• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Copyright (c) 2023, The OpenThread Authors.
3  *  All rights reserved.
4  *
5  *  Redistribution and use in source and binary forms, with or without
6  *  modification, are permitted provided that the following conditions are met:
7  *  1. Redistributions of source code must retain the above copyright
8  *     notice, this list of conditions and the following disclaimer.
9  *  2. Redistributions in binary form must reproduce the above copyright
10  *     notice, this list of conditions and the following disclaimer in the
11  *     documentation and/or other materials provided with the distribution.
12  *  3. Neither the name of the copyright holder nor the
13  *     names of its contributors may be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26  *  POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /**
30  * @file
31  *   This file implements the OpenThread BLE Secure API.
32  */
33 
34 #include "openthread-core-config.h"
35 
36 #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
37 
38 #include <openthread/ble_secure.h>
39 #include <openthread/platform/ble.h>
40 
41 #include "common/as_core_type.hpp"
42 #include "common/code_utils.hpp"
43 #include "instance/instance.hpp"
44 #include "meshcop/tcat_agent.hpp"
45 #include "radio/ble_secure.hpp"
46 
47 using namespace ot;
48 
otBleSecureStart(otInstance * aInstance,otHandleBleSecureConnect aConnectHandler,otHandleBleSecureReceive aReceiveHandler,bool aTlvMode,void * aContext)49 otError otBleSecureStart(otInstance              *aInstance,
50                          otHandleBleSecureConnect aConnectHandler,
51                          otHandleBleSecureReceive aReceiveHandler,
52                          bool                     aTlvMode,
53                          void                    *aContext)
54 {
55     return AsCoreType(aInstance).Get<Ble::BleSecure>().Start(aConnectHandler, aReceiveHandler, aTlvMode, aContext);
56 }
57 
otBleSecureSetTcatVendorInfo(otInstance * aInstance,const otTcatVendorInfo * aVendorInfo)58 otError otBleSecureSetTcatVendorInfo(otInstance *aInstance, const otTcatVendorInfo *aVendorInfo)
59 {
60     return AsCoreType(aInstance).Get<Ble::BleSecure>().TcatSetVendorInfo(AsCoreType(aVendorInfo));
61 }
62 
otBleSecureTcatStart(otInstance * aInstance,otHandleTcatJoin aHandler)63 otError otBleSecureTcatStart(otInstance *aInstance, otHandleTcatJoin aHandler)
64 {
65     return AsCoreType(aInstance).Get<Ble::BleSecure>().TcatStart(aHandler);
66 }
67 
otBleSecureStop(otInstance * aInstance)68 void otBleSecureStop(otInstance *aInstance) { AsCoreType(aInstance).Get<Ble::BleSecure>().Stop(); }
69 
70 #ifdef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
otBleSecureSetPsk(otInstance * aInstance,const uint8_t * aPsk,uint16_t aPskLength,const uint8_t * aPskIdentity,uint16_t aPskIdLength)71 void otBleSecureSetPsk(otInstance    *aInstance,
72                        const uint8_t *aPsk,
73                        uint16_t       aPskLength,
74                        const uint8_t *aPskIdentity,
75                        uint16_t       aPskIdLength)
76 {
77     AssertPointerIsNotNull(aPsk);
78     AssertPointerIsNotNull(aPskIdentity);
79     OT_ASSERT(aPskLength != 0 && aPskIdLength != 0);
80 
81     AsCoreType(aInstance).Get<Ble::BleSecure>().SetPreSharedKey(aPsk, aPskLength, aPskIdentity, aPskIdLength);
82 }
83 #endif // MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
84 
85 #if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
otBleSecureGetPeerCertificateBase64(otInstance * aInstance,unsigned char * aPeerCert,size_t * aCertLength)86 otError otBleSecureGetPeerCertificateBase64(otInstance *aInstance, unsigned char *aPeerCert, size_t *aCertLength)
