aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/examples/asio_tls_server.cpp20
-rw-r--r--doc/examples/tls_client.cpp17
-rw-r--r--doc/examples/tls_server.cpp16
-rw-r--r--src/tls/c_hello.cpp22
-rw-r--r--src/tls/c_kex.cpp8
-rw-r--r--src/tls/cert_req.cpp10
-rw-r--r--src/tls/cert_ver.cpp8
-rw-r--r--src/tls/finished.cpp12
-rw-r--r--src/tls/next_protocol.cpp6
-rw-r--r--src/tls/rec_read.cpp6
-rw-r--r--src/tls/rec_wri.cpp6
-rw-r--r--src/tls/s_hello.cpp18
-rw-r--r--src/tls/s_kex.cpp8
-rw-r--r--src/tls/tls_alerts.h4
-rw-r--r--src/tls/tls_channel.cpp26
-rw-r--r--src/tls/tls_channel.h16
-rw-r--r--src/tls/tls_client.cpp38
-rw-r--r--src/tls/tls_client.h18
-rw-r--r--src/tls/tls_exceptn.h4
-rw-r--r--src/tls/tls_extensions.cpp22
-rw-r--r--src/tls/tls_extensions.h72
-rw-r--r--src/tls/tls_handshake_hash.cpp10
-rw-r--r--src/tls/tls_handshake_hash.h6
-rw-r--r--src/tls/tls_handshake_state.cpp18
-rw-r--r--src/tls/tls_handshake_state.h14
-rw-r--r--src/tls/tls_magic.h6
-rw-r--r--src/tls/tls_messages.h46
-rw-r--r--src/tls/tls_policy.cpp30
-rw-r--r--src/tls/tls_policy.h8
-rw-r--r--src/tls/tls_reader.h4
-rw-r--r--src/tls/tls_record.h8
-rw-r--r--src/tls/tls_server.cpp42
-rw-r--r--src/tls/tls_server.h20
-rw-r--r--src/tls/tls_session.cpp10
-rw-r--r--src/tls/tls_session.h12
-rw-r--r--src/tls/tls_session_key.cpp6
-rw-r--r--src/tls/tls_session_key.h6
-rw-r--r--src/tls/tls_session_manager.cpp24
-rw-r--r--src/tls/tls_session_manager.h32
-rw-r--r--src/tls/tls_suites.cpp88
-rw-r--r--src/tls/tls_suites.h12
41 files changed, 456 insertions, 303 deletions
diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp
index 2ff640983..90f4fc20a 100644
--- a/doc/examples/asio_tls_server.cpp
+++ b/doc/examples/asio_tls_server.cpp
@@ -23,9 +23,9 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess
typedef boost::shared_ptr<tls_server_session> pointer;
static pointer create(asio::io_service& io_service,
- Botan::TLS_Session_Manager& session_manager,
+ Botan::TLS::Session_Manager& session_manager,
Botan::Credentials_Manager& credentials,
- Botan::TLS_Policy& policy,
+ Botan::TLS::Policy& policy,
Botan::RandomNumberGenerator& rng)
{
return pointer(
@@ -53,9 +53,9 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess
private:
tls_server_session(asio::io_service& io_service,
- Botan::TLS_Session_Manager& session_manager,
+ Botan::TLS::Session_Manager& session_manager,
Botan::Credentials_Manager& credentials,
- Botan::TLS_Policy& policy,
+ Botan::TLS::Policy& policy,
Botan::RandomNumberGenerator& rng) :
m_socket(io_service),
m_tls(boost::bind(&tls_server_session::tls_output_wanted, this, _1, _2),
@@ -135,7 +135,7 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess
void tls_data_recv(const byte buf[], size_t buf_len, Botan::u16bit alert_info)
{
- if(buf_len == 0 && alert_info != Botan::NULL_ALERT)
+ if(buf_len == 0 && alert_info != Botan::TLS::NULL_ALERT)
{
//printf("Alert: %d\n", alert_info);
if(alert_info == 0)
@@ -164,15 +164,15 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess
}
}
- bool tls_handshake_complete(const Botan::TLS_Session& session)
+ bool tls_handshake_complete(const Botan::TLS::Session& session)
{
return true;
}
tcp::socket m_socket;
- Botan::TLS_Server m_tls;
+ Botan::TLS::Server m_tls;
- unsigned char m_read_buf[Botan::MAX_TLS_RECORD_SIZE];
+ unsigned char m_read_buf[Botan::TLS::MAX_TLS_RECORD_SIZE];
// used to hold the data currently being written by the system
std::vector<byte> m_write_buf;
@@ -215,7 +215,7 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager
std::map<Botan::X509_Certificate, Botan::Private_Key*> certs_and_keys;
};
-class Server_TLS_Policy : public Botan::TLS_Policy
+class Server_TLS_Policy : public Botan::TLS::Policy
{
public:
//bool require_client_auth() const { return true; }
@@ -289,7 +289,7 @@ class tls_server
tcp::acceptor m_acceptor;
Botan::AutoSeeded_RNG m_rng;
- Botan::TLS_Session_Manager_In_Memory m_session_manager;
+ Botan::TLS::Session_Manager_In_Memory m_session_manager;
Server_TLS_Policy m_policy;
Credentials_Manager_Simple m_creds;
};
diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp
index 42fecaf37..3d4dd38b7 100644
--- a/doc/examples/tls_client.cpp
+++ b/doc/examples/tls_client.cpp
@@ -20,7 +20,7 @@ using namespace Botan;
using namespace std::tr1::placeholders;
-class Client_TLS_Policy : public TLS_Policy
+class Client_TLS_Policy : public TLS::Policy
{
public:
//Version_Code pref_version() const { return TLS_V12; }
@@ -72,11 +72,12 @@ int connect_to_host(const std::string& host, u16bit port)
return fd;
}
-bool handshake_complete(const TLS_Session& session)
+bool handshake_complete(const TLS::Session& session)
{
std::cout << "Handshake complete!\n";
std::cout << "Protocol version " << (int)session.major_version()
<< "." << (int)session.minor_version() << "\n";
+ std::cout << "Ciphersuite " << std::hex << session.ciphersuite() << "\n";
std::cout << "Session ID " << hex_encode(session.session_id()) << "\n";
return true;
@@ -108,7 +109,7 @@ bool got_alert = false;
void process_data(const byte buf[], size_t buf_size, u16bit alert_info)
{
- if(alert_info != NULL_ALERT)
+ if(alert_info != TLS::NULL_ALERT)
{
std::cout << "Alert: " << alert_info << "\n";
got_alert = true;
@@ -128,15 +129,15 @@ std::string protocol_chooser(const std::vector<std::string>& protocols)
}
void doit(RandomNumberGenerator& rng,
- TLS_Policy& policy,
- TLS_Session_Manager& session_manager,
+ TLS::Policy& policy,
+ TLS::Session_Manager& session_manager,
Credentials_Manager& creds,
const std::string& host,
u16bit port)
{
int sockfd = connect_to_host(host, port);
- TLS_Client client(std::tr1::bind(socket_write, sockfd, _1, _2),
+ TLS::Client client(std::tr1::bind(socket_write, sockfd, _1, _2),
process_data,
handshake_complete,
session_manager,
@@ -180,7 +181,7 @@ void doit(RandomNumberGenerator& rng,
}
const size_t needed = client.received_data(buf, got);
- std::cout << "Socket - got " << got << " bytes, need " << needed << "\n";
+ //std::cout << "Socket - got " << got << " bytes, need " << needed << "\n";
}
else if(FD_ISSET(STDIN_FILENO, &readfds))
{
@@ -251,7 +252,7 @@ int main(int argc, char* argv[])
LibraryInitializer botan_init;
AutoSeeded_RNG rng;
Client_TLS_Policy policy;
- TLS_Session_Manager_In_Memory session_manager;
+ TLS::Session_Manager_In_Memory session_manager;
Credentials_Manager_Simple creds(rng);
diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp
index 2dbfb4aeb..6f986c7a1 100644
--- a/doc/examples/tls_server.cpp
+++ b/doc/examples/tls_server.cpp
@@ -52,7 +52,7 @@ class Credentials_Manager_Simple : public Credentials_Manager
std::map<X509_Certificate, Private_Key*> certs_and_keys;
};
-bool handshake_complete(const TLS_Session& session)
+bool handshake_complete(const TLS::Session& session)
{
printf("Handshake complete, protocol=%04X ciphersuite=%04X compression=%d\n",
session.version(), session.ciphersuite(),
@@ -69,9 +69,9 @@ class Blocking_TLS_Server
Blocking_TLS_Server(std::tr1::function<void (const byte[], size_t)> output_fn,
std::tr1::function<size_t (byte[], size_t)> input_fn,
std::vector<std::string>& protocols,
- TLS_Session_Manager& sessions,
+ TLS::Session_Manager& sessions,
Credentials_Manager& creds,
- TLS_Policy& policy,
+ TLS::Policy& policy,
RandomNumberGenerator& rng) :
input_fn(input_fn),
server(
@@ -109,7 +109,7 @@ class Blocking_TLS_Server
bool is_active() const { return server.is_active(); }
- TLS_Server& underlying() { return server; }
+ TLS::Server& underlying() { return server; }
private:
void read_loop(size_t init_desired = 0)
{
@@ -135,7 +135,7 @@ class Blocking_TLS_Server
void reader_fn(const byte buf[], size_t buf_len, u16bit alert_code)
{
- if(buf_len == 0 && alert_code != NULL_ALERT)
+ if(buf_len == 0 && alert_code != TLS::NULL_ALERT)
{
printf("Alert: %d\n", alert_code);
//exit = true;
@@ -153,12 +153,12 @@ class Blocking_TLS_Server
}
std::tr1::function<size_t (byte[], size_t)> input_fn;
- TLS_Server server;
+ TLS::Server server;
SecureQueue read_queue;
bool exit;
};
-class Server_TLS_Policy : public TLS_Policy
+class Server_TLS_Policy : public TLS::Policy
{
public:
//bool require_client_auth() const { return true; }
@@ -194,7 +194,7 @@ int main(int argc, char* argv[])
Server_TLS_Policy policy;
- TLS_Session_Manager_In_Memory sessions;
+ TLS::Session_Manager_In_Memory sessions;
Credentials_Manager_Simple creds(rng);
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp
index 2d94de462..4fdadd455 100644
--- a/src/tls/c_hello.cpp
+++ b/src/tls/c_hello.cpp
@@ -15,6 +15,8 @@
namespace Botan {
+namespace TLS {
+
MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng)
{
MemoryVector<byte> buf(32);
@@ -27,7 +29,7 @@ MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng)
/*
* Encode and send a Handshake message
*/
-void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) const
+void Handshake_Message::send(Record_Writer& writer, Handshake_Hash& hash) const
{
MemoryVector<byte> buf = serialize();
MemoryVector<byte> send_buf(4);
@@ -51,7 +53,7 @@ void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) co
*/
Hello_Request::Hello_Request(Record_Writer& writer)
{
- TLS_Handshake_Hash dummy; // FIXME: *UGLY*
+ Handshake_Hash dummy; // FIXME: *UGLY*
send(writer, dummy);
}
@@ -76,8 +78,8 @@ MemoryVector<byte> Hello_Request::serialize() const
* Create a new Client Hello message
*/
Client_Hello::Client_Hello(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
- const TLS_Policy& policy,
+ Handshake_Hash& hash,
+ const Policy& policy,
RandomNumberGenerator& rng,
const MemoryRegion<byte>& reneg_info,
bool next_protocol,
@@ -108,9 +110,9 @@ Client_Hello::Client_Hello(Record_Writer& writer,
* Create a new Client Hello message
*/
Client_Hello::Client_Hello(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
RandomNumberGenerator& rng,
- const TLS_Session& session,
+ const Session& session,
bool next_protocol) :
m_version(session.version()),
m_session_id(session.session_id()),
@@ -163,7 +165,7 @@ MemoryVector<byte> Client_Hello::serialize() const
* send that extension.
*/
- TLS_Extensions extensions;
+ Extensions extensions;
// Initial handshake
if(m_renegotiation_info.empty())
@@ -249,7 +251,7 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf)
m_comp_methods = reader.get_range_vector<byte>(1, 1, 255);
- TLS_Extensions extensions(reader);
+ Extensions extensions(reader);
if(Server_Name_Indicator* sni = extensions.get<Server_Name_Indicator>())
{
@@ -276,7 +278,7 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf)
if(Renegotation_Extension* reneg = extensions.get<Renegotation_Extension>())
{
- // checked by TLS_Client / TLS_Server as they know the handshake state
+ // checked by Client / Server as they know the handshake state
m_secure_renegotiation = true;
m_renegotiation_info = reneg->renegotiation_info();
}
@@ -346,3 +348,5 @@ bool Client_Hello::offered_suite(u16bit ciphersuite) const
}
}
+
+}
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp
index 63ba6fcb7..de8f54fbe 100644
--- a/src/tls/c_kex.cpp
+++ b/src/tls/c_kex.cpp
@@ -16,6 +16,8 @@
namespace Botan {
+namespace TLS {
+
namespace {
SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input)
@@ -40,7 +42,7 @@ SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input)
* Create a new Client Key Exchange message
*/
Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer,
- TLS_Handshake_State* state,
+ Handshake_State* state,
const std::vector<X509_Certificate>& peer_certs,
RandomNumberGenerator& rng)
{
@@ -113,7 +115,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer,
* Read a Client Key Exchange message
*/
Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents,
- const TLS_Ciphersuite& suite,
+ const Ciphersuite& suite,
Version_Code using_version)
{
include_length = true;
@@ -199,3 +201,5 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng,
}
}
+
+}
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp
index 7fbe2a809..d5a73f64e 100644
--- a/src/tls/cert_req.cpp
+++ b/src/tls/cert_req.cpp
@@ -17,12 +17,14 @@
namespace Botan {
+namespace TLS {
+
/**
* Create a new Certificate Request message
*/
Certificate_Req::Certificate_Req(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
- const TLS_Policy& policy,
+ Handshake_Hash& hash,
+ const Policy& policy,
const std::vector<X509_Certificate>& ca_certs,
Version_Code version)
{
@@ -125,7 +127,7 @@ MemoryVector<byte> Certificate_Req::serialize() const
* Create a new Certificate message
*/
Certificate::Certificate(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
const std::vector<X509_Certificate>& cert_list)
{
certs = cert_list;
@@ -190,3 +192,5 @@ MemoryVector<byte> Certificate::serialize() const
}
}
+
+}
diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp
index f11ae4dcc..923cdbb42 100644
--- a/src/tls/cert_ver.cpp
+++ b/src/tls/cert_ver.cpp
@@ -13,11 +13,13 @@
namespace Botan {
+namespace TLS {
+
/*
* Create a new Certificate Verify message
*/
Certificate_Verify::Certificate_Verify(Record_Writer& writer,
- TLS_Handshake_State* state,
+ Handshake_State* state,
RandomNumberGenerator& rng,
const Private_Key* priv_key)
{
@@ -88,7 +90,7 @@ MemoryVector<byte> Certificate_Verify::serialize() const
* Verify a Certificate Verify message
*/
bool Certificate_Verify::verify(const X509_Certificate& cert,
- TLS_Handshake_State* state)
+ Handshake_State* state)
{
std::auto_ptr<Public_Key> key(cert.subject_public_key());
@@ -110,3 +112,5 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
}
}
+
+}
diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp
index ecb7c315a..f7f8a7eb8 100644
--- a/src/tls/finished.cpp
+++ b/src/tls/finished.cpp
@@ -15,6 +15,8 @@
namespace Botan {
+namespace TLS {
+
namespace {
KDF* choose_tls_prf(Version_Code version)
@@ -31,7 +33,7 @@ KDF* choose_tls_prf(Version_Code version)
/*
* Compute the verify_data
*/
-MemoryVector<byte> finished_compute_verify(TLS_Handshake_State* state,
+MemoryVector<byte> finished_compute_verify(Handshake_State* state,
Connection_Side side)
{
if(state->version == SSL_V3)
@@ -39,7 +41,7 @@ MemoryVector<byte> finished_compute_verify(TLS_Handshake_State* state,
const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 };
const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 };
- TLS_Handshake_Hash hash = state->hash; // don't modify state
+ Handshake_Hash hash = state->hash; // don't modify state
MemoryVector<byte> ssl3_finished;
@@ -80,7 +82,7 @@ MemoryVector<byte> finished_compute_verify(TLS_Handshake_State* state,
* Create a new Finished message
*/
Finished::Finished(Record_Writer& writer,
- TLS_Handshake_State* state,
+ Handshake_State* state,
Connection_Side side)
{
verification_data = finished_compute_verify(state, side);
@@ -106,10 +108,12 @@ Finished::Finished(const MemoryRegion<byte>& buf)
/*
* Verify a Finished message
*/
-bool Finished::verify(TLS_Handshake_State* state,
+bool Finished::verify(Handshake_State* state,
Connection_Side side)
{
return (verification_data == finished_compute_verify(state, side));
}
}
+
+}
diff --git a/src/tls/next_protocol.cpp b/src/tls/next_protocol.cpp
index a0d4278f1..97b072440 100644
--- a/src/tls/next_protocol.cpp
+++ b/src/tls/next_protocol.cpp
@@ -11,8 +11,10 @@
namespace Botan {
+namespace TLS {
+
Next_Protocol::Next_Protocol(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
const std::string& protocol) :
m_protocol(protocol)
{
@@ -48,3 +50,5 @@ MemoryVector<byte> Next_Protocol::serialize() const
}
}
+
+}
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp
index d3666abf6..4db50262d 100644
--- a/src/tls/rec_read.cpp
+++ b/src/tls/rec_read.cpp
@@ -14,6 +14,8 @@
namespace Botan {
+namespace TLS {
+
Record_Reader::Record_Reader() :
m_readbuf(TLS_HEADER_SIZE + MAX_CIPHERTEXT_SIZE),
m_mac(0)
@@ -64,7 +66,7 @@ void Record_Reader::set_version(Version_Code version)
/*
* Set the keys for reading
*/
-void Record_Reader::activate(const TLS_Ciphersuite& suite,
+void Record_Reader::activate(const Ciphersuite& suite,
const Session_Keys& keys,
Connection_Side side)
{
@@ -336,3 +338,5 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
}
}
+
+}
diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp
index 7f8b4445b..139d84c50 100644
--- a/src/tls/rec_wri.cpp
+++ b/src/tls/rec_wri.cpp
@@ -16,6 +16,8 @@
namespace Botan {
+namespace TLS {
+
/*
* Record_Writer Constructor
*/
@@ -67,7 +69,7 @@ void Record_Writer::set_version(Version_Code version)
/*
* Set the keys for writing
*/
-void Record_Writer::activate(const TLS_Ciphersuite& suite,
+void Record_Writer::activate(const Ciphersuite& suite,
const Session_Keys& keys,
Connection_Side side)
{
@@ -284,3 +286,5 @@ void Record_Writer::alert(Alert_Level level, Alert_Type type)
}
}
+
+}
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp
index e6aff94e3..9e61f62af 100644
--- a/src/tls/s_hello.cpp
+++ b/src/tls/s_hello.cpp
@@ -14,15 +14,17 @@
namespace Botan {
+namespace TLS {
+
/*
* Create a new Server Hello message
*/
Server_Hello::Server_Hello(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
Version_Code version,
const Client_Hello& c_hello,
const std::vector<X509_Certificate>& certs,
- const TLS_Policy& policy,
+ const Policy& policy,
bool client_has_secure_renegotiation,
const MemoryRegion<byte>& reneg_info,
bool client_has_npn,
@@ -64,7 +66,7 @@ Server_Hello::Server_Hello(Record_Writer& writer,
* Create a new Server Hello message
*/
Server_Hello::Server_Hello(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
const MemoryRegion<byte>& session_id,
Version_Code ver,
u16bit ciphersuite,
@@ -121,11 +123,11 @@ Server_Hello::Server_Hello(const MemoryRegion<byte>& buf)
comp_method = reader.get_byte();
- TLS_Extensions extensions(reader);
+ Extensions extensions(reader);
if(Renegotation_Extension* reneg = extensions.get<Renegotation_Extension>())
{
- // checked by TLS_Client / TLS_Server as they know the handshake state
+ // checked by Client / Server as they know the handshake state
m_secure_renegotiation = true;
m_renegotiation_info = reneg->renegotiation_info();
}
@@ -155,7 +157,7 @@ MemoryVector<byte> Server_Hello::serialize() const
buf.push_back(comp_method);
- TLS_Extensions extensions;
+ Extensions extensions;
if(m_secure_renegotiation)
extensions.add(new Renegotation_Extension(m_renegotiation_info));
@@ -175,7 +177,7 @@ MemoryVector<byte> Server_Hello::serialize() const
* Create a new Server Hello Done message
*/
Server_Hello_Done::Server_Hello_Done(Record_Writer& writer,
- TLS_Handshake_Hash& hash)
+ Handshake_Hash& hash)
{
send(writer, hash);
}
@@ -198,3 +200,5 @@ MemoryVector<byte> Server_Hello_Done::serialize() const
}
}
+
+}
diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp
index bbad6fd83..359ef6f4a 100644
--- a/src/tls/s_kex.cpp
+++ b/src/tls/s_kex.cpp
@@ -15,11 +15,13 @@
namespace Botan {
+namespace TLS {
+
/**
* Create a new Server Key Exchange message
*/
Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer,
- TLS_Handshake_State* state,
+ Handshake_State* state,
RandomNumberGenerator& rng,
const Private_Key* private_key)
{
@@ -121,7 +123,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf,
* Verify a Server Key Exchange message
*/
bool Server_Key_Exchange::verify(const X509_Certificate& cert,
- TLS_Handshake_State* state) const
