1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
22 #include "iotivity_config.h"
28 #include "ca_adapter_net_ssl.h"
30 #include "caipinterface.h"
31 #include "oic_malloc.h"
33 #include "byte_array.h"
37 // headers required for mbed TLS
38 #include "mbedtls/platform.h"
39 #include "mbedtls/ssl.h"
40 #include "mbedtls/entropy.h"
41 #include "mbedtls/ctr_drbg.h"
42 #include "mbedtls/pkcs12.h"
43 #include "mbedtls/ssl_internal.h"
44 #include "mbedtls/net_sockets.h"
46 #include "mbedtls/timing.h"
47 #include "mbedtls/ssl_cookie.h"
50 #if !defined(NDEBUG) || defined(TB_LOG)
51 #include "mbedtls/debug.h"
52 #include "mbedtls/version.h"
55 #ifdef HAVE_SYS_TYPES_H
56 #include <sys/types.h>
58 #ifdef HAVE_SYS_STAT_H
70 * @def MBED_TLS_VERSION_LEN
71 * @brief mbedTLS version string length
73 #define MBED_TLS_VERSION_LEN (16)
75 * @def PERSONALIZATION_STRING
76 * @brief Personalization string for the mbedtls RNG
78 #define PERSONALIZATION_STRING "IOTIVITY_RND"
81 * @brief uuid prefix in certificate subject field
83 #define UUID_PREFIX "uuid:"
86 * @brief userid prefix in certificate alternative subject name field
88 #define USERID_PREFIX "userid:"
92 * @brief Logging tag for module name
94 #define NET_SSL_TAG "OIC_CA_NET_SSL"
97 * @brief Logging tag for mbedTLS library
99 #define MBED_TLS_TAG "MBED_TLS"
101 * @def MMBED_TLS_DEBUG_LEVEL
102 * @brief Logging level for mbedTLS library
104 #define MBED_TLS_DEBUG_LEVEL (4)
107 * @def TLS_MSG_BUF_LEN
108 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
111 #define TLS_MSG_BUF_LEN (16384)
114 * @brief PSK keys max length
116 #define PSK_LENGTH (256/8)
118 * @def UUID_LENGTHPSK_LENGTH
119 * @brief Identity max length
121 #define UUID_LENGTH (128/8)
123 * @def MASTER_SECRET_LEN
124 * @brief TLS master secret length
126 #define MASTER_SECRET_LEN (48)
129 * @brief TLS client and server random bytes length
131 #define RANDOM_LEN (32)
133 * @def SHA384_MAC_KEY_LENGTH
134 * @brief MAC key length for SHA384 cipher suites
136 #define SHA384_MAC_KEY_LENGTH (48)
138 * @def SHA256_MAC_KEY_LENGTH
139 * @brief MAC key length for SHA256 cipher suites
141 #define SHA256_MAC_KEY_LENGTH (32)
143 * @def CCM_MAC_KEY_LENGTH
144 * @brief MAC key length for CCM cipher suites
146 #define CCM_MAC_KEY_LENGTH (0)
148 * @def AES256_KEY_LENGTH
149 * @brief key material length for AES256 cipher suites
151 #define AES256_KEY_LENGTH (32)
153 * @def AES128_KEY_LENGTH
154 * @brief key material length for AES128 cipher suites
156 #define AES128_KEY_LENGTH (16)
159 * @brief length of nonce for GCM cipher suites
161 #define GCM_IV_LENGTH (12)
164 * @brief length of nonce for CCM cipher suites
166 #define CCM_IV_LENGTH (4)
169 * @brief length of nonce for CBC cipher suites
171 #define CBC_IV_LENGTH (0)
174 * @var RETRANSMISSION_TIME
175 * @brief Maximum timeout value (in seconds) to start DTLS retransmission.
177 #define RETRANSMISSION_TIME 1
179 /**@def SSL_CLOSE_NOTIFY(peer, ret)
181 * Notifies of existing \a peer about closing TLS connection.
183 * @param[in] peer remote peer
184 * @param[in] ret used internaly
186 #define SSL_CLOSE_NOTIFY(peer, ret) \
189 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
190 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
192 /**@def SSL_RES(peer, status)
194 * Sets SSL result for callback.
196 * @param[in] peer remote peer
198 #define SSL_RES(peer, status) \
201 CAErrorInfo_t errorInfo; \
202 errorInfo.result = (status); \
203 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
205 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
207 * Checks handshake result and send alert if needed.
209 * @param[in] peer remote peer
210 * @param[in] ret error code
211 * @param[in] str debug string
212 * @param[in] mutex ca mutex
213 * @param[in] if code does not equal to -1 returns error code
214 * @param[in] msg allert message
216 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
217 if (0 != (ret) && MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) && \
218 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
219 MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
220 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
221 MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) && \
222 MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) && \
223 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) && \
224 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) && \
225 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) && \
226 MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) && \
227 MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) && \
228 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) && \
229 MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) && \
230 MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) && \
231 MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) && \
232 MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) && \
233 MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) && \
234 MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) && \
235 MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret)) \
237 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
238 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) && \
239 (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret)) \
241 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
243 RemovePeerFromList(&(peer)->sep.endpoint); \
246 oc_mutex_unlock(g_sslContextMutex); \
248 SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE); \
249 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
255 /**@def CONF_SSL(clientConf, serverConf, fn, ...)
257 * Calls \a fn for \a clientConf and \a serverConf.
