AudioConsole/AudioConsole.X/Source/winc3400_142/driver/source/m2m_ssl.c

/*******************************************************************************
  File Name:
    m2m_ssl.c

  Summary:
    WINC SSL Interface.

  Description:
    WINC SSL Interface.
 *******************************************************************************/

//DOM-IGNORE-BEGIN
/*******************************************************************************
* Copyright (C) 2021 Microchip Technology Inc. and its subsidiaries.
*
* Subject to your compliance with these terms, you may use Microchip software
* and any derivatives exclusively with Microchip products. It is your
* responsibility to comply with third party license terms applicable to your
* use of third party software (including open source software) that may
* accompany Microchip software.
*
* THIS SOFTWARE IS SUPPLIED BY MICROCHIP "AS IS". NO WARRANTIES, WHETHER
* EXPRESS, IMPLIED OR STATUTORY, APPLY TO THIS SOFTWARE, INCLUDING ANY IMPLIED
* WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A
* PARTICULAR PURPOSE.
*
* IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, SPECIAL, PUNITIVE,
* INCIDENTAL OR CONSEQUENTIAL LOSS, DAMAGE, COST OR EXPENSE OF ANY KIND
* WHATSOEVER RELATED TO THE SOFTWARE, HOWEVER CAUSED, EVEN IF MICROCHIP HAS
* BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE FORESEEABLE. TO THE
* FULLEST EXTENT ALLOWED BY LAW, MICROCHIP'S TOTAL LIABILITY ON ALL CLAIMS IN
* ANY WAY RELATED TO THIS SOFTWARE WILL NOT EXCEED THE AMOUNT OF FEES, IF ANY,
* THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THIS SOFTWARE.
*******************************************************************************/

/*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
INCLUDES
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*/

#include "m2m_ssl.h"
#include "m2m_hif.h"
#include "nmasic.h"

/*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
MACROS
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*/

#define	min(a,b)	(((a) < (b)) ? (a) : (b))

/*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
DATA TYPES
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*/
static tpfAppSSLCb gpfAppSSLCb       = NULL;
static uint32_t gu32HIFAddr            = 0;
static tenuTlsFlashStatus genuStatus = TLS_FLASH_ERR_UNKNOWN;

/*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
FUNCTION PROTOTYPES
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*/

/*!
@fn         void m2m_ssl_cb(uint8_t u8OpCode, uint16_t u16DataSize, uint32_t u32Addr)
@brief      Internal SSL callback function.
@param [in] u8OpCode
                HIF Opcode type.
@param [in] u16DataSize
                HIF data length.
@param [in] u32Addr
            HIF address.
*/
static void m2m_ssl_cb(uint8_t u8OpCode, uint16_t u16DataSize, uint32_t u32Addr)
{
    int8_t s8tmp = M2M_SUCCESS;
    switch(u8OpCode)
    {
        case M2M_SSL_REQ_ECC:
        {
            tstrEccReqInfo strEccREQ;
            s8tmp = hif_receive(u32Addr, (uint8_t *)&strEccREQ, sizeof(tstrEccReqInfo), 0);
            if(s8tmp == M2M_SUCCESS)
            {
                if(gpfAppSSLCb)
                {
                    gu32HIFAddr = u32Addr + sizeof(tstrEccReqInfo);
                    gpfAppSSLCb(M2M_SSL_REQ_ECC, &strEccREQ);
                }
            }
        }
        break;
        case M2M_SSL_RESP_SET_CS_LIST:
        {
            tstrSslSetActiveCsList strCsList;
            s8tmp = hif_receive(u32Addr, (uint8_t *)&strCsList, sizeof(tstrSslSetActiveCsList), 0);
            if(s8tmp == M2M_SUCCESS)
            {
                if(gpfAppSSLCb)
                    gpfAppSSLCb(M2M_SSL_RESP_SET_CS_LIST, &strCsList);
            }
        }
        break;
        case M2M_SSL_RESP_WRITE_OWN_CERTS:
        {
            tstrTlsSrvChunkHdr strTlsSrvChunkRsp;
            uint8_t bCallApp = 1;

            s8tmp = hif_receive(u32Addr, (uint8_t *)&strTlsSrvChunkRsp, sizeof(tstrTlsSrvChunkHdr), 0);
            if(s8tmp == M2M_SUCCESS)
            {
                uint16_t offset = strTlsSrvChunkRsp.u16Offset32;
                uint16_t chunk_size = strTlsSrvChunkRsp.u16Size32;
                uint16_t total_size = strTlsSrvChunkRsp.u16TotalSize32;
                tenuTlsFlashStatus status = (tenuTlsFlashStatus)(strTlsSrvChunkRsp.u16Sig);

                /* If first chunk, reset status. */
                if(offset == 0)
                    genuStatus = TLS_FLASH_OK_NO_CHANGE;
                /* Only send status to app when processing last chunk. */
                if(offset + chunk_size != total_size)
                    bCallApp = 0;

                switch(status)
                {
                    case TLS_FLASH_OK:
                        // Good flash write. Update status if no errors yet.
                        if(genuStatus == TLS_FLASH_OK_NO_CHANGE)
                            genuStatus = status;
                        break;
                    case TLS_FLASH_OK_NO_CHANGE:
                        // No change, don't update status.
                        break;
                    case TLS_FLASH_ERR_CORRUPT:
                        // Corrupt. Always update status.
                        genuStatus = status;
                        break;
                    case TLS_FLASH_ERR_NO_CHANGE:
                        // Failed flash write. Update status if no more serious error.
                        if((genuStatus != TLS_FLASH_ERR_CORRUPT) && (genuStatus != TLS_FLASH_ERR_UNKNOWN))
                            genuStatus = status;
                        break;
                    default:
                        // Don't expect any other case. Ensure we don't mask a previous corrupt error.
                        if(genuStatus != TLS_FLASH_ERR_CORRUPT)
                            genuStatus = TLS_FLASH_ERR_UNKNOWN;
                        break;
                }
            }
            if(bCallApp && gpfAppSSLCb)
                gpfAppSSLCb(M2M_SSL_RESP_WRITE_OWN_CERTS, &genuStatus);
        }
        break;
    }
    if(s8tmp != M2M_SUCCESS)
    {
        M2M_ERR("Error receiving SSL from the HIF\n");
    }
}

/*!
@fn         int8_t m2m_ssl_init(tpfAppSSLCb pfAppSSLCb)
@brief      Initializes the SSL layer.
@param [in] pfAppSslCb
                Application SSL callback function.
@return     The function returns @ref M2M_SUCCESS for success and a negative value otherwise.
*/
int8_t m2m_ssl_init(tpfAppSSLCb pfAppSSLCb)
{
    int8_t s8Ret = M2M_SUCCESS;
    gpfAppSSLCb = pfAppSSLCb;
    gu32HIFAddr = 0;
    genuStatus = TLS_FLASH_ERR_UNKNOWN;
    s8Ret = hif_register_cb(M2M_REQ_GROUP_SSL, m2m_ssl_cb);
    if(s8Ret != M2M_SUCCESS)
    {
        M2M_ERR("hif_register_cb() failed with ret=%d", s8Ret);
    }
    return s8Ret;
}

/*!
@fn         int8_t m2m_ssl_handshake_rsp(tstrEccReqInfo* strECCResp, uint8_t* pu8RspDataBuff, uint16_t u16RspDataSz)
@brief      Sends ECC responses to the WINC.
@param[in]  strECCResp
                ECC Response struct.
@param[in]  pu8RspDataBuff
                Pointer of the response data to be sent.
@param[in]  u16RspDataSz
                Response data size.
@return     The function returns @ref M2M_SUCCESS for success and a negative value otherwise.
*/
int8_t m2m_ssl_handshake_rsp(tstrEccReqInfo *strECCResp, uint8_t *pu8RspDataBuff, uint16_t u16RspDataSz)
{
    int8_t s8Ret = M2M_SUCCESS;

    s8Ret = hif_send(M2M_REQ_GROUP_SSL, (M2M_SSL_RESP_ECC | M2M_REQ_DATA_PKT), (uint8_t *)strECCResp, sizeof(tstrEccReqInfo), pu8RspDataBuff, u16RspDataSz, sizeof(tstrEccReqInfo));

    return s8Ret;
}

/*!
@fn         int8_t m2m_ssl_send_certs_to_winc(uint8_t *pu8Buffer, uint32_t u32BufferSz)
@brief      Sends certificates to the WINC
@param[in]  pu8Buffer
                Pointer to the certificates.
@param[in]  u32BufferSz
                Size of the certificates.
@return     The function returns @ref M2M_SUCCESS for success and a negative value otherwise.
*/
int8_t m2m_ssl_send_certs_to_winc(uint8_t *pu8Buffer, uint32_t u32BufferSz)
{
    int8_t s8Ret = M2M_SUCCESS;
#define TXLIMIT  (256 * 6)

    if(u32BufferSz <= TXLIMIT)
    {
        // set chunk header for one chunk
        tstrTlsSrvChunkHdr *pchkhdr = (tstrTlsSrvChunkHdr *)pu8Buffer;
        pchkhdr->u16Sig = TLS_CERTS_CHUNKED_SIG_VALUE;
        pchkhdr->u16TotalSize32 = (u32BufferSz + 3) >> 2;
        pchkhdr->u16Offset32 = 0;
        pchkhdr->u16Size32 = (u32BufferSz + 3) >> 2;
        s8Ret = hif_send(M2M_REQ_GROUP_SSL, (M2M_SSL_REQ_WRITE_OWN_CERTS | M2M_REQ_DATA_PKT), NULL, 0, pu8Buffer, u32BufferSz, 0);
        M2M_INFO("Transferred %" PRIu32 " bytes of cert data NON-CHUNKED\r\n", u32BufferSz);
    }
    else
    {
        // chunk it
        // We are sneaking in a header - tstrTlsSrvChunkHdr
#define CHUNKHDRSZ (sizeof(tstrTlsSrvChunkHdr))
#define CHUNKSZ    (TXLIMIT - 256) // divisible by 4
        uint8_t saveblob[CHUNKHDRSZ];
        uint32_t ofs = 0;
        uint32_t thischunksz = 0;

        // first is special - over writing our header
        memcpy(saveblob, &pu8Buffer[ofs], CHUNKHDRSZ);
        thischunksz = min(CHUNKSZ, u32BufferSz-ofs); // no need to round up to quad words this time

        tstrTlsSrvChunkHdr *pchkhdr = (tstrTlsSrvChunkHdr *)&pu8Buffer[ofs];
        pchkhdr->u16Sig = TLS_CERTS_CHUNKED_SIG_VALUE;
        pchkhdr->u16TotalSize32 = ((u32BufferSz + 3) >> 2);
        pchkhdr->u16Offset32 = ((ofs + 3) >> 2);
        pchkhdr->u16Size32 = ((thischunksz + 3) >> 2);
        s8Ret = hif_send(M2M_REQ_GROUP_SSL, (M2M_SSL_REQ_WRITE_OWN_CERTS | M2M_REQ_DATA_PKT), NULL, 0, &pu8Buffer[ofs], thischunksz, 0);
        M2M_INFO("Transferred %" PRIu32 " bytes of cert data CHUNKED to offset %" PRIu32 " total %" PRIu32 "\r\n", thischunksz, ofs, u32BufferSz);
        memcpy(&pu8Buffer[ofs], saveblob, CHUNKHDRSZ);
        ofs += thischunksz;

        while(ofs < u32BufferSz)
        {
            // Subsequent chunks write header before and send a little more
            memcpy(saveblob, &pu8Buffer[ofs-CHUNKHDRSZ], CHUNKHDRSZ);
            thischunksz = min(CHUNKSZ, u32BufferSz-ofs);
            thischunksz = (thischunksz + 3) & 0xFFFFFFFC; // needs to round up to quad word length
            pchkhdr = (tstrTlsSrvChunkHdr *)&pu8Buffer[ofs - CHUNKHDRSZ];
            pchkhdr->u16Sig = TLS_CERTS_CHUNKED_SIG_VALUE;
            pchkhdr->u16TotalSize32 = ((u32BufferSz + 3) >> 2);
            pchkhdr->u16Offset32 = ((ofs + 3) >> 2);
            pchkhdr->u16Size32 = ((thischunksz + 3) >> 2);
            s8Ret = hif_send(M2M_REQ_GROUP_SSL, (M2M_SSL_REQ_WRITE_OWN_CERTS | M2M_REQ_DATA_PKT), NULL, 0, &pu8Buffer[ofs - CHUNKHDRSZ], thischunksz + CHUNKHDRSZ, 0);
            M2M_INFO("Transferred %" PRIu32 " bytes of cert data CHUNKED to offset %" PRIu32 " total %" PRIu32 "\n", thischunksz, ofs, u32BufferSz);
            memcpy(&pu8Buffer[ofs - CHUNKHDRSZ], saveblob, CHUNKHDRSZ);
            ofs += thischunksz;
        }
    }

    return s8Ret;
}

/*!
@fn         int8_t m2m_ssl_retrieve_next_for_verifying(tenuEcNamedCurve *penuCurve, uint8_t *pu8Value, uint16_t *pu16ValueSz, uint8_t *pu8Sig, uint16_t *pu16SigSz, tstrECPoint *pstrKey);
@brief      Retrieve the next set of information from the WINC for ECDSA verification.
@param[out] penuCurve
                The named curve.
@param[out] pu8Value
                Value retrieved for verification. This is the digest of the message, truncated/prepended to the appropriate size.
@param[inout] pu16ValueSz
                in: Size of value buffer provided by caller.
                out: Size of value retrieved (provided for convenience; the value size is in fact determined by the curve).
@param[out] pu8Sig
                Signature retrieved for verification.
@param[inout] pu16SigSz
                in: Size of signature buffer provided by caller.
                out: Size of signature retrieved (provided for convenience; the signature size is in fact determined by the curve).
@param[out] pstrKey
                Public key retrieved for verification.
@return     The function returns @ref M2M_SUCCESS for success and a negative value otherwise.

@pre        This function should only be called after the application has been notified that
            verification information is ready via @ref ECC_REQ_SIGN_VERIFY.

@warning    If this function returns @ref M2M_ERR_FAIL, then any remaining verification info from
            the WINC is lost.
*/
int8_t m2m_ssl_retrieve_next_for_verifying(tenuEcNamedCurve *penuCurve, uint8_t *pu8Value, uint16_t *pu16ValueSz, uint8_t *pu8Sig, uint16_t *pu16SigSz, tstrECPoint *pstrKey)
{
    int8_t   s8Ret = M2M_ERR_FAIL;
    uint16_t  u16HashSz, u16SigSz, u16KeySz;

    if(gu32HIFAddr == 0) return M2M_ERR_FAIL;

    if((NULL == penuCurve) || (NULL == pu8Value) || (NULL == pu16ValueSz) || (NULL == pu8Sig) || (NULL == pu16SigSz) || (NULL == pstrKey))
    {
        s8Ret = M2M_ERR_INVALID_ARG;
        goto __ERR;
    }

    if(hif_receive(gu32HIFAddr, (uint8_t *)&u16KeySz, 2, 0) != M2M_SUCCESS) goto __ERR;
    *penuCurve = _htons(u16KeySz);
    gu32HIFAddr += 2;

    if(hif_receive(gu32HIFAddr, (uint8_t *)&u16KeySz, 2, 0) != M2M_SUCCESS) goto __ERR;
    u16KeySz = _htons(u16KeySz);
    if(u16KeySz > sizeof(pstrKey->X)) goto __ERR;
    pstrKey->u16Size = u16KeySz;
    gu32HIFAddr += 2;

    if(hif_receive(gu32HIFAddr, (uint8_t *)&u16HashSz, 2, 0) != M2M_SUCCESS) goto __ERR;
    u16HashSz = _htons(u16HashSz);
    if(u16HashSz > *pu16ValueSz) goto __ERR;
    *pu16ValueSz = u16HashSz;
    gu32HIFAddr += 2;

    if(hif_receive(gu32HIFAddr, (uint8_t *)&u16SigSz, 2, 0) != M2M_SUCCESS) goto __ERR;
    u16SigSz = _htons(u16SigSz);
    if(u16SigSz > *pu16SigSz) goto __ERR;
    *pu16SigSz = u16SigSz;
    gu32HIFAddr += 2;

    if(hif_receive(gu32HIFAddr, pstrKey->X, u16KeySz, 0) != M2M_SUCCESS) goto __ERR;
    gu32HIFAddr += u16KeySz;
    if(hif_receive(gu32HIFAddr, pstrKey->Y, u16KeySz, 0) != M2M_SUCCESS) goto __ERR;
    gu32HIFAddr += u16KeySz;

    if(hif_receive(gu32HIFAddr, pu8Value, u16HashSz, 0) != M2M_SUCCESS) goto __ERR;
    gu32HIFAddr += u16HashSz;

    if(hif_receive(gu32HIFAddr, pu8Sig, u16SigSz, 0) != M2M_SUCCESS) goto __ERR;
    gu32HIFAddr += u16SigSz;

    return M2M_SUCCESS;

__ERR:
    hif_receive(0, NULL, 0, 1);
    return s8Ret;
}

/*!
@fn         int8_t m2m_ssl_retrieve_cert(uint16_t *pu16Curve, uint8_t *pu8Value, uint8_t *pu8Sig, tstrECPoint *pstrKey);
@brief      Retrieve the next set of information from the WINC for ECDSA verification.
@param[out] pu16Curve
                The named curve, to be cast to type @ref tenuEcNamedCurve.
@param[out] pu8Value
                Value retrieved for verification. This is the digest of the message, truncated/prepended to the appropriate size.
                The size of the value is equal to the field size of the curve, hence is determined by pu16Curve.
@param[out] pu8Sig
                Signature retrieved for verification.
                The size of the signature is equal to twice the field size of the curve, hence is determined by pu16Curve.
@param[out] pstrKey
                Public key retrieved for verification.
@return     The function returns @ref M2M_SUCCESS for success and a negative value otherwise.

@pre        This function should only be called after the application has been notified that
            verification information is ready via @ref ECC_REQ_SIGN_VERIFY.

@warning    If this function returns @ref M2M_ERR_FAIL, then any remaining verification info from
            the WINC is lost.

@warning    This API has been deprecated and is kept for legacy purposes only. It is recommended
            that @ref m2m_ssl_retrieve_next_for_verifying is used instead.
*/
int8_t m2m_ssl_retrieve_cert(uint16_t *pu16Curve, uint8_t *pu8Value, uint8_t *pu8Sig, tstrECPoint *pstrKey)
{
    uint16_t  u16ValueSz = 32, u16SigSz = 64;

    return m2m_ssl_retrieve_next_for_verifying((tenuEcNamedCurve *)pu16Curve, pu8Value, &u16ValueSz, pu8Sig, &u16SigSz, pstrKey);
}

/*!
@fn         int8_t m2m_ssl_retrieve_hash(uint8_t *pu8Value, uint16_t u16ValueSz)
@brief      Retrieve the value from the WINC for ECDSA signing.
@param[out] pu8Value
                Value retrieved for signing. This is the digest of the message, truncated/prepended to the appropriate size.
@param[in]  u16ValueSz
                Size of value to be retrieved. (The application should obtain this information,
                along with the curve, from the associated @ref ECC_REQ_SIGN_GEN notification.)
@return     The function returns @ref M2M_SUCCESS for success and a negative value otherwise.

@pre        This function should only be called after the application has been notified that
            signing information is ready via @ref ECC_REQ_SIGN_GEN.