+ Handshake_State* state) const
{
std::auto_ptr<Public_Key> key(cert.subject_public_key());
@@ -138,3 +140,5 @@ bool Server_Key_Exchange::verify(const X509_Certificate& cert,
}
}
+
+}
diff --git a/src/tls/tls_alerts.h b/src/tls/tls_alerts.h
index 0634d6763..2ccb1ad79 100644
--- a/src/tls/tls_alerts.h
+++ b/src/tls/tls_alerts.h
@@ -12,6 +12,8 @@
namespace Botan {
+namespace TLS {
+
/**
* SSL/TLS Alert Message
*/
@@ -57,4 +59,6 @@ class Alert
}
+}
+
#endif
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index a1e9fd8cd..a3ff69d87 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -14,9 +14,11 @@
namespace Botan {
-TLS_Channel::TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
+namespace TLS {
+
+Channel::Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<bool (const TLS_Session&)> handshake_complete) :
+ std::tr1::function<bool (const Session&)> handshake_complete) :
proc_fn(proc_fn),
handshake_fn(handshake_complete),
writer(socket_output_fn),
@@ -26,13 +28,13 @@ TLS_Channel::TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_
{
}
-TLS_Channel::~TLS_Channel()
+Channel::~Channel()
{
delete state;
state = 0;
}
-size_t TLS_Channel::received_data(const byte buf[], size_t buf_size)
+size_t Channel::received_data(const byte buf[], size_t buf_size)
{
try
{
@@ -130,13 +132,13 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size)
/*
* Split up and process handshake messages
*/
-void TLS_Channel::read_handshake(byte rec_type,
+void Channel::read_handshake(byte rec_type,
const MemoryRegion<byte>& rec_buf)
{
if(rec_type == HANDSHAKE)
{
if(!state)
- state = new TLS_Handshake_State;
+ state = new Handshake_State;
state->queue.write(&rec_buf[0], rec_buf.size());
}
@@ -183,7 +185,7 @@ void TLS_Channel::read_handshake(byte rec_type,
}
}
-void TLS_Channel::send(const byte buf[], size_t buf_size)
+void Channel::send(const byte buf[], size_t buf_size)
{
if(!is_active())
throw std::runtime_error("Data cannot be sent on inactive TLS connection");
@@ -191,7 +193,7 @@ void TLS_Channel::send(const byte buf[], size_t buf_size)
writer.send(APPLICATION_DATA, buf, buf_size);
}
-void TLS_Channel::alert(Alert_Level alert_level, Alert_Type alert_code)
+void Channel::alert(Alert_Level alert_level, Alert_Type alert_code)
{
if(alert_code != NULL_ALERT && !connection_closed)
{
@@ -214,7 +216,7 @@ void TLS_Channel::alert(Alert_Level alert_level, Alert_Type alert_code)
}
}
-void TLS_Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello)
+void Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello)
{
if(initial_handshake)
{
@@ -246,7 +248,7 @@ void TLS_Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello)
}
}
-void TLS_Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello)
+void Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello)
{
if(initial_handshake)
{
@@ -283,7 +285,7 @@ void TLS_Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello)
initial_handshake = false;
}
-void TLS_Channel::Secure_Renegotiation_State::update(Finished* client_finished,
+void Channel::Secure_Renegotiation_State::update(Finished* client_finished,
Finished* server_finished)
{
client_verify = client_finished->verify_data();
@@ -291,3 +293,5 @@ void TLS_Channel::Secure_Renegotiation_State::update(Finished* client_finished,
}
}
+
+}
diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h
index 2b4e6d161..6021b65b2 100644
--- a/src/tls/tls_channel.h
+++ b/src/tls/tls_channel.h
@@ -16,10 +16,12 @@
namespace Botan {
+namespace TLS {
+
/**
* Generic interface for TLS endpoint
*/
-class BOTAN_DLL TLS_Channel
+class BOTAN_DLL Channel
{
public:
/**
@@ -59,11 +61,11 @@ class BOTAN_DLL TLS_Channel
*/
std::vector<X509_Certificate> peer_cert_chain() const { return peer_certs; }
- TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
+ Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<bool (const TLS_Session&)> handshake_complete);
+ std::tr1::function<bool (const Session&)> handshake_complete);
- virtual ~TLS_Channel();
+ virtual ~Channel();
protected:
/**
@@ -83,14 +85,14 @@ class BOTAN_DLL TLS_Channel
virtual void alert_notify(bool fatal_alert, Alert_Type type) = 0;
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn;
- std::tr1::function<bool (const TLS_Session&)> handshake_fn;
+ std::tr1::function<bool (const Session&)> handshake_fn;
Record_Writer writer;
Record_Reader reader;
std::vector<X509_Certificate> peer_certs;
- class TLS_Handshake_State* state;
+ class Handshake_State* state;
class Secure_Renegotiation_State
{
@@ -131,4 +133,6 @@ class BOTAN_DLL TLS_Channel
}
+}
+
#endif
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 48f0aec16..d1b31f137 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -13,19 +13,21 @@
namespace Botan {
+namespace TLS {
+
/*
* TLS Client Constructor
*/
-TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn,
+Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<bool (const TLS_Session&)> handshake_fn,
- TLS_Session_Manager& session_manager,
+ std::tr1::function<bool (const Session&)> handshake_fn,
+ Session_Manager& session_manager,
Credentials_Manager& creds,
- const TLS_Policy& policy,
+ const Policy& policy,
RandomNumberGenerator& rng,
const std::string& hostname,
std::tr1::function<std::string (std::vector<std::string>)> next_protocol) :
- TLS_Channel(output_fn, proc_fn, handshake_fn),
+ Channel(output_fn, proc_fn, handshake_fn),
policy(policy),
rng(rng),
session_manager(session_manager),
@@ -33,7 +35,7 @@ TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn
{
writer.set_version(SSL_V3);
- state = new TLS_Handshake_State;
+ state = new Handshake_State;
state->set_expected_next(SERVER_HELLO);
state->client_npn_cb = next_protocol;
@@ -44,7 +46,7 @@ TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn
if(hostname != "")
{
- TLS_Session session_info;
+ Session session_info;
if(session_manager.load_from_host_info(hostname, 0, session_info))
{
if(session_info.srp_identifier() == srp_identifier)
@@ -80,12 +82,12 @@ TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn
/*
* Send a new client hello to renegotiate
*/
-void TLS_Client::renegotiate()
+void Client::renegotiate()
{
if(state)
return; // currently in handshake
- state = new TLS_Handshake_State;
+ state = new Handshake_State;
state->set_expected_next(SERVER_HELLO);
state->client_hello = new Client_Hello(writer, state->hash, policy, rng,
@@ -94,7 +96,7 @@ void TLS_Client::renegotiate()
secure_renegotiation.update(state->client_hello);
}
-void TLS_Client::alert_notify(bool, Alert_Type type)
+void Client::alert_notify(bool, Alert_Type type)
{
if(type == NO_RENEGOTIATION)
{
@@ -109,7 +111,7 @@ void TLS_Client::alert_notify(bool, Alert_Type type)
/*
* Process a handshake message
*/
-void TLS_Client::process_handshake_msg(Handshake_Type type,
+void Client::process_handshake_msg(Handshake_Type type,
const MemoryRegion<byte>& contents)
{
if(state == 0)
@@ -178,7 +180,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
secure_renegotiation.update(state->server_hello);
- state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite());
+ state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite());
if(!state->server_hello->session_id().empty() &&
(state->server_hello->session_id() == state->client_hello->session_id()))
@@ -206,13 +208,13 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
if(state->version > state->client_hello->version())
{
throw TLS_Exception(HANDSHAKE_FAILURE,
- "TLS_Client: Server replied with bad version");
+ "Client: Server replied with bad version");
}
if(state->version < policy.min_version())
{
throw TLS_Exception(PROTOCOL_VERSION,
- "TLS_Client: Server is too old for specified policy");
+ "Client: Server is too old for specified policy");
}
if(state->suite.sig_algo() != "")
@@ -247,11 +249,11 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
peer_certs = state->server_certs->cert_chain();
if(peer_certs.size() == 0)
throw TLS_Exception(HANDSHAKE_FAILURE,
- "TLS_Client: No certificates sent by server");
+ "Client: No certificates sent by server");
if(!policy.check_cert(peer_certs))
throw TLS_Exception(BAD_CERTIFICATE,
- "TLS_Client: Server certificate is not valid");
+ "Client: Server certificate is not valid");
std::auto_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key());
@@ -368,7 +370,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
state->client_finished = new Finished(writer, state, CLIENT);
}
- TLS_Session session_info(
+ Session session_info(
state->server_hello->session_id(),
state->keys.master_secret(),
state->server_hello->version(),
@@ -398,3 +400,5 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
}
}
+
+}
diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h
index 95b5c8f61..d67a14b75 100644
--- a/src/tls/tls_client.h
+++ b/src/tls/tls_client.h
@@ -15,10 +15,12 @@
namespace Botan {
+namespace TLS {
+
/**
* SSL/TLS Client
*/
-class BOTAN_DLL TLS_Client : public TLS_Channel
+class BOTAN_DLL Client : public Channel
{
public:
/**
@@ -40,12 +42,12 @@ class BOTAN_DLL TLS_Client : public TLS_Channel
* called with the list of protocols the server advertised;
* the client should return the protocol it would like to use.
