diff options
Diffstat (limited to 'FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls')
| -rw-r--r-- | FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.c (renamed from FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls/using_mbedtls.c) | 0 | ||||
| -rw-r--r-- | FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.h (renamed from FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls/using_mbedtls.h) | 0 | ||||
| -rw-r--r-- | FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls_pkcs11/using_mbedtls_pkcs11.c | 1011 | ||||
| -rw-r--r-- | FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls_pkcs11/using_mbedtls_pkcs11.h | 231 |
4 files changed, 0 insertions, 1242 deletions
diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls/using_mbedtls.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.c index cd7270be9..cd7270be9 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls/using_mbedtls.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.c diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls/using_mbedtls.h b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.h index a4c856a3e..a4c856a3e 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls/using_mbedtls.h +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls.h diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls_pkcs11/using_mbedtls_pkcs11.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls_pkcs11/using_mbedtls_pkcs11.c deleted file mode 100644 index e7598f1f0..000000000 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls_pkcs11/using_mbedtls_pkcs11.c +++ /dev/null @@ -1,1011 +0,0 @@ -/* - * FreeRTOS V202111.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - -/** - * @file tls_freertos_pkcs11.c - * @brief TLS transport interface implementations. This implementation uses - * mbedTLS. - * @note This file is derived from the tls_freertos.c source file found in the mqtt - * section of IoT Libraries source code. The file has been modified to support using - * PKCS #11 when using TLS. - */ - -/* Standard includes. */ -#include <string.h> - -/* FreeRTOS includes. */ -#include "FreeRTOS.h" - -/* FreeRTOS+TCP includes. */ -#include "FreeRTOS_IP.h" -#include "FreeRTOS_Sockets.h" - -/* TLS transport header. */ -#include "using_mbedtls_pkcs11.h" - -/* FreeRTOS Socket wrapper include. */ -#include "sockets_wrapper.h" - -/* PKCS #11 includes. */ -#include "core_pkcs11_config.h" -#include "core_pkcs11.h" -#include "pkcs11.h" -#include "core_pki_utils.h" - -/*-----------------------------------------------------------*/ - -/** - * @brief Each compilation unit that consumes the NetworkContext must define it. - * It should contain a single pointer as seen below whenever the header file - * of this transport implementation is included to your project. - * - * @note When using multiple transports in the same compilation unit, - * define this pointer as void *. - */ -struct NetworkContext -{ - TlsTransportParams_t * pParams; -}; - -/*-----------------------------------------------------------*/ - -/** - * @brief Represents string to be logged when mbedTLS returned error - * does not contain a high-level code. - */ -static const char * pNoHighLevelMbedTlsCodeStr = "<No-High-Level-Code>"; - -/** - * @brief Represents string to be logged when mbedTLS returned error - * does not contain a low-level code. - */ -static const char * pNoLowLevelMbedTlsCodeStr = "<No-Low-Level-Code>"; - -/** - * @brief Utility for converting the high-level code in an mbedTLS error to string, - * if the code-contains a high-level code; otherwise, using a default string. - */ -#define mbedtlsHighLevelCodeOrDefault( mbedTlsCode ) \ - ( mbedtls_high_level_strerr( mbedTlsCode ) != NULL ) ? \ - mbedtls_high_level_strerr( mbedTlsCode ) : pNoHighLevelMbedTlsCodeStr - -/** - * @brief Utility for converting the level-level code in an mbedTLS error to string, - * if the code-contains a level-level code; otherwise, using a default string. - */ -#define mbedtlsLowLevelCodeOrDefault( mbedTlsCode ) \ - ( mbedtls_low_level_strerr( mbedTlsCode ) != NULL ) ? \ - mbedtls_low_level_strerr( mbedTlsCode ) : pNoLowLevelMbedTlsCodeStr - -/*-----------------------------------------------------------*/ - -/** - * @brief Initialize the mbed TLS structures in a network connection. - * - * @param[in] pSslContext The SSL context to initialize. - */ -static void sslContextInit( SSLContext_t * pSslContext ); - -/** - * @brief Free the mbed TLS structures in a network connection. - * - * @param[in] pSslContext The SSL context to free. - */ -static void sslContextFree( SSLContext_t * pSslContext ); - -/** - * @brief Set up TLS on a TCP connection. - * - * @param[in] pNetworkContext Network context. - * @param[in] pHostName Remote host name, used for server name indication. - * @param[in] pNetworkCredentials TLS setup parameters. - * - * @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, #TLS_TRANSPORT_INVALID_CREDENTIALS, - * #TLS_TRANSPORT_HANDSHAKE_FAILED, or #TLS_TRANSPORT_INTERNAL_ERROR. - */ -static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext, - const char * pHostName, - const NetworkCredentials_t * pNetworkCredentials ); - -/** - * @brief Initialize mbedTLS. - * - * @return #TLS_TRANSPORT_SUCCESS, or #TLS_TRANSPORT_INTERNAL_ERROR. - */ -static TlsTransportStatus_t initMbedtls( void ); - -/*-----------------------------------------------------------*/ - -/** - * @brief Callback that wraps PKCS#11 for pseudo-random number generation. - * - * @param[in] pvCtx Caller context. - * @param[in] pucRandom Byte array to fill with random data. - * @param[in] xRandomLength Length of byte array. - * - * @return Zero on success. - */ -static int32_t generateRandomBytes( void * pvCtx, - unsigned char * pucRandom, - size_t xRandomLength ); - -/** - * @brief Helper for reading the specified certificate object, if present, - * out of storage, into RAM, and then into an mbedTLS certificate context - * object. - * - * @param[in] pSslContext Caller TLS context. - * @param[in] pcLabelName PKCS #11 certificate object label. - * @param[in] xClass PKCS #11 certificate object class. - * @param[out] pxCertificateContext Certificate context. - * - * @return Zero on success. - */ -static CK_RV readCertificateIntoContext( SSLContext_t * pSslContext, - char * pcLabelName, - CK_OBJECT_CLASS xClass, - mbedtls_x509_crt * pxCertificateContext ); - -/** - * @brief Helper for setting up potentially hardware-based cryptographic context. - * - * @param Caller context. - * - * @return Zero on success. - */ -static CK_RV initializeClientKeys( SSLContext_t * pxCtx ); - -/** - * @brief Sign a cryptographic hash with the private key. - * - * @param[in] pvContext Crypto context. - * @param[in] xMdAlg Unused. - * @param[in] pucHash Length in bytes of hash to be signed. - * @param[in] uiHashLen Byte array of hash to be signed. - * @param[out] pucSig RSA signature bytes. - * @param[in] pxSigLen Length in bytes of signature buffer. - * @param[in] piRng Unused. - * @param[in] pvRng Unused. - * - * @return Zero on success. - */ -static int32_t privateKeySigningCallback( void * pvContext, - mbedtls_md_type_t xMdAlg, - const unsigned char * pucHash, - size_t xHashLen, - unsigned char * pucSig, - size_t * pxSigLen, - int32_t ( * piRng )( void *, - unsigned char *, - size_t ), - void * pvRng ); - - -/*-----------------------------------------------------------*/ - -static void sslContextInit( SSLContext_t * pSslContext ) -{ - configASSERT( pSslContext != NULL ); - - mbedtls_ssl_config_init( &( pSslContext->config ) ); - mbedtls_x509_crt_init( &( pSslContext->rootCa ) ); - mbedtls_x509_crt_init( &( pSslContext->clientCert ) ); - mbedtls_ssl_init( &( pSslContext->context ) ); - - xInitializePkcs11Session( &( pSslContext->xP11Session ) ); - C_GetFunctionList( &( pSslContext->pxP11FunctionList ) ); -} -/*-----------------------------------------------------------*/ - -static void sslContextFree( SSLContext_t * pSslContext ) -{ - configASSERT( pSslContext != NULL ); - - mbedtls_ssl_free( &( pSslContext->context ) ); - mbedtls_x509_crt_free( &( pSslContext->rootCa ) ); - mbedtls_x509_crt_free( &( pSslContext->clientCert ) ); - mbedtls_ssl_config_free( &( pSslContext->config ) ); - - pSslContext->pxP11FunctionList->C_CloseSession( pSslContext->xP11Session ); -} - -/*-----------------------------------------------------------*/ - -static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext, - const char * pHostName, - const NetworkCredentials_t * pNetworkCredentials ) -{ - TlsTransportParams_t * pTlsTransportParams = NULL; - TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS; - int32_t mbedtlsError = 0; - CK_RV xResult = CKR_OK; - - configASSERT( pNetworkContext != NULL ); - configASSERT( pNetworkContext->pParams != NULL ); - configASSERT( pHostName != NULL ); - configASSERT( pNetworkCredentials != NULL ); - configASSERT( pNetworkCredentials->pRootCa != NULL ); - - pTlsTransportParams = pNetworkContext->pParams; - - /* Initialize the mbed TLS context structures. */ - sslContextInit( &( pTlsTransportParams->sslContext ) ); - - mbedtlsError = mbedtls_ssl_config_defaults( &( pTlsTransportParams->sslContext.config ), - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT ); - - if( mbedtlsError != 0 ) - { - LogError( ( "Failed to set default SSL configuration: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( mbedtlsError ), - mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); - - /* Per mbed TLS docs, mbedtls_ssl_config_defaults only fails on memory allocation. */ - returnStatus = TLS_TRANSPORT_INSUFFICIENT_MEMORY; - } - - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - /* Set up the certificate security profile, starting from the default value. */ - pTlsTransportParams->sslContext.certProfile = mbedtls_x509_crt_profile_default; - - /* test.mosquitto.org only provides a 1024-bit RSA certificate, which is - * not acceptable by the default mbed TLS certificate security profile. - * For the purposes of this demo, allow the use of 1024-bit RSA certificates. - * This block should be removed otherwise. */ - if( strncmp( pHostName, "test.mosquitto.org", strlen( pHostName ) ) == 0 ) - { - pTlsTransportParams->sslContext.certProfile.rsa_min_bitlen = 1024; - } - - /* Set SSL authmode and the RNG context. */ - mbedtls_ssl_conf_authmode( &( pTlsTransportParams->sslContext.config ), - MBEDTLS_SSL_VERIFY_REQUIRED ); - mbedtls_ssl_conf_rng( &( pTlsTransportParams->sslContext.config ), - generateRandomBytes, - &pTlsTransportParams->sslContext ); - mbedtls_ssl_conf_cert_profile( &( pTlsTransportParams->sslContext.config ), - &( pTlsTransportParams->sslContext.certProfile ) ); - - /* Parse the server root CA certificate into the SSL context. */ - mbedtlsError = mbedtls_x509_crt_parse( &( pTlsTransportParams->sslContext.rootCa ), - pNetworkCredentials->pRootCa, - pNetworkCredentials->rootCaSize ); - - if( mbedtlsError != 0 ) - { - LogError( ( "Failed to parse server root CA certificate: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( mbedtlsError ), - mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); - - returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS; - } - else - { - mbedtls_ssl_conf_ca_chain( &( pTlsTransportParams->sslContext.config ), - &( pTlsTransportParams->sslContext.rootCa ), - NULL ); - } - } - - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - /* Setup the client private key. */ - xResult = initializeClientKeys( &( pTlsTransportParams->sslContext ) ); - - if( xResult != CKR_OK ) - { - LogError( ( "Failed to setup key handling by PKCS #11." ) ); - - returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS; - } - else - { - /* Setup the client certificate. */ - xResult = readCertificateIntoContext( &( pTlsTransportParams->sslContext ), - pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS, - CKO_CERTIFICATE, - &( pTlsTransportParams->sslContext.clientCert ) ); - - if( xResult != CKR_OK ) - { - LogError( ( "Failed to get certificate from PKCS #11 module." ) ); - - returnStatus = TLS_TRANSPORT_INVALID_CREDENTIALS; - } - else - { - ( void ) mbedtls_ssl_conf_own_cert( &( pTlsTransportParams->sslContext.config ), - &( pTlsTransportParams->sslContext.clientCert ), - &( pTlsTransportParams->sslContext.privKey ) ); - } - } - } - - if( ( returnStatus == TLS_TRANSPORT_SUCCESS ) && ( pNetworkCredentials->pAlpnProtos != NULL ) ) - { - /* Include an application protocol list in the TLS ClientHello - * message. */ - mbedtlsError = mbedtls_ssl_conf_alpn_protocols( &( pTlsTransportParams->sslContext.config ), - pNetworkCredentials->pAlpnProtos ); - - if( mbedtlsError != 0 ) - { - LogError( ( "Failed to configure ALPN protocol in mbed TLS: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( mbedtlsError ), - mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); - - returnStatus = TLS_TRANSPORT_INTERNAL_ERROR; - } - } - - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - /* Initialize the mbed TLS secured connection context. */ - mbedtlsError = mbedtls_ssl_setup( &( pTlsTransportParams->sslContext.context ), - &( pTlsTransportParams->sslContext.config ) ); - - if( mbedtlsError != 0 ) - { - LogError( ( "Failed to set up mbed TLS SSL context: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( mbedtlsError ), - mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); - - returnStatus = TLS_TRANSPORT_INTERNAL_ERROR; - } - else - { - /* Set the underlying IO for the TLS connection. */ - - /* MISRA Rule 11.2 flags the following line for casting the second - * parameter to void *. This rule is suppressed because - * #mbedtls_ssl_set_bio requires the second parameter as void *. - */ - /* coverity[misra_c_2012_rule_11_2_violation] */ - mbedtls_ssl_set_bio( &( pTlsTransportParams->sslContext.context ), - ( void * ) pTlsTransportParams->tcpSocket, - MBEDTLS_SSL_SEND, - MBEDTLS_SSL_RECV, - NULL ); - } - } - - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - /* Enable SNI if requested. */ - if( pNetworkCredentials->disableSni == pdFALSE ) - { - mbedtlsError = mbedtls_ssl_set_hostname( &( pTlsTransportParams->sslContext.context ), - pHostName ); - - if( mbedtlsError != 0 ) - { - LogError( ( "Failed to set server name: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( mbedtlsError ), - mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); - - returnStatus = TLS_TRANSPORT_INTERNAL_ERROR; - } - } - } - - /* Set Maximum Fragment Length if enabled. */ - #ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - /* Enable the max fragment extension. 4096 bytes is currently the largest fragment size permitted. - * See RFC 8449 https://tools.ietf.org/html/rfc8449 for more information. - * - * Smaller values can be found in "mbedtls/include/ssl.h". - */ - mbedtlsError = mbedtls_ssl_conf_max_frag_len( &( pTlsTransportParams->sslContext.config ), MBEDTLS_SSL_MAX_FRAG_LEN_4096 ); - - if( mbedtlsError != 0 ) - { - LogError( ( "Failed to maximum fragment length extension: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( mbedtlsError ), - mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); - returnStatus = TLS_TRANSPORT_INTERNAL_ERROR; - } - } - #endif /* ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - /* Perform the TLS handshake. */ - do - { - mbedtlsError = mbedtls_ssl_handshake( &( pTlsTransportParams->sslContext.context ) ); - } while( ( mbedtlsError == MBEDTLS_ERR_SSL_WANT_READ ) || - ( mbedtlsError == MBEDTLS_ERR_SSL_WANT_WRITE ) ); - - if( mbedtlsError != 0 ) - { - LogError( ( "Failed to perform TLS handshake: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( mbedtlsError ), - mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); - - returnStatus = TLS_TRANSPORT_HANDSHAKE_FAILED; - } - } - - if( returnStatus != TLS_TRANSPORT_SUCCESS ) - { - sslContextFree( &( pTlsTransportParams->sslContext ) ); - } - else - { - LogInfo( ( "(Network connection %p) TLS handshake successful.", - pNetworkContext ) ); - } - - return returnStatus; -} - -/*-----------------------------------------------------------*/ - -static TlsTransportStatus_t initMbedtls( void ) -{ - TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS; - - /* Set the mutex functions for mbed TLS thread safety. */ - mbedtls_threading_set_alt( mbedtls_platform_mutex_init, - mbedtls_platform_mutex_free, - mbedtls_platform_mutex_lock, - mbedtls_platform_mutex_unlock ); - - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - LogDebug( ( "Successfully initialized mbedTLS." ) ); - } - - return returnStatus; -} - -/*-----------------------------------------------------------*/ - -static int32_t generateRandomBytes( void * pvCtx, - unsigned char * pucRandom, - size_t xRandomLength ) -{ - /* Must cast from void pointer to conform to mbed TLS API. */ - SSLContext_t * pxCtx = ( SSLContext_t * ) pvCtx; - CK_RV xResult; - - xResult = pxCtx->pxP11FunctionList->C_GenerateRandom( pxCtx->xP11Session, pucRandom, xRandomLength ); - - if( xResult != CKR_OK ) - { - LogError( ( "Failed to generate random bytes from the PKCS #11 module." ) ); - } - - return xResult; -} - -/*-----------------------------------------------------------*/ - -static CK_RV readCertificateIntoContext( SSLContext_t * pSslContext, - char * pcLabelName, - CK_OBJECT_CLASS xClass, - mbedtls_x509_crt * pxCertificateContext ) -{ - CK_RV xResult = CKR_OK; - CK_ATTRIBUTE xTemplate = { 0 }; - CK_OBJECT_HANDLE xCertObj = 0; - - /* Get the handle of the certificate. */ - xResult = xFindObjectWithLabelAndClass( pSslContext->xP11Session, - pcLabelName, - strlen( pcLabelName ), - xClass, - &xCertObj ); - - if( ( CKR_OK == xResult ) && ( xCertObj == CK_INVALID_HANDLE ) ) - { - xResult = CKR_OBJECT_HANDLE_INVALID; - } - - /* Query the certificate size. */ - if( CKR_OK == xResult ) - { - xTemplate.type = CKA_VALUE; - xTemplate.ulValueLen = 0; - xTemplate.pValue = NULL; - xResult = pSslContext->pxP11FunctionList->C_GetAttributeValue( pSslContext->xP11Session, - xCertObj, - &xTemplate, - 1 ); - } - - /* Create a buffer for the certificate. */ - if( CKR_OK == xResult ) - { - xTemplate.pValue = pvPortMalloc( xTemplate.ulValueLen ); - - if( NULL == xTemplate.pValue ) - { - xResult = CKR_HOST_MEMORY; - } - } - - /* Export the certificate. */ - if( CKR_OK == xResult ) - { - xResult = pSslContext->pxP11FunctionList->C_GetAttributeValue( pSslContext->xP11Session, - xCertObj, - &xTemplate, - 1 ); - } - - /* Decode the certificate. */ - if( CKR_OK == xResult ) - { - xResult = mbedtls_x509_crt_parse( pxCertificateContext, - ( const unsigned char * ) xTemplate.pValue, - xTemplate.ulValueLen ); - } - - /* Free memory. */ - vPortFree( xTemplate.pValue ); - - return xResult; -} - -/*-----------------------------------------------------------*/ - -/** - * @brief Helper for setting up potentially hardware-based cryptographic context - * for the client TLS certificate and private key. - * - * @param Caller context. - * - * @return Zero on success. - */ -static CK_RV initializeClientKeys( SSLContext_t * pxCtx ) -{ - CK_RV xResult = CKR_OK; - CK_SLOT_ID * pxSlotIds = NULL; - CK_ULONG xCount = 0; - CK_ATTRIBUTE xTemplate[ 2 ]; - mbedtls_pk_type_t xKeyAlgo = ( mbedtls_pk_type_t ) ~0; - - /* Get the PKCS #11 module/token slot count. */ - if( CKR_OK == xResult ) - { - xResult = ( BaseType_t ) pxCtx->pxP11FunctionList->C_GetSlotList( CK_TRUE, - NULL, - &xCount ); - } - - /* Allocate memory to store the token slots. */ - if( CKR_OK == xResult ) - { - pxSlotIds = ( CK_SLOT_ID * ) pvPortMalloc( sizeof( CK_SLOT_ID ) * xCount ); - - if( NULL == pxSlotIds ) - { - xResult = CKR_HOST_MEMORY; - } - } - - /* Get all of the available private key slot identities. */ - if( CKR_OK == xResult ) - { - xResult = ( BaseType_t ) pxCtx->pxP11FunctionList->C_GetSlotList( CK_TRUE, - pxSlotIds, - &xCount ); - } - - /* Put the module in authenticated mode. */ - if( CKR_OK == xResult ) - { - xResult = ( BaseType_t ) pxCtx->pxP11FunctionList->C_Login( pxCtx->xP11Session, - CKU_USER, - ( CK_UTF8CHAR_PTR ) configPKCS11_DEFAULT_USER_PIN, - sizeof( configPKCS11_DEFAULT_USER_PIN ) - 1 ); - } - - if( CKR_OK == xResult ) - { - /* Get the handle of the device private key. */ - xResult = xFindObjectWithLabelAndClass( pxCtx->xP11Session, - pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS, - sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) - 1UL, - CKO_PRIVATE_KEY, - &pxCtx->xP11PrivateKey ); - } - - if( ( CKR_OK == xResult ) && ( pxCtx->xP11PrivateKey == CK_INVALID_HANDLE ) ) - { - xResult = CK_INVALID_HANDLE; - LogError( ( "Could not find private key." ) ); - } - - /* Query the device private key type. */ - if( xResult == CKR_OK ) - { - xTemplate[ 0 ].type = CKA_KEY_TYPE; - xTemplate[ 0 ].pValue = &pxCtx->xKeyType; - xTemplate[ 0 ].ulValueLen = sizeof( CK_KEY_TYPE ); - xResult = pxCtx->pxP11FunctionList->C_GetAttributeValue( pxCtx->xP11Session, - pxCtx->xP11PrivateKey, - xTemplate, - 1 ); - } - - /* Map the PKCS #11 key type to an mbedTLS algorithm. */ - if( xResult == CKR_OK ) - { - switch( pxCtx->xKeyType ) - { - case CKK_RSA: - xKeyAlgo = MBEDTLS_PK_RSA; - break; - - case CKK_EC: - xKeyAlgo = MBEDTLS_PK_ECKEY; - break; - - default: - xResult = CKR_ATTRIBUTE_VALUE_INVALID; - break; - } - } - - /* Map the mbedTLS algorithm to its internal metadata. */ - if( xResult == CKR_OK ) - { - memcpy( &pxCtx->privKeyInfo, mbedtls_pk_info_from_type( xKeyAlgo ), sizeof( mbedtls_pk_info_t ) ); - - pxCtx->privKeyInfo.sign_func = privateKeySigningCallback; - pxCtx->privKey.pk_info = &pxCtx->privKeyInfo; - pxCtx->privKey.pk_ctx = pxCtx; - } - - /* Free memory. */ - vPortFree( pxSlotIds ); - - return xResult; -} - -/*-----------------------------------------------------------*/ - -static int32_t privateKeySigningCallback( void * pvContext, - mbedtls_md_type_t xMdAlg, - const unsigned char * pucHash, - size_t xHashLen, - unsigned char * pucSig, - size_t * pxSigLen, - int32_t ( * piRng )( void *, - unsigned char *, - size_t ), - void * pvRng ) -{ - CK_RV xResult = CKR_OK; - int32_t lFinalResult = 0; - SSLContext_t * pxTLSContext = ( SSLContext_t * ) pvContext; - CK_MECHANISM xMech = { 0 }; - CK_BYTE xToBeSigned[ 256 ]; - CK_ULONG xToBeSignedLen = sizeof( xToBeSigned ); - - /* Unreferenced parameters. */ - ( void ) ( piRng ); - ( void ) ( pvRng ); - ( void ) ( xMdAlg ); - - /* Sanity check buffer length. */ - if( xHashLen > sizeof( xToBeSigned ) ) - { - xResult = CKR_ARGUMENTS_BAD; - } - - /* Format the hash data to be signed. */ - if( CKK_RSA == pxTLSContext->xKeyType ) - { - xMech.mechanism = CKM_RSA_PKCS; - - /* mbedTLS expects hashed data without padding, but PKCS #11 C_Sign function performs a hash - * & sign if hash algorithm is specified. This helper function applies padding - * indicating data was hashed with SHA-256 while still allowing pre-hashed data to - * be provided. */ - xResult = vAppendSHA256AlgorithmIdentifierSequence( ( uint8_t * ) pucHash, xToBeSigned ); - xToBeSignedLen = pkcs11RSA_SIGNATURE_INPUT_LENGTH; - } - else if( CKK_EC == pxTLSContext->xKeyType ) - { - xMech.mechanism = CKM_ECDSA; - memcpy( xToBeSigned, pucHash, xHashLen ); - xToBeSignedLen = xHashLen; - } - else - { - xResult = CKR_ARGUMENTS_BAD; - } - - if( CKR_OK == xResult ) - { - /* Use the PKCS#11 module to sign. */ - xResult = pxTLSContext->pxP11FunctionList->C_SignInit( pxTLSContext->xP11Session, - &xMech, - pxTLSContext->xP11PrivateKey ); - } - - if( CKR_OK == xResult ) - { - *pxSigLen = sizeof( xToBeSigned ); - xResult = pxTLSContext->pxP11FunctionList->C_Sign( ( CK_SESSION_HANDLE ) pxTLSContext->xP11Session, - xToBeSigned, - xToBeSignedLen, - pucSig, - ( CK_ULONG_PTR ) pxSigLen ); - } - - if( ( xResult == CKR_OK ) && ( CKK_EC == pxTLSContext->xKeyType ) ) - { - /* PKCS #11 for P256 returns a 64-byte signature with 32 