diff mbox series

[1/2] storage: Add TLS session cache file read/write utils

Message ID 20221109170438.535300-1-andrew.zaborowski@intel.com (mailing list archive)
State Accepted, archived
Headers show
Series [1/2] storage: Add TLS session cache file read/write utils | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
prestwoj/iwd-alpine-ci-fetch success Fetch PR
prestwoj/iwd-ci-gitlint success GitLint
prestwoj/iwd-ci-fetch success Fetch PR
prestwoj/iwd-alpine-ci-makedistcheck success Make Distcheck
prestwoj/iwd-alpine-ci-build success Build - Configure
prestwoj/iwd-ci-makedistcheck success Make Distcheck
prestwoj/iwd-ci-build success Build - Configure
prestwoj/iwd-alpine-ci-makecheckvalgrind success Make Check w/Valgrind
prestwoj/iwd-alpine-ci-makecheck success Make Check
prestwoj/iwd-ci-clang success clang PASS
prestwoj/iwd-alpine-ci-incremental_build success Incremental Build with patches
prestwoj/iwd-ci-makecheckvalgrind success Make Check w/Valgrind
prestwoj/iwd-ci-makecheck success Make Check
prestwoj/iwd-ci-incremental_build success Incremental Build with patches
prestwoj/iwd-ci-testrunner success test-runner PASS

Commit Message

Andrew Zaborowski Nov. 9, 2022, 5:04 p.m. UTC 
Add storage_tls_session_cache_{load,sync} similar to
storage_known_frequencies_{load,sync}.
---
 src/storage.c | 35 +++++++++++++++++++++++++++++++++++
 src/storage.h |  3 +++
 2 files changed, 38 insertions(+)

Comments

Denis Kenzior Nov. 9, 2022, 8:32 p.m. UTC | #1 
Hi Andrew,

On 11/9/22 11:04, Andrew Zaborowski wrote:
> Add storage_tls_session_cache_{load,sync} similar to
> storage_known_frequencies_{load,sync}.
> ---
>   src/storage.c | 35 +++++++++++++++++++++++++++++++++++
>   src/storage.h |  3 +++
>   2 files changed, 38 insertions(+)
> 

Applied, thanks.

Regards,
-Denis
diff mbox series

Patch

diff --git a/src/storage.c b/src/storage.c
index d6e478bd..b2c5ed48 100644
--- a/src/storage.c
+++ b/src/storage.c
@@ -53,6 +53,7 @@ 
 #define STORAGE_FILE_MODE (S_IRUSR | S_IWUSR)
 
 #define KNOWN_FREQ_FILENAME ".known_network.freq"
+#define TLS_CACHE_FILENAME ".tls-session-cache"
 
 static char *storage_path = NULL;
 static char *storage_hotspot_path = NULL;
@@ -701,6 +702,40 @@  void storage_known_frequencies_sync(struct l_settings *known_freqs)
 	l_free(known_freq_file_path);
 }
 
+struct l_settings *storage_tls_session_cache_load(void)
+{
+	_auto_(l_settings_free) struct l_settings *cache = l_settings_new();
+	_auto_(l_free) char *tls_cache_file_path =
+		storage_get_path("%s", TLS_CACHE_FILENAME);
+
+	if (unlikely(!l_settings_load_from_file(cache, tls_cache_file_path)))
+		return NULL;
+
+	return l_steal_ptr(cache);
+}
+
+void storage_tls_session_cache_sync(struct l_settings *cache)
+{
+	_auto_(l_free) char *tls_cache_file_path = NULL;
+	_auto_(l_free) char *data = NULL;
+	size_t len;
+
+	if (!cache)
+		return;
+
+	tls_cache_file_path = storage_get_path("%s", TLS_CACHE_FILENAME);
+	data = l_settings_to_data(cache, &len);
+
+	/*
+	 * Note this data contains cryptographic secrets.  write_file()
+	 * happens to set the right permissions on the file.
+	 *
+	 * TODO: consider encrypting with system_key.
+	 */
+	write_file(data, len, false, "%s", tls_cache_file_path);
+	explicit_bzero(data, len);
+}
+
 bool storage_is_file(const char *filename)
 {
 	char *path;
diff --git a/src/storage.h b/src/storage.h
index 6877fb65..fe6ddbf5 100644
--- a/src/storage.h
+++ b/src/storage.h
@@ -51,6 +51,9 @@  int storage_network_remove(enum security type, const char *ssid);
 struct l_settings *storage_known_frequencies_load(void);
 void storage_known_frequencies_sync(struct l_settings *known_freqs);
 
+struct l_settings *storage_tls_session_cache_load(void);
+void storage_tls_session_cache_sync(struct l_settings *cache);
+
 int __storage_decrypt(struct l_settings *settings, const char *ssid,
 				bool *changed);
 char *__storage_encrypt(const struct l_settings *settings, const char *ssid,