Commit 9a89fddc authored by Kishen Maloor's avatar Kishen Maloor

Use only specified ciphersuites in Cloud requests

Change-Id: I21ae563ed803fec87689a2609b8d83ca33fe3882
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
parent a9a31e51
......@@ -25,8 +25,10 @@
#include "oc_cloud_internal.h"
#include "oc_core_res.h"
#include "port/oc_log.h"
#ifdef OC_SECURITY
#include "security/oc_pstat.h"
#include "security/oc_tls.h"
#endif /* OC_SECURITY */
/** Account URI.*/
#ifdef OC_SPEC_VER_OIC
#define OC_RSRVD_ACCOUNT_URI "/oic/account"
......@@ -329,6 +331,10 @@ cloud_access_register(oc_endpoint_t *endpoint, const char *auth_provider,
return false;
}
#ifdef OC_SECURITY
oc_tls_select_cloud_ciphersuite();
#endif /* OC_SECURITY */
if (oc_init_post(OC_RSRVD_ACCOUNT_URI, endpoint, NULL, handler, LOW_QOS,
user_data)) {
char uuid[OC_UUID_LEN] = { 0 };
......@@ -378,6 +384,11 @@ cloud_access_deregister(oc_endpoint_t *endpoint, const char *uid,
oc_string_t u_id;
oc_concat_strings(&u_id, "&uid=", uid);
oc_concat_strings(&d, oc_string(at), oc_string(u_id));
#ifdef OC_SECURITY
oc_tls_select_cloud_ciphersuite();
#endif /* OC_SECURITY */
bool s = oc_do_delete(OC_RSRVD_ACCOUNT_URI, endpoint, oc_string(d), handler,
HIGH_QOS, user_data);
oc_free_string(&d);
......@@ -403,6 +414,10 @@ cloud_access_login_out(oc_endpoint_t *endpoint, const char *uid,
return false;
}
#ifdef OC_SECURITY
oc_tls_select_cloud_ciphersuite();
#endif /* OC_SECURITY */
if (oc_init_post(OC_RSRVD_ACCOUNT_SESSION_URI, endpoint, NULL, handler,
LOW_QOS, user_data)) {
char uuid[OC_UUID_LEN] = { 0 };
......@@ -458,6 +473,10 @@ cloud_access_refresh_access_token(oc_endpoint_t *endpoint, const char *uid,
return false;
}
#ifdef OC_SECURITY
oc_tls_select_cloud_ciphersuite();
#endif /* OC_SECURITY */
if (oc_init_post(OC_RSRVD_ACCOUNT_TOKEN_REFRESH_URI, endpoint, NULL, handler,
LOW_QOS, user_data)) {
char uuid[OC_UUID_LEN] = { 0 };
......
......@@ -188,6 +188,11 @@ static const int otm_priority[3] = {
#ifdef OC_CLIENT
#ifdef OC_PKI
static const int cloud_priority[3] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0
};
static const int cert_priority[7] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
......@@ -863,6 +868,12 @@ oc_tls_select_cert_ciphersuite(void)
{
ciphers = (int *)cert_priority;
}
void
oc_tls_select_cloud_ciphersuite(void)
{
ciphers = (int *)cloud_priority;
}
#endif /* OC_CLIENT */
void
......
......@@ -83,6 +83,7 @@ void oc_tls_select_mfg_cert_chain(int credid);
void oc_tls_select_identity_cert_chain(int credid);
void oc_tls_select_psk_ciphersuite(void);
void oc_tls_select_anon_ciphersuite(void);
void oc_tls_select_cloud_ciphersuite(void);
/* Internal interface for generating a random PIN */
void oc_tls_generate_random_pin(void);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment