resource/csdk/security/provisioning/src/oxmmanufacturercert.c

   1 /* *****************************************************************
   2  *
   3  * Copyright 2016 Samsung Electronics All Rights Reserved.
   4  *
   5  *
   6  *
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *     http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  *
  19  * *****************************************************************/
  20
  21 #include <memory.h>
  22
  23 #include "ocstack.h"
  24 #include "securevirtualresourcetypes.h"
  25 #include "doxmresource.h"
  26 #include "credresource.h"
  27 #include "cacommon.h"
  28 #include "cainterface.h"
  29 #include "casecurityinterface.h"
  30 #include "ocrandom.h"
  31 #include "oic_malloc.h"
  32 #include "logger.h"
  33 #include "pbkdf2.h"
  34 #include "base64.h"
  35 #include "oxmmanufacturercert.h"
  36 #include "ownershiptransfermanager.h"
  37 #include "srmresourcestrings.h"
  38 #include "pkix_interface.h"
  39 #include "mbedtls/ssl_ciphersuites.h"
  40
  41 #define TAG "OXM_MCertificate"
  42
  43 OCStackResult CreateMCertificateBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
  44 {
  45     if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
  46     {
  47         return OC_STACK_INVALID_PARAM;
  48     }
  49
  50     otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_MANUFACTURER_CERTIFICATE;
  51
  52     return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
  53 }
  54
  55 OCStackResult CreateConMCertificateBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
  56 {
  57     if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
  58     {
  59         return OC_STACK_INVALID_PARAM;
  60     }
  61
  62     otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_CON_MFG_CERT;
  63
  64     return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
  65 }
  66
  67 OCStackResult CreateMCertificateBasedOwnerTransferPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
  68 {
  69     if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
  70     {
  71         return OC_STACK_INVALID_PARAM;
  72     }
  73
  74     OicUuid_t uuidPT = {.id={0}};
  75     *payload = NULL;
  76     *size = 0;
  77
  78     if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
  79     {
  80         OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
  81         return OC_STACK_ERROR;
  82     }
  83     memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
  84
  85     return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
  86 }
  87
  88 OCStackResult PrepareMCertificateCallback(OTMContext_t *otmCtx)
  89 {
  90     OIC_LOG(INFO, TAG, "IN PrepareMCertificateCallback");
  91
  92     if (!otmCtx || !otmCtx->selectedDeviceInfo)
  93     {
  94         return OC_STACK_INVALID_PARAM;
  95     }
  96
  97     if (CA_STATUS_OK != CAregisterPkixInfoHandler(GetManufacturerPkixInfo))
  98     {
  99         OIC_LOG(ERROR, TAG, "Failed to register PkixInfohandler");
 100         return OC_STACK_ERROR;
 101     }
 102
 103     if (CA_STATUS_OK != CAregisterGetCredentialTypesHandler(InitManufacturerCipherSuiteList))
 104     {
 105         OIC_LOG(ERROR, TAG, "Failed to register CredentialTypesHandler");
 106         return OC_STACK_ERROR;
 107     }
 108
 109     OIC_LOG(INFO, TAG, "OUT PrepareMCertificateCallback");
 110
 111     return OC_STACK_OK;
 112 }
 113
 114 OCStackResult CreateSecureSessionMCertificateCallback(OTMContext_t* otmCtx)
 115 {
 116     OIC_LOG(INFO, TAG, "IN CreateSecureSessionMCertificateCallback");
 117
 118     if (!otmCtx || !otmCtx->selectedDeviceInfo)
 119     {
 120         return OC_STACK_INVALID_PARAM;
 121     }
 122
 123     CAResult_t caresult = CAEnableAnonECDHCipherSuite(false);
 124     if (CA_STATUS_OK != caresult)
 125     {
 126         OIC_LOG_V(ERROR, TAG, "Failed to disable anon cipher suite");
 127         return OC_STACK_ERROR;
 128     }
 129     OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
 130
 131     caresult  = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
 132                                     otmCtx->selectedDeviceInfo->endpoint.adapter);
 133     if (CA_STATUS_OK != caresult)
 134     {
 135         OIC_LOG_V(ERROR, TAG, "Failed to select MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8");
 136         return OC_STACK_ERROR;
 137     }
 138     OIC_LOG(INFO, TAG, "MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher suite selected.");
 139
 140     OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
 141     CAEndpoint_t *endpoint = (CAEndpoint_t *)OICCalloc(1, sizeof (CAEndpoint_t));
 142     if (NULL == endpoint)
 143     {
 144         return OC_STACK_NO_MEMORY;
 145     }
 146     memcpy(endpoint,&selDevInfo->endpoint,sizeof(CAEndpoint_t));
 147     endpoint->port = selDevInfo->securePort;
 148     caresult = CAInitiateHandshake(endpoint);
 149     OICFree(endpoint);
 150     if (CA_STATUS_OK != caresult)
 151     {
 152         OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
 153         return OC_STACK_ERROR;
 154     }
 155
 156     OIC_LOG(INFO, TAG, "OUT CreateSecureSessionMCertificateCallback");
 157
 158     return OC_STACK_OK;
 159 }