1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Transport Layer Security (TLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 #include "nx_secure_tls.h"
26
27 #if (NX_SECURE_TLS_TLS_1_3_ENABLED)
28 extern NX_SECURE_TLS_ECC _nx_secure_tls_ecc_info;
29 #endif
30
31 /**************************************************************************/
32 /* */
33 /* FUNCTION RELEASE */
34 /* */
35 /* _nx_secure_tls_1_3_crypto_init PORTABLE C */
36 /* 6.2.0 */
37 /* AUTHOR */
38 /* */
39 /* Timothy Stapko, Microsoft Corporation */
40 /* */
41 /* DESCRIPTION */
42 /* */
43 /* TLS 1.3 introduces the concept of a partially-encrypted handshake, */
44 /* utilizing cryptographic primitives sent in the initial ClientHello */
45 /* message. In order to properly handle these primitives, certain */
46 /* initialization must be done prior to sending the ClientHello */
47 /* message. For example, if ECDHE is an option supported by the client,*/
48 /* the ECC public key must be generated before the ClientHello is */
49 /* generated and sent. All pre-handshake initialization of that nature */
50 /* for TLS 1.3 should be done here. */
51 /* */
52 /* INPUT */
53 /* */
54 /* tls_session TLS control block */
55 /* */
56 /* OUTPUT */
57 /* */
58 /* status Completion status */
59 /* */
60 /* CALLS */
61 /* */
62 /* */
63 /* CALLED BY */
64 /* */
65 /* */
66 /* */
67 /* RELEASE HISTORY */
68 /* */
69 /* DATE NAME DESCRIPTION */
70 /* */
71 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
72 /* 09-30-2020 Timothy Stapko Modified comment(s), */
73 /* resulting in version 6.1 */
74 /* 10-31-2022 Yanwu Cai Modified comment(s), */
75 /* updated parameters list, */
76 /* resulting in version 6.2.0 */
77 /* */
78 /**************************************************************************/
79 #if (NX_SECURE_TLS_TLS_1_3_ENABLED)
80
_nx_secure_tls_1_3_crypto_init(NX_SECURE_TLS_SESSION * tls_session)81 UINT _nx_secure_tls_1_3_crypto_init(NX_SECURE_TLS_SESSION *tls_session)
82 {
83 UINT status = NX_NOT_SUCCESSFUL;
84 NX_SECURE_TLS_ECDHE_HANDSHAKE_DATA *ecdhe_data;
85 UINT length;
86 UINT i;
87 NX_SECURE_TLS_ECC *ecc_info;
88
89
90 if (tls_session == NX_NULL)
91 {
92 return(NX_PTR_ERROR);
93 }
94
95 /* Get ECC information from our TLS session. It should have been initialized
96 by the application already. */
97 ecc_info = &(tls_session -> nx_secure_tls_ecc);
98
99 /* Loop through all supported ECC curves in this session. */
100 for (i = 0; i < ecc_info -> nx_secure_tls_ecc_supported_groups_count; i++)
101 {
102 /* Get the method for this curve. */
103 //curve_method = ((NX_CRYPTO_METHOD **)ecc_info -> nx_secure_tls_ecc_curves)[i];
104
105 /* Get the ECDHE structure for our key output. */
106 ecdhe_data = &tls_session -> nx_secure_tls_key_material.nx_secure_tls_ecc_key_data[i];
107
108 /* Save off the curve ID so we can select the server's chosen key/curve later. */
109 ecdhe_data -> nx_secure_tls_ecdhe_named_curve = ecc_info -> nx_secure_tls_ecc_supported_groups[i];
110
111 /* Output the public key to our handshake data structure - we need the length of that buffer. */
112 length = sizeof(ecdhe_data -> nx_secure_tls_ecdhe_public_key);
113
114 /* Generate ECC keys and store in our TLS session. */
115 status = _nx_secure_tls_ecc_generate_keys(tls_session -> nx_secure_tls_session_ciphersuite, tls_session -> nx_secure_tls_protocol_version,
116 tls_session -> nx_secure_tls_1_3, tls_session -> nx_secure_tls_crypto_table,
117 &tls_session -> nx_secure_tls_handshake_hash, ecc_info, &tls_session -> nx_secure_tls_key_material,
118 &tls_session -> nx_secure_tls_credentials, ecdhe_data -> nx_secure_tls_ecdhe_named_curve, NX_FALSE,
119 ecdhe_data -> nx_secure_tls_ecdhe_public_key, &length, ecdhe_data,
120 tls_session -> nx_secure_public_cipher_metadata_area,
121 tls_session -> nx_secure_public_cipher_metadata_size,
122 tls_session -> nx_secure_public_auth_metadata_area,
123 tls_session -> nx_secure_public_auth_metadata_size);
124
125 /* Set the actual length of the generated key. */
126 ecdhe_data -> nx_secure_tls_ecdhe_public_key_length = (USHORT)length;
127
128 if (status != NX_SUCCESS)
129 {
130 return(status);
131 }
132
133 }
134
135
136 return(status);
137 }
138
139 #endif
140
