1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
22 #include "ck_manager.h"
23 #include "crlresource.h"
24 #include "oic_malloc.h"
26 /* The first octet of the OCTET STRING indicates whether the key is
27 compressed or uncompressed. The uncompressed form is indicated by 0x04
28 and the compressed form is indicated by either 0x02 or 0x03 (RFC 5480)*/
29 #define ASN1_UNCOMPRESSED_KEY_ID (0x04)
31 PKIError GenerateCAKeyPair (ByteArray *caPrivateKey, ByteArray *caPublicKey)
35 CHECK_NULL(caPrivateKey, ISSUER_NULL_PASSED);
36 CHECK_NULL(caPrivateKey->data, ISSUER_NULL_PASSED);
37 CHECK_NULL(caPublicKey, ISSUER_NULL_PASSED);
38 CHECK_NULL(caPublicKey->data, ISSUER_NULL_PASSED);
40 CHECK_COND(uECC_make_key(caPublicKey->data, caPrivateKey->data), ISSUER_MAKE_KEY_ERROR);
41 caPublicKey->len = PUBLIC_KEY_SIZE;
42 caPrivateKey->len = PRIVATE_KEY_SIZE;
44 CHECK_CALL(InitCKMInfo);
45 CHECK_CALL(SetCAPrivateKey, caPrivateKey);
46 CHECK_CALL(SetCAPublicKey, caPublicKey);
47 CHECK_CALL(SaveCKMInfo);
51 PKIError CKMIssueRootCertificate (const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
52 ByteArray *issuedRootCertificate)
56 UTF8String_t *rootName = NULL;
57 UTCTime_t *notBefore = NULL;
58 UTCTime_t *notAfter = NULL;
59 BIT_STRING_t *subjectPublicKey = NULL;
60 BIT_STRING_t *issuerPrivateKey = NULL;
62 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
63 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
64 ByteArray caName = BYTE_ARRAY_INITIALIZER;
66 uint8_t caPublicKey[PUBLIC_KEY_SIZE];
67 uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
68 uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
70 CHECK_NULL(issuedRootCertificate, ISSUER_NULL_PASSED);
71 CHECK_NULL(issuedRootCertificate->data, ISSUER_NULL_PASSED);
72 CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedRootCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
74 pubKeyIss.data = caPublicKey;
75 pubKeyIss.len = PUBLIC_KEY_SIZE;
76 privKeyIss.data = caPrivateKey;
77 privKeyIss.len = PRIVATE_KEY_SIZE;
78 caName.data = uint8caName;
79 caName.len = ISSUER_MAX_NAME_SIZE;
81 rootName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
82 CHECK_NULL(rootName, ISSUER_MEMORY_ALLOC_FAILED);
84 notBefore = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
85 CHECK_NULL(notBefore, ISSUER_MEMORY_ALLOC_FAILED);
87 notAfter = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
88 CHECK_NULL(notAfter, ISSUER_MEMORY_ALLOC_FAILED);
90 subjectPublicKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
91 CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
93 issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
94 CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
97 CHECK_CALL(InitCKMInfo);
98 CHECK_CALL(GetCAName, &caName);
99 rootName->buf = caName.data;
100 rootName->size = caName.len;
105 notBefore->buf = (uint8_t *)uint8NotBefore;
109 notBefore->buf = (uint8_t *)ISSUER_DEFAULT_NOT_BEFORE;
111 notBefore->size = strlen((const char *)notBefore->buf);
116 notAfter->buf = (uint8_t *)uint8NotAfter;
120 notAfter->buf = (uint8_t *)ISSUER_DEFAULT_NOT_AFTER;
122 notAfter->size = strlen((const char *)notAfter->buf);
125 issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
126 issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
127 CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
128 *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
130 subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
131 subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
132 CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
133 *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
136 //read CA key pair from the CA storage
137 CHECK_CALL(InitCKMInfo);
138 CHECK_CALL(GetCAPrivateKey, &privKeyIss);
140 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
141 memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
142 CHECK_CALL(GetCAPublicKey, &pubKeyIss);
144 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
145 memcpy((subjectPublicKey->buf) + 1, pubKeyIss.data, PUBLIC_KEY_SIZE);
147 CHECK_CALL(GenerateCertificate, rootName, rootName, notBefore, notAfter,
148 subjectPublicKey, issuerPrivateKey, issuedRootCertificate);
150 CHECK_CALL(InitCKMInfo);
151 CHECK_CALL(SetCACertificate, issuedRootCertificate);
152 CHECK_CALL(SaveCKMInfo);
158 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, subjectPublicKey);
159 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
163 PKIError GenerateKeyPair (ByteArray *privateKey, ByteArray *publicKey)
166 CHECK_NULL(privateKey, ISSUER_NULL_PASSED);
167 CHECK_NULL(privateKey->data, ISSUER_NULL_PASSED);
168 CHECK_NULL(publicKey, ISSUER_NULL_PASSED);
169 CHECK_NULL(publicKey->data, ISSUER_NULL_PASSED);
170 CHECK_COND(uECC_make_key(publicKey->data, privateKey->data), ISSUER_MAKE_KEY_ERROR);
171 publicKey->len = PUBLIC_KEY_SIZE;
172 privateKey->len = PRIVATE_KEY_SIZE;
176 PKIError CKMIssueDeviceCertificate (const uint8_t *uint8SubjectName,
177 const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
178 const uint8_t *uint8SubjectPublicKey,
179 ByteArray *issuedCertificate)
183 UTF8String_t *subjectName = NULL;
184 UTF8String_t *issuerName = NULL;
185 UTCTime_t *notBefore = NULL;
186 UTCTime_t *notAfter = NULL;
187 BIT_STRING_t *subjectPublicKey = NULL;
188 BIT_STRING_t *issuerPrivateKey = NULL;
190 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
191 ByteArray pubKeySubj = BYTE_ARRAY_INITIALIZER;
192 ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER;
193 ByteArray caName = BYTE_ARRAY_INITIALIZER;
195 uint8_t subjPubKey[PUBLIC_KEY_SIZE];
196 uint8_t subjPrivKey[PRIVATE_KEY_SIZE];
197 uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
198 uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
200 CHECK_NULL(uint8SubjectPublicKey, ISSUER_NULL_PASSED);
201 CHECK_NULL(issuedCertificate, ISSUER_NULL_PASSED);
202 CHECK_NULL(issuedCertificate->data, ISSUER_NULL_PASSED);
203 CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
205 privKeyIss.data = caPrivateKey;
206 privKeyIss.len = PRIVATE_KEY_SIZE;
207 pubKeySubj.data = subjPubKey;
208 pubKeySubj.len = PUBLIC_KEY_SIZE;
209 privKeySubj.data = subjPrivKey;
210 privKeySubj.len = PRIVATE_KEY_SIZE;
211 caName.data = uint8caName;
212 caName.len = ISSUER_MAX_NAME_SIZE;
214 subjectName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
215 CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
217 issuerName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
218 CHECK_NULL(issuerName, ISSUER_MEMORY_ALLOC_FAILED);
220 notBefore = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
221 CHECK_NULL(notBefore, ISSUER_MEMORY_ALLOC_FAILED);
223 notAfter = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
224 CHECK_NULL(notAfter, ISSUER_MEMORY_ALLOC_FAILED);
226 subjectPublicKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
227 CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
229 issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
230 CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
233 if (uint8SubjectName)
235 subjectName->buf = (uint8_t *)uint8SubjectName;
239 subjectName->buf = (uint8_t *)ISSUER_DEFAULT_SUBJECT_NAME;
241 subjectName->size = strlen((const char *)subjectName->buf);
244 CHECK_CALL(InitCKMInfo);
245 CHECK_CALL(GetCAName, &caName);
246 issuerName->buf = caName.data;
247 issuerName->size = caName.len;
252 notBefore->buf = (uint8_t *)uint8NotBefore;
256 notBefore->buf = (uint8_t *)ISSUER_DEFAULT_NOT_BEFORE;
258 notBefore->size = strlen((const char *)notBefore->buf);
263 notAfter->buf = (uint8_t *)uint8NotAfter;
267 notAfter->buf = (uint8_t *)ISSUER_DEFAULT_NOT_AFTER;
269 notAfter->size = strlen((const char *)notAfter->buf);
272 issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
273 issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
274 CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
275 *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
277 subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
278 subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
279 CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
280 *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
283 //read CA private key from the CA storage
284 CHECK_CALL(InitCKMInfo);
285 CHECK_CALL(GetCAPrivateKey, &privKeyIss);
287 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
288 memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
290 if (!uint8SubjectPublicKey)
293 GenerateKeyPair(&privKeySubj, &pubKeySubj);
297 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
298 memcpy((subjectPublicKey->buf) + 1, uint8SubjectPublicKey, PUBLIC_KEY_SIZE);
301 CHECK_CALL(GenerateCertificate, subjectName, issuerName, notBefore, notAfter,
302 subjectPublicKey, issuerPrivateKey, issuedCertificate);
305 OICFree(subjectName);
309 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, subjectPublicKey);
310 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
314 PKIError GenerateDERCertificateFile (const ByteArray *certificate, const char *certFileName)
317 FILE *filePointer = NULL;
319 CHECK_NULL(certFileName, ISSUER_NULL_PASSED);
320 CHECK_NULL(certificate, ISSUER_NULL_PASSED);
321 CHECK_NULL(certificate->data, ISSUER_NULL_PASSED);
322 filePointer = fopen(certFileName, "wb");
323 CHECK_NULL(filePointer, ISSUER_FILE_WRITE_ERROR);
324 CHECK_EQUAL(fwrite(certificate->data, 1, certificate->len, filePointer), certificate->len,
325 ISSUER_FILE_WRITE_ERROR);
336 PKIError SetSerialNumber (const long serNum)
340 CHECK_LESS_EQUAL(0, serNum, ISSUER_WRONG_SERIAL_NUMBER);
341 CHECK_CALL(InitCKMInfo);
342 CHECK_CALL(SetNextSerialNumber, &serNum);
343 CHECK_CALL(SaveCKMInfo);
348 PKIError SetRootName (const ByteArray rootName)
352 CHECK_NULL(rootName.data, ISSUER_NULL_PASSED);
353 CHECK_LESS(0, rootName.len, ISSUER_WRONG_ROOT_NAME_LEN);
354 CHECK_LESS(rootName.len, ISSUER_MAX_NAME_SIZE, ISSUER_WRONG_ROOT_NAME_LEN);
355 CHECK_CALL(InitCKMInfo);
356 CHECK_CALL(SetCAName, &rootName);
357 CHECK_CALL(SaveCKMInfo);
362 PKIError CKMSetCAInfo (const long serNum, const ByteArray rootName)
365 CHECK_CALL(SetSerialNumber, serNum);
366 CHECK_CALL(SetRootName, rootName);
371 PKIError GenerateCSR (const uint8_t *uint8SubjectName,
372 const uint8_t *uint8SubjectPublicKey,
373 const uint8_t *uint8SubjectPrivateKey,
374 ByteArray *encodedCSR)
377 UTF8String_t *subjectName = NULL;
378 BIT_STRING_t *subjectPublicKey = NULL;
379 BIT_STRING_t *subjectPrivateKey = NULL;
381 CHECK_NULL(uint8SubjectPublicKey, ISSUER_NULL_PASSED);
382 CHECK_NULL(uint8SubjectPrivateKey, ISSUER_NULL_PASSED);
383 CHECK_NULL(encodedCSR, ISSUER_NULL_PASSED);
384 CHECK_NULL(encodedCSR->data, ISSUER_NULL_PASSED);
385 CHECK_LESS_EQUAL(CSR_MAX_SIZE, encodedCSR->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
387 subjectName = OICCalloc(1, sizeof(UTF8String_t));
388 CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
390 subjectPublicKey = OICCalloc(1, sizeof(BIT_STRING_t));
391 CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
393 subjectPrivateKey = OICCalloc(1, sizeof(BIT_STRING_t));
394 CHECK_NULL(subjectPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
397 if (uint8SubjectName)
399 subjectName->buf = (uint8_t *)uint8SubjectName;
403 subjectName->buf = (uint8_t *)ISSUER_DEFAULT_SUBJECT_NAME;
405 subjectName->size = strlen((const char *)subjectName->buf);
408 subjectPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
409 subjectPrivateKey->buf = (uint8_t *)OICCalloc((subjectPrivateKey->size), sizeof(uint8_t));
410 CHECK_NULL(subjectPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
411 *(subjectPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
413 subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
414 subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
415 CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
416 *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
419 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
420 memcpy((subjectPrivateKey->buf) + 1, uint8SubjectPrivateKey, PRIVATE_KEY_SIZE);
421 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
422 memcpy((subjectPublicKey->buf) + 1, uint8SubjectPublicKey, PUBLIC_KEY_SIZE);
424 CHECK_CALL(EncodeCSR, subjectName, subjectPublicKey, subjectPrivateKey, encodedCSR);
427 OICFree(subjectName);
428 OICFree(subjectPublicKey);
429 OICFree(subjectPrivateKey->buf);
430 OICFree(subjectPrivateKey);
