#include <apps/netutils/mqtt_api.h>
-#if defined(CONFIG_NETUTILS_MQTT_SECURITY) && defined(CONFIG_HW_RSA)
+#if defined(CONFIG_NETUTILS_MQTT_SECURITY)
#include "tls/x509_crt.h"
#include "tls/pem.h"
-#include "tls/sss_key.h"
-#include "tls/see_api.h"
#endif
/****************************************************************************
g_tls.key = mqtt_get_client_key(); /* the pointer of key buffer */
g_tls.key_len = mqtt_get_client_key_size(); /* the length of key buffer */
-#if defined(CONFIG_HW_RSA)
- see_init();
-
- mbedtls_pem_context pem;
-
- mbedtls_pem_init(&pem);
-
- if ((ret = (mbedtls_pem_read_buffer(&pem, "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----", g_tls.key, NULL, 0, (unsigned int *)&g_tls.key_len))) != 0) {
- fprintf(stderr, "Error: parse key fail. (ret: %d)\n", ret);
- mbedtls_pem_free(&pem);
- goto done;
- }
-
- unsigned int index1 = see_get_keyindex(SECURE_STORAGE_TYPE_KEY_RSA);
-
- if (see_setup_key(pem.buf, pem.buflen, SECURE_STORAGE_TYPE_KEY_RSA, index1)) {
- fprintf(stderr, "Error: set_key fail. (ret: %d)\n", ret);
- mbedtls_pem_free(&pem);
- goto done;
- }
-
- g_tls.key = (const unsigned char *)index1;
- g_tls.key_len = pem.buflen;
-
- mbedtls_pem_free(&pem);
-#endif
#endif
/* set mqtt config */
memset(&g_mqtt_client_config, 0, sizeof(g_mqtt_client_config));
destroy_config();
sem_destroy(&g_mqtt_pub_sem);
-#if defined(CONFIG_NETUTILS_MQTT_SECURITY) && defined(CONFIG_HW_RSA)
- see_free_keyindex(SECURE_STORAGE_TYPE_KEY_RSA, (unsigned int)g_tls.key);
- see_free();
-#endif
-
return result;
}
#include <apps/netutils/mqtt_api.h>
-#if defined(CONFIG_NETUTILS_MQTT_SECURITY) && defined(CONFIG_HW_RSA)
+#if defined(CONFIG_NETUTILS_MQTT_SECURITY)
#include "tls/x509_crt.h"
#include "tls/pem.h"
-#include "tls/sss_key.h"
-#include "tls/see_api.h"
#endif
/****************************************************************************
g_tls.key = mqtt_get_client_key(); /* the pointer of key buffer */
g_tls.key_len = mqtt_get_client_key_size(); /* the length of key buffer */
-#if defined(CONFIG_HW_RSA)
- see_init();
-
- mbedtls_pem_context pem;
-
- mbedtls_pem_init(&pem);
-
- if ((ret = (mbedtls_pem_read_buffer(&pem, "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----", g_tls.key, NULL, 0, (unsigned int *)&g_tls.key_len))) != 0) {
- fprintf(stderr, "Error: parse key fail. (ret: %d)\n", ret);
- mbedtls_pem_free(&pem);
- goto done;
- }
-
- unsigned int index1 = see_get_keyindex(SECURE_STORAGE_TYPE_KEY_RSA);
-
- if (see_setup_key(pem.buf, pem.buflen, SECURE_STORAGE_TYPE_KEY_RSA, index1)) {
- fprintf(stderr, "Error: set_key fail. (ret: %d)\n", ret);
- mbedtls_pem_free(&pem);
- goto done;
- }
-
- g_tls.key = (const unsigned char *)index1;
- g_tls.key_len = pem.buflen;
-
- mbedtls_pem_free(&pem);
-#endif
#endif
/* set mqtt config */
done:
deinit_variables();
-#if defined(CONFIG_NETUTILS_MQTT_SECURITY) && defined(CONFIG_HW_RSA)
