1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24
25 #include "nx_secure_tls.h"
26
27 /**************************************************************************/
28 /* */
29 /* FUNCTION RELEASE */
30 /* */
31 /* _nx_secure_tls_send_client_key_exchange PORTABLE C */
32 /* 6.2.0 */
33 /* AUTHOR */
34 /* */
35 /* Timothy Stapko, Microsoft Corporation */
36 /* */
37 /* DESCRIPTION */
38 /* */
39 /* This function encrypts the Pre-Master Secret (generated earlier) */
40 /* and populates an NX_PACKET with the complete ClientKeyExchange */
41 /* message (to be sent by the caller). It also will send ephemeral */
42 /* keys for ciphersuites that require them. */
43 /* */
44 /* INPUT */
45 /* */
46 /* tls_session TLS control block */
47 /* send_packet Outgoing TLS packet */
48 /* */
49 /* OUTPUT */
50 /* */
51 /* status Completion status */
52 /* */
53 /* CALLS */
54 /* */
55 /* [nx_secure_generate_client_key_exchange] */
56 /* Generate ClientKeyExchange */
57 /* _nx_secure_tls_remote_certificate_free_all */
58 /* Free all remote certificates */
59 /* */
60 /* CALLED BY */
61 /* */
62 /* _nx_secure_dtls_client_handshake DTLS client state machine */
63 /* _nx_secure_tls_client_handshake TLS client state machine */
64 /* */
65 /* RELEASE HISTORY */
66 /* */
67 /* DATE NAME DESCRIPTION */
68 /* */
69 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
70 /* 09-30-2020 Timothy Stapko Modified comment(s), */
71 /* verified memcpy use cases, */
72 /* resulting in version 6.1 */
73 /* 04-25-2022 Zhen Kong Modified comment(s), improved */
74 /* internal logic to check data*/
75 /* size and then improved code */
76 /* coverage, resulting in */
77 /* version 6.1.11 */
78 /* 10-31-2022 Yanwu Cai Modified comment(s), added */
79 /* custom secret generation, */
80 /* resulting in version 6.2.0 */
81 /* */
82 /**************************************************************************/
_nx_secure_tls_send_client_key_exchange(NX_SECURE_TLS_SESSION * tls_session,NX_PACKET * send_packet)83 UINT _nx_secure_tls_send_client_key_exchange(NX_SECURE_TLS_SESSION *tls_session,
84 NX_PACKET *send_packet)
85 {
86 #if !defined(NX_SECURE_TLS_CLIENT_DISABLED)
87 UINT status;
88 ULONG data_size = 0;
89 ULONG buffer_length;
90
91 if (tls_session -> nx_secure_tls_session_ciphersuite == NX_NULL)
92 {
93
94 /* Likely internal error since at this point ciphersuite negotiation was theoretically completed. */
95 return(NX_SECURE_TLS_UNKNOWN_CIPHERSUITE);
96 }
97
98 buffer_length = (ULONG)(send_packet -> nx_packet_data_end) - (ULONG)(send_packet -> nx_packet_append_ptr);
99
100 status = tls_session -> nx_secure_generate_client_key_exchange(tls_session -> nx_secure_tls_session_ciphersuite,
101 &tls_session -> nx_secure_tls_key_material, &tls_session -> nx_secure_tls_credentials,
102 send_packet -> nx_packet_append_ptr,
103 buffer_length,
104 &data_size, tls_session -> nx_secure_public_cipher_metadata_area,
105 tls_session -> nx_secure_public_cipher_metadata_size,
106 tls_session -> nx_secure_public_auth_metadata_area,
107 tls_session -> nx_secure_public_auth_metadata_size);
108 if (status)
109 {
110 _nx_secure_tls_remote_certificate_free_all(tls_session);
111 return(status);
112 }
113
114 send_packet -> nx_packet_append_ptr = send_packet -> nx_packet_append_ptr + data_size;
115 send_packet -> nx_packet_length = send_packet -> nx_packet_length + data_size;
116
117 return(NX_SECURE_TLS_SUCCESS);
118 #else
119 NX_PARAMETER_NOT_USED(tls_session);
120 NX_PARAMETER_NOT_USED(send_packet);
121 return(NX_SECURE_TLS_INVALID_STATE);
122 #endif
123 }
124
125
