1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
21 #define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
30 #include "ca_adapter_net_ssl.h"
32 #include "caadapterutils.h"
33 #include "cainterface.h"
34 #include "caipinterface.h"
35 #include "oic_malloc.h"
37 #include "byte_array.h"
42 // headers required for mbed TLS
43 #include "mbedtls/platform.h"
44 #include "mbedtls/ssl.h"
45 #include "mbedtls/entropy.h"
46 #include "mbedtls/ctr_drbg.h"
47 #include "mbedtls/pkcs12.h"
48 #include "mbedtls/ssl_internal.h"
49 #include "mbedtls/net.h"
51 #include "mbedtls/timing.h"
52 #include "mbedtls/ssl_cookie.h"
54 #include "pkix_interface.h"
56 #if !defined(NDEBUG) || defined(TB_LOG)
57 #include "mbedtls/debug.h"
58 #include "mbedtls/version.h"
62 #include <sys/types.h>
70 * @def MBED_TLS_VERSION_LEN
71 * @brief mbedTLS version string length
73 #define MBED_TLS_VERSION_LEN (16)
76 * @brief Seed for initialization RNG
78 #define SEED "IOTIVITY_RND"
81 * @brief uuid prefix in certificate subject field
83 #define UUID_PREFIX "uuid:"
86 * @brief userid prefix in certificate alternative subject name field
88 #define USERID_PREFIX "userid:"
92 * @brief Logging tag for module name
94 #define NET_SSL_TAG "OIC_CA_NET_SSL"
97 * @brief Logging tag for mbedTLS library
99 #define MBED_TLS_TAG "MBED_TLS"
101 * @def MMBED_TLS_DEBUG_LEVEL
102 * @brief Logging level for mbedTLS library
104 #define MBED_TLS_DEBUG_LEVEL (4)
107 * @def TLS_MSG_BUF_LEN
108 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
110 #if defined (__TIZENRT__)
111 #define TLS_MSG_BUF_LEN (2048)
113 #define TLS_MSG_BUF_LEN (16384)
118 * @brief PSK keys max length
120 #define PSK_LENGTH (256/8)
122 * @def UUID_LENGTHPSK_LENGTH
123 * @brief Identity max length
125 #define UUID_LENGTH (128/8)
127 * @def MASTER_SECRET_LEN
128 * @brief TLS master secret length
130 #define MASTER_SECRET_LEN (48)
133 * @brief TLS client and server random bytes length
135 #define RANDOM_LEN (32)
137 * @def SHA384_MAC_KEY_LENGTH
138 * @brief MAC key length for SHA384 cipher suites
140 #define SHA384_MAC_KEY_LENGTH (48)
142 * @def SHA256_MAC_KEY_LENGTH
143 * @brief MAC key length for SHA256 cipher suites
145 #define SHA256_MAC_KEY_LENGTH (32)
147 * @def CCM_MAC_KEY_LENGTH
148 * @brief MAC key length for CCM cipher suites
150 #define CCM_MAC_KEY_LENGTH (0)
152 * @def AES256_KEY_LENGTH
153 * @brief key material length for AES256 cipher suites
155 #define AES256_KEY_LENGTH (32)
157 * @def AES128_KEY_LENGTH
158 * @brief key material length for AES128 cipher suites
160 #define AES128_KEY_LENGTH (16)
163 * @brief length of nonce for GCM cipher suites
165 #define GCM_IV_LENGTH (12)
168 * @brief length of nonce for CCM cipher suites
170 #define CCM_IV_LENGTH (4)
173 * @brief length of nonce for CBC cipher suites
175 #define CBC_IV_LENGTH (0)
178 * @var RETRANSMISSION_TIME
179 * @brief Maximum timeout value (in seconds) to start DTLS retransmission.
181 #define RETRANSMISSION_TIME 1
183 /**@def SSL_CLOSE_NOTIFY(peer, ret)
185 * Notifies of existing \a peer about closing TLS connection.
187 * @param[in] peer remote peer
188 * @param[in] ret used internaly
190 #define SSL_CLOSE_NOTIFY(peer, ret) \
193 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
194 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
196 /**@def SSL_RES(peer, status)
198 * Sets SSL result for callback.
200 * @param[in] peer remote peer
202 #define SSL_RES(peer, status) \
205 CAErrorInfo_t errorInfo; \
206 errorInfo.result = (status); \
207 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
209 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
211 * Checks handshake result and send alert if needed.
213 * @param[in] peer remote peer
214 * @param[in] ret error code
215 * @param[in] str debug string
216 * @param[in] mutex ca mutex
217 * @param[in] error if code does not equal to -1 returns error code
218 * @param[in] msg allert message
220 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
221 if (0 != (ret) && MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) && \
222 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
223 MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
224 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
225 MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) && \
226 MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) && \
227 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) && \
228 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) && \
229 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) && \
230 MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) && \
231 MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) && \
232 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) && \
233 MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) && \
234 MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) && \
235 MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) && \
236 MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) && \
237 MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) && \
238 MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) && \
239 MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret)) \
241 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
242 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) && \
243 (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret)) \
245 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
247 RemovePeerFromList(&(peer)->sep.endpoint); \
250 oc_mutex_unlock(g_sslContextMutex); \
252 if ((int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int)(ret)) \
254 SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE); \
256 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
257 if (-1 != (intptr_t)error) \
263 /**@def CONF_SSL(clientConf, serverConf, fn, ...)
265 * Calls \a fn for \a clientConf and \a serverConf.
268 #define CONF_SSL(clientConf, serverConf, fn, ...) do { \
269 fn((clientConf), __VA_ARGS__); \
270 fn((serverConf), __VA_ARGS__); \
273 /** @def CHECK_MBEDTLS_RET(f, ...)
274 * A macro that checks \a f function return code
276 * If function returns error code it goes to error processing.
278 * @param[in] f Function to call
280 #define CHECK_MBEDTLS_RET(f, ...) do { \
281 int ret = (f)(__VA_ARGS__); \
283 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
289 SSL_RSA_WITH_AES_256_CBC_SHA256,
290 SSL_RSA_WITH_AES_128_GCM_SHA256,
291 SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
292 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
293 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
294 SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
295 SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
296 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
297 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
298 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
299 SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
300 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
301 SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
307 ADAPTER_CURVE_SECP256R1,
311 static const int tlsCipher[SSL_CIPHER_MAX][2] =
313 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
314 {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
315 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
316 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
317 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
318 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
319 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
320 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
321 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
322 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
323 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
324 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
325 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
328 static int g_cipherSuitesList[SSL_CIPHER_MAX];
330 static int g_ssl_ordered_default_hashes[] = {
331 #if defined(MBEDTLS_SHA256_C)
335 #if defined(MBEDTLS_SHA1_C)
341 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
343 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
346 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
353 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
354 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
355 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
356 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
357 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
358 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
359 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
360 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
361 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
362 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
363 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
364 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
365 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
366 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
367 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
368 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
369 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
370 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
371 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
372 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
373 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
377 static int GetAlertCode(uint32_t flags)
379 const CrtVerifyAlert_t *cur;
381 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
383 if (flags & cur->code)
391 #if !defined(NDEBUG) || defined(TB_LOG)
393 * Pass a message to the OIC logger.
395 * @param[in] ctx opaque context for the callback
396 * @param[in] level debug level
397 * @param[in] file file name
398 * @param[in] line line number
399 * @param[in] str message
401 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
408 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
412 #if defined(_WIN32) || defined (__TIZENRT__)
414 * Finds the first occurrence of the byte string s in byte string l.
