1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
21 #define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
30 #include "ca_adapter_net_ssl.h"
32 #include "caadapterutils.h"
33 #include "cainterface.h"
34 #include "caipinterface.h"
35 #include "oic_malloc.h"
37 #include "byte_array.h"
42 // headers required for mbed TLS
43 #include "mbedtls/platform.h"
44 #include "mbedtls/ssl.h"
45 #include "mbedtls/entropy.h"
46 #include "mbedtls/ctr_drbg.h"
47 #include "mbedtls/pkcs12.h"
48 #include "mbedtls/ssl_internal.h"
49 #include "mbedtls/net.h"
51 #include "mbedtls/timing.h"
52 #include "mbedtls/ssl_cookie.h"
54 #include "pkix_interface.h"
56 #if !defined(NDEBUG) || defined(TB_LOG)
57 #include "mbedtls/debug.h"
58 #include "mbedtls/version.h"
62 #include <sys/types.h>
70 * @def MBED_TLS_VERSION_LEN
71 * @brief mbedTLS version string length
73 #define MBED_TLS_VERSION_LEN (16)
76 * @brief Seed for initialization RNG
78 #define SEED "IOTIVITY_RND"
81 * @brief uuid prefix in certificate subject field
83 #define UUID_PREFIX "uuid:"
86 * @brief userid prefix in certificate alternative subject name field
88 #define USERID_PREFIX "userid:"
92 * @brief Logging tag for module name
94 #define NET_SSL_TAG "OIC_CA_NET_SSL"
97 * @brief Logging tag for mbedTLS library
99 #define MBED_TLS_TAG "MBED_TLS"
101 * @def MMBED_TLS_DEBUG_LEVEL
102 * @brief Logging level for mbedTLS library
104 #define MBED_TLS_DEBUG_LEVEL (4)
107 * @def TLS_MSG_BUF_LEN
108 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
110 #if defined (__TIZENRT__)
111 #define TLS_MSG_BUF_LEN (2048)
113 #define TLS_MSG_BUF_LEN (16384)
118 * @brief PSK keys max length
120 #define PSK_LENGTH (256/8)
122 * @def UUID_LENGTHPSK_LENGTH
123 * @brief Identity max length
125 #define UUID_LENGTH (128/8)
127 * @def MASTER_SECRET_LEN
128 * @brief TLS master secret length
130 #define MASTER_SECRET_LEN (48)
133 * @brief TLS client and server random bytes length
135 #define RANDOM_LEN (32)
137 * @def SHA384_MAC_KEY_LENGTH
138 * @brief MAC key length for SHA384 cipher suites
140 #define SHA384_MAC_KEY_LENGTH (48)
142 * @def SHA256_MAC_KEY_LENGTH
143 * @brief MAC key length for SHA256 cipher suites
145 #define SHA256_MAC_KEY_LENGTH (32)
147 * @def CCM_MAC_KEY_LENGTH
148 * @brief MAC key length for CCM cipher suites
150 #define CCM_MAC_KEY_LENGTH (0)
152 * @def AES256_KEY_LENGTH
153 * @brief key material length for AES256 cipher suites
155 #define AES256_KEY_LENGTH (32)
157 * @def AES128_KEY_LENGTH
158 * @brief key material length for AES128 cipher suites
160 #define AES128_KEY_LENGTH (16)
163 * @brief length of nonce for GCM cipher suites
165 #define GCM_IV_LENGTH (12)
168 * @brief length of nonce for CCM cipher suites
170 #define CCM_IV_LENGTH (4)
173 * @brief length of nonce for CBC cipher suites
175 #define CBC_IV_LENGTH (0)
178 * @var RETRANSMISSION_TIME
179 * @brief Maximum timeout value (in seconds) to start DTLS retransmission.
181 #define RETRANSMISSION_TIME 1
183 /**@def SSL_CLOSE_NOTIFY(peer, ret)
185 * Notifies of existing \a peer about closing TLS connection.
187 * @param[in] peer remote peer
188 * @param[in] ret used internaly
190 #define SSL_CLOSE_NOTIFY(peer, ret) \
193 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
194 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
196 /**@def SSL_RES(peer, status)
198 * Sets SSL result for callback.
200 * @param[in] peer remote peer
202 #define SSL_RES(peer, status) \
205 CAErrorInfo_t errorInfo; \
206 errorInfo.result = (status); \
207 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
209 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
211 * Checks handshake result and send alert if needed.
213 * @param[in] peer remote peer
214 * @param[in] ret error code
215 * @param[in] str debug string
216 * @param[in] mutex ca mutex
217 * @param[in] error if code does not equal to -1 returns error code
218 * @param[in] msg allert message
220 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
221 if (0 != (ret) && MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) && \
222 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
223 MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
224 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
225 MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) && \
226 MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) && \
227 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) && \
228 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) && \
229 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) && \
230 MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) && \
231 MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) && \
232 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) && \
233 MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) && \
234 MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) && \
235 MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) && \
236 MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) && \
237 MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) && \
238 MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) && \
239 MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret)) \
241 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
242 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) && \
243 (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret)) \
245 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
247 RemovePeerFromList(&(peer)->sep.endpoint); \
250 oc_mutex_unlock(g_sslContextMutex); \
252 if ((int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int)(ret)) \
254 SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE); \
256 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
257 if (-1 != (intptr_t)error) \
263 /**@def CONF_SSL(clientConf, serverConf, fn, ...)
265 * Calls \a fn for \a clientConf and \a serverConf.
268 #define CONF_SSL(clientConf, serverConf, fn, ...) do { \
269 fn((clientConf), __VA_ARGS__); \
270 fn((serverConf), __VA_ARGS__); \
273 /** @def CHECK_MBEDTLS_RET(f, ...)
274 * A macro that checks \a f function return code
276 * If function returns error code it goes to error processing.
278 * @param[in] f Function to call
280 #define CHECK_MBEDTLS_RET(f, ...) do { \
281 int ret = (f)(__VA_ARGS__); \
283 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
289 SSL_RSA_WITH_AES_256_CBC_SHA256,
290 SSL_RSA_WITH_AES_128_GCM_SHA256,
291 SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
292 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
293 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
294 SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
295 SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
296 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
297 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
298 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
299 SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
300 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
301 SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
307 ADAPTER_CURVE_SECP256R1,
311 static const int tlsCipher[SSL_CIPHER_MAX][2] =
313 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
314 {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
315 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
316 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
317 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
318 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
319 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
320 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
321 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
322 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
323 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
324 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
325 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
328 static int g_cipherSuitesList[SSL_CIPHER_MAX];
330 static int g_ssl_ordered_default_hashes[] = {
331 #if defined(MBEDTLS_SHA256_C)
335 #if defined(MBEDTLS_SHA1_C)
341 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
343 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
346 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
353 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
354 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
355 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
356 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
357 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
358 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
359 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
360 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
361 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
362 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
363 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
364 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
365 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
366 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
367 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
368 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
369 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
370 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
371 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
372 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
373 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
377 static int GetAlertCode(uint32_t flags)
379 const CrtVerifyAlert_t *cur;
381 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
383 if (flags & cur->code)
391 #if !defined(NDEBUG) || defined(TB_LOG)
393 * Pass a message to the OIC logger.
395 * @param[in] ctx opaque context for the callback
396 * @param[in] level debug level
397 * @param[in] file file name
398 * @param[in] line line number
399 * @param[in] str message
401 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
408 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
412 #if defined(_WIN32) || defined (__TIZENRT__)
414 * Finds the first occurrence of the byte string s in byte string l.
