Botan 3.8.1
Crypto and TLS for C&
tls_session.cpp
Go to the documentation of this file.
1/*
2* TLS Session State
3* (C) 2011-2012,2015,2019 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/tls_session.h>
9
10#include <botan/aead.h>
11#include <botan/asn1_obj.h>
12#include <botan/ber_dec.h>
13#include <botan/der_enc.h>
14#include <botan/mac.h>
15#include <botan/pem.h>
16#include <botan/rng.h>
17#include <botan/tls_callbacks.h>
18#include <botan/tls_messages.h>
19#include <botan/x509_key.h>
20#include <botan/internal/ct_utils.h>
21#include <botan/internal/loadstor.h>
22#include <botan/internal/stl_util.h>
23
24#include <utility>
25
26namespace Botan::TLS {
27
28void Session_Handle::validate_constraints() const {
29 std::visit(overloaded{
30 [](const Session_ID& id) {
31 // RFC 5246 7.4.1.2
32 // opaque SessionID<0..32>;
33 BOTAN_ARG_CHECK(!id.empty(), "Session ID must not be empty");
34 BOTAN_ARG_CHECK(id.size() <= 32, "Session ID cannot be longer than 32 bytes");
35 },
36 [](const Session_Ticket& ticket) {
37 BOTAN_ARG_CHECK(!ticket.empty(), "Ticket most not be empty");
38 BOTAN_ARG_CHECK(ticket.size() <= std::numeric_limits<uint16_t>::max(),
39 "Ticket cannot be longer than 64kB");
40 },
41 [](const Opaque_Session_Handle& handle) {
42 // RFC 8446 4.6.1
43 // opaque ticket<1..2^16-1>;
44 BOTAN_ARG_CHECK(!handle.empty(), "Opaque session handle must not be empty");
45 BOTAN_ARG_CHECK(handle.size() <= std::numeric_limits<uint16_t>::max(),
46 "Opaque session handle cannot be longer than 64kB");
47 },
48 },
49 m_handle);
50}
51
52Opaque_Session_Handle Session_Handle::opaque_handle() const {
53 // both a Session_ID and a Session_Ticket could be an Opaque_Session_Handle
54 return Opaque_Session_Handle(std::visit([](const auto& handle) { return handle.get(); }, m_handle));
55}
56
57std::optional<Session_ID> Session_Handle::id() const {
58 if(is_id()) {
59 return std::get<Session_ID>(m_handle);
60 }
61
62 // Opaque handles can mimick as a Session_ID if they are short enough
63 if(is_opaque_handle()) {
64 const auto& handle = std::get<Opaque_Session_Handle>(m_handle);
65 if(handle.size() <= 32) {
66 return Session_ID(handle.get());
67 }
68 }
69
70 return std::nullopt;
71}
72
73std::optional<Session_Ticket> Session_Handle::ticket() const {
74 if(is_ticket()) {
75 return std::get<Session_Ticket>(m_handle);
76 }
77
78 // Opaque handles can mimick 'normal' Session_Tickets at any time
79 if(is_opaque_handle()) {
80 return Session_Ticket(std::get<Opaque_Session_Handle>(m_handle).get());
81 }
82
83 return std::nullopt;
84}
85
86Ciphersuite Session_Base::ciphersuite() const {
87 auto suite = Ciphersuite::by_id(m_ciphersuite);
88 if(!suite.has_value()) {
89 throw Decoding_Error("Failed to find cipher suite for ID " + std::to_string(m_ciphersuite));
90 }
91 return suite.value();
92}
93
94Session_Summary::Session_Summary(const Session_Base& base,
95 bool was_resumption,
96 std::optional<std::string> psk_identity) :
97 Session_Base(base), m_external_psk_identity(std::move(psk_identity)), m_was_resumption(was_resumption) {
98 BOTAN_ARG_CHECK(version().is_pre_tls_13(), "Instantiated a TLS 1.2 session summary with an newer TLS version");
99
100 const auto cs = ciphersuite();
101 m_kex_algo = cs.kex_algo();
102}
103
104#if defined(BOTAN_HAS_TLS_13)
105
106namespace {
107
108std::string tls13_kex_to_string(bool psk, std::optional<Named_Group> group) {
109 if(psk && group) {
110 if(group->is_dh_named_group()) {
111 return kex_method_to_string(Kex_Algo::DHE_PSK);
112 } else if(group->is_ecdh_named_curve() || group->is_x25519() || group->is_x448()) {
113 return kex_method_to_string(Kex_Algo::ECDHE_PSK);
114 } else if(group->is_pure_ml_kem() || group->is_pure_frodokem()) {
115 return kex_method_to_string(Kex_Algo::KEM_PSK);
116 } else if(group->is_pqc_hybrid()) {
