mirror/bbfdm
1
0
Fork 0
mirror of https://dev.iopsys.eu/bbf/bbfdm.git synced 2026-02-06 12:00:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ticket refs #1835: Device.Security. object (code style review)

Browse source
This commit is contained in:
Omar Kallel 2020-03-04 12:06:11 +01:00
parent 5b0bc22622
commit fbedd21f07
3 changed files with 159 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

250
dmtree/tr181/security.c
View file

@ -5,7 +5,7 @@
* it under the terms of the GNU Lesser General Public License version 2.1
* as published by the Free Software Foundation
*
* Author: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>
* Author: Omar Kallel <omar.kallel@pivasoftware.com>
*/
#include "security.h"
@ -46,7 +46,8 @@ X509 *cert,
#elif LMBEDTLS
mbedtls_x509_crt cert,
#endif
struct uci_section *dmsect, struct certificate_profile *certprofile) {
struct uci_section *dmsect, struct certificate_profile *certprofile)
{
certprofile->path = path;
#ifdef LOPENSSL
certprofile->openssl_cert = cert;
@ -59,122 +60,124 @@ struct uci_section *dmsect, struct certificate_profile *certprofile) {
#ifdef LOPENSSL
int convert_ASN1TIME(ASN1_TIME *t, char* buf, size_t len)
{
int rc;
BIO *b = BIO_new(BIO_s_mem());
rc = ASN1_TIME_print(b, t);
if (rc <= 0) {
BIO_free(b);
return EXIT_FAILURE;
}
rc = BIO_gets(b, buf, len);
if (rc <= 0) {
BIO_free(b);
return EXIT_FAILURE;
}
BIO_free(b);
return EXIT_SUCCESS;
int rc;
BIO *b = BIO_new(BIO_s_mem());
rc = ASN1_TIME_print(b, t);
if (rc <= 0) {
BIO_free(b);
return EXIT_FAILURE;
}
rc = BIO_gets(b, buf, len);
if (rc <= 0) {
BIO_free(b);
return EXIT_FAILURE;
}
BIO_free(b);
return EXIT_SUCCESS;
}
char *get_certificate_sig_alg(int sig_nid){
char *get_certificate_sig_alg(int sig_nid)
{
switch(sig_nid) {
case NID_sha256WithRSAEncryption:
return LN_sha256WithRSAEncryption;
case NID_sha384WithRSAEncryption:
return LN_sha384WithRSAEncryption;
case NID_sha512WithRSAEncryption:
return LN_sha512WithRSAEncryption;
case NID_sha224WithRSAEncryption:
return LN_sha224WithRSAEncryption;
case NID_sha512_224WithRSAEncryption:
return LN_sha512_224WithRSAEncryption;
case NID_sha512_256WithRSAEncryption:
return LN_sha512_224WithRSAEncryption;
case NID_pbeWithMD2AndDES_CBC:
return LN_pbeWithMD2AndDES_CBC;
case NID_pbeWithMD5AndDES_CBC:
return LN_pbeWithMD5AndDES_CBC;
case NID_pbeWithMD2AndRC2_CBC:
return LN_pbeWithMD5AndDES_CBC;
case NID_pbeWithMD5AndRC2_CBC:
return LN_pbeWithMD5AndRC2_CBC;
case NID_pbeWithSHA1AndDES_CBC:
return LN_pbeWithSHA1AndDES_CBC;
case NID_pbeWithSHA1AndRC2_CBC:
return LN_pbeWithSHA1AndDES_CBC;
case NID_pbe_WithSHA1And128BitRC4:
return LN_pbe_WithSHA1And128BitRC4;
case NID_pbe_WithSHA1And40BitRC4:
return LN_pbe_WithSHA1And40BitRC4;
case NID_pbe_WithSHA1And3_Key_TripleDES_CBC:
return LN_pbe_WithSHA1And3_Key_TripleDES_CBC;
case NID_pbe_WithSHA1And2_Key_TripleDES_CBC:
return LN_pbe_WithSHA1And2_Key_TripleDES_CBC;
case NID_pbe_WithSHA1And128BitRC2_CBC:
return LN_pbe_WithSHA1And128BitRC2_CBC;
case NID_pbe_WithSHA1And40BitRC2_CBC:
return LN_pbe_WithSHA1And40BitRC2_CBC;
case NID_sm3WithRSAEncryption:
return LN_sm3WithRSAEncryption;
case NID_shaWithRSAEncryption:
return LN_shaWithRSAEncryption;
case NID_md2WithRSAEncryption:
return LN_md2WithRSAEncryption;
case NID_md4WithRSAEncryption:
return LN_md4WithRSAEncryption;
case NID_md5WithRSAEncryption:
return LN_md5WithRSAEncryption;
case NID_sha1WithRSAEncryption:
return LN_sha1WithRSAEncryption;
default:
return "";
case NID_sha256WithRSAEncryption:
return LN_sha256WithRSAEncryption;
case NID_sha384WithRSAEncryption:
return LN_sha384WithRSAEncryption;
case NID_sha512WithRSAEncryption:
return LN_sha512WithRSAEncryption;
case NID_sha224WithRSAEncryption:
return LN_sha224WithRSAEncryption;
case NID_sha512_224WithRSAEncryption:
return LN_sha512_224WithRSAEncryption;
case NID_sha512_256WithRSAEncryption:
return LN_sha512_224WithRSAEncryption;
case NID_pbeWithMD2AndDES_CBC:
return LN_pbeWithMD2AndDES_CBC;
case NID_pbeWithMD5AndDES_CBC:
return LN_pbeWithMD5AndDES_CBC;
case NID_pbeWithMD2AndRC2_CBC:
return LN_pbeWithMD5AndDES_CBC;
case NID_pbeWithMD5AndRC2_CBC:
return LN_pbeWithMD5AndRC2_CBC;
case NID_pbeWithSHA1AndDES_CBC:
return LN_pbeWithSHA1AndDES_CBC;
case NID_pbeWithSHA1AndRC2_CBC:
return LN_pbeWithSHA1AndDES_CBC;
case NID_pbe_WithSHA1And128BitRC4:
return LN_pbe_WithSHA1And128BitRC4;
case NID_pbe_WithSHA1And40BitRC4:
return LN_pbe_WithSHA1And40BitRC4;
case NID_pbe_WithSHA1And3_Key_TripleDES_CBC:
return LN_pbe_WithSHA1And3_Key_TripleDES_CBC;
case NID_pbe_WithSHA1And2_Key_TripleDES_CBC:
return LN_pbe_WithSHA1And2_Key_TripleDES_CBC;
case NID_pbe_WithSHA1And128BitRC2_CBC:
return LN_pbe_WithSHA1And128BitRC2_CBC;
case NID_pbe_WithSHA1And40BitRC2_CBC:
return LN_pbe_WithSHA1And40BitRC2_CBC;
case NID_sm3WithRSAEncryption:
return LN_sm3WithRSAEncryption;
case NID_shaWithRSAEncryption:
return LN_shaWithRSAEncryption;
case NID_md2WithRSAEncryption:
return LN_md2WithRSAEncryption;
case NID_md4WithRSAEncryption:
return LN_md4WithRSAEncryption;
case NID_md5WithRSAEncryption:
return LN_md5WithRSAEncryption;
case NID_sha1WithRSAEncryption:
return LN_sha1WithRSAEncryption;
default:
return "";
}
}
#elif LMBEDTLS
char *get_certificate_md(mbedtls_md_type_t sig_md) {
switch(sig_md) {
case MBEDTLS_MD_MD2:
return "md2";
case MBEDTLS_MD_MD4:
return "md4";
break;
case MBEDTLS_MD_MD5:
return "md5";
case MBEDTLS_MD_SHA1:
return "sha1";
case MBEDTLS_MD_SHA224:
return "sha224";
case MBEDTLS_MD_SHA256:
return "sha256";
case MBEDTLS_MD_SHA384:
return "sha384";
case MBEDTLS_MD_SHA512:
return "sha512";
case MBEDTLS_MD_RIPEMD160:
return "ripemd160";
default:
return "";
}
return "";
char *get_certificate_md(mbedtls_md_type_t sig_md)
{
switch(sig_md) {
case MBEDTLS_MD_MD2:
return "md2";
case MBEDTLS_MD_MD4:
return "md4";
case MBEDTLS_MD_MD5:
return "md5";
case MBEDTLS_MD_SHA1:
return "sha1";
case MBEDTLS_MD_SHA224:
return "sha224";
case MBEDTLS_MD_SHA256:
return "sha256";
case MBEDTLS_MD_SHA384:
return "sha384";
case MBEDTLS_MD_SHA512:
return "sha512";
case MBEDTLS_MD_RIPEMD160:
return "ripemd160";
default:
return "";
}
return "";
}
char *get_certificate_pk(mbedtls_pk_type_t sig_pk) {
switch(sig_pk) {
case MBEDTLS_PK_RSA:
return "RSA";
case MBEDTLS_PK_ECKEY:
return "ECKEY";
case MBEDTLS_PK_ECKEY_DH:
return "ECKEYDH";
case MBEDTLS_PK_ECDSA:
return "ECDSA";
case MBEDTLS_PK_RSA_ALT:
return "RSAALT";
case MBEDTLS_PK_RSASSA_PSS:
return "RSASSAPSS";
default:
return "";
}
return "";
char *get_certificate_pk(mbedtls_pk_type_t sig_pk)
{
switch(sig_pk) {
case MBEDTLS_PK_RSA:
return "RSA";
case MBEDTLS_PK_ECKEY:
return "ECKEY";
case MBEDTLS_PK_ECKEY_DH:
return "ECKEYDH";
case MBEDTLS_PK_ECDSA:
return "ECDSA";
case MBEDTLS_PK_RSA_ALT:
return "RSAALT";
case MBEDTLS_PK_RSASSA_PSS:
return "RSASSAPSS";
default:
return "";
}
return "";
}
#endif
@ -197,17 +200,17 @@ int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_node, void
#ifdef LOPENSSL
FILE *fp = NULL;
fp = fopen(certifcates_paths[i], "r");
X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
if (!cert) {
fclose(fp);
continue;
}
X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
if (!cert) {
fclose(fp);
continue;
}
if ((dmmap_sect = get_dup_section_in_dmmap_opt("dmmap_security", "security_certificate", "path", certifcates_paths[i])) == NULL) {
dmuci_add_section_bbfdm("dmmap_security", "security_certificate", &dmmap_sect, &v);
DMUCI_SET_VALUE_BY_SECTION(bbfdm, dmmap_sect, "path", certifcates_paths[i]);
}
init_certificate(certifcates_paths[i], cert, dmmap_sect, &certificateprofile);
cert_inst = handle_update_instance(1, dmctx, &cert_inst_last, update_instance_alias, 3, dmmap_sect, "security_certificate_instance", "security_certificate_alias");
cert_inst = handle_update_instance(1, dmctx, &cert_inst_last, update_instance_alias, 3, dmmap_sect, "security_certificate_instance", "security_certificate_alias");
if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)&certificateprofile, cert_inst) == DM_STOP)
break;
@ -244,6 +247,7 @@ int get_Security_CertificateNumberOfEntries(char *refparam, struct dmctx *ctx, v
char **certifcates_paths = NULL;
certifcates_paths = get_all_iop_certificates(&length);
int number = 0;
for (i=0; i<length; i++) {
#ifdef LOPENSSL
FILE *fp = NULL;
@ -281,13 +285,13 @@ int get_SecurityCertificate_Enable(char *refparam, struct dmctx *ctx, void *data
int set_SecurityCertificate_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
{
switch (action) {
case VALUECHECK:
if (dm_validate_boolean(value))
return FAULT_9007;
break;
case VALUESET:
//TODO
break;
case VALUECHECK:
if (dm_validate_boolean(value))
return FAULT_9007;
break;
case VALUESET:
//TODO
break;
}
return 0;
}

7
dmtree/tr181/security.h
View file

@ -5,12 +5,12 @@
* it under the terms of the GNU Lesser General Public License version 2.1
* as published by the Free Software Foundation
*
* Author: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>
* Author: Omar Kallel <omar.kallel@pivasoftware.com>
*/
#ifndef __SECURITY_H
#define __SECURITY_H
//#undef LOPENSSL
#include <libbbf_api/dmcommon.h>
#ifdef LOPENSSL
#include <openssl/x509.h>
@ -21,9 +21,6 @@
#include <mbedtls/x509.h>
#include <mbedtls/x509_crt.h>
#endif
#include <time.h>
#include <sys/types.h>
#include <sys/stat.h>
#define DATE_LEN 128

52
libbbf_api/dmcommon.c
View file

@ -2051,35 +2051,38 @@ int dm_validate_int_list(char *value, char *min_item, char *max_item, char *max_
return 0;
}
int get_base64char_value(char b64) {
int get_base64char_value(char b64)
{
char *base64C = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
int i;
for(i = 0; i<64; i++)
if ( base64C[i] == b64 )
return i;
for (i = 0; i<64; i++)
if ( base64C[i] == b64 )
return i;
return -1;
}
char *decode64 (char *enc) {
char *decode64 (char *enc)
{
int i, j=0;
size_t decsize = strlen(enc)*6/8;
char *dec = (char *)dmmalloc((decsize +1) * sizeof(char));
for (i=0; i<strlen(enc)-1; i++) {
dec[j] = (get_base64char_value(enc[i]) << (j%3==0?2:(j%3==1?4:6))) + (get_base64char_value(enc[i+1]) >> (j%3==0?4: (j%3==1? 2:0)));
if( j%3 == 2)
i++;
j++;
dec[j] = (get_base64char_value(enc[i]) << (j%3==0?2:(j%3==1?4:6))) + (get_base64char_value(enc[i+1]) >> (j%3==0?4:(j%3==1? 2:0)));
if (j%3 == 2)
i++;
j++;
}
dec[j] = '\0';
return dec;
}
int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, char *filename) {
int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, char *filename)
{
int i;
for(i=0; i<length; i++) {
if(strncmp(cert_paths[i], dirpath, strlen(dirpath)) == 0 && strstr(cert_paths[i], filename))
for (i=0; i<length; i++) {
if (strncmp(cert_paths[i], dirpath, strlen(dirpath)) == 0 && strstr(cert_paths[i], filename))
return 1;
}
return 0;
@ -2087,14 +2090,16 @@ int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, c
int is_regular_file(const char *path)
{
if (access(path, F_OK)!=0)
if (access(path, F_OK) != 0)
return 1;
struct stat path_stat;
stat(path, &path_stat);
return S_ISREG(path_stat.st_mode);
}
char *get_cert_directory_path_from_uci(char *ucipath) {
char *get_cert_directory_path_from_uci(char *ucipath)
{
char **uci_elts = NULL, **dirs = NULL;
char *pth = NULL;
size_t length;
@ -2112,7 +2117,8 @@ char *get_cert_directory_path_from_uci(char *ucipath) {
return pth;
}
char **get_all_iop_certificates(int* length) {
char **get_all_iop_certificates(int* length)
{
char * certs_uci[] = {"openvpn.sample_server.cert", "openvpn.sample_client.cert", "owsd.ubusproxy.peer_cert", "owsd.wan_https.cert"};
int i, j=0;
char *dirpath = NULL;
@ -2123,13 +2129,13 @@ char **get_all_iop_certificates(int* length) {
for (i=0; i<number_certs_dirs; i++) {
dirpath = get_cert_directory_path_from_uci(certs_uci[i]);
if(dirpath && strlen(dirpath)>0) {
if (dirpath && strlen(dirpath)>0) {
DIR *dir;
struct dirent *ent;
if ((dir = opendir(dirpath)) == NULL)
continue;
while ((ent = readdir (dir)) != NULL) {
if(ent->d_name[0] == '.' || is_string_exist_in_str_array(certificates_paths, j, dirpath, ent->d_name))
if (ent->d_name[0] == '.' || is_string_exist_in_str_array(certificates_paths, j, dirpath, ent->d_name))
continue;
dmasprintf(&certificates_paths[j],"%s%s", dirpath, ent->d_name);
j++;
@ -2142,20 +2148,22 @@ char **get_all_iop_certificates(int* length) {
return certificates_paths;
}
char* stringToHex(char *text, int length) {
char* stringToHex(char *text, int length)
{
char *hex = NULL;
int i, j;
hex = (char *)dmcalloc(100, sizeof(char));
for (int i = 0, j = 0; i < length; ++i, j += 3){
for (i = 0, j = 0; i < length; ++i, j += 3){
sprintf(hex + j, "%02x", text[i] & 0xff);
if(i<length-1)
if (i<length-1)
sprintf(hex + j+2, "%c", ':');
}
return hex;
}
char* replace_char(char* str, char find, char replace){
char* replace_char(char* str, char find, char replace)
{
char *current_pos = strchr(str,find);
while (current_pos){
*current_pos = replace;