TCP connection setup/management and CASESession association.

Add ConnectToPeer() API for explicit connection setup.
Currently, connecting to a peer is coupled with sending a message to the
peer.
This decouples the two and creates a clear API for connecting to a peer
address. Goes along with the existing Disconnect() API.
This would be essential during activation of retained sessions by solely
connecting to the peer and associating with the retained session.

Surface Connection completion and Closure callbacks and hook them
through SessionManager(TransportMgr delegate) and CASESession.

Mark SecureSession as defunct on connection closures.

Modify ActiveConnectionState in TCPBase to hold state for each
connection, so that it is able to handle the various control flow paths.

Author: pidarped

src/app/OperationalSessionSetup.cpp

@@ -278,6 +278,10 @@ CHIP_ERROR OperationalSessionSetup::EstablishConnection(const ReliableMessagePro
     mCASEClient = mClientPool->Allocate();
     ReturnErrorCodeIf(mCASEClient == nullptr, CHIP_ERROR_NO_MEMORY);
 
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    mDeviceAddress.SetTransportType(chip::Transport::Type::kTcp);
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
     CHIP_ERROR err = mCASEClient->EstablishSession(mInitParams, mPeerId, mDeviceAddress, config, this);
     if (err != CHIP_NO_ERROR)
     {

src/lib/core/CHIPConfig.h

@@ -1634,6 +1634,16 @@ extern const char CHIP_NON_PRODUCTION_MARKER[];
 #define CHIP_CONFIG_ICD_OBSERVERS_POOL_SIZE 2
 #endif
 
+/**
+ * @def CHIP_CONFIG_TCP_SUPPORT_ENABLED
+ *  @brief
+ *    Enable (1) or disable (0) support for TCP as a transport protocol for
+ *    operational communications.
+ */
+#ifndef CHIP_CONFIG_TCP_SUPPORT_ENABLED
+#define CHIP_CONFIG_TCP_SUPPORT_ENABLED (INET_CONFIG_ENABLE_TCP_ENDPOINT)
+#endif
+
 /**
  * @}
  */

src/protocols/secure_channel/CASESession.cpp

@@ -444,14 +444,21 @@ CHIP_ERROR CASESession::Init(SessionManager & sessionManager, Credentials::Certi
 
     ReturnErrorOnFailure(mCommissioningHash.Begin());
 
-    mDelegate = delegate;
+    mDelegate       = delegate;
+    mSessionManager = &sessionManager;
+
     ReturnErrorOnFailure(AllocateSecureSession(sessionManager, sessionEvictionHint));
 
     mValidContext.Reset();
     mValidContext.mRequiredKeyUsages.Set(KeyUsageFlags::kDigitalSignature);
     mValidContext.mRequiredKeyPurposes.Set(KeyPurposeFlags::kServerAuth);
     mValidContext.mValidityPolicy = policy;
 
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    // Set callbacks for connection in sessionmanager
+    sessionManager.SetConnectionCallbacks(HandleConnectionComplete, HandleConnectionClosed, this);
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
     return CHIP_NO_ERROR;
 }
 
@@ -531,8 +538,23 @@ CHIP_ERROR CASESession::EstablishSession(SessionManager & sessionManager, Fabric
     ChipLogProgress(SecureChannel, "Initiating session on local FabricIndex %u from 0x" ChipLogFormatX64 " -> 0x" ChipLogFormatX64,
                     static_cast<unsigned>(mFabricIndex), ChipLogValueX64(mLocalNodeId), ChipLogValueX64(mPeerNodeId));
 
-    err = SendSigma1();
-    SuccessOrExit(err);
+    // TODO: Need to look into unifying this call to invoke ConnectToPeer() for
+    //  all transports, including MRP.
+    //  For UDP based transports, this call would short-circuit back into
+    //  HandleConnectionComplete() callback.
+    //  Currently, TestCASESession is organized such that it requires synchronous
+    //  calls back from EstablishSession() over UDP. So, bifurcate TCP and MRP
+    //  calls here, for now.
+    if (mExchangeCtxt->GetSessionHandle()->AsUnauthenticatedSession()->GetPeerAddress().GetTransportType() == Transport::Type::kTcp)
+    {
+        err = sessionManager.ConnectToPeer(mExchangeCtxt->GetSessionHandle()->AsUnauthenticatedSession()->GetPeerAddress());
+        SuccessOrExit(err);
+    }
+    else
+    {
+        err = SendSigma1();
+        SuccessOrExit(err);
+    }
 
 exit:
     if (err != CHIP_NO_ERROR)
@@ -638,6 +660,47 @@ CHIP_ERROR CASESession::RecoverInitiatorIpk()
     return CHIP_NO_ERROR;
 }
 
