1 /*
2 * Copyright (c) 2023, The OpenThread Authors.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. Neither the name of the copyright holder nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /**
30 * @file
31 * This file implements the OpenThread BLE Secure API.
32 */
33
34 #include "openthread-core-config.h"
35
36 #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
37
38 #include <openthread/ble_secure.h>
39 #include <openthread/platform/ble.h>
40
41 #include "common/as_core_type.hpp"
42 #include "common/code_utils.hpp"
43 #include "common/locator_getters.hpp"
44 #include "meshcop/tcat_agent.hpp"
45 #include "radio/ble_secure.hpp"
46
47 using namespace ot;
48
otBleSecureStart(otInstance * aInstance,otHandleBleSecureConnect aConnectHandler,otHandleBleSecureReceive aReceiveHandler,bool aTlvMode,void * aContext)49 otError otBleSecureStart(otInstance *aInstance,
50 otHandleBleSecureConnect aConnectHandler,
51 otHandleBleSecureReceive aReceiveHandler,
52 bool aTlvMode,
53 void *aContext)
54 {
55 return AsCoreType(aInstance).Get<Ble::BleSecure>().Start(aConnectHandler, aReceiveHandler, aTlvMode, aContext);
56 }
57
otBleSecureTcatStart(otInstance * aInstance,const otTcatVendorInfo * aVendorInfo,otHandleTcatJoin aHandler)58 otError otBleSecureTcatStart(otInstance *aInstance, const otTcatVendorInfo *aVendorInfo, otHandleTcatJoin aHandler)
59 {
60 return AsCoreType(aInstance).Get<Ble::BleSecure>().TcatStart(AsCoreType(aVendorInfo), aHandler);
61 }
62
otBleSecureStop(otInstance * aInstance)63 void otBleSecureStop(otInstance *aInstance) { AsCoreType(aInstance).Get<Ble::BleSecure>().Stop(); }
64
65 #ifdef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
otBleSecureSetPsk(otInstance * aInstance,const uint8_t * aPsk,uint16_t aPskLength,const uint8_t * aPskIdentity,uint16_t aPskIdLength)66 void otBleSecureSetPsk(otInstance *aInstance,
67 const uint8_t *aPsk,
68 uint16_t aPskLength,
69 const uint8_t *aPskIdentity,
70 uint16_t aPskIdLength)
71 {
72 AssertPointerIsNotNull(aPsk);
73 AssertPointerIsNotNull(aPskIdentity);
74 OT_ASSERT(aPskLength != 0 && aPskIdLength != 0);
75
76 AsCoreType(aInstance).Get<Ble::BleSecure>().SetPreSharedKey(aPsk, aPskLength, aPskIdentity, aPskIdLength);
77 }
78 #endif // MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
79
80 #if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
otBleSecureGetPeerCertificateBase64(otInstance * aInstance,unsigned char * aPeerCert,size_t * aCertLength)81 otError otBleSecureGetPeerCertificateBase64(otInstance *aInstance, unsigned char *aPeerCert, size_t *aCertLength)
82 {
83 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerCertificateBase64(aPeerCert, aCertLength);
84 }
85 #endif // defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
86
87 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
otBleSecureGetPeerSubjectAttributeByOid(otInstance * aInstance,const char * aOid,size_t aOidLength,uint8_t * aAttributeBuffer,size_t * aAttributeLength,int * aAsn1Type)88 otError otBleSecureGetPeerSubjectAttributeByOid(otInstance *aInstance,
89 const char *aOid,
90 size_t aOidLength,
91 uint8_t *aAttributeBuffer,
92 size_t *aAttributeLength,
93 int *aAsn1Type)
94 {
95 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerSubjectAttributeByOid(aOid, aOidLength, aAttributeBuffer,
96 aAttributeLength, aAsn1Type);
97 }
98
otBleSecureGetThreadAttributeFromPeerCertificate(otInstance * aInstance,int aThreadOidDescriptor,uint8_t * aAttributeBuffer,size_t * aAttributeLength)99 otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance *aInstance,
100 int aThreadOidDescriptor,
101 uint8_t *aAttributeBuffer,
102 size_t *aAttributeLength)
103 {
104 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetThreadAttributeFromPeerCertificate(
105 aThreadOidDescriptor, aAttributeBuffer, aAttributeLength);
106 }
107 #endif // defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
108
otBleSecureGetThreadAttributeFromOwnCertificate(otInstance * aInstance,int aThreadOidDescriptor,uint8_t * aAttributeBuffer,size_t * aAttributeLength)109 otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance *aInstance,
110 int aThreadOidDescriptor,
111 uint8_t *aAttributeBuffer,
112 size_t *aAttributeLength)
113 {
114 return AsCoreType(aInstance).Get<Ble::BleSecure>().GetThreadAttributeFromOwnCertificate(
115 aThreadOidDescriptor, aAttributeBuffer, aAttributeLength);
116 }
117
otBleSecureSetSslAuthMode(otInstance * aInstance,bool aVerifyPeerCertificate)118 void otBleSecureSetSslAuthMode(otInstance *aInstance, bool aVerifyPeerCertificate)
119 {
120 AsCoreType(aInstance).Get<Ble::BleSecure>().SetSslAuthMode(aVerifyPeerCertificate);
121 }
122
123 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
otBleSecureSetCertificate(otInstance * aInstance,const uint8_t * aX509Cert,uint32_t aX509Length,const uint8_t * aPrivateKey,uint32_t aPrivateKeyLength)124 void otBleSecureSetCertificate(otInstance *aInstance,
125 const uint8_t *aX509Cert,
126 uint32_t aX509Length,
127 const uint8_t *aPrivateKey,
128 uint32_t aPrivateKeyLength)
129 {
130 OT_ASSERT(aX509Cert != nullptr && aX509Length != 0 && aPrivateKey != nullptr && aPrivateKeyLength != 0);
131
132 AsCoreType(aInstance).Get<Ble::BleSecure>().SetCertificate(aX509Cert, aX509Length, aPrivateKey, aPrivateKeyLength);
133 }
134
otBleSecureSetCaCertificateChain(otInstance * aInstance,const uint8_t * aX509CaCertificateChain,uint32_t aX509CaCertChainLength)135 void otBleSecureSetCaCertificateChain(otInstance *aInstance,
136 const uint8_t *aX509CaCertificateChain,
137 uint32_t aX509CaCertChainLength)
138 {
139 OT_ASSERT(aX509CaCertificateChain != nullptr && aX509CaCertChainLength != 0);
140
141 AsCoreType(aInstance).Get<Ble::BleSecure>().SetCaCertificateChain(aX509CaCertificateChain, aX509CaCertChainLength);
142 }
143 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
144
otBleSecureConnect(otInstance * aInstance)145 otError otBleSecureConnect(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().Connect(); }
146
otBleSecureDisconnect(otInstance * aInstance)147 void otBleSecureDisconnect(otInstance *aInstance) { AsCoreType(aInstance).Get<Ble::BleSecure>().Disconnect(); }
148
otBleSecureIsConnectionActive(otInstance * aInstance)149 bool otBleSecureIsConnectionActive(otInstance *aInstance)
150 {
151 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsConnectionActive();
152 }
153
otBleSecureIsConnected(otInstance * aInstance)154 bool otBleSecureIsConnected(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().IsConnected(); }
155
otBleSecureIsTcatEnabled(otInstance * aInstance)156 bool otBleSecureIsTcatEnabled(otInstance *aInstance)
157 {
158 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsTcatEnabled();
159 }
160
otBleSecureIsCommandClassAuthorized(otInstance * aInstance,otTcatCommandClass aCommandClass)161 bool otBleSecureIsCommandClassAuthorized(otInstance *aInstance, otTcatCommandClass aCommandClass)
162 {
163 return AsCoreType(aInstance).Get<Ble::BleSecure>().IsCommandClassAuthorized(
164 static_cast<Ble::BleSecure::CommandClass>(aCommandClass));
165 }
166
otBleSecureSendMessage(otInstance * aInstance,otMessage * aMessage)167 otError otBleSecureSendMessage(otInstance *aInstance, otMessage *aMessage)
168 {
169 return AsCoreType(aInstance).Get<Ble::BleSecure>().SendMessage(AsCoreType(aMessage));
170 }
171
otBleSecureSend(otInstance * aInstance,uint8_t * aBuf,uint16_t aLength)172 otError otBleSecureSend(otInstance *aInstance, uint8_t *aBuf, uint16_t aLength)
173 {
174 return AsCoreType(aInstance).Get<Ble::BleSecure>().Send(aBuf, aLength);
175 }
176
otBleSecureSendApplicationTlv(otInstance * aInstance,uint8_t * aBuf,uint16_t aLength)177 otError otBleSecureSendApplicationTlv(otInstance *aInstance, uint8_t *aBuf, uint16_t aLength)
178 {
179 return AsCoreType(aInstance).Get<Ble::BleSecure>().SendApplicationTlv(aBuf, aLength);
180 }
181
otBleSecureFlush(otInstance * aInstance)182 otError otBleSecureFlush(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().Flush(); }
183
184 #endif // OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
185