bytes for R and 32 bytes for S. - * This must be converted to an ASN.1 encoded array. */ - if( *pxSigLen != pkcs11ECDSA_P256_SIGNATURE_LENGTH ) - { - xResult = CKR_FUNCTION_FAILED; - } - - if( xResult == CKR_OK ) - { - PKI_pkcs11SignatureTombedTLSSignature( pucSig, pxSigLen ); - } - } - - if( xResult != CKR_OK ) - { - LogError( ( "Failed to sign message using PKCS #11 with error code %02X.", xResult ) ); - } - - return lFinalResult; -} - -/*-----------------------------------------------------------*/ - -TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext, - const char * pHostName, - uint16_t port, - const NetworkCredentials_t * pNetworkCredentials, - uint32_t receiveTimeoutMs, - uint32_t sendTimeoutMs ) -{ - TlsTransportParams_t * pTlsTransportParams = NULL; - TlsTransportStatus_t returnStatus = TLS_TRANSPORT_SUCCESS; - BaseType_t socketStatus = 0; - - if( ( pNetworkContext == NULL ) || - ( pNetworkContext->pParams == NULL ) || - ( pHostName == NULL ) || - ( pNetworkCredentials == NULL ) ) - { - LogError( ( "Invalid input parameter(s): Arguments cannot be NULL. pNetworkContext=%p, " - "pHostName=%p, pNetworkCredentials=%p.", - pNetworkContext, - pHostName, - pNetworkCredentials ) ); - returnStatus = TLS_TRANSPORT_INVALID_PARAMETER; - } - else if( ( pNetworkCredentials->pRootCa == NULL ) ) - { - LogError( ( "pRootCa cannot be NULL." ) ); - returnStatus = TLS_TRANSPORT_INVALID_PARAMETER; - } - else - { - /* Empty else for MISRA 15.7 compliance. */ - } - - /* Establish a TCP connection with the server. */ - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - pTlsTransportParams = pNetworkContext->pParams; - socketStatus = Sockets_Connect( &( pTlsTransportParams->tcpSocket ), - pHostName, - port, - receiveTimeoutMs, - sendTimeoutMs ); - - if( socketStatus != 0 ) - { - LogError( ( "Failed to connect to %s with error %d.", - pHostName, - socketStatus ) ); - returnStatus = TLS_TRANSPORT_CONNECT_FAILURE; - } - } - - /* Initialize mbedtls. */ - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - returnStatus = initMbedtls(); - } - - /* Perform TLS handshake. */ - if( returnStatus == TLS_TRANSPORT_SUCCESS ) - { - returnStatus = tlsSetup( pNetworkContext, pHostName, pNetworkCredentials ); - } - - /* Clean up on failure. */ - if( returnStatus != TLS_TRANSPORT_SUCCESS ) - { - if( ( pNetworkContext != NULL ) && - ( pTlsTransportParams->tcpSocket != FREERTOS_INVALID_SOCKET ) ) - { - ( void ) FreeRTOS_closesocket( pTlsTransportParams->tcpSocket ); - } - } - else - { - LogInfo( ( "(Network connection %p) Connection to %s established.", - pNetworkContext, - pHostName ) ); - } - - return returnStatus; -} - -/*-----------------------------------------------------------*/ - -void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext ) -{ - TlsTransportParams_t * pTlsTransportParams = NULL; - BaseType_t tlsStatus = 0; - - if( pNetworkContext != NULL && pNetworkContext->pParams != NULL ) - { - pTlsTransportParams = pNetworkContext->pParams; - /* Attempting to terminate TLS connection. */ - tlsStatus = ( BaseType_t ) mbedtls_ssl_close_notify( &( pTlsTransportParams->sslContext.context ) ); - - /* Ignore the WANT_READ and WANT_WRITE return values. */ - if( ( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_READ ) && - ( tlsStatus != ( BaseType_t ) MBEDTLS_ERR_SSL_WANT_WRITE ) ) - { - if( tlsStatus == 0 ) - { - LogInfo( ( "(Network connection %p) TLS close-notify sent.", - pNetworkContext ) ); - } - else - { - LogError( ( "(Network connection %p) Failed to send TLS close-notify: mbedTLSError= %s : %s.", - pNetworkContext, - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - } - } - else - { - /* WANT_READ and WANT_WRITE can be ignored. Logging for debugging purposes. */ - LogInfo( ( "(Network connection %p) TLS close-notify sent; ", - "received %s as the TLS status can be ignored for close-notify." - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) ? "WANT_READ" : "WANT_WRITE", - pNetworkContext ) ); - } - - /* Call socket shutdown function to close connection. */ - Sockets_Disconnect( pTlsTransportParams->tcpSocket ); - - /* Free mbed TLS contexts. */ - sslContextFree( &( pTlsTransportParams->sslContext ) ); - } - - /* Clear the mutex functions for mbed TLS thread safety. */ - mbedtls_threading_free_alt(); -} - -/*-----------------------------------------------------------*/ - -int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, - void * pBuffer, - size_t bytesToRecv ) -{ - TlsTransportParams_t * pTlsTransportParams = NULL; - int32_t tlsStatus = 0; - - configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ); - - pTlsTransportParams = pNetworkContext->pParams; - tlsStatus = ( int32_t ) mbedtls_ssl_read( &( pTlsTransportParams->sslContext.context ), - pBuffer, - bytesToRecv ); - - if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) - { - LogDebug( ( "Failed to read data. However, a read can be retried on this error. " - "mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - - /* Mark these set of errors as a timeout. The libraries may retry read - * on these errors. */ - tlsStatus = 0; - } - else if( tlsStatus < 0 ) - { - LogError( ( "Failed to read data: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - } - else - { - /* Empty else marker. */ - } - - return tlsStatus; -} - -/*-----------------------------------------------------------*/ - -int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, - const void * pBuffer, - size_t bytesToSend ) -{ - TlsTransportParams_t * pTlsTransportParams = NULL; - int32_t tlsStatus = 0; - - configASSERT( ( pNetworkContext != NULL ) && ( pNetworkContext->pParams != NULL ) ); - - pTlsTransportParams = pNetworkContext->pParams; - tlsStatus = ( int32_t ) mbedtls_ssl_write( &( pTlsTransportParams->sslContext.context ), - pBuffer, - bytesToSend ); - - if( ( tlsStatus == MBEDTLS_ERR_SSL_TIMEOUT ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_READ ) || - ( tlsStatus == MBEDTLS_ERR_SSL_WANT_WRITE ) ) - { - LogDebug( ( "Failed to send data. However, send can be retried on this error. " - "mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - - /* Mark these set of errors as a timeout. The libraries may retry send - * on these errors. */ - tlsStatus = 0; - } - else if( tlsStatus < 0 ) - { - LogError( ( "Failed to send data: mbedTLSError= %s : %s.", - mbedtlsHighLevelCodeOrDefault( tlsStatus ), - mbedtlsLowLevelCodeOrDefault( tlsStatus ) ) ); - } - else - { - /* Empty else marker. */ - } - - return tlsStatus; -} -/*-----------------------------------------------------------*/ diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls_pkcs11/using_mbedtls_pkcs11.h b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls_pkcs11/using_mbedtls_pkcs11.h deleted file mode 100644 index 790e0d28f..000000000 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/using_mbedtls_pkcs11/using_mbedtls_pkcs11.h +++ /dev/null @@ -1,231 +0,0 @@ -/* - * FreeRTOS V202111.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - -/** - * @file tls_freertos_pkcs11.h - * @brief TLS transport interface header. - * @note This file is derived from the tls_freertos.h header file found in the mqtt - * section of IoT Libraries source code. The file has been modified to support using - * PKCS #11 when using TLS. - */ - -#ifndef USING_MBEDTLS_PKCS11 -#define USING_MBEDTLS_PKCS11 - -/**************************************************/ -/******* DO NOT CHANGE the following order ********/ -/**************************************************/ - -/* Logging related header files are required to be included in the following order: - * 1. Include the header file "logging_levels.h". - * 2. Define LIBRARY_LOG_NAME and LIBRARY_LOG_LEVEL. - * 3. Include the header file "logging_stack.h". - */ - -/* Include header that defines log levels. */ -#include "logging_levels.h" - -/* Logging configuration for the Sockets. */ -#ifndef LIBRARY_LOG_NAME - #define LIBRARY_LOG_NAME "PkcsTlsTransport" -#endif -#ifndef LIBRARY_LOG_LEVEL - #define LIBRARY_LOG_LEVEL LOG_ERROR -#endif - -/* Prototype for the function used to print to console on Windows simulator - * of FreeRTOS. - * The function prints to the console before the network is connected; - * then a UDP port after the network has connected. */ -extern void vLoggingPrintf( const char * pcFormatString, - ... ); - -/* Map the SdkLog macro to the logging function to enable logging - * on Windows simulator. */ -#ifndef SdkLog - #define SdkLog( message ) vLoggingPrintf message -#endif - -#include "logging_stack.h" - -/************ End of logging configuration ****************/ - -/* FreeRTOS+TCP include. */ -#include "FreeRTOS_Sockets.h" - -/* Transport interface include. */ -#include "transport_interface.h" - -/* mbed TLS includes. */ -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ssl.h" -#include "mbedtls/threading.h" -#include "mbedtls/x509.h" -#include "mbedtls/pk.h" -#include "mbedtls/pk_internal.h" -#include "mbedtls/error.h" - -/* PKCS #11 includes. */ -#include "core_pkcs11.h" - -/** - * @brief Secured connection context. - */ -typedef struct SSLContext -{ - mbedtls_ssl_config config; /**< @brief SSL connection configuration. */ - mbedtls_ssl_context context; /**< @brief SSL connection context */ - mbedtls_x509_crt_profile certProfile; /**< @brief Certificate security profile for this connection. */ - mbedtls_x509_crt rootCa; /**< @brief Root CA certificate context. */ - mbedtls_x509_crt clientCert; /**< @brief Client certificate context. */ - mbedtls_pk_context privKey; /**< @brief Client private key context. */ - mbedtls_pk_info_t privKeyInfo; /**< @brief Client private key info. */ - - /* PKCS#11. */ - CK_FUNCTION_LIST_PTR pxP11FunctionList; - CK_SESSION_HANDLE xP11Session; - CK_OBJECT_HANDLE xP11PrivateKey; - CK_KEY_TYPE xKeyType; -} SSLContext_t; - -/** - * @brief Definition of the network context for the transport interface - * implementation that uses mbedTLS and FreeRTOS+TLS sockets. - */ -typedef struct TlsTransportParams -{ - Socket_t tcpSocket; - SSLContext_t sslContext; -} TlsTransportParams_t; - -/** - * @brief Contains the credentials necessary for tls connection setup. - */ -typedef struct NetworkCredentials -{ - /** - * @brief To use ALPN, set this to a NULL-terminated list of supported - * protocols in decreasing order of preference. - * - * See [this link] - * (https://aws.amazon.com/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/) - * for more information. - */ - const char ** pAlpnProtos; - - /** - * @brief Disable server name indication (SNI) for a TLS session. - */ - BaseType_t disableSni; - - const unsigned char * pRootCa; /**< @brief String representing a trusted server root certificate. */ - size_t rootCaSize; /**< @brief Size associated with #NetworkCredentials.pRootCa. */ - const unsigned char * pUserName; /**< @brief String representing the username for MQTT. */ - size_t userNameSize; /**< @brief Size associated with #NetworkCredentials.pUserName. */ - const unsigned char * pPassword; /**< @brief String representing the password for MQTT. */ - size_t passwordSize; /**< @brief Size associated with #NetworkCredentials.pPassword. */ -} NetworkCredentials_t; - -/** - * @brief TLS Connect / Disconnect return status. - */ -typedef enum TlsTransportStatus -{ - TLS_TRANSPORT_SUCCESS = 0, /**< Function successfully completed. */ - TLS_TRANSPORT_INVALID_PARAMETER, /**< At least one parameter was invalid. */ - TLS_TRANSPORT_INSUFFICIENT_MEMORY, /**< Insufficient memory required to establish connection. */ - TLS_TRANSPORT_INVALID_CREDENTIALS, /**< Provided credentials were invalid. */ - TLS_TRANSPORT_HANDSHAKE_FAILED, /**< Performing TLS handshake with server failed. */ - TLS_TRANSPORT_INTERNAL_ERROR, /**< A call to a system API resulted in an internal error. */ - TLS_TRANSPORT_CONNECT_FAILURE /**< Initial connection to the server failed. */ -} TlsTransportStatus_t; - -/** - * @brief Create a TLS connection with FreeRTOS sockets. - * - * @param[out] pNetworkContext Pointer to a network context to contain the - * initialized socket handle. - * @param[in] pHostName The hostname of the remote endpoint. - * @param[in] port The destination port. - * @param[in] pNetworkCredentials Credentials for the TLS connection. - * @param[in] receiveTimeoutMs Receive socket timeout. - * @param[in] sendTimeoutMs Send socket timeout. - * - * @return #TLS_TRANSPORT_SUCCESS, #TLS_TRANSPORT_INSUFFICIENT_MEMORY, #TLS_TRANSPORT_INVALID_CREDENTIALS, - * #TLS_TRANSPORT_HANDSHAKE_FAILED, #TLS_TRANSPORT_INTERNAL_ERROR, or #TLS_TRANSPORT_CONNECT_FAILURE. - */ -TlsTransportStatus_t TLS_FreeRTOS_Connect( NetworkContext_t * pNetworkContext, - const char * pHostName, - uint16_t port, - const NetworkCredentials_t * pNetworkCredentials, - uint32_t receiveTimeoutMs, - uint32_t sendTimeoutMs ); - -/** - * @brief Gracefully disconnect an established TLS connection. - * - * @param[in] pNetworkContext Network context. - */ -void TLS_FreeRTOS_Disconnect( NetworkContext_t * pNetworkContext ); - -/** - * @brief Receives data from an established TLS connection. - * - * This is the TLS version of the transport interface's - * #TransportRecv_t function. - * - * @param[in] pNetworkContext The Network context. - * @param[out] pBuffer Buffer to receive bytes into. - * @param[in] bytesToRecv Number of bytes to receive from the network. - * - * @return Number of bytes (> 0) received if successful; - * 0 if the socket times out without reading any bytes; - * negative value on error. - */ -int32_t TLS_FreeRTOS_recv( NetworkContext_t * pNetworkContext, - void * pBuffer, - size_t bytesToRecv ); - -/** - * @brief Sends data over an established TLS connection. - * - * This is the TLS version of the transport interface's - * #TransportSend_t function. - * - * @param[in] pNetworkContext The network context. - * @param[in] pBuffer Buffer containing the bytes to send. - * @param[in] bytesToSend Number of bytes to send from the buffer. - * - * @return Number of bytes (> 0) sent on success; - * 0 if the socket times out without sending any bytes; - * else a negative value to represent error. - */ -int32_t TLS_FreeRTOS_send( NetworkContext_t * pNetworkContext, - const void * pBuffer, - size_t bytesToSend ); - -#endif /* ifndef USING_MBEDTLS_PKCS11 */ |