diff options
41 files changed, 456 insertions, 303 deletions
diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp index 2ff640983..90f4fc20a 100644 --- a/doc/examples/asio_tls_server.cpp +++ b/doc/examples/asio_tls_server.cpp @@ -23,9 +23,9 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess typedef boost::shared_ptr<tls_server_session> pointer; static pointer create(asio::io_service& io_service, - Botan::TLS_Session_Manager& session_manager, + Botan::TLS::Session_Manager& session_manager, Botan::Credentials_Manager& credentials, - Botan::TLS_Policy& policy, + Botan::TLS::Policy& policy, Botan::RandomNumberGenerator& rng) { return pointer( @@ -53,9 +53,9 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess private: tls_server_session(asio::io_service& io_service, - Botan::TLS_Session_Manager& session_manager, + Botan::TLS::Session_Manager& session_manager, Botan::Credentials_Manager& credentials, - Botan::TLS_Policy& policy, + Botan::TLS::Policy& policy, Botan::RandomNumberGenerator& rng) : m_socket(io_service), m_tls(boost::bind(&tls_server_session::tls_output_wanted, this, _1, _2), @@ -135,7 +135,7 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess void tls_data_recv(const byte buf[], size_t buf_len, Botan::u16bit alert_info) { - if(buf_len == 0 && alert_info != Botan::NULL_ALERT) + if(buf_len == 0 && alert_info != Botan::TLS::NULL_ALERT) { //printf("Alert: %d\n", alert_info); if(alert_info == 0) @@ -164,15 +164,15 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess } } - bool tls_handshake_complete(const Botan::TLS_Session& session) + bool tls_handshake_complete(const Botan::TLS::Session& session) { return true; } tcp::socket m_socket; - Botan::TLS_Server m_tls; + Botan::TLS::Server m_tls; - unsigned char m_read_buf[Botan::MAX_TLS_RECORD_SIZE]; + unsigned char m_read_buf[Botan::TLS::MAX_TLS_RECORD_SIZE]; // used to hold the data currently being written by the system std::vector<byte> m_write_buf; @@ -215,7 +215,7 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager std::map<Botan::X509_Certificate, Botan::Private_Key*> certs_and_keys; }; -class Server_TLS_Policy : public Botan::TLS_Policy +class Server_TLS_Policy : public Botan::TLS::Policy { public: //bool require_client_auth() const { return true; } @@ -289,7 +289,7 @@ class tls_server tcp::acceptor m_acceptor; Botan::AutoSeeded_RNG m_rng; - Botan::TLS_Session_Manager_In_Memory m_session_manager; + Botan::TLS::Session_Manager_In_Memory m_session_manager; Server_TLS_Policy m_policy; Credentials_Manager_Simple m_creds; }; diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 42fecaf37..3d4dd38b7 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -20,7 +20,7 @@ using namespace Botan; using namespace std::tr1::placeholders; -class Client_TLS_Policy : public TLS_Policy +class Client_TLS_Policy : public TLS::Policy { public: //Version_Code pref_version() const { return TLS_V12; } @@ -72,11 +72,12 @@ int connect_to_host(const std::string& host, u16bit port) return fd; } -bool handshake_complete(const TLS_Session& session) +bool handshake_complete(const TLS::Session& session) { std::cout << "Handshake complete!\n"; std::cout << "Protocol version " << (int)session.major_version() << "." << (int)session.minor_version() << "\n"; + std::cout << "Ciphersuite " << std::hex << session.ciphersuite() << "\n"; std::cout << "Session ID " << hex_encode(session.session_id()) << "\n"; return true; @@ -108,7 +109,7 @@ bool got_alert = false; void process_data(const byte buf[], size_t buf_size, u16bit alert_info) { - if(alert_info != NULL_ALERT) + if(alert_info != TLS::NULL_ALERT) { std::cout << "Alert: " << alert_info << "\n"; got_alert = true; @@ -128,15 +129,15 @@ std::string protocol_chooser(const std::vector<std::string>& protocols) } void doit(RandomNumberGenerator& rng, - TLS_Policy& policy, - TLS_Session_Manager& session_manager, + TLS::Policy& policy, + TLS::Session_Manager& session_manager, Credentials_Manager& creds, const std::string& host, u16bit port) { int sockfd = connect_to_host(host, port); - TLS_Client client(std::tr1::bind(socket_write, sockfd, _1, _2), + TLS::Client client(std::tr1::bind(socket_write, sockfd, _1, _2), process_data, handshake_complete, session_manager, @@ -180,7 +181,7 @@ void doit(RandomNumberGenerator& rng, } const size_t needed = client.received_data(buf, got); - std::cout << "Socket - got " << got << " bytes, need " << needed << "\n"; + //std::cout << "Socket - got " << got << " bytes, need " << needed << "\n"; } else if(FD_ISSET(STDIN_FILENO, &readfds)) { @@ -251,7 +252,7 @@ int main(int argc, char* argv[]) LibraryInitializer botan_init; AutoSeeded_RNG rng; Client_TLS_Policy policy; - TLS_Session_Manager_In_Memory session_manager; + TLS::Session_Manager_In_Memory session_manager; Credentials_Manager_Simple creds(rng); diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp index 2dbfb4aeb..6f986c7a1 100644 --- a/doc/examples/tls_server.cpp +++ b/doc/examples/tls_server.cpp @@ -52,7 +52,7 @@ class Credentials_Manager_Simple : public Credentials_Manager std::map<X509_Certificate, Private_Key*> certs_and_keys; }; -bool handshake_complete(const TLS_Session& session) +bool handshake_complete(const TLS::Session& session) { printf("Handshake complete, protocol=%04X ciphersuite=%04X compression=%d\n", session.version(), session.ciphersuite(), @@ -69,9 +69,9 @@ class Blocking_TLS_Server Blocking_TLS_Server(std::tr1::function<void (const byte[], size_t)> output_fn, std::tr1::function<size_t (byte[], size_t)> input_fn, std::vector<std::string>& protocols, - TLS_Session_Manager& sessions, + TLS::Session_Manager& sessions, Credentials_Manager& creds, - TLS_Policy& policy, + TLS::Policy& policy, RandomNumberGenerator& rng) : input_fn(input_fn), server( @@ -109,7 +109,7 @@ class Blocking_TLS_Server bool is_active() const { return server.is_active(); } - TLS_Server& underlying() { return server; } + TLS::Server& underlying() { return server; } private: void read_loop(size_t init_desired = 0) { @@ -135,7 +135,7 @@ class Blocking_TLS_Server void reader_fn(const byte buf[], size_t buf_len, u16bit alert_code) { - if(buf_len == 0 && alert_code != NULL_ALERT) + if(buf_len == 0 && alert_code != TLS::NULL_ALERT) { printf("Alert: %d\n", alert_code); //exit = true; @@ -153,12 +153,12 @@ class Blocking_TLS_Server } std::tr1::function<size_t (byte[], size_t)> input_fn; - TLS_Server server; + TLS::Server server; SecureQueue read_queue; bool exit; }; -class Server_TLS_Policy : public TLS_Policy +class Server_TLS_Policy : public TLS::Policy { public: //bool require_client_auth() const { return true; } @@ -194,7 +194,7 @@ int main(int argc, char* argv[]) Server_TLS_Policy policy; - TLS_Session_Manager_In_Memory sessions; + TLS::Session_Manager_In_Memory sessions; Credentials_Manager_Simple creds(rng); diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index 2d94de462..4fdadd455 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -15,6 +15,8 @@ namespace Botan { +namespace TLS { + MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng) { MemoryVector<byte> buf(32); @@ -27,7 +29,7 @@ MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng) /* * Encode and send a Handshake message */ -void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) const +void Handshake_Message::send(Record_Writer& writer, Handshake_Hash& hash) const { MemoryVector<byte> buf = serialize(); MemoryVector<byte> send_buf(4); @@ -51,7 +53,7 @@ void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) co */ Hello_Request::Hello_Request(Record_Writer& writer) { - TLS_Handshake_Hash dummy; // FIXME: *UGLY* + Handshake_Hash dummy; // FIXME: *UGLY* send(writer, dummy); } @@ -76,8 +78,8 @@ MemoryVector<byte> Hello_Request::serialize() const * Create a new Client Hello message */ Client_Hello::Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, + Handshake_Hash& hash, + const Policy& policy, RandomNumberGenerator& rng, const MemoryRegion<byte>& reneg_info, bool next_protocol, @@ -108,9 +110,9 @@ Client_Hello::Client_Hello(Record_Writer& writer, * Create a new Client Hello message */ Client_Hello::Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, RandomNumberGenerator& rng, - const TLS_Session& session, + const Session& session, bool next_protocol) : m_version(session.version()), m_session_id(session.session_id()), @@ -163,7 +165,7 @@ MemoryVector<byte> Client_Hello::serialize() const * send that extension. */ - TLS_Extensions extensions; + Extensions extensions; // Initial handshake if(m_renegotiation_info.empty()) @@ -249,7 +251,7 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) m_comp_methods = reader.get_range_vector<byte>(1, 1, 255); - TLS_Extensions extensions(reader); + Extensions extensions(reader); if(Server_Name_Indicator* sni = extensions.get<Server_Name_Indicator>()) { @@ -276,7 +278,7 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) if(Renegotation_Extension* reneg = extensions.get<Renegotation_Extension>()) { - // checked by TLS_Client / TLS_Server as they know the handshake state + // checked by Client / Server as they know the handshake state m_secure_renegotiation = true; m_renegotiation_info = reneg->renegotiation_info(); } @@ -346,3 +348,5 @@ bool Client_Hello::offered_suite(u16bit ciphersuite) const } } + +} diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 63ba6fcb7..de8f54fbe 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -16,6 +16,8 @@ namespace Botan { +namespace TLS { + namespace { SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input) @@ -40,7 +42,7 @@ SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input) * Create a new Client Key Exchange message */ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, const std::vector<X509_Certificate>& peer_certs, RandomNumberGenerator& rng) { @@ -113,7 +115,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, * Read a Client Key Exchange message */ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, - const TLS_Ciphersuite& suite, + const Ciphersuite& suite, Version_Code using_version) { include_length = true; @@ -199,3 +201,5 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, } } + +} diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 7fbe2a809..d5a73f64e 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -17,12 +17,14 @@ namespace Botan { +namespace TLS { + /** * Create a new Certificate Request message */ Certificate_Req::Certificate_Req(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, + Handshake_Hash& hash, + const Policy& policy, const std::vector<X509_Certificate>& ca_certs, Version_Code version) { @@ -125,7 +127,7 @@ MemoryVector<byte> Certificate_Req::serialize() const * Create a new Certificate message */ Certificate::Certificate(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const std::vector<X509_Certificate>& cert_list) { certs = cert_list; @@ -190,3 +192,5 @@ MemoryVector<byte> Certificate::serialize() const } } + +} diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index f11ae4dcc..923cdbb42 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -13,11 +13,13 @@ namespace Botan { +namespace TLS { + /* * Create a new Certificate Verify message */ Certificate_Verify::Certificate_Verify(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, RandomNumberGenerator& rng, const Private_Key* priv_key) { @@ -88,7 +90,7 @@ MemoryVector<byte> Certificate_Verify::serialize() const * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, - TLS_Handshake_State* state) + Handshake_State* state) { std::auto_ptr<Public_Key> key(cert.subject_public_key()); @@ -110,3 +112,5 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, } } + +} diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index ecb7c315a..f7f8a7eb8 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -15,6 +15,8 @@ namespace Botan { +namespace TLS { + namespace { KDF* choose_tls_prf(Version_Code version) @@ -31,7 +33,7 @@ KDF* choose_tls_prf(Version_Code version) /* * Compute the verify_data */ -MemoryVector<byte> finished_compute_verify(TLS_Handshake_State* state, +MemoryVector<byte> finished_compute_verify(Handshake_State* state, Connection_Side side) { if(state->version == SSL_V3) @@ -39,7 +41,7 @@ MemoryVector<byte> finished_compute_verify(TLS_Handshake_State* state, const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 }; const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 }; - TLS_Handshake_Hash hash = state->hash; // don't modify state + Handshake_Hash hash = state->hash; // don't modify state MemoryVector<byte> ssl3_finished; @@ -80,7 +82,7 @@ MemoryVector<byte> finished_compute_verify(TLS_Handshake_State* state, * Create a new Finished message */ Finished::Finished(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, Connection_Side side) { verification_data = finished_compute_verify(state, side); @@ -106,10 +108,12 @@ Finished::Finished(const MemoryRegion<byte>& buf) /* * Verify a Finished message */ -bool Finished::verify(TLS_Handshake_State* state, +bool Finished::verify(Handshake_State* state, Connection_Side side) { return (verification_data == finished_compute_verify(state, side)); } } + +} diff --git a/src/tls/next_protocol.cpp b/src/tls/next_protocol.cpp index a0d4278f1..97b072440 100644 --- a/src/tls/next_protocol.cpp +++ b/src/tls/next_protocol.cpp @@ -11,8 +11,10 @@ namespace Botan { +namespace TLS { + Next_Protocol::Next_Protocol(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const std::string& protocol) : m_protocol(protocol) { @@ -48,3 +50,5 @@ MemoryVector<byte> Next_Protocol::serialize() const } } + +} diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index d3666abf6..4db50262d 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -14,6 +14,8 @@ namespace Botan { +namespace TLS { + Record_Reader::Record_Reader() : m_readbuf(TLS_HEADER_SIZE + MAX_CIPHERTEXT_SIZE), m_mac(0) @@ -64,7 +66,7 @@ void Record_Reader::set_version(Version_Code version) /* * Set the keys for reading */ -void Record_Reader::activate(const TLS_Ciphersuite& suite, +void Record_Reader::activate(const Ciphersuite& suite, const Session_Keys& keys, Connection_Side side) { @@ -336,3 +338,5 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, } } + +} diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 7f8b4445b..139d84c50 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -16,6 +16,8 @@ namespace Botan { +namespace TLS { + /* * Record_Writer Constructor */ @@ -67,7 +69,7 @@ void Record_Writer::set_version(Version_Code version) /* * Set the keys for writing */ -void Record_Writer::activate(const TLS_Ciphersuite& suite, +void Record_Writer::activate(const Ciphersuite& suite, const Session_Keys& keys, Connection_Side side) { @@ -284,3 +286,5 @@ void Record_Writer::alert(Alert_Level level, Alert_Type type) } } + +} diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index e6aff94e3..9e61f62af 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -14,15 +14,17 @@ namespace Botan { +namespace TLS { + /* * Create a new Server Hello message */ Server_Hello::Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, Version_Code version, const Client_Hello& c_hello, const std::vector<X509_Certificate>& certs, - const TLS_Policy& policy, + const Policy& policy, bool client_has_secure_renegotiation, const MemoryRegion<byte>& reneg_info, bool client_has_npn, @@ -64,7 +66,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, * Create a new Server Hello message */ Server_Hello::Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const MemoryRegion<byte>& session_id, Version_Code ver, u16bit ciphersuite, @@ -121,11 +123,11 @@ Server_Hello::Server_Hello(const MemoryRegion<byte>& buf) comp_method = reader.get_byte(); - TLS_Extensions extensions(reader); + Extensions extensions(reader); if(Renegotation_Extension* reneg = extensions.get<Renegotation_Extension>()) { - // checked by TLS_Client / TLS_Server as they know the handshake state + // checked by Client / Server as they know the handshake state m_secure_renegotiation = true; m_renegotiation_info = reneg->renegotiation_info(); } @@ -155,7 +157,7 @@ MemoryVector<byte> Server_Hello::serialize() const buf.push_back(comp_method); - TLS_Extensions extensions; + Extensions extensions; if(m_secure_renegotiation) extensions.add(new Renegotation_Extension(m_renegotiation_info)); @@ -175,7 +177,7 @@ MemoryVector<byte> Server_Hello::serialize() const * Create a new Server Hello Done message */ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, - TLS_Handshake_Hash& hash) + Handshake_Hash& hash) { send(writer, hash); } @@ -198,3 +200,5 @@ MemoryVector<byte> Server_Hello_Done::serialize() const } } + +} diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index bbad6fd83..359ef6f4a 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -15,11 +15,13 @@ namespace Botan { +namespace TLS { + /** * Create a new Server Key Exchange message */ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, RandomNumberGenerator& rng, const Private_Key* private_key) { @@ -121,7 +123,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, * Verify a Server Key Exchange message */ bool Server_Key_Exchange::verify(const X509_Certificate& cert, - TLS_Handshake_State* state) const + Handshake_State* state) const { std::auto_ptr<Public_Key> key(cert.subject_public_key()); @@ -138,3 +140,5 @@ bool Server_Key_Exchange::verify(const X509_Certificate& cert, } } + +} diff --git a/src/tls/tls_alerts.h b/src/tls/tls_alerts.h index 0634d6763..2ccb1ad79 100644 --- a/src/tls/tls_alerts.h +++ b/src/tls/tls_alerts.h @@ -12,6 +12,8 @@ namespace Botan { +namespace TLS { + /** * SSL/TLS Alert Message */ @@ -57,4 +59,6 @@ class Alert } +} + #endif diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index a1e9fd8cd..a3ff69d87 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -14,9 +14,11 @@ namespace Botan { -TLS_Channel::TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, +namespace TLS { + +Channel::Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, - std::tr1::function<bool (const TLS_Session&)> handshake_complete) : + std::tr1::function<bool (const Session&)> handshake_complete) : proc_fn(proc_fn), handshake_fn(handshake_complete), writer(socket_output_fn), @@ -26,13 +28,13 @@ TLS_Channel::TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_ { } -TLS_Channel::~TLS_Channel() +Channel::~Channel() { delete state; state = 0; } -size_t TLS_Channel::received_data(const byte buf[], size_t buf_size) +size_t Channel::received_data(const byte buf[], size_t buf_size) { try { @@ -130,13 +132,13 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size) /* * Split up and process handshake messages */ -void TLS_Channel::read_handshake(byte rec_type, +void Channel::read_handshake(byte rec_type, const MemoryRegion<byte>& rec_buf) { if(rec_type == HANDSHAKE) { if(!state) - state = new TLS_Handshake_State; + state = new Handshake_State; state->queue.write(&rec_buf[0], rec_buf.size()); } @@ -183,7 +185,7 @@ void TLS_Channel::read_handshake(byte rec_type, } } -void TLS_Channel::send(const byte buf[], size_t buf_size) +void Channel::send(const byte buf[], size_t buf_size) { if(!is_active()) throw std::runtime_error("Data cannot be sent on inactive TLS connection"); @@ -191,7 +193,7 @@ void TLS_Channel::send(const byte buf[], size_t buf_size) writer.send(APPLICATION_DATA, buf, buf_size); } -void TLS_Channel::alert(Alert_Level alert_level, Alert_Type alert_code) +void Channel::alert(Alert_Level alert_level, Alert_Type alert_code) { if(alert_code != NULL_ALERT && !connection_closed) { @@ -214,7 +216,7 @@ void TLS_Channel::alert(Alert_Level alert_level, Alert_Type alert_code) } } -void TLS_Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) +void Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) { if(initial_handshake) { @@ -246,7 +248,7 @@ void TLS_Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) } } -void TLS_Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) +void Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) { if(initial_handshake) { @@ -283,7 +285,7 @@ void TLS_Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) initial_handshake = false; } -void TLS_Channel::Secure_Renegotiation_State::update(Finished* client_finished, +void Channel::Secure_Renegotiation_State::update(Finished* client_finished, Finished* server_finished) { client_verify = client_finished->verify_data(); @@ -291,3 +293,5 @@ void TLS_Channel::Secure_Renegotiation_State::update(Finished* client_finished, } } + +} diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index 2b4e6d161..6021b65b2 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -16,10 +16,12 @@ namespace Botan { +namespace TLS { + /** * Generic interface for TLS endpoint */ -class BOTAN_DLL TLS_Channel +class BOTAN_DLL Channel { public: /** @@ -59,11 +61,11 @@ class BOTAN_DLL TLS_Channel */ std::vector<X509_Certificate> peer_cert_chain() const { return peer_certs; } - TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, + Channel(std::tr1::function<void (const byte[], size_t)> socket_output_fn, std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, - std::tr1::function<bool (const TLS_Session&)> handshake_complete); + std::tr1::function<bool (const Session&)> handshake_complete); - virtual ~TLS_Channel(); + virtual ~Channel(); protected: /** @@ -83,14 +85,14 @@ class BOTAN_DLL TLS_Channel virtual void alert_notify(bool fatal_alert, Alert_Type type) = 0; std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn; - std::tr1::function<bool (const TLS_Session&)> handshake_fn; + std::tr1::function<bool (const Session&)> handshake_fn; Record_Writer writer; Record_Reader reader; std::vector<X509_Certificate> peer_certs; - class TLS_Handshake_State* state; + class Handshake_State* state; class Secure_Renegotiation_State { @@ -131,4 +133,6 @@ class BOTAN_DLL TLS_Channel } +} + #endif diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 48f0aec16..d1b31f137 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -13,19 +13,21 @@ namespace Botan { +namespace TLS { + /* * TLS Client Constructor */ -TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn, +Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn, std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, - std::tr1::function<bool (const TLS_Session&)> handshake_fn, - TLS_Session_Manager& session_manager, + std::tr1::function<bool (const Session&)> handshake_fn, + Session_Manager& session_manager, Credentials_Manager& creds, - const TLS_Policy& policy, + const Policy& policy, RandomNumberGenerator& rng, const std::string& hostname, std::tr1::function<std::string (std::vector<std::string>)> next_protocol) : - TLS_Channel(output_fn, proc_fn, handshake_fn), + Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), session_manager(session_manager), @@ -33,7 +35,7 @@ TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn { writer.set_version(SSL_V3); - state = new TLS_Handshake_State; + state = new Handshake_State; state->set_expected_next(SERVER_HELLO); state->client_npn_cb = next_protocol; @@ -44,7 +46,7 @@ TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn if(hostname != "") { - TLS_Session session_info; + Session session_info; if(session_manager.load_from_host_info(hostname, 0, session_info)) { if(session_info.srp_identifier() == srp_identifier) @@ -80,12 +82,12 @@ TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn /* * Send a new client hello to renegotiate */ -void TLS_Client::renegotiate() +void Client::renegotiate() { if(state) return; // currently in handshake - state = new TLS_Handshake_State; + state = new Handshake_State; state->set_expected_next(SERVER_HELLO); state->client_hello = new Client_Hello(writer, state->hash, policy, rng, @@ -94,7 +96,7 @@ void TLS_Client::renegotiate() secure_renegotiation.update(state->client_hello); } -void TLS_Client::alert_notify(bool, Alert_Type type) +void Client::alert_notify(bool, Alert_Type type) { if(type == NO_RENEGOTIATION) { @@ -109,7 +111,7 @@ void TLS_Client::alert_notify(bool, Alert_Type type) /* * Process a handshake message */ -void TLS_Client::process_handshake_msg(Handshake_Type type, +void Client::process_handshake_msg(Handshake_Type type, const MemoryRegion<byte>& contents) { if(state == 0) @@ -178,7 +180,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, secure_renegotiation.update(state->server_hello); - state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); + state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); if(!state->server_hello->session_id().empty() && (state->server_hello->session_id() == state->client_hello->session_id())) @@ -206,13 +208,13 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, if(state->version > state->client_hello->version()) { throw TLS_Exception(HANDSHAKE_FAILURE, - "TLS_Client: Server replied with bad version"); + "Client: Server replied with bad version"); } if(state->version < policy.min_version()) { throw TLS_Exception(PROTOCOL_VERSION, - "TLS_Client: Server is too old for specified policy"); + "Client: Server is too old for specified policy"); } if(state->suite.sig_algo() != "") @@ -247,11 +249,11 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, peer_certs = state->server_certs->cert_chain(); if(peer_certs.size() == 0) throw TLS_Exception(HANDSHAKE_FAILURE, - "TLS_Client: No certificates sent by server"); + "Client: No certificates sent by server"); if(!policy.check_cert(peer_certs)) throw TLS_Exception(BAD_CERTIFICATE, - "TLS_Client: Server certificate is not valid"); + "Client: Server certificate is not valid"); std::auto_ptr<Public_Key> peer_key(peer_certs[0].subject_public_key()); @@ -368,7 +370,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, state->client_finished = new Finished(writer, state, CLIENT); } - TLS_Session session_info( + Session session_info( state->server_hello->session_id(), state->keys.master_secret(), state->server_hello->version(), @@ -398,3 +400,5 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, } } + +} diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 95b5c8f61..d67a14b75 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -15,10 +15,12 @@ namespace Botan { +namespace TLS { + /** * SSL/TLS Client */ -class BOTAN_DLL TLS_Client : public TLS_Channel +class BOTAN_DLL Client : public Channel { public: /** @@ -40,12 +42,12 @@ class BOTAN_DLL TLS_Client : public TLS_Channel * called with the list of protocols the server advertised; * the client should return the protocol it would like to use. */ - TLS_Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn, + Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn, std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, - std::tr1::function<bool (const TLS_Session&)> handshake_complete, - TLS_Session_Manager& session_manager, + std::tr1::function<bool (const Session&)> handshake_complete, + Session_Manager& session_manager, Credentials_Manager& creds, - const TLS_Policy& policy, + const Policy& policy, RandomNumberGenerator& rng, const std::string& servername = "", std::tr1::function<std::string (std::vector<std::string>)> next_protocol = @@ -58,12 +60,14 @@ class BOTAN_DLL TLS_Client : public TLS_Channel void alert_notify(bool is_fatal, Alert_Type type); - const TLS_Policy& policy; + const Policy& policy; RandomNumberGenerator& rng; - TLS_Session_Manager& session_manager; + Session_Manager& session_manager; Credentials_Manager& creds; }; } +} + #endif diff --git a/src/tls/tls_exceptn.h b/src/tls/tls_exceptn.h index 37b9c0d27..f29f008be 100644 --- a/src/tls/tls_exceptn.h +++ b/src/tls/tls_exceptn.h @@ -13,6 +13,8 @@ namespace Botan { +namespace TLS { + /** * Exception Base Class */ @@ -40,4 +42,6 @@ struct BOTAN_DLL Unexpected_Message : public TLS_Exception } +} + #endif diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 570c7161c..631095c1e 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -11,11 +11,13 @@ namespace Botan { +namespace TLS { + namespace { -TLS_Extension* make_extension(TLS_Data_Reader& reader, - u16bit code, - u16bit size) +Extension* make_extension(TLS_Data_Reader& reader, + u16bit code, + u16bit size) { switch(code) { @@ -47,7 +49,7 @@ TLS_Extension* make_extension(TLS_Data_Reader& reader, } -TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader) +Extensions::Extensions(TLS_Data_Reader& reader) { if(reader.has_remaining()) { @@ -61,7 +63,7 @@ TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader) const u16bit extension_code = reader.get_u16bit(); const u16bit extension_size = reader.get_u16bit(); - TLS_Extension* extn = make_extension(reader, + Extension* extn = make_extension(reader, extension_code, extension_size); @@ -73,11 +75,11 @@ TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader) } } -MemoryVector<byte> TLS_Extensions::serialize() const +MemoryVector<byte> Extensions::serialize() const { MemoryVector<byte> buf(2); // 2 bytes for length field - for(std::map<TLS_Handshake_Extension_Type, TLS_Extension*>::const_iterator i = extensions.begin(); + for(std::map<Handshake_Extension_Type, Extension*>::const_iterator i = extensions.begin(); i != extensions.end(); ++i) { if(i->second->empty()) @@ -108,9 +110,9 @@ MemoryVector<byte> TLS_Extensions::serialize() const return buf; } -TLS_Extensions::~TLS_Extensions() +Extensions::~Extensions() { - for(std::map<TLS_Handshake_Extension_Type, TLS_Extension*>::const_iterator i = extensions.begin(); + for(std::map<Handshake_Extension_Type, Extension*>::const_iterator i = extensions.begin(); i != extensions.end(); ++i) { delete i->second; @@ -516,3 +518,5 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, } } + +} diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h index d0aee6d04..7f9321331 100644 --- a/src/tls/tls_extensions.h +++ b/src/tls/tls_extensions.h @@ -16,33 +16,35 @@ namespace Botan { +namespace TLS { + class TLS_Data_Reader; /** * Base class representing a TLS extension of some kind */ -class TLS_Extension +class Extension { public: - virtual TLS_Handshake_Extension_Type type() const = 0; + virtual Handshake_Extension_Type type() const = 0; virtual MemoryVector<byte> serialize() const = 0; virtual bool empty() const = 0; - virtual ~TLS_Extension() {} + virtual ~Extension() {} }; /** * Server Name Indicator extension (RFC 3546) */ -class Server_Name_Indicator : public TLS_Extension +class Server_Name_Indicator : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_SERVER_NAME_INDICATION; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } Server_Name_Indicator(const std::string& host_name) : sni_host_name(host_name) {} @@ -62,13 +64,13 @@ class Server_Name_Indicator : public TLS_Extension /** * SRP identifier extension (RFC 5054) */ -class SRP_Identifier : public TLS_Extension +class SRP_Identifier : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_SRP_IDENTIFIER; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } SRP_Identifier(const std::string& identifier) : srp_identifier(identifier) {} @@ -88,13 +90,13 @@ class SRP_Identifier : public TLS_Extension /** * Renegotiation Indication Extension (RFC 5746) */ -class Renegotation_Extension : public TLS_Extension +class Renegotation_Extension : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_SAFE_RENEGOTIATION; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } Renegotation_Extension() {} @@ -117,13 +119,13 @@ class Renegotation_Extension : public TLS_Extension /** * Maximum Fragment Length Negotiation Extension (RFC 4366 sec 3.2) */ -class Maximum_Fragment_Length : public TLS_Extension +class Maximum_Fragment_Length : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_MAX_FRAGMENT_LENGTH; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } bool empty() const { return val != 0; } @@ -156,13 +158,13 @@ class Maximum_Fragment_Length : public TLS_Extension * spec (implemented in Chromium); the internet draft leaves the format * unspecified. */ -class Next_Protocol_Notification : public TLS_Extension +class Next_Protocol_Notification : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_NEXT_PROTOCOL; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } const std::vector<std::string>& protocols() const { return m_protocols; } @@ -191,13 +193,13 @@ class Next_Protocol_Notification : public TLS_Extension /** * Supported Elliptic Curves Extension (RFC 4492) */ -class Supported_Elliptic_Curves : public TLS_Extension +class Supported_Elliptic_Curves : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_USABLE_ELLIPTIC_CURVES; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } const std::vector<std::string>& curves() const { return m_curves; } @@ -216,13 +218,13 @@ class Supported_Elliptic_Curves : public TLS_Extension /** * Signature Algorithms Extension for TLS 1.2 (RFC 5246) */ -class Signature_Algorithms : public TLS_Extension +class Signature_Algorithms : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_SIGNATURE_ALGORITHMS; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } static std::string hash_algo_name(byte code); static byte hash_algo_code(const std::string& name); @@ -252,15 +254,15 @@ class Signature_Algorithms : public TLS_Extension /** * Represents a block of extensions in a hello message */ -class TLS_Extensions +class Extensions { public: template<typename T> T* get() const { - TLS_Handshake_Extension_Type type = T::static_type(); + Handshake_Extension_Type type = T::static_type(); - std::map<TLS_Handshake_Extension_Type, TLS_Extension*>::const_iterator i = + std::map<Handshake_Extension_Type, Extension*>::const_iterator i = extensions.find(type); if(i != extensions.end()) @@ -268,7 +270,7 @@ class TLS_Extensions return 0; } - void add(TLS_Extension* extn) + void add(Extension* extn) { delete extensions[extn->type()]; // or hard error if already exists? extensions[extn->type()] = extn; @@ -276,18 +278,20 @@ class TLS_Extensions MemoryVector<byte> serialize() const; - TLS_Extensions() {} + Extensions() {} - TLS_Extensions(TLS_Data_Reader& reader); // deserialize + Extensions(TLS_Data_Reader& reader); // deserialize - ~TLS_Extensions(); + ~Extensions(); private: - TLS_Extensions(const TLS_Extensions&) {} - TLS_Extensions& operator=(const TLS_Extensions&) { return (*this); } + Extensions(const Extensions&) {} + Extensions& operator=(const Extensions&) { return (*this); } - std::map<TLS_Handshake_Extension_Type, TLS_Extension*> extensions; + std::map<Handshake_Extension_Type, Extension*> extensions; }; } +} + #endif diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 14d5cd5a1..e521ea342 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -14,7 +14,9 @@ namespace Botan { -void TLS_Handshake_Hash::update(Handshake_Type handshake_type, +namespace TLS { + +void Handshake_Hash::update(Handshake_Type handshake_type, const MemoryRegion<byte>& handshake_msg) { update(static_cast<byte>(handshake_type)); @@ -29,7 +31,7 @@ void TLS_Handshake_Hash::update(Handshake_Type handshake_type, /** * Return a TLS Handshake Hash */ -SecureVector<byte> TLS_Handshake_Hash::final(Version_Code version) +SecureVector<byte> Handshake_Hash::final(Version_Code version) { SecureVector<byte> output; @@ -61,7 +63,7 @@ SecureVector<byte> TLS_Handshake_Hash::final(Version_Code