*/
- TLS_Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
+ Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<bool (const TLS_Session&)> handshake_complete,
- TLS_Session_Manager& session_manager,
+ std::tr1::function<bool (const Session&)> handshake_complete,
+ Session_Manager& session_manager,
Credentials_Manager& creds,
- const TLS_Policy& policy,
+ const Policy& policy,
RandomNumberGenerator& rng,
const std::string& servername = "",
std::tr1::function<std::string (std::vector<std::string>)> next_protocol =
@@ -58,12 +60,14 @@ class BOTAN_DLL TLS_Client : public TLS_Channel
void alert_notify(bool is_fatal, Alert_Type type);
- const TLS_Policy& policy;
+ const Policy& policy;
RandomNumberGenerator& rng;
- TLS_Session_Manager& session_manager;
+ Session_Manager& session_manager;
Credentials_Manager& creds;
};
}
+}
+
#endif
diff --git a/src/tls/tls_exceptn.h b/src/tls/tls_exceptn.h
index 37b9c0d27..f29f008be 100644
--- a/src/tls/tls_exceptn.h
+++ b/src/tls/tls_exceptn.h
@@ -13,6 +13,8 @@
namespace Botan {
+namespace TLS {
+
/**
* Exception Base Class
*/
@@ -40,4 +42,6 @@ struct BOTAN_DLL Unexpected_Message : public TLS_Exception
}
+}
+
#endif
diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp
index 570c7161c..631095c1e 100644
--- a/src/tls/tls_extensions.cpp
+++ b/src/tls/tls_extensions.cpp
@@ -11,11 +11,13 @@
namespace Botan {
+namespace TLS {
+
namespace {
-TLS_Extension* make_extension(TLS_Data_Reader& reader,
- u16bit code,
- u16bit size)
+Extension* make_extension(TLS_Data_Reader& reader,
+ u16bit code,
+ u16bit size)
{
switch(code)
{
@@ -47,7 +49,7 @@ TLS_Extension* make_extension(TLS_Data_Reader& reader,
}
-TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader)
+Extensions::Extensions(TLS_Data_Reader& reader)
{
if(reader.has_remaining())
{
@@ -61,7 +63,7 @@ TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader)
const u16bit extension_code = reader.get_u16bit();
const u16bit extension_size = reader.get_u16bit();
- TLS_Extension* extn = make_extension(reader,
+ Extension* extn = make_extension(reader,
extension_code,
extension_size);
@@ -73,11 +75,11 @@ TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader)
}
}
-MemoryVector<byte> TLS_Extensions::serialize() const
+MemoryVector<byte> Extensions::serialize() const
{
MemoryVector<byte> buf(2); // 2 bytes for length field
- for(std::map<TLS_Handshake_Extension_Type, TLS_Extension*>::const_iterator i = extensions.begin();
+ for(std::map<Handshake_Extension_Type, Extension*>::const_iterator i = extensions.begin();
i != extensions.end(); ++i)
{
if(i->second->empty())
@@ -108,9 +110,9 @@ MemoryVector<byte> TLS_Extensions::serialize() const
return buf;
}
-TLS_Extensions::~TLS_Extensions()
+Extensions::~Extensions()
{
- for(std::map<TLS_Handshake_Extension_Type, TLS_Extension*>::const_iterator i = extensions.begin();
+ for(std::map<Handshake_Extension_Type, Extension*>::const_iterator i = extensions.begin();
i != extensions.end(); ++i)
{
delete i->second;
@@ -516,3 +518,5 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader,
}
}
+
+}
diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h
index d0aee6d04..7f9321331 100644
--- a/src/tls/tls_extensions.h
+++ b/src/tls/tls_extensions.h
@@ -16,33 +16,35 @@
namespace Botan {
+namespace TLS {
+
class TLS_Data_Reader;
/**
* Base class representing a TLS extension of some kind
*/
-class TLS_Extension
+class Extension
{
public:
- virtual TLS_Handshake_Extension_Type type() const = 0;
+ virtual Handshake_Extension_Type type() const = 0;
virtual MemoryVector<byte> serialize() const = 0;
virtual bool empty() const = 0;
- virtual ~TLS_Extension() {}
+ virtual ~Extension() {}
};
/**
* Server Name Indicator extension (RFC 3546)
*/
-class Server_Name_Indicator : public TLS_Extension
+class Server_Name_Indicator : public Extension
{
public:
- static TLS_Handshake_Extension_Type static_type()
+ static Handshake_Extension_Type static_type()
{ return TLSEXT_SERVER_NAME_INDICATION; }
- TLS_Handshake_Extension_Type type() const { return static_type(); }
+ Handshake_Extension_Type type() const { return static_type(); }
Server_Name_Indicator(const std::string& host_name) :
sni_host_name(host_name) {}
@@ -62,13 +64,13 @@ class Server_Name_Indicator : public TLS_Extension
/**
* SRP identifier extension (RFC 5054)
*/
-class SRP_Identifier : public TLS_Extension
+class SRP_Identifier : public Extension
{
public:
- static TLS_Handshake_Extension_Type static_type()
+ static Handshake_Extension_Type static_type()
{ return TLSEXT_SRP_IDENTIFIER; }
- TLS_Handshake_Extension_Type type() const { return static_type(); }
+ Handshake_Extension_Type type() const { return static_type(); }
SRP_Identifier(const std::string& identifier) :
srp_identifier(identifier) {}
@@ -88,13 +90,13 @@ class SRP_Identifier : public TLS_Extension
/**
* Renegotiation Indication Extension (RFC 5746)
*/
-class Renegotation_Extension : public TLS_Extension
+class Renegotation_Extension : public Extension
{
public:
- static TLS_Handshake_Extension_Type static_type()
+ static Handshake_Extension_Type static_type()
{ return TLSEXT_SAFE_RENEGOTIATION; }
- TLS_Handshake_Extension_Type type() const { return static_type(); }
+ Handshake_Extension_Type type() const { return static_type(); }
Renegotation_Extension() {}
@@ -117,13 +119,13 @@ class Renegotation_Extension : public TLS_Extension
/**
* Maximum Fragment Length Negotiation Extension (RFC 4366 sec 3.2)
*/
-class Maximum_Fragment_Length : public TLS_Extension
+class Maximum_Fragment_Length : public Extension
{
public:
- static TLS_Handshake_Extension_Type static_type()
+ static Handshake_Extension_Type static_type()
{ return TLSEXT_MAX_FRAGMENT_LENGTH; }
- TLS_Handshake_Extension_Type type() const { return static_type(); }
+ Handshake_Extension_Type type() const { return static_type(); }
bool empty() const { return val != 0; }
@@ -156,13 +158,13 @@ class Maximum_Fragment_Length : public TLS_Extension
* spec (implemented in Chromium); the internet draft leaves the format
* unspecified.
*/
-class Next_Protocol_Notification : public TLS_Extension
+class Next_Protocol_Notification : public Extension
{
public:
- static TLS_Handshake_Extension_Type static_type()
+ static Handshake_Extension_Type static_type()
{ return TLSEXT_NEXT_PROTOCOL; }
- TLS_Handshake_Extension_Type type() const { return static_type(); }
+ Handshake_Extension_Type type() const { return static_type(); }
const std::vector<std::string>& protocols() const
{ return m_protocols; }
@@ -191,13 +193,13 @@ class Next_Protocol_Notification : public TLS_Extension
/**
* Supported Elliptic Curves Extension (RFC 4492)
*/
-class Supported_Elliptic_Curves : public TLS_Extension
+class Supported_Elliptic_Curves : public Extension
{
public:
- static TLS_Handshake_Extension_Type static_type()
+ static Handshake_Extension_Type static_type()
{ return TLSEXT_USABLE_ELLIPTIC_CURVES; }
- TLS_Handshake_Extension_Type type() const { return static_type(); }
+ Handshake_Extension_Type type() const { return static_type(); }
const std::vector<std::string>& curves() const { return m_curves; }
@@ -216,13 +218,13 @@ class Supported_Elliptic_Curves : public TLS_Extension
/**
* Signature Algorithms Extension for TLS 1.2 (RFC 5246)
*/
-class Signature_Algorithms : public TLS_Extension
+class Signature_Algorithms : public Extension
{
public:
- static TLS_Handshake_Extension_Type static_type()
+ static Handshake_Extension_Type static_type()
{ return TLSEXT_SIGNATURE_ALGORITHMS; }
- TLS_Handshake_Extension_Type type() const { return static_type(); }
+ Handshake_Extension_Type type() const { return static_type(); }
static std::string hash_algo_name(byte code);
static byte hash_algo_code(const std::string& name);
@@ -252,15 +254,15 @@ class Signature_Algorithms : public TLS_Extension
/**
* Represents a block of extensions in a hello message
*/
-class TLS_Extensions
+class Extensions
{
public:
template<typename T>
T* get() const
{
- TLS_Handshake_Extension_Type type = T::static_type();
+ Handshake_Extension_Type type = T::static_type();
- std::map<TLS_Handshake_Extension_Type, TLS_Extension*>::const_iterator i =
+ std::map<Handshake_Extension_Type, Extension*>::const_iterator i =
extensions.find(type);
if(i != extensions.end())
@@ -268,7 +270,7 @@ class TLS_Extensions
return 0;
}
- void add(TLS_Extension* extn)
+ void add(Extension* extn)
{
delete extensions[extn->type()]; // or hard error if already exists?
