1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Datagram Transport Layer Security (DTLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 #include "nx_secure_dtls.h"
26
27 #ifdef NX_SECURE_ENABLE_DTLS
28 /**************************************************************************/
29 /* */
30 /* FUNCTION RELEASE */
31 /* */
32 /* nx_secure_dtls_session_cache_delete PORTABLE C */
33 /* 6.1.12 */
34 /* AUTHOR */
35 /* */
36 /* Timothy Stapko, Microsoft Corporation */
37 /* */
38 /* DESCRIPTION */
39 /* */
40 /* This function deletes DTLS session with specific IP address and */
41 /* port. */
42 /* */
43 /* INPUT */
44 /* */
45 /* dtls_server DTLS server control block */
46 /* ip_address IP address to match */
47 /* remote_port Remote port to match */
48 /* local_port Local port to match */
49 /* */
50 /* OUTPUT */
51 /* */
52 /* status Completion status */
53 /* */
54 /* CALLS */
55 /* */
56 /* _nx_secure_dtls_session_reset Reset DTLS session */
57 /* */
58 /* CALLED BY */
59 /* */
60 /* Application Code */
61 /* */
62 /* RELEASE HISTORY */
63 /* */
64 /* DATE NAME DESCRIPTION */
65 /* */
66 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
67 /* 09-30-2020 Timothy Stapko Modified comment(s), */
68 /* resulting in version 6.1 */
69 /* 07-29-2022 Yuxin Zhou Modified comment(s), */
70 /* fixed compiler errors when */
71 /* IPv4 is disabled, */
72 /* resulting in version 6.1.12 */
73 /* */
74 /**************************************************************************/
nx_secure_dtls_session_cache_delete(NX_SECURE_DTLS_SERVER * dtls_server,NXD_ADDRESS * ip_address,UINT remote_port,UINT local_port)75 VOID nx_secure_dtls_session_cache_delete(NX_SECURE_DTLS_SERVER *dtls_server, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port)
76 {
77 NX_SECURE_DTLS_SESSION *session_array;
78 UINT num_sessions;
79 UINT i;
80
81 /* Get our session cache information from the DTLS server instance. */
82 num_sessions = dtls_server->nx_dtls_server_sessions_count;
83 session_array = dtls_server->nx_dtls_server_sessions;
84
85 /* Get the protection. */
86 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
87
88 /* Reset all entries with matching IP address and port. */
89 for (i = 0; i < num_sessions; ++i)
90 {
91 /* If the IP address and port match, then reset the entry. */
92 if (session_array[i].nx_secure_dtls_remote_port != remote_port ||
93 session_array[i].nx_secure_dtls_local_port != local_port)
94 {
95 continue;
96 }
97 if (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_version !=
98 ip_address -> nxd_ip_version)
99 {
100 continue;
101 }
102 #ifndef NX_DISABLE_IPV4
103 if (ip_address -> nxd_ip_version == NX_IP_VERSION_V4)
104 {
105 if (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v4 !=
106 ip_address -> nxd_ip_address.v4)
107 {
108 continue;
109 }
110 }
111 #endif /* !NX_DISABLE_IPV4 */
112
113 #ifdef FEATURE_NX_IPV6
114 if (ip_address -> nxd_ip_version == NX_IP_VERSION_V6)
115 {
116 if ((session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[0] != ip_address -> nxd_ip_address.v6[0]) ||
117 (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[1] != ip_address -> nxd_ip_address.v6[1]) ||
118 (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[2] != ip_address -> nxd_ip_address.v6[2]) ||
119 (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[3] != ip_address -> nxd_ip_address.v6[3]))
120 {
121 continue;
122 }
123 }
124 #endif /* FEATURE_NX_IPV6 */
125
126 /* Release the protection. */
127 tx_mutex_put(&_nx_secure_tls_protection);
128
129 _nx_secure_dtls_session_reset(&session_array[i]);
130
131 /* Get the protection. */
132 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
133 }
134
135 /* Release the protection. */
136 tx_mutex_put(&_nx_secure_tls_protection);
137 }
138
