1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
32 #include "oic_malloc.h"
33 #include "payload_logging.h"
36 #include "ocpayload.h"
37 #include "cainterface.h"
38 #include "ocserverrequest.h"
39 #include "resourcemanager.h"
40 #include "doxmresource.h"
41 #include "pstatresource.h"
42 #include "aclresource.h"
43 #include "amaclresource.h"
44 #include "pconfresource.h"
45 #include "dpairingresource.h"
46 #include "psinterface.h"
47 #include "srmresourcestrings.h"
48 #include "securevirtualresourcetypes.h"
49 #include "credresource.h"
50 #include "srmutility.h"
51 #include "pinoxmcommon.h"
53 #define TAG "SRM-DOXM"
55 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
56 * The value of payload size is increased until reaching belox max cbor size. */
57 static const uint16_t CBOR_SIZE = 512;
59 /** Max cbor size payload. */
60 static const uint16_t CBOR_MAX_SIZE = 4400;
62 /** DOXM Map size - Number of mandatory items. */
63 static const uint8_t DOXM_MAP_SIZE = 7;
65 static OicSecDoxm_t *gDoxm = NULL;
66 static OCResourceHandle gDoxmHandle = NULL;
68 static OicSecOxm_t gOicSecDoxmJustWorks = OIC_JUST_WORKS;
69 static OicSecDoxm_t gDefaultDoxm =
71 NULL, /* OicUrn_t *oxmType */
72 0, /* size_t oxmTypeLen */
73 &gOicSecDoxmJustWorks, /* uint16_t *oxm */
74 1, /* size_t oxmLen */
75 OIC_JUST_WORKS, /* uint16_t oxmSel */
76 SYMMETRIC_PAIR_WISE_KEY,/* OicSecCredType_t sct */
77 false, /* bool owned */
78 {.id = {0}}, /* OicUuid_t deviceID */
80 {.id = {0}}, /* OicUuid_t owner */
81 {.id = {0}}, /* OicUuid_t rownerID */
84 void DeleteDoxmBinData(OicSecDoxm_t* doxm)
89 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
91 OICFree(doxm->oxmType[i]);
93 OICFree(doxm->oxmType);
103 OCStackResult DoxmToCBORPayload(const OicSecDoxm_t *doxm, uint8_t **payload, size_t *size)
105 if (NULL == doxm || NULL == payload || NULL != *payload || NULL == size)
107 return OC_STACK_INVALID_PARAM;
109 size_t cborLen = *size;
117 OCStackResult ret = OC_STACK_ERROR;
119 CborEncoder encoder = { {.ptr = NULL }, .end = 0 };
120 CborEncoder doxmMap = { {.ptr = NULL }, .end = 0 };
121 char* strUuid = NULL;
123 int64_t cborEncoderResult = CborNoError;
124 uint8_t mapSize = DOXM_MAP_SIZE;
125 if (doxm->oxmTypeLen > 0)
129 if (doxm->oxmLen > 0)
134 uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
135 VERIFY_NON_NULL(TAG, outPayload, ERROR);
136 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
138 cborEncoderResult = cbor_encoder_create_map(&encoder, &doxmMap, mapSize);
139 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Doxm Map.");
141 //OxmType -- Not Mandatory
142 if (doxm->oxmTypeLen > 0)
144 CborEncoder oxmType = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
145 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_OXM_TYPE_NAME,
146 strlen(OIC_JSON_OXM_TYPE_NAME));
147 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmType Tag.");
148 cborEncoderResult = cbor_encoder_create_array(&doxmMap, &oxmType, doxm->oxmTypeLen);
149 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmType Array.");
151 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
153 cborEncoderResult = cbor_encode_text_string(&oxmType, doxm->oxmType[i],
154 strlen(doxm->oxmType[i]));
155 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmType Value.");
157 cborEncoderResult = cbor_encoder_close_container(&doxmMap, &oxmType);
158 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing oxmType.");
161 //Oxm -- Not Mandatory
162 if (doxm->oxmLen > 0)
164 CborEncoder oxm = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
165 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_OXMS_NAME,
166 strlen(OIC_JSON_OXMS_NAME));
167 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmName Tag.");
168 cborEncoderResult = cbor_encoder_create_array(&doxmMap, &oxm, doxm->oxmLen);
169 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmName Array.");
171 for (size_t i = 0; i < doxm->oxmLen; i++)
173 cborEncoderResult = cbor_encode_int(&oxm, doxm->oxm[i]);
174 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmName Value");
176 cborEncoderResult = cbor_encoder_close_container(&doxmMap, &oxm);
177 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing oxmName.");
180 //OxmSel -- Mandatory
181 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_OXM_SEL_NAME,
182 strlen(OIC_JSON_OXM_SEL_NAME));
183 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Sel Tag.");
184 cborEncoderResult = cbor_encode_int(&doxmMap, doxm->oxmSel);
185 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Sel Value.");
188 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_SUPPORTED_CRED_TYPE_NAME,
189 strlen(OIC_JSON_SUPPORTED_CRED_TYPE_NAME));
190 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag");
191 cborEncoderResult = cbor_encode_int(&doxmMap, doxm->sct);
192 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value.");
195 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_OWNED_NAME,
196 strlen(OIC_JSON_OWNED_NAME));
197 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owned Tag.");
198 cborEncoderResult = cbor_encode_boolean(&doxmMap, doxm->owned);
199 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owned Value.");
201 //DeviceId -- Mandatory
202 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_DEVICE_ID_NAME,
203 strlen(OIC_JSON_DEVICE_ID_NAME));
204 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Device Id Tag.");
205 ret = ConvertUuidToStr(&doxm->deviceID, &strUuid);
206 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
207 cborEncoderResult = cbor_encode_text_string(&doxmMap, strUuid, strlen(strUuid));
208 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Device Id Value.");
212 //devownerid -- Mandatory
213 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_DEVOWNERID_NAME,
214 strlen(OIC_JSON_DEVOWNERID_NAME));
215 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owner Id Tag.");
216 ret = ConvertUuidToStr(&doxm->owner, &strUuid);
217 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
218 cborEncoderResult = cbor_encode_text_string(&doxmMap, strUuid, strlen(strUuid));
219 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owner Id Value.");
223 //ROwner -- Mandatory
224 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_ROWNERID_NAME,
225 strlen(OIC_JSON_ROWNERID_NAME));
226 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ROwner Id Tag.");
227 ret = ConvertUuidToStr(&doxm->rownerID, &strUuid);
228 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
229 cborEncoderResult = cbor_encode_text_string(&doxmMap, strUuid, strlen(strUuid));
230 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ROwner Id Value.");
235 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_DPC_NAME,
236 strlen(OIC_JSON_DPC_NAME));
237 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding DPC Tag.");
238 cborEncoderResult = cbor_encode_boolean(&doxmMap, doxm->dpc);
239 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding DPC Value.");
241 cborEncoderResult = cbor_encoder_close_container(&encoder, &doxmMap);
242 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing DoxmMap.");
244 if (CborNoError == cborEncoderResult)
246 *size = encoder.ptr - outPayload;
247 *payload = outPayload;
251 if ((CborErrorOutOfMemory == cborEncoderResult) && (cborLen < CBOR_MAX_SIZE))
253 OIC_LOG(DEBUG, TAG, "Memory getting reallocated.");
254 // reallocate and try again!
256 // Since the allocated initial memory failed, double the memory.
257 cborLen += encoder.ptr - encoder.end;
258 OIC_LOG_V(DEBUG, TAG, "Doxm reallocation size : %zd.", cborLen);
259 cborEncoderResult = CborNoError;
260 ret = DoxmToCBORPayload(doxm, payload, &cborLen);
264 if ((CborNoError != cborEncoderResult) || (OC_STACK_OK != ret))
270 ret = OC_STACK_ERROR;
276 OCStackResult CBORPayloadToDoxm(const uint8_t *cborPayload, size_t size,
277 OicSecDoxm_t **secDoxm)
279 if (NULL == cborPayload || NULL == secDoxm || NULL != *secDoxm)
281 return OC_STACK_INVALID_PARAM;
284 OCStackResult ret = OC_STACK_ERROR;
288 CborError cborFindResult = CborNoError;
289 int cborLen = (size == 0) ? CBOR_SIZE : size;
290 char* strUuid = NULL;
293 cbor_parser_init(cborPayload, cborLen, 0, &parser, &doxmCbor);
295 OicSecDoxm_t *doxm = (OicSecDoxm_t *)OICCalloc(1, sizeof(*doxm));
296 VERIFY_NON_NULL(TAG, doxm, ERROR);
298 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_OXM_TYPE_NAME, &doxmMap);
299 //OxmType -- not Mandatory
300 if (CborNoError == cborFindResult && cbor_value_is_array(&doxmMap))
304 cborFindResult = cbor_value_get_array_length(&doxmMap, &doxm->oxmTypeLen);
305 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding oxmTypeLen.")
306 VERIFY_SUCCESS(TAG, doxm->oxmTypeLen != 0, ERROR);
308 doxm->oxmType = (OicUrn_t *)OICCalloc(doxm->oxmTypeLen, sizeof(*doxm->oxmType));
309 VERIFY_NON_NULL(TAG, doxm->oxmType, ERROR);
311 cborFindResult = cbor_value_enter_container(&doxmMap, &oxmType);
312 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering oxmType Array.")
316 while (cbor_value_is_valid(&oxmType))
318 cborFindResult = cbor_value_dup_text_string(&oxmType, &doxm->oxmType[i++],
320 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding omxType text string.")
321 cborFindResult = cbor_value_advance(&oxmType);
322 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing oxmType.")
326 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_OXMS_NAME, &doxmMap);
327 //Oxm -- not Mandatory
328 if (CborNoError == cborFindResult && cbor_value_is_array(&doxmMap))
331 cborFindResult = cbor_value_get_array_length(&doxmMap, &doxm->oxmLen);
332 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding oxmName array Length.")
333 VERIFY_SUCCESS(TAG, doxm->oxmLen != 0, ERROR);
335 doxm->oxm = (OicSecOxm_t *)OICCalloc(doxm->oxmLen, sizeof(*doxm->oxm));
336 VERIFY_NON_NULL(TAG, doxm->oxm, ERROR);
338 cborFindResult = cbor_value_enter_container(&doxmMap, &oxm);
339 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering oxmName Array.")
342 while (cbor_value_is_valid(&oxm))
344 cborFindResult = cbor_value_get_int(&oxm, (int *) &doxm->oxm[i++]);
345 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding oxmName Value")
346 cborFindResult = cbor_value_advance(&oxm);
347 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing oxmName.")
351 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_OXM_SEL_NAME, &doxmMap);
352 if (CborNoError == cborFindResult && cbor_value_is_integer(&doxmMap))
354 cborFindResult = cbor_value_get_int(&doxmMap, (int *) &doxm->oxmSel);
355 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Sel Name Value.")
357 else // PUT/POST JSON may not have oxmsel so set it to the gDoxm->oxmSel
359 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
360 doxm->oxmSel = gDoxm->oxmSel;
363 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_SUPPORTED_CRED_TYPE_NAME, &doxmMap);
364 if (CborNoError == cborFindResult && cbor_value_is_integer(&doxmMap))
366 cborFindResult = cbor_value_get_int(&doxmMap, (int *) &doxm->sct);
367 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Sct Name Value.")
369 else // PUT/POST JSON may not have sct so set it to the gDoxm->sct
371 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
372 doxm->sct = gDoxm->sct;
375 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_OWNED_NAME, &doxmMap);
376 if (CborNoError == cborFindResult && cbor_value_is_boolean(&doxmMap))
378 cborFindResult = cbor_value_get_boolean(&doxmMap, &doxm->owned);
379 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owned Value.")
381 else // PUT/POST JSON may not have owned so set it to the gDomx->owned
383 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
384 doxm->owned = gDoxm->owned;
387 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_DPC_NAME, &doxmMap);
388 if (CborNoError == cborFindResult && cbor_value_is_boolean(&doxmMap))
390 cborFindResult = cbor_value_get_boolean(&doxmMap, &doxm->dpc);
391 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding DPC Value.")
393 else // PUT/POST JSON may not have owned so set it to the gDomx->owned
395 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
399 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_DEVICE_ID_NAME, &doxmMap);
400 if (CborNoError == cborFindResult && cbor_value_is_text_string(&doxmMap))
402 cborFindResult = cbor_value_dup_text_string(&doxmMap, &strUuid , &len, NULL);
403 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Device Id Value.");
404 ret = ConvertStrToUuid(strUuid , &doxm->deviceID);
405 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
410 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_DEVOWNERID_NAME, &doxmMap);
411 if (CborNoError == cborFindResult && cbor_value_is_text_string(&doxmMap))
413 cborFindResult = cbor_value_dup_text_string(&doxmMap, &strUuid , &len, NULL);
414 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owner Value.");
415 ret = ConvertStrToUuid(strUuid , &doxm->owner);
416 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
421 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_ROWNERID_NAME, &doxmMap);
422 if (CborNoError == cborFindResult && cbor_value_is_text_string(&doxmMap))
424 cborFindResult = cbor_value_dup_text_string(&doxmMap, &strUuid , &len, NULL);
425 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding ROwner Value.");
426 ret = ConvertStrToUuid(strUuid , &doxm->rownerID);
427 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
436 if (CborNoError != cborFindResult)
438 OIC_LOG (ERROR, TAG, "CBORPayloadToDoxm failed!!!");
439 DeleteDoxmBinData(doxm);
442 ret = OC_STACK_ERROR;
448 * @todo document this function including why code might need to call this.
449 * The current suspicion is that it's not being called as much as it should.
451 static bool UpdatePersistentStorage(OicSecDoxm_t * doxm)
457 // Convert Doxm data into CBOR for update to persistent storage
458 uint8_t *payload = NULL;
460 OCStackResult res = DoxmToCBORPayload(doxm, &payload, &size);
461 if (payload && (OC_STACK_OK == res)
462 && (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_DOXM_NAME, payload, size)))
470 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_DOXM_NAME, NULL, 0))
479 static bool ValidateQuery(const char * query)
481 // Send doxm resource data if the state of doxm resource
482 // matches with the query parameters.
483 // else send doxm resource data as NULL
484 // TODO Remove this check and rely on Policy Engine
485 // and Provisioning Mode to enforce provisioning-state
486 // access rules. Eventually, the PE and PM code will
487 // not send a request to the /doxm Entity Handler at all
488 // if it should not respond.
489 OIC_LOG (DEBUG, TAG, "In ValidateQuery");
495 bool bOwnedQry = false; // does querystring contains 'owned' query ?
496 bool bOwnedMatch = false; // does 'owned' query value matches with doxm.owned status?
497 bool bDeviceIDQry = false; // does querystring contains 'deviceid' query ?
498 bool bDeviceIDMatch = false; // does 'deviceid' query matches with doxm.deviceid ?
500 OicParseQueryIter_t parseIter = {.attrPos = NULL};
502 ParseQueryIterInit((unsigned char*)query, &parseIter);
504 while (GetNextQuery(&parseIter))
506 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_OWNED_NAME, parseIter.attrLen) == 0)
509 if ((strncasecmp((char *)parseIter.valPos, OIC_SEC_TRUE, parseIter.valLen) == 0) &&
514 else if ((strncasecmp((char *)parseIter.valPos, OIC_SEC_FALSE, parseIter.valLen) == 0)
521 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_DEVICE_ID_NAME, parseIter.attrLen) == 0)
524 OicUuid_t subject = {.id={0}};
526 memcpy(subject.id, parseIter.valPos, parseIter.valLen);
527 if (0 == memcmp(&gDoxm->deviceID.id, &subject.id, sizeof(gDoxm->deviceID.id)))
529 bDeviceIDMatch = true;
534 return ((bOwnedQry ? bOwnedMatch : true) && (bDeviceIDQry ? bDeviceIDMatch : true));
537 static OCEntityHandlerResult HandleDoxmGetRequest (const OCEntityHandlerRequest * ehRequest)
539 OCEntityHandlerResult ehRet = OC_EH_OK;
541 OIC_LOG(DEBUG, TAG, "Doxm EntityHandle processing GET request");
543 //Checking if Get request is a query.
544 if (ehRequest->query)
546 OIC_LOG(DEBUG, TAG, "HandleDoxmGetRequest processing query");
547 if (!ValidateQuery(ehRequest->query))
554 * For GET or Valid Query request return doxm resource CBOR payload.
555 * For non-valid query return NULL json payload.
556 * A device will 'always' have a default Doxm, so DoxmToCBORPayload will
557 * return valid doxm resource json.
559 uint8_t *payload = NULL;
562 if (ehRet == OC_EH_OK)
564 if (OC_STACK_OK != DoxmToCBORPayload(gDoxm, &payload, &size))
570 // Send response payload to request originator
571 if (OC_STACK_OK != SendSRMCBORResponse(ehRequest, ehRet, payload, size))
573 OIC_LOG(ERROR, TAG, "SendSRMCBORResponse failed in HandleDoxmGetRequest");
581 static OCEntityHandlerResult HandleDoxmPutRequest(const OCEntityHandlerRequest * ehRequest)
583 OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request");
584 OCEntityHandlerResult ehRet = OC_EH_ERROR;
585 OicUuid_t emptyOwner = {.id = {0} };
588 * Convert CBOR Doxm data into binary. This will also validate
589 * the Doxm data received.
591 OicSecDoxm_t *newDoxm = NULL;
593 if (ehRequest->payload)
595 uint8_t *payload = ((OCSecurityPayload *)ehRequest->payload)->securityData1;
596 size_t size = ((OCSecurityPayload *)ehRequest->payload)->payloadSize;
597 OCStackResult res = CBORPayloadToDoxm(payload, size, &newDoxm);
599 if (newDoxm && OC_STACK_OK == res)
601 if (OIC_JUST_WORKS == newDoxm->oxmSel)
603 if ((false == gDoxm->owned) && (false == newDoxm->owned))
606 * If current state of the device is un-owned, enable
607 * anonymous ECDH cipher in tinyDTLS so that Provisioning
608 * tool can initiate JUST_WORKS ownership transfer process.
610 if (memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
612 OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
614 ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
615 #endif //__WITH_DTLS__
621 //Save the owner's UUID to derive owner credential
622 memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
624 // Update new state in persistent storage
625 if (true == UpdatePersistentStorage(gDoxm))
631 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
636 * Disable anonymous ECDH cipher in tinyDTLS since device is now
639 CAResult_t caRes = CA_STATUS_OK;
640 caRes = CAEnableAnonECDHCipherSuite(false);
641 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
642 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
645 #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
646 CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
647 #endif //__WITH_X509__
648 #endif //__WITH_DTLS__
652 else if (OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel)
654 if ((false == gDoxm->owned) && (false == newDoxm->owned))
657 * If current state of the device is un-owned, enable
658 * anonymous ECDH cipher in tinyDTLS so that Provisioning
659 * tool can initiate JUST_WORKS ownership transfer process.
661 if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
663 gDoxm->oxmSel = newDoxm->oxmSel;
664 //Update new state in persistent storage
665 if ((UpdatePersistentStorage(gDoxm) == true))
671 OIC_LOG(WARNING, TAG, "Failed to update DOXM in persistent storage");
676 CAResult_t caRes = CA_STATUS_OK;
678 caRes = CAEnableAnonECDHCipherSuite(false);
679 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
680 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
682 caRes = CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
683 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
685 char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,};
686 if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1))
688 //Set the device id to derive temporal PSK
689 SetUuidForRandomPinOxm(&gDoxm->deviceID);
692 * Since PSK will be used directly by DTLS layer while PIN based ownership transfer,
693 * Credential should not be saved into SVR.
694 * For this reason, use a temporary get_psk_info callback to random PIN OxM.
696 caRes = CARegisterDTLSCredentialsHandler(GetDtlsPskForRandomPinOxm);
697 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
702 OIC_LOG(ERROR, TAG, "Failed to generate random PIN");
705 #endif //__WITH_DTLS__
710 //Save the owner's UUID to derive owner credential
711 memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
713 //Update new state in persistent storage
714 if (UpdatePersistentStorage(gDoxm) == true)
720 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
729 * When current state of the device is un-owned and Provisioning
730 * Tool is attempting to change the state to 'Owned' with a
731 * qualified value for the field 'Owner'
733 if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
734 (memcmp(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t)) == 0))
736 //Change the SVR's resource owner as owner device.
737 OCStackResult ownerRes = SetAclRownerId(&gDoxm->owner);
738 if(OC_STACK_OK != ownerRes && OC_STACK_NO_RESOURCE != ownerRes)
743 ownerRes = SetAmaclRownerId(&gDoxm->owner);
744 if(OC_STACK_OK != ownerRes && OC_STACK_NO_RESOURCE != ownerRes)
749 ownerRes = SetCredRownerId(&gDoxm->owner);
750 if(OC_STACK_OK != ownerRes && OC_STACK_NO_RESOURCE != ownerRes)
755 ownerRes = SetPstatRownerId(&gDoxm->owner);
756 if(OC_STACK_OK != ownerRes && OC_STACK_NO_RESOURCE != ownerRes)
761 ownerRes = SetDpairingRownerId(&gDoxm->owner);
762 if(OC_STACK_OK != ownerRes && OC_STACK_NO_RESOURCE != ownerRes)
767 ownerRes = SetPconfRownerId(&gDoxm->owner);
768 if(OC_STACK_OK != ownerRes && OC_STACK_NO_RESOURCE != ownerRes)
775 memcpy(&gDoxm->rownerID, &gDoxm->owner, sizeof(OicUuid_t));
777 // Update new state in persistent storage
778 if (UpdatePersistentStorage(gDoxm))
780 //Update default ACL of security resource to prevent anonymous user access.
781 if(OC_STACK_OK == UpdateDefaultSecProvACL())
787 OIC_LOG(ERROR, TAG, "Failed to remove default ACL for security provisioning");
793 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
801 if(OC_EH_OK != ehRet)
803 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
804 "DOXM will be reverted.");
807 * If some error is occured while ownership transfer,
808 * ownership transfer related resource should be revert back to initial status.
810 RestoreDoxmToInitState();
811 RestorePstatToInitState();
814 //Send payload to request originator
815 if (OC_STACK_OK != SendSRMCBORResponse(ehRequest, ehRet, NULL, 0))
817 OIC_LOG(ERROR, TAG, "SendSRMCBORResponse failed in HandleDoxmPostRequest");
819 DeleteDoxmBinData(newDoxm);
824 OCEntityHandlerResult DoxmEntityHandler(OCEntityHandlerFlag flag,
825 OCEntityHandlerRequest * ehRequest,
829 OCEntityHandlerResult ehRet = OC_EH_ERROR;
831 if(NULL == ehRequest)
836 if (flag & OC_REQUEST_FLAG)
838 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
840 switch (ehRequest->method)
843 ehRet = HandleDoxmGetRequest(ehRequest);
847 ehRet = HandleDoxmPutRequest(ehRequest);
852 SendSRMCBORResponse(ehRequest, ehRet, NULL, 0);
860 OCStackResult CreateDoxmResource()
862 OCStackResult ret = OCCreateResource(&gDoxmHandle,
863 OIC_RSRC_TYPE_SEC_DOXM,
868 OC_OBSERVABLE | OC_SECURE |
869 OC_EXPLICIT_DISCOVERABLE);
871 if (OC_STACK_OK != ret)
873 OIC_LOG (FATAL, TAG, "Unable to instantiate Doxm resource");
874 DeInitDoxmResource();
880 * Checks if DeviceID is generated during provisioning for the new device.
881 * If DeviceID is NULL then generates the new DeviceID.
882 * Once DeviceID is assigned to the device it does not change for the lifetime of the device.
884 static OCStackResult CheckDeviceID()
886 OCStackResult ret = OC_STACK_ERROR;
887 bool validId = false;
888 for (uint8_t i = 0; i < UUID_LENGTH; i++)
890 if (gDoxm->deviceID.id[i] != 0)
899 if (OCGenerateUuid(gDoxm->deviceID.id) != RAND_UUID_OK)
901 OIC_LOG(FATAL, TAG, "Generate UUID for Server Instance failed!");
906 if (!UpdatePersistentStorage(gDoxm))
908 //TODO: After registering PSI handler in all samples, do ret = OC_STACK_OK here.
909 OIC_LOG(FATAL, TAG, "UpdatePersistentStorage failed!");
920 * Get the default value.
922 * @return the default value of doxm, @ref OicSecDoxm_t.
924 static OicSecDoxm_t* GetDoxmDefault()
926 OIC_LOG(DEBUG, TAG, "GetDoxmToDefault");
927 return &gDefaultDoxm;
930 const OicSecDoxm_t* GetDoxmResourceData()
935 OCStackResult InitDoxmResource()
937 OCStackResult ret = OC_STACK_ERROR;
939 //Read DOXM resource from PS
940 uint8_t *data = NULL;
942 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_DOXM_NAME, &data, &size);
943 // If database read failed
944 if (OC_STACK_OK != ret)
946 OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed");
950 // Read DOXM resource from PS
951 ret = CBORPayloadToDoxm(data, size, &gDoxm);
954 * If SVR database in persistent storage got corrupted or
955 * is not available for some reason, a default doxm is created
956 * which allows user to initiate doxm provisioning again.
958 if ((OC_STACK_OK != ret) || !data || !gDoxm)
960 gDoxm = GetDoxmDefault();
963 //In case of the server is shut down unintentionally, we should initialize the owner
964 if(false == gDoxm->owned)
966 OicUuid_t emptyUuid = {.id={0}};
967 memcpy(&gDoxm->owner, &emptyUuid, sizeof(OicUuid_t));
970 ret = CheckDeviceID();
971 if (ret == OC_STACK_OK)
973 OIC_LOG_V(DEBUG, TAG, "Initial Doxm Owned = %d", gDoxm->owned);
974 //Instantiate 'oic.sec.doxm'
975 ret = CreateDoxmResource();
979 OIC_LOG (ERROR, TAG, "CheckDeviceID failed");
985 OCStackResult DeInitDoxmResource()
987 OCStackResult ret = OCDeleteResource(gDoxmHandle);
988 if (gDoxm != &gDefaultDoxm)
990 DeleteDoxmBinData(gDoxm);
994 if (OC_STACK_OK == ret)
1000 return OC_STACK_ERROR;
1004 OCStackResult GetDoxmDeviceID(OicUuid_t *deviceID)
1006 if (deviceID && gDoxm)
1008 *deviceID = gDoxm->deviceID;
1011 return OC_STACK_ERROR;
1014 OCStackResult GetDoxmDevOwnerId(OicUuid_t *devOwner)
1016 OCStackResult retVal = OC_STACK_ERROR;
1019 OIC_LOG_V(DEBUG, TAG, "gDoxm owned = %d.", gDoxm->owned);
1022 *devOwner = gDoxm->owner; // TODO change to devOwner when available
1023 retVal = OC_STACK_OK;
1030 * Function to restore doxm resurce to initial status.
1031 * This function will use in case of error while ownership transfer
1033 void RestoreDoxmToInitState()
1037 OIC_LOG(INFO, TAG, "DOXM resource will revert back to initial status.");
1039 OicUuid_t emptyUuid = {.id={0}};
1040 memcpy(&(gDoxm->owner), &emptyUuid, sizeof(OicUuid_t));
1041 gDoxm->owned = false;
1042 gDoxm->oxmSel = OIC_JUST_WORKS;
1044 if(!UpdatePersistentStorage(gDoxm))
1046 OIC_LOG(ERROR, TAG, "Failed to revert DOXM in persistent storage");