extensions[extn->type()] = extn;
@@ -276,18 +278,20 @@ class TLS_Extensions
MemoryVector<byte> serialize() const;
- TLS_Extensions() {}
+ Extensions() {}
- TLS_Extensions(TLS_Data_Reader& reader); // deserialize
+ Extensions(TLS_Data_Reader& reader); // deserialize
- ~TLS_Extensions();
+ ~Extensions();
private:
- TLS_Extensions(const TLS_Extensions&) {}
- TLS_Extensions& operator=(const TLS_Extensions&) { return (*this); }
+ Extensions(const Extensions&) {}
+ Extensions& operator=(const Extensions&) { return (*this); }
- std::map<TLS_Handshake_Extension_Type, TLS_Extension*> extensions;
+ std::map<Handshake_Extension_Type, Extension*> extensions;
};
}
+}
+
#endif
diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp
index 14d5cd5a1..e521ea342 100644
--- a/src/tls/tls_handshake_hash.cpp
+++ b/src/tls/tls_handshake_hash.cpp
@@ -14,7 +14,9 @@
namespace Botan {
-void TLS_Handshake_Hash::update(Handshake_Type handshake_type,
+namespace TLS {
+
+void Handshake_Hash::update(Handshake_Type handshake_type,
const MemoryRegion<byte>& handshake_msg)
{
update(static_cast<byte>(handshake_type));
@@ -29,7 +31,7 @@ void TLS_Handshake_Hash::update(Handshake_Type handshake_type,
/**
* Return a TLS Handshake Hash
*/
-SecureVector<byte> TLS_Handshake_Hash::final(Version_Code version)
+SecureVector<byte> Handshake_Hash::final(Version_Code version)
{
SecureVector<byte> output;
@@ -61,7 +63,7 @@ SecureVector<byte> TLS_Handshake_Hash::final(Version_Code version)
/**
* Return a SSLv3 Handshake Hash
*/
-SecureVector<byte> TLS_Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret)
+SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret)
{
const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C;
@@ -97,3 +99,5 @@ SecureVector<byte> TLS_Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secr
}
}
+
+}
diff --git a/src/tls/tls_handshake_hash.h b/src/tls/tls_handshake_hash.h
index 1ca11b99f..a6c2b44e1 100644
--- a/src/tls/tls_handshake_hash.h
+++ b/src/tls/tls_handshake_hash.h
@@ -13,12 +13,14 @@
namespace Botan {
+namespace TLS {
+
using namespace Botan;
/**
* TLS Handshake Hash
*/
-class TLS_Handshake_Hash
+class Handshake_Hash
{
public:
void update(const byte in[], size_t length)
@@ -45,4 +47,6 @@ class TLS_Handshake_Hash
}
+}
+
#endif
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 6ad9b630c..5eb44414e 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -11,6 +11,8 @@
namespace Botan {
+namespace TLS {
+
namespace {
u32bit bitmask_for_handshake_type(Handshake_Type type)
@@ -73,7 +75,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type)
/*
* Initialize the SSL/TLS Handshake State
*/
-TLS_Handshake_State::TLS_Handshake_State()
+Handshake_State::Handshake_State()
{
client_hello = 0;
server_hello = 0;
@@ -97,7 +99,7 @@ TLS_Handshake_State::TLS_Handshake_State()
hand_received_mask = 0;
}
-void TLS_Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
+void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
{
const u32bit mask = bitmask_for_handshake_type(handshake_msg);
@@ -117,12 +119,12 @@ void TLS_Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
hand_expecting_mask = 0;
}
-void TLS_Handshake_State::set_expected_next(Handshake_Type handshake_msg)
+void Handshake_State::set_expected_next(Handshake_Type handshake_msg)
{
hand_expecting_mask |= bitmask_for_handshake_type(handshake_msg);
}
-bool TLS_Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const
+bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const
{
const u32bit mask = bitmask_for_handshake_type(handshake_msg);
@@ -130,7 +132,7 @@ bool TLS_Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) c
}
std::pair<std::string, Signature_Format>
-TLS_Handshake_State::choose_sig_format(const Private_Key* key,
+Handshake_State::choose_sig_format(const Private_Key* key,
std::string& hash_algo_out,
std::string& sig_algo_out,
bool for_client_auth)
@@ -182,7 +184,7 @@ TLS_Handshake_State::choose_sig_format(const Private_Key* key,
}
std::pair<std::string, Signature_Format>
-TLS_Handshake_State::understand_sig_format(const Public_Key* key,
+Handshake_State::understand_sig_format(const Public_Key* key,
std::string hash_algo,
std::string sig_algo,
bool for_client_auth)
@@ -247,7 +249,7 @@ TLS_Handshake_State::understand_sig_format(const Public_Key* key,
/*
* Destroy the SSL/TLS Handshake State
*/
-TLS_Handshake_State::~TLS_Handshake_State()
+Handshake_State::~Handshake_State()
{
delete client_hello;
delete server_hello;
@@ -267,3 +269,5 @@ TLS_Handshake_State::~TLS_Handshake_State()
}
}
+
+}
diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h
index 18b289fe1..54e0da892 100644
--- a/src/tls/tls_handshake_state.h
+++ b/src/tls/tls_handshake_state.h
@@ -32,14 +32,16 @@
namespace Botan {
+namespace TLS {
+
/**
* SSL/TLS Handshake State
*/
-class TLS_Handshake_State
+class Handshake_State
{
public:
- TLS_Handshake_State();
- ~TLS_Handshake_State();
+ Handshake_State();
+ ~Handshake_State();
bool received_handshake_msg(Handshake_Type handshake_msg) const;
@@ -78,9 +80,9 @@ class TLS_Handshake_State
Private_Key* kex_priv;
- TLS_Ciphersuite suite;
+ Ciphersuite suite;
Session_Keys keys;
- TLS_Handshake_Hash hash;
+ Handshake_Hash hash;
SecureQueue queue;
@@ -100,4 +102,6 @@ class TLS_Handshake_State
}
+}
+
#endif
diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h
index 3426088bd..09919c26f 100644
--- a/src/tls/tls_magic.h
+++ b/src/tls/tls_magic.h
@@ -10,6 +10,8 @@
namespace Botan {
+namespace TLS {
+
/**
* Protocol Constants for SSL/TLS
*/
@@ -167,7 +169,7 @@ enum Compression_Method {
DEFLATE_COMPRESSION = 0x01
};
-enum TLS_Handshake_Extension_Type {
+enum Handshake_Extension_Type {
TLSEXT_SERVER_NAME_INDICATION = 0,
TLSEXT_MAX_FRAGMENT_LENGTH = 1,
TLSEXT_CLIENT_CERT_URL = 2,
@@ -189,4 +191,6 @@ enum TLS_Handshake_Extension_Type {
}
+}
+
#endif
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index 3579f7828..89eb4af16 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -20,6 +20,8 @@
namespace Botan {
+namespace TLS {
+
class Record_Writer;
class Record_Reader;
@@ -29,7 +31,7 @@ class Record_Reader;
class Handshake_Message
{
public:
- void send(Record_Writer& writer, TLS_Handshake_Hash& hash) const;
+ void send(Record_Writer& writer, Handshake_Hash& hash) const;
virtual Handshake_Type type() const = 0;
@@ -82,8 +84,8 @@ class Client_Hello : public Handshake_Message
size_t fragment_size() const { return m_fragment_size; }
Client_Hello(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
- const TLS_Policy& policy,
+ Handshake_Hash& hash,
+ const Policy& policy,
RandomNumberGenerator& rng,
const MemoryRegion<byte>& reneg_info,
bool next_protocol = false,
@@ -91,9 +93,9 @@ class Client_Hello : public Handshake_Message
const std::string& srp_identifier = "");
Client_Hello(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
RandomNumberGenerator& rng,
- const TLS_Session& resumed_session,
+ const Session& resumed_session,
bool next_protocol = false);
Client_Hello(const MemoryRegion<byte>& buf,
@@ -153,11 +155,11 @@ class Server_Hello : public Handshake_Message
const MemoryVector<byte>& random() const { return s_random; }
Server_Hello(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
Version_Code version,
const Client_Hello& other,
const std::vector<X509_Certificate>& certs,
- const TLS_Policy& policies,
+ const Policy& policies,
bool client_has_secure_renegotiation,
const MemoryRegion<byte>& reneg_info,
bool client_has_npn,
@@ -165,7 +167,7 @@ class Server_Hello : public Handshake_Message
RandomNumberGenerator& rng);
Server_Hello(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
const MemoryRegion<byte>& session_id,
Version_Code ver,
u16bit ciphersuite,
@@ -210,12 +212,12 @@ class Client_Key_Exchange : public Handshake_Message
Version_Code version);
Client_Key_Exchange(Record_Writer& output,
- TLS_Handshake_State* state,
+ Handshake_State* state,
const std::vector<X509_Certificate>& peer_certs,
RandomNumberGenerator& rng);
Client_Key_Exchange(const MemoryRegion<byte>& buf,
- const TLS_Ciphersuite& suite,
+ const Ciphersuite& suite,
Version_Code using_version);
private:
MemoryVector<byte> serialize() const;
@@ -237,7 +239,7 @@ class Certificate : public Handshake_Message
bool empty() const { return certs.empty(); }
Certificate(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
const std::vector<X509_Certificate>& certs);
Certificate(const MemoryRegion<byte>& buf);
@@ -262,8 +264,8 @@ class Certificate_Req : public Handshake_Message
{ return m_supported_algos; }
Certificate_Req(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
- const TLS_Policy& policy,
+ Handshake_Hash& hash,
+ const Policy& policy,
const std::vector<X509_Certificate>& allowed_cas,
Version_Code version);
@@ -292,10 +294,10 @@ class Certificate_Verify : public Handshake_Message
* @param state the handshake state
*/
bool verify(const X509_Certificate& cert,
- TLS_Handshake_State* state);
+ Handshake_State* state);
Certificate_Verify(Record_Writer& writer,
- TLS_Handshake_State* state,
+ Handshake_State* state,
RandomNumberGenerator& rng,
const Private_Key* key);
@@ -320,11 +322,11 @@ class Finished : public Handshake_Message
MemoryVector<byte> verify_data() const
{ return verification_data; }
