1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "securec.h"
17 #include "bsl_sal.h"
18 #include "uio_base.h"
19 #include "uio_abstraction.h"
20 #include "hitls_crypt_type.h"
21 #include "hitls_cert_type.h"
22 #include "hitls_error.h"
23 #include "hlt_type.h"
24 #include "cert_callback.h"
25 #include "frame_tls.h"
26 #include "frame_io.h"
27 #include "frame_link.h"
28
29 #define MAX_CERT_PATH_LENGTH (1024)
30
FRAME_CreateDefaultDtlsObj(void)31 HITLS_Ctx *FRAME_CreateDefaultDtlsObj(void)
32 {
33 HITLS_Config *config = HITLS_CFG_NewDTLS12Config();
34 if (config == NULL) {
35 return NULL;
36 }
37
38 char verifyPath[MAX_CERT_PATH_LENGTH] = {0};
39 char chainPath[MAX_CERT_PATH_LENGTH] = {0};
40 char certPath[MAX_CERT_PATH_LENGTH] = {0};
41 char keyPath[MAX_CERT_PATH_LENGTH] = {0};
42 if (sprintf_s(verifyPath, MAX_CERT_PATH_LENGTH, "%s:%s", RSA_SHA_CA_PATH, ECDSA_SHA_CA_PATH) <= 0) {
43 HITLS_CFG_FreeConfig(config);
44 return NULL;
45 }
46
47 if (sprintf_s(chainPath, MAX_CERT_PATH_LENGTH, "%s:%s", RSA_SHA_CHAIN_PATH, ECDSA_SHA_CHAIN_PATH) <= 0) {
48 HITLS_CFG_FreeConfig(config);
49 return NULL;
50 }
51
52 if (sprintf_s(certPath, MAX_CERT_PATH_LENGTH, "%s:%s", RSA_SHA256_EE_PATH3, ECDSA_SHA256_EE_PATH) <= 0) {
53 HITLS_CFG_FreeConfig(config);
54 return NULL;
55 }
56
57 if (sprintf_s(keyPath, MAX_CERT_PATH_LENGTH, "%s:%s", RSA_SHA256_PRIV_PATH3, ECDSA_SHA256_PRIV_PATH) <= 0) {
58 HITLS_CFG_FreeConfig(config);
59 return NULL;
60 }
61
62 int32_t ret = HiTLS_X509_LoadCertAndKey(config, verifyPath, chainPath, certPath, NULL, keyPath, NULL);
63 if (ret != HITLS_SUCCESS) {
64 HITLS_CFG_FreeConfig(config);
65 return NULL;
66 }
67
68 HITLS_Ctx *ctx = HITLS_New(config);
69 if (ctx == NULL) {
70 HITLS_CFG_FreeConfig(config);
71 return NULL;
72 }
73
74 HITLS_CFG_FreeConfig(config);
75 return ctx;
76 }
77
CreateLink(HITLS_Config * config,BSL_UIO_TransportType type)78 FRAME_LinkObj *CreateLink(HITLS_Config *config, BSL_UIO_TransportType type)
79 {
80 BSL_UIO_Method method = {0};
81 BSL_UIO *io = NULL;
82 FrameUioUserData *ioUserdata = NULL;
83 const BSL_UIO_Method *ori = NULL;
84 switch (type) {
85 case BSL_UIO_TCP:
86 #ifdef HITLS_BSL_UIO_TCP
87 ori = BSL_UIO_TcpMethod();
88 #endif
89 break;
90 case BSL_UIO_UDP:
91 #ifdef HITLS_BSL_UIO_UDP
92 ori = BSL_UIO_UdpMethod();
93 #endif
94 break;
95 default:
96 #ifdef HITLS_BSL_UIO_SCTP
97 ori = BSL_UIO_SctpMethod();
98 #endif
99 break;
100 }
101 if (memcpy_s(&method, sizeof(BSL_UIO_Method), ori, sizeof(method)) != EOK) {
102 return NULL;
103 }
104
105 FRAME_LinkObj *linkObj = BSL_SAL_Calloc(1u, sizeof(FRAME_LinkObj));
106 if (linkObj == NULL) {
107 return NULL;
108 }
109 HITLS_CFG_SetReadAhead(config, 1);
110 HITLS_CFG_SetFlightTransmitSwitch(config, false);
111 HITLS_Ctx *sslObj = HITLS_New(config);
112 if (sslObj == NULL) {
113 goto ERR;
114 }
115
116 INIT_IO_METHOD(method, type, FRAME_Write, FRAME_Read, FRAME_Ctrl);
117 io = BSL_UIO_New(&method);
118 if (io == NULL) {
119 goto ERR;
120 }
121
122 ioUserdata = FRAME_IO_CreateUserData();
123 if (ioUserdata == NULL) {
124 goto ERR;
125 }
126
127 uint32_t ret = BSL_UIO_SetUserData(io, ioUserdata);
128 if (ret != HITLS_SUCCESS) {
129 goto ERR;
130 }
131
132 int32_t fd = 666;
133 // Set any fd as the value of the underlying transfer I/O
134 ret = BSL_UIO_Ctrl(io, BSL_UIO_SET_FD, (int32_t)sizeof(fd), &fd);
135 if (ret != HITLS_SUCCESS) {
136 goto ERR;
137 }
138 BSL_UIO_SetInit(io, true);
139 // must return success
140 ret = HITLS_SetUio(sslObj, io);
141 if (ret != HITLS_SUCCESS) {
142 goto ERR;
143 }
144 linkObj->io = io;
145 linkObj->ssl = sslObj;
146 return linkObj;
147 ERR:
148 FRAME_IO_FreeUserData(ioUserdata);
149 BSL_UIO_Free(io);
150 HITLS_Free(sslObj);
151 BSL_SAL_FREE(linkObj);
152 return NULL;
153 }
154 #ifdef HITLS_TLS_PROTO_TLCP11
FRAME_CreateTLCPLink(HITLS_Config * config,BSL_UIO_TransportType type,bool isClient)155 FRAME_LinkObj *FRAME_CreateTLCPLink(HITLS_Config *config, BSL_UIO_TransportType type, bool isClient)
156 {
157 #ifdef HITLS_TLS_CONFIG_KEY_USAGE
158 HITLS_CFG_SetCheckKeyUsage(config, false);
159 #endif
160
161 #ifdef HITLS_TLS_FEATURE_SECURITY
162 HITLS_CFG_SetSecurityLevel(config, HITLS_SECURITY_LEVEL_ZERO);
163 #endif /* HITLS_TLS_FEATURE_SECURITY */
164 int32_t ret;
165 if (isClient) {
166 ret = HiTLS_X509_LoadCertAndKey(config, SM2_VERIFY_PATH, SM2_CHAIN_PATH, SM2_CLIENT_ENC_CERT_PATH,
167 SM2_CLIENT_SIGN_CERT_PATH, SM2_CLIENT_ENC_KEY_PATH, SM2_CLIENT_SIGN_KEY_PATH);
168 } else {
169 ret = HiTLS_X509_LoadCertAndKey(config, SM2_VERIFY_PATH, SM2_CHAIN_PATH, SM2_SERVER_ENC_CERT_PATH,
170 SM2_SERVER_SIGN_CERT_PATH, SM2_SERVER_ENC_KEY_PATH, SM2_SERVER_SIGN_KEY_PATH);
171 }
172 if (ret != HITLS_SUCCESS) {
173 return NULL;
174 }
175
176 return CreateLink(config, type);
177 }
178 #endif /* HITLS_TLS_PROTO_TLCP11 */
179 //Set certificate and creating a connection
FRAME_CreateLinkBase(HITLS_Config * config,BSL_UIO_TransportType type,bool setCertFlag)180 FRAME_LinkObj *FRAME_CreateLinkBase(HITLS_Config *config, BSL_UIO_TransportType type, bool setCertFlag)
181 {
182 int32_t ret;
183 if (setCertFlag) {
184 char verifyPath[MAX_CERT_PATH_LENGTH] = {0};
185 char chainPath[MAX_CERT_PATH_LENGTH] = {0};
186 char certPath[MAX_CERT_PATH_LENGTH] = {0};
187 char keyPath[MAX_CERT_PATH_LENGTH] = {0};
188 sprintf_s(verifyPath, MAX_CERT_PATH_LENGTH, "%s:%s", ECDSA_SHA_CA_PATH, RSA_SHA_CA_PATH);
189 sprintf_s(chainPath,
190 MAX_CERT_PATH_LENGTH,
191 "%s:%s",
192 ECDSA_SHA_CHAIN_PATH,
193 RSA_SHA_CHAIN_PATH);
194 sprintf_s(
195 certPath, MAX_CERT_PATH_LENGTH, "%s:%s", ECDSA_SHA256_EE_PATH, RSA_SHA256_EE_PATH3);
196 sprintf_s(keyPath,
197 MAX_CERT_PATH_LENGTH,
198 "%s:%s",
199 ECDSA_SHA256_PRIV_PATH,
200 RSA_SHA256_PRIV_PATH3);
201 ret = HiTLS_X509_LoadCertAndKey(config, verifyPath, chainPath, certPath, NULL, keyPath, NULL);
202 if (ret != HITLS_SUCCESS) {
203 return NULL;
204 }
205 }
206
207 return CreateLink(config, type);
208 }
209
FRAME_CreateLink(HITLS_Config * config,BSL_UIO_TransportType type)210 FRAME_LinkObj *FRAME_CreateLink(HITLS_Config *config, BSL_UIO_TransportType type)
211 {
212 #ifdef HITLS_TLS_CONFIG_KEY_USAGE
213 HITLS_CFG_SetCheckKeyUsage(config, false);
214 #endif /* HITLS_TLS_CONFIG_KEY_USAGE */
215
216 #ifdef HITLS_TLS_FEATURE_SECURITY
217 HITLS_CFG_SetSecurityLevel(config, HITLS_SECURITY_LEVEL_ZERO);
218 #endif /* HITLS_TLS_FEATURE_SECURITY */
219 return FRAME_CreateLinkBase(config, type, true);
220 }
221
FRAME_CreateLinkEx(HITLS_Config * config,BSL_UIO_TransportType type)222 FRAME_LinkObj *FRAME_CreateLinkEx(HITLS_Config *config, BSL_UIO_TransportType type)
223 {
224 #ifdef HITLS_TLS_CONFIG_KEY_USAGE
225 HITLS_CFG_SetCheckKeyUsage(config, false);
226 #endif /* HITLS_TLS_CONFIG_KEY_USAGE */
227
228 #ifdef HITLS_TLS_FEATURE_SECURITY
229 HITLS_CFG_SetSecurityLevel(config, HITLS_SECURITY_LEVEL_ZERO);
230 #endif /* HITLS_TLS_FEATURE_SECURITY */
231 return FRAME_CreateLinkBase(config, type, false);
232 }
233
FRAME_CreateLinkWithCert(HITLS_Config * config,BSL_UIO_TransportType type,const FRAME_CertInfo * certInfo)234 FRAME_LinkObj *FRAME_CreateLinkWithCert(HITLS_Config *config, BSL_UIO_TransportType type, const FRAME_CertInfo* certInfo)
235 {
236 #ifdef HITLS_TLS_CONFIG_KEY_USAGE
237 HITLS_CFG_SetCheckKeyUsage(config, false);
238 #endif /* HITLS_TLS_CONFIG_KEY_USAGE */
239
240 #ifdef HITLS_TLS_FEATURE_SECURITY
241 if (config->securityLevel == HITLS_SECURITY_LEVEL_ONE) {
242 HITLS_CFG_SetSecurityLevel(config, HITLS_SECURITY_LEVEL_ZERO);
243 }
244 #endif /* HITLS_TLS_FEATURE_SECURITY */
245 int32_t ret;
246 ret = HiTLS_X509_LoadCertAndKey(config,
247 certInfo->caFile,
248 certInfo->chainFile,
249 certInfo->endEquipmentFile,
250 certInfo->signFile,
251 certInfo->privKeyFile,
252 certInfo->signPrivKeyFile);
253 if (ret != HITLS_SUCCESS) {
254 return NULL;
255 }
256 return CreateLink(config, type);
257 }
258
FRAME_FreeLink(FRAME_LinkObj * linkObj)259 void FRAME_FreeLink(FRAME_LinkObj *linkObj)
260 {
261 if (linkObj == NULL) {
262 return;
263 }
264 FRAME_IO_FreeUserData(BSL_UIO_GetUserData(linkObj->io));
265 // BSL_UIO_Free is automatically invoked twice in HITLS_Free
266 #ifdef HITLS_TLS_FEATURE_FLIGHT
267 if (linkObj->io != NULL && linkObj->io->references.count >= 2) {
268 while (linkObj->io->references.count > 2) {
269 BSL_UIO_Free(linkObj->io);
270 }
271 } else {
272 #endif
273 BSL_UIO_Free(linkObj->io);
274 #ifdef HITLS_TLS_FEATURE_FLIGHT
275 }
276 #endif
277 HITLS_Free(linkObj->ssl);
278 BSL_SAL_FREE(linkObj);
279 return;
280 }
281
FRAME_GetTlsCtx(const FRAME_LinkObj * linkObj)282 HITLS_Ctx *FRAME_GetTlsCtx(const FRAME_LinkObj *linkObj)
283 {
284 if (linkObj == NULL) {
285 return NULL;
286 }
287 return linkObj->ssl;
288 }
289