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+void CASESession::HandleConnectionComplete(void * context, Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr)
+{
+    CHIP_ERROR err = CHIP_NO_ERROR;
+
+    VerifyOrReturn(context != nullptr);
+    VerifyOrReturn(conObj != nullptr);
+    VerifyOrReturn(conObj->mPeerAddr.GetTransportType() == Transport::Type::kTcp);
+
+    ChipLogDetail(SecureChannel, "TCP Connection established before session establishment");
+
+    CASESession * caseSession = reinterpret_cast<CASESession *>(context);
+
+    // Associate the connection with the session
+    caseSession->mExchangeCtxt->GetSessionHandle()->AsUnauthenticatedSession()->SetTCPConnection(conObj);
+
+    // Send Sigma1 after connection is established for sessions over TCP
+    err = caseSession->SendSigma1();
+    if (err != CHIP_NO_ERROR)
+    {
+        caseSession->Clear();
+    }
+}
+
+void CASESession::HandleConnectionClosed(void * context, Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr)
+{
+    // CHIP_ERROR err = CHIP_NO_ERROR;
+
+    VerifyOrReturn(context != nullptr);
+    CASESession * caseSession = reinterpret_cast<CASESession *>(context);
+    if (conErr == CHIP_NO_ERROR)
+    {
+        caseSession->Clear();
+    }
+    else
+    {
+        // Connection establishment failed
+    }
+}
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
 CHIP_ERROR CASESession::SendSigma1()
 {
     MATTER_TRACE_SCOPE("SendSigma1", "CASESession");

src/protocols/secure_channel/CASESession.h

@@ -283,6 +283,11 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler,
 
     void InvalidateIfPendingEstablishmentOnFabric(FabricIndex fabricIndex);
 
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    static void HandleConnectionComplete(void * context, Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr);
+    static void HandleConnectionClosed(void * context, Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr);
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
 #if CONFIG_BUILD_FOR_HOST_UNIT_TEST
     void SetStopSigmaHandshakeAt(Optional<State> state) { mStopHandshakeAtState = state; }
 #endif // CONFIG_BUILD_FOR_HOST_UNIT_TEST
@@ -298,6 +303,7 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler,
     uint8_t mIPK[kIPKSize];
 
     SessionResumptionStorage * mSessionResumptionStorage = nullptr;
+    SessionManager * mSessionManager                     = nullptr;
 
     FabricTable * mFabricsTable = nullptr;
     FabricIndex mFabricIndex    = kUndefinedFabricIndex;

src/transport/Session.h

@@ -28,6 +28,9 @@
 #include <platform/LockTracker.h>
 #include <protocols/secure_channel/SessionParameters.h>
 #include <transport/SessionDelegate.h>
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+#include <transport/raw/TCP.h>
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
 
 namespace chip {
 namespace Transport {
@@ -224,6 +227,11 @@ class Session
 
     bool IsUnauthenticatedSession() const { return GetSessionType() == SessionType::kUnauthenticated; }
 
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    TCPBase::ActiveConnectionState * GetTCPConnection() const { return mTCPConnection; }
+    void SetTCPConnection(TCPBase::ActiveConnectionState * conn) { mTCPConnection = conn; }
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
     void DispatchSessionEvent(SessionDelegate::Event event)
     {
         // Holders might remove themselves when notified.
@@ -263,6 +271,9 @@ class Session
 
 private:
     FabricIndex mFabricIndex = kUndefinedFabricIndex;
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    TCPBase::ActiveConnectionState * mTCPConnection = nullptr;
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
 };
 
 //

src/transport/SessionManager.cpp

@@ -108,6 +108,13 @@ CHIP_ERROR SessionManager::Init(System::Layer * systemLayer, TransportMgrBase *
 
     mTransportMgr->SetSessionManager(this);
 
+    mTransportMgr->SetSystemLayer(systemLayer);
+
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    mConnCompleteCb = nullptr;
+    mConnClosedCb   = nullptr;
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
     return CHIP_NO_ERROR;
 }
 
@@ -582,6 +589,79 @@ void SessionManager::OnMessageReceived(const PeerAddress & peerAddress, System::
     }
 }
 