417 static void * memmem(const void *l, size_t lLen, const void *s, size_t sLen)
421 const char *cl = (const char *)l;
422 const char *cs = (const char *)s;
424 if (lLen == 0 || sLen == 0)
434 return (void *)memchr(l, (int)*cs, lLen);
437 last = (char *)cl + lLen - sLen;
439 for (cur = (char *)cl; cur <= last; cur++)
441 if (cur[0] == cs[0] && memcmp(cur, cs, sLen) == 0)
450 * structure to holds the information of cache message and address info.
452 typedef ByteArray_t SslCacheMessage_t;
456 * Data structure for holding the send and recv callbacks.
458 typedef struct TlsCallBacks
460 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
461 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
465 * Data structure for holding the mbedTLS interface related info.
467 typedef struct SslContext
469 u_arraylist_t *peerList; /**< peer list which holds the mapping between
470 peer id, it's n/w address and mbedTLS context. */
471 mbedtls_entropy_context entropy;
472 mbedtls_ctr_drbg_context rnd;
474 mbedtls_x509_crt crt;
475 mbedtls_pk_context pkey;
477 mbedtls_ssl_config clientTlsConf;
478 mbedtls_ssl_config serverTlsConf;
479 mbedtls_ssl_config clientDtlsConf;
480 mbedtls_ssl_config serverDtlsConf;
483 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
484 mbedtls_x509_crl crl;
489 mbedtls_ssl_cookie_ctx cookieCtx;
495 * @var g_caSslContext
496 * @brief global context which holds tls context and cache list information.
498 static SslContext_t * g_caSslContext = NULL;
500 static SslExportKeysCallback_t gTlsExportKeysCallback = NULL;
502 static SslExportKeysCallback_t gDtlsExportKeysCallback = NULL;
505 * @var g_getCredentialsCallback
506 * @brief callback to get TLS credentials (same as for DTLS)
508 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
510 * @var g_getCerdentilTypesCallback
511 * @brief callback to get different credential types from SRM
513 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
515 * @var g_getPkixInfoCallback
517 * @brief callback to get X.509-based Public Key Infrastructure
519 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
522 * @var g_setupPkContextCallback
524 * @brief callback to setup PK context handler for H/W based Public Key Infrastructure
526 static CAsetupPkContextHandler g_setupPkContextCallback = NULL;
529 * @var g_dtlsContextMutex
530 * @brief Mutex to synchronize access to g_caSslContext.
532 static oc_mutex g_sslContextMutex = NULL;
536 * @brief callback to deliver the TLS handshake result
538 static CAErrorCallback g_sslCallback = NULL;
541 * Data structure for PeerCertCallback.
547 } PeerCertCallback_t;
550 * @var g_peerCertCallback
552 * @brief callback to utilize peer certificate information
554 static PeerCertCallback_t g_peerCertCallback = {NULL, NULL};
557 * @var g_decryptBuffer
558 * @brief decrypt buffer which will be used for decryption
560 static uint8_t *g_decryptBuffer = NULL;
563 * Data structure for holding the data to be received.
565 typedef struct SslRecBuf
572 * Data structure for holding the data related to endpoint
575 typedef struct SslEndPoint
577 mbedtls_ssl_context ssl;
578 CASecureEndpoint_t sep;
579 u_arraylist_t * cacheList;
581 uint8_t master[MASTER_SECRET_LEN];
582 uint8_t random[2*RANDOM_LEN];
584 mbedtls_timing_delay_context timer;
585 #endif // __WITH_DTLS__
588 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
590 // TODO Does this method needs protection of tlsContextMutex?
591 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
592 g_getCredentialsCallback = credCallback;
593 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
596 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
598 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
599 g_getPkixInfoCallback = infoCallback;
600 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
603 void CAsetSetupPkContextCallback(CAsetupPkContextHandler setupPkCtxCallback)
605 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
606 g_setupPkContextCallback = setupPkCtxCallback;
607 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
610 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
612 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
613 g_getCredentialTypesCallback = credTypesCallback;
614 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
617 static int GetAdapterIndex(CATransportAdapter_t adapter)
625 case CA_ADAPTER_GATT_BTLE:
628 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
635 * @param[in] tep TLS endpoint
636 * @param[in] data message
637 * @param[in] dataLen message length
639 * @return message length or -1 on error.
641 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
643 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
644 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", -1);
645 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", -1);
646 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
647 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
648 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
650 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
651 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
653 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
654 sentLen = sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, dataLen);
657 OIC_LOG_V(ERROR, NET_SSL_TAG, "sendCallback() is Failed(%zd)", sentLen);
660 else if ((size_t)sentLen != dataLen)
662 OIC_LOG_V(DEBUG, NET_SSL_TAG,
663 "Packet was partially sent - total/sent/remained bytes : %zd/%zu/%zu",
664 sentLen, dataLen, (dataLen - sentLen));
669 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
673 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
679 * @param[in] tep TLS endpoint
680 * @param[in] data message
681 * @param[in] dataLen message length
683 * @return read length
685 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
687 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
688 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
689 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
691 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
692 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
693 retLen = (retLen < dataLen ? retLen : dataLen);
695 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
696 recBuf->loaded += retLen;
698 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
702 static int CASslExportKeysHandler(void *p_expkey,
703 const unsigned char *ms,
704 const unsigned char *kb,
709 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
711 if (NULL == g_caSslContext)
713 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
714 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
716 if (NULL == p_expkey)
718 OIC_LOG(ERROR, NET_SSL_TAG, "Can not find the protocol information from 'p_expkey'.");
719 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
722 CASslEkcbProtocol_t* protocol = (CASslEkcbProtocol_t*)p_expkey;
724 if (gTlsExportKeysCallback && CA_SSL_EKCB_TLS == (*protocol))
726 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking TLS export key callback.");
727 gTlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
729 else if (gDtlsExportKeysCallback && CA_SSL_EKCB_DTLS == (*protocol))
731 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking DTLS export key callback.");
732 gDtlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
736 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to Invoke (D)TLS export key callback.");
737 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
740 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
744 CAResult_t CASetSslExportKeysCallback(SslExportKeysCallback_t exportKeysCb,
745 CASslEkcbProtocol_t protocol, CASslEkcbRole_t role)
747 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
748 mbedtls_ssl_config* sslConf = NULL;
749 static CASslEkcbProtocol_t protocolCtx = CA_SSL_EKCB_TLS;
751 if (CA_SSL_EKCB_TLS != protocol && CA_SSL_EKCB_DTLS != protocol)
753 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild protocol.");
754 return CA_STATUS_INVALID_PARAM;
756 if (CA_SSL_EKCB_CLIENT != role && CA_SSL_EKCB_SERVER != role)
758 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild role.");
759 return CA_STATUS_INVALID_PARAM;
762 OIC_LOG_V(DEBUG, NET_SSL_TAG, "TLS Export Key Callback Type : [%s] [%s]",
763 (CA_SSL_EKCB_TLS == protocol ? "TLS" : "DTLS"),
764 (CA_SSL_EKCB_CLIENT == role ? "Client" : "Server"));
766 oc_mutex_lock(g_sslContextMutex);
767 if (NULL == g_caSslContext)
769 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
770 oc_mutex_unlock(g_sslContextMutex);
771 return CA_STATUS_NOT_INITIALIZED;
774 if (CA_SSL_EKCB_TLS == protocol)
776 gTlsExportKeysCallback = exportKeysCb;
777 if (CA_SSL_EKCB_CLIENT == role)
779 sslConf = &g_caSslContext->clientTlsConf;
783 sslConf = &g_caSslContext->serverTlsConf;
788 gDtlsExportKeysCallback = exportKeysCb;
789 if (CA_SSL_EKCB_CLIENT == role)
791 sslConf = &g_caSslContext->clientDtlsConf;
795 sslConf = &g_caSslContext->serverDtlsConf;
798 protocolCtx = protocol;
800 if (NULL == exportKeysCb)
802 mbedtls_ssl_conf_export_keys_cb(sslConf, NULL, NULL);
803 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback unregistered.");
807 mbedtls_ssl_conf_export_keys_cb(sslConf, CASslExportKeysHandler, (void*)(&protocolCtx));
808 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback registered.");
810 oc_mutex_unlock(g_sslContextMutex);
812 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
818 * Parse chain of X.509 certificates.