- see_free_keyindex(SECURE_STORAGE_TYPE_KEY_RSA, (unsigned int)g_tls.key);
- see_free();
-#endif
-
return result;
}
int etm; /* negotiate encrypt then mac? */
} opt;
-#if defined(MBEDTLS_HAS_SECURE_STORAGE)
-int see_generate_random_wrap_client(void *ctx, unsigned char *buf, size_t len)
-{
- uint32_t ret;
- see_data_t ran;
- ran.length = len;
-
- if ((ret = see_generate_random(&ran)) != 0) {
- return -1;
- }
-
- memcpy(buf, ran.data, len);
- free(ran.data);
- return 0;
-}
-#endif
-
static void my_debug(void *ctx, int level,
const char *file, int line,
const char *str)
#endif
const char *pers = "ssl_client2";
-#if defined(MBEDTLS_HAS_SECURE_STORAGE)
- uint8_t type = 20;
- unsigned char cer_buf[1500];
- size_t cer_buflen;
- see_data_t cert;
-#endif
-
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_printf("ok\n");
-#if defined(MBEDTLS_HAS_SECURE_STORAGE)
- /*
- * 0.1. Initialize Secure Element (T9MF)
- */
- mbedtls_printf("\n . Init Secure Element...");
-
- if ((ret = see_init()) != 0) {
- printf(" failed\n ! Init Secure Element Fail %d\n", ret);
- goto exit;
- }
-
- mbedtls_printf(" ok\n");
-#endif
-
/*
* 1. Load the trusted CA
*/
mbedtls_printf(" . Loading the CA root certificate ...");
fflush(stdout);
-#if defined(MBEDTLS_HAS_SECURE_STORAGE)
- if ((ret = mbedtls_x509_crt_parse(&cacert,
- (const unsigned char *)samsung_ca_cert,
- samsung_ca_cert_len)) < 0)
-#else
- if ((ret = mbedtls_x509_crt_parse(&cacert,
- (const unsigned char *)mbedtls_test_ca_crt_rsa,
- mbedtls_test_ca_crt_rsa_len)) < 0)
-#endif
+ if ((ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)mbedtls_test_ca_crt_rsa, mbedtls_test_ca_crt_rsa_len)) < 0)
{
- mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
- -ret);
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);
goto exit;
}
/*
* 1.2. Load own certificate
*/
-#if defined(MBEDTLS_HAS_SECURE_STORAGE)
- mbedtls_printf(" . Loading the SE cert...");
- fflush(stdout);
-
- /* Get cert from Secure element */
- if ((ret = see_get_certificate(0, &cert, &type)) != 0) {
- return NULL;
- }
-
- memcpy(cer_buf, cert.data, cert.length);
-
- cer_buflen = cert.length + 1;
- cer_buf[cer_buflen - 1] = '\0';
-
- if ((ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *)cer_buf,
- cer_buflen)) != 0)
-#else
mbedtls_printf(" . Loading the own cert...");
fflush(stdout);
- if ((ret = mbedtls_x509_crt_parse(&clicert,
- (const unsigned char *)mbedtls_test_cli_crt_rsa,
- mbedtls_test_cli_crt_rsa_len)) != 0)
-#endif
+ if ((ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *)mbedtls_test_cli_crt_rsa, mbedtls_test_cli_crt_rsa_len)) != 0)
{
- mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
- -ret);
- goto exit;
- }
-
- mbedtls_printf(" ok\n");
-
-#if !defined(MBEDTLS_HAS_SECURE_ELEMENT)
- /*
- * 1.3. Load private key
- */
- mbedtls_printf(" . Loading the Private Key...");
- fflush(stdout);
-
- if ((ret = mbedtls_pk_parse_key(&pkey,
- (const unsigned char *)mbedtls_test_cli_key_rsa,
- mbedtls_test_cli_key_rsa_len, NULL, 0)) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);
goto exit;
}
mbedtls_printf(" ok\n");
-#endif
/*
* 2. Start the connection
mbedtls_printf(" . Setting up the SSL/TLS structure...");
fflush(stdout);
-#if defined(MBEDTLS_HAS_SECURE_ELEMENT)
- /* Setup SE callback routine */
- ret = mbedtls_pk_setup_ecdsa_alt(&pkey, NULL, see_ecdsa_decrypt_func,
- see_ecdsa_sign_func, see_ecdsa_key_len_func);
-#endif
-
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
opt.transport,
}
#endif
-#if defined(MBEDTLS_HAS_SECURE_STORAGE)
- mbedtls_ssl_conf_rng(&conf, see_generate_random_wrap_client, &ctr_drbg);
-#else
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
-#endif
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
* Preprocessor Definitions
****************************************************************************/
-#ifdef CONFIG_TLS_WITH_SSS
-#define WEBCLIENT_STACK_SIZE (1024 * 12)
-#else
#define WEBCLIENT_STACK_SIZE (1024 * 8)
-#endif
#define WEBCLIENT_SCHED_PRI 100
#define WEBCLIENT_SCHED_POLICY SCHED_RR
char **argv;
};
-#ifdef CONFIG_HW_RSA
-#include "tls/sss_key.h"
-#include "tls/see_api.h"
-
-#define WEBCLIENT_CA_KEY_INDEX 3
-#define WEBCLIENT_DEV_KEY_INDEX 4
-#define WEBCLIENT_CA_CERT_INDEX 3
-#define WEBCLIENT_DEV_CERT_INDEX 4
-
-#else
const char c_ca_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
-#endif /* CONFIG_HW_RSA */
static const char headerfield_connect[] = "Connect";
static const char headerfield_close[] = "close";
#ifdef CONFIG_NET_SECURITY_TLS
/* send HTTPS request */
if (!strncmp(request.url, "https", 5)) {
-#ifdef CONFIG_HW_RSA
- int ret;
- see_init();
-
- /* Setup post key */
- if ((ret = see_setup_key(sss_da_rsa_ca, sizeof(sss_da_rsa_ca),
- SECURE_STORAGE_TYPE_KEY_RSA, WEBCLIENT_CA_KEY_INDEX)) != 0) {
- printf(" failed\n ! see_setup_key ca 0x%x\n\n", ret);
- goto release_out_tls;
- }
- if ((ret = see_setup_key(sss_da_rsa_dev, sizeof(sss_da_rsa_dev),
- SECURE_STORAGE_TYPE_KEY_RSA, WEBCLIENT_DEV_KEY_INDEX)) != 0) {
- printf(" failed\n ! see_setup_key dev 0x%x\n\n", ret);
- goto release_out_tls;
- }
-
- if ((ret = see_set_certificate(sss_ca_crt, sizeof(sss_ca_crt),
- WEBCLIENT_CA_CERT_INDEX, CERT_PEM)) != 0) {
- printf("Error: set_cert fail %d\n", ret);
- goto release_out_tls;
- }
-
- if ((ret = see_set_certificate(sss_dev_crt, sizeof(sss_dev_crt),
- WEBCLIENT_DEV_CERT_INDEX, CERT_PEM)) != 0) {
- printf("Error: set_cert fail %d\n", ret);
- goto release_out_tls;
- }
-
- ssl_config.ca_key_index = WEBCLIENT_CA_KEY_INDEX;
- ssl_config.dev_key_index = WEBCLIENT_DEV_KEY_INDEX;
- ssl_config.ca_cert_index = WEBCLIENT_CA_CERT_INDEX;
- ssl_config.dev_cert_index = WEBCLIENT_DEV_CERT_INDEX;
-#else
ssl_config.root_ca = (char *)c_ca_crt_rsa;
ssl_config.root_ca_len = sizeof(c_ca_crt_rsa);
ssl_config.dev_cert = (char *)c_cli_crt_rsa;
ssl_config.dev_cert_len = sizeof(c_cli_crt_rsa);
ssl_config.private_key = (char *)c_cli_key_rsa;
