1 /******************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
21 #define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
30 #include "ca_adapter_net_ssl.h"
32 #include "caadapterutils.h"
33 #include "cainterface.h"
34 #include "caipinterface.h"
35 #include "oic_malloc.h"
37 #include "byte_array.h"
42 // headers required for mbed TLS
43 #include "mbedtls/platform.h"
44 #include "mbedtls/ssl.h"
45 #include "mbedtls/entropy.h"
46 #include "mbedtls/ctr_drbg.h"
47 #include "mbedtls/pkcs12.h"
48 #include "mbedtls/ssl_internal.h"
49 #include "mbedtls/net.h"
51 #include "mbedtls/timing.h"
52 #include "mbedtls/ssl_cookie.h"
54 #include "pkix_interface.h"
56 #if !defined(NDEBUG) || defined(TB_LOG)
57 #include "mbedtls/debug.h"
58 #include "mbedtls/version.h"
62 #include <sys/types.h>
70 * @def MBED_TLS_VERSION_LEN
71 * @brief mbedTLS version string length
73 #define MBED_TLS_VERSION_LEN (16)
76 * @brief Seed for initialization RNG
78 #define SEED "IOTIVITY_RND"
81 * @brief uuid prefix in certificate subject field
83 #define UUID_PREFIX "uuid:"
86 * @brief userid prefix in certificate alternative subject name field
88 #define USERID_PREFIX "userid:"
92 * @brief Logging tag for module name
94 #define NET_SSL_TAG "OIC_CA_NET_SSL"
97 * @brief Logging tag for mbedTLS library
99 #define MBED_TLS_TAG "MBED_TLS"
101 * @def MMBED_TLS_DEBUG_LEVEL
102 * @brief Logging level for mbedTLS library
104 #define MBED_TLS_DEBUG_LEVEL (4)
107 * @def TLS_MSG_BUF_LEN
108 * @brief Buffer size for TLS record. A single TLS record may be up to 16384 octets in length
110 #if defined (__TIZENRT__)
111 #define TLS_MSG_BUF_LEN (2048)
113 #define TLS_MSG_BUF_LEN (16384)
118 * @brief PSK keys max length
120 #define PSK_LENGTH (256/8)
122 * @def UUID_LENGTHPSK_LENGTH
123 * @brief Identity max length
125 #define UUID_LENGTH (128/8)
127 * @def MASTER_SECRET_LEN
128 * @brief TLS master secret length
130 #define MASTER_SECRET_LEN (48)
133 * @brief TLS client and server random bytes length
135 #define RANDOM_LEN (32)
137 * @def SHA384_MAC_KEY_LENGTH
138 * @brief MAC key length for SHA384 cipher suites
140 #define SHA384_MAC_KEY_LENGTH (48)
142 * @def SHA256_MAC_KEY_LENGTH
143 * @brief MAC key length for SHA256 cipher suites
145 #define SHA256_MAC_KEY_LENGTH (32)
147 * @def CCM_MAC_KEY_LENGTH
148 * @brief MAC key length for CCM cipher suites
150 #define CCM_MAC_KEY_LENGTH (0)
152 * @def AES256_KEY_LENGTH
153 * @brief key material length for AES256 cipher suites
155 #define AES256_KEY_LENGTH (32)
157 * @def AES128_KEY_LENGTH
158 * @brief key material length for AES128 cipher suites
160 #define AES128_KEY_LENGTH (16)
163 * @brief length of nonce for GCM cipher suites
165 #define GCM_IV_LENGTH (12)
168 * @brief length of nonce for CCM cipher suites
170 #define CCM_IV_LENGTH (4)
173 * @brief length of nonce for CBC cipher suites
175 #define CBC_IV_LENGTH (0)
178 * @var RETRANSMISSION_TIME
179 * @brief Maximum timeout value (in seconds) to start DTLS retransmission.
181 #define RETRANSMISSION_TIME 1
183 /**@def SSL_CLOSE_NOTIFY(peer, ret)
185 * Notifies of existing \a peer about closing TLS connection.
187 * @param[in] peer remote peer
188 * @param[in] ret used internaly
190 #define SSL_CLOSE_NOTIFY(peer, ret) \
193 (ret) = mbedtls_ssl_close_notify(&(peer)->ssl); \
194 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
196 /**@def SSL_RES(peer, status)
198 * Sets SSL result for callback.
200 * @param[in] peer remote peer
202 #define SSL_RES(peer, status) \
205 CAErrorInfo_t errorInfo; \
206 errorInfo.result = (status); \
207 g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
209 /**@def SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg)
211 * Checks handshake result and send alert if needed.
213 * @param[in] peer remote peer
214 * @param[in] ret error code
215 * @param[in] str debug string
216 * @param[in] mutex ca mutex
217 * @param[in] error if code does not equal to -1 returns error code
218 * @param[in] msg allert message
220 #define SSL_CHECK_FAIL(peer, ret, str, mutex, error, msg) \
221 if (0 != (ret) && MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY != (int) (ret) && \
222 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED != (int) (ret) && \
223 MBEDTLS_ERR_SSL_WANT_READ != (int) (ret) && \
224 MBEDTLS_ERR_SSL_WANT_WRITE != (int) (ret) && \
225 MBEDTLS_ERR_SSL_NON_FATAL != (int) (ret) && \
226 MBEDTLS_SSL_ALERT_MSG_USER_CANCELED != (int) (ret) && \
227 MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION != (int) (ret) && \
228 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT != (int) (ret) && \
229 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY != (int) (ret) && \
230 MBEDTLS_SSL_ALERT_MSG_NO_CERT != (int) (ret) && \
231 MBEDTLS_SSL_ALERT_MSG_BAD_CERT != (int) (ret) && \
232 MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT != (int) (ret) && \
233 MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED != (int) (ret) && \
234 MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED != (int) (ret) && \
235 MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN != (int) (ret) && \
236 MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK != (int) (ret) && \
237 MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME != (int) (ret) && \
238 MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != (int) (ret) && \
239 MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != (int) (ret)) \
241 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -(ret)); \
242 if ((int) MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE != (int) (ret) && \
243 (int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int) (ret)) \
245 mbedtls_ssl_send_alert_message(&(peer)->ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, (msg)); \
247 RemovePeerFromList(&(peer)->sep.endpoint); \
250 oc_mutex_unlock(g_sslContextMutex); \
252 if ((int) MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != (int)(ret)) \
254 SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE); \
256 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); \
257 if (-1 != (intptr_t)error) \
263 /**@def CONF_SSL(clientConf, serverConf, fn, ...)
265 * Calls \a fn for \a clientConf and \a serverConf.
268 #define CONF_SSL(clientConf, serverConf, fn, ...) do { \
269 fn((clientConf), __VA_ARGS__); \
270 fn((serverConf), __VA_ARGS__); \
273 /** @def CHECK_MBEDTLS_RET(f, ...)
274 * A macro that checks \a f function return code
276 * If function returns error code it goes to error processing.
278 * @param[in] f Function to call
280 #define CHECK_MBEDTLS_RET(f, ...) do { \
281 int ret = (f)(__VA_ARGS__); \
283 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
289 SSL_RSA_WITH_AES_256_CBC_SHA256,
290 SSL_RSA_WITH_AES_128_GCM_SHA256,
291 SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
292 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
293 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
294 SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
295 SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
296 SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
297 SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
298 SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
299 SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
300 SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
301 SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
307 ADAPTER_CURVE_SECP256R1,
311 static const int tlsCipher[SSL_CIPHER_MAX][2] =
313 {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
314 {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
315 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
316 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 0},
317 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
318 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
319 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
320 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
321 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
322 {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
323 {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
324 {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
325 {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
328 static int g_cipherSuitesList[SSL_CIPHER_MAX];
330 static int g_ssl_ordered_default_hashes[] = {
331 #if defined(MBEDTLS_SHA256_C)
335 #if defined(MBEDTLS_SHA1_C)
341 mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
343 {MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_NONE}
346 static PkiInfo_t g_pkiInfo = {{NULL, 0}, {NULL, 0}, {NULL, 0}, {NULL, 0}};
353 static const CrtVerifyAlert_t crtVerifyAlerts[] = {
354 {MBEDTLS_X509_BADCERT_EXPIRED, MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED},
355 {MBEDTLS_X509_BADCERT_REVOKED, MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED},
356 {MBEDTLS_X509_BADCERT_CN_MISMATCH, MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN},
357 {MBEDTLS_X509_BADCERT_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
358 {MBEDTLS_X509_BADCRL_NOT_TRUSTED, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA},
359 {MBEDTLS_X509_BADCRL_EXPIRED, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
360 {MBEDTLS_X509_BADCERT_MISSING, MBEDTLS_SSL_ALERT_MSG_NO_CERT},
361 {MBEDTLS_X509_BADCERT_SKIP_VERIFY, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
362 {MBEDTLS_X509_BADCERT_OTHER, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR},
363 {MBEDTLS_X509_BADCERT_FUTURE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
364 {MBEDTLS_X509_BADCRL_FUTURE, MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY},
365 {MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
366 {MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
367 {MBEDTLS_X509_BADCERT_NS_CERT_TYPE, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
368 {MBEDTLS_X509_BADCERT_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
369 {MBEDTLS_X509_BADCERT_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
370 {MBEDTLS_X509_BADCERT_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
371 {MBEDTLS_X509_BADCRL_BAD_MD, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
372 {MBEDTLS_X509_BADCRL_BAD_PK, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
373 {MBEDTLS_X509_BADCRL_BAD_KEY, MBEDTLS_SSL_ALERT_MSG_BAD_CERT},
377 static int GetAlertCode(uint32_t flags)
379 const CrtVerifyAlert_t *cur;
381 for (cur = crtVerifyAlerts; cur->alert != 0 ; cur++)
383 if (flags & cur->code)
391 #if !defined(NDEBUG) || defined(TB_LOG)
393 * Pass a message to the OIC logger.
395 * @param[in] ctx opaque context for the callback
396 * @param[in] level debug level
397 * @param[in] file file name
398 * @param[in] line line number
399 * @param[in] str message
401 static void DebugSsl(void *ctx, int level, const char *file, int line, const char *str)
408 OIC_LOG_V(DEBUG, MBED_TLS_TAG, "%s", str);
412 #if defined(_WIN32) || defined (__TIZENRT__)
414 * Finds the first occurrence of the byte string s in byte string l.
417 static void * memmem(const void *l, size_t lLen, const void *s, size_t sLen)
421 const char *cl = (const char *)l;
422 const char *cs = (const char *)s;
424 if (lLen == 0 || sLen == 0)
434 return (void *)memchr(l, (int)*cs, lLen);
437 last = (char *)cl + lLen - sLen;
439 for (cur = (char *)cl; cur <= last; cur++)
441 if (cur[0] == cs[0] && memcmp(cur, cs, sLen) == 0)
450 * structure to holds the information of cache message and address info.
452 typedef ByteArray_t SslCacheMessage_t;
456 * Data structure for holding the send and recv callbacks.
458 typedef struct TlsCallBacks
460 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
461 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
465 * Data structure for holding the mbedTLS interface related info.
467 typedef struct SslContext
469 u_arraylist_t *peerList; /**< peer list which holds the mapping between
470 peer id, it's n/w address and mbedTLS context. */
471 mbedtls_entropy_context entropy;
472 mbedtls_ctr_drbg_context rnd;
474 mbedtls_x509_crt crt;
475 mbedtls_pk_context pkey;
477 mbedtls_ssl_config clientTlsConf;
478 mbedtls_ssl_config serverTlsConf;
479 mbedtls_ssl_config clientDtlsConf;
480 mbedtls_ssl_config serverDtlsConf;
483 SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
484 mbedtls_x509_crl crl;
489 mbedtls_ssl_cookie_ctx cookieCtx;
495 * @var g_caSslContext
496 * @brief global context which holds tls context and cache list information.
498 static SslContext_t * g_caSslContext = NULL;
500 static SslExportKeysCallback_t gTlsExportKeysCallback = NULL;
502 static SslExportKeysCallback_t gDtlsExportKeysCallback = NULL;
505 * @var g_getCredentialsCallback
506 * @brief callback to get TLS credentials (same as for DTLS)
508 static CAgetPskCredentialsHandler g_getCredentialsCallback = NULL;
510 * @var g_getCerdentilTypesCallback
511 * @brief callback to get different credential types from SRM
513 static CAgetCredentialTypesHandler g_getCredentialTypesCallback = NULL;
515 * @var g_getPkixInfoCallback
517 * @brief callback to get X.509-based Public Key Infrastructure
519 static CAgetPkixInfoHandler g_getPkixInfoCallback = NULL;
522 * @var g_setupPkContextCallback
524 * @brief callback to setup PK context handler for H/W based Public Key Infrastructure
526 static CAsetupPkContextHandler g_setupPkContextCallback = NULL;
529 * @var g_dtlsContextMutex
530 * @brief Mutex to synchronize access to g_caSslContext.
532 static oc_mutex g_sslContextMutex = NULL;
536 * @brief callback to deliver the TLS handshake result
538 static CAErrorCallback g_sslCallback = NULL;
541 * Data structure for PeerCertCallback.
547 } PeerCertCallback_t;
550 * @var g_peerCertCallback
552 * @brief callback to utilize peer certificate information
554 static PeerCertCallback_t g_peerCertCallback = {NULL, NULL};
557 * @var g_decryptBuffer
558 * @brief decrypt buffer which will be used for decryption
560 static uint8_t *g_decryptBuffer = NULL;
563 * Data structure for holding the data to be received.
565 typedef struct SslRecBuf
572 * Data structure for holding the data related to endpoint
575 typedef struct SslEndPoint
577 mbedtls_ssl_context ssl;
578 CASecureEndpoint_t sep;
579 u_arraylist_t * cacheList;
581 uint8_t master[MASTER_SECRET_LEN];
582 uint8_t random[2*RANDOM_LEN];
584 mbedtls_timing_delay_context timer;
585 #endif // __WITH_DTLS__
588 void CAsetPskCredentialsCallback(CAgetPskCredentialsHandler credCallback)
590 // TODO Does this method needs protection of tlsContextMutex?
591 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
592 g_getCredentialsCallback = credCallback;
593 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
596 void CAsetPkixInfoCallback(CAgetPkixInfoHandler infoCallback)
598 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
599 g_getPkixInfoCallback = infoCallback;
600 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
603 void CAsetSetupPkContextCallback(CAsetupPkContextHandler setupPkCtxCallback)
605 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
606 g_setupPkContextCallback = setupPkCtxCallback;
607 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
610 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
612 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
613 g_getCredentialTypesCallback = credTypesCallback;
614 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
617 static int GetAdapterIndex(CATransportAdapter_t adapter)
625 case CA_ADAPTER_GATT_BTLE:
628 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
635 * @param[in] tep TLS endpoint
636 * @param[in] data message
637 * @param[in] dataLen message length
639 * @return message length or -1 on error.
641 static int SendCallBack(void * tep, const unsigned char * data, size_t dataLen)
643 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
644 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "secure endpoint is NULL", -1);
645 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", -1);
646 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
647 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data len: %zu", dataLen);
648 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Adapter: %u", ((SslEndPoint_t * )tep)->sep.endpoint.adapter);
650 int adapterIndex = GetAdapterIndex(((SslEndPoint_t * )tep)->sep.endpoint.adapter);
651 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
653 CAPacketSendCallback sendCallback = g_caSslContext->adapterCallbacks[adapterIndex].sendCallback;
654 sentLen = sendCallback(&(((SslEndPoint_t * )tep)->sep.endpoint), (const void *) data, dataLen);
657 OIC_LOG_V(ERROR, NET_SSL_TAG, "sendCallback() is Failed(%zd)", sentLen);
660 else if ((size_t)sentLen != dataLen)
662 OIC_LOG_V(DEBUG, NET_SSL_TAG,
663 "Packet was partially sent - total/sent/remained bytes : %zd/%zu/%lu",
664 sentLen, dataLen, (dataLen - sentLen));
669 OIC_LOG(ERROR, NET_SSL_TAG, "Unsupported adapter");
673 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
679 * @param[in] tep TLS endpoint
680 * @param[in] data message
681 * @param[in] dataLen message length
683 * @return read length
685 static int RecvCallBack(void * tep, unsigned char * data, size_t dataLen)
687 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
688 VERIFY_NON_NULL_RET(tep, NET_SSL_TAG, "endpoint is NULL", 0);
689 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "data is NULL", 0);
691 SslRecBuf_t *recBuf = &((SslEndPoint_t *)tep)->recBuf;
692 size_t retLen = (recBuf->len > recBuf->loaded ? recBuf->len - recBuf->loaded : 0);
693 retLen = (retLen < dataLen ? retLen : dataLen);
695 memcpy(data, recBuf->buff + recBuf->loaded, retLen);
696 recBuf->loaded += retLen;
698 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
702 static int CASslExportKeysHandler(void *p_expkey,
703 const unsigned char *ms,
704 const unsigned char *kb,
709 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
711 if (NULL == g_caSslContext)
713 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
714 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
716 if (NULL == p_expkey)
718 OIC_LOG(ERROR, NET_SSL_TAG, "Can not find the protocol information from 'p_expkey'.");
719 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
722 CASslEkcbProtocol_t* protocol = (CASslEkcbProtocol_t*)p_expkey;
724 if (gTlsExportKeysCallback && CA_SSL_EKCB_TLS == (*protocol))
726 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking TLS export key callback.");
727 gTlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
729 else if (gDtlsExportKeysCallback && CA_SSL_EKCB_DTLS == (*protocol))
731 OIC_LOG(DEBUG, NET_SSL_TAG, "Invoking DTLS export key callback.");
732 gDtlsExportKeysCallback(ms, kb, maclen, keylen, ivlen);
736 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to Invoke (D)TLS export key callback.");
737 return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
740 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
744 CAResult_t CASetSslExportKeysCallback(SslExportKeysCallback_t exportKeysCb,
745 CASslEkcbProtocol_t protocol, CASslEkcbRole_t role)
747 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
748 mbedtls_ssl_config* sslConf = NULL;
749 static CASslEkcbProtocol_t protocolCtx = CA_SSL_EKCB_TLS;
751 if (CA_SSL_EKCB_TLS != protocol && CA_SSL_EKCB_DTLS != protocol)
753 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild protocol.");
754 return CA_STATUS_INVALID_PARAM;
756 if (CA_SSL_EKCB_CLIENT != role && CA_SSL_EKCB_SERVER != role)
758 OIC_LOG(ERROR, NET_SSL_TAG, "Invaild role.");
759 return CA_STATUS_INVALID_PARAM;
762 OIC_LOG_V(DEBUG, NET_SSL_TAG, "TLS Export Key Callback Type : [%s] [%s]",
763 (CA_SSL_EKCB_TLS == protocol ? "TLS" : "DTLS"),
764 (CA_SSL_EKCB_CLIENT == role ? "Client" : "Server"));
766 oc_mutex_lock(g_sslContextMutex);
767 if (NULL == g_caSslContext)
769 OIC_LOG(ERROR, NET_SSL_TAG, "SSL Context is not initialized.");
770 oc_mutex_unlock(g_sslContextMutex);
771 return CA_STATUS_NOT_INITIALIZED;
774 if (CA_SSL_EKCB_TLS == protocol)
776 gTlsExportKeysCallback = exportKeysCb;
777 if (CA_SSL_EKCB_CLIENT == role)
779 sslConf = &g_caSslContext->clientTlsConf;
783 sslConf = &g_caSslContext->serverTlsConf;
788 gDtlsExportKeysCallback = exportKeysCb;
789 if (CA_SSL_EKCB_CLIENT == role)
791 sslConf = &g_caSslContext->clientDtlsConf;
795 sslConf = &g_caSslContext->serverDtlsConf;
798 protocolCtx = protocol;
800 if (NULL == exportKeysCb)
802 mbedtls_ssl_conf_export_keys_cb(sslConf, NULL, NULL);
803 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback unregistered.");
807 mbedtls_ssl_conf_export_keys_cb(sslConf, CASslExportKeysHandler, (void*)(&protocolCtx));
808 OIC_LOG(DEBUG, NET_SSL_TAG, "Export key callback registered.");
810 oc_mutex_unlock(g_sslContextMutex);
812 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
818 * Parse chain of X.509 certificates.
820 * @param[out] crt container for X.509 certificates
821 * @param[in] data buffer with X.509 certificates. Certificates may be in either in PEM
822 or DER format in a jumble, delimiting symbols does not matter.
823 * @param[in] bufLen buffer length
824 * @param[in] errNum number certificates that failed to parse
826 * @return number of successfully parsed certificates or -1 on error
828 static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, size_t bufLen, int * errNum)
830 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
831 VERIFY_NON_NULL_RET(crt, NET_SSL_TAG, "Param crt is NULL" , -1);
832 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "Param buf is NULL" , -1);
834 char pemCertHeader[] = {
835 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52,
836 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
838 char pemCertFooter[] = {
839 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
840 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
842 size_t pemCertHeaderLen = sizeof(pemCertHeader);
843 size_t pemCertFooterLen = sizeof(pemCertFooter);
846 unsigned char * tmp = NULL;
854 if (buf[pos] == 0x30 && buf[pos + 1] == 0x82)
856 tmp = (unsigned char *)buf + pos + 1;
857 CHECK_MBEDTLS_RET(mbedtls_asn1_get_len, &tmp, buf + bufLen, &len);
858 if (pos + len < bufLen)
860 ret = mbedtls_x509_crt_parse_der(crt, buf + pos, len + 4);
868 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse_der returned -0x%04x\n", -(ret));
873 else if ((buf + pos + pemCertHeaderLen < buf + bufLen) &&
874 (0 == memcmp(buf + pos, pemCertHeader, pemCertHeaderLen)))
876 void * endPos = NULL;
877 endPos = memmem(&(buf[pos]), bufLen - pos, pemCertFooter, pemCertFooterLen);
880 OIC_LOG(ERROR, NET_SSL_TAG, "Error: end of PEM certificate not found.");
881 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
884 len = (char*)endPos - ((char*)buf + pos) + pemCertFooterLen;
885 if (pos + len + 1 <= bufLen)
887 char con = buf[pos + len];
888 buf[pos + len] = 0x00;
889 ret = mbedtls_x509_crt_parse(crt, buf + pos, len + 1);
897 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
899 buf[pos + len] = con;
903 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
904 memcpy(lastCert, buf + pos, len);
905 lastCert[len] = 0x00;
906 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
914 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_x509_crt_parse returned -0x%04x\n", -(ret));
925 OIC_LOG_V(INFO, NET_SSL_TAG, "%s successfully parsed %d certificates", __func__, count);
926 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
933 static int VerifyCertificateCallback(void *p_vrfy, mbedtls_x509_crt *crt, int depth,
937 char buf[1024] = {0};
939 if (0 != *flags) // Invalid Cerificate
942 ret = mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags);
945 OIC_LOG_V(ERROR, NET_SSL_TAG, "%s(%d)", buf, *flags);
950 if (NULL == g_peerCertCallback.cb)
952 OIC_LOG(DEBUG, NET_SSL_TAG, "NOT SET g_peerCertCallback");
958 * depth = 0 : Own Cert.
959 * depth = 1 : Sub CA Cert.
960 * depth = 2 : Root CA Cert.
962 OIC_LOG_V(INFO, NET_SSL_TAG, "Depth : %d", depth);
964 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
965 OIC_LOG_V(DEBUG, NET_SSL_TAG, "crt : %s", buf);
967 return g_peerCertCallback.cb(g_peerCertCallback.ctx, crt, depth);
970 CAResult_t CAsetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback)
972 #ifndef __WITH_DTLS__
974 UNUSED(peerCertCallback);
975 OIC_LOG(ERROR, NET_SSL_TAG, "Not Supported");
976 return CA_NOT_SUPPORTED;
979 if (peerCertCallback)
981 OIC_LOG(DEBUG, NET_SSL_TAG, "SET peerCertCallback");
982 g_peerCertCallback.cb = peerCertCallback;
983 g_peerCertCallback.ctx = ctx;
987 OIC_LOG(DEBUG, NET_SSL_TAG, "UNSET peerCertCallback");
988 g_peerCertCallback.cb = NULL;
989 g_peerCertCallback.ctx = NULL;
994 //Loads PKIX related information from SRM
995 static int InitPKIX(CATransportAdapter_t adapter)
997 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
998 VERIFY_NON_NULL_RET(g_getPkixInfoCallback, NET_SSL_TAG, "PKIX info callback is NULL", -1);
999 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1001 mbedtls_x509_crt_free(&g_caSslContext->ca);
1002 mbedtls_x509_crt_free(&g_caSslContext->crt);
1003 mbedtls_pk_free(&g_caSslContext->pkey);
1004 mbedtls_x509_crl_free(&g_caSslContext->crl);
1006 mbedtls_x509_crt_init(&g_caSslContext->ca);
1007 mbedtls_x509_crt_init(&g_caSslContext->crt);
1008 mbedtls_pk_init(&g_caSslContext->pkey);
1009 mbedtls_x509_crl_init(&g_caSslContext->crl);
1011 mbedtls_ssl_config * serverConf = (adapter == CA_ADAPTER_IP ||
1012 adapter == CA_ADAPTER_GATT_BTLE ?
1013 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
1014 mbedtls_ssl_config * clientConf = (adapter == CA_ADAPTER_IP ||
1015 adapter == CA_ADAPTER_GATT_BTLE ?
1016 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1018 #ifdef __WITH_DTLS__
1020 * Conf. is initialized in CAinitSslAdapter()
1022 mbedtls_ssl_conf_verify(&g_caSslContext->clientDtlsConf, VerifyCertificateCallback, NULL);
1025 // load pk key, cert, trust chain and crl
1026 if (g_getPkixInfoCallback)
1028 OIC_LOG(INFO, NET_SSL_TAG, "g_getPkixInfoCallback will be invoked");
1029 g_getPkixInfoCallback(&g_pkiInfo);
1032 // parse own certficate (optional)
1035 int count = ParseChain(&g_caSslContext->crt, g_pkiInfo.crt.data, g_pkiInfo.crt.len, &errNum);
1038 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate chain parsing error");
1043 OIC_LOG_V(WARNING, NET_SSL_TAG, "Own certificate chain parsing error: %d certs failed to parse", errNum);
1047 // parse private key if hw is not supported (optional)
1048 if(NULL == g_setupPkContextCallback)
1050 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback is NULL");
1051 ret = mbedtls_pk_parse_key(&g_caSslContext->pkey, g_pkiInfo.key.data, g_pkiInfo.key.len,
1056 OIC_LOG(INFO, NET_SSL_TAG, "g_setupPkContextCallback will be invoked");
1057 // setup hw pk context (optional)
1058 ret = g_setupPkContextCallback(&g_caSslContext->pkey);
1061 // setup public parameter
1062 mbedtls_pk_type_t ktype = mbedtls_pk_get_type(&g_caSslContext->pkey);
1063 if (MBEDTLS_PK_ECKEY == ktype || MBEDTLS_PK_ECKEY_DH == ktype
1064 || MBEDTLS_PK_ECDSA == ktype)
1066 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Copy ecp public param from cert, keytype [%d]", ktype);
1067 mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair*)g_caSslContext->crt.pk.pk_ctx;
1068 mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context*)g_caSslContext->pkey.pk_ctx;
1071 ret = mbedtls_ecdsa_from_keypair(ecdsa, eckey);
1074 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to copy public param [0x%x]", ret);
1079 OIC_LOG_V(WARNING, NET_SSL_TAG, "key-ctx(%p), cert-ctx(%p)", ecdsa, eckey);
1085 OIC_LOG_V(INFO, NET_SSL_TAG, "loaded key is not one of eckey type [%d]", ktype);
1090 OIC_LOG_V(ERROR, NET_SSL_TAG, "Fail to call g_setupPkContextCallback [%d]", ret);
1095 OIC_LOG(WARNING, NET_SSL_TAG, "Key parsing error");
1099 ret = mbedtls_ssl_conf_own_cert(serverConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1102 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate parsing error");
1105 ret = mbedtls_ssl_conf_own_cert(clientConf, &g_caSslContext->crt, &g_caSslContext->pkey);
1108 OIC_LOG(WARNING, NET_SSL_TAG, "Own certificate configuration error");
1113 count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
1116 OIC_LOG(WARNING, NET_SSL_TAG, "CA chain in svr db was not parsed");
1117 OIC_LOG(WARNING, NET_SSL_TAG, " but if working as server, chain not required");
1118 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1123 OIC_LOG_V(WARNING, NET_SSL_TAG, "CA chain parsing warning: %d certs failed to parse", errNum);
1126 ret = mbedtls_x509_crl_parse_der(&g_caSslContext->crl, g_pkiInfo.crl.data, g_pkiInfo.crl.len);
1129 OIC_LOG(WARNING, NET_SSL_TAG, "CRL in svr db was not parsed");
1130 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
1134 CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
1135 &g_caSslContext->ca, &g_caSslContext->crl);
1138 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1145 * @param[in] notUsed opaque context
1146 * @param[in] ssl mbedTLS context
1147 * @param[in] desc identity
1148 * @param[in] descLen identity length
1150 * @return 0 on success any other return value will result in a denied PSK identity
1152 static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
1153 const unsigned char * desc, size_t descLen)
1155 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1156 VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_SSL_TAG, "Credential callback s NULL", -1);
1157 VERIFY_NON_NULL_RET(ssl, NET_SSL_TAG, "ssl pointer is NULL", -1);
1158 VERIFY_NON_NULL_RET(desc, NET_SSL_TAG, "desc pointer is NULL", -1);
1159 if (descLen > CA_MAX_ENDPOINT_IDENTITY_LEN)
1161 OIC_LOG(ERROR, NET_SSL_TAG, "desc too long!");
1165 uint8_t keyBuf[PSK_LENGTH] = {0};
1167 // Retrieve the credentials blob from security module
1168 int ret = g_getCredentialsCallback(CA_DTLS_PSK_KEY, desc, descLen, keyBuf, PSK_LENGTH);
1171 memcpy(((SslEndPoint_t *) ssl)->sep.identity.id, desc, descLen);
1172 ((SslEndPoint_t *) ssl)->sep.identity.id_length = descLen;
1173 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
1174 OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
1176 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1177 return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
1179 OIC_LOG_V(WARNING, NET_SSL_TAG, "Out %s", __func__);
1184 * Gets session corresponding for endpoint.
