1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** X.509 Digital Certificates */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 #include "nx_secure_x509.h"
26
27 /**************************************************************************/
28 /* */
29 /* FUNCTION RELEASE */
30 /* */
31 /* _nx_secure_x509_local_device_certificate_get PORTABLE C */
32 /* 6.1.6 */
33 /* AUTHOR */
34 /* */
35 /* Timothy Stapko, Microsoft Corporation */
36 /* */
37 /* DESCRIPTION */
38 /* */
39 /* This function searches a given certificate store for an device */
40 /* certificate. This is decided by searching the "local" certificate */
41 /* list in the given store for a certificate. If multiple certificates */
42 /* are in the store, the optional name is used to decide. */
43 /* */
44 /* INPUT */
45 /* */
46 /* store Pointer to certificate store */
47 /* name Optional name for selection */
48 /* certificate Pointer to cert pointer */
49 /* */
50 /* OUTPUT */
51 /* */
52 /* status Completion status */
53 /* */
54 /* CALLS */
55 /* */
56 /* _nx_secure_x509_certificate_list_find Find certificate by name */
57 /* */
58 /* CALLED BY */
59 /* */
60 /* _nx_secure_tls_process_certificate_request */
61 /* Process certificate request */
62 /* _nx_secure_tls_process_client_key_exchange */
63 /* Process ClientKeyExchange */
64 /* _nx_secure_tls_process_clienthello Process ClientHello */
65 /* _nx_secure_tls_send_certificate Send TLS certificate */
66 /* _nx_secure_tls_send_certificate_verify */
67 /* Send certificate verify */
68 /* _nx_secure_tls_send_server_key_exchange */
69 /* Send ServerKeyExchange */
70 /* */
71 /* RELEASE HISTORY */
72 /* */
73 /* DATE NAME DESCRIPTION */
74 /* */
75 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
76 /* 09-30-2020 Timothy Stapko Modified comment(s), */
77 /* resulting in version 6.1 */
78 /* 04-02-2021 Timothy Stapko Modified comment(s), */
79 /* removed dependency on TLS, */
80 /* resulting in version 6.1.6 */
81 /* */
82 /**************************************************************************/
_nx_secure_x509_local_device_certificate_get(NX_SECURE_X509_CERTIFICATE_STORE * store,NX_SECURE_X509_DISTINGUISHED_NAME * name,NX_SECURE_X509_CERT ** certificate)83 UINT _nx_secure_x509_local_device_certificate_get(NX_SECURE_X509_CERTIFICATE_STORE *store,
84 NX_SECURE_X509_DISTINGUISHED_NAME *name,
85 NX_SECURE_X509_CERT **certificate)
86 {
87 NX_SECURE_X509_CERT *list_head;
88 UINT status;
89 NX_SECURE_X509_CERT *current_cert;
90
91 /* Get the first certificate in the local store. */
92 list_head = store -> nx_secure_x509_local_certificates;
93
94 if (list_head == NX_CRYPTO_NULL)
95 {
96 /* No certificates in this store! */
97 return(NX_SECURE_X509_CERTIFICATE_NOT_FOUND);
98 }
99
100 /* If the name is NX_CRYPTO_NULL, search for identity certificates. */
101 if (name == NX_CRYPTO_NULL)
102 {
103 /* Walk the list until we find a certificate that is an identity certificate for this device
104 (it has a private RSA key). */
105 current_cert = list_head;
106
107 while (current_cert != NX_CRYPTO_NULL)
108 {
109 if (current_cert -> nx_secure_x509_certificate_is_identity_cert == NX_CRYPTO_TRUE)
110 {
111 /* We found a match, return it. */
112 if (certificate != NX_CRYPTO_NULL)
113 {
114 /* If certificate is NULL, just return that we found one. */
115 *certificate = current_cert;
116 }
117
118 /* We are OK to quit now, we found the certificate. */
119 return(NX_SECURE_X509_SUCCESS);
120 }
121
122 /* Advance our current certificate pointer. */
123 current_cert = current_cert -> nx_secure_x509_next_certificate;
124 }
125
126 /* No valid certificates in this store! */
127 return(NX_SECURE_X509_CERTIFICATE_NOT_FOUND);
128 }
129
130 /* At this point, we have a list and a name. Find the certificate with
131 the given name. */
132 status = _nx_secure_x509_certificate_list_find(&list_head, name, 0, certificate);
133
134 return(status);
135 }
136
137
