1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
21 #define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
30 #include "ca_adapter_net_ssl.h"
32 #include "caadapterutils.h"
33 #include "cainterface.h"
34 #include "caipinterface.h"
35 #include "oic_malloc.h"
37 #include "byte_array.h"
43 // headers required for mbed TLS
44 #include "mbedtls/platform.h"
45 #include "mbedtls/ssl.h"
46 #include "mbedtls/entropy.h"
47 #include "mbedtls/ctr_drbg.h"
48 #include "mbedtls/pkcs12.h"
49 #include "mbedtls/ssl_internal.h"
50 #include "mbedtls/net.h"
52 #include "mbedtls/timing.h"
53 #include "mbedtls/ssl_cookie.h"
55 #include "pkix_interface.h"
57 #if !defined(NDEBUG) || defined(TB_LOG)
58 #include "mbedtls/debug.h"
59 #include "mbedtls/version.h"
63 #include <sys/types.h>
71 * @def MBED_TLS_VERSION_LEN
72 * @brief mbedTLS version string length
74 #define MBED_TLS_VERSION_LEN (16)
77 * @brief Seed for initialization RNG
79 #define SEED "IOTIVITY_RND"
82 * @brief uuid prefix in certificate subject field
84 #define UUID_PREFIX "uuid:"
87 * @brief userid prefix in certificate alternative subject name field
89 #define USERID_PREFIX "userid:"
93 * @brief Logging tag for module name
95 #define NET_SSL_TAG "OIC_CA_NET_SSL"
98 * @brief Logging tag for mbedTLS library
100 #define MBED_TLS_TAG "MBED_TLS"
102 * @def MMBED_TLS_DEBUG_LEVEL
103 * @brief Logging level for mbedTLS library
105 #define MBED_TLS_DEBUG_LEVEL (4)
108 * @def TLS_MSG_BUF_LEN
109 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
111 #if defined (__TIZENRT__)
112 #define TLS_MSG_BUF_LEN (2048)
114 #define TLS_MSG_BUF_LEN (16384)
119 * @brief PSK keys max length
121 #define PSK_LENGTH (256/8)
123 * @def UUID_LENGTHPSK_LENGTH
124 * @brief Identity max length
126 #define UUID_LENGTH (128/8)
129 * @brief Size of string representation RFC4122 based UUID.
130 * 32 chars for hex data and 4 '-' symbols.
132 #define UUID_STR_SIZE (36)
135 * @def MASTER_SECRET_LEN
136 * @brief TLS master secret length
138 #define MASTER_SECRET_LEN (48)
141 * @brief TLS client and server random bytes length
143 #define RANDOM_LEN (32)
145 * @def SHA384_MAC_KEY_LENGTH
146 * @brief MAC key length for SHA384 cipher suites
148 #define SHA384_MAC_KEY_LENGTH (48)
150 * @def SHA256_MAC_KEY_LENGTH
151 * @brief MAC key length for SHA256 cipher suites
153 #define SHA256_MAC_KEY_LENGTH (32)
155 * @def CCM_MAC_KEY_LENGTH
156 * @brief MAC key length for CCM cipher suites
158 #define CCM_MAC_KEY_LENGTH (0)
160 * @def AES256_KEY_LENGTH
161 * @brief key material length for AES256 cipher suites
163 #define AES256_KEY_LENGTH (32)
165 * @def AES128_KEY_LENGTH
166 * @brief key material length for AES128 cipher suites
168 #define AES128_KEY_LENGTH (16)
171 * @brief length of nonce for GCM cipher suites
173 #define GCM_IV_LENGTH (12)
176 * @brief length of nonce for CCM cipher suites
178 #define CCM_IV_LENGTH (4)
181 * @brief length of nonce for CBC cipher suites
183 #define CBC_IV_LENGTH (0)
186 * @var RETRANSMISSION_TIME
187 * @brief Maximum timeout value (in seconds) to start DTLS retransmission.
189 #define RETRANSMISSION_TIME 1
191 /**@def SSL_CLOSE_NOTIFY(peer, ret)
193 * Notifies of existing \a peer about closing TLS connection.
195 * @param[in] peer remote peer
196 * @param[in] ret used internaly
198 #define SSL_CLOSE_NOTIFY(peer, ret) \
201 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
202 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
204 /**@def SSL_RES(peer, status)
206 * Sets SSL result for callback.
208 * @param[in] peer remote peer
210 #define SSL_RES(peer, status) \
213 CAErrorInfo_t errorInfo; \
214 errorInfo.result = (status); \
215 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
217 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
219 * Checks handshake result and send alert if needed.
221 * @param[in] peer remote peer
222 * @param[in] ret error code
223 * @param[in] str debug string
224 * @param[in] mutex ca mutex
225 * @param[in] error if code does not equal to -1 returns error code
226 * @param[in] msg allert message
228 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
229 if (0 != (ret) && MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) && \
230 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
231 MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
232 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
233 MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) && \
234 MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) && \
235 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) && \
236 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) && \
237 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) && \
238 MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) && \
239 MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) && \
240 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) && \
241 MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) && \
242 MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) && \
243 MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) && \
244 MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) && \
245 MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) && \
246 MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) && \
247 MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret)) \
249 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
250 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) && \
251 (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret)) \
253 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
255 RemovePeerFromList(&(peer)->sep.endpoint); \
258 oc_mutex_unlock(g_sslContextMutex); \
260 if ((int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int)(ret)) \
262 SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE); \
264 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
265 if (-1 != (intptr_t)error) \
271 /**@def CONF_SSL(clientConf, serverConf, fn, ...)
273 * Calls \a fn for \a clientConf and \a serverConf.
276 #define CONF_SSL(clientConf, serverConf, fn, ...) do { \
277 fn((clientConf), __VA_ARGS__); \
278 fn((serverConf), __VA_ARGS__); \
281 /** @def CHECK_MBEDTLS_RET(f, ...)
282 * A macro that checks \a f function return code
284 * If function returns error code it goes to error processing.
286 * @param[in] f Function to call
288 #define CHECK_MBEDTLS_RET(f, ...) do { \
289 int ret = (f)(__VA_ARGS__); \
291 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
297 SSL_RSA_WITH_AES_256_CBC_SHA256,
298 SSL_RSA_WITH_AES_128_GCM_SHA256,
299 SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
300 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
301 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
302 SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
303 SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
304 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
305 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
306 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
307 SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
308 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
309 SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
315 ADAPTER_CURVE_SECP256R1,
319 static const int tlsCipher[SSL_CIPHER_MAX][2] =
321 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
322 {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
323 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
324 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
325 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
326 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
327 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
328 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
329 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
330 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
331 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
332 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
333 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
336 static int g_cipherSuitesList[SSL_CIPHER_MAX];
338 static int g_ssl_ordered_default_hashes[] = {
339 #if defined(MBEDTLS_SHA256_C)
343 #if defined(MBEDTLS_SHA1_C)
349 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
351 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
354 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
361 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
362 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
363 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
364 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
365 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
366 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
367 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
368 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
369 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
370 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
371 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
372 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
373 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
374 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
375 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
376 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
377 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
378 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
379 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
380 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
381 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
385 static int GetAlertCode(uint32_t flags)
387 const CrtVerifyAlert_t *cur;
389 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
391 if (flags & cur->code)
399 #if !defined(NDEBUG) || defined(TB_LOG)
401 * Pass a message to the OIC logger.
403 * @param[in] ctx opaque context for the callback
404 * @param[in] level debug level
405 * @param[in] file file name
406 * @param[in] line line number
407 * @param[in] str message
409 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
416 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
420 #if defined(_WIN32) || defined (__TIZENRT__)
422 * Finds the first occurrence of the byte string s in byte string l.
