wiced_result_t uuid_create( uuid_t* uuid )
{
uint8_t temp[ 16 ];
uint8_t a;
char* iter = uuid->data;
wwd_wifi_get_random( temp, 16 );
temp[ 6 ] = 0x40 | ( temp[ 6 ] & 0xf );
temp[ 8 ] = 0x80 | ( temp[ 8 ] & 0x3f );
for ( a = 0; a < 16; ++a )
{
*iter++ = nibble_to_hexchar( temp[ a ] >> 4 );
*iter++ = nibble_to_hexchar( temp[ a ] & 0x0F );
switch ( a )
{
case 3:
case 5:
case 7:
case 9:
*iter = '-';
++iter;
break;
default:
break;
}
}
return WICED_SUCCESS;
}
static wiced_result_t wiced_generate_client_websocket_key( uint8_t* websocket_key_base64_ptr)
{
uint32_t i;
wiced_result_t result;
uint32_t websocket_key_length_base64;
uint8_t client_websocket_key[ WEBSOCKET_KEY_LENGTH ];
memset( client_websocket_key, 0x0, WEBSOCKET_KEY_LENGTH );
/*make room for null character*/
websocket_key_length_base64 = CLIENT_WEBSOCKET_BASE64_KEY_LENGTH - 1;
result = wwd_wifi_get_random( client_websocket_key, WEBSOCKET_KEY_LENGTH );
if ( result != WICED_SUCCESS )
{
return result;
}
/*Now we base64 encode the 16 byte key, as required by the RFC6455 specification*/
if ( base64_encode( websocket_key_base64_ptr, websocket_key_length_base64, client_websocket_key, WEBSOCKET_KEY_LENGTH ) )
{
return WICED_ERROR;
}
websocket_key_base64_ptr[ CLIENT_WEBSOCKET_BASE64_KEY_LENGTH - 1 ] = '\0';
return WICED_SUCCESS;
}
wiced_result_t wiced_generic_start_tls_with_ciphers( wiced_tls_simple_context_t* tls_context, void* referee, wiced_tls_endpoint_type_t type, wiced_tls_certificate_verification_t verification, const cipher_suite_t* cipher_list[], tls_transport_protocol_t transport_protocol )
{
microrng_state rngstate;
int prev_state;
uint64_t start_time;
tls_result_t result;
/* Initialize the session data */
if ( transport_protocol != TLS_EAP_TRANSPORT )
{
memset( &tls_context->session, 0, sizeof(wiced_tls_session_t) );
}
memset( &tls_context->context, 0, sizeof(wiced_tls_context_t) );
/* Prepare session and entropy */
tls_context->session.age = MAX_TLS_SESSION_AGE;
wwd_wifi_get_random( &rngstate.entropy, 4 );
/* Initialize session context */ /* TODO: Ideally this should be done once for a socket */
if ( ssl_init( &tls_context->context ) != 0 )
{
wiced_assert("Error initialising SSL", 0!=0 );
return WICED_TLS_INIT_FAIL;
}
tls_context->context.transport_protocol = transport_protocol;
microrng_init( &rngstate );
ssl_set_endpoint( &tls_context->context, type );
ssl_set_rng ( &tls_context->context, microrng_rand, &rngstate );
tls_context->context.receive_context = referee;
tls_context->context.send_context = referee;
tls_context->context.get_session = tls_get_session;
tls_context->context.set_session = tls_set_session;
tls_context->context.ciphers = cipher_list;
ssl_set_session ( &tls_context->context, SESSION_CAN_BE_RESUMED, 1000000, &tls_context->session );
/* Assert if user has not created correct TLS context for the TLS endpoint type */
wiced_assert("TLS servers must have an advanced TLS context", !((type == WICED_TLS_AS_SERVER) && (tls_context->context_type != WICED_TLS_ADVANCED_CONTEXT)));
if ( root_ca_certificates != NULL )
{
ssl_set_ca_chain( &tls_context->context, root_ca_certificates, tls_context->context.peer_cn );
ssl_set_authmode( &tls_context->context, verification );
}
else
{
ssl_set_authmode( &tls_context->context, SSL_VERIFY_NONE );
}
if ( tls_context->context_type == WICED_TLS_ADVANCED_CONTEXT )
{
wiced_tls_advanced_context_t* advanced_context = (wiced_tls_advanced_context_t*)tls_context;
ssl_set_own_cert( &advanced_context->context, &advanced_context->certificate, &advanced_context->key );
ssl_set_dh_param( &tls_context->context, diffie_hellman_prime_P, sizeof( diffie_hellman_prime_P ), diffie_hellman_prime_G, sizeof( diffie_hellman_prime_G ) );
}
prev_state = 0;
start_time = tls_host_get_time_ms();
do
{
uint64_t curr_time;
if (type == WICED_TLS_AS_SERVER)
{
result = ssl_handshake_server_async( &tls_context->context );
if ( result != TLS_SUCCESS )
{
WPRINT_SECURITY_INFO(( "Error with TLS server handshake\n" ));
goto exit_with_inited_context;
}
}
else
{
result = ssl_handshake_client_async( &tls_context->context );
if ( result != TLS_SUCCESS )
{
WPRINT_SECURITY_INFO(( "Error with TLS client handshake %u\n", (unsigned int)result ));
goto exit_with_inited_context;
}
}
/* break out if stuck */
curr_time = tls_host_get_time_ms();
if ( curr_time - start_time > MAX_HANDSHAKE_WAIT )
{
WPRINT_SECURITY_INFO(( "Timeout in SSL handshake\n" ));
result = TLS_HANDSHAKE_TIMEOUT;
goto exit_with_inited_context;
}
/* if no state change then wait on client */
if ( prev_state == tls_context->context.state )
{
host_rtos_delay_milliseconds( 10 );
}
else /* otherwise process next state with no delay */
{
prev_state = tls_context->context.state;
}
} while ( tls_context->context.state != SSL_HANDSHAKE_OVER );
return WICED_SUCCESS;
exit_with_inited_context:
ssl_close_notify( &tls_context->context );
ssl_free(&tls_context->context);
return (wiced_result_t) result;
}
