8 #include <botan/tls_session.h>
9 #include <botan/der_enc.h>
10 #include <botan/ber_dec.h>
11 #include <botan/asn1_str.h>
12 #include <botan/pem.h>
13 #include <botan/aead.h>
14 #include <botan/mac.h>
24 uint8_t compression_method,
26 bool extended_master_secret,
27 bool encrypt_then_mac,
28 const std::vector<X509_Certificate>& certs,
29 const std::vector<uint8_t>& ticket,
31 const std::string& srp_identifier,
32 uint16_t srtp_profile) :
33 m_start_time(
std::chrono::system_clock::now()),
34 m_identifier(session_identifier),
35 m_session_ticket(ticket),
36 m_master_secret(master_secret),
38 m_ciphersuite(ciphersuite),
39 m_compression_method(compression_method),
40 m_connection_side(side),
41 m_srtp_profile(srtp_profile),
42 m_extended_master_secret(extended_master_secret),
43 m_encrypt_then_mac(encrypt_then_mac),
45 m_server_info(server_info),
46 m_srp_identifier(srp_identifier)
54 *
this =
Session(der.data(), der.size());
59 uint8_t side_code = 0;
67 uint8_t major_version = 0, minor_version = 0;
68 std::vector<uint8_t> peer_cert_bits;
71 size_t srtp_profile = 0;
72 size_t fragment_size = 0;
77 "Unknown version in serialized TLS session")
87 .
decode(m_extended_master_secret)
88 .
decode(m_encrypt_then_mac)
94 .
decode(srp_identifier_str)
103 if(fragment_size != 0)
105 throw Decoding_Error(
"Serialized TLS session used maximum fragment length which is "
106 " no longer supported");
110 m_start_time = std::chrono::system_clock::from_time_t(start_time);
112 m_srtp_profile =
static_cast<uint16_t
>(srtp_profile);
115 server_service.
value(),
116 static_cast<uint16_t
>(server_port));
118 m_srp_identifier = srp_identifier_str.
value();
120 if(!peer_cert_bits.empty())
124 while(!certs.end_of_data())
131 std::vector<uint8_t> peer_cert_bits;
132 for(
size_t i = 0; i != m_peer_certs.size(); ++i)
133 peer_cert_bits += m_peer_certs[i].
BER_encode();
137 .
encode(static_cast<size_t>(TLS_SESSION_PARAM_STRUCT_VERSION))
138 .
encode(static_cast<size_t>(std::chrono::system_clock::to_time_t(m_start_time)))
143 .
encode(static_cast<size_t>(m_ciphersuite))
144 .
encode(static_cast<size_t>(m_compression_method))
145 .
encode(static_cast<size_t>(m_connection_side))
146 .
encode(static_cast<size_t>(0))
147 .
encode(m_extended_master_secret)
148 .
encode(m_encrypt_then_mac)
153 .
encode(static_cast<size_t>(m_server_info.
port()))
155 .
encode(static_cast<size_t>(m_srtp_profile))
167 return std::chrono::duration_cast<std::chrono::seconds>(
168 std::chrono::system_clock::now() - m_start_time);
175 const size_t nonce_len = aead->default_nonce_length();
184 aead->set_key(hmac->final());
188 aead->start(buf.data(), nonce_len);
189 aead->finish(buf, nonce_len);
198 const size_t nonce_len = aead->default_nonce_length();
200 if(in_len < nonce_len + aead->tag_size())
206 hmac->update(in, nonce_len);
207 aead->set_key(hmac->final());
209 aead->start(in, nonce_len);
211 aead->finish(buf, 0);
213 return Session(buf.data(), buf.size());
215 catch(std::exception& e)
217 throw Decoding_Error(
"Failed to decrypt serialized TLS session: " +
218 std::string(e.what()));
uint8_t minor_version() const
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
std::chrono::system_clock::time_point start_time() const
std::string value() const
static std::unique_ptr< MessageAuthenticationCode > create(const std::string &algo_spec, const std::string &provider="")
secure_vector< uint8_t > random_vec(size_t bytes)
BER_Decoder & decode_integer_type(T &out)
secure_vector< uint8_t > DER_encode() const
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
BER_Decoder & decode_and_check(const T &expected, const std::string &error_msg)
secure_vector< uint8_t > BER_encode(const Private_Key &key)
secure_vector< uint8_t > get_contents()
std::vector< uint8_t > encrypt(const SymmetricKey &key, RandomNumberGenerator &rng) const
BER_Decoder & decode(bool &v)
DER_Encoder & encode(bool b)
std::vector< T, secure_allocator< T >> secure_vector
uint8_t major_version() const
AEAD_Mode * get_aead(const std::string &algo, Cipher_Dir dir)
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
std::chrono::seconds session_age() const
std::vector< T > unlock(const secure_vector< T > &in)
secure_vector< uint8_t > decode_check_label(DataSource &source, const std::string &label_want)
BER_Decoder & verify_end()
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
std::string PEM_encode() const