1 /*
2 * Copyright (c) 2023, The OpenThread Authors.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. Neither the name of the copyright holder nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /**
30 * @file
31 * This file implements the OpenThread BLE Secure API.
32 */
33
34 #include "openthread-core-config.h"
35
36 #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
37
38 #include <openthread/ble_secure.h>
39 #include <openthread/platform/ble.h>
40
41 #include "common/as_core_type.hpp"
42 #include "common/code_utils.hpp"
43 #include "instance/instance.hpp"
44 #include "meshcop/tcat_agent.hpp"
45 #include "radio/ble_secure.hpp"
46
47 using namespace ot;
48
otBleSecureStart(otInstance * aInstance,otHandleBleSecureConnect aConnectHandler,otHandleBleSecureReceive aReceiveHandler,bool aTlvMode,void * aContext)49 otError otBleSecureStart(otInstance *aInstance,
50 otHandleBleSecureConnect aConnectHandler,
51 otHandleBleSecureReceive aReceiveHandler,
52 bool aTlvMode,
53 void *aContext)
54 {
55 return AsCoreType(aInstance).Get<Ble::BleSecure>().Start(aConnectHandler, aReceiveHandler, aTlvMode, aContext);
56 }
57
otBleSecureSetTcatVendorInfo(otInstance * aInstance,const otTcatVendorInfo * aVendorInfo)58 otError otBleSecureSetTcatVendorInfo(otInstance *aInstance, const otTcatVendorInfo *aVendorInfo)
59 {
60 return AsCoreType(aInstance).Get<Ble::BleSecure>().TcatSetVendorInfo(AsCoreType(aVendorInfo));
61 }
62
otBleSecureTcatStart(otInstance * aInstance,otHandleTcatJoin aHandler)63 otError otBleSecureTcatStart(otInstance *aInstance, otHandleTcatJoin aHandler)
64 {
65 return AsCoreType(aInstance).Get<Ble::BleSecure>().TcatStart(aHandler);
66 }
67
otBleSecureStop(otInstance * aInstance)68 void otBleSecureStop(otInstance *aInstance) { AsCoreType(aInstance).Get<Ble::BleSecure>().Stop(); }
69
70 #ifdef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
otBleSecureSetPsk(otInstance * aInstance,const uint8_t * aPsk,uint16_t aPskLength,const uint8_t * aPskIdentity,uint16_t aPskIdLength)71 void otBleSecureSetPsk(otInstance *aInstance,
72 const uint8_t *aPsk,
73 uint16_t aPskLength,
74 const uint8_t *aPskIdentity,
75 uint16_t aPskIdLength)
76 {
77 AssertPointerIsNotNull(aPsk);
78 AssertPointerIsNotNull(aPskIdentity);
79 OT_ASSERT(aPskLength != 0 && aPskIdLength != 0);
80
81 AsCoreType(aInstance).Get<Ble::BleSecure>().SetPreSharedKey(aPsk, aPskLength, aPskIdentity, aPskIdLength);
82 }
83 #endif // MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
84
85 #if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
otBleSecureGetPeerCertificateBase64(otInstance * aInstance,unsigned char * aPeerCert,size_t * aCertLength)86 otError otBleSecureGetPeerCertificateBase64(otInstance *aInstance, unsigned char *aPeerCert, size_t *aCertLength)
87 {
88 Error error;
89
90 VerifyOrExit(aCertLength != nullptr, error = kErrorInvalidArgs);
91 error = AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerCertificateBase64(aPeerCert, aCertLength, *aCertLength);
92
93 exit:
94 return error;
95 }
96 #endif
97
98 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
otBleSecureGetPeerSubjectAttributeByOid(otInstance * aInstance,const char * aOid,size_t aOidLength,uint8_t * aAttributeBuffer,size_t * aAttributeLength,int * aAsn1Type)99 otError otBleSecureGetPeerSubjectAttributeByOid(otInstance *aInstance,
100 const char *aOid,
101 size_t aOidLength,
102 uint8_t *aAttributeBuffer,
103 size_t *aAttributeLength,
104 int *aAsn1Type)
105 {
106 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerSubjectAttributeByOid(aOid, aOidLength, aAttributeBuffer,
107 aAttributeLength, aAsn1Type);
108 }
109
otBleSecureGetThreadAttributeFromPeerCertificate(otInstance * aInstance,int aThreadOidDescriptor,uint8_t * aAttributeBuffer,size_t * aAttributeLength)110 otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance *aInstance,
111 int aThreadOidDescriptor,
112 uint8_t *aAttributeBuffer,
113 size_t *aAttributeLength)
114 {
115 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetThreadAttributeFromPeerCertificate(
116 aThreadOidDescriptor, aAttributeBuffer, aAttributeLength);
117 }
118 #endif // defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
119
