resource/csdk/security/provisioning/src/oxmrandompin.c

   1 /* *****************************************************************
   2  *
   3  * Copyright 2015 Samsung Electronics All Rights Reserved.
   4  *
   5  *
   6  *
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *     http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  *
  19  * *****************************************************************/
  20
  21 #include <memory.h>
  22
  23 #include "ocstack.h"
  24 #include "securevirtualresourcetypes.h"
  25 #include "doxmresource.h"
  26 #include "credresource.h"
  27 #include "cacommon.h"
  28 #include "cainterface.h"
  29 #include "ocrandom.h"
  30 #include "oic_malloc.h"
  31 #include "logger.h"
  32 #include "pbkdf2.h"
  33 #include "global.h"
  34 #include "base64.h"
  35 #include "oxmrandompin.h"
  36 #include "ownershiptransfermanager.h"
  37 #include "pinoxmcommon.h"
  38
  39 #define TAG "OXM_RandomPIN"
  40
  41 OCStackResult CreatePinBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
  42 {
  43     if(!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
  44     {
  45         return OC_STACK_INVALID_PARAM;
  46     }
  47
  48     otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_RANDOM_DEVICE_PIN;
  49
  50     return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
  51 }
  52
  53 OCStackResult CreatePinBasedOwnerTransferPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
  54 {
  55     if(!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
  56     {
  57         return OC_STACK_INVALID_PARAM;
  58     }
  59
  60     OicUuid_t uuidPT = {.id={0}};
  61     *payload = NULL;
  62     *size = 0;
  63
  64     if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
  65     {
  66         OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
  67         return OC_STACK_ERROR;
  68     }
  69     memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
  70
  71     return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
  72 }
  73
  74 OCStackResult InputPinCodeCallback(OTMContext_t *otmCtx)
  75 {
  76     if (!otmCtx || !otmCtx->selectedDeviceInfo)
  77     {
  78         return OC_STACK_INVALID_PARAM;
  79     }
  80
  81     uint8_t pinData[OXM_RANDOM_PIN_SIZE + 1];
  82
  83     OCStackResult res = InputPin((char*)pinData, OXM_RANDOM_PIN_SIZE + 1);
  84     if (OC_STACK_OK != res)
  85     {
  86         OIC_LOG(ERROR, TAG, "Failed to input PIN");
  87         return res;
  88     }
  89
  90     /**
  91      * Since PSK will be used directly while PIN based ownership transfer,
  92      * Credential should not be saved into SVR.
  93      * For this reason, We will use a temporary get_psk_info callback to random PIN OxM.
  94      */
  95
  96     if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskForRandomPinOxm))
  97     {
  98         OIC_LOG(ERROR, TAG, "Failed to register TLS credentials handler for random PIN OxM.");
  99         res = OC_STACK_ERROR;
 100     }
 101
 102     //Set the device id to derive temporal PSK
 103     SetUuidForRandomPinOxm(&(otmCtx->selectedDeviceInfo->doxm->deviceID));
 104
 105     return res;
 106 }
 107
 108 OCStackResult CreateSecureSessionRandomPinCallback(OTMContext_t* otmCtx)
 109 {
 110     OIC_LOG(INFO, TAG, "IN CreateSecureSessionRandomPinCallbak");
 111
 112     if (!otmCtx || !otmCtx->selectedDeviceInfo)
 113     {
 114         return OC_STACK_INVALID_PARAM;
 115     }
 116
 117     CAResult_t caresult = CAEnableAnonECDHCipherSuite(false);
 118     if (CA_STATUS_OK != caresult)
 119     {
 120         OIC_LOG_V(ERROR, TAG, "Unable to disable anon cipher suite");
 121         return OC_STACK_ERROR;
 122     }
 123     OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
 124
 125     caresult  = CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256, otmCtx->selectedDeviceInfo->endpoint.adapter);
 126     if (CA_STATUS_OK != caresult)
 127     {
 128         OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256");
 129         return OC_STACK_ERROR;
 130     }
 131     OIC_LOG(INFO, TAG, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256 cipher suite selected.");
 132
 133     OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
 134     CAEndpoint_t endpoint;
 135     memcpy(&endpoint, &selDevInfo->endpoint, sizeof(CAEndpoint_t));
 136
 137     if(CA_ADAPTER_IP == endpoint.adapter)
 138     {
 139         endpoint.port = selDevInfo->securePort;
 140         caresult = CAInitiateHandshake(&endpoint);
 141     }
 142 #ifdef __WITH_TLS__
 143     else
 144     {
 145         endpoint.port = selDevInfo->tcpPort;
 146         caresult = CAinitiateSslHandshake(&endpoint);
 147     }
 148 #endif
 149     if (CA_STATUS_OK != caresult)
 150     {
 151         OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
 152         return OC_STACK_ERROR;
 153     }
 154
 155     OIC_LOG(INFO, TAG, "OUT CreateSecureSessionRandomPinCallbak");
 156
 157     return OC_STACK_OK;
 158 }