Example
Dependencies: FXAS21002 FXOS8700Q
simple-mbed-cloud-client/mbed-cloud-client/certificate-enrollment-client/source/ce_safe_renewal_internal.c@0:11cc2b7889af, 2019-11-19 (annotated)
- Committer:
- maygup01
- Date:
- Tue Nov 19 09:49:38 2019 +0000
- Revision:
- 0:11cc2b7889af
Example
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
maygup01 | 0:11cc2b7889af | 1 | // ---------------------------------------------------------------------------- |
maygup01 | 0:11cc2b7889af | 2 | // Copyright 2016-2017 ARM Ltd. |
maygup01 | 0:11cc2b7889af | 3 | // |
maygup01 | 0:11cc2b7889af | 4 | // Licensed under the Apache License, Version 2.0 (the "License"); |
maygup01 | 0:11cc2b7889af | 5 | // you may not use this file except in compliance with the License. |
maygup01 | 0:11cc2b7889af | 6 | // You may obtain a copy of the License at |
maygup01 | 0:11cc2b7889af | 7 | // |
maygup01 | 0:11cc2b7889af | 8 | // http://www.apache.org/licenses/LICENSE-2.0 |
maygup01 | 0:11cc2b7889af | 9 | // |
maygup01 | 0:11cc2b7889af | 10 | // Unless required by applicable law or agreed to in writing, software |
maygup01 | 0:11cc2b7889af | 11 | // distributed under the License is distributed on an "AS IS" BASIS, |
maygup01 | 0:11cc2b7889af | 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
maygup01 | 0:11cc2b7889af | 13 | // See the License for the specific language governing permissions and |
maygup01 | 0:11cc2b7889af | 14 | // limitations under the License. |
maygup01 | 0:11cc2b7889af | 15 | // ---------------------------------------------------------------------------- |
maygup01 | 0:11cc2b7889af | 16 | #include <stdbool.h> |
maygup01 | 0:11cc2b7889af | 17 | #include "key_config_manager.h" |
maygup01 | 0:11cc2b7889af | 18 | #include "pv_error_handling.h" |
maygup01 | 0:11cc2b7889af | 19 | #include "storage.h" |
maygup01 | 0:11cc2b7889af | 20 | #include "fcc_malloc.h" |
maygup01 | 0:11cc2b7889af | 21 | #include "pv_macros.h" |
maygup01 | 0:11cc2b7889af | 22 | #include "ce_internal.h" |
maygup01 | 0:11cc2b7889af | 23 | #include "est_defs.h" |
maygup01 | 0:11cc2b7889af | 24 | #include "storage.h" |
maygup01 | 0:11cc2b7889af | 25 | |
maygup01 | 0:11cc2b7889af | 26 | const char g_lwm2m_name[] = "LWM2M"; |
maygup01 | 0:11cc2b7889af | 27 | const char g_renewal_status_file[] = "renewal_status"; |
maygup01 | 0:11cc2b7889af | 28 | |
maygup01 | 0:11cc2b7889af | 29 | extern const char g_fcc_lwm2m_device_certificate_name[]; |
maygup01 | 0:11cc2b7889af | 30 | extern const char g_fcc_lwm2m_device_private_key_name[]; |
maygup01 | 0:11cc2b7889af | 31 | |
maygup01 | 0:11cc2b7889af | 32 | /* The function reads item from storage according to its kcm and source type, |
maygup01 | 0:11cc2b7889af | 33 | the function allocated buffer for the item*/ |
maygup01 | 0:11cc2b7889af | 34 | kcm_status_e ce_get_kcm_data(const uint8_t *parameter_name, |
maygup01 | 0:11cc2b7889af | 35 | size_t size_of_parameter_name, |
maygup01 | 0:11cc2b7889af | 36 | kcm_item_type_e kcm_type, |
maygup01 | 0:11cc2b7889af | 37 | kcm_data_source_type_e data_source_type, |
maygup01 | 0:11cc2b7889af | 38 | uint8_t **kcm_data, |
maygup01 | 0:11cc2b7889af | 39 | size_t *kcm_data_size) |
maygup01 | 0:11cc2b7889af | 40 | { |
maygup01 | 0:11cc2b7889af | 41 | |
maygup01 | 0:11cc2b7889af | 42 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 43 | |
maygup01 | 0:11cc2b7889af | 44 | SA_PV_LOG_TRACE_FUNC_ENTER_NO_ARGS(); |
maygup01 | 0:11cc2b7889af | 45 | SA_PV_ERR_RECOVERABLE_RETURN_IF((parameter_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Wrong parameter_name pointer"); |
maygup01 | 0:11cc2b7889af | 46 | SA_PV_ERR_RECOVERABLE_RETURN_IF((size_of_parameter_name == 0), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Wrong parameter_name size."); |
maygup01 | 0:11cc2b7889af | 47 | SA_PV_ERR_RECOVERABLE_RETURN_IF((*kcm_data != NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Wrong *kcm_data pointer, should be NULL"); |
maygup01 | 0:11cc2b7889af | 48 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_data_size == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Wrong kcm_data_size pointer."); |
maygup01 | 0:11cc2b7889af | 49 | |
maygup01 | 0:11cc2b7889af | 50 | //Get size of kcm data |
maygup01 | 0:11cc2b7889af | 51 | kcm_status = storage_data_size_read(parameter_name, |
maygup01 | 0:11cc2b7889af | 52 | size_of_parameter_name, |
maygup01 | 0:11cc2b7889af | 53 | kcm_type, |
maygup01 | 0:11cc2b7889af | 54 | data_source_type, |
maygup01 | 0:11cc2b7889af | 55 | kcm_data_size); |
maygup01 | 0:11cc2b7889af | 56 | if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND) { |
maygup01 | 0:11cc2b7889af | 57 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 58 | } |
maygup01 | 0:11cc2b7889af | 59 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to get kcm data size"); |
maygup01 | 0:11cc2b7889af | 60 | SA_PV_ERR_RECOVERABLE_RETURN_IF((*kcm_data_size == 0), kcm_status = KCM_STATUS_ITEM_IS_EMPTY, "KCM item is empty"); |
maygup01 | 0:11cc2b7889af | 61 | |
maygup01 | 0:11cc2b7889af | 62 | //Allocate memory and get device certificate data |
maygup01 | 0:11cc2b7889af | 63 | *kcm_data = fcc_malloc(*kcm_data_size); |
maygup01 | 0:11cc2b7889af | 64 | SA_PV_ERR_RECOVERABLE_RETURN_IF((*kcm_data == NULL), kcm_status = KCM_STATUS_OUT_OF_MEMORY, "Failed to allocate buffer for kcm data"); |
maygup01 | 0:11cc2b7889af | 65 | |
maygup01 | 0:11cc2b7889af | 66 | kcm_status = storage_data_read(parameter_name, size_of_parameter_name, kcm_type, data_source_type, *kcm_data, *kcm_data_size, kcm_data_size); |
maygup01 | 0:11cc2b7889af | 67 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to get device certificate data"); |
maygup01 | 0:11cc2b7889af | 68 | |
maygup01 | 0:11cc2b7889af | 69 | exit: |
maygup01 | 0:11cc2b7889af | 70 | if (kcm_status != KCM_STATUS_SUCCESS) { |
maygup01 | 0:11cc2b7889af | 71 | fcc_free(*kcm_data); |
maygup01 | 0:11cc2b7889af | 72 | *kcm_data = NULL; |
maygup01 | 0:11cc2b7889af | 73 | } |
maygup01 | 0:11cc2b7889af | 74 | SA_PV_LOG_TRACE_FUNC_EXIT_NO_ARGS(); |
maygup01 | 0:11cc2b7889af | 75 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 76 | } |
maygup01 | 0:11cc2b7889af | 77 | /*The function copies certificate chain or single certificate from source to destination (inside storage)*/ |
maygup01 | 0:11cc2b7889af | 78 | static kcm_status_e copy_certificate_chain(const uint8_t *item_name, size_t item_name_len, kcm_data_source_type_e source_type, kcm_data_source_type_e destination_type) |
maygup01 | 0:11cc2b7889af | 79 | { |
maygup01 | 0:11cc2b7889af | 80 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 81 | uint8_t *item_data = NULL; |
maygup01 | 0:11cc2b7889af | 82 | size_t item_data_len = 0; |
maygup01 | 0:11cc2b7889af | 83 | kcm_cert_chain_handle kcm_source_chain_handle; |
maygup01 | 0:11cc2b7889af | 84 | kcm_cert_chain_handle kcm_destination_chain_handle; |
maygup01 | 0:11cc2b7889af | 85 | size_t kcm_chain_len_out = 0; |
maygup01 | 0:11cc2b7889af | 86 | size_t kcm_actual_cert_data_size = 0; |
maygup01 | 0:11cc2b7889af | 87 | int cert_index = 0; |
maygup01 | 0:11cc2b7889af | 88 | kcm_cert_chain_context_int_s *chain_context; |
maygup01 | 0:11cc2b7889af | 89 | |
maygup01 | 0:11cc2b7889af | 90 | //Open chain |
maygup01 | 0:11cc2b7889af | 91 | kcm_status = storage_cert_chain_open(&kcm_source_chain_handle, item_name, item_name_len, source_type, &kcm_chain_len_out); |
maygup01 | 0:11cc2b7889af | 92 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to open chain"); |
maygup01 | 0:11cc2b7889af | 93 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_chain_len_out == 0), kcm_status = KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN, exit, "Invalid kcm_chain_len_out"); |
maygup01 | 0:11cc2b7889af | 94 | |
maygup01 | 0:11cc2b7889af | 95 | chain_context = (kcm_cert_chain_context_int_s*)kcm_source_chain_handle; |
maygup01 | 0:11cc2b7889af | 96 | |
maygup01 | 0:11cc2b7889af | 97 | //Current item is a single certificate |
maygup01 | 0:11cc2b7889af | 98 | if (chain_context->is_meta_data == false && kcm_chain_len_out == 1) { |
maygup01 | 0:11cc2b7889af | 99 | //Read the item from source |
maygup01 | 0:11cc2b7889af | 100 | kcm_status = ce_get_kcm_data(item_name, item_name_len, KCM_CERTIFICATE_ITEM, source_type, &item_data, &item_data_len); |
maygup01 | 0:11cc2b7889af | 101 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to get item data"); |
maygup01 | 0:11cc2b7889af | 102 | |
maygup01 | 0:11cc2b7889af | 103 | //Save the item as backup item |
maygup01 | 0:11cc2b7889af | 104 | kcm_status = storage_data_write(item_name, item_name_len, KCM_CERTIFICATE_ITEM, false, destination_type, item_data, item_data_len ); |
maygup01 | 0:11cc2b7889af | 105 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to copy item data"); |
maygup01 | 0:11cc2b7889af | 106 | } else { |
maygup01 | 0:11cc2b7889af | 107 | //Current item is certificate chian |
maygup01 | 0:11cc2b7889af | 108 | for (cert_index = 1; cert_index <= (int)kcm_chain_len_out; cert_index++) |
maygup01 | 0:11cc2b7889af | 109 | { |
maygup01 | 0:11cc2b7889af | 110 | |
maygup01 | 0:11cc2b7889af | 111 | //Create destination chain for start |
maygup01 | 0:11cc2b7889af | 112 | if (cert_index == 1) { |
maygup01 | 0:11cc2b7889af | 113 | kcm_status = storage_cert_chain_create(&kcm_destination_chain_handle, item_name, item_name_len, kcm_chain_len_out, false, destination_type); |
maygup01 | 0:11cc2b7889af | 114 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to create destination chain"); |
maygup01 | 0:11cc2b7889af | 115 | } |
maygup01 | 0:11cc2b7889af | 116 | //Get next certificate data size from source chain |
maygup01 | 0:11cc2b7889af | 117 | kcm_status = storage_cert_chain_get_next_size(kcm_source_chain_handle, source_type, &item_data_len); |
maygup01 | 0:11cc2b7889af | 118 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit_and_close, "Failed to _kcm_cert_chain_get_next_sizen"); |
maygup01 | 0:11cc2b7889af | 119 | |
maygup01 | 0:11cc2b7889af | 120 | //Allocate memory and get certificate data from source chain |
maygup01 | 0:11cc2b7889af | 121 | item_data = fcc_malloc(item_data_len); |
maygup01 | 0:11cc2b7889af | 122 | SA_PV_ERR_RECOVERABLE_GOTO_IF((item_data == NULL), kcm_status = KCM_STATUS_OUT_OF_MEMORY, exit_and_close, "Failed to allocate buffer for kcm data"); |
maygup01 | 0:11cc2b7889af | 123 | |
maygup01 | 0:11cc2b7889af | 124 | //Get next certificate data |
maygup01 | 0:11cc2b7889af | 125 | kcm_status = storage_cert_chain_get_next_data(kcm_source_chain_handle, item_data, item_data_len, source_type, &kcm_actual_cert_data_size); |
maygup01 | 0:11cc2b7889af | 126 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit_and_close, "Failed to get certificate kcm data"); |
maygup01 | 0:11cc2b7889af | 127 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_actual_cert_data_size != item_data_len), kcm_status = kcm_status, exit_and_close, "Wrong certificate data size"); |
maygup01 | 0:11cc2b7889af | 128 | |
maygup01 | 0:11cc2b7889af | 129 | //Add the data to destination chain |
maygup01 | 0:11cc2b7889af | 130 | kcm_status = storage_chain_add_next(kcm_destination_chain_handle, item_data, item_data_len, destination_type); |
maygup01 | 0:11cc2b7889af | 131 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit_and_close, "Failed to add data to chain"); |
maygup01 | 0:11cc2b7889af | 132 | |
maygup01 | 0:11cc2b7889af | 133 | //free allocated buffer |
maygup01 | 0:11cc2b7889af | 134 | fcc_free(item_data); |
maygup01 | 0:11cc2b7889af | 135 | item_data = NULL; |
maygup01 | 0:11cc2b7889af | 136 | } |
maygup01 | 0:11cc2b7889af | 137 | //Close destination chain |
maygup01 | 0:11cc2b7889af | 138 | exit_and_close: |
maygup01 | 0:11cc2b7889af | 139 | kcm_status = storage_cert_chain_close(kcm_destination_chain_handle, destination_type); |
maygup01 | 0:11cc2b7889af | 140 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit,"Failed to close destination chain"); |
maygup01 | 0:11cc2b7889af | 141 | |
maygup01 | 0:11cc2b7889af | 142 | } |
maygup01 | 0:11cc2b7889af | 143 | |
maygup01 | 0:11cc2b7889af | 144 | exit: |
maygup01 | 0:11cc2b7889af | 145 | if (item_data != NULL) { |
maygup01 | 0:11cc2b7889af | 146 | fcc_free(item_data); |
maygup01 | 0:11cc2b7889af | 147 | } |
maygup01 | 0:11cc2b7889af | 148 | //close source chain |
maygup01 | 0:11cc2b7889af | 149 | kcm_status = storage_cert_chain_close(kcm_source_chain_handle, source_type); |
maygup01 | 0:11cc2b7889af | 150 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to close source chain"); |
maygup01 | 0:11cc2b7889af | 151 | |
maygup01 | 0:11cc2b7889af | 152 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 153 | |
maygup01 | 0:11cc2b7889af | 154 | } |
maygup01 | 0:11cc2b7889af | 155 | static kcm_status_e copy_kcm_item(const uint8_t *item_name, size_t item_name_len, kcm_item_type_e kcm_type, kcm_data_source_type_e source_type, kcm_data_source_type_e destination_type) |
maygup01 | 0:11cc2b7889af | 156 | { |
maygup01 | 0:11cc2b7889af | 157 | |
maygup01 | 0:11cc2b7889af | 158 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 159 | uint8_t *item_data = NULL; |
maygup01 | 0:11cc2b7889af | 160 | size_t item_data_len = 0; |
maygup01 | 0:11cc2b7889af | 161 | |
maygup01 | 0:11cc2b7889af | 162 | //Read the data |
maygup01 | 0:11cc2b7889af | 163 | if (kcm_type == KCM_CERTIFICATE_ITEM) { |
maygup01 | 0:11cc2b7889af | 164 | |
maygup01 | 0:11cc2b7889af | 165 | //copy certificate chain |
maygup01 | 0:11cc2b7889af | 166 | kcm_status = copy_certificate_chain(item_name, item_name_len, source_type, destination_type); |
maygup01 | 0:11cc2b7889af | 167 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to copy chain"); |
maygup01 | 0:11cc2b7889af | 168 | } else { //not certificate |
maygup01 | 0:11cc2b7889af | 169 | //Read the item from source |
maygup01 | 0:11cc2b7889af | 170 | kcm_status = ce_get_kcm_data(item_name, item_name_len, kcm_type, source_type, &item_data, &item_data_len); |
maygup01 | 0:11cc2b7889af | 171 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to get item data"); |
maygup01 | 0:11cc2b7889af | 172 | |
maygup01 | 0:11cc2b7889af | 173 | //Save the item as backup item |
maygup01 | 0:11cc2b7889af | 174 | kcm_status = storage_data_write(item_name, item_name_len, kcm_type, false, destination_type,item_data, item_data_len ); |
maygup01 | 0:11cc2b7889af | 175 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to copy item data"); |
maygup01 | 0:11cc2b7889af | 176 | } |
maygup01 | 0:11cc2b7889af | 177 | |
maygup01 | 0:11cc2b7889af | 178 | exit: |
maygup01 | 0:11cc2b7889af | 179 | if (item_data != NULL) { |
maygup01 | 0:11cc2b7889af | 180 | fcc_free(item_data); |
maygup01 | 0:11cc2b7889af | 181 | } |
maygup01 | 0:11cc2b7889af | 182 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 183 | |
maygup01 | 0:11cc2b7889af | 184 | } |
maygup01 | 0:11cc2b7889af | 185 | |
maygup01 | 0:11cc2b7889af | 186 | bool ce_set_item_names(const char *item_name, char **private_key_name_out, char **public_key_name_out, char **certificate_name_out) |
maygup01 | 0:11cc2b7889af | 187 | { |
maygup01 | 0:11cc2b7889af | 188 | SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), false, "Invalid item_name"); |
maygup01 | 0:11cc2b7889af | 189 | SA_PV_ERR_RECOVERABLE_RETURN_IF((private_key_name_out == NULL), false, "Invalid private_key_name"); |
maygup01 | 0:11cc2b7889af | 190 | SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_name_out == NULL), false, "Invalid certificate"); |
maygup01 | 0:11cc2b7889af | 191 | // public key may be NULL - don't bother to check pointer |
maygup01 | 0:11cc2b7889af | 192 | |
maygup01 | 0:11cc2b7889af | 193 | if (pv_str_equals(item_name, g_lwm2m_name, (uint32_t)(strlen(item_name) + 1)) == true) { |
maygup01 | 0:11cc2b7889af | 194 | *private_key_name_out = (char*)g_fcc_lwm2m_device_private_key_name; |
maygup01 | 0:11cc2b7889af | 195 | *certificate_name_out = (char*)g_fcc_lwm2m_device_certificate_name; |
maygup01 | 0:11cc2b7889af | 196 | if (public_key_name_out != NULL) { |
maygup01 | 0:11cc2b7889af | 197 | *public_key_name_out = NULL; |
maygup01 | 0:11cc2b7889af | 198 | } |
maygup01 | 0:11cc2b7889af | 199 | } else { |
maygup01 | 0:11cc2b7889af | 200 | *private_key_name_out = (char*)item_name; |
maygup01 | 0:11cc2b7889af | 201 | *certificate_name_out = (char*)item_name; |
maygup01 | 0:11cc2b7889af | 202 | if (public_key_name_out != NULL) { |
maygup01 | 0:11cc2b7889af | 203 | *public_key_name_out = (char*)item_name; |
maygup01 | 0:11cc2b7889af | 204 | } |
maygup01 | 0:11cc2b7889af | 205 | } |
maygup01 | 0:11cc2b7889af | 206 | return true; |
maygup01 | 0:11cc2b7889af | 207 | } |
maygup01 | 0:11cc2b7889af | 208 | |
maygup01 | 0:11cc2b7889af | 209 | static kcm_status_e check_items_existence(const char *item_name, kcm_data_source_type_e source_type, bool *is_public_key) |
maygup01 | 0:11cc2b7889af | 210 | { |
maygup01 | 0:11cc2b7889af | 211 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 212 | kcm_cert_chain_handle kcm_source_chain_handle; |
maygup01 | 0:11cc2b7889af | 213 | size_t kcm_data_size = 0; |
maygup01 | 0:11cc2b7889af | 214 | uint8_t *private_key_name = NULL; |
maygup01 | 0:11cc2b7889af | 215 | uint8_t *public_key_name = NULL; |
maygup01 | 0:11cc2b7889af | 216 | uint8_t *certificate_name = NULL; |
maygup01 | 0:11cc2b7889af | 217 | bool local_is_public_key = false; |
maygup01 | 0:11cc2b7889af | 218 | |
maygup01 | 0:11cc2b7889af | 219 | SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), KCM_STATUS_INVALID_PARAMETER, "Invalid item_name"); |
maygup01 | 0:11cc2b7889af | 220 | SA_PV_ERR_RECOVERABLE_RETURN_IF(!(ce_set_item_names(item_name, (char**)&private_key_name, (char**)&public_key_name, (char**)&certificate_name)), KCM_STATUS_INVALID_PARAMETER, "Failed to set internal names for items"); |
maygup01 | 0:11cc2b7889af | 221 | |
maygup01 | 0:11cc2b7889af | 222 | //Check private key |
maygup01 | 0:11cc2b7889af | 223 | kcm_status = storage_data_size_read((const uint8_t*)private_key_name, (size_t)strlen((char*)private_key_name), KCM_PRIVATE_KEY_ITEM, source_type, &kcm_data_size); |
maygup01 | 0:11cc2b7889af | 224 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to get private key size"); |
maygup01 | 0:11cc2b7889af | 225 | |
maygup01 | 0:11cc2b7889af | 226 | if (public_key_name != NULL) { |
maygup01 | 0:11cc2b7889af | 227 | kcm_status = storage_data_size_read((const uint8_t*)public_key_name, (size_t)strlen((char*)public_key_name), KCM_PUBLIC_KEY_ITEM, source_type, &kcm_data_size); |
maygup01 | 0:11cc2b7889af | 228 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND), kcm_status, "Failed to get public key size"); |
maygup01 | 0:11cc2b7889af | 229 | |
maygup01 | 0:11cc2b7889af | 230 | if (kcm_status == KCM_STATUS_SUCCESS) { |
maygup01 | 0:11cc2b7889af | 231 | local_is_public_key = true; |
maygup01 | 0:11cc2b7889af | 232 | } |
maygup01 | 0:11cc2b7889af | 233 | } |
maygup01 | 0:11cc2b7889af | 234 | |
maygup01 | 0:11cc2b7889af | 235 | kcm_status = storage_cert_chain_open(&kcm_source_chain_handle, (const uint8_t*)certificate_name, strlen((char*)certificate_name), source_type, &kcm_data_size); |
maygup01 | 0:11cc2b7889af | 236 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to get certificate size"); |
maygup01 | 0:11cc2b7889af | 237 | |
maygup01 | 0:11cc2b7889af | 238 | kcm_status = storage_cert_chain_close(kcm_source_chain_handle, source_type); |
maygup01 | 0:11cc2b7889af | 239 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to close source chain"); |
maygup01 | 0:11cc2b7889af | 240 | |
maygup01 | 0:11cc2b7889af | 241 | *is_public_key = local_is_public_key; |
maygup01 | 0:11cc2b7889af | 242 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 243 | |
maygup01 | 0:11cc2b7889af | 244 | } |
maygup01 | 0:11cc2b7889af | 245 | /*! The API deletes set of items (key pair and certificate/certificate chain) according to given name and source type. |
maygup01 | 0:11cc2b7889af | 246 | * @param[in] item_name pointer to item name. |
maygup01 | 0:11cc2b7889af | 247 | * @param[in] item_name_len length of item name. |
maygup01 | 0:11cc2b7889af | 248 | * @param[in] source_data_type type of data type to verify (backup or original) |
maygup01 | 0:11cc2b7889af | 249 | * @param[in] is_public_key flag that indicates if public key exists in the storage. |
maygup01 | 0:11cc2b7889af | 250 | * @returns |
maygup01 | 0:11cc2b7889af | 251 | * CE_STATUS_SUCCESS in case of success or one of the `::ce_status_e` errors otherwise. |
maygup01 | 0:11cc2b7889af | 252 | */ |
maygup01 | 0:11cc2b7889af | 253 | kcm_status_e ce_clean_items(const char *item_name, kcm_data_source_type_e data_source_type, bool is_public_key) |
maygup01 | 0:11cc2b7889af | 254 | { |
maygup01 | 0:11cc2b7889af | 255 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 256 | int num_of_failures = 0; |
maygup01 | 0:11cc2b7889af | 257 | uint8_t *private_key_name = NULL; |
maygup01 | 0:11cc2b7889af | 258 | uint8_t *public_key_name = NULL; |
maygup01 | 0:11cc2b7889af | 259 | uint8_t *certificate_name = NULL; |
maygup01 | 0:11cc2b7889af | 260 | |
maygup01 | 0:11cc2b7889af | 261 | SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid item_name"); |
maygup01 | 0:11cc2b7889af | 262 | SA_PV_LOG_INFO_FUNC_ENTER("item name = %s", item_name); |
maygup01 | 0:11cc2b7889af | 263 | SA_PV_ERR_RECOVERABLE_RETURN_IF((data_source_type != KCM_ORIGINAL_ITEM && data_source_type != KCM_BACKUP_ITEM), KCM_STATUS_INVALID_PARAMETER, "Invalid data_source_type"); |
maygup01 | 0:11cc2b7889af | 264 | SA_PV_ERR_RECOVERABLE_RETURN_IF(!(ce_set_item_names(item_name, (char**)&private_key_name, (char**)&public_key_name, (char**)&certificate_name)), KCM_STATUS_INVALID_PARAMETER, "Failed to set internal names for items"); |
maygup01 | 0:11cc2b7889af | 265 | |
maygup01 | 0:11cc2b7889af | 266 | //Try to delete private key |
maygup01 | 0:11cc2b7889af | 267 | kcm_status = storage_data_delete((const uint8_t*)private_key_name, strlen((char*)private_key_name), KCM_PRIVATE_KEY_ITEM, data_source_type); |
maygup01 | 0:11cc2b7889af | 268 | if (kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND) { |
maygup01 | 0:11cc2b7889af | 269 | num_of_failures++; |
maygup01 | 0:11cc2b7889af | 270 | SA_PV_LOG_ERR("Failed to delete private key"); |
maygup01 | 0:11cc2b7889af | 271 | } |
maygup01 | 0:11cc2b7889af | 272 | |
maygup01 | 0:11cc2b7889af | 273 | if (is_public_key == true && public_key_name != NULL) |
maygup01 | 0:11cc2b7889af | 274 | { |
maygup01 | 0:11cc2b7889af | 275 | //Try to delete public key |
maygup01 | 0:11cc2b7889af | 276 | kcm_status = storage_data_delete((const uint8_t*)public_key_name, strlen((char*)public_key_name), KCM_PUBLIC_KEY_ITEM, data_source_type); |
maygup01 | 0:11cc2b7889af | 277 | if (kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND) { |
maygup01 | 0:11cc2b7889af | 278 | num_of_failures++; |
maygup01 | 0:11cc2b7889af | 279 | SA_PV_LOG_ERR("Failed to delete public key"); |
maygup01 | 0:11cc2b7889af | 280 | } |
maygup01 | 0:11cc2b7889af | 281 | } |
maygup01 | 0:11cc2b7889af | 282 | |
maygup01 | 0:11cc2b7889af | 283 | //Try to delete certificate/certificate chain |
maygup01 | 0:11cc2b7889af | 284 | kcm_status = storage_data_delete((const uint8_t*)certificate_name, strlen((char*)certificate_name), KCM_CERTIFICATE_ITEM, data_source_type); |
maygup01 | 0:11cc2b7889af | 285 | if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND) {//We need to check certificate chain with the same name |
maygup01 | 0:11cc2b7889af | 286 | kcm_status = storage_cert_chain_delete((const uint8_t*)certificate_name, strlen((char*)certificate_name), data_source_type); |
maygup01 | 0:11cc2b7889af | 287 | } |
maygup01 | 0:11cc2b7889af | 288 | if (kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND) { |
maygup01 | 0:11cc2b7889af | 289 | num_of_failures++; |
maygup01 | 0:11cc2b7889af | 290 | SA_PV_LOG_ERR("Failed to delete certificate/certificate chain"); |
maygup01 | 0:11cc2b7889af | 291 | } |
maygup01 | 0:11cc2b7889af | 292 | |
maygup01 | 0:11cc2b7889af | 293 | SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS(); |
maygup01 | 0:11cc2b7889af | 294 | if (num_of_failures != 0) { |
maygup01 | 0:11cc2b7889af | 295 | return KCM_STATUS_STORAGE_ERROR; |
maygup01 | 0:11cc2b7889af | 296 | } |
maygup01 | 0:11cc2b7889af | 297 | return KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 298 | |
maygup01 | 0:11cc2b7889af | 299 | } |
maygup01 | 0:11cc2b7889af | 300 | /*! The API creates a copy of renewal items. |
maygup01 | 0:11cc2b7889af | 301 | * |
maygup01 | 0:11cc2b7889af | 302 | * @param[in] item_name pointer to item name. |
maygup01 | 0:11cc2b7889af | 303 | * @param[in] item_name_len length of item name. |
maygup01 | 0:11cc2b7889af | 304 | * @param[in] is_public_key flag that indicates if public key exists in the storage. |
maygup01 | 0:11cc2b7889af | 305 | * |
maygup01 | 0:11cc2b7889af | 306 | * @returns |
maygup01 | 0:11cc2b7889af | 307 | * CE_STATUS_SUCCESS in case of success or one of the `::ce_status_e` errors otherwise. |
maygup01 | 0:11cc2b7889af | 308 | */ |
maygup01 | 0:11cc2b7889af | 309 | |
maygup01 | 0:11cc2b7889af | 310 | kcm_status_e ce_create_backup_items(const char *item_name, bool is_public_key) |
maygup01 | 0:11cc2b7889af | 311 | { |
maygup01 | 0:11cc2b7889af | 312 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 313 | uint8_t *private_key_name = NULL; |
maygup01 | 0:11cc2b7889af | 314 | uint8_t *public_key_name = NULL; |
maygup01 | 0:11cc2b7889af | 315 | uint8_t *certificate_name = NULL; |
maygup01 | 0:11cc2b7889af | 316 | |
maygup01 | 0:11cc2b7889af | 317 | SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid item_name"); |
maygup01 | 0:11cc2b7889af | 318 | SA_PV_LOG_INFO_FUNC_ENTER("item name = %s", item_name); |
maygup01 | 0:11cc2b7889af | 319 | SA_PV_ERR_RECOVERABLE_RETURN_IF(!(ce_set_item_names(item_name, (char**)&private_key_name, (char**)&public_key_name, (char**)&certificate_name)), KCM_STATUS_INVALID_PARAMETER, "Failed to set internal names for items"); |
maygup01 | 0:11cc2b7889af | 320 | |
maygup01 | 0:11cc2b7889af | 321 | //Backup private key |
maygup01 | 0:11cc2b7889af | 322 | kcm_status = copy_kcm_item(private_key_name, strlen((char*)private_key_name), KCM_PRIVATE_KEY_ITEM, KCM_ORIGINAL_ITEM, KCM_BACKUP_ITEM); |
maygup01 | 0:11cc2b7889af | 323 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Falid to backup private key"); |
maygup01 | 0:11cc2b7889af | 324 | |
maygup01 | 0:11cc2b7889af | 325 | //Check if public key exists |
maygup01 | 0:11cc2b7889af | 326 | if (is_public_key == true && public_key_name != NULL) { |
maygup01 | 0:11cc2b7889af | 327 | //Backup private key |
maygup01 | 0:11cc2b7889af | 328 | kcm_status = copy_kcm_item(public_key_name, strlen((char*)public_key_name), KCM_PUBLIC_KEY_ITEM, KCM_ORIGINAL_ITEM, KCM_BACKUP_ITEM); |
maygup01 | 0:11cc2b7889af | 329 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit , "Falid to backup public key"); |
maygup01 | 0:11cc2b7889af | 330 | } |
maygup01 | 0:11cc2b7889af | 331 | |
maygup01 | 0:11cc2b7889af | 332 | //Backup certificate/certificate chain |
maygup01 | 0:11cc2b7889af | 333 | kcm_status = copy_kcm_item((const uint8_t*)certificate_name, strlen((char*)certificate_name), KCM_CERTIFICATE_ITEM, KCM_ORIGINAL_ITEM, KCM_BACKUP_ITEM); |
maygup01 | 0:11cc2b7889af | 334 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit , "Falid to backup certificate"); |
maygup01 | 0:11cc2b7889af | 335 | |
maygup01 | 0:11cc2b7889af | 336 | SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS(); |
maygup01 | 0:11cc2b7889af | 337 | |
maygup01 | 0:11cc2b7889af | 338 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 339 | |
maygup01 | 0:11cc2b7889af | 340 | exit: |
maygup01 | 0:11cc2b7889af | 341 | //Delete item that was already copied |
maygup01 | 0:11cc2b7889af | 342 | ce_clean_items(item_name, KCM_BACKUP_ITEM, is_public_key); |
maygup01 | 0:11cc2b7889af | 343 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 344 | } |
maygup01 | 0:11cc2b7889af | 345 | |
maygup01 | 0:11cc2b7889af | 346 | /*! The API restores backup items and moves it to original source, if the operation succeeded, the backup items deleted. |
maygup01 | 0:11cc2b7889af | 347 | * @param[in] item_name pointer to item name. |
maygup01 | 0:11cc2b7889af | 348 | * @param[in] item_name_len length of item name. |
maygup01 | 0:11cc2b7889af | 349 | * @returns |
maygup01 | 0:11cc2b7889af | 350 | * CE_STATUS_SUCCESS in case of success or one of the `::ce_status_e` errors otherwise. |
maygup01 | 0:11cc2b7889af | 351 | */ |
maygup01 | 0:11cc2b7889af | 352 | kcm_status_e ce_restore_backup_items(const char *item_name) |
maygup01 | 0:11cc2b7889af | 353 | { |
maygup01 | 0:11cc2b7889af | 354 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 355 | uint8_t *private_key_name = NULL; |
maygup01 | 0:11cc2b7889af | 356 | uint8_t *public_key_name = NULL; |
maygup01 | 0:11cc2b7889af | 357 | uint8_t *certificate_name = NULL; |
maygup01 | 0:11cc2b7889af | 358 | |
maygup01 | 0:11cc2b7889af | 359 | bool is_public_key_in_storage = false; |
maygup01 | 0:11cc2b7889af | 360 | |
maygup01 | 0:11cc2b7889af | 361 | SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid item_name"); |
maygup01 | 0:11cc2b7889af | 362 | SA_PV_LOG_INFO_FUNC_ENTER("item name = %s",item_name); |
maygup01 | 0:11cc2b7889af | 363 | |
maygup01 | 0:11cc2b7889af | 364 | //Check first that backup items exists |
maygup01 | 0:11cc2b7889af | 365 | kcm_status = check_items_existence(item_name, KCM_BACKUP_ITEM, &is_public_key_in_storage); |
maygup01 | 0:11cc2b7889af | 366 | if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND) { |
maygup01 | 0:11cc2b7889af | 367 | //One of mandatory backup items is missing -> clean the backup items, do not change original items |
maygup01 | 0:11cc2b7889af | 368 | ce_clean_items(item_name, KCM_BACKUP_ITEM, true); |