1186 * @param[in] peer remote address
1188 * @return TLS session or NULL
1190 static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
1192 uint32_t listIndex = 0;
1193 uint32_t listLength = 0;
1194 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1195 VERIFY_NON_NULL_RET(peer, NET_SSL_TAG, "TLS peer is NULL", NULL);
1196 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1198 SslEndPoint_t *tep = NULL;
1199 listLength = u_arraylist_length(g_caSslContext->peerList);
1200 for (listIndex = 0; listIndex < listLength; listIndex++)
1202 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1208 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare [%s:%d] and [%s:%d] for %d adapter",
1209 peer->addr, peer->port, tep->sep.endpoint.addr, tep->sep.endpoint.port,
1212 if((peer->adapter == tep->sep.endpoint.adapter)
1213 && (0 == strncmp(peer->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA))
1214 && (peer->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == peer->adapter))
1216 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Found Peer:[%s:%d] for %d adapter",
1217 peer->addr, peer->port, peer->adapter);
1218 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1222 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1223 peer->addr, peer->port, peer->adapter);
1224 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1228 bool CAIsExistSslPeer(const CAEndpoint_t *peer)
1230 oc_mutex_lock(g_sslContextMutex);
1231 if (NULL == g_caSslContext)
1233 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1234 oc_mutex_unlock(g_sslContextMutex);
1238 if (GetSslPeer(peer))
1240 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Exist Peer");
1241 oc_mutex_unlock(g_sslContextMutex);
1246 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Not Exist Peer");
1247 oc_mutex_unlock(g_sslContextMutex);
1253 * Gets session corresponding for endpoint.
1255 * @param[in] peer remote address
1257 * @return TLS session or NULL
1259 static SslEndPoint_t *GetSslPeerUsingUuid(const uint8_t *identity, size_t idLength)
1261 uint32_t listIndex = 0;
1262 uint32_t listLength = 0;
1263 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1264 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL", NULL);
1265 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1267 OIC_LOG(INFO, NET_SSL_TAG, "[Target UUID]");
1268 OIC_LOG_BUFFER(INFO, NET_SSL_TAG, identity, idLength);
1270 SslEndPoint_t *tep = NULL;
1271 listLength = u_arraylist_length(g_caSslContext->peerList);
1272 for (listIndex = 0; listIndex < listLength; listIndex++)
1274 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1280 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Compare UUID for [%s:%d]",
1281 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1283 if ((tep->sep.identity.id_length == idLength)
1284 && (0 == memcmp(identity, tep->sep.identity.id, idLength)))
1286 OIC_LOG_V(INFO, NET_SSL_TAG, "Found matched UUID in [%s:%d]",
1287 tep->sep.endpoint.addr, tep->sep.endpoint.port);
1288 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1292 OIC_LOG(INFO, NET_SSL_TAG, "Peer not found");
1293 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1298 #ifdef MULTIPLE_OWNER
1300 * Gets CA secure endpoint info corresponding for endpoint.
1302 * @param[in] peer remote address
1304 * @return CASecureEndpoint or NULL
1306 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
1308 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1310 // TODO: Added as workaround, need to debug
1311 oc_mutex_unlock(g_sslContextMutex);
1313 oc_mutex_lock(g_sslContextMutex);
1314 if (NULL == g_caSslContext)
1316 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1317 oc_mutex_unlock(g_sslContextMutex);
1321 SslEndPoint_t* sslPeer = GetSslPeer(peer);
1324 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1325 oc_mutex_unlock(g_sslContextMutex);
1326 return &sslPeer->sep;
1329 OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
1330 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1331 oc_mutex_unlock(g_sslContextMutex);
1337 * Deletes cached message.
1339 * @param[in] msg message
1341 static void DeleteCacheMessage(SslCacheMessage_t * msg)
1343 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1344 VERIFY_NON_NULL_VOID(msg, NET_SSL_TAG, "msg");
1349 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1352 * Deletes cached message list.
1354 * @param[in] cacheList list of cached messages
1356 static void DeleteCacheList(u_arraylist_t * cacheList)
1358 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1359 VERIFY_NON_NULL_VOID(cacheList, NET_SSL_TAG, "cacheList");
1360 uint32_t listIndex = 0;
1361 uint32_t listLength = 0;
1363 listLength = u_arraylist_length(cacheList);
1364 for (listIndex = 0; listIndex < listLength; listIndex++)
1366 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(cacheList, listIndex);
1369 DeleteCacheMessage(msg);
1372 u_arraylist_free(&cacheList);
1374 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1377 * Deletes endpoint with session.
1379 * @param[in] tep endpoint with session info
1381 static void DeleteSslEndPoint(SslEndPoint_t * tep)
1383 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1384 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "tep");
1386 mbedtls_ssl_free(&tep->ssl);
1387 DeleteCacheList(tep->cacheList);
1389 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1392 * Removes endpoint session from list.
1394 * @param[in] endpoint remote address
1396 static void RemovePeerFromList(const CAEndpoint_t * endpoint)
1398 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1399 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1400 VERIFY_NON_NULL_VOID(endpoint, NET_SSL_TAG, "endpoint");
1401 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1402 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1404 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1409 if(0 == strncmp(endpoint->addr, tep->sep.endpoint.addr, MAX_ADDR_STR_SIZE_CA)
1410 && (endpoint->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == endpoint->adapter))
1412 u_arraylist_remove(g_caSslContext->peerList, listIndex);
1413 OIC_LOG_V(INFO, NET_SSL_TAG, "Remove Peer:[%s:%d] for %d adapter",
1414 endpoint->addr, endpoint->port, endpoint->adapter);
1415 DeleteSslEndPoint(tep);
1416 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1420 OIC_LOG_V(INFO, NET_SSL_TAG, "Peer not found:[%s:%d] for %d adapter",
1421 endpoint->addr, endpoint->port, endpoint->adapter);
1422 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1425 * Deletes session list.
1427 static void DeletePeerList()
1429 OIC_LOG_V(DEBUG, NET_SSL_TAG, "%s", __func__);
1430 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1432 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1433 for (uint32_t listIndex = 0; listIndex < listLength; listIndex++)
1435 SslEndPoint_t * tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList,listIndex);
1440 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1445 ret = mbedtls_ssl_close_notify(&tep->ssl);
1447 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1449 DeleteSslEndPoint(tep);
1451 u_arraylist_free(&g_caSslContext->peerList);
1454 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
1456 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1457 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
1459 oc_mutex_lock(g_sslContextMutex);
1460 if (NULL == g_caSslContext)
1462 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1463 oc_mutex_unlock(g_sslContextMutex);
1464 return CA_STATUS_FAILED;
1466 SslEndPoint_t * tep = GetSslPeer(endpoint);
1469 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1470 oc_mutex_unlock(g_sslContextMutex);
1471 return CA_STATUS_FAILED;
1473 /* No error checking, the connection might be closed already */
1477 ret = mbedtls_ssl_close_notify(&tep->ssl);
1479 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1481 RemovePeerFromList(&tep->sep.endpoint);
1482 oc_mutex_unlock(g_sslContextMutex);
1484 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1485 return CA_STATUS_OK;
1488 CAResult_t CAcloseSslConnectionUsingUuid(const uint8_t *identity, size_t idLength)
1490 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1491 VERIFY_NON_NULL_RET(identity, NET_SSL_TAG, "Param identity is NULL" , CA_STATUS_INVALID_PARAM);
1493 oc_mutex_lock(g_sslContextMutex);
1494 if (NULL == g_caSslContext)
1496 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1497 oc_mutex_unlock(g_sslContextMutex);
1498 return CA_STATUS_FAILED;
1501 SslEndPoint_t* tep = GetSslPeerUsingUuid(identity, idLength);
1504 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
1505 oc_mutex_unlock(g_sslContextMutex);
1506 return CA_STATUS_FAILED;
1509 /* No error checking, the connection might be closed already */
1513 ret = mbedtls_ssl_close_notify(&tep->ssl);
1515 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
1517 RemovePeerFromList(&tep->sep.endpoint);
1518 oc_mutex_unlock(g_sslContextMutex);
1520 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1521 return CA_STATUS_OK;
1524 void CAcloseSslConnectionAll(CATransportAdapter_t transportType)
1526 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1527 oc_mutex_lock(g_sslContextMutex);
1528 if (NULL == g_caSslContext)
1530 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
1531 oc_mutex_unlock(g_sslContextMutex);
1535 uint32_t listLength = u_arraylist_length(g_caSslContext->peerList);
1536 OIC_LOG_V(INFO, NET_SSL_TAG,
1537 "Required transport [%d], peer count [%d]", transportType, listLength);
1538 for (uint32_t i = listLength; i > 0; i--)
1540 SslEndPoint_t *tep = (SslEndPoint_t *)u_arraylist_get(g_caSslContext->peerList, i - 1);
1545 OIC_LOG_V(INFO, NET_SSL_TAG, "SSL Connection [%s:%d], Transport [%d]",
1546 tep->sep.endpoint.addr, tep->sep.endpoint.port, tep->sep.endpoint.adapter);
1548 // check transport matching
1549 if (0 == (tep->sep.endpoint.adapter & transportType))
1551 OIC_LOG(DEBUG, NET_SSL_TAG, "Skip the un-matched transport session");
1555 // TODO: need to check below code after socket close is ensured.
1559 ret = mbedtls_ssl_close_notify(&tep->ssl);
1561 while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);*/
1564 u_arraylist_remove(g_caSslContext->peerList, i - 1);
1565 DeleteSslEndPoint(tep);
1567 oc_mutex_unlock(g_sslContextMutex);
1569 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1573 * Creates session for endpoint.
1575 * @param[in] endpoint remote address
1576 * @param[in] config mbedTLS configuration info
1578 * @return TLS endpoint or NULL
1580 static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl_config * config)
1582 SslEndPoint_t * tep = NULL;
1583 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1584 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint", NULL);
1585 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "config", NULL);
1586 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1588 tep = (SslEndPoint_t *) OICCalloc(1, sizeof (SslEndPoint_t));
1591 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1595 tep->sep.endpoint = *endpoint;
1596 tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
1598 if(0 != mbedtls_ssl_setup(&tep->ssl, config))
1600 OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
1602 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1606 mbedtls_ssl_set_bio(&tep->ssl, tep, SendCallBack, RecvCallBack, NULL);
1607 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == config->transport)
1609 mbedtls_ssl_set_timer_cb(&tep->ssl, &tep->timer,
1610 mbedtls_timing_set_delay, mbedtls_timing_get_delay);
1611 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1613 if (0 != mbedtls_ssl_set_client_transport_id(&tep->ssl,
1614 (const unsigned char *) endpoint->addr, sizeof(endpoint->addr)))
1616 OIC_LOG(ERROR, NET_SSL_TAG, "Transport id setup failed!");
1617 mbedtls_ssl_free(&tep->ssl);
1619 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1624 tep->cacheList = u_arraylist_create();
1625 if (NULL == tep->cacheList)
1627 OIC_LOG(ERROR, NET_SSL_TAG, "cacheList initialization failed!");
1628 mbedtls_ssl_free(&tep->ssl);
1630 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1633 OIC_LOG_V(INFO, NET_SSL_TAG, "New [%s role] endpoint added [%s:%d]",
1634 (MBEDTLS_SSL_IS_SERVER==config->endpoint ? "server" : "client"),
1635 endpoint->addr, endpoint->port);
1636 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1640 * Initializes PSK identity.
1642 * @param[out] config client/server config to be updated
1644 * @return 0 on success or -1 on error
1646 static int InitPskIdentity(mbedtls_ssl_config * config)
1648 uint8_t keyBuf[PSK_LENGTH] = {0};
1649 uint8_t idBuf[UUID_LENGTH] = {0};
1650 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1651 VERIFY_NON_NULL_RET(config, NET_SSL_TAG, "Param config is NULL" , -1);
1653 //Retrieve PSK identity from SVR DB
1654 if (0 > g_getCredentialsCallback(CA_DTLS_PSK_IDENTITY, NULL, 0, idBuf, UUID_LENGTH))
1656 OIC_LOG(ERROR, NET_SSL_TAG, "Identity not found");
1657 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1660 //Store PSK ideneity in mbedtls_ssl_config
1661 if (0 != mbedtls_ssl_conf_psk(config, keyBuf, PSK_LENGTH, idBuf, UUID_LENGTH))
1663 OIC_LOG(ERROR, NET_SSL_TAG, "Identity initialization failed!");
1664 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1667 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1670 static void SetupCipher(mbedtls_ssl_config * config, CATransportAdapter_t adapter)
1673 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1674 VERIFY_NON_NULL_VOID(config, NET_SSL_TAG, "Invaild param");
1675 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL");
1676 VERIFY_NON_NULL_VOID(g_getCredentialTypesCallback, NET_SSL_TAG, "Param callback is null");
1678 //Resetting cipherFlag
1679 g_caSslContext->cipherFlag[0] = false;
1680 g_caSslContext->cipherFlag[1] = false;
1682 g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
1683 // Retrieve the PSK credential from SRM
1684 if (0 != InitPskIdentity(config))
1686 OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
1689 // Retrieve the Cert credential from SRM
1690 if (true == g_caSslContext->cipherFlag[1])
1692 int ret = InitPKIX(adapter);
1695 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to init X.509");
1699 memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
1701 if (SSL_CIPHER_MAX < g_caSslContext->cipher)
1703 OIC_LOG(ERROR, NET_SSL_TAG, "Maximum ciphersuite index exceeded");
1706 // Add the preferred ciphersuite first
1707 if (SSL_CIPHER_MAX != g_caSslContext->cipher)
1709 g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
1710 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Preferred ciphersuite added");
1714 // Add PSK ciphersuite
1715 if (true == g_caSslContext->cipherFlag[0] &&
1716 SSL_CIPHER_MAX != g_caSslContext->cipher &&
1717 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[g_caSslContext->cipher][0])
1719 g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
1720 OIC_LOG(DEBUG, NET_SSL_TAG, "PSK ciphersuite added");
1724 // Add all certificate ciphersuites
1725 if (true == g_caSslContext->cipherFlag[1])
1727 for (unsigned int i = 0; i < SSL_CIPHER_MAX - 1; i++)
1729 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != tlsCipher[i][0] &&
1730 i != g_caSslContext->cipher)
1732 g_cipherSuitesList[index] = tlsCipher[i][0];
1737 if (MBEDTLS_SSL_IS_SERVER == config->endpoint)
1739 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_OPTIONAL);
1743 OIC_LOG(INFO, NET_SSL_TAG, "Supported ciphersuites:");
1744 for (int i = 0; i < index; i++)
1746 OIC_LOG_V(INFO, NET_SSL_TAG, "Ciphersuite %04x", g_cipherSuitesList[i]);
1749 mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
1751 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1754 * Initiate TLS handshake with endpoint.
1756 * @param[in] endpoint remote address
1758 * @return TLS endpoint or NULL
1760 static SslEndPoint_t * InitiateTlsHandshake(const CAEndpoint_t *endpoint)
1763 SslEndPoint_t * tep = NULL;
1765 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
1766 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , NULL);
1767 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", NULL);
1769 //Remove previous peer info from peer list.
1770 RemovePeerFromList(endpoint);
1772 mbedtls_ssl_config * config = (endpoint->adapter == CA_ADAPTER_IP ||
1773 endpoint->adapter == CA_ADAPTER_GATT_BTLE ?
1774 &g_caSslContext->clientDtlsConf : &g_caSslContext->clientTlsConf);
1775 tep = NewSslEndPoint(endpoint, config);
1778 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
1782 //Load allowed SVR suites from SVR DB
1783 SetupCipher(config, endpoint->adapter);
1785 ret = u_arraylist_add(g_caSslContext->peerList, (void *) tep);
1788 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
1789 DeleteSslEndPoint(tep);
1793 while (MBEDTLS_SSL_HANDSHAKE_OVER > tep->ssl.state)
1795 ret = mbedtls_ssl_handshake_step(&tep->ssl);
1796 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
1802 OIC_LOG(ERROR, NET_SSL_TAG, "Handshake failed due to socket error");
1803 RemovePeerFromList(&tep->sep.endpoint);
1806 SSL_CHECK_FAIL(tep, ret, "Handshake error", 0, NULL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1808 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
1811 #ifdef __WITH_DTLS__
1813 * Stops DTLS retransmission.
1815 static void StopRetransmit()
1819 unregisterTimer(g_caSslContext->timerId);
1820 g_caSslContext->timerId= -1;
1824 void CAdeinitSslAdapter()
1826 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1828 VERIFY_NON_NULL_VOID(g_caSslContext, NET_SSL_TAG, "context is NULL");
1829 VERIFY_NON_NULL_VOID(g_sslContextMutex, NET_SSL_TAG, "context mutex is NULL");
1831 //Lock tlsContext mutex
1832 oc_mutex_lock(g_sslContextMutex);
1837 // De-initialize mbedTLS
1838 mbedtls_x509_crt_free(&g_caSslContext->ca);
1839 mbedtls_x509_crt_free(&g_caSslContext->crt);
1840 mbedtls_pk_free(&g_caSslContext->pkey);
1841 mbedtls_x509_crl_free(&g_caSslContext->crl);
1843 mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf);
1844 mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf);
1845 #endif // __WITH_TLS__
1846 #ifdef __WITH_DTLS__
1847 mbedtls_ssl_config_free(&g_caSslContext->clientDtlsConf);
1848 mbedtls_ssl_config_free(&g_caSslContext->serverDtlsConf);
1849 mbedtls_ssl_cookie_free(&g_caSslContext->cookieCtx);
1850 #endif // __WITH_DTLS__
1851 mbedtls_ctr_drbg_free(&g_caSslContext->rnd);
1852 mbedtls_entropy_free(&g_caSslContext->entropy);
1853 #ifdef __WITH_DTLS__
1856 // De-initialize tls Context
1857 OICFree(g_caSslContext);
1858 g_caSslContext = NULL;
1860 // Delete decrypt buffer
1861 if (g_decryptBuffer)
1863 OICFree(g_decryptBuffer);
1864 g_decryptBuffer = NULL;
1867 // Unlock tlsContext mutex and de-initialize it
1868 oc_mutex_unlock(g_sslContextMutex);
1869 oc_mutex_free(g_sslContextMutex);
1870 g_sslContextMutex = NULL;
1872 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s ", __func__);
1875 static int InitConfig(mbedtls_ssl_config * conf, int transport, int mode)
1877 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1878 VERIFY_NON_NULL_RET(conf, NET_SSL_TAG, "Param conf is NULL" , -1);
1879 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL Context is NULL", -1);
1880 mbedtls_ssl_config_init(conf);
1881 if (mbedtls_ssl_config_defaults(conf, mode, transport, MBEDTLS_SSL_PRESET_DEFAULT) != 0)
1883 OIC_LOG(ERROR, NET_SSL_TAG, "Config initialization failed!");
1887 mbedtls_ssl_conf_psk_cb(conf, GetPskCredentialsCallback, NULL);
1888 mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &g_caSslContext->rnd);
1889 mbedtls_ssl_conf_curves(conf, curve[ADAPTER_CURVE_SECP256R1]);
1890 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
1891 mbedtls_ssl_conf_renegotiation(conf, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
1892 mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_REQUIRED);
1893 mbedtls_ssl_conf_sig_hashes(conf, g_ssl_ordered_default_hashes);
1895 #ifdef __WITH_DTLS__
1896 if (MBEDTLS_SSL_TRANSPORT_DATAGRAM == transport &&
1897 MBEDTLS_SSL_IS_SERVER == mode)
1899 mbedtls_ssl_conf_dtls_cookies(conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
1900 &g_caSslContext->cookieCtx);
1902 #endif // __WITH_DTLS__
1904 #if !defined(NDEBUG) || defined(TB_LOG)
1905 mbedtls_ssl_conf_dbg(conf, DebugSsl, NULL);
1906 mbedtls_debug_set_threshold(MBED_TLS_DEBUG_LEVEL);
1908 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
1911 #ifdef __WITH_DTLS__
1913 * Starts DTLS retransmission.
