 |
ndn-lite
|
|
ndn-lite
|
#include "sign-on-basic-client-consts.h"#include "sign-on-basic-sec-intf-setter.h"#include <stddef.h>#include <stdint.h>Go to the source code of this file.
Data Structures | |
| struct | sign_on_basic_sec_intf |
| struct | sign_on_basic_client |
Typedefs | |
| typedef int(* | sign_on_basic_sec_gen_sha256_hash) (const uint8_t *payload, uint32_t payload_len, uint8_t *output) |
| Generic function interface for generating a sha256 hash. More... | |
| typedef int(* | sign_on_basic_sec_gen_n1_keypair) (uint8_t *pub_key_buf, uint32_t pub_key_buf_len, uint32_t *pub_key_output_len, uint8_t *pri_key_buf, uint32_t pri_key_buf_len, uint32_t *pri_key_output_len) |
| Generic function interface for generating the N1 keypair. More... | |
| typedef int(* | sign_on_basic_sec_gen_kt) (const uint8_t *N2_pub_key, uint32_t N2_pub_key_len, const uint8_t *N1_pri_key, uint32_t N1_pri_key_len, uint8_t *output_buf, uint32_t output_buf_len, uint32_t *output_len) |
| Generic function interface for generating KT. More... | |
| typedef int(* | sign_on_basic_sec_gen_btstrp_rqst_sig) (const uint8_t *KS_pri_p, const uint8_t *payload, uint32_t payload_len, uint8_t *output_buf, uint32_t output_buf_len, uint32_t *output_len) |
| Generic function interface for generating signature of bootstrapping request. More... | |
| typedef int(* | sign_on_basic_sec_vrfy_btstrp_rqst_rspns_sig) (const uint8_t *payload, uint32_t payload_len, const uint8_t *sig, uint32_t sig_len, const uint8_t *secure_sign_on_code_p, uint32_t secure_sign_on_code_len) |
| Generic function interface for verifying signature of bootstrapping request response. More... | |
| typedef int(* | sign_on_basic_sec_gen_cert_rqst_sig) (const uint8_t *KS_pri_p, const uint8_t *payload, uint32_t payload_len, uint8_t *output_buf, uint32_t output_buf_len, uint32_t *output_len) |
| Generic function interface for generating signature of certificate request. More... | |
| typedef int(* | sign_on_basic_sec_vrfy_cert_rqst_rspns_sig) (const uint8_t *payload, uint32_t payload_len, const uint8_t *sig, uint32_t sig_len, const uint8_t *KT_p, uint32_t KT_len) |
| Generic function interface for verifying signature of certificate request response. More... | |
| typedef int(* | sign_on_basic_sec_decrypt_kd_pri) (uint8_t *KT_p, uint32_t KT_len, const uint8_t *encrypted_kd_pri, uint32_t encrypted_kd_pri_len, uint8_t *decrypted_kd_pri, uint32_t decrypted_kd_pri_buf_len, uint32_t *decrypted_kd_pri_len) |
| Generic function interface for decrypting the encrypted KD private key in the certificate request response. More... | |
| typedef int(* | sign_on_basic_sec_gen_fin_msg_sig) (const uint8_t *KS_pri_p, const uint8_t *payload, uint32_t payload_len, uint8_t *output_buf, uint32_t output_buf_len, uint32_t *output_len) |
| Generic function interface for generating signature of finish message. More... | |
| typedef struct sign_on_basic_client | sign_on_basic_client_t |
Functions | |
| int | sign_on_basic_client_init (uint8_t variant, sign_on_basic_client_t *sign_on_basic_client, const uint8_t *device_identifier_p, uint32_t device_identifier_len, const uint8_t *device_capabilities_p, uint32_t device_capabilities_len, const uint8_t *secure_sign_on_code_p, const uint8_t *KS_pub_p, uint32_t KS_pub_len, const uint8_t *KS_pri_p, uint32_t KS_pri_len) |
| Initialize state for a sign_on_basic_client_t. More... | |
| int | cnstrct_btstrp_rqst (uint8_t *buf_p, uint32_t buf_len, uint32_t *output_len_p, sign_on_basic_client_t *sign_on_basic_client) |