87 {
88     Error error;
89 
90     VerifyOrExit(aPeerCert != nullptr, error = kErrorInvalidArgs);
91     VerifyOrExit(aCertLength != nullptr, error = kErrorInvalidArgs);
92 
93     error = AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerCertificateBase64(aPeerCert, aCertLength, *aCertLength);
94 
95 exit:
96     return error;
97 }
98 #endif
99 
100 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
otBleSecureGetPeerCertificateDer(otInstance * aInstance,unsigned char * aPeerCert,size_t * aCertLength)101 otError otBleSecureGetPeerCertificateDer(otInstance *aInstance, unsigned char *aPeerCert, size_t *aCertLength)
102 {
103     AssertPointerIsNotNull(aPeerCert);
104     AssertPointerIsNotNull(aCertLength);
105 
106     return AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerCertificateDer(aPeerCert, aCertLength, *aCertLength);
107 }
108 
otBleSecureGetPeerSubjectAttributeByOid(otInstance * aInstance,const char * aOid,size_t aOidLength,uint8_t * aAttributeBuffer,size_t * aAttributeLength,int * aAsn1Type)109 otError otBleSecureGetPeerSubjectAttributeByOid(otInstance *aInstance,
110                                                 const char *aOid,
111                                                 size_t      aOidLength,
112                                                 uint8_t    *aAttributeBuffer,
113                                                 size_t     *aAttributeLength,
114                                                 int        *aAsn1Type)
115 {
116     return AsCoreType(aInstance).Get<Ble::BleSecure>().GetPeerSubjectAttributeByOid(aOid, aOidLength, aAttributeBuffer,
117                                                                                     aAttributeLength, aAsn1Type);
118 }
119 
otBleSecureGetThreadAttributeFromPeerCertificate(otInstance * aInstance,int aThreadOidDescriptor,uint8_t * aAttributeBuffer,size_t * aAttributeLength)120 otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance *aInstance,
121                                                          int         aThreadOidDescriptor,
122                                                          uint8_t    *aAttributeBuffer,
123                                                          size_t     *aAttributeLength)
124 {
125     return AsCoreType(aInstance).Get<Ble::BleSecure>().GetThreadAttributeFromPeerCertificate(
126         aThreadOidDescriptor, aAttributeBuffer, aAttributeLength);
127 }
128 #endif // defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
129 
otBleSecureGetThreadAttributeFromOwnCertificate(otInstance * aInstance,int aThreadOidDescriptor,uint8_t * aAttributeBuffer,size_t * aAttributeLength)130 otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance *aInstance,
131                                                         int         aThreadOidDescriptor,
132                                                         uint8_t    *aAttributeBuffer,
133                                                         size_t     *aAttributeLength)
134 {
135     return AsCoreType(aInstance).Get<Ble::BleSecure>().GetThreadAttributeFromOwnCertificate(
136         aThreadOidDescriptor, aAttributeBuffer, aAttributeLength);
137 }
138 
otBleSecureSetSslAuthMode(otInstance * aInstance,bool aVerifyPeerCertificate)139 void otBleSecureSetSslAuthMode(otInstance *aInstance, bool aVerifyPeerCertificate)
140 {
141     AsCoreType(aInstance).Get<Ble::BleSecure>().SetSslAuthMode(aVerifyPeerCertificate);
142 }
143 
144 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
otBleSecureSetCertificate(otInstance * aInstance,const uint8_t * aX509Cert,uint32_t aX509Length,const uint8_t * aPrivateKey,uint32_t aPrivateKeyLength)145 void otBleSecureSetCertificate(otInstance    *aInstance,
