1 /*
2 * Copyright (c) 2023, The OpenThread Authors.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. Neither the name of the copyright holder nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /**
30 * @file
31 * This file implements the OpenThread BLE Secure API.
32 */
33
34 #include "openthread-core-config.h"
35
36 #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
37
38 #include <openthread/ble_secure.h>
39 #include <openthread/platform/ble.h>
40
41 #include "common/as_core_type.hpp"
42 #include "common/code_utils.hpp"
43 #include "common/locator_getters.hpp"
44 #include "meshcop/tcat_agent.hpp"
45 #include "radio/ble_secure.hpp"
46
47 using namespace ot;
48
otBleSecureStart(otInstance * aInstance,otHandleBleSecureConnect aConnectHandler,otHandleBleSecureReceive aReceiveHandler,bool aTlvMode,void * aContext)49 otError otBleSecureStart(otInstance *aInstance,
50 otHandleBleSecureConnect aConnectHandler,
51 otHandleBleSecureReceive aReceiveHandler,
52 bool aTlvMode,
53 void *aContext)
54 {
55 return AsCoreType(aInstance).Get<Ble::BleSecure>().Start(aConnectHandler, aReceiveHandler, aTlvMode, aContext);
56 }
57
otBleSecureSetTcatVendorInfo(otInstance * aInstance,const otTcatVendorInfo * aVendorInfo)58 otError otBleSecureSetTcatVendorInfo(otInstance *aInstance, const otTcatVendorInfo *aVendorInfo)
59 {
60 return AsCoreType(aInstance).Get<Ble::BleSecure>().TcatSetVendorInfo(AsCoreType(aVendorInfo));
61 }
62
otBleSecureTcatStart(otInstance * aInstance,otHandleTcatJoin aHandler)63 otError otBleSecureTcatStart(otInstance *aInstance, otHandleTcatJoin aHandler)
64 {
65 return AsCoreType(aInstance).Get<Ble::BleSecure>().TcatStart(aHandler);
66 }
67
otBleSecureStop(otInstance * aInstance)68 void otBleSecureStop(otInstance *aInstance) { AsCoreType(aInstance).Get<Ble::BleSecure>().Stop(); }
69
70 #ifdef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
otBleSecureSetPsk(otInstance * aInstance,const uint8_t * aPsk,uint16_t aPskLength,const uint8_t * aPskIdentity,uint16_t aPskIdLength)71 void otBleSecureSetPsk(otInstance *aInstance,
72 const uint8_t *aPsk,
73 uint16_t aPskLength,
74 const uint8_t *aPskIdentity,
75 uint16_t aPskIdLength)
76 {
77 AssertPointerIsNotNull(aPsk);
78 AssertPointerIsNotNull(aPskIdentity);
79 OT_ASSERT(aPskLength != 0 && aPskIdLength != 0);
80
81 AsCoreType(aInstance).Get<Ble::BleSecure>().SetPreSharedKey(aPsk, aPskLength, aPskIdentity, aPskIdLength);
82 }
83 #endif // MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
84
85 #if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
otBleSecureGetPeerCertificateBase64(otInstance * aInstance,unsigned char * aPeerCert,size_t * aCertLength)86 otError otBleSecureGetPeerCertificateBase64(otInstance *aInstance, unsigned char *aPeerCert, size_t *aCertLength)
87 {
88 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerCertificateBase64(aPeerCert, aCertLength);
89 }
90 #endif // defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
91
92 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
otBleSecureGetPeerSubjectAttributeByOid(otInstance * aInstance,const char * aOid,size_t aOidLength,uint8_t * aAttributeBuffer,size_t * aAttributeLength,int * aAsn1Type)93 otError otBleSecureGetPeerSubjectAttributeByOid(otInstance *aInstance,
94 const char *aOid,
95 size_t aOidLength,
96 uint8_t *aAttributeBuffer,
97 size_t *aAttributeLength,
98 int *aAsn1Type)
99 {
100 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerSubjectAttributeByOid(aOid, aOidLength, aAttributeBuffer,
101 aAttributeLength, aAsn1Type);
102 }
103
otBleSecureGetThreadAttributeFromPeerCertificate(otInstance * aInstance,int aThreadOidDescriptor,uint8_t * aAttributeBuffer,size_t * aAttributeLength)104 otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance *aInstance,
105 int aThreadOidDescriptor,
106 uint8_t *aAttributeBuffer,
107 size_t *aAttributeLength)
108 {
109 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetThreadAttributeFromPeerCertificate(
110 aThreadOidDescriptor, aAttributeBuffer, aAttributeLength);
111 }
112 #endif // defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
113
