1 /* *****************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 * *****************************************************************/
25 #include "oic_malloc.h"
26 #include "oic_string.h"
29 #include "resourcemanager.h"
30 #include "dpairingresource.h"
31 #include "psinterface.h"
33 #include "srmresourcestrings.h"
34 #include "cainterface.h"
35 #include "doxmresource.h"
36 #include "pconfresource.h"
37 #include "credresource.h"
38 #include "aclresource.h"
39 #include "srmutility.h"
40 #include "ocserverrequest.h"
41 #include "ocpayloadcbor.h"
42 #include "ocpayload.h"
43 #include "payload_logging.h"
55 #define TAG "SRM-DPAIRING"
57 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
58 * The value of payload size is increased until reaching belox max cbor size. */
59 static const uint16_t CBOR_SIZE = 1024;
61 /** Max cbor size payload. */
62 static const uint16_t CBOR_MAX_SIZE = 4400;
64 /** DOXM Map size - Number of mandatory items. */
65 static const uint8_t DPAIR_MAP_SIZE = 3;
67 static OicSecDpairing_t *gDpair = NULL;
68 static OCResourceHandle gDpairHandle = NULL;
69 static OicSecDpairing_t gDefaultDpair =
71 PRM_NOT_ALLOWED, /* OicSecPrm_t spm */
72 {.id = {0}}, /* OicUuid_t pdeviceID */
73 {.id = {0}}, /* OicUuid_t rowner */
76 void DeleteDpairingBinData(OicSecDpairing_t* dpair)
80 //Clean dpairing itself
86 * Get the default value.
87 * @retval the gDefaultDpair pointer;
89 static OicSecDpairing_t* GetDpairingDefault()
91 OIC_LOG (DEBUG, TAG, "GetDpairingDefault");
93 return &gDefaultDpair;
97 * This method is used by SRM to retrieve Dpairing resource data..
99 void SetDpairingResourceOwner(OicUuid_t *rowner)
101 OIC_LOG (DEBUG, TAG, "SetDpairingResourceOwner");
104 memcpy(&gDpair->rownerID, rowner, sizeof(OicUuid_t));
110 * Function to save PairingPSK.
112 * @param[in] endpoint current endpoint.
113 * @param[in] peerDevID peer device indentitiy.
114 * @param[in] isPairingServer indicate if it generates PairingPSK for server or client.
116 * @return OC_STACK_OK on success
118 OCStackResult SavePairingPSK(OCDevAddr *endpoint,
119 OicUuid_t *peerDevID, OicUuid_t *owner, bool isPairingServer)
121 OIC_LOG(DEBUG, TAG, "IN SavePairingPSK");
123 if(NULL == endpoint || NULL == peerDevID || NULL == owner)
125 OIC_LOG_V(ERROR, TAG, "Invalid Input parameters in [%s]\n", __FUNCTION__);
126 return OC_STACK_INVALID_PARAM;
129 OCStackResult res = OC_STACK_ERROR;
131 OicUuid_t ptDeviceID = {.id={0}};
132 if (OC_STACK_OK != GetDoxmDeviceID(&ptDeviceID))
134 OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
138 uint8_t pairingPSK[OWNER_PSK_LENGTH_128] = {0};
139 OicSecKey_t pairingKey = {pairingPSK, OWNER_PSK_LENGTH_128};
141 //Generating PairingPSK using OwnerPSK scheme
142 CAResult_t pskRet = CAGenerateOwnerPSK((const CAEndpoint_t *)endpoint,
143 (uint8_t *)OIC_RSRC_TYPE_SEC_DPAIRING,
144 strlen(OIC_RSRC_TYPE_SEC_DPAIRING),
145 (isPairingServer ? ptDeviceID.id : peerDevID->id), sizeof(OicUuid_t), // server
146 (isPairingServer ? peerDevID->id : ptDeviceID.id), sizeof(OicUuid_t), // client
147 pairingPSK, OWNER_PSK_LENGTH_128);
149 if (CA_STATUS_OK == pskRet)
151 OIC_LOG(INFO, TAG, "pairingPSK dump:\n");
152 OIC_LOG_BUFFER(INFO, TAG, pairingPSK, OWNER_PSK_LENGTH_128);
153 //Generating new credential for direct-pairing client
155 OicSecCred_t *cred = GenerateCredential(peerDevID,
156 SYMMETRIC_PAIR_WISE_KEY, NULL,
158 VERIFY_NON_NULL(TAG, cred, ERROR);
160 res = AddCredential(cred);
161 if(res != OC_STACK_OK)
163 DeleteCredList(cred);
169 OIC_LOG(ERROR, TAG, "CAGenerateOwnerPSK failed");
172 OIC_LOG(DEBUG, TAG, "OUT SavePairingPSK");
176 #endif // __WITH_DTLS__
178 OCStackResult DpairingToCBORPayload(const OicSecDpairing_t *dpair, uint8_t **payload, size_t *size)
180 if (NULL == dpair || NULL == payload || NULL != *payload || NULL == size)
