doxygen/tls__session_8h_source.html

/*

* TLS Session

* (C) 2011-2012,2015 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_TLS_SESSION_STATE_H_

#define BOTAN_TLS_SESSION_STATE_H_


#include <botan/x509cert.h>

#include <botan/tls_version.h>

#include <botan/tls_ciphersuite.h>

#include <botan/tls_magic.h>

#include <botan/tls_server_info.h>

#include <botan/secmem.h>

#include <botan/symkey.h>

#include <chrono>


namespace Botan {


namespace TLS {


/**

* Class representing a TLS session state

*/

class BOTAN_PUBLIC_API(2,0) Session final

   {

   public:


      /**

      * Uninitialized session

      */

      Session() :

         m_start_time(std::chrono::system_clock::time_point::min()),

         m_version(),

         m_ciphersuite(0),

         m_connection_side(static_cast<Connection_Side>(0)),

         m_srtp_profile(0),

         m_extended_master_secret(false),

         m_encrypt_then_mac(false)

            {}


      /**

      * New session (sets session start time)

      */

      Session(const std::vector<uint8_t>& session_id,

              const secure_vector<uint8_t>& master_secret,

              Protocol_Version version,

              uint16_t ciphersuite,

              Connection_Side side,

              bool supports_extended_master_secret,

              bool supports_encrypt_then_mac,

              const std::vector<X509_Certificate>& peer_certs,

              const std::vector<uint8_t>& session_ticket,

              const Server_Information& server_info,

              const std::string& srp_identifier,

              uint16_t srtp_profile);


      /**

      * Load a session from DER representation (created by DER_encode)

      * @param ber DER representation buffer

      * @param ber_len size of buffer in bytes

      */

      Session(const uint8_t ber[], size_t ber_len);


      /**

      * Load a session from PEM representation (created by PEM_encode)

      * @param pem PEM representation

      */

      explicit Session(const std::string& pem);


      /**

      * Encode this session data for storage

      * @warning if the master secret is compromised so is the

      * session traffic

      */

      secure_vector<uint8_t> DER_encode() const;


      /**

      * Encrypt a session (useful for serialization or session tickets)

      */

      std::vector<uint8_t> encrypt(const SymmetricKey& key,

                                RandomNumberGenerator& rng) const;


      /**

      * Decrypt a session created by encrypt

      * @param ctext the ciphertext returned by encrypt

      * @param ctext_size the size of ctext in bytes

      * @param key the same key used by the encrypting side

      */

      static Session decrypt(const uint8_t ctext[],

                             size_t ctext_size,

                             const SymmetricKey& key);


      /**

      * Decrypt a session created by encrypt

      * @param ctext the ciphertext returned by encrypt

      * @param key the same key used by the encrypting side

      */

      static inline Session decrypt(const std::vector<uint8_t>& ctext,

                                    const SymmetricKey& key)

         {

         return Session::decrypt(ctext.data(), ctext.size(), key);

         }


      /**

      * Encode this session data for storage

      * @warning if the master secret is compromised so is the

      * session traffic

      */

      std::string PEM_encode() const;


      /**

      * Get the version of the saved session

      */

      Protocol_Version version() const { return m_version; }


      /**

      * Get the ciphersuite code of the saved session

      */

      uint16_t ciphersuite_code() const { return m_ciphersuite; }


      /**

      * Get the ciphersuite info of the saved session

      */

      Ciphersuite ciphersuite() const { return Ciphersuite::by_id(m_ciphersuite); }


      /**

      * Get which side of the connection the resumed session we are/were

      * acting as.

      */

      Connection_Side side() const { return m_connection_side; }


      /**

      * Get the SRP identity (if sent by the client in the initial handshake)

      */

      const std::string& srp_identifier() const { return m_srp_identifier; }


      /**

      * Get the saved master secret

      */

      const secure_vector<uint8_t>& master_secret() const { return m_master_secret; }


      /**

      * Get the session identifier

      */

      const std::vector<uint8_t>& session_id() const { return m_identifier; }


      /**

      * Get the negotiated DTLS-SRTP algorithm (RFC 5764)

      */

      uint16_t dtls_srtp_profile() const { return m_srtp_profile; }


      bool supports_extended_master_secret() const { return m_extended_master_secret; }


      bool supports_encrypt_then_mac() const { return m_encrypt_then_mac; }


      /**

      * Return the certificate chain of the peer (possibly empty)

