Botan 3.9.0
Crypto and TLS for C&
tls_session_manager_hybrid.cpp
Go to the documentation of this file.
1/**
2 * Hybrid Session Manager that emits both IDs and Tickets
3 * (C) 2023 Jack Lloyd
4 * 2023 René Meusel - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8
9#include <botan/tls_session_manager_hybrid.h>
10
11#include <botan/assert.h>
12#include <botan/rng.h>
13
14#include <functional>
15
16namespace Botan::TLS {
17
18Session_Manager_Hybrid::Session_Manager_Hybrid(std::unique_ptr<Session_Manager> stateful,
19 const std::shared_ptr<Credentials_Manager>& credentials_manager,
20 const std::shared_ptr<RandomNumberGenerator>& rng,
21 bool prefer_tickets) :
22 Session_Manager(rng),
23 m_stateful(std::move(stateful)),
24 m_stateless(credentials_manager, rng),
25 m_prefer_tickets(prefer_tickets) {
26 BOTAN_ASSERT_NONNULL(m_stateful);
27}
28
29std::optional<Session_Handle> Session_Manager_Hybrid::establish(const Session& session,
30 const std::optional<Session_ID>& id,
31 bool tls12_no_ticket) {
32 auto create_ticket = [&]() -> std::optional<Session_Handle> {
33 if(tls12_no_ticket) {
34 return std::nullopt;
35 }
36
37 auto ticket_handle = m_stateless.establish(session, id, false /* always allow tickets */);
38 BOTAN_ASSERT_IMPLICATION(ticket_handle.has_value(),
39 ticket_handle->is_ticket(),
40 "Session_Manager_Stateless produced unexpected Session_Handle");
41 return ticket_handle;
42 };
43
44 auto create_id = [&] {
45 // If we're dealing with a TLS 1.2 connection, we opportunistically
46 // disable tickets for the underlying manager.
47 auto id_handle = m_stateful->establish(session, id, session.version().is_pre_tls_13());
49 id_handle.has_value(), id_handle->is_id(), "Session_Manager_In_Memory produced unexpected Session_Handle");
50 return id_handle;
51 };
52
53 std::function preferred = create_ticket;
54 std::function fallback = create_id;
55
56 if(!m_prefer_tickets) {
57 std::swap(preferred, fallback);
58 }
59
60 if(auto result = preferred()) {
61 return result;
62 }
63
64 return fallback();
65}
66
67std::optional<Session> Session_Manager_Hybrid::retrieve(const Session_Handle& handle,
68 Callbacks& callbacks,
69 const Policy& policy) {
70 std::reference_wrapper<Session_Manager> preferred = m_stateless;
71 std::reference_wrapper<Session_Manager> fallback = *m_stateful;
72
73 if(!m_prefer_tickets) {
74 std::swap(preferred, fallback);
75 }
76
77 if(auto session = preferred.get().retrieve(handle, callbacks, policy)) {
78 return session;
79 }
80
81 return fallback.get().retrieve(handle, callbacks, policy);
82}
83
85 return m_stateless.emits_session_tickets() || m_stateful->emits_session_tickets();
86}
87
88std::optional<Session> Session_Manager_Hybrid::retrieve_one(const Session_Handle& /*handle*/) {
89 BOTAN_ASSERT(false, "This should never be called");
90}
91
92std::vector<Session_with_Handle> Session_Manager_Hybrid::find_some(const Server_Information& /*info*/,
93 size_t /*max_sessions_hint*/) {
94 BOTAN_ASSERT(false, "This should never be called");
95}
96
97} // namespace Botan::TLS
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114
#define BOTAN_ASSERT_IMPLICATION(expr1, expr2, msg)
Definition assert.h:101
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62
Protocol_Version version() const
Helper class to embody a session handle in all protocol versions.
Definition tls_session.h:63
std::optional< Session > retrieve(const Session_Handle &handle, Callbacks &callbacks, const Policy &policy) override
Retrieves a specific session given a handle.
std::optional< Session > retrieve_one(const Session_Handle &handle) override
Internal retrieval function for a single session.
Session_Manager_Hybrid(std::unique_ptr< Session_Manager > stateful_manager, const std::shared_ptr< Credentials_Manager > &credentials_manager, const std::shared_ptr< RandomNumberGenerator > &rng, bool prefer_tickets=true)
std::vector< Session_with_Handle > find_some(const Server_Information &info, size_t max_sessions_hint) override
Internal retrieval function to find sessions to resume.
std::optional< Session_Handle > establish(const Session &session, const std::optional< Session_ID > &id=std::nullopt, bool tls12_no_ticket=false) override
Save a new Session and assign a Session_Handle (TLS Server)
BOTAN_FUTURE_EXPLICIT Session_Manager(const std::shared_ptr< RandomNumberGenerator > &rng)