1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_tls.h"
25
26 #if (NX_SECURE_TLS_TLS_1_3_ENABLED)
27 extern NX_SECURE_TLS_ECC _nx_secure_tls_ecc_info;
28 #endif
29
30 /**************************************************************************/
31 /* */
32 /* FUNCTION RELEASE */
33 /* */
34 /* _nx_secure_tls_1_3_crypto_init PORTABLE C */
35 /* 6.2.0 */
36 /* AUTHOR */
37 /* */
38 /* Timothy Stapko, Microsoft Corporation */
39 /* */
40 /* DESCRIPTION */
41 /* */
42 /* TLS 1.3 introduces the concept of a partially-encrypted handshake, */
43 /* utilizing cryptographic primitives sent in the initial ClientHello */
44 /* message. In order to properly handle these primitives, certain */
45 /* initialization must be done prior to sending the ClientHello */
46 /* message. For example, if ECDHE is an option supported by the client,*/
47 /* the ECC public key must be generated before the ClientHello is */
48 /* generated and sent. All pre-handshake initialization of that nature */
49 /* for TLS 1.3 should be done here. */
50 /* */
51 /* INPUT */
52 /* */
53 /* tls_session TLS control block */
54 /* */
55 /* OUTPUT */
56 /* */
57 /* status Completion status */
58 /* */
59 /* CALLS */
60 /* */
61 /* */
62 /* CALLED BY */
63 /* */
64 /* */
65 /* */
66 /* RELEASE HISTORY */
67 /* */
68 /* DATE NAME DESCRIPTION */
69 /* */
70 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
71 /* 09-30-2020 Timothy Stapko Modified comment(s), */
72 /* resulting in version 6.1 */
73 /* 10-31-2022 Yanwu Cai Modified comment(s), */
74 /* updated parameters list, */
75 /* resulting in version 6.2.0 */
76 /* */
77 /**************************************************************************/
78 #if (NX_SECURE_TLS_TLS_1_3_ENABLED)
79
_nx_secure_tls_1_3_crypto_init(NX_SECURE_TLS_SESSION * tls_session)80 UINT _nx_secure_tls_1_3_crypto_init(NX_SECURE_TLS_SESSION *tls_session)
81 {
82 UINT status = NX_NOT_SUCCESSFUL;
83 NX_SECURE_TLS_ECDHE_HANDSHAKE_DATA *ecdhe_data;
84 UINT length;
85 UINT i;
86 NX_SECURE_TLS_ECC *ecc_info;
87
88
89 if (tls_session == NX_NULL)
90 {
91 return(NX_PTR_ERROR);
92 }
93
94 /* Get ECC information from our TLS session. It should have been initialized
95 by the application already. */
96 ecc_info = &(tls_session -> nx_secure_tls_ecc);
97
98 /* Loop through all supported ECC curves in this session. */
99 for (i = 0; i < ecc_info -> nx_secure_tls_ecc_supported_groups_count; i++)
100 {
101 /* Get the method for this curve. */
102 //curve_method = ((NX_CRYPTO_METHOD **)ecc_info -> nx_secure_tls_ecc_curves)[i];
103
104 /* Get the ECDHE structure for our key output. */
105 ecdhe_data = &tls_session -> nx_secure_tls_key_material.nx_secure_tls_ecc_key_data[i];
106
107 /* Save off the curve ID so we can select the server's chosen key/curve later. */
108 ecdhe_data -> nx_secure_tls_ecdhe_named_curve = ecc_info -> nx_secure_tls_ecc_supported_groups[i];
109
110 /* Output the public key to our handshake data structure - we need the length of that buffer. */
111 length = sizeof(ecdhe_data -> nx_secure_tls_ecdhe_public_key);
112
113 /* Generate ECC keys and store in our TLS session. */
114 status = _nx_secure_tls_ecc_generate_keys(tls_session -> nx_secure_tls_session_ciphersuite, tls_session -> nx_secure_tls_protocol_version,
115 tls_session -> nx_secure_tls_1_3, tls_session -> nx_secure_tls_crypto_table,
116 &tls_session -> nx_secure_tls_handshake_hash, ecc_info, &tls_session -> nx_secure_tls_key_material,
117 &tls_session -> nx_secure_tls_credentials, ecdhe_data -> nx_secure_tls_ecdhe_named_curve, NX_FALSE,
118 ecdhe_data -> nx_secure_tls_ecdhe_public_key, &length, ecdhe_data,
119 tls_session -> nx_secure_public_cipher_metadata_area,
120 tls_session -> nx_secure_public_cipher_metadata_size,
121 tls_session -> nx_secure_public_auth_metadata_area,
122 tls_session -> nx_secure_public_auth_metadata_size);
123
124 /* Set the actual length of the generated key. */
125 ecdhe_data -> nx_secure_tls_ecdhe_public_key_length = (USHORT)length;
126
127 if (status != NX_SUCCESS)
128 {
129 return(status);
130 }
131
132 }
133
134
135 return(status);
136 }
137
138 #endif
139