@warning    If this function returns @ref M2M_ERR_FAIL, then the value for signing is lost.
*/
int8_t m2m_ssl_retrieve_hash(uint8_t *pu8Value, uint16_t u16ValueSz)
{
    int8_t   s8Ret = M2M_ERR_FAIL;

    if(gu32HIFAddr == 0) return M2M_ERR_FAIL;

    if(NULL == pu8Value)
    {
        s8Ret = M2M_ERR_INVALID_ARG;
        goto __ERR;
    }

    if(hif_receive(gu32HIFAddr, pu8Value, u16ValueSz, 0) != M2M_SUCCESS) goto __ERR;

    return M2M_SUCCESS;

__ERR:
    hif_receive(0, NULL, 0, 1);
    return s8Ret;
}

/*!
@fn         void m2m_ssl_stop_retrieving(void);
@brief      Allow SSL driver to tidy up when the application chooses not to retrieve all available
            information.

@return     None.

@warning    The application must call this function if it has been notified (via
            @ref ECC_REQ_SIGN_GEN or @ref ECC_REQ_SIGN_VERIFY) that information is available for
            retrieving from the WINC, but chooses not to retrieve it all.
            The application must not call this function if it has retrieved all the available
            information, or if a retrieve function returned @ref M2M_ERR_FAIL indicating that any
            remaining information has been lost.

@see        m2m_ssl_retrieve_next_for_verifying\n
            m2m_ssl_retrieve_cert\n
            m2m_ssl_retrieve_hash
*/
void m2m_ssl_stop_retrieving(void)
{
    hif_receive(0, NULL, 0, 1);
}

/*!
@fn         void m2m_ssl_stop_processing_certs(void);
@brief      Allow SSL driver to tidy up in case application does not read all available certificates.
@return     None.

@warning    This API has been deprecated and is kept for legacy purposes only. It is recommended
            that @ref m2m_ssl_stop_retrieving is used instead.
*/
void m2m_ssl_stop_processing_certs(void)
{
    m2m_ssl_stop_retrieving();
}

/*!
@fn         void m2m_ssl_ecc_process_done(void);
@brief      Allow SSL driver to tidy up after application has finished processing ECC message.

@return     None.

@warning    The application should call this function after receiving an SSL callback with message
            type @ref M2M_SSL_REQ_ECC, after retrieving any related information, and before
            calling @ref m2m_ssl_handshake_rsp.
*/
void m2m_ssl_ecc_process_done(void)
{
    gu32HIFAddr = 0;
}

/*!
@fn         int8_t m2m_ssl_set_active_ciphersuites(uint32_t u32SslCsBMP)
@brief      Sets the active ciphersuites.
@details    Override the default Active SSL ciphers in the SSL module with a certain combination selected by the caller in the form of
            a bitmap containing the required ciphers to be on.
            There is no need to call this function if the application will not change the default ciphersuites.

@param [in] u32SslCsBMP
                Bitmap containing the desired ciphers to be enabled for the SSL module. The ciphersuites are defined in
                @ref SSLCipherSuiteID.
                The default ciphersuites are all ciphersuites supported by the firmware with the exception of ECC ciphersuites.
                The caller can override the default with any desired combination.
                If u32SslCsBMP does not contain any ciphersuites supported by firmware, then the current active list will not
                change.

@return
            - @ref SOCK_ERR_NO_ERROR
            - @ref SOCK_ERR_INVALID_ARG
*/
int8_t m2m_ssl_set_active_ciphersuites(uint32_t u32SslCsBMP)
{
    int8_t s8Ret = M2M_SUCCESS;
    tstrSslSetActiveCsList  strCsList;

    strCsList.u32CsBMP = u32SslCsBMP;
    s8Ret = hif_send(M2M_REQ_GROUP_SSL, M2M_SSL_REQ_SET_CS_LIST, (uint8_t *)&strCsList, sizeof(tstrSslSetActiveCsList), NULL, 0, 0);

    return s8Ret;
}

//DOM-IGNORE-END