1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
21 #define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
30 #include "ca_adapter_net_ssl.h"
32 #include "caadapterutils.h"
33 #include "cainterface.h"
34 #include "caipinterface.h"
35 #include "oic_malloc.h"
37 #include "byte_array.h"
43 // headers required for mbed TLS
44 #include "mbedtls/platform.h"
45 #include "mbedtls/ssl.h"
46 #include "mbedtls/entropy.h"
47 #include "mbedtls/ctr_drbg.h"
48 #include "mbedtls/pkcs12.h"
49 #include "mbedtls/ssl_internal.h"
50 #include "mbedtls/net.h"
52 #include "mbedtls/timing.h"
53 #include "mbedtls/ssl_cookie.h"
55 #include "pkix_interface.h"
57 #if !defined(NDEBUG) || defined(TB_LOG)
58 #include "mbedtls/debug.h"
59 #include "mbedtls/version.h"
63 #include <sys/types.h>
71 * @def MBED_TLS_VERSION_LEN
72 * @brief mbedTLS version string length
74 #define MBED_TLS_VERSION_LEN (16)
77 * @brief Seed for initialization RNG
79 #define SEED "IOTIVITY_RND"
82 * @brief uuid prefix in certificate subject field
84 #define UUID_PREFIX "uuid:"
87 * @brief userid prefix in certificate alternative subject name field
89 #define USERID_PREFIX "userid:"
93 * @brief Logging tag for module name
95 #define NET_SSL_TAG "OIC_CA_NET_SSL"
98 * @brief Logging tag for mbedTLS library
100 #define MBED_TLS_TAG "MBED_TLS"
102 * @def MMBED_TLS_DEBUG_LEVEL
103 * @brief Logging level for mbedTLS library
105 #define MBED_TLS_DEBUG_LEVEL (4)
108 * @def TLS_MSG_BUF_LEN
109 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
111 #if defined (__TIZENRT__)
112 #define TLS_MSG_BUF_LEN (2048)
114 #define TLS_MSG_BUF_LEN (16384)
119 * @brief PSK keys max length
121 #define PSK_LENGTH (256/8)
123 * @def UUID_LENGTHPSK_LENGTH
124 * @brief Identity max length
126 #define UUID_LENGTH (128/8)
129 * @brief Size of string representation RFC4122 based UUID.
130 * 32 chars for hex data and 4 '-' symbols.
132 #define UUID_STR_SIZE (36)
135 * @def MASTER_SECRET_LEN
136 * @brief TLS master secret length
138 #define MASTER_SECRET_LEN (48)
141 * @brief TLS client and server random bytes length
143 #define RANDOM_LEN (32)
145 * @def SHA384_MAC_KEY_LENGTH
146 * @brief MAC key length for SHA384 cipher suites
148 #define SHA384_MAC_KEY_LENGTH (48)
150 * @def SHA256_MAC_KEY_LENGTH
151 * @brief MAC key length for SHA256 cipher suites
153 #define SHA256_MAC_KEY_LENGTH (32)
155 * @def CCM_MAC_KEY_LENGTH
156 * @brief MAC key length for CCM cipher suites
158 #define CCM_MAC_KEY_LENGTH (0)
160 * @def AES256_KEY_LENGTH
161 * @brief key material length for AES256 cipher suites
163 #define AES256_KEY_LENGTH (32)
165 * @def AES128_KEY_LENGTH
166 * @brief key material length for AES128 cipher suites
168 #define AES128_KEY_LENGTH (16)
171 * @brief length of nonce for GCM cipher suites
173 #define GCM_IV_LENGTH (12)
176 * @brief length of nonce for CCM cipher suites
178 #define CCM_IV_LENGTH (4)
181 * @brief length of nonce for CBC cipher suites
183 #define CBC_IV_LENGTH (0)
186 * @var RETRANSMISSION_TIME
187 * @brief Maximum timeout value (in seconds) to start DTLS retransmission.
189 #define RETRANSMISSION_TIME 1
191 /**@def SSL_CLOSE_NOTIFY(peer, ret)
193 * Notifies of existing \a peer about closing TLS connection.
195 * @param[in] peer remote peer
196 * @param[in] ret used internaly
198 #define SSL_CLOSE_NOTIFY(peer, ret) \
201 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
202 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
204 /**@def SSL_RES(peer, status)
206 * Sets SSL result for callback.
208 * @param[in] peer remote peer
210 #define SSL_RES(peer, status) \
213 CAErrorInfo_t errorInfo; \
214 errorInfo.result = (status); \
215 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
217 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
219 * Checks handshake result and send alert if needed.
221 * @param[in] peer remote peer
222 * @param[in] ret error code
223 * @param[in] str debug string
224 * @param[in] mutex ca mutex
225 * @param[in] error if code does not equal to -1 returns error code
226 * @param[in] msg allert message
228 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
229 if (0 != (ret) && MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) && \
230 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
231 MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
232 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
233 MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) && \
234 MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) && \
235 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) && \
236 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) && \
237 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) && \
238 MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) && \
239 MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) && \
240 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) && \
241 MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) && \
242 MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) && \
243 MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) && \
244 MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) && \
245 MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) && \
246 MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) && \
247 MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret)) \
249 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
250 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) && \
251 (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret)) \
253 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
255 RemovePeerFromList(&(peer)->sep.endpoint); \
258 oc_mutex_unlock(g_sslContextMutex); \
260 if ((int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int)(ret)) \
262 SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE); \
264 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
265 if (-1 != (intptr_t)error) \
271 /**@def CONF_SSL(clientConf, serverConf, fn, ...)
273 * Calls \a fn for \a clientConf and \a serverConf.
276 #define CONF_SSL(clientConf, serverConf, fn, ...) do { \
277 fn((clientConf), __VA_ARGS__); \
278 fn((serverConf), __VA_ARGS__); \
281 /** @def CHECK_MBEDTLS_RET(f, ...)
282 * A macro that checks \a f function return code
284 * If function returns error code it goes to error processing.
286 * @param[in] f Function to call
288 #define CHECK_MBEDTLS_RET(f, ...) do { \
289 int ret = (f)(__VA_ARGS__); \
291 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
297 SSL_RSA_WITH_AES_256_CBC_SHA256,
298 SSL_RSA_WITH_AES_128_GCM_SHA256,
299 SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
300 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
301 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
302 SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
303 SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
304 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
305 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
306 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
307 SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
308 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
309 SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
315 ADAPTER_CURVE_SECP256R1,
319 static const int tlsCipher[SSL_CIPHER_MAX][2] =
321 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
322 {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
323 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
324 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
325 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
326 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
327 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
328 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
329 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
330 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
331 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
332 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
333 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
336 static int g_cipherSuitesList[SSL_CIPHER_MAX];
338 static int g_ssl_ordered_default_hashes[] = {
339 #if defined(MBEDTLS_SHA256_C)
343 #if defined(MBEDTLS_SHA1_C)
349 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
351 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
354 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
361 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
362 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
363 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
364 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
365 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
366 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
367 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
368 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
369 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
370 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
371 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
372 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
373 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
374 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
375 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
376 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
377 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
378 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
379 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
380 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
381 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
385 static int GetAlertCode(uint32_t flags)
387 const CrtVerifyAlert_t *cur;
389 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
391 if (flags & cur->code)
399 #if !defined(NDEBUG) || defined(TB_LOG)
401 * Pass a message to the OIC logger.
403 * @param[in] ctx opaque context for the callback
404 * @param[in] level debug level
405 * @param[in] file file name
406 * @param[in] line line number
407 * @param[in] str message
409 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
416 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
420 #if defined(_WIN32) || defined (__TIZENRT__)
422 * Finds the first occurrence of the byte string s in byte string l.
425 static void * memmem(const void *l, size_t lLen, const void *s, size_t sLen)
429 const char *cl = (const char *)l;
430 const char *cs = (const char *)s;
432 if (lLen == 0 || sLen == 0)
442 return (void *)memchr(l, (int)*cs, lLen);
445 last = (char *)cl + lLen - sLen;
447 for (cur = (char *)cl; cur <= last; cur++)
449 if (cur[0] == cs[0] && memcmp(cur, cs, sLen) == 0)
458 * structure to holds the information of cache message and address info.