417 static void * memmem(const void *l, size_t lLen, const void *s, size_t sLen)
421 const char *cl = (const char *)l;
422 const char *cs = (const char *)s;
424 if (lLen == 0 || sLen == 0)
434 return (void *)memchr(l, (int)*cs, lLen);
437 last = (char *)cl + lLen - sLen;
439 for (cur = (char *)cl; cur <= last; cur++)
441 if (cur[0] == cs[0] && memcmp(cur, cs, sLen) == 0)
450 * structure to holds the information of cache message and address info.
452 typedef ByteArray_t SslCacheMessage_t;
456 * Data structure for holding the send and recv callbacks.
458 typedef struct TlsCallBacks
460 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
461 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
465 * Data structure for holding the mbedTLS interface related info.
467 typedef struct SslContext
469 u_arraylist_t *peerList; /**< peer list which holds the mapping between
470 peer id, it's n/w address and mbedTLS context. */
471 mbedtls_entropy_context entropy;
472 mbedtls_ctr_drbg_context rnd;
474 mbedtls_x509_crt crt;
475 mbedtls_pk_context pkey;
477 mbedtls_ssl_config clientTlsConf;
478 mbedtls_ssl_config serverTlsConf;
479 mbedtls_ssl_config clientDtlsConf;
480 mbedtls_ssl_config serverDtlsConf;
483 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
484 mbedtls_x509_crl crl;
489 mbedtls_ssl_cookie_ctx cookieCtx;
495 * @var g_caSslContext
496 * @brief global context which holds tls context and cache list information.
498 static SslContext_t * g_caSslContext = NULL;
500 static SslExportKeysCallback_t gTlsExportKeysCallback = NULL;
502 static SslExportKeysCallback_t gDtlsExportKeysCallback = NULL;
505 * @var g_getCredentialsCallback
506 * @brief callback to get TLS credentials (same as for DTLS)
508 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
510 * @var g_getCerdentilTypesCallback
511 * @brief callback to get different credential types from SRM
513 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
515 * @var g_getPkixInfoCallback
517 * @brief callback to get X.509-based Public Key Infrastructure
519 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
522 * @var g_setupPkContextCallback
524 * @brief callback to setup PK context handler for H/W based Public Key Infrastructure
526 static CAsetupPkContextHandler g_setupPkContextCallback = NULL;
529 * @var g_dtlsContextMutex
530 * @brief Mutex to synchronize access to g_caSslContext.
532 static oc_mutex g_sslContextMutex = NULL;
536 * @brief callback to deliver the TLS handshake result
538 static CAErrorCallback g_sslCallback = NULL;
541 * Data structure for PeerCertCallback.
547 } PeerCertCallback_t;
550 * @var g_peerCertCallback
552 * @brief callback to utilize peer certificate information
554 static PeerCertCallback_t g_peerCertCallback = {NULL, NULL};
557 * @var g_decryptBuffer
558 * @brief decrypt buffer which will be used for decryption
560 static uint8_t *g_decryptBuffer = NULL;
563 * Data structure for holding the data to be received.
565 typedef struct SslRecBuf
572 * Data structure for holding the data related to endpoint
575 typedef struct SslEndPoint
577 mbedtls_ssl_context ssl;
578 CASecureEndpoint_t sep;
579 u_arraylist_t * cacheList;
581 uint8_t master[MASTER_SECRET_LEN];
582 uint8_t random[2*RANDOM_LEN];
584 mbedtls_timing_delay_context timer;
585 #endif // __WITH_DTLS__
588 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
590 // TODO Does this method needs protection of tlsContextMutex?
591 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
592 g_getCredentialsCallback = credCallback;
593 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
596 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
598 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
599 g_getPkixInfoCallback = infoCallback;
600 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
603 void CAsetSetupPkContextCallback(CAsetupPkContextHandler setupPkCtxCallback)
605 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
606 g_setupPkContextCallback = setupPkCtxCallback;
607 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
610 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
612 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
613 g_getCredentialTypesCallback = credTypesCallback;
614 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
617 static int GetAdapterIndex(CATransportAdapter_t adapter)
625 case CA_ADAPTER_GATT_BTLE:
628 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
635 * @param[in] tep TLS endpoint
636 * @param[in] data message
637 * @param[in] dataLen message length
639 * @return message length or -1 on error.
641 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
643 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
644 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", -1);
645 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", -1);
646 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
647 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
648 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
650 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
651 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
653 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
654 sentLen = sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, dataLen);
657 OIC_LOG_V(ERROR, NET_SSL_TAG, "sendCallback() is Failed(%zd)", sentLen);
660 else if ((size_t)sentLen != dataLen)
662 OIC_LOG_V(DEBUG, NET_SSL_TAG,
663 "Packet was partially sent - total/sent/remained bytes : %zd/%zu/%lu",
664 sentLen, dataLen, (dataLen - sentLen));
669 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
673 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
679 * @param[in] tep TLS endpoint
680 * @param[in] data message
681 * @param[in] dataLen message length
683 * @return read length
685 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
687 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
688 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
689 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
691 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
692 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
693 retLen = (retLen < dataLen ? retLen : dataLen);
695 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
696 recBuf->loaded += retLen;
698 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
702 static int CASslExportKeysHandler(void *p_expkey,
703 const unsigned char *ms,
704 const unsigned char *kb,
709 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
711 if (NULL == g_caSslContext)
713 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
714 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
716 if (NULL == p_expkey)
718 OIC_LOG(ERROR, NET_SSL_TAG, "Can not find the protocol information from 'p_expkey'.");
719 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
722 CASslEkcbProtocol_t* protocol = (CASslEkcbProtocol_t*)p_expkey;
724 if (gTlsExportKeysCallback && CA_SSL_EKCB_TLS == (*protocol))
726 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking TLS export key callback.");
727 gTlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
729 else if (gDtlsExportKeysCallback && CA_SSL_EKCB_DTLS == (*protocol))
731 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking DTLS export key callback.");
732 gDtlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
736 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to Invoke (D)TLS export key callback.");
737 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
740 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
744 CAResult_t CASetSslExportKeysCallback(SslExportKeysCallback_t exportKeysCb,
745 CASslEkcbProtocol_t protocol, CASslEkcbRole_t role)
747 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
748 mbedtls_ssl_config* sslConf = NULL;
749 static CASslEkcbProtocol_t protocolCtx = CA_SSL_EKCB_TLS;
751 if (CA_SSL_EKCB_TLS != protocol && CA_SSL_EKCB_DTLS != protocol)
753 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild protocol.");
754 return CA_STATUS_INVALID_PARAM;
756 if (CA_SSL_EKCB_CLIENT != role && CA_SSL_EKCB_SERVER != role)
758 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild role.");
759 return CA_STATUS_INVALID_PARAM;
762 OIC_LOG_V(DEBUG, NET_SSL_TAG, "TLS Export Key Callback Type : [%s] [%s]",
763 (CA_SSL_EKCB_TLS == protocol ? "TLS" : "DTLS"),
764 (CA_SSL_EKCB_CLIENT == role ? "Client" : "Server"));
766 oc_mutex_lock(g_sslContextMutex);
767 if (NULL == g_caSslContext)
769 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
770 oc_mutex_unlock(g_sslContextMutex);
771 return CA_STATUS_NOT_INITIALIZED;
774 if (CA_SSL_EKCB_TLS == protocol)
776 gTlsExportKeysCallback = exportKeysCb;
777 if (CA_SSL_EKCB_CLIENT == role)
779 sslConf = &g_caSslContext->clientTlsConf;
783 sslConf = &g_caSslContext->serverTlsConf;
788 gDtlsExportKeysCallback = exportKeysCb;
789 if (CA_SSL_EKCB_CLIENT == role)
791 sslConf = &g_caSslContext->clientDtlsConf;
795 sslConf = &g_caSslContext->serverDtlsConf;
798 protocolCtx = protocol;
800 if (NULL == exportKeysCb)
802 mbedtls_ssl_conf_export_keys_cb(sslConf, NULL, NULL);
803 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback unregistered.");
807 mbedtls_ssl_conf_export_keys_cb(sslConf, CASslExportKeysHandler, (void*)(&protocolCtx));
808 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback registered.");
810 oc_mutex_unlock(g_sslContextMutex);
812 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
818 * Parse chain of X.509 certificates.