117 return kex_method_to_string(Kex_Algo::HYBRID_PSK);
118 } else if(auto s = group->to_string()) {
119 return *s;
120 }
121 } else if(psk) {
122 return kex_method_to_string(Kex_Algo::PSK);
123 } else {
124 BOTAN_ASSERT_NOMSG(group.has_value());
125 if(group->is_dh_named_group()) {
126 return kex_method_to_string(Kex_Algo::DH);
127 } else if(group->is_ecdh_named_curve() || group->is_x25519() || group->is_x448()) {
128 return kex_method_to_string(Kex_Algo::ECDH);
129 } else if(group->is_pure_ml_kem() || group->is_pure_frodokem()) {
130 return kex_method_to_string(Kex_Algo::KEM);
131 } else if(group->is_pqc_hybrid()) {
132 return kex_method_to_string(Kex_Algo::HYBRID);
133 } else if(auto s = group->to_string()) {
134 return *s;
135 }
136 }
137
138 return kex_method_to_string(Kex_Algo::UNDEFINED);
139}
140
141} // namespace
142
143Session_Summary::Session_Summary(const Server_Hello_13& server_hello,
144 Connection_Side side,
145 std::vector<X509_Certificate> peer_certs,
146 std::shared_ptr<const Public_Key> peer_raw_public_key,
147 std::optional<std::string> psk_identity,
148 bool session_was_resumed,
149 Server_Information server_info,
150 std::chrono::system_clock::time_point current_timestamp) :
151 Session_Base(current_timestamp,
152 server_hello.selected_version(),
153 server_hello.ciphersuite(),
154 side,
155
156 // TODO: SRTP might become necessary when DTLS 1.3 is being implemented
157 0,
158
159 // RFC 8446 Appendix D
160 // Because TLS 1.3 always hashes in the transcript up to the server
161 // Finished, implementations which support both TLS 1.3 and earlier
162 // versions SHOULD indicate the use of the Extended Master Secret
163 // extension in their APIs whenever TLS 1.3 is used.
164 true,
165
166 // TLS 1.3 uses AEADs, so technically encrypt-then-MAC is not applicable.
167 false,
168 std::move(peer_certs),
169 std::move(peer_raw_public_key),
170 std::move(server_info)),
171 m_external_psk_identity(std::move(psk_identity)),
172 m_was_resumption(session_was_resumed) {
173 BOTAN_ARG_CHECK(version().is_tls_13_or_later(), "Instantiated a TLS 1.3 session summary with an older TLS version");
174 set_session_id(server_hello.session_id());
175
176 // In TLS 1.3 the key exchange algorithm is not negotiated in the ciphersuite
177 // anymore. This provides a compatible identifier for applications to use.
178
179 std::optional<Named_Group> group = [&]() -> std::optional<Named_Group> {
180 if(psk_used() || was_resumption()) {
181 if(const auto keyshare = server_hello.extensions().get<Key_Share>()) {
182 return keyshare->selected_group();
183 } else {
184 return {};
185 }
186 } else {
187 const auto keyshare = server_hello.extensions().get<Key_Share>();
188 BOTAN_ASSERT_NONNULL(keyshare);
189 return keyshare->selected_group();
190 }
191 }();
192
193 if(group.has_value()) {
194 m_kex_parameters = group->to_string();
195 }
196
197 m_kex_algo = tls13_kex_to_string(psk_used() || was_resumption(), group);
198}
199
200#endif
201
202Session::Session(const secure_vector<uint8_t>& master_secret,
203 Protocol_Version version,
204 uint16_t ciphersuite,
205 Connection_Side side,
206 bool extended_master_secret,
207 bool encrypt_then_mac,
208 const std::vector<X509_Certificate>& certs,
209 const Server_Information& server_info,
210 uint16_t srtp_profile,
211 std::chrono::system_clock::time_point current_timestamp,
212 std::chrono::seconds lifetime_hint) :
213 Session_Base(current_timestamp,
214 version,
215 ciphersuite,
216 side,
217 srtp_profile,
218 extended_master_secret,
219 encrypt_then_mac,
220 certs,
221 nullptr, // RFC 7250 (raw public keys) is NYI for TLS 1.2
222 server_info),
223 m_master_secret(master_secret),
224 m_early_data_allowed(false),
225 m_max_early_data_bytes(0),
226 m_ticket_age_add(0),
227 m_lifetime_hint(lifetime_hint) {
228 BOTAN_ARG_CHECK(version.is_pre_tls_13(), "Instantiated a TLS 1.2 session object with a TLS version newer than 1.2");
229}
230
231#if defined(BOTAN_HAS_TLS_13)
232
233Session::Session(const secure_vector<uint8_t>& session_psk,
234 const std::optional<uint32_t>& max_early_data_bytes,
235 uint32_t ticket_age_add,
236 std::chrono::seconds lifetime_hint,
237 Protocol_Version version,
238 uint16_t ciphersuite,
239 Connection_Side side,
240 const std::vector<X509_Certificate>& peer_certs,
241 std::shared_ptr<const Public_Key> peer_raw_public_key,
242 const Server_Information& server_info,
243 std::chrono::system_clock::time_point current_timestamp) :
244 Session_Base(current_timestamp,
245 version,
246 ciphersuite,
247 side,
248
249 // TODO: SRTP might become necessary when DTLS 1.3 is being implemented
250 0,
251
252 // RFC 8446 Appendix D
253 // Because TLS 1.3 always hashes in the transcript up to the server
254 // Finished, implementations which support both TLS 1.3 and earlier
255 // versions SHOULD indicate the use of the Extended Master Secret
256 // extension in their APIs whenever TLS 1.3 is used.
257 true,
258
259 // TLS 1.3 uses AEADs, so technically encrypt-then-MAC is not applicable.
260 false,
261 peer_certs,
262 std::move(peer_raw_public_key),
263 server_info),
264 m_master_secret(session_psk),
265 m_early_data_allowed(max_early_data_bytes.has_value()),
266 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
267 m_ticket_age_add(ticket_age_add),
268 m_lifetime_hint(lifetime_hint) {
269 BOTAN_ARG_CHECK(!version.is_pre_tls_13(), "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
270}
271
272Session::Session(secure_vector<uint8_t>&& session_psk,
273 const std::optional<uint32_t>& max_early_data_bytes,
274 std::chrono::seconds lifetime_hint,
275 const std::vector<X509_Certificate>& peer_certs,
276 std::shared_ptr<const Public_Key> peer_raw_public_key,
277 const Client_Hello_13& client_hello,
278 const Server_Hello_13& server_hello,
279 Callbacks& callbacks,
280 RandomNumberGenerator& rng) :
281 Session_Base(callbacks.tls_current_timestamp(),
282 server_hello.selected_version(),
283 server_hello.ciphersuite(),
284 Connection_Side::Server,
285 0,
286 true,
287 false, // see constructor above for rationales
288 peer_certs,
289 std::move(peer_raw_public_key),
290 Server_Information(client_hello.sni_hostname())),
291 m_master_secret(std::move(session_psk)),
292 m_early_data_allowed(max_early_data_bytes.has_value()),
293 m_max_early_data_bytes(max_early_data_bytes.value_or(0)),
294 m_ticket_age_add(load_be<uint32_t>(rng.random_vec(4).data(), 0)),
295 m_lifetime_hint(lifetime_hint) {
296 BOTAN_ARG_CHECK(!m_version.is_pre_tls_13(),
297 "Instantiated a TLS 1.3 session object with a TLS version older than 1.3");
298}
299
300#endif
301
302Session::Session(std::string_view pem) : Session(PEM_Code::decode_check_label(pem, "TLS SESSION")) {}
303
304Session::Session(std::span<const uint8_t> ber_data) {
305 uint8_t side_code = 0;
306
307 std::vector<uint8_t> raw_pubkey_or_empty;
308
309 ASN1_String server_hostname;
310 ASN1_String server_service;
311 size_t server_port;
312
313 uint8_t major_version = 0, minor_version = 0;
314
315 size_t start_time = 0;
316 size_t srtp_profile = 0;
317 uint16_t ciphersuite_code = 0;
318 uint64_t lifetime_hint = 0;
319
320 BER_Decoder(ber_data.data(), ber_data.size())
321 .start_sequence()
322 .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
323 "Unknown version in serialized TLS session")
324 .decode_integer_type(start_time)
325 .decode_integer_type(major_version)
326 .decode_integer_type(minor_version)
327 .decode_integer_type(ciphersuite_code)
328 .decode_integer_type(side_code)
329 .decode(m_extended_master_secret)
330 .decode(m_encrypt_then_mac)
331 .decode(m_master_secret, ASN1_Type::OctetString)