maygup01 | 0:11cc2b7889af | 369 | return KCM_STATUS_ITEM_NOT_FOUND; |
maygup01 | 0:11cc2b7889af | 370 | } else { |
maygup01 | 0:11cc2b7889af | 371 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to verify backup items"); |
maygup01 | 0:11cc2b7889af | 372 | } |
maygup01 | 0:11cc2b7889af | 373 | SA_PV_ERR_RECOVERABLE_RETURN_IF(!(ce_set_item_names(item_name,(char**)&private_key_name, (char**)&public_key_name, (char**)&certificate_name)), KCM_STATUS_INVALID_PARAMETER, "Failed to set internal names for items"); |
maygup01 | 0:11cc2b7889af | 374 | |
maygup01 | 0:11cc2b7889af | 375 | |
maygup01 | 0:11cc2b7889af | 376 | //Clean original items before backup restore |
maygup01 | 0:11cc2b7889af | 377 | ce_clean_items(item_name, KCM_ORIGINAL_ITEM, true); |
maygup01 | 0:11cc2b7889af | 378 | |
maygup01 | 0:11cc2b7889af | 379 | //Restore backup items by copying backup items to original source |
maygup01 | 0:11cc2b7889af | 380 | kcm_status = copy_kcm_item(private_key_name, strlen((char*)private_key_name), KCM_PRIVATE_KEY_ITEM, KCM_BACKUP_ITEM, KCM_ORIGINAL_ITEM); |
maygup01 | 0:11cc2b7889af | 381 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to copy backup private key to original source"); |
maygup01 | 0:11cc2b7889af | 382 | |
maygup01 | 0:11cc2b7889af | 383 | if (is_public_key_in_storage == true && public_key_name != NULL) { |
maygup01 | 0:11cc2b7889af | 384 | kcm_status = copy_kcm_item(public_key_name, strlen((char*)public_key_name), KCM_PUBLIC_KEY_ITEM, KCM_BACKUP_ITEM, KCM_ORIGINAL_ITEM); |
maygup01 | 0:11cc2b7889af | 385 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to copy backup public key to original source"); |
maygup01 | 0:11cc2b7889af | 386 | } |
maygup01 | 0:11cc2b7889af | 387 | |
maygup01 | 0:11cc2b7889af | 388 | kcm_status = copy_kcm_item(certificate_name, strlen((char*)certificate_name), KCM_CERTIFICATE_ITEM, KCM_BACKUP_ITEM, KCM_ORIGINAL_ITEM); |
maygup01 | 0:11cc2b7889af | 389 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to copy backup certificate to original source"); |
maygup01 | 0:11cc2b7889af | 390 | |
maygup01 | 0:11cc2b7889af | 391 | //Clean backup items after it was restored |
maygup01 | 0:11cc2b7889af | 392 | kcm_status = ce_clean_items(item_name,KCM_BACKUP_ITEM, true); |
maygup01 | 0:11cc2b7889af | 393 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS && kcm_status != KCM_STATUS_ITEM_NOT_FOUND), kcm_status, "Failed to clean backup items"); |
maygup01 | 0:11cc2b7889af | 394 | |
maygup01 | 0:11cc2b7889af | 395 | SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS(); |
maygup01 | 0:11cc2b7889af | 396 | |
maygup01 | 0:11cc2b7889af | 397 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 398 | } |
maygup01 | 0:11cc2b7889af | 399 | |
maygup01 | 0:11cc2b7889af | 400 | kcm_status_e ce_create_renewal_status(const char *item_name) |
maygup01 | 0:11cc2b7889af | 401 | { |
maygup01 | 0:11cc2b7889af | 402 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 403 | |
maygup01 | 0:11cc2b7889af | 404 | SA_PV_ERR_RECOVERABLE_RETURN_IF((item_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid item_name"); |
maygup01 | 0:11cc2b7889af | 405 | SA_PV_LOG_INFO_FUNC_ENTER("item name = %s", item_name); |
maygup01 | 0:11cc2b7889af | 406 | |
maygup01 | 0:11cc2b7889af | 407 | kcm_status = storage_data_write((const uint8_t*)g_renewal_status_file,(size_t)strlen(g_renewal_status_file), KCM_CONFIG_ITEM, false, KCM_BACKUP_ITEM,(const uint8_t*)item_name, (size_t)strlen(item_name)); |
maygup01 | 0:11cc2b7889af | 408 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to create renewal status"); |
maygup01 | 0:11cc2b7889af | 409 | |
maygup01 | 0:11cc2b7889af | 410 | SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS(); |
maygup01 | 0:11cc2b7889af | 411 | |
maygup01 | 0:11cc2b7889af | 412 | return KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 413 | } |
maygup01 | 0:11cc2b7889af | 414 | |
maygup01 | 0:11cc2b7889af | 415 | kcm_status_e ce_delete_renewal_status(void) |
maygup01 | 0:11cc2b7889af | 416 | { |
maygup01 | 0:11cc2b7889af | 417 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 418 | |
maygup01 | 0:11cc2b7889af | 419 | SA_PV_LOG_INFO_FUNC_ENTER_NO_ARGS(); |
maygup01 | 0:11cc2b7889af | 420 | |
maygup01 | 0:11cc2b7889af | 421 | kcm_status = storage_data_delete((const uint8_t*)g_renewal_status_file, (size_t)strlen(g_renewal_status_file), KCM_CONFIG_ITEM, KCM_BACKUP_ITEM); |
maygup01 | 0:11cc2b7889af | 422 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to delete renewal status"); |
maygup01 | 0:11cc2b7889af | 423 | |
maygup01 | 0:11cc2b7889af | 424 | SA_PV_LOG_INFO_FUNC_EXIT_NO_ARGS(); |
maygup01 | 0:11cc2b7889af | 425 | |
maygup01 | 0:11cc2b7889af | 426 | return KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 427 | } |
maygup01 | 0:11cc2b7889af | 428 | |
maygup01 | 0:11cc2b7889af | 429 | kcm_status_e ce_store_new_certificate(const char *certificate_name, struct cert_chain_context_s *chain_data) |
maygup01 | 0:11cc2b7889af | 430 | { |
maygup01 | 0:11cc2b7889af | 431 | |
maygup01 | 0:11cc2b7889af | 432 | kcm_status_e kcm_status = KCM_STATUS_SUCCESS; |
maygup01 | 0:11cc2b7889af | 433 | kcm_cert_chain_handle kcm_chain_handle; |
maygup01 | 0:11cc2b7889af | 434 | uint32_t cert_index = 0; |
maygup01 | 0:11cc2b7889af | 435 | uint8_t *certificate = NULL; |
maygup01 | 0:11cc2b7889af | 436 | size_t certificate_size = 0; |
maygup01 | 0:11cc2b7889af | 437 | // struct cert_chain_context_s current_chain_data; |
maygup01 | 0:11cc2b7889af | 438 | struct cert_context_s *current_certs; |
maygup01 | 0:11cc2b7889af | 439 | |
maygup01 | 0:11cc2b7889af | 440 | //Check parameters |
maygup01 | 0:11cc2b7889af | 441 | SA_PV_ERR_RECOVERABLE_RETURN_IF((certificate_name == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid certificate_name"); |
maygup01 | 0:11cc2b7889af | 442 | SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid chain_data"); |
maygup01 | 0:11cc2b7889af | 443 | SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data->chain_length == 0), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid certificate chain length"); |
maygup01 | 0:11cc2b7889af | 444 | SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data->certs == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid certificate data"); |
maygup01 | 0:11cc2b7889af | 445 | SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data->certs->cert == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid first certificate pointer"); |
maygup01 | 0:11cc2b7889af | 446 | SA_PV_ERR_RECOVERABLE_RETURN_IF((chain_data->certs->cert_length == 0), kcm_status = KCM_STATUS_INVALID_PARAMETER, "Invalid first certificate length"); |
maygup01 | 0:11cc2b7889af | 447 | SA_PV_LOG_INFO_FUNC_ENTER("certificate_name = %s", certificate_name); |
maygup01 | 0:11cc2b7889af | 448 | |
maygup01 | 0:11cc2b7889af | 449 | |
maygup01 | 0:11cc2b7889af | 450 | //Get first certificate |
maygup01 | 0:11cc2b7889af | 451 | current_certs = chain_data->certs; |
maygup01 | 0:11cc2b7889af | 452 | certificate = current_certs->cert; |
maygup01 | 0:11cc2b7889af | 453 | certificate_size = current_certs->cert_length; |
maygup01 | 0:11cc2b7889af | 454 | |
maygup01 | 0:11cc2b7889af | 455 | if (chain_data->chain_length == 1) { |
maygup01 | 0:11cc2b7889af | 456 | //Save single certificate |
maygup01 | 0:11cc2b7889af | 457 | kcm_status = storage_data_write((const uint8_t*)certificate_name,(size_t)strlen(certificate_name), KCM_CERTIFICATE_ITEM, false, KCM_ORIGINAL_ITEM,certificate, certificate_size ); |
maygup01 | 0:11cc2b7889af | 458 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to store new certificate"); |
maygup01 | 0:11cc2b7889af | 459 | |
maygup01 | 0:11cc2b7889af | 460 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 461 | } else { |
maygup01 | 0:11cc2b7889af | 462 | //Save chain |
maygup01 | 0:11cc2b7889af | 463 | kcm_status = storage_cert_chain_create(&kcm_chain_handle, (const uint8_t*)certificate_name,(size_t) strlen(certificate_name), chain_data->chain_length, false, KCM_ORIGINAL_ITEM); |
maygup01 | 0:11cc2b7889af | 464 | SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "Failed to create chain"); |
maygup01 | 0:11cc2b7889af | 465 | |
maygup01 | 0:11cc2b7889af | 466 | for (cert_index = 0; cert_index < chain_data->chain_length ; cert_index++) |
maygup01 | 0:11cc2b7889af | 467 | { |
maygup01 | 0:11cc2b7889af | 468 | SA_PV_ERR_RECOVERABLE_GOTO_IF((certificate_size == 0 || certificate == NULL), kcm_status = KCM_STATUS_INVALID_PARAMETER, exit, "Invalid certificate data at index %" PRIu32 "", cert_index); |
maygup01 | 0:11cc2b7889af | 469 | |
maygup01 | 0:11cc2b7889af | 470 | kcm_status = storage_chain_add_next(kcm_chain_handle, certificate, certificate_size, KCM_ORIGINAL_ITEM); |
maygup01 | 0:11cc2b7889af | 471 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to store certificate at index %" PRIu32 "", cert_index); |
maygup01 | 0:11cc2b7889af | 472 | |
maygup01 | 0:11cc2b7889af | 473 | //Get next certificate |
maygup01 | 0:11cc2b7889af | 474 | // chain_data->certs = chain_data->certs->next; |
maygup01 | 0:11cc2b7889af | 475 | current_certs = current_certs->next; |
maygup01 | 0:11cc2b7889af | 476 | if (current_certs != NULL) { |
maygup01 | 0:11cc2b7889af | 477 | certificate = current_certs->cert; |
maygup01 | 0:11cc2b7889af | 478 | certificate_size = current_certs->cert_length; |
maygup01 | 0:11cc2b7889af | 479 | } |
maygup01 | 0:11cc2b7889af | 480 | } |
maygup01 | 0:11cc2b7889af | 481 | } |
maygup01 | 0:11cc2b7889af | 482 | |
maygup01 | 0:11cc2b7889af | 483 | exit: |
maygup01 | 0:11cc2b7889af | 484 | kcm_status = storage_cert_chain_close(kcm_chain_handle, KCM_ORIGINAL_ITEM); |
maygup01 | 0:11cc2b7889af | 485 | SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status = kcm_status, exit, "Failed to close chain"); |
maygup01 | 0:11cc2b7889af | 486 | |
maygup01 | 0:11cc2b7889af | 487 | return kcm_status; |
maygup01 | 0:11cc2b7889af | 488 | } |