Simulated product dispenser
Fork of mbed-cloud-workshop-connect-HTS221 by
fcc_bundle_certificate_chain_utils.c
00001 // ---------------------------------------------------------------------------- 00002 // Copyright 2016-2017 ARM Ltd. 00003 // 00004 // Licensed under the Apache License, Version 2.0 (the "License"); 00005 // you may not use this file except in compliance with the License. 00006 // You may obtain a copy of the License at 00007 // 00008 // http://www.apache.org/licenses/LICENSE-2.0 00009 // 00010 // Unless required by applicable law or agreed to in writing, software 00011 // distributed under the License is distributed on an "AS IS" BASIS, 00012 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 // See the License for the specific language governing permissions and 00014 // limitations under the License. 00015 // ---------------------------------------------------------------------------- 00016 #ifndef USE_TINY_CBOR 00017 #include "fcc_bundle_handler.h" 00018 #include "cn-cbor.h" 00019 #include "pv_error_handling.h" 00020 #include "fcc_bundle_utils.h" 00021 #include "key_config_manager.h" 00022 #include "fcc_output_info_handler.h" 00023 #include "fcc_malloc.h" 00024 #include "fcc_time_profiling.h" 00025 #include "fcc_utils.h" 00026 00027 00028 /** Processes certificate chain list. 00029 * The function extracts data parameters for each certificate chain and stores it. 00030 * 00031 * @param cert_chains_list_cb[in] The cbor structure with certificate chain list. 00032 * 00033 * @return 00034 * true for success, false otherwise. 00035 */ 00036 fcc_status_e fcc_bundle_process_certificate_chains(const cn_cbor *cert_chains_list_cb) 00037 { 00038 bool status = false; 00039 fcc_status_e fcc_status = FCC_STATUS_SUCCESS; 00040 fcc_status_e output_info_fcc_status = FCC_STATUS_SUCCESS; 00041 kcm_status_e kcm_result = KCM_STATUS_SUCCESS; 00042 uint32_t cert_chain_index = 0; 00043 uint32_t cert_index = 0; 00044 cn_cbor *cert_chain_cb = NULL; 00045 cn_cbor *cert_cb = NULL; 00046 fcc_bundle_data_param_s certificate_chain; 00047 uint8_t *certificate_data; 00048 size_t certificate_data_size = 0; 00049 kcm_cert_chain_handle cert_chain_handle = NULL; 00050 00051 SA_PV_LOG_TRACE_FUNC_ENTER_NO_ARGS(); 00052 SA_PV_ERR_RECOVERABLE_RETURN_IF((cert_chains_list_cb == NULL), fcc_status = FCC_STATUS_INVALID_PARAMETER, "Invalid cert_chains_list_cb pointer"); 00053 00054 //Initialize data struct 00055 memset(&certificate_chain, 0, sizeof(fcc_bundle_data_param_s)); 00056 00057 for (cert_chain_index = 0; cert_chain_index < (uint32_t)cert_chains_list_cb->length; cert_chain_index++) { 00058 00059 FCC_SET_START_TIMER(fcc_certificate_chain_timer); 00060 00061 certificate_data = NULL; 00062 00063 00064 //Get certificate chain CBOR struct at index cert_chain_index 00065 cert_chain_cb = cn_cbor_index(cert_chains_list_cb, cert_chain_index); 00066 SA_PV_ERR_RECOVERABLE_RETURN_IF((cert_chain_cb == NULL), fcc_status = FCC_STATUS_BUNDLE_ERROR, "Failed to get certificate chain at index (%" PRIu32 ") ", cert_chain_index); 00067 SA_PV_ERR_RECOVERABLE_RETURN_IF((cert_chain_cb->type != CN_CBOR_MAP), fcc_status = FCC_STATUS_BUNDLE_ERROR, "Wrong type of certificate chain CBOR struct at index (%" PRIu32 ") ", cert_chain_index); 00068 00069 status = fcc_bundle_get_data_param(cert_chain_cb, &certificate_chain); 00070 SA_PV_ERR_RECOVERABLE_GOTO_IF((status != true), fcc_status = FCC_STATUS_BUNDLE_ERROR, exit, "Failed to get certificate chain data at index (%" PRIu32 ") ", cert_chain_index); 00071 00072 // create chain 00073 kcm_result = kcm_cert_chain_create(&cert_chain_handle, certificate_chain.name, certificate_chain.name_len, (size_t)certificate_chain.array_cn->length, true); 00074 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = FCC_STATUS_KCM_ERROR, exit, "Failed to create certificate chain"); 00075 00076 //Get all certificates in certificate chain and store it 00077 for (cert_index = 0; cert_index < (uint32_t)certificate_chain.array_cn->length; cert_index++) { 00078 00079 cert_cb = cn_cbor_index(certificate_chain.array_cn, (unsigned int)cert_index); 00080 SA_PV_ERR_RECOVERABLE_GOTO_IF((cert_cb == NULL), fcc_status = FCC_STATUS_BUNDLE_ERROR, exit, "Failed to get cert cbor at index (%" PRIu32 ") ", cert_index); 00081 00082 status = get_data_buffer_from_cbor(cert_cb, &certificate_data, &certificate_data_size); 00083 SA_PV_ERR_RECOVERABLE_GOTO_IF((status == false || certificate_data == NULL || certificate_data_size == 0), fcc_status = FCC_STATUS_BUNDLE_ERROR, exit, "Failed to get cert data at index (%" PRIu32 ") ", cert_index); 00084 00085 //If private key name was passed - current leaf certificate is self generated and we need to perform verification against given private key 00086 if (cert_index == 0 && certificate_chain.private_key_name != NULL) { 00087 //Try to retrieve the private key from the device and verify the leaf certificate against private key data 00088 kcm_result = kcm_certificate_verify_with_private_key( 00089 certificate_data, 00090 certificate_data_size, 00091 certificate_chain.private_key_name, 00092 certificate_chain.private_key_name_len); 00093 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = FCC_STATUS_CERTIFICATE_PUBLIC_KEY_CORRELATION_ERROR, exit, "Failed to verify leaf certificate against given private key (%" PRIu32 ") ", cert_chain_index); 00094 } 00095 kcm_result = kcm_cert_chain_add_next(cert_chain_handle, certificate_data, certificate_data_size); 00096 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = fcc_convert_kcm_to_fcc_status(kcm_result), exit, "Failed to add certificate chain at index (%" PRIu32 ") ", cert_chain_index); 00097 } 00098 // close chain 00099 kcm_result = kcm_cert_chain_close(cert_chain_handle); 00100 cert_chain_handle = NULL; 00101 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = FCC_STATUS_KCM_ERROR, exit, "Failed to close certificate chain"); 00102 FCC_END_TIMER((char*)certificate_chain.name, certificate_chain.name_len, fcc_certificate_chain_timer); 00103 } 00104 00105 exit: 00106 if (kcm_result != KCM_STATUS_SUCCESS) { 00107 if (cert_chain_handle != NULL) { 00108 kcm_cert_chain_close(cert_chain_handle); 00109 } 00110 //KCM_STATUS_ITEM_NOT_FOUND returned only if private key of self-generate certificate is missing.In this case we need to return name of themissing item -the private key. 00111 if (kcm_result == KCM_STATUS_ITEM_NOT_FOUND) { 00112 output_info_fcc_status = fcc_bundle_store_error_info(certificate_chain.private_key_name, certificate_chain.private_key_name_len, kcm_result); 00113 } else { 00114 output_info_fcc_status = fcc_bundle_store_error_info(certificate_chain.name, certificate_chain.name_len, kcm_result); 00115 } 00116 00117 } 00118 fcc_bundle_clean_and_free_data_param(&certificate_chain); 00119 SA_PV_ERR_RECOVERABLE_RETURN_IF((output_info_fcc_status != FCC_STATUS_SUCCESS), 00120 fcc_status = FCC_STATUS_OUTPUT_INFO_ERROR, 00121 "Failed to create output kcm_status error %d", kcm_result); 00122 00123 SA_PV_LOG_TRACE_FUNC_EXIT_NO_ARGS(); 00124 00125 return fcc_status; 00126 } 00127 #endif
Generated on Tue Jul 12 2022 19:12:12 by 1.7.2