Line data Source code
1 : /*
2 : * Copyright (c) 2022 Project CHIP Authors
3 : * All rights reserved.
4 : *
5 : * Licensed under the Apache License, Version 2.0 (the "License");
6 : * you may not use this file except in compliance with the License.
7 : * You may obtain a copy of the License at
8 : *
9 : * http://www.apache.org/licenses/LICENSE-2.0
10 : *
11 : * Unless required by applicable law or agreed to in writing, software
12 : * distributed under the License is distributed on an "AS IS" BASIS,
13 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 : * See the License for the specific language governing permissions and
15 : * limitations under the License.
16 : */
17 :
18 : #pragma once
19 :
20 : #include <crypto/CHIPCryptoPAL.h>
21 : #include <lib/core/CASEAuthTag.h>
22 : #include <lib/core/ScopedNodeId.h>
23 :
24 : namespace chip {
25 :
26 : /**
27 : * @brief Interface to store and recover assets for session resumption. The
28 : * resumption data are indexed by 2 parameters: ScopedNodeId and
29 : * ResumptionId. The index on ScopedNodeId is used when initiating a CASE
30 : * session. It allows the caller to query storage to check whether there is a
31 : * previous session with the given peer for which session resumption may be
32 : * attempted. The index on ResumptionId is used when receiving a Sigma1 with
33 : * ResumptionId.
34 : *
35 : */
36 : class SessionResumptionStorage
37 : {
38 : public:
39 : static constexpr size_t kResumptionIdSize = 16;
40 : using ResumptionIdStorage = std::array<uint8_t, kResumptionIdSize>;
41 : using ConstResumptionIdView = FixedSpan<const uint8_t, kResumptionIdSize>;
42 :
43 1 : virtual ~SessionResumptionStorage(){};
44 :
45 : /**
46 : * Recover session resumption ID, shared secret and CAT values for a given
47 : * fabric-scoped node identity.
48 : *
49 : * @param node the node for which to recover session resumption information
50 : * @param resumptionId (out) recovered session resumption ID
51 : * @param sharedSecret (out) recovered session shared secret
52 : * @param peerCATs (out) recovered CATs for the session peer
53 : * @return CHIP_NO_ERROR on success, CHIP_ERROR_KEY_NOT_FOUND if no session resumption information can be found, else an
54 : * appropriate CHIP error on failure
55 : */
56 : virtual CHIP_ERROR FindByScopedNodeId(const ScopedNodeId & node, ResumptionIdStorage & resumptionId,
57 : Crypto::P256ECDHDerivedSecret & sharedSecret, CATValues & peerCATs) = 0;
58 : /**
59 : * Recover session shared secret, fabric-scoped node identity and CAT values
60 : * for a given session resumption ID.
61 : *
62 : * @param resumptionId the session resumption ID for which to recover session resumption information
63 : * @param node (out) the peer node associated with the session resumption ID
64 : * @param sharedSecret (out) recovered session shared secret
65 : * @param peerCATs (out) recovered CATs for the session peer
66 : * @return CHIP_NO_ERROR on success, CHIP_ERROR_KEY_NOT_FOUND if no session resumption information can be found, else an
67 : * appropriate CHIP error on failure
68 : */
69 : virtual CHIP_ERROR FindByResumptionId(ConstResumptionIdView resumptionId, ScopedNodeId & node,
70 : Crypto::P256ECDHDerivedSecret & sharedSecret, CATValues & peerCATs) = 0;
71 : /**
72 : * Save session resumption information to storage.
73 : *
74 : * @param resumptionId the session resumption ID for the current session
75 : * @param node the peer node for the session
76 : * @param sharedSecret the session shared secret
77 : * @param peerCATs the CATs of the session peer
78 : * @return CHIP_NO_ERROR on success, else an appropriate CHIP error on failure
79 : */
80 : virtual CHIP_ERROR Save(const ScopedNodeId & node, ConstResumptionIdView resumptionId,
81 : const Crypto::P256ECDHDerivedSecret & sharedSecret, const CATValues & peerCATs) = 0;
82 :
83 : /**
84 : * Remove all session resumption information associated with the specified
85 : * fabric index. If no entries for the fabric index exist, this is a no-op
86 : * and is considered successful.
87 : *
88 : * @param fabricIndex the index of the fabric for which to remove session resumption information
89 : * @return CHIP_NO_ERROR on success, else an appropriate CHIP error on failure
90 : */
91 : virtual CHIP_ERROR DeleteAll(FabricIndex fabricIndex) = 0;
92 : };
93 :
94 : } // namespace chip
|