260 #define CONF_SSL(clientConf, serverConf, fn, ...) do { \
261 fn((clientConf), __VA_ARGS__); \
262 fn((serverConf), __VA_ARGS__); \
265 /** @def CHECK_MBEDTLS_RET(f, ...)
266 * A macro that checks \a f function return code
268 * If function returns error code it goes to error processing.
270 * **IMPORTANT:** Any time CHECK_MBEDTLS_RET is used an `exit:` goto label must
271 * be present to handle error processing.
273 * @param[in] f Function to call
275 #define CHECK_MBEDTLS_RET(f, ...) do { \
276 int ret = (f)(__VA_ARGS__); \
278 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
284 SSL_RSA_WITH_AES_256_CBC_SHA256,
285 SSL_RSA_WITH_AES_128_GCM_SHA256,
286 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
287 SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
288 SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
289 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
290 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
291 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
292 SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
293 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
294 SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
300 ADAPTER_CURVE_SECP256R1,
304 static const int tlsCipher[SSL_CIPHER_MAX][2] =
306 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
307 {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
308 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
309 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
310 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
311 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
312 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
313 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
314 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
315 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
316 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
319 static int g_cipherSuitesList[SSL_CIPHER_MAX];
321 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
323 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
326 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
333 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
334 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
335 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
336 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
337 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
338 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
339 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
340 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
341 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
342 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
343 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
344 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
345 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
346 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
347 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
348 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
349 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
350 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
351 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
352 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
353 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
357 static int GetAlertCode(uint32_t flags)
359 const CrtVerifyAlert_t *cur;
361 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
363 if (flags & cur->code)
371 #if !defined(NDEBUG) || defined(TB_LOG)
373 * Pass a message to the OIC logger.
375 * @param[in] ctx opaque context for the callback
376 * @param[in] level debug level
377 * @param[in] file file name
378 * @param[in] line line number
379 * @param[in] str message
381 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
388 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
393 * structure to holds the information of cache message and address info.
395 typedef ByteArray_t SslCacheMessage_t;
399 * Data structure for holding the send and recv callbacks.
401 typedef struct TlsCallBacks
403 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
404 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
408 * Data structure for holding the mbedTLS interface related info.
410 typedef struct SslContext
412 u_arraylist_t *peerList; /**< peer list which holds the mapping between
413 peer id, it's n/w address and mbedTLS context. */
414 mbedtls_entropy_context entropy;
415 mbedtls_ctr_drbg_context rnd;
417 mbedtls_x509_crt crt;
418 mbedtls_pk_context pkey;
420 mbedtls_ssl_config clientTlsConf;
421 mbedtls_ssl_config serverTlsConf;
422 mbedtls_ssl_config clientDtlsConf;
423 mbedtls_ssl_config serverDtlsConf;
426 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
427 mbedtls_x509_crl crl;
438 * @var g_caSslContext
439 * @brief global context which holds tls context and cache list information.
441 static SslContext_t * g_caSslContext = NULL;
444 * @var g_getCredentialsCallback
445 * @brief callback to get TLS credentials (same as for DTLS)
447 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
449 * @var g_getCerdentilTypesCallback
450 * @brief callback to get different credential types from SRM
452 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
454 * @var g_getPkixInfoCallback
456 * @brief callback to get X.509-based Public Key Infrastructure
458 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
461 * @var g_dtlsContextMutex
462 * @brief Mutex to synchronize access to g_caSslContext.
464 static oc_mutex g_sslContextMutex = NULL;
468 * @brief callback to deliver the TLS handshake result
470 static CAErrorCallback g_sslCallback = NULL;
473 * Data structure for holding the data to be received.
475 typedef struct SslRecBuf
482 * Data structure for holding the data related to endpoint
485 typedef struct SslEndPoint
487 mbedtls_ssl_context ssl;
488 CASecureEndpoint_t sep;
489 u_arraylist_t * cacheList;
491 uint8_t master[MASTER_SECRET_LEN];
492 uint8_t random[2*RANDOM_LEN];
494 mbedtls_ssl_cookie_ctx cookieCtx;
495 mbedtls_timing_delay_context timer;
496 #endif // __WITH_DTLS__
499 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
501 // TODO Does this method needs protection of tlsContextMutex?
502 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
503 g_getCredentialsCallback = credCallback;
504 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
507 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
509 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
510 g_getPkixInfoCallback = infoCallback;
511 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
513 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
515 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
516 g_getCredentialTypesCallback = credTypesCallback;
517 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
520 static int GetAdapterIndex(CATransportAdapter_t adapter)
528 case CA_ADAPTER_GATT_BTLE:
531 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
538 * @param[in] tep TLS endpoint
539 * @param[in] data message
540 * @param[in] dataLen message length
542 * @return message length or -1 on error.
544 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
546 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
547 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", -1);
548 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", -1);
549 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
550 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
552 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
553 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
555 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
556 sentLen = sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, dataLen);
557 if (sentLen != dataLen)
559 OIC_LOG_V(DEBUG, NET_SSL_TAG,
560 "Packet was partially sent - total/sent/remained bytes : %d/%d/%d",
561 sentLen, dataLen, (dataLen - sentLen));
566 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
570 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
576 * @param[in] tep TLS endpoint
577 * @param[in] data message
578 * @param[in] dataLen message length
580 * @return read length
582 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
584 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
585 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
586 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
588 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
589 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
590 retLen = (retLen < dataLen ? retLen : dataLen);
592 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
593 recBuf->loaded += retLen;
595 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
600 * Parse chain of X.509 certificates.
