1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include <stdio.h>
17 #include <stdint.h>
18 #include <stdlib.h>
19 #include <unistd.h>
20 #include <pthread.h>
21 #include <semaphore.h>
22 #include "securec.h"
23
24 #include "logger.h"
25 #include "process.h"
26 #include "handle_cmd.h"
27 #include "hlt.h"
28 #include "tls_res.h"
29 #include "common_func.h"
30 #include "hitls_func.h"
31 #include "sctp_channel.h"
32 #include "tcp_channel.h"
33 #include "udp_channel.h"
34 #include "socket_common.h"
35 #include "cert_callback.h"
36 #include "sctp_channel.h"
37 #include "frame_tls.h"
38
39 #define DOMAIN_PATH_LEN (128)
40 #define CMD_MAX_LEN 1024
41 #define SUCCESS 0
42 #define ERROR (-1)
43
44 int g_acceptFd;
45
HLT_TlsNewCtx(TLS_VERSION tlsVersion)46 void* HLT_TlsNewCtx(TLS_VERSION tlsVersion)
47 {
48 int ret;
49 void *ctx = NULL;
50 Process *process;
51 process = GetProcess();
52 switch (process->tlsType) {
53 case HITLS:
54 ctx = HitlsNewCtx(tlsVersion);
55 break;
56 default:
57 ctx = NULL;
58 }
59 if ((process->remoteFlag == 0) && (ctx != NULL)) {
60 // If the value is LocalProcess, insert it to the CTX linked list.
61 ret = InsertCtxToList(ctx);
62 if (ret == ERROR) {
63 LOG_ERROR("InsertCtxToList ERROR");
64 return NULL;
65 }
66 }
67 return ctx;
68 }
69
70 #ifdef HITLS_TLS_FEATURE_PROVIDER
HLT_TlsProviderNewCtx(char * providerPath,char (* providerNames)[MAX_PROVIDER_NAME_LEN],int * providerLibFmts,int providerCnt,char * attrName,TLS_VERSION tlsVersion)71 void* HLT_TlsProviderNewCtx(char *providerPath, char (*providerNames)[MAX_PROVIDER_NAME_LEN], int *providerLibFmts,
72 int providerCnt, char *attrName, TLS_VERSION tlsVersion)
73 {
74 int ret;
75 void *ctx = NULL;
76 Process *process;
77 process = GetProcess();
78 switch (process->tlsType) {
79 case HITLS:
80 ctx = HitlsProviderNewCtx(providerPath, providerNames, providerLibFmts, providerCnt,
81 attrName, tlsVersion);
82 break;
83 default:
84 ctx = NULL;
85 }
86 if ((process->remoteFlag == 0) && (ctx != NULL)) {
87 // If the value is LocalProcess, insert it to the CTX linked list.
88 ret = InsertCtxToList(ctx);
89 if (ret == ERROR) {
90 LOG_ERROR("InsertCtxToList ERROR");
91 return NULL;
92 }
93 }
94 return ctx;
95 }
96 #endif
HLT_TlsNewSsl(void * ctx)97 void* HLT_TlsNewSsl(void *ctx)
98 {
99 int ret;
100 void *ssl = NULL;
101 Process *process;
102 process = GetProcess();
103 switch (process->tlsType) {
104 case HITLS:
105 LOG_DEBUG("Hitls New Ssl");
106 ssl = HitlsNewSsl(ctx);
107 break;
108 default:
109 ssl = NULL;
110 }
111 if ((process->remoteFlag == 0) && (ssl != NULL)) {
112 // If the value is LocalProcess, insert it to the SSL linked list.
113 ret = InsertSslToList(ctx, ssl);
114 if (ret == ERROR) {
115 LOG_ERROR("InsertSslToList ERROR");
116 return NULL;
117 }
118 }
119 return ssl;
120 }
121
HLT_TlsSetCtx(void * ctx,HLT_Ctx_Config * ctxConfig)122 int HLT_TlsSetCtx(void *ctx, HLT_Ctx_Config *ctxConfig)
123 {
124 int ret;
125 Process *process = GetProcess();
126 switch (process->tlsType) {
127 case HITLS:
128 LOG_DEBUG("HiTLS Set Ctx's Config");
129 ret = HitlsSetCtx(ctx, ctxConfig);
130 break;
131 default:
132 ret = ERROR;
133 }
134 return ret;
135 }
136
HLT_TlsSetSsl(void * ssl,HLT_Ssl_Config * sslConfig)137 int HLT_TlsSetSsl(void *ssl, HLT_Ssl_Config *sslConfig)
138 {
139 int ret = ERROR;
140 Process *process = GetProcess();
141 switch (process->tlsType) {
142 case HITLS:
143 LOG_DEBUG("HiTLS Set Ssl's Config");
144 ret = HitlsSetSsl(ssl, sslConfig);
145 break;
146 default:
147 LOG_DEBUG("Unknown tls type");
148 break;
149 }
150 return ret;
151 }
152
153 // listen non-blocking interface
HLT_TlsListen(void * ssl)154 unsigned long int HLT_TlsListen(void *ssl)
155 {
156 (void)ssl;
157 Process *process = GetProcess();
158 switch (process->tlsType) {
159 case HITLS : {
160 return ERROR; // Hitls does not support the listen function.
161 }
162 default:
163 return ERROR;
164 }
165 }
166
167 // listen blocking interface
HLT_TlsListenBlock(void * ssl)168 int HLT_TlsListenBlock(void* ssl)
169 {
170 (void)ssl;
171 Process *process = GetProcess();
172 switch (process->tlsType) {
173 case HITLS : return ERROR; // Hitls does not support the listen function.
174 default:
175 return ERROR;
176 }
177 }
178
179 // Non-blocking interface
HLT_TlsAccept(void * ssl)180 unsigned long int HLT_TlsAccept(void *ssl)
181 {
182 (void)ssl;
183 unsigned long int ret = ERROR;
184 Process *process = GetProcess();
185 pthread_t t_id;
186 switch (process->tlsType) {
187 case HITLS :
188 ret = pthread_create(&t_id, NULL, (void*)HitlsAccept, (void*)ssl);
189 break;
190 default:
191 break;
192 }
193
194 if (ret != 0) {
195 return ret;
196 }
197 return t_id;
198 }
199
HLT_TlsAcceptBlock(void * ssl)200 int HLT_TlsAcceptBlock(void *ssl)
201 {
202 Process *process;
203 process = GetProcess();
204 switch (process->tlsType) {
205 case HITLS:
206 return HitlsAccept(ssl);
207 default:
208 return ERROR;
209 }
210 }
211
HLT_GetTlsAcceptResultFromId(unsigned long int threadId)212 int HLT_GetTlsAcceptResultFromId(unsigned long int threadId)
213 {
214 pthread_join(threadId, NULL);
215 return SUCCESS;
216 }
217
HLT_GetTlsAcceptResult(HLT_Tls_Res * tlsRes)218 int HLT_GetTlsAcceptResult(HLT_Tls_Res* tlsRes)
219 {
220 int ret;
221 if (tlsRes->acceptId <= 0) {
222 LOG_ERROR("This Res Has Not acceptId");
223 return ERROR;
224 }
225 if (tlsRes->ctx == NULL) {
226 // Indicates that the remote process accepts the request.
227 ret = HLT_RpcGetTlsAcceptResult(tlsRes->acceptId);
228 } else {
229 // Indicates that the local process accepts the request.
