Use only specified ciphersuites in Cloud requests

Change-Id: I21ae563ed803fec87689a2609b8d83ca33fe3882 Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

Use only specified ciphersuites in Cloud requests
Change-Id: I21ae563ed803fec87689a2609b8d83ca33fe3882 Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>
9a89fddc · Kishen Maloor · a9a31e51 · 9a89fddc · 9a89fddc · 9a89fddc
Commit 9a89fddc authored Sep 24, 2019 by Kishen Maloor
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 1 deletion

api/cloud/oc_cloud_apis.c api/cloud/oc_cloud_apis.c +20 -1

security/oc_tls.c security/oc_tls.c +11 -0

security/oc_tls.h security/oc_tls.h +1 -0

No files found.
--- a/api/cloud/oc_cloud_apis.c
+++ b/api/cloud/oc_cloud_apis.c
@@ -25,8 +25,10 @@
 #include "oc_cloud_internal.h"
 #include "oc_core_res.h"
 #include "port/oc_log.h"
+#ifdef OC_SECURITY
 #include "security/oc_pstat.h"
-
+#include "security/oc_tls.h"
+#endif /* OC_SECURITY */
 /** Account URI.*/
 #ifdef OC_SPEC_VER_OIC
 #define OC_RSRVD_ACCOUNT_URI "/oic/account"
@@ -329,6 +331,10 @@ cloud_access_register(oc_endpoint_t *endpoint, const char *auth_provider,
    return false;
  }

+#ifdef OC_SECURITY
+  oc_tls_select_cloud_ciphersuite();
+#endif /* OC_SECURITY */
+
  if (oc_init_post(OC_RSRVD_ACCOUNT_URI, endpoint, NULL, handler, LOW_QOS,
                   user_data)) {
    char uuid[OC_UUID_LEN] = { 0 };
@@ -378,6 +384,11 @@ cloud_access_deregister(oc_endpoint_t *endpoint, const char *uid,
  oc_string_t u_id;
  oc_concat_strings(&u_id, "&uid=", uid);
  oc_concat_strings(&d, oc_string(at), oc_string(u_id));
+
+#ifdef OC_SECURITY
+  oc_tls_select_cloud_ciphersuite();
+#endif /* OC_SECURITY */
+
  bool s = oc_do_delete(OC_RSRVD_ACCOUNT_URI, endpoint, oc_string(d), handler,
                        HIGH_QOS, user_data);
  oc_free_string(&d);
@@ -403,6 +414,10 @@ cloud_access_login_out(oc_endpoint_t *endpoint, const char *uid,
    return false;
  }

+#ifdef OC_SECURITY
+  oc_tls_select_cloud_ciphersuite();
+#endif /* OC_SECURITY */
+
  if (oc_init_post(OC_RSRVD_ACCOUNT_SESSION_URI, endpoint, NULL, handler,
                   LOW_QOS, user_data)) {
    char uuid[OC_UUID_LEN] = { 0 };
@@ -458,6 +473,10 @@ cloud_access_refresh_access_token(oc_endpoint_t *endpoint, const char *uid,
    return false;
  }

+#ifdef OC_SECURITY
+  oc_tls_select_cloud_ciphersuite();
+#endif /* OC_SECURITY */
+
  if (oc_init_post(OC_RSRVD_ACCOUNT_TOKEN_REFRESH_URI, endpoint, NULL, handler,
                   LOW_QOS, user_data)) {
    char uuid[OC_UUID_LEN] = { 0 };

--- a/security/oc_tls.c
+++ b/security/oc_tls.c
@@ -188,6 +188,11 @@ static const int otm_priority[3] = {

 #ifdef OC_CLIENT
 #ifdef OC_PKI
+static const int cloud_priority[3] = {
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0
+};
+
 static const int cert_priority[7] = {
  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
@@ -863,6 +868,12 @@ oc_tls_select_cert_ciphersuite(void)
 {
  ciphers = (int *)cert_priority;
 }
+
+void
+oc_tls_select_cloud_ciphersuite(void)
+{
+  ciphers = (int *)cloud_priority;
+}
 #endif /* OC_CLIENT */

 void

--- a/security/oc_tls.h
+++ b/security/oc_tls.h
@@ -83,6 +83,7 @@ void oc_tls_select_mfg_cert_chain(int credid);
 void oc_tls_select_identity_cert_chain(int credid);
 void oc_tls_select_psk_ciphersuite(void);
 void oc_tls_select_anon_ciphersuite(void);
+void oc_tls_select_cloud_ciphersuite(void);

 /* Internal interface for generating a random PIN */
 void oc_tls_generate_random_pin(void);