139 /**************************************************************************/
140 /* */
141 /* FUNCTION RELEASE */
142 /* */
143 /* nx_secure_dtls_session_cache_get_new PORTABLE C */
144 /* 6.1 */
145 /* AUTHOR */
146 /* */
147 /* Timothy Stapko, Microsoft Corporation */
148 /* */
149 /* DESCRIPTION */
150 /* */
151 /* This function allows the DTLS implementation to associate a DTLS */
152 /* session control block with a particular IP Address and Port, */
153 /* enabling multiple DTLS sessions on a single UDP socket. */
154 /* */
155 /* INPUT */
156 /* */
157 /* dtls_server DTLS server control block */
158 /* dtls_session Returned DTLS session */
159 /* ip_address IP address */
160 /* remote_port Remote port */
161 /* local_port Local port */
162 /* */
163 /* OUTPUT */
164 /* */
165 /* status Completion status */
166 /* */
167 /* CALLS */
168 /* */
169 /* None */
170 /* */
171 /* CALLED BY */
172 /* */
173 /* _nx_secure_dtls_receive_callback DTLS receive callback function*/
174 /* */
175 /* RELEASE HISTORY */
176 /* */
177 /* DATE NAME DESCRIPTION */
178 /* */
179 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
180 /* 09-30-2020 Timothy Stapko Modified comment(s), */
181 /* verified memcpy use cases, */
182 /* resulting in version 6.1 */
183 /* */
184 /**************************************************************************/
nx_secure_dtls_session_cache_get_new(NX_SECURE_DTLS_SERVER * dtls_server,NX_SECURE_DTLS_SESSION ** dtls_session,NXD_ADDRESS * ip_address,UINT remote_port,UINT local_port)185 UINT nx_secure_dtls_session_cache_get_new(NX_SECURE_DTLS_SERVER *dtls_server, NX_SECURE_DTLS_SESSION **dtls_session, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port)
186 {
187 NX_SECURE_DTLS_SESSION *session_array;
188 UINT num_sessions;
189 UINT i;
190
191 /* Get our session cache information from the DTLS server instance. */
192 num_sessions = dtls_server->nx_dtls_server_sessions_count;
193 session_array = dtls_server->nx_dtls_server_sessions;
194
195 /* Get the protection. */
196 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
197
198 /* See if there are any free entries. */
199 for (i = 0; i < num_sessions; ++i)
200 {
201 /* See if there is a session available. */
202 if (session_array[i].nx_secure_dtls_session_in_use == NX_FALSE)
203 {
204 /* Set the IP and port to the passed-in values. */
205 NX_SECURE_MEMCPY(&session_array[i].nx_secure_dtls_remote_ip_address, ip_address, sizeof(NXD_ADDRESS)); /* Use case of memcpy is verified. */
206 session_array[i].nx_secure_dtls_local_port = local_port;
207 session_array[i].nx_secure_dtls_remote_port = remote_port;
208 session_array[i].nx_secure_dtls_session_in_use = NX_TRUE;
209
210 /* Check if ptotocol version is overrided. */
211 if (dtls_server -> nx_dtls_server_protocol_version_override)
212 {
213 _nx_secure_tls_session_protocol_version_override(&(session_array[i].nx_secure_dtls_tls_session), dtls_server -> nx_dtls_server_protocol_version_override);
214 }
215
216 /* Release the protection. */
217 tx_mutex_put(&_nx_secure_tls_protection);
218
219 /* Return the session. */
220 *dtls_session = &session_array[i];
221 return(NX_SUCCESS);
222 }
223 }
224
225 /* Release the protection. */
226 tx_mutex_put(&_nx_secure_tls_protection);
227
228 /* No session found, return NULL and an error. */
229 *dtls_session = NULL;
230 return(NX_SECURE_TLS_NO_FREE_DTLS_SESSIONS);
231 }
232
233 /**************************************************************************/
234 /* */
235 /* FUNCTION RELEASE */
236 /* */
237 /* nx_secure_dtls_session_cache_find PORTABLE C */
238 /* 6.1.12 */
239 /* AUTHOR */
240 /* */
241 /* Timothy Stapko, Microsoft Corporation */
242 /* */
243 /* DESCRIPTION */
244 /* */
245 /* This function allows the DTLS implementation to associate a DTLS */
246 /* session control block with a particular IP Address and Port, */
