1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Datagram Transport Layer Security (DTLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_dtls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_dtls_packet_allocate PORTABLE C */
31 /* 6.1 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function allocates a packet for DTLS. */
39 /* */
40 /* INPUT */
41 /* */
42 /* dtls_session DTLS control block */
43 /* pool_ptr Pool to allocate packet from */
44 /* packet_ptr Pointer to place allocated */
45 /* packet pointer */
46 /* wait_option Suspension option */
47 /* */
48 /* OUTPUT */
49 /* */
50 /* status Completion status */
51 /* */
52 /* CALLS */
53 /* */
54 /* _nx_secure_tls_session_iv_size_get Get IV size for this session. */
55 /* nx_packet_allocate NetX Packet allocation call. */
56 /* */
57 /* CALLED BY */
58 /* */
59 /* Application */
60 /* _nx_secure_dtls_allocate_handshake_packet */
61 /* Allocate DTLS handshake packet*/
62 /* _nx_secure_dtls_client_handshake DTLS client state machine */
63 /* _nx_secure_dtls_server_handshake DTLS server state machine */
64 /* _nx_secure_dtls_session_end Actual DTLS session end call. */
65 /* _nx_secure_dtls_session_receive Receive DTLS data */
66 /* */
67 /* RELEASE HISTORY */
68 /* */
69 /* DATE NAME DESCRIPTION */
70 /* */
71 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
72 /* 09-30-2020 Timothy Stapko Modified comment(s), */
73 /* resulting in version 6.1 */
74 /* */
75 /**************************************************************************/
_nx_secure_dtls_packet_allocate(NX_SECURE_DTLS_SESSION * dtls_session,NX_PACKET_POOL * pool_ptr,NX_PACKET ** packet_ptr,ULONG wait_option)76 UINT _nx_secure_dtls_packet_allocate(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET_POOL *pool_ptr,
77 NX_PACKET **packet_ptr, ULONG wait_option)
78 {
79 #ifdef NX_SECURE_ENABLE_DTLS
80 UINT status;
81 ULONG packet_type;
82 USHORT iv_size;
83 NX_SECURE_TLS_SESSION *tls_session;
84
85
86 if (dtls_session -> nx_secure_dtls_remote_ip_address.nxd_ip_version == NX_IP_VERSION_V4)
87 {
88 packet_type = NX_IPv4_UDP_PACKET;
89 }
90 else
91 {
92 packet_type = NX_IPv6_UDP_PACKET;
93 }
94
95
96 status = nx_packet_allocate(pool_ptr, packet_ptr, packet_type, wait_option);
97
98 if (status != NX_SUCCESS)
99 {
100 return(NX_SECURE_TLS_ALLOCATE_PACKET_FAILED);
101 }
102
103 if (((ULONG)((*packet_ptr) -> nx_packet_data_end) - (ULONG)((*packet_ptr) -> nx_packet_prepend_ptr)) <
104 (NX_SECURE_DTLS_RECORD_HEADER_SIZE + 2u)) /* At least 2 bytes for Alert message. */
105 {
106
107 /* Packet buffer is too small. */
108 nx_packet_release(*packet_ptr);
109 return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL);
110 }
111
112 /* Advance the packet prepend pointer past the record header. */
113 (*packet_ptr) -> nx_packet_prepend_ptr += NX_SECURE_DTLS_RECORD_HEADER_SIZE;
114
115 /* Get a pointer to TLS state. */
116 tls_session = &dtls_session -> nx_secure_dtls_tls_session;
117
118 /* If TLS session is active, allocate space for the IV that precedes the data in
119 certain ciphersuites. */
120 if (tls_session -> nx_secure_tls_local_session_active)
121 {
122 /* Get the size of the IV used by the session cipher. */
123 status = _nx_secure_tls_session_iv_size_get(tls_session, &iv_size);
124
125 if (status != NX_SUCCESS)
126 {
127 return(status);
128 }
129
130 if ((iv_size + 2u) > ((ULONG)((*packet_ptr) -> nx_packet_data_end) - (ULONG)((*packet_ptr) -> nx_packet_prepend_ptr)))
131 {
132
133 /* Packet buffer is too small to hold IV. */
134 nx_packet_release(*packet_ptr);
135 *packet_ptr = NX_NULL;
136 return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL);
137 }
138
139 /* Don't do anything if no IV is required. */
140 if (iv_size > 0)
141 {
142 /* Pre-allocate space for the session cipher IV and clear it out. */
143 NX_SECURE_MEMSET((*packet_ptr) -> nx_packet_prepend_ptr, 0, iv_size);
144 (*packet_ptr) -> nx_packet_prepend_ptr += iv_size;
145 }
146 }
147
148 /* Make sure our append and prepend pointers are pointing to the same thing - when
149 the packet is allocated it is "empty" from a user perspective. */
150 (*packet_ptr) -> nx_packet_append_ptr = (*packet_ptr) -> nx_packet_prepend_ptr;
151 (*packet_ptr) -> nx_packet_length = 0;
152
153 return(NX_SECURE_TLS_SUCCESS);
154 #else
155 NX_PARAMETER_NOT_USED(dtls_session);
156 NX_PARAMETER_NOT_USED(pool_ptr);
157 NX_PARAMETER_NOT_USED(packet_ptr);
158 NX_PARAMETER_NOT_USED(wait_option);
159
160 return(NX_NOT_SUPPORTED);
161 #endif /* NX_SECURE_ENABLE_DTLS */
162 }
163
164
