resource/csdk/security/include/securevirtualresourcetypes.h

   1 //******************************************************************
   2 //
   3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
   4 //
   5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   6 //
   7 // Licensed under the Apache License, Version 2.0 (the "License");
   8 // you may not use this file except in compliance with the License.
   9 // You may obtain a copy of the License at
  10 //
  11 //      http://www.apache.org/licenses/LICENSE-2.0
  12 //
  13 // Unless required by applicable law or agreed to in writing, software
  14 // distributed under the License is distributed on an "AS IS" BASIS,
  15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 // See the License for the specific language governing permissions and
  17 // limitations under the License.
  18 //
  19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  20
  21 /**
  22  * Data type definitions for all oic.sec.* types defined in the
  23  * OIC Security Specification.
  24  *
  25  * Note that throughout, ptrs are used rather than arrays.  There
  26  * are two primary reasons for this:
  27  * 1) The Spec defines many structures with optional fields, so pre-
  28  *    allocating these would be wasteful.
  29  * 2) There are in many cases arrays of Strings or arrays of Structs,
  30  *    which could not be defined as variable length arrays (e.g. array[])
  31  *    without breaking from the structure order and definition in the Spec.
  32  *
  33  * The primary drawback to this decision is that marshalling functions
  34  * will have to be written by hand to marshal these structures (e.g. to/from
  35  * Persistent Storage, or across memory boundaries).
  36  *
  37  * TODO reconcile against latest OIC Security Spec to ensure all fields correct.
  38  * (Last checked against v0.95)
  39  */
  40
  41 #ifndef OC_SECURITY_RESOURCE_TYPES_H
  42 #define OC_SECURITY_RESOURCE_TYPES_H
  43
  44 #include "iotivity_config.h"
  45
  46 #include <stdint.h> // for uint8_t typedef
  47 #include <stdbool.h>
  48 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
  49 #include "byte_array.h"
  50 #endif /* __WITH_DTLS__  or __WITH_TLS__*/
  51
  52 #ifdef __cplusplus
  53 extern "C" {
  54 #endif
  55
  56 /**
  57  * Values used to create bit-maskable enums for single-value response with
  58  * embedded code.
  59  */
  60 #define ACCESS_GRANTED_DEF            (1 << 0)
  61 #define ACCESS_DENIED_DEF             (1 << 1)
  62 #define INSUFFICIENT_PERMISSION_DEF   (1 << 2)
  63 #define SUBJECT_NOT_FOUND_DEF         (1 << 3)
  64 #define RESOURCE_NOT_FOUND_DEF        (1 << 4)
  65 #define POLICY_ENGINE_ERROR_DEF       (1 << 5)
  66 #define INVALID_PERIOD_DEF            (1 << 6)
  67 #define ACCESS_WAITING_DEF            (1 << 7)
  68 #define AMS_SERVICE_DEF               (1 << 8)
  69 #define REASON_MASK_DEF               (INSUFFICIENT_PERMISSION_DEF | \
  70                                        INVALID_PERIOD_DEF | \
  71                                        SUBJECT_NOT_FOUND_DEF | \
  72                                        RESOURCE_NOT_FOUND_DEF | \
  73                                        POLICY_ENGINE_ERROR_DEF)
  74
  75
  76 /**
  77  * Access policy in least significant bits (from Spec):
  78  * 1st lsb:  C (Create)
  79  * 2nd lsb:  R (Read, Observe, Discover)
  80  * 3rd lsb:  U (Write, Update)
  81  * 4th lsb:  D (Delete)
  82  * 5th lsb:  N (Notify)
  83  */
  84 #define PERMISSION_CREATE       (1 << 0)
  85 #define PERMISSION_READ         (1 << 1)
  86 #define PERMISSION_WRITE        (1 << 2)
  87 #define PERMISSION_DELETE       (1 << 3)
  88 #define PERMISSION_NOTIFY       (1 << 4)
  89 #define PERMISSION_FULL_CONTROL (PERMISSION_CREATE | \
  90                                  PERMISSION_READ | \
  91                                  PERMISSION_WRITE | \
  92                                  PERMISSION_DELETE | \
  93                                  PERMISSION_NOTIFY)
  94
  95 /**
  96  * @brief   Response type for all Action requests from CA layer;
  97  *          may include a reason code.
  98  *
  99  * To extract codes use GetReasonCode function on SRMAccessResponse:
 100  *
 101  * SRMAccessResponse_t response = SRMRequestHandler(obj, info);
 102  * if(SRM_TRUE == IsAccessGranted(response)) {
 103  *     SRMAccessResponseReasonCode_t reason = GetReasonCode(response);
 104  *     switch(reason) {
 105  *         case INSUFFICIENT_PERMISSION:
 106  *         ...etc.
 107  *     }
 108  * }
 109  */
 110 typedef enum
 111 {
 112     ACCESS_GRANTED = ACCESS_GRANTED_DEF,
 113     ACCESS_DENIED = ACCESS_DENIED_DEF,
 114     ACCESS_DENIED_INVALID_PERIOD = ACCESS_DENIED_DEF
 115         | INVALID_PERIOD_DEF,
 116     ACCESS_DENIED_INSUFFICIENT_PERMISSION = ACCESS_DENIED_DEF
 117         | INSUFFICIENT_PERMISSION_DEF,
 118     ACCESS_DENIED_SUBJECT_NOT_FOUND = ACCESS_DENIED_DEF
 119         | SUBJECT_NOT_FOUND_DEF,
 120     ACCESS_DENIED_RESOURCE_NOT_FOUND = ACCESS_DENIED_DEF
 121         | RESOURCE_NOT_FOUND_DEF,
 122     ACCESS_DENIED_POLICY_ENGINE_ERROR = ACCESS_DENIED_DEF
 123         | POLICY_ENGINE_ERROR_DEF,
 124     ACCESS_WAITING_FOR_AMS = ACCESS_WAITING_DEF
 125         | AMS_SERVICE_DEF,
 126     ACCESS_DENIED_AMS_SERVICE_ERROR = ACCESS_DENIED
 127         | AMS_SERVICE_DEF
 128 } SRMAccessResponse_t;
 129
 130 /**
 131  * Reason code for SRMAccessResponse.
 132  */
 133 typedef enum
 134 {
 135     NO_REASON_GIVEN = 0,
 136     INSUFFICIENT_PERMISSION = INSUFFICIENT_PERMISSION_DEF,
 137     SUBJECT_NOT_FOUND = SUBJECT_NOT_FOUND_DEF,
 138     RESOURCE_NOT_FOUND = RESOURCE_NOT_FOUND_DEF,
 139 } SRMAccessResponseReasonCode_t;
 140
 141 /**
 142  * Extract Reason Code from Access Response.
 143  */
 144 INLINE_API SRMAccessResponseReasonCode_t GetReasonCode(
 145     SRMAccessResponse_t response)
 146 {
 147     SRMAccessResponseReasonCode_t reason =
 148         (SRMAccessResponseReasonCode_t)(response & REASON_MASK_DEF);
 149     return reason;
 150 }
 151
 152 /**
 153  * Returns 'true' iff request should be passed on to RI layer.
 154  */
 155 INLINE_API bool IsAccessGranted(SRMAccessResponse_t response)
 156 {
 157     if(ACCESS_GRANTED == (response & ACCESS_GRANTED))
 158     {
 159         return true;
 160     }
 161     else
 162     {
 163         return false;
 164     }
 165 }
 166
 167 typedef struct OicSecRsrc OicSecRsrc_t;
 168
 169 typedef struct OicSecValidity OicSecValidity_t;
 170
 171 typedef struct OicSecAce OicSecAce_t;
 172
 173 typedef struct OicSecAcl OicSecAcl_t;
 174
 175 typedef struct OicSecAmacl OicSecAmacl_t;
 176
 177 typedef struct OicSecCred OicSecCred_t;
 178
 179 /**
 180  * Aid for assigning/testing vals with OicSecCredType_t.
 181  * Example:
 182  *  OicSecCredType_t ct = PIN_PASSWORD | ASYMMETRIC_KEY;
 183  *  if((ct & PIN_PASSWORD) == PIN_PASSWORD)
 184  *  {
 185  *      // ct contains PIN_PASSWORD flag.
 186  *  }
 187  */
 188 typedef enum OSCTBitmask
 189 {
 190     NO_SECURITY_MODE                = 0x0,
 191     SYMMETRIC_PAIR_WISE_KEY         = (0x1 << 0),
 192     SYMMETRIC_GROUP_KEY             = (0x1 << 1),
 193     ASYMMETRIC_KEY                  = (0x1 << 2),
 194     SIGNED_ASYMMETRIC_KEY           = (0x1 << 3),
 195     PIN_PASSWORD                    = (0x1 << 4),
 196     ASYMMETRIC_ENCRYPTION_KEY       = (0x1 << 5),
 197 } OSCTBitmask_t;
 198
 199 /**
 200  * /oic/sec/credtype (Credential Type) data type.
 201  * Derived from OIC Security Spec /oic/sec/cred; see Spec for details.
 202  *              0:  no security mode
 203  *              1:  symmetric pair-wise key
 204  *              2:  symmetric group key
 205  *              4:  asymmetric key
 206  *              8:  signed asymmetric key (aka certificate)
 207  *              16: PIN /password
 208  */
 209 typedef OSCTBitmask_t OicSecCredType_t;
 210
 211 typedef struct OicSecDoxm OicSecDoxm_t;
 212
 213 typedef enum OicSecDpm
 214 {
 215     NORMAL                          = 0x0,
 216     RESET                           = (0x1 << 0),
 217     TAKE_OWNER                      = (0x1 << 1),
 218     BOOTSTRAP_SERVICE               = (0x1 << 2),
 219     SECURITY_MANAGEMENT_SERVICES    = (0x1 << 3),
 220     PROVISION_CREDENTIALS           = (0x1 << 4),
 221     PROVISION_ACLS                  = (0x1 << 5),
 222     // << 6 THROUGH 15 RESERVED
 223 } OicSecDpm_t;
 224
 225 // These types are taken from the Security Spec v1.1.12 /pstat resource definition
 226 // Note that per the latest spec, there is NO definition for Multiple Service Client Directed
 227 // provisioning mode, so that enum value has been removed.
 228 typedef enum OicSecDpom
 229 {
 230     MULTIPLE_SERVICE_SERVER_DRIVEN    = (0x1 << 0),
 231     SINGLE_SERVICE_SERVER_DRIVEN      = (0x1 << 1),
 232     SINGLE_SERVICE_CLIENT_DRIVEN      = (0x1 << 2),
 233 } OicSecDpom_t;
 234
 235 typedef enum OicSecSvcType
 236 {
 237     SERVICE_UNKNOWN                 = 0x0,
 238     ACCESS_MGMT_SERVICE             = 0x1,  //urn:oic.sec.ams
 239 } OicSecSvcType_t;
 240
 241
 242 //TODO: Need more clarification on deviceIDFormat field type.
 243 #if 0
 244 typedef enum
 245 {
 246     URN = 0x0
 247 }OicSecDvcIdFrmt_t;
 248 #endif
 249
 250 typedef enum
 251 {
 252     OIC_R_ACL_TYPE = 0,
 253     OIC_R_AMACL_TYPE,
 254     OIC_R_CRED_TYPE,
 255     OIC_R_CRL_TYPE,
 256     OIC_R_DOXM_TYPE,
 257     OIC_R_DPAIRING_TYPE,
 258     OIC_R_PCONF_TYPE,
 259     OIC_R_PSTAT_TYPE,
 260     OIC_R_SACL_TYPE,
 261     OIC_R_SVC_TYPE,
 262     OIC_SEC_SVR_TYPE_COUNT, //define the value to number of SVR
 263     NOT_A_SVR_RESOURCE = 99
 264 }OicSecSvrType_t;
 265
 266 typedef enum
 267 {
 268     OIC_JUST_WORKS                          = 0x0,
 269     OIC_RANDOM_DEVICE_PIN                   = 0x1,
 270     OIC_MANUFACTURER_CERTIFICATE           = 0x2,
 271     OIC_OXM_COUNT
 272 }OicSecOxm_t;
 273
 274 typedef enum
 275 {
 276     OIC_ENCODING_UNKNOW = 0,
 277     OIC_ENCODING_RAW = 1,
 278     OIC_ENCODING_BASE64 = 2,
 279     OIC_ENCODING_PEM = 3,
 280     OIC_ENCODING_DER = 4
 281 }OicEncodingType_t;
 282
 283 typedef struct OicSecKey OicSecKey_t;
 284
 285 typedef struct OicSecPstat OicSecPstat_t;
 286
 287 typedef struct OicSecRole OicSecRole_t;
 288
 289 typedef struct OicSecSacl OicSecSacl_t;
 290
 291 typedef struct OicSecSvc OicSecSvc_t;
 292
 293 typedef char *OicUrn_t; //TODO is URN type defined elsewhere?
 294
 295 typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere?
 296
 297
 298 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
 299 typedef struct OicSecCrl OicSecCrl_t;
 300 typedef ByteArray_t OicSecCert_t;
 301 #else
 302 typedef void OicSecCert_t;
 303 #endif /* __WITH_DTLS__ or __WITH_TLS__*/
 304
 305 /**
 306  * /oic/uuid (Universal Unique Identifier) data type.
 307  */
 308 #define UUID_LENGTH 128/8 // 128-bit GUID length
 309 //TODO: Confirm the length and type of ROLEID.
 310 #define ROLEID_LENGTH 128/8 // 128-bit ROLEID length
 311 #define OWNER_PSK_LENGTH_128 128/8 //byte size of 128-bit key size
 312 #define OWNER_PSK_LENGTH_256 256/8 //byte size of 256-bit key size
 313
 314 struct OicUuid
 315 {
 316     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 317     //TODO fill in unless this is defined elsewhere?
 318     uint8_t             id[UUID_LENGTH];
 319 };
 320
 321 /**
 322  * /oic/sec/jwk (JSON Web Key) data type.
 323  * See JSON Web Key (JWK)  draft-ietf-jose-json-web-key-41
 324  */
 325 #define JWK_LENGTH 256/8 // 256 bit key length
 326 struct OicSecKey
 327 {
 328     uint8_t                *data;
 329     size_t                  len;
 330
 331     // TODO: This field added as workaround. Will be replaced soon.
 332     OicEncodingType_t encoding;
 333
 334 };
 335
 336 struct OicSecRsrc
 337 {
 338     char *href; // 0:R:S:Y:String
 339     char *rel; // 1:R:S:N:String
 340     char** types; // 2:R:S:N:String Array
 341     size_t typeLen; // the number of elts in types
 342     char** interfaces; // 3:R:S:N:String Array
 343     size_t interfaceLen; // the number of elts in interfaces
 344     OicSecRsrc_t *next;
 345 };
 346
 347 struct OicSecValidity
 348 {
 349     char* period; // 0:R:S:Y:String
 350     char** recurrences; // 1:R:M:Y:Array of String
 351     size_t recurrenceLen; // the number of elts in recurrence
 352     OicSecValidity_t *next;
 353 };
 354
 355 struct OicSecAce
 356 {
 357     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 358     OicUuid_t subjectuuid; // 0:R:S:Y:uuid
 359     OicSecRsrc_t *resources; // 1:R:M:Y:Resource
 360     uint16_t permission; // 2:R:S:Y:UINT16
 361     OicSecValidity_t *validities; // 3:R:M:N:Time-interval
 362     OicSecAce_t *next;
 363 };
 364
 365 /**
 366  * /oic/sec/acl (Access Control List) data type.
 367  * Derived from OIC Security Spec; see Spec for details.
 368  */
 369 struct OicSecAcl
 370 {
 371     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 372     OicUuid_t           rownerID;        // 0:R:S:Y:oic.uuid
 373     OicSecAce_t         *aces; // 1:R:M:N:ACE
 374 };
 375
 376 /**
 377  * /oic/sec/amacl (Access Manager Service Accesss Control List) data type.
 378  * Derived from OIC Security Spec; see Spec for details.
 379  */
 380 struct OicSecAmacl
 381 {
 382     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 383     size_t              resourcesLen;   // the number of elts in Resources
 384     char                **resources;    // 0:R:M:Y:String
 385     size_t              amssLen;        // the number of elts in Amss
 386     OicUuid_t           *amss;          // 1:R:M:Y:acl
 387     OicUuid_t           rownerID;        // 2:R:S:Y:oic.uuid
 388     OicSecAmacl_t         *next;
 389 };
 390
 391 /**
 392  * /oic/sec/cred (Credential) data type.
 393  * Derived from OIC Security Spec; see Spec for details.
 394  */
 395 struct OicSecCred
 396 {
 397     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 398     uint16_t            credId;         // 0:R:S:Y:UINT16
 399     OicUuid_t           subject;        // 1:R:S:Y:oic.uuid
 400     //Note: Need further clarification on roleID data type
 401     //NOTE: Need further clarification on roleId datatype.