820 * @param[out] crt container for X.509 certificates
821 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
822 or DER format in a jumble, delimiting symbols does not matter.
823 * @param[in] bufLen buffer length
824 * @param[in] errNum number certificates that failed to parse
826 * @return number of successfully parsed certificates or -1 on error
828 static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, size_t bufLen, int * errNum)
830 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
831 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
832 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
834 char pemCertHeader[] = {
835 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
836 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
838 char pemCertFooter[] = {
839 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
840 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
842 size_t pemCertHeaderLen = sizeof(pemCertHeader);
843 size_t pemCertFooterLen = sizeof(pemCertFooter);
846 unsigned char * tmp = NULL;
854 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
856 tmp = (unsigned char *)buf + pos + 1;
857 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
858 if (pos + len < bufLen)
860 ret = mbedtls_x509_crt_parse_der(crt, buf + pos, len + 4);
868 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse_der returned -0x%04x\n", -(ret));
873 else if ((buf + pos + pemCertHeaderLen < buf + bufLen) &&
874 (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen)))
876 void * endPos = NULL;
877 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
880 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
881 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
884 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen;
885 if (pos + len + 1 <= bufLen)
887 char con = buf[pos + len];
888 buf[pos + len] = 0x00;
889 ret = mbedtls_x509_crt_parse(crt, buf + pos, len + 1);
897 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
899 buf[pos + len] = con;
903 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
904 memcpy(lastCert, buf + pos, len);
905 lastCert[len] = 0x00;
906 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
914 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
925 OIC_LOG_V(INFO, NET_SSL_TAG, "%s successfully parsed %d certificates", __func__, count);
926 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
933 static int VerifyCertificateCallback(void *p_vrfy, mbedtls_x509_crt *crt, int depth,
937 char buf[1024] = {0};
939 if (0 != *flags) // Invalid Cerificate
942 ret = mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags);
945 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s(%d)", buf, *flags);
950 if (NULL == g_peerCertCallback.cb)
952 OIC_LOG(DEBUG, NET_SSL_TAG, "NOT SET g_peerCertCallback");
958 * depth = 0 : Own Cert.
959 * depth = 1 : Sub CA Cert.
960 * depth = 2 : Root CA Cert.
962 OIC_LOG_V(INFO, NET_SSL_TAG, "Depth : %d", depth);
964 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
965 OIC_LOG_V(DEBUG, NET_SSL_TAG, "crt : %s", buf);
967 return g_peerCertCallback.cb(g_peerCertCallback.ctx, crt, depth);
970 CAResult_t CAsetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback)
972 #ifndef __WITH_DTLS__
974 UNUSED(peerCertCallback);
975 OIC_LOG(ERROR, NET_SSL_TAG, "Not Supported");
976 return CA_NOT_SUPPORTED;
979 if (peerCertCallback)
981 OIC_LOG(DEBUG, NET_SSL_TAG, "SET peerCertCallback");
982 g_peerCertCallback.cb = peerCertCallback;
983 g_peerCertCallback.ctx = ctx;
987 OIC_LOG(DEBUG, NET_SSL_TAG, "UNSET peerCertCallback");
988 g_peerCertCallback.cb = NULL;
989 g_peerCertCallback.ctx = NULL;
994 //Loads PKIX related information from SRM
995 static int InitPKIX(CATransportAdapter_t adapter)
997 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
998 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
999 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1001 mbedtls_x509_crt_free(&g_caSslContext->ca);
1002 mbedtls_x509_crt_free(&g_caSslContext->crt);
1003 mbedtls_pk_free(&g_caSslContext->pkey);
1004 mbedtls_x509_crl_free(&g_caSslContext->crl);
1006 mbedtls_x509_crt_init(&g_caSslContext->ca);
1007 mbedtls_x509_crt_init(&g_caSslContext->crt);
1008 mbedtls_pk_init(&g_caSslContext->pkey);
1009 mbedtls_x509_crl_init(&g_caSslContext->crl);
1011 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ||
1012 adapter == CA_ADAPTER_GATT_BTLE ?
1013 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1014 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ||
1015 adapter == CA_ADAPTER_GATT_BTLE ?
1016 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1018 #ifdef __WITH_DTLS__
1020 * Conf. is initialized in CAinitSslAdapter()
1022 mbedtls_ssl_conf_verify(&g_caSslContext->clientDtlsConf, VerifyCertificateCallback, NULL);
1025 // load pk key, cert, trust chain and crl
1026 if (g_getPkixInfoCallback)
1028 OIC_LOG(INFO, NET_SSL_TAG, "g_getPkixInfoCallback will be invoked");
1029 g_getPkixInfoCallback(&g_pkiInfo);
1032 // parse own certficate (optional)
1035 int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
1038 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
1043 OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
1047 // parse private key if hw is not supported (optional)
1048 if(NULL == g_setupPkContextCallback)
1050 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback is NULL");
1051 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
1056 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback will be invoked");
1057 // setup hw pk context (optional)
1058 ret = g_setupPkContextCallback(&g_caSslContext->pkey);
1061 // setup public parameter
1062 mbedtls_pk_type_t ktype = mbedtls_pk_get_type(&g_caSslContext->pkey);
1063 if (MBEDTLS_PK_ECKEY == ktype || MBEDTLS_PK_ECKEY_DH == ktype
1064 || MBEDTLS_PK_ECDSA == ktype)
1066 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Copy ecp public param from cert, keytype [%d]", ktype);
1067 mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair*)g_caSslContext->crt.pk.pk_ctx;
1068 mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context*)g_caSslContext->pkey.pk_ctx;
1071 ret = mbedtls_ecdsa_from_keypair(ecdsa, eckey);
1074 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to copy public param [0x%x]", ret);
1079 OIC_LOG_V(WARNING, NET_SSL_TAG, "key-ctx(%p), cert-ctx(%p)", ecdsa, eckey);
1085 OIC_LOG_V(INFO, NET_SSL_TAG, "loaded key is not one of eckey type [%d]", ktype);
1090 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to call g_setupPkContextCallback [%d]", ret);
1095 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
1099 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1102 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
1105 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1108 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
1113 count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
1116 OIC_LOG(WARNING, NET_SSL_TAG, "CA chain in svr db was not parsed");
1117 OIC_LOG(WARNING, NET_SSL_TAG, " but if working as server, chain not required");
1118 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1123 OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
1126 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
1129 OIC_LOG(WARNING, NET_SSL_TAG, "CRL in svr db was not parsed");
1130 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
1134 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
1135 &g_caSslContext->ca, &g_caSslContext->crl);
1138 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1145 * @param[in] notUsed opaque context
1146 * @param[in] ssl mbedTLS context
1147 * @param[in] desc identity
1148 * @param[in] descLen identity length
1150 * @return 0 on success any other return value will result in a denied PSK identity
1152 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
1153 const unsigned char * desc, size_t descLen)
1155 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1156 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
1157 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
1158 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
1159 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
1161 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
1165 uint8_t keyBuf[PSK_LENGTH] = {0};
1167 // Retrieve the credentials blob from security module
1168 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
1171 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
1172 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
1173 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
1174 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
1176 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1177 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
1179 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
1184 * Gets session corresponding for endpoint.
