network_system/session__ticket__store_8h_source.html

// BSD 3-Clause License

// Copyright (c) 2024, 🍀☀🌕🌥 🌊

// See the LICENSE file in the project root for full license information.


#pragma once


#include "transport_params.h"


#include <chrono>

#include <mutex>

#include <optional>

#include <string>

#include <unordered_map>

#include <vector>


namespace kcenon::network::protocols::quic

{


struct session_ticket_info

{

    std::vector<uint8_t> ticket_data;


    std::chrono::system_clock::time_point expiry;


    std::string server_name;


    unsigned short port{0};


    transport_parameters saved_params;


    uint32_t max_early_data_size{0};


    uint32_t ticket_age_add{0};


    std::chrono::system_clock::time_point received_time;


    [[nodiscard]] auto is_valid() const noexcept -> bool;


    [[nodiscard]] auto get_obfuscated_age() const noexcept -> uint32_t;

};


class session_ticket_store

{

public:

    session_ticket_store() = default;


    ~session_ticket_store() = default;


    // Non-copyable, non-movable (contains mutex)

    session_ticket_store(const session_ticket_store&) = delete;

    session_ticket_store& operator=(const session_ticket_store&) = delete;

    session_ticket_store(session_ticket_store&&) = delete;

    session_ticket_store& operator=(session_ticket_store&&) = delete;


    auto store(const std::string& server,

               unsigned short port,

               const session_ticket_info& ticket) -> void;


    [[nodiscard]] auto retrieve(const std::string& server,

                                 unsigned short port) const

        -> std::optional<session_ticket_info>;


    auto remove(const std::string& server, unsigned short port) -> bool;


    auto cleanup_expired() -> size_t;


    auto clear() -> void;


    [[nodiscard]] auto size() const -> size_t;


    [[nodiscard]] auto has_ticket(const std::string& server,

                                   unsigned short port) const -> bool;


private:

    [[nodiscard]] static auto make_key(const std::string& server,

                                        unsigned short port) -> std::string;


    mutable std::mutex mutex_;


    std::unordered_map<std::string, session_ticket_info> tickets_;

};


class replay_filter

{

public:


    struct config

    {

        std::chrono::seconds window_size{10};


        size_t max_entries{100000};

    };


    replay_filter();


    explicit replay_filter(const config& cfg);


    [[nodiscard]] auto check_and_record(

        std::span<const uint8_t> nonce,

        std::chrono::system_clock::time_point timestamp

            = std::chrono::system_clock::now()) -> bool;


    auto cleanup(std::chrono::system_clock::time_point now

                     = std::chrono::system_clock::now()) -> size_t;


    auto clear() -> void;


    [[nodiscard]] auto size() const -> size_t;


private:


    struct nonce_entry

    {

        std::vector<uint8_t> nonce;

        std::chrono::system_clock::time_point timestamp;

    };


    config config_;

    mutable std::mutex mutex_;

    std::vector<nonce_entry> entries_;

};


} // namespace kcenon::network::protocols::quic

kcenon::network::protocols::quic::replay_filter
Anti-replay protection for 0-RTT data.
Definition session_ticket_store.h:210

kcenon::network::protocols::quic::replay_filter::config_
config config_
Definition session_ticket_store.h:274

kcenon::network::protocols::quic::replay_filter::mutex_
std::mutex mutex_
Definition session_ticket_store.h:275

kcenon::network::protocols::quic::replay_filter::entries_
std::vector< nonce_entry > entries_
Definition session_ticket_store.h:276

kcenon::network::protocols::quic::session_ticket_store
Thread-safe storage for QUIC session tickets.
Definition session_ticket_store.h:97

kcenon::network::protocols::quic::session_ticket_store::operator=
session_ticket_store & operator=(const session_ticket_store &)=delete

kcenon::network::protocols::quic::session_ticket_store::~session_ticket_store
~session_ticket_store()=default
Destructor.

kcenon::network::protocols::quic::session_ticket_store::session_ticket_store
session_ticket_store()=default
Default constructor.

kcenon::network::protocols::quic::session_ticket_store::session_ticket_store
session_ticket_store(session_ticket_store &&)=delete

kcenon::network::protocols::quic::session_ticket_store::operator=
session_ticket_store & operator=(session_ticket_store &&)=delete

kcenon::network::protocols::quic::session_ticket_store::session_ticket_store
session_ticket_store(const session_ticket_store &)=delete

kcenon::network::protocols::quic
Definition connection_id.h:27

mutex
std::mutex mutex
Definition network_metrics.cpp:29

kcenon::network::protocols::quic::replay_filter::config
Configuration for the replay filter.
Definition session_ticket_store.h:216

kcenon::network::protocols::quic::replay_filter::nonce_entry
Definition session_ticket_store.h:269

kcenon::network::protocols::quic::replay_filter::nonce_entry::nonce
std::vector< uint8_t > nonce
Definition session_ticket_store.h:270

kcenon::network::protocols::quic::replay_filter::nonce_entry::timestamp
std::chrono::system_clock::time_point timestamp
Definition session_ticket_store.h:271

kcenon::network::protocols::quic::session_ticket_info
Contains session ticket data for 0-RTT resumption.
Definition session_ticket_store.h:28

kcenon::network::protocols::quic::session_ticket_info::received_time
std::chrono::system_clock::time_point received_time
Time when the ticket was received.
Definition session_ticket_store.h:51

kcenon::network::protocols::quic::session_ticket_info::expiry
std::chrono::system_clock::time_point expiry
Ticket expiration time.
Definition session_ticket_store.h:33

kcenon::network::protocols::quic::session_ticket_info::is_valid
auto is_valid() const noexcept -> bool
Check if the ticket is still valid (not expired)
Definition session_ticket_store.cpp:16

kcenon::network::protocols::quic::session_ticket_info::server_name
std::string server_name
Server name (for SNI matching)
Definition session_ticket_store.h:36

kcenon::network::protocols::quic::session_ticket_info::get_obfuscated_age
auto get_obfuscated_age() const noexcept -> uint32_t
Get obfuscated ticket age (RFC 8446 Section 4.2.11.1)
Definition session_ticket_store.cpp:27

kcenon::network::protocols::quic::session_ticket_info::saved_params
transport_parameters saved_params
Saved transport parameters from the original connection.
Definition session_ticket_store.h:42

kcenon::network::protocols::quic::session_ticket_info::ticket_age_add
uint32_t ticket_age_add
Ticket age add value for obfuscation (RFC 8446)
Definition session_ticket_store.h:48

kcenon::network::protocols::quic::session_ticket_info::port
unsigned short port
Server port (for endpoint matching)
Definition session_ticket_store.h:39

kcenon::network::protocols::quic::session_ticket_info::ticket_data
std::vector< uint8_t > ticket_data
Raw session ticket data from TLS 1.3 NewSessionTicket.
Definition session_ticket_store.h:30

kcenon::network::protocols::quic::session_ticket_info::max_early_data_size
uint32_t max_early_data_size
Maximum early data size allowed (from max_early_data_size extension)
Definition session_ticket_store.h:45

kcenon::network::protocols::quic::transport_parameters
QUIC transport parameters (RFC 9000 Section 18)
Definition transport_params.h:86

transport_params.h