diff options
-rw-r--r-- | src/cli/tls_client.cpp | 7 | ||||
-rw-r--r-- | src/lib/tls/tls_blocking.cpp | 8 | ||||
-rw-r--r-- | src/lib/tls/tls_blocking.h | 4 | ||||
-rw-r--r-- | src/lib/tls/tls_client.cpp | 26 | ||||
-rw-r--r-- | src/lib/tls/tls_client.h | 62 | ||||
-rw-r--r-- | src/lib/tls/tls_server.cpp | 17 | ||||
-rw-r--r-- | src/lib/tls/tls_session.cpp | 58 | ||||
-rw-r--r-- | src/lib/tls/tls_session.h | 118 | ||||
-rw-r--r-- | src/tests/unit_tls.cpp | 14 |
9 files changed, 105 insertions, 209 deletions
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 2e7daed6e..e2fc1f027 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -128,10 +128,9 @@ class TLS_Client final : public Command creds, *policy, rng(), - Botan::TLS::Client::Properties( - Botan::TLS::Server_Information(host, port), - version, - protocols_to_offer)); + Botan::TLS::Server_Information(host, port), + version, + protocols_to_offer); bool first_active = true; diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp index 88397336b..3910d242c 100644 --- a/src/lib/tls/tls_blocking.cpp +++ b/src/lib/tls/tls_blocking.cpp @@ -20,7 +20,9 @@ Blocking_Client::Blocking_Client(read_fn reader, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, - TLS::Client::Properties& properties) : + const Server_Information& server_info, + const Protocol_Version& offer_version, + const std::vector<std::string>& next) : m_read(reader), m_channel(TLS::Callbacks( writer, @@ -32,7 +34,9 @@ Blocking_Client::Blocking_Client(read_fn reader, creds, policy, rng, - properties) + server_info, + offer_version, + next) { } diff --git a/src/lib/tls/tls_blocking.h b/src/lib/tls/tls_blocking.h index 51f860008..cba44b524 100644 --- a/src/lib/tls/tls_blocking.h +++ b/src/lib/tls/tls_blocking.h @@ -39,7 +39,9 @@ class BOTAN_DLL Blocking_Client Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, - TLS::Client::Properties& properties); + const Server_Information& server_info = Server_Information(), + const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), + const std::vector<std::string>& next_protos = {}); /** * Completes full handshake then returns diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index e2f090033..1708a7f40 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -48,14 +48,16 @@ Client::Client(const Callbacks& callbacks, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, - Properties properties, + const Server_Information& info, + const Protocol_Version& offer_version, + const std::vector<std::string>& next_protos, size_t io_buf_sz) : - Channel(callbacks, session_manager, rng, policy, properties.get_protocol_version().is_datagram_protocol(), + Channel(callbacks, session_manager, rng, policy, offer_version.is_datagram_protocol(), io_buf_sz), m_creds(creds), - m_info(properties.get_server_info()) + m_info(info) { - init(properties.get_protocol_version(), properties.get_next_protocols()); + init(offer_version, next_protos); } Client::Client(output_fn output_fn, @@ -524,22 +526,20 @@ void Client::process_handshake_msg(const Handshake_State* active_state, if(session_id.empty() && !session_ticket.empty()) session_id = make_hello_random(rng(), policy()); - Session::Properties session_properties( - m_info, - "", - state.server_hello()->srtp_profile(), - state.server_hello()->version(), - state.server_hello()->ciphersuite(), - state.server_hello()->compression_method()); - Session session_info( session_id, state.session_keys().master_secret(), + state.server_hello()->version(), + state.server_hello()->ciphersuite(), + state.server_hello()->compression_method(), CLIENT, state.server_hello()->supports_extended_master_secret(), get_peer_cert_chain(state), session_ticket, - session_properties); + m_info, + "", + state.server_hello()->srtp_profile() + ); const bool should_save = save_session(session_info); diff --git a/src/lib/tls/tls_client.h b/src/lib/tls/tls_client.h index 8a45c5444..6452294cd 100644 --- a/src/lib/tls/tls_client.h +++ b/src/lib/tls/tls_client.h @@ -37,64 +37,18 @@ class BOTAN_DLL Client final : public Channel * * @param rng a random number generator * - * @param properties holds server information and protocol related - * properties. + * @param server_info is identifying information about the TLS server + * + * @param offer_version specifies which version we will offer + * to the TLS server. + * + * @param next_protocols specifies protocols to advertise with ALPN * * @param reserved_io_buffer_size This many bytes of memory will * be preallocated for the read and write buffers. Smaller * values just mean reallocations and copies are more likely. */ - class Properties - { - /** - * Stores TLS Client properties. - * - * @param server_info is identifying information about the TLS server - * - * @param protocol_version specifies which version we will offer - * to the TLS server. - * - * @param next_protocols specifies protocols to advertise with ALPN - */ - - public: - Properties(const Server_Information& server_info - = Server_Information(), - const Protocol_Version protocol_version - = Protocol_Version::latest_tls_version(), - const std::vector<std::string>& next_versions - = {}) - : m_server_info(server_info), - m_protocol_version(protocol_version), - m_next_protocols(next_versions) {} - - const Server_Information& get_server_info() - { - return m_server_info; - } - - const Protocol_Version& get_protocol_version() - { - return m_protocol_version; - } - - const std::vector<std::string>& get_next_protocols() - { - return m_next_protocols; - } - - private: - const Server_Information& m_server_info; - const Protocol_Version m_protocol_version; - const std::vector<std::string>& m_next_protocols; - }; - - /** - * DEPRECATED. This constructor is only provided for backward - * compatibility and should not be used in new implementations. - */ - BOTAN_DEPRECATED("Use TLS::Client(TLS::Callbacks ...)") Client(output_fn out, data_cb app_data_cb, alert_cb alert_cb, @@ -134,7 +88,9 @@ class BOTAN_DLL Client final : public Channel Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, - Properties properties, + const Server_Information& server_info = Server_Information(), + const Protocol_Version& offer_version = Protocol_Version::latest_tls_version(), + const std::vector<std::string>& next_protocols = {}, size_t reserved_io_buffer_size = TLS::Client::IO_BUF_DEFAULT_SIZE ); diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 39ebe2a59..ebd4d413d 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -494,23 +494,20 @@ void Server::process_finished_msg(Server_Handshake_State& pending_state, pending_state.hash().update ( pending_state.handshake_io().format ( contents, type ) ); - Session::Properties session_properties( - Server_Information(pending_state.client_hello()->sni_hostname()), - "", - pending_state.server_hello()->srtp_profile(), - pending_state.server_hello()->version(), - pending_state.server_hello()->ciphersuite(), - pending_state.server_hello()->compression_method()); - - Session session_info( pending_state.server_hello()->session_id(), pending_state.session_keys().master_secret(), + pending_state.server_hello()->version(), + pending_state.server_hello()->ciphersuite(), + pending_state.server_hello()->compression_method(), SERVER, pending_state.server_hello()->supports_extended_master_secret(), get_peer_cert_chain ( pending_state ), std::vector<byte>(), - session_properties); + Server_Information(pending_state.client_hello()->sni_hostname()), + pending_state.srp_identifier(), + pending_state.server_hello()->srtp_profile() + ); if ( save_session ( session_info ) ) { diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index bcbac10af..18c9b357c 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -1,7 +1,6 @@ /* * TLS Session State * (C) 2011-2012,2015 Jack Lloyd -* 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -20,19 +19,29 @@ namespace TLS { Session::Session(const std::vector<byte>& session_identifier, const secure_vector<byte>& master_secret, + Protocol_Version version, + u16bit ciphersuite, + byte compression_method, Connection_Side side, bool extended_master_secret, const std::vector<X509_Certificate>& certs, const std::vector<byte>& ticket, - Properties properties) : + const Server_Information& server_info, + const std::string& srp_identifier, + u16bit srtp_profile) : m_start_time(std::chrono::system_clock::now()), m_identifier(session_identifier), m_session_ticket(ticket), m_master_secret(master_secret), + m_version(version), + m_ciphersuite(ciphersuite), + m_compression_method(compression_method), m_connection_side(side), + m_srtp_profile(srtp_profile), m_extended_master_secret(extended_master_secret), m_peer_certs(certs), - m_properties(properties) + m_server_info(server_info), + m_srp_identifier(srp_identifier) { } @@ -60,9 +69,6 @@ Session::Session(const byte ber[], size_t ber_len) size_t srtp_profile = 0; size_t fragment_size = 0; - u16bit cs = m_properties.get_ciphersuite(); - byte compr = compression_method(); - BER_Decoder(ber, ber_len) .start_cons(SEQUENCE) .decode_and_check(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION), @@ -72,9 +78,10 @@ Session::Session(const byte ber[], size_t