leo hendrickson
/
example-Ethernet-mbed-Cloud-connect
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
simple-mbed-cloud-client/mbed-cloud-client/certificate-enrollment-client/source/certificate_enrollment.c@0:8f0bb79ddd48, 2021-05-04 (annotated)
- Committer:
- leothedragon
- Date:
- Tue May 04 08:55:12 2021 +0000
- Revision:
- 0:8f0bb79ddd48
nmn
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| leothedragon | 0:8f0bb79ddd48 | 1 | // ---------------------------------------------------------------------------- |
| leothedragon | 0:8f0bb79ddd48 | 2 | // Copyright 2018 ARM Ltd. |
| leothedragon | 0:8f0bb79ddd48 | 3 | // |
| leothedragon | 0:8f0bb79ddd48 | 4 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| leothedragon | 0:8f0bb79ddd48 | 5 | // you may not use this file except in compliance with the License. |
| leothedragon | 0:8f0bb79ddd48 | 6 | // You may obtain a copy of the License at |
| leothedragon | 0:8f0bb79ddd48 | 7 | // |
| leothedragon | 0:8f0bb79ddd48 | 8 | // http://www.apache.org/licenses/LICENSE-2.0 |
| leothedragon | 0:8f0bb79ddd48 | 9 | // |
| leothedragon | 0:8f0bb79ddd48 | 10 | // Unless required by applicable law or agreed to in writing, software |
| leothedragon | 0:8f0bb79ddd48 | 11 | // distributed under the License is distributed on an "AS IS" BASIS, |
| leothedragon | 0:8f0bb79ddd48 | 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| leothedragon | 0:8f0bb79ddd48 | 13 | // See the License for the specific language governing permissions and |
| leothedragon | 0:8f0bb79ddd48 | 14 | // limitations under the License. |
| leothedragon | 0:8f0bb79ddd48 | 15 | // ---------------------------------------------------------------------------- |
| leothedragon | 0:8f0bb79ddd48 | 16 | |
| leothedragon | 0:8f0bb79ddd48 | 17 | #include <stdio.h> |
| leothedragon | 0:8f0bb79ddd48 | 18 | #include <stdbool.h> |
| leothedragon | 0:8f0bb79ddd48 | 19 | #include "pv_error_handling.h" |
| leothedragon | 0:8f0bb79ddd48 | 20 | #include "certificate_enrollment.h" |
| leothedragon | 0:8f0bb79ddd48 | 21 | #include "key_config_manager.h" |
| leothedragon | 0:8f0bb79ddd48 | 22 | #include "pv_macros.h" |
| leothedragon | 0:8f0bb79ddd48 | 23 | #include "fcc_defs.h" |
| leothedragon | 0:8f0bb79ddd48 | 24 | #include "ce_internal.h" |
| leothedragon | 0:8f0bb79ddd48 | 25 | #include "storage.h" |
| leothedragon | 0:8f0bb79ddd48 | 26 | |
| leothedragon | 0:8f0bb79ddd48 | 27 | extern const char g_renewal_status_file[]; |
| leothedragon | 0:8f0bb79ddd48 | 28 | |
| leothedragon | 0:8f0bb79ddd48 | 29 | ce_status_e ce_init(void) |
| leothedragon | 0:8f0bb79ddd48 | 30 | { |
| leothedragon | 0:8f0bb79ddd48 | 31 | return kcm_init() == KCM_STATUS_SUCCESS ? CE_STATUS_SUCCESS : CE_STATUS_ERROR; |
| leothedragon | 0:8f0bb79ddd48 | 32 | } |
| leothedragon | 0:8f0bb79ddd48 | 33 | |
| leothedragon | 0:8f0bb79ddd48 | 34 | |
| leothedragon | 0:8f0bb79ddd48 | 35 | ce_status_e ce_error_handler(kcm_status_e kcm_status) |
| leothedragon | 0:8f0bb79ddd48 | 36 | { |
| leothedragon | 0:8f0bb79ddd48 | 37 | switch (kcm_status) { |
| leothedragon | 0:8f0bb79ddd48 | 38 | case KCM_STATUS_SUCCESS: |
| leothedragon | 0:8f0bb79ddd48 | 39 | return CE_STATUS_SUCCESS; |
| leothedragon | 0:8f0bb79ddd48 | 40 | case KCM_STATUS_INVALID_PARAMETER: |
| leothedragon | 0:8f0bb79ddd48 | 41 | return CE_STATUS_INVALID_PARAMETER; |
| leothedragon | 0:8f0bb79ddd48 | 42 | case KCM_STATUS_OUT_OF_MEMORY: |
| leothedragon | 0:8f0bb79ddd48 | 43 | return CE_STATUS_OUT_OF_MEMORY; |
| leothedragon | 0:8f0bb79ddd48 | 44 | case KCM_STATUS_INSUFFICIENT_BUFFER: |
| leothedragon | 0:8f0bb79ddd48 | 45 | return CE_STATUS_INSUFFICIENT_BUFFER; |
| leothedragon | 0:8f0bb79ddd48 | 46 | case KCM_STATUS_ITEM_NOT_FOUND: |
| leothedragon | 0:8f0bb79ddd48 | 47 | return CE_STATUS_ITEM_NOT_FOUND; |
| leothedragon | 0:8f0bb79ddd48 | 48 | case KCM_STATUS_ITEM_IS_EMPTY: |
| leothedragon | 0:8f0bb79ddd48 | 49 | return CE_STATUS_ITEM_IS_EMPTY; |
| leothedragon | 0:8f0bb79ddd48 | 50 | default: |
| leothedragon | 0:8f0bb79ddd48 | 51 | return CE_STATUS_ERROR; |
| leothedragon | 0:8f0bb79ddd48 | 52 | } |
| leothedragon | 0:8f0bb79ddd48 | 53 | } |
| leothedragon | 0:8f0bb79ddd48 | 54 | |
| leothedragon | 0:8f0bb79ddd48 | 55 | ce_status_e ce_generate_keys_and_create_csr_from_certificate( |
| leothedragon | 0:8f0bb79ddd48 | 56 | const char *certificate_name, const cs_key_handle_t key_h, |
| leothedragon | 0:8f0bb79ddd48 | 57 | uint8_t **csr_out, size_t *csr_size_out) |
| leothedragon | 0:8f0bb79ddd48 | 58 | { |
| leothedragon | 0:8f0bb79ddd48 | 59 | bool success; |
| leothedragon | 0:8f0bb79ddd48 | 60 | ce_status_e ce_status = CE_STATUS_SUCCESS; |
| leothedragon | 0:8f0bb79ddd48 | 61 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
| leothedragon | 0:8f0bb79ddd48 | 62 | uint8_t *certificate_buff = NULL; |
| leothedragon | 0:8f0bb79ddd48 | 63 | size_t certificate_buff_max_size = 0, certificate_buff_size = 0, certificate_private_key_size = 0; |
| leothedragon | 0:8f0bb79ddd48 | 64 | uint8_t *csr_buff = NULL; |
| leothedragon | 0:8f0bb79ddd48 | 65 | size_t csr_buff_size = 0, csr_buff_max_size; |
| leothedragon | 0:8f0bb79ddd48 | 66 | char *kcm_crt_name = NULL, *kcm_priv_key_name = NULL; |
| leothedragon | 0:8f0bb79ddd48 | 67 | uint32_t kcm_crt_name_size = (uint32_t)strlen(certificate_name) + 1; // append null termination |
| leothedragon | 0:8f0bb79ddd48 | 68 | |
| leothedragon | 0:8f0bb79ddd48 | 69 | |
| leothedragon | 0:8f0bb79ddd48 | 70 | SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_name == NULL), CE_STATUS_INVALID_PARAMETER, "Invalid certificate_name"); |
| leothedragon | 0:8f0bb79ddd48 | 71 | SA_PV_ERR_RECOVERABLE_RETURN_IF((key_h == 0), CE_STATUS_INVALID_PARAMETER, "Invalid key_h"); |
| leothedragon | 0:8f0bb79ddd48 | 72 | SA_PV_LOG_INFO_FUNC_ENTER("certificate_name = %s key_h = %" PRIuPTR "", certificate_name, key_h); |
| leothedragon | 0:8f0bb79ddd48 | 73 | SA_PV_ERR_RECOVERABLE_RETURN_IF((csr_out == NULL), CE_STATUS_INVALID_PARAMETER, "Invalid csr_out"); |
| leothedragon | 0:8f0bb79ddd48 | 74 | SA_PV_ERR_RECOVERABLE_RETURN_IF((csr_size_out == NULL), CE_STATUS_INVALID_PARAMETER, "Invalid csr_size_out"); |
| leothedragon | 0:8f0bb79ddd48 | 75 | |
| leothedragon | 0:8f0bb79ddd48 | 76 | // assert NOT a bootstrap device certificate |
| leothedragon | 0:8f0bb79ddd48 | 77 | success = pv_str_equals(g_fcc_bootstrap_device_certificate_name, certificate_name, kcm_crt_name_size); |
| leothedragon | 0:8f0bb79ddd48 | 78 | SA_PV_ERR_RECOVERABLE_RETURN_IF((success), CE_STATUS_FORBIDDEN_REQUEST, "device bootstrap certificate renewal is not allowed"); |
| leothedragon | 0:8f0bb79ddd48 | 79 | |
| leothedragon | 0:8f0bb79ddd48 | 80 | // assert NOT a bootstrap device key |
| leothedragon | 0:8f0bb79ddd48 | 81 | success = pv_str_equals(g_fcc_bootstrap_device_private_key_name, certificate_name, kcm_crt_name_size); |
| leothedragon | 0:8f0bb79ddd48 | 82 | SA_PV_ERR_RECOVERABLE_RETURN_IF((success), CE_STATUS_FORBIDDEN_REQUEST, "device bootstrap certificate renewal is not allowed"); |
| leothedragon | 0:8f0bb79ddd48 | 83 | |
| leothedragon | 0:8f0bb79ddd48 | 84 | success = ce_set_item_names(certificate_name, &kcm_priv_key_name, NULL, &kcm_crt_name); |
| leothedragon | 0:8f0bb79ddd48 | 85 | SA_PV_ERR_RECOVERABLE_RETURN_IF((!success), CE_STATUS_ITEM_NOT_FOUND, "failed for ce_set_item_names()"); |
| leothedragon | 0:8f0bb79ddd48 | 86 | |
| leothedragon | 0:8f0bb79ddd48 | 87 | // getting the private key size successfully signifies that the certificate's private key exist and we're okay to continue |
| leothedragon | 0:8f0bb79ddd48 | 88 | kcm_status = kcm_item_get_data_size((const uint8_t *)kcm_priv_key_name, strlen(kcm_priv_key_name), KCM_PRIVATE_KEY_ITEM, &certificate_private_key_size); |
| leothedragon | 0:8f0bb79ddd48 | 89 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), ce_error_handler(kcm_status), "failed to get the certificate private key length"); |
| leothedragon | 0:8f0bb79ddd48 | 90 | SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_private_key_size == 0), CE_STATUS_ITEM_IS_EMPTY, "got empty private key for certificate %s", kcm_crt_name); |
| leothedragon | 0:8f0bb79ddd48 | 91 | |
| leothedragon | 0:8f0bb79ddd48 | 92 | // get the certificate octet length |
| leothedragon | 0:8f0bb79ddd48 | 93 | kcm_status = kcm_item_get_data_size((const uint8_t *)kcm_crt_name, strlen(kcm_crt_name), KCM_CERTIFICATE_ITEM, &certificate_buff_max_size); |
| leothedragon | 0:8f0bb79ddd48 | 94 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), CE_STATUS_ERROR, "failed to get certificate octet length"); |
| leothedragon | 0:8f0bb79ddd48 | 95 | SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_buff_max_size == 0), CE_STATUS_ITEM_IS_EMPTY, "got 0 length for certificate"); |
| leothedragon | 0:8f0bb79ddd48 | 96 | |
| leothedragon | 0:8f0bb79ddd48 | 97 | certificate_buff = (uint8_t *)malloc(certificate_buff_max_size); |
| leothedragon | 0:8f0bb79ddd48 | 98 | SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_buff == NULL), CE_STATUS_OUT_OF_MEMORY, "failed allocating certificate buffer"); |
| leothedragon | 0:8f0bb79ddd48 | 99 | |
| leothedragon | 0:8f0bb79ddd48 | 100 | // get the certificate bytes |
| leothedragon | 0:8f0bb79ddd48 | 101 | kcm_status = kcm_item_get_data((const uint8_t *)kcm_crt_name, strlen(kcm_crt_name), KCM_CERTIFICATE_ITEM, certificate_buff, certificate_buff_max_size, &certificate_buff_size); |
| leothedragon | 0:8f0bb79ddd48 | 102 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), (ce_status = ce_error_handler(kcm_status)), exit, "failed to get certificate buffer"); |
