1 /**************************************************************************/
2 /*                                                                        */
3 /*       Copyright (c) Microsoft Corporation. All rights reserved.        */
4 /*                                                                        */
5 /*       This software is licensed under the Microsoft Software License   */
6 /*       Terms for Microsoft Azure RTOS. Full text of the license can be  */
7 /*       found in the LICENSE file at https://aka.ms/AzureRTOS_EULA       */
8 /*       and in the root directory of this software.                      */
9 /*                                                                        */
10 /**************************************************************************/
11 
12 
13 /**************************************************************************/
14 /**************************************************************************/
15 /**                                                                       */
16 /** NetX Secure Component                                                 */
17 /**                                                                       */
18 /**    Transport Layer Security (TLS)                                     */
19 /**                                                                       */
20 /**************************************************************************/
21 /**************************************************************************/
22 
23 #define NX_SECURE_SOURCE_CODE
24 
25 
26 /* Include necessary system files.  */
27 
28 #include "nx_secure_tls.h"
29 
30 /* Bring in externs for caller checking code.  */
31 
32 NX_SECURE_CALLER_CHECKING_EXTERNS
33 
34 /**************************************************************************/
35 /*                                                                        */
36 /*  FUNCTION                                               RELEASE        */
37 /*                                                                        */
38 /*    _nxe_secure_tls_session_x509_client_verify_configure PORTABLE C     */
39 /*                                                           6.1.10       */
40 /*  AUTHOR                                                                */
41 /*                                                                        */
42 /*    Timothy Stapko, Microsoft Corporation                               */
43 /*                                                                        */
44 /*  DESCRIPTION                                                           */
45 /*                                                                        */
46 /*    This function checks for errors in setting up client X509           */
47 /*    certificate verification for a TLS server instance.                 */
48 /*                                                                        */
49 /*  INPUT                                                                 */
50 /*                                                                        */
51 /*    tls_session                           Pointer to TLS Session        */
52 /*    certs_number                          Number of client certs        */
53 /*    certificate_buffer                    Buffer allocated for certs    */
54 /*    buffer_size                           Buffer size in bytes          */
55 /*                                                                        */
56 /*  OUTPUT                                                                */
57 /*                                                                        */
58 /*    status                                Completion status             */
59 /*                                                                        */
60 /*  CALLS                                                                 */
61 /*                                                                        */
62 /*    _nx_secure_tls_remote_certificate_buffer_allocate                   */
63 /*                                          Allocate certificate buffers  */
64 /*                                                                        */
65 /*  CALLED BY                                                             */
66 /*                                                                        */
67 /*    Application Code                                                    */
68 /*                                                                        */
69 /*  RELEASE HISTORY                                                       */
70 /*                                                                        */
71 /*    DATE              NAME                      DESCRIPTION             */
72 /*                                                                        */
73 /*  05-19-2020     Timothy Stapko           Initial Version 6.0           */
74 /*  09-30-2020     Timothy Stapko           Modified comment(s),          */
75 /*                                            resulting in version 6.1    */
76 /*  01-31-2022     Timothy Stapko           Modified comment(s),          */
77 /*                                            removed redundant checking, */
78 /*                                            resulting in version 6.1.10 */
79 /*                                                                        */
80 /**************************************************************************/
_nxe_secure_tls_session_x509_client_verify_configure(NX_SECURE_TLS_SESSION * tls_session,UINT certs_number,VOID * certificate_buffer,ULONG buffer_size)81 UINT  _nxe_secure_tls_session_x509_client_verify_configure(NX_SECURE_TLS_SESSION *tls_session, UINT certs_number, VOID *certificate_buffer, ULONG buffer_size)
82 {
83 UINT status;
84 UINT metadata_size;
85 UINT cert_buffer_size;
86 
87     /* Check for NULL pointers. */
88     if(tls_session == NX_NULL)
89     {
90         return(NX_PTR_ERROR);
91     }
92 
93     /* Make sure the session is initialized. */
94     if(tls_session -> nx_secure_tls_id != NX_SECURE_TLS_ID)
95     {
96         return(NX_SECURE_TLS_SESSION_UNINITIALIZED);
97     }
98 
99     /* If we have a non-null buffer but a size of 0, or a non-zero size but a NULL buffer
100        return error - non-null buffer needs non-zero size, null buffer must have size 0. */
101     if((certificate_buffer != NX_NULL && buffer_size == 0) ||
102        (certificate_buffer == NX_NULL && buffer_size != 0))
103     {
104         return(NX_INVALID_PARAMETERS);
105     }
106 
107     /* Allow 0 remote certificates to be allocated - indicates that certs should be
108        allocated from packet buffer instead. */
109     if(certificate_buffer != NX_NULL)
110     {
111         /* Calculate the size of the X509 control blocks needed. */
112         metadata_size = sizeof(NX_SECURE_X509_CERT) * certs_number;
113 
114         /* Check that buffer is large enough. */
115         if(buffer_size < metadata_size || certs_number == 0)
116         {
117             return(NX_INVALID_PARAMETERS);
118         }
119 
120         /* Calculate the per-certificate size allocated from the buffer. */
121         cert_buffer_size = (buffer_size - metadata_size) / certs_number;
122 
123         /* Check that the certificate buffer size makes sense. */
124         if(cert_buffer_size < NX_SECURE_TLS_MINIMUM_CERTIFICATE_SIZE)
125         {
126             return(NX_INVALID_PARAMETERS);
127         }
128     }
129 
130     /* Check for appropriate caller.  */
131     NX_THREADS_ONLY_CALLER_CHECKING
132 
133     /* Call actual function. */
134     status = _nx_secure_tls_session_x509_client_verify_configure(tls_session, certs_number, certificate_buffer, buffer_size);
135 
136     /* Return completion status.  */
137     return(status);
138 }
139 
140