ssl_config.private_key_len = sizeof(c_cli_key_rsa);
-#endif /* CONFIG_HW_RSA */
/* before sending request by sync function,
* must initialize response structure
*/
if (http_client_send_request(&request, &ssl_config, &response)) {
printf("fail to send request\n");
http_client_response_release(&response);
- goto release_out_tls;
+ goto release_out;
} else {
printf("----------sync response----------\n");
printf("status %d %s\n", response.status, response.phrase);
if (http_client_send_request_async(&request, &ssl_config, (wget_callback_t)callback)) {
printf("fail to send request\n");
- goto release_out_tls;
- return NULL;
+ goto release_out;
}
} else
#endif
if (request.async_flag < 0) {
printf("fail to send request\n");
}
-#ifdef CONFIG_NET_SECURITY_TLS
-release_out_tls:
-#ifdef CONFIG_HW_RSA
- see_free();
-#endif
-#endif
+
release_out:
/* before finish of app,
* must release keyvalue list for request headers
char **argv;
};
-#ifdef CONFIG_HW_RSA
-#include "tls/sss_key.h"
-#include "tls/see_api.h"
-
-#define WEBSERVER_CA_KEY_INDEX 1
-#define WEBSERVER_DEV_KEY_INDEX 2
-#define WEBSERVER_CA_CERT_INDEX 1
-#define WEBSERVER_DEV_CERT_INDEX 2
-
-#else
const char ca_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
-#endif /* CONFIG_HW_RSA */
static const char g_httpcontype[] = "Content-type";
static const char g_httpconhtml[] = "text/html";
printf("Error: Cannot allocate server structure!!\n");
return NULL;
}
-#if defined(CONFIG_HW_RSA)
- int ret;
-
- see_init();
-
- /* Setup post key */
- /* THIS CODE SHOULD BE REMOVED AFTER USING SSS KEY AND CERT */
- if ((ret = see_setup_key(sss_da_rsa_ca, sizeof(sss_da_rsa_ca),
- SECURE_STORAGE_TYPE_KEY_RSA, WEBSERVER_CA_KEY_INDEX)) != 0) {
- printf(" failed\n ! see_setup_key ca 0x%x\n\n", ret);
- return NULL;
- }
- if ((ret = see_setup_key(sss_da_rsa_dev, sizeof(sss_da_rsa_dev),
- SECURE_STORAGE_TYPE_KEY_RSA, WEBSERVER_DEV_KEY_INDEX)) != 0) {
- printf(" failed\n ! see_setup_key dev 0x%x\n\n", ret);
- return NULL;
- }
-
- if ((ret = see_set_certificate(sss_ca_crt, sizeof(sss_ca_crt),
- WEBSERVER_CA_CERT_INDEX, CERT_PEM)) != 0) {
- printf("Error: set_cert fail %d\n", ret);
- return NULL;
- }
-
- if ((ret = see_set_certificate(sss_dev_crt, sizeof(sss_dev_crt),
- WEBSERVER_DEV_CERT_INDEX, CERT_PEM)) != 0) {
- printf("Error: set_cert fail %d\n", ret);
- return NULL;
- }
-
- ssl_config.ca_key_index = WEBSERVER_CA_KEY_INDEX;
- ssl_config.dev_key_index = WEBSERVER_DEV_KEY_INDEX;
- ssl_config.ca_cert_index = WEBSERVER_CA_CERT_INDEX;
- ssl_config.dev_cert_index = WEBSERVER_DEV_CERT_INDEX;
- ssl_config.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
-#else
ssl_config.root_ca = (char *)ca_crt_rsa;
ssl_config.root_ca_len = sizeof(ca_crt_rsa);
ssl_config.dev_cert = (char *)srv_crt_rsa;
ssl_config.private_key = (char *)srv_key_rsa;
ssl_config.private_key_len = sizeof(srv_key_rsa);
ssl_config.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
-#endif /* CONFIG_HW_RSA */