425 static void * memmem(const void *l, size_t lLen, const void *s, size_t sLen)
429 const char *cl = (const char *)l;
430 const char *cs = (const char *)s;
432 if (lLen == 0 || sLen == 0)
442 return (void *)memchr(l, (int)*cs, lLen);
445 last = (char *)cl + lLen - sLen;
447 for (cur = (char *)cl; cur <= last; cur++)
449 if (cur[0] == cs[0] && memcmp(cur, cs, sLen) == 0)
458 * structure to holds the information of cache message and address info.
460 typedef ByteArray_t SslCacheMessage_t;
464 * Data structure for holding the send and recv callbacks.
466 typedef struct TlsCallBacks
468 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
469 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
473 * Data structure for holding the mbedTLS interface related info.
475 typedef struct SslContext
477 u_arraylist_t *peerList; /**< peer list which holds the mapping between
478 peer id, it's n/w address and mbedTLS context. */
479 mbedtls_entropy_context entropy;
480 mbedtls_ctr_drbg_context rnd;
482 mbedtls_x509_crt crt;
483 mbedtls_pk_context pkey;
485 mbedtls_ssl_config clientTlsConf;
486 mbedtls_ssl_config serverTlsConf;
487 mbedtls_ssl_config clientDtlsConf;
488 mbedtls_ssl_config serverDtlsConf;
491 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
492 mbedtls_x509_crl crl;
497 mbedtls_ssl_cookie_ctx cookieCtx;
503 * @var g_caSslContext
504 * @brief global context which holds tls context and cache list information.
506 static SslContext_t * g_caSslContext = NULL;
508 static SslExportKeysCallback_t gTlsExportKeysCallback = NULL;
510 static SslExportKeysCallback_t gDtlsExportKeysCallback = NULL;
513 * @var g_getCredentialsCallback
514 * @brief callback to get TLS credentials (same as for DTLS)
516 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
518 * @var g_getCerdentilTypesCallback
519 * @brief callback to get different credential types from SRM
521 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
523 * @var g_getPkixInfoCallback
525 * @brief callback to get X.509-based Public Key Infrastructure
527 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
530 * Callback to inform in case of client's certificate absence
532 static CertificateVerificationCallback_t g_CertificateVerificationCallback = NULL;
535 * @var g_setupPkContextCallback
537 * @brief callback to setup PK context handler for H/W based Public Key Infrastructure
539 static CAsetupPkContextHandler g_setupPkContextCallback = NULL;
542 * @var g_dtlsContextMutex
543 * @brief Mutex to synchronize access to g_caSslContext.
545 static oc_mutex g_sslContextMutex = NULL;
549 * @brief callback to deliver the TLS handshake result
551 static CAErrorCallback g_sslCallback = NULL;
554 * Data structure for PeerCertCallback.
560 } PeerCertCallback_t;
563 * @var g_peerCertCallback
565 * @brief callback to utilize peer certificate information
567 static PeerCertCallback_t g_peerCertCallback = {NULL, NULL};
570 * @var g_decryptBuffer
571 * @brief decrypt buffer which will be used for decryption
573 static uint8_t *g_decryptBuffer = NULL;
576 * Data structure for holding the data to be received.
578 typedef struct SslRecBuf
585 * Data structure for holding the data related to endpoint
588 typedef struct SslEndPoint
590 mbedtls_ssl_context ssl;
591 CASecureEndpoint_t sep;
592 u_arraylist_t * cacheList;
594 uint8_t master[MASTER_SECRET_LEN];
595 uint8_t random[2*RANDOM_LEN];
597 mbedtls_timing_delay_context timer;
598 #endif // __WITH_DTLS__
601 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
603 // TODO Does this method needs protection of tlsContextMutex?
604 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
605 g_getCredentialsCallback = credCallback;
606 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
609 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
611 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
612 g_getPkixInfoCallback = infoCallback;
613 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
616 void CAsetSetupPkContextCallback(CAsetupPkContextHandler setupPkCtxCallback)
618 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
619 g_setupPkContextCallback = setupPkCtxCallback;
620 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
623 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
625 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
626 g_getCredentialTypesCallback = credTypesCallback;
627 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
630 void CAsetCertificateVerificationCallback(CertificateVerificationCallback_t certVerifyStatusCallback)
632 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
633 g_CertificateVerificationCallback = certVerifyStatusCallback;
634 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
637 void CAunsetCertificateVerificationCallback()
639 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
640 g_CertificateVerificationCallback = NULL;
641 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
644 static int GetAdapterIndex(CATransportAdapter_t adapter)
652 case CA_ADAPTER_GATT_BTLE:
655 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
662 * @param[in] tep TLS endpoint
663 * @param[in] data message
664 * @param[in] dataLen message length
666 * @return message length or -1 on error.
668 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
670 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
671 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", -1);
672 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", -1);
673 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
674 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
675 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
677 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
678 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
680 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
681 sentLen = sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, dataLen);
684 OIC_LOG_V(ERROR, NET_SSL_TAG, "sendCallback() is Failed(%zd)", sentLen);
687 else if ((size_t)sentLen != dataLen)
689 OIC_LOG_V(DEBUG, NET_SSL_TAG,
690 "Packet was partially sent - total/sent/remained bytes : %zd/%zu/%zu",
691 sentLen, dataLen, (dataLen - sentLen));
696 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
700 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
706 * @param[in] tep TLS endpoint
707 * @param[in] data message
708 * @param[in] dataLen message length
710 * @return read length
712 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
714 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
715 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
716 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
718 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
719 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
720 retLen = (retLen < dataLen ? retLen : dataLen);
722 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
723 recBuf->loaded += retLen;
725 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
729 static int CASslExportKeysHandler(void *p_expkey,
730 const unsigned char *ms,
731 const unsigned char *kb,
736 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
738 if (NULL == g_caSslContext)
740 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
741 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
743 if (NULL == p_expkey)
745 OIC_LOG(ERROR, NET_SSL_TAG, "Can not find the protocol information from 'p_expkey'.");
746 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
749 CASslEkcbProtocol_t* protocol = (CASslEkcbProtocol_t*)p_expkey;
751 if (gTlsExportKeysCallback && CA_SSL_EKCB_TLS == (*protocol))
753 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking TLS export key callback.");
754 gTlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
756 else if (gDtlsExportKeysCallback && CA_SSL_EKCB_DTLS == (*protocol))
758 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking DTLS export key callback.");
759 gDtlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
763 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to Invoke (D)TLS export key callback.");
764 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
767 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
771 CAResult_t CASetSslExportKeysCallback(SslExportKeysCallback_t exportKeysCb,
772 CASslEkcbProtocol_t protocol, CASslEkcbRole_t role)
774 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
775 mbedtls_ssl_config* sslConf = NULL;
776 static CASslEkcbProtocol_t protocolCtx = CA_SSL_EKCB_TLS;
778 if (CA_SSL_EKCB_TLS != protocol && CA_SSL_EKCB_DTLS != protocol)
780 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild protocol.");
781 return CA_STATUS_INVALID_PARAM;
783 if (CA_SSL_EKCB_CLIENT != role && CA_SSL_EKCB_SERVER != role)
785 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild role.");
786 return CA_STATUS_INVALID_PARAM;
789 OIC_LOG_V(DEBUG, NET_SSL_TAG, "TLS Export Key Callback Type : [%s] [%s]",
790 (CA_SSL_EKCB_TLS == protocol ? "TLS" : "DTLS"),
791 (CA_SSL_EKCB_CLIENT == role ? "Client" : "Server"));
793 oc_mutex_lock(g_sslContextMutex);
794 if (NULL == g_caSslContext)
796 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
797 oc_mutex_unlock(g_sslContextMutex);
798 return CA_STATUS_NOT_INITIALIZED;
801 if (CA_SSL_EKCB_TLS == protocol)
803 gTlsExportKeysCallback = exportKeysCb;
804 if (CA_SSL_EKCB_CLIENT == role)
806 sslConf = &g_caSslContext->clientTlsConf;
810 sslConf = &g_caSslContext->serverTlsConf;
815 gDtlsExportKeysCallback = exportKeysCb;
816 if (CA_SSL_EKCB_CLIENT == role)
818 sslConf = &g_caSslContext->clientDtlsConf;
822 sslConf = &g_caSslContext->serverDtlsConf;
825 protocolCtx = protocol;
827 if (NULL == exportKeysCb)
829 mbedtls_ssl_conf_export_keys_cb(sslConf, NULL, NULL);
830 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback unregistered.");
834 mbedtls_ssl_conf_export_keys_cb(sslConf, CASslExportKeysHandler, (void*)(&protocolCtx));
835 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback registered.");
837 oc_mutex_unlock(g_sslContextMutex);
839 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
845 * Parse chain of X.509 certificates.
