1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
25 #include "ca_adapter_net_ssl.h"
27 #include "caipinterface.h"
28 #include "oic_malloc.h"
29 #include "byte_array.h"
32 // headers required for mbed TLS
33 #include "mbedtls/platform.h"
34 #include "mbedtls/ssl.h"
35 #include "mbedtls/entropy.h"
36 #include "mbedtls/ctr_drbg.h"
37 #include "mbedtls/pkcs12.h"
38 #include "mbedtls/ssl_internal.h"
40 #include "mbedtls/timing.h"
41 #include "mbedtls/ssl_cookie.h"
45 #include "mbedtls/debug.h"
46 #include "mbedtls/version.h"
50 #include <sys/types.h>
58 * @def MBED_TLS_VERSION_LEN
59 * @brief mbedTLS version string length
61 #define MBED_TLS_VERSION_LEN (16)
64 * @brief Seed for initialization RNG
66 #define SEED "IOTIVITY_RND"
69 * @brief uuid prefix in certificate subject field
71 #define UUID_PREFIX "uuid:"
74 * @brief userid prefix in certificate alternative subject name field
76 #define USERID_PREFIX "userid:"
80 * @brief Logging tag for module name
82 #define NET_SSL_TAG "OIC_CA_NET_SSL"
85 * @brief Logging tag for mbedTLS library
87 #define MBED_TLS_TAG "MBED_TLS"
89 * @def MMBED_TLS_DEBUG_LEVEL
90 * @brief Logging level for mbedTLS library
92 #define MBED_TLS_DEBUG_LEVEL (4)
95 * @def TLS_MSG_BUF_LEN
96 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
99 #define TLS_MSG_BUF_LEN (16384)
102 * @brief PSK keys max length
104 #define PSK_LENGTH (256/8)
106 * @def UUID_LENGTHPSK_LENGTH
107 * @brief Identity max length
109 #define UUID_LENGTH (128/8)
111 * @def MASTER_SECRET_LEN
112 * @brief TLS master secret length
114 #define MASTER_SECRET_LEN (48)
117 * @brief TLS client and server random bytes length
119 #define RANDOM_LEN (32)
122 * @brief PSK generated keyblock length
124 #define KEY_BLOCK_LEN (96)
126 /**@def SSL_CLOSE_NOTIFY(peer, ret)
128 * Notifies of existing \a peer about closing TLS connection.
130 * @param[in] peer remote peer
131 * @param[in] ret used internaly
133 #define SSL_CLOSE_NOTIFY(peer, ret) \
136 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
137 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
139 /**@def SSL_RES(peer, status)
141 * Sets SSL result for callback.
143 * @param[in] peer remote peer
145 #define SSL_RES(peer, status) \
148 CAErrorInfo_t errorInfo; \
149 errorInfo.result = (status); \
150 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
152 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
154 * Checks handshake result and send alert if needed.
156 * @param[in] peer remote peer
157 * @param[in] ret error code
158 * @param[in] str debug string
159 * @param[in] mutex ca mutex
160 * @param[in] return error code
161 * @param[in] msg allert message
163 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
164 if (0 != (ret) && MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
165 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
166 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
167 MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret)) \
169 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
170 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) && \
171 (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret)) \
173 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
175 SSL_RES((peer), CA_STATUS_FAILED); \
176 RemovePeerFromList(&(peer)->sep.endpoint); \
179 ca_mutex_unlock(g_sslContextMutex); \
181 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
184 /** @def CHECK_MBEDTLS_RET(f, ...)
185 * A macro that checks \a f function return code
187 * If function returns error code it goes to error processing.
189 * @param[in] f Function to call
191 #define CHECK_MBEDTLS_RET(f, ...) do { \
192 int ret = (f)(__VA_ARGS__); \
194 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
200 ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA,
201 ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
202 ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256,
203 ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
209 ADAPTER_CURVE_SECP256R1,
213 int tlsCipher[ADAPTER_CIPHER_MAX][2] =
215 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, 0},
216 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
217 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0},
218 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0}
221 static int g_cipherSuitesList[ADAPTER_CIPHER_MAX];
223 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
225 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
228 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
235 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
236 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
237 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
238 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
239 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
240 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
241 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
242 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
243 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
244 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
245 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
246 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
247 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
248 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
249 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
250 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
251 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
252 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
253 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
254 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
255 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
259 static int GetAlertCode(uint32_t flags)
261 const CrtVerifyAlert_t *cur;
263 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
265 if (flags & cur->code)
275 * Pass a message to the OIC logger.
277 * @param[in] ctx opaque context for the callback
278 * @param[in] level debug level
279 * @param[in] file file name
280 * @param[in] line line number
281 * @param[in] str message
283 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
290 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
296 * Finds the first occurrence of the byte string s in byte string l.
