1 | // Copyright (c) Microsoft. All rights reserved.
|
---|
2 | // Licensed under the MIT license. See LICENSE file in the project root for full license information.
|
---|
3 |
|
---|
4 | #include <stdlib.h>
|
---|
5 | #include "azure_c_shared_utility/gballoc.h"
|
---|
6 | #include "azure_c_shared_utility/xlogging.h"
|
---|
7 | #include "azure_c_shared_utility/crt_abstractions.h"
|
---|
8 | #include "azure_prov_client/prov_security_factory.h"
|
---|
9 | #include "azure_prov_client/iothub_security_factory.h"
|
---|
10 |
|
---|
11 | #include "hsm_client_data.h"
|
---|
12 |
|
---|
13 | static SECURE_DEVICE_TYPE g_device_hsm_type = SECURE_DEVICE_TYPE_UNKNOWN;
|
---|
14 | static char* g_symm_key = NULL;
|
---|
15 | static char* g_symm_key_reg_name = NULL;
|
---|
16 |
|
---|
17 | static IOTHUB_SECURITY_TYPE get_iothub_security_type(SECURE_DEVICE_TYPE sec_type)
|
---|
18 | {
|
---|
19 | IOTHUB_SECURITY_TYPE ret;
|
---|
20 |
|
---|
21 | switch (sec_type)
|
---|
22 | {
|
---|
23 | #if defined(HSM_TYPE_SAS_TOKEN) || defined(HSM_AUTH_TYPE_CUSTOM)
|
---|
24 | case SECURE_DEVICE_TYPE_TPM:
|
---|
25 | ret = IOTHUB_SECURITY_TYPE_SAS;
|
---|
26 | break;
|
---|
27 | #endif
|
---|
28 |
|
---|
29 | #if defined(HSM_TYPE_X509) || defined(HSM_AUTH_TYPE_CUSTOM)
|
---|
30 | case SECURE_DEVICE_TYPE_X509:
|
---|
31 | ret = IOTHUB_SECURITY_TYPE_X509;
|
---|
32 | break;
|
---|
33 | #endif
|
---|
34 |
|
---|
35 | #if defined(HSM_TYPE_SYMM_KEY) || defined(HSM_AUTH_TYPE_CUSTOM)
|
---|
36 | case SECURE_DEVICE_TYPE_SYMMETRIC_KEY:
|
---|
37 | ret = IOTHUB_SECURITY_TYPE_SYMMETRIC_KEY;
|
---|
38 | break;
|
---|
39 | #endif
|
---|
40 |
|
---|
41 | #ifdef HSM_TYPE_HTTP_EDGE
|
---|
42 | case SECURE_DEVICE_TYPE_HTTP_EDGE:
|
---|
43 | ret = IOTHUB_SECURITY_TYPE_HTTP_EDGE;
|
---|
44 | break;
|
---|
45 | #endif
|
---|
46 |
|
---|
47 | default:
|
---|
48 | ret = IOTHUB_SECURITY_TYPE_UNKNOWN;
|
---|
49 | break;
|
---|
50 | }
|
---|
51 |
|
---|
52 | return ret;
|
---|
53 | }
|
---|
54 |
|
---|
55 | int prov_dev_security_init(SECURE_DEVICE_TYPE hsm_type)
|
---|
56 | {
|
---|
57 | int result;
|
---|
58 |
|
---|
59 | IOTHUB_SECURITY_TYPE security_type_from_caller = get_iothub_security_type(hsm_type);
|
---|
60 |
|
---|
61 | if (security_type_from_caller == IOTHUB_SECURITY_TYPE_UNKNOWN)
|
---|
62 | {
|
---|
63 | LogError("HSM type %d is not supported on this SDK build", hsm_type);
|
---|
64 | result = MU_FAILURE;
|
---|
65 | }
|
---|
66 | else
|
---|
67 | {
|
---|
68 | g_device_hsm_type = hsm_type;
|
---|
69 | IOTHUB_SECURITY_TYPE security_type_from_iot = iothub_security_type();
|
---|
70 | if (security_type_from_iot == IOTHUB_SECURITY_TYPE_UNKNOWN)
|
---|
71 | {
|
---|
72 | // Initialize iothub_security layer if not currently
|
---|
73 | result = iothub_security_init(security_type_from_caller);
|
---|
74 | }
|
---|
75 | else if (security_type_from_iot != security_type_from_caller)
|
---|
76 | {
|
---|
77 | LogError("Security HSM from caller %d (which maps to security type %d) does not match already specified security type %d", hsm_type, security_type_from_caller, security_type_from_iot);
|
---|
78 | result = MU_FAILURE;
|
---|
79 | }
|
---|
80 | else
|
---|
81 | {
|
---|