847 * @param[out] crt container for X.509 certificates
848 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
849 or DER format in a jumble, delimiting symbols does not matter.
850 * @param[in] bufLen buffer length
851 * @param[in] errNum number certificates that failed to parse
853 * @return number of successfully parsed certificates or -1 on error
855 static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, size_t bufLen, int * errNum)
857 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
858 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
859 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
861 char pemCertHeader[] = {
862 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
863 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
865 char pemCertFooter[] = {
866 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
867 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
869 size_t pemCertHeaderLen = sizeof(pemCertHeader);
870 size_t pemCertFooterLen = sizeof(pemCertFooter);
873 unsigned char * tmp = NULL;
881 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
883 tmp = (unsigned char *)buf + pos + 1;
884 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
885 if (pos + len < bufLen)
887 ret = mbedtls_x509_crt_parse_der(crt, buf + pos, len + 4);
895 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse_der returned -0x%04x\n", -(ret));
900 else if ((buf + pos + pemCertHeaderLen < buf + bufLen) &&
901 (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen)))
903 void * endPos = NULL;
904 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
907 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
908 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
911 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen;
912 if (pos + len + 1 <= bufLen)
914 char con = buf[pos + len];
915 buf[pos + len] = 0x00;
916 ret = mbedtls_x509_crt_parse(crt, buf + pos, len + 1);
924 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
926 buf[pos + len] = con;
930 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
931 memcpy(lastCert, buf + pos, len);
932 lastCert[len] = 0x00;
933 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
941 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
952 OIC_LOG_V(INFO, NET_SSL_TAG, "%s successfully parsed %d certificates", __func__, count);
953 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
960 static int VerifyCertificateCallback(void *p_vrfy, mbedtls_x509_crt *crt, int depth,
964 char buf[1024] = {0};
966 if (0 != *flags) // Invalid Cerificate
969 ret = mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags);
972 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s(%d)", buf, *flags);
977 if (NULL == g_peerCertCallback.cb)
979 OIC_LOG(DEBUG, NET_SSL_TAG, "NOT SET g_peerCertCallback");
985 * depth = 0 : Own Cert.
986 * depth = 1 : Sub CA Cert.
987 * depth = 2 : Root CA Cert.
989 OIC_LOG_V(INFO, NET_SSL_TAG, "Depth : %d", depth);
991 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
992 OIC_LOG_V(DEBUG, NET_SSL_TAG, "crt : %s", buf);
994 return g_peerCertCallback.cb(g_peerCertCallback.ctx, crt, depth);
997 CAResult_t CAsetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback)
999 #ifndef __WITH_DTLS__
1001 UNUSED(peerCertCallback);
1002 OIC_LOG(ERROR, NET_SSL_TAG, "Not Supported");
1003 return CA_NOT_SUPPORTED;
1006 if (peerCertCallback)
1008 OIC_LOG(DEBUG, NET_SSL_TAG, "SET peerCertCallback");
1009 g_peerCertCallback.cb = peerCertCallback;
1010 g_peerCertCallback.ctx = ctx;
1014 OIC_LOG(DEBUG, NET_SSL_TAG, "UNSET peerCertCallback");
1015 g_peerCertCallback.cb = NULL;
1016 g_peerCertCallback.ctx = NULL;
1018 return CA_STATUS_OK;
1021 //Loads PKIX related information from SRM
1022 static int InitPKIX(CATransportAdapter_t adapter)
1024 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1025 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
1026 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1028 mbedtls_x509_crt_free(&g_caSslContext->ca);
1029 mbedtls_x509_crt_free(&g_caSslContext->crt);
1030 mbedtls_pk_free(&g_caSslContext->pkey);
1031 mbedtls_x509_crl_free(&g_caSslContext->crl);
1033 mbedtls_x509_crt_init(&g_caSslContext->ca);
1034 mbedtls_x509_crt_init(&g_caSslContext->crt);
1035 mbedtls_pk_init(&g_caSslContext->pkey);
1036 mbedtls_x509_crl_init(&g_caSslContext->crl);
1038 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ||
1039 adapter == CA_ADAPTER_GATT_BTLE ?
1040 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1041 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ||
1042 adapter == CA_ADAPTER_GATT_BTLE ?
1043 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1045 #ifdef __WITH_DTLS__
1047 * Conf. is initialized in CAinitSslAdapter()
1049 mbedtls_ssl_conf_verify(&g_caSslContext->clientDtlsConf, VerifyCertificateCallback, NULL);
1052 // load pk key, cert, trust chain and crl
1053 if (g_getPkixInfoCallback)
1055 OIC_LOG(INFO, NET_SSL_TAG, "g_getPkixInfoCallback will be invoked");
1056 g_getPkixInfoCallback(&g_pkiInfo);
1059 // parse own certficate (optional)
1062 int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
1065 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
1070 OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
1074 // parse private key if hw is not supported (optional)
1075 if(NULL == g_setupPkContextCallback)
1077 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback is NULL");
1078 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
1083 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback will be invoked");
1084 // setup hw pk context (optional)
1085 ret = g_setupPkContextCallback(&g_caSslContext->pkey);
1088 // setup public parameter
1089 mbedtls_pk_type_t ktype = mbedtls_pk_get_type(&g_caSslContext->pkey);
1090 if (MBEDTLS_PK_ECKEY == ktype || MBEDTLS_PK_ECKEY_DH == ktype
1091 || MBEDTLS_PK_ECDSA == ktype)
1093 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Copy ecp public param from cert, keytype [%d]", ktype);
1094 mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair*)g_caSslContext->crt.pk.pk_ctx;
1095 mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context*)g_caSslContext->pkey.pk_ctx;
1098 ret = mbedtls_ecdsa_from_keypair(ecdsa, eckey);
1101 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to copy public param [0x%x]", ret);
1106 OIC_LOG_V(WARNING, NET_SSL_TAG, "key-ctx(%p), cert-ctx(%p)", ecdsa, eckey);
1112 OIC_LOG_V(INFO, NET_SSL_TAG, "loaded key is not one of eckey type [%d]", ktype);
1117 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to call g_setupPkContextCallback [%d]", ret);
1122 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
1126 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1129 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
1132 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1135 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
1140 count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
1143 OIC_LOG(WARNING, NET_SSL_TAG, "CA chain in svr db was not parsed");
1144 OIC_LOG(WARNING, NET_SSL_TAG, " but if working as server, chain not required");
1145 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1150 OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
1153 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
1156 OIC_LOG(WARNING, NET_SSL_TAG, "CRL in svr db was not parsed");
1157 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
1161 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
1162 &g_caSslContext->ca, &g_caSslContext->crl);
1165 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1172 * @param[in] notUsed opaque context
1173 * @param[in] ssl mbedTLS context
1174 * @param[in] desc identity
1175 * @param[in] descLen identity length
1177 * @return 0 on success any other return value will result in a denied PSK identity
1179 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
1180 const unsigned char * desc, size_t descLen)
1182 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1183 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
1184 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
1185 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
1186 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
1188 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
1192 uint8_t keyBuf[PSK_LENGTH] = {0};
1194 // Retrieve the credentials blob from security module
1195 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
1198 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
1199 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
1200 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
1201 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
1203 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1204 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
1206 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
1211 * Gets session corresponding for endpoint.
