Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Session_Handle Class Reference

Helper class to embody a session handle in all protocol versions. More...

#include <tls_session_id.h>

Public Member Functions

decltype(auto) get () const
std::optional< Session_IDid () const
bool is_id () const
bool is_opaque_handle () const
bool is_ticket () const
Opaque_Session_Handle opaque_handle () const
 Session_Handle (Opaque_Session_Handle ticket)
 Session_Handle (Session_ID id)
 Session_Handle (Session_Ticket ticket)
std::optional< Session_Ticketticket () const

Detailed Description

Helper class to embody a session handle in all protocol versions.

Sessions in TLS 1.2 are identified by an arbitrary and unique ID of up to 32 bytes or by a self-contained arbitrary-length ticket (RFC 5077).

TLS 1.3 does not distinct between the two and handles both as tickets. Also a TLS 1.3 server can issue multiple tickets in one connection and the resumption mechanism is compatible with the PSK establishment.

Concrete implementations of Session_Manager use this helper to distinguish the different states and manage sessions for TLS 1.2 and 1.3 connections.

Note that all information stored in a Session_Handle might be transmitted in unprotected form. Hence, it should not contain any confidential information.

Definition at line 51 of file tls_session_id.h.

Constructor & Destructor Documentation

◆ Session_Handle() [1/3]

Botan::TLS::Session_Handle::Session_Handle ( Session_ID id)
inline

Constructs a Session_Handle from a session ID which is an arbitrary byte vector that must be 32 bytes long at most.

Definition at line 59 of file tls_session_id.h.

59: m_handle(std::move(id)) { validate_constraints(); }

References id().

◆ Session_Handle() [2/3]

Botan::TLS::Session_Handle::Session_Handle ( Session_Ticket ticket)
inline

Constructs a Session_Handle from a session ticket which is a non-empty byte vector that must be 64kB long at most. Typically, tickets facilitate stateless server implementations and contain all relevant context in encrypted/authenticated form.

Note that (for technical reasons) we enforce that tickets are longer than 32 bytes.

Definition at line 70 of file tls_session_id.h.

70: m_handle(std::move(ticket)) { validate_constraints(); }
Botan::TLS::Session_Handle::ticket
std::optional< Session_Ticket > ticket() const
Definition tls_session.cpp:79

References ticket().

◆ Session_Handle() [3/3]

Botan::TLS::Session_Handle::Session_Handle ( Opaque_Session_Handle ticket)
inline

Constructs a Session_Handle from an Opaque_Handle such as TLS 1.3 uses them in its resumption mechanism. This could be either a Session_ID or a Session_Ticket and it is up to the Session_Manager to figure out what it actually is.

Definition at line 78 of file tls_session_id.h.

78: m_handle(std::move(ticket)) { validate_constraints(); }

References ticket().

Member Function Documentation

◆ get()

decltype(auto) Botan::TLS::Session_Handle::get ( ) const
inline

Definition at line 110 of file tls_session_id.h.

110{ return m_handle; }

Referenced by ticket().

◆ id()

std::optional< Session_ID > Botan::TLS::Session_Handle::id ( ) const

If the Session_Handle was constructed with a Session_ID or an Opaque_Session_Handle that can be converted to a Session_ID (up to 32 bytes long), this returns the handle as a Session_ID. Otherwise, std::nullopt is returned.

Definition at line 63 of file tls_session.cpp.

63 {
64 if(is_id()) {
65 return std::get<Session_ID>(m_handle);
66 }
67
68 // Opaque handles can mimic as a Session_ID if they are short enough
69 if(is_opaque_handle()) {
70 const auto& handle = std::get<Opaque_Session_Handle>(m_handle);
71 if(handle.size() <= 32) {
72 return Session_ID(handle.get());
73 }
74 }
75
76 return std::nullopt;
77}
Botan::TLS::Session_Handle::is_id
bool is_id() const
Definition tls_session_id.h:82
Botan::TLS::Session_Handle::is_opaque_handle
bool is_opaque_handle() const
Definition tls_session_id.h:86
Botan::TLS::Session_ID
Strong< std::vector< uint8_t >, struct Session_ID_ > Session_ID
holds a TLS 1.2 session ID for stateful resumption
Definition tls_session_id.h:22

References is_id(), and is_opaque_handle().

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Session_Manager_SQL::remove(), Botan::TLS::Session_Manager_In_Memory::retrieve_one(), Botan::TLS::Session_Manager_SQL::retrieve_one(), Session_Handle(), Botan::TLS::Session_Manager_In_Memory::store(), and Botan::TLS::Session_Manager_SQL::store().

◆ is_id()

bool Botan::TLS::Session_Handle::is_id ( ) const
inline

Definition at line 82 of file tls_session_id.h.

82{ return std::holds_alternative<Session_ID>(m_handle); }

Referenced by id().

◆ is_opaque_handle()

bool Botan::TLS::Session_Handle::is_opaque_handle ( ) const
inline

Definition at line 86 of file tls_session_id.h.

86{ return std::holds_alternative<Opaque_Session_Handle>(m_handle); }

Referenced by id(), and ticket().

◆ is_ticket()

bool Botan::TLS::Session_Handle::is_ticket ( ) const
inline

Definition at line 84 of file tls_session_id.h.

84{ return std::holds_alternative<Session_Ticket>(m_handle); }

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), and ticket().

◆ opaque_handle()

Opaque_Session_Handle Botan::TLS::Session_Handle::opaque_handle ( ) const

Returns the Session_Handle as an opaque handle. If the object was not constructed as an Opaque_Session_Handle, the contained value is converted.

Definition at line 58 of file tls_session.cpp.

58 {
59 // both a Session_ID and a Session_Ticket could be an Opaque_Session_Handle
60 return Opaque_Session_Handle(std::visit([](const auto& handle) { return handle.get(); }, m_handle));
61}
Botan::TLS::Opaque_Session_Handle
Strong< std::vector< uint8_t >, struct Opaque_Session_Handle_ > Opaque_Session_Handle
holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumpt...
Definition tls_session_id.h:29

◆ ticket()

std::optional< Session_Ticket > Botan::TLS::Session_Handle::ticket ( ) const

If the Session_Handle was constructed with a Session_Ticket or an Opaque_Session_Handle this returns the handle as a Session_ID. Otherwise, std::nullopt is returned.

Definition at line 79 of file tls_session.cpp.

79 {
80 if(is_ticket()) {
81 return std::get<Session_Ticket>(m_handle);
82 }
83
84 // Opaque handles can mimic 'normal' Session_Tickets at any time
85 if(is_opaque_handle()) {
86 return Session_Ticket(std::get<Opaque_Session_Handle>(m_handle).get());
87 }
88
89 return std::nullopt;
90}
Botan::TLS::Session_Handle::get
decltype(auto) get() const
Definition tls_session_id.h:110
Botan::TLS::Session_Handle::is_ticket
bool is_ticket() const
Definition tls_session_id.h:84
Botan::TLS::Session_Ticket
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
Definition tls_session_id.h:25

References get(), is_opaque_handle(), and is_ticket().

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Session_Manager_SQL::remove(), Botan::TLS::Session_Manager_Stateless::retrieve_one(), Session_Handle(), Session_Handle(), and Botan::TLS::Session_Manager_SQL::store().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0