/src/botan/build/include/botan/tls_session.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLS Session |
3 | | * (C) 2011-2012,2015 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_TLS_SESSION_STATE_H_ |
9 | | #define BOTAN_TLS_SESSION_STATE_H_ |
10 | | |
11 | | #include <botan/x509cert.h> |
12 | | #include <botan/tls_version.h> |
13 | | #include <botan/tls_ciphersuite.h> |
14 | | #include <botan/tls_magic.h> |
15 | | #include <botan/tls_server_info.h> |
16 | | #include <botan/secmem.h> |
17 | | #include <botan/symkey.h> |
18 | | #include <chrono> |
19 | | |
20 | | namespace Botan { |
21 | | |
22 | | namespace TLS { |
23 | | |
24 | | /** |
25 | | * Class representing a TLS session state |
26 | | */ |
27 | | class BOTAN_PUBLIC_API(2,0) Session final |
28 | | { |
29 | | public: |
30 | | |
31 | | /** |
32 | | * Uninitialized session |
33 | | */ |
34 | | Session() : |
35 | | m_start_time(std::chrono::system_clock::time_point::min()), |
36 | | m_version(), |
37 | | m_ciphersuite(0), |
38 | | m_connection_side(static_cast<Connection_Side>(0)), |
39 | | m_srtp_profile(0), |
40 | | m_extended_master_secret(false), |
41 | | m_encrypt_then_mac(false) |
42 | 28.2k | {} |
43 | | |
44 | | /** |
45 | | * New session (sets session start time) |
46 | | */ |
47 | | Session(const std::vector<uint8_t>& session_id, |
48 | | const secure_vector<uint8_t>& master_secret, |
49 | | Protocol_Version version, |
50 | | uint16_t ciphersuite, |
51 | | Connection_Side side, |
52 | | bool supports_extended_master_secret, |
53 | | bool supports_encrypt_then_mac, |
54 | | const std::vector<X509_Certificate>& peer_certs, |
55 | | const std::vector<uint8_t>& session_ticket, |
56 | | const Server_Information& server_info, |
57 | | uint16_t srtp_profile); |
58 | | |
59 | | /** |
60 | | * Load a session from DER representation (created by DER_encode) |
61 | | * @param ber DER representation buffer |
62 | | * @param ber_len size of buffer in bytes |
63 | | */ |
64 | | Session(const uint8_t ber[], size_t ber_len); |
65 | | |
66 | | /** |
67 | | * Load a session from PEM representation (created by PEM_encode) |
68 | | * @param pem PEM representation |
69 | | */ |
70 | | explicit Session(const std::string& pem); |
71 | | |
72 | | /** |
73 | | * Encode this session data for storage |
74 | | * @warning if the master secret is compromised so is the |
75 | | * session traffic |
76 | | */ |
77 | | secure_vector<uint8_t> DER_encode() const; |
78 | | |
79 | | /** |
80 | | * Encrypt a session (useful for serialization or session tickets) |
81 | | */ |
82 | | std::vector<uint8_t> encrypt(const SymmetricKey& key, |
83 | | RandomNumberGenerator& rng) const; |
84 | | |
85 | | |
86 | | /** |
87 | | * Decrypt a session created by encrypt |
88 | | * @param ctext the ciphertext returned by encrypt |
89 | | * @param ctext_size the size of ctext in bytes |
90 | | * @param key the same key used by the encrypting side |
91 | | */ |
92 | | static Session decrypt(const uint8_t ctext[], |
93 | | size_t ctext_size, |
94 | | const SymmetricKey& key); |
95 | | |
96 | | /** |
97 | | * Decrypt a session created by encrypt |
98 | | * @param ctext the ciphertext returned by encrypt |
99 | | * @param key the same key used by the encrypting side |
100 | | */ |
101 | | static inline Session decrypt(const std::vector<uint8_t>& ctext, |
102 | | const SymmetricKey& key) |
103 | 1.90k | { |