- bool verify(TLS_Handshake_State* state,
+ bool verify(Handshake_State* state,
Connection_Side side);
Finished(Record_Writer& writer,
- TLS_Handshake_State* state,
+ Handshake_State* state,
Connection_Side side);
Finished(const MemoryRegion<byte>& buf);
@@ -360,10 +362,10 @@ class Server_Key_Exchange : public Handshake_Message
const std::vector<BigInt>& params() const { return m_params; }
bool verify(const X509_Certificate& cert,
- TLS_Handshake_State* state) const;
+ Handshake_State* state) const;
Server_Key_Exchange(Record_Writer& writer,
- TLS_Handshake_State* state,
+ Handshake_State* state,
RandomNumberGenerator& rng,
const Private_Key* priv_key);
@@ -390,7 +392,7 @@ class Server_Hello_Done : public Handshake_Message
public:
Handshake_Type type() const { return SERVER_HELLO_DONE; }
- Server_Hello_Done(Record_Writer& writer, TLS_Handshake_Hash& hash);
+ Server_Hello_Done(Record_Writer& writer, Handshake_Hash& hash);
Server_Hello_Done(const MemoryRegion<byte>& buf);
private:
MemoryVector<byte> serialize() const;
@@ -407,7 +409,7 @@ class Next_Protocol : public Handshake_Message
std::string protocol() const { return m_protocol; }
Next_Protocol(Record_Writer& writer,
- TLS_Handshake_Hash& hash,
+ Handshake_Hash& hash,
const std::string& protocol);
Next_Protocol(const MemoryRegion<byte>& buf);
@@ -419,4 +421,6 @@ class Next_Protocol : public Handshake_Message
}
+}
+
#endif
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index c02f35a9a..ca6286b72 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -12,7 +12,9 @@
namespace Botan {
-std::vector<std::string> TLS_Policy::allowed_ciphers() const
+namespace TLS {
+
+std::vector<std::string> Policy::allowed_ciphers() const
{
std::vector<std::string> allowed;
allowed.push_back("AES-256");
@@ -23,7 +25,7 @@ std::vector<std::string> TLS_Policy::allowed_ciphers() const
return allowed;
}
-std::vector<std::string> TLS_Policy::allowed_hashes() const
+std::vector<std::string> Policy::allowed_hashes() const
{
std::vector<std::string> allowed;
allowed.push_back("SHA-512");
@@ -35,7 +37,7 @@ std::vector<std::string> TLS_Policy::allowed_hashes() const
return allowed;
}
-std::vector<std::string> TLS_Policy::allowed_key_exchange_methods() const
+std::vector<std::string> Policy::allowed_key_exchange_methods() const
{
std::vector<std::string> allowed;
//allowed.push_back("ECDH");
@@ -45,7 +47,7 @@ std::vector<std::string> TLS_Policy::allowed_key_exchange_methods() const
return allowed;
}
-std::vector<std::string> TLS_Policy::allowed_signature_methods() const
+std::vector<std::string> Policy::allowed_signature_methods() const
{
std::vector<std::string> allowed;
//allowed.push_back("ECDSA");
@@ -65,7 +67,7 @@ class Ciphersuite_Preference_Ordering
const std::vector<std::string>& sigs) :
m_ciphers(ciphers), m_hashes(hashes), m_kex(kex), m_sigs(sigs) {}
- bool operator()(const TLS_Ciphersuite& a, const TLS_Ciphersuite& b) const
+ bool operator()(const Ciphersuite& a, const Ciphersuite& b) const
{
if(a.kex_algo() != b.kex_algo())
{
@@ -120,7 +122,7 @@ class Ciphersuite_Preference_Ordering
}
-std::vector<u16bit> TLS_Policy::ciphersuite_list(bool have_srp) const
+std::vector<u16bit> Policy::ciphersuite_list(bool have_srp) const
{
std::vector<std::string> ciphers = allowed_ciphers();
std::vector<std::string> hashes = allowed_hashes();
@@ -137,12 +139,12 @@ std::vector<u16bit> TLS_Policy::ciphersuite_list(bool have_srp) const
Ciphersuite_Preference_Ordering order(ciphers, hashes, kex, sigs);
- std::map<TLS_Ciphersuite, u16bit, Ciphersuite_Preference_Ordering> ciphersuites(order);
+ std::map<Ciphersuite, u16bit, Ciphersuite_Preference_Ordering> ciphersuites(order);
// When in doubt use brute force :)
for(u32bit i = 0; i != 65536; ++i)
{
- TLS_Ciphersuite suite = TLS_Ciphersuite::lookup_ciphersuite(i);
+ Ciphersuite suite = Ciphersuite::lookup_ciphersuite(i);
if(suite.cipher_keylen() == 0)
continue; // not a ciphersuite we know
@@ -157,7 +159,7 @@ std::vector<u16bit> TLS_Policy::ciphersuite_list(bool have_srp) const
std::vector<u16bit> ciphersuite_codes;
- for(std::map<TLS_Ciphersuite, u16bit, Ciphersuite_Preference_Ordering>::iterator i = ciphersuites.begin();
+ for(std::map<Ciphersuite, u16bit, Ciphersuite_Preference_Ordering>::iterator i = ciphersuites.begin();
i != ciphersuites.end(); ++i)
{
ciphersuite_codes.push_back(i->second);
@@ -169,7 +171,7 @@ std::vector<u16bit> TLS_Policy::ciphersuite_list(bool have_srp) const
/*
* Return allowed compression algorithms
*/
-std::vector<byte> TLS_Policy::compression() const
+std::vector<byte> Policy::compression() const
{
std::vector<byte> algs;
algs.push_back(NO_COMPRESSION);
@@ -179,7 +181,7 @@ std::vector<byte> TLS_Policy::compression() const
/*
* Choose which ciphersuite to use
*/
-u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& client_suites,
+u16bit Policy::choose_suite(const std::vector<u16bit>& client_suites,
bool have_rsa,
bool have_dsa,
bool have_srp) const
@@ -187,7 +189,7 @@ u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& client_suites,
for(size_t i = 0; i != client_suites.size(); ++i)
{
u16bit suite_id = client_suites[i];
- TLS_Ciphersuite suite = TLS_Ciphersuite::lookup_ciphersuite(suite_id);
+ Ciphersuite suite = Ciphersuite::lookup_ciphersuite(suite_id);
if(suite.cipher_keylen() == 0)
continue; // not a ciphersuite we know
@@ -216,7 +218,7 @@ u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& client_suites,
/*
* Choose which compression algorithm to use
*/
-byte TLS_Policy::choose_compression(const std::vector<byte>& c_comp) const
+byte Policy::choose_compression(const std::vector<byte>& c_comp) const
{
std::vector<byte> s_comp = compression();
@@ -229,3 +231,5 @@ byte TLS_Policy::choose_compression(const std::vector<byte>& c_comp) const
}
}
+
+}
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index 5bf60742b..f8e608cdb 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -15,11 +15,13 @@
namespace Botan {
+namespace TLS {
+
/**
* TLS Policy Base Class
* Inherit and overload as desired to suite local policy concerns
*/
-class BOTAN_DLL TLS_Policy
+class BOTAN_DLL Policy
{
public:
/*
@@ -77,9 +79,11 @@ class BOTAN_DLL TLS_Policy
*/
virtual Version_Code pref_version() const { return TLS_V12; }
- virtual ~TLS_Policy() {}
+ virtual ~Policy() {}
};
}
+}
+
#endif
diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h
index 1cf7adab0..09487c5f9 100644
--- a/src/tls/tls_reader.h
+++ b/src/tls/tls_reader.h
@@ -17,6 +17,8 @@
namespace Botan {
+namespace TLS {
+
/**
* Helper class for decoding TLS protocol messages
*/
@@ -205,4 +207,6 @@ void append_tls_length_value(MemoryRegion<byte>& buf,
}
+}
+
#endif
diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index c4b483c80..979154001 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -30,6 +30,8 @@
namespace Botan {
+namespace TLS {
+
class Session_Keys;
/**
@@ -43,7 +45,7 @@ class BOTAN_DLL Record_Writer
void alert(Alert_Level level, Alert_Type type);
- void activate(const TLS_Ciphersuite& suite,
+ void activate(const Ciphersuite& suite,
const Session_Keys& keys,
Connection_Side side);
@@ -97,7 +99,7 @@ class BOTAN_DLL Record_Reader
byte& msg_type,
MemoryVector<byte>& msg);
- void activate(const TLS_Ciphersuite& suite,
+ void activate(const Ciphersuite& suite,
const Session_Keys& keys,
Connection_Side side);
@@ -132,4 +134,6 @@ class BOTAN_DLL Record_Reader
}
+}
+
#endif
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 5d07d22ba..6c6977b91 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -13,10 +13,12 @@
namespace Botan {
+namespace TLS {
+
namespace {
-bool check_for_resume(TLS_Session& session_info,
- TLS_Session_Manager& session_manager,
+bool check_for_resume(Session& session_info,
+ Session_Manager& session_manager,
Client_Hello* client_hello)
{
MemoryVector<byte> client_session_id = client_hello->session_id();
@@ -64,15 +66,15 @@ bool check_for_resume(TLS_Session& session_info,
/*
* TLS Server Constructor
*/
-TLS_Server::TLS_Server(std::tr1::function<void (const byte[], size_t)> output_fn,
+Server::Server(std::tr1::function<void (const byte[], size_t)> output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<bool (const TLS_Session&)> handshake_fn,
- TLS_Session_Manager& session_manager,
+ std::tr1::function<bool (const Session&)> handshake_fn,
+ Session_Manager& session_manager,
Credentials_Manager& creds,
- const TLS_Policy& policy,
+ const Policy& policy,
RandomNumberGenerator& rng,
const std::vector<std::string>& next_protocols) :
- TLS_Channel(output_fn, proc_fn, handshake_fn),
+ Channel(output_fn, proc_fn, handshake_fn),
policy(policy),
rng(rng),
session_manager(session_manager),
@@ -84,17 +86,17 @@ TLS_Server::TLS_Server(std::tr1::function<void (const byte[], size_t)> output_fn
/*
* Send a hello request to the client
*/
-void TLS_Server::renegotiate()
+void Server::renegotiate()
{
if(state)
return; // currently in handshake
- state = new TLS_Handshake_State;
+ state = new Handshake_State;
state->set_expected_next(CLIENT_HELLO);
Hello_Request hello_req(writer);
}
-void TLS_Server::alert_notify(bool, Alert_Type type)
+void Server::alert_notify(bool, Alert_Type type)
{
if(type == NO_RENEGOTIATION)
{
@@ -109,22 +111,22 @@ void TLS_Server::alert_notify(bool, Alert_Type type)
