altcp_tls: support for saving/restoring session information

According to mbedTLS source code and documentation, calls to
`mbedtls_ssl_conf_session_cache` and `mbedtls_ssl_conf_session_tickets_cb`
are only available if mbedTLS is configured for server mode (ie. MBEDTLS_SSL_SRV_C
is defined). This cannot be used on client mode to resume a previous session.

To allow session reuse in client mode, application must save session parameters
(including tickets provided by the server if any) after successfull connection
and restore them before attemting to reconnect. Since `alctp_close()` free the
structure, it cannot be used to store the required information.

So, two new API were added, directly wrapped to mbedTLS functions, allow application
to do that by itself.

Also added full declaration of `struct altcp_tls_session` in altcp_tls.h to allow
easier usage in application when using mbedTLS port.
This commit is contained in:
David Girault 2019-02-01 17:56:17 +01:00 committed by Simon Goldschmidt
parent d84a84e5ca
commit f97dacd014
2 changed files with 82 additions and 0 deletions

View File

@ -639,6 +639,44 @@ altcp_tls_wrap(struct altcp_tls_config *config, struct altcp_pcb *inner_pcb)
return ret; return ret;
} }
void
altcp_tls_init_session(struct altcp_tls_session *session)
{
if (session)
mbedtls_ssl_session_init(&session->data);
}
err_t
altcp_tls_get_session(struct altcp_pcb *conn, struct altcp_tls_session *session)
{
if (session && conn && conn->state) {
altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state;
int ret = mbedtls_ssl_get_session(&state->ssl_context, &session->data);
return ret < 0 ? ERR_VAL : ERR_OK;
}
return ERR_ARG;
}
err_t
altcp_tls_set_session(struct altcp_pcb *conn, struct altcp_tls_session *session)
{
if (session && conn && conn->state) {
altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state;
int ret = -1;
if (session->data.start)
ret = mbedtls_ssl_set_session(&state->ssl_context, &session->data);
return ret < 0 ? ERR_VAL : ERR_OK;
}
return ERR_ARG;
}
void
altcp_tls_free_session(struct altcp_tls_session *session)
{
if (session)
mbedtls_ssl_session_free(&session->data);
}
void * void *
altcp_tls_context(struct altcp_pcb *conn) altcp_tls_context(struct altcp_pcb *conn)
{ {

View File

@ -51,6 +51,13 @@
#include "lwip/altcp.h" #include "lwip/altcp.h"
/* check if mbedtls port is enabled */
#include "lwip/apps/altcp_tls_mbedtls_opts.h"
/* allow session structure to be fully defined when using mbedtls port */
#if LWIP_ALTCP_TLS_MBEDTLS
#include "mbedtls/ssl.h"
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -143,6 +150,43 @@ struct altcp_pcb *altcp_tls_alloc(void *arg, u8_t ip_type);
*/ */
void *altcp_tls_context(struct altcp_pcb *conn); void *altcp_tls_context(struct altcp_pcb *conn);
/** @ingroup altcp_tls
* ALTCP_TLS session handle, content depends on port (e.g. mbedtls)
*/
struct altcp_tls_session
#if LWIP_ALTCP_TLS_MBEDTLS
{
mbedtls_ssl_session data;
}
#endif
;
/** @ingroup altcp_tls
* Initialise a TLS session buffer.
* Real type depends on port (e.g. mbedtls use mbedtls_ssl_session)
*/
void altcp_tls_init_session(struct altcp_tls_session *dest);
/** @ingroup altcp_tls
* Save current connected session to reuse it later. Should be called after altcp_connect() succeeded.
* Return error if saving session fail.
* Real type depends on port (e.g. mbedtls use mbedtls_ssl_session)
*/
err_t altcp_tls_get_session(struct altcp_pcb *conn, struct altcp_tls_session *dest);
/** @ingroup altcp_tls
* Restore a previously saved session. Must be called before altcp_connect().
* Return error if cannot restore session.
* Real type depends on port (e.g. mbedtls use mbedtls_ssl_session)
*/
err_t altcp_tls_set_session(struct altcp_pcb *conn, struct altcp_tls_session *from);
/** @ingroup altcp_tls
* Free allocated data inside a TLS session buffer.
* Real type depends on port (e.g. mbedtls use mbedtls_ssl_session)
*/
void altcp_tls_free_session(struct altcp_tls_session *dest);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif