resource/csdk/security/provisioning/ck_manager/src/ck_manager.c

   1 /******************************************************************
   2  *
   3  * Copyright 2015 Samsung Electronics All Rights Reserved.
   4  *
   5  *
   6  *
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  *
  19
  20  ******************************************************************/
  21
  22 #include "ck_manager.h"
  23 #include "crlresource.h"
  24 #include "oic_malloc.h"
  25
  26 /* The first octet of the OCTET STRING indicates whether the key is
  27 compressed or uncompressed.  The uncompressed form is indicated by 0x04
  28 and the compressed form is indicated by either 0x02 or 0x03 (RFC 5480)*/
  29 #define ASN1_UNCOMPRESSED_KEY_ID   (0x04)
  30
  31 PKIError GenerateCAKeyPair (ByteArray *caPrivateKey, ByteArray *caPublicKey)
  32 {
  33     FUNCTION_INIT();
  34
  35     CHECK_NULL(caPrivateKey, ISSUER_NULL_PASSED);
  36     CHECK_NULL(caPrivateKey->data, ISSUER_NULL_PASSED);
  37     CHECK_NULL(caPublicKey, ISSUER_NULL_PASSED);
  38     CHECK_NULL(caPublicKey->data, ISSUER_NULL_PASSED);
  39
  40     CHECK_COND(uECC_make_key(caPublicKey->data, caPrivateKey->data), ISSUER_MAKE_KEY_ERROR);
  41     caPublicKey->len = PUBLIC_KEY_SIZE;
  42     caPrivateKey->len = PRIVATE_KEY_SIZE;
  43
  44     CHECK_CALL(InitCKMInfo);
  45     CHECK_CALL(SetCAPrivateKey, caPrivateKey);
  46     CHECK_CALL(SetCAPublicKey, caPublicKey);
  47     CHECK_CALL(SaveCKMInfo);
  48     FUNCTION_CLEAR();
  49 }
  50
  51 PKIError CKMIssueRootCertificate (const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
  52                                   ByteArray *issuedRootCertificate)
  53 {
  54     FUNCTION_INIT();
  55
  56     UTF8String_t *rootName          = NULL;
  57     UTCTime_t *notBefore            = NULL;
  58     UTCTime_t *notAfter             = NULL;
  59     BIT_STRING_t *subjectPublicKey  = NULL;
  60     BIT_STRING_t *issuerPrivateKey  = NULL;
  61
  62     ByteArray pubKeyIss =  BYTE_ARRAY_INITIALIZER;
  63     ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
  64     ByteArray caName = BYTE_ARRAY_INITIALIZER;
  65
  66     uint8_t caPublicKey[PUBLIC_KEY_SIZE];
  67     uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
  68     uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
  69
  70     CHECK_NULL(issuedRootCertificate, ISSUER_NULL_PASSED);
  71     CHECK_NULL(issuedRootCertificate->data, ISSUER_NULL_PASSED);
  72     CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedRootCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
  73
  74     pubKeyIss.data = caPublicKey;
  75     pubKeyIss.len = PUBLIC_KEY_SIZE;
  76     privKeyIss.data = caPrivateKey;
  77     privKeyIss.len = PRIVATE_KEY_SIZE;
  78     caName.data = uint8caName;
  79     caName.len = ISSUER_MAX_NAME_SIZE;
  80
  81     rootName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
  82     CHECK_NULL(rootName, ISSUER_MEMORY_ALLOC_FAILED);
  83
  84     notBefore  = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
  85     CHECK_NULL(notBefore, ISSUER_MEMORY_ALLOC_FAILED);
  86
  87     notAfter = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
  88     CHECK_NULL(notAfter, ISSUER_MEMORY_ALLOC_FAILED);
  89
  90     subjectPublicKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
  91     CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
  92
  93     issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
  94     CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
  95
  96     //RootName
  97     CHECK_CALL(InitCKMInfo);
  98     CHECK_CALL(GetCAName, &caName);
  99     rootName->buf  = caName.data;
 100     rootName->size = caName.len;
 101
 102     //notBefore
 103     if (uint8NotBefore)
 104     {
 105         notBefore->buf = (uint8_t *)uint8NotBefore;
 106     }
 107     else
 108     {
 109         notBefore->buf    = (uint8_t *)ISSUER_DEFAULT_NOT_BEFORE;
 110     }
 111     notBefore->size   = strlen((const char *)notBefore->buf);
 112
 113     //notAfter
 114     if (uint8NotAfter)
 115     {
 116         notAfter->buf = (uint8_t *)uint8NotAfter;
 117     }
 118     else
 119     {
 120         notAfter->buf     = (uint8_t *)ISSUER_DEFAULT_NOT_AFTER;
 121     }
 122     notAfter->size    = strlen((const char *)notAfter->buf);
 123
 124     //common keys
 125     issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 126     issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
 127     CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 128     *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 129
 130     subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 131     subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
 132     CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 133     *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 134     //common keys
 135
 136     //read CA key pair from the CA storage
 137     CHECK_CALL(InitCKMInfo);
 138     CHECK_CALL(GetCAPrivateKey, &privKeyIss);
 139
 140     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 141     memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
 142     CHECK_CALL(GetCAPublicKey, &pubKeyIss);
 143
 144     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 145     memcpy((subjectPublicKey->buf) + 1, pubKeyIss.data, PUBLIC_KEY_SIZE);
 146
 147     CHECK_CALL(GenerateCertificate, rootName, rootName, notBefore, notAfter,
 148                              subjectPublicKey, issuerPrivateKey, issuedRootCertificate);
 149
 150     CHECK_CALL(InitCKMInfo);
 151     CHECK_CALL(SetCACertificate, issuedRootCertificate);
 152     CHECK_CALL(SaveCKMInfo);
 153
 154     FUNCTION_CLEAR(
 155         OICFree(rootName);
 156         OICFree(notBefore);
 157         OICFree(notAfter);
 158         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, subjectPublicKey);
 159         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
 160     );
 161 }
 162
 163 PKIError GenerateKeyPair (ByteArray *privateKey, ByteArray *publicKey)
 164 {
 165     FUNCTION_INIT();
 166     CHECK_NULL(privateKey, ISSUER_NULL_PASSED);
 167     CHECK_NULL(privateKey->data, ISSUER_NULL_PASSED);
 168     CHECK_NULL(publicKey, ISSUER_NULL_PASSED);
 169     CHECK_NULL(publicKey->data, ISSUER_NULL_PASSED);
 170     CHECK_COND(uECC_make_key(publicKey->data, privateKey->data), ISSUER_MAKE_KEY_ERROR);
 171     publicKey->len = PUBLIC_KEY_SIZE;
 172     privateKey->len = PRIVATE_KEY_SIZE;
 173     FUNCTION_CLEAR();
 174 }
 175
 176 PKIError CKMIssueDeviceCertificate (const uint8_t *uint8SubjectName,
 177                                     const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
 178                                     const uint8_t *uint8SubjectPublicKey,
 179                                     ByteArray *issuedCertificate)
 180 {
 181     FUNCTION_INIT();
 182
 183     UTF8String_t *subjectName       = NULL;
 184     UTF8String_t *issuerName        = NULL;
 185     UTCTime_t *notBefore            = NULL;
 186     UTCTime_t *notAfter             = NULL;
 187     BIT_STRING_t *subjectPublicKey  = NULL;
 188     BIT_STRING_t *issuerPrivateKey  = NULL;
 189
 190     ByteArray privKeyIss  = BYTE_ARRAY_INITIALIZER;
 191     ByteArray pubKeySubj  = BYTE_ARRAY_INITIALIZER;
 192     ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER;
 193     ByteArray caName      = BYTE_ARRAY_INITIALIZER;
 194
 195     uint8_t subjPubKey[PUBLIC_KEY_SIZE];
 196     uint8_t subjPrivKey[PRIVATE_KEY_SIZE];
 197     uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
 198     uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
 199
 200     CHECK_NULL(uint8SubjectPublicKey, ISSUER_NULL_PASSED);
 201     CHECK_NULL(issuedCertificate, ISSUER_NULL_PASSED);
 202     CHECK_NULL(issuedCertificate->data, ISSUER_NULL_PASSED);
 203     CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 204
 205     privKeyIss.data = caPrivateKey;
 206     privKeyIss.len = PRIVATE_KEY_SIZE;
 207     pubKeySubj.data = subjPubKey;
 208     pubKeySubj.len = PUBLIC_KEY_SIZE;
 209     privKeySubj.data = subjPrivKey;
 210     privKeySubj.len = PRIVATE_KEY_SIZE;
 211     caName.data = uint8caName;
 212     caName.len = ISSUER_MAX_NAME_SIZE;
 213
 214     subjectName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
 215     CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
 216
 217     issuerName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
 218     CHECK_NULL(issuerName, ISSUER_MEMORY_ALLOC_FAILED);
 219
 220     notBefore = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
 221     CHECK_NULL(notBefore, ISSUER_MEMORY_ALLOC_FAILED);
 222
 223     notAfter = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
 224     CHECK_NULL(notAfter, ISSUER_MEMORY_ALLOC_FAILED);
 225
 226     subjectPublicKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 227     CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
 228
 229     issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 230     CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 231
 232     //SubjectName
 233     if (uint8SubjectName)
 234     {
 235         subjectName->buf = (uint8_t *)uint8SubjectName;
 236     }
 237     else
 238     {
 239         subjectName->buf  = (uint8_t *)ISSUER_DEFAULT_SUBJECT_NAME;
 240     }
 241     subjectName->size = strlen((const char *)subjectName->buf);
 242
 243     //IssuerName
 244     CHECK_CALL(InitCKMInfo);
 245     CHECK_CALL(GetCAName, &caName);
 246     issuerName->buf  = caName.data;
 247     issuerName->size = caName.len;
 248
 249     //notBefore
 250     if (uint8NotBefore)
 251     {
 252         notBefore->buf = (uint8_t *)uint8NotBefore;
 253     }
 254     else
 255     {
 256         notBefore->buf    = (uint8_t *)ISSUER_DEFAULT_NOT_BEFORE;
 257     }
 258     notBefore->size   = strlen((const char *)notBefore->buf);
 259
 260     //notAfter
 261     if (uint8NotAfter)
 262     {
 263         notAfter->buf = (uint8_t *)uint8NotAfter;
 264     }
 265     else
 266     {
 267         notAfter->buf     = (uint8_t *)ISSUER_DEFAULT_NOT_AFTER;
 268     }
 269     notAfter->size    = strlen((const char *)notAfter->buf);
 270
 271     //common keys
 272     issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 273     issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
 274     CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 275     *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 276
 277     subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 278     subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
 279     CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 280     *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 281     //common keys
 282
 283     //read CA private key from the CA storage
 284     CHECK_CALL(InitCKMInfo);
 285     CHECK_CALL(GetCAPrivateKey, &privKeyIss);
 286
 287     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 288     memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
 289
 290     if (!uint8SubjectPublicKey)
 291     {
 292         //GenerateKeyPair
 293         GenerateKeyPair(&privKeySubj, &pubKeySubj);
 294     }
 295     else
 296     {
 297         //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 298         memcpy((subjectPublicKey->buf) + 1, uint8SubjectPublicKey, PUBLIC_KEY_SIZE);
 299     }
 300
 301     CHECK_CALL(GenerateCertificate, subjectName, issuerName, notBefore, notAfter,
 302                              subjectPublicKey, issuerPrivateKey, issuedCertificate);
 303
 304     FUNCTION_CLEAR(
 305         OICFree(subjectName);
 306         OICFree(issuerName);
 307         OICFree(notBefore);
 308         OICFree(notAfter);
 309         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, subjectPublicKey);
 310         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
 311     );
 312 }
 313
 314 PKIError GenerateDERCertificateFile (const ByteArray *certificate, const char *certFileName)
 315 {
 316     FUNCTION_INIT();
 317     FILE *filePointer = NULL;
 318
 319     CHECK_NULL(certFileName, ISSUER_NULL_PASSED);
 320     CHECK_NULL(certificate, ISSUER_NULL_PASSED);
 321     CHECK_NULL(certificate->data, ISSUER_NULL_PASSED);
 322     filePointer = fopen(certFileName, "wb");
 323     CHECK_NULL(filePointer, ISSUER_FILE_WRITE_ERROR);
 324     CHECK_EQUAL(fwrite(certificate->data, 1, certificate->len, filePointer), certificate->len,
 325             ISSUER_FILE_WRITE_ERROR);
 326
 327     FUNCTION_CLEAR(
 328         if(filePointer)
 329             {
 330                 fclose(filePointer);
 331             }
 332         filePointer = NULL;
 333     );
 334 }
 335
 336 PKIError SetSerialNumber (const long serNum)
 337 {
 338     FUNCTION_INIT();
 339
 340     CHECK_LESS_EQUAL(0, serNum, ISSUER_WRONG_SERIAL_NUMBER);
 341     CHECK_CALL(InitCKMInfo);
 342     CHECK_CALL(SetNextSerialNumber, &serNum);
 343     CHECK_CALL(SaveCKMInfo);
 344
 345     FUNCTION_CLEAR();
 346 }
 347
 348 PKIError SetRootName (const ByteArray rootName)
 349 {
 350     FUNCTION_INIT();
 351
 352     CHECK_NULL(rootName.data, ISSUER_NULL_PASSED);
 353     CHECK_LESS(0, rootName.len, ISSUER_WRONG_ROOT_NAME_LEN);
 354     CHECK_LESS(rootName.len, ISSUER_MAX_NAME_SIZE, ISSUER_WRONG_ROOT_NAME_LEN);
 355     CHECK_CALL(InitCKMInfo);
 356     CHECK_CALL(SetCAName, &rootName);
 357     CHECK_CALL(SaveCKMInfo);
 358
 359     FUNCTION_CLEAR();
 360 }
 361
 362 PKIError CKMSetCAInfo (const long serNum, const ByteArray rootName)
 363 {
 364     FUNCTION_INIT();
 365     CHECK_CALL(SetSerialNumber, serNum);
 366     CHECK_CALL(SetRootName, rootName);
 367
 368     FUNCTION_CLEAR();
 369 }
 370
 371 PKIError GenerateCSR (const uint8_t *uint8SubjectName,
 372                       const uint8_t *uint8SubjectPublicKey,
 373                       const uint8_t *uint8SubjectPrivateKey,
 374                       ByteArray *encodedCSR)
 375 {
 376     FUNCTION_INIT();
 377     UTF8String_t *subjectName       = NULL;
 378     BIT_STRING_t *subjectPublicKey  = NULL;
 379     BIT_STRING_t *subjectPrivateKey  = NULL;
 380
 381     CHECK_NULL(uint8SubjectPublicKey, ISSUER_NULL_PASSED);
 382     CHECK_NULL(uint8SubjectPrivateKey, ISSUER_NULL_PASSED);
 383     CHECK_NULL(encodedCSR, ISSUER_NULL_PASSED);
 384     CHECK_NULL(encodedCSR->data, ISSUER_NULL_PASSED);
 385     CHECK_LESS_EQUAL(CSR_MAX_SIZE, encodedCSR->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 386
 387     subjectName = OICCalloc(1, sizeof(UTF8String_t));
 388     CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
 389
 390     subjectPublicKey = OICCalloc(1, sizeof(BIT_STRING_t));
 391     CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
 392
 393     subjectPrivateKey = OICCalloc(1, sizeof(BIT_STRING_t));
 394     CHECK_NULL(subjectPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 395
 396     //SubjectName
 397     if (uint8SubjectName)
 398     {
 399         subjectName->buf = (uint8_t *)uint8SubjectName;
 400     }
 401     else
 402     {
 403         subjectName->buf  = (uint8_t *)ISSUER_DEFAULT_SUBJECT_NAME;
 404     }
 405     subjectName->size = strlen((const char *)subjectName->buf);
 406
 407     //common keys
