resource/csdk/security/include/securevirtualresourcetypes.h

   1 //******************************************************************
   2 //
   3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
   4 //
   5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   6 //
   7 // Licensed under the Apache License, Version 2.0 (the "License");
   8 // you may not use this file except in compliance with the License.
   9 // You may obtain a copy of the License at
  10 //
  11 //      http://www.apache.org/licenses/LICENSE-2.0
  12 //
  13 // Unless required by applicable law or agreed to in writing, software
  14 // distributed under the License is distributed on an "AS IS" BASIS,
  15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 // See the License for the specific language governing permissions and
  17 // limitations under the License.
  18 //
  19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  20
  21 /**
  22  * Data type definitions for all oic.sec.* types defined in the
  23  * OIC Security Specification.
  24  *
  25  * Note that throughout, ptrs are used rather than arrays.  There
  26  * are two primary reasons for this:
  27  * 1) The Spec defines many structures with optional fields, so pre-
  28  *    allocating these would be wasteful.
  29  * 2) There are in many cases arrays of Strings or arrays of Structs,
  30  *    which could not be defined as variable length arrays (e.g. array[])
  31  *    without breaking from the structure order and definition in the Spec.
  32  *
  33  * The primary drawback to this decision is that marshalling functions
  34  * will have to be written by hand to marshal these structures (e.g. to/from
  35  * Persistent Storage, or across memory boundaries).
  36  *
  37  * TODO reconcile against latest OIC Security Spec to ensure all fields correct.
  38  * (Last checked against v0.95)
  39  */
  40
  41 #ifndef OC_SECURITY_RESOURCE_TYPES_H
  42 #define OC_SECURITY_RESOURCE_TYPES_H
  43
  44 #include <stdint.h> // for uint8_t typedef
  45 #include <stdbool.h>
  46 #ifdef __WITH_X509__
  47 #include "byte_array.h"
  48 #endif /* __WITH_X509__ */
  49
  50 #ifdef __cplusplus
  51 extern "C" {
  52 #endif
  53
  54 /**
  55  * Values used to create bit-maskable enums for single-value response with
  56  * embedded code.
  57  */
  58 #define ACCESS_GRANTED_DEF            (1 << 0)
  59 #define ACCESS_DENIED_DEF             (1 << 1)
  60 #define INSUFFICIENT_PERMISSION_DEF   (1 << 2)
  61 #define SUBJECT_NOT_FOUND_DEF         (1 << 3)
  62 #define RESOURCE_NOT_FOUND_DEF        (1 << 4)
  63 #define POLICY_ENGINE_ERROR_DEF       (1 << 5)
  64 #define INVALID_PERIOD_DEF            (1 << 6)
  65 #define ACCESS_WAITING_DEF            (1 << 7)
  66 #define AMS_SERVICE_DEF               (1 << 8)
  67 #define REASON_MASK_DEF               (INSUFFICIENT_PERMISSION_DEF | \
  68                                        INVALID_PERIOD_DEF | \
  69                                        SUBJECT_NOT_FOUND_DEF | \
  70                                        RESOURCE_NOT_FOUND_DEF | \
  71                                        POLICY_ENGINE_ERROR_DEF)
  72
  73
  74 /**
  75  * Access policy in least significant bits (from Spec):
  76  * 1st lsb:  C (Create)
  77  * 2nd lsb:  R (Read, Observe, Discover)
  78  * 3rd lsb:  U (Write, Update)
  79  * 4th lsb:  D (Delete)
  80  * 5th lsb:  N (Notify)
  81  */
  82 #define PERMISSION_CREATE       (1 << 0)
  83 #define PERMISSION_READ         (1 << 1)
  84 #define PERMISSION_WRITE        (1 << 2)
  85 #define PERMISSION_DELETE       (1 << 3)
  86 #define PERMISSION_NOTIFY       (1 << 4)
  87 #define PERMISSION_FULL_CONTROL (PERMISSION_CREATE | \
  88                                  PERMISSION_READ | \
  89                                  PERMISSION_WRITE | \
  90                                  PERMISSION_DELETE | \
  91                                  PERMISSION_NOTIFY)
  92
  93 /**
  94  * @brief   Response type for all Action requests from CA layer;
  95  *          may include a reason code.