230 pthread_join(tlsRes->acceptId, NULL);
231 tlsRes->acceptId = 0;
232 return SUCCESS;
233 }
234 tlsRes->acceptId = 0;
235 return ret;
236 }
237
HLT_TlsConnect(void * ssl)238 int HLT_TlsConnect(void *ssl)
239 {
240 Process *process;
241 process = GetProcess();
242 switch (process->tlsType) {
243 case HITLS:
244 return HitlsConnect(ssl);
245 default:
246 return ERROR;
247 }
248 }
249
HLT_TlsWrite(void * ssl,uint8_t * data,uint32_t dataLen)250 int HLT_TlsWrite(void *ssl, uint8_t *data, uint32_t dataLen)
251 {
252 Process *process;
253 process = GetProcess();
254 switch (process->tlsType) {
255 case HITLS : {
256 LOG_DEBUG("Hitls Write Ing...");
257 return HitlsWrite(ssl, data, dataLen);
258 }
259 default:
260 return ERROR;
261 }
262 }
263
HLT_TlsRead(void * ssl,uint8_t * data,uint32_t bufSize,uint32_t * readLen)264 int HLT_TlsRead(void *ssl, uint8_t *data, uint32_t bufSize, uint32_t *readLen)
265 {
266 Process *process;
267 process = GetProcess();
268
269 switch (process->tlsType) {
270 case HITLS: {
271 LOG_DEBUG("Hitls Read Ing...");
272 return HitlsRead(ssl, data, bufSize, readLen);
273 }
274 default:
275 return ERROR;
276 }
277 }
278
HLT_TlsRenegotiate(void * ssl)279 int HLT_TlsRenegotiate(void *ssl)
280 {
281 Process *process;
282 process = GetProcess();
283 switch (process->tlsType) {
284 case HITLS:
285 return HitlsRenegotiate(ssl);
286 default:
287 return ERROR;
288 }
289 }
290
HLT_TlsVerifyClientPostHandshake(void * ssl)291 int HLT_TlsVerifyClientPostHandshake(void *ssl)
292 {
293 #ifdef HITLS_TLS_FEATURE_PHA
294 Process *process;
295 process = GetProcess();
296 switch (process->tlsType) {
297 case HITLS: return HITLS_VerifyClientPostHandshake(ssl);
298 default:
299 return ERROR;
300 }
301 #else
302 (void)ssl;
303 #endif
304 return ERROR;
305 }
306
HLT_TlsClose(void * ssl)307 int HLT_TlsClose(void *ssl)
308 {
309 Process *process;
310 process = GetProcess();
311 switch (process->tlsType) {
312 case HITLS: return HitlsClose(ssl);
313 default:
314 return ERROR;
315 }
316 }
317
HLT_TlsSetSession(void * ssl,void * session)318 int HLT_TlsSetSession(void *ssl, void *session)
319 {
320 Process *process;
321 process = GetProcess();
322 switch (process->tlsType) {
323 case HITLS: return (HitlsSetSession(ssl, session) == 0) ? 1 : 0;
324 default:
325 return ERROR;
326 }
327 }
328
HLT_TlsSessionReused(void * ssl)329 int HLT_TlsSessionReused(void *ssl)
330 {
331 Process *process;
332 process = GetProcess();
333 switch (process->tlsType) {
334 case HITLS:
335 return HitlsSessionReused(ssl);
336 default:
337 return ERROR;
338 }
339 }
340
HLT_TlsGet1Session(void * ssl)341 void *HLT_TlsGet1Session(void *ssl)
342 {
343 Process *process;
344 process = GetProcess();
345 switch (process->tlsType) {
346 case HITLS:
347 return HitlsGet1Session(ssl);
348 default:
349 return NULL;
350 }
351 }
352
HLT_SetSessionCacheMode(HLT_Ctx_Config * config,HITLS_SESS_CACHE_MODE mode)353 int32_t HLT_SetSessionCacheMode(HLT_Ctx_Config* config, HITLS_SESS_CACHE_MODE mode)
354 {
355 config->setSessionCache = mode;
356 return SUCCESS;
357 }
358
HLT_SetSessionTicketSupport(HLT_Ctx_Config * config,bool issupport)359 int32_t HLT_SetSessionTicketSupport(HLT_Ctx_Config* config, bool issupport)
360 {
361 config->isSupportSessionTicket = issupport;
362 return SUCCESS;
363 }
364
HLT_TlsSessionHasTicket(void * session)365 int HLT_TlsSessionHasTicket(void *session)
366 {
367 Process *process;
368 process = GetProcess();
369 switch (process->tlsType) {
370 case HITLS:
371 return HitlsSessionHasTicket(session);
372 default:
373 return ERROR;
374 }
375 }
376
HLT_TlsSessionIsResumable(void * session)377 int HLT_TlsSessionIsResumable(void *session)
378 {
379 Process *process;
380 process = GetProcess();
381 switch (process->tlsType) {
382 case HITLS:
383 return HitlsSessionIsResumable(session);
384 default:
385 return ERROR;
386 }
387 }
388
HLT_TlsFreeSession(void * session)389 void HLT_TlsFreeSession(void *session)
390 {
391 Process *process;
392 process = GetProcess();
393 switch (process->tlsType) {
394 case HITLS:
395 HitlsFreeSession(session);
396 break;
397 default:
398 break;
399 }
400 }
401
RunDataChannelBind(void * param)402 int RunDataChannelBind(void *param)
403 {
404 int sockFd = -1;
405 LOG_DEBUG("RunDataChannelBind Ing...\n");
406 DataChannelParam *channelParam = (DataChannelParam*)param;
407 switch (channelParam->type) {
408 #ifdef HITLS_BSL_UIO_TCP
409 case TCP: sockFd = TcpBind(channelParam->port); break;
410 #endif
411 #ifdef HITLS_BSL_UIO_UDP
412 case UDP: sockFd = UdpBind(channelParam->port); break;
413 #endif
414 default:
415 return ERROR;
416 }
417 struct sockaddr_in add;
418 socklen_t len = sizeof(add);
419 getsockname(sockFd, (struct sockaddr *)&add, &len);
420 channelParam->port = ntohs(add.sin_port);
421 channelParam->bindFd = sockFd;
422 g_acceptFd = sockFd;
423 return sockFd;
424 }
425
RunDataChannelAccept(void * param)426 int RunDataChannelAccept(void *param)
427 {
428 int sockFd = -1;
429 LOG_DEBUG("RunDataChannelAccept Ing...\n");
430 DataChannelParam *channelParam = (DataChannelParam *)param;
431 switch (channelParam->type) {
432 #ifdef HITLS_BSL_UIO_TCP
433 case TCP:
434 sockFd = TcpAccept(channelParam->ip, channelParam->bindFd, channelParam->isBlock, true);
435 break;
436 #endif
437 #ifdef HITLS_BSL_UIO_UDP
438 case UDP:
439 sockFd = UdpAccept(channelParam->ip, channelParam->bindFd, channelParam->isBlock, false);
440 #endif
441 break;
442 default:
443 return ERROR;
444 }
445 g_acceptFd = sockFd;
446 return sockFd;
447 }
448
HLT_DataChannelAccept(DataChannelParam * channelParam)449 pthread_t HLT_DataChannelAccept(DataChannelParam *channelParam)
450 {
451 pthread_t t_id;
452 if (pthread_create(&t_id, NULL, (void*)RunDataChannelAccept, (void*)channelParam) != 0) {
453 LOG_ERROR("Create Thread HLT_RpcDataChannelAccept Error ...");
454 return 0;
455 }
456 return t_id;
457 }
458
HLT_DataChannelBind(DataChannelParam * channelParam)459 int HLT_DataChannelBind(DataChannelParam *channelParam)
460 {
461 return RunDataChannelBind(channelParam);
462 }
463
464
HLT_DataChannelConnect(DataChannelParam * dstChannelParam)465 int HLT_DataChannelConnect(DataChannelParam *dstChannelParam)
466 {
467 switch (dstChannelParam->type) {
468 #ifdef HITLS_BSL_UIO_TCP
469 case TCP: return TcpConnect(dstChannelParam->ip, dstChannelParam->port);
470 #endif
471 #ifdef HITLS_BSL_UIO_UDP
472 case UDP: return UdpConnect(dstChannelParam->ip, dstChannelParam->port);
473 #endif
474 default:
475 return ERROR;
476 }
477 return ERROR;
478 }
479
HLT_GetAcceptFd(pthread_t threadId)480 int HLT_GetAcceptFd(pthread_t threadId)
481 {
482 pthread_join(threadId, NULL);
483 return g_acceptFd;
484 }
485
HLT_CreateDataChannel(HLT_Process * process1,HLT_Process * process2,DataChannelParam channelParam)486 HLT_FD HLT_CreateDataChannel(HLT_Process *process1, HLT_Process *process2, DataChannelParam channelParam)
487 {
488 int acceptId;
489 int bindFd;
490 unsigned long int pthreadId;
491 HLT_FD sockFd;
492 char *userPort = getenv("FIXED_PORT");
493 if (userPort == NULL) {
494 channelParam.port = 0; // The system randomly allocates available ports.
495 }
496
497 if (process2->remoteFlag == 1) {
498 bindFd = HLT_RpcDataChannelBind(process2, &channelParam);
499 } else {
500 bindFd = HLT_DataChannelBind(&channelParam);
501 }
502 channelParam.bindFd = bindFd;
503 // Start Accept again.
504 if (process2->remoteFlag == 1) {
505 acceptId = HLT_RpcDataChannelAccept(process2, &channelParam);
506 } else {
507 pthreadId = HLT_DataChannelAccept(&channelParam);
508 }
509
510 // In Connect
511 if (process1->remoteFlag == 1) {
512 sockFd.srcFd = HLT_RpcDataChannelConnect(process1, &channelParam);
513 } else {
514 sockFd.srcFd = HLT_DataChannelConnect(&channelParam);
515 }
516
517 if (process2->remoteFlag == 1) {
518 if (sockFd.srcFd > 0) {
519 // Indicates that the CONNECT is successful.
520 sockFd.peerFd = HLT_RpcGetAcceptFd(acceptId);
521 } else {
522 sockFd.peerFd = -1;
523 }
524 } else {
525 if (sockFd.srcFd > 0) {
526 // Indicates that the CONNECT is successful.
527 sockFd.peerFd = HLT_GetAcceptFd(pthreadId);
528 sockFd.sockAddr = channelParam.sockAddr;
529 sockFd.connPort = channelParam.port;
530 } else {
531 // If the SCTP link fails to be established, delete the thread to avoid congestion.
532 pthread_cancel(pthreadId);
533 pthread_join(pthreadId, NULL);
534 }
535 }
536
537 return sockFd;
538 }
539
HLT_CloseFd(int fd,int linkType)540 void HLT_CloseFd(int fd, int linkType)
541 {
542 switch (linkType) {
543 #ifdef HITLS_BSL_UIO_TCP
544 case TCP: TcpClose(fd); break;
545 #endif
546 #ifdef HITLS_BSL_UIO_UDP
547 case UDP: UdpClose(fd); break;
548 #endif
549 default:
550 /* Unknown fd type */
551 break;
552 }
553 }
554
HLT_NewCtxConfigTLCP(char * setFile,const char * key,bool isClient)555 HLT_Ctx_Config* HLT_NewCtxConfigTLCP(char *setFile, const char *key, bool isClient)
556 {
557 (void)setFile;
558 Process *localProcess;
559
560 HLT_Ctx_Config *ctxConfig = (HLT_Ctx_Config*)calloc(sizeof(HLT_Ctx_Config), 1u);
561 if (ctxConfig == NULL) {
562 return NULL;
563 }
564 ctxConfig->isSupportRenegotiation = false;
565 ctxConfig->allowClientRenegotiate = false;
566 ctxConfig->allowLegacyRenegotiate = false;
567 ctxConfig->isSupportClientVerify = false;
568 ctxConfig->isSupportNoClientCert = false;
569 ctxConfig->isSupportExtendMasterSecret = false;
570 ctxConfig->isClient = isClient;
571 ctxConfig->setSessionCache = 2;
572 HLT_SetGroups(ctxConfig, "NULL");
573 HLT_SetCipherSuites(ctxConfig, "NULL");
574 HLT_SetTls13CipherSuites(ctxConfig, "NULL");
575 HLT_SetSignature(ctxConfig, "NULL");
576 HLT_SetEcPointFormats(ctxConfig, "NULL");
577 HLT_SetPassword(ctxConfig, "NULL");
578 HLT_SetPsk(ctxConfig, "NULL");
579 HLT_SetTicketKeyCb(ctxConfig, "NULL");
580
581 if (strncmp("SERVER", key, strlen(key)) == 0) {
582 HLT_SetCertPath(ctxConfig, SM2_VERIFY_PATH, SM2_CHAIN_PATH, SM2_SERVER_ENC_CERT_PATH, SM2_SERVER_ENC_KEY_PATH,
583 SM2_SERVER_SIGN_CERT_PATH, SM2_SERVER_SIGN_KEY_PATH);
584 } else if (strncmp("CLIENT", key, strlen(key)) == 0) {
585 HLT_SetCertPath(ctxConfig, SM2_VERIFY_PATH, SM2_CHAIN_PATH, SM2_CLIENT_ENC_CERT_PATH, SM2_CLIENT_ENC_KEY_PATH,
586 SM2_CLIENT_SIGN_CERT_PATH, SM2_CLIENT_SIGN_KEY_PATH);
587 } else {
588 free(ctxConfig);
589 ctxConfig = NULL;
590 return NULL;
591 }
592 // Store CTX configuration resources and release them later.
593 localProcess = GetProcess();
594 localProcess->tlsResArray[localProcess->tlsResNum] = ctxConfig;
595 localProcess->tlsResNum++;
596 return ctxConfig;
597 }
598
HLT_NewCtxConfig(char * setFile,const char * key)599 HLT_Ctx_Config* HLT_NewCtxConfig(char *setFile, const char *key)
600 {
601 (void)setFile;
602 HLT_Ctx_Config *ctxConfig;
603 Process *localProcess;
604
605 ctxConfig = (HLT_Ctx_Config*)malloc(sizeof(HLT_Ctx_Config));
606 if (ctxConfig == NULL) {
607 return NULL;
608 }
609
610 (void)memset_s(ctxConfig, sizeof(HLT_Ctx_Config), 0, sizeof(HLT_Ctx_Config));
611 ctxConfig->needCheckKeyUsage = false;
612 ctxConfig->isSupportRenegotiation = false;
613 ctxConfig->allowClientRenegotiate = false;
614 ctxConfig->allowLegacyRenegotiate = false;
615 ctxConfig->isSupportClientVerify = false;
616 ctxConfig->isSupportNoClientCert = false;
617 ctxConfig->isSupportVerifyNone = false;
618 ctxConfig->isSupportPostHandshakeAuth = false;
619 ctxConfig->isSupportExtendMasterSecret = true;
620 ctxConfig->isSupportSessionTicket = false;
621 ctxConfig->isSupportDhAuto = true;
622 ctxConfig->isEncryptThenMac = true;
623 ctxConfig->keyExchMode = TLS13_KE_MODE_PSK_WITH_DHE;
624 ctxConfig->setSessionCache = HITLS_SESS_CACHE_SERVER;
625 ctxConfig->mtu = 0;
626 ctxConfig->infoCb = NULL;
627 ctxConfig->securitylevel = HITLS_SECURITY_LEVEL_ZERO;
628 ctxConfig->SupportType = 0;
629 ctxConfig->readAhead = 1;
630 ctxConfig->emptyRecordsNum = 32;
631 HLT_SetGroups(ctxConfig, "NULL");
632 HLT_SetCipherSuites(ctxConfig, "NULL");
633 HLT_SetTls13CipherSuites(ctxConfig, "NULL");
634 HLT_SetSignature(ctxConfig, "NULL");
635 HLT_SetEcPointFormats(ctxConfig, "HITLS_POINT_FORMAT_UNCOMPRESSED");
636 HLT_SetPassword(ctxConfig, "NULL");
637 HLT_SetPsk(ctxConfig, "NULL");
638 HLT_SetTicketKeyCb(ctxConfig, "NULL");
639 HLT_SetServerName(ctxConfig, "NULL");
640 HLT_SetServerNameCb(ctxConfig, "NULL");
641 HLT_SetServerNameArg(ctxConfig, "NULL");
642 HLT_SetAlpnProtos(ctxConfig, "NULL");
643 HLT_SetAlpnProtosSelectCb(ctxConfig, "NULL", "NULL");
644
645 if (strncmp("SERVER", key, strlen(key)) == 0) {
646 HLT_SetCertPath(ctxConfig, ECDSA_SHA256_CA_PATH,
647 ECDSA_SHA256_CHAIN_PATH, ECDSA_SHA256_EE_PATH1, ECDSA_SHA256_PRIV_PATH1, "NULL", "NULL");
648 } else if (strncmp("CLIENT", key, strlen(key)) == 0) {
649 HLT_SetCertPath(ctxConfig, ECDSA_SHA256_CA_PATH,
650 ECDSA_SHA256_CHAIN_PATH, ECDSA_SHA256_EE_PATH2, ECDSA_SHA256_PRIV_PATH2, "NULL", "NULL");
651 } else {
652 free(ctxConfig);
653 ctxConfig = NULL;
654 return NULL;
655 }
656 // Store CTX configuration resources and release them later.