299 static void * memmem(const void *l, size_t lLen, const void *s, size_t sLen)
303 const char *cl = (const char *)l;
304 const char *cs = (const char *)s;
306 if (lLen == 0 || sLen == 0)
316 return memchr(l, (int)*cs, lLen);
319 last = (char *)cl + lLen - sLen;
321 for (cur = (char *)cl; cur <= last; cur++)
323 if (cur[0] == cs[0] && memcmp(cur, cs, sLen) == 0)
332 * structure to holds the information of cache message and address info.
334 typedef ByteArray_t SslCacheMessage_t;
338 * Data structure for holding the send and recv callbacks.
340 typedef struct TlsCallBacks
342 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
343 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
347 * Data structure for holding the mbedTLS interface related info.
349 typedef struct SslContext
351 u_arraylist_t *peerList; /**< peer list which holds the mapping between
352 peer id, it's n/w address and mbedTLS context. */
353 mbedtls_entropy_context entropy;
354 mbedtls_ctr_drbg_context rnd;
356 mbedtls_x509_crt crt;
357 mbedtls_pk_context pkey;
359 mbedtls_ssl_config clientTlsConf;
360 mbedtls_ssl_config serverTlsConf;
361 mbedtls_ssl_config clientDtlsConf;
362 mbedtls_ssl_config serverDtlsConf;
364 mbedtls_ssl_cookie_ctx cookie_ctx;
365 mbedtls_timing_delay_context timer;
366 #endif // __WITH_DTLS__
367 AdapterCipher_t cipher;
368 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
369 mbedtls_x509_crl crl;
376 * @var g_caSslContext
377 * @brief global context which holds tls context and cache list information.
379 static SslContext_t * g_caSslContext = NULL;
382 * @var g_getCredentialsCallback
383 * @brief callback to get TLS credentials (same as for DTLS)
385 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
387 * @var g_getCerdentilTypesCallback
388 * @brief callback to get different credential types from SRM
390 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
392 * @var g_getPkixInfoCallback
394 * @brief callback to get X.509-based Public Key Infrastructure
396 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
399 * @var g_dtlsContextMutex
400 * @brief Mutex to synchronize access to g_caSslContext.
402 static ca_mutex g_sslContextMutex = NULL;
406 * @brief callback to deliver the TLS handshake result
408 static CAErrorCallback g_sslCallback = NULL;
411 * Data structure for holding the data to be received.
413 typedef struct SslRecBuf
420 * Data structure for holding the data related to endpoint
423 typedef struct SslEndPoint
425 mbedtls_ssl_context ssl;
426 CASecureEndpoint_t sep;
427 u_arraylist_t * cacheList;
429 uint8_t master[MASTER_SECRET_LEN];
430 uint8_t random[2*RANDOM_LEN];
432 mbedtls_ssl_cookie_ctx cookieCtx;
437 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
439 // TODO Does this method needs protection of tlsContextMutex?
440 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
441 g_getCredentialsCallback = credCallback;
442 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
445 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
447 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
448 g_getPkixInfoCallback = infoCallback;
449 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
451 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
453 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
454 g_getCredentialTypesCallback = credTypesCallback;
455 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
458 static int GetAdapterIndex(CATransportAdapter_t adapter)
467 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
474 * @param[in] tep TLS endpoint
475 * @param[in] data message
476 * @param[in] dataLen message length
478 * @return message length
480 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
482 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
483 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", 0);
484 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
485 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
486 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
487 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
488 if (0 == adapterIndex || 1 == adapterIndex)
490 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
491 sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, (uint32_t) dataLen);
495 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
499 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
505 * @param[in] tep TLS endpoint
506 * @param[in] data message
507 * @param[in] dataLen message length
509 * @return read length
511 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
513 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
514 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
515 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
517 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
518 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
519 retLen = (retLen < dataLen ? retLen : dataLen);
521 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
522 recBuf->loaded += retLen;
524 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
529 * Parse chain of X.509 certificates.
531 * @param[out] crt container for X.509 certificates
532 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
533 or DER format in a jumble. Each PEM certificate must be NULL-terminated.
534 * @param[in] bufLen buffer length
536 * @return 0 on success, -1 on error
538 static int ParseChain(mbedtls_x509_crt * crt, const unsigned char * buf, int bufLen)
540 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
541 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
542 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
547 unsigned char * tmp = NULL;
549 char pemCertHeader[] = {
550 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
551 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
553 char pemCertFooter[] = {
554 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
555 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
557 size_t pemCertHeaderLen = sizeof(pemCertHeader);
558 size_t pemCertFooterLen = sizeof(pemCertFooter);
562 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
564 tmp = (unsigned char *)buf + pos + 1;
565 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
566 if (pos + len < bufLen)
568 CHECK_MBEDTLS_RET(mbedtls_x509_crt_parse_der, crt, buf + pos, len + 4);
572 else if (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen))
574 void * endPos = NULL;
575 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
578 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
579 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
582 if ((*((char*)endPos + pemCertFooterLen + 0) == 0x0d) &&
583 (*((char*)endPos + pemCertFooterLen + 1) == 0x0a) &&
584 (*((char*)endPos + pemCertFooterLen + 2) == 0x00))
586 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen + 3;
588 else if ((*((char*)endPos + pemCertFooterLen + 0) == 0x0a) &&
589 (*((char*)endPos + pemCertFooterLen + 1) == 0x00))
591 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen + 2;
595 OIC_LOG_V(ERROR, NET_SSL_TAG, "Incorrect PEM certificate ending");
596 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
599 CHECK_MBEDTLS_RET(mbedtls_x509_crt_parse, crt, buf + pos, len);
604 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, buf, bufLen);
605 OIC_LOG_V(ERROR, NET_SSL_TAG, "parseChain returned -0x%x", -ret);
606 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
610 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
617 //Loads PKIX related information from SRM
618 static int InitPKIX(CATransportAdapter_t adapter)
620 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
621 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
622 g_getPkixInfoCallback(&g_pkiInfo);
624 mbedtls_x509_crt_free(&g_caSslContext->ca);
625 mbedtls_x509_crt_free(&g_caSslContext->crt);
626 mbedtls_pk_free(&g_caSslContext->pkey);
627 mbedtls_x509_crl_free(&g_caSslContext->crl);
629 mbedtls_x509_crt_init(&g_caSslContext->ca);
630 mbedtls_x509_crt_init(&g_caSslContext->crt);
631 mbedtls_pk_init(&g_caSslContext->pkey);
632 mbedtls_x509_crl_init(&g_caSslContext->crl);
634 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ?
635 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
636 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ?
637 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
639 int ret = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len);
642 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
645 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
649 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
653 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
656 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
659 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
662 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
667 ret = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len);
670 OIC_LOG(ERROR, NET_SSL_TAG, "CA chain parsing error");
671 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
675 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
678 OIC_LOG(WARNING, NET_SSL_TAG, "CRL parsing error");
679 mbedtls_ssl_conf_ca_chain(clientConf, &g_caSslContext->ca, NULL);
680 mbedtls_ssl_conf_ca_chain(serverConf, &g_caSslContext->ca, NULL);
684 mbedtls_ssl_conf_ca_chain(clientConf, &g_caSslContext->ca, &g_caSslContext->crl);
685 mbedtls_ssl_conf_ca_chain(serverConf, &g_caSslContext->ca, &g_caSslContext->crl);
688 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
695 * @param[in] notUsed opaque context
696 * @param[in] ssl mbedTLS context
697 * @param[in] desc identity
698 * @param[in] descLen identity length
700 * @return 0 on success any other return value will result in a denied PSK identity
702 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
703 const unsigned char * desc, size_t descLen)
705 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
706 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
707 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
708 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
709 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
711 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
715 uint8_t keyBuf[PSK_LENGTH] = {0};
717 // Retrieve the credentials blob from security module
718 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
721 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
722 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
723 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
724 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
726 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
727 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
729 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
733 * Gets session corresponding for endpoint.
735 * @param[in] peer remote address
737 * @return TLS session or NULL
739 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
741 uint32_t listIndex = 0;
742 uint32_t listLength = 0;
743 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
744 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
746 SslEndPoint_t *tep = NULL;
747 listLength = u_arraylist_length(g_caSslContext->peerList);
748 for (listIndex = 0; listIndex < listLength; listIndex++)
750 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
755 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d]",
756 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port);
757 if((0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
758 && (peer->port == tep->sep.endpoint.port))
760 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
764 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
765 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
769 * Deletes cached message.
771 * @param[in] msg message
773 static void DeleteCacheMessage(SslCacheMessage_t * msg)
775 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
776 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
781 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
784 * Deletes cached message list.
786 * @param[in] cacheList list of cached messages
788 static void DeleteCacheList(u_arraylist_t * cacheList)
790 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
791 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
792 uint32_t listIndex = 0;
793 uint32_t listLength = 0;
795 listLength = u_arraylist_length(cacheList);
796 for (listIndex = 0; listIndex < listLength; listIndex++)
798 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
801 DeleteCacheMessage(msg);
804 u_arraylist_free(&cacheList);
806 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
809 * Deletes endpoint with session.
811 * @param[in] tep endpoint with session info
813 static void DeleteSslEndPoint(SslEndPoint_t * tep)
815 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
816 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
818 mbedtls_ssl_free(&tep->ssl);
820 mbedtls_ssl_cookie_free(&tep->cookieCtx);
822 DeleteCacheList(tep->cacheList);
824 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
827 * Removes endpoint session from list.
829 * @param[in] endpoint remote address
831 static void RemovePeerFromList(CAEndpoint_t * endpoint)
833 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
834 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
835 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
837 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
842 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
843 && (endpoint->port == tep->sep.endpoint.port))
845 u_arraylist_remove(g_caSslContext->peerList, listIndex);
846 DeleteSslEndPoint(tep);
852 * Deletes session list.
854 static void DeletePeerList()
856 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
857 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
859 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
864 DeleteSslEndPoint(tep);
866 u_arraylist_free(&g_caSslContext->peerList);
869 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
871 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
872 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
874 ca_mutex_lock(g_sslContextMutex);
875 if (NULL == g_caSslContext)
877 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
878 ca_mutex_unlock(g_sslContextMutex);
879 return CA_STATUS_FAILED;
881 SslEndPoint_t * tep = GetSslPeer(endpoint);
884 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
885 ca_mutex_unlock(g_sslContextMutex);
886 return CA_STATUS_FAILED;
888 /* No error checking, the connection might be closed already */
892 ret = mbedtls_ssl_close_notify(&tep->ssl);
894 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
896 RemovePeerFromList(&tep->sep.endpoint);
897 ca_mutex_unlock(g_sslContextMutex);
899 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
903 * Creates session for endpoint.
905 * @param[in] endpoint remote address
906 * @param[in] config mbedTLS configuration info
908 * @return TLS endpoint or NULL
910 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
912 SslEndPoint_t * tep = NULL;
913 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
914 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
915 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
917 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
920 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
924 tep->sep.endpoint = *endpoint;
925 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
927 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
929 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
931 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
935 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
936 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
938 mbedtls_ssl_set_timer_cb(&tep->ssl, &g_caSslContext->timer,
939 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
940 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
942 if (0 != mbedtls_ssl_cookie_setup(&tep->cookieCtx, mbedtls_ctr_drbg_random,
943 &g_caSslContext->rnd))
945 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
947 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
950 mbedtls_ssl_conf_dtls_cookies(config, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
952 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
953 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
955 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
957 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
962 tep->cacheList = u_arraylist_create();
963 if (NULL == tep->cacheList)
965 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
966 mbedtls_ssl_free(&tep->ssl);
968 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
971 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
975 * Initializes PSK identity.
977 * @param[out] config client/server config to be updated
979 * @return 0 on success or -1 on error
981 static int InitPskIdentity(mbedtls_ssl_config * config)
983 uint8_t idBuf[UUID_LENGTH] = {0};
984 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
985 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
987 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
989 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
990 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
993 if (0 != mbedtls_ssl_conf_psk(config, idBuf, 0, idBuf, UUID_LENGTH))
995 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
996 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
999 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1002 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1005 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1006 if (NULL == g_getCredentialTypesCallback)
1008 OIC_LOG(ERROR, NET_SSL_TAG, "Param callback is null");
1012 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1013 // Retrieve the PSK credential from SRM
1014 // PIN OTM if (true == g_caSslContext->cipherFlag[0] && 0 != InitPskIdentity(config))
1015 if (0 != InitPskIdentity(config))
1017 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1020 // Retrieve the ECC credential from SRM
1021 if (true == g_caSslContext->cipherFlag[1] || ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA == g_caSslContext->cipher)
1023 int ret = InitPKIX(adapter);
1026 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1030 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1031 if (ADAPTER_CIPHER_MAX != g_caSslContext->cipher)
1033 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1036 if (true == g_caSslContext->cipherFlag[1])
1038 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
1041 if (true == g_caSslContext->cipherFlag[0])
1043 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1046 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1048 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1051 * Initiate TLS handshake with endpoint.
1053 * @param[in] endpoint remote address
1055 * @return TLS endpoint or NULL
1057 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1060 SslEndPoint_t * tep = NULL;
1062 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1063 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1066 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ?
1067 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1068 tep = NewSslEndPoint(endpoint, config);
1071 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1075 //Load allowed SVR suites from SVR DB
1076 SetupCipher(config, endpoint->adapter);
1078 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Add %s:%d", tep->sep.endpoint.addr, tep->sep.endpoint.port);
1079 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1082 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1083 DeleteSslEndPoint(tep);
1087 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1089 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1090 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1094 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1096 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1100 void CAdeinitSslAdapter()
1102 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1104 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1105 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1107 //Lock tlsContext mutex
1108 ca_mutex_lock(g_sslContextMutex);
1113 // De-initialize mbedTLS
1114 mbedtls_x509_crt_free(&g_caSslContext->crt);
1115 mbedtls_pk_free(&g_caSslContext->pkey);
1117 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1118 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1119 #endif // __WITH_TLS__
1120 #ifdef __WITH_DTLS__
1121 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1122 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1123 #endif // __WITH_DTLS__
1124 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1125 mbedtls_entropy_free(&g_caSslContext->entropy);
1127 // De-initialize tls Context
1128 OICFree(g_caSslContext);
1129 g_caSslContext = NULL;
1131 // Unlock tlsContext mutex and de-initialize it
1132 ca_mutex_unlock(g_sslContextMutex);
1133 ca_mutex_free(g_sslContextMutex);
1134 g_sslContextMutex = NULL;
1136 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1139 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1141 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1142 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1143 mbedtls_ssl_config_init(conf);
1144 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1146 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1150 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1151 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1152 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1153 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1154 mbedtls_ssl_conf_renegotiation(conf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1155 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1158 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1159 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1161 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1165 CAResult_t CAinitSslAdapter()
1167 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1168 // Initialize mutex for tlsContext
1169 if (NULL == g_sslContextMutex)
1171 g_sslContextMutex = ca_mutex_new();
1172 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
1176 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
1177 return CA_STATUS_OK;
1180 // Lock tlsContext mutex and create tlsContext
1181 ca_mutex_lock(g_sslContextMutex);
1182 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1184 if (NULL == g_caSslContext)
1186 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
1187 ca_mutex_unlock(g_sslContextMutex);
1188 ca_mutex_free(g_sslContextMutex);
1189 g_sslContextMutex = NULL;
1190 return CA_MEMORY_ALLOC_FAILED;
1194 g_caSslContext->peerList = u_arraylist_create();
1196 if(NULL == g_caSslContext->peerList)
1198 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
1199 OICFree(g_caSslContext);
1200 g_caSslContext = NULL;
1201 ca_mutex_unlock(g_sslContextMutex);
1202 ca_mutex_free(g_sslContextMutex);
1203 g_sslContextMutex = NULL;
1204 return CA_STATUS_FAILED;
1207 /* Initialize TLS library
1210 char version[MBED_TLS_VERSION_LEN];
1211 mbedtls_version_get_string(version);
1212 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
1217 mbedtls_entropy_init(&g_caSslContext->entropy);
1218 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1221 unsigned char seed[sizeof(SEED)] = {0};
1223 urandomFd = open("/dev/urandom", O_RDONLY);
1226 OIC_LOG(ERROR, NET_SSL_TAG, "Fails open /dev/urandom!");
1227 ca_mutex_unlock(g_sslContextMutex);
1228 CAdeinitSslAdapter();
1229 return CA_STATUS_FAILED;
1231 if(0 > read(urandomFd, seed, sizeof(seed)))
1233 OIC_LOG(ERROR, NET_SSL_TAG, "Fails read from /dev/urandom!");
1235 ca_mutex_unlock(g_sslContextMutex);
1236 CAdeinitSslAdapter();
1237 return CA_STATUS_FAILED;
1242 unsigned char * seed = (unsigned char*) SEED;
1244 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
1245 &g_caSslContext->entropy, seed, sizeof(SEED)))
1247 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
1248 ca_mutex_unlock(g_sslContextMutex);
1249 CAdeinitSslAdapter();
1250 return CA_STATUS_FAILED;
1252 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
1255 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
1256 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
1258 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
1259 ca_mutex_unlock(g_sslContextMutex);
1260 CAdeinitSslAdapter();
1261 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1262 return CA_STATUS_FAILED;
1265 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
1266 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
1268 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
1269 ca_mutex_unlock(g_sslContextMutex);
1270 CAdeinitSslAdapter();
1271 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1272 return CA_STATUS_FAILED;
1274 #endif // __WITH_TLS__
1275 #ifdef __WITH_DTLS__
1276 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
1277 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
1279 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
1280 ca_mutex_unlock(g_sslContextMutex);
1281 CAdeinitSslAdapter();
1282 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1283 return CA_STATUS_FAILED;
1286 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
1287 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
1289 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
1290 ca_mutex_unlock(g_sslContextMutex);
1291 CAdeinitSslAdapter();
1292 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1293 return CA_STATUS_FAILED;
1295 #endif // __WITH_DTLS__
1297 // set default cipher
1298 g_caSslContext->cipher = ADAPTER_CIPHER_MAX;
1301 mbedtls_x509_crt_init(&g_caSslContext->ca);
1302 mbedtls_x509_crt_init(&g_caSslContext->crt);
1303 mbedtls_pk_init(&g_caSslContext->pkey);
1304 mbedtls_x509_crl_init(&g_caSslContext->crl);
1306 ca_mutex_unlock(g_sslContextMutex);
1308 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1309 return CA_STATUS_OK;
1312 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
1314 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1315 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
1318 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
1319 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1322 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
1323 if (NULL == message)
1325 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
1326 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1330 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
1331 if (NULL == message->data)
1333 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
1335 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1338 memcpy(message->data, data, dataLen);
1339 message->len = dataLen;
1340 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1344 /* Send data via TLS connection.
