Mayank Gupta / Mbed OS pelion-example-frdm

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependencies:   FXAS21002 FXOS8700Q

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers cs_utils.c Source File

cs_utils.c

00001 // ----------------------------------------------------------------------------
00002 // Copyright 2016-2017 ARM Ltd.
00003 //  
00004 // Licensed under the Apache License, Version 2.0 (the "License");
00005 // you may not use this file except in compliance with the License.
00006 // You may obtain a copy of the License at
00007 //  
00008 //     http://www.apache.org/licenses/LICENSE-2.0
00009 //  
00010 // Unless required by applicable law or agreed to in writing, software
00011 // distributed under the License is distributed on an "AS IS" BASIS,
00012 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013 // See the License for the specific language governing permissions and
00014 // limitations under the License.
00015 // ----------------------------------------------------------------------------
00016 #include <stdio.h>
00017 #include "pv_log.h"
00018 #include "cs_hash.h"
00019 #include "cs_der_keys_and_csrs.h"
00020 #include "cs_der_certs.h"
00021 #include "pal_Crypto.h"
00022 #include "pal_errors.h"
00023 #include "pv_error_handling.h"
00024 
00025 
00026 kcm_status_e  cs_error_handler(palStatus_t pal_status)
00027 {
00028     switch (pal_status) {
00029         case PAL_SUCCESS:
00030             return KCM_STATUS_SUCCESS;
00031         case PAL_ERR_NOT_SUPPORTED_CURVE:
00032             return KCM_CRYPTO_STATUS_UNSUPPORTED_CURVE;
00033         case PAL_ERR_INVALID_ARGUMENT :
00034             return KCM_STATUS_INVALID_PARAMETER;
00035         case PAL_ERR_CREATION_FAILED :
00036             return KCM_STATUS_OUT_OF_MEMORY;
00037         case PAL_ERR_CERT_PARSING_FAILED:
00038             return KCM_CRYPTO_STATUS_PARSING_DER_CERT;
00039         case PAL_ERR_X509_BADCERT_EXPIRED:
00040             return KCM_CRYPTO_STATUS_CERT_EXPIRED;
00041         case PAL_ERR_X509_BADCERT_FUTURE:
00042             return KCM_CRYPTO_STATUS_CERT_FUTURE;
00043         case PAL_ERR_X509_BADCERT_BAD_MD:
00044             return KCM_CRYPTO_STATUS_CERT_MD_ALG;
00045         case PAL_ERR_X509_BADCERT_BAD_PK:
00046             return KCM_CRYPTO_STATUS_CERT_PUB_KEY_TYPE;
00047         case PAL_ERR_X509_BADCERT_NOT_TRUSTED:
00048             return KCM_CRYPTO_STATUS_CERT_NOT_TRUSTED;
00049         case PAL_ERR_X509_BADCERT_BAD_KEY:
00050             return KCM_CRYPTO_STATUS_CERT_PUB_KEY;
00051         case PAL_ERR_PARSING_PUBLIC_KEY:
00052             return KCM_CRYPTO_STATUS_PARSING_DER_PUBLIC_KEY;
00053         case PAL_ERR_PARSING_PRIVATE_KEY:
00054             return KCM_CRYPTO_STATUS_PARSING_DER_PRIVATE_KEY;
00055         case PAL_ERR_PRIVATE_KEY_VARIFICATION_FAILED:
00056             return KCM_CRYPTO_STATUS_PRIVATE_KEY_VERIFICATION_FAILED;
00057         case PAL_ERR_PUBLIC_KEY_VARIFICATION_FAILED:
00058              return KCM_CRYPTO_STATUS_PUBLIC_KEY_VERIFICATION_FAILED;
00059         case PAL_ERR_PK_UNKNOWN_PK_ALG:
00060             return KCM_CRYPTO_STATUS_PK_UNKNOWN_PK_ALG;
00061         case PAL_ERR_PK_KEY_INVALID_FORMAT:
00062             return KCM_CRYPTO_STATUS_PK_KEY_INVALID_FORMAT;
00063         case PAL_ERR_PK_INVALID_PUBKEY_AND_ASN1_LEN_MISMATCH:
00064             return KCM_CRYPTO_STATUS_INVALID_PK_PUBKEY;
00065         case PAL_ERR_ECP_INVALID_KEY:
