Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
iotivity-lite
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
41
Issues
41
List
Boards
Labels
Service Desk
Milestones
Merge Requests
10
Merge Requests
10
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
IoTivity
iotivity-lite
Commits
bc52bba1
Commit
bc52bba1
authored
Apr 14, 2020
by
Kishen Maloor
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
oc_pki: clean up implementations of oc_pki APIs
Signed-off-by:
Kishen Maloor
<
kishen.maloor@intel.com
>
parent
5128b8fb
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
66 additions
and
74 deletions
+66
-74
apps/client_certification_tests.c
apps/client_certification_tests.c
+2
-1
apps/smart_home_server_linux.c
apps/smart_home_server_linux.c
+2
-2
apps/smart_home_server_with_mock_swupdate.cpp
apps/smart_home_server_with_mock_swupdate.cpp
+2
-1
security/oc_pki.c
security/oc_pki.c
+60
-70
No files found.
apps/client_certification_tests.c
View file @
bc52bba1
...
...
@@ -426,7 +426,7 @@ read_pem(const char *file_path, char *buffer, size_t *buffer_len)
fclose
(
fp
);
return
-
1
;
}
if
(
pem_len
>
(
long
)
*
buffer_len
)
{
if
(
pem_len
>
=
(
long
)
*
buffer_len
)
{
PRINT
(
"ERROR: buffer provided too small
\n
"
);
fclose
(
fp
);
return
-
1
;
...
...
@@ -442,6 +442,7 @@ read_pem(const char *file_path, char *buffer, size_t *buffer_len)
return
-
1
;
}
fclose
(
fp
);
buffer
[
pem_len
]
=
'\0'
;
*
buffer_len
=
(
size_t
)
pem_len
;
return
0
;
}
...
...
apps/smart_home_server_linux.c
View file @
bc52bba1
...
...
@@ -627,7 +627,7 @@ read_pem(const char *file_path, char *buffer, size_t *buffer_len)
fclose
(
fp
);
return
-
1
;
}
if
(
pem_len
>
(
long
)
*
buffer_len
)
{
if
(
pem_len
>
=
(
long
)
*
buffer_len
)
{
PRINT
(
"ERROR: buffer provided too small
\n
"
);
fclose
(
fp
);
return
-
1
;
...
...
@@ -643,6 +643,7 @@ read_pem(const char *file_path, char *buffer, size_t *buffer_len)
return
-
1
;
}
fclose
(
fp
);
buffer
[
pem_len
]
=
'\0'
;
*
buffer_len
=
(
size_t
)
pem_len
;
return
0
;
}
...
...
@@ -681,7 +682,6 @@ factory_presets_cb(size_t device, void *data)
PRINT
(
"ERROR: unable to read certificates
\n
"
);
return
;
}
int
subca_credid
=
oc_pki_add_mfg_intermediate_cert
(
0
,
ee_credid
,
(
const
unsigned
char
*
)
cert
,
cert_len
);
...
...
apps/smart_home_server_with_mock_swupdate.cpp
View file @
bc52bba1
...
...
@@ -211,7 +211,7 @@ read_pem(const char *file_path, char *buffer, size_t *buffer_len)
fclose
(
fp
);
return
-
1
;
}
if
(
pem_len
>
(
long
)
*
buffer_len
)
{
if
(
pem_len
>
=
(
long
)
*
buffer_len
)
{
PRINT
(
"ERROR: buffer provided too small
\n
"
);
fclose
(
fp
);
return
-
1
;
...
...
@@ -227,6 +227,7 @@ read_pem(const char *file_path, char *buffer, size_t *buffer_len)
return
-
1
;
}
fclose
(
fp
);
buffer
[
pem_len
]
=
'\0'
;
*
buffer_len
=
(
size_t
)
pem_len
;
return
0
;
}
...
...
security/oc_pki.c
View file @
bc52bba1
...
...
@@ -42,16 +42,17 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert,
}
/* Parse the to-be-added intermediate cert */
unsigned
char
cert_copy
[
4096
];
memcpy
(
cert_copy
,
cert
,
cert_size
);
size_t
c_size
=
cert_size
;
mbedtls_x509_crt
int_ca
;
mbedtls_x509_crt_init
(
&
int_ca
);
if
(
oc_certs_is_PEM
((
const
unsigned
char
*
)
cert
,
cert_size
)
==
0
)
{
cert_copy
[
cert_size
]
=
'\0'
;
cert_size
+=
1
;
if
(
oc_certs_is_PEM
((
const
unsigned
char
*
)
cert
,
cert_size
)
!=
0
)
{
return
-
1
;
}
if
(
cert
[
cert_size
-
1
]
!=
'\0'
)
{
c_size
+=
1
;
}
ret
=
mbedtls_x509_crt_parse
(
&
int_ca
,
(
const
unsigned
char
*
)
cert_copy
,
cert
_size
);
ret
=
mbedtls_x509_crt_parse
(
&
int_ca
,
(
const
unsigned
char
*
)
cert
,
c
_size
);
if
(
ret
<
0
)
{
OC_ERR
(
"could not parse intermediate cert %d"
,
ret
);
return
-
1
;
...
...
@@ -95,20 +96,21 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert,
* in the chain, if not return.
*/
if
(
oc_certs_is_subject_the_issuer
(
&
int_ca
,
id_cert
)
==
0
)
{
id_cert
->
next
=
&
int_c
a
;
char
chain
[
4096
]
;
ret
=
oc_certs_serialize_chain_to_pem
(
&
id_cert_chain
,
chain
,
4096
);
if
(
ret
>
0
)
{
OC_DBG
(
"adding a new intermediate CA cert to /oic/sec/cred"
);
oc_free_string
(
&
c
->
publicdata
.
data
);
oc_new_string
(
&
c
->
publicdata
.
data
,
chain
,
ret
)
;
oc_sec_dump_cred
(
device
);
}
id_cert
->
next
=
NULL
;
oc_string_t
chain
=
c
->
publicdata
.
dat
a
;
size_t
new_publicdata_size
=
oc_string_len
(
chain
)
+
c_size
;
oc_alloc_string
(
&
c
->
publicdata
.
data
,
new_publicdata_size
)
;
memcpy
(
oc_string
(
c
->
publicdata
.
data
),
oc_string
(
chain
),
oc_string_len
(
chain
));
memcpy
(
oc_string
(
c
->
publicdata
.
data
)
+
oc_string_len
(
chain
),
cert
,
cert_size
);
oc_string
(
c
->
publicdata
.
data
)[
new_publicdata_size
-
1
]
=
'\0'
;
oc_free_string
(
&
chain
);
OC_DBG
(
"adding a new intermediate CA cert to /oic/sec/cred"
);
oc_sec_dump_cred
(
device
);
ret
=
1
;
}
else
{
OC_ERR
(
"supplied intermediate CA cert is not issuer of identity cert"
);
ret
=
-
1
;
}
mbedtls_x509_crt_free
(
&
int_ca
);
...
...
@@ -130,25 +132,25 @@ pki_add_identity_cert(size_t device, const unsigned char *cert,
{
OC_DBG
(
"attempting to add an identity certificate chain"
);
size_t
c_size
=
cert_size
,
k_size
=
key_size
;
mbedtls_pk_context
pkey
;
mbedtls_pk_init
(
&
pkey
);
unsigned
char
cert_copy
[
4096
];
unsigned
char
key_copy
[
4096
];
memcpy
(
cert_copy
,
cert
,
cert_size
);
memcpy
(
key_copy
,
key
,
key_size
);
if
(
oc_certs_is_PEM
(
cert
,
cert_size
)
==
0
)
{
cert_copy
[
cert_size
]
=
'\0'
;
cert_size
+=
1
;
if
(
oc_certs_is_PEM
(
cert
,
cert_size
)
!=
0
)
{
return
-
1
;
}
if
(
cert
[
cert_size
-
1
]
!=
'\0'
)
{
c_size
+=
1
;
}
if
(
oc_certs_is_PEM
(
key
,
key_size
)
==
0
)
{
key_copy
[
key_size
]
=
'\0'
;
key_size
+=
1
;
if
(
key
[
key_size
-
1
]
!=
'\0'
)
{
k_size
+=
1
;
}
}
/* Parse identity cert's private key */
int
ret
=
mbedtls_pk_parse_key
(
&
pkey
,
(
const
unsigned
char
*
)
key_copy
,
key
_size
,
NULL
,
0
);
int
ret
=
mbedtls_pk_parse_key
(
&
pkey
,
(
const
unsigned
char
*
)
key
,
k
_size
,
NULL
,
0
);
if
(
ret
!=
0
)
{
OC_ERR
(
"could not parse identity cert's private key %d"
,
ret
);
return
-
1
;
...
...
@@ -172,8 +174,7 @@ pki_add_identity_cert(size_t device, const unsigned char *cert,
mbedtls_x509_crt_init
(
&
cert1
);
/* Parse identity cert chain */
ret
=
mbedtls_x509_crt_parse
(
&
cert1
,
(
const
unsigned
char
*
)
cert_copy
,
cert_size
);
ret
=
mbedtls_x509_crt_parse
(
&
cert1
,
(
const
unsigned
char
*
)
cert
,
c_size
);
if
(
ret
<
0
)
{
OC_ERR
(
"could not parse the provided identity cert"
);
return
-
1
;
...
...
@@ -220,25 +221,19 @@ pki_add_identity_cert(size_t device, const unsigned char *cert,
OC_DBG
(
"adding a new identity cert chain to /oic/sec/cred"
);
char
chain
[
4096
];
ret
=
oc_certs_serialize_chain_to_pem
(
&
cert1
,
chain
,
4096
);
mbedtls_x509_crt_free
(
&
cert1
);
int
credid
=
-
1
;
if
(
ret
>
0
)
{
credid
=
oc_sec_add_new_cred
(
device
,
false
,
NULL
,
-
1
,
OC_CREDTYPE_CERT
,
credusage
,
oc_string
(
subjectuuid
),
OC_ENCODING_RAW
,
private_key_size
,
privkbuf
+
(
200
-
private_key_size
),
OC_ENCODING_PEM
,
ret
,
(
const
uint8_t
*
)
chain
,
NULL
,
NULL
);
if
(
credid
!=
-
1
)
{
OC_DBG
(
"added new identity cert chain to /oic/sec/cred"
);
oc_sec_dump_cred
(
device
);
}
else
{
OC_ERR
(
"could not add identity cert chain to /oic/sec/cred"
);
}
int
credid
=
oc_sec_add_new_cred
(
device
,
false
,
NULL
,
-
1
,
OC_CREDTYPE_CERT
,
credusage
,
oc_string
(
subjectuuid
),
OC_ENCODING_RAW
,
private_key_size
,
privkbuf
+
(
200
-
private_key_size
),
OC_ENCODING_PEM
,
c_size
-
1
,
(
const
uint8_t
*
)
cert
,
NULL
,
NULL
);
if
(
credid
!=
-
1
)
{
OC_DBG
(
"added new identity cert chain to /oic/sec/cred"
);
oc_sec_dump_cred
(
device
);
}
else
{
OC_ERR
(
"could not add identity cert chain to /oic/sec/cred"
);
}
oc_free_string
(
&
subjectuuid
);
...
...
@@ -269,17 +264,16 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size,
mbedtls_x509_crt
cert1
,
cert2
;
mbedtls_x509_crt_init
(
&
cert1
);
unsigned
char
cert_copy
[
4096
];
memcpy
(
cert_copy
,
cert
,
cert_size
);
size_t
c_size
=
cert_size
;
/* Parse root cert */
if
(
oc_certs_is_PEM
((
const
unsigned
char
*
)
cert
,
cert_size
)
==
0
)
{
cert_copy
[
cert_size
]
=
'\0'
;
cert_size
+=
1
;
if
(
oc_certs_is_PEM
((
const
unsigned
char
*
)
cert
,
cert_size
)
!=
0
)
{
return
-
1
;
}
int
ret
=
mbedtls_x509_crt_parse
(
&
cert1
,
(
const
unsigned
char
*
)
cert_copy
,
cert_size
);
if
(
cert
[
cert_size
-
1
]
!=
'\0'
)
{
c_size
+=
1
;
}
int
ret
=
mbedtls_x509_crt_parse
(
&
cert1
,
(
const
unsigned
char
*
)
cert
,
c_size
);
if
(
ret
<
0
)
{
return
-
1
;
}
...
...
@@ -321,18 +315,14 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size,
OC_DBG
(
"adding a new trust anchor entry to /oic/sec/cred"
);
char
chain
[
4096
];
ret
=
oc_certs_serialize_chain_to_pem
(
&
cert1
,
chain
,
4096
);
if
(
ret
>
0
)
{
ret
=
oc_sec_add_new_cred
(
device
,
false
,
NULL
,
-
1
,
OC_CREDTYPE_CERT
,
credusage
,
"*"
,
0
,
0
,
NULL
,
OC_ENCODING_PEM
,
ret
,
(
const
uint8_t
*
)
chain
,
NULL
,
NULL
);
if
(
ret
!=
-
1
)
{
OC_DBG
(
"added new trust anchor entry to /oic/sec/cred"
);
oc_sec_dump_cred
(
device
);
}
else
{
OC_ERR
(
"could not add trust anchor entry to /oic/sec/cred"
);
}
ret
=
oc_sec_add_new_cred
(
device
,
false
,
NULL
,
-
1
,
OC_CREDTYPE_CERT
,
credusage
,
"*"
,
0
,
0
,
NULL
,
OC_ENCODING_PEM
,
c_size
-
1
,
(
const
uint8_t
*
)
cert
,
NULL
,
NULL
);
if
(
ret
!=
-
1
)
{
OC_DBG
(
"added new trust anchor entry to /oic/sec/cred"
);
oc_sec_dump_cred
(
device
);
}
else
{
OC_ERR
(
"could not add trust anchor entry to /oic/sec/cred"
);
}
mbedtls_x509_crt_free
(
&
cert1
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment