1 //******************************************************************
3 // Copyright 2014 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
23 #include "ocsecurity.h"
24 #include "ocsecurityconfig.h"
27 static OCSecConfigData* secConfigData;
28 static int secConfigDataLen;
31 * This internal API removes/clears the global variable holding the security
32 * config data. This needs to be invoked when OIC stack is shutting down.
36 void DeinitOCSecurityInfo()
40 // Initialize sensitive data to zeroes before freeing.
41 memset(secConfigData, 0, secConfigDataLen);
43 OCFree(secConfigData);
49 * This internal callback is used by lower stack (i.e. CA layer) to
50 * retrieve PSK credentials from RI security layer.
52 * Note: When finished, caller should initialize memory to zeroes and
53 * invoke OCFree to delete @p credInfo.
56 * binary blob containing PSK credentials
60 void GetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
62 if(secConfigData && credInfo)
65 OCSecBlob * osb = (OCSecBlob*)secConfigData->blob;
66 for ( ;(i<secConfigData->numBlob) && osb; i++)
68 if (osb->type == OC_BLOB_TYPE_PSK)
70 OCDtlsPskCredsBlob * blob;
71 blob = (OCDtlsPskCredsBlob *)OCMalloc(osb->len);
74 memcpy(blob, osb->val, osb->len);
79 osb = config_data_next_blob(osb);
86 * This method validates the sanctity of OCDtlsPskCredsBlob.
89 * binary blob containing PSK credentials
91 * @retval OC_STACK_OK for Success, otherwise some error value
94 OCStackResult ValidateBlobTypePSK(const OCSecBlob *secBlob)
96 OCDtlsPskCredsBlob *pskCredsBlob;
101 return OC_STACK_INVALID_PARAM;
104 pskCredsBlob = (OCDtlsPskCredsBlob *)secBlob->val;
106 //calculate the expected length of PSKCredsBlob
107 if(pskCredsBlob->num >= 1)
109 validLen = sizeof(OCDtlsPskCredsBlob) +
110 (pskCredsBlob->num - 1) * sizeof(OCDtlsPskCredsBlob);
114 validLen = sizeof(OCDtlsPskCredsBlob);
117 if(secBlob->len != validLen)
118 return OC_STACK_INVALID_PARAM;
125 * This method validates the sanctity of configuration data provided
126 * by application to OC stack.
129 * binary blob containing credentials and other config data
131 * length of binary blob
133 * @retval OC_STACK_OK for Success, otherwise some error value
136 OCStackResult ValidateSecConfigData(const OCSecConfigData *cfgData,
139 OCStackResult ret = OC_STACK_OK;
141 OCSecBlob * osb = NULL;
143 if (!cfgData || (len == 0))
145 return OC_STACK_INVALID_PARAM;
148 if (cfgData->version != OCSecConfigVer_CurrentVersion)
150 return OC_STACK_INVALID_PARAM;
153 osb = (OCSecBlob*)cfgData->blob;
154 for ( ;(i<cfgData->numBlob) && osb; i++)
156 if (osb->type == OC_BLOB_TYPE_PSK)
158 ret = ValidateBlobTypePSK(osb);
162 return OC_STACK_INVALID_PARAM;
165 if (ret != OC_STACK_OK)
169 osb = config_data_next_blob(osb);
178 * Provides the Security configuration data to OC stack.
181 * binary blob containing credentials and other config data
183 * length of binary blob
185 * @retval OC_STACK_OK for Success, otherwise some error value
187 OCStackResult OCSecSetConfigData(const OCSecConfigData *cfgData,
190 // Validate the data inside blob before consuming
191 if (cfgData && ValidateSecConfigData(cfgData, len) == OC_STACK_OK)
193 // Remove existing blob
194 DeinitOCSecurityInfo();
195 // Allocate storage for new blob
196 secConfigData = (OCSecConfigData*)OCMalloc(len);
199 memcpy(secConfigData, cfgData, len);
200 secConfigDataLen = len;
204 return OC_STACK_NO_MEMORY;
207 return OC_STACK_INVALID_PARAM;