resource/csdk/security/provisioning/ck_manager/src/ck_manager.c

   1 /******************************************************************
   2  *
   3  * Copyright 2015 Samsung Electronics All Rights Reserved.
   4  *
   5  *
   6  *
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  *
  19
  20  ******************************************************************/
  21
  22 #include "ck_manager.h"
  23 #include "crlresource.h"
  24 #include "oic_malloc.h"
  25
  26 #ifdef __unix__
  27 #include <sys/stat.h>
  28 #include <fcntl.h>
  29 #include <unistd.h>
  30 #endif // __unix__
  31
  32 /* The first octet of the OCTET STRING indicates whether the key is
  33 compressed or uncompressed.  The uncompressed form is indicated by 0x04
  34 and the compressed form is indicated by either 0x02 or 0x03 (RFC 5480)*/
  35 #define ASN1_UNCOMPRESSED_KEY_ID   (0x04)
  36
  37 PKIError GenerateCAKeyPair (ByteArray *caPrivateKey, ByteArray *caPublicKey)
  38 {
  39     FUNCTION_INIT();
  40
  41     CHECK_NULL(caPrivateKey, ISSUER_NULL_PASSED);
  42     CHECK_NULL(caPrivateKey->data, ISSUER_NULL_PASSED);
  43     CHECK_NULL(caPublicKey, ISSUER_NULL_PASSED);
  44     CHECK_NULL(caPublicKey->data, ISSUER_NULL_PASSED);
  45
  46     CHECK_COND(uECC_make_key(caPublicKey->data, caPrivateKey->data), ISSUER_MAKE_KEY_ERROR);
  47     caPublicKey->len = PUBLIC_KEY_SIZE;
  48     caPrivateKey->len = PRIVATE_KEY_SIZE;
  49
  50     CHECK_CALL(InitCKMInfo);
  51     CHECK_CALL(SetCAPrivateKey, caPrivateKey);
  52     CHECK_CALL(SetCAPublicKey, caPublicKey);
  53     CHECK_CALL(SaveCKMInfo);
  54     FUNCTION_CLEAR();
  55 }
  56
  57 PKIError CKMIssueRootCertificate (const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
  58                                   ByteArray *issuedRootCertificate)
  59 {
  60     FUNCTION_INIT();
  61
  62     UTF8String_t *rootName          = NULL;
  63     UTCTime_t *notBefore            = NULL;
  64     UTCTime_t *notAfter             = NULL;
  65     BIT_STRING_t *subjectPublicKey  = NULL;
  66     BIT_STRING_t *issuerPrivateKey  = NULL;
  67
  68     ByteArray pubKeyIss =  BYTE_ARRAY_INITIALIZER;
  69     ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
  70     ByteArray caName = BYTE_ARRAY_INITIALIZER;
  71
  72     uint8_t caPublicKey[PUBLIC_KEY_SIZE];
  73     uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
  74     uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
  75
  76     CHECK_NULL(issuedRootCertificate, ISSUER_NULL_PASSED);
  77     CHECK_NULL(issuedRootCertificate->data, ISSUER_NULL_PASSED);
  78     CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedRootCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
  79
  80     pubKeyIss.data = caPublicKey;
  81     pubKeyIss.len = PUBLIC_KEY_SIZE;
  82     privKeyIss.data = caPrivateKey;
  83     privKeyIss.len = PRIVATE_KEY_SIZE;
  84     caName.data = uint8caName;
  85     caName.len = ISSUER_MAX_NAME_SIZE;
  86
  87     rootName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
  88     CHECK_NULL(rootName, ISSUER_MEMORY_ALLOC_FAILED);
  89
  90     notBefore  = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
  91     CHECK_NULL(notBefore, ISSUER_MEMORY_ALLOC_FAILED);
  92
  93     notAfter = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
  94     CHECK_NULL(notAfter, ISSUER_MEMORY_ALLOC_FAILED);
  95
  96     subjectPublicKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
  97     CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
  98
  99     issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 100     CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 101
 102     //RootName
 103     CHECK_CALL(InitCKMInfo);
 104     CHECK_CALL(GetCAName, &caName);
 105     rootName->buf  = caName.data;
 106     rootName->size = caName.len;
 107
 108     //notBefore
 109     if (uint8NotBefore)
 110     {
 111         notBefore->buf = (uint8_t *)uint8NotBefore;
 112     }
 113     else
 114     {
 115         notBefore->buf    = (uint8_t *)ISSUER_DEFAULT_NOT_BEFORE;
 116     }
 117     notBefore->size   = strlen((const char *)notBefore->buf);
 118
 119     //notAfter
 120     if (uint8NotAfter)
 121     {
 122         notAfter->buf = (uint8_t *)uint8NotAfter;
 123     }
 124     else
 125     {
 126         notAfter->buf     = (uint8_t *)ISSUER_DEFAULT_NOT_AFTER;
 127     }
 128     notAfter->size    = strlen((const char *)notAfter->buf);
 129
 130     //common keys
 131     issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 132     issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
 133     CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 134     *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 135
 136     subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 137     subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
 138     CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 139     *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 140     //common keys
 141
 142     //read CA key pair from the CA storage
 143     CHECK_CALL(InitCKMInfo);
 144     CHECK_CALL(GetCAPrivateKey, &privKeyIss);
 145
 146     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 147     memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
 148     CHECK_CALL(GetCAPublicKey, &pubKeyIss);
 149
 150     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 151     memcpy((subjectPublicKey->buf) + 1, pubKeyIss.data, PUBLIC_KEY_SIZE);
 152
 153     CHECK_CALL(GenerateCertificate, rootName, rootName, notBefore, notAfter,
 154                              subjectPublicKey, issuerPrivateKey, issuedRootCertificate);
 155
 156     CHECK_CALL(InitCKMInfo);
 157     CHECK_CALL(SetCACertificate, issuedRootCertificate);
 158     CHECK_CALL(SaveCKMInfo);
 159
 160     FUNCTION_CLEAR(
 161         OICFree(rootName);
 162         OICFree(notBefore);
 163         OICFree(notAfter);
 164         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, subjectPublicKey);
 165         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
 166     );
 167 }
 168
 169 PKIError GenerateKeyPair (ByteArray *privateKey, ByteArray *publicKey)
 170 {
 171     FUNCTION_INIT();
 172     CHECK_NULL(privateKey, ISSUER_NULL_PASSED);
 173     CHECK_NULL(privateKey->data, ISSUER_NULL_PASSED);
 174     CHECK_NULL(publicKey, ISSUER_NULL_PASSED);
 175     CHECK_NULL(publicKey->data, ISSUER_NULL_PASSED);
 176     CHECK_COND(uECC_make_key(publicKey->data, privateKey->data), ISSUER_MAKE_KEY_ERROR);
 177     publicKey->len = PUBLIC_KEY_SIZE;
 178     privateKey->len = PRIVATE_KEY_SIZE;
 179     FUNCTION_CLEAR();
 180 }
 181
 182 PKIError CKMIssueDeviceCertificate (const uint8_t *uint8SubjectName,
 183                                     const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
 184                                     const uint8_t *uint8SubjectPublicKey,
 185                                     ByteArray *issuedCertificate)
 186 {
 187     FUNCTION_INIT();
 188
 189     UTF8String_t *subjectName       = NULL;
 190     UTF8String_t *issuerName        = NULL;
 191     UTCTime_t *notBefore            = NULL;
 192     UTCTime_t *notAfter             = NULL;
 193     BIT_STRING_t *subjectPublicKey  = NULL;
 194     BIT_STRING_t *issuerPrivateKey  = NULL;
 195
 196     ByteArray privKeyIss  = BYTE_ARRAY_INITIALIZER;
 197     ByteArray pubKeySubj  = BYTE_ARRAY_INITIALIZER;
 198     ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER;
 199     ByteArray caName      = BYTE_ARRAY_INITIALIZER;
 200
 201     uint8_t subjPubKey[PUBLIC_KEY_SIZE];
 202     uint8_t subjPrivKey[PRIVATE_KEY_SIZE];
 203     uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
 204     uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
 205
 206     CHECK_NULL(issuedCertificate, ISSUER_NULL_PASSED);
 207     CHECK_NULL(issuedCertificate->data, ISSUER_NULL_PASSED);
 208     CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 209
 210     privKeyIss.data = caPrivateKey;
 211     privKeyIss.len = PRIVATE_KEY_SIZE;
 212     pubKeySubj.data = subjPubKey;
 213     pubKeySubj.len = PUBLIC_KEY_SIZE;
 214     privKeySubj.data = subjPrivKey;
 215     privKeySubj.len = PRIVATE_KEY_SIZE;
 216     caName.data = uint8caName;
 217     caName.len = ISSUER_MAX_NAME_SIZE;
 218
 219     subjectName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
 220     CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
 221
 222     issuerName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
 223     CHECK_NULL(issuerName, ISSUER_MEMORY_ALLOC_FAILED);
 224
 225     notBefore = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
 226     CHECK_NULL(notBefore, ISSUER_MEMORY_ALLOC_FAILED);
 227
 228     notAfter = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
 229     CHECK_NULL(notAfter, ISSUER_MEMORY_ALLOC_FAILED);
 230
 231     subjectPublicKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 232     CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
 233
 234     issuerPrivateKey = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 235     CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 236
 237     //SubjectName
 238     if (uint8SubjectName)
 239     {
 240         subjectName->buf = (uint8_t *)uint8SubjectName;
 241     }
 242     else
 243     {
 244         subjectName->buf  = (uint8_t *)ISSUER_DEFAULT_SUBJECT_NAME;
 245     }
 246     subjectName->size = strlen((const char *)subjectName->buf);
 247
 248     //IssuerName
 249     CHECK_CALL(InitCKMInfo);
 250     CHECK_CALL(GetCAName, &caName);
 251     issuerName->buf  = caName.data;
 252     issuerName->size = caName.len;
 253
 254     //notBefore
 255     if (uint8NotBefore)
 256     {
 257         notBefore->buf = (uint8_t *)uint8NotBefore;
 258     }
 259     else
 260     {
 261         notBefore->buf    = (uint8_t *)ISSUER_DEFAULT_NOT_BEFORE;
 262     }
 263     notBefore->size   = strlen((const char *)notBefore->buf);
 264
 265     //notAfter
 266     if (uint8NotAfter)
 267     {
 268         notAfter->buf = (uint8_t *)uint8NotAfter;
 269     }
 270     else
 271     {
 272         notAfter->buf     = (uint8_t *)ISSUER_DEFAULT_NOT_AFTER;
 273     }
 274     notAfter->size    = strlen((const char *)notAfter->buf);
 275
 276     //common keys
 277     issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 278     issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
 279     CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 280     *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 281
 282     subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 283     subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
 284     CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 285     *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 286     //common keys
 287
 288     //read CA private key from the CA storage
 289     CHECK_CALL(InitCKMInfo);
 290     CHECK_CALL(GetCAPrivateKey, &privKeyIss);
 291
 292     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 293     memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
 294
 295     if (!uint8SubjectPublicKey)
 296     {
 297         //GenerateKeyPair
 298         GenerateKeyPair(&privKeySubj, &pubKeySubj);
 299     }
 300     else
 301     {
 302         //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 303         memcpy((subjectPublicKey->buf) + 1, uint8SubjectPublicKey, PUBLIC_KEY_SIZE);
 304     }
 305
 306     CHECK_CALL(GenerateCertificate, subjectName, issuerName, notBefore, notAfter,
 307                              subjectPublicKey, issuerPrivateKey, issuedCertificate);
 308
 309     FUNCTION_CLEAR(
 310         OICFree(subjectName);
 311         OICFree(issuerName);
 312         OICFree(notBefore);
 313         OICFree(notAfter);
 314         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, subjectPublicKey);
 315         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
 316     );
 317 }
 318
 319 PKIError GenerateDERCertificateFile (const ByteArray *certificate, const char * const certFileName)
 320 {
 321     FUNCTION_INIT();
 322
 323 #ifdef __unix__
 324     struct stat st;
 325     int fd = -1;
 326 #else
 327     FILE *filePointer = NULL;
 328 #endif
 329
 330     CHECK_NULL(certFileName, ISSUER_NULL_PASSED);
 331     CHECK_NULL(certificate, ISSUER_NULL_PASSED);
 332     CHECK_NULL(certificate->data, ISSUER_NULL_PASSED);
 333
 334 #ifdef __unix__
 335     fd = open(certFileName, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
 336     CHECK_NOT_EQUAL(fd, -1, ISSUER_NULL_PASSED);
 337     CHECK_EQUAL(fstat(fd, &st), 0, ISSUER_NULL_PASSED);
 338     CHECK_COND(S_ISREG(st.st_mode), ISSUER_FILE_WRITE_ERROR);
 339     CHECK_COND(!S_ISLNK(st.st_mode), ISSUER_FILE_WRITE_ERROR);
 340     CHECK_EQUAL(write(fd, certificate->data, certificate->len), (ssize_t) certificate->len,
 341             ISSUER_FILE_WRITE_ERROR);
 342
 343     FUNCTION_CLEAR(
 344         if(-1 != fd)
 345         {
 346             close(fd);
 347         }
 348     );
 349 #else
 350     filePointer = fopen(certFileName, "wb");
 351     CHECK_NULL(filePointer, ISSUER_FILE_WRITE_ERROR);
 352     CHECK_EQUAL(fwrite(certificate->data, 1, certificate->len, filePointer), certificate->len,
 353             ISSUER_FILE_WRITE_ERROR);
 354
 355     FUNCTION_CLEAR(
 356         if(filePointer)
 357         {
 358             fclose(filePointer);
 359         }
 360         filePointer = NULL;
 361     );
 362 #endif
 363
 364 }
 365
 366 PKIError SetSerialNumber (const long serNum)
 367 {
 368     FUNCTION_INIT();
 369
 370     CHECK_LESS_EQUAL(0, serNum, ISSUER_WRONG_SERIAL_NUMBER);
 371     CHECK_CALL(InitCKMInfo);
 372     CHECK_CALL(SetNextSerialNumber, serNum);
 373     CHECK_CALL(SaveCKMInfo);
 374
 375     FUNCTION_CLEAR();
 376 }
 377
 378 PKIError SetRootName (const ByteArray rootName)
 379 {
 380     FUNCTION_INIT();
 381
