1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_tls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_tls_psk_add PORTABLE C */
31 /* 6.1.12 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function adds a pre-shared key (PSK) to a TLS session for use */
39 /* with a PSK ciphersuite. The second parameter is the PSK identity */
40 /* used during the TLS handshake to select the proper key. */
41 /* */
42 /* INPUT */
43 /* */
44 /* tls_session Pointer to TLS Session */
45 /* pre_shared_key Pointer to PSK data */
46 /* psk_length Length of PSK data */
47 /* psk_identity PSK identity data */
48 /* identity_length Length of identity data */
49 /* hint PSK hint data */
50 /* hint_length Length of hint data */
51 /* */
52 /* OUTPUT */
53 /* */
54 /* status Completion status */
55 /* */
56 /* CALLS */
57 /* */
58 /* tx_mutex_get Get protection mutex */
59 /* tx_mutex_put Put protection mutex */
60 /* */
61 /* CALLED BY */
62 /* */
63 /* Application Code */
64 /* */
65 /* RELEASE HISTORY */
66 /* */
67 /* DATE NAME DESCRIPTION */
68 /* */
69 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
70 /* 09-30-2020 Timothy Stapko Modified comment(s), improved */
71 /* buffer length verification, */
72 /* verified memcpy use cases, */
73 /* resulting in version 6.1 */
74 /* 07-29-2022 Yuxin Zhou Modified comment(s), */
75 /* fixed PSK size verification,*/
76 /* resulting in version 6.1.12 */
77 /* */
78 /**************************************************************************/
79 #if defined(NX_SECURE_ENABLE_PSK_CIPHERSUITES) || defined(NX_SECURE_ENABLE_ECJPAKE_CIPHERSUITE)
_nx_secure_tls_psk_add(NX_SECURE_TLS_SESSION * tls_session,UCHAR * pre_shared_key,UINT psk_length,UCHAR * psk_identity,UINT identity_length,UCHAR * hint,UINT hint_length)80 UINT _nx_secure_tls_psk_add(NX_SECURE_TLS_SESSION *tls_session, UCHAR *pre_shared_key,
81 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint,
82 UINT hint_length)
83 {
84 UINT status;
85 UINT current_index;
86
87 /* Get the protection. */
88 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
89
90 current_index = tls_session -> nx_secure_tls_credentials.nx_secure_tls_psk_count;
91
92 /* Make sure we have space to add the PSK and its identity data. */
93 if ((current_index + 1) < NX_SECURE_TLS_MAX_PSK_KEYS &&
94 psk_length <= NX_SECURE_TLS_MAX_PSK_SIZE &&
95 identity_length <= NX_SECURE_TLS_MAX_PSK_ID_SIZE &&
96 hint_length <= NX_SECURE_TLS_MAX_PSK_ID_SIZE)
97 {
98 /* Save off the PSK and its length. */
99 NX_SECURE_MEMCPY(tls_session -> nx_secure_tls_credentials.nx_secure_tls_psk_store[current_index].nx_secure_tls_psk_data, pre_shared_key, psk_length); /* Use case of memcpy is verified. */
100 tls_session -> nx_secure_tls_credentials.nx_secure_tls_psk_store[current_index].nx_secure_tls_psk_data_size = psk_length;
101
102 /* Save off the identity and its length. */
103 NX_SECURE_MEMCPY(tls_session -> nx_secure_tls_credentials.nx_secure_tls_psk_store[current_index].nx_secure_tls_psk_id, psk_identity, identity_length); /* Use case of memcpy is verified. */
104 tls_session -> nx_secure_tls_credentials.nx_secure_tls_psk_store[current_index].nx_secure_tls_psk_id_size = identity_length;
105
106 /* Save off the identity and its length. */
107 NX_SECURE_MEMCPY(tls_session -> nx_secure_tls_credentials.nx_secure_tls_psk_store[current_index].nx_secure_tls_psk_id_hint, hint, hint_length); /* Use case of memcpy is verified. */
108 tls_session -> nx_secure_tls_credentials.nx_secure_tls_psk_store[current_index].nx_secure_tls_psk_id_hint_size = hint_length;
109
110 /* Increment the session counter. */
111 tls_session -> nx_secure_tls_credentials.nx_secure_tls_psk_count = current_index + 1;
112
113 status = NX_SUCCESS;
114 }
115 else
116 {
117 /* Can't add any more PSKs. */
118 status = NX_SECURE_TLS_NO_MORE_PSK_SPACE;
119 }
120
121 /* Release the protection. */
122 tx_mutex_put(&_nx_secure_tls_protection);
123
124 return(status);
125 }
126 #endif
127
128