version) /** * Return a SSLv3 Handshake Hash */ -SecureVector<byte> TLS_Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) +SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) { const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C; @@ -97,3 +99,5 @@ SecureVector<byte> TLS_Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secr } } + +} diff --git a/src/tls/tls_handshake_hash.h b/src/tls/tls_handshake_hash.h index 1ca11b99f..a6c2b44e1 100644 --- a/src/tls/tls_handshake_hash.h +++ b/src/tls/tls_handshake_hash.h @@ -13,12 +13,14 @@ namespace Botan { +namespace TLS { + using namespace Botan; /** * TLS Handshake Hash */ -class TLS_Handshake_Hash +class Handshake_Hash { public: void update(const byte in[], size_t length) @@ -45,4 +47,6 @@ class TLS_Handshake_Hash } +} + #endif diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 6ad9b630c..5eb44414e 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -11,6 +11,8 @@ namespace Botan { +namespace TLS { + namespace { u32bit bitmask_for_handshake_type(Handshake_Type type) @@ -73,7 +75,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) /* * Initialize the SSL/TLS Handshake State */ -TLS_Handshake_State::TLS_Handshake_State() +Handshake_State::Handshake_State() { client_hello = 0; server_hello = 0; @@ -97,7 +99,7 @@ TLS_Handshake_State::TLS_Handshake_State() hand_received_mask = 0; } -void TLS_Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) +void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) { const u32bit mask = bitmask_for_handshake_type(handshake_msg); @@ -117,12 +119,12 @@ void TLS_Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) hand_expecting_mask = 0; } -void TLS_Handshake_State::set_expected_next(Handshake_Type handshake_msg) +void Handshake_State::set_expected_next(Handshake_Type handshake_msg) { hand_expecting_mask |= bitmask_for_handshake_type(handshake_msg); } -bool TLS_Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const +bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const { const u32bit mask = bitmask_for_handshake_type(handshake_msg); @@ -130,7 +132,7 @@ bool TLS_Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) c } std::pair<std::string, Signature_Format> -TLS_Handshake_State::choose_sig_format(const Private_Key* key, +Handshake_State::choose_sig_format(const Private_Key* key, std::string& hash_algo_out, std::string& sig_algo_out, bool for_client_auth) @@ -182,7 +184,7 @@ TLS_Handshake_State::choose_sig_format(const Private_Key* key, } std::pair<std::string, Signature_Format> -TLS_Handshake_State::understand_sig_format(const Public_Key* key, +Handshake_State::understand_sig_format(const Public_Key* key, std::string hash_algo, std::string sig_algo, bool for_client_auth) @@ -247,7 +249,7 @@ TLS_Handshake_State::understand_sig_format(const Public_Key* key, /* * Destroy the SSL/TLS Handshake State */ -TLS_Handshake_State::~TLS_Handshake_State() +Handshake_State::~Handshake_State() { delete client_hello; delete server_hello; @@ -267,3 +269,5 @@ TLS_Handshake_State::~TLS_Handshake_State() } } + +} diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 18b289fe1..54e0da892 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -32,14 +32,16 @@ namespace Botan { +namespace TLS { + /** * SSL/TLS Handshake State */ -class TLS_Handshake_State +class Handshake_State { public: - TLS_Handshake_State(); - ~TLS_Handshake_State(); + Handshake_State(); + ~Handshake_State(); bool received_handshake_msg(Handshake_Type handshake_msg) const; @@ -78,9 +80,9 @@ class TLS_Handshake_State Private_Key* kex_priv; - TLS_Ciphersuite suite; + Ciphersuite suite; Session_Keys keys; - TLS_Handshake_Hash hash; + Handshake_Hash hash; SecureQueue queue; @@ -100,4 +102,6 @@ class TLS_Handshake_State } +} + #endif diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h index 3426088bd..09919c26f 100644 --- a/src/tls/tls_magic.h +++ b/src/tls/tls_magic.h @@ -10,6 +10,8 @@ namespace Botan { +namespace TLS { + /** * Protocol Constants for SSL/TLS */ @@ -167,7 +169,7 @@ enum Compression_Method { DEFLATE_COMPRESSION = 0x01 }; -enum TLS_Handshake_Extension_Type { +enum Handshake_Extension_Type { TLSEXT_SERVER_NAME_INDICATION = 0, TLSEXT_MAX_FRAGMENT_LENGTH = 1, TLSEXT_CLIENT_CERT_URL = 2, @@ -189,4 +191,6 @@ enum TLS_Handshake_Extension_Type { } +} + #endif diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 3579f7828..89eb4af16 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -20,6 +20,8 @@ namespace Botan { +namespace TLS { + class Record_Writer; class Record_Reader; @@ -29,7 +31,7 @@ class Record_Reader; class Handshake_Message { public: - void send(Record_Writer& writer, TLS_Handshake_Hash& hash) const; + void send(Record_Writer& writer, Handshake_Hash& hash) const; virtual Handshake_Type type() const = 0; @@ -82,8 +84,8 @@ class Client_Hello : public Handshake_Message size_t fragment_size() const { return m_fragment_size; } Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, + Handshake_Hash& hash, + const Policy& policy, RandomNumberGenerator& rng, const MemoryRegion<byte>& reneg_info, bool next_protocol = false, @@ -91,9 +93,9 @@ class Client_Hello : public Handshake_Message const std::string& srp_identifier = ""); Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, RandomNumberGenerator& rng, - const TLS_Session& resumed_session, + const Session& resumed_session, bool next_protocol = false); Client_Hello(const MemoryRegion<byte>& buf, @@ -153,11 +155,11 @@ class Server_Hello : public Handshake_Message const MemoryVector<byte>& random() const { return s_random; } Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, Version_Code version, const Client_Hello& other, const std::vector<X509_Certificate>& certs, - const TLS_Policy& policies, + const Policy& policies, bool client_has_secure_renegotiation, const MemoryRegion<byte>& reneg_info, bool client_has_npn, @@ -165,7 +167,7 @@ class Server_Hello : public Handshake_Message RandomNumberGenerator& rng); Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const MemoryRegion<byte>& session_id, Version_Code ver, u16bit ciphersuite, @@ -210,12 +212,12 @@ class Client_Key_Exchange : public Handshake_Message Version_Code version); Client_Key_Exchange(Record_Writer& output, - TLS_Handshake_State* state, + Handshake_State* state, const std::vector<X509_Certificate>& peer_certs, RandomNumberGenerator& rng); Client_Key_Exchange(const MemoryRegion<byte>& buf, - const TLS_Ciphersuite& suite, + const Ciphersuite& suite, Version_Code using_version); private: MemoryVector<byte> serialize() const; @@ -237,7 +239,7 @@ class Certificate : public Handshake_Message bool empty() const { return certs.empty(); } Certificate(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const std::vector<X509_Certificate>& certs); Certificate(const MemoryRegion<byte>& buf); @@ -262,8 +264,8 @@ class Certificate_Req : public Handshake_Message { return m_supported_algos; } Certificate_Req(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, + Handshake_Hash& hash, + const Policy& policy, const std::vector<X509_Certificate>& allowed_cas, Version_Code version); @@ -292,10 +294,10 @@ class Certificate_Verify : public Handshake_Message * @param state the handshake state */ bool verify(const X509_Certificate& cert, - TLS_Handshake_State* state); + Handshake_State* state); Certificate_Verify(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, RandomNumberGenerator& rng, const Private_Key* key); @@ -320,11 +322,11 @@ class Finished : public Handshake_Message MemoryVector<byte> verify_data() const { return verification_data; } - bool verify(TLS_Handshake_State* state, + bool verify(Handshake_State* state, Connection_Side side); Finished(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, Connection_Side side); Finished(const MemoryRegion<byte>& buf); @@ -360,10 +362,10 @@ class Server_Key_Exchange : public Handshake_Message const std::vector<BigInt>& params() const { return m_params; } bool verify(const X509_Certificate& cert, - TLS_Handshake_State* state) const; + Handshake_State* state) const; Server_Key_Exchange(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, RandomNumberGenerator& rng, const Private_Key* priv_key); @@ -390,7 +392,7 @@ class Server_Hello_Done : public Handshake_Message public: Handshake_Type type() const { return SERVER_HELLO_DONE; } - Server_Hello_Done(Record_Writer& writer, TLS_Handshake_Hash& hash); + Server_Hello_Done(Record_Writer& writer, Handshake_Hash& hash); Server_Hello_Done(const MemoryRegion<byte>& buf); private: MemoryVector<byte> serialize() const; @@ -407,7 +409,7 @@ class Next_Protocol : public Handshake_Message std::string protocol() const { return m_protocol; } Next_Protocol(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const