657 localProcess = GetProcess();
658 localProcess->tlsResArray[localProcess->tlsResNum] = ctxConfig;
659 localProcess->tlsResNum++;
660 return ctxConfig;
661 }
662
HLT_NewSslConfig(char * setFile)663 HLT_Ssl_Config *HLT_NewSslConfig(char *setFile)
664 {
665 (void)setFile;
666 HLT_Ssl_Config *sslConfig;
667 Process *localProcess;
668
669 sslConfig = (HLT_Ssl_Config*)malloc(sizeof(HLT_Ssl_Config));
670 if (sslConfig == NULL) {
671 return NULL;
672 }
673
674 (void)memset_s(sslConfig, sizeof(HLT_Ssl_Config), 0, sizeof(HLT_Ssl_Config));
675
676 // Store SSL configuration resources and release them later.
677 localProcess = GetProcess();
678 localProcess->tlsResArray[localProcess->tlsResNum] = sslConfig;
679 localProcess->tlsResNum++;
680 return sslConfig;
681 }
682
HLT_LibraryInit(TLS_TYPE tlsType)683 int HLT_LibraryInit(TLS_TYPE tlsType)
684 {
685 switch (tlsType) {
686 case HITLS: return HitlsInit(); break;
687 default:
688 /* Unknown type */
689 break;
690 }
691 return ERROR;
692 }
693
HLT_TlsRegCallback(TlsCallbackType type)694 int HLT_TlsRegCallback(TlsCallbackType type)
695 {
696 switch (type) {
697 case HITLS_CALLBACK_DEFAULT:
698 FRAME_Init();
699 break;
700 default:
701 return SUCCESS;
702 }
703 return SUCCESS;
704 }
705
HLT_FreeAllProcess(void)706 void HLT_FreeAllProcess(void)
707 {
708 int ret;
709 HLT_Tls_Res* tlsRes;
710 Process *remoteProcess;
711 Process *localProcess = GetProcess();
712
713 if (localProcess == NULL) {
714 return;
715 }
716
717 if (localProcess->remoteFlag != 0) {
718 LOG_ERROR("Only Local Process Can Call HLT_FreeAllProcess");
719 return;
720 }
721
722 // Clearing HLT_Tls_Res and Threads
723 for (int i = 0; i < localProcess->hltTlsResNum; i++) {
724 tlsRes = localProcess->hltTlsResArray[i];
725 if ((tlsRes->acceptId > 0) && (tlsRes->ctx != NULL)) {
726 pthread_join(tlsRes->acceptId, NULL);
727 }
728 free(tlsRes);
729 }
730
731 // Sends a signal for the peer process to exit.
732 remoteProcess = GetProcessFromList();
733 while (remoteProcess != NULL) {
734 ret = HLT_RpcProcessExit(remoteProcess);
735 if (ret != SUCCESS) {
736 LOG_ERROR("HLT_RpcProcessExit Error");
737 }
738 free(remoteProcess);
739 remoteProcess = GetProcessFromList();
740 }
741
742 // Clearing Local Resources
743 // Clearing Ports
744 if (localProcess->connFd > 0) {
745 close(localProcess->connFd);
746 }
747 // Clear the TlsRes linked list.
748 FreeTlsResList();
749 // Clear CTX SSL configuration resources.
750 for (int i = 0; i < localProcess->tlsResNum; i++) {
751 free(localProcess->tlsResArray[i]);
752 }
753 // Clear the linked list of the remote process.
754 FreeProcessResList();
755 // Clear local control connection resources
756 FreeControlChannelRes();
757 // Clear local processes.
758 FreeProcess();
759 return;
760 }
761
HLT_FreeResFromSsl(const void * ssl)762 int HLT_FreeResFromSsl(const void *ssl)
763 {
764 return FreeResFromSsl(ssl);
765 }
766
LocalProcessTlsInit(HLT_Process * process,TLS_VERSION tlsVersion,HLT_Ctx_Config * ctxConfig,HLT_Ssl_Config * sslConfig,HLT_Tls_Res * tlsRes)767 static int LocalProcessTlsInit(HLT_Process *process, TLS_VERSION tlsVersion,
768 HLT_Ctx_Config *ctxConfig, HLT_Ssl_Config *sslConfig, HLT_Tls_Res *tlsRes)
769 {
770 void *ctx, *ssl;
771 #ifdef HITLS_TLS_FEATURE_PROVIDER
772 ctx = HLT_TlsProviderNewCtx(ctxConfig->providerPath, ctxConfig->providerNames, ctxConfig->providerLibFmts,
773 ctxConfig->providerCnt, ctxConfig->attrName, tlsVersion);
774 #else
775 ctx = HLT_TlsNewCtx(tlsVersion);
776 #endif
777 if (ctx == NULL) {
778 LOG_ERROR("HLT_TlsNewCtx or HLT_TlsProviderNewCtx ERROR");
779 return ERROR;
780 }
781 if (HLT_TlsSetCtx(ctx, ctxConfig) != SUCCESS) {
782 LOG_ERROR("HLT_TlsSetCtx ERROR");
783 return ERROR;
784 }
785 ssl = HLT_TlsNewSsl(ctx);
786 if (ssl == NULL) {
787 LOG_ERROR("HLT_TlsNewSsl ERROR");
788 return ERROR;
789 }
790 // When FD is 0, the default configuration is used.
791 if (sslConfig->sockFd == 0) {
792 sslConfig->sockAddr = process->sockAddr;
793 sslConfig->sockFd = process->connFd;
794 sslConfig->connType = process->connType;
795 }
796 if (HLT_TlsSetSsl(ssl, sslConfig) != SUCCESS) {
797 LOG_ERROR("HLT_TlsSetSsl ERROR");
798 return ERROR;
799 }
800 if (ctxConfig->mtu > 0) {
801 if (HLT_TlsSetMtu(ssl, ctxConfig->mtu) != SUCCESS) {
802 LOG_ERROR("HLT_TlsSetMtu ERROR");
803 return ERROR;
804 }
805 }
806 tlsRes->ctx = ctx;
807 tlsRes->ssl = ssl;
808 tlsRes->ctxId = -1; // -1 indicates that the field is discarded.
809 tlsRes->sslId = -1; // -1 indicates that the field is discarded.
810 return SUCCESS;
811 }
812
RemoteProcessTlsInit(HLT_Process * process,TLS_VERSION tlsVersion,HLT_Ctx_Config * ctxConfig,HLT_Ssl_Config * sslConfig,HLT_Tls_Res * tlsRes)813 static int RemoteProcessTlsInit(HLT_Process *process, TLS_VERSION tlsVersion,
814 HLT_Ctx_Config *ctxConfig, HLT_Ssl_Config *sslConfig, HLT_Tls_Res *tlsRes)
815 {
816 int ctxId;
817 int sslId;
818 #ifdef HITLS_TLS_FEATURE_PROVIDER
819 ctxId = HLT_RpcProviderTlsNewCtx(process, tlsVersion, ctxConfig->isClient, ctxConfig->providerPath,
820 ctxConfig->providerNames, ctxConfig->providerLibFmts, ctxConfig->providerCnt, ctxConfig->attrName);
821 #else
822 ctxId = HLT_RpcTlsNewCtx(process, tlsVersion, ctxConfig->isClient);
823 #endif
824 if (ctxId < 0) {
825 LOG_ERROR("HLT_RpcTlsNewCtx ERROR");
826 return ERROR;
827 }
828 if (HLT_RpcTlsSetCtx(process, ctxId, ctxConfig) != SUCCESS) {
829 LOG_ERROR("HLT_RpcTlsSetCtx ERROR");
830 return ERROR;
831 }
832 sslId = HLT_RpcTlsNewSsl(process, ctxId);
833 if (sslId < 0) {
834 LOG_ERROR("HLT_RpcTlsNewSsl ERROR");
835 return ERROR;
836 }
837 // When FD is 0, the default configuration is used.
838 if (sslConfig->sockFd == 0) {
839 sslConfig->connPort = process->connPort;
840 sslConfig->sockFd = process->connFd;
841 sslConfig->connType = process->connType;
842 }
843 if (HLT_RpcTlsSetSsl(process, sslId, sslConfig) != SUCCESS) {
844 LOG_ERROR("HLT_RpcTlsSetSsl ERROR");
845 return ERROR;
846 }
847 if (ctxConfig->mtu > 0) {
848 if (HLT_RpcTlsSetMtu(process, sslId, ctxConfig->mtu) != SUCCESS) {
849 LOG_ERROR("HLT_RpcTlsSetMtu ERROR");
850 return ERROR;
851 }
852 }
853
854 tlsRes->ctx = NULL;
855 tlsRes->ssl = NULL;
856 tlsRes->ctxId = ctxId;
857 tlsRes->sslId = sslId;
858 return SUCCESS;
859 }
860
HLT_ProcessTlsInit(HLT_Process * process,TLS_VERSION tlsVersion,HLT_Ctx_Config * ctxConfig,HLT_Ssl_Config * sslConfig)861 HLT_Tls_Res *HLT_ProcessTlsInit(HLT_Process *process, TLS_VERSION tlsVersion,
862 HLT_Ctx_Config *ctxConfig, HLT_Ssl_Config *sslConfig)
863 {
864 int ret;
865 HLT_Tls_Res *tlsRes = (HLT_Tls_Res*)malloc(sizeof(HLT_Tls_Res));
866 if (tlsRes == NULL) {
867 LOG_ERROR("Malloc TlsRes ERROR");
868 return NULL;
869 }
870
871 // Checking Configuration Parameters
872 if (ctxConfig == NULL) {
873 ctxConfig = HLT_NewCtxConfig(NULL, "SERVER");
874 }
875 if (sslConfig == NULL) {
876 sslConfig = HLT_NewSslConfig(NULL);
877 }
878 if ((ctxConfig == NULL) || (sslConfig == NULL)) {
879 LOG_ERROR("ctxConfig or sslConfig is NULL");
880 goto ERR;
881 }
882 sslConfig->SupportType = ctxConfig->SupportType;
883 // Check whether the call is invoked by the local process or by the RPC.
884 if (process->remoteFlag == 0) {
885 ret = LocalProcessTlsInit(process, tlsVersion, ctxConfig, sslConfig, tlsRes);
886 if (ret == ERROR) {
887 LOG_ERROR("LocalProcessTlsInit ERROR");
888 goto ERR;
889 }
890 } else {
891 ret = RemoteProcessTlsInit(process, tlsVersion, ctxConfig, sslConfig, tlsRes);
892 if (ret == ERROR) {
893 LOG_ERROR("RemoteProcessTlsInit ERROR");
894 goto ERR;
895 }
896 }
897 // The configuration resources of the HLT_Tls_Res table are stored and will be released later.
898 Process *localProcess = GetProcess();
899 tlsRes->acceptId = 0;
900 localProcess->hltTlsResArray[localProcess->hltTlsResNum] = tlsRes;
901 localProcess->hltTlsResNum++;
902 return tlsRes;
903 ERR:
904 free(tlsRes);
905 return NULL;
906 }
907
HLT_TlsSetMtu(void * ssl,uint16_t mtu)908 int HLT_TlsSetMtu(void *ssl, uint16_t mtu)
909 {
910 Process *process;
911 process = GetProcess();
912 switch (process->tlsType) {
913 case HITLS:
914 return HitlsSetMtu(ssl, mtu);
915 default:
916 break;
917 }
918 return ERROR;
919 }
920
HLT_TlsGetErrorCode(void * ssl)921 int HLT_TlsGetErrorCode(void *ssl)
922 {
923 return HitlsGetErrorCode(ssl);
924 }
925
HLT_ProcessTlsAccept(HLT_Process * process,TLS_VERSION tlsVersion,HLT_Ctx_Config * ctxConfig,HLT_Ssl_Config * sslConfig)926 HLT_Tls_Res* HLT_ProcessTlsAccept(HLT_Process *process, TLS_VERSION tlsVersion,
927 HLT_Ctx_Config *ctxConfig, HLT_Ssl_Config *sslConfig)
928 {
929 unsigned long int acceptId;
930
931 HLT_Tls_Res *tlsRes = NULL;
932
933 tlsRes = HLT_ProcessTlsInit(process, tlsVersion, ctxConfig, sslConfig);
934 if (tlsRes == NULL) {
935 LOG_ERROR("HLT_ProcessTlsInit ERROR");
936 return NULL;
937 }
938 // Check whether the call is invoked by the local process or by the RPC.
939 if (process->remoteFlag == 0) {
940 acceptId = HLT_TlsAccept(tlsRes->ssl);
941 if (acceptId == (unsigned long int)ERROR) {
942 LOG_ERROR("HLT_TlsAccept ERROR");
943 return NULL;
944 }
945 } else {
946 acceptId = HLT_RpcTlsAccept(process, tlsRes->sslId);
947 if (acceptId == (unsigned long int)ERROR) {
948 LOG_ERROR("HLT_TlsAccept ERROR");
949 return NULL;
950 }
951 }
952 tlsRes->acceptId = acceptId;
953 return tlsRes;
954 }
955
HLT_ProcessTlsConnect(HLT_Process * process,TLS_VERSION tlsVersion,HLT_Ctx_Config * ctxConfig,HLT_Ssl_Config * sslConfig)956 HLT_Tls_Res* HLT_ProcessTlsConnect(HLT_Process *process, TLS_VERSION tlsVersion,
957 HLT_Ctx_Config *ctxConfig, HLT_Ssl_Config *sslConfig)
958 {
959 int ret;
960
961 HLT_Tls_Res *tlsRes = (HLT_Tls_Res*)malloc(sizeof(HLT_Tls_Res));
962 if (tlsRes == NULL) {
963 LOG_ERROR("Malloc TlsRes ERROR");
964 return NULL;
965 }
966 (void)memset_s(tlsRes, sizeof(HLT_Tls_Res), 0, sizeof(HLT_Tls_Res));
967 // Checking Configuration Parameters
968 if (ctxConfig == NULL) {
969 ctxConfig = HLT_NewCtxConfig(NULL, "CLIENT");
970 }
971 if (sslConfig == NULL) {
972 sslConfig = HLT_NewSslConfig(NULL);
973 }
974 if ((ctxConfig == NULL) || (sslConfig == NULL)) {
975 LOG_ERROR("ctxConfig or sslConfig is NULL");
976 goto ERR;
977 }
978 // Check whether the call is invoked by the local process or by the RPC.
979 if (process->remoteFlag == 0) {
980 ret = LocalProcessTlsInit(process, tlsVersion, ctxConfig, sslConfig, tlsRes);
981 if (ret == ERROR) {
982 LOG_ERROR("LocalProcessTlsInit ERROR");
983 goto ERR;
984 }
985 ret = HLT_TlsConnect(tlsRes->ssl);
986 if (ret != SUCCESS) {
987 LOG_ERROR("HLT_TlsConnect ERROR is %d", ret);
988 goto ERR;
989 }
990 } else {
991 ret = RemoteProcessTlsInit(process, tlsVersion, ctxConfig, sslConfig, tlsRes);
992 if (ret == ERROR) {
993 LOG_ERROR("Retmote Process Init Tls ERROR");
994 goto ERR;
995 }
996 ret = HLT_RpcTlsConnect(process, tlsRes->sslId);
997 if (ret != SUCCESS) {
998 LOG_ERROR("HLT_RpcTlsConnect ERROR is %d", ret);
999 goto ERR;
1000 }
1001 }
1002
1003 // The configuration resources of the HLT_Tls_Res table are stored and will be released later.
1004 Process *localProcess = GetProcess();
1005 localProcess->hltTlsResArray[localProcess->hltTlsResNum] = tlsRes;
1006 localProcess->hltTlsResNum++;
1007 return tlsRes;
1008 ERR:
1009 free(tlsRes);
1010 return NULL;
1011 }
1012
HLT_ProcessTlsWrite(HLT_Process * process,HLT_Tls_Res * tlsRes,uint8_t * data,uint32_t dataLen)1013 int HLT_ProcessTlsWrite(HLT_Process *process, HLT_Tls_Res *tlsRes, uint8_t *data, uint32_t dataLen)
1014 {
1015 if (process == NULL) {
1016 LOG_ERROR("Process is NULL");
1017 return ERROR;
1018 }
1019 if (process->remoteFlag == 0) {
1020 return HLT_TlsWrite(tlsRes->ssl, data, dataLen);
1021 } else {
1022 return HLT_RpcTlsWrite(process, tlsRes->sslId, data, dataLen);
1023 }
1024 }
1025
HLT_ProcessTlsRead(HLT_Process * process,HLT_Tls_Res * tlsRes,uint8_t * data,uint32_t bufSize,uint32_t * dataLen)1026 int HLT_ProcessTlsRead(HLT_Process *process, HLT_Tls_Res *tlsRes, uint8_t *data, uint32_t bufSize, uint32_t *dataLen)
1027 {
1028 if (process == NULL) {
1029 LOG_ERROR("Process is NULL");
1030 return ERROR;
1031 }
1032 if (process->remoteFlag == 0) {
1033 return HLT_TlsRead(tlsRes->ssl, data, bufSize, dataLen);
1034 } else {
1035 return HLT_RpcTlsRead(process, tlsRes->sslId, data, bufSize, dataLen);
1036 }
1037 }
1038
HLT_SetVersion(HLT_Ctx_Config * ctxConfig,uint16_t minVersion,uint16_t maxVersion)1039 int HLT_SetVersion(HLT_Ctx_Config *ctxConfig, uint16_t minVersion, uint16_t maxVersion)
1040 {
1041 ctxConfig->minVersion = minVersion;
1042 ctxConfig->maxVersion = maxVersion;
1043 return SUCCESS;
1044 }
1045
HLT_SetSecurityLevel(HLT_Ctx_Config * ctxConfig,int32_t level)1046 int HLT_SetSecurityLevel(HLT_Ctx_Config *ctxConfig, int32_t level)
1047 {
1048 ctxConfig->securitylevel = level;
1049 return SUCCESS;
1050 }
1051
HLT_SetRenegotiationSupport(HLT_Ctx_Config * ctxConfig,bool support)1052 int HLT_SetRenegotiationSupport(HLT_Ctx_Config *ctxConfig, bool support)
1053 {
1054 ctxConfig->isSupportRenegotiation = support;
1055 return SUCCESS;
1056 }
1057
HLT_SetLegacyRenegotiateSupport(HLT_Ctx_Config * ctxConfig,bool support)1058 int HLT_SetLegacyRenegotiateSupport(HLT_Ctx_Config *ctxConfig, bool support)
1059 {
1060 ctxConfig->allowLegacyRenegotiate = support;
1061 return SUCCESS;
1062 }
1063
HLT_SetClientRenegotiateSupport(HLT_Ctx_Config * ctxConfig,bool support)1064 int HLT_SetClientRenegotiateSupport(HLT_Ctx_Config *ctxConfig, bool support)
1065 {
1066 ctxConfig->allowClientRenegotiate = support;
1067 return SUCCESS;
1068 }
1069
HLT_SetEmptyRecordsNum(HLT_Ctx_Config * ctxConfig,uint32_t emptyNum)1070 int HLT_SetEmptyRecordsNum(HLT_Ctx_Config *ctxConfig, uint32_t emptyNum)
1071 {
1072 ctxConfig->emptyRecordsNum = emptyNum;
1073 return SUCCESS;
1074 }
1075
HLT_SetEncryptThenMac(HLT_Ctx_Config * ctxConfig,int support)1076 int HLT_SetEncryptThenMac(HLT_Ctx_Config *ctxConfig, int support)
1077 {
1078 ctxConfig->isEncryptThenMac = support;
1079 return SUCCESS;
1080 }
1081
HLT_SetFlightTransmitSwitch(HLT_Ctx_Config * ctxConfig,bool support)1082 int HLT_SetFlightTransmitSwitch(HLT_Ctx_Config *ctxConfig, bool support)
1083 {
1084 ctxConfig->isFlightTransmitEnable = support;
1085 return SUCCESS;
1086 }
1087
HLT_SetClientVerifySupport(HLT_Ctx_Config * ctxConfig,bool support)1088 int HLT_SetClientVerifySupport(HLT_Ctx_Config *ctxConfig, bool support)
1089 {
1090 ctxConfig->isSupportClientVerify = support;
1091 return SUCCESS;
1092 }
1093
HLT_SetPostHandshakeAuth(HLT_Ctx_Config * ctxConfig,bool support)1094 int HLT_SetPostHandshakeAuth(HLT_Ctx_Config *ctxConfig, bool support)
1095 {
1096 ctxConfig->isSupportPostHandshakeAuth = support;
1097 return SUCCESS;
1098 }
1099
HLT_SetNoClientCertSupport(HLT_Ctx_Config * ctxConfig,bool support)1100 int HLT_SetNoClientCertSupport(HLT_Ctx_Config *ctxConfig, bool support)
1101 {
1102 ctxConfig->isSupportNoClientCert = support;
1103 return SUCCESS;
1104 }
1105
HLT_SetExtenedMasterSecretSupport(HLT_Ctx_Config * ctxConfig,bool support)1106 int HLT_SetExtenedMasterSecretSupport(HLT_Ctx_Config *ctxConfig, bool support)
1107 {
1108 ctxConfig->isSupportExtendMasterSecret = support;
1109 return SUCCESS;
1110 }
1111
HLT_SetModeSupport(HLT_Ctx_Config * ctxConfig,uint32_t mode)1112 int HLT_SetModeSupport(HLT_Ctx_Config *ctxConfig, uint32_t mode)
1113 {
1114 ctxConfig->modeSupport = mode;
1115 return SUCCESS;
1116 }
1117
HLT_SetCipherSuites(HLT_Ctx_Config * ctxConfig,const char * cipherSuites)1118 int HLT_SetCipherSuites(HLT_Ctx_Config *ctxConfig, const char *cipherSuites)
1119 {
1120 int ret;
1121 (void)memset_s(ctxConfig->cipherSuites, sizeof(ctxConfig->cipherSuites), 0, sizeof(ctxConfig->cipherSuites));