602 * @param[out] crt container for X.509 certificates
603 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
604 or DER format in a jumble, delimiting symbols does not matter.
605 * @param[in] bufLen buffer length
606 * @param[in] errNum number certificates that failed to parse
608 * @return number of successfully parsed certificates or -1 on error
610 static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, int bufLen, int * errNum)
612 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
613 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
614 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
616 char pemCertHeader[] = {
617 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
618 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
620 char pemCertFooter[] = {
621 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
622 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
624 size_t pemCertHeaderLen = sizeof(pemCertHeader);
625 size_t pemCertFooterLen = sizeof(pemCertFooter);
628 unsigned char * tmp = NULL;
636 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
638 tmp = (unsigned char *)buf + pos + 1;
639 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
640 if (pos + len < bufLen)
642 ret = mbedtls_x509_crt_parse_der(crt, buf + pos, len + 4);
650 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse_der returned -0x%04x\n", -(ret));
655 else if ((buf + pos + pemCertHeaderLen < buf + bufLen) &&
656 (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen)))
658 void * endPos = NULL;
659 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
662 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
663 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
666 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen;
667 if (pos + len + 1 <= bufLen)
669 char con = buf[pos + len];
670 buf[pos + len] = 0x00;
671 ret = mbedtls_x509_crt_parse(crt, buf + pos, len + 1);
679 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
681 buf[pos + len] = con;
685 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
686 memcpy(lastCert, buf + pos, len);
687 lastCert[len] = 0x00;
688 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
696 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
707 OIC_LOG_V(DEBUG, NET_SSL_TAG, "%s successfully parsed %d certificates", __func__, count);
708 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
715 //Loads PKIX related information from SRM
716 static int InitPKIX(CATransportAdapter_t adapter)
718 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
719 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
720 g_getPkixInfoCallback(&g_pkiInfo);
722 mbedtls_x509_crt_free(&g_caSslContext->ca);
723 mbedtls_x509_crt_free(&g_caSslContext->crt);
724 mbedtls_pk_free(&g_caSslContext->pkey);
725 mbedtls_x509_crl_free(&g_caSslContext->crl);
727 mbedtls_x509_crt_init(&g_caSslContext->ca);
728 mbedtls_x509_crt_init(&g_caSslContext->crt);
729 mbedtls_pk_init(&g_caSslContext->pkey);
730 mbedtls_x509_crl_init(&g_caSslContext->crl);
732 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ||
733 adapter == CA_ADAPTER_GATT_BTLE ?
734 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
735 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ||
736 adapter == CA_ADAPTER_GATT_BTLE ?
737 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
741 int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
744 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
749 OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
752 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
756 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
760 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
763 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
766 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
769 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
774 count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
777 OIC_LOG(ERROR, NET_SSL_TAG, "CA chain parsing error");
778 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
783 OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
786 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
789 OIC_LOG(WARNING, NET_SSL_TAG, "CRL parsing error");
790 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
794 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
795 &g_caSslContext->ca, &g_caSslContext->crl);
798 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
805 * @param[in] notUsed opaque context
806 * @param[in] ssl mbedTLS context
807 * @param[in] desc identity
808 * @param[in] descLen identity length
810 * @return 0 on success any other return value will result in a denied PSK identity
812 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
813 const unsigned char * desc, size_t descLen)
815 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
816 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
817 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
818 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
819 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
821 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
825 uint8_t keyBuf[PSK_LENGTH] = {0};
827 // Retrieve the credentials blob from security module
828 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
831 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
832 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
833 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
834 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
836 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
837 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
839 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
843 * Gets session corresponding for endpoint.
845 * @param[in] peer remote address
847 * @return TLS session or NULL
849 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
851 uint32_t listIndex = 0;
852 uint32_t listLength = 0;
853 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
854 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
856 SslEndPoint_t *tep = NULL;
857 listLength = u_arraylist_length(g_caSslContext->peerList);
858 for (listIndex = 0; listIndex < listLength; listIndex++)
860 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
866 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d] for %d adapter",
867 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port,
870 if((peer->adapter == tep->sep.endpoint.adapter)
871 && (0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
872 && (peer->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == peer->adapter))
874 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
878 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
879 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
883 #ifdef MULTIPLE_OWNER
885 * Gets CA secure endpoint info corresponding for endpoint.
887 * @param[in] peer remote address
889 * @return CASecureEndpoint or NULL
891 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
893 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
895 // TODO: Added as workaround, need to debug
896 oc_mutex_unlock(g_sslContextMutex);
898 oc_mutex_lock(g_sslContextMutex);
899 if (NULL == g_caSslContext)
901 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
902 oc_mutex_unlock(g_sslContextMutex);
906 SslEndPoint_t* sslPeer = GetSslPeer(peer);
909 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
910 oc_mutex_unlock(g_sslContextMutex);
911 return &sslPeer->sep;
914 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
915 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
916 oc_mutex_unlock(g_sslContextMutex);
922 * Deletes cached message.
924 * @param[in] msg message
926 static void DeleteCacheMessage(SslCacheMessage_t * msg)
928 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
929 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
934 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
937 * Deletes cached message list.