1915 static int StartRetransmit()
1917 uint32_t listIndex = 0;
1918 uint32_t listLength = 0;
1919 SslEndPoint_t *tep = NULL;
1921 oc_mutex_lock(g_sslContextMutex);
1922 if (NULL == g_caSslContext)
1924 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL. Stop retransmission");
1925 oc_mutex_unlock(g_sslContextMutex);
1928 if (g_caSslContext->timerId != -1)
1930 //clear previous timer
1931 unregisterTimer(g_caSslContext->timerId);
1933 listLength = u_arraylist_length(g_caSslContext->peerList);
1935 for (listIndex = 0; listIndex < listLength; listIndex++)
1937 tep = (SslEndPoint_t *) u_arraylist_get(g_caSslContext->peerList, listIndex);
1939 || (tep->ssl.conf && MBEDTLS_SSL_TRANSPORT_STREAM == tep->ssl.conf->transport)
1940 || MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
1944 OIC_LOG_V(INFO, NET_SSL_TAG, "peer #%d", (int) listIndex);
1946 int ret = mbedtls_ssl_handshake_step(&tep->ssl);
1948 if (MBEDTLS_ERR_SSL_CONN_EOF != ret)
1951 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1953 SSL_CHECK_FAIL(tep, ret, "Retransmission", 1, CA_STATUS_FAILED,
1954 MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
1959 registerTimer(RETRANSMISSION_TIME, &g_caSslContext->timerId, (void *) StartRetransmit);
1960 oc_mutex_unlock(g_sslContextMutex);
1966 CAResult_t CAinitSslAdapter()
1968 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
1969 // Initialize mutex for tlsContext
1970 if (NULL == g_sslContextMutex)
1972 g_sslContextMutex = oc_mutex_new();
1973 VERIFY_NON_NULL_RET(g_sslContextMutex, NET_SSL_TAG, "malloc failed", CA_MEMORY_ALLOC_FAILED);
1977 OIC_LOG(INFO, NET_SSL_TAG, "Done already!");
1978 return CA_STATUS_OK;
1981 // Lock tlsContext mutex and create tlsContext
1982 oc_mutex_lock(g_sslContextMutex);
1983 g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t));
1985 if (NULL == g_caSslContext)
1987 OIC_LOG(ERROR, NET_SSL_TAG, "Context malloc failed");
1988 oc_mutex_unlock(g_sslContextMutex);
1989 oc_mutex_free(g_sslContextMutex);
1990 g_sslContextMutex = NULL;
1991 return CA_MEMORY_ALLOC_FAILED;
1995 g_caSslContext->peerList = u_arraylist_create();
1997 if(NULL == g_caSslContext->peerList)
1999 OIC_LOG(ERROR, NET_SSL_TAG, "peerList initialization failed!");
2000 OICFree(g_caSslContext);
2001 g_caSslContext = NULL;
2002 oc_mutex_unlock(g_sslContextMutex);
2003 oc_mutex_free(g_sslContextMutex);
2004 g_sslContextMutex = NULL;
2005 return CA_STATUS_FAILED;
2008 /* Initialize TLS library
2010 #if !defined(NDEBUG) || defined(TB_LOG)
2011 char version[MBED_TLS_VERSION_LEN];
2012 mbedtls_version_get_string(version);
2013 OIC_LOG_V(INFO, NET_SSL_TAG, "mbed TLS version: %s", version);
2018 mbedtls_entropy_init(&g_caSslContext->entropy);
2019 mbedtls_ctr_drbg_init(&g_caSslContext->rnd);
2022 unsigned char seed[sizeof(SEED)] = {0};
2024 urandomFd = open("/dev/urandom", O_RDONLY);
2027 OIC_LOG(ERROR, NET_SSL_TAG, "Fails open /dev/urandom!");
2028 oc_mutex_unlock(g_sslContextMutex);
2029 CAdeinitSslAdapter();
2030 return CA_STATUS_FAILED;
2032 if(0 > read(urandomFd, seed, sizeof(seed)))
2034 OIC_LOG(ERROR, NET_SSL_TAG, "Fails read from /dev/urandom!");
2036 oc_mutex_unlock(g_sslContextMutex);
2037 CAdeinitSslAdapter();
2038 return CA_STATUS_FAILED;
2043 unsigned char * seed = (unsigned char*) SEED;
2045 if(0 != mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func,
2046 &g_caSslContext->entropy, seed, sizeof(SEED)))
2048 OIC_LOG(ERROR, NET_SSL_TAG, "Seed initialization failed!");
2049 oc_mutex_unlock(g_sslContextMutex);
2050 CAdeinitSslAdapter();
2051 return CA_STATUS_FAILED;
2053 mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF);
2056 if (0 != InitConfig(&g_caSslContext->clientTlsConf,
2057 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_CLIENT))
2059 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2060 oc_mutex_unlock(g_sslContextMutex);
2061 CAdeinitSslAdapter();
2062 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2063 return CA_STATUS_FAILED;
2066 if (0 != InitConfig(&g_caSslContext->serverTlsConf,
2067 MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_IS_SERVER))
2069 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2070 oc_mutex_unlock(g_sslContextMutex);
2071 CAdeinitSslAdapter();
2072 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2073 return CA_STATUS_FAILED;
2075 #endif // __WITH_TLS__
2076 #ifdef __WITH_DTLS__
2077 mbedtls_ssl_cookie_init(&g_caSslContext->cookieCtx);
2078 if (0 != mbedtls_ssl_cookie_setup(&g_caSslContext->cookieCtx, mbedtls_ctr_drbg_random,
2079 &g_caSslContext->rnd))
2081 OIC_LOG(ERROR, NET_SSL_TAG, "Cookie setup failed!");
2082 oc_mutex_unlock(g_sslContextMutex);
2083 CAdeinitSslAdapter();
2084 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2085 return CA_STATUS_FAILED;
2088 if (0 != InitConfig(&g_caSslContext->clientDtlsConf,
2089 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_CLIENT))
2091 OIC_LOG(ERROR, NET_SSL_TAG, "Client config initialization failed!");
2092 oc_mutex_unlock(g_sslContextMutex);
2093 CAdeinitSslAdapter();
2094 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2095 return CA_STATUS_FAILED;
2098 if (0 != InitConfig(&g_caSslContext->serverDtlsConf,
2099 MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_IS_SERVER))
2101 OIC_LOG(ERROR, NET_SSL_TAG, "Server config initialization failed!");
2102 oc_mutex_unlock(g_sslContextMutex);
2103 CAdeinitSslAdapter();
2104 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2105 return CA_STATUS_FAILED;
2107 #endif // __WITH_DTLS__
2109 // set default cipher
2110 g_caSslContext->cipher = SSL_CIPHER_MAX;
2113 mbedtls_x509_crt_init(&g_caSslContext->ca);
2114 mbedtls_x509_crt_init(&g_caSslContext->crt);
2115 mbedtls_pk_init(&g_caSslContext->pkey);
2116 mbedtls_x509_crl_init(&g_caSslContext->crl);
2118 #ifdef __WITH_DTLS__
2119 g_caSslContext->timerId = -1;
2122 // create decrypt buffer
2123 g_decryptBuffer = (uint8_t *)OICCalloc(1, TLS_MSG_BUF_LEN);
2124 if (NULL == g_decryptBuffer)
2126 OIC_LOG(ERROR, NET_SSL_TAG, "Decrypt buffer malloc failed");
2127 oc_mutex_unlock(g_sslContextMutex);
2128 CAdeinitSslAdapter();
2129 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2130 return CA_MEMORY_ALLOC_FAILED;
2133 oc_mutex_unlock(g_sslContextMutex);
2134 #ifdef __WITH_DTLS__
2138 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2139 return CA_STATUS_OK;
2142 SslCacheMessage_t * NewCacheMessage(uint8_t * data, size_t dataLen)
2144 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2145 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , NULL);
2148 OIC_LOG(ERROR, NET_SSL_TAG, "dataLen is equal to zero");
2149 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2152 SslCacheMessage_t * message = (SslCacheMessage_t *) OICCalloc(1, sizeof(SslCacheMessage_t));
2153 if (NULL == message)
2155 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2156 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2160 message->data = (uint8_t *)OICCalloc(dataLen, sizeof(uint8_t));
2161 if (NULL == message->data)
2163 OIC_LOG(ERROR, NET_SSL_TAG, "calloc failed!");
2165 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2168 memcpy(message->data, data, dataLen);
2169 message->len = dataLen;
2170 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2174 /* Send data via TLS connection.
