Jim Carver / Mbed OS mbed-cloud-workshop-connect-PIR

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependencies:   HTS221

Fork of mbed-cloud-workshop-connect-HTS221 by Jim Carver

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers cs_utils.c Source File

cs_utils.c

00001 // ----------------------------------------------------------------------------
00002 // Copyright 2016-2017 ARM Ltd.
00003 //  
00004 // Licensed under the Apache License, Version 2.0 (the "License");
00005 // you may not use this file except in compliance with the License.
00006 // You may obtain a copy of the License at
00007 //  
00008 //     http://www.apache.org/licenses/LICENSE-2.0
00009 //  
00010 // Unless required by applicable law or agreed to in writing, software
00011 // distributed under the License is distributed on an "AS IS" BASIS,
00012 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013 // See the License for the specific language governing permissions and
00014 // limitations under the License.
00015 // ----------------------------------------------------------------------------
00016 #include <stdio.h>
00017 #include "pv_log.h"
00018 #include "cs_hash.h"
00019 #include "cs_der_keys_and_csrs.h"
00020 #include "cs_der_certs.h"
00021 #include "pal_Crypto.h"
00022 #include "pal_errors.h"
00023 #include "pv_error_handling.h"
00024 #include "kcm_internal.h"
00025 
00026 
00027 kcm_status_e  cs_error_handler(palStatus_t pal_status)
00028 {
00029     switch (pal_status) {
00030         case PAL_SUCCESS:
00031             return KCM_STATUS_SUCCESS;
00032         case PAL_ERR_NOT_SUPPORTED_CURVE:
00033             return KCM_CRYPTO_STATUS_UNSUPPORTED_CURVE;
00034         case PAL_ERR_INVALID_ARGUMENT :
00035             return KCM_STATUS_INVALID_PARAMETER;
00036         case PAL_ERR_CREATION_FAILED :
00037             return KCM_STATUS_OUT_OF_MEMORY;
00038         case PAL_ERR_CERT_PARSING_FAILED:
00039             return KCM_CRYPTO_STATUS_PARSING_DER_CERT;
00040         case PAL_ERR_X509_BADCERT_EXPIRED:
00041             return KCM_CRYPTO_STATUS_CERT_EXPIRED;
00042         case PAL_ERR_X509_BADCERT_FUTURE:
00043             return KCM_CRYPTO_STATUS_CERT_FUTURE;
00044         case PAL_ERR_X509_BADCERT_BAD_MD:
00045             return KCM_CRYPTO_STATUS_CERT_MD_ALG;
00046         case PAL_ERR_X509_BADCERT_BAD_PK:
00047             return KCM_CRYPTO_STATUS_CERT_PUB_KEY_TYPE;
00048         case PAL_ERR_X509_BADCERT_NOT_TRUSTED:
00049             return KCM_CRYPTO_STATUS_CERT_NOT_TRUSTED;
00050         case PAL_ERR_X509_BADCERT_BAD_KEY:
00051             return KCM_CRYPTO_STATUS_CERT_PUB_KEY;
00052         case PAL_ERR_PARSING_PUBLIC_KEY:
00053             return KCM_CRYPTO_STATUS_PARSING_DER_PUBLIC_KEY;
00054         case PAL_ERR_PARSING_PRIVATE_KEY:
00055             return KCM_CRYPTO_STATUS_PARSING_DER_PRIVATE_KEY;
00056         case PAL_ERR_PRIVATE_KEY_VARIFICATION_FAILED:
00057             return KCM_CRYPTO_STATUS_PRIVATE_KEY_VERIFICATION_FAILED;
00058         case PAL_ERR_PUBLIC_KEY_VARIFICATION_FAILED:
00059              return KCM_CRYPTO_STATUS_PUBLIC_KEY_VERIFICATION_FAILED;
00060         case PAL_ERR_PK_UNKNOWN_PK_ALG:
00061             return KCM_CRYPTO_STATUS_PK_UNKNOWN_PK_ALG;
00062         case PAL_ERR_PK_KEY_INVALID_FORMAT:
00063             return KCM_CRYPTO_STATUS_PK_KEY_INVALID_FORMAT;
00064         case PAL_ERR_PK_INVALID_PUBKEY_AND_ASN1_LEN_MISMATCH:
00065             return KCM_CRYPTO_STATUS_INVALID_PK_PUBKEY;
00066         case PAL_ERR_ECP_INVALID_KEY:
00067             return KCM_CRYPTO_STATUS_ECP_INVALID_KEY;
00068         case  PAL_ERR_PK_KEY_INVALID_VERSION:
00069             return KCM_CRYPTO_STATUS_PK_KEY_INVALID_VERSION;
00070         case PAL_ERR_PK_PASSWORD_REQUIRED:
00071             return KCM_CRYPTO_STATUS_PK_PASSWORD_REQUIRED;
00072         case PAL_ERR_NO_MEMORY :
00073             return KCM_STATUS_OUT_OF_MEMORY;
00074         case PAL_ERR_BUFFER_TOO_SMALL :
00075             return KCM_STATUS_INSUFFICIENT_BUFFER;
00076         case PAL_ERR_INVALID_X509_ATTR:
00077             return KCM_CRYPTO_STATUS_INVALID_X509_ATTR;
00078         case PAL_ERR_PK_SIG_VERIFY_FAILED:
00079             return KCM_CRYPTO_STATUS_VERIFY_SIGNATURE_FAILED;
00080         case PAL_ERR_FAILED_TO_COPY_KEYPAIR:
00081             return KCM_CRYPTO_STATUS_ECP_INVALID_KEY;
00082         case PAL_ERR_FAILED_TO_COPY_GROUP:
00083             return KCM_CRYPTO_STATUS_UNSUPPORTED_CURVE;
00084         case PAL_ERR_INVALID_MD_TYPE:
00085             return KCM_CRYPTO_STATUS_INVALID_MD_TYPE;
00086         case PAL_ERR_FAILED_TO_WRITE_SIGNATURE:
00087             return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_SIGNATURE;
00088         case PAL_ERR_FAILED_TO_WRITE_PRIVATE_KEY:
00089             return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_PRIVATE_KEY;
00090         case PAL_ERR_FAILED_TO_WRITE_PUBLIC_KEY:
00091             return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_PUBLIC_KEY;
00092         case PAL_ERR_CSR_WRITE_DER_FAILED:
00093             return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_CSR;
00094         case PAL_ERR_X509_UNKNOWN_OID:
00095             return KCM_CRYPTO_STATUS_INVALID_OID;
00096         case PAL_ERR_X509_INVALID_NAME:
00097             return KCM_CRYPTO_STATUS_INVALID_NAME_FORMAT;
00098         default:
00099            return  KCM_STATUS_ERROR;
00100     }
00101 }
00102 
00103 /* The function checks private and certificate's public key correlation
00104 */
00105 kcm_status_e  cs_check_certifcate_public_key(palX509Handle_t x509_cert, const uint8_t *private_key_data, size_t size_of_private_key_data)
00106 {
00107     kcm_status_e  kcm_status = KCM_STATUS_SUCCESS;
00108     uint8_t out_sign[KCM_ECDSA_SECP256R1_MAX_SIGNATURE_SIZE_IN_BYTES] = { 0 };
00109     size_t size_of_sign = sizeof(out_sign);
00110     size_t act_size_of_sign = 0;
00111     const uint8_t hash_digest[] =
00112     { 0x34, 0x70, 0xCD, 0x54, 0x7B, 0x0A, 0x11, 0x5F, 0xE0, 0x5C, 0xEB, 0xBC, 0x07, 0xBA, 0x91, 0x88,
00113         0x27, 0x20, 0x25, 0x6B, 0xB2, 0x7A, 0x66, 0x89, 0x1A, 0x4B, 0xB7, 0x17, 0x11, 0x04, 0x86, 0x6F };
00114 
00115     SA_PV_LOG_TRACE_FUNC_ENTER_NO_ARGS();
00116 
00117     kcm_status = cs_ecdsa_sign(private_key_data, size_of_private_key_data, hash_digest, sizeof(hash_digest), out_sign, size_of_sign, &act_size_of_sign);
00118     SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "cs_ecdsa_sign failed");
00119 
00120     kcm_status = cs_x509_cert_verify_signature(x509_cert, hash_digest, sizeof(hash_digest), out_sign, act_size_of_sign);
00121     SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "cs_x509_cert_verify_signature failed");
00122 
00123     SA_PV_LOG_TRACE_FUNC_EXIT_NO_ARGS();
00124     return kcm_status;
00125 }