434 PKIError GenerateCertificateByCSR (const ByteArray *encodedCSR, ByteArray *issuedCertificate)
437 UTF8String_t *subjectName = NULL;
438 BIT_STRING_t *subjectPublicKey = NULL;
439 uint8_t uint8SubjectName[ISSUER_MAX_NAME_SIZE];
440 uint8_t uint8SubjectPublicKey[PUBLIC_KEY_SIZE + 1];
442 CHECK_NULL(encodedCSR, ISSUER_NULL_PASSED);
443 CHECK_NULL(encodedCSR->data, ISSUER_NULL_PASSED);
444 CHECK_NULL(issuedCertificate, ISSUER_NULL_PASSED);
445 CHECK_NULL(issuedCertificate->data, ISSUER_NULL_PASSED);
446 CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
448 subjectName = OICCalloc(1, sizeof(UTF8String_t));
449 CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
451 subjectPublicKey = OICCalloc(1, sizeof(BIT_STRING_t));
452 CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
454 subjectName->buf = uint8SubjectName;
455 subjectPublicKey->buf = uint8SubjectPublicKey;
457 CHECK_CALL(DecodeCSR, encodedCSR, subjectName, subjectPublicKey);
459 uint8SubjectName[subjectName->size] = '\0';
460 CHECK_CALL(CKMIssueDeviceCertificate, uint8SubjectName, 0, 0, uint8SubjectPublicKey + 1,
461 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
465 OICFree(subjectPublicKey);
466 OICFree(subjectName);
470 PKIError CKMIssueCRL (const uint8_t *uint8ThisUpdateTime, const uint32_t numberOfRevoked,
471 const uint32_t *revokedNumbers, const uint8_t **revocationDates,
472 ByteArray *encodedCRL)
475 BIT_STRING_t *issuerPrivateKey = NULL;
476 UTCTime_t *thisUpdateTime = NULL;
477 CertificateRevocationInfo_t *certificateRevocationInfo = NULL;
478 UTF8String_t *issuerName = NULL;
481 uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
482 uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
484 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
485 ByteArray caName = BYTE_ARRAY_INITIALIZER;
487 CHECK_NULL(numberOfRevoked, ISSUER_NULL_PASSED);
488 CHECK_NULL(revokedNumbers, ISSUER_NULL_PASSED);
489 CHECK_NULL(revocationDates, ISSUER_NULL_PASSED);
490 CHECK_NULL(encodedCRL, ISSUER_NULL_PASSED);
491 CHECK_NULL(encodedCRL->data, ISSUER_NULL_PASSED);
492 CHECK_LESS_EQUAL((CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)),
493 encodedCRL->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
495 issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
496 CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
498 thisUpdateTime = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
499 CHECK_NULL(thisUpdateTime, ISSUER_MEMORY_ALLOC_FAILED);
501 issuerName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
502 CHECK_NULL(issuerName, ISSUER_MEMORY_ALLOC_FAILED);
504 certificateRevocationInfo = (CertificateRevocationInfo_t *)OICCalloc(numberOfRevoked,
505 sizeof(CertificateRevocationInfo_t));
506 CHECK_NULL(certificateRevocationInfo, ISSUER_MEMORY_ALLOC_FAILED);
508 privKeyIss.data = caPrivateKey;
509 privKeyIss.len = PRIVATE_KEY_SIZE;
510 caName.data = uint8caName;
511 caName.len = ISSUER_MAX_NAME_SIZE;
513 //allocate issuerPrivateKey
514 issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
515 issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
516 CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
517 *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
519 //read CA private key from the CA storage
520 CHECK_CALL(InitCKMInfo);
521 CHECK_CALL(GetCAPrivateKey, &privKeyIss);
522 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
523 memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
526 if (uint8ThisUpdateTime)
528 thisUpdateTime->buf = (uint8_t *)uint8ThisUpdateTime;
532 thisUpdateTime->buf = (uint8_t *)ISSUER_DEFAULT_THIS_UPDATE;
534 thisUpdateTime->size = strlen((const char *)thisUpdateTime->buf);
537 CHECK_CALL(InitCKMInfo);
538 CHECK_CALL(GetCAName, &caName);
539 issuerName->buf = caName.data;
540 issuerName->size = caName.len;
543 for ( i = 0; i < numberOfRevoked; i++ )
545 certificateRevocationInfo[i].userCertificate = revokedNumbers[i];
546 certificateRevocationInfo[i].revocationDate.buf = (uint8_t *)revocationDates[i];
547 certificateRevocationInfo[i].revocationDate.size =
548 strlen((const char *)revocationDates[i]);
551 CHECK_CALL(GenerateCRL, issuerName, thisUpdateTime, numberOfRevoked, certificateRevocationInfo,
552 issuerPrivateKey, encodedCRL);
554 CHECK_CALL(InitCKMInfo);
555 CHECK_CALL(SetCertificateRevocationList, encodedCRL);
556 CHECK_CALL(SaveCKMInfo);
560 OICFree(thisUpdateTime);
561 OICFree(certificateRevocationInfo);
562 ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
566 PKIError CKMRevocateCertificate (const uint8_t *uint8ThisUpdateTime, const long revokedNumber,
567 ByteArray *encodedCRL)
570 ByteArray oldCRL = BYTE_ARRAY_INITIALIZER;
571 asn_dec_rval_t rval; /* Decoder return value */
572 CertificateRevocationList_t *certificateRevocationList = NULL; // Type to decode
573 CertificateRevocationInfo_t *CRI = NULL;
574 long serialNumber = 0;
575 long numberOfRevoked = 0;
576 uint32_t crlMaxSize = 0;
578 BIT_STRING_t *issuerPrivateKey = NULL;
579 uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
580 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
582 CHECK_CALL(InitCKMInfo);
583 CHECK_CALL(GetNumberOfRevoked, &numberOfRevoked);
585 crlMaxSize = (CRL_MIN_SIZE +
586 (numberOfRevoked + 1) * (sizeof(CertificateRevocationInfo_t) + 4));
588 CHECK_NULL(encodedCRL, ISSUER_NULL_PASSED);
589 CHECK_NULL(encodedCRL->data, ISSUER_NULL_PASSED);
590 CHECK_LESS_EQUAL(crlMaxSize, encodedCRL->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
593 oldCRL.data = (uint8_t *)OICMalloc(crlMaxSize);
594 CHECK_NULL(oldCRL.data, ISSUER_MEMORY_ALLOC_FAILED);
595 oldCRL.len = crlMaxSize;
597 CHECK_CALL(InitCKMInfo);
598 CHECK_CALL(GetCertificateRevocationList, &oldCRL);
599 CHECK_CALL(CloseCKMInfo);
602 rval = ber_decode(0, &asn_DEF_CertificateRevocationList, (void **)&certificateRevocationList,
603 oldCRL.data, oldCRL.len);
604 CHECK_EQUAL(rval.code, RC_OK, ISSUER_CSR_DER_DECODE_FAIL);
606 //add one certificate into CRL
607 CRI = (CertificateRevocationInfo_t *)OICCalloc(1, sizeof(CertificateRevocationInfo_t));
608 CHECK_NULL(CRI, ISSUER_CRL_ENCODER_MEMORY_ALLOC_FAILED);
610 CRI->revocationDate.size = (int)strlen((const char *)uint8ThisUpdateTime);
611 CRI->revocationDate.buf = OICCalloc((CRI->revocationDate.size) + 1, sizeof(char));
612 //additional byte for \0 at the end
613 CHECK_NULL(CRI->revocationDate.buf, ISSUER_CRL_ENCODER_MEMORY_ALLOC_FAILED);
615 memcpy(CRI->revocationDate.buf, uint8ThisUpdateTime, CRI->revocationDate.size + 1);
616 //additional byte for \0 at the end
618 CRI->userCertificate = revokedNumber;
619 ASN_SEQUENCE_ADD((void *)(&(certificateRevocationList->
620 tbsCertList.revokedCertificates.list)), (void *)(CRI));
622 //prepare memory for issuerPrivateKey
623 issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
624 CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
625 privKeyIss.data = caPrivateKey;
626 privKeyIss.len = PRIVATE_KEY_SIZE;
627 //allocate issuerPrivateKey
628 issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
629 issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
630 CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
631 *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
633 //read CA private key from the CA storage
634 CHECK_CALL(InitCKMInfo);
635 CHECK_CALL(GetCAPrivateKey, &privKeyIss);
637 //additional byte for ASN1_UNCOMPRESSED_KEY_ID
638 memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
641 CHECK_CALL(SignCRL, certificateRevocationList, crlMaxSize, issuerPrivateKey, encodedCRL);
643 CHECK_CALL(InitCKMInfo);
644 CHECK_CALL(GetCRLSerialNumber, &serialNumber);
646 CHECK_CALL(SetCRLSerialNumber, &serialNumber);
648 CHECK_CALL(SetNumberOfRevoked, &numberOfRevoked);
649 CHECK_CALL(SetCertificateRevocationList, encodedCRL);
650 CHECK_CALL(SaveCKMInfo);
653 ASN_STRUCT_FREE(asn_DEF_CertificateRevocationList, certificateRevocationList);
654 certificateRevocationList = NULL;
659 PKIError CKMGetCRL (ByteArray *certificateRevocationList)
662 CHECK_NULL(certificateRevocationList, ISSUER_NULL_PASSED);
663 CHECK_NULL(certificateRevocationList->data, ISSUER_NULL_PASSED);
664 CHECK_CALL(InitCKMInfo);
665 CHECK_CALL(GetCertificateRevocationList, certificateRevocationList);
666 CHECK_CALL(CloseCKMInfo);