1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
25 #include "oic_malloc.h"
28 #include "psinterface.h"
29 #include "srmresourcestrings.h"
30 #include "crlresource.h"
31 #include "crl_generator.h"
33 //constants used in ckmInfo
34 #define CKM_INFO_IS_NOT_LOADED (0)
35 #define CKM_INFO_IS_LOADED (1)
36 #define CA_PRIVATE_KEY_IS_NOT_SET (0)
37 #define CA_PRIVATE_KEY_IS_SET (1)
38 #define CA_PRIVATE_KEY_DEFAULT_VALUE (0)
39 #define CA_PUBLIC_KEY_IS_NOT_SET (0)
40 #define CA_PUBLIC_KEY_IS_SET (1)
41 #define CA_PUBLIC_KEY_DEFAULT_VALUE (0)
42 #define CA_CERTIFICATE_CHAIN_IS_NOT_SET (0)
43 #define CA_CERTIFICATE_CHAIN_MEMORY_IS_NOT_ALLOCATED (0)
44 #define CA_NAME_IS_NOT_SET (0)
45 #define CA_NAME_DEFAULT_VALUE (0)
46 #define CERTIFICATE_SN_INITIAL_VALUE (1)
47 #define CRL_SN_INITIAL_VALUE (1)
48 #define NUMBER_OF_REVOKED_CERTIFICATES_INITIAL_VALUE (0)
50 //constants used in crlInfo
51 #define CRL_IS_NOT_SET (0)
52 #define CRL_MEMORY_IS_NOT_ALLOCATED (0)
54 static CKMInfo_t g_ckmInfo = {CKM_INFO_IS_NOT_LOADED,
55 CA_PRIVATE_KEY_IS_NOT_SET, {CA_PRIVATE_KEY_DEFAULT_VALUE},
56 CA_PUBLIC_KEY_IS_NOT_SET, {CA_PUBLIC_KEY_DEFAULT_VALUE},
57 CA_CERTIFICATE_CHAIN_IS_NOT_SET,
58 CA_CERTIFICATE_CHAIN_MEMORY_IS_NOT_ALLOCATED,
59 CA_NAME_IS_NOT_SET, {CA_NAME_DEFAULT_VALUE},
60 CERTIFICATE_SN_INITIAL_VALUE, CRL_SN_INITIAL_VALUE,
61 NUMBER_OF_REVOKED_CERTIFICATES_INITIAL_VALUE};
63 static OicSecCrl_t g_crlInfo = {CRL_IS_NOT_SET,
64 BYTE_ARRAY_INITIALIZER, BYTE_ARRAY_INITIALIZER};
68 PKIError InitCKMInfo(void)
71 FILE *filePointer = NULL;
76 if (!g_ckmInfo.CKMInfoIsLoaded)
78 filePointer = fopen(CA_STORAGE_FILE, "rb");
79 if (filePointer) //read existing storage
81 objectsRead = fread(&g_ckmInfo, sizeof(CKMInfo_t), count, filePointer);
82 g_ckmInfo.CACertificateChain = CA_CERTIFICATE_CHAIN_MEMORY_IS_NOT_ALLOCATED;
83 CHECK_EQUAL(objectsRead, count, ISSUER_CA_STORAGE_FILE_READ_ERROR);
85 else ////create new storage
87 filePointer = fopen(CA_STORAGE_FILE, "wb");
88 CHECK_NULL(filePointer, ISSUER_CA_STORAGE_FILE_WRITE_ERROR);
89 objectsWrote = fwrite(&g_ckmInfo, sizeof(CKMInfo_t), count, filePointer);
90 CHECK_EQUAL(objectsWrote, count, ISSUER_CA_STORAGE_FILE_WRITE_ERROR);
94 g_ckmInfo.CKMInfoIsLoaded = CKM_INFO_IS_LOADED;
105 PKIError SaveCKMInfo(void)
108 FILE *filePointer = NULL;
110 int objectsWrote = 0;
112 CHECK_COND(g_ckmInfo.CKMInfoIsLoaded, CKM_INFO_IS_NOT_INIT);
113 filePointer = fopen(CA_STORAGE_FILE, "wb");
114 CHECK_NULL(filePointer, ISSUER_CA_STORAGE_FILE_WRITE_ERROR);
115 objectsWrote = fwrite(&g_ckmInfo, sizeof(CKMInfo_t), count, filePointer);
116 CHECK_EQUAL(objectsWrote, count, ISSUER_CA_STORAGE_FILE_WRITE_ERROR);