| leothedragon | 0:8f0bb79ddd48 | 103 | SA_PV_ERR_RECOVERABLE_GOTO_IF((certificate_buff_size == 0), (ce_status = CE_STATUS_ITEM_IS_EMPTY), exit, "got 0 length for certificate"); |
| leothedragon | 0:8f0bb79ddd48 | 104 | |
| leothedragon | 0:8f0bb79ddd48 | 105 | // we assume that the CSR size would not exceed the certificate size |
| leothedragon | 0:8f0bb79ddd48 | 106 | csr_buff_max_size = certificate_buff_size; |
| leothedragon | 0:8f0bb79ddd48 | 107 | |
| leothedragon | 0:8f0bb79ddd48 | 108 | csr_buff = (uint8_t *)malloc(csr_buff_max_size); |
| leothedragon | 0:8f0bb79ddd48 | 109 | SA_PV_ERR_RECOVERABLE_GOTO_IF((csr_buff == NULL), (ce_status = CE_STATUS_OUT_OF_MEMORY), exit, "Failed allocating CSR buffer"); |
| leothedragon | 0:8f0bb79ddd48 | 110 | |
| leothedragon | 0:8f0bb79ddd48 | 111 | kcm_status = cs_generate_keys_and_create_csr_from_certificate(certificate_buff, certificate_buff_size, key_h, csr_buff, csr_buff_max_size, &csr_buff_size); |
| leothedragon | 0:8f0bb79ddd48 | 112 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), (ce_status = ce_error_handler(kcm_status)), exit, "failed to generate keys and create CSR"); |
| leothedragon | 0:8f0bb79ddd48 | 113 | SA_PV_ERR_RECOVERABLE_GOTO_IF((csr_buff == NULL), (ce_status = CE_STATUS_ERROR), exit, "failed creating CSR or generating keys for certificate (%s)", kcm_crt_name); |
| leothedragon | 0:8f0bb79ddd48 | 114 | |
| leothedragon | 0:8f0bb79ddd48 | 115 | |
| leothedragon | 0:8f0bb79ddd48 | 116 | // the calling user is responsible to free csr_out buffer |
| leothedragon | 0:8f0bb79ddd48 | 117 | *csr_out = csr_buff; |
| leothedragon | 0:8f0bb79ddd48 | 118 | *csr_size_out = csr_buff_size; |
| leothedragon | 0:8f0bb79ddd48 | 119 | |
| leothedragon | 0:8f0bb79ddd48 | 120 | SA_PV_LOG_INFO_FUNC_EXIT("csr_size_out = %" PRIu32 "", (uint32_t)(*csr_size_out)); |
| leothedragon | 0:8f0bb79ddd48 | 121 | |
| leothedragon | 0:8f0bb79ddd48 | 122 | exit: |
| leothedragon | 0:8f0bb79ddd48 | 123 | if (certificate_buff != NULL) { |
| leothedragon | 0:8f0bb79ddd48 | 124 | free(certificate_buff); |
| leothedragon | 0:8f0bb79ddd48 | 125 | } |
| leothedragon | 0:8f0bb79ddd48 | 126 | if (ce_status != CE_STATUS_SUCCESS) { |
| leothedragon | 0:8f0bb79ddd48 | 127 | free(csr_buff); |
| leothedragon | 0:8f0bb79ddd48 | 128 | } |
| leothedragon | 0:8f0bb79ddd48 | 129 | |
| leothedragon | 0:8f0bb79ddd48 | 130 | return ce_status; |
| leothedragon | 0:8f0bb79ddd48 | 131 | } |
| leothedragon | 0:8f0bb79ddd48 | 132 | ce_status_e ce_safe_renewal(const char *item_name, ce_renewal_params_s *renewal_data) |
| leothedragon | 0:8f0bb79ddd48 | 133 | { |
| leothedragon | 0:8f0bb79ddd48 | 134 | bool success; |
| leothedragon | 0:8f0bb79ddd48 | 135 | ce_status_e ce_status = CE_STATUS_SUCCESS; |
| leothedragon | 0:8f0bb79ddd48 | 136 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
| leothedragon | 0:8f0bb79ddd48 | 137 | char *priv_key_name = NULL, *pub_key_name = NULL, *certificate_name = NULL; |
| leothedragon | 0:8f0bb79ddd48 | 138 | size_t data_size_out; |
| leothedragon | 0:8f0bb79ddd48 | 139 | bool is_public_key = false; |
| leothedragon | 0:8f0bb79ddd48 | 140 | cs_ec_key_context_s *ec_key_ctx = NULL; |
| leothedragon | 0:8f0bb79ddd48 | 141 | struct cert_chain_context_s *certificate_chain_data = NULL; |
