Skip to content

Commit

Permalink
fix(modem): TLS example: Added restore session support in mbedtls-wrap
Browse files Browse the repository at this point in the history
Reusable component in modem_tcp_client example implements a simple
mbedtls wrapper. This update add support for mbedtls deinit() and for
saving and restoring TLS session.
  • Loading branch information
david-cermak committed Nov 20, 2023
1 parent 7faa974 commit 4135652
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@
#pragma once

#include <utility>
#include <memory>
#include <span>
#include <optional>
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
Expand All @@ -22,6 +24,7 @@ class Tls {
Tls();
virtual ~Tls();
bool init(is_server server, do_verify verify);
bool deinit();
int handshake();
int write(const unsigned char *buf, size_t len);
int read(unsigned char *buf, size_t len);
Expand All @@ -41,12 +44,18 @@ class Tls {
mbedtls_entropy_context entropy_{};
virtual void delay() {}

bool set_session();
bool get_session();
void reset_session();
bool is_session_loaded();

private:
static void print_error(const char *function, int error_code);
static int bio_write(void *ctx, const unsigned char *buf, size_t len);
static int bio_read(void *ctx, unsigned char *buf, size_t len);
int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen);
std::optional<mbedtls_ssl_session*> session_{};

};
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,16 @@ bool Tls::init(is_server server, do_verify verify)
return true;
}

bool Tls::deinit()
{
::mbedtls_ssl_config_free(&conf_);
::mbedtls_ssl_free(&ssl_);
::mbedtls_pk_free(&pk_key_);
::mbedtls_x509_crt_free(&public_cert_);
::mbedtls_x509_crt_free(&ca_cert_);
return true;
}

void Tls::print_error(const char *function, int error_code)
{
static char error_buf[100];
Expand Down Expand Up @@ -126,9 +136,55 @@ size_t Tls::get_available_bytes()

Tls::~Tls()
{
reset_session();
::mbedtls_ssl_config_free(&conf_);
::mbedtls_ssl_free(&ssl_);
::mbedtls_pk_free(&pk_key_);
::mbedtls_x509_crt_free(&public_cert_);
::mbedtls_x509_crt_free(&ca_cert_);
}

bool Tls::get_session()
{
if (!session_) {
session_ = new (std::nothrow) mbedtls_ssl_session;
if (!session_) {
printf("session creation failed\n");
}
::mbedtls_ssl_session_init(session_.value());
}
int ret = ::mbedtls_ssl_get_session(&ssl_, session_.value());
if (ret != 0) {
print_error("mbedtls_ssl_get_session() failed", ret);
return false;
}
return true;
}

bool Tls::set_session()
{
if (!session_) {
printf("session hasn't been initialized");
return false;
}
int ret = mbedtls_ssl_set_session(&ssl_, session_.value());
if (ret != 0) {
print_error("mbedtls_ssl_set_session() failed", ret);
return false;
}
return true;
}

void Tls::reset_session()
{
if (session_) {
::mbedtls_ssl_session_free(*session_);
delete session_.value();
session_ = std::nullopt;
}
}

bool Tls::is_session_loaded()
{
return session_.has_value();
}

0 comments on commit 4135652

Please sign in to comment.