1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #define __STDC_LIMIT_MACROS
23 #include "iotivity_config.h"
34 #include "cainterface.h"
35 #include "payload_logging.h"
39 #include "ocserverrequest.h"
40 #include "oic_malloc.h"
41 #include "oic_string.h"
42 #include "ocpayload.h"
43 #include "ocpayloadcbor.h"
45 #include "credresource.h"
46 #include "doxmresource.h"
47 #include "pstatresource.h"
48 #include "iotvticalendar.h"
50 #include "resourcemanager.h"
51 #include "srmresourcestrings.h"
52 #include "srmutility.h"
53 #include "psinterface.h"
54 #include "pinoxmcommon.h"
57 #include <sys/types.h>
67 #define TAG "SRM-CREDL"
69 /** Max credential types number used for TLS */
71 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
72 * The value of payload size is increased until reaching belox max cbor size. */
73 static const uint16_t CBOR_SIZE = 2048;
75 /** Max cbor size payload. */
76 static const uint16_t CBOR_MAX_SIZE = 4400;
78 /** CRED size - Number of mandatory items. */
79 static const uint8_t CRED_ROOT_MAP_SIZE = 4;
80 static const uint8_t CRED_MAP_SIZE = 3;
83 static OicSecCred_t *gCred = NULL;
84 static OCResourceHandle gCredHandle = NULL;
86 typedef enum CredCompareResult{
88 CRED_CMP_NOT_EQUAL = 1,
93 * Internal function to check credential
95 static bool IsVaildCredential(const OicSecCred_t* cred)
97 OicUuid_t emptyUuid = {.id={0}};
100 OIC_LOG(DEBUG, TAG, "IN IsVaildCredential");
102 VERIFY_NON_NULL(TAG, cred, ERROR);
103 VERIFY_SUCCESS(TAG, 0 != cred->credId, ERROR);
104 OIC_LOG_V(DEBUG, TAG, "Cred ID = %d", cred->credId);
106 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
107 OIC_LOG_V(DEBUG, TAG, "Cred Type = %d", cred->credType);
109 switch(cred->credType)
111 case SYMMETRIC_PAIR_WISE_KEY:
112 case SYMMETRIC_GROUP_KEY:
115 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
116 VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
117 VERIFY_SUCCESS(TAG, \
118 (OIC_ENCODING_RAW == cred->privateData.encoding || \
119 OIC_ENCODING_BASE64 == cred->privateData.encoding), \
125 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
126 VERIFY_SUCCESS(TAG, 0 != cred->publicData.len, ERROR);
129 case SIGNED_ASYMMETRIC_KEY:
131 VERIFY_SUCCESS(TAG, (NULL != cred->publicData.data ||NULL != cred->optionalData.data) , ERROR);
132 VERIFY_SUCCESS(TAG, (0 != cred->publicData.len || 0 != cred->optionalData.len), ERROR);
134 if(NULL != cred->optionalData.data)
136 VERIFY_SUCCESS(TAG, \
137 (OIC_ENCODING_RAW == cred->optionalData.encoding ||\
138 OIC_ENCODING_BASE64 == cred->optionalData.encoding || \
139 OIC_ENCODING_PEM == cred->optionalData.encoding || \
140 OIC_ENCODING_DER == cred->optionalData.encoding), \
145 case ASYMMETRIC_ENCRYPTION_KEY:
147 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
148 VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
149 VERIFY_SUCCESS(TAG, \
150 (OIC_ENCODING_RAW == cred->privateData.encoding ||\
151 OIC_ENCODING_BASE64 == cred->privateData.encoding || \
152 OIC_ENCODING_PEM == cred->privateData.encoding || \
153 OIC_ENCODING_DER == cred->privateData.encoding), \
159 OIC_LOG(WARNING, TAG, "Unknown credential type");
165 VERIFY_SUCCESS(TAG, 0 != memcmp(emptyUuid.id, cred->subject.id, sizeof(cred->subject.id)), ERROR);
167 OIC_LOG(DEBUG, TAG, "OUT IsVaildCredential");
170 OIC_LOG(WARNING, TAG, "OUT IsVaildCredential : Invalid Credential detected.");
175 * This function frees OicSecCred_t object's fields and object itself.
177 static void FreeCred(OicSecCred_t *cred)
181 OIC_LOG(ERROR, TAG, "Invalid Parameter");
184 //Note: Need further clarification on roleID data type
187 OICFree(cred->roleIds);
190 //Clean PublicData/OptionalData/Credusage
191 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
192 // TODO: Need to check credUsage.
193 OICFree(cred->publicData.data);
194 OICFree(cred->optionalData.data);
195 OICFree(cred->credUsage);
197 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
200 OICFree(cred->privateData.data);
203 OICFree(cred->period);
205 #ifdef _ENABLE_MULTIPLE_OWNER_
207 OICFree(cred->eownerID);
210 //Clean Cred node itself
214 void DeleteCredList(OicSecCred_t* cred)
218 OicSecCred_t *credTmp1 = NULL, *credTmp2 = NULL;
219 LL_FOREACH_SAFE(cred, credTmp1, credTmp2)
221 LL_DELETE(cred, credTmp1);
227 size_t GetCredKeyDataSize(const OicSecCred_t* cred)
232 OicSecCred_t *credPtr = NULL, *credTmp = NULL;
233 LL_FOREACH_SAFE((OicSecCred_t*)cred, credPtr, credTmp)
235 if (credPtr->privateData.data && 0 < credPtr->privateData.len)
237 size += credPtr->privateData.len;
239 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
240 if (credPtr->publicData.data && 0 < credPtr->publicData.len)
242 size += credPtr->publicData.len;
244 if (credPtr->optionalData.data && 0 < credPtr->optionalData.len)
246 size += credPtr->optionalData.len;
251 OIC_LOG_V(DEBUG, TAG, "Cred Key Data Size : %zd\n", size);
255 static size_t OicSecCredCount(const OicSecCred_t *secCred)
258 for (const OicSecCred_t *cred = secCred; cred; cred = cred->next)
265 OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload,
266 size_t *cborSize, int secureFlag)
268 if (NULL == credS || NULL == cborPayload || NULL != *cborPayload || NULL == cborSize)
270 return OC_STACK_INVALID_PARAM;
273 OCStackResult ret = OC_STACK_ERROR;
275 CborError cborEncoderResult = CborNoError;
276 uint8_t *outPayload = NULL;
277 size_t cborLen = *cborSize;
280 const OicSecCred_t *cred = credS;
282 CborEncoder credArray;
283 CborEncoder credRootMap;
290 outPayload = (uint8_t *)OICCalloc(1, cborLen);
291 VERIFY_NON_NULL(TAG, outPayload, ERROR);
292 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
294 // Create CRED Root Map (creds, rownerid)
295 cborEncoderResult = cbor_encoder_create_map(&encoder, &credRootMap, CRED_ROOT_MAP_SIZE);
296 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Root Map");
299 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_CREDS_NAME,
300 strlen(OIC_JSON_CREDS_NAME));
301 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding creds Name Tag.");
304 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &credArray, OicSecCredCount(cred));
305 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Array.");
310 size_t mapSize = CRED_MAP_SIZE;
317 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
318 #ifdef _ENABLE_MULTIPLE_OWNER_
323 #endif //_ENABLE_MULTIPLE_OWNER_
325 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
329 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
337 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
338 if (!secureFlag && cred->privateData.data)
342 cborEncoderResult = cbor_encoder_create_map(&credArray, &credMap, mapSize);
343 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map");
345 //CredID -- Mandatory
346 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDID_NAME,
347 strlen(OIC_JSON_CREDID_NAME));
348 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Tag. ");
349 cborEncoderResult = cbor_encode_int(&credMap, cred->credId);
350 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Value.");
352 //Subject -- Mandatory
353 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_SUBJECTID_NAME,
354 strlen(OIC_JSON_SUBJECTID_NAME));
355 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Tag.");
356 inLen = (memcmp(&(cred->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN) == 0) ?
357 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
358 if(inLen == WILDCARD_SUBJECT_ID_LEN)
360 cborEncoderResult = cbor_encode_text_string(&credMap, WILDCARD_RESOURCE_URI,
361 strlen(WILDCARD_RESOURCE_URI));
362 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
366 char *subject = NULL;
367 ret = ConvertUuidToStr(&cred->subject, &subject);
368 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
369 cborEncoderResult = cbor_encode_text_string(&credMap, subject, strlen(subject));
370 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
374 //CredType -- Mandatory
375 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDTYPE_NAME,
376 strlen(OIC_JSON_CREDTYPE_NAME));
377 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag.");
378 cborEncoderResult = cbor_encode_int(&credMap, cred->credType);
379 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value.");
381 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
382 //PublicData -- Not Mandatory
383 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
385 CborEncoder publicMap;
386 const size_t publicMapSize = 2;
388 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PUBLICDATA_NAME,
389 strlen(OIC_JSON_PUBLICDATA_NAME));
390 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Tag.");
392 cborEncoderResult = cbor_encoder_create_map(&credMap, &publicMap, publicMapSize);
393 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Map");
395 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_DATA_NAME,
396 strlen(OIC_JSON_DATA_NAME));
397 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Data Tag.");
398 cborEncoderResult = cbor_encode_byte_string(&publicMap, cred->publicData.data,
399 cred->publicData.len);
400 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Value.");
402 // TODO: Need to data strucure modification for OicSecCert_t.
403 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_ENCODING_NAME,
404 strlen(OIC_JSON_ENCODING_NAME));
405 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Tag.");
406 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_SEC_ENCODING_DER,
407 strlen(OIC_SEC_ENCODING_DER));
408 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Value.");
410 cborEncoderResult = cbor_encoder_close_container(&credMap, &publicMap);
411 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PublicData Map.");
413 //OptionalData -- Not Mandatory
414 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
416 CborEncoder optionalMap;
417 const size_t optionalMapSize = 2;
419 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_OPTDATA_NAME,
420 strlen(OIC_JSON_OPTDATA_NAME));
421 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Tag.");
423 cborEncoderResult = cbor_encoder_create_map(&credMap, &optionalMap, optionalMapSize);
424 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Map");
426 // TODO: Need to data strucure modification for OicSecCert_t.
427 if(OIC_ENCODING_RAW == cred->optionalData.encoding)
429 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
430 strlen(OIC_JSON_ENCODING_NAME));
431 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
432 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_RAW,
433 strlen(OIC_SEC_ENCODING_RAW));
434 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
436 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
437 strlen(OIC_JSON_DATA_NAME));
438 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
439 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
440 cred->optionalData.len);
441 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
443 else if(OIC_ENCODING_BASE64 == cred->optionalData.encoding)
445 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
446 strlen(OIC_JSON_ENCODING_NAME));
447 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
448 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_BASE64,
449 strlen(OIC_SEC_ENCODING_BASE64));
450 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
452 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
453 strlen(OIC_JSON_DATA_NAME));
454 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
455 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
456 cred->optionalData.len);
457 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
459 else if(OIC_ENCODING_PEM == cred->optionalData.encoding)
461 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
462 strlen(OIC_JSON_ENCODING_NAME));
463 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
464 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_PEM,
465 strlen(OIC_SEC_ENCODING_PEM));
466 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
468 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
469 strlen(OIC_JSON_DATA_NAME));
470 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
471 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
472 cred->optionalData.len);
473 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
475 else if(OIC_ENCODING_DER == cred->optionalData.encoding)
477 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
478 strlen(OIC_JSON_ENCODING_NAME));
479 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
480 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_DER,
481 strlen(OIC_SEC_ENCODING_DER));
482 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
484 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
485 strlen(OIC_JSON_DATA_NAME));
486 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
487 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
488 cred->optionalData.len);
489 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
493 OIC_LOG(ERROR, TAG, "Unknown encoding type for optional data.");
494 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding optional Encoding Value.");
497 cborEncoderResult = cbor_encoder_close_container(&credMap, &optionalMap);
498 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing OptionalData Map.");
500 //CredUsage -- Not Mandatory
503 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDUSAGE_NAME,
504 strlen(OIC_JSON_CREDUSAGE_NAME));
505 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Tag.");
506 cborEncoderResult = cbor_encode_text_string(&credMap, cred->credUsage,
507 strlen(cred->credUsage));
508 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Value.");
510 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
511 //PrivateData -- Not Mandatory
512 if(!secureFlag && cred->privateData.data)
514 CborEncoder privateMap;
515 const size_t privateMapSize = 2;
517 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PRIVATEDATA_NAME,
518 strlen(OIC_JSON_PRIVATEDATA_NAME));
519 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Tag.");
521 cborEncoderResult = cbor_encoder_create_map(&credMap, &privateMap, privateMapSize);
522 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Map");
524 // TODO: Need to data strucure modification for OicSecKey_t.
525 // TODO: Added as workaround, will be replaced soon.
526 if(OIC_ENCODING_RAW == cred->privateData.encoding)
528 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
529 strlen(OIC_JSON_ENCODING_NAME));
530 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
531 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_RAW,
532 strlen(OIC_SEC_ENCODING_RAW));
533 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
535 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
536 strlen(OIC_JSON_DATA_NAME));
537 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
538 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
539 cred->privateData.len);
540 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
542 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
544 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
545 strlen(OIC_JSON_ENCODING_NAME));
546 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
547 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_BASE64,
548 strlen(OIC_SEC_ENCODING_BASE64));
549 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
551 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
552 strlen(OIC_JSON_DATA_NAME));
553 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
554 cborEncoderResult = cbor_encode_text_string(&privateMap, (char*)(cred->privateData.data),
555 cred->privateData.len);
556 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
558 else if(OIC_ENCODING_DER == cred->privateData.encoding)
560 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
561 strlen(OIC_JSON_ENCODING_NAME));
562 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
563 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_DER,
564 strlen(OIC_SEC_ENCODING_DER));
565 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
567 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
568 strlen(OIC_JSON_DATA_NAME));
569 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
570 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
571 cred->privateData.len);
572 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
576 OIC_LOG(ERROR, TAG, "Unknown encoding type for private data.");
577 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding Private Encoding Value.");
580 cborEncoderResult = cbor_encoder_close_container(&credMap, &privateMap);
581 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PrivateData Map.");
584 //Period -- Not Mandatory
587 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PERIOD_NAME,
588 strlen(OIC_JSON_PERIOD_NAME));
589 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Tag.");
590 cborEncoderResult = cbor_encode_text_string(&credMap, cred->period,
591 strlen(cred->period));
592 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Value.");
595 #ifdef _ENABLE_MULTIPLE_OWNER_
596 // Eownerid -- Not Mandatory
600 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_EOWNERID_NAME,
601 strlen(OIC_JSON_EOWNERID_NAME));
602 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding eownerId Name Tag.");
603 ret = ConvertUuidToStr(cred->eownerID, &eowner);
604 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
605 cborEncoderResult = cbor_encode_text_string(&credMap, eowner, strlen(eowner));
606 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value.");
609 #endif //_ENABLE_MULTIPLE_OWNER_
611 cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap);
612 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
616 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &credArray);
617 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Array.");
624 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_ROWNERID_NAME,
625 strlen(OIC_JSON_ROWNERID_NAME));
626 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
627 ret = ConvertUuidToStr(&cred->rownerID, &rowner);
628 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
629 cborEncoderResult = cbor_encode_text_string(&credRootMap, rowner, strlen(rowner));
630 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
636 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_RT_NAME,
637 strlen(OIC_JSON_RT_NAME));
638 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
639 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &rtArray, 1);
640 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
641 for (size_t i = 0; i < 1; i++)
643 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_CRED,
644 strlen(OIC_RSRC_TYPE_SEC_CRED));
645 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
647 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &rtArray);
648 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
652 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_IF_NAME,
653 strlen(OIC_JSON_IF_NAME));
654 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
655 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &ifArray, 1);
656 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
657 for (size_t i = 0; i < 1; i++)
659 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
660 strlen(OC_RSRVD_INTERFACE_DEFAULT));
661 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
663 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &ifArray);
664 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
667 // Close CRED Root Map
668 cborEncoderResult = cbor_encoder_close_container(&encoder, &credRootMap);
669 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing CRED Root Map.");
671 if (CborNoError == cborEncoderResult)
673 OIC_LOG(DEBUG, TAG, "CredToCBORPayload Successed");
674 *cborPayload = outPayload;
675 *cborSize = encoder.ptr - outPayload;
678 OIC_LOG(DEBUG, TAG, "CredToCBORPayload OUT");
680 if (CborErrorOutOfMemory == cborEncoderResult)
682 OIC_LOG(DEBUG, TAG, "CredToCBORPayload:CborErrorOutOfMemory : retry with more memory");
683 // reallocate and try again!
685 // Since the allocated initial memory failed, double the memory.