1186 * @param[in] peer remote address
1188 * @return TLS session or NULL
1190 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
1192 uint32_t listIndex = 0;
1193 uint32_t listLength = 0;
1194 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1195 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
1196 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1198 SslEndPoint_t *tep = NULL;
1199 listLength = u_arraylist_length(g_caSslContext->peerList);
1200 for (listIndex = 0; listIndex < listLength; listIndex++)
1202 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1208 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d] for %d adapter",
1209 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port,
1212 if((peer->adapter == tep->sep.endpoint.adapter)
1213 && (0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
1214 && (peer->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == peer->adapter))
1216 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Found Peer:[%s:%d] for %d adapter",
1217 peer->addr, peer->port, peer->adapter);
1218 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1222 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1223 peer->addr, peer->port, peer->adapter);
1224 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1228 bool CAIsExistSslPeer(const CAEndpoint_t *peer)
1230 oc_mutex_lock(g_sslContextMutex);
1231 if (NULL == g_caSslContext)
1233 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1234 oc_mutex_unlock(g_sslContextMutex);
1238 if (GetSslPeer(peer))
1240 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Exist Peer");
1241 oc_mutex_unlock(g_sslContextMutex);
1246 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Not Exist Peer");
1247 oc_mutex_unlock(g_sslContextMutex);
1253 * Gets session corresponding for endpoint.
1255 * @param[in] peer remote address
1257 * @return TLS session or NULL
1259 static SslEndPoint_t *GetSslPeerUsingUuid(const uint8_t *identity, size_t idLength)
1261 uint32_t listIndex = 0;
1262 uint32_t listLength = 0;
1263 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1264 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL", NULL);
1265 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1267 OIC_LOG(INFO, NET_SSL_TAG, "[Target UUID]");
1268 OIC_LOG_BUFFER(INFO, NET_SSL_TAG, identity, idLength);
1270 SslEndPoint_t *tep = NULL;
1271 listLength = u_arraylist_length(g_caSslContext->peerList);
1272 for (listIndex = 0; listIndex < listLength; listIndex++)
1274 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1280 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare UUID for [%s:%d]",
1281 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1283 if ((tep->sep.identity.id_length == idLength)
1284 && (0 == memcmp(identity, tep->sep.identity.id, idLength)))
1286 OIC_LOG_V(INFO, NET_SSL_TAG, "Found matched UUID in [%s:%d]",
1287 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1288 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1292 OIC_LOG(INFO, NET_SSL_TAG, "Peer not found");
1293 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1298 #ifdef MULTIPLE_OWNER
1300 * Gets CA secure endpoint info corresponding for endpoint.
1302 * @param[in] peer remote address
1304 * @return CASecureEndpoint or NULL
1306 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
1308 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1310 // TODO: Added as workaround, need to debug
1311 oc_mutex_unlock(g_sslContextMutex);
1313 oc_mutex_lock(g_sslContextMutex);
1314 if (NULL == g_caSslContext)
1316 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1317 oc_mutex_unlock(g_sslContextMutex);
1321 SslEndPoint_t* sslPeer = GetSslPeer(peer);
1324 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1325 oc_mutex_unlock(g_sslContextMutex);
1326 return &sslPeer->sep;
1329 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
1330 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1331 oc_mutex_unlock(g_sslContextMutex);
1337 * Deletes cached message.
1339 * @param[in] msg message
1341 static void DeleteCacheMessage(SslCacheMessage_t * msg)
1343 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1344 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
1349 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1352 * Deletes cached message list.
1354 * @param[in] cacheList list of cached messages
1356 static void DeleteCacheList(u_arraylist_t * cacheList)
1358 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1359 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
1360 uint32_t listIndex = 0;
1361 uint32_t listLength = 0;
1363 listLength = u_arraylist_length(cacheList);
1364 for (listIndex = 0; listIndex < listLength; listIndex++)
1366 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
1369 DeleteCacheMessage(msg);
1372 u_arraylist_free(&cacheList);
1374 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1377 * Deletes endpoint with session.
1379 * @param[in] tep endpoint with session info
1381 static void DeleteSslEndPoint(SslEndPoint_t * tep)
1383 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1384 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
1386 mbedtls_ssl_free(&tep->ssl);
1387 DeleteCacheList(tep->cacheList);
1389 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1392 * Removes endpoint session from list.
1394 * @param[in] endpoint remote address
1396 static void RemovePeerFromList(const CAEndpoint_t * endpoint)
1398 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1399 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1400 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
1401 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1402 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1404 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1409 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
1410 && (endpoint->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == endpoint->adapter))
1412 u_arraylist_remove(g_caSslContext->peerList, listIndex);
1413 DeleteSslEndPoint(tep);
1414 OIC_LOG_V(INFO, NET_SSL_TAG, "Remove Peer:[%s:%d] for %d adapter",
1415 endpoint->addr, endpoint->port, endpoint->adapter);
1416 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1420 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1421 endpoint->addr, endpoint->port, endpoint->adapter);
1422 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1425 * Deletes session list.
1427 static void DeletePeerList()
1429 OIC_LOG_V(DEBUG, NET_SSL_TAG, "%s", __func__);
1430 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1432 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1433 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1435 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1440 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1445 ret = mbedtls_ssl_close_notify(&tep->ssl);
1447 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1449 DeleteSslEndPoint(tep);
1451 u_arraylist_free(&g_caSslContext->peerList);
1454 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
1456 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1457 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1459 oc_mutex_lock(g_sslContextMutex);
1460 if (NULL == g_caSslContext)
1462 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1463 oc_mutex_unlock(g_sslContextMutex);
1464 return CA_STATUS_FAILED;
1466 SslEndPoint_t * tep = GetSslPeer(endpoint);
1469 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1470 oc_mutex_unlock(g_sslContextMutex);
1471 return CA_STATUS_FAILED;
1473 /* No error checking, the connection might be closed already */
1477 ret = mbedtls_ssl_close_notify(&tep->ssl);
1479 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1481 RemovePeerFromList(&tep->sep.endpoint);
1482 oc_mutex_unlock(g_sslContextMutex);
1484 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1485 return CA_STATUS_OK;
1488 CAResult_t CAcloseSslConnectionUsingUuid(const uint8_t *identity, size_t idLength)
1490 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1491 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL" , CA_STATUS_INVALID_PARAM);
1493 oc_mutex_lock(g_sslContextMutex);
1494 if (NULL == g_caSslContext)
1496 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1497 oc_mutex_unlock(g_sslContextMutex);
1498 return CA_STATUS_FAILED;
1501 SslEndPoint_t* tep = GetSslPeerUsingUuid(identity, idLength);
1504 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1505 oc_mutex_unlock(g_sslContextMutex);
1506 return CA_STATUS_FAILED;
1509 /* No error checking, the connection might be closed already */
1513 ret = mbedtls_ssl_close_notify(&tep->ssl);
1515 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1517 RemovePeerFromList(&tep->sep.endpoint);
1518 oc_mutex_unlock(g_sslContextMutex);
1520 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1521 return CA_STATUS_OK;
1524 void CAcloseSslConnectionAll(CATransportAdapter_t transportType)
1526 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1527 oc_mutex_lock(g_sslContextMutex);
1528 if (NULL == g_caSslContext)
1530 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1531 oc_mutex_unlock(g_sslContextMutex);
1535 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1536 OIC_LOG_V(INFO, NET_SSL_TAG,
1537 "Required transport [%d], peer count [%d]", transportType, listLength);
1538 for (uint32_t i = listLength; i > 0; i--)
1540 SslEndPoint_t *tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList, i - 1);
1545 OIC_LOG_V(INFO, NET_SSL_TAG, "SSL Connection [%s:%d], Transport [%d]",
1546 tep->sep.endpoint.addr, tep->sep.endpoint.port, tep->sep.endpoint.adapter);
1548 // check transport matching
1549 if (0 == (tep->sep.endpoint.adapter & transportType))
1551 OIC_LOG(DEBUG, NET_SSL_TAG, "Skip the un-matched transport session");
1555 // TODO: need to check below code after socket close is ensured.
1559 ret = mbedtls_ssl_close_notify(&tep->ssl);
1561 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);*/
1564 u_arraylist_remove(g_caSslContext->peerList, i - 1);
1565 DeleteSslEndPoint(tep);
1567 oc_mutex_unlock(g_sslContextMutex);
1569 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1573 * Creates session for endpoint.
1575 * @param[in] endpoint remote address
1576 * @param[in] config mbedTLS configuration info
1578 * @return TLS endpoint or NULL
1580 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
1582 SslEndPoint_t * tep = NULL;
1583 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1584 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
1585 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
1586 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1588 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
1591 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1595 tep->sep.endpoint = *endpoint;
1596 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
1598 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
1600 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
1602 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1606 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
1607 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
1609 mbedtls_ssl_set_timer_cb(&tep->ssl, &tep->timer,
1610 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
1611 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1613 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
1614 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
1616 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
1617 mbedtls_ssl_free(&tep->ssl);
1619 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1624 tep->cacheList = u_arraylist_create();
1625 if (NULL == tep->cacheList)
1627 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
1628 mbedtls_ssl_free(&tep->ssl);
1630 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1633 OIC_LOG_V(INFO, NET_SSL_TAG, "New [%s role] endpoint added [%s:%d]",
1634 (MBEDTLS_SSL_IS_SERVER==config->endpoint ? "server" : "client"),
1635 endpoint->addr, endpoint->port);
1636 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1640 * Initializes PSK identity.
1642 * @param[out] config client/server config to be updated
1644 * @return 0 on success or -1 on error
1646 static int InitPskIdentity(mbedtls_ssl_config * config)
1648 uint8_t keyBuf[PSK_LENGTH] = {0};
1649 uint8_t idBuf[UUID_LENGTH] = {0};
1650 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1651 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
1653 //Retrieve PSK identity from SVR DB
1654 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
1656 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
1657 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1660 //Store PSK ideneity in mbedtls_ssl_config
1661 if (0 != mbedtls_ssl_conf_psk(config, keyBuf, PSK_LENGTH, idBuf, UUID_LENGTH))
1663 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
1664 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1667 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1670 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1673 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1674 VERIFY_NON_NULL_VOID(config, NET_SSL_TAG, "Invaild param");
1675 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1676 VERIFY_NON_NULL_VOID(g_getCredentialTypesCallback, NET_SSL_TAG, "Param callback is null");
1678 //Resetting cipherFlag
1679 g_caSslContext->cipherFlag[0] = false;
1680 g_caSslContext->cipherFlag[1] = false;
1682 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1683 // Retrieve the PSK credential from SRM
1684 if (0 != InitPskIdentity(config))
1686 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1689 // Retrieve the Cert credential from SRM
1690 if (true == g_caSslContext->cipherFlag[1])
1692 int ret = InitPKIX(adapter);
1695 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1699 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1701 // Add the preferred ciphersuite first
1702 if (SSL_CIPHER_MAX != g_caSslContext->cipher)
1704 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1705 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Preferred ciphersuite added");
1709 // Add PSK ciphersuite
1710 if (true == g_caSslContext->cipherFlag[0] &&
1711 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[g_caSslContext->cipher][0])
1713 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1714 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK ciphersuite added");
1718 // Add all certificate ciphersuites
1719 if (true == g_caSslContext->cipherFlag[1])
1721 for (unsigned int i = 0; i < SSL_CIPHER_MAX - 1; i++)
1723 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[i][0] &&
1724 i != g_caSslContext->cipher)
1726 g_cipherSuitesList[index] = tlsCipher[i][0];
1731 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1733 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1737 OIC_LOG(INFO, NET_SSL_TAG, "Supported ciphersuites:");
1738 for (int i = 0; i < index; i++)
1740 OIC_LOG_V(INFO, NET_SSL_TAG, "Ciphersuite %04x", g_cipherSuitesList[i]);
1743 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1745 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1748 * Initiate TLS handshake with endpoint.
1750 * @param[in] endpoint remote address
1752 * @return TLS endpoint or NULL
1754 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1757 SslEndPoint_t * tep = NULL;
1759 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1760 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1761 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1763 //Remove previous peer info from peer list.
1764 RemovePeerFromList(endpoint);
1766 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ||
1767 endpoint->adapter == CA_ADAPTER_GATT_BTLE ?
1768 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1769 tep = NewSslEndPoint(endpoint, config);
1772 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1776 //Load allowed SVR suites from SVR DB
1777 SetupCipher(config, endpoint->adapter);
1779 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1782 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1783 DeleteSslEndPoint(tep);
1787 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1789 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1790 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1796 OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
1797 RemovePeerFromList(&tep->sep.endpoint);
1800 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1802 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1805 #ifdef __WITH_DTLS__
1807 * Stops DTLS retransmission.
1809 static void StopRetransmit()
1813 unregisterTimer(g_caSslContext->timerId);
1814 g_caSslContext->timerId= -1;
1818 void CAdeinitSslAdapter()
1820 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1822 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1823 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1825 //Lock tlsContext mutex
1826 oc_mutex_lock(g_sslContextMutex);
1831 // De-initialize mbedTLS
1832 mbedtls_x509_crt_free(&g_caSslContext->ca);
1833 mbedtls_x509_crt_free(&g_caSslContext->crt);
1834 mbedtls_pk_free(&g_caSslContext->pkey);
1835 mbedtls_x509_crl_free(&g_caSslContext->crl);
1837 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1838 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1839 #endif // __WITH_TLS__
1840 #ifdef __WITH_DTLS__
1841 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1842 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1843 mbedtls_ssl_cookie_free(&g_caSslContext->cookieCtx);
1844 #endif // __WITH_DTLS__
1845 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1846 mbedtls_entropy_free(&g_caSslContext->entropy);
1847 #ifdef __WITH_DTLS__
1850 // De-initialize tls Context
1851 OICFree(g_caSslContext);
1852 g_caSslContext = NULL;
1854 // Delete decrypt buffer
1855 if (g_decryptBuffer)
1857 OICFree(g_decryptBuffer);
1858 g_decryptBuffer = NULL;
1861 // Unlock tlsContext mutex and de-initialize it
1862 oc_mutex_unlock(g_sslContextMutex);
1863 oc_mutex_free(g_sslContextMutex);
1864 g_sslContextMutex = NULL;
1866 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1869 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1871 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1872 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1873 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1874 mbedtls_ssl_config_init(conf);
1875 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1877 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1881 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1882 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1883 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1884 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1885 mbedtls_ssl_conf_renegotiation(conf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1886 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1887 mbedtls_ssl_conf_sig_hashes(conf, g_ssl_ordered_default_hashes);
1889 #ifdef __WITH_DTLS__
1890 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == transport &&
1891 MBEDTLS_SSL_IS_SERVER == mode)
1893 mbedtls_ssl_conf_dtls_cookies(conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
1894 &g_caSslContext->cookieCtx);
1896 #endif // __WITH_DTLS__
1898 #if !defined(NDEBUG) || defined(TB_LOG)
1899 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1900 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1902 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1905 #ifdef __WITH_DTLS__
1907 * Starts DTLS retransmission.
1909 static int StartRetransmit()
1911 uint32_t listIndex = 0;
1912 uint32_t listLength = 0;
1913 SslEndPoint_t *tep = NULL;
1915 oc_mutex_lock(g_sslContextMutex);
1916 if (NULL == g_caSslContext)
1918 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
1919 oc_mutex_unlock(g_sslContextMutex);
1922 if (g_caSslContext->timerId != -1)
1924 //clear previous timer
1925 unregisterTimer(g_caSslContext->timerId);
1927 listLength = u_arraylist_length(g_caSslContext->peerList);
1929 for (listIndex = 0; listIndex < listLength; listIndex++)
1931 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1933 || (tep->ssl.conf && MBEDTLS_SSL_TRANSPORT_STREAM == tep->ssl.conf->transport)
1934 || MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1938 OIC_LOG_V(INFO, NET_SSL_TAG, "peer #%d", (int) listIndex);
1940 int ret = mbedtls_ssl_handshake_step(&tep->ssl);
1942 if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
1945 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1947 SSL_CHECK_FAIL(tep, ret, "Retransmission", 1, CA_STATUS_FAILED,
1948 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1953 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1954 oc_mutex_unlock(g_sslContextMutex);
1960 CAResult_t CAinitSslAdapter()
1962 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1963 // Initialize mutex for tlsContext
1964 if (NULL == g_sslContextMutex)
1966 g_sslContextMutex = oc_mutex_new();
1967 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
1971 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
1972 return CA_STATUS_OK;
1975 // Lock tlsContext mutex and create tlsContext
1976 oc_mutex_lock(g_sslContextMutex);
1977 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1979 if (NULL == g_caSslContext)
1981 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
1982 oc_mutex_unlock(g_sslContextMutex);
1983 oc_mutex_free(g_sslContextMutex);
1984 g_sslContextMutex = NULL;
1985 return CA_MEMORY_ALLOC_FAILED;
1989 g_caSslContext->peerList = u_arraylist_create();
1991 if(NULL == g_caSslContext->peerList)
1993 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
1994 OICFree(g_caSslContext);
1995 g_caSslContext = NULL;
1996 oc_mutex_unlock(g_sslContextMutex);
1997 oc_mutex_free(g_sslContextMutex);
1998 g_sslContextMutex = NULL;
1999 return CA_STATUS_FAILED;
2002 /* Initialize TLS library
2004 #if !defined(NDEBUG) || defined(TB_LOG)
2005 char version[MBED_TLS_VERSION_LEN];
2006 mbedtls_version_get_string(version);
2007 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
2012 mbedtls_entropy_init(&g_caSslContext->entropy);
2013 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
2016 unsigned char seed[sizeof(SEED)] = {0};
2018 urandomFd = open("/dev/urandom", O_RDONLY);
2021 OIC_LOG(ERROR, NET_SSL_TAG, "Fails open /dev/urandom!");
2022 oc_mutex_unlock(g_sslContextMutex);
2023 CAdeinitSslAdapter();
2024 return CA_STATUS_FAILED;
2026 if(0 > read(urandomFd, seed, sizeof(seed)))
2028 OIC_LOG(ERROR, NET_SSL_TAG, "Fails read from /dev/urandom!");
2030 oc_mutex_unlock(g_sslContextMutex);
2031 CAdeinitSslAdapter();
2032 return CA_STATUS_FAILED;
2037 unsigned char * seed = (unsigned char*) SEED;
2039 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
2040 &g_caSslContext->entropy, seed, sizeof(SEED)))
2042 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
2043 oc_mutex_unlock(g_sslContextMutex);
2044 CAdeinitSslAdapter();
2045 return CA_STATUS_FAILED;
2047 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
2050 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
2051 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
2053 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2054 oc_mutex_unlock(g_sslContextMutex);
2055 CAdeinitSslAdapter();
2056 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2057 return CA_STATUS_FAILED;
2060 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
2061 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
2063 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2064 oc_mutex_unlock(g_sslContextMutex);
2065 CAdeinitSslAdapter();
2066 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2067 return CA_STATUS_FAILED;
2069 #endif // __WITH_TLS__
2070 #ifdef __WITH_DTLS__
2071 mbedtls_ssl_cookie_init(&g_caSslContext->cookieCtx);
2072 if (0 != mbedtls_ssl_cookie_setup(&g_caSslContext->cookieCtx, mbedtls_ctr_drbg_random,
2073 &g_caSslContext->rnd))
2075 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
2076 oc_mutex_unlock(g_sslContextMutex);
2077 CAdeinitSslAdapter();
2078 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2079 return CA_STATUS_FAILED;
2082 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
2083 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
2085 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2086 oc_mutex_unlock(g_sslContextMutex);
2087 CAdeinitSslAdapter();
2088 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2089 return CA_STATUS_FAILED;
2092 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
2093 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
2095 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2096 oc_mutex_unlock(g_sslContextMutex);
2097 CAdeinitSslAdapter();
2098 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2099 return CA_STATUS_FAILED;
2101 #endif // __WITH_DTLS__
2103 // set default cipher
2104 g_caSslContext->cipher = SSL_CIPHER_MAX;
2107 mbedtls_x509_crt_init(&g_caSslContext->ca);
2108 mbedtls_x509_crt_init(&g_caSslContext->crt);
2109 mbedtls_pk_init(&g_caSslContext->pkey);
2110 mbedtls_x509_crl_init(&g_caSslContext->crl);
2112 #ifdef __WITH_DTLS__
2113 g_caSslContext->timerId = -1;
2116 // create decrypt buffer
2117 g_decryptBuffer = (uint8_t *)OICCalloc(1, TLS_MSG_BUF_LEN);
2118 if (NULL == g_decryptBuffer)
2120 OIC_LOG(ERROR, NET_SSL_TAG, "Decrypt buffer malloc failed");
2121 oc_mutex_unlock(g_sslContextMutex);
2122 CAdeinitSslAdapter();
2123 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2124 return CA_MEMORY_ALLOC_FAILED;
2127 oc_mutex_unlock(g_sslContextMutex);
2128 #ifdef __WITH_DTLS__
2132 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2133 return CA_STATUS_OK;
2136 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
2138 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2139 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
2142 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
2143 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2146 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
2147 if (NULL == message)
2149 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2150 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2154 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
2155 if (NULL == message->data)
2157 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2159 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2162 memcpy(message->data, data, dataLen);
2163 message->len = dataLen;
2164 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2168 /* Send data via TLS connection.
2170 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
2171 void *data, uint32_t dataLen)
2175 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s ", __func__);
2177 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
2178 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
2179 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
2183 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
2184 return CA_STATUS_FAILED;
2187 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
2189 oc_mutex_lock(g_sslContextMutex);
2190 if(NULL == g_caSslContext)
2192 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2193 oc_mutex_unlock(g_sslContextMutex);
2194 return CA_STATUS_FAILED;
2197 SslEndPoint_t * tep = GetSslPeer(endpoint);
2200 tep = InitiateTlsHandshake(endpoint);
2204 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2205 oc_mutex_unlock(g_sslContextMutex);
2206 return CA_STATUS_FAILED;
2209 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
2211 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)");
2213 unsigned char *dataBuf = (unsigned char *)data;
2218 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, dataLen - written);
2221 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2223 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned 0x%x", -ret);
2224 RemovePeerFromList(&tep->sep.endpoint);
2225 oc_mutex_unlock(g_sslContextMutex);
2226 return CA_STATUS_FAILED;
2230 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2234 } while (dataLen > written);
2239 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
2240 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
2242 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2243 oc_mutex_unlock(g_sslContextMutex);
2244 return CA_STATUS_FAILED;
2248 oc_mutex_unlock(g_sslContextMutex);
2250 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2251 return CA_STATUS_OK;
2254 * Sends cached messages via TLS connection.
2256 * @param[in] tep remote address with session info
2258 static void SendCacheMessages(SslEndPoint_t * tep)
2260 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2261 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
2263 uint32_t listIndex = 0;
2264 uint32_t listLength = 0;
2265 listLength = u_arraylist_length(tep->cacheList);
2266 for (listIndex = 0; listIndex < listLength;)
2269 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
2270 if (NULL != msg && NULL != msg->data && 0 != msg->len)
2272 unsigned char *dataBuf = (unsigned char *)msg->data;
2277 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
2280 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2282 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
2287 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2291 } while (msg->len > written);
2293 if (u_arraylist_remove(tep->cacheList, listIndex))
2295 DeleteCacheMessage(msg);
2296 // Reduce list length by 1 as we removed one element.
2301 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
2307 // Move to the next element
2311 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2314 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
2316 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2317 g_sslCallback = tlsHandshakeCallback;
2318 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2321 /* Read data from TLS connection
2323 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
2326 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
2327 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2328 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
2330 oc_mutex_lock(g_sslContextMutex);
2331 if (NULL == g_caSslContext)
2333 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2334 oc_mutex_unlock(g_sslContextMutex);
2335 return CA_STATUS_FAILED;
2339 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
2342 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2343 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2344 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2345 peer = NewSslEndPoint(&sep->endpoint, config);
2348 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
2349 oc_mutex_unlock(g_sslContextMutex);
2350 return CA_STATUS_FAILED;
2352 //Load allowed TLS suites from SVR DB
2353 SetupCipher(config, sep->endpoint.adapter);
2355 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
2358 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2360 oc_mutex_unlock(g_sslContextMutex);
2361 return CA_STATUS_FAILED;
2365 peer->recBuf.buff = data;
2366 peer->recBuf.len = dataLen;
2367 peer->recBuf.loaded = 0;
2369 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
2371 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2372 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
2377 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
2379 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
2380 mbedtls_ssl_session_reset(&peer->ssl);
2381 mbedtls_ssl_set_client_transport_id(&peer->ssl,
2382 (const unsigned char *) sep->endpoint.addr,
2383 sizeof(sep->endpoint.addr));
2384 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2386 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2388 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
2391 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
2392 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
2393 CA_STATUS_FAILED, GetAlertCode(flags));
2396 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2397 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
2399 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
2400 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
2402 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
2404 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
2407 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2409 SSL_RES(peer, CA_STATUS_OK);
2410 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2412 SendCacheMessages(peer);
2415 int selectedCipher = peer->ssl.session->ciphersuite;
2416 OIC_LOG_V(DEBUG, NET_SSL_TAG, "(D)TLS Session is connected via ciphersuite [0x%x]", selectedCipher);
2417 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != selectedCipher &&
2418 MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != selectedCipher)
2420 char uuid[UUID_LENGTH * 2 + 5] = {0};
2421 void * uuidPos = NULL;
2422 void * userIdPos = NULL;
2423 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
2424 ret = (NULL == peerCert ? -1 : 0);
2425 //SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
2426 // CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
2429 uuidPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
2430 UUID_PREFIX, sizeof(UUID_PREFIX) - 1);
2432 if (NULL != uuidPos)
2434 memcpy(uuid, (char*) uuidPos + sizeof(UUID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
2435 OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s" , uuid);
2436 ret = OCConvertStringToUuid(uuid, peer->sep.identity.id);
2437 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
2438 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2442 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
2445 userIdPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
2446 USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
2447 if (NULL != userIdPos)
2449 memcpy(uuid, (char*) userIdPos + sizeof(USERID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
2450 ret = OCConvertStringToUuid(uuid, peer->sep.userId.id);
2451 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject alt name", 1,
2452 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2456 OIC_LOG(WARNING, NET_SSL_TAG, "Subject alternative name not found");
2461 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2463 SendCacheMessages(peer);
2465 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2466 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2467 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2469 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_REQUIRED);
2471 oc_mutex_unlock(g_sslContextMutex);
2472 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2473 return CA_STATUS_OK;
2477 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2479 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)");
2481 // flag to read again remained data
2482 bool read_more = false;
2485 if (NULL == g_decryptBuffer)
2487 OIC_LOG(ERROR, NET_SSL_TAG, "decrypt buffer is NULL");
2488 oc_mutex_unlock(g_sslContextMutex);
2489 return CA_STATUS_FAILED;
2491 memset(g_decryptBuffer, 0, TLS_MSG_BUF_LEN);
2496 ret = mbedtls_ssl_read(&peer->ssl, g_decryptBuffer, TLS_MSG_BUF_LEN);
2497 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
2499 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
2500 // TinyDTLS sends fatal close_notify alert
2501 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
2502 MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
2503 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
2505 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
2506 RemovePeerFromList(&peer->sep.endpoint);
2507 oc_mutex_unlock(g_sslContextMutex);
2508 return CA_STATUS_OK;
2513 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
2514 //SSL_RES(peer, CA_STATUS_FAILED);
2515 RemovePeerFromList(&peer->sep.endpoint);
2516 oc_mutex_unlock(g_sslContextMutex);
2517 return CA_STATUS_FAILED;
2521 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
2522 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
2525 res = g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep,
2526 g_decryptBuffer, ret);
2527 if (CA_STATUS_OK != res)
2529 OIC_LOG(ERROR, NET_SSL_TAG, "recvCallback is failed");
2530 RemovePeerFromList(&peer->sep.endpoint);
2531 oc_mutex_unlock(g_sslContextMutex);
2532 return CA_STATUS_FAILED;
2535 // check if decrypted data is remained in stream transport
2536 size_t remained = mbedtls_ssl_get_bytes_avail(&peer->ssl);
2538 MBEDTLS_SSL_TRANSPORT_STREAM == peer->ssl.conf->transport)
2540 OIC_LOG_V(DEBUG, NET_SSL_TAG, "need to read %zu bytes more", remained);
2546 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
2547 RemovePeerFromList(&peer->sep.endpoint);
2548 oc_mutex_unlock(g_sslContextMutex);
2549 return CA_STATUS_FAILED;
2552 } while (read_more);
2555 oc_mutex_unlock(g_sslContextMutex);
2556 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2557 return CA_STATUS_OK;
2560 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
2561 CAPacketSendCallback sendCallback,
2562 CATransportAdapter_t type)
2564 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2565 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
2566 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
2567 oc_mutex_lock(g_sslContextMutex);
2568 if (NULL == g_caSslContext)
2570 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2571 oc_mutex_unlock(g_sslContextMutex);
2578 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
2579 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
2581 case CA_ADAPTER_TCP:
2582 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
2583 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
2585 case CA_ADAPTER_GATT_BTLE:
2586 g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
2587 g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
2590 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
2593 oc_mutex_unlock(g_sslContextMutex);
2594 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2597 * Gets index of the TLS ciphersuite in the SslCipher_t enum.
2599 * @param[in] cipher TLS chiphersuite code
2601 * @return corresponding enum
2604 static SslCipher_t GetCipherIndex(const uint32_t cipher)
2608 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
2610 return SSL_RSA_WITH_AES_256_CBC_SHA256;
2612 case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
2614 return SSL_RSA_WITH_AES_128_GCM_SHA256;
2616 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
2618 return SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
2620 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
2622 return SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
2624 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
2626 return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
2628 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
2630 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
2632 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
2634 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
2636 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
2638 return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
2640 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
2642 return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
2644 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
2646 return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
2648 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
2650 return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
2652 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
2654 return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
2656 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
2658 return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
2662 return SSL_CIPHER_MAX;
2667 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
2669 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2670 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL context is not initialized." , CA_STATUS_NOT_INITIALIZED);
2672 SslCipher_t index = GetCipherIndex(cipher);
2673 if (SSL_CIPHER_MAX == index)
2675 OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
2680 CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
2681 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2683 #ifdef __WITH_DTLS__
2684 CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
2685 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2687 OIC_LOG_V(INFO, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
2689 g_caSslContext->cipher = index;
2691 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2692 return CA_STATUS_OK;
2695 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
2697 CAResult_t res = CA_STATUS_OK;
2698 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2699 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2700 oc_mutex_lock(g_sslContextMutex);
2701 if (NULL == InitiateTlsHandshake(endpoint))
2703 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2704 res = CA_STATUS_FAILED;
2706 oc_mutex_unlock(g_sslContextMutex);
2707 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2711 * Expands the secret into blocks of data according
2712 * to the algorithm specified in section 5 of RFC 4346
2714 * This function writes upto @p bufLen bytes into the given output buffer @p buf
2716 * @param key secret key.
2717 * @param keyLen secret key length.
2718 * @param label A PRF label.
2719 * @param labelLen Actual length of @p label.
2720 * @param random1 Random seed.
2721 * @param random1Len Actual length of @p random1 (may be zero).
2722 * @param random2 Random seed.
2723 * @param random2Len Actual length of @p random2 (may be zero).
2724 * @param buf Output buffer for generated random data.
2725 * @param bufLen Maximum size of @p buf.
2727 * @return The actual number of bytes written to @p buf or @c -1 on error.
2730 static int pHash (const unsigned char *key, size_t keyLen,
2731 const unsigned char *label, size_t labelLen,
2732 const unsigned char *random1, size_t random1Len,
2733 const unsigned char *random2, size_t random2Len,
2734 unsigned char *buf, size_t bufLen)
2736 unsigned char A[RANDOM_LEN] = {0};
2737 unsigned char tmp[RANDOM_LEN] = {0};
2738 size_t dLen; /* digest length */
2739 size_t len = 0; /* result length */
2741 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
2742 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
2743 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
2744 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
2745 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
2747 mbedtls_md_context_t hmacA;
2748 mbedtls_md_context_t hmacP;
2750 mbedtls_md_init(&hmacA);
2751 mbedtls_md_init(&hmacP);
2753 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2754 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2756 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
2757 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
2758 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
2759 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
2760 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2764 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2766 while (len + dLen < bufLen)
2768 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2769 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2770 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2771 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2772 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2773 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2775 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2779 memcpy(buf, tmp, dLen);
2782 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
2783 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
2784 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
2785 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2788 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2789 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2790 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2792 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2793 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2794 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2795 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2797 memcpy(buf, tmp, bufLen - len);
2799 mbedtls_md_free(&hmacA);
2800 mbedtls_md_free(&hmacP);
2804 mbedtls_md_free(&hmacA);
2805 mbedtls_md_free(&hmacP);
2809 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
2810 const uint8_t* label, const size_t labelLen,
2811 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
2812 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
2813 uint8_t* ownerPsk, const size_t ownerPskSize)
2815 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2816 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
2817 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
2818 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
2819 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
2820 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
2822 oc_mutex_lock(g_sslContextMutex);
2823 if (NULL == g_caSslContext)
2825 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2826 oc_mutex_unlock(g_sslContextMutex);
2827 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2828 return CA_STATUS_FAILED;
2830 SslEndPoint_t * tep = GetSslPeer(endpoint);
2833 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
2834 oc_mutex_unlock(g_sslContextMutex);
2835 return CA_STATUS_FAILED;
2838 // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
2842 int keyBlockLen = 0;
2843 if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2844 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2845 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2846 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
2848 // 2 * ( 32 + 0 + 16 ) = 96
2849 macKeyLen = SHA256_MAC_KEY_LENGTH;
2850 ivSize = CBC_IV_LENGTH;
2851 keySize = AES128_KEY_LENGTH;
2853 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
2854 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
2856 // 2 * ( 0 + 4 + 16 ) = 40
2857 macKeyLen = CCM_MAC_KEY_LENGTH;
2858 ivSize = CCM_IV_LENGTH;
2859 keySize = AES128_KEY_LENGTH;
2861 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2863 // 2 * ( 32 + 12 + 16 ) = 120
2864 macKeyLen = SHA256_MAC_KEY_LENGTH;
2865 ivSize = GCM_IV_LENGTH;
2866 keySize = AES128_KEY_LENGTH;
2868 else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
2870 // 2 * ( 32 + 0 + 32 ) = 128
2871 macKeyLen = SHA256_MAC_KEY_LENGTH;
2872 ivSize = CBC_IV_LENGTH;
2873 keySize = AES256_KEY_LENGTH;
2875 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
2877 // 2 * ( 48 + 0 + 32 ) = 160
2878 macKeyLen = SHA384_MAC_KEY_LENGTH;
2879 ivSize = CBC_IV_LENGTH;
2880 keySize = AES256_KEY_LENGTH;
2882 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
2884 // 2 * ( 48 + 12 + 32 ) = 184
2885 macKeyLen = SHA384_MAC_KEY_LENGTH;
2886 ivSize = GCM_IV_LENGTH;
2887 keySize = AES256_KEY_LENGTH;
2889 else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2891 // 2 * ( 48 + 12 + 32 ) = 184
2892 macKeyLen = SHA256_MAC_KEY_LENGTH;
2893 ivSize = GCM_IV_LENGTH;
2894 keySize = AES128_KEY_LENGTH;
2896 keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
2898 uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
2899 if (NULL == keyblock)
2901 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
2902 oc_mutex_unlock(g_sslContextMutex);
2903 return CA_STATUS_FAILED;
2907 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
2908 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
2909 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
2910 keyblock, keyBlockLen);
2913 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2915 oc_mutex_unlock(g_sslContextMutex);
2916 return CA_STATUS_FAILED;
2919 ret = pHash(keyblock, keyBlockLen, label, labelLen,
2920 rsrcServerDeviceId, rsrcServerDeviceIdLen,
2921 provServerDeviceId, provServerDeviceIdLen,
2922 ownerPsk, ownerPskSize);
2925 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2927 oc_mutex_unlock(g_sslContextMutex);
2928 return CA_STATUS_FAILED;
2932 oc_mutex_unlock(g_sslContextMutex);
2934 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2935 return CA_STATUS_OK;