vector<X509_Certificate>& peer_certs,
278 std::shared_ptr<const Public_Key> peer_raw_public_key,
279 const Server_Information& server_info,
280 std::chrono::system_clock::time_point current_timestamp) :
281 Session_Base(current_timestamp,
282 version,
283 ciphersuite,
284 side,
285
286 // TODO: SRTP might become necessary when DTLS 1.3 is being implemented
287 0,
288
289 // RFC 8446 Appendix D
290 // Because TLS 1.3 always hashes in the transcript up to the server
291 // Finished, implementations which support both TLS 1.3 and earlier
292 // versions SHOULD indicate the use of the Extended Master Secret
293 // extension in their APIs whenever TLS 1.3 is used.
294 true,
295
296 // TLS 1.3 uses AEADs, so technically encrypt-then-MAC is not applicable.
297 false,
298 peer_certs,
299 std::move(peer_raw_public_key),
300 server_info),
301 m_master_secret(session_psk),
302 m_early_data_allowed(max_early_data_bytes.has_value()),
303 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
304 m_ticket_age_add(ticket_age_add),
305 m_lifetime_hint(lifetime_hint) {
306 BOTAN_ARG_CHECK(!version.is_pre_tls_13(), "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
307}
308
309Session::Session(secure_vector<uint8_t>&& session_psk,
310 const std::optional<uint32_t>& max_early_data_bytes,
311 std::chrono::seconds lifetime_hint,
312 const std::vector<X509_Certificate>& peer_certs,
313 std::shared_ptr<const Public_Key> peer_raw_public_key,
314 const Client_Hello_13& client_hello,
315 const Server_Hello_13& server_hello,
316 Callbacks& callbacks,
317 RandomNumberGenerator& rng) :
318 Session_Base(callbacks.tls_current_timestamp(),
319 server_hello.selected_version(),
320 server_hello.ciphersuite(),
321 Connection_Side::Server,
322 0,
323 true,
324 false, // see constructor above for rationales
325 peer_certs,
326 std::move(peer_raw_public_key),
327 Server_Information(client_hello.sni_hostname())),
328 m_master_secret(std::move(session_psk)),
329 m_early_data_allowed(max_early_data_bytes.has_value()),
330 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
331 m_ticket_age_add(load_be<uint32_t>(rng.random_vec(4).data(), 0)),
332 m_lifetime_hint(lifetime_hint) {
333 BOTAN_ARG_CHECK(!m_version.is_pre_tls_13(),
334 "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
335}
336
337#endif
338
339Session::Session(std::string_view pem) : Session(PEM_Code::decode_check_label(pem, "TLS SESSION")) {}
340
341Session::Session(std::span<const uint8_t> ber_data) /* NOLINT(*-member-init) */ {
342 uint8_t side_code = 0;
343
344 std::vector<uint8_t> raw_pubkey_or_empty;
345
346 ASN1_String server_hostname;
347 ASN1_String server_service;
348 size_t server_port = 0;
349
350 uint8_t major_version = 0;
351 uint8_t minor_version = 0;
352
353 size_t start_time = 0;
354 size_t srtp_profile = 0;
355 uint16_t ciphersuite_code = 0;
356 uint64_t lifetime_hint = 0;
357
358 BER_Decoder(ber_data.data(), ber_data.size())
359 .start_sequence()
360 .decode_and_check(TLS_SESSION_PARAM_STRUCT_VERSION, "Unknown version in serialized TLS session")
361 .decode_integer_type(start_time)
362 .decode_integer_type(major_version)
363 .decode_integer_type(minor_version)
364 .decode_integer_type(ciphersuite_code)
365 .decode_integer_type(side_code)
366 .decode(m_extended_master_secret)
367 .decode(m_encrypt_then_mac)
368 .decode(m_master_secret, ASN1_Type::OctetString)
369 .decode_list<X509_Certificate>(m_peer_certs)
370 .decode(raw_pubkey_or_empty, ASN1_Type::OctetString)
371 .decode(server_hostname)
372 .decode(server_service)
373 .decode(server_port)
374 .decode(srtp_profile)
375 .decode(m_early_data_allowed)
376 .decode_integer_type(m_max_early_data_bytes)
377 .decode_integer_type(m_ticket_age_add)