1346 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
1347 void *data, uint32_t dataLen)
1351 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s ", __func__);
1353 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
1354 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
1355 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
1359 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
1360 return CA_STATUS_FAILED;
1363 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
1365 ca_mutex_lock(g_sslContextMutex);
1366 if(NULL == g_caSslContext)
1368 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1369 ca_mutex_unlock(g_sslContextMutex);
1370 return CA_STATUS_FAILED;
1373 SslEndPoint_t * tep = GetSslPeer(endpoint);
1376 tep = InitiateTlsHandshake(endpoint);
1380 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
1381 ca_mutex_unlock(g_sslContextMutex);
1382 return CA_STATUS_FAILED;
1385 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1387 ret = mbedtls_ssl_write(&tep->ssl, (unsigned char *) data, dataLen);
1391 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write returned %d", ret);
1392 RemovePeerFromList(&tep->sep.endpoint);
1393 ca_mutex_unlock(g_sslContextMutex);
1394 return CA_STATUS_FAILED;
1399 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
1400 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
1402 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1403 ca_mutex_unlock(g_sslContextMutex);
1404 return CA_STATUS_FAILED;
1408 ca_mutex_unlock(g_sslContextMutex);
1410 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1411 return CA_STATUS_OK;
1414 * Sends cached messages via TLS connection.
1416 * @param[in] tep remote address with session info
1418 static void SendCacheMessages(SslEndPoint_t * tep)
1420 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1421 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
1423 uint32_t listIndex = 0;
1424 uint32_t listLength = 0;
1425 listLength = u_arraylist_length(tep->cacheList);
1426 for (listIndex = 0; listIndex < listLength;)
1429 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
1430 if (NULL != msg && NULL != msg->data && 0 != msg->len)
1434 ret = mbedtls_ssl_write(&tep->ssl, (unsigned char *) msg->data, msg->len);
1436 while(MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1440 OIC_LOG_V(ERROR, NET_SSL_TAG,"mbedTLS write returned %d", ret );
1442 if (u_arraylist_remove(tep->cacheList, listIndex))
1444 DeleteCacheMessage(msg);
1445 // Reduce list length by 1 as we removed one element.
1450 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
1456 // Move to the next element
1460 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1463 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
1465 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1466 g_sslCallback = tlsHandshakeCallback;
1467 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1469 // TODO move ConvertStrToUuid function to common module
1471 * Converts string UUID to CARemoteId_t
1473 * @param strUuid Device UUID in string format
1474 * @param uuid converted UUID in CARemoteId_t format
1476 * @return 0 for success.
1478 static int ConvertStrToUuid(const char* strUuid, CARemoteId_t* uuid)
1480 if(NULL == strUuid || NULL == uuid)
1482 OIC_LOG(ERROR, NET_SSL_TAG, "ConvertStrToUuid : Invalid param");
1488 size_t strUuidLen = 0;
1489 char convertedUuid[UUID_LENGTH * 2] = {0};
1491 strUuidLen = strlen(strUuid);
1494 OIC_LOG(INFO, NET_SSL_TAG, "The empty string detected, The UUID will be converted to "\
1495 "\"00000000-0000-0000-0000-000000000000\"");
1497 else if(UUID_LENGTH * 2 + 4 == strUuidLen)
1499 for(uuidIdx=0, urnIdx=0; uuidIdx < UUID_LENGTH ; uuidIdx++, urnIdx+=2)
1501 if(*(strUuid + urnIdx) == '-')
1505 sscanf(strUuid + urnIdx, "%2hhx", &convertedUuid[uuidIdx]);
1510 OIC_LOG(ERROR, NET_SSL_TAG, "Invalid string uuid format");
1514 memcpy(uuid->id, convertedUuid, UUID_LENGTH);
1515 uuid->id_length = UUID_LENGTH;
1519 /* Read data from TLS connection
1521 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
1524 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1525 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1526 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
1528 ca_mutex_lock(g_sslContextMutex);
1529 if (NULL == g_caSslContext)
1531 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1532 ca_mutex_unlock(g_sslContextMutex);
1533 return CA_STATUS_FAILED;
1537 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
1540 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ?