939 * @param[in] cacheList list of cached messages
941 static void DeleteCacheList(u_arraylist_t * cacheList)
943 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
944 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
945 uint32_t listIndex = 0;
946 uint32_t listLength = 0;
948 listLength = u_arraylist_length(cacheList);
949 for (listIndex = 0; listIndex < listLength; listIndex++)
951 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
954 DeleteCacheMessage(msg);
957 u_arraylist_free(&cacheList);
959 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
962 * Deletes endpoint with session.
964 * @param[in] tep endpoint with session info
966 static void DeleteSslEndPoint(SslEndPoint_t * tep)
968 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
969 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
971 mbedtls_ssl_free(&tep->ssl);
973 mbedtls_ssl_cookie_free(&tep->cookieCtx);
975 DeleteCacheList(tep->cacheList);
977 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
980 * Removes endpoint session from list.
982 * @param[in] endpoint remote address
984 static void RemovePeerFromList(CAEndpoint_t * endpoint)
986 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
987 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
988 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
990 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
995 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
996 && (endpoint->port == tep->sep.endpoint.port))
998 u_arraylist_remove(g_caSslContext->peerList, listIndex);
999 DeleteSslEndPoint(tep);
1005 * Deletes session list.
1007 static void DeletePeerList()
1009 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1010 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1012 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1017 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1022 ret = mbedtls_ssl_close_notify(&tep->ssl);
1024 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1026 DeleteSslEndPoint(tep);
1028 u_arraylist_free(&g_caSslContext->peerList);
1031 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
1033 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1034 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1036 oc_mutex_lock(g_sslContextMutex);
1037 if (NULL == g_caSslContext)
1039 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1040 oc_mutex_unlock(g_sslContextMutex);
1041 return CA_STATUS_FAILED;
1043 SslEndPoint_t * tep = GetSslPeer(endpoint);
1046 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1047 oc_mutex_unlock(g_sslContextMutex);
1048 return CA_STATUS_FAILED;
1050 /* No error checking, the connection might be closed already */
1054 ret = mbedtls_ssl_close_notify(&tep->ssl);
1056 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1058 RemovePeerFromList(&tep->sep.endpoint);
1059 oc_mutex_unlock(g_sslContextMutex);
1061 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1062 return CA_STATUS_OK;
1065 void CAcloseSslConnectionAll()
1067 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1068 oc_mutex_lock(g_sslContextMutex);
1069 if (NULL == g_caSslContext)
1071 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1072 oc_mutex_unlock(g_sslContextMutex);
1076 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1077 for (uint32_t i = listLength; i > 0; i--)
1079 SslEndPoint_t *tep = (SslEndPoint_t *)u_arraylist_remove(g_caSslContext->peerList, i - 1);
1084 OIC_LOG_V(DEBUG, NET_SSL_TAG, "SSL Connection [%s:%d]",
1085 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1087 // TODO: need to check below code after socket close is ensured.
1091 ret = mbedtls_ssl_close_notify(&tep->ssl);
1093 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);*/
1095 DeleteSslEndPoint(tep);
1097 oc_mutex_unlock(g_sslContextMutex);
1099 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1103 * Creates session for endpoint.
1105 * @param[in] endpoint remote address
1106 * @param[in] config mbedTLS configuration info
1108 * @return TLS endpoint or NULL
1110 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
1112 SslEndPoint_t * tep = NULL;
1113 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1114 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
1115 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
1117 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
1120 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1124 tep->sep.endpoint = *endpoint;
1125 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
1127 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
1129 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
1131 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1135 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
1136 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
1138 mbedtls_ssl_set_timer_cb(&tep->ssl, &tep->timer,
1139 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
1140 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1142 if (0 != mbedtls_ssl_cookie_setup(&tep->cookieCtx, mbedtls_ctr_drbg_random,
1143 &g_caSslContext->rnd))
1145 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
1147 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1150 mbedtls_ssl_conf_dtls_cookies(config, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
1152 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
1153 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
1155 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
1157 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1162 tep->cacheList = u_arraylist_create();
1163 if (NULL == tep->cacheList)
1165 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
1166 mbedtls_ssl_free(&tep->ssl);
1168 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1171 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1175 * Initializes PSK identity.
1177 * @param[out] config client/server config to be updated
1179 * @return 0 on success or -1 on error
1181 static int InitPskIdentity(mbedtls_ssl_config * config)
1183 uint8_t idBuf[UUID_LENGTH] = {0};
1184 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1185 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
1187 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
1189 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
1190 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1193 if (0 != mbedtls_ssl_conf_psk(config, idBuf, 0, idBuf, UUID_LENGTH))
1195 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
1196 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1199 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1202 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1205 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1206 if (NULL == g_getCredentialTypesCallback)
1208 OIC_LOG(ERROR, NET_SSL_TAG, "Param callback is null");
1212 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1213 // Retrieve the PSK credential from SRM
1214 if (0 != InitPskIdentity(config))
1216 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1219 // Retrieve the Cert credential from SRM
1220 if (true == g_caSslContext->cipherFlag[1])
1222 int ret = InitPKIX(adapter);
1225 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1229 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1230 if (SSL_CIPHER_MAX != g_caSslContext->cipher)
1232 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1236 if (true == g_caSslContext->cipherFlag[1])
1238 for (int i = 2; i < SSL_CIPHER_MAX - 2; i++)
1240 g_cipherSuitesList[index] = tlsCipher[i][0];
1244 if (true == g_caSslContext->cipherFlag[0])
1246 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1250 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1252 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1255 * Initiate TLS handshake with endpoint.