otBleSecureGetThreadAttributeFromOwnCertificate(otInstance * aInstance,int aThreadOidDescriptor,uint8_t * aAttributeBuffer,size_t * aAttributeLength)114 otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance *aInstance,
115 int aThreadOidDescriptor,
116 uint8_t *aAttributeBuffer,
117 size_t *aAttributeLength)
118 {
119 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetThreadAttributeFromOwnCertificate(
120 aThreadOidDescriptor, aAttributeBuffer, aAttributeLength);
121 }
122
otBleSecureSetSslAuthMode(otInstance * aInstance,bool aVerifyPeerCertificate)123 void otBleSecureSetSslAuthMode(otInstance *aInstance, bool aVerifyPeerCertificate)
124 {
125 AsCoreType(aInstance).Get<Ble::BleSecure>().SetSslAuthMode(aVerifyPeerCertificate);
126 }
127
128 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
otBleSecureSetCertificate(otInstance * aInstance,const uint8_t * aX509Cert,uint32_t aX509Length,const uint8_t * aPrivateKey,uint32_t aPrivateKeyLength)129 void otBleSecureSetCertificate(otInstance *aInstance,
130 const uint8_t *aX509Cert,
131 uint32_t aX509Length,
132 const uint8_t *aPrivateKey,
133 uint32_t aPrivateKeyLength)
134 {
135 OT_ASSERT(aX509Cert != nullptr && aX509Length != 0 && aPrivateKey != nullptr && aPrivateKeyLength != 0);
136
137 AsCoreType(aInstance).Get<Ble::BleSecure>().SetCertificate(aX509Cert, aX509Length, aPrivateKey, aPrivateKeyLength);
138 }
139
otBleSecureSetCaCertificateChain(otInstance * aInstance,const uint8_t * aX509CaCertificateChain,uint32_t aX509CaCertChainLength)140 void otBleSecureSetCaCertificateChain(otInstance *aInstance,
141 const uint8_t *aX509CaCertificateChain,
142 uint32_t aX509CaCertChainLength)
143 {
144 OT_ASSERT(aX509CaCertificateChain != nullptr && aX509CaCertChainLength != 0);
145
146 AsCoreType(aInstance).Get<Ble::BleSecure>().SetCaCertificateChain(aX509CaCertificateChain, aX509CaCertChainLength);
147 }
148 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
149
otBleSecureConnect(otInstance * aInstance)150 otError otBleSecureConnect(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().Connect(); }
151
otBleSecureDisconnect(otInstance * aInstance)152 void otBleSecureDisconnect(otInstance *aInstance) { AsCoreType(aInstance).Get<Ble::BleSecure>().Disconnect(); }
153
otBleSecureIsConnectionActive(otInstance * aInstance)154 bool otBleSecureIsConnectionActive(otInstance *aInstance)
155 {
156 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsConnectionActive();
157 }
158
otBleSecureIsConnected(otInstance * aInstance)159 bool otBleSecureIsConnected(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().IsConnected(); }
160
otBleSecureIsTcatEnabled(otInstance * aInstance)161 bool otBleSecureIsTcatEnabled(otInstance *aInstance)
162 {
163 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsTcatEnabled();
164 }
165
otBleSecureIsCommandClassAuthorized(otInstance * aInstance,otTcatCommandClass aCommandClass)166 bool otBleSecureIsCommandClassAuthorized(otInstance *aInstance, otTcatCommandClass aCommandClass)
167 {
168 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsCommandClassAuthorized(
169 static_cast<Ble::BleSecure::CommandClass>(aCommandClass));
170 }
171
otBleSecureSendMessage(otInstance * aInstance,otMessage * aMessage)172 otError otBleSecureSendMessage(otInstance *aInstance, otMessage *aMessage)
173 {
174 return AsCoreType(aInstance).Get<Ble::BleSecure>().SendMessage(AsCoreType(aMessage));
175 }
176
otBleSecureSend(otInstance * aInstance,uint8_t * aBuf,uint16_t aLength)177 otError otBleSecureSend(otInstance *aInstance, uint8_t *aBuf, uint16_t aLength)
178 {
179 return AsCoreType(aInstance).Get<Ble::BleSecure>().Send(aBuf, aLength);
180 }
181
otBleSecureSendApplicationTlv(otInstance * aInstance,uint8_t * aBuf,uint16_t aLength)182 otError otBleSecureSendApplicationTlv(otInstance *aInstance, uint8_t *aBuf, uint16_t aLength)
183 {
184 return AsCoreType(aInstance).Get<Ble::BleSecure>().SendApplicationTlv(aBuf, aLength);
185 }
186
otBleSecureFlush(otInstance * aInstance)187 otError otBleSecureFlush(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().Flush(); }
188
189 #endif // OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
190