1213 * @param[in] peer remote address
1215 * @return TLS session or NULL
1217 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
1219 uint32_t listIndex = 0;
1220 uint32_t listLength = 0;
1221 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1222 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
1223 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1225 SslEndPoint_t *tep = NULL;
1226 listLength = u_arraylist_length(g_caSslContext->peerList);
1227 for (listIndex = 0; listIndex < listLength; listIndex++)
1229 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1235 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d] for %d adapter",
1236 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port,
1239 if((peer->adapter == tep->sep.endpoint.adapter)
1240 && (0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
1241 && (peer->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == peer->adapter))
1243 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Found Peer:[%s:%d] for %d adapter",
1244 peer->addr, peer->port, peer->adapter);
1245 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1249 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1250 peer->addr, peer->port, peer->adapter);
1251 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1255 bool CAIsExistSslPeer(const CAEndpoint_t *peer)
1257 oc_mutex_lock(g_sslContextMutex);
1258 if (NULL == g_caSslContext)
1260 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1261 oc_mutex_unlock(g_sslContextMutex);
1265 if (GetSslPeer(peer))
1267 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Exist Peer");
1268 oc_mutex_unlock(g_sslContextMutex);
1273 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Not Exist Peer");
1274 oc_mutex_unlock(g_sslContextMutex);
1280 * Gets session corresponding for endpoint.
1282 * @param[in] peer remote address
1284 * @return TLS session or NULL
1286 static SslEndPoint_t *GetSslPeerUsingUuid(const uint8_t *identity, size_t idLength)
1288 uint32_t listIndex = 0;
1289 uint32_t listLength = 0;
1290 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1291 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL", NULL);
1292 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1294 OIC_LOG(INFO, NET_SSL_TAG, "[Target UUID]");
1295 OIC_LOG_BUFFER(INFO, NET_SSL_TAG, identity, idLength);
1297 SslEndPoint_t *tep = NULL;
1298 listLength = u_arraylist_length(g_caSslContext->peerList);
1299 for (listIndex = 0; listIndex < listLength; listIndex++)
1301 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1307 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare UUID for [%s:%d]",
1308 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1310 if ((tep->sep.identity.id_length == idLength)
1311 && (0 == memcmp(identity, tep->sep.identity.id, idLength)))
1313 OIC_LOG_V(INFO, NET_SSL_TAG, "Found matched UUID in [%s:%d]",
1314 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1315 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1319 OIC_LOG(INFO, NET_SSL_TAG, "Peer not found");
1320 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1325 #ifdef MULTIPLE_OWNER
1327 * Gets CA secure endpoint info corresponding for endpoint.
1329 * @param[in] peer remote address
1331 * @return CASecureEndpoint or NULL
1333 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
1335 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1337 // TODO: Added as workaround, need to debug
1338 oc_mutex_unlock(g_sslContextMutex);
1340 oc_mutex_lock(g_sslContextMutex);
1341 if (NULL == g_caSslContext)
1343 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1344 oc_mutex_unlock(g_sslContextMutex);
1348 SslEndPoint_t* sslPeer = GetSslPeer(peer);
1351 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1352 oc_mutex_unlock(g_sslContextMutex);
1353 return &sslPeer->sep;
1356 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
1357 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1358 oc_mutex_unlock(g_sslContextMutex);
1364 * Deletes cached message.
1366 * @param[in] msg message
1368 static void DeleteCacheMessage(SslCacheMessage_t * msg)
1370 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1371 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
1376 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1379 * Deletes cached message list.
1381 * @param[in] cacheList list of cached messages
1383 static void DeleteCacheList(u_arraylist_t * cacheList)
1385 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1386 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
1387 uint32_t listIndex = 0;
1388 uint32_t listLength = 0;
1390 listLength = u_arraylist_length(cacheList);
1391 for (listIndex = 0; listIndex < listLength; listIndex++)
1393 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
1396 DeleteCacheMessage(msg);
1399 u_arraylist_free(&cacheList);
1401 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1404 * Deletes endpoint with session.
1406 * @param[in] tep endpoint with session info
1408 static void DeleteSslEndPoint(SslEndPoint_t * tep)
1410 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1411 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
1413 mbedtls_ssl_free(&tep->ssl);
1414 DeleteCacheList(tep->cacheList);
1416 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1419 * Removes endpoint session from list.
1421 * @param[in] endpoint remote address
1423 static void RemovePeerFromList(const CAEndpoint_t * endpoint)
1425 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1426 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1427 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
1428 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1429 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1431 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1436 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
1437 && (endpoint->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == endpoint->adapter))
1439 u_arraylist_remove(g_caSslContext->peerList, listIndex);
1440 OIC_LOG_V(INFO, NET_SSL_TAG, "Remove Peer:[%s:%d] for %d adapter",
1441 endpoint->addr, endpoint->port, endpoint->adapter);
1442 DeleteSslEndPoint(tep);
1443 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1447 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1448 endpoint->addr, endpoint->port, endpoint->adapter);
1449 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1452 * Deletes session list.
1454 static void DeletePeerList()
1456 OIC_LOG_V(DEBUG, NET_SSL_TAG, "%s", __func__);
1457 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1459 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1460 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1462 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1467 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1472 ret = mbedtls_ssl_close_notify(&tep->ssl);
1474 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1476 DeleteSslEndPoint(tep);
1478 u_arraylist_free(&g_caSslContext->peerList);
1481 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
1483 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1484 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1486 oc_mutex_lock(g_sslContextMutex);
1487 if (NULL == g_caSslContext)
1489 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1490 oc_mutex_unlock(g_sslContextMutex);
1491 return CA_STATUS_FAILED;
1493 SslEndPoint_t * tep = GetSslPeer(endpoint);
1496 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1497 oc_mutex_unlock(g_sslContextMutex);
1498 return CA_STATUS_FAILED;
1500 /* No error checking, the connection might be closed already */
1504 ret = mbedtls_ssl_close_notify(&tep->ssl);
1506 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1508 RemovePeerFromList(&tep->sep.endpoint);
1509 oc_mutex_unlock(g_sslContextMutex);
1511 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1512 return CA_STATUS_OK;
1516 CAResult_t CAcloseSslConnectionFreeEndpoint(CAEndpoint_t *endpoint)
1518 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1519 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1521 CAResult_t ret = CAcloseSslConnection(endpoint);
1524 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1529 CAResult_t CAcloseSslConnectionUsingUuid(const uint8_t *identity, size_t idLength)
1531 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1532 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL" , CA_STATUS_INVALID_PARAM);
1534 oc_mutex_lock(g_sslContextMutex);
1535 if (NULL == g_caSslContext)
1537 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1538 oc_mutex_unlock(g_sslContextMutex);
1539 return CA_STATUS_FAILED;
1542 SslEndPoint_t* tep = GetSslPeerUsingUuid(identity, idLength);
1545 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1546 oc_mutex_unlock(g_sslContextMutex);
1547 return CA_STATUS_FAILED;
1550 /* No error checking, the connection might be closed already */
1554 ret = mbedtls_ssl_close_notify(&tep->ssl);
1556 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1558 RemovePeerFromList(&tep->sep.endpoint);
1559 oc_mutex_unlock(g_sslContextMutex);
1561 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1562 return CA_STATUS_OK;
1565 void CAcloseSslConnectionAll(CATransportAdapter_t transportType)
1567 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1568 oc_mutex_lock(g_sslContextMutex);
1569 if (NULL == g_caSslContext)
1571 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1572 oc_mutex_unlock(g_sslContextMutex);
1576 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1577 OIC_LOG_V(INFO, NET_SSL_TAG,
1578 "Required transport [%d], peer count [%d]", transportType, listLength);
1579 for (uint32_t i = listLength; i > 0; i--)
1581 SslEndPoint_t *tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList, i - 1);
1586 OIC_LOG_V(INFO, NET_SSL_TAG, "SSL Connection [%s:%d], Transport [%d]",
1587 tep->sep.endpoint.addr, tep->sep.endpoint.port, tep->sep.endpoint.adapter);
1589 // check transport matching
1590 if (0 == (tep->sep.endpoint.adapter & transportType))
1592 OIC_LOG(DEBUG, NET_SSL_TAG, "Skip the un-matched transport session");
1596 // TODO: need to check below code after socket close is ensured.
