#ifndef OC_SECURITY_RESOURCE_TYPES_H
#define OC_SECURITY_RESOURCE_TYPES_H
+#include "iotivity_config.h"
+
#include <stdint.h> // for uint8_t typedef
#include <stdbool.h>
-#ifdef __WITH_X509__
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
#include "byte_array.h"
-#endif /* __WITH_X509__ */
+#endif /* __WITH_DTLS__ or __WITH_TLS__*/
#ifdef __cplusplus
extern "C" {
#endif
/**
- * @brief Values used to create bit-maskable enums for single-value
- * response with embedded code.
+ * Values used to create bit-maskable enums for single-value response with
+ * embedded code.
*/
#define ACCESS_GRANTED_DEF (1 << 0)
#define ACCESS_DENIED_DEF (1 << 1)
/**
* Extract Reason Code from Access Response.
*/
-static inline SRMAccessResponseReasonCode_t GetReasonCode(
+INLINE_API SRMAccessResponseReasonCode_t GetReasonCode(
SRMAccessResponse_t response)
{
SRMAccessResponseReasonCode_t reason =
/**
* Returns 'true' iff request should be passed on to RI layer.
*/
-static inline bool IsAccessGranted(SRMAccessResponse_t response)
+INLINE_API bool IsAccessGranted(SRMAccessResponse_t response)
{
if(ACCESS_GRANTED == (response & ACCESS_GRANTED))
{
}
}
+typedef struct OicSecRsrc OicSecRsrc_t;
+
+typedef struct OicSecValidity OicSecValidity_t;
+
+typedef struct OicSecAce OicSecAce_t;
+
typedef struct OicSecAcl OicSecAcl_t;
typedef struct OicSecAmacl OicSecAmacl_t;
} OSCTBitmask_t;
/**
- * @brief /oic/sec/credtype (Credential Type) data type.
- * Derived from OIC Security Spec /oic/sec/cred; see Spec for details.
+ * /oic/sec/credtype (Credential Type) data type.
+ * Derived from OIC Security Spec /oic/sec/cred; see Spec for details.
* 0: no security mode
* 1: symmetric pair-wise key
* 2: symmetric group key
typedef enum
{
+ OIC_R_ACL_TYPE = 0,
+ OIC_R_AMACL_TYPE,
+ OIC_R_CRED_TYPE,
+ OIC_R_CRL_TYPE,
+ OIC_R_DOXM_TYPE,
+ OIC_R_DPAIRING_TYPE,
+ OIC_R_PCONF_TYPE,
+ OIC_R_PSTAT_TYPE,
+ OIC_R_SACL_TYPE,
+ OIC_R_SVC_TYPE,
+ OIC_SEC_SVR_TYPE_COUNT, //define the value to number of SVR
+ NOT_A_SVR_RESOURCE = 99
+}OicSecSvrType_t;
+
+typedef enum
+{
OIC_JUST_WORKS = 0x0,
OIC_RANDOM_DEVICE_PIN = 0x1,
OIC_MANUFACTURER_CERTIFICATE = 0x2,
OIC_OXM_COUNT
}OicSecOxm_t;
-typedef struct OicSecJwk OicSecJwk_t;
+typedef enum
+{
+ OIC_ENCODING_UNKNOW = 0,
+ OIC_ENCODING_RAW = 1,
+ OIC_ENCODING_BASE64 = 2,
+ OIC_ENCODING_PEM = 3,
+ OIC_ENCODING_DER = 4
+}OicEncodingType_t;
+
+typedef struct OicSecKey OicSecKey_t;
typedef struct OicSecPstat OicSecPstat_t;
typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere?
-#ifdef __WITH_X509__
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
typedef struct OicSecCrl OicSecCrl_t;
-#endif /* __WITH_X509__ */
+typedef ByteArray_t OicSecCert_t;
+#else
+typedef void OicSecCert_t;
+#endif /* __WITH_DTLS__ or __WITH_TLS__*/
/**
- * @brief /oic/uuid (Universal Unique Identifier) data type.
+ * /oic/uuid (Universal Unique Identifier) data type.
*/
#define UUID_LENGTH 128/8 // 128-bit GUID length
//TODO: Confirm the length and type of ROLEID.
};
/**
- * @brief /oic/sec/jwk (JSON Web Key) data type.
- * See JSON Web Key (JWK) draft-ietf-jose-json-web-key-41
+ * /oic/sec/jwk (JSON Web Key) data type.
+ * See JSON Web Key (JWK) draft-ietf-jose-json-web-key-41
*/
#define JWK_LENGTH 256/8 // 256 bit key length
-struct OicSecJwk
+struct OicSecKey
+{
+ uint8_t *data;
+ size_t len;
+
+ // TODO: This field added as workaround. Will be replaced soon.
