Added support for client session tickets in esp-tls (with mbedtls)

* client session tickets for individual tls connections are supported
* reorganize the esp-tls error codes.
* Update esp_err_to_name.c
* Fix styling

components/esp-tls/esp_tls_mbedtls.c

@@ -44,7 +44,6 @@ static esp_err_t esp_mbedtls_init_pk_ctx_for_ds(const void *pki);
 static const char *TAG = "esp-tls-mbedtls";
 static mbedtls_x509_crt *global_cacert = NULL;
 
-
 /* This function shall return the error message when appropriate log level has been set, otherwise this function shall do nothing */
 static void mbedtls_print_error_msg(int error)
 {
@@ -132,12 +131,48 @@ exit:
 
 }
 
+#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
+esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls)
+{
+    if (tls == NULL) {
+        ESP_LOGE(TAG, "esp_tls session context cannot be NULL");
+        return NULL;
+    }
+
+    esp_tls_client_session_t *client_session = (esp_tls_client_session_t*)calloc(1, sizeof(esp_tls_client_session_t));
+    if (client_session == NULL) {
+        ESP_LOGE(TAG, "Failed to allocate memory for client session ctx");
+        return NULL;
+    }
+
+    int ret = mbedtls_ssl_get_session(&tls->ssl, &(client_session->saved_session));
+    if (ret != 0) {
+        ESP_LOGE(TAG, "Error in obtaining the client ssl session");
+        mbedtls_print_error_msg(ret);
+        free(client_session);
+        return NULL;
+    }
+
+    return client_session;
+}
+#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
+
 int esp_mbedtls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
 {
     int ret;
+#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
+    if (cfg->client_session != NULL) {
+        ESP_LOGD(TAG, "Reusing the already saved client session context");
+        if ((ret = mbedtls_ssl_set_session(&tls->ssl, &(cfg->client_session->saved_session))) != 0 ) {
+            ESP_LOGE(TAG, " mbedtls_ssl_conf_session returned -0x%04X", -ret);
+            return -1;
+        }
+    }
+#endif
     ret = mbedtls_ssl_handshake(&tls->ssl);
     if (ret == 0) {
         tls->conn_state = ESP_TLS_DONE;
+
 #ifdef CONFIG_ESP_TLS_USE_DS_PERIPHERAL
         esp_ds_release_ds_lock();
 #endif
@@ -370,7 +405,7 @@ static esp_err_t set_global_ca_store(esp_tls_t *tls)
 
 #ifdef CONFIG_ESP_TLS_SERVER
 #ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
-int esp_mbedtls_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
+int esp_mbedtls_server_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
 {
     int ret = mbedtls_ssl_ticket_write(p_ticket, session, start, end, tlen, lifetime);
 #ifndef NDEBUG
@@ -382,7 +417,7 @@ int esp_mbedtls_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *
     return ret;
 }
 
-int esp_mbedtls_session_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
+int esp_mbedtls_server_session_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len)
 {
     int ret = mbedtls_ssl_ticket_parse(p_ticket, session, buf, len);
 #ifndef NDEBUG
@@ -394,7 +429,7 @@ int esp_mbedtls_session_ticket_parse(void *p_ticket, mbedtls_ssl_session *sessio
     return ret;
 }
 
-esp_err_t esp_mbedtls_session_ticket_ctx_init(esp_tls_session_ticket_ctx_t *ctx)
+esp_err_t esp_mbedtls_server_session_ticket_ctx_init(esp_tls_server_session_ticket_ctx_t *ctx)
 {
     if (!ctx) {
         return ESP_ERR_INVALID_ARG;
@@ -403,26 +438,31 @@ esp_err_t esp_mbedtls_session_ticket_ctx_init(esp_tls_session_ticket_ctx_t *ctx)
     mbedtls_entropy_init(&ctx->entropy);
     mbedtls_ssl_ticket_init(&ctx->ticket_ctx);
     int ret;
+    esp_err_t esp_ret;
     if ((ret = mbedtls_ctr_drbg_seed(&ctx->ctr_drbg,
-                                     mbedtls_entropy_func, &ctx->entropy, NULL, 0)) != 0) {
+                    mbedtls_entropy_func, &ctx->entropy, NULL, 0)) != 0) {
         ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned -0x%04X", -ret);
         mbedtls_print_error_msg(ret);
-        return ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED;
+        esp_ret = ESP_ERR_MBEDTLS_CTR_DRBG_SEED_FAILED;
+        goto exit;
     }
 
-    if( ( ret = mbedtls_ssl_ticket_setup( &ctx->ticket_ctx,
+    if((ret = mbedtls_ssl_ticket_setup(&ctx->ticket_ctx,
                     mbedtls_ctr_drbg_random, &ctx->ctr_drbg,
                     MBEDTLS_CIPHER_AES_256_GCM,
-                    CONFIG_ESP_TLS_SERVER_SESSION_TICKET_TIMEOUT ) ) != 0 )
-        {
-            ESP_LOGE(TAG, "mbedtls_ssl_ticket_setup returned -0x%04X", -ret);
-            mbedtls_print_error_msg(ret);
-            return ESP_ERR_MBEDTLS_SSL_SESSION_TICKET_SETUP_FAILED;
-        }
+                    CONFIG_ESP_TLS_SERVER_SESSION_TICKET_TIMEOUT)) != 0) {
+        ESP_LOGE(TAG, "mbedtls_ssl_ticket_setup returned -0x%04X", -ret);
+        mbedtls_print_error_msg(ret);
+        esp_ret = ESP_ERR_MBEDTLS_SSL_TICKET_SETUP_FAILED;
+        goto exit;
+    }
     return ESP_OK;
+exit:
+    esp_mbedtls_server_session_ticket_ctx_free(ctx);
+    return esp_ret;
 }
 
-void esp_mbedtls_session_ticket_ctx_free(esp_tls_session_ticket_ctx_t *ctx)
+void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ctx_t *ctx)
 {
     if (ctx) {
         mbedtls_ssl_ticket_free(&ctx->ticket_ctx);
@@ -489,8 +529,8 @@ esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
         ESP_LOGD(TAG, "Enabling server-side tls session ticket support");
 
         mbedtls_ssl_conf_session_tickets_cb( &tls->conf,
-                esp_mbedtls_session_ticket_write,
-                esp_mbedtls_session_ticket_parse,
+                esp_mbedtls_server_session_ticket_write,
+                esp_mbedtls_server_session_ticket_parse,
                 &cfg->ticket_ctx->ticket_ctx );
     }
 #endif
@@ -554,6 +594,13 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
 #endif
     }
 
+#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
+    ESP_LOGD(TAG, "Enabling client-side tls session ticket support");
+    mbedtls_ssl_conf_session_tickets(&tls->conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
+    mbedtls_ssl_conf_renegotiation(&tls->conf, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+
+#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
+
     if (cfg->crt_bundle_attach != NULL) {
 #ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
         ESP_LOGD(TAG, "Use certificate bundle");
@@ -590,6 +637,10 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
 #else
         ESP_LOGE(TAG, "psk_hint_key configured but not enabled in menuconfig: Please enable ESP_TLS_PSK_VERIFICATION option");
         return ESP_ERR_INVALID_STATE;
+#endif
+#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
+    } else if (cfg->client_session != NULL) {
+        ESP_LOGD(TAG, "Resuing the saved client session");
 #endif
     } else {
 #ifdef CONFIG_ESP_TLS_SKIP_SERVER_CERT_VERIFY