1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
32 #include "oic_malloc.h"
33 #include "payload_logging.h"
36 #include "ocpayload.h"
37 #include "cainterface.h"
38 #include "ocserverrequest.h"
39 #include "resourcemanager.h"
40 #include "doxmresource.h"
41 #include "pstatresource.h"
42 #include "aclresource.h"
43 #include "psinterface.h"
44 #include "srmresourcestrings.h"
45 #include "securevirtualresourcetypes.h"
46 #include "credresource.h"
47 #include "srmutility.h"
48 #include "pinoxmcommon.h"
50 #define TAG "SRM-DOXM"
52 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
53 * The value of payload size is increased until reaching belox max cbor size. */
54 static const uint16_t CBOR_SIZE = 512;
56 /** Max cbor size payload. */
57 static const uint16_t CBOR_MAX_SIZE = 4400;
59 /** DOXM Map size - Number of mandatory items. */
60 static const uint8_t DOXM_MAP_SIZE = 8;
62 static OicSecDoxm_t *gDoxm = NULL;
63 static OCResourceHandle gDoxmHandle = NULL;
65 static OicSecOxm_t gOicSecDoxmJustWorks = OIC_JUST_WORKS;
66 static OicSecDoxm_t gDefaultDoxm =
68 NULL, /* OicUrn_t *oxmType */
69 0, /* size_t oxmTypeLen */
70 &gOicSecDoxmJustWorks, /* uint16_t *oxm */
71 1, /* size_t oxmLen */
72 OIC_JUST_WORKS, /* uint16_t oxmSel */
73 SYMMETRIC_PAIR_WISE_KEY,/* OicSecCredType_t sct */
74 false, /* bool owned */
75 {.id = {0}}, /* OicUuid_t deviceID */
77 {.id = {0}}, /* OicUuid_t owner */
78 {.id = {0}}, /* OicUuid_t rownerID */
81 void DeleteDoxmBinData(OicSecDoxm_t* doxm)
86 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
88 OICFree(doxm->oxmType[i]);
90 OICFree(doxm->oxmType);
100 OCStackResult DoxmToCBORPayload(const OicSecDoxm_t *doxm, uint8_t **payload, size_t *size)
102 if (NULL == doxm || NULL == payload || NULL != *payload || NULL == size)
104 return OC_STACK_INVALID_PARAM;
106 size_t cborLen = *size;
114 OCStackResult ret = OC_STACK_ERROR;
116 CborEncoder encoder = { {.ptr = NULL }, .end = 0 };
117 CborEncoder doxmMap = { {.ptr = NULL }, .end = 0 };
118 char* strUuid = NULL;
120 int64_t cborEncoderResult = CborNoError;
121 uint8_t mapSize = DOXM_MAP_SIZE;
122 if (doxm->oxmTypeLen > 0)
126 if (doxm->oxmLen > 0)
131 uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
132 VERIFY_NON_NULL(TAG, outPayload, ERROR);
133 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
135 cborEncoderResult = cbor_encoder_create_map(&encoder, &doxmMap, mapSize);
136 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Doxm Map.");
138 //OxmType -- Not Mandatory
139 if (doxm->oxmTypeLen > 0)
141 CborEncoder oxmType = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
142 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_OXM_TYPE_NAME,
143 strlen(OIC_JSON_OXM_TYPE_NAME));
144 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmType Tag.");
145 cborEncoderResult = cbor_encoder_create_array(&doxmMap, &oxmType, doxm->oxmTypeLen);
146 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmType Array.");
148 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
150 cborEncoderResult = cbor_encode_text_string(&oxmType, doxm->oxmType[i],
151 strlen(doxm->oxmType[i]));
152 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmType Value.");
154 cborEncoderResult = cbor_encoder_close_container(&doxmMap, &oxmType);
155 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing oxmType.");
158 //Oxm -- Not Mandatory
159 if (doxm->oxmLen > 0)
161 CborEncoder oxm = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
162 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_OXMS_NAME,
163 strlen(OIC_JSON_OXMS_NAME));
164 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmName Tag.");
165 cborEncoderResult = cbor_encoder_create_array(&doxmMap, &oxm, doxm->oxmLen);
166 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmName Array.");
168 for (size_t i = 0; i < doxm->oxmLen; i++)
170 cborEncoderResult = cbor_encode_int(&oxm, doxm->oxm[i]);