| Construct a bootstrapping request. More... | |
| int | prcs_btstrp_rqst_rspns (const uint8_t *btstrp_rqst_rspns_buf_p, uint32_t btstrp_rqst_rspns_buf_len, sign_on_basic_client_t *sign_on_basic_client) |
| Process a bootstrapping request response. More... | |
| int | cnstrct_cert_rqst (uint8_t *buf_p, uint32_t buf_len, uint32_t *output_len_p, sign_on_basic_client_t *sign_on_basic_client) |
| Construct a certificate request. More... | |
| int | prcs_cert_rqst_rspns (const uint8_t *cert_rqst_rspns_buf_p, uint32_t cert_rqst_rspns_buf_len, sign_on_basic_client_t *sign_on_basic_client) |
| Process a certificate request response. More... | |
| int | cnstrct_fin_msg (uint8_t *buf_p, uint32_t buf_len, uint32_t *output_len_p, sign_on_basic_client_t *sign_on_basic_client) |
| Construct a sign-on basic finish message (this lets the controller know sign-on was completed successfully. More... | |
| typedef struct sign_on_basic_client sign_on_basic_client_t |
| typedef int(* sign_on_basic_sec_decrypt_kd_pri) (uint8_t *KT_p, uint32_t KT_len, const uint8_t *encrypted_kd_pri, uint32_t encrypted_kd_pri_len, uint8_t *decrypted_kd_pri, uint32_t decrypted_kd_pri_buf_len, uint32_t *decrypted_kd_pri_len) |
Generic function interface for decrypting the encrypted KD private key in the certificate request response.
Specific details regarding the encrypted KD private key are described in the sign on basic variant implementation.
| [in] | KT_p | Pointer to KT, which will be used for decryption. |
| [in] | KT_len | Length of KT. |
| [in] | encrypted_kd_pri | Buffer containing encrypted KD key pair private key to be decrypted. |
| [in] | encrypted_kd_pri_len | Length of buffer containing encrypted KD key pair private key. |
| [in] | decrypted_kd_pri | Buffer where decrypted KD key pair private key will be stored. |
| [in] | decrypted_payload_buf_len | Length of buffer where decrypted key will be stored. |
| [in] | decrypted_kd_pri_len | Pointer to variable that will be filled with size of decrypted key upon successful decryption. |
| typedef int(* sign_on_basic_sec_gen_btstrp_rqst_sig) (const uint8_t *KS_pri_p, const uint8_t *payload, uint32_t payload_len, uint8_t *output_buf, uint32_t output_buf_len, uint32_t *output_len) |
Generic function interface for generating signature of bootstrapping request.
Specific details regarding the signature of the bootstrapping request are described in the sign on basic variant implementation.
| [in] | KS_pri_p | Pointer to KS private key, which will be used to generate signature. |
| [in] | payload | Payload to be signed. Currently, this is all of the bytes of the bootstrapping request, excluding the packet header (as in, excluding the bootstrapping request tlv type and length) and the signature tlv block (as in, excluding the signature tlv, type, length, and value). |
| [in] | payload_len | Length of payload to be signed. |
| [in] | output_buf | Pre-allocated buffer where generated signature will be stored. |
| [in] | output_buf_len | Length of output_buf. |
| [in] | output_len | Variable where length of generated signature will be stored if signature generation is successful. |
| typedef int(* sign_on_basic_sec_gen_cert_rqst_sig) (const uint8_t *KS_pri_p, const uint8_t *payload, uint32_t payload_len, uint8_t *output_buf, uint32_t output_buf_len, uint32_t *output_len) |
Generic function interface for generating signature of certificate request.
Specific details regarding the signatuer of the certificate request are described in the sign on basic variant implementation.
| [in] | KS_pri_p | Pointer to KS private key, which will be used to generate signature. |
| [in] | payload | Payload to be signed. Currently, this is all of the bytes of the certificate request, excluding the packet header (as in, excluding the certificate request tlv type and length) and the signature tlv block (as in, excluding the signature tlv, type, length, and value). |
| [in] | payload_len | Length of payload to be signed. |
| [in] | output_buf | Pre-allocated buffer where generated signature will be stored. |
| [in] | output_buf_len | Length of output_buf. |
| [in] | output_len | Variable where length of generated signature will be stored if signature generation is successful. |
| typedef int(* sign_on_basic_sec_gen_fin_msg_sig) (const uint8_t *KS_pri_p, const uint8_t *payload, uint32_t payload_len, uint8_t *output_buf, uint32_t output_buf_len, uint32_t *output_len) |
Generic function interface for generating signature of finish message.
Specific details regarding the signature of the finish message are described in the sign on basic variant implementation.
| [in] | KS_pri_p | Pointer to KS private key, which will be used to generate signature. |
| [in] | payload | Payload to be signed. Currently, this is all of the bytes of the finish message, excluding the packet header (as in, excluding the finish message tlv type and length) and the signature tlv block (as in, excluding the signature tlv, type, length, and value). |
| [in] | payload_len | Length of payload to be signed. |
| [in] | output_buf | Pre-allocated buffer where generated signature will be stored. |
| [in] | output_buf_len | Length of output_buf. |
| [in] | output_len | Variable where length of generated signature will be stored if signature generation is successful. |
| typedef int(* sign_on_basic_sec_gen_kt) (const uint8_t *N2_pub_key, uint32_t N2_pub_key_len, const uint8_t *N1_pri_key, uint32_t N1_pri_key_len, uint8_t *output_buf, uint32_t output_buf_len, uint32_t *output_len) |
Generic function interface for generating KT.
Specific details regarding the keys that are used to derive KT are described in the sign on basic variant implementation.
| [in] | N2_pub_key | N2 key pair public key. |
| [in] | N2_pub_key_len | Length of N2 key pair public key. |
| [in] | N1_pri_key | N1 key pair private key. |
| [in] | N1_pri_key_len | Length of N1 key pair private key. |
| [in] | output_buf | Pre-allocated buffer where the generated KT will be stored. |
| [in] | output_buf_len | Length of output_buf. |
| [in] | output_len | Where the length of KT will be stored upon successful generation. |
| typedef int(* sign_on_basic_sec_gen_n1_keypair) (uint8_t *pub_key_buf, uint32_t pub_key_buf_len, uint32_t *pub_key_output_len, uint8_t *pri_key_buf, uint32_t pri_key_buf_len, uint32_t *pri_key_output_len) |
Generic function interface for generating the N1 keypair.
Specific details regarding the keys of the N1 key pair are described in the sign on basic variant implementation.
| [in] | N1_pub_key_buf | Pre-allocated buffer where generated N1 key pair public key will be stored. |
| [in] | N1_pub_key_buf_len | Length of N1_pub_key_buf. |
| [in] | N1_pub_key_output_len | Variable where length of N1 key pair public key will be stored, if generation is successful. |
| [in] | N1_pri_key_buf | Pre-allocated buffer where generated N1 key pair private key will be stored. |
| [in] | N1_pri_key_buf_len | Length of N1_pri_key_buf. |
| [in] | N1_pri_key_output_len | Variable where length of N1 key pair private key will be stored, if generation is successful. |
| typedef int(* sign_on_basic_sec_gen_sha256_hash) (const uint8_t *payload, uint32_t payload_len, uint8_t *output) |
Generic function interface for generating a sha256 hash.
| [in] | payload | Payload to be hashed. |
| [in] | payload_len | Length of payload to be hashed. |
| [in] | output | Buffer where hash will be outputted. Hash will be of length SIGN_ON_BASIC_SHA256_HASH_SIZE. |
| typedef int(* sign_on_basic_sec_vrfy_btstrp_rqst_rspns_sig) (const uint8_t *payload, uint32_t payload_len, const uint8_t *sig, uint32_t sig_len, const uint8_t *secure_sign_on_code_p, uint32_t secure_sign_on_code_len) |
Generic function interface for verifying signature of bootstrapping request response.
Specific details regarding the signature of the bootstrapping request are described in the sign on basic variant implementation.
| [in] | payload | Payload over which signature will be verified. Currently, this |
is all of the bytes of the bootstrapping request response, excluding the packet header (as in, excluding the bootstrapping request response tlv type and length) and the signature tlv
block (as in, excluding the signature tlv, type, length, and value).
| [in] | payload_len | Length of payload. |
| [in] | sig | Signature to verify. |
| [in] | sig_len | Length of signature to verify. |
| [in] | secure_sign_on_code_p | Pointer to secure sign on code, which will be used to verify the signature. |
| [in] | secure_sign_on_code_len | Length of secure sign on code. |
| typedef int(* sign_on_basic_sec_vrfy_cert_rqst_rspns_sig) (const uint8_t *payload, uint32_t payload_len, const uint8_t *sig, uint32_t sig_len, const uint8_t *KT_p, uint32_t KT_len) |
Generic function interface for verifying signature of certificate request response.
Specific details regarding the certificate request response signature are described in the sign on basic variant implementation.
| [in] | payload | Payload over which signature will be verified. Currently, this |
is all of the bytes of the certificate request response, excluding the packet header (as in, excluding the certificate request response tlv type and length) and the signature tlv
block (as in, excluding the signature tlv, type, length, and value).
| [in] | payload_len | Length of payload. |
| [in] | sig | Signature to verify. |
| [in] | sig_len | Length of signature to verify. |
| [in] | KT_p | Pointer to KT, which will be used to verify the signature. |
| [in] | KT_len | Length of KT. |
| int cnstrct_btstrp_rqst | ( | uint8_t * | buf_p, |
| uint32_t | buf_len, | ||
| uint32_t * | output_len_p, | ||
| sign_on_basic_client_t * | sign_on_basic_client | ||
| ) |
Construct a bootstrapping request.
For a given sign on exchange: Should be called after sign_on_basic_client_init. Should be called before prcs_btstrp_rqst_rspns, cnstrct_cert_rqst, and prcs_cert_rqst_rspns.
| [in] | buf_p | Pre allocated buffer to use in generating bootstrapping request. |
| [in] | buf_len | Length of pre allocated buffer. |
| [in] | output_len_p | Pointer to variable that will be filled with length of generated bootstrapping request upon successful construction. |
| [in] | sign_on_basic_client | Reference to the sign_on_basic_client_t to use in construction. |
| int cnstrct_cert_rqst | ( | uint8_t * | buf_p, |
| uint32_t | buf_len, | ||
| uint32_t * | output_len_p, | ||
| sign_on_basic_client_t * | sign_on_basic_client | ||
| ) |
Construct a certificate request.
For a given sign on exchange: Should be called after sign_on_basic_client_init, and prcs_btstrp_rqst_rspns. Should be called before prcs_cert_rqst_rspns.
| [in] | buf_p | Pre allocated buffer to use in generating certificate request. |
| [in] | buf_len | Length of pre allocated buffer. |
| [in] | output_len_p | Pointer to variable that will be filled with length of generated certificate request upon successful construction. |
| [in] | sign_on_basic_client | Reference to the sign_on_basic_client_t to use in construction. |
| int cnstrct_fin_msg | ( | uint8_t * | buf_p, |
| uint32_t | buf_len, | ||
| uint32_t * | output_len_p, | ||
| sign_on_basic_client_t * | sign_on_basic_client | ||
| ) |
Construct a sign-on basic finish message (this lets the controller know sign-on was completed successfully.
For a given sign on exchange: Should be called after sign_on_basic_client_init, prcs_btstrp_rqst_rspns, cnstrct_cert_rqst, and prcs_cert_rqst_rspns. Should be called last in the sign-on process.
| [in] | buf_p | Pre allocated buffer to use in generating finish message. |
| [in] | buf_len | Length of pre allocated buffer. |
| [in] | output_len_p | Pointer to variable that will be filled with length of generated finish message upon successful construction. |
| [in] | sign_on_basic_client | Reference to the sign_on_basic_client_t to use in construction. |
| int prcs_btstrp_rqst_rspns | ( | const uint8_t * | btstrp_rqst_rspns_buf_p, |
| uint32_t | btstrp_rqst_rspns_buf_len, | ||
| sign_on_basic_client_t * | sign_on_basic_client | ||
| ) |
Process a bootstrapping request response.
For a given sign on exchange: Should be called after sign_on_basic_client_init and prcs_btstrp_rqst_rspns. Should be called before cnstrct_cert_rqst, and prcs_cert_rqst_rspns.
| [in] | btstrp_rqst_rspns_buf_p | Buffer that holds the bootstrapping request response. |
| [in] | btstrp_rqst_rspns_buf_len | Length of the bootstrapping request response. |
| [in] | sign_on_basic_client | Reference to the sign_on_basic_client_t to modify while processing. |
| int prcs_cert_rqst_rspns | ( | const uint8_t * | cert_rqst_rspns_buf_p, |
| uint32_t | cert_rqst_rspns_buf_len, | ||
| sign_on_basic_client_t * | sign_on_basic_client | ||
| ) |
Process a certificate request response.
For a given sign on exchange: Should be called after sign_on_basic_client_init, prcs_btstrp_rqst_rspns, and cnstrct_cert_rqst. Should be called before cnstrct_fin_msg.
| [in] | cert_rqst_rspns_buf_p | Buffer that holds the certificate request response. |
| [in] | cert_rqst_rspns_buf_len | Length of the certificate request response. |
| [in] | sign_on_basic_client | Reference to the sign_on_basic_client_t to modify while processing. |
| int sign_on_basic_client_init | ( | uint8_t | variant, |
| sign_on_basic_client_t * | sign_on_basic_client, | ||
| const uint8_t * | device_identifier_p, | ||
| uint32_t | device_identifier_len, | ||
| const uint8_t * | device_capabilities_p, | ||
| uint32_t | device_capabilities_len, | ||
| const uint8_t * | secure_sign_on_code_p, | ||
| const uint8_t * | KS_pub_p, | ||
| uint32_t | KS_pub_len, | ||
| const uint8_t * | KS_pri_p, | ||
| uint32_t | KS_pri_len | ||
| ) |
Initialize state for a sign_on_basic_client_t.
All buffers passed in will be copied into the sign_on_basic_client basic client.
| [in] | variant | This is the variant of the Sign-On basic protocol that you want to initialize. This will change the function pointers that are passed to sign_on_basic_sec_intf to do security related operations, like signature generation. See secure-sign-on-basic-consts.h for all of the variants, as |
well as descriptions.
| [in] | sign_on_basic_client | Reference to the sign_on_basic_client_t to be initialized. |
| [in] | device_identifier_p | See the sign_on_basic_client_t documentation. |
| [in] | device_identifier_len | " " |
| [in] | device_capabilities_p | " " |
| [in] | device_capabilities_len | " " |
| [in] | secure_sign_on_code_p | " " |
| [in] | KS_pub_p | " " |
| [in] | KS_pub_len | " " |
| [in] | KS_pri_p | " " |
| [in] | KS_pri_len | " " |
1.8.15