ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
mbed-os/source/Security/protocols/sec_prot_certs.c

285 lines
8.0 KiB
C
Raw Blame History

/*
* Copyright (c) 2016-2019, Pelion and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "nsconfig.h"
#include <string.h>
#include "ns_types.h"
#include "ns_list.h"
#include "ns_trace.h"
#include "nsdynmemLIB.h"
#include "NWK_INTERFACE/Include/protocol.h"
#include "Common_Protocols/ipv6_constants.h"
#include "socket_api.h"
#include "6LoWPAN/ws/ws_config.h"
#include "Security/protocols/sec_prot_certs.h"
#include "Security/protocols/sec_prot_keys.h"
#ifdef HAVE_WS
#define TRACE_GROUP "spce"
// Length for PEM coded certificate's begin and end certificate text strings
#define SEC_PROT_CERT_PEM_HEADER_FOOTER_LEN 52
#define SEC_PROT_CERT_PEM_HEADER_STR "-----BEGIN CERTIFICATE-----"
int8_t sec_prot_certs_init(sec_prot_certs_t *certs)
{
if (!certs) {
return -1;
}
sec_prot_certs_chain_entry_init(&certs->own_cert_chain);
ns_list_init(&certs->trusted_cert_chain_list);
ns_list_init(&certs->cert_revocat_lists);
certs->own_cert_chain_len = 0;
certs->ext_cert_valid_enabled = false;
return 0;
}
void sec_prot_certs_delete(sec_prot_certs_t *certs)
{
if (!certs) {
return;
}
sec_prot_certs_chain_entry_init(&certs->own_cert_chain);
sec_prot_certs_chain_list_delete(&certs->trusted_cert_chain_list);
sec_prot_certs_revocat_lists_delete(&certs->cert_revocat_lists);
}
int8_t sec_prot_certs_ext_certificate_validation_set(sec_prot_certs_t *certs, bool enabled)
{
if (!certs) {
return -1;
}
certs->ext_cert_valid_enabled = enabled;
return 0;
}
bool sec_prot_certs_ext_certificate_validation_get(const sec_prot_certs_t *certs)
{
return certs->ext_cert_valid_enabled;
}
uint16_t sec_prot_certs_own_cert_chain_len_get(const sec_prot_certs_t *certs)
{
return certs->own_cert_chain_len;
}
cert_chain_entry_t *sec_prot_certs_chain_entry_create(void)
{
cert_chain_entry_t *entry = ns_dyn_mem_alloc(sizeof(cert_chain_entry_t));
if (!entry) {
return NULL;
}
sec_prot_certs_chain_entry_init(entry);
return entry;
}
void sec_prot_certs_chain_entry_init(cert_chain_entry_t *entry)
{
memset(entry, 0, sizeof(cert_chain_entry_t));
}
void sec_prot_certs_chain_entry_delete(cert_chain_entry_t *entry)
{
ns_dyn_mem_free(entry);
}
int8_t sec_prot_certs_cert_set(cert_chain_entry_t *entry, uint8_t index, uint8_t *cert, uint16_t cert_len)
{
if (!entry || index >= SEC_PROT_CERT_CHAIN_DEPTH) {
return -1;
}
entry->cert[index] = cert;
entry->cert_len[index] = cert_len;
return 0;
}
uint8_t *sec_prot_certs_cert_get(const cert_chain_entry_t *entry, uint8_t index, uint16_t *cert_len)
{
if (!entry || index >= SEC_PROT_CERT_CHAIN_DEPTH || !entry->cert[index]) {
return NULL;
}
*cert_len = entry->cert_len[index];
return entry->cert[index];
}
uint16_t sec_prot_certs_cert_chain_entry_len_get(const cert_chain_entry_t *entry)
{
uint16_t chain_length = 0;
for (uint8_t index = 0; index < SEC_PROT_CERT_CHAIN_DEPTH; index++) {
if (entry->cert[index]) {
uint16_t cert_length = entry->cert_len[index];
// Checks if certificate is in PEM base64 format
if (cert_length > SEC_PROT_CERT_PEM_HEADER_FOOTER_LEN &&
entry->cert[index][cert_length - 1] == '\0' &&
strstr((const char *)entry->cert[index], SEC_PROT_CERT_PEM_HEADER_STR) != NULL) {
cert_length -= SEC_PROT_CERT_PEM_HEADER_FOOTER_LEN;
/* 4 base64 chars encode 3 bytes (ignores line endings and possible paddings in the
calculation i.e they are counted to length) */
chain_length += (cert_length / 4) * 3;
} else {
chain_length += cert_length;
}
}
}
return chain_length;
}
int8_t sec_prot_certs_priv_key_set(cert_chain_entry_t *entry, uint8_t *key, uint8_t key_len)
{
if (!entry) {
return -1;
}
entry->key = key;
entry->key_len = key_len;
return 0;
}
uint8_t *sec_prot_certs_priv_key_get(const cert_chain_entry_t *entry, uint8_t *key_len)
{
if (!entry) {
return NULL;
}
*key_len = entry->key_len;
return entry->key;
}
void sec_prot_certs_chain_list_add(cert_chain_list_t *cert_chain_list, cert_chain_entry_t *entry)
{
ns_list_add_to_end(cert_chain_list, entry);
}
void sec_prot_certs_chain_list_delete(cert_chain_list_t *chain_list)
{
ns_list_foreach_safe(cert_chain_entry_t, entry, chain_list) {
ns_list_remove(chain_list, entry);
ns_dyn_mem_free(entry);
}
}
void sec_prot_certs_chain_list_entry_delete(cert_chain_list_t *chain_list, cert_chain_entry_t *entry)
{
ns_list_remove(chain_list, entry);
sec_prot_certs_chain_entry_delete(entry);
}
cert_chain_entry_t *sec_prot_certs_chain_list_entry_find(cert_chain_list_t *chain_list, cert_chain_entry_t *entry)
{
ns_list_foreach(cert_chain_entry_t, list_entry, chain_list) {
bool match = true;
for (uint8_t i = 0; i < SEC_PROT_CERT_CHAIN_DEPTH; i++) {
if (list_entry->cert_len[i] != entry->cert_len[i]) {
match = false;
break;
}
if (memcmp(list_entry->cert[i], entry->cert[i], list_entry->cert_len[i]) != 0) {
match = false;
break;
}
}
if (match) {
return list_entry;
}
}
return NULL;
}
cert_revocat_list_entry_t *sec_prot_certs_revocat_list_entry_create(void)
{
cert_revocat_list_entry_t *entry = ns_dyn_mem_alloc(sizeof(cert_revocat_list_entry_t));
if (!entry) {
return NULL;
}
sec_prot_certs_revocat_list_entry_init(entry);
return entry;
}
void sec_prot_certs_revocat_list_entry_init(cert_revocat_list_entry_t *entry)
{
memset(entry, 0, sizeof(cert_revocat_list_entry_t));
}
void sec_prot_certs_revocat_list_entry_delete(cert_revocat_list_entry_t *entry)
{
ns_dyn_mem_free(entry);
}
int8_t sec_prot_certs_revocat_list_set(cert_revocat_list_entry_t *entry, const uint8_t *crl, uint16_t crl_len)
{
if (!entry) {
return -1;
}
entry->crl = crl;
entry->crl_len = crl_len;
return 0;
}
const uint8_t *sec_prot_certs_revocat_list_get(const cert_revocat_list_entry_t *entry, uint16_t *crl_len)
{
if (!entry) {
return NULL;
}
*crl_len = entry->crl_len;
return entry->crl;
}
void sec_prot_certs_revocat_lists_add(cert_revocat_lists_t *cert_revocat_lists, cert_revocat_list_entry_t *entry)
{
ns_list_add_to_end(cert_revocat_lists, entry);
}
void sec_prot_certs_revocat_lists_entry_delete(cert_revocat_lists_t *cert_revocat_lists, cert_revocat_list_entry_t *entry)
{
ns_list_remove(cert_revocat_lists, entry);
sec_prot_certs_revocat_list_entry_delete(entry);
}
cert_revocat_list_entry_t *sec_prot_certs_revocat_lists_entry_find(cert_revocat_lists_t *cert_revocat_lists, cert_revocat_list_entry_t *entry)
{
ns_list_foreach_safe(cert_revocat_list_entry_t, list_entry, cert_revocat_lists) {
if (list_entry->crl_len == entry->crl_len) {
if (memcmp(list_entry->crl, entry->crl, list_entry->crl_len) == 0) {
return list_entry;
}
}
}
return NULL;
}
void sec_prot_certs_revocat_lists_delete(cert_revocat_lists_t *cert_revocat_lists)
{
ns_list_foreach_safe(cert_revocat_list_entry_t, entry, cert_revocat_lists) {
ns_list_remove(cert_revocat_lists, entry);
ns_dyn_mem_free(entry);
}
}
#endif /* HAVE_WS */
Reference in New Issue View Git Blame Copy Permalink