demos/linux/common/snw_sss.cpp - a71ch-crypto-support - Git at Google

 /**
  * @file snw_util.c
  * @author NXP Semiconductors
  * @version 1.0
  * @par License
  *
  * Copyright 2019 NXP
  * SPDX-License-Identifier: Apache-2.0
  *
  * @par Description:
  * Wrappers for basic network functionality
  *
  */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <netdb.h>
 #include <fcntl.h>
 #include <openssl/ssl.h>
 #include <openssl/engine.h>

 #include "snw_common.h"

 int wrapConnectToSe(ex_sss_boot_ctx_t *pSeBootCtx)
 {
     sss_status_t status = kStatus_SSS_Fail;
     const char *portName;

     status = ex_sss_boot_connectstring(0, NULL, &portName);
     if (status != kStatus_SSS_Success) {
         fprintf(stdout, "ex_sss_boot_connectstring failed ...");
         return status;
     }

     status = ex_sss_boot_open(pSeBootCtx, portName);
     if (status != kStatus_SSS_Success) {
         fprintf(stdout, "ex_sss_boot_open failed ...");
         return status;
     }

     status = ex_sss_key_store_and_object_init(pSeBootCtx);
     if (status != kStatus_SSS_Success) {
         fprintf(stdout, "ex_sss_key_store_and_object_init failed ...");
         return status;
     }

     return SE_TLS_CLIENT_OK;
 }

 void wrapDisconnectFromSe(ex_sss_boot_ctx_t *pSeBootCtx) {
     sss_key_store_context_free(&(pSeBootCtx->ks));
     sss_session_close(&(pSeBootCtx->session));
 }

 int seGetClientCertificate(sss_key_store_t *keyStore, int certId, U8 *clientCertDer, size_t *clientCertDerLen)
 {
     sss_object_t certObject;
     size_t certDerLenBits = *clientCertDerLen * 8;
     sss_status_t status;

     status = sss_key_object_init(&certObject, keyStore);
     if (status != kStatus_SSS_Success)
     {
         printf("Failed to initialize certObject: status code = 0x%04x.\n", status);
         return SE_ERR_SE_GP_NO_CERT;
     }
     certObject.objectType = kSSS_KeyPart_Default;
     certObject.cipherType = kSSS_CipherType_Binary;
     certObject.keyId = certId;

     status = sss_key_store_get_key(keyStore, &certObject, clientCertDer, clientCertDerLen, &certDerLenBits);
     if (status != kStatus_SSS_Success)
     {
         printf("Fetching client certificate fails with status code: 0x%04x.\n", status);
         return SE_ERR_SE_GP_NO_CERT;
     }

     printf("Size of certificate retrieved: %zu byte\n", *clientCertDerLen);
     // snwPrintDataAsHex(clientCertDer, *clientCertDerLen);

     return SE_TLS_CLIENT_OK;
 }
	/**
	* @file snw_util.c
	* @author NXP Semiconductors
	* @version 1.0
	* @par License
	*
	* Copyright 2019 NXP
	* SPDX-License-Identifier: Apache-2.0
	*
	* @par Description:
	* Wrappers for basic network functionality
	*
	*/
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <errno.h>
	#include <unistd.h>
	#include <sys/types.h>
	#include <sys/stat.h>
	#include <sys/ioctl.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <netdb.h>
	#include <fcntl.h>
	#include <openssl/ssl.h>
	#include <openssl/engine.h>

	#include "snw_common.h"

	int wrapConnectToSe(ex_sss_boot_ctx_t *pSeBootCtx)
	{
	sss_status_t status = kStatus_SSS_Fail;
	const char *portName;

	status = ex_sss_boot_connectstring(0, NULL, &portName);
	if (status != kStatus_SSS_Success) {
	fprintf(stdout, "ex_sss_boot_connectstring failed ...");
	return status;
	}

	status = ex_sss_boot_open(pSeBootCtx, portName);
	if (status != kStatus_SSS_Success) {
	fprintf(stdout, "ex_sss_boot_open failed ...");
	return status;
	}

	status = ex_sss_key_store_and_object_init(pSeBootCtx);
	if (status != kStatus_SSS_Success) {
	fprintf(stdout, "ex_sss_key_store_and_object_init failed ...");
	return status;
	}

	return SE_TLS_CLIENT_OK;
	}

	void wrapDisconnectFromSe(ex_sss_boot_ctx_t *pSeBootCtx) {
	sss_key_store_context_free(&(pSeBootCtx->ks));
	sss_session_close(&(pSeBootCtx->session));
	}

	int seGetClientCertificate(sss_key_store_t keyStore, int certId, U8 clientCertDer, size_t *clientCertDerLen)
	{
	sss_object_t certObject;
	size_t certDerLenBits = clientCertDerLen 8;
	sss_status_t status;

	status = sss_key_object_init(&certObject, keyStore);
	if (status != kStatus_SSS_Success)
	{
	printf("Failed to initialize certObject: status code = 0x%04x.\n", status);
	return SE_ERR_SE_GP_NO_CERT;
	}
	certObject.objectType = kSSS_KeyPart_Default;
	certObject.cipherType = kSSS_CipherType_Binary;
	certObject.keyId = certId;

	status = sss_key_store_get_key(keyStore, &certObject, clientCertDer, clientCertDerLen, &certDerLenBits);
	if (status != kStatus_SSS_Success)
	{
	printf("Fetching client certificate fails with status code: 0x%04x.\n", status);
	return SE_ERR_SE_GP_NO_CERT;
	}

	printf("Size of certificate retrieved: %zu byte\n", *clientCertDerLen);
	// snwPrintDataAsHex(clientCertDer, *clientCertDerLen);

	return SE_TLS_CLIENT_OK;
	}