resource/csdk/security/provisioning/src/oxmmanufacturercert.c

   1 /* *****************************************************************
   2  *
   3  * Copyright 2016 Samsung Electronics All Rights Reserved.
   4  *
   5  *
   6  *
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *     http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  *
  19  * *****************************************************************/
  20
  21 #include <memory.h>
  22
  23 #include "ocstack.h"
  24 #include "securevirtualresourcetypes.h"
  25 #include "doxmresource.h"
  26 #include "credresource.h"
  27 #include "cacommon.h"
  28 #include "cainterface.h"
  29 #include "casecurityinterface.h"
  30 #include "ocrandom.h"
  31 #include "oic_malloc.h"
  32 #include "logger.h"
  33 #include "pbkdf2.h"
  34 #include "global.h"
  35 #include "base64.h"
  36 #include "oxmmanufacturercert.h"
  37 #include "ownershiptransfermanager.h"
  38 #include "srmresourcestrings.h"
  39 #include "pkix_interface.h"
  40 #include "mbedtls/ssl_ciphersuites.h"
  41
  42 #define TAG "OXM_MCertificate"
  43
  44 OCStackResult CreateMCertificateBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
  45 {
  46     if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
  47     {
  48         return OC_STACK_INVALID_PARAM;
  49     }
  50
  51     otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_MANUFACTURER_CERTIFICATE;
  52
  53     return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
  54 }
  55
  56 OCStackResult CreateMCertificateBasedOwnerTransferPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
  57 {
  58     if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
  59     {
  60         return OC_STACK_INVALID_PARAM;
  61     }
  62
  63     OicUuid_t uuidPT = {.id={0}};
  64     *payload = NULL;
  65     *size = 0;
  66
  67     if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
  68     {
  69         OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
  70         return OC_STACK_ERROR;
  71     }
  72     memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
  73
  74     return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
  75 }
  76
  77 OCStackResult PrepareMCertificateCallback(OTMContext_t *otmCtx)
  78 {
  79     OIC_LOG(INFO, TAG, "IN PrepareMCertificateCallback");
  80
  81     if (!otmCtx || !otmCtx->selectedDeviceInfo)
  82     {
  83         return OC_STACK_INVALID_PARAM;
  84     }
  85
  86     if (CA_STATUS_OK != CAregisterPkixInfoHandler(GetManufacturerPkixInfo))
  87     {
  88         OIC_LOG(ERROR, TAG, "Failed to register PkixInfohandler");
  89         return OC_STACK_ERROR;
  90     }
  91
  92     if (CA_STATUS_OK != CAregisterGetCredentialTypesHandler(InitManufacturerCipherSuiteList))
  93     {
  94         OIC_LOG(ERROR, TAG, "Failed to register CredentialTypesHandler");
  95         return OC_STACK_ERROR;
  96     }
  97
  98     OIC_LOG(INFO, TAG, "OUT PrepareMCertificateCallback");
  99
 100     return OC_STACK_OK;
 101 }
 102
 103 OCStackResult CreateSecureSessionMCertificateCallback(OTMContext_t* otmCtx)
 104 {
 105     OIC_LOG(INFO, TAG, "IN CreateSecureSessionMCertificateCallback");
 106
 107     if (!otmCtx || !otmCtx->selectedDeviceInfo)
 108     {
 109         return OC_STACK_INVALID_PARAM;
 110     }
 111
 112     CAResult_t caresult = CAEnableAnonECDHCipherSuite(false);
 113     if (CA_STATUS_OK != caresult)
 114     {
 115         OIC_LOG_V(ERROR, TAG, "Failed to disable anon cipher suite");
 116         return OC_STACK_ERROR;
 117     }
 118     OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
 119
 120     caresult  = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
 121                                     otmCtx->selectedDeviceInfo->endpoint.adapter);
 122     if (CA_STATUS_OK != caresult)
 123     {
 124         OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
 125         return OC_STACK_ERROR;
 126     }
 127     OIC_LOG(INFO, TAG, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite selected.");
 128
 129     OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
 130     CAEndpoint_t *endpoint = (CAEndpoint_t *)OICCalloc(1, sizeof (CAEndpoint_t));
 131     if (NULL == endpoint)
 132     {
 133         return OC_STACK_NO_MEMORY;
 134     }
 135     memcpy(endpoint,&selDevInfo->endpoint,sizeof(CAEndpoint_t));
 136     endpoint->port = selDevInfo->securePort;
 137     caresult = CAInitiateHandshake(endpoint);
 138     OICFree(endpoint);
 139     if (CA_STATUS_OK != caresult)
 140     {
 141         OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
 142         return OC_STACK_ERROR;
 143     }
 144
 145     OIC_LOG(INFO, TAG, "OUT CreateSecureSessionMCertificateCallback");
 146
 147     return OC_STACK_OK;
 148 }