1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Transport Layer Security (TLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_tls.h"
25 #include "nx_secure_x509.h"
26
27 /**************************************************************************/
28 /* */
29 /* FUNCTION RELEASE */
30 /* */
31 /* _nx_secure_tls_trusted_certificate_add PORTABLE C */
32 /* 6.2.1 */
33 /* AUTHOR */
34 /* */
35 /* Timothy Stapko, Microsoft Corporation */
36 /* */
37 /* DESCRIPTION */
38 /* */
39 /* This function adds an initialized NX_SECURE_TLS_CERTIFICATE to a */
40 /* TLS session for use as a trusted Root Certificate - the certificate */
41 /* is used to verify incoming certificates from the remote host, by */
42 /* matching the incoming certificate's Issuer Common Name field with */
43 /* that of the certificates in the Trusted Store to find the trusted */
44 /* key used to verify that the incoming certificate is valid. */
45 /* The function may be called repeatedly to add multiple certificates */
46 /* to the internal linked-list. */
47 /* */
48 /* INPUT */
49 /* */
50 /* tls_session Pointer to TLS Session */
51 /* certificate Pointer to certificate */
52 /* */
53 /* OUTPUT */
54 /* */
55 /* status Completion status */
56 /* */
57 /* CALLS */
58 /* */
59 /* tx_mutex_get Get protection mutex */
60 /* tx_mutex_put Put protection mutex */
61 /* [nx_secure_trusted_certificate_add] Add certificate to trusted */
62 /* store */
63 /* */
64 /* CALLED BY */
65 /* */
66 /* Application Code */
67 /* */
68 /* RELEASE HISTORY */
69 /* */
70 /* DATE NAME DESCRIPTION */
71 /* */
72 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
73 /* 09-30-2020 Timothy Stapko Modified comment(s), */
74 /* resulting in version 6.1 */
75 /* 04-02-2021 Timothy Stapko Modified comment(s), */
76 /* updated X.509 return value, */
77 /* resulting in version 6.1.6 */
78 /* 10-31-2022 Yanwu Cai Modified comment(s), added */
79 /* custom secret generation, */
80 /* resulting in version 6.2.0 */
81 /* 03-08-2023 Yanwu Cai Modified comment(s), */
82 /* fixed compiler errors when */
83 /* x509 is disabled, */
84 /* resulting in version 6.2.1 */
85 /* */
86 /**************************************************************************/
_nx_secure_tls_trusted_certificate_add(NX_SECURE_TLS_SESSION * tls_session,NX_SECURE_X509_CERT * certificate)87 UINT _nx_secure_tls_trusted_certificate_add(NX_SECURE_TLS_SESSION *tls_session,
88 NX_SECURE_X509_CERT *certificate)
89 {
90 #ifndef NX_SECURE_DISABLE_X509
91 UINT status;
92
93
94 /* Get the protection. */
95 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
96
97
98 /* Assign the TLS Session metadata areas to the certificate for later use. */
99 certificate -> nx_secure_x509_public_cipher_metadata_area = tls_session -> nx_secure_public_cipher_metadata_area;
100 certificate -> nx_secure_x509_public_cipher_metadata_size = tls_session -> nx_secure_public_cipher_metadata_size;
101
102 certificate -> nx_secure_x509_hash_metadata_area = tls_session -> nx_secure_hash_mac_metadata_area;
103 certificate -> nx_secure_x509_hash_metadata_size = tls_session -> nx_secure_hash_mac_metadata_size;
104
105 /* Assign the cipher table from the parent TLS session. */
106 certificate -> nx_secure_x509_cipher_table = tls_session -> nx_secure_tls_crypto_table -> nx_secure_tls_x509_cipher_table;
107 certificate -> nx_secure_x509_cipher_table_size = tls_session -> nx_secure_tls_crypto_table -> nx_secure_tls_x509_cipher_table_size;
108
109
110
111 /* Add the certificate to the TLS session credentials X509 store. */
112 status = tls_session -> nx_secure_trusted_certificate_add(&tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store, certificate);
113
114 /* Release the protection. */
115 tx_mutex_put(&_nx_secure_tls_protection);
116
117 return(status);
118 #else
119 NX_PARAMETER_NOT_USED(tls_session);
120 NX_PARAMETER_NOT_USED(certificate);
121
122 return(NX_NOT_SUPPORTED);
123 #endif
124 }
125
126
