1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Datagram Transport Layer Security (DTLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_dtls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_dtls_session_create PORTABLE C */
31 /* 6.1 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function initializes a DTLS session control block for later */
39 /* use in establishing a secure DTLS session over a UDP socket or */
40 /* other lower-level networking protocol. */
41 /* */
42 /* To calculate the necessary metadata size, the API */
43 /* nx_secure_tls_metadata_size_calculate may be used. */
44 /* */
45 /* INPUT */
46 /* */
47 /* session_ptr DTLS session control block */
48 /* crypto_table Crypto table */
49 /* metadata_buffer Encryption metadata buffer */
50 /* metadata_size Encryption metadata size */
51 /* packet_reassembly_buffer DTLS reassembly buffer */
52 /* packet_reassembly_buffer_size Size of reassembly buffer */
53 /* certs_number Number of certs */
54 /* remote_certificate_buffer Remote certificate buffer */
55 /* remote_certificate_buffer_size Remote certificate buffer size*/
56 /* */
57 /* OUTPUT */
58 /* */
59 /* status Completion status */
60 /* */
61 /* CALLS */
62 /* */
63 /* _nx_secure_tls_session_create Initialize TLS control block */
64 /* _nx_secure_tls_remote_certificate_buffer_allocate */
65 /* Allocate space for remote */
66 /* certificate */
67 /* _nxe_secure_tls_session_packet_buffer_set */
68 /* Allocate space for packet */
69 /* reassembly */
70 /* tx_mutex_get Get protection mutex */
71 /* tx_mutex_put Put protection mutex */
72 /* */
73 /* CALLED BY */
74 /* */
75 /* Application Code */
76 /* */
77 /* RELEASE HISTORY */
78 /* */
79 /* DATE NAME DESCRIPTION */
80 /* */
81 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
82 /* 09-30-2020 Timothy Stapko Modified comment(s), */
83 /* resulting in version 6.1 */
84 /* */
85 /**************************************************************************/
_nx_secure_dtls_session_create(NX_SECURE_DTLS_SESSION * session_ptr,const NX_SECURE_TLS_CRYPTO * crypto_table,VOID * metadata_buffer,ULONG metadata_size,UCHAR * packet_reassembly_buffer,UINT packet_reassembly_buffer_size,UINT certs_number,UCHAR * remote_certificate_buffer,ULONG remote_certificate_buffer_size)86 UINT _nx_secure_dtls_session_create(NX_SECURE_DTLS_SESSION *session_ptr,
87 const NX_SECURE_TLS_CRYPTO *crypto_table,
88 VOID *metadata_buffer, ULONG metadata_size,
89 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size,
90 UINT certs_number,
91 UCHAR *remote_certificate_buffer, ULONG remote_certificate_buffer_size)
92 {
93 #ifdef NX_SECURE_ENABLE_DTLS
94 UINT status;
95 NX_SECURE_TLS_SESSION *tls_session;
96 NX_SECURE_DTLS_SESSION *tail_ptr;
97
98 NX_SECURE_MEMSET(session_ptr, 0, sizeof(NX_SECURE_DTLS_SESSION));
99
100 /* Get a working pointer to the internal TLS control block. */
101 tls_session = &session_ptr -> nx_secure_dtls_tls_session;
102
103 /* Initialize the TLS session. Nothing specific to DTLS is needed in this function. */
104 status = _nx_secure_tls_session_create(tls_session, crypto_table, metadata_buffer, metadata_size);
105
106 if(status != NX_SUCCESS)
107 {
108 return(status);
109 }
110
111 /* Don't allocate space if we don't have any certificates. Mostly for internal
112 API calls when creating DTLS server sessions. */
113 if(certs_number > 0)
114 {
115 /* Allocate buffer space for incoming certificate chains. */
116 status = _nx_secure_tls_remote_certificate_buffer_allocate(tls_session, certs_number,
117 remote_certificate_buffer, remote_certificate_buffer_size);
118
119 if(status != NX_SUCCESS)
120 {
121 _nx_secure_tls_session_delete(tls_session);
122 return(status);
123 }
124 }
125
126 /* Allocate space for packet re-assembly. */
127 status = _nx_secure_tls_session_packet_buffer_set(tls_session, packet_reassembly_buffer, packet_reassembly_buffer_size);
128
129 if (status)
130 {
131
132 _nx_secure_tls_session_delete(tls_session);
133 return(status);
134 }
135
136 /* Get the protection. */
137 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
138
139 /* Place the new DTLS control block on the list of created DTLS. */
140 if (_nx_secure_dtls_created_ptr)
141 {
142
143 /* Pickup tail pointer. */
144 tail_ptr = _nx_secure_dtls_created_ptr -> nx_secure_dtls_created_previous;
145
146 /* Place the new DTLS control block in the list. */
147 _nx_secure_dtls_created_ptr -> nx_secure_dtls_created_previous = session_ptr;
148 tail_ptr -> nx_secure_dtls_created_next = session_ptr;
149
150 /* Setup this DTLS's created links. */
151 session_ptr -> nx_secure_dtls_created_previous = tail_ptr;
152 session_ptr -> nx_secure_dtls_created_next = _nx_secure_dtls_created_ptr;
153 }
154 else
155 {
156
157 /* The created DTLS list is empty. Add DTLS control block to empty list. */
158 _nx_secure_dtls_created_ptr = session_ptr;
159 session_ptr -> nx_secure_dtls_created_previous = session_ptr;
160 session_ptr -> nx_secure_dtls_created_next = session_ptr;
161 }
162 _nx_secure_dtls_created_count++;
163
164 /* Reset the local IP address index to 0xffffffff. */
165 session_ptr -> nx_secure_dtls_local_ip_address_index = 0xffffffff;
166
167 /* Release the protection. */
168 tx_mutex_put(&_nx_secure_tls_protection);
169
170 return(NX_SUCCESS);
171 #else
172 NX_PARAMETER_NOT_USED(session_ptr);
173 NX_PARAMETER_NOT_USED(crypto_table);
174 NX_PARAMETER_NOT_USED(metadata_buffer);
175 NX_PARAMETER_NOT_USED(metadata_size);
176 NX_PARAMETER_NOT_USED(packet_reassembly_buffer);
177 NX_PARAMETER_NOT_USED(packet_reassembly_buffer_size);
178 NX_PARAMETER_NOT_USED(certs_number);
179 NX_PARAMETER_NOT_USED(remote_certificate_buffer);
180 NX_PARAMETER_NOT_USED(remote_certificate_buffer_size);
181
182 return(NX_NOT_SUPPORTED);
183 #endif /* NX_SECURE_ENABLE_DTLS */
184 }
185
186