686 cborLen += encoder.ptr - encoder.end;
687 cborEncoderResult = CborNoError;
688 ret = CredToCBORPayload(credS, cborPayload, &cborLen, secureFlag);
692 if (CborNoError != cborEncoderResult)
694 OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload");
699 ret = OC_STACK_ERROR;
705 OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
706 OicSecCred_t **secCred)
708 if (NULL == cborPayload || NULL == secCred || NULL != *secCred || 0 == size)
710 return OC_STACK_INVALID_PARAM;
713 OCStackResult ret = OC_STACK_ERROR;
714 CborValue credCbor = { .parser = NULL };
715 CborParser parser = { .end = NULL };
716 CborError cborFindResult = CborNoError;
717 cbor_parser_init(cborPayload, size, 0, &parser, &credCbor);
719 OicSecCred_t *headCred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
721 // Enter CRED Root Map
722 CborValue CredRootMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
723 cborFindResult = cbor_value_enter_container(&credCbor, &CredRootMap);
724 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering CRED Root Map.");
726 while (cbor_value_is_valid(&CredRootMap))
728 char* tagName = NULL;
730 CborType type = cbor_value_get_type(&CredRootMap);
731 if (type == CborTextStringType && cbor_value_is_text_string(&CredRootMap))
733 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &tagName, &len, NULL);
734 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Root Map.");
735 cborFindResult = cbor_value_advance(&CredRootMap);
736 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Root Map.");
740 if (strcmp(tagName, OIC_JSON_CREDS_NAME) == 0)
745 CborValue credArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
746 cborFindResult = cbor_value_enter_container(&CredRootMap, &credArray);
747 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Array.");
749 while (cbor_value_is_valid(&credArray))
752 //CredId -- Mandatory
753 CborValue credMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
754 cborFindResult = cbor_value_enter_container(&credArray, &credMap);
755 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map.");
756 OicSecCred_t *cred = NULL;
764 cred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
765 OicSecCred_t *temp = headCred;
773 VERIFY_NON_NULL(TAG, cred, ERROR);
775 while(cbor_value_is_valid(&credMap) && cbor_value_is_text_string(&credMap))
778 CborType type = cbor_value_get_type(&credMap);
779 if (type == CborTextStringType)
781 cborFindResult = cbor_value_dup_text_string(&credMap, &name, &len, NULL);
782 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Map.");
783 cborFindResult = cbor_value_advance(&credMap);
784 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Map.");
789 if (strcmp(name, OIC_JSON_CREDID_NAME) == 0)
792 cborFindResult = cbor_value_get_uint64(&credMap, &credId);
793 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredId.");
794 cred->credId = (uint16_t)credId;
797 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
799 char *subjectid = NULL;
800 cborFindResult = cbor_value_dup_text_string(&credMap, &subjectid, &len, NULL);
801 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subjectid Value.");
802 if(strcmp(subjectid, WILDCARD_RESOURCE_URI) == 0)
804 cred->subject.id[0] = '*';
808 ret = ConvertStrToUuid(subjectid, &cred->subject);
809 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
814 if (strcmp(name, OIC_JSON_CREDTYPE_NAME) == 0)
816 uint64_t credType = 0;
817 cborFindResult = cbor_value_get_uint64(&credMap, &credType);
818 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredType.");
819 cred->credType = (OicSecCredType_t)credType;
822 if (strcmp(name, OIC_JSON_PRIVATEDATA_NAME) == 0)
824 CborValue privateMap = { .parser = NULL };
825 cborFindResult = cbor_value_enter_container(&credMap, &privateMap);
827 while (cbor_value_is_valid(&privateMap))
829 char* privname = NULL;
830 CborType type = cbor_value_get_type(&privateMap);
831 if (type == CborTextStringType && cbor_value_is_text_string(&privateMap))
833 cborFindResult = cbor_value_dup_text_string(&privateMap, &privname,
835 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
836 cborFindResult = cbor_value_advance(&privateMap);
837 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
841 // PrivateData::privdata -- Mandatory
842 if (strcmp(privname, OIC_JSON_DATA_NAME) == 0)
844 if(cbor_value_is_byte_string(&privateMap))
846 cborFindResult = cbor_value_dup_byte_string(&privateMap, &cred->privateData.data,
847 &cred->privateData.len, NULL);
849 else if(cbor_value_is_text_string(&privateMap))
851 cborFindResult = cbor_value_dup_text_string(&privateMap, (char**)(&cred->privateData.data),
852 &cred->privateData.len, NULL);
856 cborFindResult = CborErrorUnknownType;
857 OIC_LOG(ERROR, TAG, "Unknown type for private data.");
859 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PrivateData.");
862 // PrivateData::encoding -- Mandatory
863 if (strcmp(privname, OIC_JSON_ENCODING_NAME) == 0)
865 // TODO: Added as workaround. Will be replaced soon.
866 char* strEncoding = NULL;
867 cborFindResult = cbor_value_dup_text_string(&privateMap, &strEncoding, &len, NULL);
868 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
870 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
872 cred->privateData.encoding = OIC_ENCODING_RAW;
874 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
876 cred->privateData.encoding = OIC_ENCODING_BASE64;
881 cred->privateData.encoding = OIC_ENCODING_RAW;
882 OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for private data.");
885 OICFree(strEncoding);
888 if (cbor_value_is_valid(&privateMap))
890 cborFindResult = cbor_value_advance(&privateMap);
891 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing privatedata Map.");
897 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
898 //PublicData -- Not Mandatory
899 if (strcmp(name, OIC_JSON_PUBLICDATA_NAME) == 0)
901 CborValue pubMap = { .parser = NULL };
902 cborFindResult = cbor_value_enter_container(&credMap, &pubMap);
904 while (cbor_value_is_valid(&pubMap))
906 char* pubname = NULL;
907 CborType type = cbor_value_get_type(&pubMap);
908 if (type == CborTextStringType && cbor_value_is_text_string(&pubMap))
910 cborFindResult = cbor_value_dup_text_string(&pubMap, &pubname,
912 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
913 cborFindResult = cbor_value_advance(&pubMap);
914 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
918 // PrivateData::privdata -- Mandatory
919 if (strcmp(pubname, OIC_JSON_DATA_NAME) == 0 && cbor_value_is_byte_string(&pubMap))
921 cborFindResult = cbor_value_dup_byte_string(&pubMap, &cred->publicData.data,
922 &cred->publicData.len, NULL);
923 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PubData.");
925 // PublicData::encoding -- Mandatory
926 if (strcmp(pubname, OIC_JSON_ENCODING_NAME) == 0)
928 // TODO: Need to update data structure, just ignore encoding value now.
931 if (cbor_value_is_valid(&pubMap))
933 cborFindResult = cbor_value_advance(&pubMap);
934 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing publicdata Map.");
939 //OptionalData -- Not Mandatory
940 if (strcmp(name, OIC_JSON_OPTDATA_NAME) == 0)
942 CborValue optMap = { .parser = NULL };
943 cborFindResult = cbor_value_enter_container(&credMap, &optMap);
945 while (cbor_value_is_valid(&optMap))
947 char* optname = NULL;
948 CborType type = cbor_value_get_type(&optMap);
949 if (type == CborTextStringType && cbor_value_is_text_string(&optMap))
951 cborFindResult = cbor_value_dup_text_string(&optMap, &optname,
953 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
954 cborFindResult = cbor_value_advance(&optMap);
955 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
959 // OptionalData::optdata -- Mandatory
960 if (strcmp(optname, OIC_JSON_DATA_NAME) == 0)
962 if(cbor_value_is_byte_string(&optMap))
964 cborFindResult = cbor_value_dup_byte_string(&optMap, &cred->optionalData.data,
965 &cred->optionalData.len, NULL);
967 else if(cbor_value_is_text_string(&optMap))
969 cborFindResult = cbor_value_dup_text_string(&optMap, (char**)(&cred->optionalData.data),
970 &cred->optionalData.len, NULL);
974 cborFindResult = CborErrorUnknownType;
975 OIC_LOG(ERROR, TAG, "Unknown type for optional data.");
977 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding OptionalData.");
979 // OptionalData::encoding -- Mandatory
980 if (strcmp(optname, OIC_JSON_ENCODING_NAME) == 0)
982 // TODO: Added as workaround. Will be replaced soon.