378 .decode_integer_type(lifetime_hint)
379 .end_cons()
380 .verify_end();
381
382 if(!Ciphersuite::by_id(ciphersuite_code)) {
383 throw Decoding_Error(
384 "Serialized TLS session contains unknown cipher suite "
385 "(" +
386 std::to_string(ciphersuite_code) + ")");
387 }
388
389 m_ciphersuite = ciphersuite_code;
390 m_version = Protocol_Version(major_version, minor_version);
391 m_start_time = std::chrono::system_clock::from_time_t(start_time);
392 m_connection_side = static_cast<Connection_Side>(side_code);
393 m_srtp_profile = static_cast<uint16_t>(srtp_profile);
394
395 m_server_info =
396 Server_Information(server_hostname.value(), server_service.value(), static_cast<uint16_t>(server_port));
397
398 if(!raw_pubkey_or_empty.empty()) {
399 m_peer_raw_public_key = X509::load_key(raw_pubkey_or_empty);
400 }
401
402 m_lifetime_hint = std::chrono::seconds(lifetime_hint);
403}
404
405secure_vector<uint8_t> Session::DER_encode() const {
406 const auto raw_pubkey_or_empty =
407 m_peer_raw_public_key ? m_peer_raw_public_key->subject_public_key() : std::vector<uint8_t>{};
408
409 return DER_Encoder()
410 .start_sequence()
411 .encode(TLS_SESSION_PARAM_STRUCT_VERSION)
412 .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
413 .encode(static_cast<size_t>(m_version.major_version()))
414 .encode(static_cast<size_t>(m_version.minor_version()))
415 .encode(static_cast<size_t>(m_ciphersuite))
416 .encode(static_cast<size_t>(m_connection_side))
417 .encode(m_extended_master_secret)
418 .encode(m_encrypt_then_mac)
419 .encode(m_master_secret, ASN1_Type::OctetString)
420 .start_sequence()
421 .encode_list(m_peer_certs)
422 .end_cons()
423 .encode(raw_pubkey_or_empty, ASN1_Type::OctetString)
424 .encode(ASN1_String(m_server_info.hostname(), ASN1_Type::Utf8String))
425 .encode(ASN1_String(m_server_info.service(), ASN1_Type::Utf8String))
426 .encode(static_cast<size_t>(m_server_info.port()))
427 .encode(static_cast<size_t>(m_srtp_profile))
428
429 // the fields below were introduced for TLS 1.3 session tickets
430 .encode(m_early_data_allowed)
431 .encode(static_cast<size_t>(m_max_early_data_bytes))
432 .encode(static_cast<size_t>(m_ticket_age_add))
433 .encode(static_cast<size_t>(m_lifetime_hint.count()))
434 .end_cons()
435 .get_contents();
436}
437
438std::string Session::PEM_encode() const {
439 return PEM_Code::encode(this->DER_encode(), "TLS SESSION");
440}
441
442secure_vector<uint8_t> Session::extract_master_secret() {
443 BOTAN_STATE_CHECK(!m_master_secret.empty());
444 return std::exchange(m_master_secret, {});
445}
446
447namespace {
448
449// The output length of the HMAC must be a valid keylength for the AEAD
450const char* const TLS_SESSION_CRYPT_HMAC = "HMAC(SHA-512-256)";
451// SIV would be better, but we can't assume it is available
452const char* const TLS_SESSION_CRYPT_AEAD = "AES-256/GCM";
453const char* const TLS_SESSION_CRYPT_KEY_NAME = "BOTAN TLS SESSION KEY NAME";
454const uint64_t TLS_SESSION_CRYPT_MAGIC = 0x068B5A9D396C0000;
455const size_t TLS_SESSION_CRYPT_MAGIC_LEN = 8;
456const size_t TLS_SESSION_CRYPT_KEY_NAME_LEN = 4;
457const size_t TLS_SESSION_CRYPT_AEAD_NONCE_LEN = 12;
458const size_t TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN = 16;
459const size_t TLS_SESSION_CRYPT_AEAD_TAG_SIZE = 16;
460
461const size_t TLS_SESSION_CRYPT_HDR_LEN = TLS_SESSION_CRYPT_MAGIC_LEN + TLS_SESSION_CRYPT_KEY_NAME_LEN +
462 TLS_SESSION_CRYPT_AEAD_NONCE_LEN + TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN;
463
464const size_t TLS_SESSION_CRYPT_OVERHEAD = TLS_SESSION_CRYPT_HDR_LEN + TLS_SESSION_CRYPT_AEAD_TAG_SIZE;
465
466} // namespace
467
468std::vector<uint8_t> Session::encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const {
