Adding Asynchronous API on mbedtls
Hey All Is there any way to achieve something like OpenSSL's bio pair
We are trying to add callback based asynchronous API in mbedtls where we handled the Network IO separately and fed the tls state machine with networked received data and tls engine processed it and call us back when the data is ready. This will be useful with network lib like libuv.
A glimpse of work(WIP) with openssl can be seen at https://github.com/deleisha/libuv-tls
Is ther any way to achieve this?
Pardon me if I have posted in the wrong forum. Am I supposed to post it in "Crypto and SSL questions" ?
and expecting a response.
We would like to add async API's for TLS I/O for mbedtls so that it can be inegrated easily with libraries like libevent, libuv and libev.
It should be fairly easy to do. In our applications, we have an SSLEngine class which has an implementation using the JSSE SSLEngine class (https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html), and an implementation using mbedTLS for non-Java platforms, which sounds just like you're describing.
You can certainly do non-blocking I/O with mbedTLS, you just pass in your read and write callbacks with mbedtls_ssl_set_bio(). You can then feed data to mbedTLS from an event callback by calling mbedtls_ssl_read(), and when that invokes your read callback you feed it the data you want to unwrap. In turn, when you want to wrap data, you write it using mbedtls_ssl_write, and dump the data in your write buffer for asynchronous writing later.
As Nicholas said, I believe our API allows to create what you want by providing adequate callback to the SSL layer and calling
mbedtls_ssl_read() when data is available. We're in the process of developing such an asynchronous API for TLS in mbed OS using the same ideas explained by Nicholas and it's working fine.
Thanks Nicholas and Manuel Pégourié-Gonnard.
I am pretty much new to mbedtls. So my thought and knowledge might be very limited. Correct me if I am wrong.
yes, mbedtls effectively seems to handle asynchronous with supplied socket. First glance seems to suggest that mbedtls internally handle the network IO.
Our use case is that we want to handle the network IO separately by libuv. We would like to feed the wrapped data to mbedtls ourselves and mbedtls does processing and once it has unwrapped data, give us a callback.
Is there any way to handle this effectively?
Oh, Yes After reading code a bit more, We realised mbedtls_set_bio will work for us.