1 /**************************************************************************/ 2 /* */ 3 /* Copyright (c) Microsoft Corporation. All rights reserved. */ 4 /* */ 5 /* This software is licensed under the Microsoft Software License */ 6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */ 7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ 8 /* and in the root directory of this software. */ 9 /* */ 10 /**************************************************************************/ 11 12 13 /**************************************************************************/ 14 /**************************************************************************/ 15 /** */ 16 /** NetX Secure Component */ 17 /** */ 18 /** Datagram Transport Layer Security (DTLS) */ 19 /** */ 20 /**************************************************************************/ 21 /**************************************************************************/ 22 23 24 /**************************************************************************/ 25 /* */ 26 /* COMPONENT DEFINITION RELEASE */ 27 /* */ 28 /* nx_secure_dtls.h PORTABLE C */ 29 /* 6.1.10 */ 30 /* AUTHOR */ 31 /* */ 32 /* Timothy Stapko, Microsoft Corporation */ 33 /* */ 34 /* DESCRIPTION */ 35 /* */ 36 /* This file defines all service prototypes and data structure */ 37 /* definitions for DTLS implementation. */ 38 /* */ 39 /* RELEASE HISTORY */ 40 /* */ 41 /* DATE NAME DESCRIPTION */ 42 /* */ 43 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 44 /* 09-30-2020 Timothy Stapko Modified comment(s), */ 45 /* resulting in version 6.1 */ 46 /* 12-31-2020 Timothy Stapko Modified comment(s), */ 47 /* improved buffer length */ 48 /* verification, */ 49 /* resulting in version 6.1.3 */ 50 /* 01-31-2022 Timothy Stapko Modified comment(s), */ 51 /* fixed out-of-order handling,*/ 52 /* updated cookie handling, */ 53 /* resulting in version 6.1.10 */ 54 /* */ 55 /**************************************************************************/ 56 57 #ifndef SRC_NX_SECURE_DTLS_H_ 58 #define SRC_NX_SECURE_DTLS_H_ 59 60 /* Determine if a C++ compiler is being used. If so, ensure that standard 61 C is used to process the API information. */ 62 #ifdef __cplusplus 63 64 /* Yes, C++ compiler is present. Use standard C. */ 65 extern "C" { 66 67 #endif 68 69 /* Include the ThreadX and port-specific data type file. */ 70 71 #include "nx_api.h" 72 #include "nx_secure_tls.h" 73 74 /* DTLS protocol versions. These are needed in the TLS header to support DTLS functionality in 75 shared DTLS/TLS services. */ 76 #define NX_SECURE_DTLS_VERSION_MAJOR 0xFE 77 #define NX_SECURE_DTLS_VERSION_MINOR_1_0 0xFF 78 #define NX_SECURE_DTLS_VERSION_MINOR_1_2 0xFD 79 80 #define NX_SECURE_DTLS_VERSION_1_0 ((NX_SECURE_DTLS_VERSION_MAJOR << 8) | NX_SECURE_DTLS_VERSION_MINOR_1_0) 81 #define NX_SECURE_DTLS_VERSION_1_2 ((NX_SECURE_DTLS_VERSION_MAJOR << 8) | NX_SECURE_DTLS_VERSION_MINOR_1_2) 82 83 /* DTLS constants. */ 84 #define NX_SECURE_DTLS_RECORD_HEADER_SIZE (NX_SECURE_TLS_RECORD_HEADER_SIZE + 8) /* Size of the DTLS record header in bytes. */ 85 #define NX_SECURE_DTLS_HANDSHAKE_HEADER_SIZE (NX_SECURE_TLS_HANDSHAKE_HEADER_SIZE + 8) /* Size of the DTLS handshake record header in bytes. */ 86 87 88 /* Default DTLS retransmit rate of 1 second. */ 89 #ifndef NX_SECURE_DTLS_RETRANSMIT_TIMEOUT 90 #define NX_SECURE_DTLS_RETRANSMIT_TIMEOUT NX_IP_PERIODIC_RATE 91 #endif /* NX_SECURE_DTLS_RETRANSMIT_TIMEOUT */ 92 93 /* Default maximum DTLS retransmit rate of 60 seconds. */ 94 #ifndef NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_TIMEOUT 95 #define NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_TIMEOUT (60 * NX_IP_PERIODIC_RATE) 96 #endif /* NX_SECURE_DTLS_MAX_RETRANSMIT_TIMEOUT */ 97 98 /* Default maximum DTLS retransmit retries. */ 99 #ifndef NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_RETRIES 100 #define NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_RETRIES 10 101 #endif /* NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_RETRIES */ 102 103 /* This define specifies how the retransmit timeout period changes between successive retries. If this 104 value is 0, the initial retransmit timeout is the same as subsequent retransmit timeouts. If this 105 value is 1, each successive retransmit is twice as long. The default value is 1. */ 106 #ifndef NX_SECURE_DTLS_RETRANSMIT_RETRY_SHIFT 107 #define NX_SECURE_DTLS_RETRANSMIT_RETRY_SHIFT 1 108 #endif /* NX_SECURE_DTLS_RETRANSMIT_RETRY_SHIFT */ 109 110 /* Default DTLS Cookie length. */ 111 #ifndef NX_SECURE_DTLS_COOKIE_LENGTH 112 #define NX_SECURE_DTLS_COOKIE_LENGTH 32 113 #endif /* NX_SECURE_DTLS_COOKIE_LENGTH */ 114 115 /* The cookie size limit for DTLS 1.2 clinet. */ 116 #define NX_SECURE_DTLS_MAX_COOKIE_LENGTH 255 117 118 /* Event flag masks for DTLS retransmit thread. */ 119 #define NX_SECURE_DTLS_ALL_EVENTS ((ULONG)0xFFFFFFFF) /* All event flags */ 120 #define NX_SECURE_DTLS_PERIODIC_EVENT ((ULONG)0x00000001) /* Periodic event */ 121 122 /* Forward declaration for pointer in DTLS session structure. */ 123 struct NX_SECURE_DTLS_SERVER_STRUCT; 124 125 /* Definition of the top-level DTLS session control block used by the application. */ 126 typedef struct NX_SECURE_DTLS_SESSION_STRUCT 127 { 128 /* TLS state not specific to DTLS is stored in the TLS session. */ 129 NX_SECURE_TLS_SESSION nx_secure_dtls_tls_session; 130 131 /* Underlying UDP socket for DTLS. */ 132 NX_UDP_SOCKET *nx_secure_dtls_udp_socket; 133 134 /* UDP doesn't have a persistent state like TCP, so save off IP address and Port. */ 135 UINT nx_secure_dtls_local_ip_address_index; 136 UINT nx_secure_dtls_local_port; 137 138 /* Save remote IP and port. */ 139 NXD_ADDRESS nx_secure_dtls_remote_ip_address; 140 UINT nx_secure_dtls_remote_port; 141 142 /* Flag for session is in use or not. */ 143 UINT nx_secure_dtls_session_in_use; 144 145 /* The DTLS handshake starts with a cookie exchange, save it here. */ 146 USHORT nx_secure_dtls_cookie_length; 147 UCHAR nx_secure_dtls_cookie[NX_SECURE_DTLS_COOKIE_LENGTH]; 148 149 UCHAR *nx_secure_dtls_client_cookie_ptr; 150 151 /* The DTLS handshake messages have a sequence number that is incremented 152 with each message sent. */ 153 USHORT nx_secure_dtls_local_handshake_sequence; 154 155 /* Save off the current fragment length (how much we have reassembled) so we know when 156 * we have complete handshake message data. */ 157 UINT nx_secure_dtls_fragment_length; 158 159 /* Sequence number of the current handshake record, used for fragmentation. */ 160 UINT nx_secure_dtls_remote_handshake_sequence; 161 162 /* Current expected sequence number for DTLS handshake messages. */ 163 UINT nx_secure_dtls_expected_handshake_sequence; 164 165 /* The DTLS epoch, used as the first part of the explicit DTLS sequence number. */ 166 USHORT nx_secure_dtls_local_epoch; 167 USHORT nx_secure_dtls_remote_epoch; 168 169 /* Define the DTLS sent queue. This queue is used to keep track of transmitted packets 170 already sent. DTLS will keep packets in this queue until the response flight is 171 received from the remote host, at which point the DTLS stack will release them. */ 172 ULONG nx_secure_dtls_transmit_queue_maximum; 173 ULONG nx_secure_dtls_transmit_sent_count; 174 NX_PACKET *nx_secure_dtls_transmit_sent_head, 175 *nx_secure_dtls_transmit_sent_tail; 176 177 /* Create a timer that is used to control the retransmission of dropped datagrams 178 during the DTLS handshake. */ 179 ULONG nx_secure_dtls_handshake_timeout; 180 ULONG nx_secure_dtls_timeout_retries; 181 182 /* Pointer to parent DTLS server structure (for server sessions). */ 183 struct NX_SECURE_DTLS_SERVER_STRUCT *nx_secure_dtls_server_parent; 184 185 /* Pointer to our UDP packet receive queue. */ 186 NX_PACKET *nx_secure_dtls_receive_queue_head; 187 188 /* Bitfield used for sliding window checks. */ 189 ULONG nx_secure_dtls_sliding_window; 190 191 /* Pointer to the thread waiting for packet. */ 192 TX_THREAD *nx_secure_dtls_thread_suspended; 193 194 /* Define the link between other DTLS structures created by the application. */ 195 struct NX_SECURE_DTLS_SESSION_STRUCT 196 *nx_secure_dtls_created_previous, 197 *nx_secure_dtls_created_next; 198 199 } NX_SECURE_DTLS_SESSION; 200 201 202 /* DTLS Server structure. Used to contain the information for handling multiple DTLS sessions on a single port. */ 203 typedef struct NX_SECURE_DTLS_SERVER_STRUCT 204 { 205 /* Pointer to supplied IP instance for this DTLS server. */ 206 NX_IP *nx_dtls_server_ip_ptr; 207 208 /* UDP socket shared by all sessions. */ 209 NX_UDP_SOCKET nx_dtls_server_udp_socket; 210 211 /* Pointer to session buffer - control blocks for each session in this server. */ 212 NX_SECURE_DTLS_SESSION *nx_dtls_server_sessions; 213 214 /* Number of sessions assigned to this server. */ 215 UINT nx_dtls_server_sessions_count; 216 217 /* The port this DTLS server is assigned to. */ 218 UINT nx_dtls_server_listen_port; 219 220 /* Timeout value for the server. */ 221 ULONG nx_dtls_server_timeout; 222 223 /* Notification callbacks for DTLS connections. */ 224 UINT (*nx_secure_dtls_connect_notify)(struct NX_SECURE_DTLS_SESSION_STRUCT *dtls_session, NXD_ADDRESS *ip_address, UINT port); 225 UINT (*nx_secure_dtls_receive_notify)(struct NX_SECURE_DTLS_SESSION_STRUCT *dtls_session); 226 UINT (*nx_secure_dtls_disconnect_notify)(struct NX_SECURE_DTLS_SESSION_STRUCT *dtls_session); 227 UINT (*nx_secure_dtls_error_notify)(struct NX_SECURE_DTLS_SESSION_STRUCT *dtls_session, UINT error_code); 228 229 /* This field overrides the version. */ 230 USHORT nx_dtls_server_protocol_version_override; 231 UCHAR nx_dtls_server_reserved_field[2]; 232 233 /* Reserved for possible future use. */ 234 ULONG nx_dtls_server_reserved; 235 236 /* Define the link between other DTLS server structures created by the application. */ 237 struct NX_SECURE_DTLS_SERVER_STRUCT 238 *nx_dtls_server_created_previous, 239 *nx_dtls_server_created_next; 240 } NX_SECURE_DTLS_SERVER; 241 242 243 244 245 246 /* Define API functions. */ 247 VOID _nx_secure_dtls_initialize(VOID); 248 UINT _nx_secure_dtls_server_create(NX_SECURE_DTLS_SERVER *server_ptr, NX_IP *ip_ptr, UINT port, ULONG timeout, 249 VOID *session_buffer, UINT session_buffer_size, 250 const NX_SECURE_TLS_CRYPTO *crypto_table, 251 VOID *crypto_metadata_buffer, ULONG crypto_metadata_size, 252 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size, 253 UINT (*connect_notify)(NX_SECURE_DTLS_SESSION *dtls_session, NXD_ADDRESS *ip_address, UINT port), 254 UINT (*receive_notify)(NX_SECURE_DTLS_SESSION *dtls_session)); 255 256 UINT _nx_secure_dtls_server_local_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr, 257 NX_SECURE_X509_CERT *certificate, UINT cert_id); 258 259 260 UINT _nx_secure_dtls_server_start(NX_SECURE_DTLS_SERVER *server_ptr); 261 262 UINT _nx_secure_dtls_session_create(NX_SECURE_DTLS_SESSION *session_ptr, 263 const NX_SECURE_TLS_CRYPTO *crypto_table, 264 VOID *metadata_buffer, ULONG metadata_size, 265 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size, 266 UINT certs_number, 267 UCHAR *remote_certificate_buffer, ULONG remote_certificate_buffer_size); 268 269 UINT _nx_secure_dtls_session_delete(NX_SECURE_DTLS_SESSION *dtls_session); 270 UINT _nx_secure_dtls_session_end(NX_SECURE_DTLS_SESSION *dtls_session, UINT wait_option); 271 UINT _nx_secure_dtls_session_receive(NX_SECURE_DTLS_SESSION *dtls_session, 272 NX_PACKET **packet_ptr_ptr, ULONG wait_option); 273 UINT _nx_secure_dtls_session_reset(NX_SECURE_DTLS_SESSION *session_ptr); 274 UINT _nx_secure_dtls_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr, 275 NXD_ADDRESS *ip_address, UINT port); 276 UINT _nx_secure_dtls_server_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr); 277 UINT _nx_secure_dtls_session_start(NX_SECURE_DTLS_SESSION *dtls_session, NX_UDP_SOCKET *udp_socket, 278 UINT is_client, UINT wait_option); 279 UINT _nx_secure_dtls_packet_allocate(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET_POOL *pool_ptr, 280 NX_PACKET **packet_ptr, ULONG wait_option); 281 282 UINT _nx_secure_dtls_client_session_start(NX_SECURE_DTLS_SESSION *dtls_session, NX_UDP_SOCKET *udp_socket, NXD_ADDRESS *ip_address, UINT port, UINT wait_option); 283 UINT _nx_secure_dtls_server_session_start(NX_SECURE_DTLS_SESSION *dtls_session, UINT wait_option); 284 285 UINT _nx_secure_dtls_server_delete(NX_SECURE_DTLS_SERVER *server_ptr); 286 287 UINT _nx_secure_dtls_server_local_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr, 288 UCHAR *common_name, UINT common_name_length, UINT cert_id); 289 290 291 UINT _nx_secure_dtls_server_notify_set(NX_SECURE_DTLS_SERVER *server_ptr, 292 UINT (*disconnect_notify)(NX_SECURE_DTLS_SESSION *dtls_session), 293 UINT (*error_notify)(NX_SECURE_DTLS_SESSION *dtls_session, UINT error_code)); 294 295 UINT _nx_secure_dtls_server_stop(NX_SECURE_DTLS_SERVER *server_ptr); 296 297 UINT _nx_secure_dtls_server_trusted_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr, 298 NX_SECURE_X509_CERT *certificate, UINT cert_id); 299 300 301 UINT _nx_secure_dtls_server_trusted_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr, 302 UCHAR *common_name, UINT common_name_length, UINT cert_id); 303 304 UINT _nx_secure_dtls_server_psk_add(NX_SECURE_DTLS_SERVER *server_ptr, UCHAR *pre_shared_key, 305 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint, 306 UINT hint_length); 307 308 UINT _nx_secure_dtls_server_x509_client_verify_configure(NX_SECURE_DTLS_SERVER *server_ptr, UINT certs_per_session, 309 UCHAR *certs_buffer, ULONG buffer_size); 310 311 UINT _nx_secure_dtls_server_x509_client_verify_disable(NX_SECURE_DTLS_SERVER *server_ptr); 312 313 UINT _nx_secure_dtls_session_client_info_get(NX_SECURE_DTLS_SESSION *dtls_session, 314 NXD_ADDRESS *client_ip_address, UINT *client_port, UINT *local_port); 315 316 UINT _nx_secure_dtls_session_local_certificate_add(NX_SECURE_DTLS_SESSION *dtls_session, 317 NX_SECURE_X509_CERT *certificate, UINT cert_id); 318 UINT _nx_secure_dtls_session_local_certificate_remove(NX_SECURE_DTLS_SESSION *dtls_session, 319 UCHAR *common_name, UINT common_name_length, UINT cert_id); 320 UINT _nx_secure_dtls_session_trusted_certificate_add(NX_SECURE_DTLS_SESSION *dtls_session, 321 NX_SECURE_X509_CERT *certificate, UINT cert_id); 322 UINT _nx_secure_dtls_session_trusted_certificate_remove(NX_SECURE_DTLS_SESSION *dtls_session, 323 UCHAR *common_name, UINT common_name_length, UINT cert_id); 324 UINT _nx_secure_dtls_psk_add(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *pre_shared_key, 325 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint, 326 UINT hint_length); 327 UINT _nx_secure_dtls_client_protocol_version_override(NX_SECURE_DTLS_SESSION *dtls_session, 328 USHORT protocol_version); 329 UINT _nx_secure_dtls_server_protocol_version_override(NX_SECURE_DTLS_SERVER *dtls_server, 330 USHORT protocol_version); 331 UINT _nx_secure_dtls_ecc_initialize(NX_SECURE_DTLS_SESSION *dtls_session, 332 const USHORT *supported_groups, USHORT supported_group_count, 333 const NX_CRYPTO_METHOD **curves); 334 UINT _nx_secure_dtls_server_ecc_initialize(NX_SECURE_DTLS_SERVER *server_ptr, 335 const USHORT *supported_groups, USHORT supported_group_count, 336 const NX_CRYPTO_METHOD **curves); 337 338 339 /* Error-checking shell API. */ 340 UINT _nxe_secure_dtls_session_create(NX_SECURE_DTLS_SESSION *session_ptr, 341 const NX_SECURE_TLS_CRYPTO *crypto_table, 342 VOID *metadata_buffer, ULONG metadata_size, 343 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size, 344 UINT certs_number, 345 UCHAR *remote_certificate_buffer, ULONG remote_certificate_buffer_size); 346 347 348 UINT _nxe_secure_dtls_session_delete(NX_SECURE_DTLS_SESSION *dtls_session); 349 UINT _nxe_secure_dtls_session_end(NX_SECURE_DTLS_SESSION *dtls_session, UINT wait_option); 350 UINT _nxe_secure_dtls_session_receive(NX_SECURE_DTLS_SESSION *dtls_session, 351 NX_PACKET **packet_ptr_ptr, ULONG wait_option); 352 UINT _nxe_secure_dtls_session_reset(NX_SECURE_DTLS_SESSION *session_ptr); 353 UINT _nxe_secure_dtls_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr, 354 NXD_ADDRESS *ip_address, UINT port); 355 UINT _nxe_secure_dtls_server_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr); 356 UINT _nxe_secure_dtls_session_start(NX_SECURE_DTLS_SESSION *dtls_session, NX_UDP_SOCKET *udp_socket, 357 UINT is_client, UINT wait_option); 358 359 UINT _nxe_secure_dtls_client_session_start(NX_SECURE_DTLS_SESSION *dtls_session, NX_UDP_SOCKET *udp_socket, NXD_ADDRESS *ip_address, UINT port, UINT wait_option); 360 UINT _nxe_secure_dtls_server_session_start(NX_SECURE_DTLS_SESSION *dtls_session, UINT wait_option); 361 362 UINT _nxe_secure_dtls_server_create(NX_SECURE_DTLS_SERVER *server_ptr, NX_IP *ip_ptr, UINT port, ULONG timeout, 363 VOID *session_buffer, UINT session_buffer_size, 364 const NX_SECURE_TLS_CRYPTO *crypto_table, 365 VOID *crypto_metadata_buffer, ULONG crypto_metadata_size, 366 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size, 367 UINT (*connect_notify)(NX_SECURE_DTLS_SESSION *dtls_session, NXD_ADDRESS *ip_address, UINT port), 368 UINT (*receive_notify)(NX_SECURE_DTLS_SESSION *dtls_session)); 369 370 UINT _nxe_secure_dtls_server_delete(NX_SECURE_DTLS_SERVER *server_ptr); 371 372 373 UINT _nxe_secure_dtls_server_local_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr, 374 NX_SECURE_X509_CERT *certificate, UINT cert_id); 375 376 UINT _nxe_secure_dtls_server_local_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr, 377 UCHAR *common_name, UINT common_name_length, UINT cert_id); 378 379 380 UINT _nxe_secure_dtls_server_notify_set(NX_SECURE_DTLS_SERVER *server_ptr, 381 UINT (*disconnect_notify)(NX_SECURE_DTLS_SESSION *dtls_session), 382 UINT (*error_notify)(NX_SECURE_DTLS_SESSION *dtls_session, UINT error_code)); 383 384 UINT _nxe_secure_dtls_server_start(NX_SECURE_DTLS_SERVER *server_ptr); 385 386 UINT _nxe_secure_dtls_server_stop(NX_SECURE_DTLS_SERVER *server_ptr); 387 388 UINT _nxe_secure_dtls_server_trusted_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr, 389 NX_SECURE_X509_CERT *certificate, UINT cert_id); 390 391 392 UINT _nxe_secure_dtls_server_trusted_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr, 393 UCHAR *common_name, UINT common_name_length, UINT cert_id); 394 395 UINT _nxe_secure_dtls_server_psk_add(NX_SECURE_DTLS_SERVER *server_ptr, UCHAR *pre_shared_key, 396 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint, 397 UINT hint_length); 398 399 400 UINT _nxe_secure_dtls_server_x509_client_verify_configure(NX_SECURE_DTLS_SERVER *server_ptr, UINT certs_per_session, 401 UCHAR *certs_buffer, ULONG buffer_size); 402 403 UINT _nxe_secure_dtls_server_x509_client_verify_disable(NX_SECURE_DTLS_SERVER *server_ptr); 404 405 UINT _nxe_secure_dtls_session_client_info_get(NX_SECURE_DTLS_SESSION *dtls_session, 406 NXD_ADDRESS *client_ip_address, UINT *client_port, UINT *local_port); 407 408 UINT _nxe_secure_dtls_packet_allocate(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET_POOL *pool_ptr, 409 NX_PACKET **packet_ptr, ULONG wait_option); 410 411 UINT _nxe_secure_dtls_session_local_certificate_add(NX_SECURE_DTLS_SESSION *dtls_session, 412 NX_SECURE_X509_CERT *certificate, UINT cert_id); 413 UINT _nxe_secure_dtls_session_local_certificate_remove(NX_SECURE_DTLS_SESSION *dtls_session, 414 UCHAR *common_name, UINT common_name_length, UINT cert_id); 415 UINT _nxe_secure_dtls_session_trusted_certificate_add(NX_SECURE_DTLS_SESSION *dtls_session, 416 NX_SECURE_X509_CERT *certificate, UINT cert_id); 417 UINT _nxe_secure_dtls_session_trusted_certificate_remove(NX_SECURE_DTLS_SESSION *dtls_session, 418 UCHAR *common_name, UINT common_name_length, UINT cert_id); 419 UINT _nxe_secure_dtls_psk_add(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *pre_shared_key, 420 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint, 421 UINT hint_length); 422 UINT _nxe_secure_dtls_client_protocol_version_override(NX_SECURE_DTLS_SESSION *dtls_session, 423 USHORT protocol_version); 424 UINT _nxe_secure_dtls_server_protocol_version_override(NX_SECURE_DTLS_SERVER *dtls_server, 425 USHORT protocol_version); 426 UINT _nxe_secure_dtls_ecc_initialize(NX_SECURE_DTLS_SESSION *dtls_session, 427 const USHORT *supported_groups, USHORT supported_group_count, 428 const NX_CRYPTO_METHOD **curves); 429 UINT _nxe_secure_dtls_server_ecc_initialize(NX_SECURE_DTLS_SERVER *server_ptr, 430 const USHORT *supported_groups, USHORT supported_group_count, 431 const NX_CRYPTO_METHOD **curves); 432 433 434 /* Define internal functions. */ 435 VOID _nx_secure_dtls_receive_callback(NX_UDP_SOCKET *socket_ptr); 436 437 #ifdef NX_SECURE_ENABLE_DTLS 438 439 440 441 UINT _nx_secure_dtls_allocate_handshake_packet(NX_SECURE_DTLS_SESSION *dtls_session, 442 NX_PACKET_POOL *packet_pool, NX_PACKET **packet_ptr, 443 ULONG wait_option); 444 445 UINT _nx_secure_dtls_hash_record(NX_SECURE_DTLS_SESSION *dtls_session, 446 ULONG sequence_num[NX_SECURE_TLS_SEQUENCE_NUMBER_SIZE], 447 UCHAR *header, UINT header_length, UCHAR *data, UINT length, 448 UCHAR *record_hash, UINT *hash_length, UCHAR *mac_secret); 449 450 UINT _nx_secure_dtls_client_handshake(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *packet_buffer, 451 UINT data_length, ULONG wait_option); 452 453 454 UINT _nx_secure_dtls_process_handshake_header(UCHAR *packet_buffer, USHORT *message_type, 455 UINT *header_size, UINT *message_length, 456 UINT *message_seq, UINT *fragment_offset, 457 UINT *fragment_length); 458 459 460 UINT _nx_secure_dtls_process_header(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr, 461 ULONG record_offset, USHORT *message_type, UINT *length, 462 UCHAR *header_data, USHORT *header_length); 463 464 UINT _nx_secure_dtls_session_sliding_window_check(NX_SECURE_DTLS_SESSION *dtls_session, ULONG *sequence_number); 465 UINT _nx_secure_dtls_session_sliding_window_update(NX_SECURE_DTLS_SESSION *dtls_session, ULONG *sequence_number); 466 467 UINT _nx_secure_dtls_process_record(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr, 468 ULONG record_offset, ULONG *bytes_processed, ULONG wait_option); 469 470 471 UINT _nx_secure_dtls_verify_mac(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *header_data, 472 USHORT header_length, UCHAR *data, UINT *length); 473 474 UINT _nx_secure_dtls_send_handshake_record(NX_SECURE_DTLS_SESSION *dtls_session, 475 NX_PACKET *send_packet, UCHAR handshake_type, 476 ULONG wait_option, UINT include_in_finished); 477 478 479 UINT _nx_secure_dtls_send_record(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *send_packet, 480 UCHAR record_type, ULONG wait_option); 481 482 UINT _nx_secure_dtls_server_handshake(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *packet_buffer, 483 UINT data_length, ULONG wait_option); 484 485 486 UINT _nx_secure_dtls_send_clienthello(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *send_packet); 487 UINT _nx_secure_dtls_send_helloverifyrequest(NX_SECURE_DTLS_SESSION *dtls_session, 488 NX_PACKET *send_packet); 489 490 UINT _nx_secure_dtls_process_clienthello(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *packet_buffer, 491 UINT message_length); 492 UINT _nx_secure_dtls_process_helloverifyrequest(NX_SECURE_DTLS_SESSION *dtls_session, 493 UCHAR *packet_buffer, UINT message_length); 494 UINT _nx_secure_dtls_send_serverhello(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *send_packet); 495 496 VOID _nx_secure_dtls_retransmit_queue_flush(NX_SECURE_DTLS_SESSION *dtls_session); 497 VOID _nx_secure_dtls_retransmit(NX_SECURE_DTLS_SESSION *dtls_session); 498 499 VOID nx_secure_dtls_session_cache_delete(NX_SECURE_DTLS_SERVER *dtls_server, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port); 500 UINT nx_secure_dtls_session_cache_get_new(NX_SECURE_DTLS_SERVER *dtls_server, NX_SECURE_DTLS_SESSION **dtls_session, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port); 501 UINT nx_secure_dtls_session_cache_find(NX_SECURE_DTLS_SERVER *dtls_server, NX_SECURE_DTLS_SESSION **dtls_session, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port); 502 503 #endif /* NX_SECURE_ENABLE_DTLS */ 504 505 /* DTLS component data declarations follow. */ 506 507 /* Determine if the initialization function of this component is including 508 this file. If so, make the data definitions really happen. Otherwise, 509 make them extern so other functions in the component can access them. */ 510 511 #ifdef NX_SECURE_DTLS_INIT 512 #define DTLS_DECLARE 513 #else 514 #define DTLS_DECLARE extern 515 #endif 516 517 /* Define the head pointer of the created DTLS session and DTLS server list. */ 518 DTLS_DECLARE NX_SECURE_DTLS_SESSION *_nx_secure_dtls_created_ptr; 519 DTLS_DECLARE ULONG _nx_secure_dtls_created_count; 520 DTLS_DECLARE NX_SECURE_DTLS_SERVER *_nx_secure_dtls_server_created_ptr; 521 DTLS_DECLARE ULONG _nx_secure_dtls_server_created_count; 522 523 #ifdef __cplusplus 524 } 525 #endif 526 527 #endif /* SRC_NX_SECURE_DTLS_H_ */ 528 529
