1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
21 #define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
30 #include "ca_adapter_net_ssl.h"
32 #include "caadapterutils.h"
33 #include "cainterface.h"
34 #include "caipinterface.h"
35 #include "oic_malloc.h"
37 #include "byte_array.h"
42 // headers required for mbed TLS
43 #include "mbedtls/platform.h"
44 #include "mbedtls/ssl.h"
45 #include "mbedtls/entropy.h"
46 #include "mbedtls/ctr_drbg.h"
47 #include "mbedtls/pkcs12.h"
48 #include "mbedtls/ssl_internal.h"
49 #include "mbedtls/net.h"
51 #include "mbedtls/timing.h"
52 #include "mbedtls/ssl_cookie.h"
54 #include "pkix_interface.h"
56 #if !defined(NDEBUG) || defined(TB_LOG)
57 #include "mbedtls/debug.h"
58 #include "mbedtls/version.h"
62 #include <sys/types.h>
70 * @def MBED_TLS_VERSION_LEN
71 * @brief mbedTLS version string length
73 #define MBED_TLS_VERSION_LEN (16)
76 * @brief Seed for initialization RNG
78 #define SEED "IOTIVITY_RND"
81 * @brief uuid prefix in certificate subject field
83 #define UUID_PREFIX "uuid:"
86 * @brief userid prefix in certificate alternative subject name field
88 #define USERID_PREFIX "userid:"
92 * @brief Logging tag for module name
94 #define NET_SSL_TAG "OIC_CA_NET_SSL"
97 * @brief Logging tag for mbedTLS library
99 #define MBED_TLS_TAG "MBED_TLS"
101 * @def MMBED_TLS_DEBUG_LEVEL
102 * @brief Logging level for mbedTLS library
104 #define MBED_TLS_DEBUG_LEVEL (4)
107 * @def TLS_MSG_BUF_LEN
108 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
110 #if defined (__TIZENRT__)
111 #define TLS_MSG_BUF_LEN (2048)
113 #define TLS_MSG_BUF_LEN (16384)
118 * @brief PSK keys max length
120 #define PSK_LENGTH (256/8)
122 * @def UUID_LENGTHPSK_LENGTH
123 * @brief Identity max length
125 #define UUID_LENGTH (128/8)
127 * @def MASTER_SECRET_LEN
128 * @brief TLS master secret length
130 #define MASTER_SECRET_LEN (48)
133 * @brief TLS client and server random bytes length
135 #define RANDOM_LEN (32)
137 * @def SHA384_MAC_KEY_LENGTH
138 * @brief MAC key length for SHA384 cipher suites
140 #define SHA384_MAC_KEY_LENGTH (48)
142 * @def SHA256_MAC_KEY_LENGTH
143 * @brief MAC key length for SHA256 cipher suites
145 #define SHA256_MAC_KEY_LENGTH (32)
147 * @def CCM_MAC_KEY_LENGTH
148 * @brief MAC key length for CCM cipher suites
150 #define CCM_MAC_KEY_LENGTH (0)
152 * @def AES256_KEY_LENGTH
153 * @brief key material length for AES256 cipher suites
155 #define AES256_KEY_LENGTH (32)
157 * @def AES128_KEY_LENGTH
158 * @brief key material length for AES128 cipher suites
160 #define AES128_KEY_LENGTH (16)
163 * @brief length of nonce for GCM cipher suites
165 #define GCM_IV_LENGTH (12)
168 * @brief length of nonce for CCM cipher suites
170 #define CCM_IV_LENGTH (4)
173 * @brief length of nonce for CBC cipher suites
175 #define CBC_IV_LENGTH (0)
178 * @var RETRANSMISSION_TIME
179 * @brief Maximum timeout value (in seconds) to start DTLS retransmission.
181 #define RETRANSMISSION_TIME 1
183 /**@def SSL_CLOSE_NOTIFY(peer, ret)
185 * Notifies of existing \a peer about closing TLS connection.
187 * @param[in] peer remote peer
188 * @param[in] ret used internaly
190 #define SSL_CLOSE_NOTIFY(peer, ret) \
193 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
194 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
196 /**@def SSL_RES(peer, status)
198 * Sets SSL result for callback.
200 * @param[in] peer remote peer
202 #define SSL_RES(peer, status) \
205 CAErrorInfo_t errorInfo; \
206 errorInfo.result = (status); \
207 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
209 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
211 * Checks handshake result and send alert if needed.
213 * @param[in] peer remote peer
214 * @param[in] ret error code
215 * @param[in] str debug string
216 * @param[in] mutex ca mutex
217 * @param[in] error if code does not equal to -1 returns error code
218 * @param[in] msg allert message
220 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
221 if (0 != (ret) && MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) && \
222 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
223 MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
224 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
225 MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) && \
226 MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) && \
227 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) && \
228 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) && \
229 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) && \
230 MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) && \
231 MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) && \
232 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) && \
233 MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) && \
234 MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) && \
235 MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) && \
236 MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) && \
237 MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) && \
238 MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) && \
239 MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret)) \
241 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
242 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) && \
243 (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret)) \
245 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
247 RemovePeerFromList(&(peer)->sep.endpoint); \
250 oc_mutex_unlock(g_sslContextMutex); \
252 if ((int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int)(ret)) \
254 SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE); \
256 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
257 if (-1 != (intptr_t)error) \
263 /**@def CONF_SSL(clientConf, serverConf, fn, ...)
265 * Calls \a fn for \a clientConf and \a serverConf.
268 #define CONF_SSL(clientConf, serverConf, fn, ...) do { \
269 fn((clientConf), __VA_ARGS__); \
270 fn((serverConf), __VA_ARGS__); \
273 /** @def CHECK_MBEDTLS_RET(f, ...)
274 * A macro that checks \a f function return code
276 * If function returns error code it goes to error processing.
278 * @param[in] f Function to call
280 #define CHECK_MBEDTLS_RET(f, ...) do { \
281 int ret = (f)(__VA_ARGS__); \
283 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
289 SSL_RSA_WITH_AES_256_CBC_SHA256,
290 SSL_RSA_WITH_AES_128_GCM_SHA256,
291 SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
292 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
293 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
294 SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
295 SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
296 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
297 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
298 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
299 SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
300 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
301 SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
307 ADAPTER_CURVE_SECP256R1,
311 static const int tlsCipher[SSL_CIPHER_MAX][2] =
313 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
314 {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
315 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
316 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
317 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
318 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
319 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
320 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
321 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
322 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
323 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
324 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
325 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
328 static int g_cipherSuitesList[SSL_CIPHER_MAX];
330 static int g_ssl_ordered_default_hashes[] = {
331 #if defined(MBEDTLS_SHA256_C)
335 #if defined(MBEDTLS_SHA1_C)
341 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
343 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
346 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
353 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
354 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
355 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
356 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
357 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
358 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
359 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
360 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
361 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
362 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
363 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
364 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
365 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
366 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
367 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
368 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
369 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
370 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
371 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
372 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
373 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
377 static int GetAlertCode(uint32_t flags)
379 const CrtVerifyAlert_t *cur;
381 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
383 if (flags & cur->code)
391 #if !defined(NDEBUG) || defined(TB_LOG)
393 * Pass a message to the OIC logger.
395 * @param[in] ctx opaque context for the callback
396 * @param[in] level debug level
397 * @param[in] file file name
398 * @param[in] line line number
399 * @param[in] str message
401 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
408 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
412 #if defined(_WIN32) || defined (__TIZENRT__)
414 * Finds the first occurrence of the byte string s in byte string l.
417 static void * memmem(const void *l, size_t lLen, const void *s, size_t sLen)
421 const char *cl = (const char *)l;
422 const char *cs = (const char *)s;
424 if (lLen == 0 || sLen == 0)
434 return (void *)memchr(l, (int)*cs, lLen);
437 last = (char *)cl + lLen - sLen;
439 for (cur = (char *)cl; cur <= last; cur++)
441 if (cur[0] == cs[0] && memcmp(cur, cs, sLen) == 0)
450 * structure to holds the information of cache message and address info.
452 typedef ByteArray_t SslCacheMessage_t;
456 * Data structure for holding the send and recv callbacks.
458 typedef struct TlsCallBacks
460 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
461 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
465 * Data structure for holding the mbedTLS interface related info.
467 typedef struct SslContext
469 u_arraylist_t *peerList; /**< peer list which holds the mapping between
470 peer id, it's n/w address and mbedTLS context. */
471 mbedtls_entropy_context entropy;
472 mbedtls_ctr_drbg_context rnd;
474 mbedtls_x509_crt crt;
475 mbedtls_pk_context pkey;
477 mbedtls_ssl_config clientTlsConf;
478 mbedtls_ssl_config serverTlsConf;
479 mbedtls_ssl_config clientDtlsConf;
480 mbedtls_ssl_config serverDtlsConf;
483 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
484 mbedtls_x509_crl crl;
489 mbedtls_ssl_cookie_ctx cookieCtx;
495 * @var g_caSslContext
496 * @brief global context which holds tls context and cache list information.
498 static SslContext_t * g_caSslContext = NULL;
500 static SslExportKeysCallback_t gTlsExportKeysCallback = NULL;
502 static SslExportKeysCallback_t gDtlsExportKeysCallback = NULL;
505 * @var g_getCredentialsCallback
506 * @brief callback to get TLS credentials (same as for DTLS)
508 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
510 * @var g_getCerdentilTypesCallback
511 * @brief callback to get different credential types from SRM
513 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
515 * @var g_getPkixInfoCallback
517 * @brief callback to get X.509-based Public Key Infrastructure
519 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
522 * @var g_setupPkContextCallback
524 * @brief callback to setup PK context handler for H/W based Public Key Infrastructure
526 static CAsetupPkContextHandler g_setupPkContextCallback = NULL;
529 * @var g_dtlsContextMutex
530 * @brief Mutex to synchronize access to g_caSslContext.
532 static oc_mutex g_sslContextMutex = NULL;
536 * @brief callback to deliver the TLS handshake result
538 static CAErrorCallback g_sslCallback = NULL;
541 * Data structure for PeerCertCallback.
547 } PeerCertCallback_t;
550 * @var g_peerCertCallback
552 * @brief callback to utilize peer certificate information
554 static PeerCertCallback_t g_peerCertCallback = {NULL, NULL};
557 * @var g_decryptBuffer
558 * @brief decrypt buffer which will be used for decryption
560 static uint8_t *g_decryptBuffer = NULL;
563 * Data structure for holding the data to be received.
565 typedef struct SslRecBuf
572 * Data structure for holding the data related to endpoint
575 typedef struct SslEndPoint
577 mbedtls_ssl_context ssl;
578 CASecureEndpoint_t sep;
579 u_arraylist_t * cacheList;
581 uint8_t master[MASTER_SECRET_LEN];
582 uint8_t random[2*RANDOM_LEN];
584 mbedtls_timing_delay_context timer;
585 #endif // __WITH_DTLS__
588 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
590 // TODO Does this method needs protection of tlsContextMutex?
591 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
592 g_getCredentialsCallback = credCallback;
593 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
596 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
598 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
599 g_getPkixInfoCallback = infoCallback;
600 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
603 void CAsetSetupPkContextCallback(CAsetupPkContextHandler setupPkCtxCallback)
605 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
606 g_setupPkContextCallback = setupPkCtxCallback;
607 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
610 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
612 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
613 g_getCredentialTypesCallback = credTypesCallback;
614 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
617 static int GetAdapterIndex(CATransportAdapter_t adapter)
625 case CA_ADAPTER_GATT_BTLE:
628 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
635 * @param[in] tep TLS endpoint
636 * @param[in] data message
637 * @param[in] dataLen message length
639 * @return message length or -1 on error.
641 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
643 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
644 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", -1);
645 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", -1);
646 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
647 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
648 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
650 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
651 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
653 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
654 sentLen = sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, dataLen);
657 OIC_LOG_V(ERROR, NET_SSL_TAG, "sendCallback() is Failed(%zd)", sentLen);
660 else if ((size_t)sentLen != dataLen)
662 OIC_LOG_V(DEBUG, NET_SSL_TAG,
663 "Packet was partially sent - total/sent/remained bytes : %zd/%zu/%lu",
664 sentLen, dataLen, (dataLen - sentLen));
669 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
673 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
679 * @param[in] tep TLS endpoint
680 * @param[in] data message
681 * @param[in] dataLen message length
683 * @return read length
685 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
687 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
688 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
689 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
691 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
692 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
693 retLen = (retLen < dataLen ? retLen : dataLen);
695 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
696 recBuf->loaded += retLen;
698 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
702 static int CASslExportKeysHandler(void *p_expkey,
703 const unsigned char *ms,
704 const unsigned char *kb,
709 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
711 if (NULL == g_caSslContext)
713 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
714 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
716 if (NULL == p_expkey)
718 OIC_LOG(ERROR, NET_SSL_TAG, "Can not find the protocol information from 'p_expkey'.");
719 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
722 CASslEkcbProtocol_t* protocol = (CASslEkcbProtocol_t*)p_expkey;
724 if (gTlsExportKeysCallback && CA_SSL_EKCB_TLS == (*protocol))
726 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking TLS export key callback.");
727 gTlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
729 else if (gDtlsExportKeysCallback && CA_SSL_EKCB_DTLS == (*protocol))
731 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking DTLS export key callback.");
732 gDtlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
736 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to Invoke (D)TLS export key callback.");
737 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
740 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
744 CAResult_t CASetSslExportKeysCallback(SslExportKeysCallback_t exportKeysCb,
745 CASslEkcbProtocol_t protocol, CASslEkcbRole_t role)
747 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
748 mbedtls_ssl_config* sslConf = NULL;
749 static CASslEkcbProtocol_t protocolCtx = CA_SSL_EKCB_TLS;
751 if (CA_SSL_EKCB_TLS != protocol && CA_SSL_EKCB_DTLS != protocol)
753 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild protocol.");
754 return CA_STATUS_INVALID_PARAM;
756 if (CA_SSL_EKCB_CLIENT != role && CA_SSL_EKCB_SERVER != role)
758 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild role.");
759 return CA_STATUS_INVALID_PARAM;
762 OIC_LOG_V(DEBUG, NET_SSL_TAG, "TLS Export Key Callback Type : [%s] [%s]",
763 (CA_SSL_EKCB_TLS == protocol ? "TLS" : "DTLS"),
764 (CA_SSL_EKCB_CLIENT == role ? "Client" : "Server"));
766 oc_mutex_lock(g_sslContextMutex);
767 if (NULL == g_caSslContext)
769 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
770 oc_mutex_unlock(g_sslContextMutex);
771 return CA_STATUS_NOT_INITIALIZED;
774 if (CA_SSL_EKCB_TLS == protocol)
776 gTlsExportKeysCallback = exportKeysCb;
777 if (CA_SSL_EKCB_CLIENT == role)
779 sslConf = &g_caSslContext->clientTlsConf;
783 sslConf = &g_caSslContext->serverTlsConf;
788 gDtlsExportKeysCallback = exportKeysCb;
789 if (CA_SSL_EKCB_CLIENT == role)
791 sslConf = &g_caSslContext->clientDtlsConf;
795 sslConf = &g_caSslContext->serverDtlsConf;
798 protocolCtx = protocol;
800 if (NULL == exportKeysCb)
802 mbedtls_ssl_conf_export_keys_cb(sslConf, NULL, NULL);
803 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback unregistered.");
807 mbedtls_ssl_conf_export_keys_cb(sslConf, CASslExportKeysHandler, (void*)(&protocolCtx));
808 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback registered.");
810 oc_mutex_unlock(g_sslContextMutex);
812 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
818 * Parse chain of X.509 certificates.
