-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add abstract Session Resumption Storage base class (#18021)
* Add abstract Session Resumption Storage base class The SessionResumptionStorage class has some pure virtual methods, but still includes concrete implementation. The intended usage is for inheriting classes to provide implementation of some of the lower-level storage interfaces, which can for instance allow for different types of fifo behavior. The SimpleSessionResumptionStorage is an example of an inheriting implementation. The problem is that the concrete implementation in the base class assumes and requires organization of session resumption data across three separate kvstore tables. This precludes atomic storage of session resumption data, which may not be acceptable in some implementations. This commit adds an abstract session resumption storage base class so that implementations can fully control session resumption storage behavior. Testing: An AbstractSessionResumptionStorage test is added to TestCASESession. This tests the public interface that was previously defined by SessionResumptionStorage, but for which there was not existing coverage. * per tcarmelveilleux, change class naming scheme * per tcarmelveilleux, add Delete method to base class interface * per tcarmelveilleux, add ReomveFabric method * per tcarmelveilleux, s/RemoveFabric/DeleteAll, no Delete(node) in base class interface * fix out-of-bounds memmove * fix CI breakage * updates per bzbarsky
- Loading branch information
1 parent
a5bcefe
commit 4458517
Showing
10 changed files
with
634 additions
and
67 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71 changes: 71 additions & 0 deletions
71
src/protocols/secure_channel/DefaultSessionResumptionStorage.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
/* | ||
* Copyright (c) 2022 Project CHIP Authors | ||
* All rights reserved. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
#pragma once | ||
|
||
#include <protocols/secure_channel/SessionResumptionStorage.h> | ||
|
||
namespace chip { | ||
|
||
/** | ||
* @brief Stores assets for session resumption. The resumption data are indexed by 2 indexes: ScopedNodeId and ResumptionId. The | ||
* index of ScopedNodeId is used when initiating a CASE session, it will look up the storage and check whether it is able to | ||
* resume a previous session. The index of ResumptionId is used when receiving a Sigma1 with ResumptionId. | ||
* | ||
* The implementation saves 2 maps: | ||
* * <FabricIndex, PeerNodeId> => <ResumptionId, ShareSecret, PeerCATs> | ||
* * <ResumptionId> => <FabricIndex, PeerNodeId> | ||
*/ | ||
class DefaultSessionResumptionStorage : public SessionResumptionStorage | ||
{ | ||
public: | ||
using ResumptionIdView = FixedSpan<uint8_t, kResumptionIdSize>; | ||
|
||
struct SessionIndex | ||
{ | ||
size_t mSize; | ||
ScopedNodeId mNodes[CHIP_CONFIG_CASE_SESSION_RESUME_CACHE_SIZE]; | ||
}; | ||
|
||
virtual ~DefaultSessionResumptionStorage() {} | ||
|
||
CHIP_ERROR FindByScopedNodeId(const ScopedNodeId & node, ResumptionIdStorage & resumptionId, | ||
Crypto::P256ECDHDerivedSecret & sharedSecret, CATValues & peerCATs) override; | ||
CHIP_ERROR FindByResumptionId(ConstResumptionIdView resumptionId, ScopedNodeId & node, | ||
Crypto::P256ECDHDerivedSecret & sharedSecret, CATValues & peerCATs) override; | ||
CHIP_ERROR FindNodeByResumptionId(ConstResumptionIdView resumptionId, ScopedNodeId & node); | ||
CHIP_ERROR Save(const ScopedNodeId & node, ConstResumptionIdView resumptionId, | ||
const Crypto::P256ECDHDerivedSecret & sharedSecret, const CATValues & peerCATs) override; | ||
CHIP_ERROR Delete(const ScopedNodeId & node); | ||
CHIP_ERROR DeleteAll(FabricIndex fabricIndex) override; | ||
|
||
protected: | ||
CHIP_ERROR virtual SaveIndex(const SessionIndex & index) = 0; | ||
CHIP_ERROR virtual LoadIndex(SessionIndex & index) = 0; | ||
|
||
CHIP_ERROR virtual SaveLink(ConstResumptionIdView resumptionId, const ScopedNodeId & node) = 0; | ||
CHIP_ERROR virtual LoadLink(ConstResumptionIdView resumptionId, ScopedNodeId & node) = 0; | ||
CHIP_ERROR virtual DeleteLink(ConstResumptionIdView resumptionId) = 0; | ||
|
||
CHIP_ERROR virtual SaveState(const ScopedNodeId & node, ConstResumptionIdView resumptionId, | ||
const Crypto::P256ECDHDerivedSecret & sharedSecret, const CATValues & peerCATs) = 0; | ||
CHIP_ERROR virtual LoadState(const ScopedNodeId & node, ResumptionIdStorage & resumptionId, | ||
Crypto::P256ECDHDerivedSecret & sharedSecret, CATValues & peerCATs) = 0; | ||
CHIP_ERROR virtual DeleteState(const ScopedNodeId & node) = 0; | ||
}; | ||
|
||
} // namespace chip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.