820 * @param[out] crt container for X.509 certificates
821 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
822 or DER format in a jumble, delimiting symbols does not matter.
823 * @param[in] bufLen buffer length
824 * @param[in] errNum number certificates that failed to parse
826 * @return number of successfully parsed certificates or -1 on error
828 static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, size_t bufLen, int * errNum)
830 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
831 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
832 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
834 char pemCertHeader[] = {
835 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
836 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
838 char pemCertFooter[] = {
839 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
840 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
842 size_t pemCertHeaderLen = sizeof(pemCertHeader);
843 size_t pemCertFooterLen = sizeof(pemCertFooter);
846 unsigned char * tmp = NULL;
854 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
856 tmp = (unsigned char *)buf + pos + 1;
857 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
858 if (pos + len < bufLen)
860 ret = mbedtls_x509_crt_parse_der(crt, buf + pos, len + 4);
868 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse_der returned -0x%04x\n", -(ret));
873 else if ((buf + pos + pemCertHeaderLen < buf + bufLen) &&
874 (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen)))
876 void * endPos = NULL;
877 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
880 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
881 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
884 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen;
885 if (pos + len + 1 <= bufLen)
887 char con = buf[pos + len];
888 buf[pos + len] = 0x00;
889 ret = mbedtls_x509_crt_parse(crt, buf + pos, len + 1);
897 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
899 buf[pos + len] = con;
903 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
904 memcpy(lastCert, buf + pos, len);
905 lastCert[len] = 0x00;
906 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
914 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
925 OIC_LOG_V(INFO, NET_SSL_TAG, "%s successfully parsed %d certificates", __func__, count);
926 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
933 static int VerifyCertificateCallback(void *p_vrfy, mbedtls_x509_crt *crt, int depth,
937 char buf[1024] = {0};
939 if (0 != *flags) // Invalid Cerificate
942 ret = mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags);
945 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s(%d)", buf, *flags);
950 if (NULL == g_peerCertCallback.cb)
952 OIC_LOG(DEBUG, NET_SSL_TAG, "NOT SET g_peerCertCallback");
958 * depth = 0 : Own Cert.
959 * depth = 1 : Sub CA Cert.
960 * depth = 2 : Root CA Cert.
962 OIC_LOG_V(INFO, NET_SSL_TAG, "Depth : %d", depth);
964 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
965 OIC_LOG_V(DEBUG, NET_SSL_TAG, "crt : %s", buf);
967 return g_peerCertCallback.cb(g_peerCertCallback.ctx, crt, depth);
970 CAResult_t CAsetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback)
972 #ifndef __WITH_DTLS__
974 UNUSED(peerCertCallback);
975 OIC_LOG(ERROR, NET_SSL_TAG, "Not Supported");
976 return CA_NOT_SUPPORTED;
979 if (peerCertCallback)
981 OIC_LOG(DEBUG, NET_SSL_TAG, "SET peerCertCallback");
982 g_peerCertCallback.cb = peerCertCallback;
983 g_peerCertCallback.ctx = ctx;
987 OIC_LOG(DEBUG, NET_SSL_TAG, "UNSET peerCertCallback");
988 g_peerCertCallback.cb = NULL;
989 g_peerCertCallback.ctx = NULL;
994 //Loads PKIX related information from SRM
995 static int InitPKIX(CATransportAdapter_t adapter)
997 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
998 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
999 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1001 mbedtls_x509_crt_free(&g_caSslContext->ca);
1002 mbedtls_x509_crt_free(&g_caSslContext->crt);
1003 mbedtls_pk_free(&g_caSslContext->pkey);
1004 mbedtls_x509_crl_free(&g_caSslContext->crl);
1006 mbedtls_x509_crt_init(&g_caSslContext->ca);
1007 mbedtls_x509_crt_init(&g_caSslContext->crt);
1008 mbedtls_pk_init(&g_caSslContext->pkey);
1009 mbedtls_x509_crl_init(&g_caSslContext->crl);
1011 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ||
1012 adapter == CA_ADAPTER_GATT_BTLE ?
1013 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1014 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ||
1015 adapter == CA_ADAPTER_GATT_BTLE ?
1016 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1018 #ifdef __WITH_DTLS__
1020 * Conf. is initialized in CAinitSslAdapter()
1022 mbedtls_ssl_conf_verify(&g_caSslContext->clientDtlsConf, VerifyCertificateCallback, NULL);
1025 // load pk key, cert, trust chain and crl
1026 if (g_getPkixInfoCallback)
1028 OIC_LOG(INFO, NET_SSL_TAG, "g_getPkixInfoCallback will be invoked");
1029 g_getPkixInfoCallback(&g_pkiInfo);
1032 // parse own certficate (optional)
1035 int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
1038 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
1043 OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
1047 // parse private key if hw is not supported (optional)
1048 if(NULL == g_setupPkContextCallback)
1050 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback is NULL");
1051 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
1056 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback will be invoked");
1057 // setup hw pk context (optional)
1058 ret = g_setupPkContextCallback(&g_caSslContext->pkey);
1061 // setup public parameter
1062 mbedtls_pk_type_t ktype = mbedtls_pk_get_type(&g_caSslContext->pkey);
1063 if (MBEDTLS_PK_ECKEY == ktype || MBEDTLS_PK_ECKEY_DH == ktype
1064 || MBEDTLS_PK_ECDSA == ktype)
1066 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Copy ecp public param from cert, keytype [%d]", ktype);
1067 mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair*)g_caSslContext->crt.pk.pk_ctx;
1068 mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context*)g_caSslContext->pkey.pk_ctx;
1071 ret = mbedtls_ecdsa_from_keypair(ecdsa, eckey);
1074 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to copy public param [0x%x]", ret);
1079 OIC_LOG_V(WARNING, NET_SSL_TAG, "key-ctx(%p), cert-ctx(%p)", ecdsa, eckey);
1085 OIC_LOG_V(INFO, NET_SSL_TAG, "loaded key is not one of eckey type [%d]", ktype);
1090 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to call g_setupPkContextCallback [%d]", ret);
1095 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
1099 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1102 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
1105 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1108 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
1113 count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
1116 OIC_LOG(WARNING, NET_SSL_TAG, "CA chain in svr db was not parsed");
1117 OIC_LOG(WARNING, NET_SSL_TAG, " but if working as server, chain not required");
1118 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1123 OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
1126 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
1129 OIC_LOG(WARNING, NET_SSL_TAG, "CRL in svr db was not parsed");
1130 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
1134 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
1135 &g_caSslContext->ca, &g_caSslContext->crl);
1138 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1145 * @param[in] notUsed opaque context
1146 * @param[in] ssl mbedTLS context
1147 * @param[in] desc identity
1148 * @param[in] descLen identity length
1150 * @return 0 on success any other return value will result in a denied PSK identity
1152 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
1153 const unsigned char * desc, size_t descLen)
1155 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1156 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
1157 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
1158 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
1159 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
1161 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
1165 uint8_t keyBuf[PSK_LENGTH] = {0};
1167 // Retrieve the credentials blob from security module
1168 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
1171 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
1172 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
1173 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
1174 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
1176 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1177 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
1179 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
1184 * Gets session corresponding for endpoint.
1186 * @param[in] peer remote address
1188 * @return TLS session or NULL
1190 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
1192 uint32_t listIndex = 0;
1193 uint32_t listLength = 0;
1194 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1195 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
1196 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1198 SslEndPoint_t *tep = NULL;
1199 listLength = u_arraylist_length(g_caSslContext->peerList);
1200 for (listIndex = 0; listIndex < listLength; listIndex++)
1202 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1208 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d] for %d adapter",
1209 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port,
1212 if((peer->adapter == tep->sep.endpoint.adapter)
1213 && (0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
1214 && (peer->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == peer->adapter))
1216 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Found Peer:[%s:%d] for %d adapter",
1217 peer->addr, peer->port, peer->adapter);
1218 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1222 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1223 peer->addr, peer->port, peer->adapter);
1224 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1228 bool CAIsExistSslPeer(const CAEndpoint_t *peer)
1230 oc_mutex_lock(g_sslContextMutex);
1231 if (NULL == g_caSslContext)
1233 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1234 oc_mutex_unlock(g_sslContextMutex);
1238 if (GetSslPeer(peer))
1240 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Exist Peer");
1241 oc_mutex_unlock(g_sslContextMutex);
1246 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Not Exist Peer");
1247 oc_mutex_unlock(g_sslContextMutex);
1253 * Gets session corresponding for endpoint.
1255 * @param[in] peer remote address
1257 * @return TLS session or NULL
1259 static SslEndPoint_t *GetSslPeerUsingUuid(const uint8_t *identity, size_t idLength)
1261 uint32_t listIndex = 0;
1262 uint32_t listLength = 0;
1263 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1264 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL", NULL);
1265 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1267 OIC_LOG(INFO, NET_SSL_TAG, "[Target UUID]");
1268 OIC_LOG_BUFFER(INFO, NET_SSL_TAG, identity, idLength);
1270 SslEndPoint_t *tep = NULL;
1271 listLength = u_arraylist_length(g_caSslContext->peerList);
1272 for (listIndex = 0; listIndex < listLength; listIndex++)
1274 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1280 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare UUID for [%s:%d]",
1281 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1283 if ((tep->sep.identity.id_length == idLength)
1284 && (0 == memcmp(identity, tep->sep.identity.id, idLength)))
1286 OIC_LOG_V(INFO, NET_SSL_TAG, "Found matched UUID in [%s:%d]",
1287 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1288 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1292 OIC_LOG(INFO, NET_SSL_TAG, "Peer not found");
1293 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1298 #ifdef MULTIPLE_OWNER
1300 * Gets CA secure endpoint info corresponding for endpoint.
1302 * @param[in] peer remote address
1304 * @return CASecureEndpoint or NULL
1306 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
1308 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1310 // TODO: Added as workaround, need to debug
1311 oc_mutex_unlock(g_sslContextMutex);
1313 oc_mutex_lock(g_sslContextMutex);
1314 if (NULL == g_caSslContext)
1316 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1317 oc_mutex_unlock(g_sslContextMutex);
1321 SslEndPoint_t* sslPeer = GetSslPeer(peer);
1324 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1325 oc_mutex_unlock(g_sslContextMutex);
1326 return &sslPeer->sep;
1329 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
1330 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1331 oc_mutex_unlock(g_sslContextMutex);
1337 * Deletes cached message.
1339 * @param[in] msg message
1341 static void DeleteCacheMessage(SslCacheMessage_t * msg)
1343 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1344 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
1349 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1352 * Deletes cached message list.
1354 * @param[in] cacheList list of cached messages
1356 static void DeleteCacheList(u_arraylist_t * cacheList)
1358 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1359 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
1360 uint32_t listIndex = 0;
1361 uint32_t listLength = 0;
1363 listLength = u_arraylist_length(cacheList);
1364 for (listIndex = 0; listIndex < listLength; listIndex++)
1366 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
1369 DeleteCacheMessage(msg);
1372 u_arraylist_free(&cacheList);
1374 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1377 * Deletes endpoint with session.
1379 * @param[in] tep endpoint with session info
1381 static void DeleteSslEndPoint(SslEndPoint_t * tep)
1383 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1384 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
1386 mbedtls_ssl_free(&tep->ssl);
1387 DeleteCacheList(tep->cacheList);
1389 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1392 * Removes endpoint session from list.
1394 * @param[in] endpoint remote address
1396 static void RemovePeerFromList(const CAEndpoint_t * endpoint)
1398 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1399 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1400 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
1401 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1402 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1404 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1409 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
1410 && (endpoint->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == endpoint->adapter))
1412 u_arraylist_remove(g_caSslContext->peerList, listIndex);
1413 OIC_LOG_V(INFO, NET_SSL_TAG, "Remove Peer:[%s:%d] for %d adapter",
1414 endpoint->addr, endpoint->port, endpoint->adapter);
1415 DeleteSslEndPoint(tep);
1416 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1420 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1421 endpoint->addr, endpoint->port, endpoint->adapter);
1422 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1425 * Deletes session list.
1427 static void DeletePeerList()
1429 OIC_LOG_V(DEBUG, NET_SSL_TAG, "%s", __func__);
1430 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1432 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1433 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1435 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1440 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1445 ret = mbedtls_ssl_close_notify(&tep->ssl);
1447 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1449 DeleteSslEndPoint(tep);
1451 u_arraylist_free(&g_caSslContext->peerList);
1454 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
1456 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1457 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1459 oc_mutex_lock(g_sslContextMutex);
1460 if (NULL == g_caSslContext)
1462 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1463 oc_mutex_unlock(g_sslContextMutex);
1464 return CA_STATUS_FAILED;
1466 SslEndPoint_t * tep = GetSslPeer(endpoint);
1469 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1470 oc_mutex_unlock(g_sslContextMutex);
1471 return CA_STATUS_FAILED;
1473 /* No error checking, the connection might be closed already */
1477 ret = mbedtls_ssl_close_notify(&tep->ssl);
1479 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1481 RemovePeerFromList(&tep->sep.endpoint);
1482 oc_mutex_unlock(g_sslContextMutex);
1484 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1485 return CA_STATUS_OK;
1488 CAResult_t CAcloseSslConnectionUsingUuid(const uint8_t *identity, size_t idLength)
1490 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1491 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL" , CA_STATUS_INVALID_PARAM);
1493 oc_mutex_lock(g_sslContextMutex);
1494 if (NULL == g_caSslContext)
1496 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1497 oc_mutex_unlock(g_sslContextMutex);
1498 return CA_STATUS_FAILED;
1501 SslEndPoint_t* tep = GetSslPeerUsingUuid(identity, idLength);
1504 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1505 oc_mutex_unlock(g_sslContextMutex);
1506 return CA_STATUS_FAILED;
1509 /* No error checking, the connection might be closed already */
1513 ret = mbedtls_ssl_close_notify(&tep->ssl);
1515 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1517 RemovePeerFromList(&tep->sep.endpoint);
1518 oc_mutex_unlock(g_sslContextMutex);
1520 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1521 return CA_STATUS_OK;
1524 void CAcloseSslConnectionAll(CATransportAdapter_t transportType)
1526 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1527 oc_mutex_lock(g_sslContextMutex);
1528 if (NULL == g_caSslContext)
1530 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1531 oc_mutex_unlock(g_sslContextMutex);
1535 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1536 OIC_LOG_V(INFO, NET_SSL_TAG,
1537 "Required transport [%d], peer count [%d]", transportType, listLength);
1538 for (uint32_t i = listLength; i > 0; i--)
1540 SslEndPoint_t *tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList, i - 1);
1545 OIC_LOG_V(INFO, NET_SSL_TAG, "SSL Connection [%s:%d], Transport [%d]",
1546 tep->sep.endpoint.addr, tep->sep.endpoint.port, tep->sep.endpoint.adapter);
1548 // check transport matching
1549 if (0 == (tep->sep.endpoint.adapter & transportType))
1551 OIC_LOG(DEBUG, NET_SSL_TAG, "Skip the un-matched transport session");
1555 // TODO: need to check below code after socket close is ensured.