otBleSecureGetThreadAttributeFromOwnCertificate(otInstance * aInstance,int aThreadOidDescriptor,uint8_t * aAttributeBuffer,size_t * aAttributeLength)120 otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance *aInstance,
121 int aThreadOidDescriptor,
122 uint8_t *aAttributeBuffer,
123 size_t *aAttributeLength)
124 {
125 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetThreadAttributeFromOwnCertificate(
126 aThreadOidDescriptor, aAttributeBuffer, aAttributeLength);
127 }
128
otBleSecureSetSslAuthMode(otInstance * aInstance,bool aVerifyPeerCertificate)129 void otBleSecureSetSslAuthMode(otInstance *aInstance, bool aVerifyPeerCertificate)
130 {
131 AsCoreType(aInstance).Get<Ble::BleSecure>().SetSslAuthMode(aVerifyPeerCertificate);
132 }
133
134 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
otBleSecureSetCertificate(otInstance * aInstance,const uint8_t * aX509Cert,uint32_t aX509Length,const uint8_t * aPrivateKey,uint32_t aPrivateKeyLength)135 void otBleSecureSetCertificate(otInstance *aInstance,
136 const uint8_t *aX509Cert,
137 uint32_t aX509Length,
138 const uint8_t *aPrivateKey,
139 uint32_t aPrivateKeyLength)
140 {
141 OT_ASSERT(aX509Cert != nullptr && aX509Length != 0 && aPrivateKey != nullptr && aPrivateKeyLength != 0);
142
143 AsCoreType(aInstance).Get<Ble::BleSecure>().SetCertificate(aX509Cert, aX509Length, aPrivateKey, aPrivateKeyLength);
144 }
145
otBleSecureSetCaCertificateChain(otInstance * aInstance,const uint8_t * aX509CaCertificateChain,uint32_t aX509CaCertChainLength)146 void otBleSecureSetCaCertificateChain(otInstance *aInstance,
147 const uint8_t *aX509CaCertificateChain,
148 uint32_t aX509CaCertChainLength)
149 {
150 OT_ASSERT(aX509CaCertificateChain != nullptr && aX509CaCertChainLength != 0);
151
152 AsCoreType(aInstance).Get<Ble::BleSecure>().SetCaCertificateChain(aX509CaCertificateChain, aX509CaCertChainLength);
153 }
154 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
155
otBleSecureConnect(otInstance * aInstance)156 otError otBleSecureConnect(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().Connect(); }
157
otBleSecureDisconnect(otInstance * aInstance)158 void otBleSecureDisconnect(otInstance *aInstance) { AsCoreType(aInstance).Get<Ble::BleSecure>().Disconnect(); }
159
otBleSecureIsConnectionActive(otInstance * aInstance)160 bool otBleSecureIsConnectionActive(otInstance *aInstance)
161 {
162 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsConnectionActive();
163 }
164
otBleSecureIsConnected(otInstance * aInstance)165 bool otBleSecureIsConnected(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().IsConnected(); }
166
otBleSecureIsTcatEnabled(otInstance * aInstance)167 bool otBleSecureIsTcatEnabled(otInstance *aInstance)
168 {
169 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsTcatEnabled();
170 }
171
otBleSecureIsCommandClassAuthorized(otInstance * aInstance,otTcatCommandClass aCommandClass)172 bool otBleSecureIsCommandClassAuthorized(otInstance *aInstance, otTcatCommandClass aCommandClass)
173 {
174 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsCommandClassAuthorized(
175 static_cast<Ble::BleSecure::CommandClass>(aCommandClass));
176 }
177
otBleSecureSendMessage(otInstance * aInstance,otMessage * aMessage)178 otError otBleSecureSendMessage(otInstance *aInstance, otMessage *aMessage)
179 {
180 return AsCoreType(aInstance).Get<Ble::BleSecure>().SendMessage(AsCoreType(aMessage));
181 }
182
otBleSecureSend(otInstance * aInstance,uint8_t * aBuf,uint16_t aLength)183 otError otBleSecureSend(otInstance *aInstance, uint8_t *aBuf, uint16_t aLength)
184 {
185 return AsCoreType(aInstance).Get<Ble::BleSecure>().Send(aBuf, aLength);
186 }
187
otBleSecureSendApplicationTlv(otInstance * aInstance,uint8_t * aBuf,uint16_t aLength)188 otError otBleSecureSendApplicationTlv(otInstance *aInstance, uint8_t *aBuf, uint16_t aLength)
189 {
190 return AsCoreType(aInstance).Get<Ble::BleSecure>().SendApplicationTlv(aBuf, aLength);
191 }
192
otBleSecureFlush(otInstance * aInstance)193 otError otBleSecureFlush(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().Flush(); }
194
otBleSecureGetInstallCodeVerifyStatus(otInstance * aInstance)195 bool otBleSecureGetInstallCodeVerifyStatus(otInstance *aInstance)
196 {
197 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetInstallCodeVerifyStatus();
198 }
199
200 #endif // OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
201
