From fe7d34f9d8383268f133edcbf50e36515aa75e50 Mon Sep 17 00:00:00 2001 From: Abtin Keshavarzian Date: Mon, 9 Dec 2024 18:38:23 -0800 Subject: [PATCH] [secure-transport] track server/client role in `mIsServer` (#11021) This commit adds a local member variable `mIsServer` to the `SecureTransport` class to track whether it is configured to act as a server or client. --- src/core/meshcop/secure_transport.cpp | 15 ++++++++++----- src/core/meshcop/secure_transport.hpp | 3 ++- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/core/meshcop/secure_transport.cpp b/src/core/meshcop/secure_transport.cpp index 18b8787f738..4d48739215a 100644 --- a/src/core/meshcop/secure_transport.cpp +++ b/src/core/meshcop/secure_transport.cpp @@ -79,6 +79,7 @@ SecureTransport::SecureTransport(Instance &aInstance, LinkSecurityMode aLayerTwo : InstanceLocator(aInstance) , mLayerTwoSecurity(aLayerTwoSecurity) , mDatagramTransport(aDatagramTransport) + , mIsServer(true) , mTimerSet(false) , mVerifyPeerCertificate(true) , mState(kStateClosed) @@ -179,7 +180,9 @@ Error SecureTransport::Connect(const Ip6::SockAddr &aSockAddr) mMessageInfo.SetPeerAddr(aSockAddr.GetAddress()); mMessageInfo.SetPeerPort(aSockAddr.mPort); - error = Setup(true); + mIsServer = false; + + error = Setup(); exit: return error; @@ -203,7 +206,7 @@ void SecureTransport::HandleReceive(Message &aMessage, const Ip6::MessageInfo &a mMessageInfo.SetSockAddr(aMessageInfo.GetSockAddr()); mMessageInfo.SetSockPort(aMessageInfo.GetSockPort()); - SuccessOrExit(Setup(false)); + SuccessOrExit(Setup()); } else { @@ -234,6 +237,7 @@ Error SecureTransport::Bind(uint16_t aPort) VerifyOrExit(!mTransportCallback.IsSet(), error = kErrorAlready); SuccessOrExit(error = mSocket.Bind(aPort)); + mIsServer = true; exit: return error; @@ -248,12 +252,13 @@ Error SecureTransport::Bind(TransportCallback aCallback, void *aContext) VerifyOrExit(!mTransportCallback.IsSet(), error = kErrorAlready); mTransportCallback.Set(aCallback, aContext); + mIsServer = true; exit: return error; } -Error SecureTransport::Setup(bool aClient) +Error SecureTransport::Setup(void) { int rval; @@ -270,7 +275,7 @@ Error SecureTransport::Setup(bool aClient) mbedtls_ssl_config_init(&mConf); rval = mbedtls_ssl_config_defaults( - &mConf, aClient ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, + &mConf, mIsServer ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT, mDatagramTransport ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); VerifyOrExit(rval == 0); @@ -361,7 +366,7 @@ Error SecureTransport::Setup(bool aClient) { mbedtls_ssl_cookie_init(&mCookieCtx); - if (!aClient) + if (mIsServer) { rval = mbedtls_ssl_cookie_setup(&mCookieCtx, Crypto::MbedTls::CryptoSecurePrng, nullptr); VerifyOrExit(rval == 0); diff --git a/src/core/meshcop/secure_transport.hpp b/src/core/meshcop/secure_transport.hpp index b8d80190485..78049d41deb 100644 --- a/src/core/meshcop/secure_transport.hpp +++ b/src/core/meshcop/secure_transport.hpp @@ -560,7 +560,7 @@ class SecureTransport : public InstanceLocator void SetState(State aState); void FreeMbedtls(void); - Error Setup(bool aClient); + Error Setup(void); static bool IsMbedtlsHandshakeOver(mbedtls_ssl_context *aSslContext); @@ -644,6 +644,7 @@ class SecureTransport : public InstanceLocator bool mLayerTwoSecurity : 1; bool mDatagramTransport : 1; + bool mIsServer : 1; bool mTimerSet : 1; bool mVerifyPeerCertificate : 1; State mState;