doxygen/tls__session_8h_source.html

 /*
 * TLS Session
 * (C) 2011-2012,2015 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

 #ifndef BOTAN_TLS_SESSION_STATE_H_
 #define BOTAN_TLS_SESSION_STATE_H_

 #include <botan/x509cert.h>
 #include <botan/tls_version.h>
 #include <botan/tls_ciphersuite.h>
 #include <botan/tls_magic.h>
 #include <botan/tls_server_info.h>
 #include <botan/secmem.h>
 #include <botan/symkey.h>
 #include <chrono>

 namespace Botan {

 namespace TLS {

 /**
 * Class representing a TLS session state
 */
 class BOTAN_PUBLIC_API(2,0) Session final
    {
    public:

       /**
       * Uninitialized session
       */
       Session() :
          m_start_time(std::chrono::system_clock::time_point::min()),
          m_version(),
          m_ciphersuite(0),
          m_connection_side(static_cast<Connection_Side>(0)),
          m_srtp_profile(0),
          m_extended_master_secret(false),
          m_encrypt_then_mac(false)
             {}

       /**
       * New session (sets session start time)
       */
       Session(const std::vector<uint8_t>& session_id,
               const secure_vector<uint8_t>& master_secret,
               Protocol_Version version,
               uint16_t ciphersuite,
               Connection_Side side,
               bool supports_extended_master_secret,
               bool supports_encrypt_then_mac,
               const std::vector<X509_Certificate>& peer_certs,
               const std::vector<uint8_t>& session_ticket,
               const Server_Information& server_info,
               const std::string& srp_identifier,
               uint16_t srtp_profile);

       /**
       * Load a session from DER representation (created by DER_encode)
       * @param ber DER representation buffer
       * @param ber_len size of buffer in bytes
       */
       Session(const uint8_t ber[], size_t ber_len);

       /**
       * Load a session from PEM representation (created by PEM_encode)
       * @param pem PEM representation
       */
       explicit Session(const std::string& pem);

       /**
       * Encode this session data for storage
       * @warning if the master secret is compromised so is the
       * session traffic
       */
       secure_vector<uint8_t> DER_encode() const;

       /**
       * Encrypt a session (useful for serialization or session tickets)
       */
       std::vector<uint8_t> encrypt(const SymmetricKey& key,
                                 RandomNumberGenerator& rng) const;


       /**
       * Decrypt a session created by encrypt
       * @param ctext the ciphertext returned by encrypt
       * @param ctext_size the size of ctext in bytes
       * @param key the same key used by the encrypting side
       */
       static Session decrypt(const uint8_t ctext[],
                              size_t ctext_size,
                              const SymmetricKey& key);

       /**
       * Decrypt a session created by encrypt
       * @param ctext the ciphertext returned by encrypt
       * @param key the same key used by the encrypting side
       */
       static inline Session decrypt(const std::vector<uint8_t>& ctext,
                                     const SymmetricKey& key)
          {
          return Session::decrypt(ctext.data(), ctext.size(), key);
          }

       /**
       * Encode this session data for storage
       * @warning if the master secret is compromised so is the
       * session traffic
       */
       std::string PEM_encode() const;

       /**
       * Get the version of the saved session
       */
       Protocol_Version version() const { return m_version; }

       /**
       * Get the ciphersuite code of the saved session
       */
       uint16_t ciphersuite_code() const { return m_ciphersuite; }

       /**
       * Get the ciphersuite info of the saved session
       */
       Ciphersuite ciphersuite() const { return Ciphersuite::by_id(m_ciphersuite); }

       /**
       * Get which side of the connection the resumed session we are/were
       * acting as.
       */
       Connection_Side side() const { return m_connection_side; }

       /**
       * Get the SRP identity (if sent by the client in the initial handshake)
       */
       const std::string& srp_identifier() const { return m_srp_identifier; }

       /**
       * Get the saved master secret
       */
       const secure_vector<uint8_t>& master_secret() const { return m_master_secret; }

       /**
       * Get the session identifier
       */
       const std::vector<uint8_t>& session_id() const { return m_identifier; }

       /**
       * Get the negotiated DTLS-SRTP algorithm (RFC 5764)
       */
       uint16_t dtls_srtp_profile() const { return m_srtp_profile; }

       bool supports_extended_master_secret() const { return m_extended_master_secret; }

       bool supports_encrypt_then_mac() const { return m_encrypt_then_mac; }

       /**
       * Return the certificate chain of the peer (possibly empty)
       */
       const std::vector<X509_Certificate>& peer_certs() const { return m_peer_certs; }

