#include "srmutility.h"
#include "stdbool.h"
#include "securevirtualresourcetypes.h"
-#ifdef __WITH_X509__
-#include "ck_manager.h"
-//Certificate-related functions
-#define CERT_LEN_PREFIX (3)
-#define BYTE_SIZE (8) //bits
-#define CHAIN_LEN (2) //TODO: replace by external define or a runtime value
-#endif //__WITH_X509__
-
-#define TAG "SRPAPI-CG"
+#define TAG "OIC_SRPAPI_CG"
OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySize,
const OicUuid_t *ptDeviceId, const OicUuid_t *firstDeviceId,
const OicUuid_t *secondDeviceId, OicSecCred_t **firstCred, OicSecCred_t **secondCred)
{
- if (NULL == ptDeviceId || NULL == firstDeviceId || NULL != *firstCred || \
- NULL == secondDeviceId || NULL != *secondCred)
+ if (NULL == ptDeviceId || NULL == firstDeviceId || NULL == firstCred || NULL != *firstCred || \
+ NULL == secondDeviceId || NULL == secondCred || NULL != *secondCred)
{
OIC_LOG(INFO, TAG, "Invalid params");
return OC_STACK_INVALID_PARAM;
uint8_t *privData = (uint8_t *)OICCalloc(privDataKeySize, sizeof(uint8_t));
VERIFY_NON_NULL(TAG, privData, ERROR);
- OicSecKey_t privKey = {privData, keySize};
+ OicSecKey_t privKey = {.data=privData, .len=keySize};
OCFillRandomMem(privData, privDataKeySize);
// TODO: currently owner array is 1. only provisioning tool's id.
- tempFirstCred = GenerateCredential(secondDeviceId, type, NULL, &privKey, 1, ptDeviceId);
+ tempFirstCred = GenerateCredential(secondDeviceId, type, NULL, &privKey, ptDeviceId, NULL);
VERIFY_NON_NULL(TAG, tempFirstCred, ERROR);
// TODO: currently owner array is 1. only provisioning tool's id.
- tempSecondCred = GenerateCredential(firstDeviceId, type, NULL, &privKey, 1, ptDeviceId);
+ tempSecondCred = GenerateCredential(firstDeviceId, type, NULL, &privKey, ptDeviceId, NULL);
VERIFY_NON_NULL(TAG, tempSecondCred, ERROR);
*firstCred = tempFirstCred;
res = OC_STACK_OK;
exit:
+ OICClearMemory(privData, privDataKeySize);
OICFree(privData);
if(res != OC_STACK_OK)
return res;
}
-
-#ifdef __WITH_X509__
-static void writeCertPrefix(uint8_t *prefix, uint32_t certLen)
-{
- for (size_t i = 0; i < CERT_LEN_PREFIX; ++i)
- {
- prefix[i] = (certLen >> (BYTE_SIZE * (CERT_LEN_PREFIX - 1 - i))) & 0xFF;
- }
-}
-
-static uint32_t appendCert2Chain(uint8_t *appendPoint, uint8_t *cert, size_t len)
-{
- uint32_t ret = 0;
- VERIFY_NON_NULL(TAG, appendPoint, ERROR);
- VERIFY_NON_NULL(TAG, cert, ERROR);
-
- memcpy(appendPoint + CERT_LEN_PREFIX, cert, len);
- writeCertPrefix(appendPoint, len);
-
- ret = len + CERT_LEN_PREFIX;
-exit:
- return ret;
-}
-
-/**
- * Function to generate Base64 encoded credential data for device.
- *
- * @param[in] subject Device id.
- * @param[out] certificateChain Pointer to Array of Base64 encoded certificate strings.
- * @param[out] chainLength Pointer to number of the certificates in certificateChain.
- * @param[out] privKey Pointer to Base64 encoded private key.
