9#ifndef BOTAN_TLS_SESSION_STATE_H_
10#define BOTAN_TLS_SESSION_STATE_H_
12#include <botan/secmem.h>
13#include <botan/strong_type.h>
14#include <botan/symkey.h>
15#include <botan/tls_ciphersuite.h>
16#include <botan/tls_magic.h>
17#include <botan/tls_server_info.h>
18#include <botan/tls_version.h>
19#include <botan/x509cert.h>
45 return std::lexicographical_compare(id1.
begin(), id1.
end(), id2.
begin(), id2.
end());
91 bool is_id()
const {
return std::holds_alternative<Session_ID>(m_handle); }
93 bool is_ticket()
const {
return std::holds_alternative<Session_Ticket>(m_handle); }
95 bool is_opaque_handle()
const {
return std::holds_alternative<Opaque_Session_Handle>(m_handle); }
110 std::optional<Session_ID> id()
const;
117 std::optional<Session_Ticket> ticket()
const;
119 decltype(
auto)
get()
const {
return m_handle; }
122 void validate_constraints()
const;
125 std::variant<Session_ID, Session_Ticket, Opaque_Session_Handle> m_handle;
128class Client_Hello_13;
129class Server_Hello_13;
143 uint16_t srtp_profile,
144 bool extended_master_secret,
145 bool encrypt_then_mac,
260 const std::optional<Session_Ticket>&
session_ticket()
const {
return m_session_ticket; }
280 bool psk_used()
const {
return m_external_psk_identity.has_value(); }
289 std::string
kex_algo()
const {
return m_kex_algo; }
307#if defined(BOTAN_HAS_TLS_13)
312 std::optional<std::string> psk_identity,
313 bool session_was_resumed,
315 std::chrono::system_clock::time_point current_timestamp);
318 void set_session_id(
Session_ID id) { m_session_id = std::move(
id); }
320 void set_session_ticket(
Session_Ticket ticket) { m_session_ticket = std::move(ticket); }
323 Session_ID m_session_id;
324 std::optional<Session_Ticket> m_session_ticket;
325 std::optional<std::string> m_external_psk_identity;
327 bool m_was_resumption;
328 std::string m_kex_algo;
329 std::optional<std::string> m_kex_parameters;
347 const std::vector<X509_Certificate>&
peer_certs,
349 uint16_t srtp_profile,
350 std::chrono::system_clock::time_point current_timestamp,
351 std::chrono::seconds
lifetime_hint = std::chrono::seconds::max());
353#if defined(BOTAN_HAS_TLS_13)
360 uint32_t ticket_age_add,
365 const std::vector<X509_Certificate>&
peer_certs,
368 std::chrono::system_clock::time_point current_timestamp);
377 const std::vector<X509_Certificate>&
peer_certs,
390 Session(std::span<const uint8_t> ber_data);
396 explicit Session(std::string_view pem);
432 std::string PEM_encode()
const;
482 enum { TLS_SESSION_PARAM_STRUCT_VERSION = 20231031 };
486 bool m_early_data_allowed;
487 uint32_t m_max_early_data_bytes;
488 uint32_t m_ticket_age_add;
489 std::chrono::seconds m_lifetime_hint;
#define BOTAN_PUBLIC_API(maj, min)
std::vector< X509_Certificate > m_peer_certs
Session_Base(std::chrono::system_clock::time_point start_time, Protocol_Version version, uint16_t ciphersuite, Connection_Side connection_side, uint16_t srtp_profile, bool extended_master_secret, bool encrypt_then_mac, std::vector< X509_Certificate > peer_certs, std::shared_ptr< const Public_Key > peer_raw_public_key, Server_Information server_info)
std::shared_ptr< const Public_Key > peer_raw_public_key() const
bool m_extended_master_secret
uint16_t dtls_srtp_profile() const
Protocol_Version version() const
Connection_Side side() const
bool supports_encrypt_then_mac() const
Protocol_Version m_version
std::chrono::system_clock::time_point m_start_time
Server_Information m_server_info
std::chrono::system_clock::time_point start_time() const
uint16_t ciphersuite_code() const
bool supports_extended_master_secret() const
Ciphersuite ciphersuite() const
const std::vector< X509_Certificate > & peer_certs() const
const Server_Information & server_info() const
std::shared_ptr< const Public_Key > m_peer_raw_public_key
Connection_Side m_connection_side
Helper class to embody a session handle in all protocol versions.
std::optional< Session_Ticket > ticket() const
decltype(auto) get() const
Session_Handle(Session_Ticket ticket)
bool is_opaque_handle() const
Session_Handle(Session_ID id)
Session_Handle(Opaque_Session_Handle ticket)
std::optional< Session_ID > id() const
std::string cipher_algo() const
friend class Server_Impl_13
friend class Client_Impl_13
friend class Server_Impl_12
std::string mac_algo() const
bool was_resumption() const
std::string kex_algo() const
const std::optional< Session_Ticket > & session_ticket() const
friend class Client_Impl_12
const std::optional< std::string > & external_psk_identity() const
const Session_ID & session_id() const
std::string prf_algo() const
std::optional< std::string > kex_parameters() const
secure_vector< uint8_t > DER_encode() const
std::vector< uint8_t > encrypt(const SymmetricKey &key, RandomNumberGenerator &rng) const
std::chrono::seconds lifetime_hint() const
static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey &key)
bool supports_early_data() const
uint32_t session_age_add() const
Session(const secure_vector< uint8_t > &master_secret, Protocol_Version version, uint16_t ciphersuite, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector< X509_Certificate > &peer_certs, const Server_Information &server_info, uint16_t srtp_profile, std::chrono::system_clock::time_point current_timestamp, std::chrono::seconds lifetime_hint=std::chrono::seconds::max())
const secure_vector< uint8_t > & master_secret() const
uint32_t max_early_data_bytes() const
decltype(auto) begin() noexcept(noexcept(this->get().begin()))
decltype(auto) end() noexcept(noexcept(this->get().end()))
bool operator<(const Server_Information &a, const Server_Information &b)
Strong< std::vector< uint8_t >, struct Session_ID_ > Session_ID
holds a TLS 1.2 session ID for stateful resumption
Strong< std::vector< uint8_t >, struct Session_Ticket_ > Session_Ticket
holds a TLS 1.2 session ticket for stateless resumption
Strong< std::vector< uint8_t >, struct Opaque_Session_Handle_ > Opaque_Session_Handle
holds an opaque session handle as used in TLS 1.3 that could be either a ticket for stateless resumpt...
std::vector< T, secure_allocator< T > > secure_vector