1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
22 #include "ck_manager.h"
23 #include "crlresource.h"
24 #include "oic_malloc.h"
32 /* The first octet of the OCTET STRING indicates whether the key is
33 compressed or uncompressed. The uncompressed form is indicated by 0x04
34 and the compressed form is indicated by either 0x02 or 0x03 (RFC 5480)*/
35 #define ASN1_UNCOMPRESSED_KEY_ID (0x04)
37 PKIError GenerateCAKeyPair (ByteArray *caPrivateKey, ByteArray *caPublicKey)
41 CHECK_NULL(caPrivateKey, ISSUER_NULL_PASSED);
42 CHECK_NULL(caPrivateKey->data, ISSUER_NULL_PASSED);
43 CHECK_NULL(caPublicKey, ISSUER_NULL_PASSED);
44 CHECK_NULL(caPublicKey->data, ISSUER_NULL_PASSED);
46 CHECK_COND(uECC_make_key(caPublicKey->data, caPrivateKey->data), ISSUER_MAKE_KEY_ERROR);
47 caPublicKey->len = PUBLIC_KEY_SIZE;
48 caPrivateKey->len = PRIVATE_KEY_SIZE;
50 CHECK_CALL(InitCKMInfo);
51 CHECK_CALL(SetCAPrivateKey, caPrivateKey);
52 CHECK_CALL(SetCAPublicKey, caPublicKey);
53 CHECK_CALL(SaveCKMInfo);
57 PKIError CKMIssueRootCertificate (const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
58 ByteArray *issuedRootCertificate)
62 UTF8String_t *rootName = NULL;
63 UTCTime_t *notBefore = NULL;
64 UTCTime_t *notAfter = NULL;
65 BIT_STRING_t *subjectPublicKey = NULL;
66 BIT_STRING_t *issuerPrivateKey = NULL;
68 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
69 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
70 ByteArray caName = BYTE_ARRAY_INITIALIZER;
72 uint8_t caPublicKey[PUBLIC_KEY_SIZE];
73 uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
74 uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
76 CHECK_NULL(issuedRootCertificate, ISSUER_NULL_PASSED);
77 CHECK_NULL(issuedRootCertificate->data, ISSUER_NULL_PASSED);
78 CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedRootCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
80 pubKeyIss.data = caPublicKey;
81 pubKeyIss.len = PUBLIC_KEY_SIZE;
82 privKeyIss.data = caPrivateKey;
83 privKeyIss.len = PRIVATE_KEY_SIZE;
84 caName.data = uint8caName;
85 caName.len = ISSUER_MAX_NAME_SIZE;
87 rootName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
88 CHECK_NULL(rootName, ISSUER_MEMORY_ALLOC_FAILED);
90 notBefore = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
91 CHECK_NULL(notBefore, ISSUER_MEMORY_ALLOC_FAILED);
93 notAfter = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
94 CHECK_NULL(notAfter, ISSUER_MEMORY_ALLOC_FAILED);
96 subjectPublicKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
97 CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
99 issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
100 CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
103 CHECK_CALL(InitCKMInfo);
104 CHECK_CALL(GetCAName, &caName);
105 rootName->buf = caName.data;
106 rootName->size = caName.len;
111 notBefore->buf = (uint8_t *)uint8NotBefore;
115 notBefore->buf = (uint8_t *)ISSUER_DEFAULT_NOT_BEFORE;
117 notBefore->size = strlen((const char *)notBefore->buf);
122 notAfter->buf = (uint8_t *)uint8NotAfter;
126 notAfter->buf = (uint8_t *)ISSUER_DEFAULT_NOT_AFTER;
128 notAfter->size = strlen((const char *)notAfter->buf);
131 issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
132 issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
133 CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
134 *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
136 subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
137 subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
138 CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
139 *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
142 //read CA key pair from the CA storage
143 CHECK_CALL(InitCKMInfo);
144 CHECK_CALL(GetCAPrivateKey, &privKeyIss);
146 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
147 memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
148 CHECK_CALL(GetCAPublicKey, &pubKeyIss);
150 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
151 memcpy((subjectPublicKey->buf) + 1, pubKeyIss.data, PUBLIC_KEY_SIZE);
153 CHECK_CALL(GenerateCertificate, rootName, rootName, notBefore, notAfter,
154 subjectPublicKey, issuerPrivateKey, issuedRootCertificate);
156 CHECK_CALL(InitCKMInfo);
157 CHECK_CALL(SetCACertificate, issuedRootCertificate);
158 CHECK_CALL(SaveCKMInfo);
164 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, subjectPublicKey);
165 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
169 PKIError GenerateKeyPair (ByteArray *privateKey, ByteArray *publicKey)
172 CHECK_NULL(privateKey, ISSUER_NULL_PASSED);
173 CHECK_NULL(privateKey->data, ISSUER_NULL_PASSED);
174 CHECK_NULL(publicKey, ISSUER_NULL_PASSED);
175 CHECK_NULL(publicKey->data, ISSUER_NULL_PASSED);
176 CHECK_COND(uECC_make_key(publicKey->data, privateKey->data), ISSUER_MAKE_KEY_ERROR);
177 publicKey->len = PUBLIC_KEY_SIZE;
178 privateKey->len = PRIVATE_KEY_SIZE;
182 PKIError CKMIssueDeviceCertificate (const uint8_t *uint8SubjectName,
183 const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
184 const uint8_t *uint8SubjectPublicKey,
185 ByteArray *issuedCertificate)
189 UTF8String_t *subjectName = NULL;
190 UTF8String_t *issuerName = NULL;
191 UTCTime_t *notBefore = NULL;
192 UTCTime_t *notAfter = NULL;
193 BIT_STRING_t *subjectPublicKey = NULL;
194 BIT_STRING_t *issuerPrivateKey = NULL;
196 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
197 ByteArray pubKeySubj = BYTE_ARRAY_INITIALIZER;
198 ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER;
199 ByteArray caName = BYTE_ARRAY_INITIALIZER;
201 uint8_t subjPubKey[PUBLIC_KEY_SIZE];
202 uint8_t subjPrivKey[PRIVATE_KEY_SIZE];
203 uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
204 uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
206 CHECK_NULL(issuedCertificate, ISSUER_NULL_PASSED);
207 CHECK_NULL(issuedCertificate->data, ISSUER_NULL_PASSED);
208 CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
210 privKeyIss.data = caPrivateKey;
211 privKeyIss.len = PRIVATE_KEY_SIZE;
212 pubKeySubj.data = subjPubKey;
213 pubKeySubj.len = PUBLIC_KEY_SIZE;
214 privKeySubj.data = subjPrivKey;
215 privKeySubj.len = PRIVATE_KEY_SIZE;
216 caName.data = uint8caName;
217 caName.len = ISSUER_MAX_NAME_SIZE;
219 subjectName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
220 CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
222 issuerName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
223 CHECK_NULL(issuerName, ISSUER_MEMORY_ALLOC_FAILED);
225 notBefore = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
226 CHECK_NULL(notBefore, ISSUER_MEMORY_ALLOC_FAILED);
228 notAfter = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
229 CHECK_NULL(notAfter, ISSUER_MEMORY_ALLOC_FAILED);
231 subjectPublicKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
232 CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
234 issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
235 CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
238 if (uint8SubjectName)
240 subjectName->buf = (uint8_t *)uint8SubjectName;
244 subjectName->buf = (uint8_t *)ISSUER_DEFAULT_SUBJECT_NAME;
246 subjectName->size = strlen((const char *)subjectName->buf);
249 CHECK_CALL(InitCKMInfo);
250 CHECK_CALL(GetCAName, &caName);
251 issuerName->buf = caName.data;
252 issuerName->size = caName.len;
257 notBefore->buf = (uint8_t *)uint8NotBefore;
261 notBefore->buf = (uint8_t *)ISSUER_DEFAULT_NOT_BEFORE;
263 notBefore->size = strlen((const char *)notBefore->buf);
268 notAfter->buf = (uint8_t *)uint8NotAfter;
272 notAfter->buf = (uint8_t *)ISSUER_DEFAULT_NOT_AFTER;
274 notAfter->size = strlen((const char *)notAfter->buf);
277 issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
278 issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
279 CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
280 *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
282 subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
283 subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
284 CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
285 *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
288 //read CA private key from the CA storage
289 CHECK_CALL(InitCKMInfo);
290 CHECK_CALL(GetCAPrivateKey, &privKeyIss);
292 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
293 memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
295 if (!uint8SubjectPublicKey)
298 GenerateKeyPair(&privKeySubj, &pubKeySubj);
302 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
303 memcpy((subjectPublicKey->buf) + 1, uint8SubjectPublicKey, PUBLIC_KEY_SIZE);
306 CHECK_CALL(GenerateCertificate, subjectName, issuerName, notBefore, notAfter,
307 subjectPublicKey, issuerPrivateKey, issuedCertificate);
310 OICFree(subjectName);
314 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, subjectPublicKey);
315 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
319 PKIError GenerateDERCertificateFile (const ByteArray *certificate, const char * const certFileName)
327 FILE *filePointer = NULL;
330 CHECK_NULL(certFileName, ISSUER_NULL_PASSED);
331 CHECK_NULL(certificate, ISSUER_NULL_PASSED);
332 CHECK_NULL(certificate->data, ISSUER_NULL_PASSED);
335 fd = open(certFileName, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
336 CHECK_NOT_EQUAL(fd, -1, ISSUER_NULL_PASSED);
337 CHECK_EQUAL(fstat(fd, &st), 0, ISSUER_NULL_PASSED);
338 CHECK_COND(S_ISREG(st.st_mode), ISSUER_FILE_WRITE_ERROR);
339 CHECK_COND(!S_ISLNK(st.st_mode), ISSUER_FILE_WRITE_ERROR);
340 CHECK_EQUAL(write(fd, certificate->data, certificate->len), (ssize_t) certificate->len,
341 ISSUER_FILE_WRITE_ERROR);
350 filePointer = fopen(certFileName, "wb");
351 CHECK_NULL(filePointer, ISSUER_FILE_WRITE_ERROR);
352 CHECK_EQUAL(fwrite(certificate->data, 1, certificate->len, filePointer), certificate->len,
353 ISSUER_FILE_WRITE_ERROR);
366 PKIError SetSerialNumber (const long serNum)
370 CHECK_LESS_EQUAL(0, serNum, ISSUER_WRONG_SERIAL_NUMBER);
371 CHECK_CALL(InitCKMInfo);
372 CHECK_CALL(SetNextSerialNumber, serNum);
373 CHECK_CALL(SaveCKMInfo);
378 PKIError SetRootName (const ByteArray rootName)
382 CHECK_NULL(rootName.data, ISSUER_NULL_PASSED);
383 CHECK_LESS(0, rootName.len, ISSUER_WRONG_ROOT_NAME_LEN);
384 CHECK_LESS(rootName.len, ISSUER_MAX_NAME_SIZE, ISSUER_WRONG_ROOT_NAME_LEN);
385 CHECK_CALL(InitCKMInfo);
386 CHECK_CALL(SetCAName, &rootName);
387 CHECK_CALL(SaveCKMInfo);
392 PKIError CKMSetCAInfo (const long serNum, const ByteArray rootName)
395 CHECK_CALL(SetSerialNumber, serNum);
396 CHECK_CALL(SetRootName, rootName);
401 PKIError GenerateCSR (const uint8_t *uint8SubjectName,
402 const uint8_t *uint8SubjectPublicKey,
403 const uint8_t *uint8SubjectPrivateKey,
404 ByteArray *encodedCSR)
407 UTF8String_t *subjectName = NULL;
408 BIT_STRING_t *subjectPublicKey = NULL;
409 BIT_STRING_t *subjectPrivateKey = NULL;
411 CHECK_NULL(uint8SubjectPublicKey, ISSUER_NULL_PASSED);
412 CHECK_NULL(uint8SubjectPrivateKey, ISSUER_NULL_PASSED);
413 CHECK_NULL(encodedCSR, ISSUER_NULL_PASSED);
414 CHECK_NULL(encodedCSR->data, ISSUER_NULL_PASSED);
415 CHECK_LESS_EQUAL(CSR_MAX_SIZE, encodedCSR->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
417 subjectName = OICCalloc(1, sizeof(UTF8String_t));
418 CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
420 subjectPublicKey = OICCalloc(1, sizeof(BIT_STRING_t));
421 CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
423 subjectPrivateKey = OICCalloc(1, sizeof(BIT_STRING_t));
424 CHECK_NULL(subjectPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
427 if (uint8SubjectName)
429 subjectName->buf = (uint8_t *)uint8SubjectName;
433 subjectName->buf = (uint8_t *)ISSUER_DEFAULT_SUBJECT_NAME;
435 subjectName->size = strlen((const char *)subjectName->buf);
438 subjectPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
439 subjectPrivateKey->buf = (uint8_t *)OICCalloc((subjectPrivateKey->size), sizeof(uint8_t));
440 CHECK_NULL(subjectPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
441 *(subjectPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
443 subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
444 subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
445 CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
446 *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
449 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
450 memcpy((subjectPrivateKey->buf) + 1, uint8SubjectPrivateKey, PRIVATE_KEY_SIZE);
451 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
452 memcpy((subjectPublicKey->buf) + 1, uint8SubjectPublicKey, PUBLIC_KEY_SIZE);
454 CHECK_CALL(EncodeCSR, subjectName, subjectPublicKey, subjectPrivateKey, encodedCSR);
457 OICFree(subjectName);
458 OICFree(subjectPublicKey);
459 if (subjectPrivateKey)
461 OICFree(subjectPrivateKey->buf);
462 OICFree(subjectPrivateKey);
467 PKIError GenerateCertificateByCSR (const ByteArray *encodedCSR, ByteArray *issuedCertificate)
470 UTF8String_t *subjectName = NULL;
471 BIT_STRING_t *subjectPublicKey = NULL;
472 uint8_t uint8SubjectName[ISSUER_MAX_NAME_SIZE];
473 uint8_t uint8SubjectPublicKey[PUBLIC_KEY_SIZE + 1];
475 CHECK_NULL(encodedCSR, ISSUER_NULL_PASSED);
476 CHECK_NULL(encodedCSR->data, ISSUER_NULL_PASSED);
477 CHECK_NULL(issuedCertificate, ISSUER_NULL_PASSED);
478 CHECK_NULL(issuedCertificate->data, ISSUER_NULL_PASSED);
479 CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
481 subjectName = OICCalloc(1, sizeof(UTF8String_t));
482 CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
484 subjectPublicKey = OICCalloc(1, sizeof(BIT_STRING_t));
485 CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
487 subjectName->buf = uint8SubjectName;
488 subjectPublicKey->buf = uint8SubjectPublicKey;
490 CHECK_CALL(DecodeCSR, encodedCSR, subjectName, subjectPublicKey);
492 uint8SubjectName[subjectName->size] = '\0';
493 CHECK_CALL(CKMIssueDeviceCertificate, uint8SubjectName, 0, 0, uint8SubjectPublicKey + 1,
494 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
498 OICFree(subjectPublicKey);
499 OICFree(subjectName);
503 PKIError CKMIssueCRL (const uint8_t *uint8ThisUpdateTime, const uint32_t numberOfRevoked,
504 const uint32_t *revokedNumbers, const uint8_t **revocationDates,
505 ByteArray *encodedCRL)
508 BIT_STRING_t *issuerPrivateKey = NULL;
509 UTCTime_t *thisUpdateTime = NULL;
510 CertificateRevocationInfo_t *certificateRevocationInfo = NULL;
511 UTF8String_t *issuerName = NULL;
514 uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
515 uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
517 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
518 ByteArray caName = BYTE_ARRAY_INITIALIZER;
520 CHECK_NULL(numberOfRevoked, ISSUER_NULL_PASSED);
521 CHECK_NULL(revokedNumbers, ISSUER_NULL_PASSED);
522 CHECK_NULL(revocationDates, ISSUER_NULL_PASSED);
523 CHECK_NULL(encodedCRL, ISSUER_NULL_PASSED);
524 CHECK_NULL(encodedCRL->data, ISSUER_NULL_PASSED);
525 CHECK_LESS_EQUAL((CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)),
526 encodedCRL->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
528 issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
529 CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
531 thisUpdateTime = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
532 CHECK_NULL(thisUpdateTime, ISSUER_MEMORY_ALLOC_FAILED);
534 issuerName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
535 CHECK_NULL(issuerName, ISSUER_MEMORY_ALLOC_FAILED);
537 certificateRevocationInfo = (CertificateRevocationInfo_t *)OICCalloc(numberOfRevoked,
538 sizeof(CertificateRevocationInfo_t));
539 CHECK_NULL(certificateRevocationInfo, ISSUER_MEMORY_ALLOC_FAILED);
541 privKeyIss.data = caPrivateKey;
542 privKeyIss.len = PRIVATE_KEY_SIZE;
543 caName.data = uint8caName;
544 caName.len = ISSUER_MAX_NAME_SIZE;
546 //allocate issuerPrivateKey
547 issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
548 issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
549 CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
550 *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
552 //read CA private key from the CA storage
553 CHECK_CALL(InitCKMInfo);
554 CHECK_CALL(GetCAPrivateKey, &privKeyIss);
555 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
556 memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
559 if (uint8ThisUpdateTime)
561 thisUpdateTime->buf = (uint8_t *)uint8ThisUpdateTime;
565 thisUpdateTime->buf = (uint8_t *)ISSUER_DEFAULT_THIS_UPDATE;
567 thisUpdateTime->size = strlen((const char *)thisUpdateTime->buf);
570 CHECK_CALL(InitCKMInfo);
571 CHECK_CALL(GetCAName, &caName);
572 issuerName->buf = caName.data;
573 issuerName->size = caName.len;
576 for ( i = 0; i < numberOfRevoked; i++ )
578 certificateRevocationInfo[i].userCertificate = revokedNumbers[i];
579 certificateRevocationInfo[i].revocationDate.buf = (uint8_t *)revocationDates[i];
580 certificateRevocationInfo[i].revocationDate.size =
581 strlen((const char *)revocationDates[i]);
584 CHECK_CALL(GenerateCRL, issuerName, thisUpdateTime, numberOfRevoked, certificateRevocationInfo,
585 issuerPrivateKey, encodedCRL);
587 CHECK_CALL(InitCKMInfo);
588 CHECK_CALL(SetCertificateRevocationList, encodedCRL);
589 CHECK_CALL(SaveCKMInfo);
593 OICFree(thisUpdateTime);
594 OICFree(certificateRevocationInfo);
595 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
599 PKIError CKMRevocateCertificate (const uint8_t *uint8ThisUpdateTime, const long revokedNumber,
600 ByteArray *encodedCRL)
603 ByteArray oldCRL = BYTE_ARRAY_INITIALIZER;
604 asn_dec_rval_t rval; /* Decoder return value */
