9#ifndef BOTAN_TLS_SESSION_STATE_H_
10#define BOTAN_TLS_SESSION_STATE_H_
12#include <botan/secmem.h>
13#include <botan/strong_type.h>
14#include <botan/symkey.h>
15#include <botan/tls_ciphersuite.h>
16#include <botan/tls_magic.h>
17#include <botan/tls_server_info.h>
18#include <botan/tls_version.h>
19#include <botan/x509cert.h>
45 return std::lexicographical_compare(id1.begin(), id1.end(), id2.begin(), id2.end());
91 bool is_id()
const {
return std::holds_alternative<Session_ID>(m_handle); }
93 bool is_ticket()
const {
return std::holds_alternative<Session_Ticket>(m_handle); }
95 bool is_opaque_handle()
const {
return std::holds_alternative<Opaque_Session_Handle>(m_handle); }
110 std::optional<Session_ID> id()
const;
117 std::optional<Session_Ticket> ticket()
const;
119 decltype(
auto)
get()
const {
return m_handle; }
122 void validate_constraints()
const;
125 std::variant<Session_ID, Session_Ticket, Opaque_Session_Handle> m_handle;
128class Client_Hello_13;
129class Server_Hello_13;
141 uint16_t ciphersuite,
143 uint16_t srtp_profile,
144 bool extended_master_secret,
145 bool encrypt_then_mac,
146 std::vector<X509_Certificate> peer_certs,
147 std::shared_ptr<const Public_Key> peer_raw_public_key,
149 m_start_time(start_time),
151 m_ciphersuite(ciphersuite),
152 m_connection_side(connection_side),
153 m_srtp_profile(srtp_profile),
154 m_extended_master_secret(extended_master_secret),
155 m_encrypt_then_mac(encrypt_then_mac),
156 m_peer_certs(std::move(peer_certs)),
157 m_peer_raw_public_key(std::move(peer_raw_public_key)),
158 m_server_info(std::move(server_info)) {}
167 std::chrono::system_clock::time_point
start_time()
const {
return m_start_time; }
209 const std::vector<X509_Certificate>&
peer_certs()
const {
return m_peer_certs; }
260 const std::optional<Session_Ticket>&
session_ticket()
const {
return m_session_ticket; }
280 bool psk_used()
const {
return m_external_psk_identity.has_value(); }
289 std::string
kex_algo()
const {
return m_kex_algo; }
291 std::string
cipher_algo()
const {
return ciphersuite().cipher_algo(); }
293 std::string
mac_algo()
const {
return ciphersuite().mac_algo(); }
295 std::string
prf_algo()
const {
return ciphersuite().prf_algo(); }
305#if defined(BOTAN_HAS_TLS_13)
308 std::vector<X509_Certificate> peer_certs,
309 std::shared_ptr<const Public_Key> peer_raw_public_key,
310 std::optional<std::string> psk_identity,
311 bool session_was_resumed,
313 std::chrono::system_clock::time_point current_timestamp);
316 void set_session_id(
Session_ID id) { m_session_id = std::move(
id); }
318 void set_session_ticket(
Session_Ticket ticket) { m_session_ticket = std::move(ticket); }
321 Session_ID m_session_id;
322 std::optional<Session_Ticket> m_session_ticket;
323 std::optional<std::string> m_external_psk_identity;
325 bool m_was_resumption;
326 std::string m_kex_algo;
340 uint16_t ciphersuite,
342 bool supports_extended_master_secret,
343 bool supports_encrypt_then_mac,
344 const std::vector<X509_Certificate>& peer_certs,
346 uint16_t srtp_profile,
347 std::chrono::system_clock::time_point current_timestamp,
348 std::chrono::seconds lifetime_hint = std::chrono::seconds::max());
350#if defined(BOTAN_HAS_TLS_13)
356 const std::optional<uint32_t>& max_early_data_bytes,
357 uint32_t ticket_age_add,
358 std::chrono::seconds lifetime_hint,
360 uint16_t ciphersuite,
362 const std::vector<X509_Certificate>& peer_certs,
363 std::shared_ptr<const Public_Key> peer_raw_public_key,
365 std::chrono::system_clock::time_point current_timestamp);
372 const std::optional<uint32_t>& max_early_data_bytes,
373 std::chrono::seconds lifetime_hint,
374 const std::vector<X509_Certificate>& peer_certs,
375 std::shared_ptr<const Public_Key> peer_raw_public_key,
387 Session(std::span<const uint8_t> ber_data);
393 explicit Session(std::string_view pem);
414 return Session::decrypt(std::span(ctext, ctext_size), key);
429 std::string PEM_encode()
const;
479 enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20231031 };
483 bool m_early_data_allowed;
484 uint32_t m_max_early_data_bytes;
485 uint32_t m_ticket_age_add;
486 std::chrono::seconds m_lifetime_hint;
std::vector< X509_Certificate > m_peer_certs
Session_Base(std::chrono::system_clock::time_point start_time, Protocol_Version version, uint16_t ciphersuite, Connection_Side connection_side, uint16_t srtp_profile, bool extended_master_secret, bool encrypt_then_mac, std::vector< X509_Certificate > peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, Server_Information server_info)
std::shared_ptr< const Public_Key > peer_raw_public_key() const
bool m_extended_master_secret
uint16_t dtls_srtp_profile() const
Protocol_Version version() const
Connection_Side side() const
bool supports_encrypt_then_mac() const
Protocol_Version m_version
std::chrono::system_clock::time_point m_start_time
Server_Information m_server_info
std::chrono::system_clock::time_point start_time() const
uint16_t ciphersuite_code() const
bool supports_extended_master_secret() const
const std::vector< X509_Certificate > & peer_certs() const
const Server_Information & server_info() const
std::shared_ptr< const Public_Key > m_peer_raw_public_key
Connection_Side m_connection_side
Helper class to embody a session handle in all protocol versions.
decltype(auto) get() const
Session_Handle(Session_Ticket ticket)
bool is_opaque_handle() const
Session_Handle(Session_ID id)
Session_Handle(Opaque_Session_Handle ticket)
std::string cipher_algo() const
std::string mac_algo() const
bool was_resumption() const
std::string kex_algo() const
const std::optional< Session_Ticket > & session_ticket() const
const std::optional< std::string > & external_psk_identity() const
const Session_ID & session_id() const
std::string prf_algo() const
std::chrono::seconds lifetime_hint() const
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
bool supports_early_data() const
uint32_t session_age_add() const
const secure_vector< uint8_t > & master_secret() const
uint32_t max_early_data_bytes() const
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
bool operator<(const Server_Information &a, const Server_Information &b)
std::vector< T, secure_allocator< T > > secure_vector