security_handler.c File Reference

Security handler module implementation file. More...

#include "security_handler.h"
#include "security.h"
#include "base64.h"
#include "hmac.h"
#include "random.h"
#include "string_util.h"
#include "mcl_core/mcl_assert.h"
#include "mcl_core/mcl_memory.h"

Include dependency graph for security_handler.c:

Go to the source code of this file.

Functions
mcl_error_t	security_handler_initialize (security_handler_t **security_handler)
mcl_error_t	security_handler_generate_jti (char **jti)
mcl_error_t	security_handler_hash_sha256 (const mcl_uint8_t *data, mcl_size_t data_size, mcl_uint8_t **hash, mcl_size_t *hash_size)
mcl_error_t	security_handler_hmac_sha256 (security_handler_t *security_handler, const mcl_uint8_t *data, mcl_size_t data_size, mcl_uint8_t **hash, mcl_size_t *hash_size)
mcl_error_t	security_handler_base64_encode (const mcl_uint8_t *data, mcl_size_t data_size, char **encoded_data)
mcl_error_t	security_handler_base64_decode (const char *encoded_data, mcl_uint8_t **decoded_data, mcl_size_t *decoded_data_size)
mcl_error_t	security_handler_base64_url_encode (const mcl_uint8_t *data, mcl_size_t data_size, char **encoded_data)
mcl_error_t	security_handler_generate_rsa_key (security_handler_t *security_handler)
mcl_error_t	security_handler_rsa_sign (char *rsa_key, char *data, mcl_size_t data_size, mcl_uint8_t **signature, mcl_size_t *signature_size)
void	security_handler_destroy (security_handler_t **security_handler)

Detailed Description

Security handler module implementation file.

Copyright

Copyright (C) 2019 Siemens Aktiengesellschaft.
All rights reserved.

Definition in file security_handler.c.

Function Documentation

mcl_error_t security_handler_base64_decode	(	const char *	encoded_data,
		mcl_uint8_t **	decoded_data,
		mcl_size_t *	decoded_data_size
	)

Given a base64 zero-terminated string at encoded_data, decode it and return a pointer in decoded_data to a newly allocated memory area holding decoded data. Size of decoded data is returned in variable pointed by decoded_data_size.

When decoded data length is 0, returns MCL_NULL in decoded_data.

Parameters

encoded_data	[in] Zero-terminated string which is base64 encoded and has to be decoded.
decoded_data	[out] Newly allocated memory holding decoded data.
decoded_data_size	[out] Size of decoded data.

Returns

• MCL_OK in case of success.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.
• MCL_BAD_CONTENT_ENCODING if provided encoded_data has invalid length (0 or not multiples of 4) or is invalidly encoded.

Definition at line 118 of file security_handler.c.

References base64_decode(), MCL_DEBUG_ENTRY, and MCL_DEBUG_LEAVE.

Here is the call graph for this function:

mcl_error_t security_handler_base64_encode	(	const mcl_uint8_t *	data,
		mcl_size_t	data_size,
		char **	encoded_data
	)

This function is used to encode the given data in base64 encoding format.

Parameters

[in]	data	Data to be encoded.
[in]	data_size	Data size.
[out]	encoded_data	Encoded result.

Returns

• MCL_OK in case of success.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.

Definition at line 97 of file security_handler.c.

References base64_encode(), MCL_DEBUG, MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, MCL_ERROR, MCL_OK, and string_util_strlen().

Here is the call graph for this function:

mcl_error_t security_handler_base64_url_encode	(	const mcl_uint8_t *	data,
		mcl_size_t	data_size,
		char **	encoded_data
	)

This function is used to encode the given data in base64 URL encoding format.

Parameters

[in]	data	Data to be encoded.
[in]	data_size	Data size.
[out]	encoded_data	Encoded result.

Returns

• MCL_OK in case of success.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.

Definition at line 131 of file security_handler.c.

References base64_url_encode(), MCL_DEBUG, MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, MCL_ERROR, MCL_OK, and string_util_strlen().

Referenced by _calculate_signature(), and _get_header_and_payload_encoded_base64_url().

Here is the call graph for this function:

Here is the caller graph for this function:

void security_handler_destroy

(

security_handler_t **

security_handler

)

This function is used to destroy the security handler.

Parameters

[in]

security_handler

Handler to be destroyed.

Definition at line 177 of file security_handler.c.

References MCL_DEBUG, MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, MCL_FREE, and MCL_NULL.

Referenced by core_processor_destroy().

Here is the caller graph for this function:

mcl_error_t security_handler_generate_jti

(

char **

jti

)

This function is used to generate the jti nonce.

This generated jti nonce will be used inside of the authentication JWT.

Parameters

[out]

jti

Generated jti string : 128 bit random number, base64 encoded.

Returns

• MCL_OK in case of success.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.
• MCL_FAIL in case of failure.

Definition at line 40 of file security_handler.c.

References MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, and random_generate_guid().

Referenced by _create_self_issued_jwt_payload().

Here is the call graph for this function:

Here is the caller graph for this function:

mcl_error_t security_handler_generate_rsa_key

(

security_handler_t *

security_handler

)

This function is used to generate the RSA public/private key pairs.

Generated key pairs will be stored in the received handler.

Parameters

[in]

security_handler

Handler to be used.

Returns

• MCL_OK in case of success.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.
• MCL_FAIL in case of an internal error in MCL.

Definition at line 152 of file security_handler.c.

References MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, rsa_t::private_key, rsa_t::public_key, security_handler_t::rsa, and security_generate_rsa_key().

Referenced by _compose_rsa_key_rotation_json(), and _load_initial_credentials().

Here is the call graph for this function:

Here is the caller graph for this function:

mcl_error_t security_handler_hash_sha256	(	const mcl_uint8_t *	data,
		mcl_size_t	data_size,
		mcl_uint8_t **	hash,
		mcl_size_t *	hash_size
	)

This function is used to generate the sha256 hash of the given data.

Parameters

[in]	data	Data to be hashed.
[in]	data_size	Size of data.
[out]	hash	Generated hash result.
[out]	hash_size	Length of the generated hash.

Returns

• MCL_OK in case of success.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.

Definition at line 52 of file security_handler.c.

References MCL_DEBUG, MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, MCL_ERROR, MCL_OK, and security_hash_sha256().

Here is the call graph for this function:

mcl_error_t security_handler_hmac_sha256	(	security_handler_t *	security_handler,
		const mcl_uint8_t *	data,
		mcl_size_t	data_size,
		mcl_uint8_t **	hash,
		mcl_size_t *	hash_size
	)

This function calculates HMAC SHA256 for given data with the authorization key of provided security_handler.

Parameters

[in]	security_handler	Security handler to use its authorization key.
[in]	data	Data to calculate HMAC SHA256 for.
[in]	data_size	Size of data.
[out]	hash	A newly allocated memory which contains the result of HMAC SHA256.
[out]	hash_size	Size of hash, which should be 32 bytes after SHA256 calculation.

Returns

• MCL_OK in case of success.
• MCL_INVALID_PARAMETER if key_size of security_handler is zero.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.
• MCL_SHA256_CALCULATION_FAIL if SHA256 calculation fails.

Definition at line 73 of file security_handler.c.

References security_handler_t::client_secret, hmac_sha256(), MCL_DEBUG, MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, MCL_ERROR, MCL_OK, and string_util_strlen().

Referenced by _calculate_signature().

Here is the call graph for this function:

Here is the caller graph for this function:

mcl_error_t security_handler_initialize

(

security_handler_t **

security_handler

)

This function creates and initializes an object of type security_handler_t.

Parameters

[out]

security_handler

Handle to be created and initialized.

Returns

• MCL_OK in case of success.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.

Definition at line 18 of file security_handler.c.

References MCL_ASSERT_CODE_MESSAGE, MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, MCL_NEW, MCL_NULL, MCL_OK, and MCL_OUT_OF_MEMORY.

Referenced by core_processor_initialize().

Here is the caller graph for this function:

mcl_error_t security_handler_rsa_sign	(	char *	rsa_key,
		char *	data,
		mcl_size_t	data_size,
		mcl_uint8_t **	signature,
		mcl_size_t *	signature_size
	)

This function is used to sign data with RSA key.

Received key will be used to sign. Caller can use the generated RSA private key or the servers public key.

Parameters

[in]	rsa_key	The key to be used in signing.
[in]	data	The data to be signed.
[in]	data_size	Size of the data.
[out]	signature	Generated signature.
[out]	signature_size	Size of signature.

Returns

• MCL_OK in case of success.
• MCL_OUT_OF_MEMORY in case there is not enough memory in the system to proceed.
• MCL_FAIL in case of an internal error in MCL.

Definition at line 164 of file security_handler.c.

References MCL_DEBUG_ENTRY, MCL_DEBUG_LEAVE, and security_rsa_sign().

Referenced by _calculate_signature().

Here is the call graph for this function:

Here is the caller graph for this function: