1 /* *****************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 * *****************************************************************/
25 #include "oic_malloc.h"
26 #include "oic_string.h"
29 #include "resourcemanager.h"
30 #include "dpairingresource.h"
31 #include "psinterface.h"
33 #include "srmresourcestrings.h"
34 #include "cainterface.h"
35 #include "doxmresource.h"
36 #include "pconfresource.h"
37 #include "credresource.h"
38 #include "aclresource.h"
39 #include "srmutility.h"
40 #include "ocserverrequest.h"
41 #include "ocpayloadcbor.h"
42 #include "ocpayload.h"
43 #include "payload_logging.h"
55 #define TAG "SRM-DPAIRING"
57 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
58 * The value of payload size is increased until reaching belox max cbor size. */
59 static const uint16_t CBOR_SIZE = 1024;
61 /** Max cbor size payload. */
62 static const uint16_t CBOR_MAX_SIZE = 4400;
64 /** DOXM Map size - Number of mandatory items. */
65 static const uint8_t DPAIR_MAP_SIZE = 3;
67 static OicSecDpairing_t *gDpair = NULL;
68 static OCResourceHandle gDpairHandle = NULL;
69 static OicSecDpairing_t gDefaultDpair =
71 PRM_NOT_ALLOWED, /* OicSecPrm_t spm */
72 {.id = {0}}, /* OicUuid_t pdeviceID */
73 {.id = {0}}, /* OicUuid_t rowner */
76 void DeleteDpairingBinData(OicSecDpairing_t* dpair)
80 //Clean dpairing itself
86 * Get the default value.
87 * @retval the gDefaultDpair pointer;
89 static OicSecDpairing_t* GetDpairingDefault()
91 OIC_LOG (DEBUG, TAG, "GetDpairingDefault");
93 return &gDefaultDpair;
97 * This method is used by SRM to retrieve Dpairing resource data..
99 void SetDpairingResourceOwner(OicUuid_t *rowner)
101 OIC_LOG (DEBUG, TAG, "SetDpairingResourceOwner");
104 memcpy(&gDpair->rowner, rowner, sizeof(OicUuid_t));
110 * Function to save PairingPSK.
112 * @param[in] endpoint current endpoint.
113 * @param[in] peerDevID peer device indentitiy.
114 * @param[in] isPairingServer indicate if it generates PairingPSK for server or client.
116 * @return OC_STACK_OK on success
118 OCStackResult SavePairingPSK(OCDevAddr *endpoint,
119 OicUuid_t *peerDevID, OicUuid_t *owner, bool isPairingServer)
121 OIC_LOG(DEBUG, TAG, "IN SavePairingPSK");
123 if(NULL == endpoint || NULL == peerDevID || NULL == owner)
125 OIC_LOG_V(ERROR, TAG, "Invalid Input parameters in [%s]\n", __FUNCTION__);
126 return OC_STACK_INVALID_PARAM;
129 OCStackResult res = OC_STACK_ERROR;
131 OicUuid_t ptDeviceID = {.id={0}};
132 if (OC_STACK_OK != GetDoxmDeviceID(&ptDeviceID))
134 OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
138 uint8_t pairingPSK[OWNER_PSK_LENGTH_128] = {0};
139 OicSecKey_t pairingKey = {pairingPSK, OWNER_PSK_LENGTH_128};
141 //Generating PairingPSK using OwnerPSK scheme
142 CAResult_t pskRet = CAGenerateOwnerPSK((const CAEndpoint_t *)endpoint,
143 (uint8_t *)OIC_RSRC_TYPE_SEC_DPAIRING,
144 strlen(OIC_RSRC_TYPE_SEC_DPAIRING),
145 (isPairingServer ? ptDeviceID.id : peerDevID->id), sizeof(OicUuid_t), // server
146 (isPairingServer ? peerDevID->id : ptDeviceID.id), sizeof(OicUuid_t), // client
147 pairingPSK, OWNER_PSK_LENGTH_128);
149 if (CA_STATUS_OK == pskRet)
151 OIC_LOG(INFO, TAG, "pairingPSK dump:\n");
152 OIC_LOG_BUFFER(INFO, TAG, pairingPSK, OWNER_PSK_LENGTH_128);
153 //Generating new credential for direct-pairing client
156 OicSecCred_t *cred = GenerateCredential(peerDevID,
157 SYMMETRIC_PAIR_WISE_KEY, NULL,
158 &pairingKey, ownLen, owner);
159 VERIFY_NON_NULL(TAG, cred, ERROR);
161 res = AddCredential(cred);
162 if(res != OC_STACK_OK)
164 DeleteCredList(cred);
170 OIC_LOG(ERROR, TAG, "CAGenerateOwnerPSK failed");
173 OIC_LOG(DEBUG, TAG, "OUT SavePairingPSK");
177 #endif // __WITH_DTLS__
179 OCStackResult DpairingToCBORPayload(const OicSecDpairing_t *dpair, uint8_t **payload, size_t *size)
181 if (NULL == dpair || NULL == payload || NULL != *payload || NULL == size)
183 return OC_STACK_INVALID_PARAM;
186 size_t cborLen = *size;
195 OCStackResult ret = OC_STACK_ERROR;
197 CborEncoder encoder = { {.ptr = NULL }, .end = 0 };
198 CborEncoder dpairMap = { {.ptr = NULL }, .end = 0 };
200 int64_t cborEncoderResult = CborNoError;
201 uint8_t mapSize = DPAIR_MAP_SIZE;
203 uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
204 VERIFY_NON_NULL(TAG, outPayload, ERROR);
205 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
207 cborEncoderResult = cbor_encoder_create_map(&encoder, &dpairMap, mapSize);
208 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating DPAIRING Map");
211 cborEncoderResult = cbor_encode_text_string(&dpairMap, OIC_JSON_SPM_NAME,
212 strlen(OIC_JSON_SPM_NAME));
213 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding SPM name tag");
214 cborEncoderResult = cbor_encode_int(&dpairMap, dpair->spm);
215 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding SPM value");
217 //PDEVICEID -- Mandatory
218 cborEncoderResult = cbor_encode_text_string(&dpairMap, OIC_JSON_PDEVICE_ID_NAME,
219 strlen(OIC_JSON_PDEVICE_ID_NAME));
220 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PDeviceID tag");
222 char *deviceId = NULL;
223 ret = ConvertUuidToStr(&dpair->pdeviceID, &deviceId);
224 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
225 cborEncoderResult = cbor_encode_text_string(&dpairMap, deviceId, strlen(deviceId));
226 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed to encode PDeviceID value");
230 //ROWNER -- Mandatory
231 cborEncoderResult = cbor_encode_text_string(&dpairMap, OIC_JSON_ROWNERID_NAME,
232 strlen(OIC_JSON_ROWNERID_NAME));
233 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ROWNER tag");
236 ret = ConvertUuidToStr(&dpair->rowner, &rowner);
237 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
238 cborEncoderResult = cbor_encode_text_string(&dpairMap, rowner, strlen(rowner));
239 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Rowner ID value");
243 cborEncoderResult = cbor_encoder_close_container(&encoder, &dpairMap);
244 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed to close dpairMap");
246 if (CborNoError == cborEncoderResult)
248 *size = encoder.ptr - outPayload;
249 *payload = outPayload;
254 if ((CborErrorOutOfMemory == cborEncoderResult) && (cborLen < CBOR_MAX_SIZE))
256 // reallocate and try again!
258 // Since the allocated initial memory failed, double the memory.
259 cborLen += encoder.ptr - encoder.end;
260 cborEncoderResult = CborNoError;
261 ret = DpairingToCBORPayload(dpair, payload, &cborLen);
265 if ((CborNoError != cborEncoderResult) || (OC_STACK_OK != ret))
271 ret = OC_STACK_ERROR;
277 OCStackResult CBORPayloadToDpair(const uint8_t *cborPayload, size_t size,
278 OicSecDpairing_t **secDpair)
280 if (NULL == cborPayload || NULL == secDpair || NULL != *secDpair || 0 == size)
282 return OC_STACK_INVALID_PARAM;
285 OCStackResult ret = OC_STACK_ERROR;
288 CborValue dpairCbor = { .parser = NULL };
289 CborParser parser = { .end = NULL };
290 CborError cborFindResult = CborNoError;
293 cbor_parser_init(cborPayload, cborLen, 0, &parser, &dpairCbor);
294 CborValue dpairMap = { .parser = NULL };
295 OicSecDpairing_t *dpair = NULL;
296 cborFindResult = cbor_value_enter_container(&dpairCbor, &dpairMap);
297 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering DPairing Map");
299 dpair = (OicSecDpairing_t *)OICCalloc(1, sizeof(*dpair));
300 VERIFY_NON_NULL(TAG, dpair, ERROR);
302 while (cbor_value_is_valid(&dpairMap))
306 CborType type = CborInvalidType;
307 cborFindResult = cbor_value_dup_text_string(&dpairMap, &name, &len, NULL);
308 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding tag name");
309 cborFindResult = cbor_value_advance(&dpairMap);
310 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a value in DPair map");
312 type = cbor_value_get_type(&dpairMap);
313 if (0 == strcmp(OIC_JSON_SPM_NAME, name))
315 cborFindResult = cbor_value_get_int(&dpairMap, (int *) &dpair->spm);
316 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding SPM Value");
319 if (0 == strcmp(OIC_JSON_PDEVICE_ID_NAME, name))
322 cborFindResult = cbor_value_dup_text_string(&dpairMap, &id, &len, NULL);
323 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PDeviceID value");
324 ret = ConvertStrToUuid(id, &dpair->pdeviceID);
325 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
329 if (0 == strcmp(OIC_JSON_ROWNERID_NAME, name))
332 cborFindResult = cbor_value_dup_text_string(&dpairMap, &id, &len, NULL);
333 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RownerID value");
334 ret = ConvertStrToUuid(id, &dpair->rowner);
335 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
339 if (CborMapType != type && cbor_value_is_valid(&dpairMap))
341 cborFindResult = cbor_value_advance(&dpairMap);
342 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Dpair Map");
351 if (CborNoError != cborFindResult)
353 OIC_LOG (ERROR, TAG, "CBORPayloadToDoxm failed");
354 DeleteDpairingBinData(dpair);
357 ret = OC_STACK_ERROR;
362 * Function to handle the handshake result in Direct-Pairing.
363 * This function will be invoked after DTLS handshake
364 * @param endPoint [IN] The remote endpoint.
365 * @param errorInfo [IN] Error information from the endpoint.
368 void DPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
370 OIC_LOG_V(INFO, TAG, "IN DPairingDTLSHandshakeCB");
372 if(gDpair && endpoint && info)
374 OIC_LOG_V(INFO, TAG, "Received status from remote device(%s:%d) : %d",
375 endpoint->addr, endpoint->port, info->result);
377 if(CA_STATUS_OK == info->result)
379 OIC_LOG(INFO, TAG, "DPairingDTLSHandshakeCB - Connection success.");
381 else if(CA_DTLS_AUTHENTICATION_FAILURE == info->result)
383 OIC_LOG(INFO, TAG, "DPairingDTLSHandshakeCB - Authentication failed");
388 CARegisterDTLSHandshakeCallback(NULL);
389 #endif // __WITH_DTLS__
391 // delete temporary key
392 RemoveCredential(&gDpair->pdeviceID);
395 OIC_LOG_V(INFO, TAG, "OUT DPairingDTLSHandshakeCB");
398 static OCEntityHandlerResult HandleDpairingPostRequest (const OCEntityHandlerRequest * ehRequest)
400 OIC_LOG (DEBUG, TAG, "Dpairing EntityHandle processing POST request");
401 OCEntityHandlerResult ehRet = OC_EH_ERROR;
402 OicSecDpairing_t* newDpair = NULL;
403 OCStackResult res = OC_STACK_OK;
405 const OicSecPconf_t *pconf = GetPconfResourceData();
406 if (true == pconf->edp)
408 uint8_t *payload = ((OCSecurityPayload*)ehRequest->payload)->securityData1;
409 size_t size = ((OCSecurityPayload*)ehRequest->payload)->payloadSize;
412 res = CBORPayloadToDpair(payload, size, &newDpair);
417 OIC_LOG (DEBUG, TAG, "EDP == false : Direct-Pairing Disabled");
421 if (OC_STACK_OK == res && newDpair && false == IsPairedDevice(&newDpair->pdeviceID))
423 // Check if valid Post request
424 bool prmMached = false;
425 for (size_t i=0; i<pconf->prmLen; i++)
427 if (newDpair->spm == pconf->prm[i])
433 OIC_LOG_V(DEBUG, TAG, "Parsed spm is %s", prmMached ? "valid" :
434 "invalid, send error response");
436 // Update local Dpairing with new Dpairing & prepare dtls session
437 if (prmMached && '\0' != (char)newDpair->pdeviceID.id[0])
441 gDpair = GetDpairingDefault();
443 gDpair->spm = newDpair->spm;
444 memcpy(&gDpair->pdeviceID, &newDpair->pdeviceID, sizeof(OicUuid_t));
445 memcpy(&gDpair->rowner, &pconf->rowner, sizeof(OicUuid_t));
450 OicUuid_t subjectId = {.id={0}};
451 res = AddTmpPskWithPIN(&gDpair->pdeviceID,
452 SYMMETRIC_PAIR_WISE_KEY,
453 (char*)pconf->pin.val, DP_PIN_LENGTH,
454 1, &gDpair->rowner, &subjectId);
455 if(res != OC_STACK_OK ||
456 memcmp(&gDpair->pdeviceID, &subjectId, sizeof(OicUuid_t)))
458 OIC_LOG_V(ERROR, TAG, "Failed to save the temporal PSK : %d", res);
462 // Prepare to establish a secure channel with Pin-based PSK cipher suite
463 if (CA_STATUS_OK != CAEnableAnonECDHCipherSuite(false) ||
464 CA_STATUS_OK != CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256))
466 OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256");
470 if(CA_STATUS_OK != CARegisterDTLSHandshakeCallback(DPairingDTLSHandshakeCB))
472 OIC_LOG(WARNING, TAG, "DirectPairingHandler : Failed to register"
473 " DTLS handshake callback.");
476 #endif // __WITH_DTLS__
478 // should be lock /oic/sec/dpairing resource if Direct-Pairing starts normally ?
479 OIC_LOG (DEBUG, TAG, "/oic/sec/dpairing resource created");
481 ehRet = OC_EH_RESOURCE_CREATED;
485 OIC_LOG(ERROR, TAG, "Error in request check");
492 #endif // __WITH_DTLS__
494 if (OC_EH_ERROR == ehRet && gDpair)
496 RemoveCredential(&gDpair->pdeviceID);
500 // Send payload to request originator
501 if(OC_STACK_OK != SendSRMCBORResponse(ehRequest, ehRet, NULL, 0))
503 OIC_LOG (ERROR, TAG, "SendSRMCBORResponse failed in HandleDpairingPostRequest");
506 DeleteDpairingBinData(newDpair);
507 OIC_LOG_V (DEBUG, TAG, "%s RetVal %d", __func__ , ehRet);
511 static OCEntityHandlerResult HandleDpairingPutRequest (const OCEntityHandlerRequest * ehRequest)
513 OIC_LOG (DEBUG, TAG, "Dpairing EntityHandle processing PUT request (Comfirmation)");
515 OCEntityHandlerResult ehRet = OC_EH_ERROR;
516 OicSecDpairing_t* newDpair = NULL;
517 OCStackResult res = OC_STACK_OK;
519 const OicSecPconf_t *pconf = GetPconfResourceData();
520 if (true == pconf->edp)
522 uint8_t *payload = ((OCSecurityPayload*)ehRequest->payload)->securityData1;
523 size_t size = ((OCSecurityPayload*)ehRequest->payload)->payloadSize;
526 res = CBORPayloadToDpair(payload, size, &newDpair);
532 OIC_LOG (DEBUG, TAG, "EDP == false : Direct-Pairing Disabled");
537 if ((OC_STACK_OK == res) && gDpair && newDpair)
539 OIC_LOG(DEBUG, TAG, "Received direct-pairing finalization request");
541 // Check if valid Put request
542 VERIFY_SUCCESS(TAG, PRM_NOT_ALLOWED == newDpair->spm, ERROR);
544 const OicSecPconf_t *pconf = GetPconfResourceData();
545 VERIFY_NON_NULL(TAG, pconf, ERROR);
548 OCServerRequest * request = (OCServerRequest *)ehRequest->requestHandle;
549 VERIFY_SUCCESS(TAG, (request->devAddr.flags | OC_FLAG_SECURE), ERROR);
551 //Generate new credential
552 OIC_LOG_V(INFO, TAG, "SavePairingPSK for %s(%d)", request->devAddr.addr,
553 request->devAddr.port);
554 OCStackResult res = SavePairingPSK(&request->devAddr, &newDpair->pdeviceID,
555 (OicUuid_t *)&pconf->rowner, true);
556 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
557 #endif //__WITH_DTLS__
560 OicSecPdAcl_t *pdAcl;
561 LL_FOREACH(pconf->pdacls, pdAcl)
564 memset(&acl, 0, sizeof(OicSecAcl_t));
565 memcpy(&acl.subject, &gDpair->pdeviceID, sizeof(OicUuid_t));
566 acl.resources = pdAcl->resources;
567 acl.resourcesLen = pdAcl->resourcesLen;
568 acl.owners = (OicUuid_t*)&pconf->rowner;
570 acl.permission = pdAcl->permission;
571 acl.periods = pdAcl->periods;
572 acl.recurrences = pdAcl->recurrences;
573 acl.prdRecrLen = pdAcl->prdRecrLen;
576 uint8_t *payload = NULL;
577 if (OC_STACK_OK == AclToCBORPayload(&acl, &payload, &size))
579 InstallNewACL(payload, size);
584 //update pconf device list
585 AddPairedDevice(&newDpair->pdeviceID);
587 //Initialize dpairing resource
590 OIC_LOG (DEBUG, TAG, "/oic/sec/dpairing resource updated,"
591 "direct-pairing finalization success");
597 //Send payload to request originator
598 if(OC_STACK_OK != SendSRMCBORResponse(ehRequest, ehRet, NULL, 0))
600 OIC_LOG (ERROR, TAG, "SendSRMCBORResponse failed in HandleDpairingPutRequest");
603 DeleteDpairingBinData(newDpair);
604 OIC_LOG_V (DEBUG, TAG, "%s RetVal %d", __func__ , ehRet);
608 * This internal method is the entity handler for Dpairing resources and
609 * will handle REST request (GET/POST) for them.
611 OCEntityHandlerResult DpairingEntityHandler (OCEntityHandlerFlag flag,
612 OCEntityHandlerRequest * ehRequest,
613 void* callbackParameter)
615 OIC_LOG(DEBUG, TAG, "Received request DpairingEntityHandler");
616 (void)callbackParameter;
617 OCEntityHandlerResult ehRet = OC_EH_ERROR;
624 if (flag & OC_REQUEST_FLAG)
626 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
627 switch (ehRequest->method)
633 ehRet = HandleDpairingPostRequest(ehRequest);
637 ehRet = HandleDpairingPutRequest(ehRequest);
645 SendSRMCBORResponse(ehRequest, ehRet, NULL, 0);
653 * This internal method is used to create '/oic/sec/dpairing' resource.
655 OCStackResult CreateDpairingResource()
659 ret = OCCreateResource(&gDpairHandle,
660 OIC_RSRC_TYPE_SEC_DPAIRING,
662 OIC_RSRC_DPAIRING_URI,
663 DpairingEntityHandler,
665 OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
667 if (OC_STACK_OK != ret)
669 OIC_LOG (ERROR, TAG, "Unable to instantiate Dpairing resource");
670 DeInitDpairingResource();
676 * Initialize Dpairing resource by loading data from persistent storage.
678 * @retval OC_STACK_OK for Success, otherwise some error value
680 OCStackResult InitDpairingResource()
682 OCStackResult ret = OC_STACK_ERROR;
684 // Instantiate 'oic.sec.dpairing'
685 ret = CreateDpairingResource();
686 if (OC_STACK_OK != ret)
688 DeInitDpairingResource();
694 * Perform cleanup for Dpairing resources.
697 * OC_STACK_OK - no error
698 * OC_STACK_ERROR - stack process error
701 OCStackResult DeInitDpairingResource()
703 OCStackResult ret = OCDeleteResource(gDpairHandle);
706 if(OC_STACK_OK == ret)
712 return OC_STACK_ERROR;