aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/cli/tls_client.cpp7
-rw-r--r--src/lib/tls/tls_blocking.cpp8
-rw-r--r--src/lib/tls/tls_blocking.h4
-rw-r--r--src/lib/tls/tls_client.cpp26
-rw-r--r--src/lib/tls/tls_client.h62
-rw-r--r--src/lib/tls/tls_server.cpp17
-rw-r--r--src/lib/tls/tls_session.cpp58
-rw-r--r--src/lib/tls/tls_session.h118
-rw-r--r--src/tests/unit_tls.cpp14
9 files changed, 105 insertions, 209 deletions
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index 2e7daed6e..e2fc1f027 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -128,10 +128,9 @@ class TLS_Client final : public Command
creds,
*policy,
rng(),
- Botan::TLS::Client::Properties(
- Botan::TLS::Server_Information(host, port),
- version,
- protocols_to_offer));
+ Botan::TLS::Server_Information(host, port),
+ version,
+ protocols_to_offer);
bool first_active = true;
diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp
index 88397336b..3910d242c 100644
--- a/src/lib/tls/tls_blocking.cpp
+++ b/src/lib/tls/tls_blocking.cpp
@@ -20,7 +20,9 @@ Blocking_Client::Blocking_Client(read_fn reader,
Credentials_Manager& creds,
const Policy& policy,
RandomNumberGenerator& rng,
- TLS::Client::Properties& properties) :
+ const Server_Information& server_info,
+ const Protocol_Version& offer_version,
+ const std::vector<std::string>& next) :
m_read(reader),
m_channel(TLS::Callbacks(
writer,
@@ -32,7 +34,9 @@ Blocking_Client::Blocking_Client(read_fn reader,
creds,
policy,
rng,
- properties)
+ server_info,
+ offer_version,
+ next)
{
}
diff --git a/src/lib/tls/tls_blocking.h b/src/lib/tls/tls_blocking.h
index 51f860008..cba44b524 100644
--- a/src/lib/tls/tls_blocking.h
+++ b/src/lib/tls/tls_blocking.h
@@ -39,7 +39,9 @@ class BOTAN_DLL Blocking_Client
Credentials_Manager& creds,
const Policy& policy,
RandomNumberGenerator& rng,
- TLS::Client::Properties& properties);
+ const Server_Information& server_info = Server_Information(),
+ const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(),
+ const std::vector<std::string>& next_protos = {});
/**
* Completes full handshake then returns
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index e2f090033..1708a7f40 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -48,14 +48,16 @@ Client::Client(const Callbacks& callbacks,
Credentials_Manager& creds,
const Policy& policy,
RandomNumberGenerator& rng,
- Properties properties,
+ const Server_Information& info,
+ const Protocol_Version& offer_version,
+ const std::vector<std::string>& next_protos,
size_t io_buf_sz) :
- Channel(callbacks, session_manager, rng, policy, properties.get_protocol_version().is_datagram_protocol(),
+ Channel(callbacks, session_manager, rng, policy, offer_version.is_datagram_protocol(),
io_buf_sz),
m_creds(creds),
- m_info(properties.get_server_info())
+ m_info(info)
{
- init(properties.get_protocol_version(), properties.get_next_protocols());
+ init(offer_version, next_protos);
}
Client::Client(output_fn output_fn,
@@ -524,22 +526,20 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
if(session_id.empty() && !session_ticket.empty())
session_id = make_hello_random(rng(), policy());
- Session::Properties session_properties(
- m_info,
- "",
- state.server_hello()->srtp_profile(),
- state.server_hello()->version(),
- state.server_hello()->ciphersuite(),
- state.server_hello()->compression_method());
-
Session session_info(
session_id,
state.session_keys().master_secret(),
+ state.server_hello()->version(),
+ state.server_hello()->ciphersuite(),
+ state.server_hello()->compression_method(),
CLIENT,
state.server_hello()->supports_extended_master_secret(),
get_peer_cert_chain(state),
session_ticket,
- session_properties);
+ m_info,
+ "",
+ state.server_hello()->srtp_profile()
+ );
const bool should_save = save_session(session_info);
diff --git a/src/lib/tls/tls_client.h b/src/lib/tls/tls_client.h
index 8a45c5444..6452294cd 100644
--- a/src/lib/tls/tls_client.h
+++ b/src/lib/tls/tls_client.h
@@ -37,64 +37,18 @@ class BOTAN_DLL Client final : public Channel
*
* @param rng a random number generator
*
- * @param properties holds server information and protocol related
- * properties.