1541 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1542 peer = NewSslEndPoint(&sep->endpoint, config);
1545 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1546 ca_mutex_unlock(g_sslContextMutex);
1547 return CA_STATUS_FAILED;
1549 //Load allowed TLS suites from SVR DB
1550 SetupCipher(config, sep->endpoint.adapter);
1552 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
1555 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1557 ca_mutex_unlock(g_sslContextMutex);
1558 return CA_STATUS_FAILED;
1562 peer->recBuf.buff = data;
1563 peer->recBuf.len = dataLen;
1564 peer->recBuf.loaded = 0;
1566 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
1568 ret = mbedtls_ssl_handshake_step(&peer->ssl);
1569 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1574 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
1576 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
1577 mbedtls_ssl_session_reset(&peer->ssl);
1578 mbedtls_ssl_set_client_transport_id(&peer->ssl,
1579 (const unsigned char *) sep->endpoint.addr,
1580 sizeof(sep->endpoint.addr));
1581 ret = mbedtls_ssl_handshake_step(&peer->ssl);
1583 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
1586 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
1587 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
1588 CA_STATUS_FAILED, GetAlertCode(flags));
1590 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1591 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
1593 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
1594 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
1596 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
1598 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
1601 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
1603 SSL_RES(peer, CA_STATUS_OK);
1604 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
1606 SendCacheMessages(peer);
1609 if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher ||
1610 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA == g_caSslContext->selectedCipher)
1612 char uuid[UUID_LENGTH * 2 + 5] = {0};
1613 void * uuidPos = NULL;
1614 void * userIdPos = NULL;
1615 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
1616 ret = (NULL == peerCert ? -1 : 0);
1617 SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
1618 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
1619 uuidPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
1620 UUID_PREFIX, sizeof(UUID_PREFIX) - 1);
1622 if (NULL != uuidPos)
1624 memcpy(uuid, (char*) uuidPos + sizeof(UUID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
1625 ret = ConvertStrToUuid(uuid, &peer->sep.identity);
1626 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
1627 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
1631 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
1634 userIdPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
1635 USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
1636 if (NULL != userIdPos)
1638 memcpy(uuid, (char*) userIdPos + sizeof(USERID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
1639 ret = ConvertStrToUuid(uuid, &peer->sep.userId);
1640 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject alt name", 1,
1641 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
1645 OIC_LOG(WARNING, NET_SSL_TAG, "Subject alternative name not found");
1649 ca_mutex_unlock(g_sslContextMutex);
1650 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1651 return CA_STATUS_OK;
1655 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
1657 uint8_t decryptBuffer[TLS_MSG_BUF_LEN] = {0};
1660 ret = mbedtls_ssl_read(&peer->ssl, decryptBuffer, TLS_MSG_BUF_LEN);
1661 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
1663 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret)
1665 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
1666 SSL_CLOSE_NOTIFY(peer, ret);
1667 RemovePeerFromList(&peer->sep.endpoint);
1668 ca_mutex_unlock(g_sslContextMutex);
1669 return CA_STATUS_OK;
1674 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
1675 //SSL_RES(peer, CA_STATUS_FAILED);
1676 RemovePeerFromList(&peer->sep.endpoint);
1677 ca_mutex_unlock(g_sslContextMutex);
1678 return CA_STATUS_FAILED;
1680 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
1681 if (0 == adapterIndex || adapterIndex == 1)
1683 g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep, decryptBuffer, ret);
1687 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
1688 RemovePeerFromList(&peer->sep.endpoint);
1689 ca_mutex_unlock(g_sslContextMutex);
1690 return CA_STATUS_FAILED;
1694 ca_mutex_unlock(g_sslContextMutex);
1695 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1696 return CA_STATUS_OK;
1699 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
1700 CAPacketSendCallback sendCallback,
1701 CATransportAdapter_t type)
1703 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1704 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
1705 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
1706 ca_mutex_lock(g_sslContextMutex);
1707 if (NULL == g_caSslContext)
1709 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1710 ca_mutex_unlock(g_sslContextMutex);
1714 // if (MAX_SUPPORTED_ADAPTERS > type)
1719 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
1720 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
1722 case CA_ADAPTER_TCP:
1723 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
1724 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
1727 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
1731 ca_mutex_unlock(g_sslContextMutex);
1732 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1735 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
1737 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1738 VERIFY_NON_NULL_RET(g_getCredentialTypesCallback, NET_SSL_TAG, "Param callback is null", CA_STATUS_FAILED);
1739 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1742 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA:
1745 //todo check that Cred with RSA cert exists
1746 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
1747 tlsCipher[ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA]);
1748 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
1749 tlsCipher[ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA]);
1751 #ifdef __WITH_DTLS__
1752 //todo check that Cred with RSA cert exists
1753 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
1754 tlsCipher[ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA]);
1755 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
1756 tlsCipher[ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA]);
1758 g_caSslContext->cipher = ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA;
1761 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
1763 if (false == g_caSslContext->cipherFlag[1])
1765 OIC_LOG(ERROR, NET_SSL_TAG, "No Credential for ECC");
1766 return CA_STATUS_FAILED;
1769 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
1770 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
1771 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
1772 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
1774 #ifdef __WITH_DTLS__
1775 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
1776 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
1777 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
1778 tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
1780 g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
1783 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
1786 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
1787 tlsCipher[ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256]);
1788 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
1789 tlsCipher[ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256]);
1791 #ifdef __WITH_DTLS__
1792 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
1793 tlsCipher[ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256]);
1794 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
1795 tlsCipher[ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256]);
1797 g_caSslContext->cipher = ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256;
1800 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
1803 if (false == g_caSslContext->cipherFlag[0])
1805 OIC_LOG(ERROR, NET_SSL_TAG, "No Credential for PSK");
1806 return CA_STATUS_FAILED;
1810 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
1811 tlsCipher[ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256]);
1812 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
1813 tlsCipher[ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256]);
1815 #ifdef __WITH_DTLS__
1816 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
1817 tlsCipher[ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256]);
1818 mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
1819 tlsCipher[ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256]);
1821 g_caSslContext->cipher = ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1826 OIC_LOG(ERROR, NET_SSL_TAG, "Unknown cipher");
1827 return CA_STATUS_FAILED;
1830 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
1831 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1832 return CA_STATUS_OK;
1835 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
1837 CAResult_t res = CA_STATUS_OK;
1838 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1839 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1840 ca_mutex_lock(g_sslContextMutex);
1841 if (NULL == InitiateTlsHandshake(endpoint))
1843 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
1844 res = CA_STATUS_FAILED;
1846 ca_mutex_unlock(g_sslContextMutex);
1847 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1851 * Expands the secret into blocks of data according
1852 * to the algorithm specified in section 5 of RFC 4346
1854 * This function writes upto @p bufLen bytes into the given output buffer @p buf
1856 * @param key secret key.
