• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 
16 #ifndef SESSION_MGR_H
17 #define SESSION_MGR_H
18 
19 #include <stdint.h>
20 #include <stdbool.h>
21 #include "hitls_build.h"
22 #include "hitls.h"
23 #include "tls.h"
24 #include "session.h"
25 #include "tls_config.h"
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
31 /* Application */
32 TLS_SessionMgr *SESSMGR_New(HITLS_Lib_Ctx *libCtx);
33 
34 /* Copy the number of references and increase the number of references by 1 */
35 TLS_SessionMgr *SESSMGR_Dup(TLS_SessionMgr *mgr);
36 
37 /* Release */
38 void SESSMGR_Free(TLS_SessionMgr *mgr);
39 
40 /* Configure the timeout period */
41 void SESSMGR_SetTimeout(TLS_SessionMgr *mgr, uint64_t sessTimeout);
42 
43 /* Obtain the timeout configuration */
44 uint64_t SESSMGR_GetTimeout(TLS_SessionMgr *mgr);
45 
46 /* Set the mode */
47 void SESSMGR_SetCacheMode(TLS_SessionMgr *mgr, HITLS_SESS_CACHE_MODE mode);
48 
49 /* Set the mode: Ensure that the pointer is not null */
50 HITLS_SESS_CACHE_MODE SESSMGR_GetCacheMode(TLS_SessionMgr *mgr);
51 
52 /* Set the maximum number of cache sessions */
53 void SESSMGR_SetCacheSize(TLS_SessionMgr *mgr, uint32_t sessCacheSize);
54 
55 /* Set the maximum number of cached sessions. Ensure that the pointer is not null */
56 uint32_t SESSMGR_GetCacheSize(TLS_SessionMgr *mgr);
57 
58 /* add */
59 void SESSMGR_InsertSession(TLS_SessionMgr *mgr, HITLS_Session *sess, bool isClient);
60 
61 /* Find the matching session and verify the validity of the session (time) */
62 HITLS_Session *SESSMGR_Find(TLS_SessionMgr *mgr, uint8_t *sessionId, uint8_t sessionIdSize);
63 
64 /* Search for the matching session without checking the validity of the session (time) */
65 bool SESSMGR_HasMacthSessionId(TLS_SessionMgr *mgr, uint8_t *sessionId, uint8_t sessionIdSize);
66 
67 /* Clear timeout sessions */
68 void SESSMGR_ClearTimeout(TLS_SessionMgr *mgr);
69 
70 /* Generate session IDs to prevent duplicate session IDs */
71 int32_t SESSMGR_GernerateSessionId(TLS_Ctx *ctx, uint8_t *sessionId, uint32_t sessionIdSize);
72 
73 void SESSMGR_SetTicketKeyCb(TLS_SessionMgr *mgr, HITLS_TicketKeyCb ticketKeyCb);
74 
75 HITLS_TicketKeyCb SESSMGR_GetTicketKeyCb(TLS_SessionMgr *mgr);
76 
77 /**
78  * @brief   Obtain the default ticket key of the HITLS. The key is used to encrypt and decrypt the ticket
79  *          in the new session ticket when the HITLS_TicketKeyCb callback function is not set.
80  *
81  * @attention The returned key value is as follows: 16-bytes key name + 32-bytes AES key + 32-bytes HMAC key
82  *
83  * @param   mgr [IN] Session management context
84  * @param   key [OUT] Obtained ticket key
85  * @param   keySize [IN] Size of the key array
86  * @param   outSize [OUT] Size of the obtained ticket key
87  *
88  * @retval  HITLS_SUCCESS
89  * @retval  For other error codes, see hitls_error.h
90  */
91 int32_t SESSMGR_GetTicketKey(const TLS_SessionMgr *mgr, uint8_t *key, uint32_t keySize, uint32_t *outSize);
92 
93 /**
94  * @brief   Set the default ticket key of the HITLS. The key is used to encrypt and decrypt tickets
95  *          in the new session ticket when the HITLS_TicketKeyCb callback function is not set.
96  *
97  * @attention The returned key value is as follows: 16-bytes key name + 32-bytes AES key + 32-bytes HMAC key
98  *
99  * @param   mgr [OUT] Session management context
100  * @param   key [IN] Ticket key to be set
101  * @param   keySize [IN] Size of the ticket key
102  *
103  * @retval  HITLS_SUCCESS
104  * @retval  For other error codes, see hitls_error.h
105  */
106 int32_t SESSMGR_SetTicketKey(TLS_SessionMgr *mgr, const uint8_t *key, uint32_t keySize);
107 
108 /**
109  * @brief   Encrypt the session ticket, which is invoked when a new session ticket is sent
110  *
111  * @param   sessMgr [IN] Session management context
112  * @param   sess [IN] sess structure, used to generate ticket data
113  * @param   ticketBuf [OUT] ticket. The return value may be empty, that is, an empty new session ticket message is sent
114  * @param   ticketBufSize [IN] Size of the ticketBuf
115  *
116  * @retval  HITLS_SUCCESS
117  * @retval  For other error codes, see hitls_error.h
118  */
119 int32_t SESSMGR_EncryptSessionTicket(TLS_Ctx *ctx, const TLS_SessionMgr *sessMgr, const HITLS_Session *sess, uint8_t **ticketBuf,
120     uint32_t *ticketBufSize);
121 
122 /**
123  * @brief   Decrypt the session ticket. This interface is invoked when the session ticket of the clientHello is received
124  *
125  * @attention The output parameters are as follows:
126  *            If the sess field is empty and the ticketExcept field is set to true, the new session ticket message
127  *            is sent but the session is not resumed
128  *            If the sess field is empty and the ticketExcept field is false, the session is not resumed
129  *            and the new session ticket message is not sent
130  *            If sess is not empty and ticketExcept is true, the session is resumed and
131  *            a new session ticket message is sent, which means the session ticket is renewed
132  *            If sess is not empty and ticketExcept is false,
133  *            the session is resumed and the new session ticket message is not sent
134  *
135  * @param   sessMgr [IN] Session management context
136  * @param   sess [OUT] Session structure generated by the ticket. The return value may be empty,
137  *          so that, the corresponding session cannot be generated and the session cannot be resumed
138  * @param   ticketBuf [IN] ticket data
139  * @param   ticketBufSize [IN] Ticket data size
140  * @param   isTicketExcept [OUT] Indicates whether to send a new session ticket.
141  *          The options are as follows: true: yes; false: no.
142  *
143  * @retval  HITLS_SUCCESS
144  * @retval  For other error codes, see hitls_error.h
145  */
146 int32_t SESSMGR_DecryptSessionTicket(HITLS_Lib_Ctx *libCtx, const char *attrName,
147     const TLS_SessionMgr *sessMgr, HITLS_Session **sess, const uint8_t *ticketBuf,
148     uint32_t ticketBufSize, bool *isTicketExcept);
149 
150 #ifdef __cplusplus
151 }
152 #endif
153 
154 #endif // SESSION_MGR_H
155