+ * @param server_info is identifying information about the TLS server
+ *
+ * @param offer_version specifies which version we will offer
+ * to the TLS server.
+ *
+ * @param next_protocols specifies protocols to advertise with ALPN
*
* @param reserved_io_buffer_size This many bytes of memory will
* be preallocated for the read and write buffers. Smaller
* values just mean reallocations and copies are more likely.
*/
- class Properties
- {
- /**
- * Stores TLS Client properties.
- *
- * @param server_info is identifying information about the TLS server
- *
- * @param protocol_version specifies which version we will offer
- * to the TLS server.
- *
- * @param next_protocols specifies protocols to advertise with ALPN
- */
-
- public:
- Properties(const Server_Information& server_info
- = Server_Information(),
- const Protocol_Version protocol_version
- = Protocol_Version::latest_tls_version(),
- const std::vector<std::string>& next_versions
- = {})
- : m_server_info(server_info),
- m_protocol_version(protocol_version),
- m_next_protocols(next_versions) {}
-
- const Server_Information& get_server_info()
- {
- return m_server_info;
- }
-
- const Protocol_Version& get_protocol_version()
- {
- return m_protocol_version;
- }
-
- const std::vector<std::string>& get_next_protocols()
- {
- return m_next_protocols;
- }
-
- private:
- const Server_Information& m_server_info;
- const Protocol_Version m_protocol_version;
- const std::vector<std::string>& m_next_protocols;
- };
-
- /**
- * DEPRECATED. This constructor is only provided for backward
- * compatibility and should not be used in new implementations.
- */
- BOTAN_DEPRECATED("Use TLS::Client(TLS::Callbacks ...)")
Client(output_fn out,
data_cb app_data_cb,
alert_cb alert_cb,
@@ -134,7 +88,9 @@ class BOTAN_DLL Client final : public Channel
Credentials_Manager& creds,
const Policy& policy,
RandomNumberGenerator& rng,
- Properties properties,
+ const Server_Information& server_info = Server_Information(),
+ const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(),
+ const std::vector<std::string>& next_protocols = {},
size_t reserved_io_buffer_size = TLS::Client::IO_BUF_DEFAULT_SIZE
);
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 39ebe2a59..ebd4d413d 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -494,23 +494,20 @@ void Server::process_finished_msg(Server_Handshake_State& pending_state,
pending_state.hash().update ( pending_state.handshake_io().format ( contents, type ) );
- Session::Properties session_properties(
- Server_Information(pending_state.client_hello()->sni_hostname()),
- "",
- pending_state.server_hello()->srtp_profile(),
- pending_state.server_hello()->version(),
- pending_state.server_hello()->ciphersuite(),
- pending_state.server_hello()->compression_method());
-
-
Session session_info(
pending_state.server_hello()->session_id(),
pending_state.session_keys().master_secret(),
+ pending_state.server_hello()->version(),
+ pending_state.server_hello()->ciphersuite(),
+ pending_state.server_hello()->compression_method(),
SERVER,
pending_state.server_hello()->supports_extended_master_secret(),
get_peer_cert_chain ( pending_state ),
std::vector<byte>(),
- session_properties);
+ Server_Information(pending_state.client_hello()->sni_hostname()),
+ pending_state.srp_identifier(),
+ pending_state.server_hello()->srtp_profile()
+ );
if ( save_session ( session_info ) )
{
diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp
index bcbac10af..18c9b357c 100644
--- a/src/lib/tls/tls_session.cpp
+++ b/src/lib/tls/tls_session.cpp
@@ -1,7 +1,6 @@
/*
* TLS Session State
* (C) 2011-2012,2015 Jack Lloyd
-* 2016 Matthias Gierlings
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -20,19 +19,29 @@ namespace TLS {
Session::Session(const std::vector<byte>& session_identifier,
const secure_vector<byte>& master_secret,
+ Protocol_Version version,
+ u16bit ciphersuite,
+ byte compression_method,
Connection_Side side,
bool extended_master_secret,
const std::vector<X509_Certificate>& certs,
const std::vector<byte>& ticket,
- Properties properties) :
+ const Server_Information& server_info,
+ const std::string& srp_identifier,
+ u16bit srtp_profile) :
m_start_time(std::chrono::system_clock::now()),
m_identifier(session_identifier),
m_session_ticket(ticket),
m_master_secret(master_secret),
+ m_version(version),
+ m_ciphersuite(ciphersuite),
+ m_compression_method(compression_method),
m_connection_side(side),
+ m_srtp_profile(srtp_profile),
m_extended_master_secret(extended_master_secret),
m_peer_certs(certs),
- m_properties(properties)
+ m_server_info(server_info),
+ m_srp_identifier(srp_identifier)
{
}
@@ -60,9 +69,6 @@ Session::Session(const byte ber[], size_t ber_len)
size_t srtp_profile = 0;
size_t fragment_size = 0;
- u16bit cs = m_properties.get_ciphersuite();
- byte compr = compression_method();
-
BER_Decoder(ber, ber_len)
.start_cons(SEQUENCE)
.decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION),
@@ -72,9 +78,10 @@ Session::Session(const byte ber[], size_t ber_len)
.decode_integer_type(minor_version)
.decode(m_identifier, OCTET_STRING)
.decode(m_session_ticket, OCTET_STRING)
- .decode_integer_type(cs)
- .decode_integer_type(compr)
+ .decode_integer_type(m_ciphersuite)
+ .decode_integer_type(m_compression_method)
.decode_integer_type(side_code)
+ .decode_integer_type(fragment_size)
.decode(m_extended_master_secret)
.decode(m_master_secret, OCTET_STRING)
.decode(peer_cert_bits, OCTET_STRING)
@@ -96,17 +103,16 @@ Session::Session(const byte ber[], size_t ber_len)
" no longer supported");
}
- m_properties.set_ciphersuite(cs);
- m_properties.set_compression_method(compr);
- m_properties.set_protocol_version(Protocol_Version(major_version, minor_version));
+ m_version = Protocol_Version(major_version, minor_version);
m_start_time = std::chrono::system_clock::from_time_t(start_time);
m_connection_side = static_cast<Connection_Side>(side_code);
- m_properties.set_srtp_profile(static_cast<u16bit>(srtp_profile));
- m_properties.set_server_info(
- Server_Information(server_hostname.value(),
- server_service.value(),
- static_cast<u16bit>(server_port)));
- m_properties.set_srp_identifier(srp_identifier_str.value());
+ m_srtp_profile = static_cast<u16bit>(srtp_profile);
+
+ m_server_info = Server_Information(server_hostname.value(),
+ server_service.value(),
+ static_cast<u16bit>(server_port));
+
+ m_srp_identifier = srp_identifier_str.value();
if(!peer_cert_bits.empty())
{
@@ -127,22 +133,22 @@ secure_vector<byte> Session::DER_encode() const
.start_cons(SEQUENCE)
.encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
.encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
- .encode(static_cast<size_t>(version().major_version()))
- .encode(static_cast<size_t>(version().minor_version()))
+ .encode(static_cast<size_t>(m_version.major_version()))
+ .encode(static_cast<size_t>(m_version.minor_version()))
.encode(m_identifier, OCTET_STRING)
.encode(m_session_ticket, OCTET_STRING)
- .encode(static_cast<size_t>(ciphersuite_code()))
- .encode(static_cast<size_t>(compression_method()))
+ .encode(static_cast<size_t>(m_ciphersuite))
+ .encode(static_cast<size_t>(m_compression_method))
.encode(static_cast<size_t>(m_connection_side))
.encode(static_cast<size_t>(/*old fragment size*/0))
.encode(m_extended_master_secret)
.encode(m_master_secret, OCTET_STRING)
.encode(peer_cert_bits, OCTET_STRING)
- .encode(ASN1_String(m_properties.get_server_info().hostname(), UTF8_STRING))
- .encode(ASN1_String(m_properties.get_server_info().service(), UTF8_STRING))
- .encode(static_cast<size_t>(m_properties.get_server_info().port()))
- .encode(ASN1_String(srp_identifier(), UTF8_STRING))
- .encode(static_cast<size_t>(dtls_srtp_profile()))
+ .encode(ASN1_String(m_server_info.hostname(), UTF8_STRING))
+ .encode(ASN1_String(m_server_info.service(), UTF8_STRING))
+ .encode(static_cast<size_t>(m_server_info.port()))
+ .encode(ASN1_String(m_srp_identifier, UTF8_STRING))
+ .encode(static_cast<size_t>(m_srtp_profile))
.end_cons()
.get_contents();
}
diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h
index 600aa0a10..8ca646cf2 100644
--- a/src/lib/tls/tls_session.h
+++ b/src/lib/tls/tls_session.h
@@ -1,7 +1,6 @@
/*
* TLS Session
* (C) 2011-2012,2015 Jack Lloyd
-* 2016 Matthias Gierlings
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -28,106 +27,35 @@ namespace TLS {
class BOTAN_DLL Session
{
public:
- class Properties
- {
- public:
- Properties() : m_srtp_profile(0), m_protocol_version(),
- m_ciphersuite(), m_compression_method(0) {}
-
- Properties(const Server_Information& server_info,
- const std::string& srp_identifier,
- u16bit srtp_profile,
- Protocol_Version protocol_version,
- u16bit ciphersuite,
- byte compression_method)
- : m_server_info(server_info),
- m_srp_identifier(srp_identifier),
- m_srtp_profile(srtp_profile),
- m_protocol_version(protocol_version),
- m_ciphersuite(ciphersuite),
- m_compression_method(compression_method) {}
-
- const Server_Information& get_server_info() const
- {
- return m_server_info;
- }
-
- void set_server_info(Server_Information server_info)
- {
- m_server_info = server_info;
- }
-
- const std::string& get_srp_identifier() const
- {
- return m_srp_identifier;
- }
-
- void set_srp_identifier(const std::string& srp_identifier)
- {
- m_srp_identifier = srp_identifier;
- }
-
- u16bit get_srtp_profile() const { return m_srtp_profile; }
- void set_srtp_profile(u16bit srtp_profile)
- {
- m_srtp_profile = srtp_profile;
- }
-
- Protocol_Version get_protocol_version() const
- {
- return m_protocol_version;
- }
-
- void set_protocol_version(Protocol_Version protocol_version)
- {
- m_protocol_version = protocol_version;
- }
-
- u16bit get_ciphersuite() const { return m_ciphersuite; }
-
- void set_ciphersuite(u16bit ciphersuite)
- {
- m_ciphersuite = ciphersuite;
- }
-
- byte get_compression_method() const
- {
- return m_compression_method;
- }
-
- void set_compression_method(byte compression_method)
- {
- m_compression_method = compression_method;
- }
-
- private:
- Server_Information m_server_info;
- std::string m_srp_identifier;
- u16bit m_srtp_profile;
- Protocol_Version m_protocol_version;
- u16bit m_ciphersuite;
- byte m_compression_method;
- };
/**
* Uninitialized session
*/
Session() :
m_start_time(std::chrono::system_clock::time_point::min()),
+ m_version(),
+ m_ciphersuite(0),
+ m_compression_method(0),
m_connection_side(static_cast<Connection_Side>(0)),
- m_extended_master_secret(false),
- m_properties() {}
+ m_srtp_profile(0),
+ m_extended_master_secret(false)
+ {}
/**
* New session (sets session start time)
*/
Session(const std::vector<byte>& session_id,
const secure_vector<byte>& master_secret,
+ Protocol_Version version,
+ u16bit ciphersuite,
+ byte compression_method,
Connection_Side side,