std::string& protocol); Next_Protocol(const MemoryRegion<byte>& buf); @@ -419,4 +421,6 @@ class Next_Protocol : public Handshake_Message } +} + #endif diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index c02f35a9a..ca6286b72 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -12,7 +12,9 @@ namespace Botan { -std::vector<std::string> TLS_Policy::allowed_ciphers() const +namespace TLS { + +std::vector<std::string> Policy::allowed_ciphers() const { std::vector<std::string> allowed; allowed.push_back("AES-256"); @@ -23,7 +25,7 @@ std::vector<std::string> TLS_Policy::allowed_ciphers() const return allowed; } -std::vector<std::string> TLS_Policy::allowed_hashes() const +std::vector<std::string> Policy::allowed_hashes() const { std::vector<std::string> allowed; allowed.push_back("SHA-512"); @@ -35,7 +37,7 @@ std::vector<std::string> TLS_Policy::allowed_hashes() const return allowed; } -std::vector<std::string> TLS_Policy::allowed_key_exchange_methods() const +std::vector<std::string> Policy::allowed_key_exchange_methods() const { std::vector<std::string> allowed; //allowed.push_back("ECDH"); @@ -45,7 +47,7 @@ std::vector<std::string> TLS_Policy::allowed_key_exchange_methods() const return allowed; } -std::vector<std::string> TLS_Policy::allowed_signature_methods() const +std::vector<std::string> Policy::allowed_signature_methods() const { std::vector<std::string> allowed; //allowed.push_back("ECDSA"); @@ -65,7 +67,7 @@ class Ciphersuite_Preference_Ordering const std::vector<std::string>& sigs) : m_ciphers(ciphers), m_hashes(hashes), m_kex(kex), m_sigs(sigs) {} - bool operator()(const TLS_Ciphersuite& a, const TLS_Ciphersuite& b) const + bool operator()(const Ciphersuite& a, const Ciphersuite& b) const { if(a.kex_algo() != b.kex_algo()) { @@ -120,7 +122,7 @@ class Ciphersuite_Preference_Ordering } -std::vector<u16bit> TLS_Policy::ciphersuite_list(bool have_srp) const +std::vector<u16bit> Policy::ciphersuite_list(bool have_srp) const { std::vector<std::string> ciphers = allowed_ciphers(); std::vector<std::string> hashes = allowed_hashes(); @@ -137,12 +139,12 @@ std::vector<u16bit> TLS_Policy::ciphersuite_list(bool have_srp) const Ciphersuite_Preference_Ordering order(ciphers, hashes, kex, sigs); - std::map<TLS_Ciphersuite, u16bit, Ciphersuite_Preference_Ordering> ciphersuites(order); + std::map<Ciphersuite, u16bit, Ciphersuite_Preference_Ordering> ciphersuites(order); // When in doubt use brute force :) for(u32bit i = 0; i != 65536; ++i) { - TLS_Ciphersuite suite = TLS_Ciphersuite::lookup_ciphersuite(i); + Ciphersuite suite = Ciphersuite::lookup_ciphersuite(i); if(suite.cipher_keylen() == 0) continue; // not a ciphersuite we know @@ -157,7 +159,7 @@ std::vector<u16bit> TLS_Policy::ciphersuite_list(bool have_srp) const std::vector<u16bit> ciphersuite_codes; - for(std::map<TLS_Ciphersuite, u16bit, Ciphersuite_Preference_Ordering>::iterator i = ciphersuites.begin(); + for(std::map<Ciphersuite, u16bit, Ciphersuite_Preference_Ordering>::iterator i = ciphersuites.begin(); i != ciphersuites.end(); ++i) { ciphersuite_codes.push_back(i->second); @@ -169,7 +171,7 @@ std::vector<u16bit> TLS_Policy::ciphersuite_list(bool have_srp) const /* * Return allowed compression algorithms */ -std::vector<byte> TLS_Policy::compression() const +std::vector<byte> Policy::compression() const { std::vector<byte> algs; algs.push_back(NO_COMPRESSION); @@ -179,7 +181,7 @@ std::vector<byte> TLS_Policy::compression() const /* * Choose which ciphersuite to use */ -u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& client_suites, +u16bit Policy::choose_suite(const std::vector<u16bit>& client_suites, bool have_rsa, bool have_dsa, bool have_srp) const @@ -187,7 +189,7 @@ u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& client_suites, for(size_t i = 0; i != client_suites.size(); ++i) { u16bit suite_id = client_suites[i]; - TLS_Ciphersuite suite = TLS_Ciphersuite::lookup_ciphersuite(suite_id); + Ciphersuite suite = Ciphersuite::lookup_ciphersuite(suite_id); if(suite.cipher_keylen() == 0) continue; // not a ciphersuite we know @@ -216,7 +218,7 @@ u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& client_suites, /* * Choose which compression algorithm to use */ -byte TLS_Policy::choose_compression(const std::vector<byte>& c_comp) const +byte Policy::choose_compression(const std::vector<byte>& c_comp) const { std::vector<byte> s_comp = compression(); @@ -229,3 +231,5 @@ byte TLS_Policy::choose_compression(const std::vector<byte>& c_comp) const } } + +} diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h index 5bf60742b..f8e608cdb 100644 --- a/src/tls/tls_policy.h +++ b/src/tls/tls_policy.h @@ -15,11 +15,13 @@ namespace Botan { +namespace TLS { + /** * TLS Policy Base Class * Inherit and overload as desired to suite local policy concerns */ -class BOTAN_DLL TLS_Policy +class BOTAN_DLL Policy { public: /* @@ -77,9 +79,11 @@ class BOTAN_DLL TLS_Policy */ virtual Version_Code pref_version() const { return TLS_V12; } - virtual ~TLS_Policy() {} + virtual ~Policy() {} }; } +} + #endif diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index 1cf7adab0..09487c5f9 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -17,6 +17,8 @@ namespace Botan { +namespace TLS { + /** * Helper class for decoding TLS protocol messages */ @@ -205,4 +207,6 @@ void append_tls_length_value(MemoryRegion<byte>& buf, } +} + #endif diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index c4b483c80..979154001 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -30,6 +30,8 @@ namespace Botan { +namespace TLS { + class Session_Keys; /** @@ -43,7 +45,7 @@ class BOTAN_DLL Record_Writer void alert(Alert_Level level, Alert_Type type); - void activate(const TLS_Ciphersuite& suite, + void activate(const Ciphersuite& suite, const Session_Keys& keys, Connection_Side side); @@ -97,7 +99,7 @@ class BOTAN_DLL Record_Reader byte& msg_type, MemoryVector<byte>& msg); - void activate(const TLS_Ciphersuite& suite, + void activate(const Ciphersuite& suite, const Session_Keys& keys, Connection_Side side); @@ -132,4 +134,6 @@ class BOTAN_DLL Record_Reader } +} + #endif diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 5d07d22ba..6c6977b91 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -13,10 +13,12 @@ namespace Botan { +namespace TLS { + namespace { -bool check_for_resume(TLS_Session& session_info, - TLS_Session_Manager& session_manager, +bool check_for_resume(Session& session_info, + Session_Manager& session_manager, Client_Hello* client_hello) { MemoryVector<byte> client_session_id = client_hello->session_id(); @@ -64,15 +66,15 @@ bool check_for_resume(TLS_Session& session_info, /* * TLS Server Constructor */ -TLS_Server::TLS_Server(std::tr1::function<void (const byte[], size_t)> output_fn, +Server::Server(std::tr1::function<void (const byte[], size_t)> output_fn, std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, - std::tr1::function<bool (const TLS_Session&)> handshake_fn, - TLS_Session_Manager& session_manager, + std::tr1::function<bool (const Session&)> handshake_fn, + Session_Manager& session_manager, Credentials_Manager& creds, - const TLS_Policy& policy, + const Policy& policy, RandomNumberGenerator& rng, const std::vector<std::string>& next_protocols) : - TLS_Channel(output_fn, proc_fn, handshake_fn), + Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), session_manager(session_manager), @@ -84,17 +86,17 @@ TLS_Server::TLS_Server(std::tr1::function<void (const byte[], size_t)> output_fn /* * Send a hello request to the client */ -void TLS_Server::renegotiate() +void Server::renegotiate() { if(state) return; // currently in handshake - state = new TLS_Handshake_State; + state = new Handshake_State; state->set_expected_next(CLIENT_HELLO); Hello_Request hello_req(writer); } -void TLS_Server::alert_notify(bool, Alert_Type type) +void Server::alert_notify(bool, Alert_Type type) { if(type == NO_RENEGOTIATION) { @@ -109,22 +111,22 @@ void TLS_Server::alert_notify(bool, Alert_Type type) /* * Split up and process handshake messages */ -void TLS_Server::read_handshake(byte rec_type, +void Server::read_handshake(byte rec_type, const MemoryRegion<byte>& rec_buf) { if(rec_type == HANDSHAKE && !state) { - state = new TLS_Handshake_State; + state = new Handshake_State; state->set_expected_next(CLIENT_HELLO); } - TLS_Channel::read_handshake(rec_type, rec_buf); + Channel::read_handshake(rec_type, rec_buf); } /* * Process a handshake message */ -void TLS_Server::process_handshake_msg(Handshake_Type type, +void Server::process_handshake_msg(Handshake_Type type, const MemoryRegion<byte>& contents) { if(state == 0) @@ -169,7 +171,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer.set_version(state->version); reader.set_version(state->version); - TLS_Session session_info; + Session session_info; const bool resuming = check_for_resume(session_info, session_manager, state->client_hello); @@ -198,7 +200,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer.set_maximum_fragment_size(session_info.fragment_size()); } - state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); + state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); state->keys = Session_Keys(state, session_info.master_secret(), true); @@ -245,7 +247,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer.set_maximum_fragment_size(state->client_hello->fragment_size()); } - state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); + state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); if(state->suite.sig_algo() != "") { @@ -259,7 +261,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, if(state->suite.kex_algo() == "DH") state->kex_priv = new DH_PrivateKey(rng, policy.dh_group()); else - throw Internal_Error("TLS_Server: Unknown ciphersuite kex type " + + throw Internal_Error("Server: Unknown ciphersuite kex type " + state->suite.kex_algo()); state->server_kex = @@ -386,7 +388,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, peer_certs = state->client_certs->cert_chain(); } - TLS_Session session_info( + Session session_info( state->server_hello->session_id(), state->keys.master_secret(), state->server_hello->version(), @@ -417,3 +419,5 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, } } + +} diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index f8c3a8563..c283d4a18 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -15,21 +15,23 @@ namespace Botan { +namespace TLS { + /** * TLS Server */ -class BOTAN_DLL TLS_Server : public TLS_Channel +class BOTAN_DLL Server : public Channel { public: /** - * TLS_Server initialization + * Server initialization */ - TLS_Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn, + Server(std::tr1::function<void (const byte[], size_t)> socket_output_fn, std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn, - std::tr1::function<bool (const TLS_Session&)> handshake_complete, - TLS_Session_Manager& session_manager, + std::tr1::function<bool (const Session&)> handshake_complete, + Session_Manager& session_manager, Credentials_Manager& creds, - const TLS_Policy& policy, + const Policy& policy, RandomNumberGenerator& rng, const std::vector<std::string>& protocols = std::vector<std::string>()); @@ -55,9 +57,9 @@ class BOTAN_DLL TLS_Server : public TLS_Channel void alert_notify(bool is_fatal, Alert_Type type); - const TLS_Policy& policy; + const Policy& policy; RandomNumberGenerator& rng; - TLS_Session_Manager& session_manager; + Session_Manager& session_manager; Credentials_Manager& creds; std::vector<std::string> m_possible_protocols; @@ -67,4 +69,6 @@ class BOTAN_DLL TLS_Server : public TLS_Channel } +} + #endif diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index deaddb227..3716878e1 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -13,7 +13,9 @@ namespace Botan { -TLS_Session::TLS_Session(const MemoryRegion<byte>& session_identifier, +namespace TLS { + +Session::Session(const MemoryRegion<byte>& session_identifier, const MemoryRegion<byte>& master_secret, Version_Code version, u16bit ciphersuite, @@ -41,7 +43,7 @@ TLS_Session::TLS_Session(const MemoryRegion<byte>& session_identifier, m_peer_certificate = certs[0].BER_encode(); } -TLS_Session::TLS_Session(const byte ber[], size_t ber_len) +Session::Session(const byte ber[], size_t ber_len) { BER_Decoder decoder(ber, ber_len); @@ -70,7 +72,7 @@ TLS_Session::TLS_Session(const byte ber[], size_t ber_len) m_connection_side = static_cast<Connection_Side>(side_code); } -SecureVector<byte> TLS_Session::BER_encode() const +SecureVector<byte> Session::BER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -92,3 +94,5 @@ SecureVector<byte> TLS_Session::BER_encode() const } } + +} diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 12b76bcab..9b3f5b194 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -14,17 +14,19 @@ namespace Botan { +namespace TLS { + /** * Class representing a TLS session state */ -class BOTAN_DLL TLS_Session +class BOTAN_DLL Session { public: /** * Uninitialized session */ - TLS_Session() : + Session() : m_start_time(0), m_version(0), m_ciphersuite(0), @@ -37,7 +39,7 @@ class BOTAN_DLL TLS_Session /** * New session (sets session start time) */ - TLS_Session(const MemoryRegion<byte>& session_id, + Session(const MemoryRegion<byte>& session_id, const MemoryRegion<byte>& master_secret, Version_Code version, u16bit ciphersuite, @@ -52,7 +54,7 @@ class BOTAN_DLL TLS_Session /** * Load a session from BER (created by BER_encode) */ - TLS_Session(const byte ber[], size_t ber_len); + Session(const byte ber[], size_t ber_len); /** * Encode this session data for storage @@ -154,4 +156,6 @@ class BOTAN_DLL TLS_Session } +} + #endif diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index cb55499f0..42727273a 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -13,6 +13,8 @@ namespace Botan { +namespace TLS { + namespace { std::string lookup_prf_name(Version_Code version) @@ -32,7 +34,7 @@ std::string lookup_prf_name(Version_Code version) /** * Session_Keys Constructor */ -Session_Keys::Session_Keys(TLS_Handshake_State* state, +Session_Keys::Session_Keys(Handshake_State* state, const MemoryRegion<byte>& pre_master_secret, bool resuming) { @@ -101,3 +103,5 @@ Session_Keys::Session_Keys(TLS_Handshake_State* state, } } + +} diff --git a/src/tls/tls_session_key.h b/src/tls/tls_session_key.h index 8ba3d2b72..736475be6 100644 --- a/src/tls/tls_session_key.h +++ b/src/tls/tls_session_key.h @@ -14,6 +14,8 @@ namespace Botan { +namespace TLS { + /** * TLS Session Keys */ @@ -33,7 +35,7 @@ class Session_Keys Session_Keys() {} - Session_Keys(class TLS_Handshake_State* state, + Session_Keys(class Handshake_State* state, const MemoryRegion<byte>& pre_master, bool resuming); @@ -45,4 +47,6 @@ class Session_Keys } +} + #endif diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index e5ec75c88..59fc75b9f 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -11,10 +11,12 @@ namespace Botan { -bool TLS_Session_Manager_In_Memory::load_from_session_str( - const std::string& session_str, TLS_Session& session) +namespace TLS { + +bool Session_Manager_In_Memory::load_from_session_str( + const std::string& session_str, Session& session) { - std::map<std::string, TLS_Session>::iterator i = sessions.find(session_str); + std::map<std::string, Session>::iterator i = sessions.find(session_str); if(i == sessions.end()) return false; @@ -31,14 +33,14 @@ bool TLS_Session_Manager_In_Memory::load_from_session_str( return true; } -bool TLS_Session_Manager_In_Memory::load_from_session_id( - const MemoryRegion<byte>& session_id, TLS_Session& session) +bool Session_Manager_In_Memory::load_from_session_id( + const MemoryRegion<byte>& session_id, Session& session) { return load_from_session_str(hex_encode(session_id), session); } -bool TLS_Session_Manager_In_Memory::load_from_host_info( - const std::string& hostname, u16bit port, TLS_Session& session) +bool Session_Manager_In_Memory::load_from_host_info( + const std::string& hostname, u16bit port, Session& session) { std::map<std::string, std::string>::iterator i; @@ -59,17 +61,17 @@ bool TLS_Session_Manager_In_Memory::load_from_host_info( return false; } -void TLS_Session_Manager_In_Memory::remove_entry( +void Session_Manager_In_Memory::remove_entry( const MemoryRegion<byte>& session_id) { - std::map<std::string, TLS_Session>::iterator i = + std::map<std::string, Session>::iterator i = sessions.find(hex_encode(session_id)); if(i != sessions.end()) sessions.erase(i); } -void TLS_Session_Manager_In_Memory::save(const TLS_Session& session) +void Session_Manager_In_Memory::save(const Session& session) { if(max_sessions != 0) { @@ -90,3 +92,5 @@ void TLS_Session_Manager_In_Memory::save(const TLS_Session& session) } } + +} diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index 289b76a3b..c25fecac4 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -13,8 +13,10 @@ namespace Botan { +namespace TLS { + /** -* TLS_Session_Manager is an interface to systems which can save +* Session_Manager is an interface to systems which can save * session parameters for supporting session resumption. * * Saving sessions is done on a best-effort basis; an implementation is @@ -22,7 +24,7 @@ namespace Botan { * * Implementations should strive to be thread safe */ -class BOTAN_DLL TLS_Session_Manager +class BOTAN_DLL Session_Manager { public: /** @@ -33,7 +35,7 @@ class BOTAN_DLL TLS_Session_Manager * @return true if session was modified */ virtual bool load_from_session_id(const MemoryRegion<byte>& session_id, - TLS_Session& session) = 0; + Session& session) = 0; /** * Try to load a saved session (client side) @@ -44,7 +46,7 @@ class BOTAN_DLL TLS_Session_Manager * @return true if session was modified */ virtual bool load_from_host_info(const std::string& hostname, u16bit port, - TLS_Session& session) = 0; + Session& session) = 0; /** * Remove this session id from the cache, if it exists @@ -59,18 +61,18 @@ class BOTAN_DLL TLS_Session_Manager * * @param session to save */ - virtual void save(const TLS_Session& session) = 0; + virtual void save(const Session& session) = 0; - virtual ~TLS_Session_Manager() {} + virtual ~Session_Manager() {} }; /** -* A simple implementation of TLS_Session_Manager that just saves +* A simple implementation of Session_Manager that just saves * values in memory, with no persistance abilities * * @todo add locking */ -class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager +class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager { public: /** @@ -79,32 +81,34 @@ class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager * @param session_lifetime sessions are expired after this many * seconds have elapsed from initial handshake. */ - TLS_Session_Manager_In_Memory(size_t max_sessions = 1000, + Session_Manager_In_Memory(size_t max_sessions = 1000, size_t session_lifetime = 7200) : max_sessions(max_sessions), session_lifetime(session_lifetime) {} bool load_from_session_id(const MemoryRegion<byte>& session_id, - TLS_Session& session); + Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, - TLS_Session& session); + Session& session); void remove_entry(const MemoryRegion<byte>& session_id); - void save(const TLS_Session& session_data); + void save(const Session& session_data); private: bool load_from_session_str(const std::string& session_str, - TLS_Session& session); + Session& session); size_t max_sessions, session_lifetime; - std::map<std::string, TLS_Session> sessions; // hex(session_id) -> session + std::map<std::string, Session> sessions; // hex(session_id) -> session std::map<std::string, std::string> host_sessions; }; } +} + #endif diff --git a/src/tls/tls_suites.cpp b/src/tls/tls_suites.cpp index c24cdb9f7..442d261cd 100644 --- a/src/tls/tls_suites.cpp +++ b/src/tls/tls_suites.cpp @@ -10,149 +10,151 @@ namespace Botan { +namespace TLS { + /** * Convert an SSL/TLS ciphersuite to algorithm fields */ -TLS_Ciphersuite TLS_Ciphersuite::lookup_ciphersuite(u16bit suite) +Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite) { switch(suite) { // RSA ciphersuites case TLS_RSA_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "", "SHA-1", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "", "SHA-1", "AES-256", 32); case TLS_RSA_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("RSA", "", "SHA-256", "AES-128", 16); + return Ciphersuite("RSA", "", "SHA-256", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA256: - return TLS_Ciphersuite("RSA", "", "SHA-256", "AES-256", 32); + return Ciphersuite("RSA", "", "SHA-256", "AES-256", 32); case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "TripleDES", 24); + return Ciphersuite("RSA", "", "SHA-1", "TripleDES", 24); case TLS_RSA_WITH_RC4_128_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "ARC4", 16); + return Ciphersuite("RSA", "", "SHA-1", "ARC4", 16); case TLS_RSA_WITH_RC4_128_MD5: - return TLS_Ciphersuite("RSA", "", "MD5", "ARC4", 16); + return Ciphersuite("RSA", "", "MD5", "ARC4", 16); case TLS_RSA_WITH_SEED_CBC_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "SEED", 16); + return Ciphersuite("RSA", "", "SHA-1", "SEED", 16); // DH/DSS ciphersuites case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16); + return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16); case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32); + return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32); case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16); + return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16); case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: - return TLS_Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32); + return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32); case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24); + return Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24); case TLS_DHE_DSS_WITH_RC4_128_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); + return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); case TLS_DHE_DSS_WITH_SEED_CBC_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); + return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); // DH/RSA ciphersuites case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32); case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16); + return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - return TLS_Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32); + return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32); case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24); + return Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24); case TLS_DHE_RSA_WITH_SEED_CBC_SHA: - return TLS_Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); + return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); // ECDH/RSA ciphersuites case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16); case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32); case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24); + return Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24); case TLS_ECDHE_RSA_WITH_RC4_128_SHA: - return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16); + return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16); // SRP/RSA ciphersuites case TLS_SRP_SHA_RSA_WITH_AES_128_SHA: - return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16); case TLS_SRP_SHA_RSA_WITH_AES_256_SHA: - return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32); case TLS_SRP_SHA_RSA_WITH_3DES_EDE_SHA: - return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "TripleDES", 24); + return Ciphersuite("RSA", "SRP", "SHA-1", "TripleDES", 24); // SRP/DSA ciphersuites case TLS_SRP_SHA_DSS_WITH_AES_128_SHA: - return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16); + return Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16); case TLS_SRP_SHA_DSS_WITH_AES_256_SHA: - return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32); + return Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32); case TLS_SRP_SHA_DSS_WITH_3DES_EDE_SHA: - return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "TripleDES", 24); + return Ciphersuite("DSA", "SRP", "SHA-1", "TripleDES", 24); // ECDH/ECDSA ciphersuites case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16); + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16); case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32); + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32); case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); + return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); + return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); + return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); + return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16); + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16); case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24); + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24); default: - return TLS_Ciphersuite(); // some unknown ciphersuite + return Ciphersuite(); // some unknown ciphersuite } } -TLS_Ciphersuite::TLS_Ciphersuite(const std::string& sig_algo, +Ciphersuite::Ciphersuite(const std::string& sig_algo, const std::string& kex_algo, const std::string& mac_algo, const std::string& cipher_algo, @@ -166,3 +168,5 @@ TLS_Ciphersuite::TLS_Ciphersuite(const std::string& sig_algo, } } + +} diff --git a/src/tls/tls_suites.h b/src/tls/tls_suites.h index 65203bdf7..1fd975beb 100644 --- a/src/tls/tls_suites.h +++ b/src/tls/tls_suites.h @@ -14,13 +14,15 @@ namespace Botan { +namespace TLS { + /** * Ciphersuite Information */ -class BOTAN_DLL TLS_Ciphersuite +class BOTAN_DLL Ciphersuite { public: - static TLS_Ciphersuite lookup_ciphersuite(u16bit suite); + static Ciphersuite lookup_ciphersuite(u16bit suite); const std::string kex_algo() const { return m_kex_algo; } const std::string sig_algo() const { return m_sig_algo; } @@ -30,9 +32,9 @@ class BOTAN_DLL TLS_Ciphersuite size_t cipher_keylen() const { return m_cipher_keylen; } - TLS_Ciphersuite() : m_cipher_keylen(0) {} + Ciphersuite() : m_cipher_keylen(0) {} - TLS_Ciphersuite(const std::string& sig_algo, + Ciphersuite(const std::string& sig_algo, const std::string& kex_algo, const std::string& mac_algo, const std::string& cipher_algo, @@ -44,4 +46,6 @@ class BOTAN_DLL TLS_Ciphersuite } +} + #endif |