1 /*************************************************************************** 2 * Copyright (c) 2024 Microsoft Corporation 3 * 4 * This program and the accompanying materials are made available under the 5 * terms of the MIT License which is available at 6 * https://opensource.org/licenses/MIT. 7 * 8 * SPDX-License-Identifier: MIT 9 **************************************************************************/ 10 11 12 /**************************************************************************/ 13 /**************************************************************************/ 14 /** */ 15 /** NetX Secure Component */ 16 /** */ 17 /** Datagram Transport Layer Security (DTLS) */ 18 /** */ 19 /**************************************************************************/ 20 /**************************************************************************/ 21 22 23 /**************************************************************************/ 24 /* */ 25 /* COMPONENT DEFINITION RELEASE */ 26 /* */ 27 /* nx_secure_dtls.h PORTABLE C */ 28 /* 6.1.10 */ 29 /* AUTHOR */ 30 /* */ 31 /* Timothy Stapko, Microsoft Corporation */ 32 /* */ 33 /* DESCRIPTION */ 34 /* */ 35 /* This file defines all service prototypes and data structure */ 36 /* definitions for DTLS implementation. */ 37 /* */ 38 /* RELEASE HISTORY */ 39 /* */ 40 /* DATE NAME DESCRIPTION */ 41 /* */ 42 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 43 /* 09-30-2020 Timothy Stapko Modified comment(s), */ 44 /* resulting in version 6.1 */ 45 /* 12-31-2020 Timothy Stapko Modified comment(s), */ 46 /* improved buffer length */ 47 /* verification, */ 48 /* resulting in version 6.1.3 */ 49 /* 01-31-2022 Timothy Stapko Modified comment(s), */ 50 /* fixed out-of-order handling,*/ 51 /* updated cookie handling, */ 52 /* resulting in version 6.1.10 */ 53 /* */ 54 /**************************************************************************/ 55 56 #ifndef SRC_NX_SECURE_DTLS_H_ 57 #define SRC_NX_SECURE_DTLS_H_ 58 59 /* Determine if a C++ compiler is being used. If so, ensure that standard 60 C is used to process the API information. */ 61 #ifdef __cplusplus 62 63 /* Yes, C++ compiler is present. Use standard C. */ 64 extern "C" { 65 66 #endif 67 68 /* Include the ThreadX and port-specific data type file. */ 69 70 #include "nx_api.h" 71 #include "nx_secure_tls.h" 72 73 /* DTLS protocol versions. These are needed in the TLS header to support DTLS functionality in 74 shared DTLS/TLS services. */ 75 #define NX_SECURE_DTLS_VERSION_MAJOR 0xFE 76 #define NX_SECURE_DTLS_VERSION_MINOR_1_0 0xFF 77 #define NX_SECURE_DTLS_VERSION_MINOR_1_2 0xFD 78 79 #define NX_SECURE_DTLS_VERSION_1_0 ((NX_SECURE_DTLS_VERSION_MAJOR << 8) | NX_SECURE_DTLS_VERSION_MINOR_1_0) 80 #define NX_SECURE_DTLS_VERSION_1_2 ((NX_SECURE_DTLS_VERSION_MAJOR << 8) | NX_SECURE_DTLS_VERSION_MINOR_1_2) 81 82 /* DTLS constants. */ 83 #define NX_SECURE_DTLS_RECORD_HEADER_SIZE (NX_SECURE_TLS_RECORD_HEADER_SIZE + 8) /* Size of the DTLS record header in bytes. */ 84 #define NX_SECURE_DTLS_HANDSHAKE_HEADER_SIZE (NX_SECURE_TLS_HANDSHAKE_HEADER_SIZE + 8) /* Size of the DTLS handshake record header in bytes. */ 85 86 87 /* Default DTLS retransmit rate of 1 second. */ 88 #ifndef NX_SECURE_DTLS_RETRANSMIT_TIMEOUT 89 #define NX_SECURE_DTLS_RETRANSMIT_TIMEOUT NX_IP_PERIODIC_RATE 90 #endif /* NX_SECURE_DTLS_RETRANSMIT_TIMEOUT */ 91 92 /* Default maximum DTLS retransmit rate of 60 seconds. */ 93 #ifndef NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_TIMEOUT 94 #define NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_TIMEOUT (60 * NX_IP_PERIODIC_RATE) 95 #endif /* NX_SECURE_DTLS_MAX_RETRANSMIT_TIMEOUT */ 96 97 /* Default maximum DTLS retransmit retries. */ 98 #ifndef NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_RETRIES 99 #define NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_RETRIES 10 100 #endif /* NX_SECURE_DTLS_MAXIMUM_RETRANSMIT_RETRIES */ 101 102 /* This define specifies how the retransmit timeout period changes between successive retries. If this 103 value is 0, the initial retransmit timeout is the same as subsequent retransmit timeouts. If this 104 value is 1, each successive retransmit is twice as long. The default value is 1. */ 105 #ifndef NX_SECURE_DTLS_RETRANSMIT_RETRY_SHIFT 106 #define NX_SECURE_DTLS_RETRANSMIT_RETRY_SHIFT 1 107 #endif /* NX_SECURE_DTLS_RETRANSMIT_RETRY_SHIFT */ 108 109 /* Default DTLS Cookie length. */ 110 #ifndef NX_SECURE_DTLS_COOKIE_LENGTH 111 #define NX_SECURE_DTLS_COOKIE_LENGTH 32 112 #endif /* NX_SECURE_DTLS_COOKIE_LENGTH */ 113 114 /* The cookie size limit for DTLS 1.2 clinet. */ 115 #define NX_SECURE_DTLS_MAX_COOKIE_LENGTH 255 116 117 /* Event flag masks for DTLS retransmit thread. */ 118 #define NX_SECURE_DTLS_ALL_EVENTS ((ULONG)0xFFFFFFFF) /* All event flags */ 119 #define NX_SECURE_DTLS_PERIODIC_EVENT ((ULONG)0x00000001) /* Periodic event */ 120 121 /* Forward declaration for pointer in DTLS session structure. */ 122 struct NX_SECURE_DTLS_SERVER_STRUCT; 123 124 /* Definition of the top-level DTLS session control block used by the application. */ 125 typedef struct NX_SECURE_DTLS_SESSION_STRUCT 126 { 127 /* TLS state not specific to DTLS is stored in the TLS session. */ 128 NX_SECURE_TLS_SESSION nx_secure_dtls_tls_session; 129 130 /* Underlying UDP socket for DTLS. */ 131 NX_UDP_SOCKET *nx_secure_dtls_udp_socket; 132 133 /* UDP doesn't have a persistent state like TCP, so save off IP address and Port. */ 134 UINT nx_secure_dtls_local_ip_address_index; 135 UINT nx_secure_dtls_local_port; 136 137 /* Save remote IP and port. */ 138 NXD_ADDRESS nx_secure_dtls_remote_ip_address; 139 UINT nx_secure_dtls_remote_port; 140 141 /* Flag for session is in use or not. */ 142 UINT nx_secure_dtls_session_in_use; 143 144 /* The DTLS handshake starts with a cookie exchange, save it here. */ 145 USHORT nx_secure_dtls_cookie_length; 146 UCHAR nx_secure_dtls_cookie[NX_SECURE_DTLS_COOKIE_LENGTH]; 147 148 UCHAR *nx_secure_dtls_client_cookie_ptr; 149 150 /* The DTLS handshake messages have a sequence number that is incremented 151 with each message sent. */ 152 USHORT nx_secure_dtls_local_handshake_sequence; 153 154 /* Save off the current fragment length (how much we have reassembled) so we know when 155 * we have complete handshake message data. */ 156 UINT nx_secure_dtls_fragment_length; 157 158 /* Sequence number of the current handshake record, used for fragmentation. */ 159 UINT nx_secure_dtls_remote_handshake_sequence; 160 161 /* Current expected sequence number for DTLS handshake messages. */ 162 UINT nx_secure_dtls_expected_handshake_sequence; 163 164 /* The DTLS epoch, used as the first part of the explicit DTLS sequence number. */ 165 USHORT nx_secure_dtls_local_epoch; 166 USHORT nx_secure_dtls_remote_epoch; 167 168 /* Define the DTLS sent queue. This queue is used to keep track of transmitted packets 169 already sent. DTLS will keep packets in this queue until the response flight is 170 received from the remote host, at which point the DTLS stack will release them. */ 171 ULONG nx_secure_dtls_transmit_queue_maximum; 172 ULONG