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+void SessionManager::SetConnectionCallbacks(OnConnectionCompleteCallback connCompleteCb, OnConnectionClosedCallback connClosedCb,
+                                            void * connContext)
+{
+    mConnCompleteCb = connCompleteCb;
+    mConnClosedCb   = connClosedCb;
+    mConnContext    = connContext;
+}
+
+void SessionManager::HandleConnectionComplete(Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr)
+{
+    if (mConnCompleteCb != nullptr)
+    {
+        ChipLogProgress(Inet, "Calling Connection Complete callback");
+        mConnCompleteCb(mConnContext, conObj, conErr);
+    }
+    else
+    {
+        ChipLogProgress(Inet, "Connection Complete callback missing");
+    }
+}
+
+void SessionManager::HandleConnectionClosed(Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr)
+{
+    if (mConnClosedCb != nullptr)
+    {
+        mConnClosedCb(mConnContext, conObj, conErr);
+    }
+    else
+    {
+        ChipLogProgress(Inet, "Connection Closed callback missing");
+    }
+
+    // Mark the corresponding secure session as defunct
+    mSecureSessions.ForEachSession([&](auto session) {
+        if (session->IsActiveSession() && session->GetTCPConnection() == conObj)
+        {
+            session->MarkAsDefunct();
+            return Loop::Break;
+        }
+
+        return Loop::Continue;
+    });
+
+    // TODO: A mechanism to mark an unauthenticated session as unusable when
+    // the underlying connection is broken.
+}
+
+CHIP_ERROR SessionManager::ConnectToPeer(const PeerAddress & peerAddress)
+{
+    if (mTransportMgr != nullptr)
+    {
+        ChipLogProgress(Inet, "Connecting to peer ");
+        return mTransportMgr->ConnectToPeer(peerAddress);
+    }
+
+    ChipLogError(Inet, "The transport manager is not initialized. Unable to connect to peer");
+
+    return CHIP_ERROR_INCORRECT_STATE;
+}
+
+CHIP_ERROR SessionManager::Disconnect(const PeerAddress & peerAddress)
+{
+    if (mTransportMgr != nullptr)
+    {
+        ChipLogProgress(Inet, "Disconnecting from peer ");
+        mTransportMgr->Disconnect(peerAddress);
+    }
+
+    return CHIP_NO_ERROR;
+}
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
 void SessionManager::UnauthenticatedMessageDispatch(const PacketHeader & partialPacketHeader,
                                                     const Transport::PeerAddress & peerAddress, System::PacketBufferHandle && msg)
 {

src/transport/SessionManager.h

@@ -416,6 +416,27 @@ class DLL_EXPORT SessionManager : public TransportMgrDelegate, public FabricTabl
      */
     void OnMessageReceived(const Transport::PeerAddress & source, System::PacketBufferHandle && msgBuf) override;
 
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    CHIP_ERROR ConnectToPeer(const Transport::PeerAddress & peerAddress);
+
+    CHIP_ERROR Disconnect(const Transport::PeerAddress & peerAddress);
+
+    void HandleConnectionComplete(Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr) override;
+
+    void HandleConnectionClosed(Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr) override;
+
+    // Functors for callbacks into higher layers
+    using OnConnectionCompleteCallback = void (*)(void * appContext, Transport::TCPBase::ActiveConnectionState * conObj,
+                                                  CHIP_ERROR conErr);
+
+    using OnConnectionClosedCallback = void (*)(void * appContext, Transport::TCPBase::ActiveConnectionState * conObj,
+                                                CHIP_ERROR conErr);
+
+    // Set the higher layer callbacks
+    void SetConnectionCallbacks(OnConnectionCompleteCallback connCompleteCb, OnConnectionClosedCallback connClosedCb,
+                                void * connContext);
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
     Optional<SessionHandle> CreateUnauthenticatedSession(const Transport::PeerAddress & peerAddress,
                                                          const ReliableMessageProtocolConfig & config)
     {
@@ -477,6 +498,12 @@ class DLL_EXPORT SessionManager : public TransportMgrDelegate, public FabricTabl
     State mState; // < Initialization state of the object
     chip::Transport::GroupOutgoingCounters mGroupClientCounter;
 
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    OnConnectionCompleteCallback mConnCompleteCb = nullptr;
+    OnConnectionClosedCallback mConnClosedCb     = nullptr;
+    void * mConnContext                          = nullptr;
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
+
     SessionMessageDelegate * mCB = nullptr;
 
     TransportMgrBase * mTransportMgr                                   = nullptr;

src/transport/TransportMgr.h

@@ -34,6 +34,9 @@
 #include <transport/raw/MessageHeader.h>
 #include <transport/raw/PeerAddress.h>
 #include <transport/raw/Tuple.h>
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+#include <transport/raw/TCP.h>
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
 
 namespace chip {
 
@@ -51,6 +54,19 @@ class TransportMgrDelegate
      * @param msgBuf    the buffer containing a full CHIP message (except for the optional length field).
      */
     virtual void OnMessageReceived(const Transport::PeerAddress & source, System::PacketBufferHandle && msgBuf) = 0;
+
+#if CHIP_CONFIG_TCP_SUPPORT_ENABLED
+    /**
+     * @brief
+     *   Handle connection completion.
+     *
+     * @param conObj    the connection object
+     * @param conErr    the connection error on the attempt.
+     */
+    virtual void HandleConnectionComplete(Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr){};
+
+    virtual void HandleConnectionClosed(Transport::TCPBase::ActiveConnectionState * conObj, CHIP_ERROR conErr){};
+#endif // CHIP_CONFIG_TCP_SUPPORT_ENABLED
 };
 
 template <typename... TransportTypes>