1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Transport Layer Security (TLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 #include "nx_secure_tls.h"
26 #include "nx_secure_x509.h"
27
28 /**************************************************************************/
29 /* */
30 /* FUNCTION RELEASE */
31 /* */
32 /* _nx_secure_tls_remote_certificate_allocate PORTABLE C */
33 /* 6.2.1 */
34 /* AUTHOR */
35 /* */
36 /* Timothy Stapko, Microsoft Corporation */
37 /* */
38 /* DESCRIPTION */
39 /* */
40 /* This service adds an uninitialized NX_SECURE_TLS_CERTIFICATE */
41 /* structure instance to a TLS session for the purpose of allocating */
42 /* space for certificates provided by a remote host during a TLS */
43 /* session. The remote certificate data is parsed by NetX Secure TLS */
44 /* and that information is used to populate the certificate structure */
45 /* instance provided to this function. Certificates added in this */
46 /* manner are placed in a linked list. */
47 /* */
48 /* The "raw_certificate_buffer" parameter is a pointer to a caller- */
49 /* supplied space which can be used to store the incoming certificate */
50 /* data for parsing. The size of the buffer should be large enough to */
51 /* accommodate the largest certificate your application expects to */
52 /* receive. Typical certificate lengths are 1-2KBytes when using */
53 /* 2048-bit RSA. Larger key sizes will result in larger certificates. */
54 /* */
55 /* INPUT */
56 /* */
57 /* tls_session Pointer to TLS Session */
58 /* certificate Pointer to certificate */
59 /* raw_certificate_buffer Buffer for storing cert */
60 /* buffer_size Size of cert buffer */
61 /* */
62 /* OUTPUT */
63 /* */
64 /* status Completion status */
65 /* */
66 /* CALLS */
67 /* */
68 /* tx_mutex_get Get protection mutex */
69 /* tx_mutex_put Put protection mutex */
70 /* _nx_secure_x509_store_certificate_add Add certificate to free store */
71 /* */
72 /* CALLED BY */
73 /* */
74 /* Application Code */
75 /* */
76 /* RELEASE HISTORY */
77 /* */
78 /* DATE NAME DESCRIPTION */
79 /* */
80 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
81 /* 09-30-2020 Timothy Stapko Modified comment(s), */
82 /* resulting in version 6.1 */
83 /* 04-02-2021 Timothy Stapko Modified comment(s), */
84 /* updated X.509 return value, */
85 /* resulting in version 6.1.6 */
86 /* 03-08-2023 Yanwu Cai Modified comment(s), */
87 /* fixed compiler errors when */
88 /* x509 is disabled, */
89 /* resulting in version 6.2.1 */
90 /* */
91 /**************************************************************************/
_nx_secure_tls_remote_certificate_allocate(NX_SECURE_TLS_SESSION * tls_session,NX_SECURE_X509_CERT * certificate,UCHAR * raw_certificate_buffer,UINT buffer_size)92 UINT _nx_secure_tls_remote_certificate_allocate(NX_SECURE_TLS_SESSION *tls_session,
93 NX_SECURE_X509_CERT *certificate,
94 UCHAR *raw_certificate_buffer, UINT buffer_size)
95 {
96 #ifndef NX_SECURE_DISABLE_X509
97 UINT status;
98
99 /* Get the protection. */
100 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
101
102
103 certificate -> nx_secure_x509_certificate_raw_data = raw_certificate_buffer;
104 certificate -> nx_secure_x509_certificate_raw_buffer_size = buffer_size;
105
106 /* This certificate was allocated by the user application and not by TLS. */
107 certificate->nx_secure_x509_user_allocated_cert = NX_TRUE;
108
109 /* Add the certificate to the TLS session credentials X509 store. */
110 status = _nx_secure_x509_store_certificate_add(certificate, &tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store,
111 NX_SECURE_X509_CERT_LOCATION_FREE);
112
113 /* Release the protection. */
114 tx_mutex_put(&_nx_secure_tls_protection);
115
116 /* Translate some X.509 return values into TLS return values. */
117 if (status == NX_SECURE_X509_CERT_ID_DUPLICATE)
118 {
119 return(NX_SECURE_TLS_CERT_ID_DUPLICATE);
120 }
121
122 return(status);
123 #else
124 NX_PARAMETER_NOT_USED(tls_session);
125 NX_PARAMETER_NOT_USED(certificate);
126 NX_PARAMETER_NOT_USED(raw_certificate_buffer);
127 NX_PARAMETER_NOT_USED(buffer_size);
128
129 return(NX_NOT_SUPPORTED);
130 #endif
131 }
132
133