332 .decode_list<X509_Certificate>(m_peer_certs)
333 .decode(raw_pubkey_or_empty, ASN1_Type::OctetString)
334 .decode(server_hostname)
335 .decode(server_service)
336 .decode(server_port)
337 .decode(srtp_profile)
338 .decode(m_early_data_allowed)
339 .decode_integer_type(m_max_early_data_bytes)
340 .decode_integer_type(m_ticket_age_add)
341 .decode_integer_type(lifetime_hint)
342 .end_cons()
343 .verify_end();
344
345 if(!Ciphersuite::by_id(ciphersuite_code)) {
346 throw Decoding_Error(
347 "Serialized TLS session contains unknown cipher suite "
348 "(" +
349 std::to_string(ciphersuite_code) + ")");
350 }
351
352 m_ciphersuite = ciphersuite_code;
353 m_version = Protocol_Version(major_version, minor_version);
354 m_start_time = std::chrono::system_clock::from_time_t(start_time);
355 m_connection_side = static_cast<Connection_Side>(side_code);
356 m_srtp_profile = static_cast<uint16_t>(srtp_profile);
357
358 m_server_info =
359 Server_Information(server_hostname.value(), server_service.value(), static_cast<uint16_t>(server_port));
360
361 if(!raw_pubkey_or_empty.empty()) {
362 m_peer_raw_public_key = X509::load_key(raw_pubkey_or_empty);
363 }
364
365 m_lifetime_hint = std::chrono::seconds(lifetime_hint);
366}
367
368secure_vector<uint8_t> Session::DER_encode() const {
369 const auto raw_pubkey_or_empty =
370 m_peer_raw_public_key ? m_peer_raw_public_key->subject_public_key() : std::vector<uint8_t>{};
371
372 return DER_Encoder()
373 .start_sequence()
374 .encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
375 .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
376 .encode(static_cast<size_t>(m_version.major_version()))
377 .encode(static_cast<size_t>(m_version.minor_version()))
378 .encode(static_cast<size_t>(m_ciphersuite))
379 .encode(static_cast<size_t>(m_connection_side))
380 .encode(m_extended_master_secret)
381 .encode(m_encrypt_then_mac)
382 .encode(m_master_secret, ASN1_Type::OctetString)
383 .start_sequence()
384 .encode_list(m_peer_certs)
385 .end_cons()
386 .encode(raw_pubkey_or_empty, ASN1_Type::OctetString)
387 .encode(ASN1_String(m_server_info.hostname(), ASN1_Type::Utf8String))
388 .encode(ASN1_String(m_server_info.service(), ASN1_Type::Utf8String))
389 .encode(static_cast<size_t>(m_server_info.port()))
390 .encode(static_cast<size_t>(m_srtp_profile))
391
392 // the fields below were introduced for TLS 1.3 session tickets
393 .encode(m_early_data_allowed)
394 .encode(static_cast<size_t>(m_max_early_data_bytes))
395 .encode(static_cast<size_t>(m_ticket_age_add))
396 .encode(static_cast<size_t>(m_lifetime_hint.count()))
397 .end_cons()
398 .get_contents();
399}
400
401std::string Session::PEM_encode() const {
402 return PEM_Code::encode(this->DER_encode(), "TLS SESSION");
403}
404
405secure_vector<uint8_t> Session::extract_master_secret() {
406 BOTAN_STATE_CHECK(!m_master_secret.empty());
407 return std::exchange(m_master_secret, {});
408}
409
410namespace {
411
412// The output length of the HMAC must be a valid keylength for the AEAD
413const char* const TLS_SESSION_CRYPT_HMAC = "HMAC(SHA-512-256)";
414// SIV would be better, but we can't assume it is available
415const char* const TLS_SESSION_CRYPT_AEAD = "AES-256/GCM";
416const char* const TLS_SESSION_CRYPT_KEY_NAME = "BOTAN TLS SESSION KEY NAME";
417const uint64_t TLS_SESSION_CRYPT_MAGIC = 0x068B5A9D396C0000;
418const size_t TLS_SESSION_CRYPT_MAGIC_LEN = 8;
419const size_t TLS_SESSION_CRYPT_KEY_NAME_LEN = 4;
420const size_t TLS_SESSION_CRYPT_AEAD_NONCE_LEN = 12;
421const size_t TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN = 16;
422const size_t TLS_SESSION_CRYPT_AEAD_TAG_SIZE = 16;
423
424const size_t TLS_SESSION_CRYPT_HDR_LEN = TLS_SESSION_CRYPT_MAGIC_LEN + TLS_SESSION_CRYPT_KEY_NAME_LEN +
