Merge pull request #11539 from mikaleppanen/cert_key_len_supp

0xc0170 · web-flow · commit 57c4a08e48b7 · 2019-10-15T13:05:23.000+08:00
Enable DER coded certificate support to Wi-SUN mesh API
diff --git a/features/nanostack/mbed-mesh-api/mbed_lib.json b/features/nanostack/mbed-mesh-api/mbed_lib.json
@@ -159,17 +159,29 @@
             "value": null
         },
         "root-certificate": {
-            "help": "Root certificate in PEM format (must be a null terminated c-string)",
+            "help": "Root certificate; in PEM format must be a null terminated c-string, in DER format the root-certificate-len must be set",
             "value": null
         },
+        "root-certificate-len": {
+            "help": "Root certificate length; optional for PEM format, must be defined for DER format",
+            "value": null
+        },        
         "own-certificate": {
-            "help": "Own certificate in PEM format (must be a null terminated c-string)",
+            "help": "Own certificate; in PEM format must be a null terminated c-string, in DER format the own-certificate-len must be set",
+            "value": null
+        },
+        "own-certificate-len": {
+            "help": "Own certificate length; optional for PEM format, must be defined for DER format",
             "value": null
         },
         "own-certificate-key": {
-            "help": "Own certificate's key in PEM format (must be a null terminated c-string)",
+            "help": "Own certificate's key; in PEM format must be a null terminated c-string, in DER format the own-certificate-key-len must be set",
             "value": null
-        }
+        },
+        "own-certificate-key-len": {
+            "help": "Own certificate's key length; optional for PEM format, must be defined for DER format",
+            "value": null
+        }        
     },
     "target_overrides": {
         "KW24D": {
diff --git a/features/nanostack/mbed-mesh-api/source/wisun_tasklet.c b/features/nanostack/mbed-mesh-api/source/wisun_tasklet.c
@@ -269,15 +269,36 @@ static void wisun_tasklet_configure_and_connect_to_network(void)
     }
 
 #if defined(MBED_CONF_MBED_MESH_API_CERTIFICATE_HEADER)
-    arm_certificate_chain_entry_s chain_info;
-    memset(&chain_info, 0, sizeof(arm_certificate_chain_entry_s));
-    chain_info.cert_chain[0] = (const uint8_t *) MBED_CONF_MBED_MESH_API_ROOT_CERTIFICATE;
-    chain_info.cert_len[0] = strlen((const char *) MBED_CONF_MBED_MESH_API_ROOT_CERTIFICATE) + 1;
-    chain_info.cert_chain[1] = (const uint8_t *) MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE;
-    chain_info.cert_len[1] = strlen((const char *) MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE) + 1;
-    chain_info.key_chain[1] = (const uint8_t *) MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE_KEY;
-    chain_info.chain_length = 2;
-    arm_network_certificate_chain_set((const arm_certificate_chain_entry_s *) &chain_info);
+    arm_certificate_entry_s trusted_cert = {
+        .cert = MBED_CONF_MBED_MESH_API_ROOT_CERTIFICATE,
+        .key = NULL,
+        .cert_len = 0,
+        .key_len = 0
+    };
+#ifdef MBED_CONF_MBED_MESH_API_ROOT_CERTIFICATE_LEN
+    trusted_cert.cert_len = MBED_CONF_MBED_MESH_API_ROOT_CERTIFICATE_LEN;
+#else
+    trusted_cert.cert_len = strlen((const char *) MBED_CONF_MBED_MESH_API_ROOT_CERTIFICATE) + 1;
+#endif
+    arm_network_trusted_certificate_add((const arm_certificate_entry_s *)&trusted_cert);
+
+    arm_certificate_entry_s own_cert = {
+        .cert = MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE,
+        .key =  MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE_KEY,
+        .cert_len = 0,
+        .key_len = 0
+    };
+#ifdef MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE_LEN
+    own_cert.cert_len = MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE_LEN;
+#else
+    own_cert.cert_len = strlen((const char *) MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE) + 1;
+#endif
+#ifdef MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE_KEY_LEN
+    own_cert.key_len = MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE_KEY_LEN;
+#else
+    own_cert.key_len = strlen((const char *) MBED_CONF_MBED_MESH_API_OWN_CERTIFICATE_KEY) + 1;
+#endif
+    arm_network_own_certificate_add((const arm_certificate_entry_s *)&own_cert);
 #endif
 
     status = arm_nwk_interface_up(wisun_tasklet_data_ptr->network_interface_id);
diff --git a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c
@@ -821,6 +821,40 @@ int8_t ws_pae_controller_own_certificates_remove(void)
     return 0;
 }
 
+int8_t ws_pae_controller_own_certificate_add(const arm_certificate_entry_s *cert)
+{
+    if (!cert) {
+        return -1;
+    }
+
+    int8_t ret = -1;
+
+    ns_list_foreach(pae_controller_t, entry, &pae_controller_list) {
+        for (uint8_t i = 0; i < SEC_PROT_CERT_CHAIN_DEPTH; i++) {
+            if (entry->certs.own_cert_chain.cert[i] == NULL) {
+                sec_prot_certs_cert_set(&entry->certs.own_cert_chain, i, (uint8_t *) cert->cert, cert->cert_len);
+                // Set private key if set for the certificate that is added
+                if (cert->key && cert->key_len > 0) {
+                    sec_prot_certs_priv_key_set(&entry->certs.own_cert_chain, (uint8_t *) cert->key, cert->key_len);
+                }
+                ret = 0;
+                break;
+            }
+        }
+    }
+
+    return ret;
+}
+
+int8_t ws_pae_controller_own_certificates_remove(void)
+{
+    ns_list_foreach(pae_controller_t, entry, &pae_controller_list) {
+        sec_prot_certs_chain_entry_init(&entry->certs.own_cert_chain);
+    }
+
+    return 0;
+}
+
 int8_t ws_pae_controller_trusted_certificate_add(const arm_certificate_entry_s *cert)
 {
     if (!cert) {
