1 /**
2  * \file ssl_cache.h
3  *
4  * \brief SSL session cache implementation
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0
9  *
10  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
11  *  not use this file except in compliance with the License.
12  *  You may obtain a copy of the License at
13  *
14  *  http://www.apache.org/licenses/LICENSE-2.0
15  *
16  *  Unless required by applicable law or agreed to in writing, software
17  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  *  See the License for the specific language governing permissions and
20  *  limitations under the License.
21  */
22 #ifndef MBEDTLS_SSL_CACHE_H
23 #define MBEDTLS_SSL_CACHE_H
24 
25 #if !defined(MBEDTLS_CONFIG_FILE)
26 #include "mbedtls/config.h"
27 #else
28 #include MBEDTLS_CONFIG_FILE
29 #endif
30 
31 #include "mbedtls/ssl.h"
32 
33 #if defined(MBEDTLS_THREADING_C)
34 #include "mbedtls/threading.h"
35 #endif
36 
37 /**
38  * \name SECTION: Module settings
39  *
40  * The configuration options you can set for this module are in this section.
41  * Either change them in config.h or define them on the compiler command line.
42  * \{
43  */
44 
45 #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
46 #define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
47 #endif
48 
49 #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
50 #define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
51 #endif
52 
53 /** \} name SECTION: Module settings */
54 
55 #ifdef __cplusplus
56 extern "C" {
57 #endif
58 
59 typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
60 typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
61 
62 /**
63  * \brief   This structure is used for storing cache entries
64  */
65 struct mbedtls_ssl_cache_entry
66 {
67 #if defined(MBEDTLS_HAVE_TIME)
68     mbedtls_time_t timestamp;           /*!< entry timestamp    */
69 #endif
70     mbedtls_ssl_session session;        /*!< entry session      */
71 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
72     defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
73     mbedtls_x509_buf peer_cert;         /*!< entry peer_cert    */
74 #endif
75     mbedtls_ssl_cache_entry *next;      /*!< chain pointer      */
76 };
77 
78 /**
79  * \brief Cache context
80  */
81 struct mbedtls_ssl_cache_context
82 {
83     mbedtls_ssl_cache_entry *chain;     /*!< start of the chain     */
84     int timeout;                /*!< cache entry timeout    */
85     int max_entries;            /*!< maximum entries        */
86 #if defined(MBEDTLS_THREADING_C)
87     mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
88 #endif
89 };
90 
91 /**
92  * \brief          Initialize an SSL cache context
93  *
94  * \param cache    SSL cache context
95  */
96 void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
97 
98 /**
99  * \brief          Cache get callback implementation
100  *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
101  *
102  * \param data     SSL cache context
103  * \param session  session to retrieve entry for
104  */
105 int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session );
106 
107 /**
108  * \brief          Cache set callback implementation
109  *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
110  *
111  * \param data     SSL cache context
112  * \param session  session to store entry for
113  */
114 int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session );
115 
116 #if defined(MBEDTLS_HAVE_TIME)
117 /**
118  * \brief          Set the cache timeout
119  *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
120  *
121  *                 A timeout of 0 indicates no timeout.
122  *
123  * \param cache    SSL cache context
124  * \param timeout  cache entry timeout in seconds
125  */
126 void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
127 #endif /* MBEDTLS_HAVE_TIME */
128 
129 /**
130  * \brief          Set the maximum number of cache entries
131  *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
132  *
133  * \param cache    SSL cache context
134  * \param max      cache entry maximum
135  */
136 void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
137 
138 /**
139  * \brief          Free referenced items in a cache context and clear memory
140  *
141  * \param cache    SSL cache context
142  */
143 void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
144 
145 #ifdef __cplusplus
146 }
147 #endif
148 
149 #endif /* ssl_cache.h */
150