/src/botan/build/include/botan/tls_session.h

Source (jump to first uncovered line)
/*
* TLS Session
* (C) 2011-2012,2015 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_TLS_SESSION_STATE_H_
#define BOTAN_TLS_SESSION_STATE_H_

#include <botan/x509cert.h>
#include <botan/tls_version.h>
#include <botan/tls_ciphersuite.h>
#include <botan/tls_magic.h>
#include <botan/tls_server_info.h>
#include <botan/secmem.h>
#include <botan/symkey.h>
#include <chrono>

namespace Botan {

namespace TLS {

/**
* Class representing a TLS session state
*/
class BOTAN_PUBLIC_API(2,0) Session final
   {
   public:

      /**
      * Uninitialized session
      */
      Session() :
         m_start_time(std::chrono::system_clock::time_point::min()),
         m_version(),
         m_ciphersuite(0),
         m_connection_side(static_cast<Connection_Side>(0)),
         m_srtp_profile(0),
         m_extended_master_secret(false),
         m_encrypt_then_mac(false)
            {}

      /**
      * New session (sets session start time)
      */
      Session(const std::vector<uint8_t>& session_id,
              const secure_vector<uint8_t>& master_secret,
              Protocol_Version version,
              uint16_t ciphersuite,
              Connection_Side side,
              bool supports_extended_master_secret,
              bool supports_encrypt_then_mac,
              const std::vector<X509_Certificate>& peer_certs,
              const std::vector<uint8_t>& session_ticket,
              const Server_Information& server_info,
              uint16_t srtp_profile);

      /**
      * Load a session from DER representation (created by DER_encode)
      * @param ber DER representation buffer
      * @param ber_len size of buffer in bytes
      */
      Session(const uint8_t ber[], size_t ber_len);

      /**
      * Load a session from PEM representation (created by PEM_encode)
      * @param pem PEM representation
      */
      explicit Session(const std::string& pem);

      /**
      * Encode this session data for storage
      * @warning if the master secret is compromised so is the
      * session traffic
      */
      secure_vector<uint8_t> DER_encode() const;

      /**
      * Encrypt a session (useful for serialization or session tickets)
      */
      std::vector<uint8_t> encrypt(const SymmetricKey& key,
                                RandomNumberGenerator& rng) const;


      /**
      * Decrypt a session created by encrypt
      * @param ctext the ciphertext returned by encrypt
      * @param ctext_size the size of ctext in bytes
      * @param key the same key used by the encrypting side
      */
      static Session decrypt(const uint8_t ctext[],
                             size_t ctext_size,
                             const SymmetricKey& key);

      /**
      * Decrypt a session created by encrypt
      * @param ctext the ciphertext returned by encrypt
      * @param key the same key used by the encrypting side
      */
      static inline Session decrypt(const std::vector<uint8_t>& ctext,
                                    const SymmetricKey& key)
         {
         return Session::decrypt(ctext.data(), ctext.size(), key);
         }

      /**
      * Encode this session data for storage
      * @warning if the master secret is compromised so is the
      * session traffic
      */
      std::string PEM_encode() const;

      /**
      * Get the version of the saved session
      */
      Protocol_Version version() const { return m_version; }

      /**
      * Get the ciphersuite code of the saved session
      */
      uint16_t ciphersuite_code() const { return m_ciphersuite; }

      /**
      * Get the ciphersuite info of the saved session
      */
      Ciphersuite ciphersuite() const { return Ciphersuite::by_id(m_ciphersuite); }

      /**
      * Get which side of the connection the resumed session we are/were
      * acting as.
      */
      Connection_Side side() const { return m_connection_side; }

      /**
      * Get the saved master secret
      */
      const secure_vector<uint8_t>& master_secret() const { return m_master_secret; }

      /**
      * Get the session identifier
      */
      const std::vector<uint8_t>& session_id() const { return m_identifier; }

      /**
      * Get the negotiated DTLS-SRTP algorithm (RFC 5764)
      */
      uint16_t dtls_srtp_profile() const { return m_srtp_profile; }

      bool supports_extended_master_secret() const { return m_extended_master_secret; }

      bool supports_encrypt_then_mac() const { return m_encrypt_then_mac; }

      /**
      * Return the certificate chain of the peer (possibly empty)
      */
      const std::vector<X509_Certificate>& peer_certs() const { return m_peer_certs; }

      /**
      * Get the wall clock time this session began
      */
      std::chrono::system_clock::time_point start_time() const { return m_start_time; }

      /**
      * Return how long this session has existed (in seconds)
      */
      std::chrono::seconds session_age() const;

      /**
      * Return the session ticket the server gave us
      */
      const std::vector<uint8_t>& session_ticket() const { return m_session_ticket; }

      /**
      * @return information about the TLS server
      */
      const Server_Information& server_info() const { return m_server_info; }

   private:
      enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160812 };

      std::chrono::system_clock::time_point m_start_time;

      std::vector<uint8_t> m_identifier;
      std::vector<uint8_t> m_session_ticket; // only used by client side
      secure_vector<uint8_t> m_master_secret;

      Protocol_Version m_version;
      uint16_t m_ciphersuite;
      Connection_Side m_connection_side;
      uint16_t m_srtp_profile;
      bool m_extended_master_secret;
      bool m_encrypt_then_mac;

      std::vector<X509_Certificate> m_peer_certs;
      Server_Information m_server_info; // optional
   };

}

}

#endif

Coverage Report

Created: 2021-02-21 07:20

Line	Count	Source (jump to first uncovered line)
1		/*
2		* TLS Session
3		* (C) 2011-2012,2015 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#ifndef BOTAN_TLS_SESSION_STATE_H_
9		#define BOTAN_TLS_SESSION_STATE_H_
10
11		#include <botan/x509cert.h>
12		#include <botan/tls_version.h>
13		#include <botan/tls_ciphersuite.h>
14		#include <botan/tls_magic.h>
15		#include <botan/tls_server_info.h>
16		#include <botan/secmem.h>
17		#include <botan/symkey.h>
18		#include <chrono>
19
20		namespace Botan {
21
22		namespace TLS {
23
24		/**
25		* Class representing a TLS session state
26		*/
27		class BOTAN_PUBLIC_API(2,0) Session final
28		{
29		public:
30
31		/**
32		* Uninitialized session
33		*/
34		Session() :
35		m_start_time(std::chrono::system_clock::time_point::min()),
36		m_version(),
37		m_ciphersuite(0),
38		m_connection_side(static_cast<Connection_Side>(0)),
39		m_srtp_profile(0),
40		m_extended_master_secret(false),
41		m_encrypt_then_mac(false)
42	28.2k	{}
43
44		/**
45		* New session (sets session start time)
46		*/
47		Session(const std::vector<uint8_t>& session_id,
48		const secure_vector<uint8_t>& master_secret,
49		Protocol_Version version,
50		uint16_t ciphersuite,
51		Connection_Side side,
52		bool supports_extended_master_secret,
53		bool supports_encrypt_then_mac,
54		const std::vector<X509_Certificate>& peer_certs,
55		const std::vector<uint8_t>& session_ticket,
56		const Server_Information& server_info,
57		uint16_t srtp_profile);
58
59		/**
60		* Load a session from DER representation (created by DER_encode)
61		* @param ber DER representation buffer
62		* @param ber_len size of buffer in bytes
63		*/
64		Session(const uint8_t ber[], size_t ber_len);
65
66		/**
67		* Load a session from PEM representation (created by PEM_encode)
68		* @param pem PEM representation
69		*/
70		explicit Session(const std::string& pem);
71
72		/**
73		* Encode this session data for storage
74		* @warning if the master secret is compromised so is the
75		* session traffic
76		*/
77		secure_vector<uint8_t> DER_encode() const;
78
79		/**
80		* Encrypt a session (useful for serialization or session tickets)
81		*/
82		std::vector<uint8_t> encrypt(const SymmetricKey& key,
83		RandomNumberGenerator& rng) const;
84
85
86		/**
87		* Decrypt a session created by encrypt
88		* @param ctext the ciphertext returned by encrypt
89		* @param ctext_size the size of ctext in bytes
90		* @param key the same key used by the encrypting side
91		*/
92		static Session decrypt(const uint8_t ctext[],
93		size_t ctext_size,
94		const SymmetricKey& key);
95
96		/**
97		* Decrypt a session created by encrypt
98		* @param ctext the ciphertext returned by encrypt
99		* @param key the same key used by the encrypting side
100		*/
101		static inline Session decrypt(const std::vector<uint8_t>& ctext,
102		const SymmetricKey& key)
103	1.90k	{
104	1.90k	return Session::decrypt(ctext.data(), ctext.size(), key);
105	1.90k	}
106
107		/**
108		* Encode this session data for storage
109		* @warning if the master secret is compromised so is the
110		* session traffic
111		*/
112		std::string PEM_encode() const;
113
114		/**
115		* Get the version of the saved session
116		*/
117	0	Protocol_Version version() const { return m_version; }
118
119		/**
120		* Get the ciphersuite code of the saved session
121		*/
122	0	uint16_t ciphersuite_code() const { return m_ciphersuite; }
123
124		/**
125		* Get the ciphersuite info of the saved session
126		*/
127	0	Ciphersuite ciphersuite() const { return Ciphersuite::by_id(m_ciphersuite); }
128
129		/**
130		* Get which side of the connection the resumed session we are/were
131		* acting as.
132		*/
133	0	Connection_Side side() const { return m_connection_side; }
134
135		/**
136		* Get the saved master secret
137		*/
138	0	const secure_vector<uint8_t>& master_secret() const { return m_master_secret; }
139
140		/**
141		* Get the session identifier
142		*/
143	0	const std::vector<uint8_t>& session_id() const { return m_identifier; }
144
145		/**
146		* Get the negotiated DTLS-SRTP algorithm (RFC 5764)
147		*/
148	0	uint16_t dtls_srtp_profile() const { return m_srtp_profile; }
149
150	0	bool supports_extended_master_secret() const { return m_extended_master_secret; }
151
152	0	bool supports_encrypt_then_mac() const { return m_encrypt_then_mac; }
153
154		/**
155		* Return the certificate chain of the peer (possibly empty)
156		*/
157	0	const std::vector<X509_Certificate>& peer_certs() const { return m_peer_certs; }
158
159		/**
160		* Get the wall clock time this session began
161		*/
162	0	std::chrono::system_clock::time_point start_time() const { return m_start_time; }
163
164		/**
165		* Return how long this session has existed (in seconds)
166		*/
167		std::chrono::seconds session_age() const;
168
169		/**
170		* Return the session ticket the server gave us
171		*/
172	0	const std::vector<uint8_t>& session_ticket() const { return m_session_ticket; }
173
174		/**
175		* @return information about the TLS server
176		*/
177	0	const Server_Information& server_info() const { return m_server_info; }
178
179		private:
180		enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160812 };
181
182		std::chrono::system_clock::time_point m_start_time;
183
184		std::vector<uint8_t> m_identifier;
185		std::vector<uint8_t> m_session_ticket; // only used by client side
186		secure_vector<uint8_t> m_master_secret;
187
188		Protocol_Version m_version;
189		uint16_t m_ciphersuite;
190		Connection_Side m_connection_side;
191		uint16_t m_srtp_profile;
192		bool m_extended_master_secret;
193		bool m_encrypt_then_mac;
194
195		std::vector<X509_Certificate> m_peer_certs;
196		Server_Information m_server_info; // optional
197		};
198
199		}
200
201		}
202
203		#endif