f79e4f1e4ef9ab26449b88fda515180eff3b220b
[iotivity.git] / resource / csdk / security / provisioning / src / oxmmanufacturercert.c
1 /* *****************************************************************
2  *
3  * Copyright 2016 Samsung Electronics All Rights Reserved.
4  *
5  *
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  *     http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  *
19  * *****************************************************************/
20
21 #include "iotivity_config.h"
22
23 #ifdef HAVE_MEMORY_H
24 #include <memory.h>
25 #endif
26
27 #include "ocstack.h"
28 #include "experimental/securevirtualresourcetypes.h"
29 #include "experimental/doxmresource.h"
30 #include "credresource.h"
31 #include "cacommon.h"
32 #include "cainterface.h"
33 #include "casecurityinterface.h"
34 #include "experimental/ocrandom.h"
35 #include "oic_malloc.h"
36 #include "experimental/logger.h"
37 #include "pbkdf2.h"
38 #include "oxmmanufacturercert.h"
39 #include "ownershiptransfermanager.h"
40 #include "srmresourcestrings.h"
41 #include "pkix_interface.h"
42 #include "mbedtls/ssl_ciphersuites.h"
43 #include "ocstackinternal.h"
44
45 #define TAG "OXM_MCertificate"
46
47 OCStackResult CreateMCertificateBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
48 {
49     if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
50     {
51         return OC_STACK_INVALID_PARAM;
52     }
53
54     otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_MANUFACTURER_CERTIFICATE;
55
56     bool propertiesToInclude[DOXM_PROPERTY_COUNT];
57     memset(propertiesToInclude, 0, sizeof(propertiesToInclude));
58     propertiesToInclude[DOXM_OXMSEL] = true;
59
60     return DoxmToCBORPayloadPartial(otmCtx->selectedDeviceInfo->doxm, payload,
61         size, propertiesToInclude);
62 }
63
64 OCStackResult CreateConMCertificateBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
65 {
66     if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
67     {
68         return OC_STACK_INVALID_PARAM;
69     }
70
71     otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_CON_MFG_CERT;
72
73     bool propertiesToInclude[DOXM_PROPERTY_COUNT];
74     memset(propertiesToInclude, 0, sizeof(propertiesToInclude));
75     propertiesToInclude[DOXM_OXMSEL] = true;
76
77     return DoxmToCBORPayloadPartial(otmCtx->selectedDeviceInfo->doxm, payload,
78         size, propertiesToInclude);
79 }
80
81 OCStackResult CreateMCertificateBasedOwnerTransferPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
82 {
83     if (!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
84     {
85         return OC_STACK_INVALID_PARAM;
86     }
87
88     OicUuid_t uuidPT = {.id={0}};
89     *payload = NULL;
90     *size = 0;
91
92     if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
93     {
94         OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
95         return OC_STACK_ERROR;
96     }
97     memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
98
99     bool propertiesToInclude[DOXM_PROPERTY_COUNT];
100     memset(propertiesToInclude, 0, sizeof(propertiesToInclude));
101     propertiesToInclude[DOXM_DEVOWNERUUID] = true;
102
103     return DoxmToCBORPayloadPartial(otmCtx->selectedDeviceInfo->doxm, payload,
104         size, propertiesToInclude);
105 }
106
107 OCStackResult PrepareMCertificateCallback(OTMContext_t *otmCtx)
108 {
109     OIC_LOG(INFO, TAG, "IN PrepareMCertificateCallback");
110
111     if (!otmCtx || !otmCtx->selectedDeviceInfo)
112     {
113         return OC_STACK_INVALID_PARAM;
114     }
115
116     if (CA_STATUS_OK != CAregisterPkixInfoHandler(GetManufacturerPkixInfo))
117     {
118         OIC_LOG(ERROR, TAG, "Failed to register PkixInfohandler");
119         return OC_STACK_ERROR;
120     }
121
122     if (CA_STATUS_OK != CAregisterIdentityHandler(NULL))
123     {
124         OIC_LOG(ERROR, TAG, "Failed to register IdentityHandler");
125         return OC_STACK_ERROR;
126     }
127
128     if (CA_STATUS_OK != CAregisterGetCredentialTypesHandler(InitManufacturerCipherSuiteList))
129     {
130         OIC_LOG(ERROR, TAG, "Failed to register CredentialTypesHandler");
131         return OC_STACK_ERROR;
132     }
133
134     OIC_LOG(INFO, TAG, "OUT PrepareMCertificateCallback");
135
136     return OC_STACK_OK;
137 }
138
139 OCStackResult CreateSecureSessionMCertificateCallback(OTMContext_t* otmCtx)
140 {
141     OIC_LOG(INFO, TAG, "IN CreateSecureSessionMCertificateCallback");
142
143     if (!otmCtx || !otmCtx->selectedDeviceInfo)
144     {
145         return OC_STACK_INVALID_PARAM;
146     }
147
148     CAResult_t caresult = CAEnableAnonECDHCipherSuite(false);
149     if (CA_STATUS_OK != caresult)
150     {
151         OIC_LOG_V(ERROR, TAG, "Failed to disable anon cipher suite");
152         return OC_STACK_ERROR;
153     }
154     OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
155
156     caresult  = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
157                                     otmCtx->selectedDeviceInfo->endpoint.adapter);
158     if (CA_STATUS_OK != caresult)
159     {
160         OIC_LOG_V(ERROR, TAG, "Failed to select MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8");
161         return OC_STACK_ERROR;
162     }
163     OIC_LOG(INFO, TAG, "MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher suite selected.");
164
165     OIC_LOG(INFO, TAG, "OUT CreateSecureSessionMCertificateCallback");
166
167     return OC_STACK_OK;
168 }