ber_len) .decode_integer_type(minor_version) .decode(m_identifier, OCTET_STRING) .decode(m_session_ticket, OCTET_STRING) - .decode_integer_type(cs) - .decode_integer_type(compr) + .decode_integer_type(m_ciphersuite) + .decode_integer_type(m_compression_method) .decode_integer_type(side_code) + .decode_integer_type(fragment_size) .decode(m_extended_master_secret) .decode(m_master_secret, OCTET_STRING) .decode(peer_cert_bits, OCTET_STRING) @@ -96,17 +103,16 @@ Session::Session(const byte ber[], size_t ber_len) " no longer supported"); } - m_properties.set_ciphersuite(cs); - m_properties.set_compression_method(compr); - m_properties.set_protocol_version(Protocol_Version(major_version, minor_version)); + m_version = Protocol_Version(major_version, minor_version); m_start_time = std::chrono::system_clock::from_time_t(start_time); m_connection_side = static_cast<Connection_Side>(side_code); - m_properties.set_srtp_profile(static_cast<u16bit>(srtp_profile)); - m_properties.set_server_info( - Server_Information(server_hostname.value(), - server_service.value(), - static_cast<u16bit>(server_port))); - m_properties.set_srp_identifier(srp_identifier_str.value()); + m_srtp_profile = static_cast<u16bit>(srtp_profile); + + m_server_info = Server_Information(server_hostname.value(), + server_service.value(), + static_cast<u16bit>(server_port)); + + m_srp_identifier = srp_identifier_str.value(); if(!peer_cert_bits.empty()) { @@ -127,22 +133,22 @@ secure_vector<byte> Session::DER_encode() const .start_cons(SEQUENCE) .encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION)) .encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time))) - .encode(static_cast<size_t>(version().major_version())) - .encode(static_cast<size_t>(version().minor_version())) + .encode(static_cast<size_t>(m_version.major_version())) + .encode(static_cast<size_t>(m_version.minor_version())) .encode(m_identifier, OCTET_STRING) .encode(m_session_ticket, OCTET_STRING) - .encode(static_cast<size_t>(ciphersuite_code())) - .encode(static_cast<size_t>(compression_method())) + .encode(static_cast<size_t>(m_ciphersuite)) + .encode(static_cast<size_t>(m_compression_method)) .encode(static_cast<size_t>(m_connection_side)) .encode(static_cast<size_t>(/*old fragment size*/0)) .encode(m_extended_master_secret) .encode(m_master_secret, OCTET_STRING) .encode(peer_cert_bits, OCTET_STRING) - .encode(ASN1_String(m_properties.get_server_info().hostname(), UTF8_STRING)) - .encode(ASN1_String(m_properties.get_server_info().service(), UTF8_STRING)) - .encode(static_cast<size_t>(m_properties.get_server_info().port())) - .encode(ASN1_String(srp_identifier(), UTF8_STRING)) - .encode(static_cast<size_t>(dtls_srtp_profile())) + .encode(ASN1_String(m_server_info.hostname(), UTF8_STRING)) + .encode(ASN1_String(m_server_info.service(), UTF8_STRING)) + .encode(static_cast<size_t>(m_server_info.port())) + .encode(ASN1_String(m_srp_identifier, UTF8_STRING)) + .encode(static_cast<size_t>(m_srtp_profile)) .end_cons() .get_contents(); } diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h index 600aa0a10..8ca646cf2 100644 --- a/src/lib/tls/tls_session.h +++ b/src/lib/tls/tls_session.h @@ -1,7 +1,6 @@ /* * TLS Session * (C) 2011-2012,2015 Jack Lloyd -* 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -28,106 +27,35 @@ namespace TLS { class BOTAN_DLL Session { public: - class Properties - { - public: - Properties() : m_srtp_profile(0), m_protocol_version(), - m_ciphersuite(), m_compression_method(0) {} - - Properties(const Server_Information& server_info, - const std::string& srp_identifier, - u16bit srtp_profile, - Protocol_Version protocol_version, - u16bit ciphersuite, - byte compression_method) - : m_server_info(server_info), - m_srp_identifier(srp_identifier), - m_srtp_profile(srtp_profile), - m_protocol_version(protocol_version), - m_ciphersuite(ciphersuite), - m_compression_method(compression_method) {} - - const Server_Information& get_server_info() const - { - return m_server_info; - } - - void set_server_info(Server_Information server_info) - { - m_server_info = server_info; - } - - const std::string& get_srp_identifier() const - { - return m_srp_identifier; - } - - void set_srp_identifier(const std::string& srp_identifier) - { - m_srp_identifier = srp_identifier; - } - - u16bit get_srtp_profile() const { return m_srtp_profile; } - void set_srtp_profile(u16bit srtp_profile) - { - m_srtp_profile = srtp_profile; - } - - Protocol_Version get_protocol_version() const - { - return m_protocol_version; - } - - void set_protocol_version(Protocol_Version protocol_version) - { - m_protocol_version = protocol_version; - } - - u16bit get_ciphersuite() const { return m_ciphersuite; } - - void set_ciphersuite(u16bit ciphersuite) - { - m_ciphersuite = ciphersuite; - } - - byte get_compression_method() const - { - return m_compression_method; - } - - void set_compression_method(byte compression_method) - { - m_compression_method = compression_method; - } - - private: - Server_Information m_server_info; - std::string m_srp_identifier; - u16bit m_srtp_profile; - Protocol_Version m_protocol_version; - u16bit m_ciphersuite; - byte m_compression_method; - }; /** * Uninitialized session */ Session() : m_start_time(std::chrono::system_clock::time_point::min()), + m_version(), + m_ciphersuite(0), + m_compression_method(0), m_connection_side(static_cast<Connection_Side>(0)), - m_extended_master_secret(false), - m_properties() {} + m_srtp_profile(0), + m_extended_master_secret(false) + {} /** * New session (sets session start time) */ Session(const std::vector<byte>& session_id, const secure_vector<byte>& master_secret, + Protocol_Version version, + u16bit ciphersuite, + byte compression_method, Connection_Side side, bool supports_extended_master_secret, const std::vector<X509_Certificate>& peer_certs, const std::vector<byte>& session_ticket, - Properties properties); + const Server_Information& server_info, + const std::string& srp_identifier, + u16bit srtp_profile); /** * Load a session from DER representation (created by DER_encode) @@ -184,22 +112,22 @@ class BOTAN_DLL Session /** * Get the version of the saved session */ - Protocol_Version version() const { return m_properties.get_protocol_version(); } + Protocol_Version version() const { return m_version; } /** * Get the ciphersuite code of the saved session */ - u16bit ciphersuite_code() const { return m_properties.get_ciphersuite(); } + u16bit ciphersuite_code() const { return m_ciphersuite; } /** * Get the ciphersuite info of the saved session */ - Ciphersuite ciphersuite() const { return Ciphersuite::by_id(ciphersuite_code()); } + Ciphersuite ciphersuite() const { return Ciphersuite::by_id(m_ciphersuite); } /** * Get the compression method used in the saved session */ - byte compression_method() const { return m_properties.get_compression_method(); } + byte compression_method() const { return m_compression_method; } /** * Get which side of the connection the resumed session we are/were @@ -210,7 +138,7 @@ class BOTAN_DLL Session /** * Get the SRP identity (if sent by the client in the initial handshake) */ - const std::string& srp_identifier() const { return m_properties.get_srp_identifier(); } + const std::string& srp_identifier() const { return m_srp_identifier; } /** * Get the saved master secret @@ -225,7 +153,7 @@ class BOTAN_DLL Session /** * Get the negotiated DTLS-SRTP algorithm (RFC 5764) */ - u16bit dtls_srtp_profile() const { return m_properties.get_srtp_profile(); } + u16bit dtls_srtp_profile() const { return m_srtp_profile; } bool supports_extended_master_secret() const { return m_extended_master_secret; } @@ -249,7 +177,7 @@ class BOTAN_DLL Session */ const std::vector<byte>& session_ticket() const { return m_session_ticket; } - const Server_Information& server_info() const { return m_properties.get_server_info(); } + const Server_Information& server_info() const { return m_server_info; } private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20160103 }; @@ -260,10 +188,16 @@ class BOTAN_DLL Session std::vector<byte> m_session_ticket; // only used by client side secure_vector<byte> m_master_secret; + Protocol_Version m_version; + u16bit m_ciphersuite; + byte m_compression_method; Connection_Side m_connection_side; + u16bit m_srtp_profile; bool m_extended_master_secret; + std::vector<X509_Certificate> m_peer_certs; - Properties m_properties; + Server_Information m_server_info; // optional + std::string m_srp_identifier; // optional }; } diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 919c3c950..150ed2794 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -244,10 +244,9 @@ Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version, creds, policy, rng, - Botan::TLS::Client::Properties( - Botan::TLS::Server_Information("server.example.com"), - offer_version, - protocols_offered))); + Botan::TLS::Server_Information("server.example.com"), + offer_version, + protocols_offered)); size_t rounds = 0; @@ -511,10 +510,9 @@ Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version, creds, policy, rng, - Botan::TLS::Client::Properties( - Botan::TLS::Server_Information("server.example.com"), - offer_version, - protocols_offered))); + Botan::TLS::Server_Information("server.example.com"), + offer_version, + protocols_offered)); size_t rounds = 0; |