int iothub_security_init(IOTHUB_SECURITY_TYPE sec_type) { int result; g_security_type = sec_type; SECURE_DEVICE_TYPE device_type = prov_dev_security_get_type(); if (device_type == SECURE_DEVICE_TYPE_UNKNOWN) { result = prov_dev_security_init(g_security_type == IOTHUB_SECURITY_TYPE_SAS ? SECURE_DEVICE_TYPE_TPM : SECURE_DEVICE_TYPE_X509); } else { // Make sure that the types are compatible if (device_type == SECURE_DEVICE_TYPE_TPM) { if (g_security_type != IOTHUB_SECURITY_TYPE_SAS) { result = __FAILURE__; } else { result = 0; } } else { if (g_security_type != IOTHUB_SECURITY_TYPE_X509) { result = __FAILURE__; } else { result = 0; } } } if (result == 0) { result = initialize_hsm_system(); } return result; }
PROV_AUTH_HANDLE prov_auth_create(void) { PROV_AUTH_INFO* result; /* Codes_SRS_PROV_AUTH_CLIENT_07_001: [ prov_auth_create shall allocate the PROV_AUTH_INFO. ] */ if ((result = (PROV_AUTH_INFO*)malloc(sizeof(PROV_AUTH_INFO))) == NULL) { LogError("Failed allocating PROV_AUTH_INFO."); } else { memset(result, 0, sizeof(PROV_AUTH_INFO) ); SECURE_DEVICE_TYPE sec_type = prov_dev_security_get_type(); #if defined(HSM_TYPE_SAS_TOKEN) || defined(HSM_AUTH_TYPE_CUSTOM) if (sec_type == SECURE_DEVICE_TYPE_TPM) { /* Codes_SRS_PROV_AUTH_CLIENT_07_003: [ prov_auth_create shall validate the specified secure enclave interface to ensure. ] */ result->sec_type = PROV_AUTH_TYPE_TPM; const HSM_CLIENT_TPM_INTERFACE* tpm_interface = hsm_client_tpm_interface(); if ((tpm_interface == NULL) || ((result->hsm_client_create = tpm_interface->hsm_client_tpm_create) == NULL) || ((result->hsm_client_destroy = tpm_interface->hsm_client_tpm_destroy) == NULL) || ((result->hsm_client_import_key = tpm_interface->hsm_client_activate_identity_key) == NULL) || ((result->hsm_client_get_endorsement_key = tpm_interface->hsm_client_get_ek) == NULL) || ((result->hsm_client_get_srk = tpm_interface->hsm_client_get_srk) == NULL) || ((result->hsm_client_sign_data = tpm_interface->hsm_client_sign_with_identity) == NULL) ) { /* Codes_SRS_PROV_AUTH_CLIENT_07_002: [ If any failure is encountered prov_auth_create shall return NULL ] */ LogError("Invalid TPM secure device interface was specified"); free(result); result = NULL; } } #endif #if defined(HSM_TYPE_X509) || defined(HSM_AUTH_TYPE_CUSTOM) if (sec_type == SECURE_DEVICE_TYPE_X509) { /* Codes_SRS_PROV_AUTH_CLIENT_07_003: [ prov_auth_create shall validate the specified secure enclave interface to ensure. ] */ result->sec_type = PROV_AUTH_TYPE_X509; const HSM_CLIENT_X509_INTERFACE* x509_interface = hsm_client_x509_interface(); if ((x509_interface == NULL) || ((result->hsm_client_create = x509_interface->hsm_client_x509_create) == NULL) || ((result->hsm_client_destroy = x509_interface->hsm_client_x509_destroy) == NULL) || ((result->hsm_client_get_cert = x509_interface->hsm_client_get_cert) == NULL) || ((result->hsm_client_get_common_name = x509_interface->hsm_client_get_common_name) == NULL) || ((result->hsm_client_get_alias_key = x509_interface->hsm_client_get_key) == NULL) ) { LogError("Invalid x509 secure device interface was specified"); free(result); result = NULL; } } #endif #if defined(HSM_TYPE_SYMM_KEY) || defined(HSM_AUTH_TYPE_CUSTOM) if (sec_type == SECURE_DEVICE_TYPE_SYMMETRIC_KEY) { result->sec_type = PROV_AUTH_TYPE_KEY; const HSM_CLIENT_KEY_INTERFACE* key_interface = hsm_client_key_interface(); if ((key_interface == NULL) || ((result->hsm_client_create = key_interface->hsm_client_key_create) == NULL) || ((result->hsm_client_destroy = key_interface->hsm_client_key_destroy) == NULL) || ((result->hsm_client_get_common_name = key_interface->hsm_client_get_registration_name) == NULL) || ((result->hsm_client_get_symm_key = key_interface->hsm_client_get_symm_key) == NULL) || ((result->hsm_client_set_symm_key_info = key_interface->hsm_client_set_symm_key_info) == NULL) ) { LogError("Invalid symmetric key secure device interface was specified"); free(result); result = NULL; } } #endif if (result == NULL) { LogError("Error allocating result or else unsupported security type %d", sec_type); } else if (result->hsm_client_create == NULL) { LogError("hsm_client_create is not a valid address"); free(result); result = NULL; } else { /* Codes_SRS_PROV_AUTH_CLIENT_07_004: [ prov_auth_create shall call hsm_client_create on the secure enclave interface. ] */ if ((result->hsm_client_handle = result->hsm_client_create() ) == NULL) { LogError("failed create device auth module."); free(result); result = NULL; } else if (result->sec_type == PROV_AUTH_TYPE_KEY && result->hsm_client_set_symm_key_info(result->hsm_client_handle, prov_dev_get_symm_registration_name(), prov_dev_get_symmetric_key()) != 0) { LogError("failed create device auth module."); result->hsm_client_destroy(result->hsm_client_handle); free(result); result = NULL; } } } return result; }