diff options
author | lloyd <[email protected]> | 2012-06-29 13:08:18 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-06-29 13:08:18 +0000 |
commit | b4b0f986adf31c94af35e9d8b69942c8ea865d7f (patch) | |
tree | 22444c587eff9b6a00870c7434b889d3ab461954 /src/tls | |
parent | 75d97d5d991cfe87ecea6626c17a777c82487fb4 (diff) |
Add TLS::Session_Manager_Noop which just ignores all save requests.
Rename the sqlite module to sqlite3 as sometimes plain 'sqlite' is
used to refer to sqlite2.
Reduce the password check bits to 16 which is plenty.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/sessions_sqlite/info.txt | 4 | ||||
-rw-r--r-- | src/tls/sessions_sqlite/tls_session_manager_sqlite.cpp (renamed from src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp) | 13 | ||||
-rw-r--r-- | src/tls/sessions_sqlite/tls_session_manager_sqlite.h (renamed from src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h) | 12 | ||||
-rw-r--r-- | src/tls/tls_session_manager.h | 24 |
4 files changed, 39 insertions, 14 deletions
diff --git a/src/tls/sessions_sqlite/info.txt b/src/tls/sessions_sqlite/info.txt index 5761d53ea..eafd433a8 100644 --- a/src/tls/sessions_sqlite/info.txt +++ b/src/tls/sessions_sqlite/info.txt @@ -1,6 +1,6 @@ -define TLS_SQLITE_SESSION_MANAGER +define TLS_SQLITE3_SESSION_MANAGER <requires> pbkdf2 -sqlite +sqlite3 </requires> diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_session_manager_sqlite.cpp index dcfc79ed2..9d0cffa08 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_session_manager_sqlite.cpp @@ -4,10 +4,9 @@ * * Released under the terms of the Botan license */ - -#include <botan/tls_sqlite_sess_mgr.h> -#include <botan/internal/sqlite.h> -#include <botan/internal/assert.h> + +#include <botan/tls_session_manager_sqlite.h> +#include <botan/internal/sqlite3.h> #include <botan/lookup.h> #include <botan/hex.h> #include <botan/loadstor.h> @@ -26,13 +25,13 @@ SymmetricKey derive_key(const std::string& passphrase, { std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)")); - secure_vector<byte> x = pbkdf->derive_key(32 + 3, + secure_vector<byte> x = pbkdf->derive_key(32 + 2, passphrase, salt, salt_len, iterations).bits_of(); - check_val = make_u32bit(0, x[0], x[1], x[2]); - return SymmetricKey(&x[3], x.size() - 3); + check_val = make_u16bit(x[0], x[1]); + return SymmetricKey(&x[2], x.size() - 2); } Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_session_manager_sqlite.h index 1bcf88892..dc465005e 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h +++ b/src/tls/sessions_sqlite/tls_session_manager_sqlite.h @@ -1,12 +1,12 @@ /* -* SQLite TLS Session Manager +* SQLite3 TLS Session Manager * (C) 2012 Jack Lloyd * * Released under the terms of the Botan license */ -#ifndef BOTAN_TLS_SQLITE_SESSION_MANAGER_H__ -#define BOTAN_TLS_SQLITE_SESSION_MANAGER_H__ +#ifndef BOTAN_TLS_SQLITE3_SESSION_MANAGER_H__ +#define BOTAN_TLS_SQLITE3_SESSION_MANAGER_H__ #include <botan/tls_session_manager.h> #include <botan/rng.h> @@ -18,6 +18,12 @@ class sqlite3_database; namespace TLS { /** +* An implementation of Session_Manager that saves values in a SQLite3 +* database file, with the session data encrypted using a passphrase. +* +* @warning The hostnames associated with the saved sessions are stored +* in the database in plaintext. This may be a serious privacy risk in +* some applications. */ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager { diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index fa1ecae39..c63ee39f6 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -76,8 +76,28 @@ class BOTAN_DLL Session_Manager }; /** -* A simple implementation of Session_Manager that just saves -* values in memory, with no persistance abilities +* An implementation of Session_Manager that does not save sessions at +* all, preventing session resumption. +*/ +class BOTAN_DLL Session_Manager_Noop : public Session_Manager + { + public: + bool load_from_session_id(const std::vector<byte>&, Session&) + { return false; } + + bool load_from_host_info(const std::string&, u16bit, Session&) + { return false; } + + void remove_entry(const std::vector<byte>&) {} + + void save(const Session&) {} + + std::chrono::seconds session_lifetime() const + { return std::chrono::seconds(0); } + }; + +/** +* An implementation of Session_Manager that saves values in memory */ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager { |