1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Transport Layer Security (TLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25
26 /* Include necessary system files. */
27
28 #include "nx_secure_tls.h"
29
30 /**************************************************************************/
31 /* */
32 /* FUNCTION RELEASE */
33 /* */
34 /* _nx_secure_tls_session_x509_client_verify_configure PORTABLE C */
35 /* 6.2.1 */
36 /* AUTHOR */
37 /* */
38 /* Timothy Stapko, Microsoft Corporation */
39 /* */
40 /* DESCRIPTION */
41 /* */
42 /* This function enables Client Certificate Verification for TLS */
43 /* Server instances and accepts buffer space to hold incoming */
44 /* certificates sent by the remote host. If enabled, the TLS Server */
45 /* will request and verify a remote TLS Client Certificate using all */
46 /* available crypto signature routines. The provided buffer must have */
47 /* enough space allocated for the maximum size of a certificate that */
48 /* may be provided by a client times the expected size of the */
49 /* certificate chain that may be provided. The size needed can be */
50 /* calculated using the following formula: */
51 /* */
52 /* size = (<# of certs>) * (sizeof(NX_SECURE_X509_CERT) + */
53 /* <expected max cert size (~2KB)>) */
54 /* */
55 /* The space will be divided equally amongst the number of certificates*/
56 /* that can be carved from the provided buffer. */
57 /* */
58 /* The incoming certificate chain will be verified against the trusted */
59 /* certificate store built using nx_secure_tls_trusted_certificate_add.*/
60 /* Client X509 certificate verification in TLS Server proceeds in the */
61 /* same manner as the default TLS Client behavior in verifying server */
62 /* certificates. */
63 /* */
64 /* Note that this will only work for TLS Server sessions. Enabling */
65 /* Client Certificate Verification for TLS Client sessions will have */
66 /* no effect. */
67 /* */
68 /* As of 5.12, the certificate buffer may be set to NX_NULL to */
69 /* indicate that internal certificate buffering should be used. If the */
70 /* certificate_buffer parameter is NX_NULL, the buffer_size parameter */
71 /* should be set to 0. */
72 /* */
73 /* INPUT */
74 /* */
75 /* tls_session Pointer to TLS Session */
76 /* certs_number Number of client certs */
77 /* certificate_buffer Buffer allocated for certs */
78 /* buffer_size Buffer size in bytes */
79 /* */
80 /* OUTPUT */
81 /* */
82 /* status Completion status */
83 /* */
84 /* CALLS */
85 /* */
86 /* _nx_secure_tls_remote_certificate_buffer_allocate */
87 /* Allocate certificate buffers */
88 /* */
89 /* CALLED BY */
90 /* */
91 /* Application Code */
92 /* */
93 /* RELEASE HISTORY */
94 /* */
95 /* DATE NAME DESCRIPTION */
96 /* */
97 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
98 /* 09-30-2020 Timothy Stapko Modified comment(s), */
99 /* resulting in version 6.1 */
100 /* 03-08-2023 Yanwu Cai Modified comment(s), */
101 /* fixed compiler errors when */
102 /* x509 is disabled, */
103 /* resulting in version 6.2.1 */
104 /* */
105 /**************************************************************************/
_nx_secure_tls_session_x509_client_verify_configure(NX_SECURE_TLS_SESSION * tls_session,UINT certs_number,VOID * certificate_buffer,ULONG buffer_size)106 UINT _nx_secure_tls_session_x509_client_verify_configure(NX_SECURE_TLS_SESSION *tls_session, UINT certs_number, VOID *certificate_buffer, ULONG buffer_size)
107 {
108 #ifndef NX_SECURE_DISABLE_X509
109 UINT status = NX_SUCCESS;
110
111 /* Signal the TLS stack to request and verify remote Client certificates. */
112 tls_session -> nx_secure_tls_verify_client_certificate = NX_TRUE;
113
114 /* Allocate the certificate space. If buffer is NULL, then use internal in-place certificate buffering. */
115 if(certificate_buffer != NX_NULL && buffer_size != 0)
116 {
117 status = _nx_secure_tls_remote_certificate_buffer_allocate(tls_session, certs_number, certificate_buffer, buffer_size);
118 }
119
120 return(status);
121 #else
122 NX_PARAMETER_NOT_USED(tls_session);
123 NX_PARAMETER_NOT_USED(certs_number);
124 NX_PARAMETER_NOT_USED(certificate_buffer);
125 NX_PARAMETER_NOT_USED(buffer_size);
126
127 return(NX_NOT_SUPPORTED);
128 #endif
129 }
130
131