       /**
       * Get the wall clock time this session began
       */
       std::chrono::system_clock::time_point start_time() const { return m_start_time; }

       /**
       * Return how long this session has existed (in seconds)
       */
       std::chrono::seconds session_age() const;

       /**
       * Return the session ticket the server gave us
       */
       const std::vector<uint8_t>& session_ticket() const { return m_session_ticket; }

       /**
       * @return information about the TLS server
       */
       const Server_Information& server_info() const { return m_server_info; }

    private:
       enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160812 };

       std::chrono::system_clock::time_point m_start_time;

       std::vector<uint8_t> m_identifier;
       std::vector<uint8_t> m_session_ticket; // only used by client side
       secure_vector<uint8_t> m_master_secret;

       Protocol_Version m_version;
       uint16_t m_ciphersuite;
       Connection_Side m_connection_side;
       uint16_t m_srtp_profile;
       bool m_extended_master_secret;
       bool m_encrypt_then_mac;

       std::vector<X509_Certificate> m_peer_certs;
       Server_Information m_server_info; // optional
       std::string m_srp_identifier; // optional
    };

 }

 }

 #endif
Botan::TLS::Session
Definition: tls_session.h:27

Botan::TLS::Session::session_id
const std::vector< uint8_t > & session_id() const
Definition: tls_session.h:149

Botan::TLS::Session::ciphersuite_code
uint16_t ciphersuite_code() const
Definition: tls_session.h:123

Botan::TLS::Session::decrypt
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
Definition: tls_session.cpp:201

Botan::OctetString
Definition: symkey.h:19

Botan::RandomNumberGenerator
Definition: rng.h:24

Botan::TLS::Session::start_time
std::chrono::system_clock::time_point start_time() const
Definition: tls_session.h:168

final
int(* final)(unsigned char *, CTX *)
Definition: commoncrypto_hash.cpp:28

BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31

std
Definition: bigint.h:1135

Botan::TLS::Protocol_Version
Definition: tls_version.h:21

Botan::TLS::Session::server_info
const Server_Information & server_info() const
Definition: tls_session.h:183

Botan::TLS::Session::Session
Session()
Definition: tls_session.h:34

Botan::TLS::Ciphersuite
Definition: tls_ciphersuite.h:24

Botan::TLS::Connection_Side
Connection_Side
Definition: tls_magic.h:32

Botan::TLS::Session::dtls_srtp_profile
uint16_t dtls_srtp_profile() const
Definition: tls_session.h:154

Botan::TLS::Session::side
Connection_Side side() const
Definition: tls_session.h:134

Botan::CryptoBox::decrypt
std::string decrypt(const uint8_t input[], size_t input_len, const std::string &passphrase)
Definition: cryptobox.cpp:162

Botan::PKCS8::PEM_encode
std::string PEM_encode(const Private_Key &key)
Definition: pkcs8.cpp:148

Botan::TLS::Session::session_ticket
const std::vector< uint8_t > & session_ticket() const
Definition: tls_session.h:178

Botan::TLS::Session::supports_extended_master_secret
bool supports_extended_master_secret() const
Definition: tls_session.h:156

Botan::TLS::Server_Information
Definition: tls_server_info.h:21

Botan
Definition: alg_id.cpp:13

Botan::TLS::Session::ciphersuite
Ciphersuite ciphersuite() const
Definition: tls_session.h:128

Botan::TLS::Session::supports_encrypt_then_mac
bool supports_encrypt_then_mac() const
Definition: tls_session.h:158

Botan::TLS::Session::master_secret
const secure_vector< uint8_t > & master_secret() const
Definition: tls_session.h:144

Botan::TLS::Ciphersuite::by_id
static Ciphersuite by_id(uint16_t suite)
Definition: tls_ciphersuite.cpp:107

Botan::TLS::Session::decrypt
static Session decrypt(const std::vector< uint8_t > &ctext, const SymmetricKey &key)
Definition: tls_session.h:102

Botan::TLS::Session::peer_certs
const std::vector< X509_Certificate > & peer_certs() const
Definition: tls_session.h:163

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65

Botan::TLS::Session::version
Protocol_Version version() const
Definition: tls_session.h:118

Botan::CryptoBox::encrypt
std::string encrypt(const uint8_t input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
Definition: cryptobox.cpp:43

Botan::TLS::Session::srp_identifier
const std::string & srp_identifier() const
Definition: tls_session.h:139