1257 * @param[in] endpoint remote address
1259 * @return TLS endpoint or NULL
1261 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1264 SslEndPoint_t * tep = NULL;
1266 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1267 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1270 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ||
1271 endpoint->adapter == CA_ADAPTER_GATT_BTLE ?
1272 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1273 tep = NewSslEndPoint(endpoint, config);
1276 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1280 //Load allowed SVR suites from SVR DB
1281 SetupCipher(config, endpoint->adapter);
1283 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Add %s:%d", tep->sep.endpoint.addr, tep->sep.endpoint.port);
1284 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1287 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1288 DeleteSslEndPoint(tep);
1292 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1294 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1295 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1301 OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
1302 RemovePeerFromList(&tep->sep.endpoint);
1305 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1307 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1310 #ifdef __WITH_DTLS__
1312 * Stops DTLS retransmission.
1314 static void StopRetransmit()
1318 unregisterTimer(g_caSslContext->timerId);
1322 void CAdeinitSslAdapter()
1324 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1326 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1327 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1329 //Lock tlsContext mutex
1330 oc_mutex_lock(g_sslContextMutex);
1335 // De-initialize mbedTLS
1336 mbedtls_x509_crt_free(&g_caSslContext->crt);
1337 mbedtls_pk_free(&g_caSslContext->pkey);
1339 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1340 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1341 #endif // __WITH_TLS__
1342 #ifdef __WITH_DTLS__
1343 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1344 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1345 #endif // __WITH_DTLS__
1346 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1347 mbedtls_entropy_free(&g_caSslContext->entropy);
1348 #ifdef __WITH_DTLS__
1351 // De-initialize tls Context
1352 OICFree(g_caSslContext);
1353 g_caSslContext = NULL;
1355 // Unlock tlsContext mutex and de-initialize it
1356 oc_mutex_unlock(g_sslContextMutex);
1357 oc_mutex_free(g_sslContextMutex);
1358 g_sslContextMutex = NULL;
1360 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1363 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1365 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1366 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1367 mbedtls_ssl_config_init(conf);
1368 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1370 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1375 * Configure mbedTLS runtime options. Many options are configured at build
1376 * time, see extlibs/mbedtls/config-iotivity.h
1378 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1379 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1380 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1381 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1383 /* Set TLS 1.2 as the minimum allowed version. */
1384 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1386 #if !defined(NDEBUG) || defined(TB_LOG)
1387 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1388 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1390 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1393 #ifdef __WITH_DTLS__
1395 * Starts DTLS retransmission.
1397 static int StartRetransmit()
1399 uint32_t listIndex = 0;
1400 uint32_t listLength = 0;
1401 SslEndPoint_t *tep = NULL;
1402 if (NULL == g_caSslContext)
1404 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
1407 oc_mutex_lock(g_sslContextMutex);
1408 if (g_caSslContext->timerId != -1)
1410 //clear previous timer
1411 unregisterTimer(g_caSslContext->timerId);
1413 listLength = u_arraylist_length(g_caSslContext->peerList);
1414 for (listIndex = 0; listIndex < listLength; listIndex++)
1416 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1418 || (tep->ssl.conf && MBEDTLS_SSL_TRANSPORT_STREAM == tep->ssl.conf->transport)
1419 || MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1423 int ret = mbedtls_ssl_handshake_step(&tep->ssl);
1425 if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
1428 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1430 SSL_CHECK_FAIL(tep, ret, "Retransmission", 1, CA_STATUS_FAILED,
1431 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1436 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1437 oc_mutex_unlock(g_sslContextMutex);
1442 CAResult_t CAinitSslAdapter()
1444 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1445 // Initialize mutex for tlsContext
1446 if (NULL == g_sslContextMutex)
1448 g_sslContextMutex = oc_mutex_new();
1449 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
1453 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
1454 return CA_STATUS_OK;
1457 // Lock tlsContext mutex and create tlsContext
1458 oc_mutex_lock(g_sslContextMutex);
1459 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1461 if (NULL == g_caSslContext)
1463 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
1464 oc_mutex_unlock(g_sslContextMutex);
1465 oc_mutex_free(g_sslContextMutex);
1466 g_sslContextMutex = NULL;
1467 return CA_MEMORY_ALLOC_FAILED;
1471 g_caSslContext->peerList = u_arraylist_create();
1473 if(NULL == g_caSslContext->peerList)
1475 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
1476 OICFree(g_caSslContext);
1477 g_caSslContext = NULL;
1478 oc_mutex_unlock(g_sslContextMutex);
1479 oc_mutex_free(g_sslContextMutex);
1480 g_sslContextMutex = NULL;
1481 return CA_STATUS_FAILED;
1484 /* Initialize TLS library
1486 #if !defined(NDEBUG) || defined(TB_LOG)
1487 #ifdef MBEDTLS_VERSION_C
1488 char version[MBED_TLS_VERSION_LEN];
1489 mbedtls_version_get_string(version);
1490 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