| leothedragon | 0:8f0bb79ddd48 | 142 | |
| leothedragon | 0:8f0bb79ddd48 | 143 | //Check parameters |
| leothedragon | 0:8f0bb79ddd48 | 144 | SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), CE_STATUS_INVALID_PARAMETER, "Invalid item_name"); |
| leothedragon | 0:8f0bb79ddd48 | 145 | SA_PV_ERR_RECOVERABLE_RETURN_IF((renewal_data == NULL), CE_STATUS_INVALID_PARAMETER, "Invalid renewal_data"); |
| leothedragon | 0:8f0bb79ddd48 | 146 | SA_PV_ERR_RECOVERABLE_RETURN_IF((renewal_data->crypto_handle ==(cs_key_handle_t) NULL), CE_STATUS_INVALID_PARAMETER, "Invalid crypto handle"); |
| leothedragon | 0:8f0bb79ddd48 | 147 | SA_PV_ERR_RECOVERABLE_RETURN_IF((renewal_data->cert_data == NULL), CE_STATUS_INVALID_PARAMETER, "Invalid cert_data"); |
| leothedragon | 0:8f0bb79ddd48 | 148 | certificate_chain_data = (struct cert_chain_context_s*)renewal_data->cert_data; |
| leothedragon | 0:8f0bb79ddd48 | 149 | SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_chain_data->certs == NULL || certificate_chain_data->chain_length == 0), CE_STATUS_INVALID_PARAMETER, "Invalid certificate data"); |
| leothedragon | 0:8f0bb79ddd48 | 150 | SA_PV_LOG_INFO_FUNC_ENTER("item_name = %s ", item_name); |
| leothedragon | 0:8f0bb79ddd48 | 151 | |
| leothedragon | 0:8f0bb79ddd48 | 152 | //Set item names |
| leothedragon | 0:8f0bb79ddd48 | 153 | success = ce_set_item_names(item_name, &priv_key_name, &pub_key_name, &certificate_name); |
| leothedragon | 0:8f0bb79ddd48 | 154 | SA_PV_ERR_RECOVERABLE_RETURN_IF((!success), CE_STATUS_ITEM_NOT_FOUND, "failed for ce_set_item_names()"); |
| leothedragon | 0:8f0bb79ddd48 | 155 | |
| leothedragon | 0:8f0bb79ddd48 | 156 | if (pub_key_name != NULL) { //If not lwm2m items |
| leothedragon | 0:8f0bb79ddd48 | 157 | //Check if public key is present |
| leothedragon | 0:8f0bb79ddd48 | 158 | kcm_status = kcm_item_get_data_size((const uint8_t *)pub_key_name, strlen(pub_key_name), KCM_PUBLIC_KEY_ITEM, &data_size_out); |
| leothedragon | 0:8f0bb79ddd48 | 159 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND), CE_STATUS_STORAGE_ERROR, "failed to get public key size"); |
| leothedragon | 0:8f0bb79ddd48 | 160 | |
| leothedragon | 0:8f0bb79ddd48 | 161 | //Set public key flag |
| leothedragon | 0:8f0bb79ddd48 | 162 | if (kcm_status == KCM_STATUS_SUCCESS) { |
| leothedragon | 0:8f0bb79ddd48 | 163 | is_public_key = true; |
| leothedragon | 0:8f0bb79ddd48 | 164 | } |
| leothedragon | 0:8f0bb79ddd48 | 165 | } |
| leothedragon | 0:8f0bb79ddd48 | 166 | |
| leothedragon | 0:8f0bb79ddd48 | 167 | //Verify items correlation |
| leothedragon | 0:8f0bb79ddd48 | 168 | kcm_status = cs_verify_items_correlation(renewal_data->crypto_handle, renewal_data->cert_data->certs->cert, renewal_data->cert_data->certs->cert_length); |
| leothedragon | 0:8f0bb79ddd48 | 169 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), CE_STATUS_RENEWAL_ITEM_VALIDATION_ERROR, "failed to validate renewal items"); |
| leothedragon | 0:8f0bb79ddd48 | 170 | |
| leothedragon | 0:8f0bb79ddd48 | 171 | //Create backup items |
| leothedragon | 0:8f0bb79ddd48 | 172 | kcm_status = ce_create_backup_items(item_name, is_public_key); |
| leothedragon | 0:8f0bb79ddd48 | 173 | if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND) { |
| leothedragon | 0:8f0bb79ddd48 | 174 | ce_status = CE_STATUS_ORIGINAL_ITEM_ERROR; |
| leothedragon | 0:8f0bb79ddd48 | 175 | } |
| leothedragon | 0:8f0bb79ddd48 | 176 | if (kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND) { |
| leothedragon | 0:8f0bb79ddd48 | 177 | ce_status = CE_STATUS_BACKUP_ITEM_ERROR; |
| leothedragon | 0:8f0bb79ddd48 | 178 | } |
| leothedragon | 0:8f0bb79ddd48 | 179 | SA_PV_ERR_RECOVERABLE_GOTO_IF((ce_status != CE_STATUS_SUCCESS), ce_status = ce_status, exit_and_delete_renewal_data,"failed to create backup items"); |
| leothedragon | 0:8f0bb79ddd48 | 180 | |
| leothedragon | 0:8f0bb79ddd48 | 181 | //Create renewal status file and write item_name to the file |
| leothedragon | 0:8f0bb79ddd48 | 182 | kcm_status = ce_create_renewal_status(item_name); |
| leothedragon | 0:8f0bb79ddd48 | 183 | if (kcm_status == KCM_STATUS_FILE_EXIST) { |
| leothedragon | 0:8f0bb79ddd48 | 184 | //Assumption : in case of existing active renewal process ->ce_safe_renewal api blocked by event loop. |
| leothedragon | 0:8f0bb79ddd48 | 185 | // So we assume that it is ok to delete renewal status file, as it is impossible that it used by another active renewal process. |
| leothedragon | 0:8f0bb79ddd48 | 186 | //try to delete existing renewal status file and create new one |
| leothedragon | 0:8f0bb79ddd48 | 187 | ce_delete_renewal_status(); |
| leothedragon | 0:8f0bb79ddd48 | 188 | kcm_status = ce_create_renewal_status(item_name); |
| leothedragon | 0:8f0bb79ddd48 | 189 | } |
| leothedragon | 0:8f0bb79ddd48 | 190 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), ce_status = CE_STATUS_RENEWAL_STATUS_ERROR, exit_and_delete_renewal_data, "failed to create renewal status file"); |
| leothedragon | 0:8f0bb79ddd48 | 191 | |
| leothedragon | 0:8f0bb79ddd48 | 192 | //Clean original items |
| leothedragon | 0:8f0bb79ddd48 | 193 | kcm_status = ce_clean_items(item_name, KCM_ORIGINAL_ITEM, is_public_key ); |
| leothedragon | 0:8f0bb79ddd48 | 194 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), ce_status = CE_STATUS_STORAGE_ERROR, restore_backup_data, "Falid to clean original items"); |
| leothedragon | 0:8f0bb79ddd48 | 195 | |
| leothedragon | 0:8f0bb79ddd48 | 196 | ec_key_ctx = (cs_ec_key_context_s*)renewal_data->crypto_handle; |
| leothedragon | 0:8f0bb79ddd48 | 197 | |
| leothedragon | 0:8f0bb79ddd48 | 198 | //Save new items |
| leothedragon | 0:8f0bb79ddd48 | 199 | kcm_status = kcm_item_store((const uint8_t*)priv_key_name, strlen(priv_key_name), KCM_PRIVATE_KEY_ITEM, false, ec_key_ctx->priv_key, ec_key_ctx->priv_key_size, NULL); |
| leothedragon | 0:8f0bb79ddd48 | 200 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), ce_status = CE_STATUS_STORAGE_ERROR, restore_backup_data, "Falid to store new private key"); |
| leothedragon | 0:8f0bb79ddd48 | 201 | |
| leothedragon | 0:8f0bb79ddd48 | 202 | if (is_public_key == true) { |
| leothedragon | 0:8f0bb79ddd48 | 203 | kcm_status = kcm_item_store((const uint8_t*)pub_key_name, strlen(pub_key_name), KCM_PUBLIC_KEY_ITEM, false, ec_key_ctx->pub_key, ec_key_ctx->pub_key_size, NULL); |
| leothedragon | 0:8f0bb79ddd48 | 204 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), ce_status = CE_STATUS_STORAGE_ERROR, restore_backup_data, "Falid to store new public key"); |
| leothedragon | 0:8f0bb79ddd48 | 205 | } |
| leothedragon | 0:8f0bb79ddd48 | 206 | |
| leothedragon | 0:8f0bb79ddd48 | 207 | //Save new certificate/certificate chain |
| leothedragon | 0:8f0bb79ddd48 | 208 | kcm_status = ce_store_new_certificate((const char*)certificate_name, certificate_chain_data); |
| leothedragon | 0:8f0bb79ddd48 | 209 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), ce_status = CE_STATUS_STORAGE_ERROR, restore_backup_data, "Falid to store new certificate/certificate chain"); |
| leothedragon | 0:8f0bb79ddd48 | 210 | |
| leothedragon | 0:8f0bb79ddd48 | 211 | |
| leothedragon | 0:8f0bb79ddd48 | 212 | restore_backup_data: |
| leothedragon | 0:8f0bb79ddd48 | 213 | if (ce_status != CE_STATUS_SUCCESS) { |
| leothedragon | 0:8f0bb79ddd48 | 214 | //the restore here done only in case of some error, and at this stage we are not still want to return an original error |
| leothedragon | 0:8f0bb79ddd48 | 215 | //this is the reason why we don't read the returned error of ce_restore_backup_items api |
| leothedragon | 0:8f0bb79ddd48 | 216 | ce_restore_backup_items(item_name); |
| leothedragon | 0:8f0bb79ddd48 | 217 | } |
| leothedragon | 0:8f0bb79ddd48 | 218 | |
| leothedragon | 0:8f0bb79ddd48 | 219 | exit_and_delete_renewal_data: |
| leothedragon | 0:8f0bb79ddd48 | 220 | |
| leothedragon | 0:8f0bb79ddd48 | 221 | //Delete renewal status file |
| leothedragon | 0:8f0bb79ddd48 | 222 | ce_delete_renewal_status(); |
| leothedragon | 0:8f0bb79ddd48 | 223 | |
| leothedragon | 0:8f0bb79ddd48 | 224 | //Clean backup items |
| leothedragon | 0:8f0bb79ddd48 | 225 | ce_clean_items(item_name, KCM_BACKUP_ITEM, is_public_key); |
| leothedragon | 0:8f0bb79ddd48 | 226 | |
| leothedragon | 0:8f0bb79ddd48 | 227 | return ce_status; |
| leothedragon | 0:8f0bb79ddd48 | 228 | } |
| leothedragon | 0:8f0bb79ddd48 | 229 | |
| leothedragon | 0:8f0bb79ddd48 | 230 | /*! The API called during kcm_init() in case of error during renewal_certificate API. |
| leothedragon | 0:8f0bb79ddd48 | 231 | * The functions checks status of the renewal process, restores original data and deletes redundant files. |
| leothedragon | 0:8f0bb79ddd48 | 232 | * The APIs checks the status based on renewal file and its data. |
| leothedragon | 0:8f0bb79ddd48 | 233 | * @void |
| leothedragon | 0:8f0bb79ddd48 | 234 | */ |
| leothedragon | 0:8f0bb79ddd48 | 235 | void ce_check_and_restore_backup_status(void) |
| leothedragon | 0:8f0bb79ddd48 | 236 | { |
| leothedragon | 0:8f0bb79ddd48 | 237 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
| leothedragon | 0:8f0bb79ddd48 | 238 | size_t renewal_item_data_len = 0; |
| leothedragon | 0:8f0bb79ddd48 | 239 | size_t act_renewal_item_data_len = 0; |
| leothedragon | 0:8f0bb79ddd48 | 240 | uint8_t renewal_item_name[CE_MAX_SIZE_OF_KCM_ITEM_NAME] = { 0 }; |
| leothedragon | 0:8f0bb79ddd48 | 241 | |
| leothedragon | 0:8f0bb79ddd48 | 242 | |
| leothedragon | 0:8f0bb79ddd48 | 243 | //Get renewal status file size |
| leothedragon | 0:8f0bb79ddd48 | 244 | kcm_status = storage_data_size_read((const uint8_t *)g_renewal_status_file, strlen(g_renewal_status_file), KCM_CONFIG_ITEM, KCM_BACKUP_ITEM, &renewal_item_data_len); |
| leothedragon | 0:8f0bb79ddd48 | 245 | |
| leothedragon | 0:8f0bb79ddd48 | 246 | //If renewal status file is not found or failed to get data size -> exit , no data to restore |
| leothedragon | 0:8f0bb79ddd48 | 247 | if (kcm_status != KCM_STATUS_SUCCESS) { |
| leothedragon | 0:8f0bb79ddd48 | 248 | if (kcm_status != KCM_STATUS_ITEM_NOT_FOUND) { |
| leothedragon | 0:8f0bb79ddd48 | 249 | SA_PV_LOG_ERR("Failed to read renewal status");//Add error print, as this case is exceptional |
| leothedragon | 0:8f0bb79ddd48 | 250 | } |
| leothedragon | 0:8f0bb79ddd48 | 251 | return; |
| leothedragon | 0:8f0bb79ddd48 | 252 | } |
| leothedragon | 0:8f0bb79ddd48 | 253 | if (renewal_item_data_len + 1 > sizeof(renewal_item_name)) { |
| leothedragon | 0:8f0bb79ddd48 | 254 | SA_PV_LOG_ERR("Renewal item name is too big");//Add error print, as this case is exceptional |
| leothedragon | 0:8f0bb79ddd48 | 255 | return; |
| leothedragon | 0:8f0bb79ddd48 | 256 | } |
| leothedragon | 0:8f0bb79ddd48 | 257 | |
| leothedragon | 0:8f0bb79ddd48 | 258 | //Read renewal status data |
| leothedragon | 0:8f0bb79ddd48 | 259 | kcm_status = storage_data_read((const uint8_t *)g_renewal_status_file, strlen(g_renewal_status_file), KCM_CONFIG_ITEM, KCM_BACKUP_ITEM, renewal_item_name, renewal_item_data_len, &act_renewal_item_data_len); |
| leothedragon | 0:8f0bb79ddd48 | 260 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS || act_renewal_item_data_len != renewal_item_data_len), kcm_status = kcm_status, exit, "Failed to read renewal status data"); |
| leothedragon | 0:8f0bb79ddd48 | 261 | |
| leothedragon | 0:8f0bb79ddd48 | 262 | //Set null terminator |
| leothedragon | 0:8f0bb79ddd48 | 263 | // renewal_item_data[renewal_item_data_len] ='\0'; |
| leothedragon | 0:8f0bb79ddd48 | 264 | renewal_item_name[renewal_item_data_len] = '\0'; |
| leothedragon | 0:8f0bb79ddd48 | 265 | |
| leothedragon | 0:8f0bb79ddd48 | 266 | //Restore backup items - this will clean all unnecessary data |
| leothedragon | 0:8f0bb79ddd48 | 267 | kcm_status = ce_restore_backup_items((const char *)renewal_item_name); |
| leothedragon | 0:8f0bb79ddd48 | 268 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS && kcm_status!= KCM_STATUS_ITEM_NOT_FOUND), kcm_status = kcm_status, exit, "Failed to restore backup items"); |
| leothedragon | 0:8f0bb79ddd48 | 269 | |
| leothedragon | 0:8f0bb79ddd48 | 270 | |
| leothedragon | 0:8f0bb79ddd48 | 271 | exit: |
| leothedragon | 0:8f0bb79ddd48 | 272 | //Delete renewal status file |
| leothedragon | 0:8f0bb79ddd48 | 273 | kcm_status = storage_data_delete((const uint8_t *)g_renewal_status_file, (size_t)strlen(g_renewal_status_file), KCM_CONFIG_ITEM, KCM_BACKUP_ITEM); |
| leothedragon | 0:8f0bb79ddd48 | 274 | if (kcm_status != KCM_STATUS_SUCCESS) { |
| leothedragon | 0:8f0bb79ddd48 | 275 | SA_PV_LOG_ERR("Failed to delete renewal status");//Add error print, as this case is exceptional |
| leothedragon | 0:8f0bb79ddd48 | 276 | } |
| leothedragon | 0:8f0bb79ddd48 | 277 | |
| leothedragon | 0:8f0bb79ddd48 | 278 | SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS(); |
| leothedragon | 0:8f0bb79ddd48 | 279 | return; |
| leothedragon | 0:8f0bb79ddd48 | 280 | } |
| leothedragon | 0:8f0bb79ddd48 | 281 |