9#ifndef BOTAN_TLS_SESSION_STATE_H_
10#define BOTAN_TLS_SESSION_STATE_H_
12#include <botan/secmem.h>
13#include <botan/strong_type.h>
14#include <botan/symkey.h>
15#include <botan/tls_ciphersuite.h>
16#include <botan/tls_magic.h>
17#include <botan/tls_server_info.h>
18#include <botan/tls_version.h>
19#include <botan/x509cert.h>
44 return std::lexicographical_compare(id1.
begin(), id1.
end(), id2.
begin(), id2.
end());
94 bool is_id()
const {
return std::holds_alternative<Session_ID>(m_handle); }
96 bool is_ticket()
const {
return std::holds_alternative<Session_Ticket>(m_handle); }
98 bool is_opaque_handle()
const {
return std::holds_alternative<Opaque_Session_Handle>(m_handle); }
113 std::optional<Session_ID> id()
const;
120 std::optional<Session_Ticket> ticket()
const;
122 decltype(
auto)
get()
const {
return m_handle; }
125 void validate_constraints()
const;
128 std::variant<Session_ID, Session_Ticket, Opaque_Session_Handle> m_handle;
131class Client_Hello_13;
132class Server_Hello_13;
146 uint16_t srtp_profile,
147 bool extended_master_secret,
148 bool encrypt_then_mac,
263 const std::optional<Session_Ticket>&
session_ticket()
const {
return m_session_ticket; }
283 bool psk_used()
const {
return m_external_psk_identity.has_value(); }
292 std::string
kex_algo()
const {
return m_kex_algo; }
310#if defined(BOTAN_HAS_TLS_13)
315 std::optional<std::string> psk_identity,
316 bool session_was_resumed,
318 std::chrono::system_clock::time_point current_timestamp);
321 void set_session_id(
Session_ID id) { m_session_id = std::move(
id); }
323 void set_session_ticket(
Session_Ticket ticket) { m_session_ticket = std::move(ticket); }
326 Session_ID m_session_id;
327 std::optional<Session_Ticket> m_session_ticket;
328 std::optional<std::string> m_external_psk_identity;
330 bool m_was_resumption;
331 std::string m_kex_algo;
332 std::optional<std::string> m_kex_parameters;
350 const std::vector<X509_Certificate>&
peer_certs,
352 uint16_t srtp_profile,
353 std::chrono::system_clock::time_point current_timestamp,
354 std::chrono::seconds
lifetime_hint = std::chrono::seconds::max());
356#if defined(BOTAN_HAS_TLS_13)
363 uint32_t ticket_age_add,
368 const std::vector<X509_Certificate>&
peer_certs,
371 std::chrono::system_clock::time_point current_timestamp);
380 const std::vector<X509_Certificate>&
peer_certs,
399 explicit Session(std::string_view pem);
435 std::string PEM_encode()
const;
485 enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20231031 };
489 bool m_early_data_allowed;
490 uint32_t m_max_early_data_bytes;
491 uint32_t m_ticket_age_add;
492 std::chrono::seconds m_lifetime_hint;
#define BOTAN_PUBLIC_API(maj, min)
#define BOTAN_FUTURE_EXPLICIT
std::vector< X509_Certificate > m_peer_certs
Session_Base(std::chrono::system_clock::time_point start_time, Protocol_Version version, uint16_t ciphersuite, Connection_Side connection_side, uint16_t srtp_profile, bool extended_master_secret, bool encrypt_then_mac, std::vector< X509_Certificate > peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, Server_Information server_info)
std::shared_ptr< const Public_Key > peer_raw_public_key() const
bool m_extended_master_secret
uint16_t dtls_srtp_profile() const
Protocol_Version version() const
Connection_Side side() const
bool supports_encrypt_then_mac() const
Protocol_Version m_version
std::chrono::system_clock::time_point m_start_time
Server_Information m_server_info
std::chrono::system_clock::time_point start_time() const
uint16_t ciphersuite_code() const
bool supports_extended_master_secret() const
Ciphersuite ciphersuite() const
const std::vector< X509_Certificate > & peer_certs() const
const Server_Information & server_info() const
std::shared_ptr< const Public_Key > m_peer_raw_public_key
Connection_Side m_connection_side
Helper class to embody a session handle in all protocol versions.
std::optional< Session_Ticket > ticket() const
decltype(auto) get() const
Session_Handle(Session_Ticket ticket)
bool is_opaque_handle() const
Session_Handle(Session_ID id)
Session_Handle(Opaque_Session_Handle ticket)
std::optional< Session_ID > id() const
std::string cipher_algo() const
friend class Server_Impl_13
friend class Client_Impl_13
friend class Server_Impl_12
std::string mac_algo() const
bool was_resumption() const
std::string kex_algo() const
const std::optional< Session_Ticket > & session_ticket() const
friend class Client_Impl_12
const std::optional< std::string > & external_psk_identity() const
const Session_ID & session_id() const
std::string prf_algo() const
std::optional< std::string > kex_parameters() const
secure_vector< uint8_t > DER_encode() const
std::vector< uint8_t > encrypt(const SymmetricKey &key, RandomNumberGenerator &rng) const
std::chrono::seconds lifetime_hint() const
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
bool supports_early_data() const
uint32_t session_age_add() const
Session(const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
const secure_vector< uint8_t > & master_secret() const
uint32_t max_early_data_bytes() const
decltype(auto) begin() noexcept(noexcept(this->get().begin()))
decltype(auto) end() noexcept(noexcept(this->get().end()))
bool operator<(const Server_Information &a, const Server_Information &b)
Strong< std::vector< uint8_t >, struct Session_ID_ > Session_ID
holds a TLS 1.2 session ID for stateful resumption
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
Strong< std::vector< uint8_t >, struct Opaque_Session_Handle_ > Opaque_Session_Handle
holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumpt...
std::vector< T, secure_allocator< T > > secure_vector