1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Datagram Transport Layer Security (DTLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_dtls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_dtls_server_trusted_certificate_add PORTABLE C */
31 /* 6.2.1 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function adds a certificate to the trusted store for a DTLS */
39 /* server instance. This is required only if X.509 Client verification */
40 /* and authentication is enabled using */
41 /* nx_secure_dtls_server_x509_client_verify_configure. */
42 /* */
43 /* INPUT */
44 /* */
45 /* server_ptr DTLS server control block */
46 /* certificate Pointer to trusted certificate*/
47 /* cert_id Numeric id for certificate */
48 /* */
49 /* OUTPUT */
50 /* */
51 /* status Completion status */
52 /* */
53 /* CALLS */
54 /* */
55 /* _nx_secure_tls_trusted_certificate_add */
56 /* Add cert to TLS session */
57 /* */
58 /* CALLED BY */
59 /* */
60 /* Application Code */
61 /* */
62 /* RELEASE HISTORY */
63 /* */
64 /* DATE NAME DESCRIPTION */
65 /* */
66 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
67 /* 09-30-2020 Timothy Stapko Modified comment(s), and */
68 /* fixed compiler warnings, */
69 /* resulting in version 6.1 */
70 /* 03-08-2023 Yanwu Cai Modified comment(s), */
71 /* fixed compiler errors when */
72 /* x509 is disabled, */
73 /* resulting in version 6.2.1 */
74 /* */
75 /**************************************************************************/
_nx_secure_dtls_server_trusted_certificate_add(NX_SECURE_DTLS_SERVER * server_ptr,NX_SECURE_X509_CERT * certificate,UINT cert_id)76 UINT _nx_secure_dtls_server_trusted_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr,
77 NX_SECURE_X509_CERT *certificate, UINT cert_id)
78 {
79 #if defined(NX_SECURE_ENABLE_DTLS) && !defined(NX_SECURE_DISABLE_X509)
80 UINT status;
81 UINT i;
82 NX_SECURE_DTLS_SESSION *current_session;
83 NX_SECURE_TLS_SESSION *tls_session;
84 NX_SECURE_X509_CERT *list_head = NX_NULL;
85 UINT num_sessions;
86
87 /* Figure out number of sessions. */
88 num_sessions = server_ptr -> nx_dtls_server_sessions_count;
89
90 /* Add certificate to the first session. */
91 if (num_sessions > 0)
92 {
93 /* Get the first session. */
94 current_session = &(server_ptr -> nx_dtls_server_sessions[0]);
95
96 /* Get the internal TLS session instance. */
97 tls_session = &(current_session -> nx_secure_dtls_tls_session);
98
99 certificate -> nx_secure_x509_cert_identifier = cert_id;
100
101 /* Add the trusted certificate. */
102 status = _nx_secure_tls_trusted_certificate_add(tls_session, certificate);
103
104 if(status != NX_SUCCESS)
105 {
106 return(status);
107 }
108
109 /* Store the certificates list head for other sessions. */
110 list_head = tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store.nx_secure_x509_trusted_certificates;
111 }
112
113 /* Add certificate to the remaining sessions. */
114 for(i = 1; i < num_sessions; ++i)
115 {
116 /* Get the current session. */
117 current_session = &(server_ptr -> nx_dtls_server_sessions[i]);
118
119 /* Get the internal TLS session instance. */
120 tls_session = &(current_session -> nx_secure_dtls_tls_session);
121
122 /* Set the trusted certificates list to the same as the first session. */
123 tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store.nx_secure_x509_trusted_certificates = list_head;
124 }
125
126 return(NX_SUCCESS);
127 #else
128 NX_PARAMETER_NOT_USED(server_ptr);
129 NX_PARAMETER_NOT_USED(certificate);
130 NX_PARAMETER_NOT_USED(cert_id);
131
132 return(NX_NOT_SUPPORTED);
133 #endif /* NX_SECURE_ENABLE_DTLS && !NX_SECURE_DISABLE_X509 */
134 }
135
136