1492 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", MBEDTLS_VERSION_STRING);
1498 mbedtls_entropy_init(&g_caSslContext->entropy);
1499 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
1501 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
1502 &g_caSslContext->entropy,
1503 (const unsigned char*) PERSONALIZATION_STRING, sizeof(PERSONALIZATION_STRING)))
1505 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
1506 oc_mutex_unlock(g_sslContextMutex);
1507 CAdeinitSslAdapter();
1508 return CA_STATUS_FAILED;
1510 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_ON);
1513 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
1514 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
1516 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
1517 oc_mutex_unlock(g_sslContextMutex);
1518 CAdeinitSslAdapter();
1519 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1520 return CA_STATUS_FAILED;
1523 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
1524 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
1526 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
1527 oc_mutex_unlock(g_sslContextMutex);
1528 CAdeinitSslAdapter();
1529 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1530 return CA_STATUS_FAILED;
1532 #endif // __WITH_TLS__
1533 #ifdef __WITH_DTLS__
1534 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
1535 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
1537 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
1538 oc_mutex_unlock(g_sslContextMutex);
1539 CAdeinitSslAdapter();
1540 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1541 return CA_STATUS_FAILED;
1544 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
1545 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
1547 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
1548 oc_mutex_unlock(g_sslContextMutex);
1549 CAdeinitSslAdapter();
1550 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1551 return CA_STATUS_FAILED;
1553 #endif // __WITH_DTLS__
1555 // set default cipher
1556 g_caSslContext->cipher = SSL_CIPHER_MAX;
1559 mbedtls_x509_crt_init(&g_caSslContext->ca);
1560 mbedtls_x509_crt_init(&g_caSslContext->crt);
1561 mbedtls_pk_init(&g_caSslContext->pkey);
1562 mbedtls_x509_crl_init(&g_caSslContext->crl);
1564 #ifdef __WITH_DTLS__
1565 g_caSslContext->timerId = -1;
1568 oc_mutex_unlock(g_sslContextMutex);
1569 #ifdef __WITH_DTLS__
1573 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1574 return CA_STATUS_OK;
1577 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
1579 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1580 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
1583 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
1584 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1587 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
1588 if (NULL == message)
1590 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
1591 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1595 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
1596 if (NULL == message->data)
1598 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
1600 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1603 memcpy(message->data, data, dataLen);
1604 message->len = dataLen;
1605 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1609 /* Send data via TLS connection.
1611 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
1612 void *data, uint32_t dataLen)
1616 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s ", __func__);
1618 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
1619 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
1620 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
1624 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
1625 return CA_STATUS_FAILED;
1628 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
1630 oc_mutex_lock(g_sslContextMutex);
1631 if(NULL == g_caSslContext)
1633 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1634 oc_mutex_unlock(g_sslContextMutex);
1635 return CA_STATUS_FAILED;
1638 SslEndPoint_t * tep = GetSslPeer(endpoint);
1641 tep = InitiateTlsHandshake(endpoint);
1645 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
1646 oc_mutex_unlock(g_sslContextMutex);
1647 return CA_STATUS_FAILED;
1650 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1652 unsigned char *dataBuf = (unsigned char *)data;
1657 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, dataLen - written);
1660 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
1662 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned 0x%x", -ret);
1663 RemovePeerFromList(&tep->sep.endpoint);
1664 oc_mutex_unlock(g_sslContextMutex);
1665 return CA_STATUS_FAILED;
1669 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
1673 } while (dataLen > written);
1678 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
1679 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
1681 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1682 oc_mutex_unlock(g_sslContextMutex);
1683 return CA_STATUS_FAILED;
1687 oc_mutex_unlock(g_sslContextMutex);
1689 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1690 return CA_STATUS_OK;
1693 * Sends cached messages via TLS connection.
1695 * @param[in] tep remote address with session info
1697 static void SendCacheMessages(SslEndPoint_t * tep)
1699 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1700 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
1702 uint32_t listIndex = 0;
1703 uint32_t listLength = 0;
1704 listLength = u_arraylist_length(tep->cacheList);
1705 for (listIndex = 0; listIndex < listLength;)
1708 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
1709 if (NULL != msg && NULL != msg->data && 0 != msg->len)
1711 unsigned char *dataBuf = (unsigned char *)msg->data;
1716 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
1719 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
1721 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
1726 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
1730 } while (msg->len > written);
1732 if (u_arraylist_remove(tep->cacheList, listIndex))
1734 DeleteCacheMessage(msg);
1735 // Reduce list length by 1 as we removed one element.