1600 ret = mbedtls_ssl_close_notify(&tep->ssl);
1602 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);*/
1605 u_arraylist_remove(g_caSslContext->peerList, i - 1);
1606 DeleteSslEndPoint(tep);
1608 oc_mutex_unlock(g_sslContextMutex);
1610 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1614 * Creates session for endpoint.
1616 * @param[in] endpoint remote address
1617 * @param[in] config mbedTLS configuration info
1619 * @return TLS endpoint or NULL
1621 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
1623 SslEndPoint_t * tep = NULL;
1624 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1625 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
1626 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
1627 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1629 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
1632 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1636 tep->sep.endpoint = *endpoint;
1637 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
1639 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
1641 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
1643 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1647 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
1648 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
1650 mbedtls_ssl_set_timer_cb(&tep->ssl, &tep->timer,
1651 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
1652 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1654 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
1655 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
1657 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
1658 mbedtls_ssl_free(&tep->ssl);
1660 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1665 tep->cacheList = u_arraylist_create();
1666 if (NULL == tep->cacheList)
1668 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
1669 mbedtls_ssl_free(&tep->ssl);
1671 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1674 OIC_LOG_V(INFO, NET_SSL_TAG, "New [%s role] endpoint added [%s:%d]",
1675 (MBEDTLS_SSL_IS_SERVER==config->endpoint ? "server" : "client"),
1676 endpoint->addr, endpoint->port);
1677 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1681 * Initializes PSK identity.
1683 * @param[out] config client/server config to be updated
1685 * @return 0 on success or -1 on error
1687 static int InitPskIdentity(mbedtls_ssl_config * config)
1689 uint8_t keyBuf[PSK_LENGTH] = {0};
1690 uint8_t idBuf[UUID_LENGTH] = {0};
1691 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1692 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
1694 //Retrieve PSK identity from SVR DB
1695 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
1697 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
1698 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1701 //Store PSK ideneity in mbedtls_ssl_config
1702 if (0 != mbedtls_ssl_conf_psk(config, keyBuf, PSK_LENGTH, idBuf, UUID_LENGTH))
1704 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
1705 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1708 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1711 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1714 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1715 VERIFY_NON_NULL_VOID(config, NET_SSL_TAG, "Invaild param");
1716 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1717 VERIFY_NON_NULL_VOID(g_getCredentialTypesCallback, NET_SSL_TAG, "Param callback is null");
1719 //Resetting cipherFlag
1720 g_caSslContext->cipherFlag[0] = false;
1721 g_caSslContext->cipherFlag[1] = false;
1723 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1724 // Retrieve the PSK credential from SRM
1725 if (0 != InitPskIdentity(config))
1727 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1730 // Retrieve the Cert credential from SRM
1731 if (true == g_caSslContext->cipherFlag[1])
1733 int ret = InitPKIX(adapter);
1736 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1740 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1742 if (SSL_CIPHER_MAX < g_caSslContext->cipher)
1744 OIC_LOG(ERROR, NET_SSL_TAG, "Maximum ciphersuite index exceeded");
1747 // Add the preferred ciphersuite first
1748 if (SSL_CIPHER_MAX != g_caSslContext->cipher)
1750 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1751 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Preferred ciphersuite added");
1755 // Add PSK ciphersuite
1756 if (true == g_caSslContext->cipherFlag[0] &&
1757 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[g_caSslContext->cipher][0])
1759 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1760 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK ciphersuite added");
1764 // Add all certificate ciphersuites
1765 if (true == g_caSslContext->cipherFlag[1])
1767 for (unsigned int i = 0; i < SSL_CIPHER_MAX - 1; i++)
1769 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[i][0] &&
1770 i != g_caSslContext->cipher)
1772 g_cipherSuitesList[index] = tlsCipher[i][0];
1777 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1779 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1783 OIC_LOG(INFO, NET_SSL_TAG, "Supported ciphersuites:");
1784 for (int i = 0; i < index; i++)
1786 OIC_LOG_V(INFO, NET_SSL_TAG, "Ciphersuite %04x", g_cipherSuitesList[i]);
1789 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1791 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1794 * Initiate TLS handshake with endpoint.
1796 * @param[in] endpoint remote address
1798 * @return TLS endpoint or NULL
1800 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1803 SslEndPoint_t * tep = NULL;
1805 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1806 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1807 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1809 //Remove previous peer info from peer list.
1810 RemovePeerFromList(endpoint);
1812 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ||
1813 endpoint->adapter == CA_ADAPTER_GATT_BTLE ?
1814 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1815 tep = NewSslEndPoint(endpoint, config);
1818 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1822 //Load allowed SVR suites from SVR DB
1823 SetupCipher(config, endpoint->adapter);
1825 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1828 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1829 DeleteSslEndPoint(tep);
1833 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1835 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1836 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1842 OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
1843 RemovePeerFromList(&tep->sep.endpoint);
1846 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1848 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1851 #ifdef __WITH_DTLS__
1853 * Stops DTLS retransmission.
1855 static void StopRetransmit()
1859 unregisterTimer(g_caSslContext->timerId);
1860 g_caSslContext->timerId= -1;
1864 void CAdeinitSslAdapter()
1866 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1868 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1869 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1871 //Lock tlsContext mutex
1872 oc_mutex_lock(g_sslContextMutex);
1877 // De-initialize mbedTLS
1878 mbedtls_x509_crt_free(&g_caSslContext->ca);
1879 mbedtls_x509_crt_free(&g_caSslContext->crt);
1880 mbedtls_pk_free(&g_caSslContext->pkey);
1881 mbedtls_x509_crl_free(&g_caSslContext->crl);
1883 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1884 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1885 #endif // __WITH_TLS__
1886 #ifdef __WITH_DTLS__
1887 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1888 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1889 mbedtls_ssl_cookie_free(&g_caSslContext->cookieCtx);
1890 #endif // __WITH_DTLS__
1891 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1892 mbedtls_entropy_free(&g_caSslContext->entropy);
1893 #ifdef __WITH_DTLS__
1896 // De-initialize tls Context
1897 OICFree(g_caSslContext);
1898 g_caSslContext = NULL;
1900 // Delete decrypt buffer
1901 if (g_decryptBuffer)
1903 OICFree(g_decryptBuffer);
1904 g_decryptBuffer = NULL;
1907 // Unlock tlsContext mutex and de-initialize it
1908 oc_mutex_unlock(g_sslContextMutex);
1909 oc_mutex_free(g_sslContextMutex);
1910 g_sslContextMutex = NULL;
1912 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1915 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1917 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1918 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1919 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1920 mbedtls_ssl_config_init(conf);
1921 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1923 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1927 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1928 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1929 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1930 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1931 mbedtls_ssl_conf_renegotiation(conf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1932 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1933 mbedtls_ssl_conf_sig_hashes(conf, g_ssl_ordered_default_hashes);
1935 #ifdef __WITH_DTLS__
1936 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == transport &&
1937 MBEDTLS_SSL_IS_SERVER == mode)
1939 mbedtls_ssl_conf_dtls_cookies(conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
1940 &g_caSslContext->cookieCtx);
1942 #endif // __WITH_DTLS__
1944 #if !defined(NDEBUG) || defined(TB_LOG)
1945 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1946 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1948 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1951 #ifdef __WITH_DTLS__
1953 * Starts DTLS retransmission.
1955 static int StartRetransmit()
1957 uint32_t listIndex = 0;
1958 uint32_t listLength = 0;
1959 SslEndPoint_t *tep = NULL;
1961 oc_mutex_lock(g_sslContextMutex);
1962 if (NULL == g_caSslContext)
1964 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
1965 oc_mutex_unlock(g_sslContextMutex);
1968 if (g_caSslContext->timerId != -1)
1970 //clear previous timer
1971 unregisterTimer(g_caSslContext->timerId);
1973 listLength = u_arraylist_length(g_caSslContext->peerList);
1975 for (listIndex = 0; listIndex < listLength; listIndex++)
1977 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1979 || (tep->ssl.conf && MBEDTLS_SSL_TRANSPORT_STREAM == tep->ssl.conf->transport)
1980 || MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1984 OIC_LOG_V(INFO, NET_SSL_TAG, "peer #%d", (int) listIndex);
1986 int ret = mbedtls_ssl_handshake_step(&tep->ssl);
1988 if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
1991 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1993 SSL_CHECK_FAIL(tep, ret, "Retransmission", 1, CA_STATUS_FAILED,
1994 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1999 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
2000 oc_mutex_unlock(g_sslContextMutex);
2006 CAResult_t CAinitSslAdapter()
2008 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2009 // Initialize mutex for tlsContext
2010 if (NULL == g_sslContextMutex)
2012 g_sslContextMutex = oc_mutex_new();
2013 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
2017 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
2018 return CA_STATUS_OK;
2021 // Lock tlsContext mutex and create tlsContext
2022 oc_mutex_lock(g_sslContextMutex);
2023 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
2025 if (NULL == g_caSslContext)
2027 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
2028 oc_mutex_unlock(g_sslContextMutex);
2029 oc_mutex_free(g_sslContextMutex);
2030 g_sslContextMutex = NULL;
2031 return CA_MEMORY_ALLOC_FAILED;
2035 g_caSslContext->peerList = u_arraylist_create();
2037 if(NULL == g_caSslContext->peerList)
2039 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
2040 OICFree(g_caSslContext);
2041 g_caSslContext = NULL;
2042 oc_mutex_unlock(g_sslContextMutex);
2043 oc_mutex_free(g_sslContextMutex);
2044 g_sslContextMutex = NULL;
2045 return CA_STATUS_FAILED;
2048 /* Initialize TLS library
2050 #if !defined(NDEBUG) || defined(TB_LOG)
2051 char version[MBED_TLS_VERSION_LEN];
2052 mbedtls_version_get_string(version);
2053 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
2058 mbedtls_entropy_init(&g_caSslContext->entropy);
2059 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
2062 unsigned char seed[sizeof(SEED)] = {0};
2064 urandomFd = open("/dev/urandom", O_RDONLY);
2067 OIC_LOG(ERROR, NET_SSL_TAG, "Fails open /dev/urandom!");
2068 oc_mutex_unlock(g_sslContextMutex);
2069 CAdeinitSslAdapter();
2070 return CA_STATUS_FAILED;
2072 if(0 > read(urandomFd, seed, sizeof(seed)))
2074 OIC_LOG(ERROR, NET_SSL_TAG, "Fails read from /dev/urandom!");
2076 oc_mutex_unlock(g_sslContextMutex);
2077 CAdeinitSslAdapter();
2078 return CA_STATUS_FAILED;
2083 unsigned char * seed = (unsigned char*) SEED;
2085 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
2086 &g_caSslContext->entropy, seed, sizeof(SEED)))
2088 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
2089 oc_mutex_unlock(g_sslContextMutex);
2090 CAdeinitSslAdapter();
2091 return CA_STATUS_FAILED;
2093 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
2096 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
2097 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
2099 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2100 oc_mutex_unlock(g_sslContextMutex);
2101 CAdeinitSslAdapter();
2102 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2103 return CA_STATUS_FAILED;
2106 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
2107 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
2109 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2110 oc_mutex_unlock(g_sslContextMutex);
2111 CAdeinitSslAdapter();
2112 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2113 return CA_STATUS_FAILED;
2115 #endif // __WITH_TLS__
2116 #ifdef __WITH_DTLS__
2117 mbedtls_ssl_cookie_init(&g_caSslContext->cookieCtx);
2118 if (0 != mbedtls_ssl_cookie_setup(&g_caSslContext->cookieCtx, mbedtls_ctr_drbg_random,
2119 &g_caSslContext->rnd))
2121 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
2122 oc_mutex_unlock(g_sslContextMutex);
2123 CAdeinitSslAdapter();
2124 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2125 return CA_STATUS_FAILED;
2128 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
2129 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
2131 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2132 oc_mutex_unlock(g_sslContextMutex);
2133 CAdeinitSslAdapter();
2134 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2135 return CA_STATUS_FAILED;
2138 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
2139 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
2141 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2142 oc_mutex_unlock(g_sslContextMutex);
2143 CAdeinitSslAdapter();
2144 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2145 return CA_STATUS_FAILED;
2147 #endif // __WITH_DTLS__
2149 // set default cipher
2150 g_caSslContext->cipher = SSL_CIPHER_MAX;
2153 mbedtls_x509_crt_init(&g_caSslContext->ca);
2154 mbedtls_x509_crt_init(&g_caSslContext->crt);
2155 mbedtls_pk_init(&g_caSslContext->pkey);
2156 mbedtls_x509_crl_init(&g_caSslContext->crl);
2158 #ifdef __WITH_DTLS__
2159 g_caSslContext->timerId = -1;
2162 // create decrypt buffer
2163 g_decryptBuffer = (uint8_t *)OICCalloc(1, TLS_MSG_BUF_LEN);
2164 if (NULL == g_decryptBuffer)
2166 OIC_LOG(ERROR, NET_SSL_TAG, "Decrypt buffer malloc failed");
2167 oc_mutex_unlock(g_sslContextMutex);
2168 CAdeinitSslAdapter();
2169 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2170 return CA_MEMORY_ALLOC_FAILED;
2173 oc_mutex_unlock(g_sslContextMutex);
2174 #ifdef __WITH_DTLS__
2178 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2179 return CA_STATUS_OK;
2182 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
2184 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2185 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
2188 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
2189 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2192 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
2193 if (NULL == message)
2195 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2196 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2200 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
2201 if (NULL == message->data)
2203 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2205 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2208 memcpy(message->data, data, dataLen);
2209 message->len = dataLen;
2210 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2214 /* Send data via TLS connection.
2216 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
2217 void *data, uint32_t dataLen)
2221 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s ", __func__);
2223 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
2224 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
2225 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
2229 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
2230 return CA_STATUS_FAILED;
2233 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
2235 oc_mutex_lock(g_sslContextMutex);
2236 if(NULL == g_caSslContext)
2238 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2239 oc_mutex_unlock(g_sslContextMutex);
2240 return CA_STATUS_FAILED;
2243 SslEndPoint_t * tep = GetSslPeer(endpoint);
2246 tep = InitiateTlsHandshake(endpoint);
2250 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2251 oc_mutex_unlock(g_sslContextMutex);
2252 return CA_STATUS_FAILED;
2255 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
2257 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)");
2259 unsigned char *dataBuf = (unsigned char *)data;
2264 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, dataLen - written);
2267 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2269 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned 0x%x", -ret);
2270 RemovePeerFromList(&tep->sep.endpoint);
2271 oc_mutex_unlock(g_sslContextMutex);
2272 return CA_STATUS_FAILED;
2276 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2280 } while (dataLen > written);
2285 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
2286 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
2288 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2289 oc_mutex_unlock(g_sslContextMutex);
2290 return CA_STATUS_FAILED;
2294 oc_mutex_unlock(g_sslContextMutex);
2296 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2297 return CA_STATUS_OK;
2300 * Sends cached messages via TLS connection.
2302 * @param[in] tep remote address with session info
2304 static void SendCacheMessages(SslEndPoint_t * tep)
2306 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2307 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
2309 uint32_t listIndex = 0;
2310 uint32_t listLength = 0;
2311 listLength = u_arraylist_length(tep->cacheList);
2312 for (listIndex = 0; listIndex < listLength;)
2315 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
2316 if (NULL != msg && NULL != msg->data && 0 != msg->len)
2318 unsigned char *dataBuf = (unsigned char *)msg->data;
2323 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
2326 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2328 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
2333 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2337 } while (msg->len > written);
2339 if (u_arraylist_remove(tep->cacheList, listIndex))
2341 DeleteCacheMessage(msg);
2342 // Reduce list length by 1 as we removed one element.
2347 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
2353 // Move to the next element
2357 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2360 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
2362 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2363 g_sslCallback = tlsHandshakeCallback;
2364 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2368 * Check RFC4122 based UUID
2370 * @param uuidString string representation of UUID
2371 * @return true for success, otherwise false
2373 static bool CheckUuidFormat(const char uuidString[UUID_STR_SIZE])
2375 // Indexes of '-' symbols in string representation of UUID
2376 static const int dash_idxs[4] = {8,13,18,23};
2378 VERIFY_NON_NULL_RET(uuidString, NET_SSL_TAG, "uuidString is NULL" , false);
2380 // Check for '-' symbols
2381 for (int i = 0; i < 4; i++)
2383 if (uuidString[dash_idxs[i]] != '-')
2389 for (int i = 0; i < UUID_STR_SIZE; i++)
2392 if (i == dash_idxs[0] || i == dash_idxs[1] || i == dash_idxs[2] || i == dash_idxs[3])
2397 if ((uuidString[i] >= 'a' && uuidString[i] <= 'f')
2398 || (uuidString[i] >= 'A' && uuidString[i] <= 'F')
2399 || (uuidString[i] >= '0' && uuidString[i] <= '9') )
2411 * FindUuid function finds the first entry of RFC4122 based UUID
2413 * @param data pointer to unformatted data
2414 * @param size data size
2416 * @return pointer to string representation of the found UUID if success, otherwise NULL
2418 static const char* FindUuid(const char* data, size_t size)
2420 const char* result = NULL;
2422 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL" , NULL);
2423 if (size < UUID_STR_SIZE)
2425 OIC_LOG(ERROR, NET_SSL_TAG, "Buffer size is too small");
2429 const char* currentPtr = data;
2430 int currentSize = size;
2432 && (currentPtr = (const char*)memchr((const void*)++currentPtr, '-', currentSize - 1))
2433 && ((currentSize = (size - (currentPtr - data))) >= (UUID_STR_SIZE - 8)))
2435 if (currentPtr - data >= 8 && CheckUuidFormat(currentPtr - 8))
2437 result = currentPtr - 8;
2444 /* Read data from TLS connection
2446 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
2449 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
2450 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2451 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
2453 oc_mutex_lock(g_sslContextMutex);
2454 if (NULL == g_caSslContext)
2456 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2457 oc_mutex_unlock(g_sslContextMutex);
2458 return CA_STATUS_FAILED;
2461 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
2464 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2465 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2466 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2467 peer = NewSslEndPoint(&sep->endpoint, config);
2470 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
2471 oc_mutex_unlock(g_sslContextMutex);
2472 return CA_STATUS_FAILED;
2474 //Load allowed TLS suites from SVR DB
2475 SetupCipher(config, sep->endpoint.adapter);
2477 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
2480 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2482 oc_mutex_unlock(g_sslContextMutex);
2483 return CA_STATUS_FAILED;
2487 peer->recBuf.buff = data;
2488 peer->recBuf.len = dataLen;
2489 peer->recBuf.loaded = 0;
2491 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
2493 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2494 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
2499 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
2501 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
2502 mbedtls_ssl_session_reset(&peer->ssl);
2503 mbedtls_ssl_set_client_transport_id(&peer->ssl,
2504 (const unsigned char *) sep->endpoint.addr,
2505 sizeof(sep->endpoint.addr));
2506 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2508 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
2510 ((MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint) ||
2511 (MBEDTLS_SSL_IS_SERVER == peer->ssl.conf->endpoint && MBEDTLS_X509_BADCERT_MISSING != flags)))
2513 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
2514 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
2515 CA_STATUS_FAILED, GetAlertCode(flags));
2517 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2518 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
2520 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
2521 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
2523 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
2525 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
2528 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2530 SSL_RES(peer, CA_STATUS_OK);
2531 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2533 SendCacheMessages(peer);
2536 int selectedCipher = peer->ssl.session->ciphersuite;
2537 OIC_LOG_V(DEBUG, NET_SSL_TAG, "(D)TLS Session is connected via ciphersuite [0x%x]", selectedCipher);
2538 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != selectedCipher &&
2539 MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != selectedCipher)
2541 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
2542 ret = (NULL == peerCert ? -1 : 0);
2543 if (g_CertificateVerificationCallback)
2545 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
2548 g_CertificateVerificationCallback(CA_CERTIFICATE_VERIFY_SUCCESS_MUTUAL);
2550 else if (MBEDTLS_X509_BADCERT_MISSING == flags)
2552 g_CertificateVerificationCallback(CA_CERTIFICATE_VERIFY_NO_CERT);
2556 g_CertificateVerificationCallback(CA_CERTIFICATE_VERIFY_FAILED);
2559 //SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
2560 // CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
2563 const char* uuidptr = FindUuid((const char*)peerCert->subject_raw.p, peerCert->subject_raw.len);
2566 char uuid[UUID_STR_SIZE + 1] = {0};
2567 strncpy(uuid, uuidptr, UUID_STR_SIZE);
2568 uuid[UUID_STR_SIZE] = '\0';
2569 OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s" , uuid);
2570 ret = OCConvertStringToUuid(uuid, peer->sep.identity.id);
2571 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
2572 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2576 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
2581 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2583 SendCacheMessages(peer);
2585 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2586 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2587 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2589 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_REQUIRED);
2591 oc_mutex_unlock(g_sslContextMutex);
2592 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2593 return CA_STATUS_OK;
2597 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2599 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)");
2601 // flag to read again remained data
2602 bool read_more = false;
2605 if (NULL == g_decryptBuffer)
2607 OIC_LOG(ERROR, NET_SSL_TAG, "decrypt buffer is NULL");
2608 oc_mutex_unlock(g_sslContextMutex);
2609 return CA_STATUS_FAILED;
2611 memset(g_decryptBuffer, 0, TLS_MSG_BUF_LEN);
2616 ret = mbedtls_ssl_read(&peer->ssl, g_decryptBuffer, TLS_MSG_BUF_LEN);
2617 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
2619 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
2620 // TinyDTLS sends fatal close_notify alert
2621 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
2622 MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
2623 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
2625 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
2626 RemovePeerFromList(&peer->sep.endpoint);
2627 oc_mutex_unlock(g_sslContextMutex);
2628 return CA_STATUS_OK;
2633 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
2634 //SSL_RES(peer, CA_STATUS_FAILED);
2635 RemovePeerFromList(&peer->sep.endpoint);
2636 oc_mutex_unlock(g_sslContextMutex);
2637 return CA_STATUS_FAILED;
2641 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
2642 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
2645 res = g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep,
2646 g_decryptBuffer, ret);
2647 if (CA_STATUS_OK != res)
2649 OIC_LOG(ERROR, NET_SSL_TAG, "recvCallback is failed");
2650 RemovePeerFromList(&peer->sep.endpoint);
2651 oc_mutex_unlock(g_sslContextMutex);
2652 return CA_STATUS_FAILED;
2655 // check if decrypted data is remained in stream transport
2656 size_t remained = mbedtls_ssl_get_bytes_avail(&peer->ssl);
2658 MBEDTLS_SSL_TRANSPORT_STREAM == peer->ssl.conf->transport)
2660 OIC_LOG_V(DEBUG, NET_SSL_TAG, "need to read %zu bytes more", remained);
2666 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
2667 RemovePeerFromList(&peer->sep.endpoint);
2668 oc_mutex_unlock(g_sslContextMutex);
2669 return CA_STATUS_FAILED;
2672 } while (read_more);
2675 oc_mutex_unlock(g_sslContextMutex);
2676 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2677 return CA_STATUS_OK;
2680 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
2681 CAPacketSendCallback sendCallback,
2682 CATransportAdapter_t type)
2684 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2685 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
2686 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
2687 oc_mutex_lock(g_sslContextMutex);
2688 if (NULL == g_caSslContext)
2690 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2691 oc_mutex_unlock(g_sslContextMutex);
2698 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
2699 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
2701 case CA_ADAPTER_TCP:
2702 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
2703 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
2705 case CA_ADAPTER_GATT_BTLE:
2706 g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
2707 g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
2710 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
2713 oc_mutex_unlock(g_sslContextMutex);
2714 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2717 * Gets index of the TLS ciphersuite in the SslCipher_t enum.