 382     CHECK_NULL(rootName.data, ISSUER_NULL_PASSED);
 383     CHECK_LESS(0, rootName.len, ISSUER_WRONG_ROOT_NAME_LEN);
 384     CHECK_LESS(rootName.len, ISSUER_MAX_NAME_SIZE, ISSUER_WRONG_ROOT_NAME_LEN);
 385     CHECK_CALL(InitCKMInfo);
 386     CHECK_CALL(SetCAName, &rootName);
 387     CHECK_CALL(SaveCKMInfo);
 388
 389     FUNCTION_CLEAR();
 390 }
 391
 392 PKIError CKMSetCAInfo (const long serNum, const ByteArray rootName)
 393 {
 394     FUNCTION_INIT();
 395     CHECK_CALL(SetSerialNumber, serNum);
 396     CHECK_CALL(SetRootName, rootName);
 397
 398     FUNCTION_CLEAR();
 399 }
 400
 401 PKIError GenerateCSR (const uint8_t *uint8SubjectName,
 402                       const uint8_t *uint8SubjectPublicKey,
 403                       const uint8_t *uint8SubjectPrivateKey,
 404                       ByteArray *encodedCSR)
 405 {
 406     FUNCTION_INIT();
 407     UTF8String_t *subjectName       = NULL;
 408     BIT_STRING_t *subjectPublicKey  = NULL;
 409     BIT_STRING_t *subjectPrivateKey  = NULL;
 410
 411     CHECK_NULL(uint8SubjectPublicKey, ISSUER_NULL_PASSED);
 412     CHECK_NULL(uint8SubjectPrivateKey, ISSUER_NULL_PASSED);
 413     CHECK_NULL(encodedCSR, ISSUER_NULL_PASSED);
 414     CHECK_NULL(encodedCSR->data, ISSUER_NULL_PASSED);
 415     CHECK_LESS_EQUAL(CSR_MAX_SIZE, encodedCSR->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 416
 417     subjectName = OICCalloc(1, sizeof(UTF8String_t));
 418     CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
 419
 420     subjectPublicKey = OICCalloc(1, sizeof(BIT_STRING_t));
 421     CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
 422
 423     subjectPrivateKey = OICCalloc(1, sizeof(BIT_STRING_t));
 424     CHECK_NULL(subjectPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 425
 426     //SubjectName
 427     if (uint8SubjectName)
 428     {
 429         subjectName->buf = (uint8_t *)uint8SubjectName;
 430     }
 431     else
 432     {
 433         subjectName->buf  = (uint8_t *)ISSUER_DEFAULT_SUBJECT_NAME;
 434     }
 435     subjectName->size = strlen((const char *)subjectName->buf);
 436
 437     //common keys
 438     subjectPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 439     subjectPrivateKey->buf = (uint8_t *)OICCalloc((subjectPrivateKey->size), sizeof(uint8_t));
 440     CHECK_NULL(subjectPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 441     *(subjectPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 442
 443     subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 444     subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t));
 445     CHECK_NULL(subjectPublicKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 446     *(subjectPublicKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 447     //common keys
 448
 449     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 450     memcpy((subjectPrivateKey->buf) + 1, uint8SubjectPrivateKey, PRIVATE_KEY_SIZE);
 451     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 452     memcpy((subjectPublicKey->buf) + 1, uint8SubjectPublicKey, PUBLIC_KEY_SIZE);
 453
 454     CHECK_CALL(EncodeCSR, subjectName, subjectPublicKey, subjectPrivateKey, encodedCSR);
 455
 456     FUNCTION_CLEAR(
 457         OICFree(subjectName);
 458         OICFree(subjectPublicKey);
 459         if (subjectPrivateKey)
 460         {
 461             OICFree(subjectPrivateKey->buf);
 462             OICFree(subjectPrivateKey);
 463         }
 464     );
 465 }
 466