 402     //size_t              roleIdsLen;     // the number of elts in RoleIds
 403     //OicSecRole_t        *roleIds;       // 2:R:M:N:oic.sec.role
 404     OicSecCredType_t    credType;       // 3:R:S:Y:oic.sec.credtype
 405 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
 406     OicSecCert_t        publicData;     // own cerificate chain
 407     char            *credUsage;            // 4:R:S:N:String
 408     OicSecKey_t        optionalData;   // CA's cerificate chain
 409 #endif /* __WITH_DTLS__  or __WITH_TLS__*/
 410     OicSecKey_t         privateData;    // 6:R:S:N:oic.sec.key
 411     char                *period;        // 7:R:S:N:String
 412     OicUuid_t           rownerID;        // 8:R:S:Y:oic.uuid
 413     OicSecCred_t        *next;
 414 };
 415
 416 /**
 417  * /oic/sec/doxm (Device Owner Transfer Methods) data type
 418  * Derived from OIC Security Spec; see Spec for details.
 419  */
 420 struct OicSecDoxm
 421 {
 422     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 423     OicUrn_t            *oxmType;       // 0:R:M:N:URN
 424     size_t              oxmTypeLen;     // the number of elts in OxmType
 425     OicSecOxm_t         *oxm;           // 1:R:M:N:UINT16
 426     size_t              oxmLen;         // the number of elts in Oxm
 427     OicSecOxm_t         oxmSel;         // 2:R/W:S:Y:UINT16
 428     OicSecCredType_t    sct;            // 3:R:S:Y:oic.sec.credtype
 429     bool                owned;          // 4:R:S:Y:Boolean
 430     //TODO: Need more clarification on deviceIDFormat field type.
 431     //OicSecDvcIdFrmt_t   deviceIDFormat; // 5:R:S:Y:UINT8
 432     OicUuid_t           deviceID;       // 6:R:S:Y:oic.uuid
 433     bool                dpc;            // 7:R:S:Y:Boolean
 434     OicUuid_t           owner;          // 8:R:S:Y:oic.uuid
 435     OicUuid_t           rownerID;       // 9:R:S:Y:oic.uuid
 436 };
 437
 438 /**
 439  * /oic/sec/pstat (Provisioning Status) data type.
 440  */
 441 struct OicSecPstat
 442 {
 443     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 444     bool                isOp;           // 0:R:S:Y:Boolean
 445     OicSecDpm_t         cm;             // 1:R:S:Y:oic.sec.dpm
 446     OicSecDpm_t         tm;             // 2:RW:S:Y:oic.sec.dpm
 447     OicUuid_t           deviceID;       // 3:R:S:Y:oic.uuid
 448     OicSecDpom_t        om;             // 4:RW:M:Y:oic.sec.dpom
 449     size_t              smLen;          // the number of elts in Sm
 450     OicSecDpom_t        *sm;            // 5:R:M:Y:oic.sec.dpom
 451     uint16_t            commitHash;     // 6:R:S:Y:oic.sec.sha256
 452     OicUuid_t           rownerID;       // 7:R:S:Y:oic.uuid
 453 };
 454
 455 /**
 456  * /oic/sec/role (Role) data type.
 457  * Derived from OIC Security Spec; see Spec for details.
 458  */
 459 struct OicSecRole
 460 {
 461     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 462     //TODO fill in with Role definition
 463     uint8_t             id[ROLEID_LENGTH];
 464 };
 465
 466 /**
 467  * /oic/sec/sacl (Signed Access Control List) data type.
 468  * Derived from OIC Security Spec; see Spec for details.
 469  */
 470 struct OicSecSacl
 471 {
 472     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 473     //TODO fill in from OIC Security Spec
 474 #if defined(_MSC_VER)
 475     uint8_t unused; // VS doesn't like empty structs
 476 #endif
 477 };
 478
 479 /**
 480  * /oic/sec/svc (Service requiring a secure connection) data type.
 481  * Derived from OIC Security Spec; see Spec for details.
 482  */
 483 struct OicSecSvc
 484 {
 485     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 486     OicUuid_t               svcdid;                 //0:R:S:Y:oic.uuid
 487     OicSecSvcType_t         svct;                   //1:R:M:Y:OIC Service Type
 488     size_t                  ownersLen;              //2:the number of elts in Owners
 489     OicUuid_t               *owners;                //3:R:M:Y:oic.uuid
 490     OicSecSvc_t             *next;
 491 };
 492
 493 #if defined(__WITH_DTLS__) ||  defined(__WITH_TLS__)
 494 struct OicSecCrl
 495 {
 496     uint16_t CrlId;
 497     ByteArray_t ThisUpdate;
 498     OicSecKey_t CrlData;
 499 };
 500 #endif /* __WITH_DTLS__ or __WITH_TLS__ */
 501
 502 /**
 503  * @brief   direct pairing data type
 504  */
 505 typedef struct OicPin OicDpPin_t;
 506
 507 typedef struct OicSecPdAcl OicSecPdAcl_t;
 508
 509 typedef struct OicSecPconf OicSecPconf_t;
 510
 511 typedef struct OicSecDpairing OicSecDpairing_t;
 512
 513 #define DP_PIN_LENGTH 8 // temporary length
 514
 515 /**
 516  * @brief   /oic/sec/prmtype (Pairing Method Type) data type.
 517  *              0:  not allowed
 518  *              1:  pre-configured pin
 519  *              2:  random pin
 520  */
 521 typedef enum PRMBitmask
 522 {
 523     PRM_NOT_ALLOWED             = 0x0,
 524     PRM_PRE_CONFIGURED        = (0x1 << 0),
 525     PRM_RANDOM_PIN               = (0x1 << 1),
 526 } PRMBitmask_t;
 527
 528 typedef PRMBitmask_t OicSecPrm_t;
 529
 530
 531 struct OicPin
 532 {
 533     uint8_t             val[DP_PIN_LENGTH];
 534 };
 535
 536 /**
 537  * @brief   oic.sec.dpacltype (Device Pairing Access Control List) data type.
 538  */
 539 struct OicSecPdAcl
 540 {
 541     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 542     char                  **resources;        // 0:R:M:Y:String
 543     size_t                resourcesLen;      // the number of elts in Resources
 544     uint16_t             permission;        // 1:R:S:Y:UINT16
 545     char                  **periods;            // 2:R:M*:N:String (<--M*; see Spec)
 546     char                  **recurrences;    // 3:R:M:N:String
 547     size_t                prdRecrLen;         // the number of elts in Periods/Recurrences
 548     OicSecPdAcl_t    *next;
 549 };
 550
 551 /**
 552  * @brief   /oic/sec/pconf (Pairing Configuration) data type
 553  */
 554 struct OicSecPconf
 555 {
 556     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 557     bool                  edp;                // 0:W:S:M:Boolean
 558     OicSecPrm_t      *prm;              // 1:R:M:N:UINT16
 559     size_t                prmLen;          // the number of elts in Prm
 560     OicDpPin_t          pin;               // 2:R:S:Y:String
 561     OicSecPdAcl_t    *pdacls;         // 3:R:M:Y:oic.sec.pdacltype
 562     OicUuid_t           *pddevs;        // 4:R:M:Y:oic.uuid
 563     size_t                 pddevLen;     // the number of elts in pddev
 564     OicUuid_t           deviceID;       // 5:R:S:Y:oic.uuid
 565     OicUuid_t           rownerID;          // 6:R:S:Y:oic.uuid
 566 };
 567
 568 /**
 569  * @brief   /oic/sec/dpairing (Device Pairing) data type
 570  */
 571 struct OicSecDpairing
 572 {
 573     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 574     OicSecPrm_t      spm;               // 0:R/W:S:Y:UINT16
 575     OicUuid_t           pdeviceID;     // 1:R:S:Y:oic.uuid
 576     OicUuid_t           rownerID;          // 2:R:S:Y:oic.uuid
 577 };
 578
 579 #define MAX_VERSION_LEN 16 // Security Version length. i.e., 00.00.000 + reserved space
 580
 581 /**
 582  * @brief   security version data type
 583  */
 584 typedef struct OicSecVer OicSecVer_t;
 585
 586 /**
 587  * @brief   /oic/sec/ver (Security Version) data type
 588  */
 589 struct OicSecVer
 590 {
 591     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
 592     char              secv[MAX_VERSION_LEN];          // 0:R:S:Y:String
 593     OicUuid_t       deviceID;     // 1:R:S:Y:oic.uuid
 594 };
 595
 596 #ifdef __cplusplus
 597 }
 598 #endif
 599
 600 #endif //OC_SECURITY_RESOURCE_TYPES_H