820 * @param[out] crt container for X.509 certificates
821 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
822 or DER format in a jumble, delimiting symbols does not matter.
823 * @param[in] bufLen buffer length
824 * @param[in] errNum number certificates that failed to parse
826 * @return number of successfully parsed certificates or -1 on error
828 static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, size_t bufLen, int * errNum)
830 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
831 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
832 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
834 char pemCertHeader[] = {
835 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
836 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
838 char pemCertFooter[] = {
839 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
840 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
842 size_t pemCertHeaderLen = sizeof(pemCertHeader);
843 size_t pemCertFooterLen = sizeof(pemCertFooter);
846 unsigned char * tmp = NULL;
854 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
856 tmp = (unsigned char *)buf + pos + 1;
857 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
858 if (pos + len < bufLen)
860 ret = mbedtls_x509_crt_parse_der(crt, buf + pos, len + 4);
868 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse_der returned -0x%04x\n", -(ret));
873 else if ((buf + pos + pemCertHeaderLen < buf + bufLen) &&
874 (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen)))
876 void * endPos = NULL;
877 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
880 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
881 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
884 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen;
885 if (pos + len + 1 <= bufLen)
887 char con = buf[pos + len];
888 buf[pos + len] = 0x00;
889 ret = mbedtls_x509_crt_parse(crt, buf + pos, len + 1);
897 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
899 buf[pos + len] = con;
903 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
904 memcpy(lastCert, buf + pos, len);
905 lastCert[len] = 0x00;
906 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
914 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
925 OIC_LOG_V(INFO, NET_SSL_TAG, "%s successfully parsed %d certificates", __func__, count);
926 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
933 static int VerifyCertificateCallback(void *p_vrfy, mbedtls_x509_crt *crt, int depth,
937 char buf[1024] = {0};
939 if (0 != *flags) // Invalid Cerificate
942 ret = mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags);
945 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s(%d)", buf, *flags);
950 if (NULL == g_peerCertCallback.cb)
952 OIC_LOG(DEBUG, NET_SSL_TAG, "NOT SET g_peerCertCallback");
958 * depth = 0 : Own Cert.
959 * depth = 1 : Sub CA Cert.
960 * depth = 2 : Root CA Cert.
962 OIC_LOG_V(INFO, NET_SSL_TAG, "Depth : %d", depth);
964 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
965 OIC_LOG_V(DEBUG, NET_SSL_TAG, "crt : %s", buf);
967 g_peerCertCallback.cb(g_peerCertCallback.ctx, crt, depth);
972 CAResult_t CAsetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback)
974 #ifndef __WITH_DTLS__
976 UNUSED(peerCertCallback);
977 OIC_LOG(ERROR, NET_SSL_TAG, "Not Supported");
978 return CA_NOT_SUPPORTED;
981 if (peerCertCallback)
983 OIC_LOG(DEBUG, NET_SSL_TAG, "SET peerCertCallback");
984 g_peerCertCallback.cb = peerCertCallback;
985 g_peerCertCallback.ctx = ctx;
989 OIC_LOG(DEBUG, NET_SSL_TAG, "UNSET peerCertCallback");
990 g_peerCertCallback.cb = NULL;
991 g_peerCertCallback.ctx = NULL;
996 //Loads PKIX related information from SRM
997 static int InitPKIX(CATransportAdapter_t adapter)
999 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1000 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
1001 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1003 mbedtls_x509_crt_free(&g_caSslContext->ca);
1004 mbedtls_x509_crt_free(&g_caSslContext->crt);
1005 mbedtls_pk_free(&g_caSslContext->pkey);
1006 mbedtls_x509_crl_free(&g_caSslContext->crl);
1008 mbedtls_x509_crt_init(&g_caSslContext->ca);
1009 mbedtls_x509_crt_init(&g_caSslContext->crt);
1010 mbedtls_pk_init(&g_caSslContext->pkey);
1011 mbedtls_x509_crl_init(&g_caSslContext->crl);
1013 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ||
1014 adapter == CA_ADAPTER_GATT_BTLE ?
1015 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1016 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ||
1017 adapter == CA_ADAPTER_GATT_BTLE ?
1018 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1020 #ifdef __WITH_DTLS__
1022 * Conf. is initialized in CAinitSslAdapter()
1024 mbedtls_ssl_conf_verify(&g_caSslContext->clientDtlsConf, VerifyCertificateCallback, NULL);
1027 // load pk key, cert, trust chain and crl
1028 if (g_getPkixInfoCallback)
1030 OIC_LOG(INFO, NET_SSL_TAG, "g_getPkixInfoCallback will be invoked");
1031 g_getPkixInfoCallback(&g_pkiInfo);
1034 // parse own certficate (optional)
1037 int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
1040 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
1045 OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
1049 // parse private key if hw is not supported (optional)
1050 if(NULL == g_setupPkContextCallback)
1052 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback is NULL");
1053 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
1058 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback will be invoked");
1059 // setup hw pk context (optional)
1060 ret = g_setupPkContextCallback(&g_caSslContext->pkey);
1063 // setup public parameter
1064 mbedtls_pk_type_t ktype = mbedtls_pk_get_type(&g_caSslContext->pkey);
1065 if (MBEDTLS_PK_ECKEY == ktype || MBEDTLS_PK_ECKEY_DH == ktype
1066 || MBEDTLS_PK_ECDSA == ktype)
1068 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Copy ecp public param from cert, keytype [%d]", ktype);
1069 mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair*)g_caSslContext->crt.pk.pk_ctx;
1070 mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context*)g_caSslContext->pkey.pk_ctx;
1073 ret = mbedtls_ecdsa_from_keypair(ecdsa, eckey);
1076 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to copy public param [0x%x]", ret);
1081 OIC_LOG_V(WARNING, NET_SSL_TAG, "key-ctx(%p), cert-ctx(%p)", ecdsa, eckey);
1087 OIC_LOG_V(INFO, NET_SSL_TAG, "loaded key is not one of eckey type [%d]", ktype);
1092 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to call g_setupPkContextCallback [%d]", ret);
1097 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
1101 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1104 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
1107 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1110 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
1115 count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
1118 OIC_LOG(WARNING, NET_SSL_TAG, "CA chain in svr db was not parsed");
1119 OIC_LOG(WARNING, NET_SSL_TAG, " but if working as server, chain not required");
1120 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1125 OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
1128 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
1131 OIC_LOG(WARNING, NET_SSL_TAG, "CRL in svr db was not parsed");
1132 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
1136 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
1137 &g_caSslContext->ca, &g_caSslContext->crl);
1140 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1147 * @param[in] notUsed opaque context
1148 * @param[in] ssl mbedTLS context
1149 * @param[in] desc identity
1150 * @param[in] descLen identity length
1152 * @return 0 on success any other return value will result in a denied PSK identity
1154 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
1155 const unsigned char * desc, size_t descLen)
1157 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1158 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
1159 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
1160 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
1161 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
1163 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
1167 uint8_t keyBuf[PSK_LENGTH] = {0};
1169 // Retrieve the credentials blob from security module
1170 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
1173 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
1174 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
1175 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
1176 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
1178 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1179 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
1181 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
1186 * Gets session corresponding for endpoint.
