Added support for new certificate modification functions

Mika Leppänen · Mika Leppänen · commit dfcebef0a9c5 · 2019-09-11T09:54:37.000+03:00
Added support to PAE controller for own certificate add, own certificates remove
and trusted certificates remove. Own certificate modification functions enable
using der coded certificates on application side.
diff --git a/source/6LoWPAN/ws/ws_pae_controller.c b/source/6LoWPAN/ws/ws_pae_controller.c
@@ -769,6 +769,40 @@ int8_t ws_pae_controller_certificate_chain_set(const arm_certificate_chain_entry
     return 0;
 }
 
+int8_t ws_pae_controller_own_certificate_add(const arm_certificate_entry_s *cert)
+{
+    if (!cert) {
+        return -1;
+    }
+
+    int8_t ret = -1;
+
+    ns_list_foreach(pae_controller_t, entry, &pae_controller_list) {
+        for (uint8_t i = 0; i < SEC_PROT_CERT_CHAIN_DEPTH; i++) {
+            if (entry->certs.own_cert_chain.cert[i] == NULL) {
+                sec_prot_certs_cert_set(&entry->certs.own_cert_chain, i, (uint8_t *) cert->cert, cert->cert_len);
+                // Set private key if set for the certificate that is added
+                if (cert->key && cert->key_len > 0) {
+                    sec_prot_certs_priv_key_set(&entry->certs.own_cert_chain, (uint8_t *) cert->key, cert->key_len);
+                }
+                ret = 0;
+                break;
+            }
+        }
+    }
+
+    return ret;
+}
+
+int8_t ws_pae_controller_own_certificates_remove(void)
+{
+    ns_list_foreach(pae_controller_t, entry, &pae_controller_list) {
+        sec_prot_certs_chain_entry_init(&entry->certs.own_cert_chain);
+    }
+
+    return 0;
+}
+
 int8_t ws_pae_controller_trusted_certificate_add(const arm_certificate_entry_s *cert)
 {
     if (!cert) {
@@ -816,6 +850,15 @@ int8_t ws_pae_controller_trusted_certificate_remove(const arm_certificate_entry_
     return ret;
 }
 
+int8_t ws_pae_controller_trusted_certificates_remove(void)
+{
+    ns_list_foreach(pae_controller_t, entry, &pae_controller_list) {
+        sec_prot_certs_chain_list_delete(&entry->certs.trusted_cert_chain_list);
+    }
+
+    return 0;
+}
+
 int8_t ws_pae_controller_certificate_revocation_list_add(const arm_cert_revocation_list_entry_s *crl)
 {
     if (!crl) {
diff --git a/source/6LoWPAN/ws/ws_pae_controller.h b/source/6LoWPAN/ws/ws_pae_controller.h
@@ -158,6 +158,26 @@ int8_t ws_pae_controller_timing_adjust(uint8_t timing);
  */
 int8_t ws_pae_controller_certificate_chain_set(const arm_certificate_chain_entry_s *chain);
 
+/**
+ * ws_pae_controller_own_certificate_add add own certificate to certificate chain
+ *
+ * \param cert own certificate
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_controller_own_certificate_add(const arm_certificate_entry_s *cert);
+
+/**
+ * ws_pae_controller_own_certificates_remove removes own certificates
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_controller_own_certificates_remove(void);
+
 /**
  * ws_pae_controller_trusted_certificate_add add trusted certificate
  *
@@ -180,6 +200,15 @@ int8_t ws_pae_controller_trusted_certificate_add(const arm_certificate_entry_s *
  */
 int8_t ws_pae_controller_trusted_certificate_remove(const arm_certificate_entry_s *cert);
 
+/**
+ * ws_pae_controller_trusted_certificates_remove removes trusted certificates
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_controller_trusted_certificates_remove(void);
+
 /**
  * ws_pae_controller_certificate_revocation_list_add add certification revocation list
  *
diff --git a/source/libNET/src/ns_net.c b/source/libNET/src/ns_net.c
@@ -988,18 +988,30 @@ int8_t arm_network_trusted_certificate_remove(const arm_certificate_entry_s *cer
 
 int8_t arm_network_trusted_certificates_remove(void)
 {
+#ifdef HAVE_WS
+    return ws_pae_controller_trusted_certificates_remove();
+#else
     return -1;
+#endif
 }
 
 int8_t arm_network_own_certificate_add(const arm_certificate_entry_s *cert)
 {
+#ifdef HAVE_WS
+    return ws_pae_controller_own_certificate_add(cert);
+#else
     (void) cert;
     return -1;
+#endif
 }
 
 extern int8_t arm_network_own_certificates_remove(void)
 {
+#ifdef HAVE_WS
+    return ws_pae_controller_own_certificates_remove();
+#else
     return -1;
+#endif
 }
 
 int8_t arm_network_certificate_revocation_list_add(const arm_cert_revocation_list_entry_s *crl)

Original file line number	Diff line number	Diff line change
`@@ -988,18 +988,30 @@ int8_t arm_network_trusted_certificate_remove(const arm_certificate_entry_s *cer`
`988`	`988`
`989`	`989`	`int8_t arm_network_trusted_certificates_remove(void)`
`990`	`990`	`{`
	`991`	`+#ifdef HAVE_WS`
	`992`	`+ return ws_pae_controller_trusted_certificates_remove();`
	`993`	`+#else`
`991`	`994`	`return -1;`
	`995`	`+#endif`
`992`	`996`	`}`
`993`	`997`
`994`	`998`	`int8_t arm_network_own_certificate_add(const arm_certificate_entry_s *cert)`
`995`	`999`	`{`
	`1000`	`+#ifdef HAVE_WS`
	`1001`	`+ return ws_pae_controller_own_certificate_add(cert);`
	`1002`	`+#else`
`996`	`1003`	`(void) cert;`
`997`	`1004`	`return -1;`
	`1005`	`+#endif`
`998`	`1006`	`}`
`999`	`1007`
`1000`	`1008`	`extern int8_t arm_network_own_certificates_remove(void)`
`1001`	`1009`	`{`
	`1010`	`+#ifdef HAVE_WS`
	`1011`	`+ return ws_pae_controller_own_certificates_remove();`
	`1012`	`+#else`
`1002`	`1013`	`return -1;`
	`1014`	`+#endif`
`1003`	`1015`	`}`
`1004`	`1016`
`1005`	`1017`	`int8_t arm_network_certificate_revocation_list_add(const arm_cert_revocation_list_entry_s *crl)`