1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #define __STDC_LIMIT_MACROS
23 #include "iotivity_config.h"
34 #include "cainterface.h"
35 #include "payload_logging.h"
39 #include "ocserverrequest.h"
40 #include "oic_malloc.h"
41 #include "oic_string.h"
42 #include "ocpayload.h"
43 #include "ocpayloadcbor.h"
45 #include "credresource.h"
46 #include "doxmresource.h"
47 #include "pstatresource.h"
48 #include "iotvticalendar.h"
50 #include "resourcemanager.h"
51 #include "srmresourcestrings.h"
52 #include "srmutility.h"
53 #include "psinterface.h"
54 #include "pinoxmcommon.h"
57 #include <sys/types.h>
67 #define TAG "OIC_SRM_CREDL"
69 /** Max credential types number used for TLS */
71 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
72 * The value of payload size is increased until reaching belox max cbor size. */
73 static const uint16_t CBOR_SIZE = 2048;
75 /** Max cbor size payload. */
76 static const uint16_t CBOR_MAX_SIZE = 4400;
78 /** CRED size - Number of mandatory items. */
79 static const uint8_t CRED_ROOT_MAP_SIZE = 4;
80 static const uint8_t CRED_MAP_SIZE = 3;
83 static OicSecCred_t *gCred = NULL;
84 static OCResourceHandle gCredHandle = NULL;
86 typedef enum CredCompareResult{
88 CRED_CMP_NOT_EQUAL = 1,
93 * Internal function to check credential
95 static bool IsVaildCredential(const OicSecCred_t* cred)
97 OicUuid_t emptyUuid = {.id={0}};
100 OIC_LOG(DEBUG, TAG, "IN IsVaildCredential");
102 VERIFY_NON_NULL(TAG, cred, ERROR);
103 VERIFY_SUCCESS(TAG, 0 != cred->credId, ERROR);
104 OIC_LOG_V(DEBUG, TAG, "Cred ID = %d", cred->credId);
106 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
107 OIC_LOG_V(DEBUG, TAG, "Cred Type = %d", cred->credType);
109 switch(cred->credType)
111 case SYMMETRIC_PAIR_WISE_KEY:
112 case SYMMETRIC_GROUP_KEY:
115 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
116 VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
117 VERIFY_SUCCESS(TAG, \
118 (OIC_ENCODING_RAW == cred->privateData.encoding || \
119 OIC_ENCODING_BASE64 == cred->privateData.encoding), \
125 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
126 VERIFY_SUCCESS(TAG, 0 != cred->publicData.len, ERROR);
129 case SIGNED_ASYMMETRIC_KEY:
131 VERIFY_SUCCESS(TAG, (NULL != cred->publicData.data ||NULL != cred->optionalData.data) , ERROR);
132 VERIFY_SUCCESS(TAG, (0 != cred->publicData.len || 0 != cred->optionalData.len), ERROR);
134 if(NULL != cred->optionalData.data)
136 VERIFY_SUCCESS(TAG, \
137 (OIC_ENCODING_RAW == cred->optionalData.encoding ||\
138 OIC_ENCODING_BASE64 == cred->optionalData.encoding || \
139 OIC_ENCODING_PEM == cred->optionalData.encoding || \
140 OIC_ENCODING_DER == cred->optionalData.encoding), \
145 case ASYMMETRIC_ENCRYPTION_KEY:
147 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
148 VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
149 VERIFY_SUCCESS(TAG, \
150 (OIC_ENCODING_RAW == cred->privateData.encoding ||\
151 OIC_ENCODING_BASE64 == cred->privateData.encoding || \
152 OIC_ENCODING_PEM == cred->privateData.encoding || \
153 OIC_ENCODING_DER == cred->privateData.encoding), \
159 OIC_LOG(WARNING, TAG, "Unknown credential type");
165 VERIFY_SUCCESS(TAG, 0 != memcmp(emptyUuid.id, cred->subject.id, sizeof(cred->subject.id)), ERROR);
167 OIC_LOG(DEBUG, TAG, "OUT IsVaildCredential");
170 OIC_LOG(WARNING, TAG, "OUT IsVaildCredential : Invalid Credential detected.");
174 static bool IsEmptyCred(const OicSecCred_t* cred)
176 OicUuid_t emptyUuid = {.id={0}};
178 VERIFY_SUCCESS(TAG, (0 == memcmp(cred->subject.id, emptyUuid.id, sizeof(emptyUuid))), ERROR);
179 VERIFY_SUCCESS(TAG, (0 == cred->credId), ERROR);
180 VERIFY_SUCCESS(TAG, (0 == cred->credType), ERROR);
181 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
182 VERIFY_SUCCESS(TAG, (NULL == cred->privateData.data), ERROR);
183 VERIFY_SUCCESS(TAG, (NULL == cred->publicData.data), ERROR);
184 VERIFY_SUCCESS(TAG, (NULL == cred->optionalData.data), ERROR);
185 VERIFY_SUCCESS(TAG, (NULL == cred->credUsage), ERROR);
193 * This function frees OicSecCred_t object's fields and object itself.
195 static void FreeCred(OicSecCred_t *cred)
199 OIC_LOG(ERROR, TAG, "Invalid Parameter");
202 //Note: Need further clarification on roleID data type
205 OICFree(cred->roleIds);
208 //Clean PublicData/OptionalData/Credusage
209 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
210 // TODO: Need to check credUsage.
211 OICFree(cred->publicData.data);
212 OICFree(cred->optionalData.data);
213 OICFree(cred->credUsage);
215 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
218 OICClearMemory(cred->privateData.data, cred->privateData.len);
219 OICFree(cred->privateData.data);
222 OICFree(cred->period);
224 #ifdef _ENABLE_MULTIPLE_OWNER_
226 OICFree(cred->eownerID);
229 //Clean Cred node itself
233 void DeleteCredList(OicSecCred_t* cred)
237 OicSecCred_t *credTmp1 = NULL, *credTmp2 = NULL;
238 LL_FOREACH_SAFE(cred, credTmp1, credTmp2)
240 LL_DELETE(cred, credTmp1);
246 size_t GetCredKeyDataSize(const OicSecCred_t* cred)
251 OicSecCred_t *credPtr = NULL, *credTmp = NULL;
252 LL_FOREACH_SAFE((OicSecCred_t*)cred, credPtr, credTmp)
254 if (credPtr->privateData.data && 0 < credPtr->privateData.len)
256 size += credPtr->privateData.len;
258 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
259 if (credPtr->publicData.data && 0 < credPtr->publicData.len)
261 size += credPtr->publicData.len;
263 if (credPtr->optionalData.data && 0 < credPtr->optionalData.len)
265 size += credPtr->optionalData.len;
270 OIC_LOG_V(DEBUG, TAG, "Cred Key Data Size : %zd\n", size);
274 static size_t OicSecCredCount(const OicSecCred_t *secCred)
277 for (const OicSecCred_t *cred = secCred; cred; cred = cred->next)
284 OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload,
285 size_t *cborSize, int secureFlag)
287 if (NULL == credS || NULL == cborPayload || NULL != *cborPayload || NULL == cborSize)
289 return OC_STACK_INVALID_PARAM;
292 OCStackResult ret = OC_STACK_ERROR;
294 CborError cborEncoderResult = CborNoError;
295 uint8_t *outPayload = NULL;
296 size_t cborLen = *cborSize;
299 const OicSecCred_t *cred = credS;
301 CborEncoder credArray;
302 CborEncoder credRootMap;
309 outPayload = (uint8_t *)OICCalloc(1, cborLen);
310 VERIFY_NON_NULL(TAG, outPayload, ERROR);
311 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
313 // Create CRED Root Map (creds, rownerid)
314 cborEncoderResult = cbor_encoder_create_map(&encoder, &credRootMap, CRED_ROOT_MAP_SIZE);
315 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Root Map");
318 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_CREDS_NAME,
319 strlen(OIC_JSON_CREDS_NAME));
320 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding creds Name Tag.");
323 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &credArray, OicSecCredCount(cred));
324 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Array.");
329 size_t mapSize = CRED_MAP_SIZE;
336 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
337 #ifdef _ENABLE_MULTIPLE_OWNER_
342 #endif //_ENABLE_MULTIPLE_OWNER_
344 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
348 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
356 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
357 if (!secureFlag && cred->privateData.data)
361 cborEncoderResult = cbor_encoder_create_map(&credArray, &credMap, mapSize);
362 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map");
364 //CredID -- Mandatory
365 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDID_NAME,
366 strlen(OIC_JSON_CREDID_NAME));
367 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Tag. ");
368 cborEncoderResult = cbor_encode_int(&credMap, cred->credId);
369 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Value.");
371 //Subject -- Mandatory
372 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_SUBJECTID_NAME,
373 strlen(OIC_JSON_SUBJECTID_NAME));
374 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Tag.");
375 inLen = (memcmp(&(cred->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN) == 0) ?