 467 PKIError GenerateCertificateByCSR (const ByteArray *encodedCSR, ByteArray *issuedCertificate)
 468 {
 469     FUNCTION_INIT();
 470     UTF8String_t *subjectName = NULL;
 471     BIT_STRING_t *subjectPublicKey = NULL;
 472     uint8_t uint8SubjectName[ISSUER_MAX_NAME_SIZE];
 473     uint8_t uint8SubjectPublicKey[PUBLIC_KEY_SIZE + 1];
 474
 475     CHECK_NULL(encodedCSR, ISSUER_NULL_PASSED);
 476     CHECK_NULL(encodedCSR->data, ISSUER_NULL_PASSED);
 477     CHECK_NULL(issuedCertificate, ISSUER_NULL_PASSED);
 478     CHECK_NULL(issuedCertificate->data, ISSUER_NULL_PASSED);
 479     CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, issuedCertificate->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 480
 481     subjectName = OICCalloc(1, sizeof(UTF8String_t));
 482     CHECK_NULL(subjectName, ISSUER_MEMORY_ALLOC_FAILED);
 483
 484     subjectPublicKey = OICCalloc(1, sizeof(BIT_STRING_t));
 485     CHECK_NULL(subjectPublicKey, ISSUER_MEMORY_ALLOC_FAILED);
 486
 487     subjectName->buf = uint8SubjectName;
 488     subjectPublicKey->buf = uint8SubjectPublicKey;
 489
 490     CHECK_CALL(DecodeCSR, encodedCSR, subjectName, subjectPublicKey);
 491
 492     uint8SubjectName[subjectName->size] = '\0';
 493     CHECK_CALL(CKMIssueDeviceCertificate, uint8SubjectName, 0, 0, uint8SubjectPublicKey + 1,
 494             //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 495             issuedCertificate);
 496
 497     FUNCTION_CLEAR(
 498         OICFree(subjectPublicKey);
 499         OICFree(subjectName);
 500     );
 501 }
 502
 503 PKIError CKMIssueCRL (const uint8_t *uint8ThisUpdateTime, const uint32_t numberOfRevoked,
 504                       const uint32_t *revokedNumbers, const uint8_t **revocationDates,
 505                       ByteArray *encodedCRL)
 506 {
 507     FUNCTION_INIT();
 508     BIT_STRING_t *issuerPrivateKey                          = NULL;
 509     UTCTime_t *thisUpdateTime                               = NULL;
 510     CertificateRevocationInfo_t *certificateRevocationInfo  = NULL;
 511     UTF8String_t *issuerName                                = NULL;
 512     uint32_t i;
 513
 514     uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
 515     uint8_t uint8caName[ISSUER_MAX_NAME_SIZE];
 516
 517     ByteArray privKeyIss     = BYTE_ARRAY_INITIALIZER;
 518     ByteArray caName         = BYTE_ARRAY_INITIALIZER;
 519
 520     CHECK_NULL(numberOfRevoked, ISSUER_NULL_PASSED);
 521     CHECK_NULL(revokedNumbers, ISSUER_NULL_PASSED);
 522     CHECK_NULL(revocationDates, ISSUER_NULL_PASSED);
 523     CHECK_NULL(encodedCRL, ISSUER_NULL_PASSED);
 524     CHECK_NULL(encodedCRL->data, ISSUER_NULL_PASSED);
 525     CHECK_LESS_EQUAL((CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)),
 526                       encodedCRL->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 527
 528     issuerPrivateKey          = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 529     CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 530
 531     thisUpdateTime            = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t));
 532     CHECK_NULL(thisUpdateTime, ISSUER_MEMORY_ALLOC_FAILED);
 533
 534     issuerName                  = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t));
 535     CHECK_NULL(issuerName, ISSUER_MEMORY_ALLOC_FAILED);
 536
 537     certificateRevocationInfo = (CertificateRevocationInfo_t *)OICCalloc(numberOfRevoked,
 538                                 sizeof(CertificateRevocationInfo_t));
 539     CHECK_NULL(certificateRevocationInfo, ISSUER_MEMORY_ALLOC_FAILED);
 540
 541     privKeyIss.data = caPrivateKey;
 542     privKeyIss.len  = PRIVATE_KEY_SIZE;
 543     caName.data     = uint8caName;
 544     caName.len      = ISSUER_MAX_NAME_SIZE;
 545
 546     //allocate issuerPrivateKey
 547     issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 548     issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
 549     CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 550     *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 551
 552     //read CA private key from the CA storage
 553     CHECK_CALL(InitCKMInfo);
 554     CHECK_CALL(GetCAPrivateKey, &privKeyIss);
 555     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 556     memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
 557
 558     //thisUpdateTime
 559     if (uint8ThisUpdateTime)
 560     {
 561         thisUpdateTime->buf = (uint8_t *)uint8ThisUpdateTime;
 562     }
 563     else
 564     {
 565         thisUpdateTime->buf    = (uint8_t *)ISSUER_DEFAULT_THIS_UPDATE;
 566     }
 567     thisUpdateTime->size   = strlen((const char *)thisUpdateTime->buf);
 568
 569     //RootName
 570     CHECK_CALL(InitCKMInfo);
 571     CHECK_CALL(GetCAName, &caName);
 572     issuerName->buf  = caName.data;
 573     issuerName->size = caName.len;
 574
 575     // CRI
 576     for ( i = 0; i < numberOfRevoked; i++ )
 577     {
 578         certificateRevocationInfo[i].userCertificate = revokedNumbers[i];
 579         certificateRevocationInfo[i].revocationDate.buf = (uint8_t *)revocationDates[i];
 580         certificateRevocationInfo[i].revocationDate.size =
 581                 strlen((const char *)revocationDates[i]);
 582     }
 583
 584     CHECK_CALL(GenerateCRL, issuerName, thisUpdateTime, numberOfRevoked, certificateRevocationInfo,
 585                     issuerPrivateKey, encodedCRL);
 586
 587     CHECK_CALL(InitCKMInfo);
 588     CHECK_CALL(SetCertificateRevocationList, encodedCRL);
 589     CHECK_CALL(SaveCKMInfo);
 590
 591     FUNCTION_CLEAR(
 592         OICFree(issuerName);
 593         OICFree(thisUpdateTime);
 594         OICFree(certificateRevocationInfo);
 595         ASN_STRUCT_FREE(asn_DEF_BIT_STRING, issuerPrivateKey);
 596     );
 597 }
 598
 599 PKIError CKMRevocateCertificate (const uint8_t *uint8ThisUpdateTime, const long revokedNumber,
 600                                  ByteArray *encodedCRL)
 601 {
 602     FUNCTION_INIT();
 603     ByteArray oldCRL = BYTE_ARRAY_INITIALIZER;
 604     asn_dec_rval_t rval; /* Decoder return value */
 605     CertificateRevocationList_t *certificateRevocationList = NULL; // Type to decode
 606     CertificateRevocationInfo_t *CRI             = NULL;
 607     long serialNumber = 0;
 608     long numberOfRevoked = 0;
 609     uint32_t crlMaxSize = 0;
 610
 611     BIT_STRING_t *issuerPrivateKey                          = NULL;
 612     uint8_t caPrivateKey[PRIVATE_KEY_SIZE];
 613     ByteArray privKeyIss     = BYTE_ARRAY_INITIALIZER;
 614
 615     CHECK_CALL(InitCKMInfo);
 616     CHECK_CALL(GetNumberOfRevoked, &numberOfRevoked);
 617
 618     crlMaxSize = (uint32_t)(CRL_MIN_SIZE +
 619             (numberOfRevoked + 1) * (sizeof(CertificateRevocationInfo_t) + 4));
 620
 621     CHECK_NULL(encodedCRL, ISSUER_NULL_PASSED);
 622     CHECK_NULL(encodedCRL->data, ISSUER_NULL_PASSED);
 623     CHECK_LESS_EQUAL(crlMaxSize, encodedCRL->len, ISSUER_WRONG_BYTE_ARRAY_LEN);
 624
 625     //obtain CRL
 626     oldCRL.data = (uint8_t *)OICMalloc(crlMaxSize);
 627     CHECK_NULL(oldCRL.data, ISSUER_MEMORY_ALLOC_FAILED);
 628     oldCRL.len = crlMaxSize;
 629
 630     CHECK_CALL(InitCKMInfo);
 631     CHECK_CALL(GetCertificateRevocationList, &oldCRL);
 632     CHECK_CALL(CloseCKMInfo);
 633
 634     //decode CRL
 635     rval = ber_decode(0, &asn_DEF_CertificateRevocationList, (void **)&certificateRevocationList,
 636                       oldCRL.data, oldCRL.len);
 637     CHECK_EQUAL(rval.code, RC_OK, ISSUER_CSR_DER_DECODE_FAIL);
 638
 639     //add one certificate into CRL
 640     CRI = (CertificateRevocationInfo_t *)OICCalloc(1, sizeof(CertificateRevocationInfo_t));
 641     CHECK_NULL(CRI, ISSUER_CRL_ENCODER_MEMORY_ALLOC_FAILED);
 642
 643     CRI->revocationDate.size = (int)strlen((const char *)uint8ThisUpdateTime);
 644     CRI->revocationDate.buf = OICCalloc((CRI->revocationDate.size) + 1, sizeof(char));
 645     //additional byte for \0 at the end
 646     CHECK_NULL(CRI->revocationDate.buf, ISSUER_CRL_ENCODER_MEMORY_ALLOC_FAILED);
 647
 648     memcpy(CRI->revocationDate.buf, uint8ThisUpdateTime, CRI->revocationDate.size + 1);
 649     //additional byte for \0 at the end
 650
 651     CRI->userCertificate = revokedNumber;
 652     ASN_SEQUENCE_ADD((void *)(&(certificateRevocationList->
 653             tbsCertList.revokedCertificates.list)), (void *)(CRI));
 654
 655     //prepare memory for issuerPrivateKey
 656     issuerPrivateKey          = (BIT_STRING_t *)OICCalloc(1, sizeof(BIT_STRING_t));
 657     CHECK_NULL(issuerPrivateKey, ISSUER_MEMORY_ALLOC_FAILED);
 658     privKeyIss.data = caPrivateKey;
 659     privKeyIss.len  = PRIVATE_KEY_SIZE;
 660     //allocate issuerPrivateKey
 661     issuerPrivateKey->size = PRIVATE_KEY_SIZE + 1; //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 662     issuerPrivateKey->buf = (uint8_t *)OICCalloc((issuerPrivateKey->size), sizeof(uint8_t));
 663     CHECK_NULL(issuerPrivateKey->buf, ISSUER_MEMORY_ALLOC_FAILED);
 664     *(issuerPrivateKey->buf) = (uint8_t)ASN1_UNCOMPRESSED_KEY_ID;
 665
 666     //read CA private key from the CA storage
 667     CHECK_CALL(InitCKMInfo);
 668     CHECK_CALL(GetCAPrivateKey, &privKeyIss);
 669
 670     //additional byte for ASN1_UNCOMPRESSED_KEY_ID
 671     memcpy((issuerPrivateKey->buf) + 1, privKeyIss.data, PRIVATE_KEY_SIZE);
 672
 673     //SignCRL
 674     CHECK_CALL(SignCRL, certificateRevocationList, crlMaxSize, issuerPrivateKey, encodedCRL);
 675
 676     CHECK_CALL(InitCKMInfo);
 677     CHECK_CALL(GetCRLSerialNumber, &serialNumber);
 678     serialNumber++;
 679     CHECK_CALL(SetCRLSerialNumber, serialNumber);
 680     numberOfRevoked++;
 681     CHECK_CALL(SetNumberOfRevoked, numberOfRevoked);
 682     CHECK_CALL(SetCertificateRevocationList, encodedCRL);
 683     CHECK_CALL(SaveCKMInfo);
 684
 685     FUNCTION_CLEAR(
 686         ASN_STRUCT_FREE(asn_DEF_CertificateRevocationList, certificateRevocationList);
 687         certificateRevocationList = NULL;
 688
 689     );
 690 }
 691
 692 PKIError CKMGetCRL (ByteArray *certificateRevocationList)
 693 {
 694     FUNCTION_INIT();
 695     CHECK_NULL(certificateRevocationList, ISSUER_NULL_PASSED);
 696     CHECK_NULL(certificateRevocationList->data, ISSUER_NULL_PASSED);
 697     CHECK_CALL(InitCKMInfo);
 698     CHECK_CALL(GetCertificateRevocationList, certificateRevocationList);
 699     CHECK_CALL(CloseCKMInfo);
 700
 701     FUNCTION_CLEAR();
 702 }