Simple interface for Mbed Cloud Client
Embed:
(wiki syntax)
Show/hide line numbers
cs_utils.c
00001 // ---------------------------------------------------------------------------- 00002 // Copyright 2016-2017 ARM Ltd. 00003 // 00004 // Licensed under the Apache License, Version 2.0 (the "License"); 00005 // you may not use this file except in compliance with the License. 00006 // You may obtain a copy of the License at 00007 // 00008 // http://www.apache.org/licenses/LICENSE-2.0 00009 // 00010 // Unless required by applicable law or agreed to in writing, software 00011 // distributed under the License is distributed on an "AS IS" BASIS, 00012 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 // See the License for the specific language governing permissions and 00014 // limitations under the License. 00015 // ---------------------------------------------------------------------------- 00016 #include <stdio.h> 00017 #include "pv_log.h" 00018 #include "cs_hash.h" 00019 #include "cs_der_keys.h" 00020 #include "cs_der_certs.h" 00021 #include "pal_Crypto.h" 00022 #include "pal_errors.h" 00023 #include "pv_error_handling.h" 00024 00025 00026 kcm_status_e cs_error_handler(palStatus_t pal_status) 00027 { 00028 switch (pal_status) { 00029 case PAL_SUCCESS: 00030 return KCM_STATUS_SUCCESS; 00031 case PAL_ERR_NOT_SUPPORTED_CURVE: 00032 return KCM_CRYPTO_STATUS_UNSUPPORTED_CURVE; 00033 case PAL_ERR_INVALID_ARGUMENT : 00034 return KCM_STATUS_INVALID_PARAMETER; 00035 case PAL_ERR_CREATION_FAILED : 00036 return KCM_STATUS_OUT_OF_MEMORY; 00037 case PAL_ERR_CERT_PARSING_FAILED: 00038 return KCM_CRYPTO_STATUS_PARSING_DER_CERT; 00039 case PAL_ERR_X509_BADCERT_EXPIRED: 00040 return KCM_CRYPTO_STATUS_CERT_EXPIRED; 00041 case PAL_ERR_X509_BADCERT_FUTURE: 00042 return KCM_CRYPTO_STATUS_CERT_FUTURE; 00043 case PAL_ERR_X509_BADCERT_BAD_MD: 00044 return KCM_CRYPTO_STATUS_CERT_MD_ALG; 00045 case PAL_ERR_X509_BADCERT_BAD_PK: 00046 return KCM_CRYPTO_STATUS_CERT_PUB_KEY_TYPE; 00047 case PAL_ERR_X509_BADCERT_NOT_TRUSTED: 00048 return KCM_CRYPTO_STATUS_CERT_NOT_TRUSTED; 00049 case PAL_ERR_X509_BADCERT_BAD_KEY: 00050 return KCM_CRYPTO_STATUS_CERT_PUB_KEY; 00051 case PAL_ERR_PARSING_PUBLIC_KEY: 00052 return KCM_CRYPTO_STATUS_PARSING_DER_PUBLIC_KEY; 00053 case PAL_ERR_PARSING_PRIVATE_KEY: 00054 return KCM_CRYPTO_STATUS_PARSING_DER_PRIVATE_KEY; 00055 case PAL_ERR_PRIVATE_KEY_VARIFICATION_FAILED: 00056 return KCM_CRYPTO_STATUS_PRIVATE_KEY_VERIFICATION_FAILED; 00057 case PAL_ERR_PUBLIC_KEY_VARIFICATION_FAILED: 00058 return KCM_CRYPTO_STATUS_PUBLIC_KEY_VERIFICATION_FAILED; 00059 case PAL_ERR_PK_UNKNOWN_PK_ALG: 00060 return KCM_CRYPTO_STATUS_PK_UNKNOWN_PK_ALG; 00061 case PAL_ERR_PK_KEY_INVALID_FORMAT: 00062 return KCM_CRYPTO_STATUS_PK_KEY_INVALID_FORMAT; 00063 case PAL_ERR_PK_INVALID_PUBKEY_AND_ASN1_LEN_MISMATCH: 00064 return KCM_CRYPTO_STATUS_INVALID_PK_PUBKEY; 00065 case PAL_ERR_ECP_INVALID_KEY: 00066 return KCM_CRYPTO_STATUS_ECP_INVALID_KEY; 00067 case PAL_ERR_PK_KEY_INVALID_VERSION: 00068 return KCM_CRYPTO_STATUS_PK_KEY_INVALID_VERSION; 00069 case PAL_ERR_PK_PASSWORD_REQUIRED: 00070 return KCM_CRYPTO_STATUS_PK_PASSWORD_REQUIRED; 00071 case PAL_ERR_NO_MEMORY : 00072 return KCM_STATUS_OUT_OF_MEMORY; 00073 case PAL_ERR_BUFFER_TOO_SMALL : 00074 return KCM_STATUS_INSUFFICIENT_BUFFER; 00075 case PAL_ERR_INVALID_X509_ATTR: 00076 return KCM_CRYPTO_STATUS_INVALID_X509_ATTR; 00077 case PAL_ERR_PK_SIG_VERIFY_FAILED: 00078 return KCM_CRYPTO_STATUS_VERIFY_SIGNATURE_FAILED; 00079 case PAL_ERR_FAILED_TO_COPY_KEYPAIR: 00080 return KCM_CRYPTO_STATUS_ECP_INVALID_KEY; 00081 case PAL_ERR_FAILED_TO_COPY_GROUP: 00082 return KCM_CRYPTO_STATUS_UNSUPPORTED_CURVE; 00083 case PAL_ERR_INVALID_MD_TYPE: 00084 return KCM_CRYPTO_STATUS_INVALID_MD_TYPE; 00085 case PAL_ERR_FAILED_TO_WRITE_SIGNATURE: 00086 return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_SIGNATURE; 00087 default: 00088 return KCM_STATUS_ERROR; 00089 } 00090 } 00091 00092 00093 /* The function checks private and certificate's public key correlation 00094 */ 00095 kcm_status_e cs_check_certifcate_public_key(palX509Handle_t x509_cert, const uint8_t *private_key_data, size_t size_of_private_key_data) 00096 { 00097 kcm_status_e kcm_status = KCM_STATUS_SUCCESS; 00098 uint8_t out_sign[CS_ECDSA_SECP256R1_MAX_SIGNATURE_SIZE_IN_BYTES] = { 0 }; 00099 size_t size_of_sign = sizeof(out_sign); 00100 size_t act_size_of_sign = 0; 00101 const uint8_t hash_digest[] = 00102 { 0x34, 0x70, 0xCD, 0x54, 0x7B, 0x0A, 0x11, 0x5F, 0xE0, 0x5C, 0xEB, 0xBC, 0x07, 0xBA, 0x91, 0x88, 00103 0x27, 0x20, 0x25, 0x6B, 0xB2, 0x7A, 0x66, 0x89, 0x1A, 0x4B, 0xB7, 0x17, 0x11, 0x04, 0x86, 0x6F }; 00104 00105 SA_PV_LOG_TRACE_FUNC_ENTER_NO_ARGS(); 00106 00107 kcm_status = cs_ecdsa_sign(private_key_data, size_of_private_key_data, hash_digest, sizeof(hash_digest), out_sign, size_of_sign, &act_size_of_sign); 00108 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "cs_ecdsa_sign failed"); 00109 00110 kcm_status = cs_x509_cert_verify_signature(x509_cert, hash_digest, sizeof(hash_digest), out_sign, act_size_of_sign); 00111 SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "cs_x509_cert_verify_signature failed"); 00112 00113 SA_PV_LOG_TRACE_FUNC_EXIT_NO_ARGS(); 00114 return kcm_status; 00115 }
Generated on Tue Jul 12 2022 19:01:34 by 1.7.2