1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_tls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_tls_send_server_key_exchange PORTABLE C */
31 /* 6.2.0 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function generates a ServerKeyExchange message, which is used */
39 /* when the chosen ciphersuite requires additional information for key */
40 /* generation, such as when using Diffie-Hellman ciphers. */
41 /* */
42 /* INPUT */
43 /* */
44 /* tls_session TLS control block */
45 /* send_packet Packet used to send message */
46 /* */
47 /* OUTPUT */
48 /* */
49 /* status Completion status */
50 /* */
51 /* CALLS */
52 /* */
53 /* [nx_secure_generate_server_key_exchange] */
54 /* Generate ServerKeyExchange */
55 /* */
56 /* CALLED BY */
57 /* */
58 /* _nx_secure_dtls_server_handshake DTLS server state machine */
59 /* _nx_secure_tls_server_handshake TLS server state machine */
60 /* */
61 /* RELEASE HISTORY */
62 /* */
63 /* DATE NAME DESCRIPTION */
64 /* */
65 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
66 /* 09-30-2020 Timothy Stapko Modified comment(s), */
67 /* verified memcpy use cases, */
68 /* resulting in version 6.1 */
69 /* 10-31-2022 Yanwu Cai Modified comment(s), added */
70 /* custom secret generation, */
71 /* resulting in version 6.2.0 */
72 /* */
73 /**************************************************************************/
_nx_secure_tls_send_server_key_exchange(NX_SECURE_TLS_SESSION * tls_session,NX_PACKET * send_packet)74 UINT _nx_secure_tls_send_server_key_exchange(NX_SECURE_TLS_SESSION *tls_session,
75 NX_PACKET *send_packet)
76 {
77 #ifndef NX_SECURE_TLS_SERVER_DISABLED
78 ULONG length;
79 const NX_SECURE_TLS_CIPHERSUITE_INFO *ciphersuite;
80 UINT status;
81 VOID *tls_ecc_curves = NX_NULL;
82 UCHAR tls_1_3 = 0;
83
84
85
86 /* Build up the server key exchange message. Structure:
87 * | 2 | <key data length> |
88 * | Key data length | Key data (opaque) |
89 */
90
91 /* Figure out which ciphersuite we are using. */
92 ciphersuite = tls_session -> nx_secure_tls_session_ciphersuite;
93 if (ciphersuite == NX_NULL)
94 {
95 /* Likely internal error since at this point ciphersuite negotiation was theoretically completed. */
96 return(NX_SECURE_TLS_UNKNOWN_CIPHERSUITE);
97 }
98
99 length = 0;
100
101 #ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
102 tls_ecc_curves = &tls_session -> nx_secure_tls_ecc;
103 #endif
104
105 #if (NX_SECURE_TLS_TLS_1_3_ENABLED)
106 tls_1_3 = tls_session -> nx_secure_tls_1_3;
107 #endif
108
109 status = tls_session -> nx_secure_generate_server_key_exchange(ciphersuite, tls_session -> nx_secure_tls_protocol_version, tls_1_3,
110 tls_session -> nx_secure_tls_crypto_table, &tls_session -> nx_secure_tls_handshake_hash,
111 &tls_session -> nx_secure_tls_key_material, &tls_session -> nx_secure_tls_credentials,
112 send_packet -> nx_packet_append_ptr,
113 (ULONG)(send_packet -> nx_packet_data_end) - (ULONG)(send_packet -> nx_packet_append_ptr),
114 &length, tls_session -> nx_secure_public_cipher_metadata_area,
115 tls_session -> nx_secure_public_cipher_metadata_size,
116 tls_session -> nx_secure_public_auth_metadata_area,
117 tls_session -> nx_secure_public_auth_metadata_size,
118 tls_ecc_curves);
119
120 if (status)
121 {
122
123 return(status);
124 }
125
126
127 /* Finally, we have a complete length and can adjust our packet accordingly. */
128 send_packet -> nx_packet_append_ptr = send_packet -> nx_packet_append_ptr + length;
129 send_packet -> nx_packet_length = send_packet -> nx_packet_length + length;
130
131 return(NX_SECURE_TLS_SUCCESS);
132 #else
133 NX_PARAMETER_NOT_USED(tls_session);
134 NX_PARAMETER_NOT_USED(send_packet);
135 return(NX_SECURE_TLS_INVALID_STATE);
136 #endif
137 }
138
139