bool supports_extended_master_secret,
const std::vector<X509_Certificate>& peer_certs,
const std::vector<byte>& session_ticket,
- Properties properties);
+ const Server_Information& server_info,
+ const std::string& srp_identifier,
+ u16bit srtp_profile);
/**
* Load a session from DER representation (created by DER_encode)
@@ -184,22 +112,22 @@ class BOTAN_DLL Session
/**
* Get the version of the saved session
*/
- Protocol_Version version() const { return m_properties.get_protocol_version(); }
+ Protocol_Version version() const { return m_version; }
/**
* Get the ciphersuite code of the saved session
*/
- u16bit ciphersuite_code() const { return m_properties.get_ciphersuite(); }
+ u16bit ciphersuite_code() const { return m_ciphersuite; }
/**
* Get the ciphersuite info of the saved session
*/
- Ciphersuite ciphersuite() const { return Ciphersuite::by_id(ciphersuite_code()); }
+ Ciphersuite ciphersuite() const { return Ciphersuite::by_id(m_ciphersuite); }
/**
* Get the compression method used in the saved session
*/
- byte compression_method() const { return m_properties.get_compression_method(); }
+ byte compression_method() const { return m_compression_method; }
/**
* Get which side of the connection the resumed session we are/were
@@ -210,7 +138,7 @@ class BOTAN_DLL Session
/**
* Get the SRP identity (if sent by the client in the initial handshake)
*/
- const std::string& srp_identifier() const { return m_properties.get_srp_identifier(); }
+ const std::string& srp_identifier() const { return m_srp_identifier; }
/**
* Get the saved master secret
@@ -225,7 +153,7 @@ class BOTAN_DLL Session
/**
* Get the negotiated DTLS-SRTP algorithm (RFC 5764)
*/
- u16bit dtls_srtp_profile() const { return m_properties.get_srtp_profile(); }
+ u16bit dtls_srtp_profile() const { return m_srtp_profile; }
bool supports_extended_master_secret() const { return m_extended_master_secret; }
@@ -249,7 +177,7 @@ class BOTAN_DLL Session
*/
const std::vector<byte>& session_ticket() const { return m_session_ticket; }
- const Server_Information& server_info() const { return m_properties.get_server_info(); }
+ const Server_Information& server_info() const { return m_server_info; }
private:
enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160103 };
@@ -260,10 +188,16 @@ class BOTAN_DLL Session
std::vector<byte> m_session_ticket; // only used by client side
secure_vector<byte> m_master_secret;
+ Protocol_Version m_version;
+ u16bit m_ciphersuite;
+ byte m_compression_method;
Connection_Side m_connection_side;
+ u16bit m_srtp_profile;
bool m_extended_master_secret;
+
std::vector<X509_Certificate> m_peer_certs;
- Properties m_properties;
+ Server_Information m_server_info; // optional
+ std::string m_srp_identifier; // optional
};
}
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index 919c3c950..150ed2794 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -244,10 +244,9 @@ Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version,
creds,
policy,
rng,
- Botan::TLS::Client::Properties(
- Botan::TLS::Server_Information("server.example.com"),
- offer_version,
- protocols_offered)));
+ Botan::TLS::Server_Information("server.example.com"),
+ offer_version,
+ protocols_offered));
size_t rounds = 0;
@@ -511,10 +510,9 @@ Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version,
creds,
policy,
rng,
- Botan::TLS::Client::Properties(
- Botan::TLS::Server_Information("server.example.com"),
- offer_version,
- protocols_offered)));
+ Botan::TLS::Server_Information("server.example.com"),
+ offer_version,
+ protocols_offered));
size_t rounds = 0;