if (http_tls_init(https_server, &ssl_config) != 0) {
printf("ssl config Error\n");
stop:
printf("Exit Web server...\n");
http_server_stop(http_server);
-#ifdef CONFIG_NET_SECURITY_TLS
- http_server_stop(https_server);
-#endif
-
-#ifdef CONFIG_NET_SECURITY_TLS
- http_server_deregister_cb(https_server, HTTP_METHOD_GET, NULL);
- http_server_deregister_cb(https_server, HTTP_METHOD_GET, root_url);
- http_server_deregister_cb(https_server, HTTP_METHOD_GET, devid_url);
-#endif
http_server_deregister_cb(http_server, HTTP_METHOD_GET, NULL);
http_server_deregister_cb(http_server, HTTP_METHOD_GET, root_url);
http_server_deregister_cb(http_server, HTTP_METHOD_GET, devid_url);
-
http_server_release(&http_server);
#ifdef CONFIG_NET_SECURITY_TLS
+ http_server_stop(https_server);
+
+ http_server_deregister_cb(https_server, HTTP_METHOD_GET, NULL);
+ http_server_deregister_cb(https_server, HTTP_METHOD_GET, root_url);
+ http_server_deregister_cb(https_server, HTTP_METHOD_GET, devid_url);
http_server_release(&https_server);
#endif
/* sleep for requests in processing */
sleep(5);
printf("webserver end\n");
-#ifdef CONFIG_HW_RSA
- see_free();
-#endif
return NULL;
}
#include <sys/socket.h>
-#ifdef CONFIG_HW_RSA_SIGN
-#include <tls/pk.h>
-#include <tls/pk_internal.h>
-#include <tls/see_api.h>
-#include <tls/sss_key.h>
-#endif
-
/****************************************************************************
* Pre-processor Definitions
****************************************************************************/
-/* SSS configure */
-#ifdef CONFIG_HW_RSA_SIGN
-#define WEBSOCKET_S_CA_KEYINDEX 1
-#define WEBSOCKET_S_DEV_KEYINDEX 2
-#define WEBSOCKET_S_CA_CERTINDEX 1
-#define WEBSOCKET_S_DEV_CERTINDEX 2
-#define WEBSOCKET_C_CA_KEYINDEX 3
-#define WEBSOCKET_C_DEV_KEYINDEX 4
-#define WEBSOCKET_C_CA_CERTINDEX 3
-#define WEBSOCKET_C_DEV_CERTINDEX 4
-#endif
-
-/* Stack size of examples */
-#ifdef CONFIG_HW_RSA_SIGN
-#define WEBSOCKET_EXAMPLE_STACKSIZE (1024 * 28)
-#else
#define WEBSOCKET_EXAMPLE_STACKSIZE (1024 * 10)
-#endif
/* TLS configure */
#define MBEDTLS_DEBUG_LEVEL 2
* Public Functions
****************************************************************************/
-#ifdef CONFIG_HW_RSA_SIGN
-int set_key_and_cert_vector(void)
-{
- int ret;
- /* Setup post key */
- /* THIS CODE SHOULD BE REMOVED AFTER USING SSS KEY AND CERT */
- if ((ret = see_setup_key(sss_da_rsa_ca, sizeof(sss_da_rsa_ca), SECURE_STORAGE_TYPE_KEY_RSA, WEBSOCKET_S_CA_KEYINDEX)) != 0) {
- printf("Error: set_key fail %d\n", ret);
- return -1;
- }
- if ((ret = see_setup_key(sss_da_rsa_dev, sizeof(sss_da_rsa_dev), SECURE_STORAGE_TYPE_KEY_RSA, WEBSOCKET_S_DEV_KEYINDEX)) != 0) {
- printf("Error: set_key fail %d\n", ret);
- return -1;
- }
- if ((ret = see_set_certificate(sss_ca_crt, sizeof(sss_ca_crt), WEBSOCKET_S_CA_CERTINDEX, CERT_PEM)) != 0) {
- printf("Error: set_cert fail %d\n", ret);
- return -1;
- }
