Mayank Gupta
/
pelion-example-frdm
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependencies: FXAS21002 FXOS8700Q
Embed:
(wiki syntax)
Show/hide line numbers
fcc_bundle_certificate_utils.c
00001 // ---------------------------------------------------------------------------- 00002 // Copyright 2016-2017 ARM Ltd. 00003 // 00004 // Licensed under the Apache License, Version 2.0 (the "License"); 00005 // you may not use this file except in compliance with the License. 00006 // You may obtain a copy of the License at 00007 // 00008 // http://www.apache.org/licenses/LICENSE-2.0 00009 // 00010 // Unless required by applicable law or agreed to in writing, software 00011 // distributed under the License is distributed on an "AS IS" BASIS, 00012 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 // See the License for the specific language governing permissions and 00014 // limitations under the License. 00015 // ---------------------------------------------------------------------------- 00016 #include "fcc_bundle_handler.h" 00017 #include "cn-cbor.h" 00018 #include "pv_error_handling.h" 00019 #include "fcc_bundle_utils.h" 00020 #include "key_config_manager.h" 00021 #include "fcc_output_info_handler.h" 00022 #include "fcc_time_profiling.h" 00023 #include "fcc_utils.h" 00024 00025 00026 /** Processes certificate list. 00027 * The function extracts data parameters for each certificate and stores it. 00028 * 00029 * @param certs_list_cb[in] The cbor structure with certificate list. 00030 * 00031 * @return 00032 * true for success, false otherwise. 00033 */ 00034 fcc_status_e fcc_bundle_process_certificates(const cn_cbor *certs_list_cb) 00035 { 00036 bool status = false; 00037 fcc_status_e fcc_status = FCC_STATUS_SUCCESS; 00038 fcc_status_e output_info_fcc_status = FCC_STATUS_SUCCESS; 00039 kcm_status_e kcm_result = KCM_STATUS_SUCCESS; 00040 uint32_t cert_index = 0; 00041 cn_cbor *cert_cb; 00042 fcc_bundle_data_param_s certificate; 00043 00044 SA_PV_LOG_TRACE_FUNC_ENTER_NO_ARGS(); 00045 SA_PV_ERR_RECOVERABLE_RETURN_IF((certs_list_cb == NULL), fcc_status = FCC_STATUS_INVALID_PARAMETER, "Invalid certs_list_cb pointer"); 00046 00047 //Initialize data struct 00048 memset(&certificate, 0, sizeof(fcc_bundle_data_param_s)); 00049 00050 for (cert_index = 0; cert_index < (uint32_t)certs_list_cb->length; cert_index++) { 00051 00052 FCC_SET_START_TIMER(fcc_certificate_timer); 00053 00054 //fcc_bundle_clean_and_free_data_param(&certificate); 00055 00056 //Get key CBOR struct at index key_index 00057 cert_cb = cn_cbor_index(certs_list_cb, cert_index); 00058 SA_PV_ERR_RECOVERABLE_RETURN_IF((cert_cb == NULL), fcc_status = FCC_STATUS_BUNDLE_ERROR, "Failed to get certificate at index (%" PRIu32 ") ", cert_index); 00059 SA_PV_ERR_RECOVERABLE_RETURN_IF((cert_cb->type != CN_CBOR_MAP), fcc_status = FCC_STATUS_BUNDLE_ERROR, "Wrong type of certificate CBOR struct at index (%" PRIu32 ") ", cert_index); 00060 00061 status = fcc_bundle_get_data_param(cert_cb, &certificate); 00062 SA_PV_ERR_RECOVERABLE_RETURN_IF((status != true), fcc_status = FCC_STATUS_BUNDLE_ERROR, "Failed to get certificate data at index (%" PRIu32 ") ", cert_index); 00063 00064 //If private key name was passed with the certificate - the certificate is self-generated and we need to verify it agains given private key 00065 if (certificate.private_key_name != NULL) { 00066 //Try to retrieve the private key from the device and verify the certificate against key data 00067 kcm_result = kcm_certificate_verify_with_private_key( 00068 certificate.data, 00069 certificate.data_size, 00070 certificate.private_key_name, 00071 certificate.private_key_name_len); 00072 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = FCC_STATUS_CERTIFICATE_PUBLIC_KEY_CORRELATION_ERROR, exit, "Failed to verify certificate against given private key (%" PRIu32 ") ", cert_index); 00073 } 00074 00075 kcm_result = kcm_item_store(certificate.name, certificate.name_len, KCM_CERTIFICATE_ITEM, true, certificate.data, certificate.data_size, certificate.acl); 00076 FCC_END_TIMER((char*)certificate.name, certificate.name_len,fcc_certificate_timer); 00077 SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = fcc_convert_kcm_to_fcc_status(kcm_result), exit,"Failed to store certificate at index (%" PRIu32 ") ", cert_index); 00078 00079 } 00080 00081 exit: 00082 if (kcm_result != KCM_STATUS_SUCCESS) { 00083 //FCC_STATUS_ITEM_NOT_EXIST returned only if private key of self-generate certificate is missing. In this case we need to return name of missing item 00084 if (kcm_result == KCM_STATUS_ITEM_NOT_FOUND) { 00085 output_info_fcc_status = fcc_bundle_store_error_info(certificate.private_key_name, certificate.private_key_name_len, kcm_result); 00086 } 00087 else { 00088 output_info_fcc_status = fcc_bundle_store_error_info(certificate.name, certificate.name_len, kcm_result); 00089 } 00090 00091 00092 SA_PV_ERR_RECOVERABLE_RETURN_IF((output_info_fcc_status != FCC_STATUS_SUCCESS), 00093 fcc_status = FCC_STATUS_OUTPUT_INFO_ERROR, 00094 "Failed to create output kcm_status error %d", kcm_result); 00095 } 00096 fcc_bundle_clean_and_free_data_param(&certificate); 00097 SA_PV_LOG_TRACE_FUNC_EXIT_NO_ARGS(); 00098 return fcc_status; 00099 }
Generated on Tue Jul 12 2022 20:20:59 by
1.7.2