1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_tls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_tls_process_client_key_exchange PORTABLE C */
31 /* 6.2.0 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function processes an incoming ClientKeyExchange message, */
39 /* which contains the encrypted Pre-Master Secret. This function */
40 /* decrypts the Pre-Master Secret and saves it in the TLS session */
41 /* control block for use in generating session key material later. */
42 /* */
43 /* INPUT */
44 /* */
45 /* tls_session TLS control block */
46 /* packet_buffer Pointer to message data */
47 /* message_length Length of message data (bytes)*/
48 /* id TLS or DTLS */
49 /* */
50 /* OUTPUT */
51 /* */
52 /* status Completion status */
53 /* */
54 /* CALLS */
55 /* */
56 /* [nx_secure_process_client_key_exchange] */
57 /* Process ClientKeyExchange */
58 /* */
59 /* CALLED BY */
60 /* */
61 /* _nx_secure_dtls_server_handshake DTLS server state machine */
62 /* _nx_secure_tls_server_handshake TLS server state machine */
63 /* */
64 /* RELEASE HISTORY */
65 /* */
66 /* DATE NAME DESCRIPTION */
67 /* */
68 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
69 /* 09-30-2020 Timothy Stapko Modified comment(s), update */
70 /* ECC find curve method, */
71 /* verified memcpy use cases, */
72 /* resulting in version 6.1 */
73 /* 06-02-2021 Timothy Stapko Modified comment(s), */
74 /* supported hardware EC */
75 /* private key, */
76 /* resulting in version 6.1.7 */
77 /* 07-29-2022 Yuxin Zhou Modified comment(s), improved */
78 /* buffer length verification, */
79 /* resulting in version 6.1.12 */
80 /* 10-31-2022 Yanwu Cai Modified comment(s), added */
81 /* custom secret generation, */
82 /* resulting in version 6.2.0 */
83 /* */
84 /**************************************************************************/
_nx_secure_tls_process_client_key_exchange(NX_SECURE_TLS_SESSION * tls_session,UCHAR * packet_buffer,UINT message_length,UINT id)85 UINT _nx_secure_tls_process_client_key_exchange(NX_SECURE_TLS_SESSION *tls_session,
86 UCHAR *packet_buffer, UINT message_length, UINT id)
87 {
88 #ifndef NX_SECURE_TLS_SERVER_DISABLED
89 UINT status;
90
91 NX_PARAMETER_NOT_USED(id);
92
93 if (tls_session -> nx_secure_tls_session_ciphersuite == NX_NULL)
94 {
95
96 /* Likely internal error since at this point ciphersuite negotiation was theoretically completed. */
97 return(NX_SECURE_TLS_UNKNOWN_CIPHERSUITE);
98 }
99
100 #ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
101 /* Process key material. The contents of the handshake record differ according to the
102 ciphersuite chosen in the Client/Server Hello negotiation. */
103 status = tls_session -> nx_secure_process_client_key_exchange(tls_session -> nx_secure_tls_session_ciphersuite, tls_session -> nx_secure_tls_protocol_version,
104 packet_buffer, message_length, &tls_session -> nx_secure_tls_received_remote_credentials, &tls_session -> nx_secure_tls_key_material,
105 &tls_session -> nx_secure_tls_credentials, tls_session -> nx_secure_public_cipher_metadata_area,
106 tls_session -> nx_secure_public_cipher_metadata_size,
107 tls_session -> nx_secure_public_auth_metadata_area,
108 tls_session -> nx_secure_public_auth_metadata_size,
109 &tls_session -> nx_secure_tls_ecc);
110
111 #else
112
113 /* Process key material. The contents of the handshake record differ according to the
114 ciphersuite chosen in the Client/Server Hello negotiation. */
115 status = tls_session -> nx_secure_process_client_key_exchange(tls_session -> nx_secure_tls_session_ciphersuite, tls_session -> nx_secure_tls_protocol_version,
116 packet_buffer, message_length, &tls_session -> nx_secure_tls_received_remote_credentials, &tls_session -> nx_secure_tls_key_material,
117 &tls_session -> nx_secure_tls_credentials, tls_session -> nx_secure_public_cipher_metadata_area,
118 tls_session -> nx_secure_public_cipher_metadata_size,
119 tls_session -> nx_secure_public_auth_metadata_area,
120 tls_session -> nx_secure_public_auth_metadata_size,
121 NX_NULL);
122 #endif
123
124 return(status);
125
126 #else
127
128 NX_PARAMETER_NOT_USED(packet_buffer);
129 NX_PARAMETER_NOT_USED(message_length);
130 NX_PARAMETER_NOT_USED(id);
131
132 /* If TLS Server is disabled and we have processed a ClientKeyExchange, something is wrong... */
133 tls_session -> nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_ERROR;
134 return(NX_SECURE_TLS_INVALID_STATE);
135
136 #endif
137 }
138
139