      */

      const std::vector<X509_Certificate>& peer_certs() const { return m_peer_certs; }


      /**

      * Get the wall clock time this session began

      */

      std::chrono::system_clock::time_point start_time() const { return m_start_time; }


      /**

      * Return how long this session has existed (in seconds)

      */

      std::chrono::seconds session_age() const;


      /**

      * Return the session ticket the server gave us

      */

      const std::vector<uint8_t>& session_ticket() const { return m_session_ticket; }


      /**

      * @return information about the TLS server

      */

      const Server_Information& server_info() const { return m_server_info; }


   private:

      enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160812 };


      std::chrono::system_clock::time_point m_start_time;


      std::vector<uint8_t> m_identifier;

      std::vector<uint8_t> m_session_ticket; // only used by client side

      secure_vector<uint8_t> m_master_secret;


      Protocol_Version m_version;

      uint16_t m_ciphersuite;

      Connection_Side m_connection_side;

      uint16_t m_srtp_profile;

      bool m_extended_master_secret;

      bool m_encrypt_then_mac;


      std::vector<X509_Certificate> m_peer_certs;

      Server_Information m_server_info; // optional

      std::string m_srp_identifier; // optional

   };


}


}


#endif

Botan::OctetString
Definition: symkey.h:20

Botan::RandomNumberGenerator
Definition: rng.h:26

Botan::TLS::Ciphersuite
Definition: tls_ciphersuite.h:25

Botan::TLS::Ciphersuite::by_id
static Ciphersuite by_id(uint16_t suite)
Definition: tls_ciphersuite.cpp:107

Botan::TLS::Protocol_Version
Definition: tls_version.h:22

Botan::TLS::Server_Information
Definition: tls_server_info.h:22

Botan::TLS::Session
Definition: tls_session.h:28

Botan::TLS::Session::server_info
const Server_Information & server_info() const
Definition: tls_session.h:183

Botan::TLS::Session::supports_extended_master_secret
bool supports_extended_master_secret() const
Definition: tls_session.h:156

Botan::TLS::Session::supports_encrypt_then_mac
bool supports_encrypt_then_mac() const
Definition: tls_session.h:158

Botan::TLS::Session::dtls_srtp_profile
uint16_t dtls_srtp_profile() const
Definition: tls_session.h:154

Botan::TLS::Session::version
Protocol_Version version() const
Definition: tls_session.h:118

Botan::TLS::Session::peer_certs
const std::vector< X509_Certificate > & peer_certs() const
Definition: tls_session.h:163

Botan::TLS::Session::session_ticket
const std::vector< uint8_t > & session_ticket() const
Definition: tls_session.h:178

Botan::TLS::Session::start_time
std::chrono::system_clock::time_point start_time() const
Definition: tls_session.h:168

Botan::TLS::Session::side
Connection_Side side() const
Definition: tls_session.h:134

Botan::TLS::Session::master_secret
const secure_vector< uint8_t > & master_secret() const
Definition: tls_session.h:144

Botan::TLS::Session::decrypt
static Session decrypt(const std::vector< uint8_t > &ctext, const SymmetricKey &key)
Definition: tls_session.h:102

Botan::TLS::Session::ciphersuite_code
uint16_t ciphersuite_code() const
Definition: tls_session.h:123

Botan::TLS::Session::srp_identifier
const std::string & srp_identifier() const
Definition: tls_session.h:139

Botan::TLS::Session::session_id
const std::vector< uint8_t > & session_id() const
Definition: tls_session.h:149

Botan::TLS::Session::ciphersuite
Ciphersuite ciphersuite() const
Definition: tls_session.h:128

Botan::TLS::Session::Session
Session()
Definition: tls_session.h:34

Botan::TLS::Session::decrypt
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
Definition: tls_session.cpp:250

final
int(* final)(unsigned char *, CTX *)
Definition: commoncrypto_hash.cpp:29

BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31

Botan::CryptoBox::decrypt
std::string decrypt(const uint8_t input[], size_t input_len, const std::string &passphrase)
Definition: cryptobox.cpp:162

Botan::CryptoBox::encrypt
std::string encrypt(const uint8_t input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
Definition: cryptobox.cpp:43

Botan::PKCS8::PEM_encode
std::string PEM_encode(const Private_Key &key)
Definition: pkcs8.cpp:148

Botan::TLS::Connection_Side
Connection_Side
Definition: tls_magic.h:32

Botan
Definition: alg_id.cpp:13

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65

std
Definition: bigint.h:1143