469 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
470 hmac->set_key(key);
471
472 // First derive the "key name"
473 std::vector<uint8_t> key_name(hmac->output_length());
474 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
475 hmac->final(key_name.data());
476 key_name.resize(TLS_SESSION_CRYPT_KEY_NAME_LEN);
477
478 std::vector<uint8_t> aead_nonce;
479 std::vector<uint8_t> key_seed;
480
481 rng.random_vec(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
482 rng.random_vec(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
483
484 hmac->update(key_seed);
485 const secure_vector<uint8_t> aead_key = hmac->final();
486
487 secure_vector<uint8_t> bits = this->DER_encode();
488
489 // create the header
490 std::vector<uint8_t> buf;
491 buf.reserve(TLS_SESSION_CRYPT_OVERHEAD + bits.size());
492 buf.resize(TLS_SESSION_CRYPT_MAGIC_LEN);
493 store_be(TLS_SESSION_CRYPT_MAGIC, &buf[0]); // NOLINT(*container-data-pointer)
494 buf += key_name;
495 buf += key_seed;
496 buf += aead_nonce;
497
498 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Encryption);
499 BOTAN_ASSERT_NOMSG(aead->valid_nonce_length(TLS_SESSION_CRYPT_AEAD_NONCE_LEN));
500 BOTAN_ASSERT_NOMSG(aead->tag_size() == TLS_SESSION_CRYPT_AEAD_TAG_SIZE);
501 aead->set_key(aead_key);
502 aead->set_associated_data(buf);
503 aead->start(aead_nonce);
504 aead->finish(bits, 0);
505
506 // append the ciphertext
507 buf += bits;
508 return buf;
509}
510
511Session Session::decrypt(std::span<const uint8_t> in, const SymmetricKey& key) {
512 try {
513 const size_t min_session_size = 48 + 4; // serious under-estimate
514 if(in.size() < TLS_SESSION_CRYPT_OVERHEAD + min_session_size) {
515 throw Decoding_Error("Encrypted session too short to be valid");
516 }
517
518 BufferSlicer sub(in);
519 const auto* const magic = sub.take(TLS_SESSION_CRYPT_MAGIC_LEN).data();
520 const auto* const key_name = sub.take(TLS_SESSION_CRYPT_KEY_NAME_LEN).data();
521 const auto* const key_seed = sub.take(TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN).data();
522 const auto* const aead_nonce = sub.take(TLS_SESSION_CRYPT_AEAD_NONCE_LEN).data();
523 auto ctext = sub.copy_as_secure_vector(sub.remaining());
524
525 if(load_be<uint64_t>(magic, 0) != TLS_SESSION_CRYPT_MAGIC) {
526 throw Decoding_Error("Missing expected magic numbers");
527 }
528
529 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
530 hmac->set_key(key);
531
532 // First derive and check the "key name"
533 std::vector<uint8_t> cmp_key_name(hmac->output_length());
534 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
535 hmac->final(cmp_key_name.data());
536
537 if(CT::is_equal(cmp_key_name.data(), key_name, TLS_SESSION_CRYPT_KEY_NAME_LEN).as_bool() == false) {
538 throw Decoding_Error("Wrong key name for encrypted session");
539 }
540
541 hmac->update(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
542 const secure_vector<uint8_t> aead_key = hmac->final();
543
544 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Decryption);
545 aead->set_key(aead_key);
546 aead->set_associated_data(in.data(), TLS_SESSION_CRYPT_HDR_LEN);
547 aead->start(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
548 aead->finish(ctext, 0);
549 return Session(ctext);
550 } catch(std::exception& e) {
551 throw Decoding_Error("Failed to decrypt serialized TLS session: " + std::string(e.what()));
552 }
553}
554
555} // namespace Botan::TLS
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::AEAD_Mode::create_or_throw
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:49
Botan::ASN1_String
Definition asn1_obj.h:358
Botan::ASN1_String::value
const std::string & value() const
Definition asn1_obj.h:365
Botan::BER_Decoder
Definition ber_dec.h:25
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &out)
Definition ber_dec.h:188
Botan::BER_Decoder::decode_list
BER_Decoder & decode_list(std::vector< T > &out, ASN1_Type type_tag=ASN1_Type::Sequence, ASN1_Class class_tag=ASN1_Class::Universal)
Definition ber_dec.h:397
Botan::BER_Decoder::start_sequence
BER_Decoder start_sequence()
Definition ber_dec.h:128
Botan::BER_Decoder::decode_and_check
BER_Decoder & decode_and_check(const T &expected, std::string_view error_msg)
Definition ber_dec.h:282
Botan::BER_Decoder::decode_integer_type
BER_Decoder & decode_integer_type(T &out)
Definition ber_dec.h:242
Botan::BufferSlicer::remaining
size_t remaining() const
Definition buffer_slicer.h:66
Botan::BufferSlicer::copy_as_secure_vector
auto copy_as_secure_vector(const size_t count)
Definition buffer_slicer.h:35
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition buffer_slicer.h:37
Botan::DER_Encoder
Definition der_enc.h:25
Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:134
Botan::DER_Encoder::encode_list
DER_Encoder & encode_list(const std::vector< T > &values)
Definition der_enc.h:140
Botan::DER_Encoder::start_sequence
DER_Encoder & start_sequence()
Definition der_enc.h:67
Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition der_enc.cpp:173
Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition der_enc.cpp:252
Botan::Decoding_Error
Definition exceptn.h:192
Botan::MessageAuthenticationCode::create_or_throw
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:147
Botan::RandomNumberGenerator::random_vec
void random_vec(std::span< uint8_t > v)
Definition rng.h:204
Botan::TLS::Ciphersuite::by_id
static std::optional< Ciphersuite > by_id(uint16_t suite)
Definition tls_ciphersuite.cpp:98
Botan::TLS::Client_Hello_13
Definition tls_messages_13.h:29
Botan::TLS::Protocol_Version
Definition tls_version.h:34
Botan::TLS::Server_Hello_13
Definition tls_messages_13.h:80
Botan::TLS::Server_Information
Definition tls_server_info.h:19
Botan::TLS::Session_Base
Definition tls_session.h:42
Botan::TLS::Session_Base::m_peer_certs
std::vector< X509_Certificate > m_peer_certs
Definition tls_session.h:140
Botan::TLS::Session_Base::Session_Base
Session_Base(std::chrono::system_clock::time_point start_time, Protocol_Version version, uint16_t ciphersuite, Connection_Side connection_side, uint16_t srtp_profile, bool extended_master_secret, bool encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, Server_Information server_info)
Definition tls_session.cpp:102
Botan::TLS::Session_Base::m_srtp_profile
uint16_t m_srtp_profile
Definition tls_session.h:135
Botan::TLS::Session_Base::~Session_Base
~Session_Base()
Botan::TLS::Session_Base::peer_raw_public_key
std::shared_ptr< const Public_Key > peer_raw_public_key() const
Definition tls_session.h:117
Botan::TLS::Session_Base::m_extended_master_secret
bool m_extended_master_secret
Definition tls_session.h:137
Botan::TLS::Session_Base::version
Protocol_Version version() const
Definition tls_session.h:75
Botan::TLS::Session_Base::side
Connection_Side side() const
Definition tls_session.h:90
Botan::TLS::Session_Base::m_ciphersuite
uint16_t m_ciphersuite
Definition tls_session.h:133
Botan::TLS::Session_Base::m_version
Protocol_Version m_version
Definition tls_session.h:132
Botan::TLS::Session_Base::m_encrypt_then_mac
bool m_encrypt_then_mac
Definition tls_session.h:138
Botan::TLS::Session_Base::m_start_time
std::chrono::system_clock::time_point m_start_time
Definition tls_session.h:130
Botan::TLS::Session_Base::m_server_info
Server_Information m_server_info
Definition tls_session.h:142
Botan::TLS::Session_Base::start_time
std::chrono::system_clock::time_point start_time() const
Definition tls_session.h:70
Botan::TLS::Session_Base::ciphersuite_code
uint16_t ciphersuite_code() const
Definition tls_session.h:80
Botan::TLS::Session_Base::operator=
Session_Base & operator=(const Session_Base &other)
Botan::TLS::Session_Base::ciphersuite
Ciphersuite ciphersuite() const
Definition tls_session.cpp:123
Botan::TLS::Session_Base::peer_certs
const std::vector< X509_Certificate > & peer_certs() const
Definition tls_session.h:112
Botan::TLS::Session_Base::Session_Base
Session_Base()
Botan::TLS::Session_Base::server_info
const Server_Information & server_info() const
Definition tls_session.h:127
Botan::TLS::Session_Base::m_peer_raw_public_key
std::shared_ptr< const Public_Key > m_peer_raw_public_key
Definition tls_session.h:141
Botan::TLS::Session_Base::m_connection_side
Connection_Side m_connection_side
Definition tls_session.h:134
Botan::TLS::Session_Handle::ticket
std::optional< Session_Ticket > ticket() const
Definition tls_session.cpp:79
Botan::TLS::Session_Handle::is_id
bool is_id() const
Definition tls_session_id.h:82
Botan::TLS::Session_Handle::get
decltype(auto) get() const
Definition tls_session_id.h:110
Botan::TLS::Session_Handle::is_ticket
bool is_ticket() const
Definition tls_session_id.h:84
Botan::TLS::Session_Handle::is_opaque_handle
bool is_opaque_handle() const
Definition tls_session_id.h:86
Botan::TLS::Session_Handle::opaque_handle
Opaque_Session_Handle opaque_handle() const
Definition tls_session.cpp:58
Botan::TLS::Session_Handle::id
std::optional< Session_ID > id() const
Definition tls_session.cpp:63
Botan::TLS::Session::DER_encode
secure_vector< uint8_t > DER_encode() const
Definition tls_session.cpp:405
Botan::TLS::Session::encrypt
std::vector< uint8_t > encrypt(const SymmetricKey &key, RandomNumberGenerator &rng) const
Definition tls_session.cpp:468
Botan::TLS::Session::lifetime_hint
std::chrono::seconds lifetime_hint() const
Definition tls_session.h:365
Botan::TLS::Session::decrypt
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
Definition tls_session.h:319
Botan::TLS::Session::PEM_encode
std::string PEM_encode() const
Definition tls_session.cpp:438
Botan::TLS::Session::Session
Session(const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
Definition tls_session.cpp:239
Botan::TLS::Session::master_secret
const secure_vector< uint8_t > & master_secret() const
Definition tls_session.h:340
Botan::TLS::Session::extract_master_secret
secure_vector< uint8_t > extract_master_secret()
Definition tls_session.cpp:442
Botan::TLS::Session::max_early_data_bytes
uint32_t max_early_data_bytes() const
Definition tls_session.h:360
Botan::X509_Certificate
Definition x509cert.h:27
Botan::CT::is_equal
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:798
Botan::PEM_Code
Definition pem.cpp:15
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
Botan::TLS::kex_method_to_string
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:27
Botan::TLS::Session_ID
Strong< std::vector< uint8_t >, struct Session_ID_ > Session_ID
holds a TLS 1.2 session ID for stateful resumption
Definition tls_session_id.h:22
Botan::TLS::Session_Ticket
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
Definition tls_session_id.h:25
Botan::TLS::Opaque_Session_Handle
Strong< std::vector< uint8_t >, struct Opaque_Session_Handle_ > Opaque_Session_Handle
holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumpt...
Definition tls_session_id.h:29
Botan::X509::load_key
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28
Botan::SymmetricKey
OctetString SymmetricKey
Definition symkey.h:140
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745
Botan::overloaded
overloaded(Ts...) -> overloaded< Ts... >
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504
Generated by doxygen 1.15.0