Botan 3.5.0
Crypto and TLS for C&
tls_session_manager_hybrid.cpp
Go to the documentation of this file.
1/**
2 * Hybrid Session Manager that emits both IDs and Tickets
3 * (C) 2023 Jack Lloyd
4 * 2023 René Meusel - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8
9#include <botan/tls_session_manager_hybrid.h>
10
11#include <botan/rng.h>
12
13#include <functional>
14
15namespace Botan::TLS {
16
17Session_Manager_Hybrid::Session_Manager_Hybrid(std::unique_ptr<Session_Manager> stateful,
18 const std::shared_ptr<Credentials_Manager>& credentials_manager,
19 const std::shared_ptr<RandomNumberGenerator>& rng,
20 bool prefer_tickets) :
21 Session_Manager(rng),
22 m_stateful(std::move(stateful)),
23 m_stateless(credentials_manager, rng),
24 m_prefer_tickets(prefer_tickets) {
25 BOTAN_ASSERT_NONNULL(m_stateful);
26}
27
28std::optional<Session_Handle> Session_Manager_Hybrid::establish(const Session& session,
29 const std::optional<Session_ID>& id,
30 bool tls12_no_ticket) {
31 auto create_ticket = [&]() -> std::optional<Session_Handle> {
32 if(tls12_no_ticket) {
33 return std::nullopt;
34 }
35
36 auto ticket_handle = m_stateless.establish(session, id, false /* always allow tickets */);
37 BOTAN_ASSERT_IMPLICATION(ticket_handle.has_value(),
38 ticket_handle->is_ticket(),
39 "Session_Manager_Stateless produced unexpected Session_Handle");
40 return ticket_handle;
41 };
42
43 auto create_id = [&] {
44 // If we're dealing with a TLS 1.2 connection, we opportunistically
45 // disable tickets for the underlying manager.
46 auto id_handle = m_stateful->establish(session, id, session.version().is_pre_tls_13());
48 id_handle.has_value(), id_handle->is_id(), "Session_Manager_In_Memory produced unexpected Session_Handle");
49 return id_handle;
50 };
51
52 std::function preferred = create_ticket;
53 std::function fallback = create_id;
54
55 if(!m_prefer_tickets) {
56 std::swap(preferred, fallback);
57 }
58
59 if(auto result = preferred()) {
60 return result;
61 }
62
63 return fallback();
64}
65
66std::optional<Session> Session_Manager_Hybrid::retrieve(const Session_Handle& handle,
67 Callbacks& callbacks,
68 const Policy& policy) {
69 std::reference_wrapper<Session_Manager> preferred = m_stateless;
70 std::reference_wrapper<Session_Manager> fallback = *m_stateful;
71
72 if(!m_prefer_tickets) {
73 std::swap(preferred, fallback);
74 }
75
76 if(auto session = preferred.get().retrieve(handle, callbacks, policy)) {
77 return session;
78 }
79
80 return fallback.get().retrieve(handle, callbacks, policy);
81}
82
84 return m_stateless.emits_session_tickets() || m_stateful->emits_session_tickets();
85}
86
87} // namespace Botan::TLS
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86
#define BOTAN_ASSERT_IMPLICATION(expr1, expr2, msg)
Definition assert.h:77
Protocol_Version version() const
Helper class to embody a session handle in all protocol versions.
Definition tls_session.h:64
std::optional< Session > retrieve(const Session_Handle &handle, Callbacks &callbacks, const Policy &policy) override
Retrieves a specific session given a handle.
Session_Manager_Hybrid(std::unique_ptr< Session_Manager > stateful_manager, const std::shared_ptr< Credentials_Manager > &credentials_manager, const std::shared_ptr< RandomNumberGenerator > &rng, bool prefer_tickets=true)
std::optional< Session_Handle > establish(const Session &session, const std::optional< Session_ID > &id=std::nullopt, bool tls12_no_ticket=false) override
Save a new Session and assign a Session_Handle (TLS Server)
std::optional< Session_Handle > establish(const Session &session, const std::optional< Session_ID > &id=std::nullopt, bool tls12_no_ticket=false) override
Save a new Session and assign a Session_Handle (TLS Server)