460 typedef ByteArray_t SslCacheMessage_t;
464 * Data structure for holding the send and recv callbacks.
466 typedef struct TlsCallBacks
468 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
469 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
473 * Data structure for holding the mbedTLS interface related info.
475 typedef struct SslContext
477 u_arraylist_t *peerList; /**< peer list which holds the mapping between
478 peer id, it's n/w address and mbedTLS context. */
479 mbedtls_entropy_context entropy;
480 mbedtls_ctr_drbg_context rnd;
482 mbedtls_x509_crt crt;
483 mbedtls_pk_context pkey;
485 mbedtls_ssl_config clientTlsConf;
486 mbedtls_ssl_config serverTlsConf;
487 mbedtls_ssl_config clientDtlsConf;
488 mbedtls_ssl_config serverDtlsConf;
491 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
492 mbedtls_x509_crl crl;
497 mbedtls_ssl_cookie_ctx cookieCtx;
503 * @var g_caSslContext
504 * @brief global context which holds tls context and cache list information.
506 static SslContext_t * g_caSslContext = NULL;
508 static SslExportKeysCallback_t gTlsExportKeysCallback = NULL;
510 static SslExportKeysCallback_t gDtlsExportKeysCallback = NULL;
513 * @var g_getCredentialsCallback
514 * @brief callback to get TLS credentials (same as for DTLS)
516 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
518 * @var g_getCerdentilTypesCallback
519 * @brief callback to get different credential types from SRM
521 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
523 * @var g_getPkixInfoCallback
525 * @brief callback to get X.509-based Public Key Infrastructure
527 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
530 * Callback to inform in case of client's certificate absence
532 static CertificateVerificationCallback_t g_CertificateVerificationCallback = NULL;
535 * @var g_setupPkContextCallback
537 * @brief callback to setup PK context handler for H/W based Public Key Infrastructure
539 static CAsetupPkContextHandler g_setupPkContextCallback = NULL;
542 * @var g_dtlsContextMutex
543 * @brief Mutex to synchronize access to g_caSslContext.
545 static oc_mutex g_sslContextMutex = NULL;
549 * @brief callback to deliver the TLS handshake result
551 static CAErrorCallback g_sslCallback = NULL;
554 * Data structure for PeerCertCallback.
560 } PeerCertCallback_t;
563 * @var g_peerCertCallback
565 * @brief callback to utilize peer certificate information
567 static PeerCertCallback_t g_peerCertCallback = {NULL, NULL};
570 * @var g_decryptBuffer
571 * @brief decrypt buffer which will be used for decryption
573 static uint8_t *g_decryptBuffer = NULL;
576 * Data structure for holding the data to be received.
578 typedef struct SslRecBuf
585 * Data structure for holding the data related to endpoint
588 typedef struct SslEndPoint
590 mbedtls_ssl_context ssl;
591 CASecureEndpoint_t sep;
592 u_arraylist_t * cacheList;
594 uint8_t master[MASTER_SECRET_LEN];
595 uint8_t random[2*RANDOM_LEN];
597 mbedtls_timing_delay_context timer;
598 #endif // __WITH_DTLS__
601 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
603 // TODO Does this method needs protection of tlsContextMutex?
604 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
605 g_getCredentialsCallback = credCallback;
606 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
609 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
611 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
612 g_getPkixInfoCallback = infoCallback;
613 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
616 void CAsetSetupPkContextCallback(CAsetupPkContextHandler setupPkCtxCallback)
618 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
619 g_setupPkContextCallback = setupPkCtxCallback;
620 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
623 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
625 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
626 g_getCredentialTypesCallback = credTypesCallback;
627 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
630 void CAsetCertificateVerificationCallback(CertificateVerificationCallback_t certVerifyStatusCallback)
632 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
633 g_CertificateVerificationCallback = certVerifyStatusCallback;
634 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
637 void CAunsetCertificateVerificationCallback()
639 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
640 g_CertificateVerificationCallback = NULL;
641 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
644 static int GetAdapterIndex(CATransportAdapter_t adapter)
652 case CA_ADAPTER_GATT_BTLE:
655 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
662 * @param[in] tep TLS endpoint
663 * @param[in] data message
664 * @param[in] dataLen message length
666 * @return message length or -1 on error.
668 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
670 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
671 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", -1);
672 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", -1);
673 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
674 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
675 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
677 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
678 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
680 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
681 sentLen = sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, dataLen);
684 OIC_LOG_V(ERROR, NET_SSL_TAG, "sendCallback() is Failed(%zd)", sentLen);
687 else if ((size_t)sentLen != dataLen)
689 OIC_LOG_V(DEBUG, NET_SSL_TAG,
690 "Packet was partially sent - total/sent/remained bytes : %zd/%zu/%zu",
691 sentLen, dataLen, (dataLen - sentLen));
696 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
700 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
706 * @param[in] tep TLS endpoint
707 * @param[in] data message
708 * @param[in] dataLen message length
710 * @return read length
712 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
714 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
715 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
716 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
718 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
719 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
720 retLen = (retLen < dataLen ? retLen : dataLen);
722 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
723 recBuf->loaded += retLen;
725 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
729 static int CASslExportKeysHandler(void *p_expkey,
730 const unsigned char *ms,
731 const unsigned char *kb,
736 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
738 if (NULL == g_caSslContext)
740 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
741 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
743 if (NULL == p_expkey)
745 OIC_LOG(ERROR, NET_SSL_TAG, "Can not find the protocol information from 'p_expkey'.");
746 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
749 CASslEkcbProtocol_t* protocol = (CASslEkcbProtocol_t*)p_expkey;
751 if (gTlsExportKeysCallback && CA_SSL_EKCB_TLS == (*protocol))
753 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking TLS export key callback.");
754 gTlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
756 else if (gDtlsExportKeysCallback && CA_SSL_EKCB_DTLS == (*protocol))
758 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking DTLS export key callback.");
759 gDtlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
763 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to Invoke (D)TLS export key callback.");
764 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
767 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
771 CAResult_t CASetSslExportKeysCallback(SslExportKeysCallback_t exportKeysCb,
772 CASslEkcbProtocol_t protocol, CASslEkcbRole_t role)
774 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
775 mbedtls_ssl_config* sslConf = NULL;
776 static CASslEkcbProtocol_t protocolCtx = CA_SSL_EKCB_TLS;
778 if (CA_SSL_EKCB_TLS != protocol && CA_SSL_EKCB_DTLS != protocol)
780 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild protocol.");
781 return CA_STATUS_INVALID_PARAM;
783 if (CA_SSL_EKCB_CLIENT != role && CA_SSL_EKCB_SERVER != role)
785 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild role.");
786 return CA_STATUS_INVALID_PARAM;
789 OIC_LOG_V(DEBUG, NET_SSL_TAG, "TLS Export Key Callback Type : [%s] [%s]",
790 (CA_SSL_EKCB_TLS == protocol ? "TLS" : "DTLS"),
791 (CA_SSL_EKCB_CLIENT == role ? "Client" : "Server"));
793 oc_mutex_lock(g_sslContextMutex);
794 if (NULL == g_caSslContext)
796 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
797 oc_mutex_unlock(g_sslContextMutex);
798 return CA_STATUS_NOT_INITIALIZED;
801 if (CA_SSL_EKCB_TLS == protocol)
803 gTlsExportKeysCallback = exportKeysCb;
804 if (CA_SSL_EKCB_CLIENT == role)
806 sslConf = &g_caSslContext->clientTlsConf;
810 sslConf = &g_caSslContext->serverTlsConf;
815 gDtlsExportKeysCallback = exportKeysCb;
816 if (CA_SSL_EKCB_CLIENT == role)
818 sslConf = &g_caSslContext->clientDtlsConf;
822 sslConf = &g_caSslContext->serverDtlsConf;
825 protocolCtx = protocol;
827 if (NULL == exportKeysCb)
829 mbedtls_ssl_conf_export_keys_cb(sslConf, NULL, NULL);
830 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback unregistered.");
834 mbedtls_ssl_conf_export_keys_cb(sslConf, CASslExportKeysHandler, (void*)(&protocolCtx));
835 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback registered.");
837 oc_mutex_unlock(g_sslContextMutex);
839 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
845 * Parse chain of X.509 certificates.