182 return OC_STACK_INVALID_PARAM;
185 size_t cborLen = *size;
194 OCStackResult ret = OC_STACK_ERROR;
197 CborEncoder dpairMap;
199 int64_t cborEncoderResult = CborNoError;
200 uint8_t mapSize = DPAIR_MAP_SIZE;
202 uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
203 VERIFY_NON_NULL(TAG, outPayload, ERROR);
204 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
206 cborEncoderResult = cbor_encoder_create_map(&encoder, &dpairMap, mapSize);
207 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating DPAIRING Map");
210 cborEncoderResult = cbor_encode_text_string(&dpairMap, OIC_JSON_SPM_NAME,
211 strlen(OIC_JSON_SPM_NAME));
212 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding SPM name tag");
213 cborEncoderResult = cbor_encode_int(&dpairMap, dpair->spm);
214 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding SPM value");
216 //PDEVICEID -- Mandatory
217 cborEncoderResult = cbor_encode_text_string(&dpairMap, OIC_JSON_PDEVICE_ID_NAME,
218 strlen(OIC_JSON_PDEVICE_ID_NAME));
219 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PDeviceID tag");
221 char *deviceId = NULL;
222 ret = ConvertUuidToStr(&dpair->pdeviceID, &deviceId);
223 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
224 cborEncoderResult = cbor_encode_text_string(&dpairMap, deviceId, strlen(deviceId));
225 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed to encode PDeviceID value");
229 //ROWNER -- Mandatory
232 cborEncoderResult = cbor_encode_text_string(&dpairMap, OIC_JSON_ROWNERID_NAME,
233 strlen(OIC_JSON_ROWNERID_NAME));
234 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ROWNER tag");
235 ret = ConvertUuidToStr(&dpair->rownerID, &rowner);
236 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
237 cborEncoderResult = cbor_encode_text_string(&dpairMap, rowner, strlen(rowner));
238 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Rowner ID value");
242 cborEncoderResult = cbor_encoder_close_container(&encoder, &dpairMap);
243 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed to close dpairMap");
245 if (CborNoError == cborEncoderResult)
247 *size = encoder.ptr - outPayload;
248 *payload = outPayload;
253 if ((CborErrorOutOfMemory == cborEncoderResult) && (cborLen < CBOR_MAX_SIZE))
255 // reallocate and try again!
257 // Since the allocated initial memory failed, double the memory.
258 cborLen += encoder.ptr - encoder.end;
259 cborEncoderResult = CborNoError;
260 ret = DpairingToCBORPayload(dpair, payload, &cborLen);
264 if ((CborNoError != cborEncoderResult) || (OC_STACK_OK != ret))
270 ret = OC_STACK_ERROR;
276 OCStackResult CBORPayloadToDpair(const uint8_t *cborPayload, size_t size,
277 OicSecDpairing_t **secDpair)
279 if (NULL == cborPayload || NULL == secDpair || NULL != *secDpair || 0 == size)
281 return OC_STACK_INVALID_PARAM;
284 OCStackResult ret = OC_STACK_ERROR;
287 CborValue dpairCbor = { .parser = NULL };
288 CborParser parser = { .end = NULL };
289 CborError cborFindResult = CborNoError;
291 cbor_parser_init(cborPayload, size, 0, &parser, &dpairCbor);
292 CborValue dpairMap = { .parser = NULL };
293 OicSecDpairing_t *dpair = NULL;
294 cborFindResult = cbor_value_enter_container(&dpairCbor, &dpairMap);
295 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering DPairing Map");
297 dpair = (OicSecDpairing_t *)OICCalloc(1, sizeof(*dpair));
298 VERIFY_NON_NULL(TAG, dpair, ERROR);
300 while (cbor_value_is_valid(&dpairMap))
304 CborType type = CborInvalidType;
305 cborFindResult = cbor_value_dup_text_string(&dpairMap, &name, &len, NULL);
306 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding tag name");
307 cborFindResult = cbor_value_advance(&dpairMap);
308 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a value in DPair map");
310 type = cbor_value_get_type(&dpairMap);
311 if (0 == strcmp(OIC_JSON_SPM_NAME, name))
313 cborFindResult = cbor_value_get_int(&dpairMap, (int *) &dpair->spm);
314 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding SPM Value");
317 if (0 == strcmp(OIC_JSON_PDEVICE_ID_NAME, name))
320 cborFindResult = cbor_value_dup_text_string(&dpairMap, &id, &len, NULL);
321 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PDeviceID value");
322 ret = ConvertStrToUuid(id, &dpair->pdeviceID);
323 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
327 if (0 == strcmp(OIC_JSON_ROWNERID_NAME, name))
330 cborFindResult = cbor_value_dup_text_string(&dpairMap, &id, &len, NULL);
331 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RownerID value");
332 ret = ConvertStrToUuid(id, &dpair->rownerID);
333 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
337 if (CborMapType != type && cbor_value_is_valid(&dpairMap))
339 cborFindResult = cbor_value_advance(&dpairMap);
340 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Dpair Map");
349 if (CborNoError != cborFindResult)
351 OIC_LOG (ERROR, TAG, "CBORPayloadToDoxm failed");
352 DeleteDpairingBinData(dpair);
355 ret = OC_STACK_ERROR;
360 * Function to handle the handshake result in Direct-Pairing.
361 * This function will be invoked after DTLS handshake
362 * @param endPoint [IN] The remote endpoint.
363 * @param errorInfo [IN] Error information from the endpoint.
366 void DPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
368 OIC_LOG_V(INFO, TAG, "IN DPairingDTLSHandshakeCB");
370 if(gDpair && endpoint && info)
372 OIC_LOG_V(INFO, TAG, "Received status from remote device(%s:%d) : %d",
373 endpoint->addr, endpoint->port, info->result);
375 if(CA_STATUS_OK == info->result)
377 OIC_LOG(INFO, TAG, "DPairingDTLSHandshakeCB - Connection success.");
379 else if(CA_DTLS_AUTHENTICATION_FAILURE == info->result)
381 OIC_LOG(INFO, TAG, "DPairingDTLSHandshakeCB - Authentication failed");
386 CARegisterDTLSHandshakeCallback(NULL);
387 #endif // __WITH_DTLS__
389 // delete temporary key
390 RemoveCredential(&gDpair->pdeviceID);
393 OIC_LOG_V(INFO, TAG, "OUT DPairingDTLSHandshakeCB");
396 static OCEntityHandlerResult HandleDpairingPostRequest (const OCEntityHandlerRequest * ehRequest)
398 OIC_LOG (DEBUG, TAG, "Dpairing EntityHandle processing POST request");
399 OCEntityHandlerResult ehRet = OC_EH_ERROR;
400 OicSecDpairing_t* newDpair = NULL;
401 OCStackResult res = OC_STACK_OK;
403 const OicSecPconf_t *pconf = GetPconfResourceData();
404 if (true == pconf->edp)
406 uint8_t *payload = ((OCSecurityPayload*)ehRequest->payload)->securityData;
407 size_t size = ((OCSecurityPayload*)ehRequest->payload)->payloadSize;
410 res = CBORPayloadToDpair(payload, size, &newDpair);
415 OIC_LOG (DEBUG, TAG, "EDP == false : Direct-Pairing Disabled");
419 if (OC_STACK_OK == res && newDpair && false == IsPairedDevice(&newDpair->pdeviceID))
421 // Check if valid Post request
422 bool prmMached = false;
423 for (size_t i=0; i<pconf->prmLen; i++)
425 if (newDpair->spm == pconf->prm[i])
431 OIC_LOG_V(DEBUG, TAG, "Parsed spm is %s", prmMached ? "valid" :
432 "invalid, send error response");
434 // Update local Dpairing with new Dpairing & prepare dtls session
435 if (prmMached && '\0' != (char)newDpair->pdeviceID.id[0])
439 gDpair = GetDpairingDefault();
441 gDpair->spm = newDpair->spm;
442 memcpy(&gDpair->pdeviceID, &newDpair->pdeviceID, sizeof(OicUuid_t));
443 memcpy(&gDpair->rownerID, &pconf->rownerID, sizeof(OicUuid_t));
448 OicUuid_t subjectId = {.id={0}};
449 res = AddTmpPskWithPIN(&gDpair->pdeviceID,
450 SYMMETRIC_PAIR_WISE_KEY,
451 (char*)pconf->pin.val, DP_PIN_LENGTH,
452 &gDpair->rownerID, &subjectId);
453 if(res != OC_STACK_OK ||
454 memcmp(&gDpair->pdeviceID, &subjectId, sizeof(OicUuid_t)))
456 OIC_LOG_V(ERROR, TAG, "Failed to save the temporal PSK : %d", res);
460 // Prepare to establish a secure channel with Pin-based PSK cipher suite
461 if (CA_STATUS_OK != CAEnableAnonECDHCipherSuite(false) ||
462 CA_STATUS_OK != CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256))
464 OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256");
468 if(CA_STATUS_OK != CARegisterDTLSHandshakeCallback(DPairingDTLSHandshakeCB))
470 OIC_LOG(WARNING, TAG, "DirectPairingHandler : Failed to register"
471 " DTLS handshake callback.");
474 #endif // __WITH_DTLS__
476 // should be lock /oic/sec/dpairing resource if Direct-Pairing starts normally ?
477 OIC_LOG (DEBUG, TAG, "/oic/sec/dpairing resource created");
479 ehRet = OC_EH_RESOURCE_CREATED;
483 OIC_LOG(ERROR, TAG, "Error in request check");
490 #endif // __WITH_DTLS__
492 // Send payload to request originator
493 if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL, 0))
496 OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandleDpairingPostRequest");
499 if (OC_EH_ERROR == ehRet && gDpair)
501 RemoveCredential(&gDpair->pdeviceID);
505 DeleteDpairingBinData(newDpair);
506 OIC_LOG_V (DEBUG, TAG, "%s RetVal %d", __func__ , ehRet);
510 static OCEntityHandlerResult HandleDpairingPutRequest (const OCEntityHandlerRequest * ehRequest)
512 OIC_LOG (DEBUG, TAG, "Dpairing EntityHandle processing PUT request (Comfirmation)");
514 OCEntityHandlerResult ehRet = OC_EH_ERROR;
515 OicSecDpairing_t* newDpair = NULL;
516 OCStackResult res = OC_STACK_OK;
518 const OicSecPconf_t *pconf = GetPconfResourceData();
519 if (true == pconf->edp)
521 uint8_t *payload = ((OCSecurityPayload*)ehRequest->payload)->securityData;
522 size_t size = ((OCSecurityPayload*)ehRequest->payload)->payloadSize;
525 res = CBORPayloadToDpair(payload, size, &newDpair);
531 OIC_LOG (DEBUG, TAG, "EDP == false : Direct-Pairing Disabled");
536 if ((OC_STACK_OK == res) && gDpair && newDpair)
538 OIC_LOG(DEBUG, TAG, "Received direct-pairing finalization request");
540 // Check if valid Put request
541 VERIFY_SUCCESS(TAG, PRM_NOT_ALLOWED == newDpair->spm, ERROR);
543 const OicSecPconf_t *pconf = GetPconfResourceData();
544 VERIFY_NON_NULL(TAG, pconf, ERROR);
547 OCServerRequest * request = (OCServerRequest *)ehRequest->requestHandle;
548 VERIFY_SUCCESS(TAG, (request->devAddr.flags | OC_FLAG_SECURE), ERROR);
550 //Generate new credential
551 OIC_LOG_V(INFO, TAG, "SavePairingPSK for %s(%d)", request->devAddr.addr,
552 request->devAddr.port);
553 OCStackResult res = SavePairingPSK(&request->devAddr, &newDpair->pdeviceID,
554 (OicUuid_t *)&pconf->rownerID, true);
555 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
556 #endif //__WITH_DTLS__
559 OicSecPdAcl_t *pdAcl;
560 LL_FOREACH(pconf->pdacls, pdAcl)
563 memset(&acl, 0, sizeof(OicSecAcl_t));
564 memcpy(&acl.subject, &gDpair->pdeviceID, sizeof(OicUuid_t));
565 acl.resources = pdAcl->resources;
566 acl.resourcesLen = pdAcl->resourcesLen;
567 memcpy(&acl.rownerID, &pconf->rownerID, sizeof(OicUuid_t));
568 acl.permission = pdAcl->permission;
569 acl.periods = pdAcl->periods;
570 acl.recurrences = pdAcl->recurrences;
571 acl.prdRecrLen = pdAcl->prdRecrLen;
574 uint8_t *payload = NULL;
575 if (OC_STACK_OK == AclToCBORPayload(&acl, &payload, &size))
577 InstallNewACL(payload, size);
582 //update pconf device list
583 AddPairedDevice(&newDpair->pdeviceID);
585 //Initialize dpairing resource
588 OIC_LOG (DEBUG, TAG, "/oic/sec/dpairing resource updated,"
589 "direct-pairing finalization success");
595 //Send payload to request originator
596 if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL, 0))
599 OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandleDpairingPutRequest");
602 DeleteDpairingBinData(newDpair);
603 OIC_LOG_V (DEBUG, TAG, "%s RetVal %d", __func__ , ehRet);
607 * This internal method is the entity handler for Dpairing resources and
608 * will handle REST request (GET/POST) for them.