171 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding oxmName Value");
173 cborEncoderResult = cbor_encoder_close_container(&doxmMap, &oxm);
174 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing oxmName.");
177 //OxmSel -- Mandatory
178 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_OXM_SEL_NAME,
179 strlen(OIC_JSON_OXM_SEL_NAME));
180 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Sel Tag.");
181 cborEncoderResult = cbor_encode_int(&doxmMap, doxm->oxmSel);
182 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Sel Value.");
185 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_SUPPORTED_CRED_TYPE_NAME,
186 strlen(OIC_JSON_SUPPORTED_CRED_TYPE_NAME));
187 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag");
188 cborEncoderResult = cbor_encode_int(&doxmMap, doxm->sct);
189 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value.");
192 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_OWNED_NAME,
193 strlen(OIC_JSON_OWNED_NAME));
194 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owned Tag.");
195 cborEncoderResult = cbor_encode_boolean(&doxmMap, doxm->owned);
196 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owned Value.");
199 //TODO: Need to modify to use real didformat value
201 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_DEVICE_ID_FORMAT_NAME,
202 strlen(OIC_JSON_DEVICE_ID_FORMAT_NAME));
203 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding DidFormat Tag");
204 cborEncoderResult = cbor_encode_int(&doxmMap, 0);
205 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding DidFormat Value.");
208 //DeviceId -- Mandatory
209 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_DEVICE_ID_NAME,
210 strlen(OIC_JSON_DEVICE_ID_NAME));
211 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Device Id Tag.");
212 ret = ConvertUuidToStr(&doxm->deviceID, &strUuid);
213 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
214 cborEncoderResult = cbor_encode_text_string(&doxmMap, strUuid, strlen(strUuid));
215 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Device Id Value.");
219 //devownerid -- Mandatory
220 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_DEVOWNERID_NAME,
221 strlen(OIC_JSON_DEVOWNERID_NAME));
222 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owner Id Tag.");
223 ret = ConvertUuidToStr(&doxm->owner, &strUuid);
224 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
225 cborEncoderResult = cbor_encode_text_string(&doxmMap, strUuid, strlen(strUuid));
226 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owner Id Value.");
230 //ROwner -- Mandatory
231 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_ROWNERID_NAME,
232 strlen(OIC_JSON_ROWNERID_NAME));
233 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ROwner Id Tag.");
234 ret = ConvertUuidToStr(&doxm->rownerID, &strUuid);
235 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
236 cborEncoderResult = cbor_encode_text_string(&doxmMap, strUuid, strlen(strUuid));
237 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ROwner Id Value.");
242 cborEncoderResult = cbor_encode_text_string(&doxmMap, OIC_JSON_DPC_NAME,
243 strlen(OIC_JSON_DPC_NAME));
244 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding DPC Tag.");
245 cborEncoderResult = cbor_encode_boolean(&doxmMap, doxm->dpc);
246 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding DPC Value.");
248 cborEncoderResult = cbor_encoder_close_container(&encoder, &doxmMap);
249 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing DoxmMap.");
251 if (CborNoError == cborEncoderResult)
253 *size = encoder.ptr - outPayload;
254 *payload = outPayload;
258 if ((CborErrorOutOfMemory == cborEncoderResult) && (cborLen < CBOR_MAX_SIZE))
260 OIC_LOG(DEBUG, TAG, "Memory getting reallocated.");
261 // reallocate and try again!
263 // Since the allocated initial memory failed, double the memory.