847 * @param[out] crt container for X.509 certificates
848 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
849 or DER format in a jumble, delimiting symbols does not matter.
850 * @param[in] bufLen buffer length
851 * @param[in] errNum number certificates that failed to parse
853 * @return number of successfully parsed certificates or -1 on error
855 static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, size_t bufLen, int * errNum)
857 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
858 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
859 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
861 char pemCertHeader[] = {
862 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
863 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
865 char pemCertFooter[] = {
866 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
867 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
869 size_t pemCertHeaderLen = sizeof(pemCertHeader);
870 size_t pemCertFooterLen = sizeof(pemCertFooter);
873 unsigned char * tmp = NULL;
881 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
883 tmp = (unsigned char *)buf + pos + 1;
884 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
885 if (pos + len < bufLen)
887 ret = mbedtls_x509_crt_parse_der(crt, buf + pos, len + 4);
895 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse_der returned -0x%04x\n", -(ret));
900 else if ((buf + pos + pemCertHeaderLen < buf + bufLen) &&
901 (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen)))
903 void * endPos = NULL;
904 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
907 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
908 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
911 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen;
912 if (pos + len + 1 <= bufLen)
914 char con = buf[pos + len];
915 buf[pos + len] = 0x00;
916 ret = mbedtls_x509_crt_parse(crt, buf + pos, len + 1);
924 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
926 buf[pos + len] = con;
930 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
931 memcpy(lastCert, buf + pos, len);
932 lastCert[len] = 0x00;
933 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
941 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
952 OIC_LOG_V(INFO, NET_SSL_TAG, "%s successfully parsed %d certificates", __func__, count);
953 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
960 static int VerifyCertificateCallback(void *p_vrfy, mbedtls_x509_crt *crt, int depth,
964 char buf[1024] = {0};
966 if (0 != *flags) // Invalid Cerificate
969 ret = mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags);
972 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s(%d)", buf, *flags);
977 if (NULL == g_peerCertCallback.cb)
979 OIC_LOG(DEBUG, NET_SSL_TAG, "NOT SET g_peerCertCallback");
985 * depth = 0 : Own Cert.
986 * depth = 1 : Sub CA Cert.
987 * depth = 2 : Root CA Cert.
989 OIC_LOG_V(INFO, NET_SSL_TAG, "Depth : %d", depth);
991 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
992 OIC_LOG_V(DEBUG, NET_SSL_TAG, "crt : %s", buf);
994 return g_peerCertCallback.cb(g_peerCertCallback.ctx, crt, depth);
997 CAResult_t CAsetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback)
999 #ifndef __WITH_DTLS__
1001 UNUSED(peerCertCallback);
1002 OIC_LOG(ERROR, NET_SSL_TAG, "Not Supported");
1003 return CA_NOT_SUPPORTED;
1006 if (peerCertCallback)
1008 OIC_LOG(DEBUG, NET_SSL_TAG, "SET peerCertCallback");
1009 g_peerCertCallback.cb = peerCertCallback;
1010 g_peerCertCallback.ctx = ctx;
1014 OIC_LOG(DEBUG, NET_SSL_TAG, "UNSET peerCertCallback");
1015 g_peerCertCallback.cb = NULL;
1016 g_peerCertCallback.ctx = NULL;
1018 return CA_STATUS_OK;
1021 //Loads PKIX related information from SRM
1022 static int InitPKIX(CATransportAdapter_t adapter)
1024 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1025 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
1026 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1028 mbedtls_x509_crt_free(&g_caSslContext->ca);
1029 mbedtls_x509_crt_free(&g_caSslContext->crt);
1030 mbedtls_pk_free(&g_caSslContext->pkey);
1031 mbedtls_x509_crl_free(&g_caSslContext->crl);
1033 mbedtls_x509_crt_init(&g_caSslContext->ca);
1034 mbedtls_x509_crt_init(&g_caSslContext->crt);
1035 mbedtls_pk_init(&g_caSslContext->pkey);
1036 mbedtls_x509_crl_init(&g_caSslContext->crl);
1038 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ||
1039 adapter == CA_ADAPTER_GATT_BTLE ?
1040 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1041 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ||
1042 adapter == CA_ADAPTER_GATT_BTLE ?
1043 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1045 #ifdef __WITH_DTLS__
1047 * Conf. is initialized in CAinitSslAdapter()
1049 mbedtls_ssl_conf_verify(&g_caSslContext->clientDtlsConf, VerifyCertificateCallback, NULL);
1052 // load pk key, cert, trust chain and crl
1053 if (g_getPkixInfoCallback)
1055 OIC_LOG(INFO, NET_SSL_TAG, "g_getPkixInfoCallback will be invoked");
1056 g_getPkixInfoCallback(&g_pkiInfo);
1059 // parse own certficate (optional)
1062 int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
1065 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
1070 OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
1074 // parse private key if hw is not supported (optional)
1075 if(NULL == g_setupPkContextCallback)
1077 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback is NULL");
1078 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
1083 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback will be invoked");
1084 // setup hw pk context (optional)
1085 ret = g_setupPkContextCallback(&g_caSslContext->pkey);
1088 // setup public parameter
1089 mbedtls_pk_type_t ktype = mbedtls_pk_get_type(&g_caSslContext->pkey);
1090 if (MBEDTLS_PK_ECKEY == ktype || MBEDTLS_PK_ECKEY_DH == ktype
1091 || MBEDTLS_PK_ECDSA == ktype)
1093 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Copy ecp public param from cert, keytype [%d]", ktype);
1094 mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair*)g_caSslContext->crt.pk.pk_ctx;
1095 mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context*)g_caSslContext->pkey.pk_ctx;
1098 ret = mbedtls_ecdsa_from_keypair(ecdsa, eckey);
1101 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to copy public param [0x%x]", ret);
1106 OIC_LOG_V(WARNING, NET_SSL_TAG, "key-ctx(%p), cert-ctx(%p)", ecdsa, eckey);
1112 OIC_LOG_V(INFO, NET_SSL_TAG, "loaded key is not one of eckey type [%d]", ktype);
1117 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to call g_setupPkContextCallback [%d]", ret);
1122 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
1126 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1129 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
1132 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1135 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
1140 count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
1143 OIC_LOG(WARNING, NET_SSL_TAG, "CA chain in svr db was not parsed");
1144 OIC_LOG(WARNING, NET_SSL_TAG, " but if working as server, chain not required");
1145 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1150 OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
1153 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
1156 OIC_LOG(WARNING, NET_SSL_TAG, "CRL in svr db was not parsed");
1157 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
1161 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
1162 &g_caSslContext->ca, &g_caSslContext->crl);
1165 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1172 * @param[in] notUsed opaque context
1173 * @param[in] ssl mbedTLS context
1174 * @param[in] desc identity
1175 * @param[in] descLen identity length
1177 * @return 0 on success any other return value will result in a denied PSK identity
1179 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
1180 const unsigned char * desc, size_t descLen)
1182 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1183 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
1184 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
1185 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
1186 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
1188 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
1192 uint8_t keyBuf[PSK_LENGTH] = {0};
1194 // Retrieve the credentials blob from security module
1195 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
1198 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
1199 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
1200 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
1201 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
1203 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1204 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
1206 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
1211 * Gets session corresponding for endpoint.
1213 * @param[in] peer remote address
1215 * @return TLS session or NULL
1217 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
1219 uint32_t listIndex = 0;
1220 uint32_t listLength = 0;
1221 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1222 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
1223 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1225 SslEndPoint_t *tep = NULL;
1226 listLength = u_arraylist_length(g_caSslContext->peerList);
1227 for (listIndex = 0; listIndex < listLength; listIndex++)
1229 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1235 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d] for %d adapter",
1236 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port,
1239 if((peer->adapter == tep->sep.endpoint.adapter)
1240 && (0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
1241 && (peer->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == peer->adapter))
1243 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Found Peer:[%s:%d] for %d adapter",
1244 peer->addr, peer->port, peer->adapter);
1245 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1249 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1250 peer->addr, peer->port, peer->adapter);
1251 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1255 bool CAIsExistSslPeer(const CAEndpoint_t *peer)
1257 oc_mutex_lock(g_sslContextMutex);
1258 if (NULL == g_caSslContext)
1260 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1261 oc_mutex_unlock(g_sslContextMutex);
1265 if (GetSslPeer(peer))
1267 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Exist Peer");
1268 oc_mutex_unlock(g_sslContextMutex);
1273 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Not Exist Peer");
1274 oc_mutex_unlock(g_sslContextMutex);
1280 * Gets session corresponding for endpoint.
1282 * @param[in] peer remote address
1284 * @return TLS session or NULL
1286 static SslEndPoint_t *GetSslPeerUsingUuid(const uint8_t *identity, size_t idLength)
1288 uint32_t listIndex = 0;
1289 uint32_t listLength = 0;
1290 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1291 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL", NULL);
1292 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1294 OIC_LOG(INFO, NET_SSL_TAG, "[Target UUID]");
1295 OIC_LOG_BUFFER(INFO, NET_SSL_TAG, identity, idLength);
1297 SslEndPoint_t *tep = NULL;
1298 listLength = u_arraylist_length(g_caSslContext->peerList);
1299 for (listIndex = 0; listIndex < listLength; listIndex++)
1301 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1307 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare UUID for [%s:%d]",
1308 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1310 if ((tep->sep.identity.id_length == idLength)
1311 && (0 == memcmp(identity, tep->sep.identity.id, idLength)))
1313 OIC_LOG_V(INFO, NET_SSL_TAG, "Found matched UUID in [%s:%d]",
1314 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1315 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1319 OIC_LOG(INFO, NET_SSL_TAG, "Peer not found");
1320 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1325 #ifdef MULTIPLE_OWNER
1327 * Gets CA secure endpoint info corresponding for endpoint.
1329 * @param[in] peer remote address
1331 * @return CASecureEndpoint or NULL
1333 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
1335 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1337 // TODO: Added as workaround, need to debug
1338 oc_mutex_unlock(g_sslContextMutex);
1340 oc_mutex_lock(g_sslContextMutex);
1341 if (NULL == g_caSslContext)
1343 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1344 oc_mutex_unlock(g_sslContextMutex);
1348 SslEndPoint_t* sslPeer = GetSslPeer(peer);
1351 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1352 oc_mutex_unlock(g_sslContextMutex);
1353 return &sslPeer->sep;
1356 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
1357 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1358 oc_mutex_unlock(g_sslContextMutex);
1363 CAResult_t SetCASecureEndpointUuid(const CAEndpoint_t *peer, const char *uuid)
1365 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1366 VERIFY_NON_NULL(peer, NET_SSL_TAG, "peer");
1367 VERIFY_NON_NULL(peer, NET_SSL_TAG, "uuid");
1369 oc_mutex_lock(g_sslContextMutex);
1370 SslEndPoint_t *sslPeer = GetSslPeer(peer);
1371 if (NULL == sslPeer)
1373 OIC_LOG(ERROR, NET_SSL_TAG, "Peer not found");
1374 oc_mutex_unlock(g_sslContextMutex);
1375 return CA_STATUS_FAILED;
1378 OCRandomUuidResult ret = OCConvertStringToUuid(uuid, sslPeer->sep.identity.id);
1379 oc_mutex_unlock(g_sslContextMutex);
1381 if (RAND_UUID_OK != ret)
1383 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to convert uuid");
1384 return CA_STATUS_FAILED;
1387 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1389 return CA_STATUS_OK;
1393 * Deletes cached message.
1395 * @param[in] msg message
1397 static void DeleteCacheMessage(SslCacheMessage_t * msg)
1399 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1400 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
1405 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1408 * Deletes cached message list.
1410 * @param[in] cacheList list of cached messages
1412 static void DeleteCacheList(u_arraylist_t * cacheList)
1414 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1415 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
1416 uint32_t listIndex = 0;
1417 uint32_t listLength = 0;
1419 listLength = u_arraylist_length(cacheList);
1420 for (listIndex = 0; listIndex < listLength; listIndex++)
1422 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
1425 DeleteCacheMessage(msg);
1428 u_arraylist_free(&cacheList);
1430 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1433 * Deletes endpoint with session.
1435 * @param[in] tep endpoint with session info
1437 static void DeleteSslEndPoint(SslEndPoint_t * tep)
1439 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1440 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
1442 mbedtls_ssl_free(&tep->ssl);
1443 DeleteCacheList(tep->cacheList);
1445 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1448 * Removes endpoint session from list.
1450 * @param[in] endpoint remote address
1452 static void RemovePeerFromList(const CAEndpoint_t * endpoint)
1454 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1455 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1456 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
1457 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1458 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1460 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1465 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
1466 && (endpoint->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == endpoint->adapter))
1468 u_arraylist_remove(g_caSslContext->peerList, listIndex);
1469 OIC_LOG_V(INFO, NET_SSL_TAG, "Remove Peer:[%s:%d] for %d adapter",
1470 endpoint->addr, endpoint->port, endpoint->adapter);
1471 DeleteSslEndPoint(tep);
1472 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1476 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1477 endpoint->addr, endpoint->port, endpoint->adapter);
1478 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1481 * Deletes session list.
1483 static void DeletePeerList()
1485 OIC_LOG_V(DEBUG, NET_SSL_TAG, "%s", __func__);
1486 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1488 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1489 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1491 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1496 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1501 ret = mbedtls_ssl_close_notify(&tep->ssl);
1503 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1505 DeleteSslEndPoint(tep);
1507 u_arraylist_free(&g_caSslContext->peerList);
1510 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
1512 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1513 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1515 oc_mutex_lock(g_sslContextMutex);
1516 if (NULL == g_caSslContext)
1518 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1519 oc_mutex_unlock(g_sslContextMutex);
1520 return CA_STATUS_FAILED;
1522 SslEndPoint_t * tep = GetSslPeer(endpoint);
1525 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1526 oc_mutex_unlock(g_sslContextMutex);
1527 return CA_STATUS_FAILED;
1529 /* No error checking, the connection might be closed already */
1533 ret = mbedtls_ssl_close_notify(&tep->ssl);
1535 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1537 RemovePeerFromList(&tep->sep.endpoint);
1538 oc_mutex_unlock(g_sslContextMutex);
1540 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1541 return CA_STATUS_OK;
1545 CAResult_t CAcloseSslConnectionFreeEndpoint(CAEndpoint_t *endpoint)
1547 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1548 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1550 CAResult_t ret = CAcloseSslConnection(endpoint);
1553 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1558 CAResult_t CAcloseSslConnectionUsingUuid(const uint8_t *identity, size_t idLength)
1560 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1561 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL" , CA_STATUS_INVALID_PARAM);
1563 oc_mutex_lock(g_sslContextMutex);
1564 if (NULL == g_caSslContext)
1566 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1567 oc_mutex_unlock(g_sslContextMutex);
1568 return CA_STATUS_FAILED;
1571 SslEndPoint_t* tep = GetSslPeerUsingUuid(identity, idLength);
1574 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1575 oc_mutex_unlock(g_sslContextMutex);
1576 return CA_STATUS_FAILED;
1579 /* No error checking, the connection might be closed already */
1583 ret = mbedtls_ssl_close_notify(&tep->ssl);
1585 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1587 RemovePeerFromList(&tep->sep.endpoint);
1588 oc_mutex_unlock(g_sslContextMutex);
1590 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1591 return CA_STATUS_OK;
1594 void CAcloseSslConnectionAll(CATransportAdapter_t transportType)
1596 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1597 oc_mutex_lock(g_sslContextMutex);
1598 if (NULL == g_caSslContext)
1600 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1601 oc_mutex_unlock(g_sslContextMutex);
1605 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1606 OIC_LOG_V(INFO, NET_SSL_TAG,
1607 "Required transport [%d], peer count [%d]", transportType, listLength);
1608 for (uint32_t i = listLength; i > 0; i--)
1610 SslEndPoint_t *tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList, i - 1);
1615 OIC_LOG_V(INFO, NET_SSL_TAG, "SSL Connection [%s:%d], Transport [%d]",
1616 tep->sep.endpoint.addr, tep->sep.endpoint.port, tep->sep.endpoint.adapter);
1618 // check transport matching
1619 if (0 == (tep->sep.endpoint.adapter & transportType))
1621 OIC_LOG(DEBUG, NET_SSL_TAG, "Skip the un-matched transport session");
1625 // TODO: need to check below code after socket close is ensured.
