1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24
25 /* Include necessary system files. */
26
27 #include "nx_secure_tls.h"
28
29 /**************************************************************************/
30 /* */
31 /* FUNCTION RELEASE */
32 /* */
33 /* _nx_secure_tls_remote_certificate_buffer_allocate PORTABLE C */
34 /* 6.2.1 */
35 /* AUTHOR */
36 /* */
37 /* Timothy Stapko, Microsoft Corporation */
38 /* */
39 /* DESCRIPTION */
40 /* */
41 /* This function allocates buffer space to hold incoming certificates */
42 /* sent by the remote host. The provided buffer must have enough space */
43 /* allocated for the maximum size of a certificate that may be provided*/
44 /* by a remote host times the expected size of the provided certificate*/
45 /* chain. The size needed can be calculated using the following */
46 /* formula: */
47 /* */
48 /* size = (<# of certs>) * (sizeof(NX_SECURE_X509_CERT) + */
49 /* <expected max cert size (~2KB)>) */
50 /* */
51 /* The space will be divided equally amongst the number of certificates*/
52 /* that can be carved from the provided buffer. */
53 /* */
54 /* INPUT */
55 /* */
56 /* tls_session Pointer to TLS Session */
57 /* certs_number Number of client certs */
58 /* certificate_buffer Buffer allocated for certs */
59 /* buffer_size Buffer size in bytes */
60 /* */
61 /* OUTPUT */
62 /* */
63 /* status Completion status */
64 /* */
65 /* CALLS */
66 /* */
67 /* _nx_secure_tls_remote_certificate_allocate */
68 /* Allocate space for certs */
69 /* */
70 /* CALLED BY */
71 /* */
72 /* Application Code */
73 /* */
74 /* RELEASE HISTORY */
75 /* */
76 /* DATE NAME DESCRIPTION */
77 /* */
78 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
79 /* 09-30-2020 Timothy Stapko Modified comment(s), */
80 /* resulting in version 6.1 */
81 /* 01-31-2022 Timothy Stapko Modified comment(s), */
82 /* removed parameter checking, */
83 /* resulting in version 6.1.10 */
84 /* 04-25-2022 Yuxin Zhou Modified comment(s), added */
85 /* assert to check for zero, */
86 /* resulting in version 6.1.11 */
87 /* 03-08-2023 Yanwu Cai Modified comment(s), */
88 /* fixed compiler errors when */
89 /* x509 is disabled, */
90 /* resulting in version 6.2.1 */
91 /* */
92 /**************************************************************************/
_nx_secure_tls_remote_certificate_buffer_allocate(NX_SECURE_TLS_SESSION * tls_session,UINT certs_number,VOID * certificate_buffer,ULONG buffer_size)93 UINT _nx_secure_tls_remote_certificate_buffer_allocate(NX_SECURE_TLS_SESSION *tls_session, UINT certs_number, VOID *certificate_buffer, ULONG buffer_size)
94 {
95 #ifndef NX_SECURE_DISABLE_X509
96 UINT status;
97 UINT metadata_size;
98 UINT cert_buffer_size;
99 UCHAR *buffer_ptr;
100 NX_SECURE_X509_CERT *cert_ptr;
101 UINT count;
102
103 /* Calculate the size of the X509 control blocks needed. */
104 metadata_size = sizeof(NX_SECURE_X509_CERT) * certs_number;
105
106 /* Check that buffer is large enough. */
107 if(buffer_size < metadata_size)
108 {
109 return(NX_INVALID_PARAMETERS);
110 }
111
112 NX_ASSERT(certs_number != 0);
113
114 /* Calculate the per-certificate size allocated from the buffer. */
115 cert_buffer_size = (buffer_size - metadata_size) / certs_number;
116
117 /* Check that the certificate buffer size makes sense. */
118 if(cert_buffer_size < NX_SECURE_TLS_MINIMUM_CERTIFICATE_SIZE)
119 {
120 return(NX_INVALID_PARAMETERS);
121 }
122
123 /* Get a working pointer to our certificate buffer. */
124 buffer_ptr = (UCHAR*)(certificate_buffer);
125
126 for(count = 0; count < certs_number; count++)
127 {
128 /* Allocate space for the cert control block. */
129 cert_ptr = (NX_SECURE_X509_CERT*)(buffer_ptr);
130
131 /* Advance working pointer past control block. */
132 buffer_ptr += sizeof(NX_SECURE_X509_CERT);
133
134 /* Now allocate space for remote certificates. */
135 status = _nx_secure_tls_remote_certificate_allocate(tls_session, cert_ptr, buffer_ptr, cert_buffer_size);
136
137 if(status != NX_SUCCESS)
138 {
139 return(status);
140 }
141
142 /* Advance working pointer past certificate buffer. */
143 buffer_ptr += cert_buffer_size;
144 }
145 /* Return completion status. */
146 return(NX_SUCCESS);
147 #else
148 NX_PARAMETER_NOT_USED(tls_session);
149 NX_PARAMETER_NOT_USED(certs_number);
150 NX_PARAMETER_NOT_USED(certificate_buffer);
151 NX_PARAMETER_NOT_USED(buffer_size);
152
153 return(NX_NOT_SUPPORTED);
154 #endif
155 }
156
157
