TCAT agent connect and disconnect implemented with extraction of cert…

…ificate details. More TLV commands implemented.
arnulfrupp · Jul 17, 2023 · 0d53d83 · 0d53d83
1 parent 0bfc1bc
commit 0d53d83
Show file tree

Hide file tree

Showing 9 changed files with 493 additions and 163 deletions.
diff --git a/include/openthread/ble_secure.h b/include/openthread/ble_secure.h
@@ -201,13 +201,13 @@ otError otBleSecureGetPeerCertificateBase64(otInstance    *aInstance,
  * @retval OT_ERROR_NO_BUFS         Insufficient memory for storing the attribute value.
  *
  */
-otError otBleSecureGetPeerSubjectAttributeByOid(otInstance    *aInstance,
-                                                const char    *aOid,
-                                                size_t         aOidLength,
-                                                unsigned char *aAttributeBuffer,
-                                                size_t        *aAttributeLength,
-                                                size_t         aAttributeBufferSize,
-                                                int           *aAns1Type);
+otError otBleSecureGetPeerSubjectAttributeByOid(otInstance *aInstance,
+                                                const char *aOid,
+                                                size_t      aOidLength,
+                                                uint8_t    *aAttributeBuffer,
+                                                size_t     *aAttributeLength,
+                                                size_t      aAttributeBufferSize,
+                                                int        *aAns1Type);
 
 /**
  * This method returns an attribute value for the OID 1.3.6.1.4.1.44970.x from the v3 extensions of
@@ -232,11 +232,11 @@ otError otBleSecureGetPeerSubjectAttributeByOid(otInstance    *aInstance,
  * @retval OT_ERROR_PARSE            The certificate extensions could not be parsed.
  *
  */
-otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance    *aInstance,
-                                                         int            aThreadOidDescriptor,
-                                                         unsigned char *aAttributeBuffer,
-                                                         size_t        *aAttributeLength,
-                                                         size_t         aAttributeBufferSize);
+otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance *aInstance,
+                                                         int         aThreadOidDescriptor,
+                                                         uint8_t    *aAttributeBuffer,
+                                                         size_t     *aAttributeLength,
+                                                         size_t      aAttributeBufferSize);
 
 /**
  * This method returns an attribute value for the OID 1.3.6.1.4.1.44970.x from the v3 extensions of
@@ -258,11 +258,11 @@ otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance    *aInstanc
  * @retval OT_ERROR_PARSE            The certificate extensions could not be parsed.
  *
  */
-otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance    *aInstance,
-                                                        int            aThreadOidDescriptor,
-                                                        unsigned char *aAttributeBuffer,
-                                                        size_t        *aAttributeLength,
-                                                        size_t         aAttributeBufferSize);
+otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance *aInstance,
+                                                        int         aThreadOidDescriptor,
+                                                        uint8_t    *aAttributeBuffer,
+                                                        size_t     *aAttributeLength,
+                                                        size_t      aAttributeBufferSize);
 
 /**
  * This method returns an attribute value for the OID 1.3.6.1.4.1.44970.x from the v3 extensions of
@@ -284,11 +284,11 @@ otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance    *aInstance
  * @retval OT_ERROR_PARSE            The certificate extensions could not be parsed.
  *
  */
-otError otBleSecureGetThreadAttributeFromCaCertificateChain(otInstance    *aInstance,
-                                                            int            aThreadOidDescriptor,
-                                                            unsigned char *aAttributeBuffer,
-                                                            size_t        *aAttributeLength,
-                                                            size_t         aAttributeBufferSize);
+otError otBleSecureGetThreadAttributeFromCaCertificateChain(otInstance *aInstance,
+                                                            int         aThreadOidDescriptor,
+                                                            uint8_t    *aAttributeBuffer,
+                                                            size_t     *aAttributeLength,
+                                                            size_t      aAttributeBufferSize);
 
 /**
  * This method sets the authentication mode for the BLE secure connection.
@@ -349,7 +349,7 @@ void otBleSecureSetCaCertificateChain(otInstance    *aInstance,
 otError otBleSecureConnect(otInstance *aInstance);
 
 /**
- * This method stops the TLS connection.
+ * This method stops the BLE and TLS connection.
  *
  * @param[in]  aInstance  A pointer to an OpenThread instance.
  *

diff --git a/include/openthread/tcat.h b/include/openthread/tcat.h
@@ -64,6 +64,8 @@ extern "C" {
  *
  */
 
+#define OT_TCAT_MAX_SERVICE_NAME_LENGTH 15 ///< Maximum string length of a UDP or TCP service name (does not include null char).
+
 /**
  * This enumeration represents TCAT TLV types.
  *
@@ -146,12 +148,12 @@ typedef enum otTcatStatusCode
 } otTcatStatusCode;
 
 /**
- * This enumeration represents TCAT status.
+ * This enumeration represents TCAT message type.
  *
  */
 typedef enum otTcatMessageType
 {
-    OT_TCAT_MESSAGE_TYPE_RAW                    = 0,    ///< Message which has been sent without activating the TCAT agent
+    OT_TCAT_MESSAGE_TYPE_NONE                   = 0,    ///< Message which has been sent without activating the TCAT agent
     OT_TCAT_MESSAGE_TYPE_STATUS                 = 1,    ///< Message contaning a status code (byte) as definded in otTcatStatusCode 
     OT_TCAT_MESSAGE_TYPE_UDP                    = 2,    ///< Message directed to a UDP service
     OT_TCAT_MESSAGE_TYPE_TCP                    = 3,    ///< Message directed to a TCP service

diff --git a/src/core/api/ble_secure_api.cpp b/src/core/api/ble_secure_api.cpp
@@ -91,44 +91,44 @@ otError otBleSecureGetPeerCertificateBase64(otInstance    *aInstance,
 #endif // defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-otError otBleSecureGetPeerSubjectAttributeByOid(otInstance    *aInstance,
-                                                const char    *aOid,
-                                                size_t         aOidLength,
-                                                unsigned char *aAttributeBuffer,
-                                                size_t        *aAttributeLength,
-                                                size_t         aAttributeBufferSize,
-                                                int           *aAns1Type)
+otError otBleSecureGetPeerSubjectAttributeByOid(otInstance *aInstance,
+                                                const char *aOid,
+                                                size_t      aOidLength,
+                                                uint8_t    *aAttributeBuffer,
+                                                size_t     *aAttributeLength,
+                                                size_t      aAttributeBufferSize,
+                                                int        *aAns1Type)
 {
     return AsCoreType(aInstance).GetApplicationBleSecure().GetPeerSubjectAttributeByOid(
         aOid, aOidLength, aAttributeBuffer, aAttributeLength, aAttributeBufferSize, aAns1Type);
 }
 
-otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance    *aInstance,
-                                                         int            aThreadOidDescriptor,
-                                                         unsigned char *aAttributeBuffer,
-                                                         size_t        *aAttributeLength,
-                                                         size_t         aAttributeBufferSize)
+otError otBleSecureGetThreadAttributeFromPeerCertificate(otInstance *aInstance,
+                                                         int         aThreadOidDescriptor,
+                                                         uint8_t    *aAttributeBuffer,
+                                                         size_t     *aAttributeLength,
+                                                         size_t      aAttributeBufferSize)
 {
     return AsCoreType(aInstance).GetApplicationBleSecure().GetThreadAttributeFromPeerCertificate(
         aThreadOidDescriptor, aAttributeBuffer, aAttributeLength, aAttributeBufferSize);
 }
 #endif // defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 
-otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance    *aInstance,
-                                                        int            aThreadOidDescriptor,
-                                                        unsigned char *aAttributeBuffer,
-                                                        size_t        *aAttributeLength,
-                                                        size_t         aAttributeBufferSize)
+otError otBleSecureGetThreadAttributeFromOwnCertificate(otInstance *aInstance,
+                                                        int         aThreadOidDescriptor,
+                                                        uint8_t    *aAttributeBuffer,
+                                                        size_t     *aAttributeLength,
+                                                        size_t      aAttributeBufferSize)
 {
     return AsCoreType(aInstance).GetApplicationBleSecure().GetThreadAttributeFromOwnCertificate(
         aThreadOidDescriptor, aAttributeBuffer, aAttributeLength, aAttributeBufferSize);
 }
 
-otError otBleSecureGetThreadAttributeFromCaCertificateChain(otInstance    *aInstance,
-                                                            int            aThreadOidDescriptor,
-                                                            unsigned char *aAttributeBuffer,
-                                                            size_t        *aAttributeLength,
-                                                            size_t         aAttributeBufferSize)
+otError otBleSecureGetThreadAttributeFromCaCertificateChain(otInstance *aInstance,
+                                                            int         aThreadOidDescriptor,
+                                                            uint8_t    *aAttributeBuffer,
+                                                            size_t     *aAttributeLength,
+                                                            size_t      aAttributeBufferSize)
 {
     return AsCoreType(aInstance).GetApplicationBleSecure().GetThreadAttributeFromCaCertificateChain(
         aThreadOidDescriptor, aAttributeBuffer, aAttributeLength, aAttributeBufferSize);

diff --git a/src/core/meshcop/dtls.cpp b/src/core/meshcop/dtls.cpp
@@ -585,12 +585,12 @@ Error Dtls::GetPeerCertificateBase64(unsigned char *aPeerCert, size_t *aCertLeng
 #endif // defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-Error Dtls::GetPeerSubjectAttributeByOid(const char    *aOid,
-                                         size_t         aOidLength,
-                                         unsigned char *aAttributeBuffer,
-                                         size_t        *aAttributeLength,
-                                         size_t         aAttributeBufferSize,
-                                         int           *aAns1Type)
+Error Dtls::GetPeerSubjectAttributeByOid(const char *aOid,
+                                         size_t      aOidLength,
+                                         uint8_t    *aAttributeBuffer,
+                                         size_t     *aAttributeLength,
+                                         size_t      aAttributeBufferSize,
+                                         int        *aAns1Type)
 {
     Error                          error = kErrorNone;
     const mbedtls_asn1_named_data *data;
@@ -625,10 +625,10 @@ Error Dtls::GetPeerSubjectAttributeByOid(const char    *aOid,
     return error;
 }
 
-Error Dtls::GetThreadAttributeFromPeerCertificate(int            aThreadOidDescriptor,
-                                                  unsigned char *aAttributeBuffer,
-                                                  size_t        *aAttributeLength,
-                                                  size_t         aAttributeBufferSize)
+Error Dtls::GetThreadAttributeFromPeerCertificate(int      aThreadOidDescriptor,
+                                                  uint8_t *aAttributeBuffer,
+                                                  size_t  *aAttributeLength,
+                                                  size_t   aAttributeBufferSize)
 {
     const mbedtls_x509_crt *cert = mbedtls_ssl_get_peer_cert(&mSsl);
 
@@ -638,21 +638,21 @@ Error Dtls::GetThreadAttributeFromPeerCertificate(int            aThreadOidDescr
 
 #endif // defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 
-Error Dtls::GetThreadAttributeFromOwnCertificate(int            aThreadOidDescriptor,
-                                                 unsigned char *aAttributeBuffer,
-                                                 size_t        *aAttributeLength,
-                                                 size_t         aAttributeBufferSize)
+Error Dtls::GetThreadAttributeFromOwnCertificate(int      aThreadOidDescriptor,
+                                                 uint8_t *aAttributeBuffer,
+                                                 size_t  *aAttributeLength,
+                                                 size_t   aAttributeBufferSize)
 {
     const mbedtls_x509_crt *cert = &mOwnCert;
 
     return GetThreadAttributeFromCertificate(cert, aThreadOidDescriptor, aAttributeBuffer, aAttributeLength,
                                              aAttributeBufferSize);
 }
 
-Error Dtls::GetThreadAttributeFromCaCertificateChain(int            aThreadOidDescriptor,
-                                                     unsigned char *aAttributeBuffer,
-                                                     size_t        *aAttributeLength,
-                                                     size_t         aAttributeBufferSize)
+Error Dtls::GetThreadAttributeFromCaCertificateChain(int      aThreadOidDescriptor,
+                                                     uint8_t *aAttributeBuffer,
+                                                     size_t  *aAttributeLength,
+                                                     size_t   aAttributeBufferSize)
 {
     const mbedtls_x509_crt *cert = &mCaChain;
 
@@ -662,7 +662,7 @@ Error Dtls::GetThreadAttributeFromCaCertificateChain(int            aThreadOidDe
 
 Error Dtls::GetThreadAttributeFromCertificate(const mbedtls_x509_crt *aCert,
                                               int                     aThreadOidDescriptor,
-                                              unsigned char          *aAttributeBuffer,
+                                              uint8_t                *aAttributeBuffer,
                                               size_t                 *aAttributeLength,
                                               size_t                  aAttributeBufferSize)
 {

diff --git a/src/core/meshcop/dtls.hpp b/src/core/meshcop/dtls.hpp
@@ -310,12 +310,12 @@ class Dtls : public InstanceLocator
      * @retval kErrorNoBufs         Insufficient memory for storing the attribute value.
      *
      */
-    Error GetPeerSubjectAttributeByOid(const char    *aOid,
-                                       size_t         aOidLength,
-                                       unsigned char *aAttributeBuffer,
-                                       size_t        *aAttributeLength,
-                                       size_t         aAttributeBufferSize,
-                                       int           *aAns1Type);
+    Error GetPeerSubjectAttributeByOid(const char *aOid,
+                                       size_t      aOidLength,
+                                       uint8_t    *aAttributeBuffer,
+                                       size_t     *aAttributeLength,
+                                       size_t      aAttributeBufferSize,
+                                       int        *aAns1Type);
 
     /**
      * This method returns an attribute value for the OID 1.3.6.1.4.1.44970.x from the v3 extensions of
@@ -336,10 +336,10 @@ class Dtls : public InstanceLocator
      * @retval kErrorParse            The certificate extensions could not be parsed.
      *
      */
-    Error GetThreadAttributeFromPeerCertificate(int            aThreadOidDescriptor,
-                                                unsigned char *aAttributeBuffer,
-                                                size_t        *aAttributeLength,
-                                                size_t         aAttributeBufferSize);
+    Error GetThreadAttributeFromPeerCertificate(int      aThreadOidDescriptor,
+                                                uint8_t *aAttributeBuffer,
+                                                size_t  *aAttributeLength,
+                                                size_t   aAttributeBufferSize);
 #endif // defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 
     /**
@@ -361,10 +361,10 @@ class Dtls : public InstanceLocator
      * @retval kErrorParse            The certificate extensions could not be parsed.
      *
      */
-    Error GetThreadAttributeFromOwnCertificate(int            aThreadOidDescriptor,
-                                               unsigned char *aAttributeBuffer,
-                                               size_t        *aAttributeLength,
-                                               size_t         aAttributeBufferSize);
+    Error GetThreadAttributeFromOwnCertificate(int      aThreadOidDescriptor,
+                                               uint8_t *aAttributeBuffer,
+                                               size_t  *aAttributeLength,
+                                               size_t   aAttributeBufferSize);
 
     /**
      * This method returns an attribute value for the OID 1.3.6.1.4.1.44970.x from the v3 extensions of
@@ -385,10 +385,10 @@ class Dtls : public InstanceLocator
      * @retval kErrorParse            The certificate extensions could not be parsed.
      *
      */
-    Error GetThreadAttributeFromCaCertificateChain(int            aThreadOidDescriptor,
-                                                   unsigned char *aAttributeBuffer,
-                                                   size_t        *aAttributeLength,
-                                                   size_t         aAttributeBufferSize);
+    Error GetThreadAttributeFromCaCertificateChain(int      aThreadOidDescriptor,
+                                                   uint8_t *aAttributeBuffer,
+                                                   size_t  *aAttributeLength,
+                                                   size_t   aAttributeBufferSize);
 
     /**
      * Set the authentication mode for a dtls connection.
@@ -490,7 +490,7 @@ class Dtls : public InstanceLocator
 
     Error GetThreadAttributeFromCertificate(const mbedtls_x509_crt *aCert,
                                             int                     aThreadOidDescriptor,
-                                            unsigned char          *aAttributeBuffer,
+                                            uint8_t                *aAttributeBuffer,
                                             size_t                 *aAttributeLength,
                                             size_t                  aAttributeBufferSize);
 #endif