1 /* *****************************************************************
\r
3 * Copyright 2017 Samsung Electronics All Rights Reserved.
\r
7 * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * you may not use this file except in compliance with the License.
\r
9 * You may obtain a copy of the License at
\r
11 * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * Unless required by applicable law or agreed to in writing, software
\r
14 * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * See the License for the specific language governing permissions and
\r
17 * limitations under the License.
\r
19 * *****************************************************************/
\r
24 #include "oic_malloc.h"
\r
26 #include "ss_emul.h"
\r
29 #define TAG "OIC_SSEMUL"
\r
31 #define HWIF_MAXPATH (4096)
\r
32 static char HWIF_OWNCERT_FILE_NAME[HWIF_MAXPATH] = {0,};
\r
33 static char HWIF_KEY_FILE_NAME[HWIF_MAXPATH] = {0,};
\r
34 static char HWIF_KEY_PASS[HWIF_MAXPATH] = {0,};
\r
37 /********************************************
\r
41 int LoadCertFile(const char* filepath, uint8_t** cert_chain, size_t* cert_chain_len)
\r
43 if (NULL == filepath || NULL == cert_chain || NULL == cert_chain_len)
\r
45 OIC_LOG(ERROR, TAG, "Invalid parameters");
\r
52 FILE *fp = fopen(filepath, "rb");
\r
57 size_t bytesRead = 0;
\r
60 bytesRead = fread(buffer, 1, sizeof(buffer), fp);
\r
62 } while (bytesRead);
\r
66 OIC_LOG(ERROR,TAG,"File is empty");
\r
71 certchain = (uint8_t*)OICCalloc(1, fsize);
\r
73 if (NULL == certchain)
\r
75 OIC_LOG(ERROR,TAG,"Failed to allocate memory");
\r
81 if (fsize != fread(certchain, 1, fsize, fp))
\r
83 OIC_LOG(ERROR, TAG, "Certiface was not read completely");
\r
89 OIC_LOG_V(ERROR,TAG,"Failed to open cert file : %s", filepath);
\r
93 *cert_chain = certchain;
\r
94 *cert_chain_len = certLen;
\r
96 OIC_LOG_V(INFO, TAG, "Loading cert success [%s]", filepath);
\r
97 OIC_LOG_BUFFER(DEBUG, TAG, certchain, certLen);
\r
102 int LoadKeyFile(mbedtls_pk_context *pkey, const char* filepath, const char* password)
\r
106 OIC_LOG(ERROR, TAG, "Invalid key file path" );
\r
110 int ret = mbedtls_pk_parse_keyfile(pkey, filepath, password);
\r
113 OIC_LOG_V(ERROR, TAG, "Faile to parse key file [0x%x]", ret );
\r
117 OIC_LOG_V(INFO, TAG, "Loading key success [%s]", filepath);
\r
122 /********************************************
\r
123 * HW Secure Storage emulation functions
\r
125 int SSemulSetCertkeyFilepath(const char* cert_filepath,
\r
126 const char* key_filepath, const char* pwd)
\r
128 if (NULL == cert_filepath || NULL == key_filepath)
\r
130 OIC_LOG(ERROR, TAG, "Invalid parameters");
\r
134 if (HWIF_MAXPATH <= strlen(cert_filepath) || !strlen(cert_filepath)
\r
135 || HWIF_MAXPATH <= strlen(key_filepath) || !strlen(key_filepath)
\r
136 || (pwd && (HWIF_MAXPATH <= strlen(pwd))))
\r
138 OIC_LOG(ERROR, TAG, "Invalid large path length");
\r
142 memset(HWIF_OWNCERT_FILE_NAME, 0, HWIF_MAXPATH);
\r
143 memset(HWIF_KEY_FILE_NAME, 0, HWIF_MAXPATH);
\r
144 memset(HWIF_KEY_PASS, 0, HWIF_MAXPATH);
\r
146 strncpy(HWIF_OWNCERT_FILE_NAME, cert_filepath, strlen(cert_filepath));
\r
147 strncpy(HWIF_KEY_FILE_NAME, key_filepath, strlen(key_filepath));
\r
150 strncpy(HWIF_KEY_PASS, pwd, strlen(pwd) + 1);
\r
153 OIC_LOG(INFO, TAG, "[Configure Secure Storage Emulation files]");
\r
154 OIC_LOG_V(INFO, TAG, "OwnCert file[%zu]: %s", strlen(cert_filepath), cert_filepath);
\r
155 OIC_LOG_V(INFO, TAG, "Key file[%zu]: %s", strlen(key_filepath), key_filepath);
\r
158 OIC_LOG_V(INFO, TAG, "Password[%zu]: %s", strlen(pwd), pwd);
\r
163 int SSemulGetKeytype(const void* keyContext)
\r
166 if (0 == strlen(HWIF_KEY_FILE_NAME))
\r
168 OIC_LOG(ERROR, TAG, "Need to set key file name");
\r
169 return KEYTYPE_NONE;
\r
172 int ret = KEYTYPE_NONE;
\r
173 mbedtls_pk_context pk;
\r
174 mbedtls_pk_init(&pk);
\r
177 const char* key_file = HWIF_KEY_FILE_NAME;
\r
178 const char* key_pass = !strlen(HWIF_KEY_PASS) ? NULL : HWIF_KEY_PASS;
\r