425 TLS_SESSION_CRYPT_AEAD_NONCE_LEN + TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN;
426
427const size_t TLS_SESSION_CRYPT_OVERHEAD = TLS_SESSION_CRYPT_HDR_LEN + TLS_SESSION_CRYPT_AEAD_TAG_SIZE;
428
429} // namespace
430
431std::vector<uint8_t> Session::encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const {
432 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
433 hmac->set_key(key);
434
435 // First derive the "key name"
436 std::vector<uint8_t> key_name(hmac->output_length());
437 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
438 hmac->final(key_name.data());
439 key_name.resize(TLS_SESSION_CRYPT_KEY_NAME_LEN);
440
441 std::vector<uint8_t> aead_nonce;
442 std::vector<uint8_t> key_seed;
443
444 rng.random_vec(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
445 rng.random_vec(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
446
447 hmac->update(key_seed);
448 const secure_vector<uint8_t> aead_key = hmac->final();
449
450 secure_vector<uint8_t> bits = this->DER_encode();
451
452 // create the header
453 std::vector<uint8_t> buf;
454 buf.reserve(TLS_SESSION_CRYPT_OVERHEAD + bits.size());
455 buf.resize(TLS_SESSION_CRYPT_MAGIC_LEN);
456 store_be(TLS_SESSION_CRYPT_MAGIC, &buf[0]);
457 buf += key_name;
458 buf += key_seed;
459 buf += aead_nonce;
460
461 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Encryption);
462 BOTAN_ASSERT_NOMSG(aead->valid_nonce_length(TLS_SESSION_CRYPT_AEAD_NONCE_LEN));
463 BOTAN_ASSERT_NOMSG(aead->tag_size() == TLS_SESSION_CRYPT_AEAD_TAG_SIZE);
464 aead->set_key(aead_key);
465 aead->set_associated_data(buf);
466 aead->start(aead_nonce);
467 aead->finish(bits, 0);
468
469 // append the ciphertext
470 buf += bits;
471 return buf;
472}
473
474Session Session::decrypt(std::span<const uint8_t> in, const SymmetricKey& key) {
475 try {
476 const size_t min_session_size = 48 + 4; // serious under-estimate
477 if(in.size() < TLS_SESSION_CRYPT_OVERHEAD + min_session_size) {
478 throw Decoding_Error("Encrypted session too short to be valid");
479 }
480
481 BufferSlicer sub(in);
482 const auto magic = sub.take(TLS_SESSION_CRYPT_MAGIC_LEN).data();
483 const auto key_name = sub.take(TLS_SESSION_CRYPT_KEY_NAME_LEN).data();
484 const auto key_seed = sub.take(TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN).data();
485 const auto aead_nonce = sub.take(TLS_SESSION_CRYPT_AEAD_NONCE_LEN).data();
486 auto ctext = sub.copy_as_secure_vector(sub.remaining());
487
488 if(load_be<uint64_t>(magic, 0) != TLS_SESSION_CRYPT_MAGIC) {
489 throw Decoding_Error("Missing expected magic numbers");
490 }
491
492 auto hmac = MessageAuthenticationCode::create_or_throw(TLS_SESSION_CRYPT_HMAC);
493 hmac->set_key(key);
494
495 // First derive and check the "key name"
496 std::vector<uint8_t> cmp_key_name(hmac->output_length());
497 hmac->update(TLS_SESSION_CRYPT_KEY_NAME);
498 hmac->final(cmp_key_name.data());
499
500 if(CT::is_equal(cmp_key_name.data(), key_name, TLS_SESSION_CRYPT_KEY_NAME_LEN).as_bool() == false) {
501 throw Decoding_Error("Wrong key name for encrypted session");
502 }
503
504 hmac->update(key_seed, TLS_SESSION_CRYPT_AEAD_KEY_SEED_LEN);
505 const secure_vector<uint8_t> aead_key = hmac->final();
506
507 auto aead = AEAD_Mode::create_or_throw(TLS_SESSION_CRYPT_AEAD, Cipher_Dir::Decryption);
508 aead->set_key(aead_key);
509 aead->set_associated_data(in.data(), TLS_SESSION_CRYPT_HDR_LEN);
510 aead->start(aead_nonce, TLS_SESSION_CRYPT_AEAD_NONCE_LEN);
511 aead->finish(ctext, 0);
512 return Session(ctext);
513 } catch(std::exception& e) {
514 throw Decoding_Error("Failed to decrypt serialized TLS session: " + std::string(e.what()));
515 }
516}
517
518} // namespace Botan::TLS
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:61
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:43