2719 * @param[in] cipher TLS chiphersuite code
2721 * @return corresponding enum
2724 static SslCipher_t GetCipherIndex(const uint32_t cipher)
2728 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
2730 return SSL_RSA_WITH_AES_256_CBC_SHA256;
2732 case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
2734 return SSL_RSA_WITH_AES_128_GCM_SHA256;
2736 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
2738 return SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
2740 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
2742 return SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
2744 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
2746 return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
2748 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
2750 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
2752 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
2754 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
2756 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
2758 return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
2760 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
2762 return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
2764 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
2766 return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
2768 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
2770 return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
2772 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
2774 return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
2776 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
2778 return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
2782 return SSL_CIPHER_MAX;
2787 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
2789 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2790 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL context is not initialized." , CA_STATUS_NOT_INITIALIZED);
2792 SslCipher_t index = GetCipherIndex(cipher);
2793 if (SSL_CIPHER_MAX == index)
2795 OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
2800 CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
2801 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2803 #ifdef __WITH_DTLS__
2804 CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
2805 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2807 OIC_LOG_V(INFO, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
2809 g_caSslContext->cipher = index;
2811 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2812 return CA_STATUS_OK;
2815 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
2817 CAResult_t res = CA_STATUS_OK;
2818 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2819 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2820 oc_mutex_lock(g_sslContextMutex);
2821 if (NULL == InitiateTlsHandshake(endpoint))
2823 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2824 res = CA_STATUS_FAILED;
2826 oc_mutex_unlock(g_sslContextMutex);
2827 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2831 * Expands the secret into blocks of data according
2832 * to the algorithm specified in section 5 of RFC 4346
2834 * This function writes upto @p bufLen bytes into the given output buffer @p buf
2836 * @param key secret key.
2837 * @param keyLen secret key length.
2838 * @param label A PRF label.
2839 * @param labelLen Actual length of @p label.
2840 * @param random1 Random seed.
2841 * @param random1Len Actual length of @p random1 (may be zero).
2842 * @param random2 Random seed.
2843 * @param random2Len Actual length of @p random2 (may be zero).
2844 * @param buf Output buffer for generated random data.
2845 * @param bufLen Maximum size of @p buf.
2847 * @return The actual number of bytes written to @p buf or @c -1 on error.
2850 static int pHash (const unsigned char *key, size_t keyLen,
2851 const unsigned char *label, size_t labelLen,
2852 const unsigned char *random1, size_t random1Len,
2853 const unsigned char *random2, size_t random2Len,
2854 unsigned char *buf, size_t bufLen)
2856 unsigned char A[RANDOM_LEN] = {0};
2857 unsigned char tmp[RANDOM_LEN] = {0};
2858 size_t dLen; /* digest length */
2859 size_t len = 0; /* result length */
2861 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
2862 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
2863 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
2864 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
2865 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
2867 mbedtls_md_context_t hmacA;
2868 mbedtls_md_context_t hmacP;
2870 mbedtls_md_init(&hmacA);
2871 mbedtls_md_init(&hmacP);
2873 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2874 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2876 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
2877 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
2878 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
2879 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
2880 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2884 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2886 while (len + dLen < bufLen)
2888 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2889 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2890 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2891 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2892 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2893 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2895 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2899 memcpy(buf, tmp, dLen);
2902 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
2903 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
2904 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
2905 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2908 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2909 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2910 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2912 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2913 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2914 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2915 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2917 memcpy(buf, tmp, bufLen - len);
2919 mbedtls_md_free(&hmacA);
2920 mbedtls_md_free(&hmacP);
2924 mbedtls_md_free(&hmacA);
2925 mbedtls_md_free(&hmacP);
2929 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
2930 const uint8_t* label, const size_t labelLen,
2931 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
2932 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
2933 uint8_t* ownerPsk, const size_t ownerPskSize)
2935 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2936 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
2937 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
2938 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
2939 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
2940 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
2942 oc_mutex_lock(g_sslContextMutex);
2943 if (NULL == g_caSslContext)
2945 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2946 oc_mutex_unlock(g_sslContextMutex);
2947 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2948 return CA_STATUS_FAILED;
2950 SslEndPoint_t * tep = GetSslPeer(endpoint);
2953 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
2954 oc_mutex_unlock(g_sslContextMutex);
2955 return CA_STATUS_FAILED;
2958 // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
2962 int keyBlockLen = 0;
2963 if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2964 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2965 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2966 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
2968 // 2 * ( 32 + 0 + 16 ) = 96
2969 macKeyLen = SHA256_MAC_KEY_LENGTH;
2970 ivSize = CBC_IV_LENGTH;
2971 keySize = AES128_KEY_LENGTH;
2973 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
2974 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
2976 // 2 * ( 0 + 4 + 16 ) = 40
2977 macKeyLen = CCM_MAC_KEY_LENGTH;
2978 ivSize = CCM_IV_LENGTH;
2979 keySize = AES128_KEY_LENGTH;
2981 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2983 // 2 * ( 32 + 12 + 16 ) = 120
2984 macKeyLen = SHA256_MAC_KEY_LENGTH;
2985 ivSize = GCM_IV_LENGTH;
2986 keySize = AES128_KEY_LENGTH;
2988 else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
2990 // 2 * ( 32 + 0 + 32 ) = 128
2991 macKeyLen = SHA256_MAC_KEY_LENGTH;
2992 ivSize = CBC_IV_LENGTH;
2993 keySize = AES256_KEY_LENGTH;
2995 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
2997 // 2 * ( 48 + 0 + 32 ) = 160
2998 macKeyLen = SHA384_MAC_KEY_LENGTH;
2999 ivSize = CBC_IV_LENGTH;
3000 keySize = AES256_KEY_LENGTH;
3002 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
3004 // 2 * ( 48 + 12 + 32 ) = 184
3005 macKeyLen = SHA384_MAC_KEY_LENGTH;
3006 ivSize = GCM_IV_LENGTH;
3007 keySize = AES256_KEY_LENGTH;
3009 else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
3011 // 2 * ( 48 + 12 + 32 ) = 184
3012 macKeyLen = SHA256_MAC_KEY_LENGTH;
3013 ivSize = GCM_IV_LENGTH;
3014 keySize = AES128_KEY_LENGTH;
3016 keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
3018 uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
3019 if (NULL == keyblock)
3021 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
3022 oc_mutex_unlock(g_sslContextMutex);
3023 return CA_STATUS_FAILED;
3027 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
3028 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
3029 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
3030 keyblock, keyBlockLen);
3033 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
3035 oc_mutex_unlock(g_sslContextMutex);
3036 return CA_STATUS_FAILED;
3039 ret = pHash(keyblock, keyBlockLen, label, labelLen,
3040 rsrcServerDeviceId, rsrcServerDeviceIdLen,
3041 provServerDeviceId, provServerDeviceIdLen,
3042 ownerPsk, ownerPskSize);
3045 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
3047 oc_mutex_unlock(g_sslContextMutex);
3048 return CA_STATUS_FAILED;
3052 oc_mutex_unlock(g_sslContextMutex);
3054 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
3055 return CA_STATUS_OK;