1559 ret = mbedtls_ssl_close_notify(&tep->ssl);
1561 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);*/
1564 u_arraylist_remove(g_caSslContext->peerList, i - 1);
1565 DeleteSslEndPoint(tep);
1567 oc_mutex_unlock(g_sslContextMutex);
1569 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1573 * Creates session for endpoint.
1575 * @param[in] endpoint remote address
1576 * @param[in] config mbedTLS configuration info
1578 * @return TLS endpoint or NULL
1580 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
1582 SslEndPoint_t * tep = NULL;
1583 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1584 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
1585 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
1586 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1588 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
1591 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1595 tep->sep.endpoint = *endpoint;
1596 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
1598 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
1600 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
1602 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1606 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
1607 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
1609 mbedtls_ssl_set_timer_cb(&tep->ssl, &tep->timer,
1610 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
1611 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1613 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
1614 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
1616 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
1617 mbedtls_ssl_free(&tep->ssl);
1619 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1624 tep->cacheList = u_arraylist_create();
1625 if (NULL == tep->cacheList)
1627 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
1628 mbedtls_ssl_free(&tep->ssl);
1630 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1633 OIC_LOG_V(INFO, NET_SSL_TAG, "New [%s role] endpoint added [%s:%d]",
1634 (MBEDTLS_SSL_IS_SERVER==config->endpoint ? "server" : "client"),
1635 endpoint->addr, endpoint->port);
1636 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1640 * Initializes PSK identity.
1642 * @param[out] config client/server config to be updated
1644 * @return 0 on success or -1 on error
1646 static int InitPskIdentity(mbedtls_ssl_config * config)
1648 uint8_t keyBuf[PSK_LENGTH] = {0};
1649 uint8_t idBuf[UUID_LENGTH] = {0};
1650 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1651 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
1653 //Retrieve PSK identity from SVR DB
1654 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
1656 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
1657 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1660 //Store PSK ideneity in mbedtls_ssl_config
1661 if (0 != mbedtls_ssl_conf_psk(config, keyBuf, PSK_LENGTH, idBuf, UUID_LENGTH))
1663 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
1664 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1667 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1670 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1673 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1674 VERIFY_NON_NULL_VOID(config, NET_SSL_TAG, "Invaild param");
1675 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1676 VERIFY_NON_NULL_VOID(g_getCredentialTypesCallback, NET_SSL_TAG, "Param callback is null");
1678 //Resetting cipherFlag
1679 g_caSslContext->cipherFlag[0] = false;
1680 g_caSslContext->cipherFlag[1] = false;
1682 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1683 // Retrieve the PSK credential from SRM
1684 if (0 != InitPskIdentity(config))
1686 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1689 // Retrieve the Cert credential from SRM
1690 if (true == g_caSslContext->cipherFlag[1])
1692 int ret = InitPKIX(adapter);
1695 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1699 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1701 if (SSL_CIPHER_MAX < g_caSslContext->cipher)
1703 OIC_LOG(ERROR, NET_SSL_TAG, "Maximum ciphersuite index exceeded");
1706 // Add the preferred ciphersuite first
1707 if (SSL_CIPHER_MAX != g_caSslContext->cipher)
1709 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1710 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Preferred ciphersuite added");
1714 // Add PSK ciphersuite
1715 if (true == g_caSslContext->cipherFlag[0] &&
1716 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[g_caSslContext->cipher][0])
1718 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1719 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK ciphersuite added");
1723 // Add all certificate ciphersuites
1724 if (true == g_caSslContext->cipherFlag[1])
1726 for (unsigned int i = 0; i < SSL_CIPHER_MAX - 1; i++)
1728 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[i][0] &&
1729 i != g_caSslContext->cipher)
1731 g_cipherSuitesList[index] = tlsCipher[i][0];
1736 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1738 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1742 OIC_LOG(INFO, NET_SSL_TAG, "Supported ciphersuites:");
1743 for (int i = 0; i < index; i++)
1745 OIC_LOG_V(INFO, NET_SSL_TAG, "Ciphersuite %04x", g_cipherSuitesList[i]);
1748 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1750 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1753 * Initiate TLS handshake with endpoint.
1755 * @param[in] endpoint remote address
1757 * @return TLS endpoint or NULL
1759 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1762 SslEndPoint_t * tep = NULL;
1764 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1765 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1766 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1768 //Remove previous peer info from peer list.
1769 RemovePeerFromList(endpoint);
1771 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ||
1772 endpoint->adapter == CA_ADAPTER_GATT_BTLE ?
1773 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1774 tep = NewSslEndPoint(endpoint, config);
1777 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1781 //Load allowed SVR suites from SVR DB
1782 SetupCipher(config, endpoint->adapter);
1784 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1787 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1788 DeleteSslEndPoint(tep);
1792 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1794 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1795 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1801 OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
1802 RemovePeerFromList(&tep->sep.endpoint);
1805 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1807 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1810 #ifdef __WITH_DTLS__
1812 * Stops DTLS retransmission.
1814 static void StopRetransmit()
1818 unregisterTimer(g_caSslContext->timerId);
1819 g_caSslContext->timerId= -1;
1823 void CAdeinitSslAdapter()
1825 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1827 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1828 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1830 //Lock tlsContext mutex
1831 oc_mutex_lock(g_sslContextMutex);
1836 // De-initialize mbedTLS
1837 mbedtls_x509_crt_free(&g_caSslContext->ca);
1838 mbedtls_x509_crt_free(&g_caSslContext->crt);
1839 mbedtls_pk_free(&g_caSslContext->pkey);
1840 mbedtls_x509_crl_free(&g_caSslContext->crl);
1842 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1843 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1844 #endif // __WITH_TLS__
1845 #ifdef __WITH_DTLS__
1846 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1847 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1848 mbedtls_ssl_cookie_free(&g_caSslContext->cookieCtx);
1849 #endif // __WITH_DTLS__
1850 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1851 mbedtls_entropy_free(&g_caSslContext->entropy);
1852 #ifdef __WITH_DTLS__
1855 // De-initialize tls Context
1856 OICFree(g_caSslContext);
1857 g_caSslContext = NULL;
1859 // Delete decrypt buffer
1860 if (g_decryptBuffer)
1862 OICFree(g_decryptBuffer);
1863 g_decryptBuffer = NULL;
1866 // Unlock tlsContext mutex and de-initialize it
1867 oc_mutex_unlock(g_sslContextMutex);
1868 oc_mutex_free(g_sslContextMutex);
1869 g_sslContextMutex = NULL;
1871 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1874 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1876 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1877 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1878 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1879 mbedtls_ssl_config_init(conf);
1880 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1882 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1886 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1887 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1888 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1889 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1890 mbedtls_ssl_conf_renegotiation(conf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1891 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1892 mbedtls_ssl_conf_sig_hashes(conf, g_ssl_ordered_default_hashes);
1894 #ifdef __WITH_DTLS__
1895 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == transport &&
1896 MBEDTLS_SSL_IS_SERVER == mode)
1898 mbedtls_ssl_conf_dtls_cookies(conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
1899 &g_caSslContext->cookieCtx);
1901 #endif // __WITH_DTLS__
1903 #if !defined(NDEBUG) || defined(TB_LOG)
1904 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1905 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1907 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1910 #ifdef __WITH_DTLS__
1912 * Starts DTLS retransmission.
