1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Datagram Transport Layer Security (DTLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 #include "nx_secure_dtls.h"
26
27 /**************************************************************************/
28 /* */
29 /* FUNCTION RELEASE */
30 /* */
31 /* _nx_secure_dtls_session_create PORTABLE C */
32 /* 6.1 */
33 /* AUTHOR */
34 /* */
35 /* Timothy Stapko, Microsoft Corporation */
36 /* */
37 /* DESCRIPTION */
38 /* */
39 /* This function initializes a DTLS session control block for later */
40 /* use in establishing a secure DTLS session over a UDP socket or */
41 /* other lower-level networking protocol. */
42 /* */
43 /* To calculate the necessary metadata size, the API */
44 /* nx_secure_tls_metadata_size_calculate may be used. */
45 /* */
46 /* INPUT */
47 /* */
48 /* session_ptr DTLS session control block */
49 /* crypto_table Crypto table */
50 /* metadata_buffer Encryption metadata buffer */
51 /* metadata_size Encryption metadata size */
52 /* packet_reassembly_buffer DTLS reassembly buffer */
53 /* packet_reassembly_buffer_size Size of reassembly buffer */
54 /* certs_number Number of certs */
55 /* remote_certificate_buffer Remote certificate buffer */
56 /* remote_certificate_buffer_size Remote certificate buffer size*/
57 /* */
58 /* OUTPUT */
59 /* */
60 /* status Completion status */
61 /* */
62 /* CALLS */
63 /* */
64 /* _nx_secure_tls_session_create Initialize TLS control block */
65 /* _nx_secure_tls_remote_certificate_buffer_allocate */
66 /* Allocate space for remote */
67 /* certificate */
68 /* _nxe_secure_tls_session_packet_buffer_set */
69 /* Allocate space for packet */
70 /* reassembly */
71 /* tx_mutex_get Get protection mutex */
72 /* tx_mutex_put Put protection mutex */
73 /* */
74 /* CALLED BY */
75 /* */
76 /* Application Code */
77 /* */
78 /* RELEASE HISTORY */
79 /* */
80 /* DATE NAME DESCRIPTION */
81 /* */
82 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
83 /* 09-30-2020 Timothy Stapko Modified comment(s), */
84 /* resulting in version 6.1 */
85 /* */
86 /**************************************************************************/
_nx_secure_dtls_session_create(NX_SECURE_DTLS_SESSION * session_ptr,const NX_SECURE_TLS_CRYPTO * crypto_table,VOID * metadata_buffer,ULONG metadata_size,UCHAR * packet_reassembly_buffer,UINT packet_reassembly_buffer_size,UINT certs_number,UCHAR * remote_certificate_buffer,ULONG remote_certificate_buffer_size)87 UINT _nx_secure_dtls_session_create(NX_SECURE_DTLS_SESSION *session_ptr,
88 const NX_SECURE_TLS_CRYPTO *crypto_table,
89 VOID *metadata_buffer, ULONG metadata_size,
90 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size,
91 UINT certs_number,
92 UCHAR *remote_certificate_buffer, ULONG remote_certificate_buffer_size)
93 {
94 #ifdef NX_SECURE_ENABLE_DTLS
95 UINT status;
96 NX_SECURE_TLS_SESSION *tls_session;
97 NX_SECURE_DTLS_SESSION *tail_ptr;
98
99 NX_SECURE_MEMSET(session_ptr, 0, sizeof(NX_SECURE_DTLS_SESSION));
100
101 /* Get a working pointer to the internal TLS control block. */
102 tls_session = &session_ptr -> nx_secure_dtls_tls_session;
103
104 /* Initialize the TLS session. Nothing specific to DTLS is needed in this function. */
105 status = _nx_secure_tls_session_create(tls_session, crypto_table, metadata_buffer, metadata_size);
106
107 if(status != NX_SUCCESS)
108 {
109 return(status);
110 }
111
112 /* Don't allocate space if we don't have any certificates. Mostly for internal
113 API calls when creating DTLS server sessions. */
114 if(certs_number > 0)
115 {
116 /* Allocate buffer space for incoming certificate chains. */
117 status = _nx_secure_tls_remote_certificate_buffer_allocate(tls_session, certs_number,
118 remote_certificate_buffer, remote_certificate_buffer_size);
119
120 if(status != NX_SUCCESS)
121 {
122 _nx_secure_tls_session_delete(tls_session);
123 return(status);
124 }
125 }
126
127 /* Allocate space for packet re-assembly. */
128 status = _nx_secure_tls_session_packet_buffer_set(tls_session, packet_reassembly_buffer, packet_reassembly_buffer_size);
129
130 if (status)
131 {
132
133 _nx_secure_tls_session_delete(tls_session);
134 return(status);
135 }
136
137 /* Get the protection. */
138 tx_mutex_get(&_nx_secure_tls_protection, TX_WAIT_FOREVER);
139
140 /* Place the new DTLS control block on the list of created DTLS. */
141 if (_nx_secure_dtls_created_ptr)
142 {
143
144 /* Pickup tail pointer. */
145 tail_ptr = _nx_secure_dtls_created_ptr -> nx_secure_dtls_created_previous;
146
147 /* Place the new DTLS control block in the list. */
148 _nx_secure_dtls_created_ptr -> nx_secure_dtls_created_previous = session_ptr;
149 tail_ptr -> nx_secure_dtls_created_next = session_ptr;
150
151 /* Setup this DTLS's created links. */
152 session_ptr -> nx_secure_dtls_created_previous = tail_ptr;
153 session_ptr -> nx_secure_dtls_created_next = _nx_secure_dtls_created_ptr;
154 }
155 else
156 {
157
158 /* The created DTLS list is empty. Add DTLS control block to empty list. */
159 _nx_secure_dtls_created_ptr = session_ptr;
160 session_ptr -> nx_secure_dtls_created_previous = session_ptr;
161 session_ptr -> nx_secure_dtls_created_next = session_ptr;
162 }
163 _nx_secure_dtls_created_count++;
164
165 /* Reset the local IP address index to 0xffffffff. */
166 session_ptr -> nx_secure_dtls_local_ip_address_index = 0xffffffff;
167
168 /* Release the protection. */
169 tx_mutex_put(&_nx_secure_tls_protection);
170
171 return(NX_SUCCESS);
172 #else
173 NX_PARAMETER_NOT_USED(session_ptr);
174 NX_PARAMETER_NOT_USED(crypto_table);
175 NX_PARAMETER_NOT_USED(metadata_buffer);
176 NX_PARAMETER_NOT_USED(metadata_size);
177 NX_PARAMETER_NOT_USED(packet_reassembly_buffer);
178 NX_PARAMETER_NOT_USED(packet_reassembly_buffer_size);
179 NX_PARAMETER_NOT_USED(certs_number);
180 NX_PARAMETER_NOT_USED(remote_certificate_buffer);
181 NX_PARAMETER_NOT_USED(remote_certificate_buffer_size);
182
183 return(NX_NOT_SUPPORTED);
184 #endif /* NX_SECURE_ENABLE_DTLS */
185 }
186
187