- if ((ret = see_set_certificate(sss_dev_crt, sizeof(sss_dev_crt), WEBSOCKET_S_DEV_CERTINDEX, CERT_PEM)) != 0) {
- printf("Error: set_cert fail %d\n", ret);
- return -1;
- }
- if ((ret = see_setup_key(sss_da_rsa_ca, sizeof(sss_da_rsa_ca), SECURE_STORAGE_TYPE_KEY_RSA, WEBSOCKET_C_CA_KEYINDEX)) != 0) {
- printf("Error: set_key fail %d\n", ret);
- return -1;
- }
- if ((ret = see_setup_key(sss_da_rsa_dev, sizeof(sss_da_rsa_dev), SECURE_STORAGE_TYPE_KEY_RSA, WEBSOCKET_C_DEV_KEYINDEX)) != 0) {
- printf("Error: set_key fail %d\n", ret);
- return -1;
- }
- if ((ret = see_set_certificate(sss_ca_crt, sizeof(sss_ca_crt), WEBSOCKET_C_CA_CERTINDEX, CERT_PEM)) != 0) {
- printf("Error: set_cert fail %d\n", ret);
- return -1;
- }
- if ((ret = see_set_certificate(sss_dev_crt, sizeof(sss_dev_crt), WEBSOCKET_C_DEV_CERTINDEX, CERT_PEM)) != 0) {
- printf("Error: set_cert fail %d\n", ret);
- return -1;
- }
- return 0;
-}
-#endif
-
static void websocket_tls_debug(void *ctx, int level, const char *file, int line, const char *str)
{
printf("%s:%04d: %s", file, line, str);
websocket_return_t websocket_tls_init(int param, websocket_t *data, mbedtls_ssl_config *conf, mbedtls_x509_crt *cert, mbedtls_pk_context *pkey, mbedtls_entropy_context *entropy, mbedtls_ctr_drbg_context *ctr_drbg, mbedtls_ssl_cache_context *cache)
{
int r;
-#ifdef CONFIG_HW_RSA_SIGN
- unsigned int ca_keyindex = WEBSOCKET_S_CA_KEYINDEX;
- unsigned int dev_keyindex = WEBSOCKET_S_DEV_KEYINDEX;
- unsigned int ca_certindex = WEBSOCKET_S_CA_CERTINDEX;
- unsigned int dev_certindex = WEBSOCKET_S_DEV_CERTINDEX;
-
- if (param) {
- ca_keyindex = WEBSOCKET_C_CA_KEYINDEX;
- dev_keyindex = WEBSOCKET_C_DEV_KEYINDEX;
- ca_certindex = WEBSOCKET_C_CA_CERTINDEX;
- dev_certindex = WEBSOCKET_C_DEV_CERTINDEX;
- }
-#else
const char *crt = mbedtls_test_srv_crt;
const char *key = mbedtls_test_srv_key;
const char *ca_crt = mbedtls_test_cas_pem;
cacrt_len = mbedtls_test_cas_pem_len;
key_len = mbedtls_test_cli_key_len;
}
-#endif
/* initialize tls context for server */
mbedtls_ssl_config_init(conf);
mbedtls_entropy_init(entropy);
mbedtls_ctr_drbg_init(ctr_drbg);
-#ifdef CONFIG_HW_RSA_SIGN
- see_init();
-
- if (set_key_and_cert_vector()) {
- printf("Error: set key and cert fail\n");
- return WEBSOCKET_INIT_ERROR;
- }
-
- /* 1. Load the certificates and private key */
- printf(" . [SSS] Loading the cert. and key...");
-
- unsigned char *cert_buf;
- unsigned int cert_len = 1500;
-
- cert_buf = malloc(cert_len);
- if (cert_buf == NULL) {
- printf("Error: cert_buf malloc fail\n");
- return WEBSOCKET_INIT_ERROR;
- }
-
- if ((r = see_get_certificate(cert_buf, &cert_len, dev_certindex, CERT_PEM)) != 0) {
- free(cert_buf);
- printf("Error: see_get_cert returned %d\n", r);
- return WEBSOCKET_INIT_ERROR;
- }
-
- if ((r = mbedtls_x509_crt_parse(cert, cert_buf, cert_len)) != 0) {
- free(cert_buf);
- printf("Error: cert_parse returned %d\n", r);
- return WEBSOCKET_INIT_ERROR;
- }
-