1188 * @param[in] peer remote address
1190 * @return TLS session or NULL
1192 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
1194 uint32_t listIndex = 0;
1195 uint32_t listLength = 0;
1196 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1197 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
1198 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1200 SslEndPoint_t *tep = NULL;
1201 listLength = u_arraylist_length(g_caSslContext->peerList);
1202 for (listIndex = 0; listIndex < listLength; listIndex++)
1204 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1210 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d] for %d adapter",
1211 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port,
1214 if((peer->adapter == tep->sep.endpoint.adapter)
1215 && (0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
1216 && (peer->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == peer->adapter))
1218 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Found Peer:[%s:%d] for %d adapter",
1219 peer->addr, peer->port, peer->adapter);
1220 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1224 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1225 peer->addr, peer->port, peer->adapter);
1226 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1230 bool CAIsExistSslPeer(const CAEndpoint_t *peer)
1232 oc_mutex_lock(g_sslContextMutex);
1233 if (NULL == g_caSslContext)
1235 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1236 oc_mutex_unlock(g_sslContextMutex);
1240 if (GetSslPeer(peer))
1242 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Exist Peer");
1243 oc_mutex_unlock(g_sslContextMutex);
1248 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Not Exist Peer");
1249 oc_mutex_unlock(g_sslContextMutex);
1255 * Gets session corresponding for endpoint.
1257 * @param[in] peer remote address
1259 * @return TLS session or NULL
1261 static SslEndPoint_t *GetSslPeerUsingUuid(const uint8_t *identity, size_t idLength)
1263 uint32_t listIndex = 0;
1264 uint32_t listLength = 0;
1265 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1266 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL", NULL);
1267 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1269 OIC_LOG(INFO, NET_SSL_TAG, "[Target UUID]");
1270 OIC_LOG_BUFFER(INFO, NET_SSL_TAG, identity, idLength);
1272 SslEndPoint_t *tep = NULL;
1273 listLength = u_arraylist_length(g_caSslContext->peerList);
1274 for (listIndex = 0; listIndex < listLength; listIndex++)
1276 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1282 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare UUID for [%s:%d]",
1283 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1285 if ((tep->sep.identity.id_length == idLength)
1286 && (0 == memcmp(identity, tep->sep.identity.id, idLength)))
1288 OIC_LOG_V(INFO, NET_SSL_TAG, "Found matched UUID in [%s:%d]",
1289 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1290 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1294 OIC_LOG(INFO, NET_SSL_TAG, "Peer not found");
1295 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1300 #ifdef MULTIPLE_OWNER
1302 * Gets CA secure endpoint info corresponding for endpoint.
1304 * @param[in] peer remote address
1306 * @return CASecureEndpoint or NULL
1308 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
1310 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1312 // TODO: Added as workaround, need to debug
1313 oc_mutex_unlock(g_sslContextMutex);
1315 oc_mutex_lock(g_sslContextMutex);
1316 if (NULL == g_caSslContext)
1318 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1319 oc_mutex_unlock(g_sslContextMutex);
1323 SslEndPoint_t* sslPeer = GetSslPeer(peer);
1326 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1327 oc_mutex_unlock(g_sslContextMutex);
1328 return &sslPeer->sep;
1331 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
1332 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1333 oc_mutex_unlock(g_sslContextMutex);
1339 * Deletes cached message.
1341 * @param[in] msg message
1343 static void DeleteCacheMessage(SslCacheMessage_t * msg)
1345 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1346 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
1351 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1354 * Deletes cached message list.
1356 * @param[in] cacheList list of cached messages
1358 static void DeleteCacheList(u_arraylist_t * cacheList)
1360 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1361 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
1362 uint32_t listIndex = 0;
1363 uint32_t listLength = 0;
1365 listLength = u_arraylist_length(cacheList);
1366 for (listIndex = 0; listIndex < listLength; listIndex++)
1368 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
1371 DeleteCacheMessage(msg);
1374 u_arraylist_free(&cacheList);
1376 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1379 * Deletes endpoint with session.
1381 * @param[in] tep endpoint with session info
1383 static void DeleteSslEndPoint(SslEndPoint_t * tep)
1385 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1386 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
1388 mbedtls_ssl_free(&tep->ssl);
1389 DeleteCacheList(tep->cacheList);
1391 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1394 * Removes endpoint session from list.
1396 * @param[in] endpoint remote address
1398 static void RemovePeerFromList(const CAEndpoint_t * endpoint)
1400 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1401 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1402 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
1403 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1404 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1406 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1411 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
1412 && (endpoint->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == endpoint->adapter))
1414 u_arraylist_remove(g_caSslContext->peerList, listIndex);
1415 DeleteSslEndPoint(tep);
1416 OIC_LOG_V(INFO, NET_SSL_TAG, "Remove Peer:[%s:%d] for %d adapter",
1417 endpoint->addr, endpoint->port, endpoint->adapter);
1418 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1422 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1423 endpoint->addr, endpoint->port, endpoint->adapter);
1424 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1427 * Deletes session list.
1429 static void DeletePeerList()
1431 OIC_LOG_V(DEBUG, NET_SSL_TAG, "%s", __func__);
1432 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1434 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1435 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1437 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1442 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1447 ret = mbedtls_ssl_close_notify(&tep->ssl);
1449 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1451 DeleteSslEndPoint(tep);
1453 u_arraylist_free(&g_caSslContext->peerList);
1456 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
1458 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1459 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1461 oc_mutex_lock(g_sslContextMutex);
1462 if (NULL == g_caSslContext)
1464 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1465 oc_mutex_unlock(g_sslContextMutex);
1466 return CA_STATUS_FAILED;
1468 SslEndPoint_t * tep = GetSslPeer(endpoint);
1471 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1472 oc_mutex_unlock(g_sslContextMutex);
1473 return CA_STATUS_FAILED;
1475 /* No error checking, the connection might be closed already */
1479 ret = mbedtls_ssl_close_notify(&tep->ssl);
1481 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1483 RemovePeerFromList(&tep->sep.endpoint);
1484 oc_mutex_unlock(g_sslContextMutex);
1486 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1487 return CA_STATUS_OK;
1490 CAResult_t CAcloseSslConnectionUsingUuid(const uint8_t *identity, size_t idLength)
1492 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1493 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL" , CA_STATUS_INVALID_PARAM);
1495 oc_mutex_lock(g_sslContextMutex);
1496 if (NULL == g_caSslContext)
1498 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1499 oc_mutex_unlock(g_sslContextMutex);
1500 return CA_STATUS_FAILED;
1503 SslEndPoint_t* tep = GetSslPeerUsingUuid(identity, idLength);
1506 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1507 oc_mutex_unlock(g_sslContextMutex);
1508 return CA_STATUS_FAILED;
1511 /* No error checking, the connection might be closed already */
1515 ret = mbedtls_ssl_close_notify(&tep->ssl);
1517 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1519 RemovePeerFromList(&tep->sep.endpoint);
1520 oc_mutex_unlock(g_sslContextMutex);
1522 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1523 return CA_STATUS_OK;
1526 void CAcloseSslConnectionAll(CATransportAdapter_t transportType)
1528 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1529 oc_mutex_lock(g_sslContextMutex);
1530 if (NULL == g_caSslContext)
1532 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1533 oc_mutex_unlock(g_sslContextMutex);
1537 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1538 OIC_LOG_V(INFO, NET_SSL_TAG,
1539 "Required transport [%d], peer count [%d]", transportType, listLength);
1540 for (uint32_t i = listLength; i > 0; i--)
1542 SslEndPoint_t *tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList, i - 1);
1547 OIC_LOG_V(INFO, NET_SSL_TAG, "SSL Connection [%s:%d], Transport [%d]",
1548 tep->sep.endpoint.addr, tep->sep.endpoint.port, tep->sep.endpoint.adapter);
1550 // check transport matching
1551 if (0 == (tep->sep.endpoint.adapter & transportType))
1553 OIC_LOG(DEBUG, NET_SSL_TAG, "Skip the un-matched transport session");
1557 // TODO: need to check below code after socket close is ensured.
1561 ret = mbedtls_ssl_close_notify(&tep->ssl);
1563 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);*/
1566 u_arraylist_remove(g_caSslContext->peerList, i - 1);
1567 DeleteSslEndPoint(tep);
1569 oc_mutex_unlock(g_sslContextMutex);
1571 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1575 * Creates session for endpoint.
1577 * @param[in] endpoint remote address
1578 * @param[in] config mbedTLS configuration info
1580 * @return TLS endpoint or NULL
1582 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
1584 SslEndPoint_t * tep = NULL;
1585 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1586 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
1587 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
1588 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1590 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
1593 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1597 tep->sep.endpoint = *endpoint;
1598 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
1600 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
1602 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
1604 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1608 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
1609 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
1611 mbedtls_ssl_set_timer_cb(&tep->ssl, &tep->timer,
1612 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
1613 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1615 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
1616 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
1618 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
1619 mbedtls_ssl_free(&tep->ssl);
1621 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1626 tep->cacheList = u_arraylist_create();
1627 if (NULL == tep->cacheList)
1629 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
1630 mbedtls_ssl_free(&tep->ssl);
1632 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1635 OIC_LOG_V(INFO, NET_SSL_TAG, "New [%s role] endpoint added [%s:%d]",
1636 (MBEDTLS_SSL_IS_SERVER==config->endpoint ? "server" : "client"),
1637 endpoint->addr, endpoint->port);
1638 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1642 * Initializes PSK identity.
1644 * @param[out] config client/server config to be updated
1646 * @return 0 on success or -1 on error
1648 static int InitPskIdentity(mbedtls_ssl_config * config)
1650 uint8_t keyBuf[PSK_LENGTH] = {0};
1651 uint8_t idBuf[UUID_LENGTH] = {0};
1652 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1653 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
1655 //Retrieve PSK identity from SVR DB
1656 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
1658 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
1659 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1662 //Store PSK ideneity in mbedtls_ssl_config
1663 if (0 != mbedtls_ssl_conf_psk(config, keyBuf, PSK_LENGTH, idBuf, UUID_LENGTH))
1665 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
1666 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1669 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1672 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1675 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1676 VERIFY_NON_NULL_VOID(config, NET_SSL_TAG, "Invaild param");
1677 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1678 VERIFY_NON_NULL_VOID(g_getCredentialTypesCallback, NET_SSL_TAG, "Param callback is null");
1680 //Resetting cipherFlag
1681 g_caSslContext->cipherFlag[0] = false;
1682 g_caSslContext->cipherFlag[1] = false;
1684 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1685 // Retrieve the PSK credential from SRM
1686 if (0 != InitPskIdentity(config))
1688 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1691 // Retrieve the Cert credential from SRM
1692 if (true == g_caSslContext->cipherFlag[1])
1694 int ret = InitPKIX(adapter);
1697 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1701 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1703 // Add the preferred ciphersuite first
1704 if (SSL_CIPHER_MAX != g_caSslContext->cipher)
1706 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1707 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Preferred ciphersuite added");
1711 // Add PSK ciphersuite
1712 if (true == g_caSslContext->cipherFlag[0] &&
1713 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[g_caSslContext->cipher][0])
1715 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1716 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK ciphersuite added");
1720 // Add all certificate ciphersuites
1721 if (true == g_caSslContext->cipherFlag[1])
1723 for (unsigned int i = 0; i < SSL_CIPHER_MAX - 1; i++)
1725 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[i][0] &&
1726 i != g_caSslContext->cipher)
1728 g_cipherSuitesList[index] = tlsCipher[i][0];
1733 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1735 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1739 OIC_LOG(INFO, NET_SSL_TAG, "Supported ciphersuites:");
1740 for (int i = 0; i < index; i++)
1742 OIC_LOG_V(INFO, NET_SSL_TAG, "Ciphersuite %04x", g_cipherSuitesList[i]);
1745 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1747 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1750 * Initiate TLS handshake with endpoint.
1752 * @param[in] endpoint remote address
1754 * @return TLS endpoint or NULL
1756 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1759 SslEndPoint_t * tep = NULL;
1761 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1762 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1763 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1765 //Remove previous peer info from peer list.
1766 RemovePeerFromList(endpoint);
1768 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ||
1769 endpoint->adapter == CA_ADAPTER_GATT_BTLE ?
1770 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1771 tep = NewSslEndPoint(endpoint, config);
1774 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1778 //Load allowed SVR suites from SVR DB
1779 SetupCipher(config, endpoint->adapter);
1781 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1784 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1785 DeleteSslEndPoint(tep);
1789 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1791 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1792 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1798 OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
1799 RemovePeerFromList(&tep->sep.endpoint);
1802 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1804 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1807 #ifdef __WITH_DTLS__
1809 * Stops DTLS retransmission.
1811 static void StopRetransmit()
1815 unregisterTimer(g_caSslContext->timerId);
1816 g_caSslContext->timerId= -1;
1820 void CAdeinitSslAdapter()
1822 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1824 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1825 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1827 //Lock tlsContext mutex
1828 oc_mutex_lock(g_sslContextMutex);
1833 // De-initialize mbedTLS
1834 mbedtls_x509_crt_free(&g_caSslContext->ca);
1835 mbedtls_x509_crt_free(&g_caSslContext->crt);
1836 mbedtls_pk_free(&g_caSslContext->pkey);
1837 mbedtls_x509_crl_free(&g_caSslContext->crl);
1839 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1840 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1841 #endif // __WITH_TLS__
1842 #ifdef __WITH_DTLS__
1843 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1844 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1845 mbedtls_ssl_cookie_free(&g_caSslContext->cookieCtx);
1846 #endif // __WITH_DTLS__
1847 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1848 mbedtls_entropy_free(&g_caSslContext->entropy);
1849 #ifdef __WITH_DTLS__
1852 // De-initialize tls Context
1853 OICFree(g_caSslContext);
1854 g_caSslContext = NULL;
1856 // Delete decrypt buffer
1857 if (g_decryptBuffer)
1859 OICFree(g_decryptBuffer);
1860 g_decryptBuffer = NULL;
1863 // Unlock tlsContext mutex and de-initialize it
1864 oc_mutex_unlock(g_sslContextMutex);
1865 oc_mutex_free(g_sslContextMutex);
1866 g_sslContextMutex = NULL;
1868 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1871 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1873 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1874 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1875 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1876 mbedtls_ssl_config_init(conf);
1877 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1879 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1883 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1884 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1885 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1886 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1887 mbedtls_ssl_conf_renegotiation(conf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1888 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1889 mbedtls_ssl_conf_sig_hashes(conf, g_ssl_ordered_default_hashes);
1891 #ifdef __WITH_DTLS__
1892 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == transport &&
1893 MBEDTLS_SSL_IS_SERVER == mode)
1895 mbedtls_ssl_conf_dtls_cookies(conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
1896 &g_caSslContext->cookieCtx);
1898 #endif // __WITH_DTLS__
1900 #if !defined(NDEBUG) || defined(TB_LOG)
1901 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1902 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1904 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1907 #ifdef __WITH_DTLS__
1909 * Starts DTLS retransmission.
1911 static int StartRetransmit()
1913 uint32_t listIndex = 0;
1914 uint32_t listLength = 0;
1915 SslEndPoint_t *tep = NULL;
1917 oc_mutex_lock(g_sslContextMutex);
1918 if (NULL == g_caSslContext)
1920 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
1921 oc_mutex_unlock(g_sslContextMutex);
1924 if (g_caSslContext->timerId != -1)
1926 //clear previous timer
1927 unregisterTimer(g_caSslContext->timerId);
1929 listLength = u_arraylist_length(g_caSslContext->peerList);
1931 for (listIndex = 0; listIndex < listLength; listIndex++)
1933 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1935 || (tep->ssl.conf && MBEDTLS_SSL_TRANSPORT_STREAM == tep->ssl.conf->transport)
1936 || MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1940 OIC_LOG_V(INFO, NET_SSL_TAG, "peer #%d", (int) listIndex);
1942 int ret = mbedtls_ssl_handshake_step(&tep->ssl);
1944 if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
1947 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1949 SSL_CHECK_FAIL(tep, ret, "Retransmission", 1, CA_STATUS_FAILED,
1950 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1955 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1956 oc_mutex_unlock(g_sslContextMutex);
1962 CAResult_t CAinitSslAdapter()
1964 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1965 // Initialize mutex for tlsContext
1966 if (NULL == g_sslContextMutex)
1968 g_sslContextMutex = oc_mutex_new();
1969 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
1973 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
1974 return CA_STATUS_OK;
1977 // Lock tlsContext mutex and create tlsContext
1978 oc_mutex_lock(g_sslContextMutex);
1979 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1981 if (NULL == g_caSslContext)
1983 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
1984 oc_mutex_unlock(g_sslContextMutex);
1985 oc_mutex_free(g_sslContextMutex);
1986 g_sslContextMutex = NULL;
1987 return CA_MEMORY_ALLOC_FAILED;
1991 g_caSslContext->peerList = u_arraylist_create();
1993 if(NULL == g_caSslContext->peerList)
1995 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
1996 OICFree(g_caSslContext);
1997 g_caSslContext = NULL;
1998 oc_mutex_unlock(g_sslContextMutex);
1999 oc_mutex_free(g_sslContextMutex);
2000 g_sslContextMutex = NULL;
2001 return CA_STATUS_FAILED;
2004 /* Initialize TLS library
2006 #if !defined(NDEBUG) || defined(TB_LOG)
2007 char version[MBED_TLS_VERSION_LEN];
2008 mbedtls_version_get_string(version);
2009 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
2014 mbedtls_entropy_init(&g_caSslContext->entropy);
2015 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
2018 unsigned char seed[sizeof(SEED)] = {0};
2020 urandomFd = open("/dev/urandom", O_RDONLY);
2023 OIC_LOG(ERROR, NET_SSL_TAG, "Fails open /dev/urandom!");
2024 oc_mutex_unlock(g_sslContextMutex);
2025 CAdeinitSslAdapter();
2026 return CA_STATUS_FAILED;
2028 if(0 > read(urandomFd, seed, sizeof(seed)))
2030 OIC_LOG(ERROR, NET_SSL_TAG, "Fails read from /dev/urandom!");
2032 oc_mutex_unlock(g_sslContextMutex);
2033 CAdeinitSslAdapter();
2034 return CA_STATUS_FAILED;
2039 unsigned char * seed = (unsigned char*) SEED;
2041 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
2042 &g_caSslContext->entropy, seed, sizeof(SEED)))
2044 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
2045 oc_mutex_unlock(g_sslContextMutex);
2046 CAdeinitSslAdapter();
2047 return CA_STATUS_FAILED;
2049 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
2052 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
2053 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
2055 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2056 oc_mutex_unlock(g_sslContextMutex);
2057 CAdeinitSslAdapter();
2058 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2059 return CA_STATUS_FAILED;
2062 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
2063 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
2065 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2066 oc_mutex_unlock(g_sslContextMutex);
2067 CAdeinitSslAdapter();
2068 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2069 return CA_STATUS_FAILED;
2071 #endif // __WITH_TLS__
2072 #ifdef __WITH_DTLS__
2073 mbedtls_ssl_cookie_init(&g_caSslContext->cookieCtx);
2074 if (0 != mbedtls_ssl_cookie_setup(&g_caSslContext->cookieCtx, mbedtls_ctr_drbg_random,
2075 &g_caSslContext->rnd))
2077 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
2078 oc_mutex_unlock(g_sslContextMutex);
2079 CAdeinitSslAdapter();
2080 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2081 return CA_STATUS_FAILED;
2084 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
2085 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
2087 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2088 oc_mutex_unlock(g_sslContextMutex);
2089 CAdeinitSslAdapter();
2090 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2091 return CA_STATUS_FAILED;
2094 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
2095 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
2097 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2098 oc_mutex_unlock(g_sslContextMutex);
2099 CAdeinitSslAdapter();
2100 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2101 return CA_STATUS_FAILED;
2103 #endif // __WITH_DTLS__
2105 // set default cipher
2106 g_caSslContext->cipher = SSL_CIPHER_MAX;
2109 mbedtls_x509_crt_init(&g_caSslContext->ca);
2110 mbedtls_x509_crt_init(&g_caSslContext->crt);
2111 mbedtls_pk_init(&g_caSslContext->pkey);
2112 mbedtls_x509_crl_init(&g_caSslContext->crl);
2114 #ifdef __WITH_DTLS__
2115 g_caSslContext->timerId = -1;
2118 // create decrypt buffer
2119 g_decryptBuffer = (uint8_t *)OICCalloc(1, TLS_MSG_BUF_LEN);
2120 if (NULL == g_decryptBuffer)
2122 OIC_LOG(ERROR, NET_SSL_TAG, "Decrypt buffer malloc failed");
2123 oc_mutex_unlock(g_sslContextMutex);
2124 CAdeinitSslAdapter();
2125 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2126 return CA_MEMORY_ALLOC_FAILED;
2129 oc_mutex_unlock(g_sslContextMutex);
2130 #ifdef __WITH_DTLS__
2134 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2135 return CA_STATUS_OK;
2138 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
2140 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2141 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
2144 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
2145 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2148 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
2149 if (NULL == message)
2151 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2152 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2156 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
2157 if (NULL == message->data)
2159 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2161 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2164 memcpy(message->data, data, dataLen);
2165 message->len = dataLen;
2166 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2170 /* Send data via TLS connection.
2172 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
2173 void *data, uint32_t dataLen)
2177 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s ", __func__);
2179 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
2180 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
2181 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
2185 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
2186 return CA_STATUS_FAILED;
2189 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
2191 oc_mutex_lock(g_sslContextMutex);
2192 if(NULL == g_caSslContext)
2194 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2195 oc_mutex_unlock(g_sslContextMutex);
2196 return CA_STATUS_FAILED;
2199 SslEndPoint_t * tep = GetSslPeer(endpoint);
2202 tep = InitiateTlsHandshake(endpoint);
2206 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2207 oc_mutex_unlock(g_sslContextMutex);
2208 return CA_STATUS_FAILED;
2211 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
2213 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)");
2215 unsigned char *dataBuf = (unsigned char *)data;
2220 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, dataLen - written);
2223 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2225 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned 0x%x", -ret);
2226 RemovePeerFromList(&tep->sep.endpoint);
2227 oc_mutex_unlock(g_sslContextMutex);
2228 return CA_STATUS_FAILED;
2232 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2236 } while (dataLen > written);
2241 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
2242 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
2244 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2245 oc_mutex_unlock(g_sslContextMutex);
2246 return CA_STATUS_FAILED;
2250 oc_mutex_unlock(g_sslContextMutex);
2252 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2253 return CA_STATUS_OK;
2256 * Sends cached messages via TLS connection.
2258 * @param[in] tep remote address with session info
2260 static void SendCacheMessages(SslEndPoint_t * tep)
2262 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2263 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
2265 uint32_t listIndex = 0;
2266 uint32_t listLength = 0;
2267 listLength = u_arraylist_length(tep->cacheList);
2268 for (listIndex = 0; listIndex < listLength;)
2271 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
2272 if (NULL != msg && NULL != msg->data && 0 != msg->len)
2274 unsigned char *dataBuf = (unsigned char *)msg->data;
2279 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
2282 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2284 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
2289 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2293 } while (msg->len > written);
2295 if (u_arraylist_remove(tep->cacheList, listIndex))
2297 DeleteCacheMessage(msg);
2298 // Reduce list length by 1 as we removed one element.
2303 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
2309 // Move to the next element
2313 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2316 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
2318 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2319 g_sslCallback = tlsHandshakeCallback;
2320 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2323 /* Read data from TLS connection
2325 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
2328 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
2329 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2330 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
2332 oc_mutex_lock(g_sslContextMutex);
2333 if (NULL == g_caSslContext)
2335 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2336 oc_mutex_unlock(g_sslContextMutex);
2337 return CA_STATUS_FAILED;
2341 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
2344 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2345 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2346 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2347 peer = NewSslEndPoint(&sep->endpoint, config);
2350 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
2351 oc_mutex_unlock(g_sslContextMutex);
2352 return CA_STATUS_FAILED;
2354 //Load allowed TLS suites from SVR DB
2355 SetupCipher(config, sep->endpoint.adapter);
2357 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
2360 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2362 oc_mutex_unlock(g_sslContextMutex);
2363 return CA_STATUS_FAILED;
2367 peer->recBuf.buff = data;
2368 peer->recBuf.len = dataLen;
2369 peer->recBuf.loaded = 0;
2371 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
2373 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2374 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
2379 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
2381 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
2382 mbedtls_ssl_session_reset(&peer->ssl);
2383 mbedtls_ssl_set_client_transport_id(&peer->ssl,
2384 (const unsigned char *) sep->endpoint.addr,
2385 sizeof(sep->endpoint.addr));
2386 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2388 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2390 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
2393 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
2394 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
2395 CA_STATUS_FAILED, GetAlertCode(flags));
2398 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2399 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
2401 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
2402 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
2404 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
2406 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
2409 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2411 SSL_RES(peer, CA_STATUS_OK);
2412 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2414 SendCacheMessages(peer);
2417 int selectedCipher = peer->ssl.session->ciphersuite;
2418 OIC_LOG_V(DEBUG, NET_SSL_TAG, "(D)TLS Session is connected via ciphersuite [0x%x]", selectedCipher);
2419 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != selectedCipher &&
2420 MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != selectedCipher)
2422 char uuid[UUID_LENGTH * 2 + 5] = {0};
2423 void * uuidPos = NULL;
2424 void * userIdPos = NULL;
2425 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
2426 ret = (NULL == peerCert ? -1 : 0);
2427 //SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
2428 // CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
2431 uuidPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
2432 UUID_PREFIX, sizeof(UUID_PREFIX) - 1);
2434 if (NULL != uuidPos)
2436 memcpy(uuid, (char*) uuidPos + sizeof(UUID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
2437 OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s" , uuid);
2438 ret = OCConvertStringToUuid(uuid, peer->sep.identity.id);
2439 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
2440 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2444 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
2447 userIdPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
2448 USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
2449 if (NULL != userIdPos)
2451 memcpy(uuid, (char*) userIdPos + sizeof(USERID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
2452 ret = OCConvertStringToUuid(uuid, peer->sep.userId.id);
2453 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject alt name", 1,
2454 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2458 OIC_LOG(WARNING, NET_SSL_TAG, "Subject alternative name not found");
2463 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2465 SendCacheMessages(peer);
2467 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2468 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2469 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2471 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_REQUIRED);
2473 oc_mutex_unlock(g_sslContextMutex);
2474 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2475 return CA_STATUS_OK;
2479 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2481 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)");
2483 // flag to read again remained data
2484 bool read_more = false;
2487 if (NULL == g_decryptBuffer)
2489 OIC_LOG(ERROR, NET_SSL_TAG, "decrypt buffer is NULL");
2490 oc_mutex_unlock(g_sslContextMutex);
2491 return CA_STATUS_FAILED;
2493 memset(g_decryptBuffer, 0, TLS_MSG_BUF_LEN);
2498 ret = mbedtls_ssl_read(&peer->ssl, g_decryptBuffer, TLS_MSG_BUF_LEN);
2499 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
2501 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
2502 // TinyDTLS sends fatal close_notify alert
2503 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
2504 MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
2505 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
2507 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
2508 RemovePeerFromList(&peer->sep.endpoint);
2509 oc_mutex_unlock(g_sslContextMutex);
2510 return CA_STATUS_OK;
2515 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
2516 //SSL_RES(peer, CA_STATUS_FAILED);
2517 RemovePeerFromList(&peer->sep.endpoint);
2518 oc_mutex_unlock(g_sslContextMutex);
2519 return CA_STATUS_FAILED;
2523 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
2524 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
2527 res = g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep,
2528 g_decryptBuffer, ret);
2529 if (CA_STATUS_OK != res)
2531 OIC_LOG(ERROR, NET_SSL_TAG, "recvCallback is failed");
2532 RemovePeerFromList(&peer->sep.endpoint);
2533 oc_mutex_unlock(g_sslContextMutex);
2534 return CA_STATUS_FAILED;
2537 // check if decrypted data is remained in stream transport
2538 size_t remained = mbedtls_ssl_get_bytes_avail(&peer->ssl);
2540 MBEDTLS_SSL_TRANSPORT_STREAM == peer->ssl.conf->transport)
2542 OIC_LOG_V(DEBUG, NET_SSL_TAG, "need to read %zu bytes more", remained);
2548 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
2549 RemovePeerFromList(&peer->sep.endpoint);
2550 oc_mutex_unlock(g_sslContextMutex);
2551 return CA_STATUS_FAILED;
2554 } while (read_more);
2557 oc_mutex_unlock(g_sslContextMutex);
2558 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2559 return CA_STATUS_OK;
2562 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
2563 CAPacketSendCallback sendCallback,
2564 CATransportAdapter_t type)
2566 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2567 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
2568 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
2569 oc_mutex_lock(g_sslContextMutex);
2570 if (NULL == g_caSslContext)
2572 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2573 oc_mutex_unlock(g_sslContextMutex);
2580 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
2581 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
2583 case CA_ADAPTER_TCP:
2584 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
2585 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
2587 case CA_ADAPTER_GATT_BTLE:
2588 g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
2589 g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
2592 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
2595 oc_mutex_unlock(g_sslContextMutex);
2596 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2599 * Gets index of the TLS ciphersuite in the SslCipher_t enum.
2601 * @param[in] cipher TLS chiphersuite code
2603 * @return corresponding enum
2606 static SslCipher_t GetCipherIndex(const uint32_t cipher)
2610 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
2612 return SSL_RSA_WITH_AES_256_CBC_SHA256;
2614 case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
2616 return SSL_RSA_WITH_AES_128_GCM_SHA256;
2618 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
2620 return SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
2622 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
2624 return SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
2626 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
2628 return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
2630 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
2632 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
2634 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
2636 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
2638 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
2640 return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
2642 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
2644 return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
2646 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
2648 return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
2650 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
2652 return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
2654 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
2656 return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
2658 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
2660 return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
2664 return SSL_CIPHER_MAX;
2669 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
2671 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2672 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL context is not initialized." , CA_STATUS_NOT_INITIALIZED);
2674 SslCipher_t index = GetCipherIndex(cipher);
2675 if (SSL_CIPHER_MAX == index)
2677 OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
2682 CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
2683 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2685 #ifdef __WITH_DTLS__
2686 CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
2687 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2689 OIC_LOG_V(INFO, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
2691 g_caSslContext->cipher = index;
2693 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2694 return CA_STATUS_OK;
2697 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
2699 CAResult_t res = CA_STATUS_OK;
2700 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2701 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2702 oc_mutex_lock(g_sslContextMutex);
2703 if (NULL == InitiateTlsHandshake(endpoint))
2705 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2706 res = CA_STATUS_FAILED;
2708 oc_mutex_unlock(g_sslContextMutex);
2709 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2713 * Expands the secret into blocks of data according
2714 * to the algorithm specified in section 5 of RFC 4346
2716 * This function writes upto @p bufLen bytes into the given output buffer @p buf
2718 * @param key secret key.
2719 * @param keyLen secret key length.
2720 * @param label A PRF label.
2721 * @param labelLen Actual length of @p label.
2722 * @param random1 Random seed.
2723 * @param random1Len Actual length of @p random1 (may be zero).
2724 * @param random2 Random seed.
2725 * @param random2Len Actual length of @p random2 (may be zero).
2726 * @param buf Output buffer for generated random data.
2727 * @param bufLen Maximum size of @p buf.
2729 * @return The actual number of bytes written to @p buf or @c -1 on error.
2732 static int pHash (const unsigned char *key, size_t keyLen,
2733 const unsigned char *label, size_t labelLen,
2734 const unsigned char *random1, size_t random1Len,
2735 const unsigned char *random2, size_t random2Len,
2736 unsigned char *buf, size_t bufLen)
2738 unsigned char A[RANDOM_LEN] = {0};
2739 unsigned char tmp[RANDOM_LEN] = {0};
2740 size_t dLen; /* digest length */
2741 size_t len = 0; /* result length */
2743 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
2744 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
2745 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
2746 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
2747 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
2749 mbedtls_md_context_t hmacA;
2750 mbedtls_md_context_t hmacP;
2752 mbedtls_md_init(&hmacA);
2753 mbedtls_md_init(&hmacP);
2755 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2756 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2758 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
2759 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
2760 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
2761 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
2762 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2766 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2768 while (len + dLen < bufLen)
2770 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2771 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2772 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2773 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2774 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2775 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2777 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2781 memcpy(buf, tmp, dLen);
2784 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
2785 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
2786 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
2787 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2790 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2791 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2792 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2794 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2795 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2796 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2797 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2799 memcpy(buf, tmp, bufLen - len);
2801 mbedtls_md_free(&hmacA);
2802 mbedtls_md_free(&hmacP);
2806 mbedtls_md_free(&hmacA);
2807 mbedtls_md_free(&hmacP);
2811 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
2812 const uint8_t* label, const size_t labelLen,
2813 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
2814 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
2815 uint8_t* ownerPsk, const size_t ownerPskSize)
2817 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2818 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
2819 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
2820 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
2821 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
2822 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
2824 oc_mutex_lock(g_sslContextMutex);
2825 if (NULL == g_caSslContext)
2827 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2828 oc_mutex_unlock(g_sslContextMutex);
2829 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2830 return CA_STATUS_FAILED;
2832 SslEndPoint_t * tep = GetSslPeer(endpoint);
2835 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
2836 oc_mutex_unlock(g_sslContextMutex);
2837 return CA_STATUS_FAILED;
2840 // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
2844 int keyBlockLen = 0;
2845 if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2846 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2847 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2848 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
2850 // 2 * ( 32 + 0 + 16 ) = 96
2851 macKeyLen = SHA256_MAC_KEY_LENGTH;
2852 ivSize = CBC_IV_LENGTH;
2853 keySize = AES128_KEY_LENGTH;
2855 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
2856 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
2858 // 2 * ( 0 + 4 + 16 ) = 40
2859 macKeyLen = CCM_MAC_KEY_LENGTH;
2860 ivSize = CCM_IV_LENGTH;
2861 keySize = AES128_KEY_LENGTH;
2863 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2865 // 2 * ( 32 + 12 + 16 ) = 120
2866 macKeyLen = SHA256_MAC_KEY_LENGTH;
2867 ivSize = GCM_IV_LENGTH;
2868 keySize = AES128_KEY_LENGTH;
2870 else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
2872 // 2 * ( 32 + 0 + 32 ) = 128
2873 macKeyLen = SHA256_MAC_KEY_LENGTH;
2874 ivSize = CBC_IV_LENGTH;
2875 keySize = AES256_KEY_LENGTH;
2877 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
2879 // 2 * ( 48 + 0 + 32 ) = 160
2880 macKeyLen = SHA384_MAC_KEY_LENGTH;
2881 ivSize = CBC_IV_LENGTH;
2882 keySize = AES256_KEY_LENGTH;
2884 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
2886 // 2 * ( 48 + 12 + 32 ) = 184
2887 macKeyLen = SHA384_MAC_KEY_LENGTH;
2888 ivSize = GCM_IV_LENGTH;
2889 keySize = AES256_KEY_LENGTH;
2891 else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2893 // 2 * ( 48 + 12 + 32 ) = 184
2894 macKeyLen = SHA256_MAC_KEY_LENGTH;
2895 ivSize = GCM_IV_LENGTH;
2896 keySize = AES128_KEY_LENGTH;
2898 keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
2900 uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
2901 if (NULL == keyblock)
2903 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
2904 oc_mutex_unlock(g_sslContextMutex);
2905 return CA_STATUS_FAILED;
2909 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
2910 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
2911 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
2912 keyblock, keyBlockLen);
2915 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2917 oc_mutex_unlock(g_sslContextMutex);
2918 return CA_STATUS_FAILED;
2921 ret = pHash(keyblock, keyBlockLen, label, labelLen,
2922 rsrcServerDeviceId, rsrcServerDeviceIdLen,
2923 provServerDeviceId, provServerDeviceIdLen,
2924 ownerPsk, ownerPskSize);
2927 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2929 oc_mutex_unlock(g_sslContextMutex);
2930 return CA_STATUS_FAILED;
2934 oc_mutex_unlock(g_sslContextMutex);
2936 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2937 return CA_STATUS_OK;