Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::TLS::Session_Keys Class Reference

#include <tls_session_key.h>

Public Member Functions

const SymmetricKeyclient_cipher_key () const
 
const InitializationVectorclient_iv () const
 
const SymmetricKeyclient_mac_key () const
 
const secure_vector< uint8_t > & master_secret () const
 
const SymmetricKeyserver_cipher_key () const
 
const InitializationVectorserver_iv () const
 
const SymmetricKeyserver_mac_key () const
 
 Session_Keys ()=default
 
 Session_Keys (const Handshake_State *state, const secure_vector< uint8_t > &pre_master_secret, bool resuming)
 

Detailed Description

TLS Session Keys

Definition at line 22 of file tls_session_key.h.

Constructor & Destructor Documentation

Botan::TLS::Session_Keys::Session_Keys ( )
default
Botan::TLS::Session_Keys::Session_Keys ( const Handshake_State state,
const secure_vector< uint8_t > &  pre_master_secret,
bool  resuming 
)
Parameters
statestate the handshake state
pre_master_secretthe pre-master secret
resumingwhether this TLS session is resumed

Session_Keys Constructor

Definition at line 19 of file tls_session_key.cpp.

References Botan::OctetString::begin(), Botan::TLS::Ciphersuite::cipher_keylen(), Botan::TLS::Handshake_State::ciphersuite(), Botan::TLS::Handshake_State::client_hello(), Botan::TLS::Handshake_Hash::final(), Botan::TLS::Handshake_State::hash(), Botan::TLS::Ciphersuite::mac_keylen(), Botan::TLS::Ciphersuite::nonce_bytes_from_handshake(), Botan::TLS::Ciphersuite::prf_algo(), Botan::TLS::Handshake_State::protocol_specific_prf(), Botan::TLS::Handshake_State::server_hello(), and Botan::TLS::Handshake_State::version().

22  {
23  const size_t cipher_keylen = state->ciphersuite().cipher_keylen();
24  const size_t mac_keylen = state->ciphersuite().mac_keylen();
25  const size_t cipher_nonce_bytes = state->ciphersuite().nonce_bytes_from_handshake();
26 
27  const bool extended_master_secret = state->server_hello()->supports_extended_master_secret();
28 
29  const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes);
30 
31  const uint8_t MASTER_SECRET_MAGIC[] = {
32  0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 };
33 
34  const uint8_t EXT_MASTER_SECRET_MAGIC[] = {
35  0x65, 0x78, 0x74, 0x65, 0x6E, 0x64, 0x65, 0x64, 0x20,
36  0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 };
37 
38  const uint8_t KEY_GEN_MAGIC[] = {
39  0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E };
40 
41  std::unique_ptr<KDF> prf(state->protocol_specific_prf());
42 
43  if(resuming)
44  {
45  // This is actually the master secret saved as part of the session
46  m_master_sec = pre_master_secret;
47  }
48  else
49  {
50  secure_vector<uint8_t> salt;
51  secure_vector<uint8_t> label;
52  if(extended_master_secret)
53  {
54  label += std::make_pair(EXT_MASTER_SECRET_MAGIC, sizeof(EXT_MASTER_SECRET_MAGIC));
55  salt += state->hash().final(state->version(),
56  state->ciphersuite().prf_algo());
57  }
58  else
59  {
60  label += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC));
61  salt += state->client_hello()->random();
62  salt += state->server_hello()->random();
63  }
64 
65  m_master_sec = prf->derive_key(48, pre_master_secret, salt, label);
66  }
67 
68  secure_vector<uint8_t> salt;
69  secure_vector<uint8_t> label;
70  label += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC));
71  salt += state->server_hello()->random();
72  salt += state->client_hello()->random();
73 
74  SymmetricKey keyblock = prf->derive_key(prf_gen, m_master_sec, salt, label);
75 
76  const uint8_t* key_data = keyblock.begin();
77 
78  m_c_mac = SymmetricKey(key_data, mac_keylen);
79  key_data += mac_keylen;
80 
81  m_s_mac = SymmetricKey(key_data, mac_keylen);
82  key_data += mac_keylen;
83 
84  m_c_cipher = SymmetricKey(key_data, cipher_keylen);
85  key_data += cipher_keylen;
86 
87  m_s_cipher = SymmetricKey(key_data, cipher_keylen);
88  key_data += cipher_keylen;
89 
90  m_c_iv = InitializationVector(key_data, cipher_nonce_bytes);
91  key_data += cipher_nonce_bytes;
92 
93  m_s_iv = InitializationVector(key_data, cipher_nonce_bytes);
94  }
OctetString InitializationVector
Definition: symkey.h:141
OctetString SymmetricKey
Definition: symkey.h:136
const uint8_t * begin() const
Definition: symkey.h:36

Member Function Documentation

const SymmetricKey& Botan::TLS::Session_Keys::client_cipher_key ( ) const
inline
Returns
client encipherment key

Definition at line 28 of file tls_session_key.h.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

28 { return m_c_cipher; }
const InitializationVector& Botan::TLS::Session_Keys::client_iv ( ) const
inline
Returns
client IV

Definition at line 48 of file tls_session_key.h.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

48 { return m_c_iv; }
const SymmetricKey& Botan::TLS::Session_Keys::client_mac_key ( ) const
inline
Returns
client MAC key

Definition at line 38 of file tls_session_key.h.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

38 { return m_c_mac; }
const secure_vector<uint8_t>& Botan::TLS::Session_Keys::master_secret ( ) const
inline
Returns
TLS master secret

Definition at line 58 of file tls_session_key.h.

58 { return m_master_sec; }
const SymmetricKey& Botan::TLS::Session_Keys::server_cipher_key ( ) const
inline
Returns
client encipherment key

Definition at line 33 of file tls_session_key.h.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

33 { return m_s_cipher; }
const InitializationVector& Botan::TLS::Session_Keys::server_iv ( ) const
inline
Returns
server IV

Definition at line 53 of file tls_session_key.h.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

53 { return m_s_iv; }
const SymmetricKey& Botan::TLS::Session_Keys::server_mac_key ( ) const
inline
Returns
server MAC key

Definition at line 43 of file tls_session_key.h.

Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State().

43 { return m_s_mac; }

The documentation for this class was generated from the following files: