1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Transport Layer Security (TLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 #include "nx_secure_tls.h"
26
27 /**************************************************************************/
28 /* */
29 /* FUNCTION RELEASE */
30 /* */
31 /* _nx_secure_tls_session_reset PORTABLE C */
32 /* 6.2.1 */
33 /* AUTHOR */
34 /* */
35 /* Timothy Stapko, Microsoft Corporation */
36 /* */
37 /* DESCRIPTION */
38 /* */
39 /* This function resets a TLS session object, clearing out all data */
40 /* for initialization or re-use. */
41 /* */
42 /* INPUT */
43 /* */
44 /* tls_session TLS control block */
45 /* */
46 /* OUTPUT */
47 /* */
48 /* status Completion status */
49 /* */
50 /* CALLS */
51 /* */
52 /* _nx_secure_tls_key_material_init Clear TLS key material */
53 /* _nx_secure_tls_remote_certificate_free_all */
54 /* Free all remote certificates */
55 /* tx_mutex_get Get protection mutex */
56 /* tx_mutex_put Put protection mutex */
57 /* */
58 /* CALLED BY */
59 /* */
60 /* Application Code */
61 /* _nx_secure_dtls_session_reset Clear out the session */
62 /* _nx_secure_tls_session_create Create the TLS session */
63 /* _nx_secure_tls_session_delete Delete the TLS session */
64 /* _nx_secure_tls_session_end End of a session */
65 /* */
66 /* RELEASE HISTORY */
67 /* */
68 /* DATE NAME DESCRIPTION */
69 /* */
70 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
71 /* 09-30-2020 Timothy Stapko Modified comment(s), */
72 /* fixed renegotiation bug, */
73 /* resulting in version 6.1 */
74 /* 08-02-2021 Timothy Stapko Modified comment(s), added */
75 /* cleanup for session cipher, */
76 /* resulting in version 6.1.8 */
77 /* 10-15-2021 Timothy Stapko Modified comment(s), added */
78 /* option to disable client */
79 /* initiated renegotiation, */
80 /* resulting in version 6.1.9 */
81 /* 10-31-2022 Yanwu Cai Modified comment(s), and */
82 /* fixed renegotiation when */
83 /* receiving in non-block mode,*/
84 /* resulting in version 6.2.0 */
85 /* 03-08-2023 Yanwu Cai Modified comment(s), */
86 /* fixed compiler errors when */
87 /* x509 is disabled, */
88 /* resulting in version 6.2.1 */
89 /* */
90 /**************************************************************************/
_nx_secure_tls_session_reset(NX_SECURE_TLS_SESSION * session_ptr)91 UINT _nx_secure_tls_session_reset(NX_SECURE_TLS_SESSION *session_ptr)
92 {
93 UINT status;
94 UINT temp_status;
95
96 status = NX_SUCCESS;
97
98 /* Get the protection. */
99 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
100
101 /* Reset all state to bring the TLS socket back to an initial state, leaving
102 * it as it was when created, but leaving certain items alone:
103 * - packet pool
104 * - local and trusted certificates
105 * - callback functions
106 * - crypto table and metadata
107 *
108 * Remote certificates must be freed (placed back into free store)
109 */
110
111 if (session_ptr -> nx_secure_tls_remote_session_active)
112 {
113 if (session_ptr -> nx_secure_tls_session_ciphersuite != NX_NULL)
114 {
115 if (session_ptr -> nx_secure_tls_session_ciphersuite -> nx_secure_tls_session_cipher -> nx_crypto_cleanup)
116 {
117 temp_status = session_ptr -> nx_secure_tls_session_ciphersuite -> nx_secure_tls_session_cipher -> nx_crypto_cleanup(session_ptr -> nx_secure_session_cipher_metadata_area_client);
118 if(temp_status != NX_CRYPTO_SUCCESS)
119 {
120 status = temp_status;
121 }
122
123 temp_status = session_ptr -> nx_secure_tls_session_ciphersuite -> nx_secure_tls_session_cipher -> nx_crypto_cleanup(session_ptr -> nx_secure_session_cipher_metadata_area_server);
124 if(temp_status != NX_CRYPTO_SUCCESS)
125 {
126 status = temp_status;
127 }
128
129 }
130 }
131 }
132
133 /* Reset socket type. */
134 session_ptr -> nx_secure_tls_socket_type = NX_SECURE_TLS_SESSION_TYPE_NONE;
135
136 /* Clear out the protocol version - assigned during the TLS handshake. */
137 session_ptr -> nx_secure_tls_protocol_version = 0;
138
139
140 /* Sessions are not active when we start the socket. */
141 session_ptr -> nx_secure_tls_remote_session_active = 0;
142 session_ptr -> nx_secure_tls_local_session_active = 0;
143 session_ptr -> nx_secure_tls_session_cipher_client_initialized = 0;
144 session_ptr -> nx_secure_tls_session_cipher_server_initialized = 0;
145
146 /* Set the current ciphersuite to TLS_NULL_WITH_NULL_NULL which is the
147 * specified ciphersuite for the handshake (pre-change cipher spec). */
148 session_ptr -> nx_secure_tls_session_ciphersuite = NX_NULL;
149
150 /* Initialize key material structure. */
151 _nx_secure_tls_key_material_init(&session_ptr -> nx_secure_tls_key_material);
152
153 /* Session ID length. Initialize to 0 - will be assigned during handshake. */
154 session_ptr -> nx_secure_tls_session_id_length = 0;
155
156 /* Clear out Session ID used for session re-negotiation. */
157 NX_SECURE_MEMSET(session_ptr -> nx_secure_tls_session_id, 0, NX_SECURE_TLS_SESSION_ID_SIZE);
158
159 /* Clear out sequence numbers for the current TLS session. */
160 NX_SECURE_MEMSET(session_ptr -> nx_secure_tls_local_sequence_number, 0, sizeof(session_ptr -> nx_secure_tls_local_sequence_number));
161 NX_SECURE_MEMSET(session_ptr -> nx_secure_tls_remote_sequence_number, 0, sizeof(session_ptr -> nx_secure_tls_remote_sequence_number));
162
163 #ifndef NX_SECURE_DISABLE_X509
164
165 /* Clear out all remote certificates. */
166 status = _nx_secure_tls_remote_certificate_free_all(session_ptr);
167
168 /* Clear out the active certificate so if the session is reused it will return to the default (local cert). */
169 session_ptr -> nx_secure_tls_credentials.nx_secure_tls_active_certificate = NX_NULL;
170 #else
171 status = NX_SECURE_TLS_SUCCESS;
172 #endif
173
174 #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION
175 session_ptr -> nx_secure_tls_secure_renegotiation = NX_FALSE;
176
177 NX_SECURE_MEMSET(session_ptr -> nx_secure_tls_remote_verify_data, 0, NX_SECURE_TLS_FINISHED_HASH_SIZE);
178 NX_SECURE_MEMSET(session_ptr -> nx_secure_tls_local_verify_data, 0, NX_SECURE_TLS_FINISHED_HASH_SIZE);
179
180 /* Flag to indicate when a session renegotiation is taking place. */
181 session_ptr -> nx_secure_tls_renegotiation_handshake = NX_FALSE;
182 session_ptr -> nx_secure_tls_secure_renegotiation_verified = NX_FALSE;
183 session_ptr -> nx_secure_tls_server_renegotiation_requested = NX_FALSE;
184 session_ptr -> nx_secure_tls_local_initiated_renegotiation = NX_FALSE;
185 #endif
186
187 /* Flag to indicate when credentials have been received from the remote host. */
188 session_ptr -> nx_secure_tls_received_remote_credentials = NX_FALSE;
189
190 #ifndef NX_SECURE_TLS_SERVER_DISABLED
191 /* The state of the server handshake if this is a server socket. */
192 session_ptr -> nx_secure_tls_server_state = NX_SECURE_TLS_SERVER_STATE_IDLE;
193 #endif
194
195 #ifndef NX_SECURE_TLS_CLIENT_DISABLED
196 /* The state of the client handshake if this is a client socket. */
197 session_ptr -> nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_IDLE;
198 #endif
199
200 /* Indicate no messages to be hashed. */
201 session_ptr -> nx_secure_tls_key_material.nx_secure_tls_handshake_cache_length = 0;
202
203 #if (NX_SECURE_TLS_TLS_1_3_ENABLED)
204 /* Reset TLS 1.3 state. */
205 session_ptr -> nx_secure_tls_1_3 = session_ptr -> nx_secure_tls_1_3_supported;
206 #endif
207
208 /* Release the protection. */
209 tx_mutex_put(&_nx_secure_tls_protection);
210
211 return(status);
212 }
213
214
