leo hendrickson
/
example-Ethernet-mbed-Cloud-connect
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
pal_TLS.c
00001 /******************************************************************************* 00002 * Copyright 2016, 2017 ARM Ltd. 00003 * 00004 * Licensed under the Apache License, Version 2.0 (the "License"); 00005 * you may not use this file except in compliance with the License. 00006 * You may obtain a copy of the License at 00007 * 00008 * http://www.apache.org/licenses/LICENSE-2.0 00009 * 00010 * Unless required by applicable law or agreed to in writing, software 00011 * distributed under the License is distributed on an "AS IS" BASIS, 00012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 * See the License for the specific language governing permissions and 00014 * limitations under the License. 00015 *******************************************************************************/ 00016 00017 00018 #include "pal.h" 00019 #include "pal_plat_TLS.h" 00020 00021 // do not require storage unless this modules is configured to use it 00022 #if PAL_USE_SECURE_TIME 00023 #include "storage.h" 00024 #endif 00025 00026 #define TRACE_GROUP "PAL" 00027 00028 PAL_PRIVATE uint8_t g_storedCertSerial[PAL_CERT_ID_SIZE] __attribute__ ((aligned(4))) = {0}; 00029 PAL_PRIVATE bool g_trustedServerValid = false; 00030 PAL_PRIVATE palMutexID_t g_palTLSHandshakeMutex = NULLPTR; 00031 00032 typedef struct palTLSService 00033 { 00034 bool retryHandShake; 00035 uint64_t serverTime; 00036 palTLSHandle_t platTlsHandle; 00037 }palTLSService_t; 00038 00039 typedef struct palTLSConfService 00040 { 00041 bool trustedTimeServer; 00042 palTLSConfHandle_t platTlsConfHandle; 00043 }palTLSConfService_t; 00044 00045 palStatus_t pal_initTLSLibrary(void) 00046 { 00047 palStatus_t status = PAL_SUCCESS; 00048 status = pal_osMutexCreate(&g_palTLSHandshakeMutex); 00049 if(PAL_SUCCESS != status) 00050 { 00051 PAL_LOG_ERR("Failed to Create TLS handshake Mutex error: %" PRId32 ".", status); 00052 } 00053 else 00054 { 00055 status = pal_plat_initTLSLibrary(); 00056 } 00057 return status; 00058 } 00059 00060 palStatus_t pal_cleanupTLS(void) 00061 { 00062 palStatus_t status = PAL_SUCCESS; 00063 status = pal_osMutexDelete(&g_palTLSHandshakeMutex); 00064 if(PAL_SUCCESS != status) 00065 { 00066 PAL_LOG_ERR("Failed to Delete TLS handshake Mutex error: %" PRId32 ".", status); 00067 } 00068 status = pal_plat_cleanupTLS(); 00069 return status; 00070 } 00071 00072 00073 palStatus_t pal_initTLS(palTLSConfHandle_t palTLSConf, palTLSHandle_t* palTLSHandle) 00074 { 00075 palStatus_t status = PAL_SUCCESS; 00076 palStatus_t mutexStatus = PAL_SUCCESS; 00077 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00078 palTLSService_t* palTLSCtx = NULL; 00079 00080 PAL_VALIDATE_ARGUMENTS ((NULLPTR == palTLSConf || NULLPTR == palTLSHandle)); 00081 00082 mutexStatus = pal_osMutexWait(g_palTLSHandshakeMutex, PAL_RTOS_WAIT_FOREVER); 00083 if (PAL_SUCCESS != mutexStatus) 00084 { 00085 PAL_LOG_ERR("Failed to get TLS context init Mutex error: %" PRId32 ".", mutexStatus); 00086 goto finish; 00087 } 00088 00089 palTLSCtx = (palTLSService_t*)malloc(sizeof(palTLSService_t)); 00090 if (NULL == palTLSCtx) 00091 { 00092 status = PAL_ERR_NO_MEMORY ; 00093 goto finish; 00094 } 00095 status = pal_plat_initTLS(palTLSConfCtx->platTlsConfHandle, &palTLSCtx->platTlsHandle); 00096 if (PAL_SUCCESS == status) 00097 { 00098 *palTLSHandle = (palTLSHandle_t)palTLSCtx; 00099 } 00100 00101 memset(g_storedCertSerial, 0, sizeof(g_storedCertSerial)); 00102 g_trustedServerValid = false; 00103 palTLSCtx->retryHandShake = false; 00104 00105 finish: 00106 if (PAL_SUCCESS == mutexStatus) 00107 { 00108 mutexStatus = pal_osMutexRelease(g_palTLSHandshakeMutex); 00109 if (PAL_SUCCESS != mutexStatus) 00110 { 00111 PAL_LOG_ERR("Failed to release TLS context init Mutex error: %" PRId32 ".", mutexStatus); 00112 } 00113 } 00114 00115 if (PAL_SUCCESS == status) 00116 { 00117 status = mutexStatus; 00118 } 00119 00120 if (PAL_SUCCESS != status) 00121 { 00122 free(palTLSCtx); 00123 } 00124 return status; 00125 } 00126 00127 00128 palStatus_t pal_freeTLS(palTLSHandle_t* palTLSHandle) 00129 { 00130 palStatus_t status = PAL_SUCCESS; 00131 palStatus_t mutexStatus = PAL_SUCCESS; 00132 00133 palTLSService_t* palTLSCtx = NULL; 00134 00135 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSHandle || NULLPTR == *palTLSHandle); 00136 00137 mutexStatus = pal_osMutexWait(g_palTLSHandshakeMutex, PAL_RTOS_WAIT_FOREVER); 00138 if (PAL_SUCCESS != mutexStatus) 00139 { 00140 PAL_LOG_ERR("Failed to get TLS context init Mutex error: %" PRId32 ".", mutexStatus); 00141 goto finish; 00142 } 00143 00144 palTLSCtx = (palTLSService_t*)*palTLSHandle; 00145 status = pal_plat_freeTLS(&palTLSCtx->platTlsHandle); 00146 if (PAL_SUCCESS == status) 00147 { 00148 free(palTLSCtx); 00149 *palTLSHandle = NULLPTR; 00150 } 00151 00152 mutexStatus = pal_osMutexRelease(g_palTLSHandshakeMutex); 00153 if (PAL_SUCCESS != mutexStatus) 00154 { 00155 PAL_LOG_ERR("Failed to release TLS context init Mutex error: %" PRId32 ".", mutexStatus); 00156 } 00157 finish: 00158 if (PAL_SUCCESS == status) 00159 { 00160 status = mutexStatus; 00161 } 00162 return status; 00163 } 00164 00165 00166 palStatus_t pal_initTLSConfiguration(palTLSConfHandle_t* palTLSConf, palTLSTransportMode_t transportationMode) 00167 { 00168 palStatus_t status = PAL_SUCCESS; 00169 palTLSConfService_t* palTLSConfCtx = NULL; 00170 00171 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConf); 00172 00173 00174 palTLSConfCtx = (palTLSConfService_t*)malloc(sizeof(palTLSConfService_t)); 00175 if (NULL == palTLSConfCtx) 00176 { 00177 status = PAL_ERR_NO_MEMORY ; 00178 goto finish; 00179 } 00180 00181 status = pal_plat_initTLSConf(&palTLSConfCtx->platTlsConfHandle, transportationMode, PAL_TLS_IS_CLIENT); 00182 if (PAL_SUCCESS != status) 00183 { 00184 goto finish; 00185 } 00186 00187 status = pal_plat_setAuthenticationMode(palTLSConfCtx->platTlsConfHandle, PAL_TLS_VERIFY_OPTIONAL); 00188 if (PAL_SUCCESS != status) 00189 { 00190 goto finish; 00191 } 00192 #if (PAL_TLS_CIPHER_SUITE & PAL_TLS_PSK_WITH_AES_128_CCM_8_SUITE) 00193 status = pal_plat_setCipherSuites(palTLSConfCtx->platTlsConfHandle, PAL_TLS_PSK_WITH_AES_128_CCM_8); 00194 #elif (PAL_TLS_CIPHER_SUITE & PAL_TLS_PSK_WITH_AES_256_CCM_8_SUITE) 00195 status = pal_plat_setCipherSuites(palTLSConfCtx->platTlsConfHandle, PAL_TLS_PSK_WITH_AES_256_CCM_8); 00196 #elif (PAL_TLS_CIPHER_SUITE & PAL_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SUITE) 00197 status = pal_plat_setCipherSuites(palTLSConfCtx->platTlsConfHandle, PAL_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); 00198 #elif (PAL_TLS_CIPHER_SUITE & PAL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_SUITE) 00199 status = pal_plat_setCipherSuites(palTLSConfCtx->platTlsConfHandle, PAL_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); 00200 #elif (PAL_TLS_CIPHER_SUITE & PAL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_SUITE) 00201 status = pal_plat_setCipherSuites(palTLSConfCtx->platTlsConfHandle, PAL_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); 00202 #elif (PAL_TLS_CIPHER_SUITE & PAL_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256_SUITE) 00203 status = pal_plat_setCipherSuites(palTLSConfCtx->platTlsConfHandle, PAL_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256); 00204 #else 00205 #error : No CipherSuite was defined! 00206 #endif 00207 if (PAL_SUCCESS != status) 00208 { 00209 goto finish; 00210 } 00211 00212 palTLSConfCtx->trustedTimeServer = false; 00213 *palTLSConf = (palTLSHandle_t)palTLSConfCtx; 00214 finish: 00215 if (PAL_SUCCESS != status) 00216 { 00217 free(palTLSConfCtx); 00218 } 00219 00220 return status; 00221 } 00222 00223 00224 palStatus_t pal_tlsConfigurationFree(palTLSConfHandle_t* palTLSConf) 00225 { 00226 palStatus_t status = PAL_SUCCESS; 00227 palTLSConfService_t* palTLSConfCtx = NULL; 00228 00229 PAL_VALIDATE_ARGUMENTS ((NULLPTR == palTLSConf || NULLPTR == *palTLSConf)); 00230 00231 palTLSConfCtx = (palTLSConfService_t*)*palTLSConf; 00232 status = pal_plat_tlsConfigurationFree(&palTLSConfCtx->platTlsConfHandle); 00233 if (PAL_SUCCESS == status) 00234 { 00235 free(palTLSConfCtx); 00236 *palTLSConf = NULLPTR; 00237 } 00238 return status; 00239 } 00240 00241 00242 palStatus_t pal_addEntropySource(palEntropySource_f entropyCallback) 00243 { 00244 palStatus_t status = PAL_SUCCESS; 00245 status = pal_plat_addEntropySource(entropyCallback); 00246 return status; 00247 } 00248 00249 palStatus_t pal_setOwnCertAndPrivateKey(palTLSConfHandle_t palTLSConf, palX509_t* ownCert, palPrivateKey_t* privateKey) 00250 { 00251 #if (PAL_ENABLE_X509 == 1) 00252 palStatus_t status = PAL_SUCCESS; 00253 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00254 00255 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConf); 00256 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConfCtx->platTlsConfHandle || NULL == ownCert || NULL == privateKey); 00257 00258 status = pal_plat_setOwnCertAndPrivateKey(palTLSConfCtx->platTlsConfHandle, ownCert, privateKey); 00259 return status; 00260 #else 00261 return PAL_ERR_NOT_SUPPORTED ; 00262 #endif 00263 } 00264 00265 palStatus_t pal_setOwnCertChain(palTLSConfHandle_t palTLSConf, palX509_t* ownCert) 00266 { 00267 #if (PAL_ENABLE_X509 == 1) 00268 palStatus_t status = PAL_SUCCESS; 00269 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00270 00271 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConf); 00272 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConfCtx->platTlsConfHandle || NULL == ownCert); 00273 00274 status = pal_plat_setOwnCertChain(palTLSConfCtx->platTlsConfHandle, ownCert); 00275 return status; 00276 #else 00277 return PAL_ERR_NOT_SUPPORTED ; 00278 #endif 00279 } 00280 00281 palStatus_t pal_setOwnPrivateKey(palTLSConfHandle_t palTLSConf, palPrivateKey_t* privateKey) 00282 { 00283 #if (PAL_ENABLE_X509 == 1) 00284 palStatus_t status = PAL_SUCCESS; 00285 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00286 00287 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConf); 00288 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConfCtx->platTlsConfHandle || NULL == privateKey); 00289 00290 status = pal_plat_setOwnPrivateKey(palTLSConfCtx->platTlsConfHandle, privateKey); 00291 return status; 00292 #else 00293 return PAL_ERR_NOT_SUPPORTED ; 00294 #endif 00295 } 00296 00297 palStatus_t pal_setCAChain(palTLSConfHandle_t palTLSConf, palX509_t* caChain, palX509CRL_t* caCRL) 00298 { 00299 #if (PAL_ENABLE_X509 == 1) 00300 palStatus_t status = PAL_SUCCESS; 00301 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00302 palX509Handle_t x509Ctx = NULLPTR; 00303 00304 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConf); 00305 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConfCtx->platTlsConfHandle || NULL == caChain); 00306 00307 00308 status = pal_plat_setCAChain(palTLSConfCtx->platTlsConfHandle, caChain, caCRL); 00309 #if PAL_USE_SECURE_TIME 00310 if (PAL_SUCCESS == status) 00311 { 00312 uint8_t certID[PAL_CERT_ID_SIZE] = {0}; 00313 size_t actualCertIDLen = 0; 00314 00315 status = pal_x509Initiate(&x509Ctx); 00316 if (PAL_SUCCESS != status) 00317 { 00318 goto finish; 00319 } 00320 00321 status = pal_x509CertParse(x509Ctx, caChain->buffer, caChain->size); 00322 if (PAL_SUCCESS != status) 00323 { 00324 goto finish; 00325 } 00326 00327 status = pal_x509CertGetAttribute(x509Ctx, PAL_X509_CERT_ID_ATTR, certID, sizeof(certID), &actualCertIDLen); 00328 if (PAL_SUCCESS != status) 00329 { 00330 goto finish; 00331 } 00332 00333 if (!g_trustedServerValid) 00334 { 00335 size_t actualLenBytes; 00336 palStatus_t internal_status; 00337 00338 internal_status = storage_rbp_read(STORAGE_RBP_TRUSTED_TIME_SRV_ID_NAME, (uint8_t*)g_storedCertSerial, (uint16_t)sizeof(g_storedCertSerial), &actualLenBytes); 00339 if (PAL_SUCCESS == internal_status) 00340 { 00341 g_trustedServerValid = true; 00342 } 00343 } 00344 00345 if ( (sizeof(g_storedCertSerial) == actualCertIDLen) && (0 == memcmp(certID, g_storedCertSerial, sizeof(g_storedCertSerial)))) 00346 { 00347 palTLSConfCtx->trustedTimeServer = true; 00348 } 00349 } 00350 finish: 00351 #endif //PAL_USE_SECURE_TIME 00352 if (NULLPTR != x509Ctx) 00353 { 00354 pal_x509Free(&x509Ctx); 00355 } 00356 return status; 00357 #else 00358 return PAL_ERR_NOT_SUPPORTED ; 00359 #endif 00360 } 00361 00362 00363 palStatus_t pal_setPSK(palTLSConfHandle_t palTLSConf, const unsigned char *identity, uint32_t maxIdentityLenInBytes, const unsigned char *psk, uint32_t maxPskLenInBytes) 00364 { 00365 #if (PAL_ENABLE_PSK == 1) 00366 palStatus_t status = PAL_SUCCESS; 00367 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00368 00369 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConf); 00370 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConfCtx->platTlsConfHandle || NULL == identity || NULL == psk); 00371 00372 00373 status = pal_plat_setPSK(palTLSConfCtx->platTlsConfHandle, identity, maxIdentityLenInBytes, psk, maxPskLenInBytes); 00374 return status; 00375 #else 00376 return PAL_ERR_NOT_SUPPORTED ; 00377 #endif 00378 } 00379 00380 00381 palStatus_t pal_tlsSetSocket(palTLSConfHandle_t palTLSConf, palTLSSocket_t* socket) 00382 { //palSocket_t depend on the library (socket or bio pointer) 00383 palStatus_t status = PAL_SUCCESS; 00384 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00385 00386 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConf); 00387 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConfCtx->platTlsConfHandle || NULL == socket); 00388 00389 status = pal_plat_tlsSetSocket(palTLSConfCtx->platTlsConfHandle, socket); 00390 return status; 00391 } 00392 00393 #if PAL_USE_SECURE_TIME 00394 PAL_PRIVATE palStatus_t pal_updateTime(uint64_t serverTime, bool trustedTimeServer) 00395 { 00396 palStatus_t status = PAL_SUCCESS; 00397 if (trustedTimeServer) 00398 { 00399 status = pal_osSetStrongTime(serverTime); 00400 if (PAL_SUCCESS != status) 00401 { 00402 PAL_LOG_DBG("Setting strong time failed! return code %" PRId32 ".", status); 00403 } 00404 } 00405 else 00406 { 00407 status = pal_osSetWeakTime(serverTime); 00408 if (PAL_SUCCESS != status) 00409 { 00410 PAL_LOG_DBG("Setting weak time failed! return code %" PRId32 ".", status); 00411 } 00412 } 00413 return status; 00414 } 00415 #endif //PAL_USE_SECURE_TIME 00416 00417 palStatus_t pal_handShake(palTLSHandle_t palTLSHandle, palTLSConfHandle_t palTLSConf) 00418 { 00419 palStatus_t status = PAL_SUCCESS; 00420 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00421 palTLSService_t* palTLSCtx = (palTLSService_t*)palTLSHandle; 00422 00423 PAL_VALIDATE_ARGUMENTS((NULLPTR == palTLSConfCtx || NULLPTR == palTLSCtx)); 00424 PAL_VALIDATE_ARGUMENTS((NULLPTR == palTLSCtx->platTlsHandle || NULLPTR == palTLSConfCtx->platTlsConfHandle)); 00425 00426 status = pal_plat_sslSetup(palTLSCtx->platTlsHandle, palTLSConfCtx->platTlsConfHandle); 00427 if (PAL_SUCCESS != status) 00428 { 00429 goto finish; 00430 } 00431 00432 if (!palTLSCtx->retryHandShake) 00433 { 00434 status = pal_plat_handShake(palTLSCtx->platTlsHandle, &palTLSCtx->serverTime); 00435 if (PAL_SUCCESS == status) 00436 { 00437 int32_t verifyResult = 0; 00438 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00439 #if PAL_USE_SECURE_TIME 00440 if (PAL_ERR_X509_CERT_VERIFY_FAILED == status) 00441 { 00442 if ((PAL_ERR_X509_BADCERT_FUTURE & verifyResult) || ((true == palTLSConfCtx->trustedTimeServer) && (PAL_ERR_X509_BADCERT_EXPIRED & verifyResult))) 00443 { 00444 PAL_LOG_DBG("SSL EXPIRED OR FUTURE - retry"); 00445 palTLSCtx->retryHandShake = true; 00446 status = PAL_SUCCESS; 00447 } 00448 else if (PAL_SUCCESS != status) 00449 { 00450 status = PAL_ERR_X509_CERT_VERIFY_FAILED; 00451 palTLSCtx->serverTime = 0; 00452 } 00453 } 00454 #else 00455 if (PAL_SUCCESS != status) 00456 { 00457 status = PAL_ERR_X509_CERT_VERIFY_FAILED; 00458 palTLSCtx->serverTime = 0; 00459 } 00460 #endif //PAL_USE_SECURE_TIME 00461 } 00462 } 00463 #if PAL_USE_SECURE_TIME 00464 if ((PAL_SUCCESS == status) && (palTLSCtx->retryHandShake)) 00465 { 00466 PAL_LOG_DBG("SSL START RENEGOTIATE"); 00467 if (!palTLSConfCtx->trustedTimeServer) //! if we are not proccessing handshake with the time trusted server we 00468 { //! will use PAL_TLS_VERIFY_REQUIRED authentication mode 00469 status = pal_plat_setAuthenticationMode(palTLSConfCtx->platTlsConfHandle, PAL_TLS_VERIFY_REQUIRED); 00470 if (PAL_SUCCESS != status) 00471 { 00472 goto finish; 00473 } 00474 } 00475 status = pal_plat_renegotiate(palTLSCtx->platTlsHandle, palTLSCtx->serverTime); 00476 if (PAL_SUCCESS == status) 00477 { 00478 int32_t verifyResult = 0; 00479 status = pal_sslGetVerifyResultExtended(palTLSHandle, &verifyResult); 00480 if ((palTLSConfCtx->trustedTimeServer) && 00481 ((PAL_ERR_X509_CERT_VERIFY_FAILED == status) && ((PAL_ERR_X509_BADCERT_EXPIRED & verifyResult) || (PAL_ERR_X509_BADCERT_FUTURE & verifyResult)))) 00482 { 00483 status = PAL_SUCCESS; 00484 } 00485 } 00486 } 00487 00488 if (PAL_SUCCESS == status) 00489 { 00490 //! We ignore the pal_updateTime() result, because it should not cause a failure to the handshake process. 00491 //! Logs are printed in the pal_updateTime() function in case of failure. 00492 pal_updateTime(palTLSCtx->serverTime, palTLSConfCtx->trustedTimeServer); 00493 } 00494 #endif //PAL_USE_SECURE_TIME 00495 finish: 00496 return status; 00497 } 00498 00499 00500 palStatus_t pal_sslGetVerifyResultExtended(palTLSHandle_t palTLSHandle, int32_t* verifyResult) 00501 { 00502 palStatus_t status = PAL_SUCCESS; 00503 palTLSService_t* palTLSCtx = NULL; 00504 00505 PAL_VALIDATE_ARGUMENTS((NULLPTR == palTLSHandle) || (NULL == verifyResult)); 00506 00507 palTLSCtx = (palTLSService_t*)palTLSHandle; 00508 PAL_VALIDATE_ARGUMENTS(NULLPTR == palTLSCtx->platTlsHandle); 00509 00510 status = pal_plat_sslGetVerifyResultExtended(palTLSCtx->platTlsHandle, verifyResult); 00511 if (0 != *verifyResult) 00512 { 00513 status = PAL_ERR_X509_CERT_VERIFY_FAILED; 00514 *verifyResult = *verifyResult ^ PAL_ERR_MODULE_BITMASK_BASE; //! in order to turn off the MSB bit. 00515 } 00516 00517 return status; 00518 } 00519 00520 00521 palStatus_t pal_sslGetVerifyResult(palTLSHandle_t palTLSHandle) 00522 { 00523 palStatus_t status = PAL_SUCCESS; 00524 palTLSService_t* palTLSCtx = NULL; 00525 int32_t verifyResult = 0; 00526 00527 PAL_VALIDATE_ARGUMENTS(NULLPTR == palTLSHandle); 00528 00529 palTLSCtx = (palTLSService_t*)palTLSHandle; 00530 PAL_VALIDATE_ARGUMENTS(NULLPTR == palTLSCtx->platTlsHandle); 00531 00532 status = pal_plat_sslGetVerifyResultExtended(palTLSCtx->platTlsHandle, &verifyResult); 00533 return status; 00534 } 00535 00536 00537 palStatus_t pal_setHandShakeTimeOut(palTLSConfHandle_t palTLSConf, uint32_t timeoutInMilliSec) 00538 { 00539 palStatus_t status = PAL_SUCCESS; 00540 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00541 00542 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConfCtx || 0 == timeoutInMilliSec); 00543 00544 status = pal_plat_setHandShakeTimeOut(palTLSConfCtx->platTlsConfHandle, timeoutInMilliSec); 00545 return status; 00546 } 00547 00548 00549 palStatus_t pal_sslRead(palTLSHandle_t palTLSHandle, void *buffer, uint32_t len, uint32_t* actualLen) 00550 { 00551 palStatus_t status = PAL_SUCCESS; 00552 palTLSService_t* palTLSCtx = (palTLSService_t*)palTLSHandle; 00553 00554 PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSHandle); 00555 PAL_VALIDATE_ARGUMENTS ((NULLPTR == palTLSCtx->platTlsHandle || NULL == buffer || NULL == actualLen)); 00556 00557 status = pal_plat_sslRead(palTLSCtx->platTlsHandle, buffer, len, actualLen); 00558 return status; 00559 } 00560 00561 00562 palStatus_t pal_sslWrite(palTLSHandle_t palTLSHandle, const void *buffer, uint32_t len, uint32_t *bytesWritten) 00563 { 00564 palStatus_t status = PAL_SUCCESS; 00565 palTLSService_t* palTLSCtx = (palTLSService_t*)palTLSHandle; 00566 00567 PAL_VALIDATE_ARGUMENTS((NULLPTR == palTLSHandle || NULL == buffer || NULL == bytesWritten)); 00568 00569 status = pal_plat_sslWrite(palTLSCtx->platTlsHandle, buffer, len, bytesWritten); 00570 return status; 00571 } 00572 00573 palStatus_t pal_sslDebugging(uint8_t turnOn) 00574 { 00575 return PAL_ERR_NOT_SUPPORTED ; 00576 } 00577 00578 00579 palStatus_t pal_sslSetDebugging(palTLSConfHandle_t palTLSConf, uint8_t turnOn) 00580 { 00581 palStatus_t status = PAL_SUCCESS; 00582 00583 palTLSConfService_t* palTLSConfCtx = (palTLSConfService_t*)palTLSConf; 00584 00585 status = pal_plat_sslSetDebugging(palTLSConfCtx->platTlsConfHandle, turnOn); 00586 return status; 00587 }
Generated on Mon Aug 29 2022 19:53:41 by
1.7.2