1
10
13
14
20
21
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
99
100
104
108
109
110
111
112
113
119
124
125
126
127
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
155
156
157
158
159
160
161
166
167
168
169
170
175
176
177
178
179
180
181
182
183
188
189
190
191
192
197
198
199
200
201
202
203
204
205
210
211
212
213
214
219
220
221
222
223
224
225
226
227
228
229
239
240
241
242
243
244
245
246
247
248
249
250
251
261
262
263
264
265
266
267
268
269
270
271
272
276
277
278
279
280
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_tls.h"
...
...
#define NX_SECURE_SOURCE_CODE
UINT _nx_secure_tls_session_keys_set(NX_SECURE_TLS_SESSION *tls_session, USHORT key_set)
{
UINT status;
UCHAR *key_block;
UINT key_size;
UINT hash_size;
UINT iv_size;
UINT key_offset;
UINT is_client;
const NX_CRYPTO_METHOD *session_cipher_method = NX_NULL;
/* ... */
if (key_set == NX_SECURE_TLS_KEY_SET_LOCAL)
{
tls_session -> nx_secure_tls_local_session_active = 1;
}if (key_set == NX_SECURE_TLS_KEY_SET_LOCAL) { ... }
else
{
tls_session -> nx_secure_tls_remote_session_active = 1;
}else { ... }
key_block = tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data;
if ((key_set == NX_SECURE_TLS_KEY_SET_REMOTE && tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_CLIENT) ||
(key_set == NX_SECURE_TLS_KEY_SET_LOCAL && tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_SERVER))
{
is_client = NX_FALSE;
}if ((key_set == NX_SECURE_TLS_KEY_SET_REMOTE && tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_CLIENT) || (key_set == NX_SECURE_TLS_KEY_SET_LOCAL && tls_session -> nx_secure_tls_socket_type == NX_SECURE_TLS_SESSION_TYPE_SERVER)) { ... }
else
{
is_client = NX_TRUE;
}else { ... }
if (tls_session -> nx_secure_tls_session_ciphersuite == NX_NULL)
{
return(NX_SECURE_TLS_UNKNOWN_CIPHERSUITE);
}if (tls_session -> nx_secure_tls_session_ciphersuite == NX_NULL) { ... }
session_cipher_method = tls_session -> nx_secure_tls_session_ciphersuite -> nx_secure_tls_session_cipher;
key_size = session_cipher_method -> nx_crypto_key_size_in_bits >> 3;
hash_size = tls_session -> nx_secure_tls_session_ciphersuite -> nx_secure_tls_hash_size;
iv_size = session_cipher_method -> nx_crypto_IV_size_in_bits >> 3;
key_offset = 0;
if (((hash_size + key_size + iv_size) << 1) > sizeof(tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data))
{
return(NX_SECURE_TLS_CRYPTO_KEYS_TOO_LARGE);
}if (((hash_size + key_size + iv_size) << 1) > sizeof(tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data)) { ... }
if (hash_size > 0)
{
if (is_client)
{
NX_SECURE_MEMCPY(&tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data[key_offset],
&tls_session -> nx_secure_tls_key_material.nx_secure_tls_new_key_material_data[key_offset], hash_size);
}if (is_client) { ... }
tls_session -> nx_secure_tls_key_material.nx_secure_tls_client_write_mac_secret = &key_block[key_offset];
key_offset += hash_size;
if (!is_client)
{
NX_SECURE_MEMCPY(&tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data[key_offset],
&tls_session -> nx_secure_tls_key_material.nx_secure_tls_new_key_material_data[key_offset], hash_size);
}if (!is_client) { ... }
tls_session -> nx_secure_tls_key_material.nx_secure_tls_server_write_mac_secret = &key_block[key_offset];
key_offset += hash_size;
}if (hash_size > 0) { ... }
if (key_size > 0)
{
if (is_client)
{
NX_SECURE_MEMCPY(&tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data[key_offset],
&tls_session -> nx_secure_tls_key_material.nx_secure_tls_new_key_material_data[key_offset], key_size);