1857 * @param keyLen secret key length.
1858 * @param label A PRF label.
1859 * @param labelLen Actual length of @p label.
1860 * @param random1 Random seed.
1861 * @param random1Len Actual length of @p random1 (may be zero).
1862 * @param random2 Random seed.
1863 * @param random2Len Actual length of @p random2 (may be zero).
1864 * @param buf Output buffer for generated random data.
1865 * @param bufLen Maximum size of @p buf.
1867 * @return The actual number of bytes written to @p buf or @c -1 on error.
1870 static int pHash (const unsigned char *key, size_t keyLen,
1871 const unsigned char *label, size_t labelLen,
1872 const unsigned char *random1, size_t random1Len,
1873 const unsigned char *random2, size_t random2Len,
1874 unsigned char *buf, size_t bufLen)
1876 unsigned char A[RANDOM_LEN] = {0};
1877 unsigned char tmp[RANDOM_LEN] = {0};
1878 size_t dLen; /* digest length */
1879 size_t len = 0; /* result length */
1881 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
1882 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
1883 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
1884 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
1885 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
1887 mbedtls_md_context_t hmacA;
1888 mbedtls_md_context_t hmacP;
1890 mbedtls_md_init(&hmacA);
1891 mbedtls_md_init(&hmacP);
1893 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
1894 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
1896 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
1897 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
1898 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
1899 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
1900 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
1904 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
1906 while (len + dLen < bufLen)
1908 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
1909 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
1910 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
1911 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
1912 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
1913 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
1915 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
1919 memcpy(buf, tmp, dLen);
1922 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
1923 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
1924 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
1925 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
1928 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
1929 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
1930 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
1932 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
1933 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
1934 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
1935 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
1937 memcpy(buf, tmp, bufLen - len);
1939 mbedtls_md_free(&hmacA);
1940 mbedtls_md_free(&hmacP);
1944 mbedtls_md_free(&hmacA);
1945 mbedtls_md_free(&hmacP);
1949 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
1950 const uint8_t* label, const size_t labelLen,
1951 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
1952 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
1953 uint8_t* ownerPsk, const size_t ownerPskSize)
1955 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1956 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
1957 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
1958 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
1959 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
1960 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
1962 ca_mutex_lock(g_sslContextMutex);
1963 if (NULL == g_caSslContext)
1965 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1966 ca_mutex_unlock(g_sslContextMutex);
1967 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1968 return CA_STATUS_FAILED;
1970 SslEndPoint_t * tep = GetSslPeer(endpoint);
1973 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1974 ca_mutex_unlock(g_sslContextMutex);
1975 return CA_STATUS_FAILED;
1978 uint8_t keyblock[KEY_BLOCK_LEN] = {0};
1980 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
1981 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
1982 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
1983 keyblock, KEY_BLOCK_LEN);
1986 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
1987 ca_mutex_unlock(g_sslContextMutex);
1988 return CA_STATUS_FAILED;
1990 ret = pHash(keyblock, sizeof(keyblock), label, labelLen,
1991 rsrcServerDeviceId, rsrcServerDeviceIdLen,
1992 provServerDeviceId, provServerDeviceIdLen,
1993 ownerPsk, ownerPskSize);
1996 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
1997 ca_mutex_unlock(g_sslContextMutex);
1998 return CA_STATUS_FAILED;
2001 ca_mutex_unlock(g_sslContextMutex);
2003 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2004 return CA_STATUS_OK;