1122 ret = sprintf_s(ctxConfig->cipherSuites, sizeof(ctxConfig->cipherSuites), cipherSuites);
1123 if (ret <= 0) {
1124 return ERROR;
1125 }
1126 return SUCCESS;
1127 }
1128
HLT_SetProviderPath(HLT_Ctx_Config * ctxConfig,char * providerPath)1129 int HLT_SetProviderPath(HLT_Ctx_Config *ctxConfig, char *providerPath)
1130 {
1131 if (strcpy_s(ctxConfig->providerPath, sizeof(ctxConfig->providerPath), providerPath) != EOK) {
1132 return ERROR;
1133 }
1134 return SUCCESS;
1135 }
1136
HLT_SetProviderAttrName(HLT_Ctx_Config * ctxConfig,char * attrName)1137 int HLT_SetProviderAttrName(HLT_Ctx_Config *ctxConfig, char *attrName)
1138 {
1139 if (strcpy_s(ctxConfig->attrName, sizeof(ctxConfig->attrName), attrName) != EOK) {
1140 return ERROR;
1141 }
1142 return SUCCESS;
1143 }
1144
HLT_AddProviderInfo(HLT_Ctx_Config * ctxConfig,char * providerName,int providerLibFmt)1145 int HLT_AddProviderInfo(HLT_Ctx_Config *ctxConfig, char *providerName, int providerLibFmt)
1146 {
1147 if (providerName != NULL) {
1148 if (strcpy_s(ctxConfig->providerNames[ctxConfig->providerCnt], MAX_PROVIDER_NAME_LEN, providerName) != EOK) {
1149 return ERROR;
1150 }
1151 ctxConfig->providerLibFmts[ctxConfig->providerCnt] = providerLibFmt;
1152 ctxConfig->providerCnt += 1;
1153 }
1154 return SUCCESS;
1155 }
1156
HLT_SetTls13CipherSuites(HLT_Ctx_Config * ctxConfig,const char * cipherSuites)1157 int HLT_SetTls13CipherSuites(HLT_Ctx_Config *ctxConfig, const char *cipherSuites)
1158 {
1159 int ret;
1160 (void)memset_s(ctxConfig->tls13CipherSuites, sizeof(ctxConfig->tls13CipherSuites), 0,
1161 sizeof(ctxConfig->tls13CipherSuites));
1162 ret = sprintf_s(ctxConfig->tls13CipherSuites, sizeof(ctxConfig->tls13CipherSuites), cipherSuites);
1163 if (ret <= 0) {
1164 return ERROR;
1165 }
1166 return SUCCESS;
1167 }
1168
HLT_SetEcPointFormats(HLT_Ctx_Config * ctxConfig,const char * pointFormat)1169 int HLT_SetEcPointFormats(HLT_Ctx_Config *ctxConfig, const char *pointFormat)
1170 {
1171 int ret;
1172 (void)memset_s(ctxConfig->pointFormats, sizeof(ctxConfig->pointFormats), 0, sizeof(ctxConfig->pointFormats));
1173 ret = sprintf_s(ctxConfig->pointFormats, sizeof(ctxConfig->pointFormats), pointFormat);
1174 if (ret <= 0) {
1175 return ERROR;
1176 }
1177 return SUCCESS;
1178 }
1179
HLT_SetGroups(HLT_Ctx_Config * ctxConfig,const char * groups)1180 int HLT_SetGroups(HLT_Ctx_Config *ctxConfig, const char *groups)
1181 {
1182 int ret;
1183 (void)memset_s(ctxConfig->groups, sizeof(ctxConfig->groups), 0, sizeof(ctxConfig->groups));
1184 ret = sprintf_s(ctxConfig->groups, sizeof(ctxConfig->groups), groups);
1185 if (ret <= 0) {
1186 return ERROR;
1187 }
1188 return SUCCESS;
1189 }
1190
HLT_SetSignature(HLT_Ctx_Config * ctxConfig,const char * signature)1191 int HLT_SetSignature(HLT_Ctx_Config *ctxConfig, const char *signature)
1192 {
1193 int ret;
1194 (void)memset_s(ctxConfig->signAlgorithms, sizeof(ctxConfig->signAlgorithms), 0, sizeof(ctxConfig->signAlgorithms));
1195 ret = sprintf_s(ctxConfig->signAlgorithms, sizeof(ctxConfig->signAlgorithms), signature);
1196 if (ret <= 0) {
1197 return ERROR;
1198 }
1199 return SUCCESS;
1200 }
1201
HLT_SetPsk(HLT_Ctx_Config * ctxConfig,char * psk)1202 int HLT_SetPsk(HLT_Ctx_Config *ctxConfig, char *psk)
1203 {
1204 (void)memset_s(ctxConfig->psk, PSK_MAX_LEN, 0, PSK_MAX_LEN);
1205 if (strcpy_s(ctxConfig->psk, PSK_MAX_LEN, psk) != EOK) {
1206 LOG_ERROR("HLT_SetPsk failed.");
1207 return -1;
1208 }
1209 return SUCCESS;
1210 }
1211
HLT_SetKeyExchMode(HLT_Ctx_Config * config,uint32_t mode)1212 int HLT_SetKeyExchMode(HLT_Ctx_Config *config, uint32_t mode)
1213 {
1214 config->keyExchMode = mode;
1215 return SUCCESS;
1216 }
1217
HLT_SetTicketKeyCb(HLT_Ctx_Config * ctxConfig,char * ticketKeyCbName)1218 int HLT_SetTicketKeyCb(HLT_Ctx_Config *ctxConfig, char *ticketKeyCbName)
1219 {
1220 (void)memset_s(ctxConfig->ticketKeyCb, TICKET_KEY_CB_NAME_LEN, 0, TICKET_KEY_CB_NAME_LEN);
1221 if (strcpy_s(ctxConfig->ticketKeyCb, TICKET_KEY_CB_NAME_LEN, ticketKeyCbName) != EOK) {
1222 LOG_ERROR("HLT_SetTicketKeyCb failed.");
1223 return -1;
1224 }
1225 return SUCCESS;
1226 }
1227
HLT_SetCaCertPath(HLT_Ctx_Config * ctxConfig,const char * caCertPath)1228 int HLT_SetCaCertPath(HLT_Ctx_Config *ctxConfig, const char *caCertPath)
1229 {
1230 int ret;
1231 (void)memset_s(ctxConfig->caCert, sizeof(ctxConfig->caCert), 0, sizeof(ctxConfig->caCert));
1232 ret = sprintf_s(ctxConfig->caCert, sizeof(ctxConfig->caCert), caCertPath);
1233 if (ret <= 0) {
1234 return ERROR;
1235 }
1236 return SUCCESS;
1237 }
1238
HLT_SetChainCertPath(HLT_Ctx_Config * ctxConfig,const char * chainCertPath)1239 int HLT_SetChainCertPath(HLT_Ctx_Config *ctxConfig, const char *chainCertPath)
1240 {
1241 int ret;
1242 (void)memset_s(ctxConfig->chainCert, sizeof(ctxConfig->chainCert), 0, sizeof(ctxConfig->chainCert));
1243 ret = sprintf_s(ctxConfig->chainCert, sizeof(ctxConfig->chainCert), chainCertPath);
1244 if (ret <= 0) {
1245 return ERROR;
1246 }
1247 return SUCCESS;
1248 }
1249
HLT_SetEeCertPath(HLT_Ctx_Config * ctxConfig,const char * eeCertPath)1250 int HLT_SetEeCertPath(HLT_Ctx_Config *ctxConfig, const char *eeCertPath)
1251 {
1252 int ret;
1253 (void)memset_s(ctxConfig->eeCert, sizeof(ctxConfig->eeCert), 0, sizeof(ctxConfig->eeCert));
1254 ret = sprintf_s(ctxConfig->eeCert, sizeof(ctxConfig->eeCert), eeCertPath);
1255 if (ret <= 0) {
1256 return ERROR;
1257 }
1258 return SUCCESS;
1259 }
1260
HLT_SetPrivKeyPath(HLT_Ctx_Config * ctxConfig,const char * privKeyPath)1261 int HLT_SetPrivKeyPath(HLT_Ctx_Config *ctxConfig, const char *privKeyPath)
1262 {
1263 int ret;
1264 (void)memset_s(ctxConfig->privKey, sizeof(ctxConfig->privKey), 0, sizeof(ctxConfig->privKey));
1265 ret = sprintf_s(ctxConfig->privKey, sizeof(ctxConfig->privKey), privKeyPath);
1266 if (ret <= 0) {
1267 return ERROR;
1268 }
1269 return SUCCESS;
1270 }
1271
HLT_SetSignCertPath(HLT_Ctx_Config * ctxConfig,const char * signCertPath)1272 int HLT_SetSignCertPath(HLT_Ctx_Config *ctxConfig, const char *signCertPath)
1273 {
1274 int ret;
1275 (void)memset_s(ctxConfig->signCert, sizeof(ctxConfig->signCert), 0, sizeof(ctxConfig->signCert));
1276 ret = sprintf_s(ctxConfig->signCert, sizeof(ctxConfig->signCert), signCertPath);
1277 if (ret <= 0) {
1278 return ERROR;
1279 }
1280 return SUCCESS;
1281 }
1282
HLT_SetSignPrivKeyPath(HLT_Ctx_Config * ctxConfig,const char * signPrivKeyPath)1283 int HLT_SetSignPrivKeyPath(HLT_Ctx_Config *ctxConfig, const char *signPrivKeyPath)
1284 {
1285 int ret;
1286 (void)memset_s(ctxConfig->signPrivKey, sizeof(ctxConfig->signPrivKey), 0, sizeof(ctxConfig->signPrivKey));
1287 ret = sprintf_s(ctxConfig->signPrivKey, sizeof(ctxConfig->signPrivKey), signPrivKeyPath);
1288 if (ret <= 0) {
1289 return ERROR;
1290 }
1291 return SUCCESS;
1292 }
1293
HLT_SetPassword(HLT_Ctx_Config * ctxConfig,const char * password)1294 int HLT_SetPassword(HLT_Ctx_Config* ctxConfig, const char* password)
1295 {
1296 int ret;
1297 (void)memset_s(ctxConfig->password, sizeof(ctxConfig->password), 0, sizeof(ctxConfig->password));
1298 ret = sprintf_s(ctxConfig->password, sizeof(ctxConfig->password), password);
1299 if (ret <= 0) {
1300 return ERROR;
1301 }
1302 return SUCCESS;
1303 }
1304
HLT_SetCertPath(HLT_Ctx_Config * ctxConfig,const char * caPath,const char * chainPath,const char * EePath,const char * PrivPath,const char * signCert,const char * signPrivKey)1305 void HLT_SetCertPath(HLT_Ctx_Config *ctxConfig, const char *caPath, const char *chainPath, const char *EePath,
1306 const char *PrivPath, const char *signCert, const char *signPrivKey)
1307 {
1308 HLT_SetCaCertPath(ctxConfig, caPath);
1309 if (ctxConfig->isNoSetCert) {
1310 return;
1311 }
1312 HLT_SetChainCertPath(ctxConfig, chainPath);
1313 HLT_SetEeCertPath(ctxConfig, EePath);
1314 HLT_SetPrivKeyPath(ctxConfig, PrivPath);
1315 HLT_SetSignCertPath(ctxConfig, signCert);
1316 HLT_SetSignPrivKeyPath(ctxConfig, signPrivKey);
1317 }
1318
HLT_SetServerName(HLT_Ctx_Config * ctxConfig,const char * serverName)1319 int HLT_SetServerName(HLT_Ctx_Config *ctxConfig, const char *serverName)
1320 {
1321 (void)memset_s(ctxConfig->serverName, sizeof(ctxConfig->serverName), 0, sizeof(ctxConfig->serverName));
1322 int ret = sprintf_s(ctxConfig->serverName, sizeof(ctxConfig->serverName), serverName);
1323 if (ret <= 0) {
1324 return ERROR;
1325 }
1326 return SUCCESS;
1327 }
1328
HLT_SetServerNameArg(HLT_Ctx_Config * ctxConfig,char * arg)1329 int HLT_SetServerNameArg(HLT_Ctx_Config *ctxConfig, char *arg)
1330 {
1331 (void)memset_s(ctxConfig->sniArg, SERVER_NAME_ARG_NAME_LEN, 0, SERVER_NAME_ARG_NAME_LEN);
1332 if (strcpy_s(ctxConfig->sniArg, SERVER_NAME_ARG_NAME_LEN, arg) != EOK) {
1333 LOG_ERROR("HLT_SetServerNameArg failed.");
1334 return ERROR;
1335 }
1336 return SUCCESS;
1337 }
1338
HLT_SetServerNameCb(HLT_Ctx_Config * ctxConfig,char * sniCbName)1339 int HLT_SetServerNameCb(HLT_Ctx_Config *ctxConfig, char *sniCbName)
1340 {
1341 (void)memset_s(ctxConfig->sniDealCb, SERVER_NAME_CB_NAME_LEN, 0, SERVER_NAME_CB_NAME_LEN);
1342 if (strcpy_s(ctxConfig->sniDealCb, SERVER_NAME_CB_NAME_LEN, sniCbName) != EOK) {
1343 LOG_ERROR("HLT_SetServerNameCb failed.");
1344 return ERROR;
1345 }
1346 return SUCCESS;
1347 }
1348
HLT_SetAlpnProtos(HLT_Ctx_Config * ctxConfig,const char * alpnProtos)1349 int HLT_SetAlpnProtos(HLT_Ctx_Config *ctxConfig, const char *alpnProtos)
1350 {
1351 (void)memset_s(ctxConfig->alpnList, sizeof(ctxConfig->alpnList), 0, sizeof(ctxConfig->alpnList));
1352 int ret = sprintf_s(ctxConfig->alpnList, sizeof(ctxConfig->alpnList), alpnProtos);
1353 if (ret <= 0) {
1354 return ERROR;
1355 }
1356 return SUCCESS;
1357 }
1358
HLT_SetAlpnProtosSelectCb(HLT_Ctx_Config * ctxConfig,char * callback,char * userData)1359 int HLT_SetAlpnProtosSelectCb(HLT_Ctx_Config *ctxConfig, char *callback, char *userData)
1360 {
1361 (void)memset_s(ctxConfig->alpnSelectCb, ALPN_CB_NAME_LEN, 0, ALPN_CB_NAME_LEN);
1362 if (strcpy_s(ctxConfig->alpnSelectCb, ALPN_CB_NAME_LEN, callback) != EOK) {
1363 LOG_ERROR("HLT_SetAlpnCb failed.");
1364 return ERROR;
1365 }
1366 (void)memset_s(ctxConfig->alpnUserData, ALPN_DATA_NAME_LEN, 0, ALPN_DATA_NAME_LEN);
1367 if (strcpy_s(ctxConfig->alpnUserData, ALPN_DATA_NAME_LEN, userData) != EOK) {
1368 LOG_ERROR("HLT_SetAlpnDataCb failed.");
1369 return ERROR;
1370 }
1371 return SUCCESS;
1372 }
1373
HLT_SetFrameHandle(HLT_FrameHandle * frameHandle)1374 int HLT_SetFrameHandle(HLT_FrameHandle *frameHandle)
1375 {
1376 return SetFrameHandle(frameHandle);
1377 }
1378
HLT_CleanFrameHandle(void)1379 void HLT_CleanFrameHandle(void)
1380 {
1381 CleanFrameHandle();
1382 }
1383
IsEnableSctpAuth(void)1384 bool IsEnableSctpAuth(void)
1385 {
1386 return false;
1387 }
1388