Skip to content

Commit

Permalink
net: lwm2m_client_utils: Purge DTLS sessions
Browse files Browse the repository at this point in the history 
Purge DTLS sessions on boot, bootstrap and when new
PSK keys are written.

Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
  • Loading branch information
@SeppoTakalo @rlubos
SeppoTakalo authored and rlubos committed Aug 17, 2023
1 parent bd807a4 commit c4b4e4d
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 0 deletions.
17 changes: 17 additions & 0 deletions subsys/net/lib/lwm2m_client_utils/lwm2m/lwm2m_security.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ enum security_mode {
};

static struct modem_mode_change mm;
static bool purge_sessions;

int lwm2m_modem_mode_cb(enum lte_lc_func_mode new_mode, void *user_data)
{
Expand Down Expand Up @@ -267,6 +268,7 @@ static int load_credentials_to_modem(struct lwm2m_ctx *ctx)

if (ctx->bootstrap_mode) {
ctx->tls_tag = CONFIG_LWM2M_CLIENT_UTILS_BOOTSTRAP_TLS_TAG;
purge_sessions = true;
} else {
ctx->tls_tag = CONFIG_LWM2M_CLIENT_UTILS_SERVER_TLS_TAG;
}
Expand Down Expand Up @@ -338,6 +340,8 @@ static int load_credentials_to_modem(struct lwm2m_ctx *ctx)
have_permanently_stored_keys = true;
}

purge_sessions = true;

out:
LOG_INF("Requesting LTE and GNSS online");

Expand Down Expand Up @@ -684,6 +688,18 @@ static int set_socketoptions(struct lwm2m_ctx *ctx)
{
int ret;

if (purge_sessions) {
int purge = 1;

ret = zsock_setsockopt(ctx->sock_fd, SOL_TLS, NRF_SO_SEC_SESSION_CACHE_PURGE,
&purge, sizeof(purge));
if (ret) {
/* This is non-fatal, so just log it and continue */
LOG_ERR("Failed to purge DTLS session cache");
}
purge_sessions = false;
}

if (IS_ENABLED(CONFIG_LWM2M_CLIENT_UTILS_DTLS_CID)) {
/* Enable CID */
uint32_t dtls_cid = NRF_SO_SEC_DTLS_CID_ENABLED;
Expand All @@ -705,6 +721,7 @@ int lwm2m_init_security(struct lwm2m_ctx *ctx, char *endpoint, struct modem_mode
have_permanently_stored_keys = false;
bootstrap_settings_loaded_inst = -1;
loading_in_progress = false;
purge_sessions = true;

/* Restore the default if not a callback function */
if (!mmode) {
Expand Down
1 change: 1 addition & 0 deletions tests/subsys/net/lib/lwm2m_client_utils/src/stubs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,3 +108,4 @@ DEFINE_FAKE_VALUE_FUNC(int, at_params_unsigned_short_get, const struct at_param_
DEFINE_FAKE_VALUE_FUNC_VARARG(int, nrf_modem_at_cmd_async, nrf_modem_at_resp_handler_t,
const char *, ...);
DEFINE_FAKE_VALUE_FUNC(int, at_params_list_init, struct at_param_list *, size_t);
DEFINE_FAKE_VALUE_FUNC(int, z_impl_zsock_setsockopt, int, int, int, const void *, socklen_t);
2 changes: 2 additions & 0 deletions tests/subsys/net/lib/lwm2m_client_utils/src/stubs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ DECLARE_FAKE_VALUE_FUNC(int, at_params_unsigned_short_get, const struct at_param
DECLARE_FAKE_VALUE_FUNC_VARARG(int, nrf_modem_at_cmd_async, nrf_modem_at_resp_handler_t,
const char *, ...);
DECLARE_FAKE_VALUE_FUNC(int, at_params_list_init, struct at_param_list *, size_t);
DECLARE_FAKE_VALUE_FUNC(int, z_impl_zsock_setsockopt, int, int, int, const void *, socklen_t);

/* List of fakes used by this unit tester */
#define DO_FOREACH_FAKE(FUNC) do { \
Expand Down Expand Up @@ -175,6 +176,7 @@ DECLARE_FAKE_VALUE_FUNC(int, at_params_list_init, struct at_param_list *, size_t
FUNC(at_params_unsigned_short_get) \
FUNC(nrf_modem_at_cmd_async) \
FUNC(at_params_list_init) \
FUNC(z_impl_zsock_setsockopt) \
} while (0)

#endif

0 comments on commit c4b4e4d

Please sign in to comment.