82 | result = 0;
|
---|
83 | }
|
---|
84 |
|
---|
85 | if (result == 0)
|
---|
86 | {
|
---|
87 | result = initialize_hsm_system();
|
---|
88 | }
|
---|
89 | }
|
---|
90 | return result;
|
---|
91 | }
|
---|
92 |
|
---|
93 | void prov_dev_security_deinit(void)
|
---|
94 | {
|
---|
95 | if (g_symm_key != NULL)
|
---|
96 | {
|
---|
97 | free(g_symm_key);
|
---|
98 | g_symm_key = NULL;
|
---|
99 | }
|
---|
100 | if (g_symm_key_reg_name != NULL)
|
---|
101 | {
|
---|
102 | free(g_symm_key_reg_name);
|
---|
103 | g_symm_key_reg_name = NULL;
|
---|
104 | }
|
---|
105 | deinitialize_hsm_system();
|
---|
106 | if (iothub_security_get_symmetric_key() != NULL || iothub_security_get_symm_registration_name() != NULL)
|
---|
107 | {
|
---|
108 | // Clear out iothub info
|
---|
109 | iothub_security_deinit();
|
---|
110 | }
|
---|
111 | }
|
---|
112 |
|
---|
113 | SECURE_DEVICE_TYPE prov_dev_security_get_type(void)
|
---|
114 | {
|
---|
115 | return g_device_hsm_type;
|
---|
116 | }
|
---|
117 |
|
---|
118 | int prov_dev_set_symmetric_key_info(const char* registration_name, const char* symmetric_key)
|
---|
119 | {
|
---|
120 | int result;
|
---|
121 | if (registration_name == NULL || symmetric_key == NULL)
|
---|
122 | {
|
---|
123 | LogError("Invalid parameter specified reg_name: %p, symm_key: %p", registration_name, symmetric_key);
|
---|
124 | result = MU_FAILURE;
|
---|
125 | }
|
---|
126 | else
|
---|
127 | {
|
---|
128 | char* temp_key;
|
---|
129 | char* temp_name;
|
---|
130 | if (mallocAndStrcpy_s(&temp_name, registration_name) != 0)
|
---|
131 | {
|
---|
132 | LogError("Failure allocating registration name");
|
---|
133 | result = MU_FAILURE;
|
---|
134 | }
|
---|
135 | else if (mallocAndStrcpy_s(&temp_key, symmetric_key) != 0)
|
---|
136 | {
|
---|
137 | LogError("Failure allocating symmetric key");
|
---|
138 | free(temp_name);
|
---|
139 | result = MU_FAILURE;
|
---|
140 | }
|
---|
141 | else
|
---|
142 | {
|
---|
143 | if (g_symm_key != NULL)
|
---|
144 | {
|
---|
145 | free(g_symm_key);
|
---|
146 | }
|
---|
147 | if (g_symm_key_reg_name != NULL)
|
---|
148 | {
|
---|
149 | free(g_symm_key_reg_name);
|
---|
150 | }
|
---|
151 | g_symm_key_reg_name = temp_name;
|
---|
152 | g_symm_key = temp_key;
|
---|
153 |
|
---|
154 | // Sync dps with iothub only if it is NULL
|
---|
155 | if (iothub_security_get_symmetric_key() == NULL || iothub_security_get_symm_registration_name() == NULL)
|
---|
156 | {
|
---|
157 | if (iothub_security_set_symmetric_key_info(g_symm_key_reg_name, g_symm_key) != 0)
|
---|
158 | {
|
---|
159 | LogError("Failure syncing dps & IoThub key information");
|
---|
160 | result = MU_FAILURE;
|
---|
161 | }
|
---|
162 | else
|
---|
163 | {
|
---|
164 | result = 0;
|
---|
165 | }
|
---|
166 | }
|
---|
167 | else
|
---|
168 | {
|
---|
169 | result = 0;
|
---|
170 | }
|
---|
171 | }
|
---|
172 | }
|
---|
173 | return result;
|
---|
174 | }
|
---|
175 |
|
---|
176 | const char* prov_dev_get_symmetric_key(void)
|
---|
177 | {
|
---|
178 | return g_symm_key;
|
---|
179 | }
|
---|
180 |
|
---|
181 | const char* prov_dev_get_symm_registration_name(void)
|
---|
182 | {
|
---|
183 | return g_symm_key_reg_name;
|
---|
184 | }
|
---|