aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_session.h
blob: 4a8d50e26c975829178aca1ba93a919ae11aec00 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
/*
* TLS Session
* (C) 2011-2012 Jack Lloyd
*
* Released under the terms of the Botan license
*/

#ifndef TLS_SESSION_STATE_H__
#define TLS_SESSION_STATE_H__

#include <botan/x509cert.h>
#include <botan/tls_magic.h>
#include <botan/secmem.h>
#include <botan/symkey.h>

namespace Botan {

/**
* Class representing a TLS session state
*/
class BOTAN_DLL TLS_Session
   {
   public:

      /**
      * Uninitialized session
      */
      TLS_Session() :
         m_start_time(0),
         m_version(0),
         m_ciphersuite(0),
         m_compression_method(0),
         m_connection_side(static_cast<Connection_Side>(0)),
         m_secure_renegotiation_supported(false),
         m_fragment_size(0)
            {}

      /**
      * New session (sets session start time)
      */
      TLS_Session(const MemoryRegion<byte>& session_id,
                  const MemoryRegion<byte>& master_secret,
                  Version_Code version,
                  u16bit ciphersuite,
                  byte compression_method,
                  Connection_Side side,
                  bool secure_renegotiation_supported,
                  size_t fragment_size,
                  const std::vector<X509_Certificate>& peer_certs,
                  const std::string& sni_hostname = "",
                  const std::string& srp_identifier = "");

      /**
      * Load a session from BER (created by BER_encode)
      */
      TLS_Session(const byte ber[], size_t ber_len);

      /**
      * Encrypt a session (useful for serialization or session tickets)
      */
      MemoryVector<byte> encrypt(const SymmetricKey& key,
                                 const MemoryRegion<byte>& key_name,
                                 RandomNumberGenerator& rng);

      static TLS_Session decrypt(const MemoryRegion<byte>& ctext,
                                 const SymmetricKey& key,
                                 const MemoryRegion<byte>& key_name);

      /**
      * Encode this session data for storage
      * @warning if the master secret is compromised so is the
      * session traffic
      */
      SecureVector<byte> BER_encode() const;

      /**
      * Get the version of the saved session
      */
      Version_Code version() const
         { return static_cast<Version_Code>(m_version); }

      /**
      * Get the ciphersuite of the saved session
      */
      u16bit ciphersuite() const { return m_ciphersuite; }

      /**
      * Get the compression method used in the saved session
      */
      byte compression_method() const { return m_compression_method; }

      /**
      * Get which side of the connection the resumed session we are/were
      * acting as.
      */
      Connection_Side side() const { return m_connection_side; }

      /**
      * Get the SNI hostname (if sent by the client in the initial handshake)
      */
      std::string sni_hostname() const { return m_sni_hostname; }

      /**
      * Get the SRP identity (if sent by the client in the initial handshake)
      */
      std::string srp_identifier() const { return m_srp_identifier; }

      /**
      * Get the saved master secret
      */
      const SecureVector<byte>& master_secret() const
         { return m_master_secret; }

      /**
      * Get the session identifier
      */
      const MemoryVector<byte>& session_id() const
         { return m_identifier; }

      /**
      * Get the negotiated maximum fragment size (or 0 if default)
      */
      size_t fragment_size() const { return m_fragment_size; }

      /**
      * Is secure renegotiation supported?
      */
      bool secure_renegotiation() const
         { return m_secure_renegotiation_supported; }

      /**
      * Get the time this session began (seconds since Epoch)
      */
      u64bit start_time() const { return m_start_time; }

   private:
      enum { TLS_SESSION_PARAM_STRUCT_VERSION = 1 };

      u64bit m_start_time;

      MemoryVector<byte> m_identifier;
      SecureVector<byte> m_master_secret;

      u16bit m_version;
      u16bit m_ciphersuite;
      byte m_compression_method;
      Connection_Side m_connection_side;

      bool m_secure_renegotiation_supported;
      size_t m_fragment_size;

      MemoryVector<byte> m_peer_certificate; // optional
      std::string m_sni_hostname; // optional
      std::string m_srp_identifier; // optional
   };

}

#endif