+ OicEncodingType_t encoding;
+
+};
+
+struct OicSecRsrc
+{
+ char *href; // 0:R:S:Y:String
+ char *rel; // 1:R:S:N:String
+ char** types; // 2:R:S:N:String Array
+ size_t typeLen; // the number of elts in types
+ char** interfaces; // 3:R:S:N:String Array
+ size_t interfaceLen; // the number of elts in interfaces
+ OicSecRsrc_t *next;
+};
+
+struct OicSecValidity
{
- char *data;
+ char* period; // 0:R:S:Y:String
+ char** recurrences; // 1:R:M:Y:Array of String
+ size_t recurrenceLen; // the number of elts in recurrence
+ OicSecValidity_t *next;
+};
+
+struct OicSecAce
+{
+ // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
+ OicUuid_t subjectuuid; // 0:R:S:Y:uuid
+ OicSecRsrc_t *resources; // 1:R:M:Y:Resource
+ uint16_t permission; // 2:R:S:Y:UINT16
+ OicSecValidity_t *validities; // 3:R:M:N:Time-interval
+ OicSecAce_t *next;
};
/**
- * @brief /oic/sec/acl (Access Control List) data type.
- * Derived from OIC Security Spec; see Spec for details.
+ * /oic/sec/acl (Access Control List) data type.
+ * Derived from OIC Security Spec; see Spec for details.
*/
struct OicSecAcl
{
// <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
- OicUuid_t subject; // 0:R:S:Y:uuid TODO: this deviates
- // from spec and needs to be updated
- // in spec (where it's a String).
- size_t resourcesLen; // the number of elts in Resources
- char **resources; // 1:R:M:Y:String
- uint16_t permission; // 2:R:S:Y:UINT16
- size_t prdRecrLen; // the number of elts in Periods
- char **periods; // 3:R:M*:N:String (<--M*; see Spec)
- char **recurrences; // 5:R:M:N:String
- size_t ownersLen; // the number of elts in Owners
- OicUuid_t *owners; // 8:R:M:Y:oic.uuid
- // NOTE: we are using UUID for Owners instead of Svc type for mid-April
- // SRM version only; this will change to Svc type for full implementation.
- //TODO change Owners type to oic.sec.svc
- //OicSecSvc_t *Owners; // 6:R:M:Y:oic.sec.svc
- OicSecAcl_t *next;
+ OicUuid_t rownerID; // 0:R:S:Y:oic.uuid
+ OicSecAce_t *aces; // 1:R:M:N:ACE
};
/**
- * @brief /oic/sec/amacl (Access Manager Service Accesss Control List)
- * data type.
- * Derived from OIC Security Spec; see Spec for details.
+ * /oic/sec/amacl (Access Manager Service Accesss Control List) data type.
+ * Derived from OIC Security Spec; see Spec for details.
*/
struct OicSecAmacl
{
char **resources; // 0:R:M:Y:String
size_t amssLen; // the number of elts in Amss
OicUuid_t *amss; // 1:R:M:Y:acl
- size_t ownersLen; // the number of elts in Owners
- OicUuid_t *owners; // 2:R:M:Y:oic.uuid
- // NOTE: we are using UUID for Owners instead of Svc type for mid-April
- // SRM version only; this will change to Svc type for full implementation.
- //TODO change Owners type to oic.sec.svc
- //OicSecSvc_t *Owners; // 2:R:M:Y:oic.sec.svc
+ OicUuid_t rownerID; // 2:R:S:Y:oic.uuid
OicSecAmacl_t *next;
};
/**
- * @brief /oic/sec/cred (Credential) data type.
- * Derived from OIC Security Spec; see Spec for details.
+ * /oic/sec/cred (Credential) data type.
+ * Derived from OIC Security Spec; see Spec for details.
*/
struct OicSecCred
{
//size_t roleIdsLen; // the number of elts in RoleIds
//OicSecRole_t *roleIds; // 2:R:M:N:oic.sec.role
OicSecCredType_t credType; // 3:R:S:Y:oic.sec.credtype
- OicSecJwk_t publicData; // 5:R:S:N:oic.sec.jwk
- OicSecJwk_t privateData; // 6:R:S:N:oic.sec.jwk
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
+ OicSecCert_t publicData; // own cerificate chain
+ char *credUsage; // 4:R:S:N:String
+ OicSecKey_t optionalData; // CA's cerificate chain
+#endif /* __WITH_DTLS__ or __WITH_TLS__*/
+ OicSecKey_t privateData; // 6:R:S:N:oic.sec.key
char *period; // 7:R:S:N:String
- size_t ownersLen; // the number of elts in Owners
- OicUuid_t *owners; // 8:R:M:Y:oic.uuid
- // NOTE: we are using UUID for Owners instead of Svc type for mid-April
- // SRM version only; this will change to Svc type for full implementation.
- //OicSecSvc_t *Owners; // 8:R:M:Y:oic.sec.svc
- //TODO change Owners type to oic.sec.svc
+ OicUuid_t rownerID; // 8:R:S:Y:oic.uuid
OicSecCred_t *next;
};
/**
- * @brief /oic/sec/doxm (Device Owner Transfer Methods) data type
- * Derived from OIC Security Spec; see Spec for details.
