1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
22 #include "iotivity_config.h"
28 #include "ca_adapter_net_ssl.h"
30 #include "caipinterface.h"
31 #include "oic_malloc.h"
33 #include "byte_array.h"
37 // headers required for mbed TLS
38 #include "mbedtls/platform.h"
39 #include "mbedtls/ssl.h"
40 #include "mbedtls/entropy.h"
41 #include "mbedtls/ctr_drbg.h"
42 #include "mbedtls/pkcs12.h"
43 #include "mbedtls/ssl_internal.h"
44 #include "mbedtls/net_sockets.h"
46 #include "mbedtls/timing.h"
47 #include "mbedtls/ssl_cookie.h"
50 #if !defined(NDEBUG) || defined(TB_LOG)
51 #include "mbedtls/debug.h"
52 #include "mbedtls/version.h"
55 #ifdef HAVE_SYS_TYPES_H
56 #include <sys/types.h>
58 #ifdef HAVE_SYS_STAT_H
70 * @def MBED_TLS_VERSION_LEN
71 * @brief mbedTLS version string length
73 #define MBED_TLS_VERSION_LEN (16)
75 * @def PERSONALIZATION_STRING
76 * @brief Personalization string for the mbedtls RNG
78 #define PERSONALIZATION_STRING "IOTIVITY_RND"
81 * @brief uuid prefix in certificate subject field
83 #define UUID_PREFIX "uuid:"
86 * @brief userid prefix in certificate alternative subject name field
88 #define USERID_PREFIX "userid:"
92 * @brief Logging tag for module name
94 #define NET_SSL_TAG "OIC_CA_NET_SSL"
97 * @brief Logging tag for mbedTLS library
99 #define MBED_TLS_TAG "MBED_TLS"
101 * @def MMBED_TLS_DEBUG_LEVEL
102 * @brief Logging level for mbedTLS library
104 #define MBED_TLS_DEBUG_LEVEL (4)
107 * @def TLS_MSG_BUF_LEN
108 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
111 #define TLS_MSG_BUF_LEN (16384)
114 * @brief PSK keys max length
116 #define PSK_LENGTH (256/8)
118 * @def UUID_LENGTHPSK_LENGTH
119 * @brief Identity max length
121 #define UUID_LENGTH (128/8)
123 * @def MASTER_SECRET_LEN
124 * @brief TLS master secret length
126 #define MASTER_SECRET_LEN (48)
129 * @brief TLS client and server random bytes length
131 #define RANDOM_LEN (32)
133 * @def SHA384_MAC_KEY_LENGTH
134 * @brief MAC key length for SHA384 cipher suites
136 #define SHA384_MAC_KEY_LENGTH (48)
138 * @def SHA256_MAC_KEY_LENGTH
139 * @brief MAC key length for SHA256 cipher suites
141 #define SHA256_MAC_KEY_LENGTH (32)
143 * @def CCM_MAC_KEY_LENGTH
144 * @brief MAC key length for CCM cipher suites
146 #define CCM_MAC_KEY_LENGTH (0)
148 * @def AES256_KEY_LENGTH
149 * @brief key material length for AES256 cipher suites
151 #define AES256_KEY_LENGTH (32)
153 * @def AES128_KEY_LENGTH
154 * @brief key material length for AES128 cipher suites
156 #define AES128_KEY_LENGTH (16)
159 * @brief length of nonce for GCM cipher suites
161 #define GCM_IV_LENGTH (12)
164 * @brief length of nonce for CCM cipher suites
166 #define CCM_IV_LENGTH (4)
169 * @brief length of nonce for CBC cipher suites
171 #define CBC_IV_LENGTH (0)
174 * @var RETRANSMISSION_TIME
175 * @brief Maximum timeout value (in seconds) to start DTLS retransmission.
177 #define RETRANSMISSION_TIME 1
179 /**@def SSL_CLOSE_NOTIFY(peer, ret)
181 * Notifies of existing \a peer about closing TLS connection.
183 * @param[in] peer remote peer
184 * @param[in] ret used internaly
186 #define SSL_CLOSE_NOTIFY(peer, ret) \
189 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
190 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
192 /**@def SSL_RES(peer, status)
194 * Sets SSL result for callback.
196 * @param[in] peer remote peer
198 #define SSL_RES(peer, status) \
201 CAErrorInfo_t errorInfo; \
202 errorInfo.result = (status); \
203 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
205 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
207 * Checks handshake result and send alert if needed.
209 * @param[in] peer remote peer
210 * @param[in] ret error code
211 * @param[in] str debug string
212 * @param[in] mutex ca mutex
213 * @param[in] if code does not equal to -1 returns error code
214 * @param[in] msg allert message
216 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
217 if (0 != (ret) && MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) && \
218 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
219 MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
220 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
221 MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) && \
222 MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) && \
223 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) && \
224 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) && \
225 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) && \
226 MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) && \
227 MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) && \
228 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) && \
229 MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) && \
230 MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) && \
231 MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) && \
232 MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) && \
233 MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) && \
234 MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) && \
235 MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret)) \
237 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
238 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret)) \
240 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
242 SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE); \
243 RemovePeerFromList(&(peer)->sep.endpoint); \
246 oc_mutex_unlock(g_sslContextMutex); \
248 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
254 /**@def CONF_SSL(clientConf, serverConf, fn, ...)
256 * Calls \a fn for \a clientConf and \a serverConf.
259 #define CONF_SSL(clientConf, serverConf, fn, ...) do { \
260 fn((clientConf), __VA_ARGS__); \
261 fn((serverConf), __VA_ARGS__); \
264 /** @def CHECK_MBEDTLS_RET(f, ...)
265 * A macro that checks \a f function return code
267 * If function returns error code it goes to error processing.
269 * **IMPORTANT:** Any time CHECK_MBEDTLS_RET is used an `exit:` goto label must
270 * be present to handle error processing.
272 * @param[in] f Function to call
274 #define CHECK_MBEDTLS_RET(f, ...) do { \
275 int ret = (f)(__VA_ARGS__); \
277 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
283 SSL_RSA_WITH_AES_256_CBC_SHA256,
284 SSL_RSA_WITH_AES_128_GCM_SHA256,
285 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
286 SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
287 SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
288 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
289 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
290 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
291 SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
292 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
293 SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
299 ADAPTER_CURVE_SECP256R1,
303 static const int tlsCipher[SSL_CIPHER_MAX][2] =
305 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
306 {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
307 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
308 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
309 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
310 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
311 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
312 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
313 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
314 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
315 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
318 static int g_cipherSuitesList[SSL_CIPHER_MAX];
320 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
322 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
325 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
332 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
333 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
334 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
335 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
336 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
337 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
338 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
339 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
340 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
341 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
342 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
343 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
344 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
345 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
346 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
347 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
348 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
349 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
350 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
351 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
352 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
356 static int GetAlertCode(uint32_t flags)
358 const CrtVerifyAlert_t *cur;
360 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
362 if (flags & cur->code)
370 #if !defined(NDEBUG) || defined(TB_LOG)
372 * Pass a message to the OIC logger.
374 * @param[in] ctx opaque context for the callback
375 * @param[in] level debug level
376 * @param[in] file file name
377 * @param[in] line line number
378 * @param[in] str message
380 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
387 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
392 * structure to holds the information of cache message and address info.
394 typedef ByteArray_t SslCacheMessage_t;
398 * Data structure for holding the send and recv callbacks.
400 typedef struct TlsCallBacks
402 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
403 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
407 * Data structure for holding the mbedTLS interface related info.
409 typedef struct SslContext
411 u_arraylist_t *peerList; /**< peer list which holds the mapping between
412 peer id, it's n/w address and mbedTLS context. */
413 mbedtls_entropy_context entropy;
414 mbedtls_ctr_drbg_context rnd;
416 mbedtls_x509_crt crt;
417 mbedtls_pk_context pkey;
419 mbedtls_ssl_config clientTlsConf;
420 mbedtls_ssl_config serverTlsConf;
421 mbedtls_ssl_config clientDtlsConf;
422 mbedtls_ssl_config serverDtlsConf;
425 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
426 mbedtls_x509_crl crl;
437 * @var g_caSslContext
438 * @brief global context which holds tls context and cache list information.
440 static SslContext_t * g_caSslContext = NULL;
443 * @var g_getCredentialsCallback
444 * @brief callback to get TLS credentials (same as for DTLS)
446 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
448 * @var g_getCerdentilTypesCallback
449 * @brief callback to get different credential types from SRM
451 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
453 * @var g_getPkixInfoCallback
455 * @brief callback to get X.509-based Public Key Infrastructure
457 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
460 * @var g_dtlsContextMutex
461 * @brief Mutex to synchronize access to g_caSslContext.
463 static oc_mutex g_sslContextMutex = NULL;
467 * @brief callback to deliver the TLS handshake result
469 static CAErrorCallback g_sslCallback = NULL;
472 * Data structure for holding the data to be received.
474 typedef struct SslRecBuf
481 * Data structure for holding the data related to endpoint
484 typedef struct SslEndPoint
486 mbedtls_ssl_context ssl;
487 CASecureEndpoint_t sep;
488 u_arraylist_t * cacheList;
490 uint8_t master[MASTER_SECRET_LEN];
491 uint8_t random[2*RANDOM_LEN];
493 mbedtls_ssl_cookie_ctx cookieCtx;
494 mbedtls_timing_delay_context timer;
495 #endif // __WITH_DTLS__
498 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
500 // TODO Does this method needs protection of tlsContextMutex?
501 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
502 g_getCredentialsCallback = credCallback;
503 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
506 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
508 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
509 g_getPkixInfoCallback = infoCallback;
510 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
512 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
514 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
515 g_getCredentialTypesCallback = credTypesCallback;
516 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
519 static int GetAdapterIndex(CATransportAdapter_t adapter)
527 case CA_ADAPTER_GATT_BTLE:
530 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
537 * @param[in] tep TLS endpoint
538 * @param[in] data message
539 * @param[in] dataLen message length
541 * @return message length or -1 on error.
543 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
545 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
546 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", -1);
547 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", -1);
548 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
549 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
551 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
552 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
554 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
555 sentLen = sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, dataLen);
556 if (sentLen != dataLen)
558 OIC_LOG_V(DEBUG, NET_SSL_TAG,
559 "Packet was partially sent - total/sent/remained bytes : %d/%d/%d",
560 sentLen, dataLen, (dataLen - sentLen));
565 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
569 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
575 * @param[in] tep TLS endpoint
576 * @param[in] data message
577 * @param[in] dataLen message length
579 * @return read length
581 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
583 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
584 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
585 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
587 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
588 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
589 retLen = (retLen < dataLen ? retLen : dataLen);
591 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
592 recBuf->loaded += retLen;
594 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
599 * Parse chain of X.509 certificates.
