1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Datagram Transport Layer Security (DTLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_dtls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_dtls_session_send PORTABLE C */
31 /* 6.1.12 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function sends data using an active DTLS session, handling */
39 /* all encryption and hashing before sending data over the UDP socket. */
40 /* */
41 /* INPUT */
42 /* */
43 /* dtls_session DTLS control block */
44 /* packet_ptr Pointer to packet data */
45 /* ip_address Remote IP address */
46 /* port Remote port */
47 /* */
48 /* OUTPUT */
49 /* */
50 /* status Completion status */
51 /* */
52 /* CALLS */
53 /* */
54 /* _nx_secure_dtls_send_record Send DTLS encrypted record */
55 /* tx_mutex_get Get protection mutex */
56 /* tx_mutex_put Put protection mutex */
57 /* */
58 /* CALLED BY */
59 /* */
60 /* Application Code */
61 /* nx_secure_dtls_server_session_send Server session send packet */
62 /* */
63 /* RELEASE HISTORY */
64 /* */
65 /* DATE NAME DESCRIPTION */
66 /* */
67 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
68 /* 09-30-2020 Timothy Stapko Modified comment(s), */
69 /* verified memcpy use cases, */
70 /* resulting in version 6.1 */
71 /* 07-29-2022 Yuxin Zhou Modified comment(s), */
72 /* fixed compiler errors when */
73 /* IPv4 is disabled, */
74 /* resulting in version 6.1.12 */
75 /* */
76 /**************************************************************************/
_nx_secure_dtls_session_send(NX_SECURE_DTLS_SESSION * dtls_session,NX_PACKET * packet_ptr,NXD_ADDRESS * ip_address,UINT port)77 UINT _nx_secure_dtls_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr,
78 NXD_ADDRESS *ip_address, UINT port)
79 {
80 #ifdef NX_SECURE_ENABLE_DTLS
81 UINT status;
82
83 /* Get the protection. */
84 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
85
86 /* Check that the passed-in DTLS session matches the ip_address and port passed in by the caller. */
87 if (dtls_session -> nx_secure_dtls_remote_ip_address.nxd_ip_version == 0)
88 {
89
90 /* If the IP Address and port are uninitialized, set them now (possibly an error?). */
91 NX_SECURE_MEMCPY(&dtls_session -> nx_secure_dtls_remote_ip_address, ip_address, sizeof(NXD_ADDRESS)); /* Use case of memcpy is verified. */
92 dtls_session -> nx_secure_dtls_local_port = port;
93 }
94 else if ((dtls_session -> nx_secure_dtls_remote_ip_address.nxd_ip_version != ip_address -> nxd_ip_version) ||
95 (dtls_session -> nx_secure_dtls_remote_port != port))
96 {
97
98 /* Release the protection. */
99 tx_mutex_put(&_nx_secure_tls_protection);
100
101 /* IP address and port don't match - probably caller error. */
102 return(NX_SECURE_TLS_SEND_ADDRESS_MISMATCH);
103 }
104 else
105 {
106 #ifndef NX_DISABLE_IPV4
107 if (ip_address -> nxd_ip_version == NX_IP_VERSION_V4)
108 {
109 if (dtls_session -> nx_secure_dtls_remote_ip_address.nxd_ip_address.v4 != ip_address -> nxd_ip_address.v4)
110 {
111
112 /* Release the protection. */
113 tx_mutex_put(&_nx_secure_tls_protection);
114
115 /* IP address and port don't match - probably caller error. */
116 return(NX_SECURE_TLS_SEND_ADDRESS_MISMATCH);
117 }
118 }
119 #endif /* !NX_DISABLE_IPV4 */
120
121 #ifdef FEATURE_NX_IPV6
122 if (ip_address -> nxd_ip_version == NX_IP_VERSION_V6)
123 {
124 if ((dtls_session -> nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[0] != ip_address -> nxd_ip_address.v6[0]) ||
125 (dtls_session -> nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[1] != ip_address -> nxd_ip_address.v6[1]) ||
126 (dtls_session -> nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[2] != ip_address -> nxd_ip_address.v6[2]) ||
127 (dtls_session -> nx_secure_dtls_remote_ip_address.nxd_ip_address.v6[3] != ip_address -> nxd_ip_address.v6[3]))
128 {
129
130 /* Release the protection. */
131 tx_mutex_put(&_nx_secure_tls_protection);
132
133 /* IP address and port don't match - probably caller error. */
134 return(NX_SECURE_TLS_SEND_ADDRESS_MISMATCH);
135 }
136 }
137 #endif /* FEATURE_NX_IPV6 */
138 }
139
140 status = _nx_secure_dtls_send_record(dtls_session, packet_ptr, NX_SECURE_TLS_APPLICATION_DATA, NX_WAIT_FOREVER);
141
142 /* Release the protection. */
143 tx_mutex_put(&_nx_secure_tls_protection);
144
145 return(status);
146 #else
147 NX_PARAMETER_NOT_USED(dtls_session);
148 NX_PARAMETER_NOT_USED(packet_ptr);
149 NX_PARAMETER_NOT_USED(ip_address);
150 NX_PARAMETER_NOT_USED(port);
151
152 return(NX_NOT_SUPPORTED);
153 #endif /* NX_SECURE_ENABLE_DTLS */
154 }
155
156
