netxduo
Select one of the symbols to view example projects that use it.
 
Outline
...
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_tls.h"
...
...
_nx_secure_tls_send_finished(NX_SECURE_TLS_SESSION *, NX_PACKET *)
Files
loading...
CodeScopeSTM32 Libraries and Samplesnetxduonx_secure/src/nx_secure_tls_send_finished.c
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
/**************************************************************************/ /* */ /* Copyright (c) Microsoft Corporation. All rights reserved. */ /* */ /* This software is licensed under the Microsoft Software License */ /* Terms for Microsoft Azure RTOS. Full text of the license can be */ /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ /* and in the root directory of this software. */ /* */... /**************************************************************************/ ... /**************************************************************************/ /**************************************************************************/ /** */ /** NetX Secure Component */ /** */ /** Transport Layer Security (TLS) */ /** */... /**************************************************************************/ /**************************************************************************/ #define NX_SECURE_SOURCE_CODE #include "nx_secure_tls.h" ... /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_send_finished PORTABLE C */ /* 6.1 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function generates the Finished message to send to the remote */ /* host. The Finished message contains a hash of all handshake */ /* messages received up to this point which is used to verify that */ /* none of the messages have been corrupted. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* send_packet Packet used to send message */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* _nx_secure_tls_finished_hash_generate Generate Finished hash */ /* */ /* CALLED BY */ /* */ /* _nx_secure_dtls_client_handshake DTLS client state machine */ /* _nx_secure_dtls_server_handshake DTLS server state machine */ /* _nx_secure_tls_client_handshake TLS client state machine */ /* _nx_secure_tls_server_handshake TLS server state machine */ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* verified memcpy use cases, */ /* fixed renegotiation bug, */ /* resulting in version 6.1 */ /* */... /**************************************************************************/ UINT _nx_secure_tls_send_finished(NX_SECURE_TLS_SESSION *tls_session, NX_PACKET *send_packet) { UCHAR *finished_label; UINT hash_size = 0; UINT status; UINT is_server; is_server = (tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_SERVER); #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if(tls_session->nx_secure_tls_1_3) { /* Generate the TLS 1.3-specific finished data. */ status = _nx_secure_tls_1_3_finished_hash_generate(tls_session, is_server, &hash_size, send_packet -> nx_packet_append_ptr, ((ULONG)(send_packet -> nx_packet_data_end) - (ULONG)(send_packet -> nx_packet_append_ptr))); }if (tls_session->nx_secure_tls_1_3) { ... } else #endif /* (NX_SECURE_TLS_TLS_1_3_ENABLED) */ { /* Select our label for generating the finished hash expansion. */ if (is_server) { finished_label = (UCHAR *)"server finished"; }if (is_server) { ... } else { finished_label = (UCHAR *)"client finished"; }else { ... } if (NX_SECURE_TLS_FINISHED_HASH_SIZE > ((ULONG)(send_packet -> nx_packet_data_end) - (ULONG)(send_packet -> nx_packet_append_ptr))) { /* Packet buffer too small. */ return(NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL); }if (NX_SECURE_TLS_FINISHED_HASH_SIZE > ((ULONG)(send_packet -> nx_packet_data_end) - (ULONG)(send_packet -> nx_packet_append_ptr))) { ... } /* Finally, generate the verification data required by TLS - 12 bytes using the PRF and the data we have collected. Place the result directly into the packet buffer. *//* ... */ status = _nx_secure_tls_finished_hash_generate(tls_session, finished_label, send_packet -> nx_packet_append_ptr); #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION /* If we are doing secure renegotiation as per RFC 5746, we need to save off the generated verify data now. For TLS 1.0-1.2 this is 12 bytes. If SSLv3 is ever used, it will be 36 bytes. *//* ... */ NX_SECURE_MEMCPY(tls_session -> nx_secure_tls_local_verify_data, send_packet -> nx_packet_append_ptr, NX_SECURE_TLS_FINISHED_HASH_SIZE); /* Use case of memcpy is verified. *//* ... */ #endif /* The finished verify data is always 12 bytes for TLS 1.2 and earlier. */ hash_size = NX_SECURE_TLS_FINISHED_HASH_SIZE; }else { ... } /* Adjust the packet into which we just wrote the finished hash. */ send_packet -> nx_packet_append_ptr = send_packet -> nx_packet_append_ptr + hash_size; send_packet -> nx_packet_length = send_packet -> nx_packet_length + hash_size; if (status != NX_SUCCESS) { return(status); }if (status != NX_SUCCESS) { ... } /* Finished with the handshake - we can free certificates now. */ status = _nx_secure_tls_remote_certificate_free_all(tls_session); return(status); }{ ... }