}if (is_client) { ... }
tls_session -> nx_secure_tls_key_material.nx_secure_tls_client_write_key = &key_block[key_offset];
key_offset += key_size;
if (!is_client)
{
NX_SECURE_MEMCPY(&tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data[key_offset],
&tls_session -> nx_secure_tls_key_material.nx_secure_tls_new_key_material_data[key_offset], key_size);
}if (!is_client) { ... }
tls_session -> nx_secure_tls_key_material.nx_secure_tls_server_write_key = &key_block[key_offset];
key_offset += key_size;
}if (key_size > 0) { ... }
if (iv_size > 0)
{
if (is_client)
{
NX_SECURE_MEMCPY(&tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data[key_offset],
&tls_session -> nx_secure_tls_key_material.nx_secure_tls_new_key_material_data[key_offset], iv_size);
}if (is_client) { ... }
tls_session -> nx_secure_tls_key_material.nx_secure_tls_client_iv = &key_block[key_offset];
key_offset += iv_size;
if (!is_client)
{
NX_SECURE_MEMCPY(&tls_session -> nx_secure_tls_key_material.nx_secure_tls_key_material_data[key_offset],
&tls_session -> nx_secure_tls_key_material.nx_secure_tls_new_key_material_data[key_offset], iv_size);
}if (!is_client) { ... }
tls_session -> nx_secure_tls_key_material.nx_secure_tls_server_iv = &key_block[key_offset];
key_offset += iv_size;
}if (iv_size > 0) { ... }
if (session_cipher_method -> nx_crypto_init != NULL)
{
if (is_client)
{
if (tls_session -> nx_secure_tls_session_cipher_client_initialized && session_cipher_method -> nx_crypto_cleanup)
{
status = session_cipher_method -> nx_crypto_cleanup(tls_session -> nx_secure_session_cipher_metadata_area_client);
if (status != NX_CRYPTO_SUCCESS)
{
return(status);
}if (status != NX_CRYPTO_SUCCESS) { ... }
tls_session -> nx_secure_tls_session_cipher_client_initialized = 0;
}if (tls_session -> nx_secure_tls_session_cipher_client_initialized && session_cipher_method -> nx_crypto_cleanup) { ... }
status = session_cipher_method -> nx_crypto_init((NX_CRYPTO_METHOD*)session_cipher_method,
tls_session -> nx_secure_tls_key_material.nx_secure_tls_client_write_key,
session_cipher_method -> nx_crypto_key_size_in_bits,
&tls_session -> nx_secure_session_cipher_handler_client,
tls_session -> nx_secure_session_cipher_metadata_area_client,
tls_session -> nx_secure_session_cipher_metadata_size);
tls_session -> nx_secure_tls_session_cipher_client_initialized = 1;
}if (is_client) { ... }
else
{
if (tls_session -> nx_secure_tls_session_cipher_server_initialized && session_cipher_method -> nx_crypto_cleanup)
{
status = session_cipher_method -> nx_crypto_cleanup(tls_session -> nx_secure_session_cipher_metadata_area_server);
if (status != NX_CRYPTO_SUCCESS)
{
return(status);
}if (status != NX_CRYPTO_SUCCESS) { ... }
tls_session -> nx_secure_tls_session_cipher_server_initialized = 0;
}if (tls_session -> nx_secure_tls_session_cipher_server_initialized && session_cipher_method -> nx_crypto_cleanup) { ... }
status = session_cipher_method -> nx_crypto_init((NX_CRYPTO_METHOD*)session_cipher_method,
tls_session -> nx_secure_tls_key_material.nx_secure_tls_server_write_key,
session_cipher_method -> nx_crypto_key_size_in_bits,
&tls_session -> nx_secure_session_cipher_handler_server,
tls_session -> nx_secure_session_cipher_metadata_area_server,
tls_session -> nx_secure_session_cipher_metadata_size);
tls_session -> nx_secure_tls_session_cipher_server_initialized = 1;
}else { ... }
if(status != NX_CRYPTO_SUCCESS)
{
return(status);
}if (status != NX_CRYPTO_SUCCESS) { ... }
}if (session_cipher_method -> nx_crypto_init != NULL) { ... }
return(NX_SECURE_TLS_SUCCESS);
}{ ... }