247 /* enabling multiple DTLS sessions on a single UDP socket. */
248 /* */
249 /* INPUT */
250 /* */
251 /* dtls_server DTLS server control block */
252 /* dtls_session Returned DTLS session */
253 /* ip_address IP address to match */
254 /* remote_port Remote port to match */
255 /* local_port Local port to match */
256 /* */
257 /* OUTPUT */
258 /* */
259 /* status Completion status */
260 /* */
261 /* CALLS */
262 /* */
263 /* None */
264 /* */
265 /* CALLED BY */
266 /* */
267 /* _nx_secure_dtls_receive_callback DTLS receive callback function*/
268 /* */
269 /* RELEASE HISTORY */
270 /* */
271 /* DATE NAME DESCRIPTION */
272 /* */
273 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
274 /* 09-30-2020 Timothy Stapko Modified comment(s), */
275 /* resulting in version 6.1 */
276 /* 07-29-2022 Yuxin Zhou Modified comment(s), */
277 /* fixed compiler errors when */
278 /* IPv4 is disabled, */
279 /* resulting in version 6.1.12 */
280 /* */
281 /**************************************************************************/
nx_secure_dtls_session_cache_find(NX_SECURE_DTLS_SERVER * dtls_server,NX_SECURE_DTLS_SESSION ** dtls_session,NXD_ADDRESS * ip_address,UINT remote_port,UINT local_port)282 UINT nx_secure_dtls_session_cache_find(NX_SECURE_DTLS_SERVER *dtls_server, NX_SECURE_DTLS_SESSION **dtls_session, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port)
283 {
284 NX_SECURE_DTLS_SESSION *session_array;
285 UINT num_sessions;
286 UINT i;
287
288 /* Get our session cache information from the DTLS server instance. */
289 num_sessions = dtls_server->nx_dtls_server_sessions_count;
290 session_array = dtls_server->nx_dtls_server_sessions;
291
292 /* Get the protection. */
293 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
294
295 /* See if there are any matches. */
296 for (i = 0; i < num_sessions; ++i)
297 {
298 /* Check remote port. */
299 if (session_array[i].nx_secure_dtls_remote_port != remote_port)
300 {
301 continue;
302 }
303
304 /* Check local port. */
305 if (session_array[i].nx_secure_dtls_local_port != local_port)
306 {
307 continue;
308 }
309
310 /* Check remote IP address version. */
311 if (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_version !=
312 ip_address -> nxd_ip_version)
313 {
314 continue;
315 }
316
317 /* Check actual remote IP address value. */
318 #ifndef NX_DISABLE_IPV4
319 if (ip_address -> nxd_ip_version == NX_IP_VERSION_V4)
320 {
321 if (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v4 ==
322 ip_address -> nxd_ip_address.v4)
323 {
324
325 /* Release the protection. */
326 tx_mutex_put(&_nx_secure_tls_protection);
327
328 /* Return the session. */
329 *dtls_session = &session_array[i];
330 return(NX_SUCCESS);
331 }
332 }
333 #endif /* !NX_DISABLE_IPV4 */
334
335 #ifdef FEATURE_NX_IPV6
336 if (ip_address -> nxd_ip_version == NX_IP_VERSION_V6)
337 {
338 if ((session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[0] == ip_address -> nxd_ip_address.v6[0]) &&
339 (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[1] == ip_address -> nxd_ip_address.v6[1]) &&
340 (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[2] == ip_address -> nxd_ip_address.v6[2]) &&
341 (session_array[i].nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[3] == ip_address -> nxd_ip_address.v6[3]))
342 {
343
344 /* Release the protection. */
345 tx_mutex_put(&_nx_secure_tls_protection);
346
347 /* Return the session. */
348 *dtls_session = &session_array[i];
349 return(NX_SUCCESS);
350 }
351 }
352 #endif /* FEATURE_NX_IPV6 */
353 }
354
355 /* Release the protection. */
356 tx_mutex_put(&_nx_secure_tls_protection);
357
358 /* No session found, return NULL and an error. */
359 *dtls_session = NULL;
360 return(NX_SECURE_DTLS_SESSION_NOT_FOUND);
361 }
362 #endif /* NX_SECURE_ENABLE_DTLS */
363
364