1914 static int StartRetransmit()
1916 uint32_t listIndex = 0;
1917 uint32_t listLength = 0;
1918 SslEndPoint_t *tep = NULL;
1920 oc_mutex_lock(g_sslContextMutex);
1921 if (NULL == g_caSslContext)
1923 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
1924 oc_mutex_unlock(g_sslContextMutex);
1927 if (g_caSslContext->timerId != -1)
1929 //clear previous timer
1930 unregisterTimer(g_caSslContext->timerId);
1932 listLength = u_arraylist_length(g_caSslContext->peerList);
1934 for (listIndex = 0; listIndex < listLength; listIndex++)
1936 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1938 || (tep->ssl.conf && MBEDTLS_SSL_TRANSPORT_STREAM == tep->ssl.conf->transport)
1939 || MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1943 OIC_LOG_V(INFO, NET_SSL_TAG, "peer #%d", (int) listIndex);
1945 int ret = mbedtls_ssl_handshake_step(&tep->ssl);
1947 if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
1950 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1952 SSL_CHECK_FAIL(tep, ret, "Retransmission", 1, CA_STATUS_FAILED,
1953 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1958 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1959 oc_mutex_unlock(g_sslContextMutex);
1965 CAResult_t CAinitSslAdapter()
1967 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1968 // Initialize mutex for tlsContext
1969 if (NULL == g_sslContextMutex)
1971 g_sslContextMutex = oc_mutex_new();
1972 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
1976 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
1977 return CA_STATUS_OK;
1980 // Lock tlsContext mutex and create tlsContext
1981 oc_mutex_lock(g_sslContextMutex);
1982 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1984 if (NULL == g_caSslContext)
1986 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
1987 oc_mutex_unlock(g_sslContextMutex);
1988 oc_mutex_free(g_sslContextMutex);
1989 g_sslContextMutex = NULL;
1990 return CA_MEMORY_ALLOC_FAILED;
1994 g_caSslContext->peerList = u_arraylist_create();
1996 if(NULL == g_caSslContext->peerList)
1998 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
1999 OICFree(g_caSslContext);
2000 g_caSslContext = NULL;
2001 oc_mutex_unlock(g_sslContextMutex);
2002 oc_mutex_free(g_sslContextMutex);
2003 g_sslContextMutex = NULL;
2004 return CA_STATUS_FAILED;
2007 /* Initialize TLS library
2009 #if !defined(NDEBUG) || defined(TB_LOG)
2010 char version[MBED_TLS_VERSION_LEN];
2011 mbedtls_version_get_string(version);
2012 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
2017 mbedtls_entropy_init(&g_caSslContext->entropy);
2018 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
2021 unsigned char seed[sizeof(SEED)] = {0};
2023 urandomFd = open("/dev/urandom", O_RDONLY);
2026 OIC_LOG(ERROR, NET_SSL_TAG, "Fails open /dev/urandom!");
2027 oc_mutex_unlock(g_sslContextMutex);
2028 CAdeinitSslAdapter();
2029 return CA_STATUS_FAILED;
2031 if(0 > read(urandomFd, seed, sizeof(seed)))
2033 OIC_LOG(ERROR, NET_SSL_TAG, "Fails read from /dev/urandom!");
2035 oc_mutex_unlock(g_sslContextMutex);
2036 CAdeinitSslAdapter();
2037 return CA_STATUS_FAILED;
2042 unsigned char * seed = (unsigned char*) SEED;
2044 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
2045 &g_caSslContext->entropy, seed, sizeof(SEED)))
2047 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
2048 oc_mutex_unlock(g_sslContextMutex);
2049 CAdeinitSslAdapter();
2050 return CA_STATUS_FAILED;
2052 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
2055 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
2056 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
2058 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2059 oc_mutex_unlock(g_sslContextMutex);
2060 CAdeinitSslAdapter();
2061 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2062 return CA_STATUS_FAILED;
2065 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
2066 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
2068 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2069 oc_mutex_unlock(g_sslContextMutex);
2070 CAdeinitSslAdapter();
2071 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2072 return CA_STATUS_FAILED;
2074 #endif // __WITH_TLS__
2075 #ifdef __WITH_DTLS__
2076 mbedtls_ssl_cookie_init(&g_caSslContext->cookieCtx);
2077 if (0 != mbedtls_ssl_cookie_setup(&g_caSslContext->cookieCtx, mbedtls_ctr_drbg_random,
2078 &g_caSslContext->rnd))
2080 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
2081 oc_mutex_unlock(g_sslContextMutex);
2082 CAdeinitSslAdapter();
2083 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2084 return CA_STATUS_FAILED;
2087 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
2088 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
2090 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2091 oc_mutex_unlock(g_sslContextMutex);
2092 CAdeinitSslAdapter();
2093 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2094 return CA_STATUS_FAILED;
2097 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
2098 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
2100 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2101 oc_mutex_unlock(g_sslContextMutex);
2102 CAdeinitSslAdapter();
2103 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2104 return CA_STATUS_FAILED;
2106 #endif // __WITH_DTLS__
2108 // set default cipher
2109 g_caSslContext->cipher = SSL_CIPHER_MAX;
2112 mbedtls_x509_crt_init(&g_caSslContext->ca);
2113 mbedtls_x509_crt_init(&g_caSslContext->crt);
2114 mbedtls_pk_init(&g_caSslContext->pkey);
2115 mbedtls_x509_crl_init(&g_caSslContext->crl);
2117 #ifdef __WITH_DTLS__
2118 g_caSslContext->timerId = -1;
2121 // create decrypt buffer
2122 g_decryptBuffer = (uint8_t *)OICCalloc(1, TLS_MSG_BUF_LEN);
2123 if (NULL == g_decryptBuffer)
2125 OIC_LOG(ERROR, NET_SSL_TAG, "Decrypt buffer malloc failed");
2126 oc_mutex_unlock(g_sslContextMutex);
2127 CAdeinitSslAdapter();
2128 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2129 return CA_MEMORY_ALLOC_FAILED;
2132 oc_mutex_unlock(g_sslContextMutex);
2133 #ifdef __WITH_DTLS__
2137 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2138 return CA_STATUS_OK;
2141 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
2143 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2144 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
2147 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
2148 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2151 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
2152 if (NULL == message)
2154 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2155 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2159 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
2160 if (NULL == message->data)
2162 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2164 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2167 memcpy(message->data, data, dataLen);
2168 message->len = dataLen;
2169 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2173 /* Send data via TLS connection.