1740 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
1746 // Move to the next element
1750 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1753 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
1755 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1756 g_sslCallback = tlsHandshakeCallback;
1757 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1760 /* Read data from TLS connection
1762 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
1765 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1766 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1767 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
1769 oc_mutex_lock(g_sslContextMutex);
1770 if (NULL == g_caSslContext)
1772 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1773 oc_mutex_unlock(g_sslContextMutex);
1774 return CA_STATUS_FAILED;
1778 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
1781 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
1782 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
1783 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1784 peer = NewSslEndPoint(&sep->endpoint, config);
1787 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1788 oc_mutex_unlock(g_sslContextMutex);
1789 return CA_STATUS_FAILED;
1791 //Load allowed TLS suites from SVR DB
1792 SetupCipher(config, sep->endpoint.adapter);
1794 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
1797 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1799 oc_mutex_unlock(g_sslContextMutex);
1800 return CA_STATUS_FAILED;
1804 peer->recBuf.buff = data;
1805 peer->recBuf.len = dataLen;
1806 peer->recBuf.loaded = 0;
1808 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
1810 ret = mbedtls_ssl_handshake_step(&peer->ssl);
1811 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1816 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
1818 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
1819 mbedtls_ssl_session_reset(&peer->ssl);
1820 mbedtls_ssl_set_client_transport_id(&peer->ssl,
1821 (const unsigned char *) sep->endpoint.addr,
1822 sizeof(sep->endpoint.addr));
1823 ret = mbedtls_ssl_handshake_step(&peer->ssl);
1825 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
1828 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
1829 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
1830 CA_STATUS_FAILED, GetAlertCode(flags));
1832 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1833 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
1835 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
1836 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
1838 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
1840 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
1843 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
1845 SSL_RES(peer, CA_STATUS_OK);
1846 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
1848 SendCacheMessages(peer);
1851 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->selectedCipher &&
1852 MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != g_caSslContext->selectedCipher)
1854 char uuid[UUID_LENGTH * 2 + 5] = {0};
1855 void * uuidPos = NULL;
1856 void * userIdPos = NULL;
1857 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
1858 ret = (NULL == peerCert ? -1 : 0);
1859 SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
1860 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
1861 uuidPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
1862 UUID_PREFIX, sizeof(UUID_PREFIX) - 1);
1864 if (NULL != uuidPos)
1866 memcpy(uuid, (char*) uuidPos + sizeof(UUID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
1867 OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s" , uuid);
1868 ret = (OCConvertStringToUuid(uuid, peer->sep.identity.id)) ? 0 : -1;
1869 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
1870 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
1874 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
1877 userIdPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
1878 USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
1879 if (NULL != userIdPos)
1881 memcpy(uuid, (char*) userIdPos + sizeof(USERID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
1882 ret = (OCConvertStringToUuid(uuid, peer->sep.userId.id)) ? 0 : -1;
1883 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject alt name", 1,
1884 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
1888 OIC_LOG(WARNING, NET_SSL_TAG, "Subject alternative name not found");
1892 oc_mutex_unlock(g_sslContextMutex);
1893 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1894 return CA_STATUS_OK;
1898 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
1900 uint8_t decryptBuffer[TLS_MSG_BUF_LEN] = {0};
1903 ret = mbedtls_ssl_read(&peer->ssl, decryptBuffer, TLS_MSG_BUF_LEN);
1904 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
1906 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
1907 // TinyDTLS sends fatal close_notify alert
1908 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
1909 MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
1910 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
1912 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
1913 RemovePeerFromList(&peer->sep.endpoint);
1914 oc_mutex_unlock(g_sslContextMutex);
1915 return CA_STATUS_OK;
1920 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
1921 //SSL_RES(peer, CA_STATUS_FAILED);
1922 RemovePeerFromList(&peer->sep.endpoint);
1923 oc_mutex_unlock(g_sslContextMutex);
1924 return CA_STATUS_FAILED;
1928 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
1929 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
1931 g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep, decryptBuffer, ret);
1935 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
1936 RemovePeerFromList(&peer->sep.endpoint);
1937 oc_mutex_unlock(g_sslContextMutex);
1938 return CA_STATUS_FAILED;
1943 oc_mutex_unlock(g_sslContextMutex);
1944 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1945 return CA_STATUS_OK;
1948 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
1949 CAPacketSendCallback sendCallback,
1950 CATransportAdapter_t type)
1952 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1953 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
1954 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
1955 oc_mutex_lock(g_sslContextMutex);
1956 if (NULL == g_caSslContext)
1958 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1959 oc_mutex_unlock(g_sslContextMutex);
1966 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
1967 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
1969 case CA_ADAPTER_TCP:
1970 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
1971 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
1973 case CA_ADAPTER_GATT_BTLE:
1974 g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
1975 g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
1978 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
1981 oc_mutex_unlock(g_sslContextMutex);
1982 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1985 * Gets index of the TLS ciphersuite in the SslCipher_t enum.
1987 * @param[in] cipher TLS chiphersuite code
1989 * @return corresponding enum
1992 static SslCipher_t GetCipherIndex(const uint32_t cipher)
1996 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
1998 return SSL_RSA_WITH_AES_256_CBC_SHA256;
2000 case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
2002 return SSL_RSA_WITH_AES_128_GCM_SHA256;
2004 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
2006 return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
2008 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
2010 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
2012 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
2014 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
2016 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
2018 return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
2020 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
2022 return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
2024 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
2026 return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
2028 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
2030 return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
2032 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
2034 return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
2036 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
2038 return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
2042 return SSL_CIPHER_MAX;
2047 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
2049 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2050 CAResult_t res = CA_STATUS_FAILED;
2051 SslCipher_t index = GetCipherIndex(cipher);
2052 if (SSL_CIPHER_MAX == index)
2054 OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
2059 CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
2060 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2062 #ifdef __WITH_DTLS__
2063 CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
2064 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2066 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
2068 g_caSslContext->cipher = index;
2070 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2071 return CA_STATUS_OK;
2074 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
2076 CAResult_t res = CA_STATUS_OK;
2077 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2078 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2079 oc_mutex_lock(g_sslContextMutex);
2080 if (NULL == InitiateTlsHandshake(endpoint))
2082 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2083 res = CA_STATUS_FAILED;
2085 oc_mutex_unlock(g_sslContextMutex);
2086 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2090 * Expands the secret into blocks of data according
2091 * to the algorithm specified in section 5 of RFC 4346
2093 * This function writes upto @p bufLen bytes into the given output buffer @p buf
2095 * @param key secret key.
2096 * @param keyLen secret key length.
2097 * @param label A PRF label.
2098 * @param labelLen Actual length of @p label.
2099 * @param random1 Random seed.
