Botan 3.0.0
Crypto and TLS for C&
msg_session_ticket.cpp
Go to the documentation of this file.
1/*
2* Session Tickets
3* (C) 2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/tls_messages.h>
9#include <botan/rng.h>
10#include <botan/tls_session.h>
11#include <botan/tls_session_manager.h>
12#include <botan/tls_callbacks.h>
13#include <botan/internal/tls_reader.h>
14#include <botan/internal/tls_handshake_io.h>
15#include <botan/internal/tls_handshake_hash.h>
16#include <botan/internal/loadstor.h>
17
18#include <botan/tls_exceptn.h>
19
20#include <span>
21
22namespace Botan::TLS {
23
25 Handshake_Hash& hash,
26 Session_Ticket ticket,
27 std::chrono::seconds lifetime) :
28 m_ticket_lifetime_hint(lifetime),
29 m_ticket(std::move(ticket))
30 {
31 hash.update(io.send(*this));
32 }
33
35 Handshake_Hash& hash)
36 {
37 hash.update(io.send(*this));
38 }
39
40New_Session_Ticket_12::New_Session_Ticket_12(const std::vector<uint8_t>& buf)
41 {
42 if(buf.size() < 6)
43 throw Decoding_Error("Session ticket message too short to be valid");
44
45 TLS_Data_Reader reader("SessionTicket", buf);
46
47 m_ticket_lifetime_hint = std::chrono::seconds(reader.get_uint32_t());
48 m_ticket = Session_Ticket(reader.get_range<uint8_t>(2, 0, 65535));
49 reader.assert_done();
50 }
51
52namespace {
53
54template <typename lifetime_t = uint32_t>
55void store_lifetime(std::span<uint8_t> sink, std::chrono::seconds lifetime)
56 {
57 BOTAN_ARG_CHECK(lifetime.count() >= 0 && lifetime.count() <= std::numeric_limits<lifetime_t>::max(),
58 "Ticket lifetime is out of range");
59 store_be(static_cast<lifetime_t>(lifetime.count()), sink.data());
60 }
61
62}
63
64std::vector<uint8_t> New_Session_Ticket_12::serialize() const
65 {
66 std::vector<uint8_t> buf(4);
67 store_be(static_cast<uint32_t>(m_ticket_lifetime_hint.count()), buf.data());
68 append_tls_length_value(buf, m_ticket.get(), 2);
69 return buf;
70 }
71
72#if defined (BOTAN_HAS_TLS_13)
73
74New_Session_Ticket_13::New_Session_Ticket_13(Ticket_Nonce nonce,
75 const Session& session,
76 const Session_Handle& handle,
77 Callbacks& callbacks)
78 : m_ticket_lifetime_hint(session.lifetime_hint())
79 , m_ticket_age_add(session.session_age_add())
80 , m_ticket_nonce(std::move(nonce))
81 , m_handle(handle.opaque_handle())
82 {
83 callbacks.tls_modify_extensions(m_extensions, Connection_Side::Server, type());
84 }
85
86New_Session_Ticket_13::New_Session_Ticket_13(const std::vector<uint8_t>& buf,
87 Connection_Side from)
88 {
89 TLS_Data_Reader reader("New_Session_Ticket_13", buf);
90
91 m_ticket_lifetime_hint = std::chrono::seconds(reader.get_uint32_t());
92
93 // RFC 8446 4.6.1
94 // Servers MUST NOT use any value [of ticket_lifetime] greater than 604800
95 // seconds (7 days).
96 if(m_ticket_lifetime_hint > std::chrono::days(7))
97 {
98 throw TLS_Exception(Alert::IllegalParameter,
99 "Received a session ticket with lifetime longer than one week.");
100 }
101
102 m_ticket_age_add = reader.get_uint32_t();
103 m_ticket_nonce = Ticket_Nonce(reader.get_tls_length_value(1));
104 m_handle = Opaque_Session_Handle(reader.get_tls_length_value(2));
105
106 m_extensions.deserialize(reader, from, type());
107
108 // RFC 8446 4.6.1
109 // The sole extension currently defined for NewSessionTicket is
110 // "early_data", indicating that the ticket may be used to send 0-RTT
111 // data [...]. Clients MUST ignore unrecognized extensions.
112 if(m_extensions.contains_implemented_extensions_other_than({Extension_Code::EarlyData}))
113 {
114 throw TLS_Exception(Alert::IllegalParameter,
115 "NewSessionTicket message contained unexpected extension");
116 }
117
118 reader.assert_done();
119 }
120
121std::optional<uint32_t> New_Session_Ticket_13::early_data_byte_limit() const
122 {
123 if(!m_extensions.has<EarlyDataIndication>())
124 return std::nullopt;
125
126 const EarlyDataIndication* ext = m_extensions.get<EarlyDataIndication>();
127 BOTAN_ASSERT_NOMSG(ext->max_early_data_size().has_value());
128 return ext->max_early_data_size().value();
129 }
130
131std::vector<uint8_t> New_Session_Ticket_13::serialize() const
132 {
133 std::vector<uint8_t> result(8);
134
135 store_lifetime(std::span(result.data(), 4), m_ticket_lifetime_hint);
136 store_be(m_ticket_age_add, result.data() + 4);
137 append_tls_length_value(result, m_ticket_nonce.get(), 1);
138 append_tls_length_value(result, m_handle.get(), 2);
139
140 // TODO: re-evaluate this construction when reworking message marshalling
141 if(m_extensions.size() == 0)
142 {
143 result.push_back(0x00);
144 result.push_back(0x00);
145 }
146 else
147 {
148 result += m_extensions.serialize(Connection_Side::Server);
149 }
150
151 return result;
152 }
153
154#endif
155
156}
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:36
virtual void tls_modify_extensions(Extensions &extn, Connection_Side which_side, Handshake_Type which_message)
void update(const uint8_t in[], size_t length)
virtual std::vector< uint8_t > send(const Handshake_Message &msg)=0
std::vector< uint8_t > serialize() const override
Handshake_Type type() const override
Definition: tls_messages.h:920
New_Session_Ticket_12(Handshake_IO &io, Handshake_Hash &hash, Session_Ticket ticket, std::chrono::seconds lifetime)
Helper class to embody a session handle in all protocol versions.
Definition: tls_session.h:69
std::vector< T > get_range(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:121
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
Definition: tls_session.h:37
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:214
Strong< std::vector< uint8_t >, struct Opaque_Session_Handle_ > Opaque_Session_Handle
holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumpt...
Definition: tls_session.h:41
constexpr void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:449
Definition: bigint.h:1092