From: Junyeon Lee Date: Tue, 21 Mar 2017 14:29:31 +0000 (+0900) Subject: examples: removed all unused code about sss X-Git-Tag: 1.1_Public_Release~614^2~220 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=28e01965bee47604e845aa08ddc0ec2d12da6787;p=rtos%2Ftinyara.git examples: removed all unused code about sss Removed all sss source code in network protocol examples such as websocket, webserver/client, mqtt and tls client. .sss : security sub system (HW security) Change-Id: Ib0049e9161c18f78fd3956b64bf66a9fa189c06a Signed-off-by: Junyeon Lee --- diff --git a/apps/examples/mqtt_test/mqtt_client_pub.c b/apps/examples/mqtt_test/mqtt_client_pub.c index 4e189e1..cf00d61 100644 --- a/apps/examples/mqtt_test/mqtt_client_pub.c +++ b/apps/examples/mqtt_test/mqtt_client_pub.c @@ -36,11 +36,9 @@ #include -#if defined(CONFIG_NETUTILS_MQTT_SECURITY) && defined(CONFIG_HW_RSA) +#if defined(CONFIG_NETUTILS_MQTT_SECURITY) #include "tls/x509_crt.h" #include "tls/pem.h" -#include "tls/sss_key.h" -#include "tls/see_api.h" #endif /**************************************************************************** @@ -504,32 +502,6 @@ int mqtt_client_pub_task(void *arg) g_tls.key = mqtt_get_client_key(); /* the pointer of key buffer */ g_tls.key_len = mqtt_get_client_key_size(); /* the length of key buffer */ -#if defined(CONFIG_HW_RSA) - see_init(); - - mbedtls_pem_context pem; - - mbedtls_pem_init(&pem); - - if ((ret = (mbedtls_pem_read_buffer(&pem, "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----", g_tls.key, NULL, 0, (unsigned int *)&g_tls.key_len))) != 0) { - fprintf(stderr, "Error: parse key fail. (ret: %d)\n", ret); - mbedtls_pem_free(&pem); - goto done; - } - - unsigned int index1 = see_get_keyindex(SECURE_STORAGE_TYPE_KEY_RSA); - - if (see_setup_key(pem.buf, pem.buflen, SECURE_STORAGE_TYPE_KEY_RSA, index1)) { - fprintf(stderr, "Error: set_key fail. (ret: %d)\n", ret); - mbedtls_pem_free(&pem); - goto done; - } - - g_tls.key = (const unsigned char *)index1; - g_tls.key_len = pem.buflen; - - mbedtls_pem_free(&pem); -#endif #endif /* set mqtt config */ memset(&g_mqtt_client_config, 0, sizeof(g_mqtt_client_config)); @@ -608,11 +580,6 @@ done: destroy_config(); sem_destroy(&g_mqtt_pub_sem); -#if defined(CONFIG_NETUTILS_MQTT_SECURITY) && defined(CONFIG_HW_RSA) - see_free_keyindex(SECURE_STORAGE_TYPE_KEY_RSA, (unsigned int)g_tls.key); - see_free(); -#endif - return result; } diff --git a/apps/examples/mqtt_test/mqtt_client_sub.c b/apps/examples/mqtt_test/mqtt_client_sub.c index 80067dd..606c365 100644 --- a/apps/examples/mqtt_test/mqtt_client_sub.c +++ b/apps/examples/mqtt_test/mqtt_client_sub.c @@ -34,11 +34,9 @@ #include -#if defined(CONFIG_NETUTILS_MQTT_SECURITY) && defined(CONFIG_HW_RSA) +#if defined(CONFIG_NETUTILS_MQTT_SECURITY) #include "tls/x509_crt.h" #include "tls/pem.h" -#include "tls/sss_key.h" -#include "tls/see_api.h" #endif /**************************************************************************** @@ -670,32 +668,6 @@ int mqtt_client_sub_task(void *arg) g_tls.key = mqtt_get_client_key(); /* the pointer of key buffer */ g_tls.key_len = mqtt_get_client_key_size(); /* the length of key buffer */ -#if defined(CONFIG_HW_RSA) - see_init(); - - mbedtls_pem_context pem; - - mbedtls_pem_init(&pem); - - if ((ret = (mbedtls_pem_read_buffer(&pem, "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----", g_tls.key, NULL, 0, (unsigned int *)&g_tls.key_len))) != 0) { - fprintf(stderr, "Error: parse key fail. (ret: %d)\n", ret); - mbedtls_pem_free(&pem); - goto done; - } - - unsigned int index1 = see_get_keyindex(SECURE_STORAGE_TYPE_KEY_RSA); - - if (see_setup_key(pem.buf, pem.buflen, SECURE_STORAGE_TYPE_KEY_RSA, index1)) { - fprintf(stderr, "Error: set_key fail. (ret: %d)\n", ret); - mbedtls_pem_free(&pem); - goto done; - } - - g_tls.key = (const unsigned char *)index1; - g_tls.key_len = pem.buflen; - - mbedtls_pem_free(&pem); -#endif #endif /* set mqtt config */ @@ -755,11 +727,6 @@ int mqtt_client_sub_task(void *arg) done: deinit_variables(); -#if defined(CONFIG_NETUTILS_MQTT_SECURITY) && defined(CONFIG_HW_RSA) - see_free_keyindex(SECURE_STORAGE_TYPE_KEY_RSA, (unsigned int)g_tls.key); - see_free(); -#endif - return result; } diff --git a/apps/examples/tls_client/tls_client_main.c b/apps/examples/tls_client/tls_client_main.c index b0954aa..9b7fe2b 100644 --- a/apps/examples/tls_client/tls_client_main.c +++ b/apps/examples/tls_client/tls_client_main.c @@ -343,23 +343,6 @@ struct options { int etm; /* negotiate encrypt then mac? */ } opt; -#if defined(MBEDTLS_HAS_SECURE_STORAGE) -int see_generate_random_wrap_client(void *ctx, unsigned char *buf, size_t len) -{ - uint32_t ret; - see_data_t ran; - ran.length = len; - - if ((ret = see_generate_random(&ran)) != 0) { - return -1; - } - - memcpy(buf, ran.data, len); - free(ran.data); - return 0; -} -#endif - static void my_debug(void *ctx, int level, const char *file, int line, const char *str) @@ -467,13 +450,6 @@ int tls_client_cb(void *args) #endif const char *pers = "ssl_client2"; -#if defined(MBEDTLS_HAS_SECURE_STORAGE) - uint8_t type = 20; - unsigned char cer_buf[1500]; - size_t cer_buflen; - see_data_t cert; -#endif - mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; @@ -935,37 +911,14 @@ usage: mbedtls_printf("ok\n"); -#if defined(MBEDTLS_HAS_SECURE_STORAGE) - /* - * 0.1. Initialize Secure Element (T9MF) - */ - mbedtls_printf("\n . Init Secure Element..."); - - if ((ret = see_init()) != 0) { - printf(" failed\n ! Init Secure Element Fail %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); -#endif - /* * 1. Load the trusted CA */ mbedtls_printf(" . Loading the CA root certificate ..."); fflush(stdout); -#if defined(MBEDTLS_HAS_SECURE_STORAGE) - if ((ret = mbedtls_x509_crt_parse(&cacert, - (const unsigned char *)samsung_ca_cert, - samsung_ca_cert_len)) < 0) -#else - if ((ret = mbedtls_x509_crt_parse(&cacert, - (const unsigned char *)mbedtls_test_ca_crt_rsa, - mbedtls_test_ca_crt_rsa_len)) < 0) -#endif + if ((ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)mbedtls_test_ca_crt_rsa, mbedtls_test_ca_crt_rsa_len)) < 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - -ret); + mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret); goto exit; } @@ -974,54 +927,16 @@ usage: /* * 1.2. Load own certificate */ -#if defined(MBEDTLS_HAS_SECURE_STORAGE) - mbedtls_printf(" . Loading the SE cert..."); - fflush(stdout); - - /* Get cert from Secure element */ - if ((ret = see_get_certificate(0, &cert, &type)) != 0) { - return NULL; - } - - memcpy(cer_buf, cert.data, cert.length); - - cer_buflen = cert.length + 1; - cer_buf[cer_buflen - 1] = '\0'; - - if ((ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *)cer_buf, - cer_buflen)) != 0) -#else mbedtls_printf(" . Loading the own cert..."); fflush(stdout); - if ((ret = mbedtls_x509_crt_parse(&clicert, - (const unsigned char *)mbedtls_test_cli_crt_rsa, - mbedtls_test_cli_crt_rsa_len)) != 0) -#endif + if ((ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *)mbedtls_test_cli_crt_rsa, mbedtls_test_cli_crt_rsa_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", - -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - -#if !defined(MBEDTLS_HAS_SECURE_ELEMENT) - /* - * 1.3. Load private key - */ - mbedtls_printf(" . Loading the Private Key..."); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_key(&pkey, - (const unsigned char *)mbedtls_test_cli_key_rsa, - mbedtls_test_cli_key_rsa_len, NULL, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); + mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret); goto exit; } mbedtls_printf(" ok\n"); -#endif /* * 2. Start the connection @@ -1060,12 +975,6 @@ usage: mbedtls_printf(" . Setting up the SSL/TLS structure..."); fflush(stdout); -#if defined(MBEDTLS_HAS_SECURE_ELEMENT) - /* Setup SE callback routine */ - ret = mbedtls_pk_setup_ecdsa_alt(&pkey, NULL, see_ecdsa_decrypt_func, - see_ecdsa_sign_func, see_ecdsa_key_len_func); -#endif - if ((ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, opt.transport, @@ -1139,11 +1048,7 @@ usage: } #endif -#if defined(MBEDTLS_HAS_SECURE_STORAGE) - mbedtls_ssl_conf_rng(&conf, see_generate_random_wrap_client, &ctr_drbg); -#else mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); -#endif mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); diff --git a/apps/examples/webclient/webclient_main.c b/apps/examples/webclient/webclient_main.c index be42f0b..c764daf 100644 --- a/apps/examples/webclient/webclient_main.c +++ b/apps/examples/webclient/webclient_main.c @@ -77,11 +77,7 @@ * Preprocessor Definitions ****************************************************************************/ -#ifdef CONFIG_TLS_WITH_SSS -#define WEBCLIENT_STACK_SIZE (1024 * 12) -#else #define WEBCLIENT_STACK_SIZE (1024 * 8) -#endif #define WEBCLIENT_SCHED_PRI 100 #define WEBCLIENT_SCHED_POLICY SCHED_RR @@ -96,16 +92,6 @@ struct webclient_input { char **argv; }; -#ifdef CONFIG_HW_RSA -#include "tls/sss_key.h" -#include "tls/see_api.h" - -#define WEBCLIENT_CA_KEY_INDEX 3 -#define WEBCLIENT_DEV_KEY_INDEX 4 -#define WEBCLIENT_CA_CERT_INDEX 3 -#define WEBCLIENT_DEV_CERT_INDEX 4 - -#else const char c_ca_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" @@ -179,7 +165,6 @@ const char c_cli_key_rsa[] = "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" "-----END RSA PRIVATE KEY-----\r\n"; -#endif /* CONFIG_HW_RSA */ static const char headerfield_connect[] = "Connect"; static const char headerfield_close[] = "close"; @@ -290,46 +275,12 @@ pthread_addr_t webclient_cb(void *arg) #ifdef CONFIG_NET_SECURITY_TLS /* send HTTPS request */ if (!strncmp(request.url, "https", 5)) { -#ifdef CONFIG_HW_RSA - int ret; - see_init(); - - /* Setup post key */ - if ((ret = see_setup_key(sss_da_rsa_ca, sizeof(sss_da_rsa_ca), - SECURE_STORAGE_TYPE_KEY_RSA, WEBCLIENT_CA_KEY_INDEX)) != 0) { - printf(" failed\n ! see_setup_key ca 0x%x\n\n", ret); - goto release_out_tls; - } - if ((ret = see_setup_key(sss_da_rsa_dev, sizeof(sss_da_rsa_dev), - SECURE_STORAGE_TYPE_KEY_RSA, WEBCLIENT_DEV_KEY_INDEX)) != 0) { - printf(" failed\n ! see_setup_key dev 0x%x\n\n", ret); - goto release_out_tls; - } - - if ((ret = see_set_certificate(sss_ca_crt, sizeof(sss_ca_crt), - WEBCLIENT_CA_CERT_INDEX, CERT_PEM)) != 0) { - printf("Error: set_cert fail %d\n", ret); - goto release_out_tls; - } - - if ((ret = see_set_certificate(sss_dev_crt, sizeof(sss_dev_crt), - WEBCLIENT_DEV_CERT_INDEX, CERT_PEM)) != 0) { - printf("Error: set_cert fail %d\n", ret); - goto release_out_tls; - } - - ssl_config.ca_key_index = WEBCLIENT_CA_KEY_INDEX; - ssl_config.dev_key_index = WEBCLIENT_DEV_KEY_INDEX; - ssl_config.ca_cert_index = WEBCLIENT_CA_CERT_INDEX; - ssl_config.dev_cert_index = WEBCLIENT_DEV_CERT_INDEX; -#else ssl_config.root_ca = (char *)c_ca_crt_rsa; ssl_config.root_ca_len = sizeof(c_ca_crt_rsa); ssl_config.dev_cert = (char *)c_cli_crt_rsa; ssl_config.dev_cert_len = sizeof(c_cli_crt_rsa); ssl_config.private_key = (char *)c_cli_key_rsa; ssl_config.private_key_len = sizeof(c_cli_key_rsa); -#endif /* CONFIG_HW_RSA */ /* before sending request by sync function, * must initialize response structure */ @@ -339,7 +290,7 @@ pthread_addr_t webclient_cb(void *arg) if (http_client_send_request(&request, &ssl_config, &response)) { printf("fail to send request\n"); http_client_response_release(&response); - goto release_out_tls; + goto release_out; } else { printf("----------sync response----------\n"); printf("status %d %s\n", response.status, response.phrase); @@ -354,8 +305,7 @@ pthread_addr_t webclient_cb(void *arg) if (http_client_send_request_async(&request, &ssl_config, (wget_callback_t)callback)) { printf("fail to send request\n"); - goto release_out_tls; - return NULL; + goto release_out; } } else #endif @@ -389,12 +339,7 @@ pthread_addr_t webclient_cb(void *arg) if (request.async_flag < 0) { printf("fail to send request\n"); } -#ifdef CONFIG_NET_SECURITY_TLS -release_out_tls: -#ifdef CONFIG_HW_RSA - see_free(); -#endif -#endif + release_out: /* before finish of app, * must release keyvalue list for request headers diff --git a/apps/examples/webserver/webserver_main.c b/apps/examples/webserver/webserver_main.c index 808ecd3..202e4a4 100644 --- a/apps/examples/webserver/webserver_main.c +++ b/apps/examples/webserver/webserver_main.c @@ -75,16 +75,6 @@ struct webserver_input { char **argv; }; -#ifdef CONFIG_HW_RSA -#include "tls/sss_key.h" -#include "tls/see_api.h" - -#define WEBSERVER_CA_KEY_INDEX 1 -#define WEBSERVER_DEV_KEY_INDEX 2 -#define WEBSERVER_CA_CERT_INDEX 1 -#define WEBSERVER_DEV_CERT_INDEX 2 - -#else const char ca_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" @@ -158,7 +148,6 @@ const char srv_key_rsa[] = "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" "-----END RSA PRIVATE KEY-----\r\n"; -#endif /* CONFIG_HW_RSA */ static const char g_httpcontype[] = "Content-type"; static const char g_httpconhtml[] = "text/html"; @@ -375,42 +364,6 @@ start: printf("Error: Cannot allocate server structure!!\n"); return NULL; } -#if defined(CONFIG_HW_RSA) - int ret; - - see_init(); - - /* Setup post key */ - /* THIS CODE SHOULD BE REMOVED AFTER USING SSS KEY AND CERT */ - if ((ret = see_setup_key(sss_da_rsa_ca, sizeof(sss_da_rsa_ca), - SECURE_STORAGE_TYPE_KEY_RSA, WEBSERVER_CA_KEY_INDEX)) != 0) { - printf(" failed\n ! see_setup_key ca 0x%x\n\n", ret); - return NULL; - } - if ((ret = see_setup_key(sss_da_rsa_dev, sizeof(sss_da_rsa_dev), - SECURE_STORAGE_TYPE_KEY_RSA, WEBSERVER_DEV_KEY_INDEX)) != 0) { - printf(" failed\n ! see_setup_key dev 0x%x\n\n", ret); - return NULL; - } - - if ((ret = see_set_certificate(sss_ca_crt, sizeof(sss_ca_crt), - WEBSERVER_CA_CERT_INDEX, CERT_PEM)) != 0) { - printf("Error: set_cert fail %d\n", ret); - return NULL; - } - - if ((ret = see_set_certificate(sss_dev_crt, sizeof(sss_dev_crt), - WEBSERVER_DEV_CERT_INDEX, CERT_PEM)) != 0) { - printf("Error: set_cert fail %d\n", ret); - return NULL; - } - - ssl_config.ca_key_index = WEBSERVER_CA_KEY_INDEX; - ssl_config.dev_key_index = WEBSERVER_DEV_KEY_INDEX; - ssl_config.ca_cert_index = WEBSERVER_CA_CERT_INDEX; - ssl_config.dev_cert_index = WEBSERVER_DEV_CERT_INDEX; - ssl_config.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; -#else ssl_config.root_ca = (char *)ca_crt_rsa; ssl_config.root_ca_len = sizeof(ca_crt_rsa); ssl_config.dev_cert = (char *)srv_crt_rsa; @@ -418,7 +371,6 @@ start: ssl_config.private_key = (char *)srv_key_rsa; ssl_config.private_key_len = sizeof(srv_key_rsa); ssl_config.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; -#endif /* CONFIG_HW_RSA */ if (http_tls_init(https_server, &ssl_config) != 0) { printf("ssl config Error\n"); @@ -470,31 +422,23 @@ start: stop: printf("Exit Web server...