117 if ((g_crlInfo.CrlData.data)&&(g_crlInfo.CrlData.len))
121 if (g_ckmInfo.CAChainLength)
134 PKIError CloseCKMInfo(void)
137 CHECK_CALL(SaveCKMInfo);
138 OICFree(g_crlInfo.CrlData.data);
139 g_crlInfo.CrlData.data = CRL_MEMORY_IS_NOT_ALLOCATED;
140 OICFree(g_crlInfo.ThisUpdate.data);
141 g_crlInfo.ThisUpdate.data = CRL_MEMORY_IS_NOT_ALLOCATED;
142 OICFree(g_ckmInfo.CACertificateChain);
143 g_ckmInfo.CACertificateChain = CA_CERTIFICATE_CHAIN_MEMORY_IS_NOT_ALLOCATED;
144 g_ckmInfo.CKMInfoIsLoaded = CKM_INFO_IS_NOT_LOADED;
145 g_crlInfo.CrlId = CRL_IS_NOT_SET;
149 PKIError SetCKMInfo (const long nextSN, const long CRLSerialNumber,
150 const ByteArray *CAPrivateKey, const ByteArray *CAPublicKey,
151 const ByteArray *CAName)
155 CHECK_CALL(SetNextSerialNumber, nextSN);
157 CHECK_CALL(SetCRLSerialNumber, CRLSerialNumber);
159 CHECK_CALL(SetCAPrivateKey, CAPrivateKey);
161 CHECK_CALL(SetCAPublicKey, CAPublicKey);
163 CHECK_CALL(SetCAName, CAName);
168 PKIError GetCKMInfo (long *nextSN, long *CRLSerialNumber,
169 ByteArray *CAPrivateKey, ByteArray *CAPublicKey,
174 CHECK_CALL(GetNextSerialNumber, nextSN);
176 CHECK_CALL(GetCRLSerialNumber, CRLSerialNumber);
178 CHECK_CALL(GetCAPrivateKey, CAPrivateKey);
180 CHECK_CALL(GetCAPublicKey, CAPublicKey);
182 CHECK_CALL(GetCAName, CAName);
188 PKIError SetCAPrivateKey (const ByteArray *CAPrivateKey)
191 CHECK_NULL_BYTE_ARRAY_PTR(CAPrivateKey, ISSUER_CA_STORAGE_NULL_PASSED);
192 CHECK_EQUAL(CAPrivateKey->len, PRIVATE_KEY_SIZE, ISSUER_CA_STORAGE_WRONG_PRIVATE_KEY_LEN);
193 memcpy(g_ckmInfo.CAPrivateKey, CAPrivateKey->data, PRIVATE_KEY_SIZE);
194 g_ckmInfo.CAPrivateKeyIsSet = CA_PRIVATE_KEY_IS_SET;
199 PKIError GetCAPrivateKey (ByteArray *CAPrivateKey)
202 CHECK_COND(g_ckmInfo.CAPrivateKeyIsSet, ISSUER_CA_STORAGE_PRIVATE_KEY_UNDEFINED);
203 CHECK_NULL_BYTE_ARRAY_PTR(CAPrivateKey, ISSUER_CA_STORAGE_NULL_PASSED);
204 memcpy(CAPrivateKey->data, g_ckmInfo.CAPrivateKey, PRIVATE_KEY_SIZE);
205 CAPrivateKey->len = PRIVATE_KEY_SIZE;
211 PKIError SetCAPublicKey (const ByteArray *CAPublicKey)
214 CHECK_NULL_BYTE_ARRAY_PTR(CAPublicKey, ISSUER_CA_STORAGE_NULL_PASSED);
215 CHECK_EQUAL(CAPublicKey->len, PUBLIC_KEY_SIZE, ISSUER_CA_STORAGE_WRONG_PUBLIC_KEY_LEN);
216 memcpy(g_ckmInfo.CAPublicKey, CAPublicKey->data, PUBLIC_KEY_SIZE);
217 g_ckmInfo.CAPublicKeyIsSet = CA_PUBLIC_KEY_IS_SET;
222 PKIError GetCAPublicKey (ByteArray *CAPublicKey)
225 CHECK_COND(g_ckmInfo.CAPublicKeyIsSet, ISSUER_CA_STORAGE_PUBLIC_KEY_UNDEFINED);
226 CHECK_NULL_BYTE_ARRAY_PTR(CAPublicKey, ISSUER_CA_STORAGE_NULL_PASSED);
227 memcpy(CAPublicKey->data, g_ckmInfo.CAPublicKey, PUBLIC_KEY_SIZE);
228 CAPublicKey->len = PUBLIC_KEY_SIZE;
234 PKIError SetCAName (const ByteArray *CAName)
237 CHECK_NULL_BYTE_ARRAY_PTR(CAName, ISSUER_CA_STORAGE_NULL_PASSED);
238 CHECK_LESS_EQUAL(CAName->len, ISSUER_MAX_NAME_SIZE, ISSUER_CA_STORAGE_WRONG_CA_NAME_LEN);
239 memcpy(g_ckmInfo.CAName, CAName->data, CAName->len);
240 g_ckmInfo.CANameSize = (uint32_t)CAName->len;
245 PKIError GetCAName (ByteArray *CAName)
248 CHECK_COND(g_ckmInfo.CANameSize, ISSUER_CA_STORAGE_CA_NAME_UNDEFINED);
249 CHECK_NULL_BYTE_ARRAY_PTR(CAName, ISSUER_CA_STORAGE_NULL_PASSED);
250 memcpy(CAName->data, g_ckmInfo.CAName, g_ckmInfo.CANameSize);
251 CAName->len = g_ckmInfo.CANameSize;
256 //Certificate-related functions
258 #define CERT_LEN_PREFIX (3)
259 #define BYTE_SIZE (8) //bits
261 static void WriteCertPrefix(uint8_t *prefix, uint32_t certLen)
263 for (size_t i = 0; i < CERT_LEN_PREFIX; ++i)
265 prefix[i] = (certLen >> (BYTE_SIZE * (CERT_LEN_PREFIX - 1 - i))) & 0xFF;
269 static uint32_t ParseCertPrefix(uint8_t *prefix)
274 for(int i=0; i < CERT_LEN_PREFIX; ++i)
276 res |= (((uint32_t) prefix[i]) << ((CERT_LEN_PREFIX - 1 -i) * BYTE_SIZE));
282 PKIError InitCRT(void)
285 FILE *filePointer = NULL;
286 uint32_t objectsRead = 0;
287 uint8_t prefix[CERT_LEN_PREFIX] = {0};
289 if (g_ckmInfo.CAChainLength)
291 filePointer = fopen(CA_STORAGE_CRT_FILE, "rb");
292 CHECK_NULL(filePointer, ISSUER_CA_STORAGE_CRT_READ_ERROR);
294 g_ckmInfo.CACertificateChain =
295 (ByteArray *)OICMalloc(sizeof(ByteArray) * g_ckmInfo.CAChainLength);
296 CHECK_NULL(g_ckmInfo.CACertificateChain, ISSUER_CA_STORAGE_MEMORY_ALLOC_FAILED);
298 for (int i = 0; i < g_ckmInfo.CAChainLength; i++)
300 objectsRead = (uint32_t)fread(prefix, sizeof(uint8_t), CERT_LEN_PREFIX, filePointer);
301 CHECK_EQUAL(objectsRead, CERT_LEN_PREFIX, ISSUER_CA_STORAGE_CRT_READ_ERROR);
302 g_ckmInfo.CACertificateChain[i].len = ParseCertPrefix(prefix);
304 g_ckmInfo.CACertificateChain[i].data =
305 (uint8_t *)OICMalloc(g_ckmInfo.CACertificateChain[i].len);
306 CHECK_NULL(g_ckmInfo.CACertificateChain[i].data,
307 ISSUER_CA_STORAGE_MEMORY_ALLOC_FAILED);
308 objectsRead = (uint32_t)fread(g_ckmInfo.CACertificateChain[i].data, sizeof(uint8_t),
309 g_ckmInfo.CACertificateChain[i].len, filePointer);
310 CHECK_EQUAL(objectsRead, g_ckmInfo.CACertificateChain[i].len,
311 ISSUER_CA_STORAGE_CRT_READ_ERROR);
323 PKIError SaveCRT(void)
326 FILE *filePointer = NULL;
327 uint32_t objectsWrote = 0;
328 uint8_t prefix[CERT_LEN_PREFIX] = {0};
330 filePointer = fopen(CA_STORAGE_CRT_FILE, "wb");
331 CHECK_NULL(filePointer, ISSUER_CA_STORAGE_CRT_WRITE_ERROR);
333 for (int i = 0; i < g_ckmInfo.CAChainLength; i++)
335 WriteCertPrefix(prefix, g_ckmInfo.CACertificateChain[i].len);
