#ifndef OC_SECURITY_RESOURCE_TYPES_H
#define OC_SECURITY_RESOURCE_TYPES_H
+#include "iotivity_config.h"
+
#include <stdint.h> // for uint8_t typedef
#include <stdbool.h>
-#if defined(__WITH_X509__) || defined(__WITH_TLS__)
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
#include "byte_array.h"
-#endif /* __WITH_X509__ or __WITH_TLS__*/
-
-#include "platform_features.h"
+#endif /* __WITH_DTLS__ or __WITH_TLS__*/
#ifdef __cplusplus
extern "C" {
SECURITY_MANAGEMENT_SERVICES = (0x1 << 3),
PROVISION_CREDENTIALS = (0x1 << 4),
PROVISION_ACLS = (0x1 << 5),
- // << 6 THROUGH 15 RESERVED
+#ifdef MULTIPLE_OWNER
+ TAKE_SUB_OWNER = (0x1 << 6),
+#endif
+ // << 7 THROUGH 15 RESERVED
} OicSecDpm_t;
+// These types are taken from the Security Spec v1.1.12 /pstat resource definition
+// Note that per the latest spec, there is NO definition for Multiple Service Client Directed
+// provisioning mode, so that enum value has been removed.
typedef enum OicSecDpom
{
- MULTIPLE_SERVICE_SERVER_DRIVEN = 0x0,
- SINGLE_SERVICE_SERVER_DRIVEN = 0x1,
- MULTIPLE_SERVICE_CLIENT_DRIVEN = 0x2,
- SINGLE_SERVICE_CLIENT_DRIVEN = 0x3,
+ MULTIPLE_SERVICE_SERVER_DRIVEN = (0x1 << 0),
+ SINGLE_SERVICE_SERVER_DRIVEN = (0x1 << 1),
+ SINGLE_SERVICE_CLIENT_DRIVEN = (0x1 << 2),
} OicSecDpom_t;
-typedef enum OicSecSvcType
-{
- SERVICE_UNKNOWN = 0x0,
- ACCESS_MGMT_SERVICE = 0x1, //urn:oic.sec.ams
-} OicSecSvcType_t;
-
-
//TODO: Need more clarification on deviceIDFormat field type.
#if 0
typedef enum
OIC_R_PCONF_TYPE,
OIC_R_PSTAT_TYPE,
OIC_R_SACL_TYPE,
- OIC_R_SVC_TYPE,
OIC_SEC_SVR_TYPE_COUNT, //define the value to number of SVR
NOT_A_SVR_RESOURCE = 99
}OicSecSvrType_t;
{
OIC_JUST_WORKS = 0x0,
OIC_RANDOM_DEVICE_PIN = 0x1,
- OIC_MANUFACTURER_CERTIFICATE = 0x2,
- OIC_OXM_COUNT
+ OIC_MANUFACTURER_CERTIFICATE = 0x2,
+ OIC_DECENTRALIZED_PUBLIC_KEY = 0x3,
+ OIC_OXM_COUNT,
+#ifdef MULTIPLE_OWNER
+ OIC_PRECONFIG_PIN = 0xFF00,
+#endif //MULTIPLE_OWNER
+ OIC_MV_JUST_WORKS = 0xFF01,
+ OIC_CON_MFG_CERT = 0xFF02,
}OicSecOxm_t;
typedef enum
OIC_ENCODING_DER = 4
}OicEncodingType_t;
+#ifdef MULTIPLE_OWNER
+typedef enum
+{
+ MOT_STATUS_READY = 0,
+ MOT_STATUS_IN_PROGRESS = 1,
+ MOT_STATUS_DONE = 2,
+}MotStatus_t;
+#endif //MULTIPLE_OWNER
+
+/*
+ * oic.sec.mom type definition
+ * TODO: This type will be included to OIC Security Spec.
+ * 0 : Disable multiple owner
+ * 1 : Enable multiple owner (Always on)
+ * 2 : Timely multiple owner enable
+ */
+typedef enum
+{
+ OIC_MULTIPLE_OWNER_DISABLE = 0,
+ OIC_MULTIPLE_OWNER_ENABLE = 1,
+ OIC_MULTIPLE_OWNER_TIMELY_ENABLE = 2,
+ OIC_NUMBER_OF_MOM_TYPE = 3
+}OicSecMomType_t;
+
typedef struct OicSecKey OicSecKey_t;
+typedef struct OicSecOpt OicSecOpt_t;
+
typedef struct OicSecPstat OicSecPstat_t;
typedef struct OicSecRole OicSecRole_t;
typedef struct OicSecSacl OicSecSacl_t;
-typedef struct OicSecSvc OicSecSvc_t;
-
typedef char *OicUrn_t; //TODO is URN type defined elsewhere?
typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere?
+#ifdef MULTIPLE_OWNER
+typedef struct OicSecSubOwner OicSecSubOwner_t;
+typedef struct OicSecMom OicSecMom_t;
+#endif //MULTIPLE_OWNER
+
-#if defined(__WITH_X509__) || defined(__WITH_TLS__)
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
typedef struct OicSecCrl OicSecCrl_t;
-typedef ByteArray OicSecCert_t;
+typedef ByteArray_t OicSecCert_t;
#else
typedef void OicSecCert_t;
-#endif /* __WITH_X509__ or __WITH_TLS__*/
+#endif /* __WITH_DTLS__ or __WITH_TLS__*/
/**
* /oic/uuid (Universal Unique Identifier) data type.
};
+struct OicSecOpt
+{
+ uint8_t *data;
+ size_t len;
+
+ OicEncodingType_t encoding;
+ bool revstat;
+};
+
struct OicSecRsrc
{
char *href; // 0:R:S:Y:String
struct OicSecAce
{
// <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
- OicUuid_t subjectuuid; // 0:R:S:Y:uuid
- OicSecRsrc_t *resources; // 1:R:M:Y:Resource
- uint16_t permission; // 2:R:S:Y:UINT16
- OicSecValidity_t *validities; // 3:R:M:N:Time-interval
+ OicUuid_t subjectuuid; // 0:R:S:Y:uuid
+ OicSecRsrc_t *resources; // 1:R:M:Y:Resource
+ uint16_t permission; // 2:R:S:Y:UINT16
+ OicSecValidity_t *validities; // 3:R:M:N:Time-interval
+#ifdef MULTIPLE_OWNER
+ OicUuid_t* eownerID; //4:R:S:N:oic.uuid
+#endif
OicSecAce_t *next;
};
//size_t roleIdsLen; // the number of elts in RoleIds
//OicSecRole_t *roleIds; // 2:R:M:N:oic.sec.role
OicSecCredType_t credType; // 3:R:S:Y:oic.sec.credtype
-#if defined(__WITH_X509__) || defined(__WITH_TLS__)
- OicSecCert_t publicData; // own cerificate chain
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
+ OicSecKey_t publicData; // own cerificate chain
char *credUsage; // 4:R:S:N:String
- OicSecKey_t optionalData; // CA's cerificate chain
-#endif /* __WITH_X509__ or __WITH_TLS__*/
+ OicSecOpt_t optionalData; // CA's cerificate chain
+#endif /* __WITH_DTLS__ or __WITH_TLS__*/
OicSecKey_t privateData; // 6:R:S:N:oic.sec.key
char *period; // 7:R:S:N:String
- OicUuid_t rownerID; // 8:R:S:Y:oic.uuid
+ OicUuid_t rownerID; // 8:R:S:Y:oic.uuid
+#ifdef MULTIPLE_OWNER
+ OicUuid_t *eownerID; //9:R:S:N:oic.uuid
+#endif //MULTIPLE_OWNER
OicSecCred_t *next;
};
+#ifdef MULTIPLE_OWNER
+struct OicSecSubOwner {
+ OicUuid_t uuid;
+ MotStatus_t status;
+ OicSecSubOwner_t* next;
+};
+
+struct OicSecMom{
+ OicSecMomType_t mode;
+};
+#endif //MULTIPLE_OWNER
+
/**
* /oic/sec/doxm (Device Owner Transfer Methods) data type
* Derived from OIC Security Spec; see Spec for details.
OicUuid_t deviceID; // 6:R:S:Y:oic.uuid
bool dpc; // 7:R:S:Y:Boolean
OicUuid_t owner; // 8:R:S:Y:oic.uuid
- OicUuid_t rownerID; // 9:R:S:Y:oic.uuid
+#ifdef MULTIPLE_OWNER
+ OicSecSubOwner_t* subOwners; //9:R/W:M:N:oic.uuid
+ OicSecMom_t *mom; //10:R/W:S:N:oic.sec.mom
+#endif //MULTIPLE_OWNER
+ OicUuid_t rownerID; // 11:R:S:Y:oic.uuid
};
/**
* /oic/sec/pstat (Provisioning Status) data type.
- * NOTE: this struct is ahead of Spec v0.95 in definition to include Sm.
- * TODO: change comment when reconciled to Spec v0.96.
*/
struct OicSecPstat
{
#endif
};
-/**
- * /oic/sec/svc (Service requiring a secure connection) data type.
- * Derived from OIC Security Spec; see Spec for details.
- */
-struct OicSecSvc
-{
- // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
- OicUuid_t svcdid; //0:R:S:Y:oic.uuid
- OicSecSvcType_t svct; //1:R:M:Y:OIC Service Type
- size_t ownersLen; //2:the number of elts in Owners
- OicUuid_t *owners; //3:R:M:Y:oic.uuid
- OicSecSvc_t *next;
-};
-
-#if defined(__WITH_X509__) || defined(__WITH_TLS__)
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
struct OicSecCrl
{
uint16_t CrlId;
- ByteArray ThisUpdate;
- ByteArray CrlData;
+ ByteArray_t ThisUpdate;
+ OicSecKey_t CrlData;
};
-#endif /* __WITH_X509__ or __WITH_TLS__ */
+#endif /* __WITH_DTLS__ or __WITH_TLS__ */
/**
* @brief direct pairing data type
OicUuid_t rownerID; // 2:R:S:Y:oic.uuid
};
-#define MAX_VERSION_LEN 16 // Security Version length. i.e., 00.00.000 + reserved space
+#define OIC_SEC_MAX_VER_LEN 16 // Security Version length. i.e., 00.00.000 + reserved space
/**
* @brief security version data type
struct OicSecVer
{
// <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
- char secv[MAX_VERSION_LEN]; // 0:R:S:Y:String
+ char secv[OIC_SEC_MAX_VER_LEN]; // 0:R:S:Y:String
OicUuid_t deviceID; // 1:R:S:Y:oic.uuid
};