1629 ret = mbedtls_ssl_close_notify(&tep->ssl);
1631 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);*/
1634 u_arraylist_remove(g_caSslContext->peerList, i - 1);
1635 DeleteSslEndPoint(tep);
1637 oc_mutex_unlock(g_sslContextMutex);
1639 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1643 * Creates session for endpoint.
1645 * @param[in] endpoint remote address
1646 * @param[in] config mbedTLS configuration info
1648 * @return TLS endpoint or NULL
1650 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
1652 SslEndPoint_t * tep = NULL;
1653 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1654 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
1655 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
1656 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1658 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
1661 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1665 tep->sep.endpoint = *endpoint;
1666 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
1668 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
1670 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
1672 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1676 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
1677 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
1679 mbedtls_ssl_set_timer_cb(&tep->ssl, &tep->timer,
1680 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
1681 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1683 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
1684 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
1686 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
1687 mbedtls_ssl_free(&tep->ssl);
1689 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1694 tep->cacheList = u_arraylist_create();
1695 if (NULL == tep->cacheList)
1697 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
1698 mbedtls_ssl_free(&tep->ssl);
1700 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1703 OIC_LOG_V(INFO, NET_SSL_TAG, "New [%s role] endpoint added [%s:%d]",
1704 (MBEDTLS_SSL_IS_SERVER==config->endpoint ? "server" : "client"),
1705 endpoint->addr, endpoint->port);
1706 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1710 * Initializes PSK identity.
1712 * @param[out] config client/server config to be updated
1714 * @return 0 on success or -1 on error
1716 static int InitPskIdentity(mbedtls_ssl_config * config)
1718 uint8_t keyBuf[PSK_LENGTH] = {0};
1719 uint8_t idBuf[UUID_LENGTH] = {0};
1720 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1721 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
1723 //Retrieve PSK identity from SVR DB
1724 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
1726 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
1727 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1730 //Store PSK ideneity in mbedtls_ssl_config
1731 if (0 != mbedtls_ssl_conf_psk(config, keyBuf, PSK_LENGTH, idBuf, UUID_LENGTH))
1733 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
1734 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1737 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1740 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1743 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1744 VERIFY_NON_NULL_VOID(config, NET_SSL_TAG, "Invaild param");
1745 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1746 VERIFY_NON_NULL_VOID(g_getCredentialTypesCallback, NET_SSL_TAG, "Param callback is null");
1748 //Resetting cipherFlag
1749 g_caSslContext->cipherFlag[0] = false;
1750 g_caSslContext->cipherFlag[1] = false;
1752 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1753 // Retrieve the PSK credential from SRM
1754 if (0 != InitPskIdentity(config))
1756 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1759 // Retrieve the Cert credential from SRM
1760 if (true == g_caSslContext->cipherFlag[1])
1762 int ret = InitPKIX(adapter);
1765 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1769 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1771 if (SSL_CIPHER_MAX < g_caSslContext->cipher)
1773 OIC_LOG(ERROR, NET_SSL_TAG, "Maximum ciphersuite index exceeded");
1776 // Add the preferred ciphersuite first
1777 if (SSL_CIPHER_MAX != g_caSslContext->cipher)
1779 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1780 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Preferred ciphersuite added");
1784 // Add PSK ciphersuite
1785 if (true == g_caSslContext->cipherFlag[0] &&
1786 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[g_caSslContext->cipher][0])
1788 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1789 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK ciphersuite added");
1793 // Add all certificate ciphersuites
1794 if (true == g_caSslContext->cipherFlag[1])
1796 for (unsigned int i = 0; i < SSL_CIPHER_MAX - 1; i++)
1798 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[i][0] &&
1799 i != g_caSslContext->cipher)
1801 g_cipherSuitesList[index] = tlsCipher[i][0];
1806 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1808 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1812 OIC_LOG(INFO, NET_SSL_TAG, "Supported ciphersuites:");
1813 for (int i = 0; i < index; i++)
1815 OIC_LOG_V(INFO, NET_SSL_TAG, "Ciphersuite %04x", g_cipherSuitesList[i]);
1818 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1820 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1823 * Initiate TLS handshake with endpoint.
1825 * @param[in] endpoint remote address
1827 * @return TLS endpoint or NULL
1829 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1832 SslEndPoint_t * tep = NULL;
1834 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1835 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1836 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1838 //Remove previous peer info from peer list.
1839 RemovePeerFromList(endpoint);
1841 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ||
1842 endpoint->adapter == CA_ADAPTER_GATT_BTLE ?
1843 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1844 tep = NewSslEndPoint(endpoint, config);
1847 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1851 //Load allowed SVR suites from SVR DB
1852 SetupCipher(config, endpoint->adapter);
1854 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1857 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1858 DeleteSslEndPoint(tep);
1862 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1864 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1865 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1871 OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
1872 RemovePeerFromList(&tep->sep.endpoint);
1875 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1877 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1880 #ifdef __WITH_DTLS__
1882 * Stops DTLS retransmission.
1884 static void StopRetransmit()
1888 unregisterTimer(g_caSslContext->timerId);
1889 g_caSslContext->timerId= -1;
1893 void CAdeinitSslAdapter()
1895 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1897 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1898 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1900 //Lock tlsContext mutex
1901 oc_mutex_lock(g_sslContextMutex);
1906 // De-initialize mbedTLS
1907 mbedtls_x509_crt_free(&g_caSslContext->ca);
1908 mbedtls_x509_crt_free(&g_caSslContext->crt);
1909 mbedtls_pk_free(&g_caSslContext->pkey);
1910 mbedtls_x509_crl_free(&g_caSslContext->crl);
1912 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1913 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1914 #endif // __WITH_TLS__
1915 #ifdef __WITH_DTLS__
1916 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1917 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1918 mbedtls_ssl_cookie_free(&g_caSslContext->cookieCtx);
1919 #endif // __WITH_DTLS__
1920 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1921 mbedtls_entropy_free(&g_caSslContext->entropy);
1922 #ifdef __WITH_DTLS__
1925 // De-initialize tls Context
1926 OICFree(g_caSslContext);
1927 g_caSslContext = NULL;
1929 // Delete decrypt buffer
1930 if (g_decryptBuffer)
1932 OICFree(g_decryptBuffer);
1933 g_decryptBuffer = NULL;
1936 // Unlock tlsContext mutex and de-initialize it
1937 oc_mutex_unlock(g_sslContextMutex);
1938 oc_mutex_free(g_sslContextMutex);
1939 g_sslContextMutex = NULL;
1941 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1944 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1946 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1947 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1948 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1949 mbedtls_ssl_config_init(conf);
1950 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1952 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1956 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1957 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1958 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1959 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1960 mbedtls_ssl_conf_renegotiation(conf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1961 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1962 mbedtls_ssl_conf_sig_hashes(conf, g_ssl_ordered_default_hashes);
1964 #ifdef __WITH_DTLS__
1965 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == transport &&
1966 MBEDTLS_SSL_IS_SERVER == mode)
1968 mbedtls_ssl_conf_dtls_cookies(conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
1969 &g_caSslContext->cookieCtx);
1971 #endif // __WITH_DTLS__
1973 #if !defined(NDEBUG) || defined(TB_LOG)
1974 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1975 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1977 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1980 #ifdef __WITH_DTLS__
1982 * Starts DTLS retransmission.