146                                const uint8_t *aX509Cert,
147                                uint32_t       aX509Length,
148                                const uint8_t *aPrivateKey,
149                                uint32_t       aPrivateKeyLength)
150 {
151     OT_ASSERT(aX509Cert != nullptr && aX509Length != 0 && aPrivateKey != nullptr && aPrivateKeyLength != 0);
152 
153     AsCoreType(aInstance).Get<Ble::BleSecure>().SetCertificate(aX509Cert, aX509Length, aPrivateKey, aPrivateKeyLength);
154 }
155 
otBleSecureSetCaCertificateChain(otInstance * aInstance,const uint8_t * aX509CaCertificateChain,uint32_t aX509CaCertChainLength)156 void otBleSecureSetCaCertificateChain(otInstance    *aInstance,
157                                       const uint8_t *aX509CaCertificateChain,
158                                       uint32_t       aX509CaCertChainLength)
159 {
160     OT_ASSERT(aX509CaCertificateChain != nullptr && aX509CaCertChainLength != 0);
161 
162     AsCoreType(aInstance).Get<Ble::BleSecure>().SetCaCertificateChain(aX509CaCertificateChain, aX509CaCertChainLength);
163 }
164 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
165 
otBleSecureConnect(otInstance * aInstance)166 otError otBleSecureConnect(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().Connect(); }
167 
otBleSecureDisconnect(otInstance * aInstance)168 void otBleSecureDisconnect(otInstance *aInstance) { AsCoreType(aInstance).Get<Ble::BleSecure>().Disconnect(); }
169 
otBleSecureIsConnectionActive(otInstance * aInstance)170 bool otBleSecureIsConnectionActive(otInstance *aInstance)
171 {
172     return AsCoreType(aInstance).Get<Ble::BleSecure>().IsConnectionActive();
173 }
174 
otBleSecureIsConnected(otInstance * aInstance)175 bool otBleSecureIsConnected(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().IsConnected(); }
176 
otBleSecureIsTcatEnabled(otInstance * aInstance)177 bool otBleSecureIsTcatEnabled(otInstance *aInstance)
178 {
179     return AsCoreType(aInstance).Get<Ble::BleSecure>().IsTcatEnabled();
180 }
181 
otBleSecureIsCommandClassAuthorized(otInstance * aInstance,otTcatCommandClass aCommandClass)182 bool otBleSecureIsCommandClassAuthorized(otInstance *aInstance, otTcatCommandClass aCommandClass)
183 {
184     return AsCoreType(aInstance).Get<Ble::BleSecure>().IsCommandClassAuthorized(
185         static_cast<Ble::BleSecure::CommandClass>(aCommandClass));
186 }
187 
otBleSecureSendMessage(otInstance * aInstance,otMessage * aMessage)188 otError otBleSecureSendMessage(otInstance *aInstance, otMessage *aMessage)
189 {
190     return AsCoreType(aInstance).Get<Ble::BleSecure>().SendMessage(AsCoreType(aMessage));
191 }
192 
otBleSecureSend(otInstance * aInstance,uint8_t * aBuf,uint16_t aLength)193 otError otBleSecureSend(otInstance *aInstance, uint8_t *aBuf, uint16_t aLength)
194 {
195     return AsCoreType(aInstance).Get<Ble::BleSecure>().Send(aBuf, aLength);
196 }
197 
otBleSecureSendApplicationTlv(otInstance * aInstance,uint8_t * aBuf,uint16_t aLength)198 otError otBleSecureSendApplicationTlv(otInstance *aInstance, uint8_t *aBuf, uint16_t aLength)
199 {
200     return AsCoreType(aInstance).Get<Ble::BleSecure>().SendApplicationTlv(aBuf, aLength);
201 }
202 
otBleSecureFlush(otInstance * aInstance)203 otError otBleSecureFlush(otInstance *aInstance) { return AsCoreType(aInstance).Get<Ble::BleSecure>().Flush(); }
204 
otBleSecureGetInstallCodeVerifyStatus(otInstance * aInstance)205 bool otBleSecureGetInstallCodeVerifyStatus(otInstance *aInstance)
206 {
207     return AsCoreType(aInstance).Get<Ble::BleSecure>().GetInstallCodeVerifyStatus();
208 }
209 
210 #endif // OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
211