2100 * @param random1Len Actual length of @p random1 (may be zero).
2101 * @param random2 Random seed.
2102 * @param random2Len Actual length of @p random2 (may be zero).
2103 * @param buf Output buffer for generated random data.
2104 * @param bufLen Maximum size of @p buf.
2106 * @return The actual number of bytes written to @p buf or @c -1 on error.
2109 static int pHash (const unsigned char *key, size_t keyLen,
2110 const unsigned char *label, size_t labelLen,
2111 const unsigned char *random1, size_t random1Len,
2112 const unsigned char *random2, size_t random2Len,
2113 unsigned char *buf, size_t bufLen)
2115 unsigned char A[RANDOM_LEN] = {0};
2116 unsigned char tmp[RANDOM_LEN] = {0};
2117 size_t dLen; /* digest length */
2118 size_t len = 0; /* result length */
2120 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
2121 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
2122 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
2123 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
2124 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
2126 mbedtls_md_context_t hmacA;
2127 mbedtls_md_context_t hmacP;
2129 mbedtls_md_init(&hmacA);
2130 mbedtls_md_init(&hmacP);
2132 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2133 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2135 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
2136 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
2137 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
2138 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
2139 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2143 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2145 while (len + dLen < bufLen)
2147 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2148 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2149 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2150 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2151 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2152 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2154 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2158 memcpy(buf, tmp, dLen);
2161 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
2162 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
2163 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
2164 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2167 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2168 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2169 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2171 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2172 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2173 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2174 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2176 memcpy(buf, tmp, bufLen - len);
2178 mbedtls_md_free(&hmacA);
2179 mbedtls_md_free(&hmacP);
2181 // exit label required for CHECK_MBEDTLS_RET macro
2183 mbedtls_md_free(&hmacA);
2184 mbedtls_md_free(&hmacP);
2188 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
2189 const uint8_t* label, const size_t labelLen,
2190 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
2191 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
2192 uint8_t* ownerPsk, const size_t ownerPskSize)
2194 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2195 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
2196 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
2197 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
2198 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
2199 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
2201 // TODO: Added as workaround, need to debug
2202 oc_mutex_unlock(g_sslContextMutex);
2204 oc_mutex_lock(g_sslContextMutex);
2205 if (NULL == g_caSslContext)
2207 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2208 oc_mutex_unlock(g_sslContextMutex);
2209 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2210 return CA_STATUS_FAILED;
2212 SslEndPoint_t * tep = GetSslPeer(endpoint);
2215 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
2216 oc_mutex_unlock(g_sslContextMutex);
2217 return CA_STATUS_FAILED;
2220 // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
2224 int keyBlockLen = 0;
2225 if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2226 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2227 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2228 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
2230 // 2 * ( 32 + 0 + 16 ) = 96
2231 macKeyLen = SHA256_MAC_KEY_LENGTH;
2232 ivSize = CBC_IV_LENGTH;
2233 keySize = AES128_KEY_LENGTH;
2235 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
2236 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
2238 // 2 * ( 0 + 4 + 16 ) = 40
2239 macKeyLen = CCM_MAC_KEY_LENGTH;
2240 ivSize = CCM_IV_LENGTH;
2241 keySize = AES128_KEY_LENGTH;
2243 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2245 // 2 * ( 32 + 12 + 16 ) = 120
2246 macKeyLen = SHA256_MAC_KEY_LENGTH;
2247 ivSize = GCM_IV_LENGTH;
2248 keySize = AES128_KEY_LENGTH;
2250 else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
2252 // 2 * ( 32 + 0 + 32 ) = 128
2253 macKeyLen = SHA256_MAC_KEY_LENGTH;
2254 ivSize = CBC_IV_LENGTH;
2255 keySize = AES256_KEY_LENGTH;
2257 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
2259 // 2 * ( 48 + 0 + 32 ) = 160
2260 macKeyLen = SHA384_MAC_KEY_LENGTH;
2261 ivSize = CBC_IV_LENGTH;
2262 keySize = AES256_KEY_LENGTH;
2264 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
2266 // 2 * ( 48 + 12 + 32 ) = 184
2267 macKeyLen = SHA384_MAC_KEY_LENGTH;
2268 ivSize = GCM_IV_LENGTH;
2269 keySize = AES256_KEY_LENGTH;
2271 else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2273 // 2 * ( 48 + 12 + 32 ) = 184
2274 macKeyLen = SHA256_MAC_KEY_LENGTH;
2275 ivSize = GCM_IV_LENGTH;
2276 keySize = AES128_KEY_LENGTH;
2278 keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
2280 uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
2281 if (NULL == keyblock)
2283 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
2284 oc_mutex_unlock(g_sslContextMutex);
2285 return CA_STATUS_FAILED;
2289 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
2290 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
2291 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
2292 keyblock, keyBlockLen);
2295 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2297 oc_mutex_unlock(g_sslContextMutex);
2298 return CA_STATUS_FAILED;
2301 ret = pHash(keyblock, keyBlockLen, label, labelLen,
2302 rsrcServerDeviceId, rsrcServerDeviceIdLen,
2303 provServerDeviceId, provServerDeviceIdLen,
2304 ownerPsk, ownerPskSize);
2307 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2309 oc_mutex_unlock(g_sslContextMutex);
2310 return CA_STATUS_FAILED;
2314 oc_mutex_unlock(g_sslContextMutex);
2316 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2317 return CA_STATUS_OK;