1984 static int StartRetransmit()
1986 uint32_t listIndex = 0;
1987 uint32_t listLength = 0;
1988 SslEndPoint_t *tep = NULL;
1990 oc_mutex_lock(g_sslContextMutex);
1991 if (NULL == g_caSslContext)
1993 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
1994 oc_mutex_unlock(g_sslContextMutex);
1997 if (g_caSslContext->timerId != -1)
1999 //clear previous timer
2000 unregisterTimer(g_caSslContext->timerId);
2002 listLength = u_arraylist_length(g_caSslContext->peerList);
2004 for (listIndex = 0; listIndex < listLength; listIndex++)
2006 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
2008 || (tep->ssl.conf && MBEDTLS_SSL_TRANSPORT_STREAM == tep->ssl.conf->transport)
2009 || MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
2013 OIC_LOG_V(INFO, NET_SSL_TAG, "peer #%d", (int) listIndex);
2015 int ret = mbedtls_ssl_handshake_step(&tep->ssl);
2017 if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
2020 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
2022 SSL_CHECK_FAIL(tep, ret, "Retransmission", 1, CA_STATUS_FAILED,
2023 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2028 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
2029 oc_mutex_unlock(g_sslContextMutex);
2035 CAResult_t CAinitSslAdapter()
2037 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2038 // Initialize mutex for tlsContext
2039 if (NULL == g_sslContextMutex)
2041 g_sslContextMutex = oc_mutex_new();
2042 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
2046 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
2047 return CA_STATUS_OK;
2050 // Lock tlsContext mutex and create tlsContext
2051 oc_mutex_lock(g_sslContextMutex);
2052 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
2054 if (NULL == g_caSslContext)
2056 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
2057 oc_mutex_unlock(g_sslContextMutex);
2058 oc_mutex_free(g_sslContextMutex);
2059 g_sslContextMutex = NULL;
2060 return CA_MEMORY_ALLOC_FAILED;
2064 g_caSslContext->peerList = u_arraylist_create();
2066 if(NULL == g_caSslContext->peerList)
2068 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
2069 OICFree(g_caSslContext);
2070 g_caSslContext = NULL;
2071 oc_mutex_unlock(g_sslContextMutex);
2072 oc_mutex_free(g_sslContextMutex);
2073 g_sslContextMutex = NULL;
2074 return CA_STATUS_FAILED;
2077 /* Initialize TLS library
2079 #if !defined(NDEBUG) || defined(TB_LOG)
2080 char version[MBED_TLS_VERSION_LEN];
2081 mbedtls_version_get_string(version);
2082 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
2087 mbedtls_entropy_init(&g_caSslContext->entropy);
2088 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
2091 unsigned char seed[sizeof(SEED)] = {0};
2093 urandomFd = open("/dev/urandom", O_RDONLY);
2096 OIC_LOG(ERROR, NET_SSL_TAG, "Fails open /dev/urandom!");
2097 oc_mutex_unlock(g_sslContextMutex);
2098 CAdeinitSslAdapter();
2099 return CA_STATUS_FAILED;
2101 if(0 > read(urandomFd, seed, sizeof(seed)))
2103 OIC_LOG(ERROR, NET_SSL_TAG, "Fails read from /dev/urandom!");
2105 oc_mutex_unlock(g_sslContextMutex);
2106 CAdeinitSslAdapter();
2107 return CA_STATUS_FAILED;
2112 unsigned char * seed = (unsigned char*) SEED;
2114 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
2115 &g_caSslContext->entropy, seed, sizeof(SEED)))
2117 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
2118 oc_mutex_unlock(g_sslContextMutex);
2119 CAdeinitSslAdapter();
2120 return CA_STATUS_FAILED;
2122 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
2125 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
2126 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
2128 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2129 oc_mutex_unlock(g_sslContextMutex);
2130 CAdeinitSslAdapter();
2131 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2132 return CA_STATUS_FAILED;
2135 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
2136 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
2138 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2139 oc_mutex_unlock(g_sslContextMutex);
2140 CAdeinitSslAdapter();
2141 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2142 return CA_STATUS_FAILED;
2144 #endif // __WITH_TLS__
2145 #ifdef __WITH_DTLS__
2146 mbedtls_ssl_cookie_init(&g_caSslContext->cookieCtx);
2147 if (0 != mbedtls_ssl_cookie_setup(&g_caSslContext->cookieCtx, mbedtls_ctr_drbg_random,
2148 &g_caSslContext->rnd))
2150 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
2151 oc_mutex_unlock(g_sslContextMutex);
2152 CAdeinitSslAdapter();
2153 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2154 return CA_STATUS_FAILED;
2157 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
2158 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
2160 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2161 oc_mutex_unlock(g_sslContextMutex);
2162 CAdeinitSslAdapter();
2163 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2164 return CA_STATUS_FAILED;
2167 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
2168 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
2170 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2171 oc_mutex_unlock(g_sslContextMutex);
2172 CAdeinitSslAdapter();
2173 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2174 return CA_STATUS_FAILED;
2176 #endif // __WITH_DTLS__
2178 // set default cipher
2179 g_caSslContext->cipher = SSL_CIPHER_MAX;
2182 mbedtls_x509_crt_init(&g_caSslContext->ca);
2183 mbedtls_x509_crt_init(&g_caSslContext->crt);
2184 mbedtls_pk_init(&g_caSslContext->pkey);
2185 mbedtls_x509_crl_init(&g_caSslContext->crl);
2187 #ifdef __WITH_DTLS__
2188 g_caSslContext->timerId = -1;
2191 // create decrypt buffer
2192 g_decryptBuffer = (uint8_t *)OICCalloc(1, TLS_MSG_BUF_LEN);
2193 if (NULL == g_decryptBuffer)
2195 OIC_LOG(ERROR, NET_SSL_TAG, "Decrypt buffer malloc failed");
2196 oc_mutex_unlock(g_sslContextMutex);
2197 CAdeinitSslAdapter();
2198 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2199 return CA_MEMORY_ALLOC_FAILED;
2202 oc_mutex_unlock(g_sslContextMutex);
2203 #ifdef __WITH_DTLS__
2207 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2208 return CA_STATUS_OK;
2211 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
2213 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2214 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
2217 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
2218 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2221 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
2222 if (NULL == message)
2224 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2225 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2229 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
2230 if (NULL == message->data)
2232 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2234 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2237 memcpy(message->data, data, dataLen);
2238 message->len = dataLen;
2239 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2243 /* Send data via TLS connection.
2245 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
2246 void *data, uint32_t dataLen)
2250 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s ", __func__);
2252 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
2253 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
2254 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
2258 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
2259 return CA_STATUS_FAILED;
2262 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
2264 oc_mutex_lock(g_sslContextMutex);
2265 if(NULL == g_caSslContext)
2267 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2268 oc_mutex_unlock(g_sslContextMutex);
2269 return CA_STATUS_FAILED;
2272 SslEndPoint_t * tep = GetSslPeer(endpoint);
2275 tep = InitiateTlsHandshake(endpoint);
2279 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2280 oc_mutex_unlock(g_sslContextMutex);
2281 return CA_STATUS_FAILED;
2284 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
2286 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)");
2288 unsigned char *dataBuf = (unsigned char *)data;
2293 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, dataLen - written);
2296 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2298 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned 0x%x", -ret);
2299 RemovePeerFromList(&tep->sep.endpoint);
2300 oc_mutex_unlock(g_sslContextMutex);
2301 return CA_STATUS_FAILED;
2305 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2309 } while (dataLen > written);
2314 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
2315 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
2317 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2318 oc_mutex_unlock(g_sslContextMutex);
2319 return CA_STATUS_FAILED;
2323 oc_mutex_unlock(g_sslContextMutex);
2325 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2326 return CA_STATUS_OK;
2329 * Sends cached messages via TLS connection.