nx_secure_dtls_transmit_sent_count; 173 NX_PACKET *nx_secure_dtls_transmit_sent_head, 174 *nx_secure_dtls_transmit_sent_tail; 175 176 /* Create a timer that is used to control the retransmission of dropped datagrams 177 during the DTLS handshake. */ 178 ULONG nx_secure_dtls_handshake_timeout; 179 ULONG nx_secure_dtls_timeout_retries; 180 181 /* Pointer to parent DTLS server structure (for server sessions). */ 182 struct NX_SECURE_DTLS_SERVER_STRUCT *nx_secure_dtls_server_parent; 183 184 /* Pointer to our UDP packet receive queue. */ 185 NX_PACKET *nx_secure_dtls_receive_queue_head; 186 187 /* Bitfield used for sliding window checks. */ 188 ULONG nx_secure_dtls_sliding_window; 189 190 /* Pointer to the thread waiting for packet. */ 191 TX_THREAD *nx_secure_dtls_thread_suspended; 192 193 /* Define the link between other DTLS structures created by the application. */ 194 struct NX_SECURE_DTLS_SESSION_STRUCT 195 *nx_secure_dtls_created_previous, 196 *nx_secure_dtls_created_next; 197 198 } NX_SECURE_DTLS_SESSION; 199 200 201 /* DTLS Server structure. Used to contain the information for handling multiple DTLS sessions on a single port. */ 202 typedef struct NX_SECURE_DTLS_SERVER_STRUCT 203 { 204 /* Pointer to supplied IP instance for this DTLS server. */ 205 NX_IP *nx_dtls_server_ip_ptr; 206 207 /* UDP socket shared by all sessions. */ 208 NX_UDP_SOCKET nx_dtls_server_udp_socket; 209 210 /* Pointer to session buffer - control blocks for each session in this server. */ 211 NX_SECURE_DTLS_SESSION *nx_dtls_server_sessions; 212 213 /* Number of sessions assigned to this server. */ 214 UINT nx_dtls_server_sessions_count; 215 216 /* The port this DTLS server is assigned to. */ 217 UINT nx_dtls_server_listen_port; 218 219 /* Timeout value for the server. */ 220 ULONG nx_dtls_server_timeout; 221 222 /* Notification callbacks for DTLS connections. */ 223 UINT (*nx_secure_dtls_connect_notify)(struct NX_SECURE_DTLS_SESSION_STRUCT *dtls_session, NXD_ADDRESS *ip_address, UINT port); 224 UINT (*nx_secure_dtls_receive_notify)(struct NX_SECURE_DTLS_SESSION_STRUCT *dtls_session); 225 UINT (*nx_secure_dtls_disconnect_notify)(struct NX_SECURE_DTLS_SESSION_STRUCT *dtls_session); 226 UINT (*nx_secure_dtls_error_notify)(struct NX_SECURE_DTLS_SESSION_STRUCT *dtls_session, UINT error_code); 227 228 /* This field overrides the version. */ 229 USHORT nx_dtls_server_protocol_version_override; 230 UCHAR nx_dtls_server_reserved_field[2]; 231 232 /* Reserved for possible future use. */ 233 ULONG nx_dtls_server_reserved; 234 235 /* Define the link between other DTLS server structures created by the application. */ 236 struct NX_SECURE_DTLS_SERVER_STRUCT 237 *nx_dtls_server_created_previous, 238 *nx_dtls_server_created_next; 239 } NX_SECURE_DTLS_SERVER; 240 241 242 243 244 245 /* Define API functions. */ 246 VOID _nx_secure_dtls_initialize(VOID); 247 UINT _nx_secure_dtls_server_create(NX_SECURE_DTLS_SERVER *server_ptr, NX_IP *ip_ptr, UINT port, ULONG timeout, 248 VOID *session_buffer, UINT session_buffer_size, 249 const NX_SECURE_TLS_CRYPTO *crypto_table, 250 VOID *crypto_metadata_buffer, ULONG crypto_metadata_size, 251 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size, 252 UINT (*connect_notify)(NX_SECURE_DTLS_SESSION *dtls_session, NXD_ADDRESS *ip_address, UINT port), 253 UINT (*receive_notify)(NX_SECURE_DTLS_SESSION *dtls_session)); 254 255 UINT _nx_secure_dtls_server_local_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr, 256 NX_SECURE_X509_CERT *certificate, UINT cert_id); 257 258 259 UINT _nx_secure_dtls_server_start(NX_SECURE_DTLS_SERVER *server_ptr); 260 261 UINT _nx_secure_dtls_session_create(NX_SECURE_DTLS_SESSION *session_ptr, 262 const NX_SECURE_TLS_CRYPTO *crypto_table, 263 VOID *metadata_buffer, ULONG metadata_size, 264 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size, 265 UINT certs_number, 266 UCHAR *remote_certificate_buffer, ULONG remote_certificate_buffer_size); 267 268 UINT _nx_secure_dtls_session_delete(NX_SECURE_DTLS_SESSION *dtls_session); 269 UINT _nx_secure_dtls_session_end(NX_SECURE_DTLS_SESSION *dtls_session, UINT wait_option); 270 UINT _nx_secure_dtls_session_receive(NX_SECURE_DTLS_SESSION *dtls_session, 271 NX_PACKET **packet_ptr_ptr, ULONG wait_option); 272 UINT _nx_secure_dtls_session_reset(NX_SECURE_DTLS_SESSION *session_ptr); 273 UINT _nx_secure_dtls_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr, 274 NXD_ADDRESS *ip_address, UINT port); 275 UINT _nx_secure_dtls_server_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr); 276 UINT _nx_secure_dtls_session_start(NX_SECURE_DTLS_SESSION *dtls_session, NX_UDP_SOCKET *udp_socket, 277 UINT is_client, UINT wait_option); 278 UINT _nx_secure_dtls_packet_allocate(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET_POOL *pool_ptr, 279 NX_PACKET **packet_ptr, ULONG wait_option); 280 281 UINT _nx_secure_dtls_client_session_start(NX_SECURE_DTLS_SESSION *dtls_session, NX_UDP_SOCKET *udp_socket, NXD_ADDRESS *ip_address, UINT port, UINT wait_option); 282 UINT _nx_secure_dtls_server_session_start(NX_SECURE_DTLS_SESSION *dtls_session, UINT wait_option); 283 284 UINT _nx_secure_dtls_server_delete(NX_SECURE_DTLS_SERVER *server_ptr); 285 286 UINT _nx_secure_dtls_server_local_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr, 287 UCHAR *common_name, UINT common_name_length, UINT cert_id); 288 289 290 UINT _nx_secure_dtls_server_notify_set(NX_SECURE_DTLS_SERVER *server_ptr, 291 UINT (*disconnect_notify)(NX_SECURE_DTLS_SESSION *dtls_session), 292 UINT (*error_notify)(NX_SECURE_DTLS_SESSION *dtls_session, UINT error_code)); 293 294 UINT _nx_secure_dtls_server_stop(NX_SECURE_DTLS_SERVER *server_ptr); 295 296 UINT _nx_secure_dtls_server_trusted_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr, 297 NX_SECURE_X509_CERT *certificate, UINT cert_id); 298 299 300 UINT _nx_secure_dtls_server_trusted_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr, 301 UCHAR *common_name, UINT common_name_length, UINT cert_id); 302 303 UINT _nx_secure_dtls_server_psk_add(NX_SECURE_DTLS_SERVER *server_ptr, UCHAR *pre_shared_key, 304 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint, 305 UINT hint_length); 306 307 UINT _nx_secure_dtls_server_x509_client_verify_configure(NX_SECURE_DTLS_SERVER *server_ptr, UINT certs_per_session, 308 UCHAR *certs_buffer, ULONG buffer_size); 309 310 UINT _nx_secure_dtls_server_x509_client_verify_disable(NX_SECURE_DTLS_SERVER *server_ptr); 311 312 UINT _nx_secure_dtls_session_client_info_get(NX_SECURE_DTLS_SESSION *dtls_session, 313 NXD_ADDRESS *client_ip_address, UINT *client_port, UINT *local_port); 314 315 UINT _nx_secure_dtls_session_local_certificate_add(NX_SECURE_DTLS_SESSION *dtls_session, 316 NX_SECURE_X509_CERT *certificate, UINT cert_id); 317 UINT _nx_secure_dtls_session_local_certificate_remove(NX_SECURE_DTLS_SESSION *dtls_session, 318 UCHAR *common_name, UINT common_name_length, UINT cert_id); 319 UINT _nx_secure_dtls_session_trusted_certificate_add(NX_SECURE_DTLS_SESSION *dtls_session, 320 NX_SECURE_X509_CERT *certificate, UINT cert_id); 321 UINT _nx_secure_dtls_session_trusted_certificate_remove(NX_SECURE_DTLS_SESSION *dtls_session, 322 UCHAR *common_name, UINT common_name_length, UINT cert_id); 323 UINT _nx_secure_dtls_psk_add(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *pre_shared_key, 324 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint, 325 UINT hint_length); 326 UINT _nx_secure_dtls_client_protocol_version_override(NX_SECURE_DTLS_SESSION *dtls_session, 327 USHORT protocol_version); 328 UINT _nx_secure_dtls_server_protocol_version_override(NX_SECURE_DTLS_SERVER *dtls_server, 329 USHORT protocol_version); 330 UINT _nx_secure_dtls_ecc_initialize(NX_SECURE_DTLS_SESSION *dtls_session, 331 const USHORT *supported_groups, USHORT supported_group_count, 332 const NX_CRYPTO_METHOD **curves); 333 UINT _nx_secure_dtls_server_ecc_initialize(NX_SECURE_DTLS_SERVER *server_ptr, 334 const USHORT *supported_groups, USHORT supported_group_count, 335 const NX_CRYPTO_METHOD **curves); 336 337 338 /* Error-checking shell API. */ 339 UINT _nxe_secure_dtls_session_create(NX_SECURE_DTLS_SESSION *session_ptr, 340 const NX_SECURE_TLS_CRYPTO *crypto_table, 341 VOID *metadata_buffer, ULONG metadata_size, 342 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size, 343 UINT certs_number, 344 UCHAR *remote_certificate_buffer, ULONG remote_certificate_buffer_size); 345 346 347 UINT _nxe_secure_dtls_session_delete(NX_SECURE_DTLS_SESSION *dtls_session); 348 UINT _nxe_secure_dtls_session_end(NX_SECURE_DTLS_SESSION *dtls_session, UINT wait_option); 349 UINT _nxe_secure_dtls_session_receive(NX_SECURE_DTLS_SESSION *dtls_session, 350 NX_PACKET **packet_ptr_ptr, ULONG wait_option); 351 UINT _nxe_secure_dtls_session_reset(NX_SECURE_DTLS_SESSION *session_ptr); 352 UINT _nxe_secure_dtls_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr, 353 NXD_ADDRESS *ip_address, UINT port); 354 UINT _nxe_secure_dtls_server_session_send(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr); 355 UINT _nxe_secure_dtls_session_start(NX_SECURE_DTLS_SESSION *dtls_session, NX_UDP_SOCKET *udp_socket, 356 UINT is_client, UINT wait_option); 357 358 UINT _nxe_secure_dtls_client_session_start(NX_SECURE_DTLS_SESSION *dtls_session, NX_UDP_SOCKET *udp_socket, NXD_ADDRESS *ip_address, UINT port, UINT wait_option); 359 UINT _nxe_secure_dtls_server_session_start(NX_SECURE_DTLS_SESSION *dtls_session, UINT wait_option); 360 361 UINT _nxe_secure_dtls_server_create(NX_SECURE_DTLS_SERVER *server_ptr, NX_IP *ip_ptr, UINT port, ULONG timeout, 362 VOID *session_buffer, UINT session_buffer_size, 363 const NX_SECURE_TLS_CRYPTO *crypto_table, 364 VOID *crypto_metadata_buffer, ULONG crypto_metadata_size, 365 UCHAR *packet_reassembly_buffer, UINT packet_reassembly_buffer_size, 366 UINT (*connect_notify)(NX_SECURE_DTLS_SESSION *dtls_session, NXD_ADDRESS *ip_address, UINT port), 367 UINT (*receive_notify)(NX_SECURE_DTLS_SESSION *dtls_session)); 368 369 UINT _nxe_secure_dtls_server_delete(NX_SECURE_DTLS_SERVER *server_ptr); 370 371 372 UINT _nxe_secure_dtls_server_local_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr, 373 NX_SECURE_X509_CERT *certificate, UINT cert_id); 374 375 UINT _nxe_secure_dtls_server_local_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr, 376 UCHAR *common_name, UINT common_name_length, UINT cert_id); 377 378 379 UINT _nxe_secure_dtls_server_notify_set(NX_SECURE_DTLS_SERVER *server_ptr, 380 UINT (*disconnect_notify)(NX_SECURE_DTLS_SESSION *dtls_session), 381 UINT (*error_notify)(NX_SECURE_DTLS_SESSION *dtls_session, UINT error_code)); 382 383 UINT _nxe_secure_dtls_server_start(NX_SECURE_DTLS_SERVER *server_ptr); 384 385 UINT _nxe_secure_dtls_server_stop(NX_SECURE_DTLS_SERVER *server_ptr); 386 387 UINT _nxe_secure_dtls_server_trusted_certificate_add(NX_SECURE_DTLS_SERVER *server_ptr, 388 NX_SECURE_X509_CERT *certificate, UINT cert_id); 389 390 391 UINT _nxe_secure_dtls_server_trusted_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr, 392 UCHAR *common_name, UINT common_name_length, UINT cert_id); 393 394 UINT _nxe_secure_dtls_server_psk_add(NX_SECURE_DTLS_SERVER *server_ptr, UCHAR *pre_shared_key, 395 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint, 396 UINT hint_length); 397 398 399 UINT _nxe_secure_dtls_server_x509_client_verify_configure(NX_SECURE_DTLS_SERVER *server_ptr, UINT certs_per_session, 400 UCHAR *certs_buffer, ULONG buffer_size); 401 402 UINT _nxe_secure_dtls_server_x509_client_verify_disable(NX_SECURE_DTLS_SERVER *server_ptr); 403 404 UINT _nxe_secure_dtls_session_client_info_get(NX_SECURE_DTLS_SESSION *dtls_session, 405 NXD_ADDRESS *client_ip_address, UINT *client_port, UINT *local_port); 406 407 UINT _nxe_secure_dtls_packet_allocate(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET_POOL *pool_ptr, 408 NX_PACKET **packet_ptr, ULONG wait_option); 409 410 UINT _nxe_secure_dtls_session_local_certificate_add(NX_SECURE_DTLS_SESSION *dtls_session, 411 NX_SECURE_X509_CERT *certificate, UINT cert_id); 412 UINT _nxe_secure_dtls_session_local_certificate_remove(NX_SECURE_DTLS_SESSION *dtls_session, 413 UCHAR *common_name, UINT common_name_length, UINT cert_id); 414 UINT _nxe_secure_dtls_session_trusted_certificate_add(NX_SECURE_DTLS_SESSION *dtls_session, 415 NX_SECURE_X509_CERT *certificate, UINT cert_id); 416 UINT _nxe_secure_dtls_session_trusted_certificate_remove(NX_SECURE_DTLS_SESSION *dtls_session, 417 UCHAR *common_name, UINT common_name_length, UINT cert_id); 418 UINT _nxe_secure_dtls_psk_add(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *pre_shared_key, 419 UINT psk_length, UCHAR *psk_identity, UINT identity_length, UCHAR *hint, 420 UINT hint_length); 421 UINT _nxe_secure_dtls_client_protocol_version_override(NX_SECURE_DTLS_SESSION *dtls_session, 422 USHORT protocol_version); 423 UINT _nxe_secure_dtls_server_protocol_version_override(NX_SECURE_DTLS_SERVER *dtls_server, 424 USHORT protocol_version); 425 UINT _nxe_secure_dtls_ecc_initialize(NX_SECURE_DTLS_SESSION *dtls_session, 426 const USHORT *supported_groups, USHORT supported_group_count, 427 const NX_CRYPTO_METHOD **curves); 428 UINT _nxe_secure_dtls_server_ecc_initialize(NX_SECURE_DTLS_SERVER *server_ptr, 429 const USHORT *supported_groups, USHORT supported_group_count, 430 const NX_CRYPTO_METHOD **curves); 431 432 433 /* Define internal functions. */ 434 VOID _nx_secure_dtls_receive_callback(NX_UDP_SOCKET *socket_ptr); 435 436 #ifdef NX_SECURE_ENABLE_DTLS 437 438 439 440 UINT _nx_secure_dtls_allocate_handshake_packet(NX_SECURE_DTLS_SESSION *dtls_session, 441 NX_PACKET_POOL *packet_pool, NX_PACKET **packet_ptr, 442 ULONG wait_option); 443 444 UINT _nx_secure_dtls_hash_record(NX_SECURE_DTLS_SESSION *dtls_session, 445 ULONG sequence_num[NX_SECURE_TLS_SEQUENCE_NUMBER_SIZE], 446 UCHAR *header, UINT header_length, UCHAR *data, UINT length, 447 UCHAR *record_hash, UINT *hash_length, UCHAR *mac_secret); 448 449 UINT _nx_secure_dtls_client_handshake(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *packet_buffer, 450 UINT data_length, ULONG wait_option); 451 452 453 UINT _nx_secure_dtls_process_handshake_header(UCHAR *packet_buffer, USHORT *message_type, 454 UINT *header_size, UINT *message_length, 455 UINT *message_seq, UINT *fragment_offset, 456 UINT *fragment_length); 457 458 459 UINT _nx_secure_dtls_process_header(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr, 460 ULONG record_offset, USHORT *message_type, UINT *length, 461 UCHAR *header_data, USHORT *header_length); 462 463 UINT _nx_secure_dtls_session_sliding_window_check(NX_SECURE_DTLS_SESSION *dtls_session, ULONG *sequence_number); 464 UINT _nx_secure_dtls_session_sliding_window_update(NX_SECURE_DTLS_SESSION *dtls_session, ULONG *sequence_number); 465 466 UINT _nx_secure_dtls_process_record(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *packet_ptr, 467 ULONG record_offset, ULONG *bytes_processed, ULONG wait_option); 468 469 470 UINT _nx_secure_dtls_verify_mac(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *header_data, 471 USHORT header_length, UCHAR *data, UINT *length); 472 473 UINT _nx_secure_dtls_send_handshake_record(NX_SECURE_DTLS_SESSION *dtls_session, 474 NX_PACKET *send_packet, UCHAR handshake_type, 475 ULONG wait_option, UINT include_in_finished); 476 477 478 UINT _nx_secure_dtls_send_record(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *send_packet, 479 UCHAR record_type, ULONG wait_option); 480 481 UINT _nx_secure_dtls_server_handshake(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *packet_buffer, 482 UINT data_length, ULONG wait_option); 483 484 485 UINT _nx_secure_dtls_send_clienthello(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *send_packet); 486 UINT _nx_secure_dtls_send_helloverifyrequest(NX_SECURE_DTLS_SESSION *dtls_session, 487 NX_PACKET *send_packet); 488 489 UINT _nx_secure_dtls_process_clienthello(NX_SECURE_DTLS_SESSION *dtls_session, UCHAR *packet_buffer, 490 UINT message_length); 491 UINT _nx_secure_dtls_process_helloverifyrequest(NX_SECURE_DTLS_SESSION *dtls_session, 492 UCHAR *packet_buffer, UINT message_length); 493 UINT _nx_secure_dtls_send_serverhello(NX_SECURE_DTLS_SESSION *dtls_session, NX_PACKET *send_packet); 494 495 VOID _nx_secure_dtls_retransmit_queue_flush(NX_SECURE_DTLS_SESSION *dtls_session); 496 VOID _nx_secure_dtls_retransmit(NX_SECURE_DTLS_SESSION *dtls_session); 497 498 VOID nx_secure_dtls_session_cache_delete(NX_SECURE_DTLS_SERVER *dtls_server, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port); 499 UINT nx_secure_dtls_session_cache_get_new(NX_SECURE_DTLS_SERVER *dtls_server, NX_SECURE_DTLS_SESSION **dtls_session, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port); 500 UINT nx_secure_dtls_session_cache_find(NX_SECURE_DTLS_SERVER *dtls_server, NX_SECURE_DTLS_SESSION **dtls_session, NXD_ADDRESS *ip_address, UINT remote_port, UINT local_port); 501 502 #endif /* NX_SECURE_ENABLE_DTLS */ 503 504 /* DTLS component data declarations follow. */ 505 506 /* Determine if the initialization function of this component is including 507 this file. If so, make the data definitions really happen. Otherwise, 508 make them extern so other functions in the component can access them. */ 509 510 #ifdef NX_SECURE_DTLS_INIT 511 #define DTLS_DECLARE 512 #else 513 #define DTLS_DECLARE extern 514 #endif 515 516 /* Define the head pointer of the created DTLS session and DTLS server list. */ 517 DTLS_DECLARE NX_SECURE_DTLS_SESSION *_nx_secure_dtls_created_ptr; 518 DTLS_DECLARE ULONG _nx_secure_dtls_created_count; 519 DTLS_DECLARE NX_SECURE_DTLS_SERVER *_nx_secure_dtls_server_created_ptr; 520 DTLS_DECLARE ULONG _nx_secure_dtls_server_created_count; 521 522 #ifdef __cplusplus 523 } 524 #endif 525 526 #endif /* SRC_NX_SECURE_DTLS_H_ */ 527 528