+ * /oic/sec/doxm (Device Owner Transfer Methods) data type
+ * Derived from OIC Security Spec; see Spec for details.
*/
struct OicSecDoxm
{
//TODO: Need more clarification on deviceIDFormat field type.
//OicSecDvcIdFrmt_t deviceIDFormat; // 5:R:S:Y:UINT8
OicUuid_t deviceID; // 6:R:S:Y:oic.uuid
- bool dpc; // 7:R:S:Y:Boolean
- OicUuid_t owner; // 7:R:S:Y:oic.uuid
- // NOTE: we are using UUID for Owner instead of Svc type for mid-April
- // SRM version only; this will change to Svc type for full implementation.
- //OicSecSvc_t devOwner; // 7:R:S:Y:oic.sec.svc
- //OicSecSvc_t rOwner; // 8:R:S:Y:oic.sec.svc
- //TODO change Owner type to oic.sec.svc
+ bool dpc; // 7:R:S:Y:Boolean
+ OicUuid_t owner; // 8:R:S:Y:oic.uuid
+ OicUuid_t rownerID; // 9:R:S:Y:oic.uuid
};
/**
- * @brief /oic/sec/pstat (Provisioning Status) data type.
+ * /oic/sec/pstat (Provisioning Status) data type.
* NOTE: this struct is ahead of Spec v0.95 in definition to include Sm.
* TODO: change comment when reconciled to Spec v0.96.
*/
size_t smLen; // the number of elts in Sm
OicSecDpom_t *sm; // 5:R:M:Y:oic.sec.dpom
uint16_t commitHash; // 6:R:S:Y:oic.sec.sha256
- //TODO: this is supposed to be a 256-bit uint; temporarily use uint16_t
- //TODO: need to decide which 256 bit and 128 bit types to use... boost?
+ OicUuid_t rownerID; // 7:R:S:Y:oic.uuid
};
/**
- * @brief /oic/sec/role (Role) data type.
- * Derived from OIC Security Spec; see Spec for details.
+ * /oic/sec/role (Role) data type.
+ * Derived from OIC Security Spec; see Spec for details.
*/
struct OicSecRole
{
};
/**
- * @brief /oic/sec/sacl (Signed Access Control List) data type.
- * Derived from OIC Security Spec; see Spec for details.
+ * /oic/sec/sacl (Signed Access Control List) data type.
+ * Derived from OIC Security Spec; see Spec for details.
*/
struct OicSecSacl
{
// <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
//TODO fill in from OIC Security Spec
+#if defined(_MSC_VER)
+ uint8_t unused; // VS doesn't like empty structs
+#endif
};
/**
- * @brief /oic/sec/svc (Service requiring a secure connection) data type.
- * Derived from OIC Security Spec; see Spec for details.
+ * /oic/sec/svc (Service requiring a secure connection) data type.
+ * Derived from OIC Security Spec; see Spec for details.
*/
struct OicSecSvc
{
OicSecSvc_t *next;
};
-#ifdef __WITH_X509__
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
struct OicSecCrl
{
uint16_t CrlId;
- ByteArray ThisUpdate;
- ByteArray CrlData;
+ ByteArray_t ThisUpdate;
+ OicSecKey_t CrlData;
};
-#endif /* __WITH_X509__ */
+#endif /* __WITH_DTLS__ or __WITH_TLS__ */
/**
* @brief direct pairing data type
struct OicPin
{
- uint8_t val[DP_PIN_LENGTH+1];
+ uint8_t val[DP_PIN_LENGTH];
};
/**
OicUuid_t *pddevs; // 4:R:M:Y:oic.uuid
size_t pddevLen; // the number of elts in pddev
OicUuid_t deviceID; // 5:R:S:Y:oic.uuid
- OicUuid_t rowner; // 6:R:S:Y:oic.uuid
+ OicUuid_t rownerID; // 6:R:S:Y:oic.uuid
};
/**
// <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
OicSecPrm_t spm; // 0:R/W:S:Y:UINT16
OicUuid_t pdeviceID; // 1:R:S:Y:oic.uuid
- OicUuid_t rowner; // 2:R:S:Y:oic.uuid
+ OicUuid_t rownerID; // 2:R:S:Y:oic.uuid
+};
+
+#define MAX_VERSION_LEN 16 // Security Version length. i.e., 00.00.000 + reserved space
+
+/**
+ * @brief security version data type
+ */
+typedef struct OicSecVer OicSecVer_t;
+
+/**
+ * @brief /oic/sec/ver (Security Version) data type
+ */
+struct OicSecVer
+{
+ // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
+ char secv[MAX_VERSION_LEN]; // 0:R:S:Y:String
+ OicUuid_t deviceID; // 1:R:S:Y:oic.uuid
};
#ifdef __cplusplus
projects / platform / upstream / iotivity.git / blobdiff