aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2011-12-30 20:35:27 +0000
committerlloyd <[email protected]>2011-12-30 20:35:27 +0000
commit2920f1be500d53414b863ec61ca9c2008336479f (patch)
treefb2dd5c855016521c69d2b1885a7f081e7d3ea8f /src/tls
parentdeb92d7f6d43206c04f332625d6b1e1a2abc444d (diff)
Rename the session type to 'TLS_Session'. Split the manager out into
its own file. Rename tls_state to tls_handshake_state.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/info.txt10
-rw-r--r--src/tls/tls_channel.cpp4
-rw-r--r--src/tls/tls_channel.h6
-rw-r--r--src/tls/tls_client.cpp4
-rw-r--r--src/tls/tls_client.h4
-rw-r--r--src/tls/tls_handshake_state.cpp (renamed from src/tls/tls_state.cpp)2
-rw-r--r--src/tls/tls_handshake_state.h (renamed from src/tls/tls_state.h)2
-rw-r--r--src/tls/tls_server.cpp10
-rw-r--r--src/tls/tls_server.h4
-rw-r--r--src/tls/tls_session.cpp (renamed from src/tls/tls_session_state.cpp)76
-rw-r--r--src/tls/tls_session.h (renamed from src/tls/tls_session_state.h)88
-rw-r--r--src/tls/tls_session_manager.cpp66
-rw-r--r--src/tls/tls_session_manager.h103
13 files changed, 215 insertions, 164 deletions
diff --git a/src/tls/info.txt b/src/tls/info.txt
index 857a5bc2a..b8bc12d4d 100644
--- a/src/tls/info.txt
+++ b/src/tls/info.txt
@@ -15,7 +15,8 @@ tls_magic.h
tls_policy.h
tls_record.h
tls_server.h
-tls_session_state.h
+tls_session.h
+tls_session_manager.h
tls_suites.h
</header:public>
@@ -26,7 +27,7 @@ tls_extensions.h
tls_messages.h
tls_reader.h
tls_session_key.h
-tls_state.h
+tls_handshake_state.h
</header:internal>
<source>
@@ -45,8 +46,9 @@ tls_client.cpp
tls_policy.cpp
tls_server.cpp
tls_session_key.cpp
-tls_session_state.cpp
-tls_state.cpp
+tls_session.cpp
+tls_session_manager.cpp
+tls_handshake_state.cpp
tls_suites.cpp
</source>
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index 0e119c2a3..1836c1a77 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -7,14 +7,14 @@
#include <botan/tls_channel.h>
#include <botan/internal/tls_alerts.h>
-#include <botan/internal/tls_state.h>
+#include <botan/internal/tls_handshake_state.h>
#include <botan/loadstor.h>
namespace Botan {
TLS_Channel::TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<void (const TLS_Session_Params&)> handshake_complete) :
+ std::tr1::function<void (const TLS_Session&)> handshake_complete) :
proc_fn(proc_fn),
handshake_fn(handshake_complete),
writer(socket_output_fn),
diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h
index 4b5a91a65..8eca71305 100644
--- a/src/tls/tls_channel.h
+++ b/src/tls/tls_channel.h
@@ -10,7 +10,7 @@
#include <botan/tls_policy.h>
#include <botan/tls_record.h>
-#include <botan/tls_session_state.h>
+#include <botan/tls_session.h>
#include <botan/x509cert.h>
#include <vector>
@@ -73,7 +73,7 @@ class BOTAN_DLL TLS_Channel
TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<void (const TLS_Session_Params&)> handshake_complete);
+ std::tr1::function<void (const TLS_Session&)> handshake_complete);
virtual ~TLS_Channel();
protected:
@@ -84,7 +84,7 @@ class BOTAN_DLL TLS_Channel
const MemoryRegion<byte>& contents) = 0;
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn;
- std::tr1::function<void (const TLS_Session_Params&)> handshake_fn;
+ std::tr1::function<void (const TLS_Session&)> handshake_fn;
Record_Writer writer;
Record_Reader reader;
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 5dbf9dc9c..1790151f9 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -7,7 +7,7 @@
#include <botan/tls_client.h>
#include <botan/internal/tls_session_key.h>
-#include <botan/internal/tls_state.h>