- ((mbedtls_rsa_context *)(cert->pk.pk_ctx))->key_index = ca_keyindex;
-
- cert_len = 1500;
-
- if ((r = see_get_certificate(cert_buf, &cert_len, ca_certindex, CERT_PEM)) != 0) {
- free(cert_buf);
- printf("Error: see_get_cert returned %d\n", r);
- return WEBSOCKET_INIT_ERROR;
- }
-
- if ((r = mbedtls_x509_crt_parse(cert, cert_buf, cert_len)) != 0) {
- free(cert_buf);
- printf("Error: cert_parse returned %d\n", r);
- return WEBSOCKET_INIT_ERROR;
- }
-
- ((mbedtls_rsa_context *)(cert->next->pk.pk_ctx))->key_index = ca_keyindex;
-
- free(cert_buf);
-
- unsigned char rsa_public[292] = { 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xa2, 0x64, 0x21, 0xcf, 0x1c, 0xdb, 0x49, 0x6c, 0x44, 0x01, 0xf8, 0xd5, 0x8b, 0x8d, 0x20,
- 0xfe, 0x2a, 0x46, 0x4d, 0x29, 0xf4, 0x82, 0x3c, 0xa4, 0x29, 0x7d, 0x6b, 0xdc, 0xc4, 0x04, 0xd6,
- 0x0f, 0xf3, 0x6b, 0xa8, 0xb1, 0xad, 0x2b, 0xa1, 0xa5, 0xad, 0xfb, 0x9a, 0xba, 0x72, 0x6e, 0x4e,
- 0x71, 0x93, 0x54, 0x8d, 0x90, 0x02, 0x34, 0x80, 0x1d, 0x8c, 0x83, 0xc9, 0x84, 0xa3, 0xcf, 0x9f,
- 0x80, 0xe9, 0x4f, 0x5b, 0xf6, 0x29, 0x17, 0xf6, 0x7f, 0x5a, 0x79, 0x47, 0x0c, 0x2c, 0xcf, 0x98,
- 0x88, 0x6a, 0x31, 0x4e, 0x0a, 0x2c, 0x8e, 0x8c, 0xe5, 0xa5, 0x9f, 0xd7, 0x8f, 0xd0, 0xc1, 0x04,
- 0x1a, 0xe9, 0x54, 0xa1, 0x36, 0x4e, 0x92, 0x5e, 0x41, 0x9c, 0x07, 0xc8, 0x48, 0xac, 0x9c, 0x7c,
- 0xcb, 0xa0, 0x8a, 0x51, 0x52, 0x4f, 0x47, 0xa2, 0xc8, 0x48, 0xbc, 0xcd, 0x55, 0x85, 0x24, 0xff,
- 0xfa, 0x58, 0xe6, 0x75, 0x61, 0x14, 0x1a, 0x82, 0x4e, 0x6b, 0x40, 0x63, 0x9e, 0xef, 0xbd, 0x70,
- 0x88, 0x9e, 0xc8, 0x59, 0x89, 0x16, 0x0c, 0x4e, 0x71, 0xec, 0x2d, 0xa4, 0x0b, 0xb3, 0x20, 0xca,
- 0x04, 0x5b, 0x37, 0xf6, 0x5c, 0x80, 0x8d, 0x6a, 0xe4, 0x26, 0x95, 0xe4, 0xd5, 0x35, 0xcd, 0xd3,
- 0x90, 0x67, 0x48, 0xef, 0x14, 0x8e, 0xc6, 0xcc, 0x16, 0xdb, 0x7a, 0x96, 0xd6, 0xbf, 0x01, 0xef,
- 0x5f, 0x8d, 0xee, 0x35, 0xd1, 0x66, 0xa3, 0x26, 0x96, 0x5e, 0x73, 0x3b, 0x1e, 0xf6, 0x72, 0xc9,
- 0x78, 0xc8, 0xdd, 0x81, 0x21, 0x0f, 0x0d, 0xdc, 0x3f, 0x63, 0x7a, 0x92, 0xf1, 0x31, 0x53, 0xe6,
- 0x34, 0xd7, 0x70, 0xb0, 0x1d, 0x2f, 0x97, 0xab, 0x44, 0xf1, 0x70, 0x58, 0x0e, 0xca, 0xab, 0x26,
- 0x23, 0x39, 0x6e, 0xdb, 0xf5, 0x5a, 0x15, 0x4a, 0x09, 0x00, 0x7c, 0xe5, 0x82, 0x78, 0xb8, 0xf0,
- 0xd1, 0x02, 0x01, 0x03
- };
-
- if ((r = mbedtls_pk_parse_public_key(pkey, rsa_public, 292)) != 0) {
- printf("Error: pk_parse_public returned %d\n", r);
- return WEBSOCKET_INIT_ERROR;
- }
-
- if (pkey->pk_info->type == MBEDTLS_PK_RSA) {
- ((mbedtls_rsa_context *)(pkey->pk_ctx))->key_index = dev_keyindex;
- }
-#else
/* 1. Load the certificates and private RSA key */
printf(" . Loading the cert. and key...");
}
printf("Ok\n");
-#endif
/* 2. Seed the RNG */
printf(" . Seeding the random number generator...");
mbedtls_pk_free(pkey);
mbedtls_x509_crt_free(cert);
mbedtls_ssl_config_free(conf);
-
-#ifdef CONFIG_HW_RSA_SIGN
- see_free();
-#endif
}
/****************************************************************************
goto RECV_RETRY;
}
-
return r;
}