Botan 3.5.0
Crypto and TLS for C&
tls_session_manager_hybrid.h
Go to the documentation of this file.
1/**
2 * Hybrid Session Manager emitting both Tickets and storing sessions in Memory
3 * (C) 2023 Jack Lloyd
4 * (C) 2023 René Meusel - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8
9#ifndef BOTAN_TLS_SESSION_MANAGER_HYBRID_H_
10#define BOTAN_TLS_SESSION_MANAGER_HYBRID_H_
11
12#include <botan/tls_session_manager.h>
13#include <botan/tls_session_manager_stateless.h>
14
15#include <memory>
16
17namespace Botan {
18
19class RandomNumberGenerator;
20
21namespace TLS {
22
23/**
24 * A combination of the Session_Manager_Stateless and an arbitrary stateful
25 * Session_Manager.
26 *
27 * This extends any stateful session manager to provide TLS 1.2 session ticket
28 * support. Session_Handle objects may either be a Session_Ticket or Session_ID
29 * when working with TLS 1.2 servers and depending on the peer's capability to
30 * support session tickets.
31 *
32 * For TLS 1.3 sessions it will provide one of both, depending on the preference
33 * defined in the class' constructor.
34 *
35 * For applications that implement a TLS server that allows handshakes with both
36 * TLS 1.2 and TLS 1.3 clients, this is typically a good default option. Combine
37 * it with the Session_Manager_SQLite or Session_Manager_In_Memory as needed.
38 */
40 public:
41 /**
42 * @param stateful_manager the underlying stateful manager instance
43 * as a non-owning reference
44 * @param credentials_manager the credentials manager to take the ticket
45 * key in the stateless memory manager from
46 * @param rng a RNG used for generating session key and for
47 * session encryption
48 * @param prefer_tickets for TLS 1.3 connections, servers need to choose
49 * whether to go for self-contained tickets or
50 * short database handles
51 */
52 Session_Manager_Hybrid(std::unique_ptr<Session_Manager> stateful_manager,
53 const std::shared_ptr<Credentials_Manager>& credentials_manager,
54 const std::shared_ptr<RandomNumberGenerator>& rng,
55 bool prefer_tickets = true);
56
57 std::optional<Session_Handle> establish(const Session& session,
58 const std::optional<Session_ID>& id = std::nullopt,
59 bool tls12_no_ticket = false) override;
60
61 std::optional<Session> retrieve(const Session_Handle& handle,
62 Callbacks& callbacks,
63 const Policy& policy) override;
64
65 std::vector<Session_with_Handle> find(const Server_Information& info,
66 Callbacks& callbacks,
67 const Policy& policy) override {
68 return m_stateful->find(info, callbacks, policy);
69 }
70
71 void store(const Session& session, const Session_Handle& handle) override { m_stateful->store(session, handle); }
72
73 size_t remove(const Session_Handle& handle) override { return m_stateful->remove(handle); }
74
75 size_t remove_all() override { return m_stateful->remove_all(); }
76
77 bool emits_session_tickets() override;
78
79 Session_Manager* underlying_stateful_manager() { return m_stateful.get(); }
80
81 protected:
82 // The Hybrid_Session_Manager just delegates to its underlying managers
83 // via the public retrieval API. Its own "storage interface" is therefore
84 // never called.
85 std::optional<Session> retrieve_one(const Session_Handle&) override {
86 BOTAN_ASSERT(false, "This should never be called");
87 }
88
89 std::vector<Session_with_Handle> find_some(const Server_Information&, const size_t) override {
90 BOTAN_ASSERT(false, "This should never be called");
91 }
92
93 private:
94 std::unique_ptr<Session_Manager> m_stateful;
95 Session_Manager_Stateless m_stateless;
96
97 bool m_prefer_tickets;
98};
99
100} // namespace TLS
101
102} // namespace Botan
103
104#endif
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
Helper class to embody a session handle in all protocol versions.
Definition tls_session.h:64
std::optional< Session > retrieve_one(const Session_Handle &) override
Internal retrieval function for a single session.
size_t remove(const Session_Handle &handle) override
std::vector< Session_with_Handle > find_some(const Server_Information &, const size_t) override
Internal retrieval function to find sessions to resume.
void store(const Session &session, const Session_Handle &handle) override
Save a Session under a Session_Handle (TLS Client)
std::vector< Session_with_Handle > find(const Server_Information &info, Callbacks &callbacks, const Policy &policy) override
Find all sessions that match a given server info.
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31