  96  *
  97  * To extract codes use GetReasonCode function on SRMAccessResponse:
  98  *
  99  * SRMAccessResponse_t response = SRMRequestHandler(obj, info);
 100  * if(SRM_TRUE == IsAccessGranted(response)) {
 101  *     SRMAccessResponseReasonCode_t reason = GetReasonCode(response);
 102  *     switch(reason) {
 103  *         case INSUFFICIENT_PERMISSION:
 104  *         ...etc.
 105  *     }
 106  * }
 107  */
 108 typedef enum
 109 {
 110     ACCESS_GRANTED = ACCESS_GRANTED_DEF,
 111     ACCESS_DENIED = ACCESS_DENIED_DEF,
 112     ACCESS_DENIED_INVALID_PERIOD = ACCESS_DENIED_DEF
 113         | INVALID_PERIOD_DEF,
 114     ACCESS_DENIED_INSUFFICIENT_PERMISSION = ACCESS_DENIED_DEF
 115         | INSUFFICIENT_PERMISSION_DEF,
 116     ACCESS_DENIED_SUBJECT_NOT_FOUND = ACCESS_DENIED_DEF
 117         | SUBJECT_NOT_FOUND_DEF,
 118     ACCESS_DENIED_RESOURCE_NOT_FOUND = ACCESS_DENIED_DEF
 119         | RESOURCE_NOT_FOUND_DEF,
 120     ACCESS_DENIED_POLICY_ENGINE_ERROR = ACCESS_DENIED_DEF
 121         | POLICY_ENGINE_ERROR_DEF,
 122     ACCESS_WAITING_FOR_AMS = ACCESS_WAITING_DEF
 123         | AMS_SERVICE_DEF,
 124     ACCESS_DENIED_AMS_SERVICE_ERROR = ACCESS_DENIED
 125         | AMS_SERVICE_DEF
 126 } SRMAccessResponse_t;
 127
 128 /**
 129  * Reason code for SRMAccessResponse.
 130  */
 131 typedef enum
 132 {
 133     NO_REASON_GIVEN = 0,
 134     INSUFFICIENT_PERMISSION = INSUFFICIENT_PERMISSION_DEF,
 135     SUBJECT_NOT_FOUND = SUBJECT_NOT_FOUND_DEF,
 136     RESOURCE_NOT_FOUND = RESOURCE_NOT_FOUND_DEF,
 137 } SRMAccessResponseReasonCode_t;
 138
 139 /**
 140  * Extract Reason Code from Access Response.
 141  */
 142 static inline SRMAccessResponseReasonCode_t GetReasonCode(
 143     SRMAccessResponse_t response)
 144 {
 145     SRMAccessResponseReasonCode_t reason =
 146         (SRMAccessResponseReasonCode_t)(response & REASON_MASK_DEF);
 147     return reason;
 148 }
 149
 150 /**
 151  * Returns 'true' iff request should be passed on to RI layer.
 152  */
 153 static inline bool IsAccessGranted(SRMAccessResponse_t response)
 154 {
 155     if(ACCESS_GRANTED == (response & ACCESS_GRANTED))
 156     {
 157         return true;
 158     }
 159     else
 160     {
 161         return false;
 162     }
 163 }
 164
 165 typedef struct OicSecAcl OicSecAcl_t;
 166
 167 typedef struct OicSecAmacl OicSecAmacl_t;
 168
 169 typedef struct OicSecCred OicSecCred_t;
 170
 171 /**
 172  * Aid for assigning/testing vals with OicSecCredType_t.
 173  * Example:
 174  *  OicSecCredType_t ct = PIN_PASSWORD | ASYMMETRIC_KEY;
 175  *  if((ct & PIN_PASSWORD) == PIN_PASSWORD)
 176  *  {
 177  *      // ct contains PIN_PASSWORD flag.
 178  *  }
 179  */
 180 typedef enum OSCTBitmask
 181 {
 182     NO_SECURITY_MODE                = 0x0,
 183     SYMMETRIC_PAIR_WISE_KEY         = (0x1 << 0),
 184     SYMMETRIC_GROUP_KEY             = (0x1 << 1),
 185     ASYMMETRIC_KEY                  = (0x1 << 2),
 186     SIGNED_ASYMMETRIC_KEY           = (0x1 << 3),
 187     PIN_PASSWORD                    = (0x1 << 4),
 188     ASYMMETRIC_ENCRYPTION_KEY       = (0x1 << 5),
 189 } OSCTBitmask_t;
 190
 191 /**
 192  * /oic/sec/credtype (Credential Type) data type.