376 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
377 if(inLen == WILDCARD_SUBJECT_ID_LEN)
379 cborEncoderResult = cbor_encode_text_string(&credMap, WILDCARD_RESOURCE_URI,
380 strlen(WILDCARD_RESOURCE_URI));
381 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
385 char *subject = NULL;
386 ret = ConvertUuidToStr(&cred->subject, &subject);
387 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
388 cborEncoderResult = cbor_encode_text_string(&credMap, subject, strlen(subject));
389 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
393 //CredType -- Mandatory
394 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDTYPE_NAME,
395 strlen(OIC_JSON_CREDTYPE_NAME));
396 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag.");
397 cborEncoderResult = cbor_encode_int(&credMap, cred->credType);
398 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value.");
400 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
401 //PublicData -- Not Mandatory
402 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
404 CborEncoder publicMap;
405 const size_t publicMapSize = 2;
407 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PUBLICDATA_NAME,
408 strlen(OIC_JSON_PUBLICDATA_NAME));
409 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Tag.");
411 cborEncoderResult = cbor_encoder_create_map(&credMap, &publicMap, publicMapSize);
412 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Map");
414 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_DATA_NAME,
415 strlen(OIC_JSON_DATA_NAME));
416 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Data Tag.");
417 cborEncoderResult = cbor_encode_byte_string(&publicMap, cred->publicData.data,
418 cred->publicData.len);
419 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Value.");
421 // TODO: Need to data strucure modification for OicSecCert_t.
422 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_ENCODING_NAME,
423 strlen(OIC_JSON_ENCODING_NAME));
424 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Tag.");
425 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_SEC_ENCODING_DER,
426 strlen(OIC_SEC_ENCODING_DER));
427 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Value.");
429 cborEncoderResult = cbor_encoder_close_container(&credMap, &publicMap);
430 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PublicData Map.");
432 //OptionalData -- Not Mandatory
433 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
435 CborEncoder optionalMap;
436 const size_t optionalMapSize = 2;
438 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_OPTDATA_NAME,
439 strlen(OIC_JSON_OPTDATA_NAME));
440 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Tag.");
442 cborEncoderResult = cbor_encoder_create_map(&credMap, &optionalMap, optionalMapSize);
443 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Map");
445 // TODO: Need to data strucure modification for OicSecCert_t.
446 if(OIC_ENCODING_RAW == cred->optionalData.encoding)
448 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
449 strlen(OIC_JSON_ENCODING_NAME));
450 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
451 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_RAW,
452 strlen(OIC_SEC_ENCODING_RAW));
453 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
455 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
456 strlen(OIC_JSON_DATA_NAME));
457 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
458 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
459 cred->optionalData.len);
460 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
462 else if(OIC_ENCODING_BASE64 == cred->optionalData.encoding)
464 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
465 strlen(OIC_JSON_ENCODING_NAME));
466 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
467 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_BASE64,
468 strlen(OIC_SEC_ENCODING_BASE64));
469 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
471 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
472 strlen(OIC_JSON_DATA_NAME));
473 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
474 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
475 cred->optionalData.len);
476 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
478 else if(OIC_ENCODING_PEM == cred->optionalData.encoding)
480 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
481 strlen(OIC_JSON_ENCODING_NAME));
482 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
483 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_PEM,
484 strlen(OIC_SEC_ENCODING_PEM));
485 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
487 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
488 strlen(OIC_JSON_DATA_NAME));
489 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
490 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
491 cred->optionalData.len);
492 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
494 else if(OIC_ENCODING_DER == cred->optionalData.encoding)
496 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
497 strlen(OIC_JSON_ENCODING_NAME));
498 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
499 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_DER,
500 strlen(OIC_SEC_ENCODING_DER));
501 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
503 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
504 strlen(OIC_JSON_DATA_NAME));
505 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
506 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
507 cred->optionalData.len);
508 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
512 OIC_LOG(ERROR, TAG, "Unknown encoding type for optional data.");
513 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding optional Encoding Value.");
516 cborEncoderResult = cbor_encoder_close_container(&credMap, &optionalMap);
517 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing OptionalData Map.");
519 //CredUsage -- Not Mandatory
522 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDUSAGE_NAME,
523 strlen(OIC_JSON_CREDUSAGE_NAME));
524 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Tag.");
525 cborEncoderResult = cbor_encode_text_string(&credMap, cred->credUsage,
526 strlen(cred->credUsage));
527 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Value.");
529 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
530 //PrivateData -- Not Mandatory
531 if(!secureFlag && cred->privateData.data)
533 CborEncoder privateMap;
534 const size_t privateMapSize = 2;
536 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PRIVATEDATA_NAME,
537 strlen(OIC_JSON_PRIVATEDATA_NAME));
538 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Tag.");
540 cborEncoderResult = cbor_encoder_create_map(&credMap, &privateMap, privateMapSize);
541 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Map");
543 // TODO: Need to data strucure modification for OicSecKey_t.
544 // TODO: Added as workaround, will be replaced soon.
545 if(OIC_ENCODING_RAW == cred->privateData.encoding)
547 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
548 strlen(OIC_JSON_ENCODING_NAME));
549 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
550 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_RAW,
551 strlen(OIC_SEC_ENCODING_RAW));
552 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
554 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
555 strlen(OIC_JSON_DATA_NAME));
556 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
557 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
558 cred->privateData.len);
559 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
561 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
563 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
564 strlen(OIC_JSON_ENCODING_NAME));
565 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
566 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_BASE64,
567 strlen(OIC_SEC_ENCODING_BASE64));
568 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
570 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
571 strlen(OIC_JSON_DATA_NAME));
572 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
573 cborEncoderResult = cbor_encode_text_string(&privateMap, (char*)(cred->privateData.data),
574 cred->privateData.len);
575 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
577 else if(OIC_ENCODING_DER == cred->privateData.encoding)
579 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
580 strlen(OIC_JSON_ENCODING_NAME));
581 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
582 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_DER,
583 strlen(OIC_SEC_ENCODING_DER));
584 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
586 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
587 strlen(OIC_JSON_DATA_NAME));
588 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
589 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
590 cred->privateData.len);
591 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
595 OIC_LOG(ERROR, TAG, "Unknown encoding type for private data.");
596 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding Private Encoding Value.");
599 cborEncoderResult = cbor_encoder_close_container(&credMap, &privateMap);
600 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PrivateData Map.");
603 //Period -- Not Mandatory
606 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PERIOD_NAME,
607 strlen(OIC_JSON_PERIOD_NAME));
608 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Tag.");
609 cborEncoderResult = cbor_encode_text_string(&credMap, cred->period,
610 strlen(cred->period));
611 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Value.");
614 #ifdef _ENABLE_MULTIPLE_OWNER_
615 // Eownerid -- Not Mandatory
619 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_EOWNERID_NAME,
620 strlen(OIC_JSON_EOWNERID_NAME));
621 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding eownerId Name Tag.");
622 ret = ConvertUuidToStr(cred->eownerID, &eowner);
623 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
624 cborEncoderResult = cbor_encode_text_string(&credMap, eowner, strlen(eowner));
625 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value.");
628 #endif //_ENABLE_MULTIPLE_OWNER_
630 cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap);
631 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
635 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &credArray);
636 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Array.");
643 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_ROWNERID_NAME,
644 strlen(OIC_JSON_ROWNERID_NAME));
645 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
646 ret = ConvertUuidToStr(&cred->rownerID, &rowner);
647 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
648 cborEncoderResult = cbor_encode_text_string(&credRootMap, rowner, strlen(rowner));
649 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
655 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_RT_NAME,
656 strlen(OIC_JSON_RT_NAME));
657 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
658 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &rtArray, 1);
659 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
660 for (size_t i = 0; i < 1; i++)
662 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_CRED,
663 strlen(OIC_RSRC_TYPE_SEC_CRED));
664 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
666 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &rtArray);
667 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
671 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_IF_NAME,
672 strlen(OIC_JSON_IF_NAME));
673 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
674 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &ifArray, 1);
675 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
676 for (size_t i = 0; i < 1; i++)
678 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
679 strlen(OC_RSRVD_INTERFACE_DEFAULT));
680 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
682 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &ifArray);
683 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
686 // Close CRED Root Map
687 cborEncoderResult = cbor_encoder_close_container(&encoder, &credRootMap);
688 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing CRED Root Map.");
690 if (CborNoError == cborEncoderResult)
692 OIC_LOG(DEBUG, TAG, "CredToCBORPayload Successed");
693 *cborPayload = outPayload;
694 *cborSize = cbor_encoder_get_buffer_size(&encoder, outPayload);
697 OIC_LOG(DEBUG, TAG, "CredToCBORPayload OUT");
699 if (CborErrorOutOfMemory == cborEncoderResult)
701 OIC_LOG(DEBUG, TAG, "CredToCBORPayload:CborErrorOutOfMemory : retry with more memory");
702 // reallocate and try again!
704 // Since the allocated initial memory failed, double the memory.
705 cborLen += cbor_encoder_get_buffer_size(&encoder, encoder.end);
706 cborEncoderResult = CborNoError;
707 ret = CredToCBORPayload(credS, cborPayload, &cborLen, secureFlag);
711 if (CborNoError != cborEncoderResult)
713 OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload");
718 ret = OC_STACK_ERROR;
724 OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
725 OicSecCred_t **secCred)
727 if (NULL == cborPayload || NULL == secCred || NULL != *secCred || 0 == size)
729 return OC_STACK_INVALID_PARAM;
732 OCStackResult ret = OC_STACK_ERROR;
733 CborValue credCbor = { .parser = NULL };
734 CborParser parser = { .end = NULL };
735 CborError cborFindResult = CborNoError;
736 cbor_parser_init(cborPayload, size, 0, &parser, &credCbor);
738 OicSecCred_t *headCred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
740 // Enter CRED Root Map
741 CborValue CredRootMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
742 cborFindResult = cbor_value_enter_container(&credCbor, &CredRootMap);
743 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering CRED Root Map.");
745 while (cbor_value_is_valid(&CredRootMap))
747 char* tagName = NULL;
749 CborType type = cbor_value_get_type(&CredRootMap);
750 if (type == CborTextStringType && cbor_value_is_text_string(&CredRootMap))
752 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &tagName, &len, NULL);
753 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Root Map.");
754 cborFindResult = cbor_value_advance(&CredRootMap);
755 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Root Map.");
759 if (strcmp(tagName, OIC_JSON_CREDS_NAME) == 0)
764 CborValue credArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
765 cborFindResult = cbor_value_enter_container(&CredRootMap, &credArray);
766 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Array.");
768 while (cbor_value_is_valid(&credArray))
771 //CredId -- Mandatory
772 CborValue credMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
773 cborFindResult = cbor_value_enter_container(&credArray, &credMap);
774 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map.");
775 OicSecCred_t *cred = NULL;
783 cred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
784 OicSecCred_t *temp = headCred;
792 VERIFY_NON_NULL(TAG, cred, ERROR);
794 while(cbor_value_is_valid(&credMap) && cbor_value_is_text_string(&credMap))
797 CborType type = cbor_value_get_type(&credMap);
798 if (type == CborTextStringType)
800 cborFindResult = cbor_value_dup_text_string(&credMap, &name, &len, NULL);
801 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Map.");
802 cborFindResult = cbor_value_advance(&credMap);
803 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Map.");
808 if (strcmp(name, OIC_JSON_CREDID_NAME) == 0)
811 cborFindResult = cbor_value_get_uint64(&credMap, &credId);
812 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredId.");
813 cred->credId = (uint16_t)credId;
816 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
818 char *subjectid = NULL;
819 cborFindResult = cbor_value_dup_text_string(&credMap, &subjectid, &len, NULL);
820 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subjectid Value.");
821 if(strcmp(subjectid, WILDCARD_RESOURCE_URI) == 0)
823 cred->subject.id[0] = '*';
827 ret = ConvertStrToUuid(subjectid, &cred->subject);
828 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
833 if (strcmp(name, OIC_JSON_CREDTYPE_NAME) == 0)
835 uint64_t credType = 0;
836 cborFindResult = cbor_value_get_uint64(&credMap, &credType);
837 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredType.");
838 cred->credType = (OicSecCredType_t)credType;
841 if (strcmp(name, OIC_JSON_PRIVATEDATA_NAME) == 0)
843 CborValue privateMap = { .parser = NULL };
844 cborFindResult = cbor_value_enter_container(&credMap, &privateMap);
846 while (cbor_value_is_valid(&privateMap))
848 char* privname = NULL;
849 CborType type = cbor_value_get_type(&privateMap);
850 if (type == CborTextStringType && cbor_value_is_text_string(&privateMap))
852 cborFindResult = cbor_value_dup_text_string(&privateMap, &privname,
854 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
855 cborFindResult = cbor_value_advance(&privateMap);
856 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
860 // PrivateData::privdata -- Mandatory
861 if (strcmp(privname, OIC_JSON_DATA_NAME) == 0)
863 if(cbor_value_is_byte_string(&privateMap))
865 cborFindResult = cbor_value_dup_byte_string(&privateMap, &cred->privateData.data,
866 &cred->privateData.len, NULL);
868 else if(cbor_value_is_text_string(&privateMap))
870 cborFindResult = cbor_value_dup_text_string(&privateMap, (char**)(&cred->privateData.data),
871 &cred->privateData.len, NULL);
875 cborFindResult = CborErrorUnknownType;
876 OIC_LOG(ERROR, TAG, "Unknown type for private data.");
878 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PrivateData.");
881 // PrivateData::encoding -- Mandatory
882 if (strcmp(privname, OIC_JSON_ENCODING_NAME) == 0)
884 // TODO: Added as workaround. Will be replaced soon.
885 char* strEncoding = NULL;
886 cborFindResult = cbor_value_dup_text_string(&privateMap, &strEncoding, &len, NULL);
887 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
889 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
891 cred->privateData.encoding = OIC_ENCODING_RAW;
893 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
895 cred->privateData.encoding = OIC_ENCODING_BASE64;
900 cred->privateData.encoding = OIC_ENCODING_RAW;
901 OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for private data.");
904 OICFree(strEncoding);
907 if (cbor_value_is_valid(&privateMap))
909 cborFindResult = cbor_value_advance(&privateMap);
910 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing privatedata Map.");
916 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
917 //PublicData -- Not Mandatory
918 if (strcmp(name, OIC_JSON_PUBLICDATA_NAME) == 0)
920 CborValue pubMap = { .parser = NULL };
921 cborFindResult = cbor_value_enter_container(&credMap, &pubMap);
923 while (cbor_value_is_valid(&pubMap))
925 char* pubname = NULL;
926 CborType type = cbor_value_get_type(&pubMap);
927 if (type == CborTextStringType && cbor_value_is_text_string(&pubMap))
929 cborFindResult = cbor_value_dup_text_string(&pubMap, &pubname,
931 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
932 cborFindResult = cbor_value_advance(&pubMap);
933 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
937 // PrivateData::privdata -- Mandatory
938 if (strcmp(pubname, OIC_JSON_DATA_NAME) == 0 && cbor_value_is_byte_string(&pubMap))
940 cborFindResult = cbor_value_dup_byte_string(&pubMap, &cred->publicData.data,
941 &cred->publicData.len, NULL);
942 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PubData.");
944 // PublicData::encoding -- Mandatory
945 if (strcmp(pubname, OIC_JSON_ENCODING_NAME) == 0)
947 // TODO: Need to update data structure, just ignore encoding value now.
950 if (cbor_value_is_valid(&pubMap))
952 cborFindResult = cbor_value_advance(&pubMap);
953 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing publicdata Map.");
958 //OptionalData -- Not Mandatory
959 if (strcmp(name, OIC_JSON_OPTDATA_NAME) == 0)
961 CborValue optMap = { .parser = NULL };
962 cborFindResult = cbor_value_enter_container(&credMap, &optMap);
964 while (cbor_value_is_valid(&optMap))
966 char* optname = NULL;
967 CborType type = cbor_value_get_type(&optMap);
968 if (type == CborTextStringType && cbor_value_is_text_string(&optMap))
970 cborFindResult = cbor_value_dup_text_string(&optMap, &optname,
972 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
973 cborFindResult = cbor_value_advance(&optMap);
974 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
978 // OptionalData::optdata -- Mandatory
979 if (strcmp(optname, OIC_JSON_DATA_NAME) == 0)
981 if(cbor_value_is_byte_string(&optMap))
983 cborFindResult = cbor_value_dup_byte_string(&optMap, &cred->optionalData.data,
984 &cred->optionalData.len, NULL);
986 else if(cbor_value_is_text_string(&optMap))
988 cborFindResult = cbor_value_dup_text_string(&optMap, (char**)(&cred->optionalData.data),
989 &cred->optionalData.len, NULL);
993 cborFindResult = CborErrorUnknownType;
994 OIC_LOG(ERROR, TAG, "Unknown type for optional data.");
996 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding OptionalData.");
998 // OptionalData::encoding -- Mandatory
999 if (strcmp(optname, OIC_JSON_ENCODING_NAME) == 0)
1001 // TODO: Added as workaround. Will be replaced soon.