2331 * @param[in] tep remote address with session info
2333 static void SendCacheMessages(SslEndPoint_t * tep)
2335 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2336 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
2338 uint32_t listIndex = 0;
2339 uint32_t listLength = 0;
2340 listLength = u_arraylist_length(tep->cacheList);
2341 for (listIndex = 0; listIndex < listLength;)
2344 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
2345 if (NULL != msg && NULL != msg->data && 0 != msg->len)
2347 unsigned char *dataBuf = (unsigned char *)msg->data;
2352 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
2355 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2357 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
2362 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2366 } while (msg->len > written);
2368 if (u_arraylist_remove(tep->cacheList, listIndex))
2370 DeleteCacheMessage(msg);
2371 // Reduce list length by 1 as we removed one element.
2376 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
2382 // Move to the next element
2386 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2389 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
2391 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2392 g_sslCallback = tlsHandshakeCallback;
2393 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2397 * Check RFC4122 based UUID
2399 * @param uuidString string representation of UUID
2400 * @return true for success, otherwise false
2402 static bool CheckUuidFormat(const char uuidString[UUID_STR_SIZE])
2404 // Indexes of '-' symbols in string representation of UUID
2405 static const int dash_idxs[4] = {8,13,18,23};
2407 VERIFY_NON_NULL_RET(uuidString, NET_SSL_TAG, "uuidString is NULL" , false);
2409 // Check for '-' symbols
2410 for (int i = 0; i < 4; i++)
2412 if (uuidString[dash_idxs[i]] != '-')
2418 for (int i = 0; i < UUID_STR_SIZE; i++)
2421 if (i == dash_idxs[0] || i == dash_idxs[1] || i == dash_idxs[2] || i == dash_idxs[3])
2426 if ((uuidString[i] >= 'a' && uuidString[i] <= 'f')
2427 || (uuidString[i] >= 'A' && uuidString[i] <= 'F')
2428 || (uuidString[i] >= '0' && uuidString[i] <= '9') )
2440 * FindUuid function finds the first entry of RFC4122 based UUID
2442 * @param data pointer to unformatted data
2443 * @param size data size
2445 * @return pointer to string representation of the found UUID if success, otherwise NULL
2447 static const char* FindUuid(const char* data, size_t size)
2449 const char* result = NULL;
2451 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL" , NULL);
2452 if (size < UUID_STR_SIZE)
2454 OIC_LOG(ERROR, NET_SSL_TAG, "Buffer size is too small");
2458 const char* currentPtr = data;
2459 int currentSize = size;
2461 && (currentPtr = (const char*)memchr((const void*)++currentPtr, '-', currentSize - 1))
2462 && ((currentSize = (size - (currentPtr - data))) >= (UUID_STR_SIZE - 8)))
2464 if (currentPtr - data >= 8 && CheckUuidFormat(currentPtr - 8))
2466 result = currentPtr - 8;
2473 /* Read data from TLS connection
2475 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
2478 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
2479 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2480 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
2484 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is zero");
2485 return CA_STATUS_FAILED;
2488 oc_mutex_lock(g_sslContextMutex);
2489 if (NULL == g_caSslContext)
2491 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2492 oc_mutex_unlock(g_sslContextMutex);
2493 return CA_STATUS_FAILED;
2496 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
2499 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2500 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2501 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2502 peer = NewSslEndPoint(&sep->endpoint, config);
2505 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
2506 oc_mutex_unlock(g_sslContextMutex);
2507 return CA_STATUS_FAILED;
2509 //Load allowed TLS suites from SVR DB
2510 SetupCipher(config, sep->endpoint.adapter);
2512 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
2515 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2517 oc_mutex_unlock(g_sslContextMutex);
2518 return CA_STATUS_FAILED;
2522 peer->recBuf.buff = data;
2523 peer->recBuf.len = dataLen;
2524 peer->recBuf.loaded = 0;
2526 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
2528 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2529 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
2534 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
2536 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
2537 mbedtls_ssl_session_reset(&peer->ssl);
2538 mbedtls_ssl_set_client_transport_id(&peer->ssl,
2539 (const unsigned char *) sep->endpoint.addr,
2540 sizeof(sep->endpoint.addr));
2541 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2543 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
2545 ((MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint) ||
2546 (MBEDTLS_SSL_IS_SERVER == peer->ssl.conf->endpoint && MBEDTLS_X509_BADCERT_MISSING != flags)))
2548 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
2549 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
2550 CA_STATUS_FAILED, GetAlertCode(flags));
2552 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2553 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
2555 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
2556 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
2558 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
2560 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
2563 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2565 SSL_RES(peer, CA_STATUS_OK);
2566 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2568 SendCacheMessages(peer);
2571 int selectedCipher = peer->ssl.session->ciphersuite;
2572 OIC_LOG_V(DEBUG, NET_SSL_TAG, "(D)TLS Session is connected via ciphersuite [0x%x]", selectedCipher);
2573 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != selectedCipher &&
2574 MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != selectedCipher)
2576 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
2577 ret = (NULL == peerCert ? -1 : 0);
2578 if (g_CertificateVerificationCallback)
2580 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
2583 g_CertificateVerificationCallback(CA_CERTIFICATE_VERIFY_SUCCESS_MUTUAL);
2585 else if (MBEDTLS_X509_BADCERT_MISSING == flags)
2587 g_CertificateVerificationCallback(CA_CERTIFICATE_VERIFY_NO_CERT);
2591 g_CertificateVerificationCallback(CA_CERTIFICATE_VERIFY_FAILED);
2594 //SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
2595 // CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
2598 const char* uuidptr = FindUuid((const char*)peerCert->subject_raw.p, peerCert->subject_raw.len);
2601 char uuid[UUID_STR_SIZE + 1] = {0};
2602 strncpy(uuid, uuidptr, UUID_STR_SIZE);
2603 uuid[UUID_STR_SIZE] = '\0';
2604 OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s" , uuid);
2605 ret = OCConvertStringToUuid(uuid, peer->sep.identity.id);
2606 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
2607 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2611 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
2616 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2618 SendCacheMessages(peer);
2620 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2621 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2622 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2624 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_REQUIRED);
2626 oc_mutex_unlock(g_sslContextMutex);
2627 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2628 return CA_STATUS_OK;
2632 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2634 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)");
2636 // flag to read again remained data
2637 bool read_more = false;
2640 if (NULL == g_decryptBuffer)
2642 OIC_LOG(ERROR, NET_SSL_TAG, "decrypt buffer is NULL");
2643 oc_mutex_unlock(g_sslContextMutex);
2644 return CA_STATUS_FAILED;
2646 memset(g_decryptBuffer, 0, TLS_MSG_BUF_LEN);
2651 ret = mbedtls_ssl_read(&peer->ssl, g_decryptBuffer, TLS_MSG_BUF_LEN);
2652 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
2654 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
2655 // TinyDTLS sends fatal close_notify alert
2656 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
2657 MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
2658 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
2660 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
2661 RemovePeerFromList(&peer->sep.endpoint);
2662 oc_mutex_unlock(g_sslContextMutex);
2663 return CA_STATUS_OK;
2668 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
2669 //SSL_RES(peer, CA_STATUS_FAILED);
2670 RemovePeerFromList(&peer->sep.endpoint);
2671 oc_mutex_unlock(g_sslContextMutex);
2672 return CA_STATUS_FAILED;
2676 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
2677 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
2680 res = g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep,
2681 g_decryptBuffer, ret);
2682 if (CA_STATUS_OK != res)
2684 OIC_LOG(ERROR, NET_SSL_TAG, "recvCallback is failed");
2685 RemovePeerFromList(&peer->sep.endpoint);
2686 oc_mutex_unlock(g_sslContextMutex);
2687 return CA_STATUS_FAILED;
2690 // check if decrypted data is remained in stream transport
2691 size_t remained = mbedtls_ssl_get_bytes_avail(&peer->ssl);
2693 MBEDTLS_SSL_TRANSPORT_STREAM == peer->ssl.conf->transport)
2695 OIC_LOG_V(DEBUG, NET_SSL_TAG, "need to read %zu bytes more", remained);
2701 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
2702 RemovePeerFromList(&peer->sep.endpoint);
2703 oc_mutex_unlock(g_sslContextMutex);
2704 return CA_STATUS_FAILED;
2707 } while (read_more);
2710 oc_mutex_unlock(g_sslContextMutex);
2711 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2712 return CA_STATUS_OK;
2715 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
2716 CAPacketSendCallback sendCallback,
2717 CATransportAdapter_t type)
2719 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2720 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
2721 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
2722 oc_mutex_lock(g_sslContextMutex);
2723 if (NULL == g_caSslContext)
2725 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2726 oc_mutex_unlock(g_sslContextMutex);
2733 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
2734 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
2736 case CA_ADAPTER_TCP:
2737 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
2738 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
2740 case CA_ADAPTER_GATT_BTLE:
2741 g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
2742 g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
2745 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
2748 oc_mutex_unlock(g_sslContextMutex);
2749 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2752 * Gets index of the TLS ciphersuite in the SslCipher_t enum.
