Google Git
Sign in
nest-open-source / nest-cam / 4320010 / weave / refs/heads/master / . / weave / src / lib / profiles / security / WeaveKeyExportClient.h
blob: f11d433b1e8f305dce476baa0dbb4320725cb595 [file] [log] [blame]
/*
*
* Copyright (c) 2017 Nest Labs, Inc.
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file
* Supporting classes for acting as a client in the key export protocol.
*
*/
#ifndef WEAVEKEYEXPORTCLIENT_H_
#define WEAVEKEYEXPORTCLIENT_H_
#include <Weave/Core/WeaveCore.h>
#include "WeaveKeyExport.h"
namespace nl {
namespace Weave {
namespace Profiles {
namespace Security {
namespace KeyExport {
/**
* @brief
* Implements the client side of the Weave key export protocol for use in stand-alone
* (non-Weave messaging) contexts.
*/
class WeaveStandAloneKeyExportClient : private WeaveKeyExportDelegate
{
public:
void Init(void);
void Reset(void);
WEAVE_ERROR GenerateKeyExportRequest(uint32_t keyId, uint64_t responderNodeId,
const uint8_t *clientCert, uint16_t clientCertLen, const uint8_t *clientKey, uint16_t clientKeyLen,
uint8_t *reqBuf, uint16_t reqBufSize, uint16_t& reqLen);
WEAVE_ERROR GenerateKeyExportRequest(uint32_t keyId, uint64_t responderNodeId,
const uint8_t *accessToken, uint16_t accessTokenLen,
uint8_t *reqBuf, uint16_t reqBufSize, uint16_t& reqLen);
WEAVE_ERROR ProcessKeyExportResponse(const uint8_t *respBuf, uint16_t respLen, uint64_t responderNodeId,
uint8_t *exportedKeyBuf, uint16_t exportedKeyBufSize, uint16_t &exportedKeyLen, uint32_t &exportedKeyId);
WEAVE_ERROR ProcessKeyExportReconfigure(const uint8_t *reconfBuf, uint16_t reconfLen);
uint8_t ProposedConfig() const { return mProposedConfig; }
void ProposedConfig(uint8_t val) { mProposedConfig = val; }
bool AllowNestDevelopmentDevices() const { return mAllowNestDevDevices; }
void AllowNestDevelopmentDevices(bool val) { mAllowNestDevDevices = val; }
bool AllowSHA1DeviceCerts() const { return mAllowSHA1DeviceCerts; }
void AllowSHA1DeviceCerts(bool val) { mAllowSHA1DeviceCerts = val; }
private:
WeaveKeyExport mKeyExportObj;
uint32_t mKeyId;
uint64_t mResponderNodeId;
const uint8_t *mClientCert;
uint16_t mClientCertLen;
const uint8_t *mClientKey;
uint16_t mClientKeyLen;
const uint8_t *mAccessToken;
uint16_t mAccessTokenLen;
uint8_t mProposedConfig;
bool mAllowNestDevDevices;
bool mAllowSHA1DeviceCerts;
virtual WEAVE_ERROR GetNodeCertSet(bool isInitiator, WeaveCertificateSet& certSet);
virtual WEAVE_ERROR ReleaseNodeCertSet(bool isInitiator, WeaveCertificateSet& certSet);
virtual WEAVE_ERROR GetNodePrivateKey(bool isInitiator, const uint8_t *& weavePrivKey, uint16_t& weavePrivKeyLen);
virtual WEAVE_ERROR ReleaseNodePrivateKey(bool isInitiator, const uint8_t *& weavePrivKey);
virtual WEAVE_ERROR BeginCertValidation(bool isInitiator, WeaveCertificateSet& certSet, ValidationContext& validContext);
virtual WEAVE_ERROR HandleCertValidationResult(bool isInitiator, WeaveCertificateSet& certSet, ValidationContext& validContext,
const IPPacketInfo *pktInfo, const WeaveMessageInfo *msgInfo, uint32_t requestedKeyId);
virtual WEAVE_ERROR EndCertValidation(bool isInitiator, WeaveCertificateSet& certSet, ValidationContext& validContext);
virtual WEAVE_ERROR ValidateUnsignedKeyExportMessage(bool isInitiator, const IPPacketInfo *pktInfo, const WeaveMessageInfo *msgInfo, uint32_t requestedKeyId);
};
} // namespace KeyExport
} // namespace Security
} // namespace Profiles
} // namespace Weave
} // namespace nl
#endif // WEAVEKEYEXPORTCLIENT_H_