336 objectsWrote = (uint32_t)fwrite(prefix, sizeof(uint8_t), CERT_LEN_PREFIX, filePointer);
337 CHECK_EQUAL(objectsWrote, CERT_LEN_PREFIX, ISSUER_CA_STORAGE_CRT_WRITE_ERROR);
338 objectsWrote = (uint32_t)fwrite(g_ckmInfo.CACertificateChain[i].data, sizeof(uint8_t),
339 g_ckmInfo.CACertificateChain[i].len, filePointer);
340 CHECK_EQUAL(objectsWrote, g_ckmInfo.CACertificateChain[i].len,
341 ISSUER_CA_STORAGE_CRT_WRITE_ERROR);
354 PKIError SetNextSerialNumber (const long nextSN)
357 CHECK_LESS_EQUAL(0, nextSN, ISSUER_CA_STORAGE_WRONG_SERIAL_NUMBER);
358 g_ckmInfo.nextSerialNumber = nextSN;
363 PKIError GetNextSerialNumber (long *nextSN)
366 CHECK_NULL(nextSN, ISSUER_CA_STORAGE_NULL_PASSED);
367 CHECK_NULL(g_ckmInfo.nextSerialNumber, ISSUER_CA_STORAGE_SN_UNDEFINED);
368 *nextSN = g_ckmInfo.nextSerialNumber;
373 /*CA Certificate Chain*/
374 PKIError SetCAChain (const uint8_t CAChainLength, const ByteArray *CAChain)
377 CHECK_NULL_BYTE_ARRAY_PTR(CAChain, ISSUER_CA_STORAGE_NULL_PASSED);
378 CHECK_NULL(CAChainLength, ISSUER_CA_STORAGE_NULL_PASSED);
380 OICFree(g_ckmInfo.CACertificateChain);
381 g_ckmInfo.CACertificateChain = NULL;
382 g_ckmInfo.CACertificateChain = (ByteArray *)OICMalloc(sizeof(ByteArray) * CAChainLength);
383 CHECK_NULL(g_ckmInfo.CACertificateChain, ISSUER_CA_STORAGE_MEMORY_ALLOC_FAILED);
385 for (int i = 0; i < CAChainLength; i++)
387 g_ckmInfo.CACertificateChain[i].data = (uint8_t *)OICMalloc(CAChain[i].len);
388 CHECK_NULL(g_ckmInfo.CACertificateChain[i].data, ISSUER_CA_STORAGE_MEMORY_ALLOC_FAILED);
389 memcpy(g_ckmInfo.CACertificateChain[i].data, CAChain[i].data, CAChain[i].len);
390 g_ckmInfo.CACertificateChain[i].len = CAChain[i].len;
392 g_ckmInfo.CAChainLength = CAChainLength;
397 PKIError GetCAChain (uint8_t* CAChainLength, ByteArray *CAChain)
400 CHECK_COND(g_ckmInfo.CAChainLength, ISSUER_CA_STORAGE_CA_CHAIN_LENGTH_UNDEFINED);
401 CHECK_NULL_BYTE_ARRAY_PTR(CAChain, ISSUER_CA_STORAGE_NULL_PASSED);
402 CHECK_NULL(CAChainLength, PKI_NULL_PASSED);
404 for (int i = 0; i < g_ckmInfo.CAChainLength; i++)
406 CHECK_LESS_EQUAL(g_ckmInfo.CACertificateChain[i].len, CAChain[i].len,
407 ISSUER_CA_STORAGE_WRONG_BYTE_ARRAY_LEN);
408 memcpy(CAChain[i].data, g_ckmInfo.CACertificateChain[i].data,
409 g_ckmInfo.CACertificateChain[i].len);
410 CAChain[i].len = g_ckmInfo.CACertificateChain[i].len;
413 *CAChainLength = g_ckmInfo.CAChainLength;
419 PKIError SetCACertificate (const ByteArray *CACertificate)
422 CHECK_NULL_BYTE_ARRAY_PTR(CACertificate, ISSUER_CA_STORAGE_NULL_PASSED);
423 CHECK_CALL(SetCAChain, 1, CACertificate);
428 PKIError GetCACertificate (ByteArray *CACertificate)
432 CHECK_NULL_BYTE_ARRAY_PTR(CACertificate, ISSUER_CA_STORAGE_NULL_PASSED);
433 CHECK_CALL(GetCAChain, &i, CACertificate);
437 //CRL-related functions
439 PKIError InitCRL(void)
442 g_crlInfo = *(OicSecCrl_t *)GetCRLResource();
443 CHECK_NULL(g_crlInfo.CrlData.data, ISSUER_CA_STORAGE_NULL_PASSED);
444 CHECK_NULL(g_crlInfo.ThisUpdate.data, ISSUER_CA_STORAGE_NULL_PASSED);
449 PKIError SaveCRL(void)
453 CHECK_EQUAL(UpdateCRLResource(&g_crlInfo),
454 OC_STACK_OK, ISSUER_CA_STORAGE_CRL_WRITE_ERROR);
458 /*CRL Serial Number*/
459 PKIError SetCRLSerialNumber (const long CRLSerialNumber)
462 CHECK_LESS_EQUAL(0, CRLSerialNumber, ISSUER_CA_STORAGE_WRONG_CRL_SERIAL_NUMBER);
463 g_ckmInfo.CRLSerialNumber = CRLSerialNumber;
468 PKIError GetCRLSerialNumber (long *CRLSerialNumber)
471 CHECK_NULL(CRLSerialNumber, ISSUER_CA_STORAGE_NULL_PASSED);
472 CHECK_NULL(g_ckmInfo.CRLSerialNumber, ISSUER_CA_STORAGE_CRL_SN_UNDEFINED);
473 *CRLSerialNumber = g_ckmInfo.CRLSerialNumber;
479 PKIError SetCertificateRevocationList (const ByteArray *certificateRevocationList)
482 CHECK_NULL_BYTE_ARRAY_PTR(certificateRevocationList, ISSUER_CA_STORAGE_NULL_PASSED);
484 OICFree(g_crlInfo.CrlData.data);
485 g_crlInfo.CrlData.data = CRL_MEMORY_IS_NOT_ALLOCATED;
486 g_crlInfo.CrlData.data = (uint8_t *)OICMalloc(certificateRevocationList->len + 1);
487 CHECK_NULL(g_crlInfo.CrlData.data, ISSUER_CA_STORAGE_MEMORY_ALLOC_FAILED);
488 memcpy(g_crlInfo.CrlData.data, certificateRevocationList->data, certificateRevocationList->len);
489 g_crlInfo.CrlData.len = certificateRevocationList->len;
497 PKIError GetCertificateRevocationList (ByteArray *certificateRevocationList)
500 OicSecCrl_t *tmpCRL = NULL;
502 CHECK_COND(g_crlInfo.CrlData.data, ISSUER_CA_STORAGE_CRL_UNDEFINED);
503 CHECK_NULL_BYTE_ARRAY_PTR(certificateRevocationList, ISSUER_CA_STORAGE_NULL_PASSED);
504 tmpCRL = (OicSecCrl_t *)GetCRLResource();
505 CHECK_NULL(tmpCRL, ISSUER_CA_STORAGE_NULL_PASSED);
506 g_crlInfo.CrlId = tmpCRL->CrlId;
507 g_crlInfo.CrlData = tmpCRL->CrlData;
508 g_crlInfo.ThisUpdate = tmpCRL->ThisUpdate;
510 CHECK_LESS_EQUAL(g_crlInfo.CrlData.len, certificateRevocationList->len,
511 ISSUER_WRONG_BYTE_ARRAY_LEN);
512 memcpy(certificateRevocationList->data, g_crlInfo.CrlData.data, g_crlInfo.CrlData.len);
513 certificateRevocationList->len = g_crlInfo.CrlData.len;
520 PKIError SetNumberOfRevoked (const long numberOfRevoked)
523 CHECK_LESS_EQUAL(0, numberOfRevoked, ISSUER_CA_STORAGE_WRONG_CRL_SERIAL_NUMBER);
524 g_ckmInfo.numberOfRevoked = numberOfRevoked;
528 PKIError GetNumberOfRevoked (long *numberOfRevoked)
531 CHECK_NULL(numberOfRevoked, ISSUER_CA_STORAGE_NULL_PASSED);
532 CHECK_NULL(g_ckmInfo.numberOfRevoked, ISSUER_CA_STORAGE_CRL_SN_UNDEFINED);
533 *numberOfRevoked = g_ckmInfo.numberOfRevoked;