[secure-transport] track server/client role in mIsServer (openthrea…

…d#11021) This commit adds a local member variable `mIsServer` to the `SecureTransport` class to track whether it is configured to act as a server or client.
espressif · Dec 10, 2024 · fe7d34f · fe7d34f
1 parent b37b15b
commit fe7d34f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/src/core/meshcop/secure_transport.cpp b/src/core/meshcop/secure_transport.cpp
@@ -79,6 +79,7 @@ SecureTransport::SecureTransport(Instance &aInstance, LinkSecurityMode aLayerTwo
     : InstanceLocator(aInstance)
     , mLayerTwoSecurity(aLayerTwoSecurity)
     , mDatagramTransport(aDatagramTransport)
+    , mIsServer(true)
     , mTimerSet(false)
     , mVerifyPeerCertificate(true)
     , mState(kStateClosed)
@@ -179,7 +180,9 @@ Error SecureTransport::Connect(const Ip6::SockAddr &aSockAddr)
     mMessageInfo.SetPeerAddr(aSockAddr.GetAddress());
     mMessageInfo.SetPeerPort(aSockAddr.mPort);
 
-    error = Setup(true);
+    mIsServer = false;
+
+    error = Setup();
 
 exit:
     return error;
@@ -203,7 +206,7 @@ void SecureTransport::HandleReceive(Message &aMessage, const Ip6::MessageInfo &a
         mMessageInfo.SetSockAddr(aMessageInfo.GetSockAddr());
         mMessageInfo.SetSockPort(aMessageInfo.GetSockPort());
 
-        SuccessOrExit(Setup(false));
+        SuccessOrExit(Setup());
     }
     else
     {
@@ -234,6 +237,7 @@ Error SecureTransport::Bind(uint16_t aPort)
     VerifyOrExit(!mTransportCallback.IsSet(), error = kErrorAlready);
 
     SuccessOrExit(error = mSocket.Bind(aPort));
+    mIsServer = true;
 
 exit:
     return error;
@@ -248,12 +252,13 @@ Error SecureTransport::Bind(TransportCallback aCallback, void *aContext)
     VerifyOrExit(!mTransportCallback.IsSet(), error = kErrorAlready);
 
     mTransportCallback.Set(aCallback, aContext);
+    mIsServer = true;
 
 exit:
     return error;
 }
 
-Error SecureTransport::Setup(bool aClient)
+Error SecureTransport::Setup(void)
 {
     int rval;
 
@@ -270,7 +275,7 @@ Error SecureTransport::Setup(bool aClient)
     mbedtls_ssl_config_init(&mConf);
 
     rval = mbedtls_ssl_config_defaults(
-        &mConf, aClient ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
+        &mConf, mIsServer ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT,
         mDatagramTransport ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
     VerifyOrExit(rval == 0);
 
@@ -361,7 +366,7 @@ Error SecureTransport::Setup(bool aClient)
     {
         mbedtls_ssl_cookie_init(&mCookieCtx);
 
-        if (!aClient)
+        if (mIsServer)
         {
             rval = mbedtls_ssl_cookie_setup(&mCookieCtx, Crypto::MbedTls::CryptoSecurePrng, nullptr);
             VerifyOrExit(rval == 0);

diff --git a/src/core/meshcop/secure_transport.hpp b/src/core/meshcop/secure_transport.hpp
@@ -560,7 +560,7 @@ class SecureTransport : public InstanceLocator
     void SetState(State aState);
 
     void  FreeMbedtls(void);
-    Error Setup(bool aClient);
+    Error Setup(void);
 
     static bool IsMbedtlsHandshakeOver(mbedtls_ssl_context *aSslContext);
 
@@ -644,6 +644,7 @@ class SecureTransport : public InstanceLocator
 
     bool                        mLayerTwoSecurity : 1;
     bool                        mDatagramTransport : 1;
+    bool                        mIsServer : 1;
     bool                        mTimerSet : 1;
     bool                        mVerifyPeerCertificate : 1;
     State                       mState;