605 CertificateRevocationList_t *certificateRevocationList = NULL; // Type to decode
606 CertificateRevocationInfo_t *CRI = NULL;
607 long serialNumber = 0;
608 long numberOfRevoked = 0;
609 uint32_t crlMaxSize = 0;
611 BIT_STRING_t *issuerPrivateKey = NULL;
612 uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
613 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
615 CHECK_CALL(InitCKMInfo);
616 CHECK_CALL(GetNumberOfRevoked, &numberOfRevoked);
618 crlMaxSize = (uint32_t)(CRL_MIN_SIZE +
619 (numberOfRevoked + 1) * (sizeof(CertificateRevocationInfo_t) + 4));
621 CHECK_NULL(encodedCRL, ISSUER_NULL_PASSED);
622 CHECK_NULL(encodedCRL->data, ISSUER_NULL_PASSED);
623 CHECK_LESS_EQUAL(crlMaxSize, encodedCRL->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
626 oldCRL.data = (uint8_t *)OICMalloc(crlMaxSize);
627 CHECK_NULL(oldCRL.data, ISSUER_MEMORY_ALLOC_FAILED);
628 oldCRL.len = crlMaxSize;
630 CHECK_CALL(InitCKMInfo);
631 CHECK_CALL(GetCertificateRevocationList, &oldCRL);
632 CHECK_CALL(CloseCKMInfo);
635 rval = ber_decode(0, &asn_DEF_CertificateRevocationList, (void **)&certificateRevocationList,
636 oldCRL.data, oldCRL.len);
637 CHECK_EQUAL(rval.code, RC_OK, ISSUER_CSR_DER_DECODE_FAIL);
639 //add one certificate into CRL
640 CRI = (CertificateRevocationInfo_t *)OICCalloc(1, sizeof(CertificateRevocationInfo_t));
641 CHECK_NULL(CRI, ISSUER_CRL_ENCODER_MEMORY_ALLOC_FAILED);
643 CRI->revocationDate.size = (int)strlen((const char *)uint8ThisUpdateTime);
644 CRI->revocationDate.buf = OICCalloc((CRI->revocationDate.size) + 1, sizeof(char));
645 //additional byte for \0 at the end
646 CHECK_NULL(CRI->revocationDate.buf, ISSUER_CRL_ENCODER_MEMORY_ALLOC_FAILED);
648 memcpy(CRI->revocationDate.buf, uint8ThisUpdateTime, CRI->revocationDate.size + 1);
649 //additional byte for \0 at the end
651 CRI->userCertificate = revokedNumber;
652 ASN_SEQUENCE_ADD((void *)(&(certificateRevocationList->
653 tbsCertList.revokedCertificates.list)), (void *)(CRI));
655 //prepare memory for issuerPrivateKey
656 issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
657 CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
658 privKeyIss.data = caPrivateKey;
659 privKeyIss.len = PRIVATE_KEY_SIZE;
660 //allocate issuerPrivateKey
661 issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
662 issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
663 CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
664 *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
666 //read CA private key from the CA storage
667 CHECK_CALL(InitCKMInfo);
668 CHECK_CALL(GetCAPrivateKey, &privKeyIss);
670 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
671 memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
674 CHECK_CALL(SignCRL, certificateRevocationList, crlMaxSize, issuerPrivateKey, encodedCRL);
676 CHECK_CALL(InitCKMInfo);
677 CHECK_CALL(GetCRLSerialNumber, &serialNumber);
679 CHECK_CALL(SetCRLSerialNumber, serialNumber);
681 CHECK_CALL(SetNumberOfRevoked, numberOfRevoked);
682 CHECK_CALL(SetCertificateRevocationList, encodedCRL);
683 CHECK_CALL(SaveCKMInfo);
686 ASN_STRUCT_FREE(asn_DEF_CertificateRevocationList, certificateRevocationList);
687 certificateRevocationList = NULL;
692 PKIError CKMGetCRL (ByteArray *certificateRevocationList)
695 CHECK_NULL(certificateRevocationList, ISSUER_NULL_PASSED);
696 CHECK_NULL(certificateRevocationList->data, ISSUER_NULL_PASSED);
697 CHECK_CALL(InitCKMInfo);
698 CHECK_CALL(GetCertificateRevocationList, certificateRevocationList);
699 CHECK_CALL(CloseCKMInfo);