1002 char* strEncoding = NULL;
1003 cborFindResult = cbor_value_dup_text_string(&optMap, &strEncoding, &len, NULL);
1004 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
1006 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
1008 OIC_LOG(INFO,TAG,"cbor_value_is_byte_string");
1009 cred->optionalData.encoding = OIC_ENCODING_RAW;
1011 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
1013 cred->optionalData.encoding = OIC_ENCODING_BASE64;
1015 else if(strcmp(strEncoding, OIC_SEC_ENCODING_PEM) == 0)
1017 cred->optionalData.encoding = OIC_ENCODING_PEM;
1019 else if(strcmp(strEncoding, OIC_SEC_ENCODING_DER) == 0)
1021 cred->optionalData.encoding = OIC_ENCODING_DER;
1026 cred->optionalData.encoding = OIC_ENCODING_RAW;
1027 OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for optional data.");
1029 OICFree(strEncoding);
1032 if (cbor_value_is_valid(&optMap))
1034 cborFindResult = cbor_value_advance(&optMap);
1035 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing optdata Map.");
1040 //Credusage -- Not Mandatory
1041 if (0 == strcmp(OIC_JSON_CREDUSAGE_NAME, name))
1043 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->credUsage, &len, NULL);
1044 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
1046 #endif //__WITH_DTLS__ || __WITH_TLS__
1048 if (0 == strcmp(OIC_JSON_PERIOD_NAME, name))
1050 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->period, &len, NULL);
1051 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
1054 #ifdef _ENABLE_MULTIPLE_OWNER_
1055 // Eowner uuid -- Not Mandatory
1056 if (strcmp(OIC_JSON_EOWNERID_NAME, name) == 0 && cbor_value_is_text_string(&credMap))
1058 char *eowner = NULL;
1059 cborFindResult = cbor_value_dup_text_string(&credMap, &eowner, &len, NULL);
1060 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding eownerId Value.");
1061 if(NULL == cred->eownerID)
1063 cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1064 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1066 ret = ConvertStrToUuid(eowner, cred->eownerID);
1068 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
1070 #endif //_ENABLE_MULTIPLE_OWNER_
1072 if (cbor_value_is_valid(&credMap))
1074 cborFindResult = cbor_value_advance(&credMap);
1075 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Map.");
1081 if (cbor_value_is_valid(&credArray))
1083 cborFindResult = cbor_value_advance(&credArray);
1084 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Array.");
1089 //ROwner -- Mandatory
1090 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0 && cbor_value_is_text_string(&CredRootMap))
1092 char *stRowner = NULL;
1093 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &stRowner, &len, NULL);
1094 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1096 ret = ConvertStrToUuid(stRowner, &headCred->rownerID);
1097 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1100 else if (NULL != gCred)
1102 memcpy(&(headCred->rownerID), &(gCred->rownerID), sizeof(OicUuid_t));
1106 if (cbor_value_is_valid(&CredRootMap))
1108 cborFindResult = cbor_value_advance(&CredRootMap);
1109 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Root Map.");
1113 *secCred = headCred;
1117 if (CborNoError != cborFindResult)
1119 DeleteCredList(headCred);
1122 ret = OC_STACK_ERROR;
1128 #ifdef _ENABLE_MULTIPLE_OWNER_
1129 bool IsValidCredentialAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, size_t size)
1131 OicSecCred_t* cred = NULL;
1132 bool isValidCred = false;
1134 OIC_LOG_BUFFER(DEBUG, TAG, cborPayload, size);
1136 VERIFY_NON_NULL(TAG, uuid, ERROR);
1137 VERIFY_NON_NULL(TAG, cborPayload, ERROR);
1138 VERIFY_SUCCESS(TAG, 0 != size, ERROR);
1139 VERIFY_SUCCESS(TAG, OC_STACK_OK == CBORPayloadToCred(cborPayload, size, &cred), ERROR);
1140 VERIFY_NON_NULL(TAG, cred, ERROR);
1141 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1142 VERIFY_SUCCESS(TAG, (memcmp(cred->eownerID->id, uuid->id, sizeof(uuid->id)) == 0), ERROR);
1147 DeleteCredList(cred);
1152 #endif //_ENABLE_MULTIPLE_OWNER_
1154 OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t credType,
1155 const OicSecCert_t * publicData, const OicSecKey_t* privateData,
1156 const OicUuid_t * rownerID, const OicUuid_t * eownerID)
1158 OIC_LOG(DEBUG, TAG, "IN GenerateCredential");
1161 OCStackResult ret = OC_STACK_ERROR;
1163 OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred));
1164 VERIFY_NON_NULL(TAG, cred, ERROR);
1166 //CredId is assigned before appending new cred to the existing
1167 //credential list and updating svr database in AddCredential().
1170 VERIFY_NON_NULL(TAG, subject, ERROR);
1171 memcpy(cred->subject.id, subject->id , sizeof(cred->subject.id));
1173 VERIFY_SUCCESS(TAG, credType < (NO_SECURITY_MODE | SYMMETRIC_PAIR_WISE_KEY |
1174 SYMMETRIC_GROUP_KEY | ASYMMETRIC_KEY | SIGNED_ASYMMETRIC_KEY | PIN_PASSWORD), ERROR);
1175 cred->credType = credType;
1177 #ifdef __WITH_DTLS__
1178 if (publicData && publicData->data)
1180 cred->publicData.data = (uint8_t *)OICCalloc(1, publicData->len);
1181 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
1182 memcpy(cred->publicData.data, publicData->data, publicData->len);
1183 cred->publicData.len = publicData->len;
1185 #endif // __WITH_DTLS__
1187 if (privateData && privateData->data)
1189 cred->privateData.data = (uint8_t *)OICCalloc(1, privateData->len);
1190 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
1191 memcpy(cred->privateData.data, privateData->data, privateData->len);
1192 cred->privateData.len = privateData->len;
1194 // TODO: Added as workaround. Will be replaced soon.
1195 cred->privateData.encoding = OIC_ENCODING_RAW;
1198 // NOTE: Test codes to use base64 for credential.
1199 uint32_t outSize = 0;
1200 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((privateData->len + 1));
1201 char* b64Buf = (uint8_t *)OICCalloc(1, b64BufSize);
1202 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1203 b64Encode(privateData->data, privateData->len, b64Buf, b64BufSize, &outSize);
1205 OICFree( cred->privateData.data );
1206 cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1);
1207 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
1209 strcpy(cred->privateData.data, b64Buf);
1210 cred->privateData.encoding = OIC_ENCODING_BASE64;
1211 cred->privateData.len = outSize;
1213 #endif //End of Test codes
1217 VERIFY_NON_NULL(TAG, rownerID, ERROR);
1218 memcpy(&cred->rownerID, rownerID, sizeof(OicUuid_t));
1220 #ifdef _ENABLE_MULTIPLE_OWNER_
1223 cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1224 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1225 memcpy(cred->eownerID->id, eownerID->id, sizeof(eownerID->id));
1227 #endif //_ENABLE_MULTIPLE_OWNER_
1231 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : result: %d", ret);
1232 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credId: %d", cred->credId);
1233 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credType: %d", cred->credType);
1234 OIC_LOG_BUFFER(DEBUG, TAG, cred->subject.id, sizeof(cred->subject.id));
1235 if (cred->privateData.data)
1237 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : privateData len: %d", cred->privateData.len);
1238 OIC_LOG_BUFFER(DEBUG, TAG, cred->privateData.data, cred->privateData.len);
1240 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1243 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credUsage: %s", cred->credUsage);
1245 if (cred->publicData.data)
1247 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : publicData len: %d", cred->publicData.len);
1248 OIC_LOG_BUFFER(DEBUG, TAG, cred->publicData.data, cred->publicData.len);
1251 if (cred->optionalData.data)
1253 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : optionalData len: %d", cred->optionalData.len);
1254 OIC_LOG_BUFFER(DEBUG, TAG, cred->optionalData.data, cred->optionalData.len);
1257 #endif //defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1260 if (OC_STACK_OK != ret)
1262 DeleteCredList(cred);
1265 OIC_LOG(DEBUG, TAG, "OUT GenerateCredential");
1269 static bool UpdatePersistentStorage(const OicSecCred_t *cred)
1272 OIC_LOG(DEBUG, TAG, "IN Cred UpdatePersistentStorage");
1274 // Convert Cred data into JSON for update to persistent storage
1277 uint8_t *payload = NULL;
1278 // This added '512' is arbitrary value that is added to cover the name of the resource, map addition and ending
1279 size_t size = GetCredKeyDataSize(cred);
1280 size += (512 * OicSecCredCount(cred));
1281 OIC_LOG_V(DEBUG, TAG, "cred size: %" PRIu64, size);
1284 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
1285 if ((OC_STACK_OK == res) && payload)
1287 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, payload, size))
1291 OICClearMemory(payload, size);
1295 else //Empty cred list
1297 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, NULL, 0))
1302 OIC_LOG(DEBUG, TAG, "OUT Cred UpdatePersistentStorage");
1307 * Compare function used LL_SORT for sorting credentials.
1309 * @param first pointer to OicSecCred_t struct.
1310 * @param second pointer to OicSecCred_t struct.
1312 *@return -1, if credId of first is less than credId of second.
1313 * 0, if credId of first is equal to credId of second.
1314 * 1, if credId of first is greater than credId of second.
1316 static int CmpCredId(const OicSecCred_t * first, const OicSecCred_t *second)
1318 if (first->credId < second->credId)
1322 else if (first->credId > second->credId)
1331 * GetCredId goes through the cred list and returns the next
1332 * available credId. The next credId could be the credId that is
1333 * available due deletion of OicSecCred_t object or one more than
1334 * credId of last credential in the list.
1336 * @return next available credId if successful, else 0 for error.
1338 static uint16_t GetCredId()
1340 //Sorts credential list in incremental order of credId
1341 LL_SORT(gCred, CmpCredId);
1343 OicSecCred_t *currentCred = NULL, *credTmp = NULL;
1344 uint16_t nextCredId = 1;
1346 LL_FOREACH_SAFE(gCred, currentCred, credTmp)
1348 if (currentCred->credId == nextCredId)
1358 VERIFY_SUCCESS(TAG, nextCredId < UINT16_MAX, ERROR);
1366 * Get the default value.
1368 * @return NULL for now.
1370 static OicSecCred_t* GetCredDefault()
1372 // TODO:Update it when we finalize the default info.
1376 static bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2)
1378 VERIFY_NON_NULL(TAG, sk1, WARNING);
1379 VERIFY_NON_NULL(TAG, sk2, WARNING);
1381 VERIFY_SUCCESS(TAG, (sk1->len == sk2->len), INFO);
1382 VERIFY_SUCCESS(TAG, (sk1->encoding == sk2->encoding), INFO);
1383 VERIFY_SUCCESS(TAG, (0 == memcmp(sk1->data, sk2->data, sk1->len)), INFO);
1389 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1390 static bool IsSameCert(const OicSecCert_t* cert1, const OicSecCert_t* cert2)
1392 VERIFY_NON_NULL(TAG, cert1, WARNING);
1393 VERIFY_NON_NULL(TAG, cert2, WARNING);
1395 VERIFY_SUCCESS(TAG, (cert1->len == cert2->len), INFO);
1396 VERIFY_SUCCESS(TAG, (0 == memcmp(cert1->data, cert2->data, cert1->len)), INFO);
1401 #endif //#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1404 * Compares credential
1406 * @return CRED_CMP_EQUAL if credentials are equal
1407 * CRED_CMP_NOT_EQUAL if not equal
1411 static CredCompareResult_t CompareCredential(const OicSecCred_t * l, const OicSecCred_t * r)
1413 CredCompareResult_t cmpResult = CRED_CMP_ERROR;
1414 bool isCompared = false;
1415 OIC_LOG(DEBUG, TAG, "IN CompareCredetial");
1417 VERIFY_NON_NULL(TAG, l, ERROR);
1418 VERIFY_NON_NULL(TAG, r, ERROR);
1420 cmpResult = CRED_CMP_NOT_EQUAL;
1422 VERIFY_SUCCESS(TAG, (l->credType == r->credType), INFO);
1423 VERIFY_SUCCESS(TAG, (0 == memcmp(l->subject.id, r->subject.id, sizeof(l->subject.id))), INFO);
1427 case SYMMETRIC_PAIR_WISE_KEY:
1428 case SYMMETRIC_GROUP_KEY:
1431 if(l->privateData.data && r->privateData.data)
1433 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->privateData, &r->privateData), INFO);
1438 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1439 case ASYMMETRIC_KEY:
1440 case SIGNED_ASYMMETRIC_KEY:
1442 if(l->publicData.data && r->publicData.data)
1444 VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO);
1448 if(l->optionalData.data && r->optionalData.data)
1450 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO);
1454 if(l->credUsage && r->credUsage)
1456 VERIFY_SUCCESS(TAG, (strlen(l->credUsage) == strlen(r->credUsage)), INFO);
1457 VERIFY_SUCCESS(TAG, (0 == strncmp(l->credUsage, r->credUsage, strlen(l->credUsage))), INFO);
1462 case ASYMMETRIC_ENCRYPTION_KEY:
1464 if(l->privateData.data && r->privateData.data)
1466 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->privateData, &r->privateData), INFO);
1470 if(l->publicData.data && r->publicData.data)
1472 VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO);
1476 if(l->optionalData.data && r->optionalData.data)
1478 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO);
1484 #endif //__WITH_DTLS__ or __WITH_TLS__
1487 cmpResult = CRED_CMP_ERROR;
1494 OIC_LOG(DEBUG, TAG, "Same Credentials");
1495 cmpResult = CRED_CMP_EQUAL;
1499 OIC_LOG(DEBUG, TAG, "Can not find the key data in credential");
1500 cmpResult = CRED_CMP_ERROR;
1503 OIC_LOG(DEBUG, TAG, "OUT CompareCredetial");
1508 OCStackResult AddCredential(OicSecCred_t * newCred)
1510 OCStackResult ret = OC_STACK_ERROR;
1511 OicSecCred_t * temp = NULL;
1512 bool validFlag = true;
1513 OicUuid_t emptyOwner = { .id = {0} };
1515 OIC_LOG(DEBUG, TAG, "IN AddCredential");
1517 VERIFY_SUCCESS(TAG, NULL != newCred, ERROR);
1518 //Assigning credId to the newCred
1519 newCred->credId = GetCredId();
1520 VERIFY_SUCCESS(TAG, true == IsVaildCredential(newCred), ERROR);
1522 //the newCred is not valid if it is empty
1524 if (memcmp(&(newCred->subject), &emptyOwner, sizeof(OicUuid_t)) == 0)
1530 LL_FOREACH(gCred, temp)
1532 CredCompareResult_t cmpRes = CompareCredential(temp, newCred);
1533 if(CRED_CMP_EQUAL == cmpRes)
1535 OIC_LOG_V(WARNING, TAG, "Detected same credential ID(%d)" \
1536 "new credential's ID will be replaced.", temp->credId);
1537 newCred->credId = temp->credId;
1543 if (CRED_CMP_ERROR == cmpRes)
1545 OIC_LOG_V(WARNING, TAG, "Credential skipped : %d", cmpRes);
1546 ret = OC_STACK_ERROR;
1553 //Append the new Cred to existing list if new Cred is valid
1556 LL_APPEND(gCred, newCred);
1558 if (memcmp(&(newCred->rownerID), &emptyOwner, sizeof(OicUuid_t)) != 0)
1560 memcpy(&(gCred->rownerID), &(newCred->rownerID), sizeof(OicUuid_t));
1562 if (UpdatePersistentStorage(gCred))
1568 OIC_LOG(DEBUG, TAG, "OUT AddCredential");
1572 OCStackResult RemoveCredential(const OicUuid_t *subject)
1574 OCStackResult ret = OC_STACK_ERROR;
1575 OicSecCred_t *cred = NULL;
1576 OicSecCred_t *tempCred = NULL;
1577 bool deleteFlag = false;
1579 LL_FOREACH_SAFE(gCred, cred, tempCred)
1581 if (memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
1583 LL_DELETE(gCred, cred);
1591 if (UpdatePersistentStorage(gCred))
1593 ret = OC_STACK_RESOURCE_DELETED;
1600 OCStackResult RemoveCredentialByCredId(uint16_t credId)
1602 OCStackResult ret = OC_STACK_ERROR;
1603 OicSecCred_t *cred = NULL;
1604 OicSecCred_t *tempCred = NULL;
1605 bool deleteFlag = false;
1607 OIC_LOG(INFO, TAG, "IN RemoveCredentialByCredId");
1611 return OC_STACK_INVALID_PARAM;
1615 LL_FOREACH_SAFE(gCred, cred, tempCred)
1617 if (cred->credId == credId)
1619 OIC_LOG_V(DEBUG, TAG, "Credential(ID=%d) will be removed.", credId);
1621 LL_DELETE(gCred, cred);
1629 if (UpdatePersistentStorage(gCred))
1631 ret = OC_STACK_RESOURCE_DELETED;
1634 OIC_LOG(INFO, TAG, "OUT RemoveCredentialByCredId");
1641 * Remove all credential data on credential resource and persistent storage
1644 * OC_STACK_OK - no errors
1645 * OC_STACK_ERROR - stack process error
1647 OCStackResult RemoveAllCredentials(void)
1649 DeleteCredList(gCred);
1650 gCred = GetCredDefault();
1652 if (!UpdatePersistentStorage(gCred))
1654 return OC_STACK_ERROR;
1659 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1661 * Internal function to fill private data of owner PSK.
1663 * @param receviedCred recevied owner credential from OBT(PT)
1664 * @param ownerAdd address of OBT(PT)
1665 * @param doxm current device's doxm resource
1668 * true successfully done and valid ower psk information
1669 * false Invalid owner psk information or failed to owner psk generation
1671 static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoint_t* ownerAddr,
1672 const OicSecDoxm_t* doxm)
1674 //Derive OwnerPSK locally
1675 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1676 char* b64Buf = NULL;
1677 size_t b64BufSize = 0;
1678 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1680 uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {0};
1681 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1682 (uint8_t*)oxmLabel, strlen(oxmLabel),
1683 doxm->owner.id, sizeof(doxm->owner.id),
1684 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1685 ownerPSK, OWNER_PSK_LENGTH_128);
1686 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1688 OIC_LOG(DEBUG, TAG, "OwnerPSK dump :");
1689 OIC_LOG_BUFFER(DEBUG, TAG, ownerPSK, OWNER_PSK_LENGTH_128);
1691 //Generate owner credential based on recevied credential information
1693 // TODO: Added as workaround, will be replaced soon.
1694 if(OIC_ENCODING_RAW == receviedCred->privateData.encoding)
1696 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1697 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1698 receviedCred->privateData.len = OWNER_PSK_LENGTH_128;
1699 memcpy(receviedCred->privateData.data, ownerPSK, OWNER_PSK_LENGTH_128);
1701 else if(OIC_ENCODING_BASE64 == receviedCred->privateData.encoding)
1703 B64Result b64res = B64_OK;
1704 uint32_t b64OutSize = 0;
1705 b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1706 b64Buf = OICCalloc(1, b64BufSize);
1707 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1709 b64res = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize);
1710 VERIFY_SUCCESS(TAG, B64_OK == b64res, ERROR);
1712 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1713 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1714 receviedCred->privateData.len = b64OutSize;
1715 strncpy((char*)receviedCred->privateData.data, b64Buf, b64OutSize);
1716 receviedCred->privateData.data[b64OutSize] = '\0';
1717 OICClearMemory(b64Buf, b64BufSize);
1723 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1726 OIC_LOG(INFO, TAG, "PrivateData of OwnerPSK was calculated successfully");
1728 OICClearMemory(ownerPSK, sizeof(ownerPSK));
1730 //Verify OwnerPSK information
1731 return (memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0 &&
1732 receviedCred->credType == SYMMETRIC_PAIR_WISE_KEY);
1734 //receviedCred->privateData.data will be deallocated when deleting credential.
1735 OICClearMemory(ownerPSK, sizeof(ownerPSK));
1736 OICClearMemory(b64Buf, b64BufSize);
1742 #ifdef _ENABLE_MULTIPLE_OWNER_
1744 * Internal function to fill private data of SubOwner PSK.
1746 * @param receviedCred recevied owner credential from SubOwner
1747 * @param ownerAdd address of SubOwner
1748 * @param doxm current device's doxm resource
1751 * true successfully done and valid subower psk information
1752 * false Invalid subowner psk information or failed to subowner psk generation
1754 static bool FillPrivateDataOfSubOwnerPSK(OicSecCred_t* receivedCred, const CAEndpoint_t* ownerAddr,
1755 const OicSecDoxm_t* doxm, const OicUuid_t* subOwner)
1757 char* b64Buf = NULL;
1758 //Derive OwnerPSK locally
1759 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1760 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1762 uint8_t subOwnerPSK[OWNER_PSK_LENGTH_128] = {0};
1763 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1764 (uint8_t*)oxmLabel, strlen(oxmLabel),
1765 subOwner->id, sizeof(subOwner->id),
1766 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1767 subOwnerPSK, OWNER_PSK_LENGTH_128);
1768 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1770 OIC_LOG(DEBUG, TAG, "SubOwnerPSK dump :");
1771 OIC_LOG_BUFFER(DEBUG, TAG, subOwnerPSK, OWNER_PSK_LENGTH_128);
1773 //Generate owner credential based on received credential information
1775 if(OIC_ENCODING_RAW == receivedCred->privateData.encoding)
1777 receivedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1778 VERIFY_NON_NULL(TAG, receivedCred->privateData.data, ERROR);
1779 receivedCred->privateData.len = OWNER_PSK_LENGTH_128;
1780 memcpy(receivedCred->privateData.data, subOwnerPSK, OWNER_PSK_LENGTH_128);
1782 else if(OIC_ENCODING_BASE64 == receivedCred->privateData.encoding)
1784 uint32_t b64OutSize = 0;
1785 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1786 b64Buf = OICCalloc(1, b64BufSize);
1787 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1789 VERIFY_SUCCESS(TAG, \
1790 B64_OK == b64Encode(subOwnerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize), \
1793 receivedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1794 VERIFY_NON_NULL(TAG, receivedCred->privateData.data, ERROR);
1795 receivedCred->privateData.len = b64OutSize;
1796 strncpy((char*)receivedCred->privateData.data, b64Buf, b64OutSize);
1797 receivedCred->privateData.data[b64OutSize] = '\0';
1801 OIC_LOG(INFO, TAG, "Unknown credential encoding type.");
1802 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1805 OIC_LOG(INFO, TAG, "PrivateData of SubOwnerPSK was calculated successfully");
1809 //receivedCred->privateData.data will be deallocated when deleting credential.
1813 #endif //_ENABLE_MULTIPLE_OWNER_
1814 #endif // __WITH_DTLS__ or __WITH_TLS__
1816 static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehRequest)
1818 OCEntityHandlerResult ret = OC_EH_ERROR;
1819 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest IN");
1821 static uint16_t previousMsgId = 0;
1822 //Get binary representation of cbor
1823 OicSecCred_t *cred = NULL;
1824 uint8_t *payload = (((OCSecurityPayload*)ehRequest->payload)->securityData);
1825 size_t size = (((OCSecurityPayload*)ehRequest->payload)->payloadSize);
1827 OCStackResult res = CBORPayloadToCred(payload, size, &cred);
1828 if (res == OC_STACK_OK)
1830 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1831 OicUuid_t emptyUuid = {.id={0}};
1832 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1833 if(doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
1835 //in case of owner PSK
1836 switch(cred->credType)
1838 case SYMMETRIC_PAIR_WISE_KEY:
1840 OCServerRequest *request = GetServerRequestUsingHandle(ehRequest->requestHandle);
1841 if(FillPrivateDataOfOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm))
1843 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1845 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1848 OIC_LOG(ERROR, TAG, "OwnerPSK was generated successfully.");
1849 if(OC_STACK_OK == AddCredential(cred))
1851 ret = OC_EH_CHANGED;
1855 OIC_LOG(ERROR, TAG, "Failed to save the OwnerPSK as cred resource");
1861 OIC_LOG(ERROR, TAG, "Failed to verify receviced OwnerPKS.");
1865 if(OC_EH_CHANGED == ret)
1868 * in case of random PIN based OxM,
1869 * revert get_psk_info callback of tinyDTLS to use owner credential.
1871 if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
1873 SetUuidForPinBasedOxm(&emptyUuid);
1875 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1876 if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskCredentials))
1878 OIC_LOG(ERROR, TAG, "Failed to revert TLS credential handler.");
1882 #endif // __WITH_DTLS__ or __WITH_TLS__
1885 //Select cipher suite to use owner PSK
1886 if(CA_STATUS_OK != CAEnableAnonECDHCipherSuite(false))
1888 OIC_LOG(ERROR, TAG, "Failed to disable anonymous cipher suite");
1893 OIC_LOG(INFO, TAG, "Anonymous cipher suite is DISABLED");
1897 CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256, ehRequest->devAddr.adapter))
1899 OIC_LOG(ERROR, TAG, "Failed to select cipher suite");
1906 case SYMMETRIC_GROUP_KEY:
1907 case ASYMMETRIC_KEY:
1908 case SIGNED_ASYMMETRIC_KEY:
1910 case ASYMMETRIC_ENCRYPTION_KEY:
1912 OIC_LOG(WARNING, TAG, "Unsupported credential type for owner credential.");
1918 OIC_LOG(WARNING, TAG, "Unknown credential type for owner credential.");
1924 if(OC_EH_CHANGED != ret)
1927 * If some error is occured while ownership transfer,
1928 * ownership transfer related resource should be revert back to initial status.
1930 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1935 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request");
1937 if((OC_ADAPTER_IP == ehRequest->devAddr.adapter && previousMsgId != ehRequest->messageID)
1938 || OC_ADAPTER_TCP == ehRequest->devAddr.adapter)
1940 RestoreDoxmToInitState();
1941 RestorePstatToInitState();
1942 OIC_LOG(WARNING, TAG, "DOXM will be reverted.");
1948 OIC_LOG(ERROR, TAG, "Invalid DOXM resource");
1952 #ifdef _ENABLE_MULTIPLE_OWNER_
1953 // In case SubOwner Credential
1954 else if(doxm && doxm->owned && doxm->mom &&
1955 OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode &&
1956 0 == cred->privateData.len)
1958 switch(cred->credType)
1960 case SYMMETRIC_PAIR_WISE_KEY:
1962 OCServerRequest *request = GetServerRequestUsingHandle(ehRequest->requestHandle);
1963 if(FillPrivateDataOfSubOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm, &cred->subject))
1965 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1967 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1970 OIC_LOG(ERROR, TAG, "SubOwnerPSK was generated successfully.");
1971 if(OC_STACK_OK == AddCredential(cred))
1973 ret = OC_EH_CHANGED;
1977 OIC_LOG(ERROR, TAG, "Failed to save the SubOwnerPSK as cred resource");
1983 OIC_LOG(ERROR, TAG, "Failed to verify receviced SubOwner PSK.");
1989 case SYMMETRIC_GROUP_KEY:
1990 case ASYMMETRIC_KEY:
1991 case SIGNED_ASYMMETRIC_KEY:
1993 case ASYMMETRIC_ENCRYPTION_KEY:
1995 OIC_LOG(WARNING, TAG, "Unsupported credential type for SubOwner credential.");
2001 OIC_LOG(WARNING, TAG, "Unknown credential type for SubOwner credential.");
2007 #endif //_ENABLE_MULTIPLE_OWNER_
2010 if(IsEmptyCred(cred))
2012 OicUuid_t emptyUuid = {.id={0}};
2013 if(memcmp(cred->rownerID.id, emptyUuid.id, sizeof(emptyUuid.id)) != 0)
2015 OIC_LOG(INFO, TAG, "CRED's rowner will be updated.");
2016 memcpy(gCred->rownerID.id, cred->rownerID.id, sizeof(cred->rownerID.id));
2017 if (UpdatePersistentStorage(gCred))
2019 ret = OC_EH_CHANGED;
2034 * If the post request credential has credId, it will be
2035 * discarded and the next available credId will be assigned
2036 * to it before getting appended to the existing credential
2037 * list and updating svr database.
2039 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
2042 #else //not __WITH_DTLS__
2044 * If the post request credential has credId, it will be
2045 * discarded and the next available credId will be assigned
2046 * to it before getting appended to the existing credential
2047 * list and updating svr database.
2049 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
2050 OC_UNUSED(previousMsgId);
2051 #endif//__WITH_DTLS__
2054 if (OC_EH_CHANGED != ret)
2056 if(OC_STACK_OK != RemoveCredential(&cred->subject))
2058 OIC_LOG(WARNING, TAG, "Failed to remove the invalid credential");
2064 if(OC_ADAPTER_IP == ehRequest->devAddr.adapter)
2066 previousMsgId = ehRequest->messageID++;
2069 //Send response to request originator
2070 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
2071 OC_EH_OK : OC_EH_ERROR;
2073 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest OUT");
2078 * The entity handler determines how to process a GET request.
2080 static OCEntityHandlerResult HandleGetRequest (const OCEntityHandlerRequest * ehRequest)
2082 OIC_LOG(INFO, TAG, "HandleGetRequest processing GET request");
2084 // Convert Cred data into CBOR for transmission
2086 uint8_t *payload = NULL;
2089 const OicSecCred_t *cred = gCred;
2091 // This added '256' is arbitrary value that is added to cover the name of the resource, map addition and ending
2092 size = GetCredKeyDataSize(cred);
2093 size += (256 * OicSecCredCount(cred));
2094 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
2096 // A device should always have a default cred. Therefore, payload should never be NULL.
2097 OCEntityHandlerResult ehRet = (res == OC_STACK_OK) ? OC_EH_OK : OC_EH_ERROR;
2100 //Send payload to request originator
2101 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
2102 OC_EH_OK : OC_EH_ERROR;
2103 OICClearMemory(payload, size);
2108 static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *ehRequest)
2110 OIC_LOG(DEBUG, TAG, "Processing CredDeleteRequest");
2112 OCEntityHandlerResult ehRet = OC_EH_ERROR;
2114 if (NULL == ehRequest->query)
2119 OicParseQueryIter_t parseIter = { .attrPos=NULL };
2120 OicUuid_t subject = {.id={0}};
2122 //Parsing REST query to get the subject
2123 ParseQueryIterInit((unsigned char *)ehRequest->query, &parseIter);
2124 while (GetNextQuery(&parseIter))
2126 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECTID_NAME,
2127 parseIter.attrLen) == 0)
2129 OCStackResult ret = ConvertStrToUuid((const char*)parseIter.valPos, &subject);
2130 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2134 if (OC_STACK_RESOURCE_DELETED == RemoveCredential(&subject))
2136 ehRet = OC_EH_RESOURCE_DELETED;
2138 //Send response to request originator
2139 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2140 OC_EH_OK : OC_EH_ERROR;
2145 OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
2146 OCEntityHandlerRequest * ehRequest,
2147 void* callbackParameter)
2149 (void)callbackParameter;
2150 OCEntityHandlerResult ret = OC_EH_ERROR;
2156 if (flag & OC_REQUEST_FLAG)
2158 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
2159 //TODO : Remove Handle PUT methods once CTT have changed to POST on OTM
2160 switch (ehRequest->method)
2163 ret = HandleGetRequest(ehRequest);;
2167 ret = HandlePostRequest(ehRequest);
2169 case OC_REST_DELETE:
2170 ret = HandleDeleteRequest(ehRequest);
2173 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
2174 OC_EH_OK : OC_EH_ERROR;
2181 OCStackResult CreateCredResource()
2183 OCStackResult ret = OCCreateResource(&gCredHandle,
2184 OIC_RSRC_TYPE_SEC_CRED,
2185 OC_RSRVD_INTERFACE_DEFAULT,
2191 if (OC_STACK_OK != ret)
2193 OIC_LOG (FATAL, TAG, "Unable to instantiate Cred resource");
2194 DeInitCredResource();
2199 OCStackResult InitCredResource()
2201 OCStackResult ret = OC_STACK_ERROR;
2202 OicSecCred_t* cred = NULL;
2204 //Read Cred resource from PS
2205 uint8_t *data = NULL;
2207 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_CRED_NAME, &data, &size);
2208 // If database read failed
2209 if (ret != OC_STACK_OK)
2211 OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed");
2215 // Read ACL resource from PS
2216 ret = CBORPayloadToCred(data, size, &gCred);
2220 * If SVR database in persistent storage got corrupted or
2221 * is not available for some reason, a default Cred is created
2222 * which allows user to initiate Cred provisioning again.
2224 if (ret != OC_STACK_OK || !data || !gCred)
2226 gCred = GetCredDefault();
2229 //Add a log to track the invalid credential.
2230 LL_FOREACH(gCred, cred)
2232 if (false == IsVaildCredential(cred))
2234 OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource");
2235 OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId);
2239 //Instantiate 'oic.sec.cred'
2240 ret = CreateCredResource();
2241 OICClearMemory(data, size);
2246 OCStackResult DeInitCredResource()
2248 OCStackResult result = OCDeleteResource(gCredHandle);
2249 DeleteCredList(gCred);
2254 OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
2256 OicSecCred_t *cred = NULL;
2258 if ( NULL == subject)
2263 LL_FOREACH(gCred, cred)
2265 if(memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
2273 const OicSecCred_t* GetCredList()
2278 OicSecCred_t* GetCredEntryByCredId(const uint16_t credId)
2280 OicSecCred_t *cred = NULL;
2281 OicSecCred_t *tmpCred = NULL;
2288 LL_FOREACH(gCred, tmpCred)
2290 if(tmpCred->credId == credId)
2292 cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t));
2293 VERIFY_NON_NULL(TAG, cred, ERROR);
2297 cred->credId = tmpCred->credId;
2298 cred->credType = tmpCred->credType;
2299 memcpy(cred->subject.id, tmpCred->subject.id , sizeof(cred->subject.id));
2300 memcpy(cred->rownerID.id, tmpCred->rownerID.id , sizeof(cred->rownerID.id));
2301 if (tmpCred->period)
2303 cred->period = OICStrdup(tmpCred->period);
2307 if (tmpCred->privateData.data)
2309 cred->privateData.data = (uint8_t *)OICCalloc(1, tmpCred->privateData.len);
2310 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
2312 memcpy(cred->privateData.data, tmpCred->privateData.data, tmpCred->privateData.len);
2313 cred->privateData.len = tmpCred->privateData.len;
2314 cred->privateData.encoding = tmpCred->privateData.encoding;
2316 #if defined(__WITH_X509__) || defined(__WITH_TLS__)
2317 else if (tmpCred->publicData.data)
2319 cred->publicData.data = (uint8_t *)OICCalloc(1, tmpCred->publicData.len);
2320 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
2322 memcpy(cred->publicData.data, tmpCred->publicData.data, tmpCred->publicData.len);
2323 cred->publicData.len = tmpCred->publicData.len;
2325 else if (tmpCred->optionalData.data)
2327 cred->optionalData.data = (uint8_t *)OICCalloc(1, tmpCred->optionalData.len);
2328 VERIFY_NON_NULL(TAG, cred->optionalData.data, ERROR);
2330 memcpy(cred->optionalData.data, tmpCred->optionalData.data, tmpCred->optionalData.len);
2331 cred->optionalData.len = tmpCred->optionalData.len;
2332 cred->optionalData.encoding = tmpCred->optionalData.encoding;
2335 if (tmpCred->credUsage)
2337 cred->credUsage = OICStrdup(tmpCred->credUsage);
2339 #endif /* __WITH_X509__ or __WITH_TLS__*/
2350 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
2351 int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
2352 const uint8_t *desc, size_t desc_len,
2353 uint8_t *result, size_t result_length)
2364 case CA_DTLS_PSK_HINT:
2365 case CA_DTLS_PSK_IDENTITY:
2367 OicUuid_t deviceID = {.id={0}};
2368 // Retrieve Device ID from doxm resource
2369 if ( OC_STACK_OK != GetDoxmDeviceID(&deviceID) )
2371 OIC_LOG (ERROR, TAG, "Unable to retrieve doxm Device ID");
2375 if (result_length < sizeof(deviceID.id))
2377 OIC_LOG (ERROR, TAG, "Wrong value for result_length");
2380 memcpy(result, deviceID.id, sizeof(deviceID.id));
2381 return (sizeof(deviceID.id));
2385 case CA_DTLS_PSK_KEY:
2387 OicSecCred_t *cred = NULL;
2388 LL_FOREACH(gCred, cred)
2390 if (cred->credType != SYMMETRIC_PAIR_WISE_KEY)
2395 if ((desc_len == sizeof(cred->subject.id)) &&
2396 (memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
2399 * If the credentials are valid for limited time,
2400 * check their expiry.
2404 if(IOTVTICAL_VALID_ACCESS != IsRequestWithinValidTime(cred->period, NULL))
2406 OIC_LOG (INFO, TAG, "Credentials are expired.");
2412 // TODO: Added as workaround. Will be replaced soon.
2413 if(OIC_ENCODING_RAW == cred->privateData.encoding)
2415 ret = cred->privateData.len;
2416 memcpy(result, cred->privateData.data, ret);
2418 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
2420 size_t outBufSize = B64DECODE_OUT_SAFESIZE((cred->privateData.len + 1));
2421 uint8_t* outKey = OICCalloc(1, outBufSize);
2422 uint32_t outKeySize;
2425 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2429 if(B64_OK == b64Decode((char*)cred->privateData.data, cred->privateData.len, outKey, outBufSize, &outKeySize))
2431 memcpy(result, outKey, outKeySize);
2436 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
2445 OIC_LOG(DEBUG, TAG, "Can not find subject matched credential.");
2447 #ifdef _ENABLE_MULTIPLE_OWNER_
2448 const OicSecDoxm_t* doxm = GetDoxmResourceData();
2449 if(doxm && doxm->mom && OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode)
2451 // in case of multiple owner transfer authentication
2452 if(OIC_PRECONFIG_PIN == doxm->oxmSel)
2454 OicSecCred_t* wildCardCred = GetCredResourceData(&WILDCARD_SUBJECT_ID);
2457 OIC_LOG(DEBUG, TAG, "Detected wildcard credential.");
2458 if(PIN_PASSWORD == wildCardCred->credType)
2461 char* pinBuffer = NULL;
2462 uint32_t pinLength = 0;
2463 if(OIC_ENCODING_RAW == wildCardCred->privateData.encoding)
2465 pinBuffer = OICCalloc(1, wildCardCred->privateData.len + 1);
2466 if(NULL == pinBuffer)
2468 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2471 pinLength = wildCardCred->privateData.len;
2472 memcpy(pinBuffer, wildCardCred->privateData.data, pinLength);
2474 else if(OIC_ENCODING_BASE64 == wildCardCred->privateData.encoding)
2476 size_t pinBufSize = B64DECODE_OUT_SAFESIZE((wildCardCred->privateData.len + 1));
2477 pinBuffer = OICCalloc(1, pinBufSize);
2478 if(NULL == pinBuffer)
2480 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2484 if(B64_OK != b64Decode((char*)wildCardCred->privateData.data, wildCardCred->privateData.len, pinBuffer, pinBufSize, &pinLength))
2486 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
2492 OIC_LOG(ERROR, TAG, "Unknown encoding type of PIN/PW credential.");
2496 //Set the PIN/PW to derive PSK
2497 if (OC_STACK_OK != SetPreconfigPin(pinBuffer, pinLength))
2500 OIC_LOG(ERROR, TAG, "Failed to load PIN data.");
2506 if(OC_STACK_OK != GetDoxmDeviceID(&myUuid))
2508 OIC_LOG(ERROR, TAG, "Failed to read device ID");
2511 SetUuidForPinBasedOxm(&myUuid);
2513 //Calculate PSK using PIN/PW
2514 if(0 == DerivePSKUsingPIN((uint8_t*)result))
2516 ret = OWNER_PSK_LENGTH_128;
2520 OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from PIN");
2523 if(CA_STATUS_OK != CAregisterSslHandshakeCallback(MultipleOwnerDTLSHandshakeCB))
2525 OIC_LOG(WARNING, TAG, "Error while bind the DTLS Handshake Callback.");
2530 else if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
2532 if(0 == DerivePSKUsingPIN((uint8_t*)result))
2534 ret = OWNER_PSK_LENGTH_128;
2538 OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from PIN : result");
2543 #endif //_ENABLE_MULTIPLE_OWNER_
2552 * Add temporal PSK to PIN based OxM
2554 * @param[in] tmpSubject UUID of target device
2555 * @param[in] credType Type of credential to be added
2556 * @param[in] pin numeric characters
2557 * @param[in] pinSize length of 'pin'
2558 * @param[in] rownerID Resource owner's UUID
2559 * @param[out] tmpCredSubject Generated credential's subject.
2561 * @return OC_STACK_OK for success and errorcode otherwise.
2563 OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
2564 const char * pin, size_t pinSize,
2565 const OicUuid_t * rownerID, OicUuid_t* tmpCredSubject)
2567 OCStackResult ret = OC_STACK_ERROR;
2568 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN IN");
2570 if(NULL == tmpSubject || NULL == pin || 0 == pinSize || NULL == tmpCredSubject)
2572 return OC_STACK_INVALID_PARAM;
2575 uint8_t privData[OWNER_PSK_LENGTH_128] = {0,};
2576 OicSecKey_t privKey = {privData, OWNER_PSK_LENGTH_128, OIC_ENCODING_RAW};
2577 OicSecCred_t* cred = NULL;
2578 int dtlsRes = DeriveCryptoKeyFromPassword((const unsigned char *)pin, pinSize, rownerID->id,
2579 UUID_LENGTH, PBKDF_ITERATIONS,
2580 OWNER_PSK_LENGTH_128, privData);
2581 VERIFY_SUCCESS(TAG, (0 == dtlsRes) , ERROR);
2583 cred = GenerateCredential(tmpSubject, credType, NULL,
2584 &privKey, rownerID, NULL);
2585 OICClearMemory(privData, sizeof(privData));
2588 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to generate credential");
2589 return OC_STACK_ERROR;
2592 memcpy(tmpCredSubject->id, cred->subject.id, UUID_LENGTH);
2594 ret = AddCredential(cred);
2595 if( OC_STACK_OK != ret)
2597 RemoveCredential(tmpSubject);
2598 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to add credential");
2600 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN OUT");
2606 #endif /* __WITH_DTLS__ */
2608 OCStackResult SetCredRownerId(const OicUuid_t* newROwner)
2610 OCStackResult ret = OC_STACK_ERROR;
2611 uint8_t *cborPayload = NULL;
2614 OicUuid_t prevId = {.id={0}};
2616 if(NULL == newROwner)
2618 ret = OC_STACK_INVALID_PARAM;
2622 ret = OC_STACK_NO_RESOURCE;
2625 if(newROwner && gCred)
2627 memcpy(prevId.id, gCred->rownerID.id, sizeof(prevId.id));
2628 memcpy(gCred->rownerID.id, newROwner->id, sizeof(newROwner->id));
2630 // This added '256' is arbitrary value that is added to cover the name of the resource, map addition and ending
2631 size = GetCredKeyDataSize(gCred);
2632 size += (256 * OicSecCredCount(gCred));
2633 ret = CredToCBORPayload(gCred, &cborPayload, &size, secureFlag);
2634 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2636 ret = UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, cborPayload, size);
2637 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2639 OICFree(cborPayload);
2645 OICFree(cborPayload);
2646 memcpy(gCred->rownerID.id, prevId.id, sizeof(prevId.id));
2650 OCStackResult GetCredRownerId(OicUuid_t *rowneruuid)
2652 OCStackResult retVal = OC_STACK_ERROR;
2655 *rowneruuid = gCred->rownerID;
2656 retVal = OC_STACK_OK;
2661 #if defined (__WITH_TLS__) || defined(__WITH_DTLS__)
2662 void GetDerCaCert(ByteArray_t * crt, const char * usage)
2664 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2665 if (NULL == crt || NULL == usage)
2667 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2671 OicSecCred_t * temp = NULL;
2673 LL_FOREACH(gCred, temp)
2675 if (SIGNED_ASYMMETRIC_KEY == temp->credType &&
2676 0 == strcmp(temp->credUsage, usage))
2678 if(OIC_ENCODING_BASE64 == temp->optionalData.encoding)
2680 size_t bufSize = B64DECODE_OUT_SAFESIZE((temp->optionalData.len + 1));
2681 uint8 * buf = OICCalloc(1, bufSize);
2684 OIC_LOG(ERROR, TAG, "Failed to allocate memory");
2688 if(B64_OK != b64Decode(temp->optionalData.data, temp->optionalData.len, buf, bufSize, &outSize))
2691 OIC_LOG(ERROR, TAG, "Failed to decode base64 data");
2694 crt->data = OICRealloc(crt->data, crt->len + outSize);
2695 memcpy(crt->data + crt->len, buf, outSize);
2696 crt->len += outSize;
2701 crt->data = OICRealloc(crt->data, crt->len + temp->optionalData.len);
2702 memcpy(crt->data + crt->len, temp->optionalData.data, temp->optionalData.len);
2703 crt->len += temp->optionalData.len;
2705 OIC_LOG_V(DEBUG, TAG, "%s found", usage);
2710 OIC_LOG_V(WARNING, TAG, "%s not found", usage);
2712 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2716 void GetDerOwnCert(ByteArray_t * crt, const char * usage)
2718 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2719 if (NULL == crt || NULL == usage)
2721 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2725 OicSecCred_t * temp = NULL;
2726 LL_FOREACH(gCred, temp)
2728 if (SIGNED_ASYMMETRIC_KEY == temp->credType &&
2729 0 == strcmp(temp->credUsage, usage))
2731 crt->data = OICRealloc(crt->data, crt->len + temp->publicData.len);
2732 memcpy(crt->data + crt->len, temp->publicData.data, temp->publicData.len);
2733 crt->len += temp->publicData.len;
2734 OIC_LOG_V(DEBUG, TAG, "%s found", usage);
2739 OIC_LOG_V(WARNING, TAG, "%s not found", usage);
2741 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2745 void GetDerKey(ByteArray_t * key, const char * usage)
2747 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2748 if (NULL == key || NULL == usage)
2750 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2754 OicSecCred_t * temp = NULL;
2756 LL_FOREACH(gCred, temp)
2758 if (SIGNED_ASYMMETRIC_KEY == temp->credType &&
2759 0 == strcmp(temp->credUsage, usage))
2761 key->data = OICRealloc(key->data, key->len + temp->privateData.len);
2762 memcpy(key->data + key->len, temp->privateData.data, temp->privateData.len);
2763 key->len += temp->privateData.len;
2764 OIC_LOG_V(DEBUG, TAG, "Key for %s found", usage);
2769 OIC_LOG_V(WARNING, TAG, "Key for %s not found", usage);
2771 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2774 void InitCipherSuiteListInternal(bool * list, const char * usage)
2776 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2777 if (NULL == list || NULL == usage)
2779 OIC_LOG(DEBUG, TAG, "NULL passed");
2780 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2783 OicSecCred_t * temp = NULL;
2784 LL_FOREACH(gCred, temp)
2786 switch (temp->credType)
2791 OIC_LOG(DEBUG, TAG, "PIN_PASSWORD found");
2794 case SYMMETRIC_PAIR_WISE_KEY:
2797 OIC_LOG(DEBUG, TAG, "SYMMETRIC_PAIR_WISE_KEY found");
2800 case SIGNED_ASYMMETRIC_KEY:
2802 if (0 == strcmp(temp->credUsage, usage))
2805 OIC_LOG_V(DEBUG, TAG, "SIGNED_ASYMMETRIC_KEY found for %s", usage);
2809 case SYMMETRIC_GROUP_KEY:
2810 case ASYMMETRIC_KEY:
2811 case ASYMMETRIC_ENCRYPTION_KEY:
2813 OIC_LOG(WARNING, TAG, "Unsupported credential type for TLS.");
2818 OIC_LOG(WARNING, TAG, "Unknown credential type for TLS.");
2823 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
projects / platform / upstream / iotivity.git / blob