1 /* *****************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 * *****************************************************************/
24 #include "securevirtualresourcetypes.h"
25 #include "doxmresource.h"
26 #include "credresource.h"
28 #include "cainterface.h"
29 #include "casecurityinterface.h"
31 #include "oic_malloc.h"
36 #include "oxmmanufacturercert.h"
37 #include "ownershiptransfermanager.h"
38 #include "srmresourcestrings.h"
39 #include "pkix_interface.h"
40 #include "mbedtls/ssl_ciphersuites.h"
42 #define TAG "OXM_MCertificate"
44 OCStackResult CreateMCertificateBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
46 if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
48 return OC_STACK_INVALID_PARAM;
51 otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_MANUFACTURER_CERTIFICATE;
53 return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
56 OCStackResult CreateMCertificateBasedOwnerTransferPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
58 if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
60 return OC_STACK_INVALID_PARAM;
63 OicUuid_t uuidPT = {.id={0}};
67 if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
69 OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
70 return OC_STACK_ERROR;
72 memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
74 return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
77 OCStackResult PrepareMCertificateCallback(OTMContext_t *otmCtx)
79 OIC_LOG(INFO, TAG, "IN PrepareMCertificateCallback");
81 if (!otmCtx || !otmCtx->selectedDeviceInfo)
83 return OC_STACK_INVALID_PARAM;
86 if (CA_STATUS_OK != CAregisterPkixInfoHandler(GetManufacturerPkixInfo))
88 OIC_LOG(ERROR, TAG, "Failed to register PkixInfohandler");
89 return OC_STACK_ERROR;
92 if (CA_STATUS_OK != CAregisterGetCredentialTypesHandler(InitManufacturerCipherSuiteList))
94 OIC_LOG(ERROR, TAG, "Failed to register CredentialTypesHandler");
95 return OC_STACK_ERROR;
98 OIC_LOG(INFO, TAG, "OUT PrepareMCertificateCallback");
103 OCStackResult CreateSecureSessionMCertificateCallback(OTMContext_t* otmCtx)
105 OIC_LOG(INFO, TAG, "IN CreateSecureSessionMCertificateCallback");
107 if (!otmCtx || !otmCtx->selectedDeviceInfo)
109 return OC_STACK_INVALID_PARAM;
112 CAResult_t caresult = CAEnableAnonECDHCipherSuite(false);
113 if (CA_STATUS_OK != caresult)
115 OIC_LOG_V(ERROR, TAG, "Failed to disable anon cipher suite");
116 return OC_STACK_ERROR;
118 OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
120 caresult = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
121 otmCtx->selectedDeviceInfo->endpoint.adapter);
122 if (CA_STATUS_OK != caresult)
124 OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
125 return OC_STACK_ERROR;
127 OIC_LOG(INFO, TAG, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite selected.");
129 OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
130 CAEndpoint_t *endpoint = (CAEndpoint_t *)OICCalloc(1, sizeof (CAEndpoint_t));
131 if (NULL == endpoint)
133 return OC_STACK_NO_MEMORY;
135 memcpy(endpoint,&selDevInfo->endpoint,sizeof(CAEndpoint_t));
136 endpoint->port = selDevInfo->securePort;
137 caresult = CAInitiateHandshake(endpoint);
139 if (CA_STATUS_OK != caresult)
141 OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
142 return OC_STACK_ERROR;
145 OIC_LOG(INFO, TAG, "OUT CreateSecureSessionMCertificateCallback");