 193  * Derived from OIC Security Spec /oic/sec/cred; see Spec for details.
 194  *              0:  no security mode
 195  *              1:  symmetric pair-wise key
 196  *              2:  symmetric group key
 197  *              4:  asymmetric key
 198  *              8:  signed asymmetric key (aka certificate)
 199  *              16: PIN /password
 200  */
 201 typedef OSCTBitmask_t OicSecCredType_t;
 202
 203 typedef struct OicSecDoxm OicSecDoxm_t;
 204
 205 typedef enum OicSecDpm
 206 {
 207     NORMAL                          = 0x0,
 208     RESET                           = (0x1 << 0),
 209     TAKE_OWNER                      = (0x1 << 1),
 210     BOOTSTRAP_SERVICE               = (0x1 << 2),
 211     SECURITY_MANAGEMENT_SERVICES    = (0x1 << 3),
 212     PROVISION_CREDENTIALS           = (0x1 << 4),
 213     PROVISION_ACLS                  = (0x1 << 5),
 214     // << 6 THROUGH 15 RESERVED
 215 } OicSecDpm_t;
 216
 217 typedef enum OicSecDpom
 218 {
 219     MULTIPLE_SERVICE_SERVER_DRIVEN  = 0x0,
 220     SINGLE_SERVICE_SERVER_DRIVEN    = 0x1,
 221     MULTIPLE_SERVICE_CLIENT_DRIVEN  = 0x2,
 222     SINGLE_SERVICE_CLIENT_DRIVEN    = 0x3,
 223 } OicSecDpom_t;
 224
 225 typedef enum OicSecSvcType
 226 {
 227     SERVICE_UNKNOWN                 = 0x0,
 228     ACCESS_MGMT_SERVICE             = 0x1,  //urn:oic.sec.ams
 229 } OicSecSvcType_t;
 230
 231
 232 //TODO: Need more clarification on deviceIDFormat field type.
 233 #if 0
 234 typedef enum
 235 {
 236     URN = 0x0
 237 }OicSecDvcIdFrmt_t;
 238 #endif
 239
 240 typedef enum
 241 {
 242     NOT_A_SVR_RESOURCE = 0,
 243     OIC_R_ACL_TYPE,
 244     OIC_R_AMACL_TYPE,
 245     OIC_R_CRED_TYPE,
 246     OIC_R_CRL_TYPE,
 247     OIC_R_DOXM_TYPE,
 248     OIC_R_DPAIRING_TYPE,
 249     OIC_R_PCONF_TYPE,
 250     OIC_R_PSTAT_TYPE,
 251     OIC_R_SACL_TYPE,
 252     OIC_R_SVC_TYPE
 253 }OicSecSvrType_t;
 254
 255 typedef enum
 256 {
 257     OIC_JUST_WORKS                          = 0x0,
 258     OIC_RANDOM_DEVICE_PIN                   = 0x1,
 259     OIC_MANUFACTURER_CERTIFICATE           = 0x2,
 260     OIC_OXM_COUNT
 261 }OicSecOxm_t;
 262
 263 typedef struct OicSecKey OicSecKey_t;
 264
 265 typedef struct OicSecPstat OicSecPstat_t;
 266
 267 typedef struct OicSecRole OicSecRole_t;
 268
 269 typedef struct OicSecSacl OicSecSacl_t;
 270
 271 typedef struct OicSecSvc OicSecSvc_t;
 272
 273 typedef char *OicUrn_t; //TODO is URN type defined elsewhere?
 274
 275 typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere?
 276
 277
 278 #ifdef __WITH_X509__
 279 typedef struct OicSecCrl OicSecCrl_t;
 280 typedef ByteArray OicSecCert_t;
 281 #else
 282 typedef void OicSecCert_t;
 283 #endif /* __WITH_X509__ */
 284
 285 /**
 286  * /oic/uuid (Universal Unique Identifier) data type.
 287  */
 288 #define UUID_LENGTH 128/8 // 128-bit GUID length
 289 //TODO: Confirm the length and type of ROLEID.
 290 #define ROLEID_LENGTH 128/8 // 128-bit ROLEID length
 291 #define OWNER_PSK_LENGTH_128 128/8 //byte size of 128-bit key size
 292 #define OWNER_PSK_LENGTH_256 256/8 //byte size of 256-bit key size
 293
 294 struct OicUuid
 295 {
 296     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 297     //TODO fill in unless this is defined elsewhere?
 298     uint8_t             id[UUID_LENGTH];
 299 };
 300
 301 /**
 302  * /oic/sec/jwk (JSON Web Key) data type.
 303  * See JSON Web Key (JWK)  draft-ietf-jose-json-web-key-41
 304  */
 305 #define JWK_LENGTH 256/8 // 256 bit key length
 306 struct OicSecKey
 307 {
 308     uint8_t                *data;
 309     size_t                  len;
 310 };
 311
 312 /**
 313  * /oic/sec/acl (Access Control List) data type.
 314  * Derived from OIC Security Spec; see Spec for details.
 315  */
 316 struct OicSecAcl
 317 {
 318     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 319     OicUuid_t           subject;        // 0:R:S:Y:uuid TODO: this deviates
 320                                         // from spec and needs to be updated
 321                                         // in spec (where it's a String).
 322     size_t              resourcesLen;   // the number of elts in Resources
 323     char                **resources;    // 1:R:M:Y:String
 324     uint16_t            permission;     // 2:R:S:Y:UINT16
 325     size_t              prdRecrLen;     // the number of elts in Periods
 326     char                **periods;       // 3:R:M*:N:String (<--M*; see Spec)
 327     char                **recurrences;   // 5:R:M:N:String
 328     OicUuid_t           rownerID;        // 8:R:S:Y:oic.uuid
 329     // NOTE: we are using UUID for Owners instead of Svc type for mid-April
 330     // SRM version only; this will change to Svc type for full implementation.
 331     //TODO change Owners type to oic.sec.svc
 332     //OicSecSvc_t         *Owners;        // 6:R:M:Y:oic.sec.svc
 333     OicSecAcl_t         *next;
 334 };
 335
 336 /**
 337  * /oic/sec/amacl (Access Manager Service Accesss Control List) data type.
 338  * Derived from OIC Security Spec; see Spec for details.
 339  */
 340 struct OicSecAmacl
 341 {
 342     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 343     size_t              resourcesLen;   // the number of elts in Resources
 344     char                **resources;    // 0:R:M:Y:String
 345     size_t              amssLen;        // the number of elts in Amss
 346     OicUuid_t           *amss;          // 1:R:M:Y:acl
 347     OicUuid_t           rownerID;        // 2:R:S:Y:oic.uuid
 348     // NOTE: we are using UUID for Owners instead of Svc type for mid-April
 349     // SRM version only; this will change to Svc type for full implementation.
 350     //TODO change Owners type to oic.sec.svc
 351     //OicSecSvc_t         *Owners;        // 2:R:M:Y:oic.sec.svc
 352     OicSecAmacl_t         *next;
 353 };
 354
 355 /**
 356  * /oic/sec/cred (Credential) data type.
 357  * Derived from OIC Security Spec; see Spec for details.
 358  */
 359 struct OicSecCred
 360 {
 361     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 362     uint16_t            credId;         // 0:R:S:Y:UINT16
 363     OicUuid_t           subject;        // 1:R:S:Y:oic.uuid
 364     //Note: Need further clarification on roleID data type
 365     //NOTE: Need further clarification on roleId datatype.
 366     //size_t              roleIdsLen;     // the number of elts in RoleIds
 367     //OicSecRole_t        *roleIds;       // 2:R:M:N:oic.sec.role
 368     OicSecCredType_t    credType;       // 3:R:S:Y:oic.sec.credtype
 369 #ifdef __WITH_X509__
 370     OicSecCert_t        publicData;     // chain of certificates
 371 #endif /* __WITH_X509__ */
 372     OicSecKey_t         privateData;    // 6:R:S:N:oic.sec.key
 373     char                *period;        // 7:R:S:N:String
 374     OicUuid_t           rownerID;        // 8:R:S:Y:oic.uuid
 375     // NOTE: we are using UUID for Owners instead of Svc type for mid-April
 376     // SRM version only; this will change to Svc type for full implementation.
 377     //OicSecSvc_t         *Owners;        // 8:R:M:Y:oic.sec.svc
 378     //TODO change Owners type to oic.sec.svc
 379     OicSecCred_t        *next;
 380 };
 381
 382 /**
 383  * /oic/sec/doxm (Device Owner Transfer Methods) data type
 384  * Derived from OIC Security Spec; see Spec for details.
 385  */
 386 struct OicSecDoxm
 387 {
 388     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 389     OicUrn_t            *oxmType;       // 0:R:M:N:URN
 390     size_t              oxmTypeLen;     // the number of elts in OxmType
 391     OicSecOxm_t         *oxm;           // 1:R:M:N:UINT16
 392     size_t              oxmLen;         // the number of elts in Oxm
 393     OicSecOxm_t         oxmSel;         // 2:R/W:S:Y:UINT16
 394     OicSecCredType_t    sct;            // 3:R:S:Y:oic.sec.credtype
 395     bool                owned;          // 4:R:S:Y:Boolean
 396     //TODO: Need more clarification on deviceIDFormat field type.
 397     //OicSecDvcIdFrmt_t   deviceIDFormat; // 5:R:S:Y:UINT8
 398     OicUuid_t           deviceID;       // 6:R:S:Y:oic.uuid
 399     bool                dpc;            // 7:R:S:Y:Boolean
 400     OicUuid_t           owner;          // 8:R:S:Y:oic.uuid
 401     OicUuid_t           rownerID;       // 9:R:S:Y:oic.uuid
 402     // NOTE: we are using UUID for Owner instead of Svc type for mid-April
 403     // SRM version only; this will change to Svc type for full implementation.
 404     //OicSecSvc_t       devOwner;        // 10:R:S:Y:oic.sec.svc
 405     //OicSecSvc_t       rOwner;        // 11:R:S:Y:oic.sec.svc
 406     //TODO change Owner type to oic.sec.svc
 407 };
 408
 409 /**
 410  * /oic/sec/pstat (Provisioning Status) data type.
 411  * NOTE: this struct is ahead of Spec v0.95 in definition to include Sm.
 412  * TODO: change comment when reconciled to Spec v0.96.
 413  */
 414 struct OicSecPstat
 415 {
 416     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 417     bool                isOp;           // 0:R:S:Y:Boolean
 418     OicSecDpm_t         cm;             // 1:R:S:Y:oic.sec.dpm
 419     OicSecDpm_t         tm;             // 2:RW:S:Y:oic.sec.dpm
 420     OicUuid_t           deviceID;       // 3:R:S:Y:oic.uuid
 421     OicSecDpom_t        om;             // 4:RW:M:Y:oic.sec.dpom
 422     size_t              smLen;          // the number of elts in Sm
 423     OicSecDpom_t        *sm;            // 5:R:M:Y:oic.sec.dpom
 424     uint16_t            commitHash;     // 6:R:S:Y:oic.sec.sha256
 425     OicUuid_t           rownerID;       // 7:R:S:Y:oic.uuid
 426     //TODO: this is supposed to be a 256-bit uint; temporarily use uint16_t
 427     //TODO: need to decide which 256 bit and 128 bit types to use... boost?
 428 };
 429
 430 /**
 431  * /oic/sec/role (Role) data type.
 432  * Derived from OIC Security Spec; see Spec for details.
 433  */
 434 struct OicSecRole
 435 {
 436     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 437     //TODO fill in with Role definition
 438     uint8_t             id[ROLEID_LENGTH];
 439 };
 440
 441 /**
 442  * /oic/sec/sacl (Signed Access Control List) data type.
 443  * Derived from OIC Security Spec; see Spec for details.
 444  */
 445 struct OicSecSacl
 446 {
 447     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 448     //TODO fill in from OIC Security Spec
 449 };
 450
 451 /**
 452  * /oic/sec/svc (Service requiring a secure connection) data type.
 453  * Derived from OIC Security Spec; see Spec for details.
 454  */
 455 struct OicSecSvc
 456 {
 457     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 458     OicUuid_t               svcdid;                 //0:R:S:Y:oic.uuid
 459     OicSecSvcType_t         svct;                   //1:R:M:Y:OIC Service Type
 460     size_t                  ownersLen;              //2:the number of elts in Owners
 461     OicUuid_t               *owners;                //3:R:M:Y:oic.uuid
 462     OicSecSvc_t             *next;
 463 };
 464
 465 #ifdef __WITH_X509__
 466 struct OicSecCrl
 467 {
 468     uint16_t CrlId;
 469     ByteArray ThisUpdate;
 470     ByteArray CrlData;
 471 };
 472 #endif /* __WITH_X509__ */
 473
 474 /**
 475  * @brief   direct pairing data type
 476  */
 477 typedef struct OicPin OicDpPin_t;
 478
 479 typedef struct OicSecPdAcl OicSecPdAcl_t;
 480
 481 typedef struct OicSecPconf OicSecPconf_t;
 482
 483 typedef struct OicSecDpairing OicSecDpairing_t;
 484
 485 #define DP_PIN_LENGTH 8 // temporary length
 486
 487 /**
 488  * @brief   /oic/sec/prmtype (Pairing Method Type) data type.
 489  *              0:  not allowed
 490  *              1:  pre-configured pin
 491  *              2:  random pin
 492  */
 493 typedef enum PRMBitmask
 494 {
 495     PRM_NOT_ALLOWED             = 0x0,
 496     PRM_PRE_CONFIGURED        = (0x1 << 0),
 497     PRM_RANDOM_PIN               = (0x1 << 1),
 498 } PRMBitmask_t;
 499
 500 typedef PRMBitmask_t OicSecPrm_t;
 501
 502
 503 struct OicPin
 504 {
 505     uint8_t             val[DP_PIN_LENGTH];
 506 };
 507
 508 /**
 509  * @brief   oic.sec.dpacltype (Device Pairing Access Control List) data type.
 510  */
 511 struct OicSecPdAcl
 512 {
 513     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 514     char                  **resources;        // 0:R:M:Y:String
 515     size_t                resourcesLen;      // the number of elts in Resources
 516     uint16_t             permission;        // 1:R:S:Y:UINT16
 517     char                  **periods;            // 2:R:M*:N:String (<--M*; see Spec)
 518     char                  **recurrences;    // 3:R:M:N:String
 519     size_t                prdRecrLen;         // the number of elts in Periods/Recurrences
 520     OicSecPdAcl_t    *next;
 521 };
 522
 523 /**
 524  * @brief   /oic/sec/pconf (Pairing Configuration) data type
 525  */
 526 struct OicSecPconf
 527 {
 528     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 529     bool                  edp;                // 0:W:S:M:Boolean
 530     OicSecPrm_t      *prm;              // 1:R:M:N:UINT16
 531     size_t                prmLen;          // the number of elts in Prm
 532     OicDpPin_t          pin;               // 2:R:S:Y:String
 533     OicSecPdAcl_t    *pdacls;         // 3:R:M:Y:oic.sec.pdacltype
 534     OicUuid_t           *pddevs;        // 4:R:M:Y:oic.uuid
 535     size_t                 pddevLen;     // the number of elts in pddev
 536     OicUuid_t           deviceID;       // 5:R:S:Y:oic.uuid
 537     OicUuid_t           rownerID;          // 6:R:S:Y:oic.uuid
 538 };
 539
 540 /**
 541  * @brief   /oic/sec/dpairing (Device Pairing) data type
 542  */
 543 struct OicSecDpairing
 544 {
 545     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 546     OicSecPrm_t      spm;               // 0:R/W:S:Y:UINT16
 547     OicUuid_t           pdeviceID;     // 1:R:S:Y:oic.uuid
 548     OicUuid_t           rownerID;          // 2:R:S:Y:oic.uuid
 549 };
 550
 551 #define MAX_VERSION_LEN 16 // Security Version length. i.e., 00.00.000 + reserved space
 552
 553 /**
 554  * @brief   security version data type
 555  */
 556 typedef struct OicSecVer OicSecVer_t;
 557
 558 /**
 559  * @brief   /oic/sec/ver (Security Version) data type
 560  */
 561 struct OicSecVer
 562 {
 563     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 564     char              secv[MAX_VERSION_LEN];          // 0:R:S:Y:String
 565     OicUuid_t       deviceID;     // 1:R:S:Y:oic.uuid
 566 };
 567
 568 #ifdef __cplusplus
 569 }
 570 #endif
 571
 572 #endif //OC_SECURITY_RESOURCE_TYPES_H