00066             return KCM_CRYPTO_STATUS_ECP_INVALID_KEY;
00067         case  PAL_ERR_PK_KEY_INVALID_VERSION:
00068             return KCM_CRYPTO_STATUS_PK_KEY_INVALID_VERSION;
00069         case PAL_ERR_PK_PASSWORD_REQUIRED:
00070             return KCM_CRYPTO_STATUS_PK_PASSWORD_REQUIRED;
00071         case PAL_ERR_NO_MEMORY :
00072             return KCM_STATUS_OUT_OF_MEMORY;
00073         case PAL_ERR_BUFFER_TOO_SMALL :
00074             return KCM_STATUS_INSUFFICIENT_BUFFER;
00075         case PAL_ERR_INVALID_X509_ATTR:
00076             return KCM_CRYPTO_STATUS_INVALID_X509_ATTR;
00077         case PAL_ERR_PK_SIG_VERIFY_FAILED:
00078         case PAL_ERR_FAILED_TO_VERIFY_SIGNATURE:
00079             return KCM_CRYPTO_STATUS_VERIFY_SIGNATURE_FAILED;
00080         case PAL_ERR_FAILED_TO_COPY_KEYPAIR:
00081             return KCM_CRYPTO_STATUS_ECP_INVALID_KEY;
00082         case PAL_ERR_FAILED_TO_COPY_GROUP:
00083             return KCM_CRYPTO_STATUS_UNSUPPORTED_CURVE;
00084         case PAL_ERR_INVALID_MD_TYPE:
00085             return KCM_CRYPTO_STATUS_INVALID_MD_TYPE;
00086         case PAL_ERR_FAILED_TO_WRITE_SIGNATURE:
00087             return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_SIGNATURE;
00088         case PAL_ERR_FAILED_TO_WRITE_PRIVATE_KEY:
00089             return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_PRIVATE_KEY;
00090         case PAL_ERR_FAILED_TO_WRITE_PUBLIC_KEY:
00091             return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_PUBLIC_KEY;
00092         case PAL_ERR_CSR_WRITE_DER_FAILED:
00093             return KCM_CRYPTO_STATUS_FAILED_TO_WRITE_CSR;
00094         case PAL_ERR_X509_UNKNOWN_OID:
00095             return KCM_CRYPTO_STATUS_INVALID_OID;
00096         case PAL_ERR_X509_INVALID_NAME:
00097             return KCM_CRYPTO_STATUS_INVALID_NAME_FORMAT;
00098         case PAL_ERR_SET_EXTENSION_FAILED:
00099             return KCM_CRYPTO_STATUS_SET_EXTENSION_FAILED;
00100         default:
00101            return  KCM_STATUS_ERROR;
00102     }
00103 }
00104 
00105 /* The function checks private and certificate's public key correlation
00106 */
00107 kcm_status_e  cs_check_certifcate_public_key(palX509Handle_t x509_cert, const uint8_t *private_key_data, size_t size_of_private_key_data)
00108 {
00109     kcm_status_e  kcm_status = KCM_STATUS_SUCCESS;
00110     uint8_t out_sign[KCM_ECDSA_SECP256R1_MAX_SIGNATURE_SIZE_IN_BYTES] = { 0 };
00111     size_t size_of_sign = sizeof(out_sign);
00112     size_t act_size_of_sign = 0;
00113     const uint8_t hash_digest[] =
00114     { 0x34, 0x70, 0xCD, 0x54, 0x7B, 0x0A, 0x11, 0x5F, 0xE0, 0x5C, 0xEB, 0xBC, 0x07, 0xBA, 0x91, 0x88,
00115         0x27, 0x20, 0x25, 0x6B, 0xB2, 0x7A, 0x66, 0x89, 0x1A, 0x4B, 0xB7, 0x17, 0x11, 0x04, 0x86, 0x6F };
00116 
00117     SA_PV_LOG_TRACE_FUNC_ENTER_NO_ARGS();
00118 
00119     kcm_status = cs_ecdsa_sign(private_key_data, size_of_private_key_data, hash_digest, sizeof(hash_digest), out_sign, size_of_sign, &act_size_of_sign);
00120     SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "cs_ecdsa_sign failed");
00121 
00122     kcm_status = cs_x509_cert_verify_signature(x509_cert, hash_digest, sizeof(hash_digest), out_sign, act_size_of_sign);
00123     SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), kcm_status, "cs_x509_cert_verify_signature failed");
00124 
00125     SA_PV_LOG_TRACE_FUNC_EXIT_NO_ARGS();
00126     return kcm_status;
00127 }