Google Git
Sign in
fuchsia / third_party / openweave-core / refs/heads/upstream/feature/emargolis/cert-prov-protocol-testing / . / src / test-apps / CertProvOptions.h
blob: f2423e7e7eed30f4c7eece58bd6564c971b80ea6 [file] [log] [blame]
/*
*
* Copyright (c) 2019-2020 Google LLC.
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file
* Definition of CertProvOptions class, which handles Certificate Provisioning specific
* command line options and provides an implementation of the WeaveNodeOpAuthDelegate and
* WeaveNodeMfrAttestDelegate interfaces for use in test applications.
*
*/
#ifndef CERTPROVOPTIONS_H_
#define CERTPROVOPTIONS_H_
#include <Weave/Core/WeaveCore.h>
#include <Weave/Profiles/security/WeaveSecurity.h>
#include <Weave/Profiles/security/WeaveCertProvisioning.h>
#include "ToolCommonOptions.h"
using namespace nl::Weave::Profiles::Security::CertProvisioning;
extern WEAVE_ERROR GenerateTestDeviceCert(uint64_t deviceId, EncodedECPublicKey& devicePubKey,
uint8_t *cert, uint16_t certBufSize, uint16_t& certLen);
extern WEAVE_ERROR GenerateTestDeviceCert(uint64_t deviceId, EncodedECPublicKey& devicePubKey,
const uint8_t *caCert, uint16_t caCertLen,
const uint8_t *caKey, uint16_t caKeyLen,
uint8_t *cert, uint16_t certBufSize, uint16_t& certLen);
class DeviceCredentialsStore
{
public:
enum
{
kWeaveDeviceCertBufSize = 300, // Size of buffer needed to hold Weave device certificate.
kWeaveDevicePrivateKeyBufSize = 128, // Size of buffer needed to hold Weave device private key.
};
DeviceCredentialsStore();
WEAVE_ERROR StoreDeviceId(uint64_t deviceId) { mDeviceId = deviceId; return WEAVE_NO_ERROR; };
WEAVE_ERROR StoreDeviceCert(const uint8_t * cert, uint16_t certLen);
WEAVE_ERROR StoreDeviceICACerts(const uint8_t * certs, uint16_t certsLen);
WEAVE_ERROR StoreDevicePrivateKey(const uint8_t * key, uint16_t keyLen);
WEAVE_ERROR GetDeviceId(uint64_t & deviceId);
WEAVE_ERROR GetDeviceCert(const uint8_t *& cert, uint16_t & certLen);
WEAVE_ERROR GetDeviceICACerts(const uint8_t *& cert, uint16_t & certLen);
WEAVE_ERROR GetDevicePrivateKey(const uint8_t *& key, uint16_t & keyLen);
void ClearDeviceId(void);
void ClearDeviceCert(void);
void ClearDeviceICACerts(void);
void ClearDevicePrivateKey(void);
void ClearDeviceCredentials(void);
bool DeviceIdExists(void);
bool DeviceCertExists(void);
bool DeviceICACertsExists(void);
bool DevicePrivateKeyExists(void);
bool DeviceCredentialsExist(void);
WEAVE_ERROR GenerateAndStoreDeviceCredentials(uint64_t deviceId = kNodeIdNotSpecified);
WEAVE_ERROR GenerateAndReplaceCurrentDeviceCert(void);
private:
uint64_t mDeviceId;
uint8_t mDevicePrivateKey[kWeaveDevicePrivateKeyBufSize];
uint16_t mDevicePrivateKeyLen;
uint8_t mDeviceCert[kWeaveDeviceCertBufSize];
uint16_t mDeviceCertLen;
uint8_t mDeviceICACerts[kWeaveDeviceCertBufSize];
uint16_t mDeviceICACertsLen;
};
enum
{
kMfrAttestType_Undefined = 0,
kMfrAttestType_WeaveCert = 1,
kMfrAttestType_X509Cert = 2,
kMfrAttestType_HMAC = 3,
};
extern void CertProvClientEventHandler(void * appState, WeaveCertProvEngine::EventType eventType, const WeaveCertProvEngine::InEventParam & inParam, WeaveCertProvEngine::OutEventParam & outParam);
class CertProvOptions : public WeaveNodeOpAuthDelegate, public WeaveNodeMfrAttestDelegate, public OptionSetBase
{
public:
uint64_t DeviceId;
uint8_t RequestType;
bool IncludeAuthorizeInfo;
const uint8_t *PairingToken;
uint16_t PairingTokenLen;
const uint8_t *PairingInitData;
uint16_t PairingInitDataLen;
const uint8_t *OperationalCert;
uint16_t OperationalCertLen;
const uint8_t *OperationalPrivateKey;
uint16_t OperationalPrivateKeyLen;
bool IncludeOperationalICACerts;
const uint8_t *OperationalICACerts;
uint16_t OperationalICACertsLen;
uint64_t MfrAttestDeviceId;
uint8_t MfrAttestType;
const uint8_t *MfrAttestCert;
uint16_t MfrAttestCertLen;
const uint8_t *MfrAttestPrivateKey;
uint16_t MfrAttestPrivateKeyLen;
bool IncludeMfrAttestICACerts;
const uint8_t *MfrAttestICACert1;
uint16_t MfrAttestICACert1Len;
const uint8_t *MfrAttestICACert2;
uint16_t MfrAttestICACert2Len;
CertProvOptions();
static void CertProvClientEventHandler(void * appState, WeaveCertProvEngine::EventType eventType,
const WeaveCertProvEngine::InEventParam & inParam, WeaveCertProvEngine::OutEventParam & outParam);
private:
virtual bool HandleOption(const char *progName, OptionSet *optSet, int id, const char *name, const char *arg) __OVERRIDE;
// ===== Methods that implement the WeaveNodeOpAuthDelegate interface
WEAVE_ERROR EncodeOpCert(TLVWriter & writer, uint64_t tag) __OVERRIDE;
WEAVE_ERROR EncodeOpRelatedCerts(TLVWriter & writer, uint64_t tag) __OVERRIDE;
WEAVE_ERROR GenerateAndEncodeOpSig(const uint8_t * hash, uint8_t hashLen, TLVWriter & writer, uint64_t tag) __OVERRIDE;
// ===== Methods that implement the WeaveNodeMfrAttestDelegate interface
WEAVE_ERROR EncodeMAInfo(TLVWriter & writer) __OVERRIDE;
WEAVE_ERROR GenerateAndEncodeMASig(const uint8_t * data, uint16_t dataLen, TLVWriter & writer) __OVERRIDE;
};
extern DeviceCredentialsStore gDeviceCredsStore;
extern CertProvOptions gCertProvOptions;
#endif /* CERTPROVOPTIONS_H_ */