1 //******************************************************************
3 // Copyright 2014 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
23 #include "ocsecurity.h"
24 #include "ocsecurityconfig.h"
25 #include "cainterface.h"
28 static OCSecConfigData* secConfigData;
29 static int secConfigDataLen;
33 * This internal API removes/clears the global variable holding the security
34 * config data. This needs to be invoked when OIC stack is shutting down.
38 void DeinitOCSecurityInfo()
42 // Initialize sensitive data to zeroes before freeing.
43 memset(secConfigData, 0, secConfigDataLen);
45 OCFree(secConfigData);
51 * This internal callback is used by lower stack (i.e. CA layer) to
52 * retrieve PSK credentials from RI security layer.
54 * Note: When finished, caller should initialize memory to zeroes and
55 * invoke OCFree to delete @p credInfo.
58 * binary blob containing PSK credentials
63 void GetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
65 // CA layer interface publishes security data structures ONLY if
66 // stack is compiled in SECURED mode
67 CADtlsPskCredsBlob_t * caBlob = NULL;
68 if(secConfigData && credInfo)
71 OCSecBlob * osb = (OCSecBlob*)secConfigData->blob;
72 for ( ;(i<secConfigData->numBlob) && osb; i++)
74 if (osb->type == OC_BLOB_TYPE_PSK)
76 caBlob = (CADtlsPskCredsBlob_t *)OCCalloc(sizeof(CADtlsPskCredsBlob_t), 1);
79 OCDtlsPskCredsBlob * ocBlob = (OCDtlsPskCredsBlob *)osb->val;
81 memcpy(caBlob->identity, ocBlob->identity, sizeof(caBlob->identity));
82 caBlob->num = ocBlob->num;
84 (OCDtlsPskCreds*) OCMalloc(caBlob->num * sizeof(OCDtlsPskCreds));
87 memcpy(caBlob->creds, ocBlob->creds,
88 caBlob->num * sizeof(OCDtlsPskCreds));
90 // We copied the credential blob in the CA data structure.
91 // Let's get out of here.
97 osb = config_data_next_blob(osb);
101 // Clear memory if any memory allocation failed above
104 OCFree(caBlob->creds);
108 #endif //__WITH_DTLS__
112 * This method validates the sanctity of OCDtlsPskCredsBlob.
115 * binary blob containing PSK credentials
117 * @retval OC_STACK_OK for Success, otherwise some error value
120 OCStackResult ValidateBlobTypePSK(const OCSecBlob *secBlob)
122 OCDtlsPskCredsBlob *pskCredsBlob;
125 if(!secBlob || secBlob->len == 0)
127 return OC_STACK_INVALID_PARAM;
130 pskCredsBlob = (OCDtlsPskCredsBlob *)secBlob->val;
132 //calculate the expected length of PSKCredsBlob
133 if(pskCredsBlob->num >= 1)
135 validLen = sizeof(OCDtlsPskCredsBlob) +
136 (pskCredsBlob->num - 1) * sizeof(OCDtlsPskCredsBlob);
140 validLen = sizeof(OCDtlsPskCredsBlob);
143 if(secBlob->len != validLen)
144 return OC_STACK_INVALID_PARAM;
151 * This method validates the sanctity of configuration data provided
152 * by application to OC stack.
155 * binary blob containing credentials and other config data
157 * length of binary blob
159 * @retval OC_STACK_OK for Success, otherwise some error value
162 OCStackResult ValidateSecConfigData(const OCSecConfigData *cfgData,
165 OCStackResult ret = OC_STACK_OK;
167 OCSecBlob * osb = NULL;
169 if (!cfgData || (len == 0))
171 return OC_STACK_INVALID_PARAM;
174 if (cfgData->version != OCSecConfigVer_CurrentVersion)
176 return OC_STACK_INVALID_PARAM;
179 osb = (OCSecBlob*)cfgData->blob;
180 for ( ;(i<cfgData->numBlob) && osb; i++)
182 if (osb->type == OC_BLOB_TYPE_PSK)
184 ret = ValidateBlobTypePSK(osb);
188 return OC_STACK_INVALID_PARAM;
191 if (ret != OC_STACK_OK)
195 osb = config_data_next_blob(osb);
204 * Provides the Security configuration data to OC stack.
207 * binary blob containing credentials and other config data
209 * length of binary blob
211 * @retval OC_STACK_OK for Success, otherwise some error value
213 OCStackResult OCSecSetConfigData(const OCSecConfigData *cfgData,
216 // Validate the data inside blob before consuming
217 if (cfgData && ValidateSecConfigData(cfgData, len) == OC_STACK_OK)
219 // Remove existing blob
220 DeinitOCSecurityInfo();
221 // Allocate storage for new blob
222 secConfigData = (OCSecConfigData*)OCMalloc(len);
225 memcpy(secConfigData, cfgData, len);
226 secConfigDataLen = len;
230 return OC_STACK_NO_MEMORY;
233 return OC_STACK_INVALID_PARAM;