+#include <botan/internal/tls_handshake_state.h>
#include <botan/rsa.h>
#include <botan/dsa.h>
#include <botan/dh.h>
@@ -19,7 +19,7 @@ namespace Botan {
*/
TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<void (const TLS_Session_Params&)> handshake_fn,
+ std::tr1::function<void (const TLS_Session&)> handshake_fn,
TLS_Session_Manager& session_manager,
const TLS_Policy& policy,
RandomNumberGenerator& rng,
diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h
index e2623015a..75a85f74d 100644
--- a/src/tls/tls_client.h
+++ b/src/tls/tls_client.h
@@ -9,7 +9,7 @@
#define BOTAN_TLS_CLIENT_H__
#include <botan/tls_channel.h>
-#include <botan/tls_session_state.h>
+#include <botan/tls_session_manager.h>
#include <vector>
namespace Botan {
@@ -33,7 +33,7 @@ class BOTAN_DLL TLS_Client : public TLS_Channel
*/
TLS_Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<void (const TLS_Session_Params&)> handshake_complete,
+ std::tr1::function<void (const TLS_Session&)> handshake_complete,
TLS_Session_Manager& session_manager,
const TLS_Policy& policy,
RandomNumberGenerator& rng,
diff --git a/src/tls/tls_state.cpp b/src/tls/tls_handshake_state.cpp
index 227a3e237..39292fc1b 100644
--- a/src/tls/tls_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -5,7 +5,7 @@
* Released under the terms of the Botan license
*/
-#include <botan/internal/tls_state.h>
+#include <botan/internal/tls_handshake_state.h>
namespace Botan {
diff --git a/src/tls/tls_state.h b/src/tls/tls_handshake_state.h
index 4d1ae9d6d..1602ca17c 100644
--- a/src/tls/tls_state.h
+++ b/src/tls/tls_handshake_state.h
@@ -44,7 +44,7 @@ class Handshake_State
Public_Key* kex_pub;
Private_Key* kex_priv;
- CipherSuite suite;
+ TLS_Cipher_Suite suite;
SessionKeys keys;
TLS_Handshake_Hash hash;
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index f5efa10e4..1d96f5631 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -7,7 +7,7 @@
#include <botan/tls_server.h>
#include <botan/internal/tls_session_key.h>
-#include <botan/internal/tls_state.h>
+#include <botan/internal/tls_handshake_state.h>
#include <botan/internal/stl_util.h>
#include <botan/rsa.h>
#include <botan/dh.h>
@@ -30,7 +30,7 @@ Version_Code choose_version(Version_Code client, Version_Code minimum)
return TLS_V11;
}
-bool check_for_resume(TLS_Session_Params& session_info,
+bool check_for_resume(TLS_Session& session_info,
TLS_Session_Manager& session_manager,
Client_Hello* client_hello)
{
@@ -81,7 +81,7 @@ bool check_for_resume(TLS_Session_Params& session_info,
*/
TLS_Server::TLS_Server(std::tr1::function<void (const byte[], size_t)> output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<void (const TLS_Session_Params&)> handshake_fn,
+ std::tr1::function<void (const TLS_Session&)> handshake_fn,
TLS_Session_Manager& session_manager,
const TLS_Policy& policy,
RandomNumberGenerator& rng,
@@ -172,7 +172,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
writer.set_version(state->version);
reader.set_version(state->version);
- TLS_Session_Params session_info;
+ TLS_Session session_info;
const bool resuming = check_for_resume(session_info,
session_manager,
state->client_hello);
@@ -378,7 +378,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
if(state->client_certs && state->client_verify)
peer_certs = state->client_certs->cert_chain();
- TLS_Session_Params session_info(
+ TLS_Session session_info(
state->server_hello->session_id(),
state->keys.master_secret(),
state->server_hello->version(),
diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h
index 16c6f8e3e..d684a4a11 100644
--- a/src/tls/tls_server.h
+++ b/src/tls/tls_server.h
@@ -9,7 +9,7 @@
#define BOTAN_TLS_SERVER_H__
#include <botan/tls_channel.h>
-#include <botan/tls_session_state.h>
+#include <botan/tls_session_manager.h>
#include <vector>
namespace Botan {
@@ -29,7 +29,7 @@ class BOTAN_DLL TLS_Server : public TLS_Channel
*/
TLS_Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<void (const TLS_Session_Params&)> handshake_complete,
+ std::tr1::function<void (const TLS_Session&)> handshake_complete,
TLS_Session_Manager& session_manager,
const TLS_Policy& policy,
RandomNumberGenerator& rng,
diff --git a/src/tls/tls_session_state.cpp b/src/tls/tls_session.cpp
index bac24a5eb..deaddb227 100644
--- a/src/tls/tls_session_state.cpp
+++ b/src/tls/tls_session.cpp
@@ -1,11 +1,11 @@
/*
-* TLS Session Management
+* TLS Session State
* (C) 2011 Jack Lloyd
*
* Released under the terms of the Botan license
*/
-#include <botan/tls_session_state.h>
+#include <botan/tls_session.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/asn1_str.h>
@@ -13,17 +13,17 @@
namespace Botan {
-TLS_Session_Params::TLS_Session_Params(const MemoryRegion<byte>& session_identifier,
- const MemoryRegion<byte>& master_secret,
- Version_Code version,
- u16bit ciphersuite,
- byte compression_method,
- Connection_Side side,
- bool secure_renegotiation_supported,
- size_t fragment_size,
- const std::vector<X509_Certificate>& certs,
- const std::string& sni_hostname,
- const std::string& srp_identifier) :
+TLS_Session::TLS_Session(const MemoryRegion<byte>& session_identifier,
+ const MemoryRegion<byte>& master_secret,
+ Version_Code version,
+ u16bit ciphersuite,
+ byte compression_method,
+ Connection_Side side,
+ bool secure_renegotiation_supported,
+ size_t fragment_size,
+ const std::vector<X509_Certificate>& certs,
+ const std::string& sni_hostname,
+ const std::string& srp_identifier) :
m_start_time(system_time()),
m_identifier(session_identifier),
m_master_secret(master_secret),
@@ -41,7 +41,7 @@ TLS_Session_Params::TLS_Session_Params(const MemoryRegion<byte>& session_identif
m_peer_certificate = certs[0].BER_encode();
}
-TLS_Session_Params::TLS_Session_Params(const byte ber[], size_t ber_len)
+TLS_Session::TLS_Session(const byte ber[], size_t ber_len)
{
BER_Decoder decoder(ber, ber_len);
@@ -70,7 +70,7 @@ TLS_Session_Params::TLS_Session_Params(const byte ber[], size_t ber_len)
m_connection_side = static_cast<Connection_Side>(side_code);
}
-SecureVector<byte> TLS_Session_Params::BER_encode() const
+SecureVector<byte> TLS_Session::BER_encode() const
{
return DER_Encoder()
.start_cons(SEQUENCE)
@@ -91,50 +91,4 @@ SecureVector<byte> TLS_Session_Params::BER_encode() const
.get_contents();
}
-bool TLS_Session_Manager_In_Memory::find(const MemoryVector<byte>& session_id,
- TLS_Session_Params& params)
- {
- std::map<std::string, TLS_Session_Params>::iterator i =
- sessions.find(hex_encode(session_id));
-
- if(i == sessions.end())
- return false;
-
- // session has expired, remove it
- const u64bit now = system_time();
- if(i->second.start_time() + session_lifetime >= now)
- {
- sessions.erase(i);
- return false;
- }
-
- params = i->second;
- return true;
- }
-
-void TLS_Session_Manager_In_Memory::prohibit_resumption(
- const MemoryVector<byte>& session_id)
- {
- std::map<std::string, TLS_Session_Params>::iterator i =
- sessions.find(hex_encode(session_id));
-
- if(i != sessions.end())
- sessions.erase(i);
- }
-
-void TLS_Session_Manager_In_Memory::save(const TLS_Session_Params& session_data)
- {
- if(max_sessions != 0)
- {
- /*
- This removes randomly based on ordering of session ids.
- Instead, remove oldest first?
- */
- while(sessions.size() >= max_sessions)
- sessions.erase(sessions.begin());
- }
-
- sessions[hex_encode(session_data.session_id())] = session_data;
- }
-
}
diff --git a/src/tls/tls_session_state.h b/src/tls/tls_session.h
index eefdc4b67..c713efc87 100644
--- a/src/tls/tls_session_state.h
+++ b/src/tls/tls_session.h
@@ -1,33 +1,30 @@
/*
-* TLS Session Management
+* TLS Session
* (C) 2011 Jack Lloyd
*
* Released under the terms of the Botan license
*/
-#ifndef TLS_SESSION_STATE_H_
-#define TLS_SESSION_STATE_H_
+#ifndef TLS_SESSION_STATE_H__
+#define TLS_SESSION_STATE_H__
#include <botan/x509cert.h>
#include <botan/tls_magic.h>
#include <botan/secmem.h>
-#include <botan/hex.h>
-#include <map>
-#include <ctime>
namespace Botan {
/**
* Class representing a TLS session state
*/
-class BOTAN_DLL TLS_Session_Params
+class BOTAN_DLL TLS_Session
{
public:
/**
* Uninitialized session
*/
- TLS_Session_Params() :
+ TLS_Session() :
m_start_time(0),
m_version(0),
m_ciphersuite(0),
@@ -40,7 +37,7 @@ class BOTAN_DLL TLS_Session_Params
/**
* New session (sets session start time)
*/
- TLS_Session_Params(const MemoryRegion<byte>& session_id,
+ TLS_Session(const MemoryRegion<byte>& session_id,
const MemoryRegion<byte>& master_secret,
Version_Code version,
u16bit ciphersuite,
@@ -55,7 +52,7 @@ class BOTAN_DLL TLS_Session_Params
/**
* Load a session from BER (created by BER_encode)
*/
- TLS_Session_Params(const byte ber[], size_t ber_len);
+ TLS_Session(const byte ber[], size_t ber_len);
/**
* Encode this session data for storage
@@ -145,77 +142,6 @@ class BOTAN_DLL TLS_Session_Params
std::string m_srp_identifier; // optional
};
-/**
-* TLS_Session_Manager is an interface to systems which can save
-* session parameters for support session resumption.
-*
-* Implementations should strive to be thread safe
-*/
-class BOTAN_DLL TLS_Session_Manager
- {
- public:
- /**
- * Try to load a saved session
- * @param session_id the session identifier we are trying to resume
- * @param params will be set to the saved session data (if found),
- or not modified if not found
- * @return true if params was modified
- */
- virtual bool find(const MemoryVector<byte>& session_id,
- TLS_Session_Params& params) = 0;
-
- /**
- * Prohibit resumption of this session. Effectively an erase.
- */
- virtual void prohibit_resumption(const MemoryVector<byte>& session_id) = 0;
-
- /**
- * Save a session on a best effort basis; the manager may not in
- * fact be able to save the session for whatever reason, this is
- * not an error. Caller cannot assume that calling save followed
- * immediately by find will result in a successful lookup.
- *
- * @param session_id the session identifier
- * @param params to save
- */
- virtual void save(const TLS_Session_Params& params) = 0;
-
- virtual ~TLS_Session_Manager() {}
- };
-
-/**
-* A simple implementation of TLS_Session_Manager that just saves
-* values in memory, with no persistance abilities
-*
-* @todo add locking
-*/
-class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager
- {
- public:
- /**
- * @param max_sessions a hint on the maximum number of sessions
- * to save at any one time. (If zero, don't cap at all)
- * @param session_lifetime sesions are expired after this many
- * seconds have elapsed.
- */
- TLS_Session_Manager_In_Memory(size_t max_sessions = 1000,
- size_t session_lifetime = 300) :
- max_sessions(max_sessions),
- session_lifetime(session_lifetime)
- {}
-
- bool find(const MemoryVector<byte>& session_id,
- TLS_Session_Params& params);
-
- void prohibit_resumption(const MemoryVector<byte>& session_id);
-
- void save(const TLS_Session_Params& session_data);
-
- private:
- size_t max_sessions, session_lifetime;
- std::map<std::string, TLS_Session_Params> sessions;
- };
-
}
#endif
diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp
new file mode 100644
index 000000000..05a092426
--- /dev/null
+++ b/src/tls/tls_session_manager.cpp
@@ -0,0 +1,66 @@
+/*
+* TLS Session Management
+* (C) 2011 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#include <botan/tls_session_manager.h>
+#include <botan/hex.h>
+#include <botan/time.h>
+
+namespace Botan {
+
+bool TLS_Session_Manager_In_Memory::find(const MemoryVector<byte>& session_id,
+ TLS_Session& params)
+ {
+ std::map<std::string, TLS_Session>::iterator i =
+ sessions.find(hex_encode(session_id));
+
+ if(i == sessions.end())
+ return false;
+
+ // session has expired, remove it
+ const u64bit now = system_time();
+ if(i->second.start_time() + session_lifetime >= now)
+ {
+ sessions.erase(i);
+ return false;
+ }
+
+ params = i->second;
+ return true;
+ }
+
+bool TLS_Session_Manager_In_Memory::find(const std::string& hostname, u16bit port,
+ TLS_Session& params)
+ {
+ return false;
+ }
+
+void TLS_Session_Manager_In_Memory::prohibit_resumption(
+ const MemoryVector<byte>& session_id)
+ {
+ std::map<std::string, TLS_Session>::iterator i =
+ sessions.find(hex_encode(session_id));
+
+ if(i != sessions.end())
+ sessions.erase(i);
+ }
+
+void TLS_Session_Manager_In_Memory::save(const TLS_Session& session_data)
+ {
+ if(max_sessions != 0)
+ {
+ /*
+ This removes randomly based on ordering of session ids.
+ Instead, remove oldest first?
+ */
+ while(sessions.size() >= max_sessions)
+ sessions.erase(sessions.begin());
+ }
+
+ sessions[hex_encode(session_data.session_id())] = session_data;
+ }
+
+}
diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h
new file mode 100644
index 000000000..e2b66afb5
--- /dev/null
+++ b/src/tls/tls_session_manager.h
@@ -0,0 +1,103 @@
+/*
+* TLS Session Manager
+* (C) 2011 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#ifndef TLS_SESSION_MANAGER_H__
+#define TLS_SESSION_MANAGER_H__
+
+#include <botan/tls_session.h>
+#include <map>
+
+namespace Botan {
+
+/**
+* TLS_Session_Manager is an interface to systems which can save
+* session parameters for supporting session resumption.
+*
+* Implementations should strive to be thread safe
+*/
+class BOTAN_DLL TLS_Session_Manager
+ {
+ public:
+ /**
+ * Try to load a saved session (server side)
+ * @param session_id the session identifier we are trying to resume
+ * @param params will be set to the saved session data (if found),
+ or not modified if not found
+ * @return true if params was modified
+ */
+ virtual bool find(const MemoryVector<byte>& session_id,
+ TLS_Session& params) = 0;
+
+ /**
+ * Try to load a saved session (client side)
+ * @param hostname of the host we are connecting to
+ * @param port the port number if we know it, or 0 if unknown
+ * @param params will be set to the saved session data (if found),
+ or not modified if not found
+ * @return true if params was modified
+ */
+ virtual bool find(const std::string& hostname, u16bit port,
+ TLS_Session& params) = 0;
+
+ /**
+ * Prohibit resumption of this session. Effectively an erase.
+ */
+ virtual void prohibit_resumption(const MemoryVector<byte>& session_id) = 0;
+
+ /**
+ * Save a session on a best effort basis; the manager may not in
+ * fact be able to save the session for whatever reason, this is
+ * not an error. Caller cannot assume that calling save followed
+ * immediately by find will result in a successful lookup.
+ *
+ * @param session_id the session identifier
+ * @param params to save
+ */
+ virtual void save(const TLS_Session& params) = 0;
+
+ virtual ~TLS_Session_Manager() {}
+ };
+
+/**
+* A simple implementation of TLS_Session_Manager that just saves
+* values in memory, with no persistance abilities
+*
+* @todo add locking
+*/
+class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager
+ {
+ public:
+ /**
+ * @param max_sessions a hint on the maximum number of sessions
+ * to keep in memory at any one time. (If zero, don't cap)
+ * @param session_lifetime sessions are expired after this many
+ * seconds have elapsed from initial handshake.
+ */
+ TLS_Session_Manager_In_Memory(size_t max_sessions = 1000,
+ size_t session_lifetime = 7200) :
+ max_sessions(max_sessions),
+ session_lifetime(session_lifetime)
+ {}
+
+ bool find(const MemoryVector<byte>& session_id,
+ TLS_Session& params);
+
+ bool find(const std::string& hostname, u16bit port,
+ TLS_Session& params);
+
+ void prohibit_resumption(const MemoryVector<byte>& session_id);
+
+ void save(const TLS_Session& session_data);
+
+ private:
+ size_t max_sessions, session_lifetime;
+ std::map<std::string, TLS_Session> sessions;
+ };
+
+}
+
+#endif