/*
* Split up and process handshake messages
*/
-void TLS_Server::read_handshake(byte rec_type,
+void Server::read_handshake(byte rec_type,
const MemoryRegion<byte>& rec_buf)
{
if(rec_type == HANDSHAKE && !state)
{
- state = new TLS_Handshake_State;
+ state = new Handshake_State;
state->set_expected_next(CLIENT_HELLO);
}
- TLS_Channel::read_handshake(rec_type, rec_buf);
+ Channel::read_handshake(rec_type, rec_buf);
}
/*
* Process a handshake message
*/
-void TLS_Server::process_handshake_msg(Handshake_Type type,
+void Server::process_handshake_msg(Handshake_Type type,
const MemoryRegion<byte>& contents)
{
if(state == 0)
@@ -169,7 +171,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
writer.set_version(state->version);
reader.set_version(state->version);
- TLS_Session session_info;
+ Session session_info;
const bool resuming = check_for_resume(session_info,
session_manager,
state->client_hello);
@@ -198,7 +200,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
writer.set_maximum_fragment_size(session_info.fragment_size());
}
- state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite());
+ state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite());
state->keys = Session_Keys(state, session_info.master_secret(), true);
@@ -245,7 +247,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
writer.set_maximum_fragment_size(state->client_hello->fragment_size());
}
- state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite());
+ state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite());
if(state->suite.sig_algo() != "")
{
@@ -259,7 +261,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
if(state->suite.kex_algo() == "DH")
state->kex_priv = new DH_PrivateKey(rng, policy.dh_group());
else
- throw Internal_Error("TLS_Server: Unknown ciphersuite kex type " +
+ throw Internal_Error("Server: Unknown ciphersuite kex type " +
state->suite.kex_algo());
state->server_kex =
@@ -386,7 +388,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
peer_certs = state->client_certs->cert_chain();
}
- TLS_Session session_info(
+ Session session_info(
state->server_hello->session_id(),
state->keys.master_secret(),
state->server_hello->version(),
@@ -417,3 +419,5 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
}
}
+
+}
diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h
index f8c3a8563..c283d4a18 100644
--- a/src/tls/tls_server.h
+++ b/src/tls/tls_server.h
@@ -15,21 +15,23 @@
namespace Botan {
+namespace TLS {
+
/**
* TLS Server
*/
-class BOTAN_DLL TLS_Server : public TLS_Channel
+class BOTAN_DLL Server : public Channel
{
public:
/**
- * TLS_Server initialization
+ * Server initialization
*/
- TLS_Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
+ Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
- std::tr1::function<bool (const TLS_Session&)> handshake_complete,
- TLS_Session_Manager& session_manager,
+ std::tr1::function<bool (const Session&)> handshake_complete,
+ Session_Manager& session_manager,
Credentials_Manager& creds,
- const TLS_Policy& policy,
+ const Policy& policy,
RandomNumberGenerator& rng,
const std::vector<std::string>& protocols =
std::vector<std::string>());
@@ -55,9 +57,9 @@ class BOTAN_DLL TLS_Server : public TLS_Channel
void alert_notify(bool is_fatal, Alert_Type type);
- const TLS_Policy& policy;
+ const Policy& policy;
RandomNumberGenerator& rng;
- TLS_Session_Manager& session_manager;
+ Session_Manager& session_manager;
Credentials_Manager& creds;
std::vector<std::string> m_possible_protocols;
@@ -67,4 +69,6 @@ class BOTAN_DLL TLS_Server : public TLS_Channel
}
+}
+
#endif
diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp
index deaddb227..3716878e1 100644
--- a/src/tls/tls_session.cpp
+++ b/src/tls/tls_session.cpp
@@ -13,7 +13,9 @@
namespace Botan {
-TLS_Session::TLS_Session(const MemoryRegion<byte>& session_identifier,
+namespace TLS {
+
+Session::Session(const MemoryRegion<byte>& session_identifier,
const MemoryRegion<byte>& master_secret,
Version_Code version,
u16bit ciphersuite,
@@ -41,7 +43,7 @@ TLS_Session::TLS_Session(const MemoryRegion<byte>& session_identifier,
m_peer_certificate = certs[0].BER_encode();
}
-TLS_Session::TLS_Session(const byte ber[], size_t ber_len)
+Session::Session(const byte ber[], size_t ber_len)
{
BER_Decoder decoder(ber, ber_len);
@@ -70,7 +72,7 @@ TLS_Session::TLS_Session(const byte ber[], size_t ber_len)
m_connection_side = static_cast<Connection_Side>(side_code);
}
-SecureVector<byte> TLS_Session::BER_encode() const
+SecureVector<byte> Session::BER_encode() const
{
return DER_Encoder()
.start_cons(SEQUENCE)
@@ -92,3 +94,5 @@ SecureVector<byte> TLS_Session::BER_encode() const
}
}
+
+}
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h
index 12b76bcab..9b3f5b194 100644
--- a/src/tls/tls_session.h
+++ b/src/tls/tls_session.h
@@ -14,17 +14,19 @@
namespace Botan {
+namespace TLS {
+
/**
* Class representing a TLS session state
*/
-class BOTAN_DLL TLS_Session
+class BOTAN_DLL Session
{
public:
/**
* Uninitialized session
*/
- TLS_Session() :
+ Session() :
m_start_time(0),
m_version(0),
m_ciphersuite(0),
@@ -37,7 +39,7 @@ class BOTAN_DLL TLS_Session
/**
* New session (sets session start time)
*/
- TLS_Session(const MemoryRegion<byte>& session_id,
+ Session(const MemoryRegion<byte>& session_id,
const MemoryRegion<byte>& master_secret,
Version_Code version,
u16bit ciphersuite,
@@ -52,7 +54,7 @@ class BOTAN_DLL TLS_Session
/**
* Load a session from BER (created by BER_encode)
*/
- TLS_Session(const byte ber[], size_t ber_len);
+ Session(const byte ber[], size_t ber_len);
/**
* Encode this session data for storage
@@ -154,4 +156,6 @@ class BOTAN_DLL TLS_Session
}
+}
+
#endif
diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp
index cb55499f0..42727273a 100644
--- a/src/tls/tls_session_key.cpp
+++ b/src/tls/tls_session_key.cpp
@@ -13,6 +13,8 @@
namespace Botan {
+namespace TLS {
+
namespace {
std::string lookup_prf_name(Version_Code version)
@@ -32,7 +34,7 @@ std::string lookup_prf_name(Version_Code version)
/**
* Session_Keys Constructor
*/
-Session_Keys::Session_Keys(TLS_Handshake_State* state,
+Session_Keys::Session_Keys(Handshake_State* state,
const MemoryRegion<byte>& pre_master_secret,
bool resuming)
{
@@ -101,3 +103,5 @@ Session_Keys::Session_Keys(TLS_Handshake_State* state,
}
}
+
+}
diff --git a/src/tls/tls_session_key.h b/src/tls/tls_session_key.h
index 8ba3d2b72..736475be6 100644
--- a/src/tls/tls_session_key.h
+++ b/src/tls/tls_session_key.h
@@ -14,6 +14,8 @@
namespace Botan {
+namespace TLS {
+
/**
* TLS Session Keys
*/
@@ -33,7 +35,7 @@ class Session_Keys
Session_Keys() {}
- Session_Keys(class TLS_Handshake_State* state,
+ Session_Keys(class Handshake_State* state,
const MemoryRegion<byte>& pre_master,
bool resuming);
@@ -45,4 +47,6 @@ class Session_Keys
}
+}
+
#endif
diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp
index e5ec75c88..59fc75b9f 100644
--- a/src/tls/tls_session_manager.cpp
+++ b/src/tls/tls_session_manager.cpp
@@ -11,10 +11,12 @@
namespace Botan {
-bool TLS_Session_Manager_In_Memory::load_from_session_str(
- const std::string& session_str, TLS_Session& session)
+namespace TLS {
+
+bool Session_Manager_In_Memory::load_from_session_str(
+ const std::string& session_str, Session& session)
{
- std::map<std::string, TLS_Session>::iterator i = sessions.find(session_str);
+ std::map<std::string, Session>::iterator i = sessions.find(session_str);
if(i == sessions.end())
return false;
@@ -31,14 +33,14 @@ bool TLS_Session_Manager_In_Memory::load_from_session_str(
return true;
}
-bool TLS_Session_Manager_In_Memory::load_from_session_id(
- const MemoryRegion<byte>& session_id, TLS_Session& session)
+bool Session_Manager_In_Memory::load_from_session_id(
+ const MemoryRegion<byte>& session_id, Session& session)
{
return load_from_session_str(hex_encode(session_id), session);
}
-bool TLS_Session_Manager_In_Memory::load_from_host_info(
- const std::string& hostname, u16bit port, TLS_Session& session)
+bool Session_Manager_In_Memory::load_from_host_info(
+ const std::string& hostname, u16bit port, Session& session)
{
std::map<std::string, std::string>::iterator i;
@@ -59,17 +61,17 @@ bool TLS_Session_Manager_In_Memory::load_from_host_info(
return false;
}
-void TLS_Session_Manager_In_Memory::remove_entry(
+void Session_Manager_In_Memory::remove_entry(
const MemoryRegion<byte>& session_id)
{
- std::map<std::string, TLS_Session>::iterator i =
+ std::map<std::string, Session>::iterator i =
sessions.find(hex_encode(session_id));
if(i != sessions.end())
sessions.erase(i);
}
-void TLS_Session_Manager_In_Memory::save(const TLS_Session& session)
+void Session_Manager_In_Memory::save(const Session& session)
{
if(max_sessions != 0)
{
@@ -90,3 +92,5 @@ void TLS_Session_Manager_In_Memory::save(const TLS_Session& session)
}
}
+
+}
diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h
index 289b76a3b..c25fecac4 100644
--- a/src/tls/tls_session_manager.h
+++ b/src/tls/tls_session_manager.h
@@ -13,8 +13,10 @@
namespace Botan {
+namespace TLS {
+
/**
-* TLS_Session_Manager is an interface to systems which can save
+* Session_Manager is an interface to systems which can save
* session parameters for supporting session resumption.
