1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_tls.h"
25 #include "nx_secure_x509.h"
26
27 /**************************************************************************/
28 /* */
29 /* FUNCTION RELEASE */
30 /* */
31 /* _nx_secure_tls_remote_certificate_allocate PORTABLE C */
32 /* 6.2.1 */
33 /* AUTHOR */
34 /* */
35 /* Timothy Stapko, Microsoft Corporation */
36 /* */
37 /* DESCRIPTION */
38 /* */
39 /* This service adds an uninitialized NX_SECURE_TLS_CERTIFICATE */
40 /* structure instance to a TLS session for the purpose of allocating */
41 /* space for certificates provided by a remote host during a TLS */
42 /* session. The remote certificate data is parsed by NetX Secure TLS */
43 /* and that information is used to populate the certificate structure */
44 /* instance provided to this function. Certificates added in this */
45 /* manner are placed in a linked list. */
46 /* */
47 /* The "raw_certificate_buffer" parameter is a pointer to a caller- */
48 /* supplied space which can be used to store the incoming certificate */
49 /* data for parsing. The size of the buffer should be large enough to */
50 /* accommodate the largest certificate your application expects to */
51 /* receive. Typical certificate lengths are 1-2KBytes when using */
52 /* 2048-bit RSA. Larger key sizes will result in larger certificates. */
53 /* */
54 /* INPUT */
55 /* */
56 /* tls_session Pointer to TLS Session */
57 /* certificate Pointer to certificate */
58 /* raw_certificate_buffer Buffer for storing cert */
59 /* buffer_size Size of cert buffer */
60 /* */
61 /* OUTPUT */
62 /* */
63 /* status Completion status */
64 /* */
65 /* CALLS */
66 /* */
67 /* tx_mutex_get Get protection mutex */
68 /* tx_mutex_put Put protection mutex */
69 /* _nx_secure_x509_store_certificate_add Add certificate to free store */
70 /* */
71 /* CALLED BY */
72 /* */
73 /* Application Code */
74 /* */
75 /* RELEASE HISTORY */
76 /* */
77 /* DATE NAME DESCRIPTION */
78 /* */
79 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
80 /* 09-30-2020 Timothy Stapko Modified comment(s), */
81 /* resulting in version 6.1 */
82 /* 04-02-2021 Timothy Stapko Modified comment(s), */
83 /* updated X.509 return value, */
84 /* resulting in version 6.1.6 */
85 /* 03-08-2023 Yanwu Cai Modified comment(s), */
86 /* fixed compiler errors when */
87 /* x509 is disabled, */
88 /* resulting in version 6.2.1 */
89 /* */
90 /**************************************************************************/
_nx_secure_tls_remote_certificate_allocate(NX_SECURE_TLS_SESSION * tls_session,NX_SECURE_X509_CERT * certificate,UCHAR * raw_certificate_buffer,UINT buffer_size)91 UINT _nx_secure_tls_remote_certificate_allocate(NX_SECURE_TLS_SESSION *tls_session,
92 NX_SECURE_X509_CERT *certificate,
93 UCHAR *raw_certificate_buffer, UINT buffer_size)
94 {
95 #ifndef NX_SECURE_DISABLE_X509
96 UINT status;
97
98 /* Get the protection. */
99 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
100
101
102 certificate -> nx_secure_x509_certificate_raw_data = raw_certificate_buffer;
103 certificate -> nx_secure_x509_certificate_raw_buffer_size = buffer_size;
104
105 /* This certificate was allocated by the user application and not by TLS. */
106 certificate->nx_secure_x509_user_allocated_cert = NX_TRUE;
107
108 /* Add the certificate to the TLS session credentials X509 store. */
109 status = _nx_secure_x509_store_certificate_add(certificate, &tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store,
110 NX_SECURE_X509_CERT_LOCATION_FREE);
111
112 /* Release the protection. */
113 tx_mutex_put(&_nx_secure_tls_protection);
114
115 /* Translate some X.509 return values into TLS return values. */
116 if (status == NX_SECURE_X509_CERT_ID_DUPLICATE)
117 {
118 return(NX_SECURE_TLS_CERT_ID_DUPLICATE);
119 }
120
121 return(status);
122 #else
123 NX_PARAMETER_NOT_USED(tls_session);
124 NX_PARAMETER_NOT_USED(certificate);
125 NX_PARAMETER_NOT_USED(raw_certificate_buffer);
126 NX_PARAMETER_NOT_USED(buffer_size);
127
128 return(NX_NOT_SUPPORTED);
129 #endif
130 }
131
132
