diff options
Diffstat (limited to 'src/tls/tls_session.h')
| -rw-r--r-- | src/tls/tls_session.h | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h new file mode 100644 index 000000000..c713efc87 --- /dev/null +++ b/src/tls/tls_session.h @@ -0,0 +1,147 @@ +/* +* TLS Session +* (C) 2011 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#ifndef TLS_SESSION_STATE_H__ +#define TLS_SESSION_STATE_H__ + +#include <botan/x509cert.h> +#include <botan/tls_magic.h> +#include <botan/secmem.h> + +namespace Botan { + +/** +* Class representing a TLS session state +*/ +class BOTAN_DLL TLS_Session + { + public: + + /** + * Uninitialized session + */ + TLS_Session() : + m_start_time(0), + m_version(0), + m_ciphersuite(0), + m_compression_method(0), + m_connection_side(static_cast<Connection_Side>(0)), + m_secure_renegotiation_supported(false), + m_fragment_size(0) + {} + + /** + * New session (sets session start time) + */ + TLS_Session(const MemoryRegion<byte>& session_id, + const MemoryRegion<byte>& master_secret, + Version_Code version, + u16bit ciphersuite, + byte compression_method, + Connection_Side side, + bool secure_renegotiation_supported, + size_t fragment_size, + const std::vector<X509_Certificate>& peer_certs, + const std::string& sni_hostname = "", + const std::string& srp_identifier = ""); + + /** + * Load a session from BER (created by BER_encode) + */ + TLS_Session(const byte ber[], size_t ber_len); + + /** + * Encode this session data for storage + * @warning if the master secret is compromised so is the + * session traffic + */ + SecureVector<byte> BER_encode() const; + + /** + * Get the version of the saved session + */ + Version_Code version() const + { return static_cast<Version_Code>(m_version); } + + /** + * Get the ciphersuite of the saved session + */ + u16bit ciphersuite() const { return m_ciphersuite; } + + /** + * Get the compression method used in the saved session + */ + byte compression_method() const { return m_compression_method; } + + /** + * Get which side of the connection the resumed session we are/were + * acting as. + */ + Connection_Side side() const { return m_connection_side; } + + /** + * Get the SNI hostname (if sent by the client in the initial handshake) + */ + std::string sni_hostname() const { return m_sni_hostname; } + + /** + * Get the SRP identity (if sent by the client in the initial handshake) + */ + std::string srp_identifier() const { return m_srp_identifier; } + + /** + * Get the saved master secret + */ + const SecureVector<byte>& master_secret() const + { return m_master_secret; } + + /** + * Get the session identifier + */ + const MemoryVector<byte>& session_id() const + { return m_identifier; } + + /** + * Get the negotiated maximum fragment size (or 0 if default) + */ + size_t fragment_size() const { return m_fragment_size; } + + /** + * Is secure negotiation supported? + */ + bool secure_negotiation() const + { return m_secure_renegotiation_supported; } + + /** + * Get the time this session began (seconds since Epoch) + */ + u64bit start_time() const { return m_start_time; } + + private: + enum { TLS_SESSION_PARAM_STRUCT_VERSION = 1 }; + + u64bit m_start_time; + + MemoryVector<byte> m_identifier; + SecureVector<byte> m_master_secret; + + u16bit m_version; + u16bit m_ciphersuite; + byte m_compression_method; + Connection_Side m_connection_side; + + bool m_secure_renegotiation_supported; + size_t m_fragment_size; + + MemoryVector<byte> m_peer_certificate; // optional + std::string m_sni_hostname; // optional + std::string m_srp_identifier; // optional + }; + +} + +#endif |