*
* Saving sessions is done on a best-effort basis; an implementation is
@@ -22,7 +24,7 @@ namespace Botan {
*
* Implementations should strive to be thread safe
*/
-class BOTAN_DLL TLS_Session_Manager
+class BOTAN_DLL Session_Manager
{
public:
/**
@@ -33,7 +35,7 @@ class BOTAN_DLL TLS_Session_Manager
* @return true if session was modified
*/
virtual bool load_from_session_id(const MemoryRegion<byte>& session_id,
- TLS_Session& session) = 0;
+ Session& session) = 0;
/**
* Try to load a saved session (client side)
@@ -44,7 +46,7 @@ class BOTAN_DLL TLS_Session_Manager
* @return true if session was modified
*/
virtual bool load_from_host_info(const std::string& hostname, u16bit port,
- TLS_Session& session) = 0;
+ Session& session) = 0;
/**
* Remove this session id from the cache, if it exists
@@ -59,18 +61,18 @@ class BOTAN_DLL TLS_Session_Manager
*
* @param session to save
*/
- virtual void save(const TLS_Session& session) = 0;
+ virtual void save(const Session& session) = 0;
- virtual ~TLS_Session_Manager() {}
+ virtual ~Session_Manager() {}
};
/**
-* A simple implementation of TLS_Session_Manager that just saves
+* A simple implementation of Session_Manager that just saves
* values in memory, with no persistance abilities
*
* @todo add locking
*/
-class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager
+class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager
{
public:
/**
@@ -79,32 +81,34 @@ class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager
* @param session_lifetime sessions are expired after this many
* seconds have elapsed from initial handshake.
*/
- TLS_Session_Manager_In_Memory(size_t max_sessions = 1000,
+ Session_Manager_In_Memory(size_t max_sessions = 1000,
size_t session_lifetime = 7200) :
max_sessions(max_sessions),
session_lifetime(session_lifetime)
{}
bool load_from_session_id(const MemoryRegion<byte>& session_id,
- TLS_Session& session);
+ Session& session);
bool load_from_host_info(const std::string& hostname, u16bit port,
- TLS_Session& session);
+ Session& session);
void remove_entry(const MemoryRegion<byte>& session_id);
- void save(const TLS_Session& session_data);
+ void save(const Session& session_data);
private:
bool load_from_session_str(const std::string& session_str,
- TLS_Session& session);
+ Session& session);
size_t max_sessions, session_lifetime;
- std::map<std::string, TLS_Session> sessions; // hex(session_id) -> session
+ std::map<std::string, Session> sessions; // hex(session_id) -> session
std::map<std::string, std::string> host_sessions;
};
}
+}
+
#endif
diff --git a/src/tls/tls_suites.cpp b/src/tls/tls_suites.cpp
index c24cdb9f7..442d261cd 100644
--- a/src/tls/tls_suites.cpp
+++ b/src/tls/tls_suites.cpp
@@ -10,149 +10,151 @@
namespace Botan {
+namespace TLS {
+
/**
* Convert an SSL/TLS ciphersuite to algorithm fields
*/
-TLS_Ciphersuite TLS_Ciphersuite::lookup_ciphersuite(u16bit suite)
+Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
{
switch(suite)
{
// RSA ciphersuites
case TLS_RSA_WITH_AES_128_CBC_SHA:
- return TLS_Ciphersuite("RSA", "", "SHA-1", "AES-128", 16);
+ return Ciphersuite("RSA", "", "SHA-1", "AES-128", 16);
case TLS_RSA_WITH_AES_256_CBC_SHA:
- return TLS_Ciphersuite("RSA", "", "SHA-1", "AES-256", 32);
+ return Ciphersuite("RSA", "", "SHA-1", "AES-256", 32);
case TLS_RSA_WITH_AES_128_CBC_SHA256:
- return TLS_Ciphersuite("RSA", "", "SHA-256", "AES-128", 16);
+ return Ciphersuite("RSA", "", "SHA-256", "AES-128", 16);
case TLS_RSA_WITH_AES_256_CBC_SHA256:
- return TLS_Ciphersuite("RSA", "", "SHA-256", "AES-256", 32);
+ return Ciphersuite("RSA", "", "SHA-256", "AES-256", 32);
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- return TLS_Ciphersuite("RSA", "", "SHA-1", "TripleDES", 24);
+ return Ciphersuite("RSA", "", "SHA-1", "TripleDES", 24);
case TLS_RSA_WITH_RC4_128_SHA:
- return TLS_Ciphersuite("RSA", "", "SHA-1", "ARC4", 16);
+ return Ciphersuite("RSA", "", "SHA-1", "ARC4", 16);
case TLS_RSA_WITH_RC4_128_MD5:
- return TLS_Ciphersuite("RSA", "", "MD5", "ARC4", 16);
+ return Ciphersuite("RSA", "", "MD5", "ARC4", 16);
case TLS_RSA_WITH_SEED_CBC_SHA:
- return TLS_Ciphersuite("RSA", "", "SHA-1", "SEED", 16);
+ return Ciphersuite("RSA", "", "SHA-1", "SEED", 16);
// DH/DSS ciphersuites
case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
- return TLS_Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16);
+ return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16);
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
- return TLS_Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32);
+ return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32);
case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
- return TLS_Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16);
+ return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16);
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
- return TLS_Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32);
+ return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32);
case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
- return TLS_Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24);
+ return Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24);
case TLS_DHE_DSS_WITH_RC4_128_SHA:
- return TLS_Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16);
+ return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16);
case TLS_DHE_DSS_WITH_SEED_CBC_SHA:
- return TLS_Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16);
+ return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16);
// DH/RSA ciphersuites
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
- return TLS_Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16);
+ return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16);
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
- return TLS_Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32);
+ return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32);
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- return TLS_Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16);
+ return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16);
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- return TLS_Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32);
+ return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32);
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- return TLS_Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24);
+ return Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24);
case TLS_DHE_RSA_WITH_SEED_CBC_SHA:
- return TLS_Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16);
+ return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16);
// ECDH/RSA ciphersuites
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16);
+ return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16);
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32);
+ return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32);
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24);
+ return Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24);
case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16);
+ return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16);
// SRP/RSA ciphersuites
case TLS_SRP_SHA_RSA_WITH_AES_128_SHA:
- return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16);
+ return Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16);
case TLS_SRP_SHA_RSA_WITH_AES_256_SHA:
- return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32);
+ return Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32);
case TLS_SRP_SHA_RSA_WITH_3DES_EDE_SHA:
- return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "TripleDES", 24);
+ return Ciphersuite("RSA", "SRP", "SHA-1", "TripleDES", 24);
// SRP/DSA ciphersuites
case TLS_SRP_SHA_DSS_WITH_AES_128_SHA:
- return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16);
+ return Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16);
case TLS_SRP_SHA_DSS_WITH_AES_256_SHA:
- return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32);
+ return Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32);
case TLS_SRP_SHA_DSS_WITH_3DES_EDE_SHA:
- return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "TripleDES", 24);
+ return Ciphersuite("DSA", "SRP", "SHA-1", "TripleDES", 24);
// ECDH/ECDSA ciphersuites
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16);
+ return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16);
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32);
+ return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32);
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16);
+ return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16);
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32);
+ return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32);
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16);
+ return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16);
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32);
+ return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32);
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16);
+ return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16);
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24);
+ return Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24);
default:
- return TLS_Ciphersuite(); // some unknown ciphersuite
+ return Ciphersuite(); // some unknown ciphersuite
}
}
-TLS_Ciphersuite::TLS_Ciphersuite(const std::string& sig_algo,
+Ciphersuite::Ciphersuite(const std::string& sig_algo,
const std::string& kex_algo,
const std::string& mac_algo,
const std::string& cipher_algo,
@@ -166,3 +168,5 @@ TLS_Ciphersuite::TLS_Ciphersuite(const std::string& sig_algo,
}
}
+
+}
diff --git a/src/tls/tls_suites.h b/src/tls/tls_suites.h
index 65203bdf7..1fd975beb 100644
--- a/src/tls/tls_suites.h
+++ b/src/tls/tls_suites.h
@@ -14,13 +14,15 @@
namespace Botan {
+namespace TLS {
+
/**
* Ciphersuite Information
*/
-class BOTAN_DLL TLS_Ciphersuite
+class BOTAN_DLL Ciphersuite
{
public:
- static TLS_Ciphersuite lookup_ciphersuite(u16bit suite);
+ static Ciphersuite lookup_ciphersuite(u16bit suite);
const std::string kex_algo() const { return m_kex_algo; }
const std::string sig_algo() const { return m_sig_algo; }
@@ -30,9 +32,9 @@ class BOTAN_DLL TLS_Ciphersuite
size_t cipher_keylen() const { return m_cipher_keylen; }
- TLS_Ciphersuite() : m_cipher_keylen(0) {}
+ Ciphersuite() : m_cipher_keylen(0) {}
- TLS_Ciphersuite(const std::string& sig_algo,
+ Ciphersuite(const std::string& sig_algo,
const std::string& kex_algo,
const std::string& mac_algo,
const std::string& cipher_algo,
@@ -44,4 +46,6 @@ class BOTAN_DLL TLS_Ciphersuite
}
+}
+
#endif