104 | 1.90k | return Session::decrypt(ctext.data(), ctext.size(), key); |
105 | 1.90k | } |
106 | | |
107 | | /** |
108 | | * Encode this session data for storage |
109 | | * @warning if the master secret is compromised so is the |
110 | | * session traffic |
111 | | */ |
112 | | std::string PEM_encode() const; |
113 | | |
114 | | /** |
115 | | * Get the version of the saved session |
116 | | */ |
117 | 0 | Protocol_Version version() const { return m_version; } |
118 | | |
119 | | /** |
120 | | * Get the ciphersuite code of the saved session |
121 | | */ |
122 | 0 | uint16_t ciphersuite_code() const { return m_ciphersuite; } |
123 | | |
124 | | /** |
125 | | * Get the ciphersuite info of the saved session |
126 | | */ |
127 | 0 | Ciphersuite ciphersuite() const { return Ciphersuite::by_id(m_ciphersuite); } |
128 | | |
129 | | /** |
130 | | * Get which side of the connection the resumed session we are/were |
131 | | * acting as. |
132 | | */ |
133 | 0 | Connection_Side side() const { return m_connection_side; } |
134 | | |
135 | | /** |
136 | | * Get the saved master secret |
137 | | */ |
138 | 0 | const secure_vector<uint8_t>& master_secret() const { return m_master_secret; } |
139 | | |
140 | | /** |
141 | | * Get the session identifier |
142 | | */ |
143 | 0 | const std::vector<uint8_t>& session_id() const { return m_identifier; } |
144 | | |
145 | | /** |
146 | | * Get the negotiated DTLS-SRTP algorithm (RFC 5764) |
147 | | */ |
148 | 0 | uint16_t dtls_srtp_profile() const { return m_srtp_profile; } |
149 | | |
150 | 0 | bool supports_extended_master_secret() const { return m_extended_master_secret; } |
151 | | |
152 | 0 | bool supports_encrypt_then_mac() const { return m_encrypt_then_mac; } |
153 | | |
154 | | /** |
155 | | * Return the certificate chain of the peer (possibly empty) |
156 | | */ |
157 | 0 | const std::vector<X509_Certificate>& peer_certs() const { return m_peer_certs; } |
158 | | |
159 | | /** |
160 | | * Get the wall clock time this session began |
161 | | */ |
162 | 0 | std::chrono::system_clock::time_point start_time() const { return m_start_time; } |
163 | | |
164 | | /** |
165 | | * Return how long this session has existed (in seconds) |
166 | | */ |
167 | | std::chrono::seconds session_age() const; |
168 | | |
169 | | /** |
170 | | * Return the session ticket the server gave us |
171 | | */ |
172 | 0 | const std::vector<uint8_t>& session_ticket() const { return m_session_ticket; } |
173 | | |
174 | | /** |
175 | | * @return information about the TLS server |
176 | | */ |
177 | 0 | const Server_Information& server_info() const { return m_server_info; } |
178 | | |
179 | | private: |
180 | | enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160812 }; |
181 | | |
182 | | std::chrono::system_clock::time_point m_start_time; |
183 | | |
184 | | std::vector<uint8_t> m_identifier; |
185 | | std::vector<uint8_t> m_session_ticket; // only used by client side |
186 | | secure_vector<uint8_t> m_master_secret; |
187 | | |
188 | | Protocol_Version m_version; |
189 | | uint16_t m_ciphersuite; |
190 | | Connection_Side m_connection_side; |
191 | | uint16_t m_srtp_profile; |
192 | | bool m_extended_master_secret; |
193 | | bool m_encrypt_then_mac; |
194 | | |
195 | | std::vector<X509_Certificate> m_peer_certs; |
196 | | Server_Information m_server_info; // optional |
197 | | }; |
198 | | |
199 | | } |
200 | | |
201 | | } |
202 | | |
203 | | #endif |