1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <unistd.h>
20 #include <arpa/inet.h>
21
22 #include "uio_base.h"
23 #include "bsl_sal.h"
24 #include "sal_net.h"
25 #include "hitls.h"
26 #include "hitls_cert_type.h"
27 #include "hitls_config.h"
28 #include "hitls_error.h"
29 #include "hitls_psk.h"
30 #include "hitls_session.h"
31 #include "hitls_debug.h"
32 #include "hitls_sni.h"
33 #include "hitls_alpn.h"
34 #include "hitls_security.h"
35 #include "hitls_crypt_init.h"
36 #include "tls.h"
37 #include "hlt_type.h"
38 #include "logger.h"
39 #include "tls_res.h"
40 #include "cert_callback.h"
41 #include "sctp_channel.h"
42 #include "tcp_channel.h"
43 #include "udp_channel.h"
44 #include "common_func.h"
45 #include "crypt_eal_rand.h"
46 #include "crypt_algid.h"
47 #include "channel_res.h"
48 #include "crypt_eal_provider.h"
49
50 #define SUCCESS 0
51 #define ERROR (-1)
52 #define FUNC_TIME_OUT_SEC 120
53
54 #define ASSERT_RETURN(condition, log) \
55 do { \
56 if (!(condition)) { \
57 LOG_ERROR(log); \
58 return ERROR; \
59 } \
60 } while (0)
61
62 typedef struct {
63 char *name;
64 uint16_t configValue;
65 } HitlsConfig;
66
67 typedef enum {
68 CIPHER,
69 GROUPS,
70 SIGNATURE,
71 POINTFORMAT,
72 } HitlsConfigType;
73
74 static const HitlsConfig g_cipherSuiteList[] = {
75 {"HITLS_RSA_WITH_AES_128_CBC_SHA", HITLS_RSA_WITH_AES_128_CBC_SHA},
76 {"HITLS_DHE_DSS_WITH_AES_128_CBC_SHA", HITLS_DHE_DSS_WITH_AES_128_CBC_SHA},
77 {"HITLS_DHE_RSA_WITH_AES_128_CBC_SHA", HITLS_DHE_RSA_WITH_AES_128_CBC_SHA},
78 {"HITLS_RSA_WITH_AES_256_CBC_SHA", HITLS_RSA_WITH_AES_256_CBC_SHA},
79 {"HITLS_DHE_DSS_WITH_AES_256_CBC_SHA", HITLS_DHE_DSS_WITH_AES_256_CBC_SHA},
80 {"HITLS_DHE_RSA_WITH_AES_256_CBC_SHA", HITLS_DHE_RSA_WITH_AES_256_CBC_SHA},
81 {"HITLS_RSA_WITH_AES_128_CBC_SHA256", HITLS_RSA_WITH_AES_128_CBC_SHA256},
82 {"HITLS_RSA_WITH_AES_256_CBC_SHA256", HITLS_RSA_WITH_AES_256_CBC_SHA256},
83 {"HITLS_DHE_DSS_WITH_AES_128_CBC_SHA256", HITLS_DHE_DSS_WITH_AES_128_CBC_SHA256},
84 {"HITLS_DHE_RSA_WITH_AES_128_CBC_SHA256", HITLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
85 {"HITLS_DHE_DSS_WITH_AES_256_CBC_SHA256", HITLS_DHE_DSS_WITH_AES_256_CBC_SHA256},
86 {"HITLS_DHE_RSA_WITH_AES_256_CBC_SHA256", HITLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
87 {"HITLS_RSA_WITH_AES_128_GCM_SHA256", HITLS_RSA_WITH_AES_128_GCM_SHA256},
88 {"HITLS_RSA_WITH_AES_256_GCM_SHA384", HITLS_RSA_WITH_AES_256_GCM_SHA384},
89 {"HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256", HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
90 {"HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384", HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
91 {"HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256", HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256},
92 {"HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384", HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384},
93 {"HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
94 {"HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
95 {"HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
96 {"HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
97 {"HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
98 {"HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
99 {"HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
100 {"HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
101 {"HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
102 {"HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
103 {"HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
104 {"HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
105 {"HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
106 {"HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
107 {"HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
108 {"HITLS_AES_128_GCM_SHA256", HITLS_AES_128_GCM_SHA256},
109 {"HITLS_AES_256_GCM_SHA384", HITLS_AES_256_GCM_SHA384},
110 {"HITLS_CHACHA20_POLY1305_SHA256", HITLS_CHACHA20_POLY1305_SHA256},
111 {"HITLS_AES_128_CCM_SHA256", HITLS_AES_128_CCM_SHA256},
112 {"HITLS_AES_128_CCM_8_SHA256", HITLS_AES_128_CCM_8_SHA256},
113 {"HITLS_ECDHE_ECDSA_WITH_AES_128_CCM", HITLS_ECDHE_ECDSA_WITH_AES_128_CCM},
114 {"HITLS_ECDHE_ECDSA_WITH_AES_256_CCM", HITLS_ECDHE_ECDSA_WITH_AES_256_CCM},
115 {"HITLS_DHE_RSA_WITH_AES_128_CCM", HITLS_DHE_RSA_WITH_AES_128_CCM},
116 {"HITLS_DHE_RSA_WITH_AES_256_CCM", HITLS_DHE_RSA_WITH_AES_256_CCM},
117 {"HITLS_RSA_WITH_AES_256_CCM", HITLS_RSA_WITH_AES_256_CCM},
118 {"HITLS_RSA_WITH_AES_256_CCM_8", HITLS_RSA_WITH_AES_256_CCM_8},
119 {"HITLS_RSA_WITH_AES_128_CCM", HITLS_RSA_WITH_AES_128_CCM},
120 {"HITLS_RSA_WITH_AES_128_CCM_8", HITLS_RSA_WITH_AES_128_CCM_8},
121
122 /* psk cipher suite */
123 {"HITLS_PSK_WITH_AES_128_CBC_SHA", HITLS_PSK_WITH_AES_128_CBC_SHA},
124 {"HITLS_PSK_WITH_AES_256_CBC_SHA", HITLS_PSK_WITH_AES_256_CBC_SHA},
125 {"HITLS_DHE_PSK_WITH_AES_128_CBC_SHA", HITLS_DHE_PSK_WITH_AES_128_CBC_SHA},
126 {"HITLS_DHE_PSK_WITH_AES_256_CBC_SHA", HITLS_DHE_PSK_WITH_AES_256_CBC_SHA},
127 {"HITLS_RSA_PSK_WITH_AES_128_CBC_SHA", HITLS_RSA_PSK_WITH_AES_128_CBC_SHA},
128 {"HITLS_RSA_PSK_WITH_AES_256_CBC_SHA", HITLS_RSA_PSK_WITH_AES_256_CBC_SHA},
129 {"HITLS_PSK_WITH_AES_128_GCM_SHA256", HITLS_PSK_WITH_AES_128_GCM_SHA256},
130 {"HITLS_PSK_WITH_AES_256_GCM_SHA384", HITLS_PSK_WITH_AES_256_GCM_SHA384},
131 {"HITLS_DHE_PSK_WITH_AES_128_GCM_SHA256", HITLS_DHE_PSK_WITH_AES_128_GCM_SHA256},
132 {"HITLS_DHE_PSK_WITH_AES_256_GCM_SHA384", HITLS_DHE_PSK_WITH_AES_256_GCM_SHA384},
133 {"HITLS_RSA_PSK_WITH_AES_128_GCM_SHA256", HITLS_RSA_PSK_WITH_AES_128_GCM_SHA256},
134 {"HITLS_RSA_PSK_WITH_AES_256_GCM_SHA384", HITLS_RSA_PSK_WITH_AES_256_GCM_SHA384},
135 {"HITLS_PSK_WITH_AES_128_CBC_SHA256", HITLS_PSK_WITH_AES_128_CBC_SHA256},
136 {"HITLS_PSK_WITH_AES_256_CBC_SHA384", HITLS_PSK_WITH_AES_256_CBC_SHA384},
137 {"HITLS_DHE_PSK_WITH_AES_128_CBC_SHA256", HITLS_DHE_PSK_WITH_AES_128_CBC_SHA256},
138 {"HITLS_DHE_PSK_WITH_AES_256_CBC_SHA384", HITLS_DHE_PSK_WITH_AES_256_CBC_SHA384},
139 {"HITLS_RSA_PSK_WITH_AES_128_CBC_SHA256", HITLS_RSA_PSK_WITH_AES_128_CBC_SHA256},
140 {"HITLS_RSA_PSK_WITH_AES_256_CBC_SHA384", HITLS_RSA_PSK_WITH_AES_256_CBC_SHA384},
141 {"HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
142 {"HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
143 {"HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256},
144 {"HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384},
145 {"HITLS_PSK_WITH_CHACHA20_POLY1305_SHA256", HITLS_PSK_WITH_CHACHA20_POLY1305_SHA256},
146 {"HITLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", HITLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
147 {"HITLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", HITLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
148 {"HITLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256", HITLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256},
149 {"HITLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256", HITLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
150 {"HITLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384", HITLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384},
151 {"HITLS_DHE_PSK_WITH_AES_128_CCM", HITLS_DHE_PSK_WITH_AES_128_CCM},
152 {"HITLS_DHE_PSK_WITH_AES_256_CCM", HITLS_DHE_PSK_WITH_AES_256_CCM},
153 {"HITLS_PSK_WITH_AES_256_CCM", HITLS_PSK_WITH_AES_256_CCM},
154 {"HITLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256", HITLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256},
155
156 /* Anonymous ciphersuite */
157 {"HITLS_DH_ANON_WITH_AES_256_CBC_SHA", HITLS_DH_ANON_WITH_AES_256_CBC_SHA},
158 {"HITLS_DH_ANON_WITH_AES_128_CBC_SHA", HITLS_DH_ANON_WITH_AES_128_CBC_SHA},
159 {"HITLS_DH_ANON_WITH_AES_128_CBC_SHA256", HITLS_DH_ANON_WITH_AES_128_CBC_SHA256},
160 {"HITLS_DH_ANON_WITH_AES_256_CBC_SHA256", HITLS_DH_ANON_WITH_AES_256_CBC_SHA256},
161 {"HITLS_DH_ANON_WITH_AES_128_GCM_SHA256", HITLS_DH_ANON_WITH_AES_128_GCM_SHA256},
162 {"HITLS_DH_ANON_WITH_AES_256_GCM_SHA384", HITLS_DH_ANON_WITH_AES_256_GCM_SHA384},
163 {"HITLS_ECDH_ANON_WITH_AES_128_CBC_SHA", HITLS_ECDH_ANON_WITH_AES_128_CBC_SHA},
164 {"HITLS_ECDH_ANON_WITH_AES_256_CBC_SHA", HITLS_ECDH_ANON_WITH_AES_256_CBC_SHA},
165 {"HITLS_ECDHE_SM4_CBC_SM3", HITLS_ECDHE_SM4_CBC_SM3},
166 {"HITLS_ECC_SM4_CBC_SM3", HITLS_ECC_SM4_CBC_SM3},
167 {"HITLS_ECDHE_SM4_GCM_SM3", HITLS_ECDHE_SM4_GCM_SM3},
168 {"HITLS_ECC_SM4_GCM_SM3", HITLS_ECC_SM4_GCM_SM3},
169
170 /* error ciphersuite */
171 {"HITLS_INVALID_CIPHER_TC01", 0xFFFF},
172 {"HITLS_INVALID_CIPHER_TC02", 0xFFFE},
173 };
174
175 static const HitlsConfig g_groupList[] = {
176 {"HITLS_EC_GROUP_BRAINPOOLP256R1", HITLS_EC_GROUP_BRAINPOOLP256R1},
177 {"HITLS_EC_GROUP_BRAINPOOLP384R1", HITLS_EC_GROUP_BRAINPOOLP384R1},
178 {"HITLS_EC_GROUP_BRAINPOOLP512R1", HITLS_EC_GROUP_BRAINPOOLP512R1},
179 {"HITLS_EC_GROUP_SECP256R1", HITLS_EC_GROUP_SECP256R1},
180 {"HITLS_EC_GROUP_SECP384R1", HITLS_EC_GROUP_SECP384R1},
181 {"HITLS_EC_GROUP_SECP521R1", HITLS_EC_GROUP_SECP521R1},
182 {"HITLS_EC_GROUP_CURVE25519", HITLS_EC_GROUP_CURVE25519},
183 {"HITLS_EC_GROUP_SM2", HITLS_EC_GROUP_SM2},
184 {"HITLS_INVALID_GROUP_TC01", 0xFF},
185 {"HITLS_INVALID_GROUP_TC02", 0xFE},
186 {"HITLS_FF_DHE_2048", HITLS_FF_DHE_2048},
187 {"HITLS_FF_DHE_3072", HITLS_FF_DHE_3072},
188 {"HITLS_FF_DHE_4096", HITLS_FF_DHE_4096},
189 {"HITLS_FF_DHE_6144", HITLS_FF_DHE_6144},
190 {"HITLS_FF_DHE_8192", HITLS_FF_DHE_8192},
191 {"SecP256r1MLKEM768", 4587}, // for new kem group
192 {"X25519MLKEM768", 4588}, // for new kem group
193 {"SecP384r1MLKEM1024", 4589}, // for new kem group
194 {"test_new_group", 477}, // for new group
195 {"test_new_group_kem", 478}, // NEW_KEM_ALGID
196 {"test_new_group_with_new_key_type", 479}, // NEW_PKEY_ALGID
197 };
198
199 static const HitlsConfig g_signatureList[] = {
200 {"CERT_SIG_SCHEME_RSA_PKCS1_SHA1", CERT_SIG_SCHEME_RSA_PKCS1_SHA1},
201 {"CERT_SIG_SCHEME_ECDSA_SHA1", CERT_SIG_SCHEME_ECDSA_SHA1},
202 {"CERT_SIG_SCHEME_ECDSA_SHA224", CERT_SIG_SCHEME_ECDSA_SHA224},
203 {"CERT_SIG_SCHEME_RSA_PKCS1_SHA224", CERT_SIG_SCHEME_RSA_PKCS1_SHA224},
204 {"CERT_SIG_SCHEME_RSA_PKCS1_SHA256", CERT_SIG_SCHEME_RSA_PKCS1_SHA256},
205 {"CERT_SIG_SCHEME_RSA_PKCS1_SHA384", CERT_SIG_SCHEME_RSA_PKCS1_SHA384},
206 {"CERT_SIG_SCHEME_RSA_PKCS1_SHA512", CERT_SIG_SCHEME_RSA_PKCS1_SHA512},
207 {"CERT_SIG_SCHEME_ECDSA_SECP256R1_SHA256", CERT_SIG_SCHEME_ECDSA_SECP256R1_SHA256},
208 {"CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384", CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384},
209 {"CERT_SIG_SCHEME_ECDSA_SECP521R1_SHA512", CERT_SIG_SCHEME_ECDSA_SECP521R1_SHA512},
210 {"CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA256", CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA256},
211 {"CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA384", CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA384},
212 {"CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA512", CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA512},
213 {"CERT_SIG_SCHEME_ED25519", CERT_SIG_SCHEME_ED25519},
214 {"CERT_SIG_SCHEME_ED448", CERT_SIG_SCHEME_ED448},
215 {"CERT_SIG_SCHEME_DSA_SHA1", CERT_SIG_SCHEME_DSA_SHA1},
216 {"CERT_SIG_SCHEME_DSA_SHA224", CERT_SIG_SCHEME_DSA_SHA224},
217 {"CERT_SIG_SCHEME_DSA_SHA256", CERT_SIG_SCHEME_DSA_SHA256},
218 {"CERT_SIG_SCHEME_DSA_SHA384", CERT_SIG_SCHEME_DSA_SHA384},
219 {"CERT_SIG_SCHEME_DSA_SHA512", CERT_SIG_SCHEME_DSA_SHA512},
220 {"CERT_SIG_SCHEME_SM2_SM3", CERT_SIG_SCHEME_SM2_SM3},
221 {"CERT_SIG_SCHEME_RSA_PSS_PSS_SHA256", CERT_SIG_SCHEME_RSA_PSS_PSS_SHA256},
222 {"CERT_SIG_SCHEME_RSA_PSS_PSS_SHA384", CERT_SIG_SCHEME_RSA_PSS_PSS_SHA384},
223 {"CERT_SIG_SCHEME_RSA_PSS_PSS_SHA512", CERT_SIG_SCHEME_RSA_PSS_PSS_SHA512},
224 {"HITLS_INVALID_SIG_TC01", 0xFFFF},
225 {"HITLS_INVALID_SIG_TC02", 0xFFFE},
226 {"test_new_sign_alg_name", 23333},
227 {"test_new_sign_alg_name_with_new_key_type", 24444},
228 };
229
230 static const HitlsConfig g_eccFormatList[] = {
231 {"HITLS_POINT_FORMAT_UNCOMPRESSED", HITLS_POINT_FORMAT_UNCOMPRESSED},
232 {"HITLS_INVALID_FORMAT_TC01", 0xFF},
233 {"HITLS_INVALID_FORMAT_TC02", 0xFE},
234 };
235
HitlsInit(void)236 int HitlsInit(void)
237 {
238 int ret;
239 ret = RegMemCallback(MEM_CALLBACK_DEFAULT);
240 ret |= RegCertCallback(CERT_CALLBACK_DEFAULT);
241 #ifdef HITLS_TLS_FEATURE_PROVIDER
242 CRYPT_EAL_ProviderRandInitCtx(NULL, CRYPT_RAND_SHA256, "provider=default", NULL, 0, NULL);
243 #else
244 CRYPT_EAL_RandInit(CRYPT_RAND_SHA256, NULL, NULL, NULL, 0);
245 HITLS_CryptMethodInit();
246 #endif
247 return ret;
248 }
249
250 #ifdef HITLS_TLS_FEATURE_PROVIDER
InitProviderLibCtx(char * providerPath,char (* providerNames)[MAX_PROVIDER_NAME_LEN],int * providerLibFmts,int providerCnt)251 static HITLS_Lib_Ctx *InitProviderLibCtx(char *providerPath, char (*providerNames)[MAX_PROVIDER_NAME_LEN],
252 int *providerLibFmts, int providerCnt)
253 {
254 int ret;
255 HITLS_Lib_Ctx *libCtx = CRYPT_EAL_LibCtxNew();
256 if (libCtx == NULL) {
257 LOG_ERROR("CRYPT_EAL_LibCtxNew Error");
258 return NULL;
259 }
260 if (providerPath != NULL && strlen(providerPath) > 0) {
261 ret = CRYPT_EAL_ProviderSetLoadPath(libCtx, providerPath);
262 if (ret != EOK) {
263 CRYPT_EAL_LibCtxFree(libCtx);
264 LOG_ERROR("CRYPT_EAL_ProviderSetLoadPath Error");
265 return NULL;
266 }
267 }
268 for (int i = 0; i < providerCnt; i++) {
269 ret = CRYPT_EAL_ProviderLoad(libCtx, (BSL_SAL_LibFmtCmd)providerLibFmts[i], providerNames[i], NULL, NULL);
270 if (ret != EOK) {
271 CRYPT_EAL_LibCtxFree(libCtx);
272 LOG_ERROR("CRYPT_EAL_ProviderLoad Error");
273 return NULL;
274 }
275 char attrName[512] = {0};
276 memcpy_s(attrName, sizeof(attrName), "provider=", strlen("provider="));
277 memcpy_s(attrName + strlen("provider="), sizeof(attrName) - strlen("provider="), providerNames[i],
278 strlen(providerNames[i]));
279 CRYPT_EAL_ProviderRandInitCtx(libCtx, CRYPT_RAND_SHA256, attrName, NULL, 0, NULL);
280 }
281 return libCtx;
282 }
283
HitlsProviderNewCtx(char * providerPath,char (* providerNames)[MAX_PROVIDER_NAME_LEN],int * providerLibFmts,int providerCnt,char * attrName,TLS_VERSION tlsVersion)284 HITLS_Config *HitlsProviderNewCtx(char *providerPath, char (*providerNames)[MAX_PROVIDER_NAME_LEN], int *providerLibFmts,
285 int providerCnt, char *attrName, TLS_VERSION tlsVersion)
286 {
287 char *tmpAttrName = NULL;
288 if (attrName != NULL && strlen(attrName) > 0) {
289 tmpAttrName = attrName;
290 }
291 HITLS_Config *hitlsConfig = NULL;
292 HITLS_Lib_Ctx *libCtx = NULL;
293 if (providerCnt > 0) {
294 libCtx = InitProviderLibCtx(providerPath, providerNames, providerLibFmts, providerCnt);
295 if (libCtx == NULL) {
296 LOG_ERROR("InitProviderLibCtx Error");
297 return NULL;
298 }
299 }
300 switch (tlsVersion) {
301 case DTLS1_2:
302 LOG_DEBUG("HiTLS New DTLS1_2 Ctx");
303 hitlsConfig = HITLS_CFG_ProviderNewDTLS12Config(libCtx, tmpAttrName);
304 break;
305 case TLS1_2:
306 LOG_DEBUG("HiTLS New TLS1_2 Ctx");
307 hitlsConfig = HITLS_CFG_ProviderNewTLS12Config(libCtx, tmpAttrName);
308 break;
309 case TLS1_3:
310 LOG_DEBUG("HiTLS New TLS1_3 Ctx");
311 hitlsConfig = HITLS_CFG_ProviderNewTLS13Config(libCtx, tmpAttrName);
312 break;
313 case TLS_ALL:
314 LOG_DEBUG("HiTLS New TLS_ALL Ctx");
315 hitlsConfig = HITLS_CFG_ProviderNewTLSConfig(libCtx, tmpAttrName);
316 break;
317 #ifdef HITLS_TLS_PROTO_TLCP11
318 case TLCP1_1:
319 LOG_DEBUG("HiTLS New TLCP1_1 Ctx");
320 hitlsConfig = HITLS_CFG_ProviderNewTLCPConfig(libCtx, tmpAttrName);
321 break;
322 #endif
323 #ifdef HITLS_TLS_PROTO_DTLCP11
324 case DTLCP1_1:
325 LOG_DEBUG("HiTLS New DTLCP1_1 Ctx");
326 hitlsConfig = HITLS_CFG_ProviderNewDTLCPConfig(libCtx, tmpAttrName);
327 break;
328 #endif
329 default:
330 /* Unknown protocol type */
331 break;
332 }
333 if (hitlsConfig == NULL) {
334 CRYPT_EAL_LibCtxFree(libCtx);
335 LOG_ERROR("HITLS Not Support This TlsVersion's ID %d", tlsVersion);
336 }
337 #ifdef HITLS_TLS_FEATURE_SECURITY
338 // Setting the security level
339 HITLS_CFG_SetSecurityLevel(hitlsConfig, HITLS_SECURITY_LEVEL_ZERO);
340 #endif /* HITLS_TLS_FEATURE_SECURITY */
341 return hitlsConfig;
342 }
343 #endif
344
HitlsNewCtx(TLS_VERSION tlsVersion)345 HITLS_Config *HitlsNewCtx(TLS_VERSION tlsVersion)
346 {
347 HITLS_Config *hitlsConfig = NULL;
348 switch (tlsVersion) {
349 #ifdef HITLS_TLS_PROTO_DTLS12
350 case DTLS1_2:
351 LOG_DEBUG("HiTLS New DTLS1_2 Ctx");
352 hitlsConfig = HITLS_CFG_NewDTLS12Config();
353 break;
354 #endif
355 #ifdef HITLS_TLS_PROTO_TLS12
356 case TLS1_2:
357 LOG_DEBUG("HiTLS New TLS1_2 Ctx");
358 hitlsConfig = HITLS_CFG_NewTLS12Config();
359 break;
360 #endif
361 #ifdef HITLS_TLS_PROTO_TLS13
362 case TLS1_3:
363 LOG_DEBUG("HiTLS New TLS1_3 Ctx");
364 hitlsConfig = HITLS_CFG_NewTLS13Config();
365 break;
366 #endif
367 #ifdef HITLS_TLS_PROTO_ALL
368 case TLS_ALL:
369 LOG_DEBUG("HiTLS New TLS_ALL Ctx");
370 hitlsConfig = HITLS_CFG_NewTLSConfig();
371 break;
372 #endif
373 #ifdef HITLS_TLS_PROTO_TLCP11
374 case TLCP1_1:
375 LOG_DEBUG("HiTLS New TLCP1_1 Ctx");
376 hitlsConfig = HITLS_CFG_NewTLCPConfig();
377 break;
378 #endif
379 #ifdef HITLS_TLS_PROTO_DTLCP11
380 case DTLCP1_1:
381 LOG_DEBUG("HiTLS New DTLCP1_1 Ctx");
382 hitlsConfig = HITLS_CFG_NewDTLCPConfig();
383 break;
384 #endif
385 default:
386 /* Unknown protocol type */
387 break;
388 }
389 if (hitlsConfig == NULL) {
390 LOG_ERROR("HITLS Not Support This TlsVersion's ID %d", tlsVersion);
391 }
392 #ifdef HITLS_TLS_FEATURE_SECURITY
393 // Setting the security level
394 HITLS_CFG_SetSecurityLevel(hitlsConfig, HITLS_SECURITY_LEVEL_ZERO);
395 #endif /* HITLS_TLS_FEATURE_SECURITY */
396 return hitlsConfig;
397 }
398
HitlsFreeCtx(void * ctx)399 void HitlsFreeCtx(void *ctx)
400 {
401 if (ctx == NULL) {
402 return;
403 }
404 HITLS_CFG_FreeConfig(ctx);
405 }
406
GetConfigVauleFromStr(const HitlsConfig * hitlsConfigList,uint32_t configSize,const char * cipherName)407 static int32_t GetConfigVauleFromStr(const HitlsConfig *hitlsConfigList, uint32_t configSize, const char *cipherName)
408 {
409 for (uint32_t i = 0; i < configSize; i++) {
410 if (strcmp(cipherName, hitlsConfigList[i].name) != 0) {
411 continue;
412 }
413 return hitlsConfigList[i].configValue;
414 }
415 return ERROR; // The cipher suite does not exist.
416 }
417
HitlsSetConfig(const HitlsConfig * hitlsConfigList,int configListSize,void * ctx,char * name,HitlsConfigType type)418 static int8_t HitlsSetConfig(const HitlsConfig *hitlsConfigList, int configListSize, void *ctx,
419 char *name, HitlsConfigType type)
420 {
421 int ret = 0;
422 char configArray[MAX_CIPHERSUITES_LEN] = {0}; // A maximum of 512 characters are supported.
423 char *token, *rest;
424 int32_t configValue;
425 uint16_t configValueArray[20] = {0}; // Currently, a maximum of 20 cipher suites are supported.
426 uint32_t configSize = 0;
427 ret = memcpy_s(configArray, sizeof(configArray), name, strlen(name));
428 ASSERT_RETURN(ret == EOK, "Memcpy Error");
429
430 configSize = 0;
431 token = strtok_s(configArray, ":", &rest);
432 do {
433 // Currently, a maximum of 20 cipher suites are supported.
434 ASSERT_RETURN(configSize < 20, "Max Support Set 20 Config");
435 configValue = GetConfigVauleFromStr(hitlsConfigList, configListSize, token);
436 ASSERT_RETURN(configValue != ERROR, "GetConfigVauleFromStr Error");
437 configValueArray[configSize] = (uint16_t)configValue;
438 token = strtok_s(NULL, ":", &rest);
439 configSize++;
440 } while (token != NULL);
441
442 switch (type) {
443 case CIPHER:
444 ret = HITLS_CFG_SetCipherSuites(ctx, configValueArray, configSize);
445 break;
446 case GROUPS:
447 ret = HITLS_CFG_SetGroups(ctx, configValueArray, configSize);
448 break;
449 case SIGNATURE:
450 ret = HITLS_CFG_SetSignature(ctx, configValueArray, configSize);
451 break;
452 case POINTFORMAT:
453 {
454 uint8_t pointformatArray[20] = {0};
455 for (uint32_t i = 0; i < configSize; i++) {
456 pointformatArray[i] = configValueArray[i];
457 }
458 ret = HITLS_CFG_SetEcPointFormats(ctx, pointformatArray, configSize);
459 break;
460 }
461 default:
462 ret = ERROR;
463 }
464
465 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetXXX Error");
466 return SUCCESS;
467 }
468
HitlsSetCtx(HITLS_Config * outCfg,HLT_Ctx_Config * inCtxCfg)469 int HitlsSetCtx(HITLS_Config *outCfg, HLT_Ctx_Config *inCtxCfg)
470 {
471 int ret = 0;
472 #ifdef HITLS_TLS_FEATURE_SESSION
473 if (inCtxCfg->setSessionCache >= 0) {
474 LOG_DEBUG("HiTLS Set SessionCache is %d", inCtxCfg->setSessionCache);
475 HITLS_CFG_SetSessionCacheMode(outCfg, inCtxCfg->setSessionCache);
476 }
477 #endif
478 #ifdef HITLS_TLS_PROTO_ALL
479 // Set the protocol version.
480 if ((inCtxCfg->minVersion != 0) && (inCtxCfg->maxVersion != 0)) {
481 LOG_DEBUG("HiTLS Set minVersion is %u maxVersion is %u", inCtxCfg->minVersion, inCtxCfg->maxVersion);
482 ret = HITLS_CFG_SetVersion(outCfg, inCtxCfg->minVersion, inCtxCfg->maxVersion);
483 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetVersion Error ERROR");
484 }
485 #endif
486 if (inCtxCfg->SupportType == SERVER_CFG_SET_TRUE) {
487 HITLS_CFG_SetCipherServerPreference(outCfg, true);
488 }
489 if (inCtxCfg->SupportType == SERVER_CFG_SET_FALSE) {
490 HITLS_CFG_SetCipherServerPreference(outCfg, false);
491 }
492 #ifdef HITLS_TLS_FEATURE_RENEGOTIATION
493 // Setting Renegotiation
494 LOG_DEBUG("HiTLS Set Support Renegotiation is %d", inCtxCfg->isSupportRenegotiation);
495 ret = HITLS_CFG_SetRenegotiationSupport(outCfg, inCtxCfg->isSupportRenegotiation);
496 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetRenegotiationSupport ERROR");
497 // Whether allow a renegotiation initiated by the client
498 LOG_DEBUG("HiTLS Set allow Client Renegotiate is %d", inCtxCfg->allowClientRenegotiate);
499 ret = HITLS_CFG_SetClientRenegotiateSupport(outCfg, inCtxCfg->allowClientRenegotiate);
500 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetClientRenegotiateSupport ERROR");
501 #endif
502 #ifdef HITLS_TLS_FEATURE_CERT_MODE
503 // Whether to enable dual-ended verification
504 LOG_DEBUG("HiTLS Set Support Client Verify is %d", inCtxCfg->isSupportClientVerify);
505 ret = HITLS_CFG_SetClientVerifySupport(outCfg, inCtxCfg->isSupportClientVerify);
506 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetClientVerifySupport ERROR");
507 LOG_DEBUG("HiTLS Set readAhead is %d", inCtxCfg->readAhead);
508 ret = HITLS_CFG_SetReadAhead(outCfg, inCtxCfg->readAhead);
509 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetReadAhead ERROR");
510
511 // Indicates whether to allow empty certificate list on the client.
512 LOG_DEBUG("HiTLS Set Support Not Client Cert is %d", inCtxCfg->isSupportNoClientCert);
513 ret = HITLS_CFG_SetNoClientCertSupport(outCfg, inCtxCfg->isSupportNoClientCert);
514 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetNoClientCertSupport ERROR");
515 #endif
516 #ifdef HITLS_TLS_FEATURE_PHA
517 // Whether to enable pha
518 LOG_DEBUG("HiTLS Set Support pha is %d", inCtxCfg->isSupportPostHandshakeAuth);
519 ret = HITLS_CFG_SetPostHandshakeAuthSupport(outCfg, inCtxCfg->isSupportPostHandshakeAuth);
520 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetPostHandshakeAuth ERROR");
521 #endif
522 // Indicates whether extended master keys are supported.
523 LOG_DEBUG("HiTLS Set Support Extend Master Secret is %d", inCtxCfg->isSupportExtendMasterSecret);
524 ret = HITLS_CFG_SetExtenedMasterSecretSupport(outCfg, inCtxCfg->isSupportExtendMasterSecret);
525 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetExtenedMasterSecretSupport ERROR");
526
527 #ifdef HITLS_TLS_CONFIG_KEY_USAGE
528 // Support CloseCheckKeyUsage
529 LOG_DEBUG("HiTLS Set CloseCheckKeyUsage is false");
530 ret = HITLS_CFG_SetCheckKeyUsage(outCfg, inCtxCfg->needCheckKeyUsage);
531 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetCheckKeyUsage ERROR");
532 #endif
533 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
534 // Indicates whether to support sessionTicket.
535 LOG_DEBUG("HiTLS Set Support SessionTicket is %d", inCtxCfg->isSupportSessionTicket);
536 ret = HITLS_CFG_SetSessionTicketSupport(outCfg, inCtxCfg->isSupportSessionTicket);
537 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetSessionTicketSupport ERROR");
538 #endif
539 #ifdef HITLS_TLS_SUITE_CIPHER_CBC
540 // Whether encrypt-then-mac is supported
541 LOG_DEBUG("HiTLS Set Support EncryptThenMac is %d", inCtxCfg->isEncryptThenMac);
542 ret = HITLS_CFG_SetEncryptThenMac(outCfg, (uint32_t)inCtxCfg->isEncryptThenMac);
543 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetEncryptThenMac ERROR");
544 #endif
545 // ECC Point Format Configuration for Asymmetric Algorithms
546 if (strncmp("NULL", inCtxCfg->pointFormats, strlen(inCtxCfg->pointFormats)) != 0) {
547 LOG_DEBUG("HiTLS Set PoinFormats is %s", inCtxCfg->pointFormats);
548 int configListSize = sizeof(g_eccFormatList) / sizeof(g_eccFormatList[0]);
549 ret = HitlsSetConfig(g_eccFormatList, configListSize, outCfg, inCtxCfg->pointFormats, POINTFORMAT);
550 ASSERT_RETURN(ret == SUCCESS, "ECC Format ERROR");
551 }
552
553 // Loading cipher suites
554 if (strncmp("NULL", inCtxCfg->cipherSuites, strlen(inCtxCfg->cipherSuites)) != 0) {
555 LOG_DEBUG("HiTLS Set CipherSuites is %s", inCtxCfg->cipherSuites);
556 int configListSize = sizeof(g_cipherSuiteList) / sizeof(g_cipherSuiteList[0]);
557 ret = HitlsSetConfig(g_cipherSuiteList, configListSize, outCfg, inCtxCfg->cipherSuites, CIPHER);
558 ASSERT_RETURN(ret == SUCCESS, "Hitls Set Cipher ERROR");
559 }
560
561 // set groups
562 if (strncmp("NULL", inCtxCfg->groups, strlen(inCtxCfg->groups)) != 0) {
563 LOG_DEBUG("HiTLS Set Groups is %s", inCtxCfg->groups);
564 int configListSize = sizeof(g_groupList) / sizeof(g_groupList[0]);
565 ret = HitlsSetConfig(g_groupList, configListSize, outCfg, inCtxCfg->groups, GROUPS);
566 ASSERT_RETURN(ret == SUCCESS, "Hitls Set Group ERROR");
567 }
568
569 // signature algorithm
570 if (strncmp("NULL", inCtxCfg->signAlgorithms, strlen(inCtxCfg->signAlgorithms)) != 0) {
571 LOG_DEBUG("HiTLS Set SignAlgorithms is %s", inCtxCfg->signAlgorithms);
572 int configListSize = sizeof(g_signatureList) / sizeof(g_signatureList[0]);
573 ret = HitlsSetConfig(g_signatureList, configListSize, outCfg, inCtxCfg->signAlgorithms, SIGNATURE);
574 ASSERT_RETURN(ret == SUCCESS, "Hitls Set Signature ERROR");
575 }
576 #ifdef HITLS_TLS_FEATURE_SNI
577 // sni
578 if (strncmp("NULL", inCtxCfg->serverName, strlen(inCtxCfg->serverName)) != 0) {
579 LOG_DEBUG("HiTLS Set ServerName is %s", inCtxCfg->serverName);
580 ret = HITLS_CFG_SetServerName(outCfg, (uint8_t *)inCtxCfg->serverName, strlen(inCtxCfg->serverName));
581 ASSERT_RETURN(ret == SUCCESS, "Hitls Set ServerName ERROR");
582 }
583 // Register the server_name function callback.
584 if (strncmp("NULL", inCtxCfg->sniDealCb, strlen(inCtxCfg->sniDealCb)) != 0) {
585 LOG_DEBUG("HiTLS Set server_name callback is %s", inCtxCfg->sniDealCb);
586 ret = HITLS_CFG_SetServerNameCb(outCfg, GetExtensionCb(inCtxCfg->sniDealCb));
587 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetServerNameCb Fail");
588 }
589
590 // Register values related to server_name.
591 if (strncmp("NULL", inCtxCfg->sniArg, strlen(inCtxCfg->sniArg)) != 0) {
592 LOG_DEBUG("HiTLS Set sniArg");
593 ret = HITLS_CFG_SetServerNameArg(outCfg, GetExampleData(inCtxCfg->sniArg));
594 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetServerNameArg Fail");
595 }
596 #endif
597 #ifdef HITLS_TLS_FEATURE_ALPN
598 // alpn
599 if (strncmp("NULL", inCtxCfg->alpnList, strlen(inCtxCfg->alpnList)) != 0) {
600 LOG_DEBUG("HiTLS Set alpnList is %s", inCtxCfg->alpnList);
601 ret = HITLS_CFG_SetAlpnProtos(outCfg, (const uint8_t *)inCtxCfg->alpnList, strlen(inCtxCfg->alpnList));
602 ASSERT_RETURN(ret == SUCCESS, "Hitls Set alpnList ERROR");
603 }
604
605 // Sets the ALPN selection callback on the server.
606 if (strncmp("NULL", inCtxCfg->alpnSelectCb, strlen(inCtxCfg->alpnSelectCb)) != 0) {
607 LOG_DEBUG("HiTLS Set ALPN callback is %s", inCtxCfg->alpnSelectCb);
608 ret = HITLS_CFG_SetAlpnProtosSelectCb(
609 outCfg, GetExtensionCb(inCtxCfg->alpnSelectCb), GetExampleData(inCtxCfg->alpnUserData));
610 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetAlpnProtosSelectCb Fail");
611 }
612 #endif
613 // Loading Certificates
614 ret = HiTLS_X509_LoadCertAndKey(outCfg, inCtxCfg->caCert, inCtxCfg->chainCert,
615 inCtxCfg->eeCert, inCtxCfg->signCert, inCtxCfg->privKey, inCtxCfg->signPrivKey);
616 ASSERT_RETURN(ret == SUCCESS, "Load cert Fail");
617 #ifdef HITLS_TLS_FEATURE_PSK
618 if (strncmp("NULL", inCtxCfg->psk, strlen(inCtxCfg->psk)) != 0) {
619 ret = ExampleSetPsk(inCtxCfg->psk);
620 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetPskClientCallback Fail");
621
622 ret = HITLS_CFG_SetPskClientCallback(outCfg, ExampleClientCb);
623 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetPskClientCallback Fail");
624
625 ret = HITLS_CFG_SetPskServerCallback(outCfg, ExampleServerCb);
626 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetPskServerCallback Fail");
627 }
628 #endif
629
630 #if defined(HITLS_TLS_FEATURE_SESSION_TICKET)
631 if (strncmp("NULL", inCtxCfg->ticketKeyCb, strlen(inCtxCfg->ticketKeyCb)) != 0) {
632 LOG_DEBUG("HiTLS Set Ticker key callback is %s", inCtxCfg->ticketKeyCb);
633 ret = HITLS_CFG_SetTicketKeyCallback(outCfg, GetTicketKeyCb(inCtxCfg->ticketKeyCb));
634 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetTicketKeyCallback Fail");
635 }
636 #endif
637 #ifdef HITLS_TLS_FEATURE_INDICATOR
638 // Load link setup callback
639 if (inCtxCfg->infoCb != NULL) {
640 LOG_DEBUG("HiTLS Set info callback");
641 ret = HITLS_CFG_SetInfoCb(outCfg, inCtxCfg->infoCb);
642 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetInfoCb Fail");
643 }
644
645 if (inCtxCfg->msgCb != NULL) {
646 LOG_DEBUG("HiTLS Set msg callback");
647 ret = HITLS_CFG_SetMsgCb(outCfg, inCtxCfg->msgCb);
648 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetMsgCb Fail");
649 }
650
651 if (inCtxCfg->msgArg != NULL) {
652 LOG_DEBUG("HiTLS Set msgArg");
653 ret = HITLS_CFG_SetMsgCbArg(outCfg, inCtxCfg->msgArg);
654 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetMsgCbArg Fail");
655 }
656 #endif
657 #ifdef HITLS_TLS_FEATURE_FLIGHT
658 // Sets whether to enable the function of sending handshake messages by flight.
659 LOG_DEBUG("HiTLS Set Support isFlightTransmitEnable is %d", inCtxCfg->isFlightTransmitEnable);
660 ret = HITLS_CFG_SetFlightTransmitSwitch(outCfg, inCtxCfg->isFlightTransmitEnable);
661 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetFlightTransmitSwitch ERROR");
662 #endif
663 #ifdef HITLS_TLS_FEATURE_SECURITY
664 // Setting the security level
665 LOG_DEBUG("HiTLS Set SecurityLevel is %d", inCtxCfg->securitylevel);
666 ret = HITLS_CFG_SetSecurityLevel(outCfg, inCtxCfg->securitylevel);
667 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetSecurityLevel ERROR");
668 #endif
669 #ifdef HITLS_TLS_CONFIG_MANUAL_DH
670 // Indicates whether the DH key length can be followed by the certificate.
671 LOG_DEBUG("HiTLS Set Support DHAuto is %d", inCtxCfg->isSupportDhAuto);
672 ret = HITLS_CFG_SetDhAutoSupport(outCfg, inCtxCfg->isSupportDhAuto);
673 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetDhAutoSupport ERROR");
674 #endif
675 #ifdef HITLS_TLS_PROTO_TLS13
676 // TLS1.3 key exchange mode
677 if (outCfg->maxVersion == HITLS_VERSION_TLS13) {
678 LOG_DEBUG("HiTLS Set keyExchMode is %u", inCtxCfg->keyExchMode);
679 ret = HITLS_CFG_SetKeyExchMode(outCfg, inCtxCfg->keyExchMode);
680 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetKeyExchMode ERROR");
681 }
682 #endif
683 #ifdef HITLS_TLS_FEATURE_CERT_MODE
684 // Set whether to enable isSupportVerifyNone;
685 LOG_DEBUG("HiTLS Set Support pha is %d", inCtxCfg->isSupportVerifyNone);
686 ret = HITLS_CFG_SetVerifyNoneSupport(outCfg, inCtxCfg->isSupportVerifyNone);
687 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetVerifyNoneSupport ERROR");
688 #endif
689 LOG_DEBUG("HiTLS Set Empty Record Number is %u", inCtxCfg->emptyRecordsNum);
690 ret = HITLS_CFG_SetEmptyRecordsNum(outCfg, inCtxCfg->emptyRecordsNum);
691 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetEmptyRecordsNum ERROR");
692
693 #ifdef HITLS_TLS_FEATURE_MODE
694 // HiTLS Set ModeSupport
695 LOG_DEBUG("HiTLS Set ModeSupport is %u", inCtxCfg->modeSupport);
696 ret = HITLS_CFG_SetModeSupport(outCfg, inCtxCfg->modeSupport);
697 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetModeSupport ERROR");
698 #endif
699
700 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
701 LOG_DEBUG("HiTLS Set allow Legacy Renegotiate is %d", inCtxCfg->allowLegacyRenegotiate);
702 ret = HITLS_CFG_SetLegacyRenegotiateSupport(outCfg, inCtxCfg->allowLegacyRenegotiate);
703 ASSERT_RETURN(ret == SUCCESS, "HITLS_CFG_SetLegacyRenegotiateSupport ERROR");
704 #endif /* defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12) */
705
706 return SUCCESS;
707 }
708
HitlsNewSsl(void * ctx)709 void *HitlsNewSsl(void *ctx)
710 {
711 return HITLS_New(ctx);
712 }
713
HitlsFreeSsl(void * ssl)714 void HitlsFreeSsl(void *ssl)
715 {
716 HITLS_Ctx *ctx = (HITLS_Ctx *)ssl;
717 #ifdef HITLS_TLS_FEATURE_PROVIDER
718 HITLS_Lib_Ctx *libCtx = LIBCTX_FROM_CTX(ctx);
719 HITLS_Free(ctx);
720 CRYPT_EAL_LibCtxFree(libCtx);
721 #else
722 HITLS_Free(ctx);
723 #endif
724 }
725
GetDefaultMethod(HILT_TransportType type)726 const BSL_UIO_Method *GetDefaultMethod(HILT_TransportType type)
727 {
728 switch (type) {
729 #ifdef HITLS_BSL_UIO_TCP
730 case TCP:
731 return TcpGetDefaultMethod();
732 #endif
733 #ifdef HITLS_BSL_UIO_UDP
734 case UDP:
735 return UdpGetDefaultMethod();
736 #endif
737 default:
738 break;
739 }
740 return NULL;
741 }
742
HitlsSetSsl(void * ssl,HLT_Ssl_Config * sslConfig)743 int HitlsSetSsl(void *ssl, HLT_Ssl_Config *sslConfig)
744 {
745 int ret;
746 if (sslConfig->SupportType == SERVER_CTX_SET_TRUE) {
747 HITLS_SetCipherServerPreference((HITLS_Ctx *)ssl, true);
748 }
749 if (sslConfig->SupportType == SERVER_CTX_SET_FALSE) {
750 HITLS_SetCipherServerPreference((HITLS_Ctx *)ssl, false);
751 }
752 HILT_TransportType type = (sslConfig->connType == NONE_TYPE) ? SCTP : sslConfig->connType;
753
754 BSL_UIO *uio = BSL_UIO_New(GetDefaultMethod(type));
755 ASSERT_RETURN(uio != NULL, "HITLS_SetUio Fail");
756
757 ret = BSL_UIO_Ctrl(uio, BSL_UIO_SET_FD, (int32_t)sizeof(sslConfig->sockFd), &sslConfig->sockFd);
758 if (ret != SUCCESS) {
759 LOG_ERROR("BSL_UIO_SET_FD Fail");
760 BSL_UIO_Free(uio);
761 return ERROR;
762 }
763
764 if (BSL_UIO_GetTransportType(uio) == BSL_UIO_UDP) {
765 BSL_SAL_SockAddr serverAddr = NULL;
766 ret = SAL_SockAddrNew(&serverAddr);
767 if (ret != BSL_SUCCESS) {
768 LOG_ERROR("SAL_SockAddrNew failed\n");
769 BSL_UIO_Free(uio);
770 return ret;
771 }
772 int32_t addrlen = (int32_t)SAL_SockAddrSize(serverAddr);
773 if (getpeername(sslConfig->sockFd, (struct sockaddr *)serverAddr, (socklen_t *)&addrlen) == 0) {
774 ret = BSL_UIO_Ctrl(uio, BSL_UIO_UDP_SET_CONNECTED, addrlen, serverAddr);
775 if (ret != HITLS_SUCCESS) {
776 LOG_ERROR("BSL_UIO_SET_PEER_IP_ADDR failed %d\n", addrlen);
777 SAL_SockAddrFree(serverAddr);
778 BSL_UIO_Free(uio);
779 return ERROR;
780 }
781 }
782 SAL_SockAddrFree(serverAddr);
783 }
784
785 BSL_UIO_SetInit(uio, 1);
786
787 ret = HITLS_SetUio(ssl, uio);
788 if (ret != SUCCESS) {
789 LOG_ERROR("HITLS_SetUio Fail");
790 BSL_UIO_Free(uio);
791 return ERROR;
792 }
793
794 // Release the UIO to prevent memory leakage.
795 BSL_UIO_Free(uio);
796 return SUCCESS;
797 }
798
HitlsAccept(void * ssl)799 int HitlsAccept(void *ssl)
800 {
801 int ret, tryNum;
802 tryNum = 0;
803 LOG_DEBUG("HiTLS Tls Accept Ing...");
804 do {
805 ret = HITLS_Accept(ssl);
806 usleep(1000); // stay 1000us
807 tryNum++;
808 } while ((ret == HITLS_REC_NORMAL_RECV_BUF_EMPTY ||
809 ret == HITLS_REC_NORMAL_IO_BUSY) &&
810 (tryNum < FUNC_TIME_OUT_SEC * 1000)); // usleep(1000) after each attemp.
811 if (ret != SUCCESS) {
812 LOG_ERROR("HITLS_Accept Error is %d", ret);
813 } else {
814 LOG_DEBUG("HiTLS Tls Accept Success");
815 }
816 return ret;
817 }
818
HitlsConnect(void * ssl)819 int HitlsConnect(void *ssl)
820 {
821 int ret, tryNum;
822 tryNum = 0;
823 LOG_DEBUG("HiTLS Tls Connect Ing...");
824 do {
825 ret = HITLS_Connect(ssl);
826 usleep(1000); // stay 1000us
827 tryNum++;
828 } while ((ret == HITLS_REC_NORMAL_RECV_BUF_EMPTY ||
829 ret == HITLS_REC_NORMAL_IO_BUSY) &&
830 (tryNum < FUNC_TIME_OUT_SEC * 1000)); // usleep(1000) after each attemp.
831 if (ret != SUCCESS) {
832 LOG_ERROR("HITLS_Connect Error is %d", ret);
833 } else {
834 LOG_DEBUG("HiTLS Tls Connect Success");
835 }
836 return ret;
837 }
838
HitlsWrite(void * ssl,uint8_t * data,uint32_t dataLen)839 int HitlsWrite(void *ssl, uint8_t *data, uint32_t dataLen)
840 {
841 int ret, tryNum;
842 LOG_DEBUG("HiTLS Write Ing...");
843 tryNum = 0;
844 uint32_t len = 0;
845 do {
846 ret = HITLS_Write(ssl, data, dataLen, &len);
847 tryNum++;
848 usleep(1000); // stay 1000us
849 } while ((ret == HITLS_REC_NORMAL_RECV_BUF_EMPTY ||
850 ret == HITLS_REC_NORMAL_IO_BUSY) &&
851 (tryNum < 4000)); // A maximum of 4000 calls
852 LOG_DEBUG("HiTLS Write Result is %d", ret);
853 return ret;
854 }
855
HitlsRead(void * ssl,uint8_t * data,uint32_t bufSize,uint32_t * readLen)856 int HitlsRead(void *ssl, uint8_t *data, uint32_t bufSize, uint32_t *readLen)
857 {
858 int ret, tryNum;
859 LOG_DEBUG("HiTLS Read Ing...");
860 tryNum = 0;
861 do {
862 ret = HITLS_Read(ssl, data, bufSize, readLen);
863 tryNum++;
864 usleep(1000); // stay 1000us
865 } while ((ret == HITLS_REC_NORMAL_RECV_BUF_EMPTY ||
866 ret == HITLS_REC_NORMAL_IO_BUSY) &&
867 (tryNum < 8000)); // A maximum of 4000 calls
868 LOG_DEBUG("HiTLS Read Result is %d", ret);
869 return ret;
870 }
871
HitlsClose(void * ctx)872 int HitlsClose(void *ctx)
873 {
874 return HITLS_Close(ctx);
875 }
876
HitlsRenegotiate(void * ssl)877 int HitlsRenegotiate(void *ssl)
878 {
879 #ifdef HITLS_TLS_FEATURE_RENEGOTIATION
880 return HITLS_Renegotiate(ssl);
881 #else
882 (void)ssl;
883 return -1;
884 #endif
885 }
886
HitlsSetMtu(void * ssl,uint16_t mtu)887 int HitlsSetMtu(void *ssl, uint16_t mtu)
888 {
889 #ifdef HITLS_TLS_PROTO_DTLS12
890 return HITLS_SetMtu(ssl, mtu);
891 #else
892 (void)ssl;
893 (void)mtu;
894 return -1;
895 #endif
896 }
897
HitlsSetSession(void * ssl,void * session)898 int HitlsSetSession(void *ssl, void *session)
899 {
900 #ifdef HITLS_TLS_FEATURE_SESSION
901 return HITLS_SetSession(ssl, session);
902 #else
903 (void)ssl;
904 (void)session;
905 return -1;
906 #endif
907 }
908
HitlsSessionReused(void * ssl)909 int HitlsSessionReused(void *ssl)
910 {
911 uint8_t isReused = 0;
912 (void)ssl;
913 #ifdef HITLS_TLS_FEATURE_SESSION
914 int32_t ret;
915 ret = HITLS_IsSessionReused(ssl, &isReused);
916 if (ret != HITLS_SUCCESS) {
917 return 0;
918 }
919 #endif
920 return (int)isReused;
921 }
922
HitlsGet1Session(void * ssl)923 void *HitlsGet1Session(void *ssl)
924 {
925 #ifdef HITLS_TLS_FEATURE_SESSION
926 return HITLS_GetDupSession(ssl);
927 #else
928 (void)ssl;
929 return NULL;
930 #endif
931 }
932
HitlsSessionHasTicket(void * session)933 int HitlsSessionHasTicket(void *session)
934 {
935 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
936 return (HITLS_SESS_HasTicket(session) ? 1 : 0);
937 #else
938 (void)session;
939 return 0;
940 #endif
941 }
942
HitlsSessionIsResumable(void * session)943 int HitlsSessionIsResumable(void *session)
944 {
945 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
946 return (HITLS_SESS_IsResumable(session) ? 1 : 0);
947 #else
948 (void)session;
949 return 0;
950 #endif
951 }
952
HitlsFreeSession(void * session)953 void HitlsFreeSession(void *session)
954 {
955 #ifdef HITLS_TLS_FEATURE_SESSION
956 HITLS_SESS_Free(session);
957 #else
958 (void)session;
959 #endif
960 }
961
HitlsGetErrorCode(void * ssl)962 int HitlsGetErrorCode(void *ssl)
963 {
964 return HITLS_GetErrorCode(ssl);
965 }