264 cborLen += encoder.ptr - encoder.end;
265 OIC_LOG_V(DEBUG, TAG, "Doxm reallocation size : %zd.", cborLen);
266 cborEncoderResult = CborNoError;
267 ret = DoxmToCBORPayload(doxm, payload, &cborLen);
271 if ((CborNoError != cborEncoderResult) || (OC_STACK_OK != ret))
277 ret = OC_STACK_ERROR;
283 OCStackResult CBORPayloadToDoxm(const uint8_t *cborPayload, size_t size,
284 OicSecDoxm_t **secDoxm)
286 if (NULL == cborPayload || NULL == secDoxm || NULL != *secDoxm)
288 return OC_STACK_INVALID_PARAM;
291 OCStackResult ret = OC_STACK_ERROR;
295 CborError cborFindResult = CborNoError;
296 int cborLen = (size == 0) ? CBOR_SIZE : size;
297 char* strUuid = NULL;
300 cbor_parser_init(cborPayload, cborLen, 0, &parser, &doxmCbor);
302 OicSecDoxm_t *doxm = (OicSecDoxm_t *)OICCalloc(1, sizeof(*doxm));
303 VERIFY_NON_NULL(TAG, doxm, ERROR);
305 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_OXM_TYPE_NAME, &doxmMap);
306 //OxmType -- not Mandatory
307 if (CborNoError == cborFindResult && cbor_value_is_array(&doxmMap))
311 cborFindResult = cbor_value_get_array_length(&doxmMap, &doxm->oxmTypeLen);
312 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding oxmTypeLen.")
313 VERIFY_SUCCESS(TAG, doxm->oxmTypeLen != 0, ERROR);
315 doxm->oxmType = (OicUrn_t *)OICCalloc(doxm->oxmTypeLen, sizeof(*doxm->oxmType));
316 VERIFY_NON_NULL(TAG, doxm->oxmType, ERROR);
318 cborFindResult = cbor_value_enter_container(&doxmMap, &oxmType);
319 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering oxmType Array.")
323 while (cbor_value_is_valid(&oxmType))
325 cborFindResult = cbor_value_dup_text_string(&oxmType, &doxm->oxmType[i++],
327 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding omxType text string.")
328 cborFindResult = cbor_value_advance(&oxmType);
329 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing oxmType.")
333 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_OXMS_NAME, &doxmMap);
334 //Oxm -- not Mandatory
335 if (CborNoError == cborFindResult && cbor_value_is_array(&doxmMap))
338 cborFindResult = cbor_value_get_array_length(&doxmMap, &doxm->oxmLen);
339 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding oxmName array Length.")
340 VERIFY_SUCCESS(TAG, doxm->oxmLen != 0, ERROR);
342 doxm->oxm = (OicSecOxm_t *)OICCalloc(doxm->oxmLen, sizeof(*doxm->oxm));
343 VERIFY_NON_NULL(TAG, doxm->oxm, ERROR);
345 cborFindResult = cbor_value_enter_container(&doxmMap, &oxm);
346 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering oxmName Array.")
349 while (cbor_value_is_valid(&oxm))
351 cborFindResult = cbor_value_get_int(&oxm, (int *) &doxm->oxm[i++]);
352 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding oxmName Value")
353 cborFindResult = cbor_value_advance(&oxm);
354 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing oxmName.")
358 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_OXM_SEL_NAME, &doxmMap);
359 if (CborNoError == cborFindResult && cbor_value_is_integer(&doxmMap))
361 cborFindResult = cbor_value_get_int(&doxmMap, (int *) &doxm->oxmSel);
362 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Sel Name Value.")
364 else // PUT/POST JSON may not have oxmsel so set it to the gDoxm->oxmSel
366 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
367 doxm->oxmSel = gDoxm->oxmSel;
370 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_SUPPORTED_CRED_TYPE_NAME, &doxmMap);
371 if (CborNoError == cborFindResult && cbor_value_is_integer(&doxmMap))
373 cborFindResult = cbor_value_get_int(&doxmMap, (int *) &doxm->sct);
374 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Sct Name Value.")
376 else // PUT/POST JSON may not have sct so set it to the gDoxm->sct
378 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
379 doxm->sct = gDoxm->sct;
382 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_OWNED_NAME, &doxmMap);
383 if (CborNoError == cborFindResult && cbor_value_is_boolean(&doxmMap))
385 cborFindResult = cbor_value_get_boolean(&doxmMap, &doxm->owned);
386 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owned Value.")
388 else // PUT/POST JSON may not have owned so set it to the gDomx->owned
390 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
391 doxm->owned = gDoxm->owned;
394 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_DPC_NAME, &doxmMap);
395 if (CborNoError == cborFindResult && cbor_value_is_boolean(&doxmMap))
397 cborFindResult = cbor_value_get_boolean(&doxmMap, &doxm->dpc);
398 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding DPC Value.")
400 else // PUT/POST JSON may not have owned so set it to the gDomx->owned
402 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
406 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_DEVICE_ID_NAME, &doxmMap);
407 if (CborNoError == cborFindResult && cbor_value_is_text_string(&doxmMap))
409 cborFindResult = cbor_value_dup_text_string(&doxmMap, &strUuid , &len, NULL);
410 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Device Id Value.");
411 ret = ConvertStrToUuid(strUuid , &doxm->deviceID);
412 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
417 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_DEVOWNERID_NAME, &doxmMap);
418 if (CborNoError == cborFindResult && cbor_value_is_text_string(&doxmMap))
420 cborFindResult = cbor_value_dup_text_string(&doxmMap, &strUuid , &len, NULL);
421 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owner Value.");
422 ret = ConvertStrToUuid(strUuid , &doxm->owner);
423 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
428 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_ROWNERID_NAME, &doxmMap);
429 if (CborNoError == cborFindResult && cbor_value_is_text_string(&doxmMap))
431 cborFindResult = cbor_value_dup_text_string(&doxmMap, &strUuid , &len, NULL);
432 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding ROwner Value.");
433 ret = ConvertStrToUuid(strUuid , &doxm->rownerID);
434 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
440 cborFindResult = cbor_value_map_find_value(&doxmCbor, OIC_JSON_DEVICE_ID_FORMAT_NAME, &doxmMap);
441 if (CborNoError == cborFindResult && cbor_value_is_integer(&doxmMap))
443 // TODO: handle "didformat"
451 if (CborNoError != cborFindResult)
453 OIC_LOG (ERROR, TAG, "CBORPayloadToDoxm failed!!!");
454 DeleteDoxmBinData(doxm);
457 ret = OC_STACK_ERROR;
463 * @todo document this function including why code might need to call this.
464 * The current suspicion is that it's not being called as much as it should.
466 static bool UpdatePersistentStorage(OicSecDoxm_t * doxm)
472 // Convert Doxm data into CBOR for update to persistent storage
473 uint8_t *payload = NULL;
475 OCStackResult res = DoxmToCBORPayload(doxm, &payload, &size);
476 if (payload && (OC_STACK_OK == res)
477 && (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_DOXM_NAME, payload, size)))
485 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_DOXM_NAME, NULL, 0))
494 static bool ValidateQuery(const char * query)
496 // Send doxm resource data if the state of doxm resource
497 // matches with the query parameters.
498 // else send doxm resource data as NULL
499 // TODO Remove this check and rely on Policy Engine
500 // and Provisioning Mode to enforce provisioning-state
501 // access rules. Eventually, the PE and PM code will
502 // not send a request to the /doxm Entity Handler at all
503 // if it should not respond.
504 OIC_LOG (DEBUG, TAG, "In ValidateQuery");
510 bool bOwnedQry = false; // does querystring contains 'owned' query ?
511 bool bOwnedMatch = false; // does 'owned' query value matches with doxm.owned status?
512 bool bDeviceIDQry = false; // does querystring contains 'deviceid' query ?
513 bool bDeviceIDMatch = false; // does 'deviceid' query matches with doxm.deviceid ?
515 OicParseQueryIter_t parseIter = {.attrPos = NULL};
517 ParseQueryIterInit((unsigned char*)query, &parseIter);
519 while (GetNextQuery(&parseIter))
521 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_OWNED_NAME, parseIter.attrLen) == 0)
524 if ((strncasecmp((char *)parseIter.valPos, OIC_SEC_TRUE, parseIter.valLen) == 0) &&
529 else if ((strncasecmp((char *)parseIter.valPos, OIC_SEC_FALSE, parseIter.valLen) == 0)
536 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_DEVICE_ID_NAME, parseIter.attrLen) == 0)
539 OicUuid_t subject = {.id={0}};
541 memcpy(subject.id, parseIter.valPos, parseIter.valLen);
542 if (0 == memcmp(&gDoxm->deviceID.id, &subject.id, sizeof(gDoxm->deviceID.id)))
544 bDeviceIDMatch = true;
549 return ((bOwnedQry ? bOwnedMatch : true) && (bDeviceIDQry ? bDeviceIDMatch : true));
552 static OCEntityHandlerResult HandleDoxmGetRequest (const OCEntityHandlerRequest * ehRequest)
554 OCEntityHandlerResult ehRet = OC_EH_OK;
556 OIC_LOG(DEBUG, TAG, "Doxm EntityHandle processing GET request");
558 //Checking if Get request is a query.
559 if (ehRequest->query)
561 OIC_LOG(DEBUG, TAG, "HandleDoxmGetRequest processing query");
562 if (!ValidateQuery(ehRequest->query))
569 * For GET or Valid Query request return doxm resource CBOR payload.
570 * For non-valid query return NULL json payload.
571 * A device will 'always' have a default Doxm, so DoxmToCBORPayload will
572 * return valid doxm resource json.
574 uint8_t *payload = NULL;
577 if (ehRet == OC_EH_OK)
579 if (OC_STACK_OK != DoxmToCBORPayload(gDoxm, &payload, &size))
585 // Send response payload to request originator
586 if (OC_STACK_OK != SendSRMCBORResponse(ehRequest, ehRet, payload, size))
588 OIC_LOG(ERROR, TAG, "SendSRMCBORResponse failed in HandleDoxmGetRequest");
596 static OCEntityHandlerResult HandleDoxmPutRequest(const OCEntityHandlerRequest * ehRequest)
598 OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request");
599 OCEntityHandlerResult ehRet = OC_EH_ERROR;
600 OicUuid_t emptyOwner = {.id = {0} };
603 * Convert CBOR Doxm data into binary. This will also validate
604 * the Doxm data received.
606 OicSecDoxm_t *newDoxm = NULL;
608 if (ehRequest->payload)
610 uint8_t *payload = ((OCSecurityPayload *)ehRequest->payload)->securityData1;
611 size_t size = ((OCSecurityPayload *)ehRequest->payload)->payloadSize;
612 OCStackResult res = CBORPayloadToDoxm(payload, size, &newDoxm);
614 if (newDoxm && OC_STACK_OK == res)
616 if (OIC_JUST_WORKS == newDoxm->oxmSel)
618 if ((false == gDoxm->owned) && (false == newDoxm->owned))
621 * If current state of the device is un-owned, enable
622 * anonymous ECDH cipher in tinyDTLS so that Provisioning
623 * tool can initiate JUST_WORKS ownership transfer process.
625 if (memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
627 OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
629 ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
630 #endif //__WITH_DTLS__
636 //Save the owner's UUID to derive owner credential
637 memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
639 // OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
640 // Generating OwnerPSK
641 // OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK");
642 // Generate new credential for provisioning tool
643 // ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm,
644 // (uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS));
645 // VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
647 // Update new state in persistent storage
648 if (true == UpdatePersistentStorage(gDoxm))
654 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
659 * Disable anonymous ECDH cipher in tinyDTLS since device is now
662 CAResult_t caRes = CA_STATUS_OK;
663 caRes = CAEnableAnonECDHCipherSuite(false);
664 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
665 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
668 #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
669 CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
670 #endif //__WITH_X509__
671 #endif //__WITH_DTLS__
675 else if (OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel)
677 if ((false == gDoxm->owned) && (false == newDoxm->owned))
680 * If current state of the device is un-owned, enable
681 * anonymous ECDH cipher in tinyDTLS so that Provisioning
682 * tool can initiate JUST_WORKS ownership transfer process.
684 if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
686 gDoxm->oxmSel = newDoxm->oxmSel;
687 //Update new state in persistent storage
688 if ((UpdatePersistentStorage(gDoxm) == true))
694 OIC_LOG(WARNING, TAG, "Failed to update DOXM in persistent storage");
699 CAResult_t caRes = CA_STATUS_OK;
701 caRes = CAEnableAnonECDHCipherSuite(false);
702 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
703 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
705 caRes = CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
706 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
708 char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,};
709 if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1))
711 //Set the device id to derive temporal PSK
712 SetUuidForRandomPinOxm(&gDoxm->deviceID);
715 * Since PSK will be used directly by DTLS layer while PIN based ownership transfer,
716 * Credential should not be saved into SVR.
717 * For this reason, use a temporary get_psk_info callback to random PIN OxM.
719 caRes = CARegisterDTLSCredentialsHandler(GetDtlsPskForRandomPinOxm);
720 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
725 OIC_LOG(ERROR, TAG, "Failed to generate random PIN");
728 #endif //__WITH_DTLS__
733 //Save the owner's UUID to derive owner credential
734 memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
736 //Update new state in persistent storage
737 if (UpdatePersistentStorage(gDoxm) == true)
743 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
752 * When current state of the device is un-owned and Provisioning
753 * Tool is attempting to change the state to 'Owned' with a
754 * qualified value for the field 'Owner'
756 if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
757 (memcmp(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t)) == 0))
760 // Update new state in persistent storage
761 if (UpdatePersistentStorage(gDoxm))
763 //Update default ACL of security resource to prevent anonymous user access.
764 if(OC_STACK_OK == UpdateDefaultSecProvACL())
770 OIC_LOG(ERROR, TAG, "Failed to remove default ACL for security provisioning");
776 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
784 if(OC_EH_OK != ehRet)
786 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
787 "DOXM will be reverted.");
790 * If some error is occured while ownership transfer,
791 * ownership transfer related resource should be revert back to initial status.
793 RestoreDoxmToInitState();
794 RestorePstatToInitState();
797 //Send payload to request originator
798 if (OC_STACK_OK != SendSRMCBORResponse(ehRequest, ehRet, NULL, 0))
800 OIC_LOG(ERROR, TAG, "SendSRMCBORResponse failed in HandleDoxmPostRequest");
802 DeleteDoxmBinData(newDoxm);
807 OCEntityHandlerResult DoxmEntityHandler(OCEntityHandlerFlag flag,
808 OCEntityHandlerRequest * ehRequest,
812 OCEntityHandlerResult ehRet = OC_EH_ERROR;
814 if(NULL == ehRequest)
819 if (flag & OC_REQUEST_FLAG)
821 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
823 switch (ehRequest->method)
826 ehRet = HandleDoxmGetRequest(ehRequest);
830 ehRet = HandleDoxmPutRequest(ehRequest);
835 SendSRMCBORResponse(ehRequest, ehRet, NULL, 0);
843 OCStackResult CreateDoxmResource()
845 OCStackResult ret = OCCreateResource(&gDoxmHandle,
846 OIC_RSRC_TYPE_SEC_DOXM,
851 OC_OBSERVABLE | OC_SECURE |
852 OC_EXPLICIT_DISCOVERABLE);
854 if (OC_STACK_OK != ret)
856 OIC_LOG (FATAL, TAG, "Unable to instantiate Doxm resource");
857 DeInitDoxmResource();
863 * Checks if DeviceID is generated during provisioning for the new device.
864 * If DeviceID is NULL then generates the new DeviceID.
865 * Once DeviceID is assigned to the device it does not change for the lifetime of the device.
867 static OCStackResult CheckDeviceID()
869 OCStackResult ret = OC_STACK_ERROR;
870 bool validId = false;
871 for (uint8_t i = 0; i < UUID_LENGTH; i++)
873 if (gDoxm->deviceID.id[i] != 0)
882 if (OCGenerateUuid(gDoxm->deviceID.id) != RAND_UUID_OK)
884 OIC_LOG(FATAL, TAG, "Generate UUID for Server Instance failed!");
889 if (!UpdatePersistentStorage(gDoxm))
891 //TODO: After registering PSI handler in all samples, do ret = OC_STACK_OK here.
892 OIC_LOG(FATAL, TAG, "UpdatePersistentStorage failed!");
903 * Get the default value.
905 * @return the default value of doxm, @ref OicSecDoxm_t.
907 static OicSecDoxm_t* GetDoxmDefault()
909 OIC_LOG(DEBUG, TAG, "GetDoxmToDefault");
910 return &gDefaultDoxm;
913 const OicSecDoxm_t* GetDoxmResourceData()
918 OCStackResult InitDoxmResource()
920 OCStackResult ret = OC_STACK_ERROR;
922 //Read DOXM resource from PS
923 uint8_t *data = NULL;
925 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_DOXM_NAME, &data, &size);
926 // If database read failed
927 if (OC_STACK_OK != ret)
929 OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed");
933 // Read DOXM resource from PS
934 ret = CBORPayloadToDoxm(data, size, &gDoxm);
937 * If SVR database in persistent storage got corrupted or
938 * is not available for some reason, a default doxm is created
939 * which allows user to initiate doxm provisioning again.
941 if ((OC_STACK_OK != ret) || !data || !gDoxm)
943 gDoxm = GetDoxmDefault();
946 //In case of the server is shut down unintentionally, we should initialize the owner
947 if(false == gDoxm->owned)
949 OicUuid_t emptyUuid = {.id={0}};
950 memcpy(&gDoxm->owner, &emptyUuid, sizeof(OicUuid_t));
953 ret = CheckDeviceID();
954 if (ret == OC_STACK_OK)
956 OIC_LOG_V(DEBUG, TAG, "Initial Doxm Owned = %d", gDoxm->owned);
957 //Instantiate 'oic.sec.doxm'
958 ret = CreateDoxmResource();
962 OIC_LOG (ERROR, TAG, "CheckDeviceID failed");
968 OCStackResult DeInitDoxmResource()
970 OCStackResult ret = OCDeleteResource(gDoxmHandle);
971 if (gDoxm != &gDefaultDoxm)
973 DeleteDoxmBinData(gDoxm);
977 if (OC_STACK_OK == ret)
983 return OC_STACK_ERROR;
987 OCStackResult GetDoxmDeviceID(OicUuid_t *deviceID)
989 if (deviceID && gDoxm)
991 *deviceID = gDoxm->deviceID;
994 return OC_STACK_ERROR;
997 OCStackResult GetDoxmDevOwnerId(OicUuid_t *devOwner)
999 OCStackResult retVal = OC_STACK_ERROR;
1002 OIC_LOG_V(DEBUG, TAG, "gDoxm owned = %d.", gDoxm->owned);
1005 *devOwner = gDoxm->owner; // TODO change to devOwner when available
1006 retVal = OC_STACK_OK;
1013 * Function to restore doxm resurce to initial status.
1014 * This function will use in case of error while ownership transfer
1016 void RestoreDoxmToInitState()
1020 OIC_LOG(INFO, TAG, "DOXM resource will revert back to initial status.");
1022 OicUuid_t emptyUuid = {.id={0}};
1023 memcpy(&(gDoxm->owner), &emptyUuid, sizeof(OicUuid_t));
1024 gDoxm->owned = false;
1025 gDoxm->oxmSel = OIC_JUST_WORKS;
1027 if(!UpdatePersistentStorage(gDoxm))
1029 OIC_LOG(ERROR, TAG, "Failed to revert DOXM in persistent storage");