601 * @param[out] crt container for X.509 certificates
602 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
603 or DER format in a jumble, delimiting symbols does not matter.
604 * @param[in] bufLen buffer length
605 * @param[in] errNum number certificates that failed to parse
607 * @return number of successfully parsed certificates or -1 on error
609 static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, int bufLen, int * errNum)
611 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
612 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
613 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
615 char pemCertHeader[] = {
616 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
617 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
619 char pemCertFooter[] = {
620 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
621 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
623 size_t pemCertHeaderLen = sizeof(pemCertHeader);
624 size_t pemCertFooterLen = sizeof(pemCertFooter);
627 unsigned char * tmp = NULL;
635 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
637 tmp = (unsigned char *)buf + pos + 1;
638 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
639 if (pos + len < bufLen)
641 ret = mbedtls_x509_crt_parse_der(crt, buf + pos, len + 4);
649 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse_der returned -0x%04x\n", -(ret));
654 else if ((buf + pos + pemCertHeaderLen < buf + bufLen) &&
655 (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen)))
657 void * endPos = NULL;
658 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
661 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
662 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
665 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen;
666 if (pos + len + 1 <= bufLen)
668 char con = buf[pos + len];
669 buf[pos + len] = 0x00;
670 ret = mbedtls_x509_crt_parse(crt, buf + pos, len + 1);
678 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
680 buf[pos + len] = con;
684 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
685 memcpy(lastCert, buf + pos, len);
686 lastCert[len] = 0x00;
687 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
695 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
706 OIC_LOG_V(DEBUG, NET_SSL_TAG, "%s successfully parsed %d certificates", __func__, count);
707 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
714 //Loads PKIX related information from SRM
715 static int InitPKIX(CATransportAdapter_t adapter)
717 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
718 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
719 g_getPkixInfoCallback(&g_pkiInfo);
721 mbedtls_x509_crt_free(&g_caSslContext->ca);
722 mbedtls_x509_crt_free(&g_caSslContext->crt);
723 mbedtls_pk_free(&g_caSslContext->pkey);
724 mbedtls_x509_crl_free(&g_caSslContext->crl);
726 mbedtls_x509_crt_init(&g_caSslContext->ca);
727 mbedtls_x509_crt_init(&g_caSslContext->crt);
728 mbedtls_pk_init(&g_caSslContext->pkey);
729 mbedtls_x509_crl_init(&g_caSslContext->crl);
731 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ||
732 adapter == CA_ADAPTER_GATT_BTLE ?
733 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
734 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ||
735 adapter == CA_ADAPTER_GATT_BTLE ?
736 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
740 int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
743 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
748 OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
751 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
755 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
759 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
762 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
765 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
768 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
773 count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
776 OIC_LOG(ERROR, NET_SSL_TAG, "CA chain parsing error");
777 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
782 OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
785 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
788 OIC_LOG(WARNING, NET_SSL_TAG, "CRL parsing error");
789 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
793 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
794 &g_caSslContext->ca, &g_caSslContext->crl);
797 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
804 * @param[in] notUsed opaque context
805 * @param[in] ssl mbedTLS context
806 * @param[in] desc identity
807 * @param[in] descLen identity length
809 * @return 0 on success any other return value will result in a denied PSK identity
811 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
812 const unsigned char * desc, size_t descLen)
814 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
815 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
816 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
817 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
818 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
820 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
824 uint8_t keyBuf[PSK_LENGTH] = {0};
826 // Retrieve the credentials blob from security module
827 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
830 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
831 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
832 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
833 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
835 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
836 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
838 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
842 * Gets session corresponding for endpoint.
844 * @param[in] peer remote address
846 * @return TLS session or NULL
848 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
850 uint32_t listIndex = 0;
851 uint32_t listLength = 0;
852 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
853 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
855 SslEndPoint_t *tep = NULL;
856 listLength = u_arraylist_length(g_caSslContext->peerList);
857 for (listIndex = 0; listIndex < listLength; listIndex++)
859 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
865 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d] for %d adapter",
866 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port,
869 if((peer->adapter == tep->sep.endpoint.adapter)
870 && (0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
871 && (peer->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == peer->adapter))
873 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
877 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
878 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
882 #ifdef MULTIPLE_OWNER
884 * Gets CA secure endpoint info corresponding for endpoint.
886 * @param[in] peer remote address
888 * @return CASecureEndpoint or NULL
890 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
892 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
894 // TODO: Added as workaround, need to debug
895 oc_mutex_unlock(g_sslContextMutex);
897 oc_mutex_lock(g_sslContextMutex);
898 if (NULL == g_caSslContext)
900 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
901 oc_mutex_unlock(g_sslContextMutex);
905 SslEndPoint_t* sslPeer = GetSslPeer(peer);
908 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
909 oc_mutex_unlock(g_sslContextMutex);
910 return &sslPeer->sep;
913 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
914 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
915 oc_mutex_unlock(g_sslContextMutex);
921 * Deletes cached message.
923 * @param[in] msg message
925 static void DeleteCacheMessage(SslCacheMessage_t * msg)
927 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
928 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
933 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
936 * Deletes cached message list.
938 * @param[in] cacheList list of cached messages
940 static void DeleteCacheList(u_arraylist_t * cacheList)
942 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
943 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
944 uint32_t listIndex = 0;
945 uint32_t listLength = 0;
947 listLength = u_arraylist_length(cacheList);
948 for (listIndex = 0; listIndex < listLength; listIndex++)
950 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
953 DeleteCacheMessage(msg);
956 u_arraylist_free(&cacheList);
958 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
961 * Deletes endpoint with session.
963 * @param[in] tep endpoint with session info
965 static void DeleteSslEndPoint(SslEndPoint_t * tep)
967 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
968 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
970 mbedtls_ssl_free(&tep->ssl);
972 mbedtls_ssl_cookie_free(&tep->cookieCtx);
974 DeleteCacheList(tep->cacheList);
976 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
979 * Removes endpoint session from list.
981 * @param[in] endpoint remote address
983 static void RemovePeerFromList(CAEndpoint_t * endpoint)
985 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
986 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
987 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
989 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
994 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
995 && (endpoint->port == tep->sep.endpoint.port))
997 u_arraylist_remove(g_caSslContext->peerList, listIndex);
998 DeleteSslEndPoint(tep);
1004 * Deletes session list.
1006 static void DeletePeerList()
1008 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1009 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1011 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1016 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1021 ret = mbedtls_ssl_close_notify(&tep->ssl);
1023 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1025 DeleteSslEndPoint(tep);
1027 u_arraylist_free(&g_caSslContext->peerList);
1030 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
1032 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1033 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1035 oc_mutex_lock(g_sslContextMutex);
1036 if (NULL == g_caSslContext)
1038 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1039 oc_mutex_unlock(g_sslContextMutex);
1040 return CA_STATUS_FAILED;
1042 SslEndPoint_t * tep = GetSslPeer(endpoint);
1045 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1046 oc_mutex_unlock(g_sslContextMutex);
1047 return CA_STATUS_FAILED;
1049 /* No error checking, the connection might be closed already */
1053 ret = mbedtls_ssl_close_notify(&tep->ssl);
1055 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1057 RemovePeerFromList(&tep->sep.endpoint);
1058 oc_mutex_unlock(g_sslContextMutex);
1060 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1061 return CA_STATUS_OK;
1064 void CAcloseSslConnectionAll()
1066 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1067 oc_mutex_lock(g_sslContextMutex);
1068 if (NULL == g_caSslContext)
1070 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1071 oc_mutex_unlock(g_sslContextMutex);
1075 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1076 for (uint32_t i = listLength; i > 0; i--)
1078 SslEndPoint_t *tep = (SslEndPoint_t *)u_arraylist_remove(g_caSslContext->peerList, i - 1);
1083 OIC_LOG_V(DEBUG, NET_SSL_TAG, "SSL Connection [%s:%d]",
1084 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1086 // TODO: need to check below code after socket close is ensured.
1090 ret = mbedtls_ssl_close_notify(&tep->ssl);
1092 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);*/
1094 DeleteSslEndPoint(tep);
1096 oc_mutex_unlock(g_sslContextMutex);
1098 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1102 * Creates session for endpoint.
1104 * @param[in] endpoint remote address
1105 * @param[in] config mbedTLS configuration info
1107 * @return TLS endpoint or NULL
1109 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
1111 SslEndPoint_t * tep = NULL;
1112 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1113 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
1114 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
1116 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
1119 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1123 tep->sep.endpoint = *endpoint;
1124 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
1126 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
1128 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
1130 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1134 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
1135 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
1137 mbedtls_ssl_set_timer_cb(&tep->ssl, &tep->timer,
1138 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
1139 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1141 if (0 != mbedtls_ssl_cookie_setup(&tep->cookieCtx, mbedtls_ctr_drbg_random,
1142 &g_caSslContext->rnd))
1144 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
1146 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1149 mbedtls_ssl_conf_dtls_cookies(config, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
1151 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
1152 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
1154 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
1156 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1161 tep->cacheList = u_arraylist_create();
1162 if (NULL == tep->cacheList)
1164 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
1165 mbedtls_ssl_free(&tep->ssl);
1167 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1170 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1174 * Initializes PSK identity.
1176 * @param[out] config client/server config to be updated
1178 * @return 0 on success or -1 on error
1180 static int InitPskIdentity(mbedtls_ssl_config * config)
1182 uint8_t idBuf[UUID_LENGTH] = {0};
1183 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1184 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
1186 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
1188 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
1189 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1192 if (0 != mbedtls_ssl_conf_psk(config, idBuf, 0, idBuf, UUID_LENGTH))
1194 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
1195 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1198 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1201 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1204 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1205 if (NULL == g_getCredentialTypesCallback)
1207 OIC_LOG(ERROR, NET_SSL_TAG, "Param callback is null");
1211 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1212 // Retrieve the PSK credential from SRM
1213 if (0 != InitPskIdentity(config))
1215 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1218 // Retrieve the Cert credential from SRM
1219 if (true == g_caSslContext->cipherFlag[1])
1221 int ret = InitPKIX(adapter);
1224 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1228 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1229 if (SSL_CIPHER_MAX != g_caSslContext->cipher)
1231 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1235 if (true == g_caSslContext->cipherFlag[1])
1237 for (int i = 2; i < SSL_CIPHER_MAX - 2; i++)
1239 g_cipherSuitesList[index] = tlsCipher[i][0];
1243 if (true == g_caSslContext->cipherFlag[0])
1245 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1249 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1251 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1254 * Initiate TLS handshake with endpoint.
1256 * @param[in] endpoint remote address
1258 * @return TLS endpoint or NULL
1260 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1263 SslEndPoint_t * tep = NULL;
1265 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1266 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1269 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ||
1270 endpoint->adapter == CA_ADAPTER_GATT_BTLE ?
1271 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1272 tep = NewSslEndPoint(endpoint, config);
1275 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1279 //Load allowed SVR suites from SVR DB
1280 SetupCipher(config, endpoint->adapter);
1282 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Add %s:%d", tep->sep.endpoint.addr, tep->sep.endpoint.port);
1283 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1286 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1287 DeleteSslEndPoint(tep);
1291 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1293 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1294 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1300 OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
1301 RemovePeerFromList(&tep->sep.endpoint);
1304 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1306 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1309 #ifdef __WITH_DTLS__
1311 * Stops DTLS retransmission.
1313 static void StopRetransmit()
1317 unregisterTimer(g_caSslContext->timerId);
1321 void CAdeinitSslAdapter()
1323 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1325 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1326 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1328 //Lock tlsContext mutex
1329 oc_mutex_lock(g_sslContextMutex);
1334 // De-initialize mbedTLS
1335 mbedtls_x509_crt_free(&g_caSslContext->crt);
1336 mbedtls_pk_free(&g_caSslContext->pkey);
1338 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1339 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1340 #endif // __WITH_TLS__
1341 #ifdef __WITH_DTLS__
1342 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1343 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1344 #endif // __WITH_DTLS__
1345 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1346 mbedtls_entropy_free(&g_caSslContext->entropy);
1347 #ifdef __WITH_DTLS__
1350 // De-initialize tls Context
1351 OICFree(g_caSslContext);
1352 g_caSslContext = NULL;
1354 // Unlock tlsContext mutex and de-initialize it
1355 oc_mutex_unlock(g_sslContextMutex);
1356 oc_mutex_free(g_sslContextMutex);
1357 g_sslContextMutex = NULL;
1359 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1362 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1364 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1365 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1366 mbedtls_ssl_config_init(conf);
1367 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1369 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1374 * Configure mbedTLS runtime options. Many options are configured at build
1375 * time, see extlibs/mbedtls/config-iotivity.h
1377 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1378 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1379 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1380 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1382 /* Set TLS 1.2 as the minimum allowed version. */
1383 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1385 #if !defined(NDEBUG) || defined(TB_LOG)
1386 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1387 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1389 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1392 #ifdef __WITH_DTLS__
1394 * Starts DTLS retransmission.
1396 static int StartRetransmit()
1398 uint32_t listIndex = 0;
1399 uint32_t listLength = 0;
1400 SslEndPoint_t *tep = NULL;
1401 if (NULL == g_caSslContext)
1403 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
1406 oc_mutex_lock(g_sslContextMutex);
1407 if (g_caSslContext->timerId != -1)
1409 //clear previous timer
1410 unregisterTimer(g_caSslContext->timerId);
1412 listLength = u_arraylist_length(g_caSslContext->peerList);
1413 for (listIndex = 0; listIndex < listLength; listIndex++)
1415 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1417 || (tep->ssl.conf && MBEDTLS_SSL_TRANSPORT_STREAM == tep->ssl.conf->transport)
1418 || MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1422 int ret = mbedtls_ssl_handshake_step(&tep->ssl);
1424 if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
1427 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1429 SSL_CHECK_FAIL(tep, ret, "Retransmission", 1, CA_STATUS_FAILED,
1430 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1435 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1436 oc_mutex_unlock(g_sslContextMutex);
1441 CAResult_t CAinitSslAdapter()
1443 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1444 // Initialize mutex for tlsContext
1445 if (NULL == g_sslContextMutex)
1447 g_sslContextMutex = oc_mutex_new();
1448 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
1452 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
1453 return CA_STATUS_OK;
1456 // Lock tlsContext mutex and create tlsContext
1457 oc_mutex_lock(g_sslContextMutex);
1458 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1460 if (NULL == g_caSslContext)
1462 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
1463 oc_mutex_unlock(g_sslContextMutex);
1464 oc_mutex_free(g_sslContextMutex);
1465 g_sslContextMutex = NULL;
1466 return CA_MEMORY_ALLOC_FAILED;
1470 g_caSslContext->peerList = u_arraylist_create();
1472 if(NULL == g_caSslContext->peerList)
1474 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
1475 OICFree(g_caSslContext);
1476 g_caSslContext = NULL;
1477 oc_mutex_unlock(g_sslContextMutex);
1478 oc_mutex_free(g_sslContextMutex);
1479 g_sslContextMutex = NULL;
1480 return CA_STATUS_FAILED;
1483 /* Initialize TLS library
1485 #if !defined(NDEBUG) || defined(TB_LOG)
1486 #ifdef MBEDTLS_VERSION_C
1487 char version[MBED_TLS_VERSION_LEN];
1488 mbedtls_version_get_string(version);
1489 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
1491 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", MBEDTLS_VERSION_STRING);
1497 mbedtls_entropy_init(&g_caSslContext->entropy);
1498 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1500 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
1501 &g_caSslContext->entropy,
1502 (const unsigned char*) PERSONALIZATION_STRING, sizeof(PERSONALIZATION_STRING)))
1504 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
1505 oc_mutex_unlock(g_sslContextMutex);
1506 CAdeinitSslAdapter();
1507 return CA_STATUS_FAILED;
1509 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_ON);
1512 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
1513 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
1515 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
1516 oc_mutex_unlock(g_sslContextMutex);
1517 CAdeinitSslAdapter();
1518 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1519 return CA_STATUS_FAILED;
1522 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
1523 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
1525 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
1526 oc_mutex_unlock(g_sslContextMutex);
1527 CAdeinitSslAdapter();
1528 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1529 return CA_STATUS_FAILED;
1531 #endif // __WITH_TLS__
1532 #ifdef __WITH_DTLS__
1533 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
1534 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
1536 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
1537 oc_mutex_unlock(g_sslContextMutex);
1538 CAdeinitSslAdapter();
1539 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1540 return CA_STATUS_FAILED;
1543 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
1544 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
1546 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
1547 oc_mutex_unlock(g_sslContextMutex);
1548 CAdeinitSslAdapter();
1549 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1550 return CA_STATUS_FAILED;
1552 #endif // __WITH_DTLS__
1554 // set default cipher
1555 g_caSslContext->cipher = SSL_CIPHER_MAX;
1558 mbedtls_x509_crt_init(&g_caSslContext->ca);
1559 mbedtls_x509_crt_init(&g_caSslContext->crt);
1560 mbedtls_pk_init(&g_caSslContext->pkey);
1561 mbedtls_x509_crl_init(&g_caSslContext->crl);
1563 #ifdef __WITH_DTLS__
1564 g_caSslContext->timerId = -1;
1567 oc_mutex_unlock(g_sslContextMutex);
1568 #ifdef __WITH_DTLS__
1572 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1573 return CA_STATUS_OK;
1576 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
1578 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1579 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
1582 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
1583 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1586 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
1587 if (NULL == message)
1589 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
1590 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1594 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
1595 if (NULL == message->data)
1597 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
1599 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1602 memcpy(message->data, data, dataLen);
1603 message->len = dataLen;
1604 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1608 /* Send data via TLS connection.
1610 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
1611 void *data, uint32_t dataLen)
1615 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s ", __func__);
1617 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
1618 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
1619 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
1623 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
1624 return CA_STATUS_FAILED;
1627 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
1629 oc_mutex_lock(g_sslContextMutex);
1630 if(NULL == g_caSslContext)
1632 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1633 oc_mutex_unlock(g_sslContextMutex);
1634 return CA_STATUS_FAILED;
1637 SslEndPoint_t * tep = GetSslPeer(endpoint);
1640 tep = InitiateTlsHandshake(endpoint);
1644 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
1645 oc_mutex_unlock(g_sslContextMutex);
1646 return CA_STATUS_FAILED;
1649 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1651 unsigned char *dataBuf = (unsigned char *)data;
1656 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, dataLen - written);
1659 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
1661 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned 0x%x", -ret);
1662 RemovePeerFromList(&tep->sep.endpoint);
1663 oc_mutex_unlock(g_sslContextMutex);
1664 return CA_STATUS_FAILED;
1668 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
1672 } while (dataLen > written);
1677 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
1678 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
1680 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1681 oc_mutex_unlock(g_sslContextMutex);
1682 return CA_STATUS_FAILED;
1686 oc_mutex_unlock(g_sslContextMutex);
1688 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1689 return CA_STATUS_OK;
1692 * Sends cached messages via TLS connection.
1694 * @param[in] tep remote address with session info
1696 static void SendCacheMessages(SslEndPoint_t * tep)
1698 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1699 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
1701 uint32_t listIndex = 0;
1702 uint32_t listLength = 0;
1703 listLength = u_arraylist_length(tep->cacheList);
1704 for (listIndex = 0; listIndex < listLength;)
1707 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
1708 if (NULL != msg && NULL != msg->data && 0 != msg->len)
1710 unsigned char *dataBuf = (unsigned char *)msg->data;
1715 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
1718 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
1720 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
1725 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
1729 } while (msg->len > written);
1731 if (u_arraylist_remove(tep->cacheList, listIndex))
1733 DeleteCacheMessage(msg);
1734 // Reduce list length by 1 as we removed one element.
1739 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
1745 // Move to the next element
1749 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1752 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
1754 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1755 g_sslCallback = tlsHandshakeCallback;
1756 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1759 /* Read data from TLS connection
1761 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
1764 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1765 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1766 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
1768 oc_mutex_lock(g_sslContextMutex);
1769 if (NULL == g_caSslContext)
1771 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1772 oc_mutex_unlock(g_sslContextMutex);
1773 return CA_STATUS_FAILED;
1777 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
1780 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
1781 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
1782 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1783 peer = NewSslEndPoint(&sep->endpoint, config);
1786 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1787 oc_mutex_unlock(g_sslContextMutex);
1788 return CA_STATUS_FAILED;
1790 //Load allowed TLS suites from SVR DB
1791 SetupCipher(config, sep->endpoint.adapter);
1793 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
1796 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1798 oc_mutex_unlock(g_sslContextMutex);
1799 return CA_STATUS_FAILED;
1803 peer->recBuf.buff = data;
1804 peer->recBuf.len = dataLen;
1805 peer->recBuf.loaded = 0;
1807 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
1809 ret = mbedtls_ssl_handshake_step(&peer->ssl);
1810 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1815 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
1817 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
1818 mbedtls_ssl_session_reset(&peer->ssl);
1819 mbedtls_ssl_set_client_transport_id(&peer->ssl,
1820 (const unsigned char *) sep->endpoint.addr,
1821 sizeof(sep->endpoint.addr));
1822 ret = mbedtls_ssl_handshake_step(&peer->ssl);
1824 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
1827 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
1828 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
1829 CA_STATUS_FAILED, GetAlertCode(flags));
1831 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1832 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
1834 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
1835 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
1837 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
1839 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
1842 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
1844 SSL_RES(peer, CA_STATUS_OK);
1845 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
1847 SendCacheMessages(peer);
1850 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->selectedCipher &&
1851 MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != g_caSslContext->selectedCipher)
1853 char uuid[UUID_LENGTH * 2 + 5] = {0};
1854 void * uuidPos = NULL;
1855 void * userIdPos = NULL;
1856 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
1857 ret = (NULL == peerCert ? -1 : 0);
1858 SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
1859 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
1860 uuidPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
1861 UUID_PREFIX, sizeof(UUID_PREFIX) - 1);
1863 if (NULL != uuidPos)
1865 memcpy(uuid, (char*) uuidPos + sizeof(UUID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
1866 OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s" , uuid);
1867 ret = (OCConvertStringToUuid(uuid, peer->sep.identity.id)) ? 0 : -1;
1868 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
1869 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
1873 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
1876 userIdPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
1877 USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
1878 if (NULL != userIdPos)
1880 memcpy(uuid, (char*) userIdPos + sizeof(USERID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
1881 ret = (OCConvertStringToUuid(uuid, peer->sep.userId.id)) ? 0 : -1;
1882 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject alt name", 1,
1883 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
1887 OIC_LOG(WARNING, NET_SSL_TAG, "Subject alternative name not found");
1891 oc_mutex_unlock(g_sslContextMutex);
1892 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1893 return CA_STATUS_OK;
1897 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
1899 uint8_t decryptBuffer[TLS_MSG_BUF_LEN] = {0};
1902 ret = mbedtls_ssl_read(&peer->ssl, decryptBuffer, TLS_MSG_BUF_LEN);
1903 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
1905 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
1906 // TinyDTLS sends fatal close_notify alert
1907 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
1908 MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
1909 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
1911 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
1912 RemovePeerFromList(&peer->sep.endpoint);
1913 oc_mutex_unlock(g_sslContextMutex);
1914 return CA_STATUS_OK;
1919 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
1920 //SSL_RES(peer, CA_STATUS_FAILED);
1921 RemovePeerFromList(&peer->sep.endpoint);
1922 oc_mutex_unlock(g_sslContextMutex);
1923 return CA_STATUS_FAILED;
1927 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
1928 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
1930 g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep, decryptBuffer, ret);
1934 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
1935 RemovePeerFromList(&peer->sep.endpoint);
1936 oc_mutex_unlock(g_sslContextMutex);
1937 return CA_STATUS_FAILED;
1942 oc_mutex_unlock(g_sslContextMutex);
1943 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1944 return CA_STATUS_OK;
1947 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
1948 CAPacketSendCallback sendCallback,
1949 CATransportAdapter_t type)
1951 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1952 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
1953 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
1954 oc_mutex_lock(g_sslContextMutex);
1955 if (NULL == g_caSslContext)
1957 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1958 oc_mutex_unlock(g_sslContextMutex);
1965 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
1966 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
1968 case CA_ADAPTER_TCP:
1969 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
1970 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
1972 case CA_ADAPTER_GATT_BTLE:
1973 g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
1974 g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
1977 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
1980 oc_mutex_unlock(g_sslContextMutex);
1981 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1984 * Gets index of the TLS ciphersuite in the SslCipher_t enum.
1986 * @param[in] cipher TLS chiphersuite code
1988 * @return corresponding enum
1991 static SslCipher_t GetCipherIndex(const uint32_t cipher)
1995 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
1997 return SSL_RSA_WITH_AES_256_CBC_SHA256;
1999 case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
2001 return SSL_RSA_WITH_AES_128_GCM_SHA256;
2003 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
2005 return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
2007 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
2009 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
2011 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
2013 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
2015 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
2017 return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
2019 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
2021 return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
2023 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
2025 return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
2027 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
2029 return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
2031 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
2033 return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
2035 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
2037 return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
2041 return SSL_CIPHER_MAX;
2046 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
2048 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2049 CAResult_t res = CA_STATUS_FAILED;
2050 SslCipher_t index = GetCipherIndex(cipher);
2051 if (SSL_CIPHER_MAX == index)
2053 OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
2058 CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
2059 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2061 #ifdef __WITH_DTLS__
2062 CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
2063 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2065 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
2067 g_caSslContext->cipher = index;
2069 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2070 return CA_STATUS_OK;
2073 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
2075 CAResult_t res = CA_STATUS_OK;
2076 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2077 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2078 oc_mutex_lock(g_sslContextMutex);
2079 if (NULL == InitiateTlsHandshake(endpoint))
2081 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2082 res = CA_STATUS_FAILED;
2084 oc_mutex_unlock(g_sslContextMutex);
2085 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2089 * Expands the secret into blocks of data according
2090 * to the algorithm specified in section 5 of RFC 4346
2092 * This function writes upto @p bufLen bytes into the given output buffer @p buf
2094 * @param key secret key.
2095 * @param keyLen secret key length.
2096 * @param label A PRF label.
2097 * @param labelLen Actual length of @p label.
2098 * @param random1 Random seed.
2099 * @param random1Len Actual length of @p random1 (may be zero).
2100 * @param random2 Random seed.
2101 * @param random2Len Actual length of @p random2 (may be zero).
2102 * @param buf Output buffer for generated random data.
2103 * @param bufLen Maximum size of @p buf.
2105 * @return The actual number of bytes written to @p buf or @c -1 on error.
2108 static int pHash (const unsigned char *key, size_t keyLen,
2109 const unsigned char *label, size_t labelLen,
2110 const unsigned char *random1, size_t random1Len,
2111 const unsigned char *random2, size_t random2Len,
2112 unsigned char *buf, size_t bufLen)
2114 unsigned char A[RANDOM_LEN] = {0};
2115 unsigned char tmp[RANDOM_LEN] = {0};
2116 size_t dLen; /* digest length */
2117 size_t len = 0; /* result length */
2119 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
2120 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
2121 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
2122 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
2123 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
2125 mbedtls_md_context_t hmacA;
2126 mbedtls_md_context_t hmacP;
2128 mbedtls_md_init(&hmacA);
2129 mbedtls_md_init(&hmacP);
2131 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2132 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2134 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
2135 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
2136 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
2137 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
2138 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2142 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2144 while (len + dLen < bufLen)
2146 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2147 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2148 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2149 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2150 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2151 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2153 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2157 memcpy(buf, tmp, dLen);
2160 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
2161 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
2162 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
2163 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2166 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2167 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2168 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2170 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2171 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2172 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2173 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2175 memcpy(buf, tmp, bufLen - len);
2177 mbedtls_md_free(&hmacA);
2178 mbedtls_md_free(&hmacP);
2180 // exit label required for CHECK_MBEDTLS_RET macro
2182 mbedtls_md_free(&hmacA);
2183 mbedtls_md_free(&hmacP);
2187 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
2188 const uint8_t* label, const size_t labelLen,
2189 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
2190 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
2191 uint8_t* ownerPsk, const size_t ownerPskSize)
2193 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2194 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
2195 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
2196 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
2197 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
2198 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
2200 // TODO: Added as workaround, need to debug
2201 oc_mutex_unlock(g_sslContextMutex);
2203 oc_mutex_lock(g_sslContextMutex);
2204 if (NULL == g_caSslContext)
2206 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2207 oc_mutex_unlock(g_sslContextMutex);
2208 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2209 return CA_STATUS_FAILED;
2211 SslEndPoint_t * tep = GetSslPeer(endpoint);
2214 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
2215 oc_mutex_unlock(g_sslContextMutex);
2216 return CA_STATUS_FAILED;
2219 // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
2223 int keyBlockLen = 0;
2224 if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2225 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2226 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2227 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
2229 // 2 * ( 32 + 0 + 16 ) = 96
2230 macKeyLen = SHA256_MAC_KEY_LENGTH;
2231 ivSize = CBC_IV_LENGTH;
2232 keySize = AES128_KEY_LENGTH;
2234 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
2235 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
2237 // 2 * ( 0 + 4 + 16 ) = 40
2238 macKeyLen = CCM_MAC_KEY_LENGTH;
2239 ivSize = CCM_IV_LENGTH;
2240 keySize = AES128_KEY_LENGTH;
2242 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2244 // 2 * ( 32 + 12 + 16 ) = 120
2245 macKeyLen = SHA256_MAC_KEY_LENGTH;
2246 ivSize = GCM_IV_LENGTH;
2247 keySize = AES128_KEY_LENGTH;
2249 else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
2251 // 2 * ( 32 + 0 + 32 ) = 128
2252 macKeyLen = SHA256_MAC_KEY_LENGTH;
2253 ivSize = CBC_IV_LENGTH;
2254 keySize = AES256_KEY_LENGTH;
2256 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
2258 // 2 * ( 48 + 0 + 32 ) = 160
2259 macKeyLen = SHA384_MAC_KEY_LENGTH;
2260 ivSize = CBC_IV_LENGTH;
2261 keySize = AES256_KEY_LENGTH;
2263 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
2265 // 2 * ( 48 + 12 + 32 ) = 184
2266 macKeyLen = SHA384_MAC_KEY_LENGTH;
2267 ivSize = GCM_IV_LENGTH;
2268 keySize = AES256_KEY_LENGTH;
2270 else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2272 // 2 * ( 48 + 12 + 32 ) = 184
2273 macKeyLen = SHA256_MAC_KEY_LENGTH;
2274 ivSize = GCM_IV_LENGTH;
2275 keySize = AES128_KEY_LENGTH;
2277 keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
2279 uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
2280 if (NULL == keyblock)
2282 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
2283 oc_mutex_unlock(g_sslContextMutex);
2284 return CA_STATUS_FAILED;
2288 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
2289 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
2290 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
2291 keyblock, keyBlockLen);
2294 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2296 oc_mutex_unlock(g_sslContextMutex);
2297 return CA_STATUS_FAILED;
2300 ret = pHash(keyblock, keyBlockLen, label, labelLen,
2301 rsrcServerDeviceId, rsrcServerDeviceIdLen,
2302 provServerDeviceId, provServerDeviceIdLen,
2303 ownerPsk, ownerPskSize);
2306 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2308 oc_mutex_unlock(g_sslContextMutex);
2309 return CA_STATUS_FAILED;
2313 oc_mutex_unlock(g_sslContextMutex);
2315 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2316 return CA_STATUS_OK;