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:88
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31
Botan::AEAD_Mode::create_or_throw
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:44
Botan::ASN1_String
Definition asn1_obj.h:423
Botan::ASN1_String::value
const std::string & value() const
Definition asn1_obj.h:430
Botan::BER_Decoder
Definition ber_dec.h:21
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &out)
Definition ber_dec.h:185
Botan::BER_Decoder::decode_list
BER_Decoder & decode_list(std::vector< T > &out, ASN1_Type type_tag=ASN1_Type::Sequence, ASN1_Class class_tag=ASN1_Class::Universal)
Definition ber_dec.h:378
Botan::BER_Decoder::start_sequence
BER_Decoder start_sequence()
Definition ber_dec.h:122
Botan::BER_Decoder::decode_and_check
BER_Decoder & decode_and_check(const T &expected, std::string_view error_msg)
Definition ber_dec.h:271
Botan::BER_Decoder::decode_integer_type
BER_Decoder & decode_integer_type(T &out)
Definition ber_dec.h:239
Botan::BufferSlicer::remaining
size_t remaining() const
Definition stl_util.h:128
Botan::BufferSlicer::copy_as_secure_vector
auto copy_as_secure_vector(const size_t count)
Definition stl_util.h:97
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:99
Botan::DER_Encoder
Definition der_enc.h:22
Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:132
Botan::DER_Encoder::encode_list
DER_Encoder & encode_list(const std::vector< T > &values)
Definition der_enc.h:131
Botan::DER_Encoder::start_sequence
DER_Encoder & start_sequence()
Definition der_enc.h:64
Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition der_enc.cpp:171
Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
Botan::Decoding_Error
Definition exceptn.h:191
Botan::MessageAuthenticationCode::create_or_throw
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:148
Botan::RandomNumberGenerator::random_vec
void random_vec(std::span< uint8_t > v)
Definition rng.h:196
Botan::TLS::Ciphersuite::by_id
static std::optional< Ciphersuite > by_id(uint16_t suite)
Definition tls_ciphersuite.cpp:91
Botan::TLS::Client_Hello_13
Definition tls_messages.h:218
Botan::TLS::Protocol_Version
Definition tls_version.h:34
Botan::TLS::Server_Hello_13
Definition tls_messages.h:400
Botan::TLS::Server_Information
Definition tls_server_info.h:19
Botan::TLS::Session_Base
Definition tls_session.h:136
Botan::TLS::Session_Base::m_peer_certs
std::vector< X509_Certificate > m_peer_certs
Definition tls_session.h:236
Botan::TLS::Session_Base::m_srtp_profile
uint16_t m_srtp_profile
Definition tls_session.h:231
Botan::TLS::Session_Base::Session_Base
Session_Base(std::chrono::system_clock::time_point start_time, Protocol_Version version, uint16_t ciphersuite, Connection_Side connection_side, uint16_t srtp_profile, bool extended_master_secret, bool encrypt_then_mac, std::vector< X509_Certificate > peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, Server_Information server_info)
Definition tls_session.h:138
Botan::TLS::Session_Base::peer_raw_public_key
std::shared_ptr< const Public_Key > peer_raw_public_key() const
Definition tls_session.h:213
Botan::TLS::Session_Base::m_extended_master_secret
bool m_extended_master_secret
Definition tls_session.h:233
Botan::TLS::Session_Base::version
Protocol_Version version() const
Definition tls_session.h:171
Botan::TLS::Session_Base::side
Connection_Side side() const
Definition tls_session.h:186
Botan::TLS::Session_Base::m_ciphersuite
uint16_t m_ciphersuite
Definition tls_session.h:229
Botan::TLS::Session_Base::m_version
Protocol_Version m_version
Definition tls_session.h:228
Botan::TLS::Session_Base::m_encrypt_then_mac
bool m_encrypt_then_mac
Definition tls_session.h:234
Botan::TLS::Session_Base::m_start_time
std::chrono::system_clock::time_point m_start_time
Definition tls_session.h:226
Botan::TLS::Session_Base::m_server_info
Server_Information m_server_info
Definition tls_session.h:238
Botan::TLS::Session_Base::start_time
std::chrono::system_clock::time_point start_time() const
Definition tls_session.h:166
Botan::TLS::Session_Base::ciphersuite_code
uint16_t ciphersuite_code() const
Definition tls_session.h:176
Botan::TLS::Session_Base::ciphersuite
Ciphersuite ciphersuite() const
Definition tls_session.cpp:86
Botan::TLS::Session_Base::peer_certs
const std::vector< X509_Certificate > & peer_certs() const
Definition tls_session.h:208
Botan::TLS::Session_Base::server_info
const Server_Information & server_info() const
Definition tls_session.h:223
Botan::TLS::Session_Base::m_peer_raw_public_key
std::shared_ptr< const Public_Key > m_peer_raw_public_key
Definition tls_session.h:237
Botan::TLS::Session_Base::m_connection_side
Connection_Side m_connection_side
Definition tls_session.h:230
Botan::TLS::Session_Handle::ticket
std::optional< Session_Ticket > ticket() const
Definition tls_session.cpp:73
Botan::TLS::Session_Handle::is_id
bool is_id() const
Definition tls_session.h:90
Botan::TLS::Session_Handle::get
decltype(auto) get() const
Definition tls_session.h:118
Botan::TLS::Session_Handle::is_ticket
bool is_ticket() const
Definition tls_session.h:92
Botan::TLS::Session_Handle::is_opaque_handle
bool is_opaque_handle() const
Definition tls_session.h:94
Botan::TLS::Session_Handle::opaque_handle
Opaque_Session_Handle opaque_handle() const
Definition tls_session.cpp:52
Botan::TLS::Session_Handle::id
std::optional< Session_ID > id() const
Definition tls_session.cpp:57
Botan::TLS::Session::DER_encode
secure_vector< uint8_t > DER_encode() const
Definition tls_session.cpp:368
Botan::TLS::Session::encrypt
std::vector< uint8_t > encrypt(const SymmetricKey &key, RandomNumberGenerator &rng) const
Definition tls_session.cpp:431
Botan::TLS::Session::lifetime_hint
std::chrono::seconds lifetime_hint() const
Definition tls_session.h:461
Botan::TLS::Session::decrypt
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
Definition tls_session.h:415
Botan::TLS::Session::PEM_encode
std::string PEM_encode() const
Definition tls_session.cpp:401
Botan::TLS::Session::Session
Session(const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
Definition tls_session.cpp:202
Botan::TLS::Session::master_secret
const secure_vector< uint8_t > & master_secret() const
Definition tls_session.h:436
Botan::TLS::Session::extract_master_secret
secure_vector< uint8_t > extract_master_secret()
Definition tls_session.cpp:405
Botan::TLS::Session::max_early_data_bytes
uint32_t max_early_data_bytes() const
Definition tls_session.h:456
Botan::X509_Certificate
Definition x509cert.h:36
Botan::CT::is_equal
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:789
Botan::PEM_Code
Definition pem.cpp:15
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
Botan::TLS::kex_method_to_string
std::string kex_method_to_string(Kex_Algo method)
Definition tls_algos.cpp:28
Botan::TLS::Session_ID
Strong< std::vector< uint8_t >, struct Session_ID_ > Session_ID
holds a TLS 1.2 session ID for stateful resumption
Definition tls_session.h:31
Botan::TLS::Session_Ticket
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
Definition tls_session.h:34
Botan::TLS::Opaque_Session_Handle
Strong< std::vector< uint8_t >, struct Opaque_Session_Handle_ > Opaque_Session_Handle
holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumpt...
Definition tls_session.h:38
Botan::X509::load_key
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28
Botan::SymmetricKey
OctetString SymmetricKey
Definition symkey.h:140
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745
Botan::overloaded
overloaded(Ts...) -> overloaded< Ts... >
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504
Generated by doxygen 1.13.2