Add remove_all to TLS session manager interface

DB::spin now returns the number of rows affected
author: Jack Lloyd <[email protected]> 2015-11-13 15:34:52 -0500
committer: Jack Lloyd <[email protected]> 2015-11-13 15:34:52 -0500
commit: 81edfc8221b9da94ac1a453e78bf57a5a739b4ce (patch)
tree: 14ae41bfae45495ccfc2b5d1efe2b01b28a2c849 /src/lib/tls/sessions_sql
parent: 309252789ec3d3b29a7cd30f7d3095fe38e02fa2 (diff)
2 files changed, 28 insertions, 32 deletions
diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
index ed207972e..9f025374e 100644
--- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
+++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp
@@ -16,27 +16,6 @@ namespace Botan {
 
 namespace TLS {
 
-namespace {
-
-SymmetricKey derive_key(const std::string& passphrase,
-                        const byte salt[],
-                        size_t salt_len,
-                        size_t iterations,
-                        size_t& check_val)
-   {
-   std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)"));
-
-   secure_vector<byte> x = pbkdf->derive_key(32 + 2,
-                                             passphrase,
-                                             salt, salt_len,
-                                             iterations).bits_of();
-
-   check_val = make_u16bit(x[0], x[1]);
-   return SymmetricKey(&x[2], x.size() - 2);
-   }
-
-}
-
 Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db,
                                          const std::string& passphrase,
                                          RandomNumberGenerator& rng,
@@ -67,6 +46,8 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db,
 
    const size_t salts = m_db->row_count("tls_sessions_metadata");
 
+   std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)"));
+
    if(salts == 1)
       {
       // existing db
@@ -78,12 +59,13 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db,
          const size_t iterations = stmt->get_size_t(1);
          const size_t check_val_db = stmt->get_size_t(2);
 
-         size_t check_val_created;
-         m_session_key = derive_key(passphrase,
-                                    salt.first,
-                                    salt.second,
-                                    iterations,
-                                    check_val_created);
+         secure_vector<byte> x = pbkdf->pbkdf_iterations(32 + 2,
+                                                         passphrase,
+                                                         salt.first, salt.second,
+                                                         iterations);
+
+         const size_t check_val_created = make_u16bit(x[0], x[1]);
+         m_session_key.assign(x.begin() + 2, x.end());
 
          if(check_val_created != check_val_db)
             throw std::runtime_error("Session database password not valid");
@@ -98,11 +80,17 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db,
       // new database case
 
       std::vector<byte> salt = unlock(rng.random_vec(16));
-      const size_t iterations = 256 * 1024;
-      size_t check_val = 0;
+      size_t iterations = 0;
 
-      m_session_key = derive_key(passphrase, salt.data(), salt.size(),
-                                 iterations, check_val);
+      secure_vector<byte> x = pbkdf->pbkdf_timed(32 + 2,
+                                                 passphrase,
+                                                 salt.data(), salt.size(),
+                                                 std::chrono::milliseconds(100),
+                                                 iterations);
+
+      printf("pbkdf iter %d\n", iterations);
+      size_t check_val = make_u16bit(x[0], x[1]);
+      m_session_key.assign(x.begin() + 2, x.end());
 
       auto stmt = m_db->new_statement("insert into tls_sessions_metadata values(?1, ?2, ?3)");
 
@@ -174,6 +162,12 @@ void Session_Manager_SQL::remove_entry(const std::vector<byte>& session_id)
    stmt->spin();
    }
 
+size_t Session_Manager_SQL::remove_all()
+   {
+   auto stmt = m_db->new_statement("delete from tls_sessions");
+   return stmt->spin();
+   }
+
 void Session_Manager_SQL::save(const Session& session)
    {
    auto stmt = m_db->new_statement("insert or replace into tls_sessions"
diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.h b/src/lib/tls/sessions_sql/tls_session_manager_sql.h
index 081c42e74..24e2be7c3 100644
--- a/src/lib/tls/sessions_sql/tls_session_manager_sql.h
+++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.h
@@ -56,6 +56,8 @@ class BOTAN_DLL Session_Manager_SQL : public Session_Manager
 
       void remove_entry(const std::vector<byte>& session_id) override;
 
+      size_t remove_all() override;
+
       void save(const Session& session_data) override;
 
       std::chrono::seconds session_lifetime() const override
@@ -65,7 +67,7 @@ class BOTAN_DLL Session_Manager_SQL : public Session_Manager
       void prune_session_cache();
 
       std::shared_ptr<SQL_Database> m_db;
-      SymmetricKey m_session_key;
+      secure_vector<byte> m_session_key;
       RandomNumberGenerator& m_rng;
       size_t m_max_sessions;
       std::chrono::seconds m_session_lifetime;
author	Jack Lloyd <[email protected]>	2015-11-13 15:34:52 -0500
committer	Jack Lloyd <[email protected]>	2015-11-13 15:34:52 -0500
commit	81edfc8221b9da94ac1a453e78bf57a5a739b4ce (patch)
tree	14ae41bfae45495ccfc2b5d1efe2b01b28a2c849 /src/lib/tls/sessions_sql
parent	309252789ec3d3b29a7cd30f7d3095fe38e02fa2 (diff)