 408     subjectPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 409     subjectPrivateKey->buf = (uint8_t *)OICCalloc((subjectPrivateKey->size), sizeof(uint8_t));
 410     CHECK_NULL(subjectPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 411     *(subjectPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 412
 413     subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 414     subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
 415     CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 416     *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 417     //common keys
 418
 419     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 420     memcpy((subjectPrivateKey->buf) + 1, uint8SubjectPrivateKey, PRIVATE_KEY_SIZE);
 421     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 422     memcpy((subjectPublicKey->buf) + 1, uint8SubjectPublicKey, PUBLIC_KEY_SIZE);
 423
 424     CHECK_CALL(EncodeCSR, subjectName, subjectPublicKey, subjectPrivateKey, encodedCSR);
 425
 426     FUNCTION_CLEAR(
 427         OICFree(subjectName);
 428         OICFree(subjectPublicKey);
 429         OICFree(subjectPrivateKey->buf);
 430         OICFree(subjectPrivateKey);
 431     );
 432 }
 433
 434 PKIError GenerateCertificateByCSR (const ByteArray *encodedCSR, ByteArray *issuedCertificate)
 435 {
 436     FUNCTION_INIT();
 437     UTF8String_t *subjectName = NULL;
 438     BIT_STRING_t *subjectPublicKey = NULL;
 439     uint8_t uint8SubjectName[ISSUER_MAX_NAME_SIZE];
 440     uint8_t uint8SubjectPublicKey[PUBLIC_KEY_SIZE + 1];
 441
 442     CHECK_NULL(encodedCSR, ISSUER_NULL_PASSED);
 443     CHECK_NULL(encodedCSR->data, ISSUER_NULL_PASSED);
 444     CHECK_NULL(issuedCertificate, ISSUER_NULL_PASSED);
 445     CHECK_NULL(issuedCertificate->data, ISSUER_NULL_PASSED);
 446     CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 447
 448     subjectName = OICCalloc(1, sizeof(UTF8String_t));
 449     CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
 450
 451     subjectPublicKey = OICCalloc(1, sizeof(BIT_STRING_t));
 452     CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
 453
 454     subjectName->buf = uint8SubjectName;
 455     subjectPublicKey->buf = uint8SubjectPublicKey;
 456
 457     CHECK_CALL(DecodeCSR, encodedCSR, subjectName, subjectPublicKey);
 458
 459     uint8SubjectName[subjectName->size] = '\0';
 460     CHECK_CALL(CKMIssueDeviceCertificate, uint8SubjectName, 0, 0, uint8SubjectPublicKey + 1,
 461             //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 462             issuedCertificate);
 463
 464     FUNCTION_CLEAR(
 465         OICFree(subjectPublicKey);
 466         OICFree(subjectName);
 467     );
 468 }
 469
 470 PKIError CKMIssueCRL (const uint8_t *uint8ThisUpdateTime, const uint32_t numberOfRevoked,
 471                       const uint32_t *revokedNumbers, const uint8_t **revocationDates,
 472                       ByteArray *encodedCRL)
 473 {
 474     FUNCTION_INIT();
 475     BIT_STRING_t *issuerPrivateKey                          = NULL;
 476     UTCTime_t *thisUpdateTime                               = NULL;
 477     CertificateRevocationInfo_t *certificateRevocationInfo  = NULL;
 478     UTF8String_t *issuerName                                = NULL;
 479     uint32_t i;
 480
 481     uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
 482     uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
 483
 484     ByteArray privKeyIss     = BYTE_ARRAY_INITIALIZER;
 485     ByteArray caName         = BYTE_ARRAY_INITIALIZER;
 486
 487     CHECK_NULL(numberOfRevoked, ISSUER_NULL_PASSED);
 488     CHECK_NULL(revokedNumbers, ISSUER_NULL_PASSED);
 489     CHECK_NULL(revocationDates, ISSUER_NULL_PASSED);
 490     CHECK_NULL(encodedCRL, ISSUER_NULL_PASSED);
 491     CHECK_NULL(encodedCRL->data, ISSUER_NULL_PASSED);
 492     CHECK_LESS_EQUAL((CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)),
 493                       encodedCRL->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 494
 495     issuerPrivateKey          = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 496     CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 497
 498     thisUpdateTime            = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
 499     CHECK_NULL(thisUpdateTime, ISSUER_MEMORY_ALLOC_FAILED);
 500
 501     issuerName                  = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
 502     CHECK_NULL(issuerName, ISSUER_MEMORY_ALLOC_FAILED);
 503
 504     certificateRevocationInfo = (CertificateRevocationInfo_t *)OICCalloc(numberOfRevoked,
 505                                 sizeof(CertificateRevocationInfo_t));
 506     CHECK_NULL(certificateRevocationInfo, ISSUER_MEMORY_ALLOC_FAILED);
 507
 508     privKeyIss.data = caPrivateKey;
 509     privKeyIss.len  = PRIVATE_KEY_SIZE;
 510     caName.data     = uint8caName;
 511     caName.len      = ISSUER_MAX_NAME_SIZE;
 512
 513     //allocate issuerPrivateKey
 514     issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 515     issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
 516     CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 517     *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 518
 519     //read CA private key from the CA storage
 520     CHECK_CALL(InitCKMInfo);
 521     CHECK_CALL(GetCAPrivateKey, &privKeyIss);
 522     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 523     memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
 524
 525     //thisUpdateTime
 526     if (uint8ThisUpdateTime)
 527     {
 528         thisUpdateTime->buf = (uint8_t *)uint8ThisUpdateTime;
 529     }
 530     else
 531     {
 532         thisUpdateTime->buf    = (uint8_t *)ISSUER_DEFAULT_THIS_UPDATE;
 533     }
 534     thisUpdateTime->size   = strlen((const char *)thisUpdateTime->buf);
 535
 536     //RootName
 537     CHECK_CALL(InitCKMInfo);
 538     CHECK_CALL(GetCAName, &caName);
 539     issuerName->buf  = caName.data;
 540     issuerName->size = caName.len;
 541
 542     // CRI
 543     for ( i = 0; i < numberOfRevoked; i++ )
 544     {
 545         certificateRevocationInfo[i].userCertificate = revokedNumbers[i];
 546         certificateRevocationInfo[i].revocationDate.buf = (uint8_t *)revocationDates[i];
 547         certificateRevocationInfo[i].revocationDate.size =
 548                 strlen((const char *)revocationDates[i]);
 549     }
 550
 551     CHECK_CALL(GenerateCRL, issuerName, thisUpdateTime, numberOfRevoked, certificateRevocationInfo,
 552                     issuerPrivateKey, encodedCRL);
 553
 554     CHECK_CALL(InitCKMInfo);
 555     CHECK_CALL(SetCertificateRevocationList, encodedCRL);
 556     CHECK_CALL(SaveCKMInfo);
 557
 558     FUNCTION_CLEAR(
 559         OICFree(issuerName);
 560         OICFree(thisUpdateTime);
 561         OICFree(certificateRevocationInfo);
 562         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
 563     );
 564 }
 565
 566 PKIError CKMRevocateCertificate (const uint8_t *uint8ThisUpdateTime, const long revokedNumber,
 567                                  ByteArray *encodedCRL)
 568 {
 569     FUNCTION_INIT();
 570     ByteArray oldCRL = BYTE_ARRAY_INITIALIZER;
 571     asn_dec_rval_t rval; /* Decoder return value */
 572     CertificateRevocationList_t *certificateRevocationList = NULL; // Type to decode
 573     CertificateRevocationInfo_t *CRI             = NULL;
 574     long serialNumber = 0;
 575     long numberOfRevoked = 0;
 576     uint32_t crlMaxSize = 0;
 577
 578     BIT_STRING_t *issuerPrivateKey                          = NULL;
 579     uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
 580     ByteArray privKeyIss     = BYTE_ARRAY_INITIALIZER;
 581
 582     CHECK_CALL(InitCKMInfo);
 583     CHECK_CALL(GetNumberOfRevoked, &numberOfRevoked);
 584
 585     crlMaxSize = (CRL_MIN_SIZE +
 586             (numberOfRevoked + 1) * (sizeof(CertificateRevocationInfo_t) + 4));
 587
 588     CHECK_NULL(encodedCRL, ISSUER_NULL_PASSED);
 589     CHECK_NULL(encodedCRL->data, ISSUER_NULL_PASSED);
 590     CHECK_LESS_EQUAL(crlMaxSize, encodedCRL->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 591
 592     //obtain CRL
 593     oldCRL.data = (uint8_t *)OICMalloc(crlMaxSize);
 594     CHECK_NULL(oldCRL.data, ISSUER_MEMORY_ALLOC_FAILED);
 595     oldCRL.len = crlMaxSize;
 596
 597     CHECK_CALL(InitCKMInfo);
 598     CHECK_CALL(GetCertificateRevocationList, &oldCRL);
 599     CHECK_CALL(CloseCKMInfo);
 600
 601     //decode CRL
 602     rval = ber_decode(0, &asn_DEF_CertificateRevocationList, (void **)&certificateRevocationList,
 603                       oldCRL.data, oldCRL.len);
 604     CHECK_EQUAL(rval.code, RC_OK, ISSUER_CSR_DER_DECODE_FAIL);
 605
 606     //add one certificate into CRL
 607     CRI = (CertificateRevocationInfo_t *)OICCalloc(1, sizeof(CertificateRevocationInfo_t));
 608     CHECK_NULL(CRI, ISSUER_CRL_ENCODER_MEMORY_ALLOC_FAILED);
 609
 610     CRI->revocationDate.size = (int)strlen((const char *)uint8ThisUpdateTime);
 611     CRI->revocationDate.buf = OICCalloc((CRI->revocationDate.size) + 1, sizeof(char));
 612     //additional byte for \0 at the end
 613     CHECK_NULL(CRI->revocationDate.buf, ISSUER_CRL_ENCODER_MEMORY_ALLOC_FAILED);
 614
 615     memcpy(CRI->revocationDate.buf, uint8ThisUpdateTime, CRI->revocationDate.size + 1);
 616     //additional byte for \0 at the end
 617
 618     CRI->userCertificate = revokedNumber;
 619     ASN_SEQUENCE_ADD((void *)(&(certificateRevocationList->
 620             tbsCertList.revokedCertificates.list)), (void *)(CRI));
 621
 622     //prepare memory for issuerPrivateKey
 623     issuerPrivateKey          = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 624     CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 625     privKeyIss.data = caPrivateKey;
 626     privKeyIss.len  = PRIVATE_KEY_SIZE;
 627     //allocate issuerPrivateKey
 628     issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 629     issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
 630     CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 631     *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 632
 633     //read CA private key from the CA storage
 634     CHECK_CALL(InitCKMInfo);
 635     CHECK_CALL(GetCAPrivateKey, &privKeyIss);
 636
 637     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 638     memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
 639
 640     //SignCRL
 641     CHECK_CALL(SignCRL, certificateRevocationList, crlMaxSize, issuerPrivateKey, encodedCRL);
 642
 643     CHECK_CALL(InitCKMInfo);
 644     CHECK_CALL(GetCRLSerialNumber, &serialNumber);
 645     serialNumber++;
 646     CHECK_CALL(SetCRLSerialNumber, &serialNumber);
 647     numberOfRevoked++;
 648     CHECK_CALL(SetNumberOfRevoked, &numberOfRevoked);
 649     CHECK_CALL(SetCertificateRevocationList, encodedCRL);
 650     CHECK_CALL(SaveCKMInfo);
 651
 652     FUNCTION_CLEAR(
 653         ASN_STRUCT_FREE(asn_DEF_CertificateRevocationList, certificateRevocationList);
 654         certificateRevocationList = NULL;
 655
 656     );
 657 }
 658
 659 PKIError CKMGetCRL (ByteArray *certificateRevocationList)
 660 {
 661     FUNCTION_INIT();
 662     CHECK_NULL(certificateRevocationList, ISSUER_NULL_PASSED);
 663     CHECK_NULL(certificateRevocationList->data, ISSUER_NULL_PASSED);
 664     CHECK_CALL(InitCKMInfo);
 665     CHECK_CALL(GetCertificateRevocationList, certificateRevocationList);
 666     CHECK_CALL(CloseCKMInfo);
 667
 668     FUNCTION_CLEAR();
 669 }