- * @return OC_STACK_OK on success
- */
-static OCStackResult GenerateCertificateAndKeys(const OicUuid_t * subject, OicSecCert_t * certificateChain,
- OicSecKey_t * privKey)
-{
- if (NULL == subject || NULL == certificateChain || NULL == privKey)
- {
- return OC_STACK_INVALID_PARAM;
- }
- certificateChain->data = NULL;
- privKey->data = NULL;
-
- ByteArray pubKeyBA = BYTE_ARRAY_INITIALIZER;
- ByteArray privKeyBA = BYTE_ARRAY_INITIALIZER;
- ByteArray cert[CHAIN_LEN];
-
- uint8_t pubKeyData[PUBLIC_KEY_SIZE] = {0};
- uint8_t privKeyData[PRIVATE_KEY_SIZE] = {0};
- uint8_t certData[ISSUER_MAX_CERT_SIZE * CHAIN_LEN] = {0};
- uint8_t subjName[UUID_LENGTH + 1] = {0};
-
- pubKeyBA.data = pubKeyData;
- pubKeyBA.len = PUBLIC_KEY_SIZE;
- privKeyBA.data = privKeyData;
- privKeyBA.len = PRIVATE_KEY_SIZE;
- for (size_t i = 0; i < CHAIN_LEN; ++i)
- {
- cert[i].data = certData + ISSUER_MAX_CERT_SIZE * i;
- cert[i].len = ISSUER_MAX_CERT_SIZE;
- }
-
- memcpy(subjName, subject->id, UUID_LENGTH);
- subjName[UUID_LENGTH] = '\0';
-
- if (PKI_SUCCESS != GenerateKeyPair(&privKeyBA, &pubKeyBA))
- {
- OIC_LOG(ERROR, TAG, "Error generating keys.");
- return OC_STACK_ERROR;
- }
- if (PKI_SUCCESS != CKMIssueDeviceCertificate(subjName, NULL, NULL, pubKeyBA.data, cert))
- {
- OIC_LOG(ERROR, TAG, "Error generating certificate.");
- return OC_STACK_ERROR;
- }
-
- uint8_t numCert = 0;
- if (PKI_SUCCESS != GetCAChain(&numCert , cert + 1))
- {
- OIC_LOG(ERROR, TAG, "Error getting CA certificate chain.");
- return OC_STACK_ERROR;
- }
-
- numCert ++;
- uint32_t len = 0;
- for (size_t i = 0; i < numCert; i++)
- {
- certificateChain->data = (uint8_t *) OICRealloc(certificateChain->data,
- len + cert[i].len + CERT_LEN_PREFIX);
- if (NULL == certificateChain->data)
- {
- OIC_LOG(ERROR, TAG, "Error while memory allocation");
- return OC_STACK_ERROR;
- }
-
- uint32_t appendedLen = appendCert2Chain(certificateChain->data + len,
- cert[i].data, cert[i].len);
- if (0 == appendedLen)
- {
- OIC_LOG(ERROR, TAG, "Error while certifiacate chain creation.");
- OICFree(certificateChain->data);
- certificateChain->len = 0;
- return OC_STACK_ERROR;
- }
- len += appendedLen;
- }
- certificateChain->len = len;
- privKey->data = (uint8_t*) OICMalloc(PRIVATE_KEY_SIZE);
- if (NULL == privKey->data)
- {
- OIC_LOG(ERROR, TAG, "Error while memory allocation");
- OICFree(certificateChain->data);
- certificateChain->len = 0;
- privKey->len = 0;
- return OC_STACK_ERROR;
- }
- memcpy(privKey->data, privKeyData, PRIVATE_KEY_SIZE);
- privKey->len = PRIVATE_KEY_SIZE;
-
- return OC_STACK_OK;
-}
-
-OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId,
- const OicUuid_t *deviceId, OicSecCred_t **const cred)
-{
- if (NULL == ptDeviceId || NULL == deviceId || NULL == cred)
- {
- return OC_STACK_INVALID_PARAM;
- }
- OicSecCert_t certificateChain;
- OicSecKey_t privKey;
- if (OC_STACK_OK != GenerateCertificateAndKeys(deviceId, &certificateChain, &privKey))
- {
- OIC_LOG(ERROR, TAG, "Error while generating credential data.");
- return OC_STACK_ERROR;
- }
-
- *cred = GenerateCredential(deviceId, SIGNED_ASYMMETRIC_KEY, &certificateChain,
- &privKey, 1, ptDeviceId);
- return OC_STACK_OK;
-}
-#endif // __WITH_X509__