2176 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
2177 void *data, uint32_t dataLen)
2181 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s ", __func__);
2183 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG,"Remote address is NULL", CA_STATUS_INVALID_PARAM);
2184 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Data is NULL", CA_STATUS_INVALID_PARAM);
2185 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Port %d", endpoint->port);
2189 OIC_LOG_V(ERROR, NET_SSL_TAG, "dataLen is zero [%d]", dataLen);
2190 return CA_STATUS_FAILED;
2193 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Data to be encrypted dataLen [%d]", dataLen);
2195 oc_mutex_lock(g_sslContextMutex);
2196 if(NULL == g_caSslContext)
2198 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2199 oc_mutex_unlock(g_sslContextMutex);
2200 return CA_STATUS_FAILED;
2203 SslEndPoint_t * tep = GetSslPeer(endpoint);
2206 tep = InitiateTlsHandshake(endpoint);
2210 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2211 oc_mutex_unlock(g_sslContextMutex);
2212 return CA_STATUS_FAILED;
2215 if (MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)
2217 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == tep->ssl.state)");
2219 unsigned char *dataBuf = (unsigned char *)data;
2224 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, dataLen - written);
2227 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2229 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned 0x%x", -ret);
2230 RemovePeerFromList(&tep->sep.endpoint);
2231 oc_mutex_unlock(g_sslContextMutex);
2232 return CA_STATUS_FAILED;
2236 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2240 } while (dataLen > written);
2245 SslCacheMessage_t * msg = NewCacheMessage((uint8_t*) data, dataLen);
2246 if (NULL == msg || !u_arraylist_add(tep->cacheList, (void *) msg))
2248 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2249 oc_mutex_unlock(g_sslContextMutex);
2250 return CA_STATUS_FAILED;
2254 oc_mutex_unlock(g_sslContextMutex);
2256 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2257 return CA_STATUS_OK;
2260 * Sends cached messages via TLS connection.
2262 * @param[in] tep remote address with session info
2264 static void SendCacheMessages(SslEndPoint_t * tep)
2266 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2267 VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
2269 uint32_t listIndex = 0;
2270 uint32_t listLength = 0;
2271 listLength = u_arraylist_length(tep->cacheList);
2272 for (listIndex = 0; listIndex < listLength;)
2275 SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
2276 if (NULL != msg && NULL != msg->data && 0 != msg->len)
2278 unsigned char *dataBuf = (unsigned char *)msg->data;
2283 ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
2286 if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
2288 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
2293 OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
2297 } while (msg->len > written);
2299 if (u_arraylist_remove(tep->cacheList, listIndex))
2301 DeleteCacheMessage(msg);
2302 // Reduce list length by 1 as we removed one element.
2307 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_remove failed.");
2313 // Move to the next element
2317 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2320 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
2322 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2323 g_sslCallback = tlsHandshakeCallback;
2324 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2327 /* Read data from TLS connection
2329 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen)
2332 OIC_LOG_V(INFO, NET_SSL_TAG, "In %s", __func__);
2333 VERIFY_NON_NULL_RET(sep, NET_SSL_TAG, "endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2334 VERIFY_NON_NULL_RET(data, NET_SSL_TAG, "Param data is NULL" , CA_STATUS_INVALID_PARAM);
2336 oc_mutex_lock(g_sslContextMutex);
2337 if (NULL == g_caSslContext)
2339 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2340 oc_mutex_unlock(g_sslContextMutex);
2341 return CA_STATUS_FAILED;
2345 SslEndPoint_t * peer = GetSslPeer(&sep->endpoint);
2348 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2349 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2350 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2351 peer = NewSslEndPoint(&sep->endpoint, config);
2354 OIC_LOG(ERROR, NET_SSL_TAG, "Malloc failed!");
2355 oc_mutex_unlock(g_sslContextMutex);
2356 return CA_STATUS_FAILED;
2358 //Load allowed TLS suites from SVR DB
2359 SetupCipher(config, sep->endpoint.adapter);
2361 ret = u_arraylist_add(g_caSslContext->peerList, (void *) peer);
2364 OIC_LOG(ERROR, NET_SSL_TAG, "u_arraylist_add failed!");
2366 oc_mutex_unlock(g_sslContextMutex);
2367 return CA_STATUS_FAILED;
2371 peer->recBuf.buff = data;
2372 peer->recBuf.len = dataLen;
2373 peer->recBuf.loaded = 0;
2375 while (MBEDTLS_SSL_HANDSHAKE_OVER != peer->ssl.state)
2377 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2378 if (MBEDTLS_ERR_SSL_CONN_EOF == ret)
2383 if (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED == ret)
2385 OIC_LOG(DEBUG, NET_SSL_TAG, "Hello verification requested");
2386 mbedtls_ssl_session_reset(&peer->ssl);
2387 mbedtls_ssl_set_client_transport_id(&peer->ssl,
2388 (const unsigned char *) sep->endpoint.addr,
2389 sizeof(sep->endpoint.addr));
2390 ret = mbedtls_ssl_handshake_step(&peer->ssl);
2392 uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
2394 ((MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint) ||
2395 (MBEDTLS_SSL_IS_SERVER == peer->ssl.conf->endpoint && MBEDTLS_X509_BADCERT_MISSING != flags)))
2397 OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
2398 SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
2399 CA_STATUS_FAILED, GetAlertCode(flags));
2401 SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
2402 if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)
2404 memcpy(peer->master, peer->ssl.session_negotiate->master, sizeof(peer->master));
2405 g_caSslContext->selectedCipher = peer->ssl.session_negotiate->ciphersuite;
2407 if (MBEDTLS_SSL_CLIENT_KEY_EXCHANGE == peer->ssl.state)
2409 memcpy(peer->random, peer->ssl.handshake->randbytes, sizeof(peer->random));
2412 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2414 SSL_RES(peer, CA_STATUS_OK);
2415 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2417 SendCacheMessages(peer);
2420 int selectedCipher = peer->ssl.session->ciphersuite;
2421 OIC_LOG_V(DEBUG, NET_SSL_TAG, "(D)TLS Session is connected via ciphersuite [0x%x]", selectedCipher);
2422 if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != selectedCipher &&
2423 MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != selectedCipher)
2425 char uuid[UUID_LENGTH * 2 + 5] = {0};
2426 void * uuidPos = NULL;
2427 void * userIdPos = NULL;
2428 const mbedtls_x509_crt * peerCert = mbedtls_ssl_get_peer_cert(&peer->ssl);
2429 ret = (NULL == peerCert ? -1 : 0);
2430 //SSL_CHECK_FAIL(peer, ret, "Failed to retrieve cert", 1,
2431 // CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_NO_CERT);
2434 uuidPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
2435 UUID_PREFIX, sizeof(UUID_PREFIX) - 1);
2437 if (NULL != uuidPos)
2439 memcpy(uuid, (char*) uuidPos + sizeof(UUID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
2440 OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s" , uuid);
2441 ret = OCConvertStringToUuid(uuid, peer->sep.identity.id);
2442 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject", 1,
2443 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2447 OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
2450 userIdPos = memmem(peerCert->subject_raw.p, peerCert->subject_raw.len,
2451 USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
2452 if (NULL != userIdPos)
2454 memcpy(uuid, (char*) userIdPos + sizeof(USERID_PREFIX) - 1, UUID_LENGTH * 2 + 4);
2455 ret = OCConvertStringToUuid(uuid, peer->sep.userId.id);
2456 SSL_CHECK_FAIL(peer, ret, "Failed to convert subject alt name", 1,
2457 CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
2461 OIC_LOG(WARNING, NET_SSL_TAG, "Subject alternative name not found");
2466 if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
2468 SendCacheMessages(peer);
2470 mbedtls_ssl_config * config = (sep->endpoint.adapter == CA_ADAPTER_IP ||
2471 sep->endpoint.adapter == CA_ADAPTER_GATT_BTLE ?
2472 &g_caSslContext->serverDtlsConf : &g_caSslContext->serverTlsConf);
2474 mbedtls_ssl_conf_authmode(config, MBEDTLS_SSL_VERIFY_REQUIRED);
2476 oc_mutex_unlock(g_sslContextMutex);
2477 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2478 return CA_STATUS_OK;
2482 if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
2484 OIC_LOG(INFO, NET_SSL_TAG, "(MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)");
2486 // flag to read again remained data
2487 bool read_more = false;
2490 if (NULL == g_decryptBuffer)
2492 OIC_LOG(ERROR, NET_SSL_TAG, "decrypt buffer is NULL");
2493 oc_mutex_unlock(g_sslContextMutex);
2494 return CA_STATUS_FAILED;
2496 memset(g_decryptBuffer, 0, TLS_MSG_BUF_LEN);
2501 ret = mbedtls_ssl_read(&peer->ssl, g_decryptBuffer, TLS_MSG_BUF_LEN);
2502 } while (MBEDTLS_ERR_SSL_WANT_READ == ret);
2504 if (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY == ret ||
2505 // TinyDTLS sends fatal close_notify alert
2506 (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE == ret &&
2507 MBEDTLS_SSL_ALERT_LEVEL_FATAL == peer->ssl.in_msg[0] &&
2508 MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
2510 OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
2511 RemovePeerFromList(&peer->sep.endpoint);
2512 oc_mutex_unlock(g_sslContextMutex);
2513 return CA_STATUS_OK;
2518 OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
2519 //SSL_RES(peer, CA_STATUS_FAILED);
2520 RemovePeerFromList(&peer->sep.endpoint);
2521 oc_mutex_unlock(g_sslContextMutex);
2522 return CA_STATUS_FAILED;
2526 int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
2527 if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
2530 res = g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep,
2531 g_decryptBuffer, ret);
2532 if (CA_STATUS_OK != res)
2534 OIC_LOG(ERROR, NET_SSL_TAG, "recvCallback is failed");
2535 RemovePeerFromList(&peer->sep.endpoint);
2536 oc_mutex_unlock(g_sslContextMutex);
2537 return CA_STATUS_FAILED;
2540 // check if decrypted data is remained in stream transport
2541 size_t remained = mbedtls_ssl_get_bytes_avail(&peer->ssl);
2543 MBEDTLS_SSL_TRANSPORT_STREAM == peer->ssl.conf->transport)
2545 OIC_LOG_V(DEBUG, NET_SSL_TAG, "need to read %zu bytes more", remained);
2551 OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
2552 RemovePeerFromList(&peer->sep.endpoint);
2553 oc_mutex_unlock(g_sslContextMutex);
2554 return CA_STATUS_FAILED;
2557 } while (read_more);
2560 oc_mutex_unlock(g_sslContextMutex);
2561 OIC_LOG_V(INFO, NET_SSL_TAG, "Out %s", __func__);
2562 return CA_STATUS_OK;
2565 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
2566 CAPacketSendCallback sendCallback,
2567 CATransportAdapter_t type)
2569 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2570 VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
2571 VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
2572 oc_mutex_lock(g_sslContextMutex);
2573 if (NULL == g_caSslContext)
2575 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2576 oc_mutex_unlock(g_sslContextMutex);
2583 g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
2584 g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
2586 case CA_ADAPTER_TCP:
2587 g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
2588 g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
2590 case CA_ADAPTER_GATT_BTLE:
2591 g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
2592 g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
2595 OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
2598 oc_mutex_unlock(g_sslContextMutex);
2599 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2602 * Gets index of the TLS ciphersuite in the SslCipher_t enum.
2604 * @param[in] cipher TLS chiphersuite code
2606 * @return corresponding enum
2609 static SslCipher_t GetCipherIndex(const uint32_t cipher)
2613 case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
2615 return SSL_RSA_WITH_AES_256_CBC_SHA256;
2617 case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
2619 return SSL_RSA_WITH_AES_128_GCM_SHA256;
2621 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
2623 return SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
2625 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
2627 return SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
2629 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
2631 return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
2633 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
2635 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
2637 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
2639 return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
2641 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
2643 return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
2645 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
2647 return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
2649 case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
2651 return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
2653 case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
2655 return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
2657 case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
2659 return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
2661 case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
2663 return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
2667 return SSL_CIPHER_MAX;
2672 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
2674 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2675 VERIFY_NON_NULL_RET(g_caSslContext, NET_SSL_TAG, "SSL context is not initialized." , CA_STATUS_NOT_INITIALIZED);
2677 SslCipher_t index = GetCipherIndex(cipher);
2678 if (SSL_CIPHER_MAX == index)
2680 OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
2685 CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
2686 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2688 #ifdef __WITH_DTLS__
2689 CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
2690 mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
2692 OIC_LOG_V(INFO, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
2694 g_caSslContext->cipher = index;
2696 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2697 return CA_STATUS_OK;
2700 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint)
2702 CAResult_t res = CA_STATUS_OK;
2703 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2704 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "Param endpoint is NULL" , CA_STATUS_INVALID_PARAM);
2705 oc_mutex_lock(g_sslContextMutex);
2706 if (NULL == InitiateTlsHandshake(endpoint))
2708 OIC_LOG(ERROR, NET_SSL_TAG, "TLS handshake failed");
2709 res = CA_STATUS_FAILED;
2711 oc_mutex_unlock(g_sslContextMutex);
2712 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2716 * Expands the secret into blocks of data according
2717 * to the algorithm specified in section 5 of RFC 4346
2719 * This function writes upto @p bufLen bytes into the given output buffer @p buf
2721 * @param key secret key.
2722 * @param keyLen secret key length.
2723 * @param label A PRF label.
2724 * @param labelLen Actual length of @p label.
2725 * @param random1 Random seed.
2726 * @param random1Len Actual length of @p random1 (may be zero).
2727 * @param random2 Random seed.
2728 * @param random2Len Actual length of @p random2 (may be zero).
2729 * @param buf Output buffer for generated random data.
2730 * @param bufLen Maximum size of @p buf.
2732 * @return The actual number of bytes written to @p buf or @c -1 on error.
2735 static int pHash (const unsigned char *key, size_t keyLen,
2736 const unsigned char *label, size_t labelLen,
2737 const unsigned char *random1, size_t random1Len,
2738 const unsigned char *random2, size_t random2Len,
2739 unsigned char *buf, size_t bufLen)
2741 unsigned char A[RANDOM_LEN] = {0};
2742 unsigned char tmp[RANDOM_LEN] = {0};
2743 size_t dLen; /* digest length */
2744 size_t len = 0; /* result length */
2746 VERIFY_NON_NULL_RET(key, NET_SSL_TAG, "key is NULL", -1);
2747 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", -1);
2748 VERIFY_NON_NULL_RET(random1, NET_SSL_TAG, "random1 is NULL", -1);
2749 VERIFY_NON_NULL_RET(random2, NET_SSL_TAG, "random2 is NULL", -1);
2750 VERIFY_NON_NULL_RET(buf, NET_SSL_TAG, "buf is NULL", -1);
2752 mbedtls_md_context_t hmacA;
2753 mbedtls_md_context_t hmacP;
2755 mbedtls_md_init(&hmacA);
2756 mbedtls_md_init(&hmacP);
2758 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacA, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2759 CHECK_MBEDTLS_RET(mbedtls_md_setup, &hmacP, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1);
2761 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen );
2762 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, label, labelLen);
2763 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random1, random1Len);
2764 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, random2, random2Len);
2765 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2769 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2771 while (len + dLen < bufLen)
2773 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2774 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2775 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2776 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2777 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2778 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2780 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2784 memcpy(buf, tmp, dLen);
2787 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacA);
2788 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacA, key, keyLen);
2789 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacA, A, dLen);
2790 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacA, A);
2793 CHECK_MBEDTLS_RET(mbedtls_md_hmac_reset, &hmacP);
2794 CHECK_MBEDTLS_RET(mbedtls_md_hmac_starts, &hmacP, key, keyLen);
2795 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, A, dLen);
2797 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, label, labelLen);
2798 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random1, random1Len);
2799 CHECK_MBEDTLS_RET(mbedtls_md_hmac_update, &hmacP, random2, random2Len);
2800 CHECK_MBEDTLS_RET(mbedtls_md_hmac_finish, &hmacP, tmp);
2802 memcpy(buf, tmp, bufLen - len);
2804 mbedtls_md_free(&hmacA);
2805 mbedtls_md_free(&hmacP);
2809 mbedtls_md_free(&hmacA);
2810 mbedtls_md_free(&hmacP);
2814 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
2815 const uint8_t* label, const size_t labelLen,
2816 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
2817 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
2818 uint8_t* ownerPsk, const size_t ownerPskSize)
2820 OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
2821 VERIFY_NON_NULL_RET(endpoint, NET_SSL_TAG, "endpoint is NULL", CA_STATUS_INVALID_PARAM);
2822 VERIFY_NON_NULL_RET(label, NET_SSL_TAG, "label is NULL", CA_STATUS_INVALID_PARAM);
2823 VERIFY_NON_NULL_RET(rsrcServerDeviceId, NET_SSL_TAG, "rsrcId is NULL", CA_STATUS_INVALID_PARAM);
2824 VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
2825 VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
2827 oc_mutex_lock(g_sslContextMutex);
2828 if (NULL == g_caSslContext)
2830 OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
2831 oc_mutex_unlock(g_sslContextMutex);
2832 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2833 return CA_STATUS_FAILED;
2835 SslEndPoint_t * tep = GetSslPeer(endpoint);
2838 OIC_LOG(ERROR, NET_SSL_TAG, "Session does not exist");
2839 oc_mutex_unlock(g_sslContextMutex);
2840 return CA_STATUS_FAILED;
2843 // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
2847 int keyBlockLen = 0;
2848 if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2849 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2850 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
2851 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
2853 // 2 * ( 32 + 0 + 16 ) = 96
2854 macKeyLen = SHA256_MAC_KEY_LENGTH;
2855 ivSize = CBC_IV_LENGTH;
2856 keySize = AES128_KEY_LENGTH;
2858 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
2859 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
2861 // 2 * ( 0 + 4 + 16 ) = 40
2862 macKeyLen = CCM_MAC_KEY_LENGTH;
2863 ivSize = CCM_IV_LENGTH;
2864 keySize = AES128_KEY_LENGTH;
2866 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2868 // 2 * ( 32 + 12 + 16 ) = 120
2869 macKeyLen = SHA256_MAC_KEY_LENGTH;
2870 ivSize = GCM_IV_LENGTH;
2871 keySize = AES128_KEY_LENGTH;
2873 else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
2875 // 2 * ( 32 + 0 + 32 ) = 128
2876 macKeyLen = SHA256_MAC_KEY_LENGTH;
2877 ivSize = CBC_IV_LENGTH;
2878 keySize = AES256_KEY_LENGTH;
2880 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
2882 // 2 * ( 48 + 0 + 32 ) = 160
2883 macKeyLen = SHA384_MAC_KEY_LENGTH;
2884 ivSize = CBC_IV_LENGTH;
2885 keySize = AES256_KEY_LENGTH;
2887 else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
2889 // 2 * ( 48 + 12 + 32 ) = 184
2890 macKeyLen = SHA384_MAC_KEY_LENGTH;
2891 ivSize = GCM_IV_LENGTH;
2892 keySize = AES256_KEY_LENGTH;
2894 else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
2896 // 2 * ( 48 + 12 + 32 ) = 184
2897 macKeyLen = SHA256_MAC_KEY_LENGTH;
2898 ivSize = GCM_IV_LENGTH;
2899 keySize = AES128_KEY_LENGTH;
2901 keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
2903 uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
2904 if (NULL == keyblock)
2906 OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
2907 oc_mutex_unlock(g_sslContextMutex);
2908 return CA_STATUS_FAILED;
2912 uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
2913 int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
2914 (tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
2915 keyblock, keyBlockLen);
2918 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2920 oc_mutex_unlock(g_sslContextMutex);
2921 return CA_STATUS_FAILED;
2924 ret = pHash(keyblock, keyBlockLen, label, labelLen,
2925 rsrcServerDeviceId, rsrcServerDeviceIdLen,
2926 provServerDeviceId, provServerDeviceIdLen,
2927 ownerPsk, ownerPskSize);
2930 OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
2932 oc_mutex_unlock(g_sslContextMutex);
2933 return CA_STATUS_FAILED;
2937 oc_mutex_unlock(g_sslContextMutex);
2939 OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
2940 return CA_STATUS_OK;