aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_session.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-03-16 17:32:40 +0000
committerlloyd <[email protected]>2012-03-16 17:32:40 +0000
commit1fce3fe2274cf3368e1f29827ed0f41cebba3726 (patch)
tree7a83f1d6d8fcf08dc8120aafba718dd11c1e52b7 /src/tls/tls_session.cpp
parent4c6327c95bd01de54487b3159b77a5152ed39564 (diff)
parent7371f7c59ae722769fbc0dc810583a0cd0e38877 (diff)
propagate from branch 'net.randombit.botan.tls-state-machine' (head c24b5d6b012131b177d38bddb8b06d73f81f70c4)
to branch 'net.randombit.botan.tls-session-ticket' (head 9977d4c118e1ac26425cef676ebf26cd5b2a470e)
Diffstat (limited to 'src/tls/tls_session.cpp')
-rw-r--r--src/tls/tls_session.cpp102
1 files changed, 69 insertions, 33 deletions
diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp
index c40e9d79e..f8e686a4a 100644
--- a/src/tls/tls_session.cpp
+++ b/src/tls/tls_session.cpp
@@ -9,23 +9,26 @@
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/asn1_str.h>
+#include <botan/pem.h>
#include <botan/time.h>
#include <botan/lookup.h>
#include <memory>
namespace Botan {
-TLS_Session::TLS_Session(const MemoryRegion<byte>& session_identifier,
- const MemoryRegion<byte>& master_secret,
- Version_Code version,
- u16bit ciphersuite,
- byte compression_method,
- Connection_Side side,
- bool secure_renegotiation_supported,
- size_t fragment_size,
- const std::vector<X509_Certificate>& certs,
- const std::string& sni_hostname,
- const std::string& srp_identifier) :
+namespace TLS {
+
+Session::Session(const MemoryRegion<byte>& session_identifier,
+ const MemoryRegion<byte>& master_secret,
+ Protocol_Version version,
+ u16bit ciphersuite,
+ byte compression_method,
+ Connection_Side side,
+ bool secure_renegotiation_supported,
+ size_t fragment_size,
+ const std::vector<X509_Certificate>& certs,
+ const std::string& sni_hostname,
+ const std::string& srp_identifier) :
m_start_time(system_time()),
m_identifier(session_identifier),
m_master_secret(master_secret),
@@ -35,15 +38,13 @@ TLS_Session::TLS_Session(const MemoryRegion<byte>& session_identifier,
m_connection_side(side),
m_secure_renegotiation_supported(secure_renegotiation_supported),
m_fragment_size(fragment_size),
+ m_peer_certs(certs),
m_sni_hostname(sni_hostname),
m_srp_identifier(srp_identifier)
{
- // FIXME: encode all of them?
- if(certs.size())
- m_peer_certificate = certs[0].BER_encode();
}
-TLS_Session::TLS_Session(const byte ber[], size_t ber_len)
+Session::Session(const byte ber[], size_t ber_len)
{
BER_Decoder decoder(ber, ber_len);
@@ -51,48 +52,84 @@ TLS_Session::TLS_Session(const byte ber[], size_t ber_len)
ASN1_String sni_hostname_str;
ASN1_String srp_identifier_str;
+ byte major_version = 0, minor_version = 0;
+
+ MemoryVector<byte> peer_cert_bits;
+
BER_Decoder(ber, ber_len)
- .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
- "Unknown version in session structure")
- .decode(m_identifier, OCTET_STRING)
- .decode_integer_type(m_start_time)
- .decode_integer_type(m_version)
- .decode_integer_type(m_ciphersuite)
- .decode_integer_type(m_compression_method)
- .decode_integer_type(side_code)
- .decode_integer_type(m_fragment_size)
- .decode(m_secure_renegotiation_supported)
- .decode(m_master_secret, OCTET_STRING)
- .decode(m_peer_certificate, OCTET_STRING)
- .decode(sni_hostname_str)
- .decode(srp_identifier_str);
+ .start_cons(SEQUENCE)
+ .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
+ "Unknown version in session structure")
+ .decode(m_identifier, OCTET_STRING)
+ .decode_integer_type(m_start_time)
+ .decode_integer_type(major_version)
+ .decode_integer_type(minor_version)
+ .decode_integer_type(m_ciphersuite)
+ .decode_integer_type(m_compression_method)
+ .decode_integer_type(side_code)
+ .decode_integer_type(m_fragment_size)
+ .decode(m_secure_renegotiation_supported)
+ .decode(m_master_secret, OCTET_STRING)
+ .decode(peer_cert_bits, OCTET_STRING)
+ .decode(sni_hostname_str)
+ .decode(srp_identifier_str)
+ .end_cons()
+ .verify_end();
+ m_version = Protocol_Version(major_version, minor_version);
m_sni_hostname = sni_hostname_str.value();
m_srp_identifier = srp_identifier_str.value();
m_connection_side = static_cast<Connection_Side>(side_code);
+
+ if(!peer_cert_bits.empty())
+ {
+ DataSource_Memory certs(peer_cert_bits);
+
+ while(!certs.end_of_data())
+ m_peer_certs.push_back(X509_Certificate(certs));
+ }
}
-SecureVector<byte> TLS_Session::BER_encode() const
+Session::Session(const std::string& pem)
{
+ SecureVector<byte> der = PEM_Code::decode_check_label(pem, "SSL SESSION");
+
+ *this = Session(&der[0], der.size());
+ }
+
+SecureVector<byte> Session::DER_encode() const
+ {
+ MemoryVector<byte> peer_cert_bits;
+ for(size_t i = 0; i != m_peer_certs.size(); ++i)
+ peer_cert_bits += m_peer_certs[i].BER_encode();
+
return DER_Encoder()
.start_cons(SEQUENCE)
.encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
.encode(m_identifier, OCTET_STRING)
.encode(static_cast<size_t>(m_start_time))
- .encode(static_cast<size_t>(m_version))
+ .encode(static_cast<size_t>(m_version.major_version()))
+ .encode(static_cast<size_t>(m_version.minor_version()))
.encode(static_cast<size_t>(m_ciphersuite))
.encode(static_cast<size_t>(m_compression_method))
.encode(static_cast<size_t>(m_connection_side))
.encode(static_cast<size_t>(m_fragment_size))
.encode(m_secure_renegotiation_supported)
.encode(m_master_secret, OCTET_STRING)
- .encode(m_peer_certificate, OCTET_STRING)
+ .encode(peer_cert_bits, OCTET_STRING)
.encode(ASN1_String(m_sni_hostname, UTF8_STRING))
.encode(ASN1_String(m_srp_identifier, UTF8_STRING))
.end_cons()
.get_contents();
}
+std::string Session::PEM_encode() const
+ {
+ return PEM_Code::encode(this->DER_encode(), "SSL SESSION");
+ }
+
+}
+
MemoryVector<byte>
TLS_Session::encrypt(const SymmetricKey& master_key,
const MemoryRegion<byte>& key_name,
@@ -180,5 +217,4 @@ TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf,
}
}
-
}