doxygen/tls__session__manager__stateless_8cpp_source.html

/**

 * TLS Stateless Session Manager for stateless servers

 * (C) 2023 Jack Lloyd

 *     2023 René Meusel - Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 */


#include <botan/tls_session_manager_stateless.h>


#include <botan/assert.h>

#include <botan/credentials_manager.h>

#include <botan/exceptn.h>

#include <botan/rng.h>


namespace Botan::TLS {


Session_Manager_Stateless::Session_Manager_Stateless(const std::shared_ptr<Credentials_Manager>& creds,

                                                     const std::shared_ptr<RandomNumberGenerator>& rng) :

      Session_Manager(rng), m_credentials_manager(creds) {

   BOTAN_ASSERT_NONNULL(m_credentials_manager);

}


std::optional<Session_Handle> Session_Manager_Stateless::establish(const Session& session,

                                                                   const std::optional<Session_ID>& /*session_id*/,

                                                                   bool tls12_no_ticket) {

   BOTAN_ASSERT(session.side() == Connection_Side::Server, "Client tried to establish a session");

   if(tls12_no_ticket) {

      return std::nullopt;

   }


   const auto key = get_ticket_key();

   if(!key.has_value()) {

      return std::nullopt;

   }


   return Session_Handle(Session_Ticket{session.encrypt(key.value(), *m_rng)});

}


void Session_Manager_Stateless::store(const Session& /*session*/, const Session_Handle& /*handle*/) {

   throw Invalid_Argument("A stateless Session Manager cannot store Sessions with their handle");

}


std::optional<Session> Session_Manager_Stateless::retrieve_one(const Session_Handle& handle) {

   auto ticket = handle.ticket();

   if(!ticket.has_value()) {

      return std::nullopt;

   }


   const auto key = get_ticket_key();

   if(!key.has_value()) {

      return std::nullopt;

   }


   try {

      return Session::decrypt(ticket.value(), key.value());

   } catch(const std::exception&) {

      // RFC 8446 4.2.11

      //    Any unknown PSKs (e.g., ones not in the PSK database or encrypted

      //    with an unknown key) SHOULD simply be ignored.

      return std::nullopt;

   }

}


bool Session_Manager_Stateless::emits_session_tickets() {

   return get_ticket_key().has_value();

}


std::optional<SymmetricKey> Session_Manager_Stateless::get_ticket_key() noexcept {

   try {

      auto key = m_credentials_manager->psk("tls-server", "session-ticket", "");

      if(key.empty()) {

         return std::nullopt;

      }

      return key;

   } catch(...) {

      return std::nullopt;

   }

}


}  // namespace Botan::TLS

BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114

BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62

Botan::Invalid_Argument
Definition exceptn.h:131

Botan::TLS::Session_Base::side
Connection_Side side() const
Definition tls_session.h:190

Botan::TLS::Session_Handle
Helper class to embody a session handle in all protocol versions.
Definition tls_session.h:63

Botan::TLS::Session_Handle::ticket
std::optional< Session_Ticket > ticket() const
Definition tls_session.cpp:73

Botan::TLS::Session_Manager_Stateless::Session_Manager_Stateless
Session_Manager_Stateless(const std::shared_ptr< Credentials_Manager > &credentials_manager, const std::shared_ptr< RandomNumberGenerator > &rng)
Definition tls_session_manager_stateless.cpp:18

Botan::TLS::Session_Manager_Stateless::establish
std::optional< Session_Handle > establish(const Session &session, const std::optional< Session_ID > &id=std::nullopt, bool tls12_no_ticket=false) override
Save a new Session and assign a Session_Handle (TLS Server).
Definition tls_session_manager_stateless.cpp:24

Botan::TLS::Session_Manager_Stateless::store
void store(const Session &session, const Session_Handle &handle) override
Save a Session under a Session_Handle (TLS Client).
Definition tls_session_manager_stateless.cpp:40

Botan::TLS::Session_Manager_Stateless::emits_session_tickets
bool emits_session_tickets() override
Definition tls_session_manager_stateless.cpp:65

Botan::TLS::Session_Manager_Stateless::retrieve_one
std::optional< Session > retrieve_one(const Session_Handle &handle) override
Internal retrieval function for a single session.
Definition tls_session_manager_stateless.cpp:44

Botan::TLS::Session_Manager::Session_Manager
BOTAN_FUTURE_EXPLICIT Session_Manager(const std::shared_ptr< RandomNumberGenerator > &rng)
Definition tls_session_manager.cpp:19

Botan::TLS::Session_Manager::m_rng
std::shared_ptr< RandomNumberGenerator > m_rng
Definition tls_session_manager.h:275

Botan::TLS::Session
Definition tls_session.h:339

Botan::TLS::Session::encrypt
std::vector< uint8_t > encrypt(const SymmetricKey &key, RandomNumberGenerator &rng) const
Definition tls_session.cpp:431

Botan::TLS::Session::decrypt
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
Definition tls_session.h:419

Botan::TLS
Definition asio_context.cpp:17

Botan::TLS::Connection_Side::Server
@ Server
Definition tls_magic.h:45

Botan::TLS::Session_Ticket
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
Definition tls_session.h:34