Certificate set API changed. (ARMmbed#73)

One pointer only for certificate chain data.
artokin · Sep 14, 2017 · d108199 · d108199
1 parent 2d622e0
commit d108199
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 26 deletions.
diff --git a/coap-service/coap_service_api.h b/coap-service/coap_service_api.h
@@ -316,18 +316,16 @@ extern int8_t coap_service_set_duplicate_message_buffer(int8_t service_id, uint8
  * Set DTLS certificates.
  *
  * \param service_id Id number of the current service.
- * \param root_cert Pointer to CA certificate
- * \param root_cert_len CA certificate length
- * \param own_cert pointer to own certificate
- * \param own_cert_len length of own certificate
+ * \param cert Pointer to certificate chain
+ * \param cert_len Certificate length
  * \param priv_key pointer to private key
  * \param priv_key_len length of private key
  *
  * \return -1 For failure
  *- 0 For success
  */
 
-extern int8_t coap_service_certificate_set(int8_t service_id, const unsigned char *root_cert, uint16_t root_cert_len, const unsigned char *own_cert, uint16_t own_cert_len, const unsigned char *priv_key, uint8_t priv_key_len);
+extern int8_t coap_service_certificate_set(int8_t service_id, const unsigned char *cert, uint16_t cert_len, const unsigned char *priv_key, uint8_t priv_key_len);
 #ifdef __cplusplus
 }
 #endif

diff --git a/source/coap_security_handler.c b/source/coap_security_handler.c
@@ -282,12 +282,8 @@ static int coap_security_handler_configure_keys (coap_security_t *sec, coap_secu
  switch( sec->_conn_mode ){
  case CERTIFICATE:{
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
- if( mbedtls_x509_crt_parse( &sec->_cacert, keys._ca_cert,
- keys._ca_cert_len ) < 0 ){
- break;
- }
- if( mbedtls_x509_crt_parse( &sec->_owncert, keys._own_cert,
- keys._own_cert_len ) < 0 ){
+ if( keys._cert && mbedtls_x509_crt_parse( &sec->_owncert, keys._cert,
+ keys._cert_len ) < 0 ){
  break;
  }
  if( mbedtls_pk_parse_key(&sec->_pkey, keys._priv_key, keys._priv_key_len, NULL, 0) < 0){
@@ -302,15 +298,15 @@ static int coap_security_handler_configure_keys (coap_security_t *sec, coap_secu
  //TODO: add server certi
  }
  //TODO: use MBEDTLS_SSL_VERIFY_REQUIRED instead of optional
- mbedtls_ssl_conf_authmode( &sec->_conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_conf_authmode( &sec->_conf, MBEDTLS_SSL_VERIFY_NONE );
  mbedtls_ssl_conf_ca_chain( &sec->_conf, &sec->_cacert, NULL );
  ret = 0;
 #endif
  break;
  }
  case PSK: {
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- if( 0 != mbedtls_ssl_conf_psk(&sec->_conf, keys._priv_key, keys._priv_key_len, keys._own_cert, keys._own_cert_len) ){
+ if( 0 != mbedtls_ssl_conf_psk(&sec->_conf, keys._priv_key, keys._priv_key_len, keys._cert, keys._cert_len) ){
  break;
  }
  mbedtls_ssl_conf_ciphersuites(&sec->_conf, PSK_SUITES);
@@ -395,6 +391,7 @@ int coap_security_handler_connect_non_blocking(coap_security_t *sec, bool is_ser
 #endif
 
  if (coap_security_handler_configure_keys(sec, keys, is_server) != 0) {
+ tr_debug("security credential configure failed");
  return -1;
  }
 

diff --git a/source/coap_service_api.c b/source/coap_service_api.c
@@ -554,7 +554,7 @@ uint16_t coap_service_id_find_by_socket(int8_t socket_id)
  return this ? this->service_id:0;
 }
 
-int8_t coap_service_certificate_set(int8_t service_id, const unsigned char *root_cert, uint16_t root_cert_len, const unsigned char *own_cert, uint16_t own_cert_len, const unsigned char *priv_key, uint8_t priv_key_len)
+int8_t coap_service_certificate_set(int8_t service_id, const unsigned char *cert, uint16_t cert_len, const unsigned char *priv_key, uint8_t priv_key_len)
 {
  coap_service_t *this = service_find(service_id);
  if (!this) {
@@ -571,11 +571,8 @@ int8_t coap_service_certificate_set(int8_t service_id, const unsigned char *root
 
  memset(this->conn_handler->security_keys, 0, sizeof(coap_security_keys_t));
 
- this->conn_handler->security_keys->_ca_cert = root_cert;
- this->conn_handler->security_keys->_ca_cert_len = root_cert_len;
-
- this->conn_handler->security_keys->_own_cert = own_cert;
- this->conn_handler->security_keys->_own_cert_len = own_cert_len;
+ this->conn_handler->security_keys->_cert = cert;
+ this->conn_handler->security_keys->_cert_len = cert_len;
 
  this->conn_handler->security_keys->_priv_key = priv_key;
  this->conn_handler->security_keys->_priv_key_len = priv_key_len;

diff --git a/source/include/coap_security_handler.h b/source/include/coap_security_handler.h
@@ -60,10 +60,8 @@ typedef enum {
 typedef struct {
  SecureConnectionMode mode;
  /* Certificate pointers, not owned */
- const unsigned char *_ca_cert;
- uint16_t _ca_cert_len;
- const unsigned char *_own_cert;
- uint16_t _own_cert_len;
+ const unsigned char *_cert;
+ uint16_t _cert_len;
  const unsigned char *_priv_key;
  uint8_t _priv_key_len;
  /* Secure key pointer, owned */

diff --git a/test/coap-service/unittest/coap_service_api/test_coap_service_api.c b/test/coap-service/unittest/coap_service_api/test_coap_service_api.c
@@ -433,7 +433,7 @@ bool test_conn_handler_callbacks()
 bool test_certificate_set()
 {
  /* Service not found, return failure */
- if (-1 != coap_service_certificate_set(1, NULL, 0, NULL, 0, NULL, 0)) {
+ if (-1 != coap_service_certificate_set(1, NULL, 0, NULL, 0)) {
  return false;
  }
 
@@ -446,13 +446,13 @@ bool test_certificate_set()
  return false;
 
  /* Allocation fails */
- if (-1 != coap_service_certificate_set(1, NULL, 0, NULL, 0, NULL, 0)) {
+ if (-1 != coap_service_certificate_set(1, NULL, 0, NULL, 0)) {
  return false;
  }
 
  /* All OK */
  nsdynmemlib_stub.returnCounter = 1;
- if (0 != coap_service_certificate_set(1, NULL, 0, NULL, 0, NULL, 0)) {
+ if (0 != coap_service_certificate_set(1, NULL, 0, NULL, 0)) {
  return false;
  }