179 if (0 > LoadKeyFile(&pk, key_file, key_pass))
\r
181 OIC_LOG(ERROR, TAG, "Fail to load key file");
\r
186 mbedtls_pk_type_t keytype = mbedtls_pk_get_type(&pk);
\r
187 if(MBEDTLS_PK_RSA == keytype)
\r
191 else if(MBEDTLS_PK_ECKEY == keytype ||
\r
192 MBEDTLS_PK_ECKEY_DH == keytype)
\r
198 mbedtls_pk_free(&pk);
\r
202 int SSemulLoadOwncert(const void* keyContext,
\r
203 uint8_t** cert_chain, size_t* cert_chain_len)
\r
206 if (0 == strlen(HWIF_OWNCERT_FILE_NAME))
\r
208 OIC_LOG(ERROR, TAG, "Need to set owncert file name");
\r
212 if (0 != LoadCertFile(HWIF_OWNCERT_FILE_NAME, cert_chain, cert_chain_len))
\r
214 OIC_LOG(ERROR, TAG, "Faile to load the own certificate file");
\r
221 int SSemulGetKeylen(const void* keyContext)
\r
224 if (0 == strlen(HWIF_KEY_FILE_NAME))
\r
226 OIC_LOG(ERROR, TAG, "Need to set private key file name");
\r
231 size_t key_len = 0;
\r
232 mbedtls_pk_context pk;
\r
233 mbedtls_pk_init(&pk);
\r
236 const char* key_file = HWIF_KEY_FILE_NAME;
\r
237 const char* key_pass = !strlen(HWIF_KEY_PASS) ? NULL : HWIF_KEY_PASS;
\r
238 ret = LoadKeyFile(&pk, key_file, key_pass);
\r
241 OIC_LOG_V(ERROR, TAG, "Fail to load key file [0x%x]", ret);
\r
245 key_len = ( 8 * ((const mbedtls_rsa_context *) pk.pk_ctx)->len );
\r
248 OIC_LOG(ERROR, TAG, "Invalid key length");
\r
253 mbedtls_pk_free(&pk);
\r
257 int SSemulRsaSign(const void *keyContext,
\r
258 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
\r
259 int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
\r
260 const unsigned char *hash, unsigned char *sig )
\r
262 if (0 == strlen(HWIF_KEY_FILE_NAME))
\r
264 OIC_LOG(ERROR, TAG, "Need to set private key file name");
\r
268 // workaround for test under sw - 1. load key, 2. sign
\r
272 mbedtls_pk_context pk;
\r
273 mbedtls_pk_init(&pk);
\r
276 const char* key_file = HWIF_KEY_FILE_NAME;
\r
277 const char* key_pass = !strlen(HWIF_KEY_PASS) ? NULL : HWIF_KEY_PASS;
\r
278 ret = LoadKeyFile(&pk, key_file, key_pass);
\r
281 OIC_LOG_V(ERROR, TAG, "Fail to load key file [0x%x]", ret);
\r
285 key_len = ( 8 * ((const mbedtls_rsa_context *) pk.pk_ctx)->len );
\r
288 OIC_LOG(ERROR, TAG, "Invalid key length");
\r
289 ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
\r
292 OIC_LOG_V(INFO, TAG, "key name : %s, mode : %d hashlen : %u md_alg : %d keylen : %zu",
\r
293 (const char*)(keyContext), mode, hashlen, md_alg, key_len);
\r
296 ret = mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *)pk.pk_ctx, f_rng, p_rng,
\r
297 MBEDTLS_RSA_PRIVATE, md_alg, (unsigned int) hashlen, hash, sig);
\r
300 OIC_LOG_V(ERROR, TAG, "Fail to sign [0x%x]", ret);
\r
305 mbedtls_pk_free(&pk);
\r
309 int SSemulEcdsaSign( void *ctx, mbedtls_md_type_t md_alg,
\r
310 const unsigned char *hash, size_t hash_len,
\r
311 unsigned char *sig, size_t *sig_len,
\r
312 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
\r
315 if (0 == strlen(HWIF_KEY_FILE_NAME))
\r
317 OIC_LOG(ERROR, TAG, "Need to set private key file name");
\r
321 // workaround for test under sw - 1. load key, 2. set temp ctx, 3.sign
\r
324 mbedtls_pk_context pk;
\r
325 mbedtls_ecdsa_context ecdsa;
\r
326 mbedtls_ecp_keypair *eckey;
\r
327 mbedtls_pk_init(&pk);
\r
328 mbedtls_ecdsa_init( &ecdsa );
\r
331 const char* key_file = HWIF_KEY_FILE_NAME;
\r
332 const char* key_pass = !strlen(HWIF_KEY_PASS) ? NULL : HWIF_KEY_PASS;
\r
333 ret = LoadKeyFile(&pk, key_file, key_pass);
\r
336 OIC_LOG_V(ERROR, TAG, "Fail to load key file [0x%x]", ret);
\r
341 eckey = (mbedtls_ecp_keypair*)pk.pk_ctx;
\r
342 ret = mbedtls_ecdsa_from_keypair(&ecdsa, eckey);
\r
345 OIC_LOG_V(ERROR, TAG, "Fail to copy key pair [0x%x]", ret);
\r
350 ret = mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) &ecdsa,
\r
351 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng );
\r
354 OIC_LOG_V(ERROR, TAG, "Fail to sign [0x%x]", ret);
\r
357 OIC_LOG_V(INFO, TAG, "Success to sign");
\r
360 mbedtls_ecdsa_free( &ecdsa );
\r
361 mbedtls_pk_free(&pk);
\r
362 OIC_LOG_V(INFO, TAG, "Out %s", __func__);
\r