1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_tls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_tls_generate_premaster_secret PORTABLE C */
31 /* 6.2.0 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function generates the Pre-Master Secret for TLS Client */
39 /* instances. It is sent to the remote host and used as the seed for */
40 /* session key generation. */
41 /* */
42 /* INPUT */
43 /* */
44 /* tls_session TLS control block */
45 /* id TLS or DTLS */
46 /* */
47 /* OUTPUT */
48 /* */
49 /* status Completion status */
50 /* */
51 /* CALLS */
52 /* */
53 /* _nx_secure_tls_protocol_version_get Get current TLS version to use*/
54 /* [nx_secure_generate_premaster_secret] Generate pre-master secret */
55 /* */
56 /* CALLED BY */
57 /* */
58 /* _nx_secure_dtls_client_handshake DTLS client state machine */
59 /* _nx_secure_tls_client_handshake TLS client state machine */
60 /* _nx_secure_tls_process_client_key_exchange */
61 /* Process ClientKeyExchange */
62 /* */
63 /* RELEASE HISTORY */
64 /* */
65 /* DATE NAME DESCRIPTION */
66 /* */
67 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
68 /* 09-30-2020 Timothy Stapko Modified comment(s), update */
69 /* ECC find curve method, */
70 /* verified memcpy use cases, */
71 /* resulting in version 6.1 */
72 /* 04-25-2022 Yuxin Zhou Modified comment(s), removed */
73 /* internal unreachable logic, */
74 /* resulting in version 6.1.11 */
75 /* 10-31-2022 Yanwu Cai Modified comment(s), added */
76 /* custom secret generation, */
77 /* resulting in version 6.2.0 */
78 /* */
79 /**************************************************************************/
_nx_secure_tls_generate_premaster_secret(NX_SECURE_TLS_SESSION * tls_session,UINT id)80 UINT _nx_secure_tls_generate_premaster_secret(NX_SECURE_TLS_SESSION *tls_session, UINT id)
81 {
82 UINT status;
83 USHORT protocol_version;
84
85 if (tls_session -> nx_secure_tls_session_ciphersuite == NX_NULL)
86 {
87
88 /* Likely internal error since at this point ciphersuite negotiation was theoretically completed. */
89 return(NX_SECURE_TLS_UNKNOWN_CIPHERSUITE);
90 }
91
92 _nx_secure_tls_protocol_version_get(tls_session, &protocol_version, id);
93
94 #ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
95 status = tls_session -> nx_secure_generate_premaster_secret(tls_session -> nx_secure_tls_session_ciphersuite, protocol_version,
96 &tls_session -> nx_secure_tls_key_material, &tls_session -> nx_secure_tls_credentials,
97 tls_session -> nx_secure_tls_socket_type,
98 &tls_session -> nx_secure_tls_received_remote_credentials, tls_session -> nx_secure_public_cipher_metadata_area,
99 tls_session -> nx_secure_public_cipher_metadata_size, &tls_session -> nx_secure_tls_ecc);
100 #else
101 status = tls_session -> nx_secure_generate_premaster_secret(tls_session -> nx_secure_tls_session_ciphersuite, protocol_version,
102 &tls_session -> nx_secure_tls_key_material, &tls_session -> nx_secure_tls_credentials,
103 tls_session -> nx_secure_tls_socket_type,
104 &tls_session -> nx_secure_tls_received_remote_credentials, tls_session -> nx_secure_public_cipher_metadata_area,
105 tls_session -> nx_secure_public_cipher_metadata_size, NX_NULL);
106
107 #endif
108
109 return(status);
110 }
111
112