2754 * @param[in] cipher TLS chiphersuite code
2756 * @return corresponding enum
2759 static SslCipher_t GetCipherIndex(const uint32_t cipher)
2763 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
2765 return SSL_RSA_WITH_AES_256_CBC_SHA256;
2767 case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
2769 return SSL_RSA_WITH_AES_128_GCM_SHA256;
2771 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
2773 return SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
2775 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
2777 return SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
2779 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
2781 return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
2783 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
2785 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
2787 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
2789 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
2791 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
2793 return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
2795 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
2797 return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
2799 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
2801 return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
2803 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
2805 return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
2807 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
2809 return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
2811 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
2813 return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
2817 return SSL_CIPHER_MAX;
2822 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
2824 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2825 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL context is not initialized." , CA_STATUS_NOT_INITIALIZED);
2827 SslCipher_t index = GetCipherIndex(cipher);
2828 if (SSL_CIPHER_MAX == index)
2830 OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
2835 CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
2836 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2838 #ifdef __WITH_DTLS__
2839 CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
2840 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2842 OIC_LOG_V(INFO, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
2844 g_caSslContext->cipher = index;
2846 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2847 return CA_STATUS_OK;
2850 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
2852 CAResult_t res = CA_STATUS_OK;
2853 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2854 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2855 oc_mutex_lock(g_sslContextMutex);
2856 if (NULL == InitiateTlsHandshake(endpoint))
2858 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2859 res = CA_STATUS_FAILED;
2861 oc_mutex_unlock(g_sslContextMutex);
2862 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2866 * Expands the secret into blocks of data according
2867 * to the algorithm specified in section 5 of RFC 4346
2869 * This function writes upto @p bufLen bytes into the given output buffer @p buf
2871 * @param key secret key.
2872 * @param keyLen secret key length.
2873 * @param label A PRF label.
2874 * @param labelLen Actual length of @p label.
2875 * @param random1 Random seed.
2876 * @param random1Len Actual length of @p random1 (may be zero).
2877 * @param random2 Random seed.
2878 * @param random2Len Actual length of @p random2 (may be zero).
2879 * @param buf Output buffer for generated random data.
2880 * @param bufLen Maximum size of @p buf.
2882 * @return The actual number of bytes written to @p buf or @c -1 on error.
2885 static int pHash (const unsigned char *key, size_t keyLen,
2886 const unsigned char *label, size_t labelLen,
2887 const unsigned char *random1, size_t random1Len,
2888 const unsigned char *random2, size_t random2Len,
2889 unsigned char *buf, size_t bufLen)
2891 unsigned char A[RANDOM_LEN] = {0};
2892 unsigned char tmp[RANDOM_LEN] = {0};
2893 size_t dLen; /* digest length */
2894 size_t len = 0; /* result length */
2896 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
2897 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
2898 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
2899 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
2900 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
2902 mbedtls_md_context_t hmacA;
2903 mbedtls_md_context_t hmacP;
2905 mbedtls_md_init(&hmacA);
2906 mbedtls_md_init(&hmacP);
2908 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2909 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2911 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
2912 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
2913 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
2914 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
2915 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2919 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2921 while (len + dLen < bufLen)
2923 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2924 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2925 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2926 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2927 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2928 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2930 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2934 memcpy(buf, tmp, dLen);
2937 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
2938 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
2939 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
2940 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2943 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2944 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2945 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2947 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2948 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2949 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2950 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2952 memcpy(buf, tmp, bufLen - len);
2954 mbedtls_md_free(&hmacA);
2955 mbedtls_md_free(&hmacP);
2959 mbedtls_md_free(&hmacA);
2960 mbedtls_md_free(&hmacP);
2964 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
2965 const uint8_t* label, const size_t labelLen,
2966 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
2967 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
2968 uint8_t* ownerPsk, const size_t ownerPskSize)
2970 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2971 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
2972 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
2973 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
2974 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
2975 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
2977 oc_mutex_lock(g_sslContextMutex);
2978 if (NULL == g_caSslContext)
2980 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2981 oc_mutex_unlock(g_sslContextMutex);
2982 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2983 return CA_STATUS_FAILED;
2985 SslEndPoint_t * tep = GetSslPeer(endpoint);
2988 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
2989 oc_mutex_unlock(g_sslContextMutex);
2990 return CA_STATUS_FAILED;
2993 // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
2997 int keyBlockLen = 0;
2998 if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2999 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
3000 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
3001 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
3003 // 2 * ( 32 + 0 + 16 ) = 96
3004 macKeyLen = SHA256_MAC_KEY_LENGTH;
3005 ivSize = CBC_IV_LENGTH;
3006 keySize = AES128_KEY_LENGTH;
3008 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
3009 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
3011 // 2 * ( 0 + 4 + 16 ) = 40
3012 macKeyLen = CCM_MAC_KEY_LENGTH;
3013 ivSize = CCM_IV_LENGTH;
3014 keySize = AES128_KEY_LENGTH;
3016 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
3018 // 2 * ( 32 + 12 + 16 ) = 120
3019 macKeyLen = SHA256_MAC_KEY_LENGTH;
3020 ivSize = GCM_IV_LENGTH;
3021 keySize = AES128_KEY_LENGTH;
3023 else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
3025 // 2 * ( 32 + 0 + 32 ) = 128
3026 macKeyLen = SHA256_MAC_KEY_LENGTH;
3027 ivSize = CBC_IV_LENGTH;
3028 keySize = AES256_KEY_LENGTH;
3030 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
3032 // 2 * ( 48 + 0 + 32 ) = 160
3033 macKeyLen = SHA384_MAC_KEY_LENGTH;
3034 ivSize = CBC_IV_LENGTH;
3035 keySize = AES256_KEY_LENGTH;
3037 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
3039 // 2 * ( 48 + 12 + 32 ) = 184
3040 macKeyLen = SHA384_MAC_KEY_LENGTH;
3041 ivSize = GCM_IV_LENGTH;
3042 keySize = AES256_KEY_LENGTH;
3044 else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
3046 // 2 * ( 48 + 12 + 32 ) = 184
3047 macKeyLen = SHA256_MAC_KEY_LENGTH;
3048 ivSize = GCM_IV_LENGTH;
3049 keySize = AES128_KEY_LENGTH;
3051 keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
3053 uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
3054 if (NULL == keyblock)
3056 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
3057 oc_mutex_unlock(g_sslContextMutex);
3058 return CA_STATUS_FAILED;
3062 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
3063 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
3064 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
3065 keyblock, keyBlockLen);
3068 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
3070 oc_mutex_unlock(g_sslContextMutex);
3071 return CA_STATUS_FAILED;
3074 ret = pHash(keyblock, keyBlockLen, label, labelLen,
3075 rsrcServerDeviceId, rsrcServerDeviceIdLen,
3076 provServerDeviceId, provServerDeviceIdLen,
3077 ownerPsk, ownerPskSize);
3080 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
3082 oc_mutex_unlock(g_sslContextMutex);
3083 return CA_STATUS_FAILED;
3087 oc_mutex_unlock(g_sslContextMutex);
3089 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
3090 return CA_STATUS_OK;