610 OCEntityHandlerResult DpairingEntityHandler (OCEntityHandlerFlag flag,
611 OCEntityHandlerRequest * ehRequest,
612 void* callbackParameter)
614 OIC_LOG(DEBUG, TAG, "Received request DpairingEntityHandler");
615 (void)callbackParameter;
616 OCEntityHandlerResult ehRet = OC_EH_ERROR;
623 if (flag & OC_REQUEST_FLAG)
625 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
626 switch (ehRequest->method)
632 ehRet = HandleDpairingPostRequest(ehRequest);
636 ehRet = HandleDpairingPutRequest(ehRequest);
644 SendSRMResponse(ehRequest, ehRet, NULL, 0);
652 * This internal method is used to create '/oic/sec/dpairing' resource.
654 OCStackResult CreateDpairingResource()
658 ret = OCCreateResource(&gDpairHandle,
659 OIC_RSRC_TYPE_SEC_DPAIRING,
661 OIC_RSRC_DPAIRING_URI,
662 DpairingEntityHandler,
664 OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
666 if (OC_STACK_OK != ret)
668 OIC_LOG (ERROR, TAG, "Unable to instantiate Dpairing resource");
669 DeInitDpairingResource();
675 * Initialize Dpairing resource by loading data from persistent storage.
677 * @retval OC_STACK_OK for Success, otherwise some error value
679 OCStackResult InitDpairingResource()
681 OCStackResult ret = OC_STACK_ERROR;
683 // Instantiate 'oic.sec.dpairing'
684 ret = CreateDpairingResource();
685 if (OC_STACK_OK != ret)
687 DeInitDpairingResource();
693 * Perform cleanup for Dpairing resources.
696 * OC_STACK_OK - no error
697 * OC_STACK_ERROR - stack process error
700 OCStackResult DeInitDpairingResource()
702 OCStackResult ret = OCDeleteResource(gDpairHandle);
705 if(OC_STACK_OK == ret)
711 return OC_STACK_ERROR;
715 OCStackResult SetDpairingRownerId(const OicUuid_t* newROwner)
717 OCStackResult ret = OC_STACK_ERROR;
718 uint8_t *cborPayload = NULL;
720 OicUuid_t prevId = {.id={0}};
722 if(NULL == newROwner)
724 ret = OC_STACK_INVALID_PARAM;
728 ret = OC_STACK_NO_RESOURCE;
731 if(newROwner && gDpair)
733 memcpy(prevId.id, gDpair->rownerID.id, sizeof(prevId.id));
734 memcpy(gDpair->rownerID.id, newROwner->id, sizeof(newROwner->id));
736 ret = DpairingToCBORPayload(gDpair, &cborPayload, &size);
737 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
739 ret = UpdateSecureResourceInPS(OIC_JSON_DPAIRING_NAME, cborPayload, size);
740 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
742 OICFree(cborPayload);
748 OICFree(cborPayload);
749 memcpy(gDpair->rownerID.id, prevId.id, sizeof(prevId.id));
753 OCStackResult GetDpairingRownerId(OicUuid_t *rowneruuid)
755 OCStackResult retVal = OC_STACK_ERROR;
758 *rowneruuid = gDpair->rownerID;
759 retVal = OC_STACK_OK;