2175 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
2176 void *data, uint32_t dataLen)
2180 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s ", __func__);
2182 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
2183 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
2184 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
2188 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
2189 return CA_STATUS_FAILED;
2192 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
2194 oc_mutex_lock(g_sslContextMutex);
2195 if(NULL == g_caSslContext)
2197 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2198 oc_mutex_unlock(g_sslContextMutex);
2199 return CA_STATUS_FAILED;
2202 SslEndPoint_t * tep = GetSslPeer(endpoint);
2205 tep = InitiateTlsHandshake(endpoint);
2209 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2210 oc_mutex_unlock(g_sslContextMutex);
2211 return CA_STATUS_FAILED;
2214 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
2216 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)");
2218 unsigned char *dataBuf = (unsigned char *)data;
2223 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, dataLen - written);
2226 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2228 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned 0x%x", -ret);
2229 RemovePeerFromList(&tep->sep.endpoint);
2230 oc_mutex_unlock(g_sslContextMutex);
2231 return CA_STATUS_FAILED;
2235 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2239 } while (dataLen > written);
2244 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
2245 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
2247 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2248 oc_mutex_unlock(g_sslContextMutex);
2249 return CA_STATUS_FAILED;
2253 oc_mutex_unlock(g_sslContextMutex);
2255 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2256 return CA_STATUS_OK;
2259 * Sends cached messages via TLS connection.
2261 * @param[in] tep remote address with session info
2263 static void SendCacheMessages(SslEndPoint_t * tep)
2265 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2266 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
2268 uint32_t listIndex = 0;
2269 uint32_t listLength = 0;
2270 listLength = u_arraylist_length(tep->cacheList);
2271 for (listIndex = 0; listIndex < listLength;)
2274 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
2275 if (NULL != msg && NULL != msg->data && 0 != msg->len)
2277 unsigned char *dataBuf = (unsigned char *)msg->data;
2282 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
2285 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2287 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
2292 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2296 } while (msg->len > written);
2298 if (u_arraylist_remove(tep->cacheList, listIndex))
2300 DeleteCacheMessage(msg);
2301 // Reduce list length by 1 as we removed one element.
2306 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
2312 // Move to the next element
2316 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2319 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
2321 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2322 g_sslCallback = tlsHandshakeCallback;
2323 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2326 /* Read data from TLS connection
2328 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
2331 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
2332 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2333 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
2335 oc_mutex_lock(g_sslContextMutex);
2336 if (NULL == g_caSslContext)
2338 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2339 oc_mutex_unlock(g_sslContextMutex);
2340 return CA_STATUS_FAILED;
2344 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
2347 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2348 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2349 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2350 peer = NewSslEndPoint(&sep->endpoint, config);
2353 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
2354 oc_mutex_unlock(g_sslContextMutex);
2355 return CA_STATUS_FAILED;
2357 //Load allowed TLS suites from SVR DB
2358 SetupCipher(config, sep->endpoint.adapter);
2360 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
2363 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2365 oc_mutex_unlock(g_sslContextMutex);
2366 return CA_STATUS_FAILED;
2370 peer->recBuf.buff = data;
2371 peer->recBuf.len = dataLen;
2372 peer->recBuf.loaded = 0;
2374 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
2376 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2377 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
2382 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
2384 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
2385 mbedtls_ssl_session_reset(&peer->ssl);
2386 mbedtls_ssl_set_client_transport_id(&peer->ssl,
2387 (const unsigned char *) sep->endpoint.addr,
2388 sizeof(sep->endpoint.addr));
2389 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2391 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
2393 ((MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint) ||
2394 (MBEDTLS_SSL_IS_SERVER == peer->ssl.conf->endpoint && MBEDTLS_X509_BADCERT_MISSING != flags)))
2396 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
2397 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
2398 CA_STATUS_FAILED, GetAlertCode(flags));
2400 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2401 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
2403 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
2404 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
2406 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
2408 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
2411 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2413 SSL_RES(peer, CA_STATUS_OK);
2414 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2416 SendCacheMessages(peer);
2419 int selectedCipher = peer->ssl.session->ciphersuite;
2420 OIC_LOG_V(DEBUG, NET_SSL_TAG, "(D)TLS Session is connected via ciphersuite [0x%x]", selectedCipher);
2421 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != selectedCipher &&
2422 MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != selectedCipher)
2424 char uuid[UUID_LENGTH * 2 + 5] = {0};
2425 void * uuidPos = NULL;
2426 void * userIdPos = NULL;
2427 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
2428 ret = (NULL == peerCert ? -1 : 0);
2429 //SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
2430 // CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
2433 uuidPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
2434 UUID_PREFIX, sizeof(UUID_PREFIX) - 1);
2436 if (NULL != uuidPos)
2438 memcpy(uuid, (char*) uuidPos + sizeof(UUID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
2439 OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s" , uuid);
2440 ret = OCConvertStringToUuid(uuid, peer->sep.identity.id);
2441 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
2442 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2446 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
2449 userIdPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
2450 USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
2451 if (NULL != userIdPos)
2453 memcpy(uuid, (char*) userIdPos + sizeof(USERID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
2454 ret = OCConvertStringToUuid(uuid, peer->sep.userId.id);
2455 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject alt name", 1,
2456 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2460 OIC_LOG(WARNING, NET_SSL_TAG, "Subject alternative name not found");
2465 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2467 SendCacheMessages(peer);
2469 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2470 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2471 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2473 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_REQUIRED);
2475 oc_mutex_unlock(g_sslContextMutex);
2476 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2477 return CA_STATUS_OK;
2481 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2483 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)");
2485 // flag to read again remained data
2486 bool read_more = false;
2489 if (NULL == g_decryptBuffer)
2491 OIC_LOG(ERROR, NET_SSL_TAG, "decrypt buffer is NULL");
2492 oc_mutex_unlock(g_sslContextMutex);
2493 return CA_STATUS_FAILED;
2495 memset(g_decryptBuffer, 0, TLS_MSG_BUF_LEN);
2500 ret = mbedtls_ssl_read(&peer->ssl, g_decryptBuffer, TLS_MSG_BUF_LEN);
2501 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
2503 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
2504 // TinyDTLS sends fatal close_notify alert
2505 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
2506 MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
2507 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
2509 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
2510 RemovePeerFromList(&peer->sep.endpoint);
2511 oc_mutex_unlock(g_sslContextMutex);
2512 return CA_STATUS_OK;
2517 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
2518 //SSL_RES(peer, CA_STATUS_FAILED);
2519 RemovePeerFromList(&peer->sep.endpoint);
2520 oc_mutex_unlock(g_sslContextMutex);
2521 return CA_STATUS_FAILED;
2525 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
2526 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
2529 res = g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep,
2530 g_decryptBuffer, ret);
2531 if (CA_STATUS_OK != res)
2533 OIC_LOG(ERROR, NET_SSL_TAG, "recvCallback is failed");
2534 RemovePeerFromList(&peer->sep.endpoint);
2535 oc_mutex_unlock(g_sslContextMutex);
2536 return CA_STATUS_FAILED;
2539 // check if decrypted data is remained in stream transport
2540 size_t remained = mbedtls_ssl_get_bytes_avail(&peer->ssl);
2542 MBEDTLS_SSL_TRANSPORT_STREAM == peer->ssl.conf->transport)
2544 OIC_LOG_V(DEBUG, NET_SSL_TAG, "need to read %zu bytes more", remained);
2550 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
2551 RemovePeerFromList(&peer->sep.endpoint);
2552 oc_mutex_unlock(g_sslContextMutex);
2553 return CA_STATUS_FAILED;
2556 } while (read_more);
2559 oc_mutex_unlock(g_sslContextMutex);
2560 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2561 return CA_STATUS_OK;
2564 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
2565 CAPacketSendCallback sendCallback,
2566 CATransportAdapter_t type)
2568 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2569 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
2570 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
2571 oc_mutex_lock(g_sslContextMutex);
2572 if (NULL == g_caSslContext)
2574 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2575 oc_mutex_unlock(g_sslContextMutex);
2582 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
2583 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
2585 case CA_ADAPTER_TCP:
2586 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
2587 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
2589 case CA_ADAPTER_GATT_BTLE:
2590 g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
2591 g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
2594 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
2597 oc_mutex_unlock(g_sslContextMutex);
2598 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2601 * Gets index of the TLS ciphersuite in the SslCipher_t enum.
