diff options
Diffstat (limited to 'lib/tls/tls_session_manager.h')
-rw-r--r-- | lib/tls/tls_session_manager.h | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/lib/tls/tls_session_manager.h b/lib/tls/tls_session_manager.h new file mode 100644 index 000000000..e6eacc88c --- /dev/null +++ b/lib/tls/tls_session_manager.h @@ -0,0 +1,149 @@ +/* +* TLS Session Manager +* (C) 2011 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#ifndef BOTAN_TLS_SESSION_MANAGER_H__ +#define BOTAN_TLS_SESSION_MANAGER_H__ + +#include <botan/tls_session.h> +#include <mutex> +#include <chrono> +#include <map> + +namespace Botan { + +namespace TLS { + +/** +* Session_Manager is an interface to systems which can save +* session parameters for supporting session resumption. +* +* Saving sessions is done on a best-effort basis; an implementation is +* allowed to drop sessions due to space constraints. +* +* Implementations should strive to be thread safe +*/ +class BOTAN_DLL Session_Manager + { + public: + /** + * Try to load a saved session (using session ID) + * @param session_id the session identifier we are trying to resume + * @param session will be set to the saved session data (if found), + or not modified if not found + * @return true if session was modified + */ + virtual bool load_from_session_id(const std::vector<byte>& session_id, + Session& session) = 0; + + /** + * Try to load a saved session (using info about server) + * @param info the information about the server + * @param session will be set to the saved session data (if found), + or not modified if not found + * @return true if session was modified + */ + virtual bool load_from_server_info(const Server_Information& info, + Session& session) = 0; + + /** + * Remove this session id from the cache, if it exists + */ + virtual void remove_entry(const std::vector<byte>& session_id) = 0; + + /** + * Save a session on a best effort basis; the manager may not in + * fact be able to save the session for whatever reason; this is + * not an error. Caller cannot assume that calling save followed + * immediately by load_from_* will result in a successful lookup. + * + * @param session to save + */ + virtual void save(const Session& session) = 0; + + /** + * Return the allowed lifetime of a session; beyond this time, + * sessions are not resumed. Returns 0 if unknown/no explicit + * expiration policy. + */ + virtual std::chrono::seconds session_lifetime() const = 0; + + virtual ~Session_Manager() {} + }; + +/** +* An implementation of Session_Manager that does not save sessions at +* all, preventing session resumption. +*/ +class BOTAN_DLL Session_Manager_Noop : public Session_Manager + { + public: + bool load_from_session_id(const std::vector<byte>&, Session&) override + { return false; } + + bool load_from_server_info(const Server_Information&, Session&) override + { return false; } + + void remove_entry(const std::vector<byte>&) override {} + + void save(const Session&) override {} + + std::chrono::seconds session_lifetime() const override + { return std::chrono::seconds(0); } + }; + +/** +* An implementation of Session_Manager that saves values in memory. +*/ +class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager + { + public: + /** + * @param max_sessions a hint on the maximum number of sessions + * to keep in memory at any one time. (If zero, don't cap) + * @param session_lifetime sessions are expired after this many + * seconds have elapsed from initial handshake. + */ + Session_Manager_In_Memory(RandomNumberGenerator& rng, + size_t max_sessions = 1000, + std::chrono::seconds session_lifetime = + std::chrono::seconds(7200)); + + bool load_from_session_id(const std::vector<byte>& session_id, + Session& session) override; + + bool load_from_server_info(const Server_Information& info, + Session& session) override; + + void remove_entry(const std::vector<byte>& session_id) override; + + void save(const Session& session_data) override; + + std::chrono::seconds session_lifetime() const override + { return m_session_lifetime; } + + private: + bool load_from_session_str(const std::string& session_str, + Session& session); + + std::mutex m_mutex; + + size_t m_max_sessions; + + std::chrono::seconds m_session_lifetime; + + RandomNumberGenerator& m_rng; + SymmetricKey m_session_key; + + std::map<std::string, std::vector<byte>> m_sessions; // hex(session_id) -> session + std::map<Server_Information, std::string> m_info_sessions; + }; + +} + +} + +#endif |