1 /**
2  * \file ssl_cache.h
3  *
4  * \brief SSL session cache implementation
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0
9  *
10  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
11  *  not use this file except in compliance with the License.
12  *  You may obtain a copy of the License at
13  *
14  *  http://www.apache.org/licenses/LICENSE-2.0
15  *
16  *  Unless required by applicable law or agreed to in writing, software
17  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  *  See the License for the specific language governing permissions and
20  *  limitations under the License.
21  */
22 #ifndef MBEDTLS_SSL_CACHE_H
23 #define MBEDTLS_SSL_CACHE_H
24 #include "mbedtls/private_access.h"
25 
26 #include "mbedtls/build_info.h"
27 
28 #include "mbedtls/ssl.h"
29 
30 #if defined(MBEDTLS_THREADING_C)
31 #include "mbedtls/threading.h"
32 #endif
33 
34 /**
35  * \name SECTION: Module settings
36  *
37  * The configuration options you can set for this module are in this section.
38  * Either change them in mbedtls_config.h or define them on the compiler command line.
39  * \{
40  */
41 
42 #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
43 #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
44 #endif
45 
46 #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
47 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
48 #endif
49 
50 /** \} name SECTION: Module settings */
51 
52 #ifdef __cplusplus
53 extern "C" {
54 #endif
55 
56 typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
57 typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
58 
59 /**
60  * \brief   This structure is used for storing cache entries
61  */
62 struct mbedtls_ssl_cache_entry
63 {
64 #if defined(MBEDTLS_HAVE_TIME)
65     mbedtls_time_t MBEDTLS_PRIVATE(timestamp);           /*!< entry timestamp    */
66 #endif
67 
68     unsigned char MBEDTLS_PRIVATE(session_id)[32];       /*!< session ID         */
69     size_t MBEDTLS_PRIVATE(session_id_len);
70 
71     unsigned char *MBEDTLS_PRIVATE(session);             /*!< serialized session */
72     size_t MBEDTLS_PRIVATE(session_len);
73 
74     mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next);      /*!< chain pointer      */
75 };
76 
77 /**
78  * \brief Cache context
79  */
80 struct mbedtls_ssl_cache_context
81 {
82     mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain);     /*!< start of the chain     */
83     int MBEDTLS_PRIVATE(timeout);                /*!< cache entry timeout    */
84     int MBEDTLS_PRIVATE(max_entries);            /*!< maximum entries        */
85 #if defined(MBEDTLS_THREADING_C)
86     mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);    /*!< mutex                  */
87 #endif
88 };
89 
90 /**
91  * \brief          Initialize an SSL cache context
92  *
93  * \param cache    SSL cache context
94  */
95 void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
96 
97 /**
98  * \brief          Cache get callback implementation
99  *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
100  *
101  * \param data            The SSL cache context to use.
102  * \param session_id      The pointer to the buffer holding the session ID
103  *                        for the session to load.
104  * \param session_id_len  The length of \p session_id in bytes.
105  * \param session         The address at which to store the session
106  *                        associated with \p session_id, if present.
107  */
108 int mbedtls_ssl_cache_get( void *data,
109                            unsigned char const *session_id,
110                            size_t session_id_len,
111                            mbedtls_ssl_session *session );
112 
113 /**
114  * \brief          Cache set callback implementation
115  *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
116  *
117  * \param data            The SSL cache context to use.
118  * \param session_id      The pointer to the buffer holding the session ID
119  *                        associated to \p session.
120  * \param session_id_len  The length of \p session_id in bytes.
121  * \param session         The session to store.
122  */
123 int mbedtls_ssl_cache_set( void *data,
124                            unsigned char const *session_id,
125                            size_t session_id_len,
126                            const mbedtls_ssl_session *session );
127 
128 #if defined(MBEDTLS_HAVE_TIME)
129 /**
130  * \brief          Set the cache timeout
131  *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
132  *
133  *                 A timeout of 0 indicates no timeout.
134  *
135  * \param cache    SSL cache context
136  * \param timeout  cache entry timeout in seconds
137  */
138 void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
139 #endif /* MBEDTLS_HAVE_TIME */
140 
141 /**
142  * \brief          Set the maximum number of cache entries
143  *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
144  *
145  * \param cache    SSL cache context
146  * \param max      cache entry maximum
147  */
148 void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
149 
150 /**
151  * \brief          Free referenced items in a cache context and clear memory
152  *
153  * \param cache    SSL cache context
154  */
155 void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
156 
157 #ifdef __cplusplus
158 }
159 #endif
160 
161 #endif /* ssl_cache.h */
162