\n"); http_server_stop(http_server); -#ifdef CONFIG_NET_SECURITY_TLS - http_server_stop(https_server); -#endif - -#ifdef CONFIG_NET_SECURITY_TLS - http_server_deregister_cb(https_server, HTTP_METHOD_GET, NULL); - http_server_deregister_cb(https_server, HTTP_METHOD_GET, root_url); - http_server_deregister_cb(https_server, HTTP_METHOD_GET, devid_url); -#endif http_server_deregister_cb(http_server, HTTP_METHOD_GET, NULL); http_server_deregister_cb(http_server, HTTP_METHOD_GET, root_url); http_server_deregister_cb(http_server, HTTP_METHOD_GET, devid_url); - http_server_release(&http_server); #ifdef CONFIG_NET_SECURITY_TLS + http_server_stop(https_server); + + http_server_deregister_cb(https_server, HTTP_METHOD_GET, NULL); + http_server_deregister_cb(https_server, HTTP_METHOD_GET, root_url); + http_server_deregister_cb(https_server, HTTP_METHOD_GET, devid_url); http_server_release(&https_server); #endif /* sleep for requests in processing */ sleep(5); printf("webserver end\n"); -#ifdef CONFIG_HW_RSA - see_free(); -#endif return NULL; } diff --git a/apps/examples/websocket/websocket_main.c b/apps/examples/websocket/websocket_main.c index 3acb42e..1fc68ef 100644 --- a/apps/examples/websocket/websocket_main.c +++ b/apps/examples/websocket/websocket_main.c @@ -132,35 +132,11 @@ #include -#ifdef CONFIG_HW_RSA_SIGN -#include -#include -#include -#include -#endif - /**************************************************************************** * Pre-processor Definitions ****************************************************************************/ -/* SSS configure */ -#ifdef CONFIG_HW_RSA_SIGN -#define WEBSOCKET_S_CA_KEYINDEX 1 -#define WEBSOCKET_S_DEV_KEYINDEX 2 -#define WEBSOCKET_S_CA_CERTINDEX 1 -#define WEBSOCKET_S_DEV_CERTINDEX 2 -#define WEBSOCKET_C_CA_KEYINDEX 3 -#define WEBSOCKET_C_DEV_KEYINDEX 4 -#define WEBSOCKET_C_CA_CERTINDEX 3 -#define WEBSOCKET_C_DEV_CERTINDEX 4 -#endif - -/* Stack size of examples */ -#ifdef CONFIG_HW_RSA_SIGN -#define WEBSOCKET_EXAMPLE_STACKSIZE (1024 * 28) -#else #define WEBSOCKET_EXAMPLE_STACKSIZE (1024 * 10) -#endif /* TLS configure */ #define MBEDTLS_DEBUG_LEVEL 2 @@ -175,48 +151,6 @@ int received_cnt; * Public Functions ****************************************************************************/ -#ifdef CONFIG_HW_RSA_SIGN -int set_key_and_cert_vector(void) -{ - int ret; - /* Setup post key */ - /* THIS CODE SHOULD BE REMOVED AFTER USING SSS KEY AND CERT */ - if ((ret = see_setup_key(sss_da_rsa_ca, sizeof(sss_da_rsa_ca), SECURE_STORAGE_TYPE_KEY_RSA, WEBSOCKET_S_CA_KEYINDEX)) != 0) { - printf("Error: set_key fail %d\n", ret); - return -1; - } - if ((ret = see_setup_key(sss_da_rsa_dev, sizeof(sss_da_rsa_dev), SECURE_STORAGE_TYPE_KEY_RSA, WEBSOCKET_S_DEV_KEYINDEX)) != 0) { - printf("Error: set_key fail %d\n", ret); - return -1; - } - if ((ret = see_set_certificate(sss_ca_crt, sizeof(sss_ca_crt), WEBSOCKET_S_CA_CERTINDEX, CERT_PEM)) != 0) { - printf("Error: set_cert fail %d\n", ret); - return -1; - } - if ((ret = see_set_certificate(sss_dev_crt, sizeof(sss_dev_crt), WEBSOCKET_S_DEV_CERTINDEX, CERT_PEM)) != 0) { - printf("Error: set_cert fail %d\n", ret); - return -1; - } - if ((ret = see_setup_key(sss_da_rsa_ca, sizeof(sss_da_rsa_ca), SECURE_STORAGE_TYPE_KEY_RSA, WEBSOCKET_C_CA_KEYINDEX)) != 0) { - printf("Error: set_key fail %d\n", ret); - return -1; - } - if ((ret = see_setup_key(sss_da_rsa_dev, sizeof(sss_da_rsa_dev), SECURE_STORAGE_TYPE_KEY_RSA, WEBSOCKET_C_DEV_KEYINDEX)) != 0) { - printf("Error: set_key fail %d\n", ret); - return -1; - } - if ((ret = see_set_certificate(sss_ca_crt, sizeof(sss_ca_crt), WEBSOCKET_C_CA_CERTINDEX, CERT_PEM)) != 0) { - printf("Error: set_cert fail %d\n", ret); - return -1; - } - if ((ret = see_set_certificate(sss_dev_crt, sizeof(sss_dev_crt), WEBSOCKET_C_DEV_CERTINDEX, CERT_PEM)) != 0) { - printf("Error: set_cert fail %d\n", ret); - return -1; - } - return 0; -} -#endif - static void websocket_tls_debug(void *ctx, int level, const char *file, int line, const char *str) { printf("%s:%04d: %s", file, line, str); @@ -225,19 +159,6 @@ static void websocket_tls_debug(void *ctx, int level, const char *file, int line websocket_return_t websocket_tls_init(int param, websocket_t *data, mbedtls_ssl_config *conf, mbedtls_x509_crt *cert, mbedtls_pk_context *pkey, mbedtls_entropy_context *entropy, mbedtls_ctr_drbg_context *ctr_drbg, mbedtls_ssl_cache_context *cache) { int r; -#ifdef CONFIG_HW_RSA_SIGN - unsigned int ca_keyindex = WEBSOCKET_S_CA_KEYINDEX; - unsigned int dev_keyindex = WEBSOCKET_S_DEV_KEYINDEX; - unsigned int ca_certindex = WEBSOCKET_S_CA_CERTINDEX; - unsigned int dev_certindex = WEBSOCKET_S_DEV_CERTINDEX; - - if (param) { - ca_keyindex = WEBSOCKET_C_CA_KEYINDEX; - dev_keyindex = WEBSOCKET_C_DEV_KEYINDEX; - ca_certindex = WEBSOCKET_C_CA_CERTINDEX; - dev_certindex = WEBSOCKET_C_DEV_CERTINDEX; - } -#else const char *crt = mbedtls_test_srv_crt; const char *key = mbedtls_test_srv_key; const char *ca_crt = mbedtls_test_cas_pem; @@ -253,7 +174,6 @@ websocket_return_t websocket_tls_init(int param, websocket_t *data, mbedtls_ssl_ cacrt_len = mbedtls_test_cas_pem_len; key_len = mbedtls_test_cli_key_len; } -#endif /* initialize tls context for server */ mbedtls_ssl_config_init(conf); @@ -262,88 +182,6 @@ websocket_return_t websocket_tls_init(int param, websocket_t *data, mbedtls_ssl_ mbedtls_entropy_init(entropy); mbedtls_ctr_drbg_init(ctr_drbg); -#ifdef CONFIG_HW_RSA_SIGN - see_init(); - - if (set_key_and_cert_vector()) { - printf("Error: set key and cert fail\n"); - return WEBSOCKET_INIT_ERROR; - } - - /* 1. Load the certificates and private key */ - printf(" . [SSS] Loading the cert. and key..."); - - unsigned char *cert_buf; - unsigned int cert_len = 1500; - - cert_buf = malloc(cert_len); - if (cert_buf == NULL) { - printf("Error: cert_buf malloc fail\n"); - return WEBSOCKET_INIT_ERROR; - } - - if ((r = see_get_certificate(cert_buf, &cert_len, dev_certindex, CERT_PEM)) != 0) { - free(cert_buf); - printf("Error: see_get_cert returned %d\n", r); - return WEBSOCKET_INIT_ERROR; - } - - if ((r = mbedtls_x509_crt_parse(cert, cert_buf, cert_len)) != 0) { - free(cert_buf); - printf("Error: cert_parse returned %d\n", r); - return WEBSOCKET_INIT_ERROR; - } - - ((mbedtls_rsa_context *)(cert->pk.pk_ctx))->key_index = ca_keyindex; - - cert_len = 1500; - - if ((r = see_get_certificate(cert_buf, &cert_len, ca_certindex, CERT_PEM)) != 0) { - free(cert_buf); - printf("Error: see_get_cert returned %d\n", r); - return WEBSOCKET_INIT_ERROR; - } - - if ((r = mbedtls_x509_crt_parse(cert, cert_buf, cert_len)) != 0) { - free(cert_buf); - printf("Error: cert_parse returned %d\n", r); - return WEBSOCKET_INIT_ERROR; - } - - ((mbedtls_rsa_context *)(cert->next->pk.pk_ctx))->key_index = ca_keyindex; - - free(cert_buf); - - unsigned char rsa_public[292] = { 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xa2, 0x64, 0x21, 0xcf, 0x1c, 0xdb, 0x49, 0x6c, 0x44, 0x01, 0xf8, 0xd5, 0x8b, 0x8d, 0x20, - 0xfe, 0x2a, 0x46, 0x4d, 0x29, 0xf4, 0x82, 0x3c, 0xa4, 0x29, 0x7d, 0x6b, 0xdc, 0xc4, 0x04, 0xd6, - 0x0f, 0xf3, 0x6b, 0xa8, 0xb1, 0xad, 0x2b, 0xa1, 0xa5, 0xad, 0xfb, 0x9a, 0xba, 0x72, 0x6e, 0x4e, - 0x71, 0x93, 0x54, 0x8d, 0x90, 0x02, 0x34, 0x80, 0x1d, 0x8c, 0x83, 0xc9, 0x84, 0xa3, 0xcf, 0x9f, - 0x80, 0xe9, 0x4f, 0x5b, 0xf6, 0x29, 0x17, 0xf6, 0x7f, 0x5a, 0x79, 0x47, 0x0c, 0x2c, 0xcf, 0x98, - 0x88, 0x6a, 0x31, 0x4e, 0x0a, 0x2c, 0x8e, 0x8c, 0xe5, 0xa5, 0x9f, 0xd7, 0x8f, 0xd0, 0xc1, 0x04, - 0x1a, 0xe9, 0x54, 0xa1, 0x36, 0x4e, 0x92, 0x5e, 0x41, 0x9c, 0x07, 0xc8, 0x48, 0xac, 0x9c, 0x7c, - 0xcb, 0xa0, 0x8a, 0x51, 0x52, 0x4f, 0x47, 0xa2, 0xc8, 0x48, 0xbc, 0xcd, 0x55, 0x85, 0x24, 0xff, - 0xfa, 0x58, 0xe6, 0x75, 0x61, 0x14, 0x1a, 0x82, 0x4e, 0x6b, 0x40, 0x63, 0x9e, 0xef, 0xbd, 0x70, - 0x88, 0x9e, 0xc8, 0x59, 0x89, 0x16, 0x0c, 0x4e, 0x71, 0xec, 0x2d, 0xa4, 0x0b, 0xb3, 0x20, 0xca, - 0x04, 0x5b, 0x37, 0xf6, 0x5c, 0x80, 0x8d, 0x6a, 0xe4, 0x26, 0x95, 0xe4, 0xd5, 0x35, 0xcd, 0xd3, - 0x90, 0x67, 0x48, 0xef, 0x14, 0x8e, 0xc6, 0xcc, 0x16, 0xdb, 0x7a, 0x96, 0xd6, 0xbf, 0x01, 0xef, - 0x5f, 0x8d, 0xee, 0x35, 0xd1, 0x66, 0xa3, 0x26, 0x96, 0x5e, 0x73, 0x3b, 0x1e, 0xf6, 0x72, 0xc9, - 0x78, 0xc8, 0xdd, 0x81, 0x21, 0x0f, 0x0d, 0xdc, 0x3f, 0x63, 0x7a, 0x92, 0xf1, 0x31, 0x53, 0xe6, - 0x34, 0xd7, 0x70, 0xb0, 0x1d, 0x2f, 0x97, 0xab, 0x44, 0xf1, 0x70, 0x58, 0x0e, 0xca, 0xab, 0x26, - 0x23, 0x39, 0x6e, 0xdb, 0xf5, 0x5a, 0x15, 0x4a, 0x09, 0x00, 0x7c, 0xe5, 0x82, 0x78, 0xb8, 0xf0, - 0xd1, 0x02, 0x01, 0x03 - }; - - if ((r = mbedtls_pk_parse_public_key(pkey, rsa_public, 292)) != 0) { - printf("Error: pk_parse_public returned %d\n", r); - return WEBSOCKET_INIT_ERROR; - } - - if (pkey->pk_info->type == MBEDTLS_PK_RSA) { - ((mbedtls_rsa_context *)(pkey->pk_ctx))->key_index = dev_keyindex; - } -#else /* 1. Load the certificates and private RSA key */ printf(" . Loading the cert. and key..."); @@ -364,7 +202,6 @@ websocket_return_t websocket_tls_init(int param, websocket_t *data, mbedtls_ssl_ } printf("Ok\n"); -#endif /* 2. Seed the RNG */ printf(" . Seeding the random number generator..."); @@ -412,10 +249,6 @@ void websocket_tls_release(int param, mbedtls_ssl_config *conf, mbedtls_x509_crt mbedtls_pk_free(pkey); mbedtls_x509_crt_free(cert); mbedtls_ssl_config_free(conf); - -#ifdef CONFIG_HW_RSA_SIGN - see_free(); -#endif } /**************************************************************************** @@ -452,7 +285,6 @@ RECV_RETRY: goto RECV_RETRY; } - return r; }