983 char* strEncoding = NULL;
984 cborFindResult = cbor_value_dup_text_string(&optMap, &strEncoding, &len, NULL);
985 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
987 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
989 OIC_LOG(INFO,TAG,"cbor_value_is_byte_string");
990 cred->optionalData.encoding = OIC_ENCODING_RAW;
992 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
994 cred->optionalData.encoding = OIC_ENCODING_BASE64;
996 else if(strcmp(strEncoding, OIC_SEC_ENCODING_PEM) == 0)
998 cred->optionalData.encoding = OIC_ENCODING_PEM;
1000 else if(strcmp(strEncoding, OIC_SEC_ENCODING_DER) == 0)
1002 cred->optionalData.encoding = OIC_ENCODING_DER;
1007 cred->optionalData.encoding = OIC_ENCODING_RAW;
1008 OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for optional data.");
1010 OICFree(strEncoding);
1013 if (cbor_value_is_valid(&optMap))
1015 cborFindResult = cbor_value_advance(&optMap);
1016 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing optdata Map.");
1021 //Credusage -- Not Mandatory
1022 if (0 == strcmp(OIC_JSON_CREDUSAGE_NAME, name))
1024 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->credUsage, &len, NULL);
1025 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
1027 #endif //__WITH_DTLS__ || __WITH_TLS__
1029 if (0 == strcmp(OIC_JSON_PERIOD_NAME, name))
1031 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->period, &len, NULL);
1032 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
1035 #ifdef _ENABLE_MULTIPLE_OWNER_
1036 // Eowner uuid -- Not Mandatory
1037 if (strcmp(OIC_JSON_EOWNERID_NAME, name) == 0 && cbor_value_is_text_string(&credMap))
1039 char *eowner = NULL;
1040 cborFindResult = cbor_value_dup_text_string(&credMap, &eowner, &len, NULL);
1041 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding eownerId Value.");
1042 if(NULL == cred->eownerID)
1044 cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1045 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1047 ret = ConvertStrToUuid(eowner, cred->eownerID);
1049 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
1051 #endif //_ENABLE_MULTIPLE_OWNER_
1053 if (cbor_value_is_valid(&credMap))
1055 cborFindResult = cbor_value_advance(&credMap);
1056 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Map.");
1062 if (cbor_value_is_valid(&credArray))
1064 cborFindResult = cbor_value_advance(&credArray);
1065 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Array.");
1070 //ROwner -- Mandatory
1071 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0 && cbor_value_is_text_string(&CredRootMap))
1073 char *stRowner = NULL;
1074 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &stRowner, &len, NULL);
1075 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1077 ret = ConvertStrToUuid(stRowner, &headCred->rownerID);
1078 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1081 else if (NULL != gCred)
1083 memcpy(&(headCred->rownerID), &(gCred->rownerID), sizeof(OicUuid_t));
1087 if (cbor_value_is_valid(&CredRootMap))
1089 cborFindResult = cbor_value_advance(&CredRootMap);
1090 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Root Map.");
1094 *secCred = headCred;
1098 if (CborNoError != cborFindResult)
1100 DeleteCredList(headCred);
1103 ret = OC_STACK_ERROR;
1109 #ifdef _ENABLE_MULTIPLE_OWNER_
1110 bool IsValidCredentialAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, size_t size)
1112 OicSecCred_t* cred = NULL;
1113 bool isValidCred = false;
1115 OIC_LOG_BUFFER(DEBUG, TAG, cborPayload, size);
1117 VERIFY_NON_NULL(TAG, uuid, ERROR);
1118 VERIFY_NON_NULL(TAG, cborPayload, ERROR);
1119 VERIFY_SUCCESS(TAG, 0 != size, ERROR);
1120 VERIFY_SUCCESS(TAG, OC_STACK_OK == CBORPayloadToCred(cborPayload, size, &cred), ERROR);
1121 VERIFY_NON_NULL(TAG, cred, ERROR);
1122 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1123 VERIFY_SUCCESS(TAG, (memcmp(cred->eownerID->id, uuid->id, sizeof(uuid->id)) == 0), ERROR);
1128 DeleteCredList(cred);
1133 #endif //_ENABLE_MULTIPLE_OWNER_
1135 OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t credType,
1136 const OicSecCert_t * publicData, const OicSecKey_t* privateData,
1137 const OicUuid_t * rownerID, const OicUuid_t * eownerID)
1139 OIC_LOG(DEBUG, TAG, "IN GenerateCredential");
1142 OCStackResult ret = OC_STACK_ERROR;
1144 OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred));
1145 VERIFY_NON_NULL(TAG, cred, ERROR);
1147 //CredId is assigned before appending new cred to the existing
1148 //credential list and updating svr database in AddCredential().
1151 VERIFY_NON_NULL(TAG, subject, ERROR);
1152 memcpy(cred->subject.id, subject->id , sizeof(cred->subject.id));
1154 VERIFY_SUCCESS(TAG, credType < (NO_SECURITY_MODE | SYMMETRIC_PAIR_WISE_KEY |
1155 SYMMETRIC_GROUP_KEY | ASYMMETRIC_KEY | SIGNED_ASYMMETRIC_KEY | PIN_PASSWORD), ERROR);
1156 cred->credType = credType;
1158 #ifdef __WITH_DTLS__
1159 if (publicData && publicData->data)
1161 cred->publicData.data = (uint8_t *)OICCalloc(1, publicData->len);
1162 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
1163 memcpy(cred->publicData.data, publicData->data, publicData->len);
1164 cred->publicData.len = publicData->len;
1166 #endif // __WITH_DTLS__
1168 if (privateData && privateData->data)
1170 cred->privateData.data = (uint8_t *)OICCalloc(1, privateData->len);
1171 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
1172 memcpy(cred->privateData.data, privateData->data, privateData->len);
1173 cred->privateData.len = privateData->len;
1175 // TODO: Added as workaround. Will be replaced soon.
1176 cred->privateData.encoding = OIC_ENCODING_RAW;
1179 // NOTE: Test codes to use base64 for credential.
1180 uint32_t outSize = 0;
1181 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((privateData->len + 1));
1182 char* b64Buf = (uint8_t *)OICCalloc(1, b64BufSize);
1183 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1184 b64Encode(privateData->data, privateData->len, b64Buf, b64BufSize, &outSize);
1186 OICFree( cred->privateData.data );
1187 cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1);
1188 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
1190 strcpy(cred->privateData.data, b64Buf);
1191 cred->privateData.encoding = OIC_ENCODING_BASE64;
1192 cred->privateData.len = outSize;
1194 #endif //End of Test codes
1198 VERIFY_NON_NULL(TAG, rownerID, ERROR);
1199 memcpy(&cred->rownerID, rownerID, sizeof(OicUuid_t));
1201 #ifdef _ENABLE_MULTIPLE_OWNER_
1204 cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1205 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1206 memcpy(cred->eownerID->id, eownerID->id, sizeof(eownerID->id));
1208 #endif //_ENABLE_MULTIPLE_OWNER_
1212 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : result: %d", ret);
1213 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credId: %d", cred->credId);
1214 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credType: %d", cred->credType);
1215 OIC_LOG_BUFFER(DEBUG, TAG, cred->subject.id, sizeof(cred->subject.id));
1216 if (cred->privateData.data)
1218 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : privateData len: %d", cred->privateData.len);
1219 OIC_LOG_BUFFER(DEBUG, TAG, cred->privateData.data, cred->privateData.len);
1221 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1224 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credUsage: %s", cred->credUsage);
1226 if (cred->publicData.data)
1228 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : publicData len: %d", cred->publicData.len);
1229 OIC_LOG_BUFFER(DEBUG, TAG, cred->publicData.data, cred->publicData.len);
1232 if (cred->optionalData.data)
1234 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : optionalData len: %d", cred->optionalData.len);
1235 OIC_LOG_BUFFER(DEBUG, TAG, cred->optionalData.data, cred->optionalData.len);
1238 #endif //defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1241 if (OC_STACK_OK != ret)
1243 DeleteCredList(cred);
1246 OIC_LOG(DEBUG, TAG, "OUT GenerateCredential");
1250 static bool UpdatePersistentStorage(const OicSecCred_t *cred)
1253 OIC_LOG(DEBUG, TAG, "IN Cred UpdatePersistentStorage");
1255 // Convert Cred data into JSON for update to persistent storage
1258 uint8_t *payload = NULL;
1259 // This added '512' is arbitrary value that is added to cover the name of the resource, map addition and ending
1260 size_t size = GetCredKeyDataSize(cred);
1261 size += (512 * OicSecCredCount(cred));
1262 OIC_LOG_V(DEBUG, TAG, "cred size: %" PRIu64, size);
1265 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
1266 if ((OC_STACK_OK == res) && payload)
1268 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, payload, size))
1275 else //Empty cred list
1277 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, NULL, 0))
1282 OIC_LOG(DEBUG, TAG, "OUT Cred UpdatePersistentStorage");
1287 * Compare function used LL_SORT for sorting credentials.
1289 * @param first pointer to OicSecCred_t struct.
1290 * @param second pointer to OicSecCred_t struct.
1292 *@return -1, if credId of first is less than credId of second.
1293 * 0, if credId of first is equal to credId of second.
1294 * 1, if credId of first is greater than credId of second.
1296 static int CmpCredId(const OicSecCred_t * first, const OicSecCred_t *second)
1298 if (first->credId < second->credId)
1302 else if (first->credId > second->credId)
1311 * GetCredId goes through the cred list and returns the next
1312 * available credId. The next credId could be the credId that is
1313 * available due deletion of OicSecCred_t object or one more than
1314 * credId of last credential in the list.
1316 * @return next available credId if successful, else 0 for error.
1318 static uint16_t GetCredId()
1320 //Sorts credential list in incremental order of credId
1321 LL_SORT(gCred, CmpCredId);
1323 OicSecCred_t *currentCred = NULL, *credTmp = NULL;
1324 uint16_t nextCredId = 1;
1326 LL_FOREACH_SAFE(gCred, currentCred, credTmp)
1328 if (currentCred->credId == nextCredId)
1338 VERIFY_SUCCESS(TAG, nextCredId < UINT16_MAX, ERROR);
1346 * Get the default value.
1348 * @return NULL for now.
1350 static OicSecCred_t* GetCredDefault()
1352 // TODO:Update it when we finalize the default info.
1356 static bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2)
1358 VERIFY_NON_NULL(TAG, sk1, WARNING);
1359 VERIFY_NON_NULL(TAG, sk2, WARNING);
1361 VERIFY_SUCCESS(TAG, (sk1->len == sk2->len), INFO);
1362 VERIFY_SUCCESS(TAG, (sk1->encoding == sk2->encoding), INFO);
1363 VERIFY_SUCCESS(TAG, (0 == memcmp(sk1->data, sk2->data, sk1->len)), INFO);
1369 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1370 static bool IsSameCert(const OicSecCert_t* cert1, const OicSecCert_t* cert2)
1372 VERIFY_NON_NULL(TAG, cert1, WARNING);
1373 VERIFY_NON_NULL(TAG, cert2, WARNING);
1375 VERIFY_SUCCESS(TAG, (cert1->len == cert2->len), INFO);
1376 VERIFY_SUCCESS(TAG, (0 == memcmp(cert1->data, cert2->data, cert1->len)), INFO);
1381 #endif //#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1384 * Compares credential
1386 * @return CRED_CMP_EQUAL if credentials are equal
1387 * CRED_CMP_NOT_EQUAL if not equal
1391 static CredCompareResult_t CompareCredential(const OicSecCred_t * l, const OicSecCred_t * r)
1393 CredCompareResult_t cmpResult = CRED_CMP_ERROR;
1394 bool isCompared = false;
1395 OIC_LOG(DEBUG, TAG, "IN CompareCredetial");
1397 VERIFY_NON_NULL(TAG, l, ERROR);
1398 VERIFY_NON_NULL(TAG, r, ERROR);
1400 cmpResult = CRED_CMP_NOT_EQUAL;
1402 VERIFY_SUCCESS(TAG, (l->credType == r->credType), INFO);
1403 VERIFY_SUCCESS(TAG, (0 == memcmp(l->subject.id, r->subject.id, sizeof(l->subject.id))), INFO);
1407 case SYMMETRIC_PAIR_WISE_KEY:
1408 case SYMMETRIC_GROUP_KEY:
1411 if(l->privateData.data && r->privateData.data)
1413 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->privateData, &r->privateData), INFO);
1418 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1419 case ASYMMETRIC_KEY:
1420 case SIGNED_ASYMMETRIC_KEY:
1422 if(l->publicData.data && r->publicData.data)
1424 VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO);
1428 if(l->optionalData.data && r->optionalData.data)
1430 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO);
1434 if(l->credUsage && r->credUsage)
1436 VERIFY_SUCCESS(TAG, (strlen(l->credUsage) == strlen(r->credUsage)), INFO);
1437 VERIFY_SUCCESS(TAG, (0 == strncmp(l->credUsage, r->credUsage, strlen(l->credUsage))), INFO);
1442 case ASYMMETRIC_ENCRYPTION_KEY:
1444 if(l->privateData.data && r->privateData.data)
1446 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->privateData, &r->privateData), INFO);
1450 if(l->publicData.data && r->publicData.data)
1452 VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO);
1456 if(l->optionalData.data && r->optionalData.data)
1458 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO);
1464 #endif //__WITH_DTLS__ or __WITH_TLS__
1467 cmpResult = CRED_CMP_ERROR;
1474 OIC_LOG(DEBUG, TAG, "Same Credentials");
1475 cmpResult = CRED_CMP_EQUAL;
1479 OIC_LOG(DEBUG, TAG, "Can not find the key data in credential");
1480 cmpResult = CRED_CMP_ERROR;
1483 OIC_LOG(DEBUG, TAG, "OUT CompareCredetial");
1488 OCStackResult AddCredential(OicSecCred_t * newCred)
1490 OCStackResult ret = OC_STACK_ERROR;
1491 OicSecCred_t * temp = NULL;
1492 bool validFlag = true;
1493 OicUuid_t emptyOwner = { .id = {0} };
1495 OIC_LOG(DEBUG, TAG, "IN AddCredential");
1497 VERIFY_SUCCESS(TAG, NULL != newCred, ERROR);
1498 //Assigning credId to the newCred
1499 newCred->credId = GetCredId();
1500 VERIFY_SUCCESS(TAG, true == IsVaildCredential(newCred), ERROR);
1502 //the newCred is not valid if it is empty
1504 if (memcmp(&(newCred->subject.id), &emptyOwner, UUID_IDENTITY_SIZE) == 0)
1510 LL_FOREACH(gCred, temp)
1512 CredCompareResult_t cmpRes = CompareCredential(temp, newCred);
1513 if(CRED_CMP_EQUAL == cmpRes)
1515 OIC_LOG_V(WARNING, TAG, "Detected same credential ID(%d)" \
1516 "new credential's ID will be replaced.", temp->credId);
1517 newCred->credId = temp->credId;
1523 if (CRED_CMP_ERROR == cmpRes)
1525 OIC_LOG_V(WARNING, TAG, "Credential skipped : %d", cmpRes);
1526 ret = OC_STACK_ERROR;
1533 //Append the new Cred to existing list if new Cred is valid
1536 LL_APPEND(gCred, newCred);
1539 memcpy(&(gCred->rownerID), &(newCred->rownerID), sizeof(OicUuid_t));
1540 if (UpdatePersistentStorage(gCred))
1546 OIC_LOG(DEBUG, TAG, "OUT AddCredential");
1550 OCStackResult RemoveCredential(const OicUuid_t *subject)
1552 OCStackResult ret = OC_STACK_ERROR;
1553 OicSecCred_t *cred = NULL;
1554 OicSecCred_t *tempCred = NULL;
1555 bool deleteFlag = false;
1557 LL_FOREACH_SAFE(gCred, cred, tempCred)
1559 if (memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
1561 LL_DELETE(gCred, cred);
1569 if (UpdatePersistentStorage(gCred))
1571 ret = OC_STACK_RESOURCE_DELETED;
1578 OCStackResult RemoveCredentialByCredId(uint16_t credId)
1580 OCStackResult ret = OC_STACK_ERROR;
1581 OicSecCred_t *cred = NULL;
1582 OicSecCred_t *tempCred = NULL;
1583 bool deleteFlag = false;
1585 OIC_LOG(INFO, TAG, "IN RemoveCredentialByCredId");
1589 return OC_STACK_INVALID_PARAM;
1593 LL_FOREACH_SAFE(gCred, cred, tempCred)
1595 if (cred->credId == credId)
1597 OIC_LOG_V(DEBUG, TAG, "Credential(ID=%d) will be removed.", credId);
1599 LL_DELETE(gCred, cred);
1607 if (UpdatePersistentStorage(gCred))
1609 ret = OC_STACK_RESOURCE_DELETED;
1612 OIC_LOG(INFO, TAG, "OUT RemoveCredentialByCredId");
1619 * Remove all credential data on credential resource and persistent storage
1622 * OC_STACK_OK - no errors
1623 * OC_STACK_ERROR - stack process error
1625 OCStackResult RemoveAllCredentials(void)
1627 DeleteCredList(gCred);
1628 gCred = GetCredDefault();
1630 if (!UpdatePersistentStorage(gCred))
1632 return OC_STACK_ERROR;
1637 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1639 * Internal function to fill private data of owner PSK.
1641 * @param receviedCred recevied owner credential from OBT(PT)
1642 * @param ownerAdd address of OBT(PT)
1643 * @param doxm current device's doxm resource
1646 * true successfully done and valid ower psk information
1647 * false Invalid owner psk information or failed to owner psk generation
1649 static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoint_t* ownerAddr,
1650 const OicSecDoxm_t* doxm)
1652 //Derive OwnerPSK locally
1653 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1654 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1656 uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {0};
1657 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1658 (uint8_t*)oxmLabel, strlen(oxmLabel),
1659 doxm->owner.id, sizeof(doxm->owner.id),
1660 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1661 ownerPSK, OWNER_PSK_LENGTH_128);
1662 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1664 OIC_LOG(DEBUG, TAG, "OwnerPSK dump :");
1665 OIC_LOG_BUFFER(DEBUG, TAG, ownerPSK, OWNER_PSK_LENGTH_128);
1667 //Generate owner credential based on recevied credential information
1669 // TODO: Added as workaround, will be replaced soon.
1670 if(OIC_ENCODING_RAW == receviedCred->privateData.encoding)
1672 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1673 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1674 receviedCred->privateData.len = OWNER_PSK_LENGTH_128;
1675 memcpy(receviedCred->privateData.data, ownerPSK, OWNER_PSK_LENGTH_128);
1677 else if(OIC_ENCODING_BASE64 == receviedCred->privateData.encoding)
1679 uint32_t b64OutSize = 0;
1680 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1681 char* b64Buf = OICCalloc(1, b64BufSize);
1682 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1684 b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize);
1686 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1687 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1688 receviedCred->privateData.len = b64OutSize;
1689 strncpy((char*)receviedCred->privateData.data, b64Buf, b64OutSize);
1690 receviedCred->privateData.data[b64OutSize] = '\0';
1694 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1697 OIC_LOG(INFO, TAG, "PrivateData of OwnerPSK was calculated successfully");
1699 //Verify OwnerPSK information
1700 return (memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0 &&
1701 receviedCred->credType == SYMMETRIC_PAIR_WISE_KEY);
1703 //receviedCred->privateData.data will be deallocated when deleting credential.
1708 #ifdef _ENABLE_MULTIPLE_OWNER_
1710 * Internal function to fill private data of SubOwner PSK.
1712 * @param receviedCred recevied owner credential from SubOwner
1713 * @param ownerAdd address of SubOwner
1714 * @param doxm current device's doxm resource
1717 * true successfully done and valid subower psk information
1718 * false Invalid subowner psk information or failed to subowner psk generation
1720 static bool FillPrivateDataOfSubOwnerPSK(OicSecCred_t* receivedCred, const CAEndpoint_t* ownerAddr,
1721 const OicSecDoxm_t* doxm, const OicUuid_t* subOwner)
1723 char* b64Buf = NULL;
1724 //Derive OwnerPSK locally
1725 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1726 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1728 uint8_t subOwnerPSK[OWNER_PSK_LENGTH_128] = {0};
1729 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1730 (uint8_t*)oxmLabel, strlen(oxmLabel),
1731 subOwner->id, sizeof(subOwner->id),
1732 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1733 subOwnerPSK, OWNER_PSK_LENGTH_128);
1734 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1736 OIC_LOG(DEBUG, TAG, "SubOwnerPSK dump :");
1737 OIC_LOG_BUFFER(DEBUG, TAG, subOwnerPSK, OWNER_PSK_LENGTH_128);
1739 //Generate owner credential based on received credential information
1741 if(OIC_ENCODING_RAW == receivedCred->privateData.encoding)
1743 receivedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1744 VERIFY_NON_NULL(TAG, receivedCred->privateData.data, ERROR);
1745 receivedCred->privateData.len = OWNER_PSK_LENGTH_128;
1746 memcpy(receivedCred->privateData.data, subOwnerPSK, OWNER_PSK_LENGTH_128);
1748 else if(OIC_ENCODING_BASE64 == receivedCred->privateData.encoding)
1750 uint32_t b64OutSize = 0;
1751 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1752 b64Buf = OICCalloc(1, b64BufSize);
1753 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1755 VERIFY_SUCCESS(TAG, \
1756 B64_OK == b64Encode(subOwnerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize), \
1759 receivedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1760 VERIFY_NON_NULL(TAG, receivedCred->privateData.data, ERROR);
1761 receivedCred->privateData.len = b64OutSize;
1762 strncpy((char*)receivedCred->privateData.data, b64Buf, b64OutSize);
1763 receivedCred->privateData.data[b64OutSize] = '\0';
1767 OIC_LOG(INFO, TAG, "Unknown credential encoding type.");
1768 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1771 OIC_LOG(INFO, TAG, "PrivateData of SubOwnerPSK was calculated successfully");
1775 //receivedCred->privateData.data will be deallocated when deleting credential.
1779 #endif //_ENABLE_MULTIPLE_OWNER_
1780 #endif // __WITH_DTLS__ or __WITH_TLS__
1782 static OCEntityHandlerResult HandlePostRequest(const OCEntityHandlerRequest * ehRequest)
1784 OCEntityHandlerResult ret = OC_EH_ERROR;
1785 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest IN");
1787 static uint16_t previousMsgId = 0;
1788 //Get binary representation of cbor
1789 OicSecCred_t *cred = NULL;
1790 uint8_t *payload = (((OCSecurityPayload*)ehRequest->payload)->securityData);
1791 size_t size = (((OCSecurityPayload*)ehRequest->payload)->payloadSize);
1793 OCStackResult res = CBORPayloadToCred(payload, size, &cred);
1794 if (res == OC_STACK_OK)
1796 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1797 OicUuid_t emptyUuid = {.id={0}};
1798 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1799 if(doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
1801 //in case of owner PSK
1802 switch(cred->credType)
1804 case SYMMETRIC_PAIR_WISE_KEY:
1806 OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
1807 if(FillPrivateDataOfOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm))
1809 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1811 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1814 OIC_LOG(ERROR, TAG, "OwnerPSK was generated successfully.");
1815 if(OC_STACK_OK == AddCredential(cred))
1817 ret = OC_EH_CHANGED;
1821 OIC_LOG(ERROR, TAG, "Failed to save the OwnerPSK as cred resource");
1827 OIC_LOG(ERROR, TAG, "Failed to verify receviced OwnerPKS.");
1831 if(OC_EH_CHANGED == ret)
1834 * in case of random PIN based OxM,
1835 * revert get_psk_info callback of tinyDTLS to use owner credential.
1837 if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
1839 OicUuid_t emptyUuid = { .id={0}};
1840 SetUuidForPinBasedOxm(&emptyUuid);
1842 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1843 if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskCredentials))
1845 OIC_LOG(ERROR, TAG, "Failed to revert TLS credential handler.");
1849 #endif // __WITH_DTLS__ or __WITH_TLS__
1852 //Select cipher suite to use owner PSK
1853 if(CA_STATUS_OK != CAEnableAnonECDHCipherSuite(false))
1855 OIC_LOG(ERROR, TAG, "Failed to disable anonymous cipher suite");
1860 OIC_LOG(INFO, TAG, "Anonymous cipher suite is DISABLED");
1864 CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256, ehRequest->devAddr.adapter))
1866 OIC_LOG(ERROR, TAG, "Failed to select cipher suite");
1873 case SYMMETRIC_GROUP_KEY:
1874 case ASYMMETRIC_KEY:
1875 case SIGNED_ASYMMETRIC_KEY:
1877 case ASYMMETRIC_ENCRYPTION_KEY:
1879 OIC_LOG(WARNING, TAG, "Unsupported credential type for owner credential.");
1885 OIC_LOG(WARNING, TAG, "Unknown credential type for owner credential.");
1891 if(OC_EH_CHANGED != ret)
1894 * If some error is occured while ownership transfer,
1895 * ownership transfer related resource should be revert back to initial status.
1897 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1900 if(!doxm->owned && previousMsgId != ehRequest->messageID)
1902 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
1903 "DOXM will be reverted.");
1904 RestoreDoxmToInitState();
1905 RestorePstatToInitState();
1910 OIC_LOG(ERROR, TAG, "Invalid DOXM resource");
1914 #ifdef _ENABLE_MULTIPLE_OWNER_
1915 // In case SubOwner Credential
1916 else if(doxm && doxm->owned && doxm->mom &&
1917 OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode &&
1918 0 == cred->privateData.len)
1920 switch(cred->credType)
1922 case SYMMETRIC_PAIR_WISE_KEY:
1924 OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
1925 if(FillPrivateDataOfSubOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm, &cred->subject))
1927 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1929 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1932 OIC_LOG(ERROR, TAG, "SubOwnerPSK was generated successfully.");
1933 if(OC_STACK_OK == AddCredential(cred))
1935 ret = OC_EH_CHANGED;
1939 OIC_LOG(ERROR, TAG, "Failed to save the SubOwnerPSK as cred resource");
1945 OIC_LOG(ERROR, TAG, "Failed to verify receviced SubOwner PSK.");
1951 case SYMMETRIC_GROUP_KEY:
1952 case ASYMMETRIC_KEY:
1953 case SIGNED_ASYMMETRIC_KEY:
1955 case ASYMMETRIC_ENCRYPTION_KEY:
1957 OIC_LOG(WARNING, TAG, "Unsupported credential type for SubOwner credential.");
1963 OIC_LOG(WARNING, TAG, "Unknown credential type for SubOwner credential.");
1969 #endif //_ENABLE_MULTIPLE_OWNER_
1973 * If the post request credential has credId, it will be
1974 * discarded and the next available credId will be assigned
1975 * to it before getting appended to the existing credential
1976 * list and updating svr database.
1978 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
1980 #else //not __WITH_DTLS__
1982 * If the post request credential has credId, it will be
1983 * discarded and the next available credId will be assigned
1984 * to it before getting appended to the existing credential
1985 * list and updating svr database.
1987 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
1988 OC_UNUSED(previousMsgId);
1989 #endif//__WITH_DTLS__
1992 if (OC_EH_CHANGED != ret)
1994 if(OC_STACK_OK != RemoveCredential(&cred->subject))
1996 OIC_LOG(WARNING, TAG, "Failed to remove the invalid credential");
2002 previousMsgId = ehRequest->messageID;
2004 //Send response to request originator
2005 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
2006 OC_EH_OK : OC_EH_ERROR;
2008 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest OUT");
2013 * The entity handler determines how to process a GET request.
2015 static OCEntityHandlerResult HandleGetRequest (const OCEntityHandlerRequest * ehRequest)
2017 OIC_LOG(INFO, TAG, "HandleGetRequest processing GET request");
2019 // Convert Cred data into CBOR for transmission
2021 uint8_t *payload = NULL;
2024 const OicSecCred_t *cred = gCred;
2026 // This added '256' is arbitrary value that is added to cover the name of the resource, map addition and ending
2027 size = GetCredKeyDataSize(cred);
2028 size += (256 * OicSecCredCount(cred));
2029 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
2031 // A device should always have a default cred. Therefore, payload should never be NULL.
2032 OCEntityHandlerResult ehRet = (res == OC_STACK_OK) ? OC_EH_OK : OC_EH_ERROR;
2035 //Send payload to request originator
2036 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
2037 OC_EH_OK : OC_EH_ERROR;
2042 static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *ehRequest)
2044 OIC_LOG(DEBUG, TAG, "Processing CredDeleteRequest");
2046 OCEntityHandlerResult ehRet = OC_EH_ERROR;
2048 if (NULL == ehRequest->query)
2053 OicParseQueryIter_t parseIter = { .attrPos=NULL };
2054 OicUuid_t subject = {.id={0}};
2056 //Parsing REST query to get the subject
2057 ParseQueryIterInit((unsigned char *)ehRequest->query, &parseIter);
2058 while (GetNextQuery(&parseIter))
2060 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECTID_NAME,
2061 parseIter.attrLen) == 0)
2063 OCStackResult ret = ConvertStrToUuid((const char*)parseIter.valPos, &subject);
2064 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2068 if (OC_STACK_RESOURCE_DELETED == RemoveCredential(&subject))
2070 ehRet = OC_EH_RESOURCE_DELETED;
2072 //Send response to request originator
2073 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2074 OC_EH_OK : OC_EH_ERROR;
2079 OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
2080 OCEntityHandlerRequest * ehRequest,
2081 void* callbackParameter)
2083 (void)callbackParameter;
2084 OCEntityHandlerResult ret = OC_EH_ERROR;
2090 if (flag & OC_REQUEST_FLAG)
2092 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
2093 //TODO : Remove Handle PUT methods once CTT have changed to POST on OTM
2094 switch (ehRequest->method)
2097 ret = HandleGetRequest(ehRequest);;
2101 ret = HandlePostRequest(ehRequest);
2103 case OC_REST_DELETE:
2104 ret = HandleDeleteRequest(ehRequest);
2107 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
2108 OC_EH_OK : OC_EH_ERROR;
2115 OCStackResult CreateCredResource()
2117 OCStackResult ret = OCCreateResource(&gCredHandle,
2118 OIC_RSRC_TYPE_SEC_CRED,
2119 OC_RSRVD_INTERFACE_DEFAULT,
2125 if (OC_STACK_OK != ret)
2127 OIC_LOG (FATAL, TAG, "Unable to instantiate Cred resource");
2128 DeInitCredResource();
2133 OCStackResult InitCredResource()
2135 OCStackResult ret = OC_STACK_ERROR;
2136 OicSecCred_t* cred = NULL;
2138 //Read Cred resource from PS
2139 uint8_t *data = NULL;
2141 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_CRED_NAME, &data, &size);
2142 // If database read failed
2143 if (ret != OC_STACK_OK)
2145 OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed");
2149 // Read ACL resource from PS
2150 ret = CBORPayloadToCred(data, size, &gCred);
2154 * If SVR database in persistent storage got corrupted or
2155 * is not available for some reason, a default Cred is created
2156 * which allows user to initiate Cred provisioning again.
2158 if (ret != OC_STACK_OK || !data || !gCred)
2160 gCred = GetCredDefault();
2163 //Add a log to track the invalid credential.
2164 LL_FOREACH(gCred, cred)
2166 if (false == IsVaildCredential(cred))
2168 OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource");
2169 OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId);
2173 //Instantiate 'oic.sec.cred'
2174 ret = CreateCredResource();
2179 OCStackResult DeInitCredResource()
2181 OCStackResult result = OCDeleteResource(gCredHandle);
2182 DeleteCredList(gCred);
2187 OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
2189 OicSecCred_t *cred = NULL;
2191 if ( NULL == subject)
2196 LL_FOREACH(gCred, cred)
2198 if(memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
2206 const OicSecCred_t* GetCredList()
2211 OicSecCred_t* GetCredEntryByCredId(const uint16_t credId)
2213 OicSecCred_t *cred = NULL;
2214 OicSecCred_t *tmpCred = NULL;
2221 LL_FOREACH(gCred, tmpCred)
2223 if(tmpCred->credId == credId)
2225 cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t));
2226 VERIFY_NON_NULL(TAG, cred, ERROR);
2230 cred->credId = tmpCred->credId;
2231 cred->credType = tmpCred->credType;
2232 memcpy(cred->subject.id, tmpCred->subject.id , sizeof(cred->subject.id));
2233 memcpy(cred->rownerID.id, tmpCred->rownerID.id , sizeof(cred->rownerID.id));
2234 if (tmpCred->period)
2236 cred->period = OICStrdup(tmpCred->period);
2240 if (tmpCred->privateData.data)
2242 cred->privateData.data = (uint8_t *)OICCalloc(1, tmpCred->privateData.len);
2243 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
2245 memcpy(cred->privateData.data, tmpCred->privateData.data, tmpCred->privateData.len);
2246 cred->privateData.len = tmpCred->privateData.len;
2247 cred->privateData.encoding = tmpCred->privateData.encoding;
2249 #if defined(__WITH_X509__) || defined(__WITH_TLS__)
2250 else if (tmpCred->publicData.data)
2252 cred->publicData.data = (uint8_t *)OICCalloc(1, tmpCred->publicData.len);
2253 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
2255 memcpy(cred->publicData.data, tmpCred->publicData.data, tmpCred->publicData.len);
2256 cred->publicData.len = tmpCred->publicData.len;
2258 else if (tmpCred->optionalData.data)
2260 cred->optionalData.data = (uint8_t *)OICCalloc(1, tmpCred->optionalData.len);
2261 VERIFY_NON_NULL(TAG, cred->optionalData.data, ERROR);
2263 memcpy(cred->optionalData.data, tmpCred->optionalData.data, tmpCred->optionalData.len);
2264 cred->optionalData.len = tmpCred->optionalData.len;
2265 cred->optionalData.encoding = tmpCred->optionalData.encoding;
2268 if (tmpCred->credUsage)
2270 cred->credUsage = OICStrdup(tmpCred->credUsage);
2272 #endif /* __WITH_X509__ or __WITH_TLS__*/
2283 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
2284 int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
2285 const uint8_t *desc, size_t desc_len,
2286 uint8_t *result, size_t result_length)
2297 case CA_DTLS_PSK_HINT:
2298 case CA_DTLS_PSK_IDENTITY:
2300 OicUuid_t deviceID = {.id={0}};
2301 // Retrieve Device ID from doxm resource
2302 if ( OC_STACK_OK != GetDoxmDeviceID(&deviceID) )
2304 OIC_LOG (ERROR, TAG, "Unable to retrieve doxm Device ID");
2308 if (result_length < sizeof(deviceID.id))
2310 OIC_LOG (ERROR, TAG, "Wrong value for result_length");
2313 memcpy(result, deviceID.id, sizeof(deviceID.id));
2314 return (sizeof(deviceID.id));
2318 case CA_DTLS_PSK_KEY:
2320 OicSecCred_t *cred = NULL;
2321 LL_FOREACH(gCred, cred)
2323 if (cred->credType != SYMMETRIC_PAIR_WISE_KEY)
2328 if ((desc_len == sizeof(cred->subject.id)) &&
2329 (memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
2332 * If the credentials are valid for limited time,
2333 * check their expiry.
2337 if(IOTVTICAL_VALID_ACCESS != IsRequestWithinValidTime(cred->period, NULL))
2339 OIC_LOG (INFO, TAG, "Credentials are expired.");
2345 // TODO: Added as workaround. Will be replaced soon.
2346 if(OIC_ENCODING_RAW == cred->privateData.encoding)
2348 ret = cred->privateData.len;
2349 memcpy(result, cred->privateData.data, ret);
2351 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
2353 size_t outBufSize = B64DECODE_OUT_SAFESIZE((cred->privateData.len + 1));
2354 uint8_t* outKey = OICCalloc(1, outBufSize);
2355 uint32_t outKeySize;
2358 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2362 if(B64_OK == b64Decode((char*)cred->privateData.data, cred->privateData.len, outKey, outBufSize, &outKeySize))
2364 memcpy(result, outKey, outKeySize);
2369 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
2378 OIC_LOG(DEBUG, TAG, "Can not find subject matched credential.");
2380 #ifdef _ENABLE_MULTIPLE_OWNER_
2381 const OicSecDoxm_t* doxm = GetDoxmResourceData();
2382 if(doxm && doxm->mom && OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode)
2384 // in case of multiple owner transfer authentication
2385 if(OIC_PRECONFIG_PIN == doxm->oxmSel)
2387 OicSecCred_t* wildCardCred = GetCredResourceData(&WILDCARD_SUBJECT_ID);
2390 OIC_LOG(DEBUG, TAG, "Detected wildcard credential.");
2391 if(PIN_PASSWORD == wildCardCred->credType)
2394 char* pinBuffer = NULL;
2395 uint32_t pinLength = 0;
2396 if(OIC_ENCODING_RAW == wildCardCred->privateData.encoding)
2398 pinBuffer = OICCalloc(1, wildCardCred->privateData.len + 1);
2399 if(NULL == pinBuffer)
2401 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2404 pinLength = wildCardCred->privateData.len;
2405 memcpy(pinBuffer, wildCardCred->privateData.data, pinLength);
2407 else if(OIC_ENCODING_BASE64 == wildCardCred->privateData.encoding)
2409 size_t pinBufSize = B64DECODE_OUT_SAFESIZE((wildCardCred->privateData.len + 1));
2410 pinBuffer = OICCalloc(1, pinBufSize);
2411 if(NULL == pinBuffer)
2413 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2417 if(B64_OK != b64Decode((char*)wildCardCred->privateData.data, wildCardCred->privateData.len, pinBuffer, pinBufSize, &pinLength))
2419 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
2425 OIC_LOG(ERROR, TAG, "Unknown encoding type of PIN/PW credential.");
2429 //Set the PIN/PW to derive PSK
2430 if (OC_STACK_OK != SetPreconfigPin(pinBuffer, pinLength))
2433 OIC_LOG(ERROR, TAG, "Failed to load PIN data.");
2439 if(OC_STACK_OK != GetDoxmDeviceID(&myUuid))
2441 OIC_LOG(ERROR, TAG, "Failed to read device ID");
2444 SetUuidForPinBasedOxm(&myUuid);
2446 //Calculate PSK using PIN/PW
2447 if(0 == DerivePSKUsingPIN((uint8_t*)result))
2449 ret = OWNER_PSK_LENGTH_128;
2453 OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from PIN");
2456 if(CA_STATUS_OK != CAregisterSslHandshakeCallback(MultipleOwnerDTLSHandshakeCB))
2458 OIC_LOG(WARNING, TAG, "Error while bind the DTLS Handshake Callback.");
2463 else if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
2465 if(0 == DerivePSKUsingPIN((uint8_t*)result))
2467 ret = OWNER_PSK_LENGTH_128;
2471 OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from PIN : result");
2476 #endif //_ENABLE_MULTIPLE_OWNER_
2485 * Add temporal PSK to PIN based OxM
2487 * @param[in] tmpSubject UUID of target device
2488 * @param[in] credType Type of credential to be added
2489 * @param[in] pin numeric characters
2490 * @param[in] pinSize length of 'pin'
2491 * @param[in] rownerID Resource owner's UUID
2492 * @param[out] tmpCredSubject Generated credential's subject.
2494 * @return OC_STACK_OK for success and errorcode otherwise.
2496 OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
2497 const char * pin, size_t pinSize,
2498 const OicUuid_t * rownerID, OicUuid_t* tmpCredSubject)
2500 OCStackResult ret = OC_STACK_ERROR;
2501 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN IN");
2503 if(NULL == tmpSubject || NULL == pin || 0 == pinSize || NULL == tmpCredSubject)
2505 return OC_STACK_INVALID_PARAM;
2508 uint8_t privData[OWNER_PSK_LENGTH_128] = {0,};
2509 OicSecKey_t privKey = {privData, OWNER_PSK_LENGTH_128, OIC_ENCODING_RAW};
2510 OicSecCred_t* cred = NULL;
2511 int dtlsRes = DeriveCryptoKeyFromPassword((const unsigned char *)pin, pinSize, rownerID->id,
2512 UUID_LENGTH, PBKDF_ITERATIONS,
2513 OWNER_PSK_LENGTH_128, privData);
2514 VERIFY_SUCCESS(TAG, (0 == dtlsRes) , ERROR);
2516 cred = GenerateCredential(tmpSubject, credType, NULL,
2517 &privKey, rownerID, NULL);
2520 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to generate credential");
2521 return OC_STACK_ERROR;
2524 memcpy(tmpCredSubject->id, cred->subject.id, UUID_LENGTH);
2526 ret = AddCredential(cred);
2527 if( OC_STACK_OK != ret)
2529 RemoveCredential(tmpSubject);
2530 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to add credential");
2532 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN OUT");
2538 #endif /* __WITH_DTLS__ */
2540 OCStackResult SetCredRownerId(const OicUuid_t* newROwner)
2542 OCStackResult ret = OC_STACK_ERROR;
2543 uint8_t *cborPayload = NULL;
2546 OicUuid_t prevId = {.id={0}};
2548 if(NULL == newROwner)
2550 ret = OC_STACK_INVALID_PARAM;
2554 ret = OC_STACK_NO_RESOURCE;
2557 if(newROwner && gCred)
2559 memcpy(prevId.id, gCred->rownerID.id, sizeof(prevId.id));
2560 memcpy(gCred->rownerID.id, newROwner->id, sizeof(newROwner->id));
2562 // This added '256' is arbitrary value that is added to cover the name of the resource, map addition and ending
2563 size = GetCredKeyDataSize(gCred);
2564 size += (256 * OicSecCredCount(gCred));
2565 ret = CredToCBORPayload(gCred, &cborPayload, &size, secureFlag);
2566 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2568 ret = UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, cborPayload, size);
2569 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2571 OICFree(cborPayload);
2577 OICFree(cborPayload);
2578 memcpy(gCred->rownerID.id, prevId.id, sizeof(prevId.id));
2582 OCStackResult GetCredRownerId(OicUuid_t *rowneruuid)
2584 OCStackResult retVal = OC_STACK_ERROR;
2587 *rowneruuid = gCred->rownerID;
2588 retVal = OC_STACK_OK;
2593 #if defined (__WITH_TLS__) || defined(__WITH_DTLS__)
2594 void GetDerCaCert(ByteArray_t * crt)
2600 uint8_t *data = NULL;
2602 OCStackResult ret = OC_STACK_ERROR;
2603 OicSecCred_t * cred;
2604 OicSecCred_t * temp = NULL;
2605 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2606 LL_FOREACH(gCred, temp)
2608 if (SIGNED_ASYMMETRIC_KEY == temp->credType && 0 == memcmp((temp->credUsage), TRUST_CA, strlen(TRUST_CA) + 1))
2610 OIC_LOG_V(DEBUG, TAG, "len: %d, crt len: %d", temp->optionalData.len, crt->len);
2611 if(OIC_ENCODING_BASE64 == temp->optionalData.encoding)
2613 size_t bufSize = B64DECODE_OUT_SAFESIZE((temp->optionalData.len + 1));
2614 uint8 * buf = OICCalloc(1, bufSize);
2617 OIC_LOG(ERROR, TAG, "Failed to allocate memory");
2621 if(B64_OK != b64Decode(temp->optionalData.data, temp->optionalData.len, buf, bufSize, &outSize))
2624 OIC_LOG(ERROR, TAG, "Failed to decode base64 data");
2627 crt->data = OICRealloc(crt->data, crt->len + outSize);
2628 memcpy(crt->data + crt->len, buf, outSize);
2629 crt->len += outSize;
2634 crt->data = OICRealloc(crt->data, crt->len + temp->optionalData.len);
2635 memcpy(crt->data + crt->len, temp->optionalData.data, temp->optionalData.len);
2636 crt->len += temp->optionalData.len;
2638 OIC_LOG_V(DEBUG, TAG, "Trust CA Found!! %d", crt->len);
2643 OIC_LOG(DEBUG, TAG, "Trust CA Not Found!!");
2645 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2649 void GetDerOwnCert(ByteArray_t * crt)
2656 uint8_t *data = NULL;
2657 OicSecCred_t * temp = NULL;
2658 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2659 LL_FOREACH(gCred, temp)
2661 if (SIGNED_ASYMMETRIC_KEY == temp->credType && 0 == memcmp((temp->credUsage), PRIMARY_CERT, strlen(PRIMARY_CERT) + 1))
2663 OIC_LOG_V(DEBUG, TAG, "len: %d, crt len: %d", temp->publicData.len, crt->len);
2664 crt->data = OICRealloc(crt->data, crt->len + temp->publicData.len);
2665 memcpy(crt->data + crt->len, temp->publicData.data, temp->publicData.len);
2666 crt->len += temp->publicData.len;
2668 OIC_LOG_V(DEBUG, TAG, "Trust CA Found!! %d", crt->len);
2673 OIC_LOG(DEBUG, TAG, "Trust CA Not Found!!");
2675 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2679 void GetDerKey(ByteArray_t * key)
2686 uint8_t *data = NULL;
2687 OicSecCred_t * temp = NULL;
2689 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2690 LL_FOREACH(gCred, temp)
2692 if (SIGNED_ASYMMETRIC_KEY == temp->credType && 0 == memcmp((temp->credUsage), PRIMARY_CERT, strlen(PRIMARY_CERT) + 1))
2694 OIC_LOG_V(DEBUG, TAG, "len: %d, key len: %d", temp->privateData.len, key->len);
2695 key->data = OICRealloc(key->data, key->len + temp->privateData.len);
2696 memcpy(key->data + key->len, temp->privateData.data, temp->privateData.len);
2697 key->len += temp->privateData.len;
2699 OIC_LOG_V(DEBUG, TAG, "Key Found!! %d", key->len);
2704 OIC_LOG(DEBUG, TAG, "Key Not Found!!");
2706 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2709 void InitCipherSuiteList(bool * list)
2711 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2714 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2715 OIC_LOG(DEBUG, TAG, "NULL list param");
2718 OicSecCred_t * temp = NULL;
2719 LL_FOREACH(gCred, temp)
2721 switch (temp->credType)
2726 OIC_LOG(DEBUG, TAG, "PIN_PASSWORD found");
2729 case SYMMETRIC_PAIR_WISE_KEY:
2732 OIC_LOG(DEBUG, TAG, "SYMMETRIC_PAIR_WISE_KEY found");
2735 case SIGNED_ASYMMETRIC_KEY:
2738 OIC_LOG(DEBUG, TAG, "SIGNED_ASYMMETRIC_KEY found");
2741 case SYMMETRIC_GROUP_KEY:
2742 case ASYMMETRIC_KEY:
2743 case ASYMMETRIC_ENCRYPTION_KEY:
2745 OIC_LOG(WARNING, TAG, "Unsupported credential type for TLS.");
2750 OIC_LOG(WARNING, TAG, "Unknown credential type for TLS.");
2755 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);