2603 * @param[in] cipher TLS chiphersuite code
2605 * @return corresponding enum
2608 static SslCipher_t GetCipherIndex(const uint32_t cipher)
2612 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
2614 return SSL_RSA_WITH_AES_256_CBC_SHA256;
2616 case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
2618 return SSL_RSA_WITH_AES_128_GCM_SHA256;
2620 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
2622 return SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
2624 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
2626 return SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
2628 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
2630 return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
2632 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
2634 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
2636 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
2638 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
2640 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
2642 return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
2644 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
2646 return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
2648 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
2650 return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
2652 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
2654 return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
2656 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
2658 return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
2660 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
2662 return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
2666 return SSL_CIPHER_MAX;
2671 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
2673 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2674 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL context is not initialized." , CA_STATUS_NOT_INITIALIZED);
2676 SslCipher_t index = GetCipherIndex(cipher);
2677 if (SSL_CIPHER_MAX == index)
2679 OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
2684 CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
2685 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2687 #ifdef __WITH_DTLS__
2688 CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
2689 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2691 OIC_LOG_V(INFO, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
2693 g_caSslContext->cipher = index;
2695 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2696 return CA_STATUS_OK;
2699 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
2701 CAResult_t res = CA_STATUS_OK;
2702 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2703 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2704 oc_mutex_lock(g_sslContextMutex);
2705 if (NULL == InitiateTlsHandshake(endpoint))
2707 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2708 res = CA_STATUS_FAILED;
2710 oc_mutex_unlock(g_sslContextMutex);
2711 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2715 * Expands the secret into blocks of data according
2716 * to the algorithm specified in section 5 of RFC 4346
2718 * This function writes upto @p bufLen bytes into the given output buffer @p buf
2720 * @param key secret key.
2721 * @param keyLen secret key length.
2722 * @param label A PRF label.
2723 * @param labelLen Actual length of @p label.
2724 * @param random1 Random seed.
2725 * @param random1Len Actual length of @p random1 (may be zero).
2726 * @param random2 Random seed.
2727 * @param random2Len Actual length of @p random2 (may be zero).
2728 * @param buf Output buffer for generated random data.
2729 * @param bufLen Maximum size of @p buf.
2731 * @return The actual number of bytes written to @p buf or @c -1 on error.
2734 static int pHash (const unsigned char *key, size_t keyLen,
2735 const unsigned char *label, size_t labelLen,
2736 const unsigned char *random1, size_t random1Len,
2737 const unsigned char *random2, size_t random2Len,
2738 unsigned char *buf, size_t bufLen)
2740 unsigned char A[RANDOM_LEN] = {0};
2741 unsigned char tmp[RANDOM_LEN] = {0};
2742 size_t dLen; /* digest length */
2743 size_t len = 0; /* result length */
2745 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
2746 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
2747 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
2748 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
2749 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
2751 mbedtls_md_context_t hmacA;
2752 mbedtls_md_context_t hmacP;
2754 mbedtls_md_init(&hmacA);
2755 mbedtls_md_init(&hmacP);
2757 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2758 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2760 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
2761 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
2762 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
2763 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
2764 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2768 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2770 while (len + dLen < bufLen)
2772 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2773 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2774 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2775 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2776 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2777 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2779 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2783 memcpy(buf, tmp, dLen);
2786 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
2787 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
2788 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
2789 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2792 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2793 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2794 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2796 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2797 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2798 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2799 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2801 memcpy(buf, tmp, bufLen - len);
2803 mbedtls_md_free(&hmacA);
2804 mbedtls_md_free(&hmacP);
2808 mbedtls_md_free(&hmacA);
2809 mbedtls_md_free(&hmacP);
2813 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
2814 const uint8_t* label, const size_t labelLen,
2815 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
2816 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
2817 uint8_t* ownerPsk, const size_t ownerPskSize)
2819 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2820 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
2821 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
2822 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
2823 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
2824 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
2826 oc_mutex_lock(g_sslContextMutex);
2827 if (NULL == g_caSslContext)
2829 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2830 oc_mutex_unlock(g_sslContextMutex);
2831 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2832 return CA_STATUS_FAILED;
2834 SslEndPoint_t * tep = GetSslPeer(endpoint);
2837 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
2838 oc_mutex_unlock(g_sslContextMutex);
2839 return CA_STATUS_FAILED;
2842 // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
2846 int keyBlockLen = 0;
2847 if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2848 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2849 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2850 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
2852 // 2 * ( 32 + 0 + 16 ) = 96
2853 macKeyLen = SHA256_MAC_KEY_LENGTH;
2854 ivSize = CBC_IV_LENGTH;
2855 keySize = AES128_KEY_LENGTH;
2857 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
2858 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
2860 // 2 * ( 0 + 4 + 16 ) = 40
2861 macKeyLen = CCM_MAC_KEY_LENGTH;
2862 ivSize = CCM_IV_LENGTH;
2863 keySize = AES128_KEY_LENGTH;
2865 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2867 // 2 * ( 32 + 12 + 16 ) = 120
2868 macKeyLen = SHA256_MAC_KEY_LENGTH;
2869 ivSize = GCM_IV_LENGTH;
2870 keySize = AES128_KEY_LENGTH;
2872 else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
2874 // 2 * ( 32 + 0 + 32 ) = 128
2875 macKeyLen = SHA256_MAC_KEY_LENGTH;
2876 ivSize = CBC_IV_LENGTH;
2877 keySize = AES256_KEY_LENGTH;
2879 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
2881 // 2 * ( 48 + 0 + 32 ) = 160
2882 macKeyLen = SHA384_MAC_KEY_LENGTH;
2883 ivSize = CBC_IV_LENGTH;
2884 keySize = AES256_KEY_LENGTH;
2886 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
2888 // 2 * ( 48 + 12 + 32 ) = 184
2889 macKeyLen = SHA384_MAC_KEY_LENGTH;
2890 ivSize = GCM_IV_LENGTH;
2891 keySize = AES256_KEY_LENGTH;
2893 else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2895 // 2 * ( 48 + 12 + 32 ) = 184
2896 macKeyLen = SHA256_MAC_KEY_LENGTH;
2897 ivSize = GCM_IV_LENGTH;
2898 keySize = AES128_KEY_LENGTH;
2900 keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
2902 uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
2903 if (NULL == keyblock)
2905 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
2906 oc_mutex_unlock(g_sslContextMutex);
2907 return CA_STATUS_FAILED;
2911 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
2912 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
2913 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
2914 keyblock, keyBlockLen);
2917 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2919 oc_mutex_unlock(g_sslContextMutex);
2920 return CA_STATUS_FAILED;
2923 ret = pHash(keyblock, keyBlockLen, label, labelLen,
2924 rsrcServerDeviceId, rsrcServerDeviceIdLen,
2925 provServerDeviceId, provServerDeviceIdLen,
2926 ownerPsk, ownerPskSize);
2929 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2931 oc_mutex_unlock(g_sslContextMutex);
2932 return CA_STATUS_FAILED;
2936 oc_mutex_unlock(g_sslContextMutex);
2938 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2939 return CA_STATUS_OK;