#include <memory.h>
#include "ocstack.h"
-#include "ocsecurityconfig.h"
#include "securevirtualresourcetypes.h"
#include "doxmresource.h"
#include "credresource.h"
#include "oic_malloc.h"
#include "logger.h"
#include "pbkdf2.h"
-#include "global.h"
#include "base64.h"
#include "oxmrandompin.h"
#include "ownershiptransfermanager.h"
#include "pinoxmcommon.h"
+#include "oxmverifycommon.h"
-#define TAG "OXM_RandomPIN"
+#define TAG "OIC_OXM_RandomPIN"
-char* CreatePinBasedSelectOxmPayload(OTMContext_t* otmCtx)
+typedef enum PinState{
+ PIN_INPUT_READY = 0,
+ PIN_INPUT_WAIT = 1,
+ PIN_INPUT_SUCCESS = 2,
+ PIN_INPUT_FAIL = 3
+} PinState_t;
+
+static PinState_t gPinState = PIN_INPUT_READY;
+
+OCStackResult CreatePinBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
{
- if(!otmCtx || !otmCtx->selectedDeviceInfo)
+ if(!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
{
- return NULL;
+ return OC_STACK_INVALID_PARAM;
}
otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_RANDOM_DEVICE_PIN;
- OicUuid_t uuidPT = {.id={0}};
- if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
- {
- OC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
- return NULL;
- }
- memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id, UUID_LENGTH);
-
- return BinToDoxmJSON(otmCtx->selectedDeviceInfo->doxm);
+ return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
}
-char* CreatePinBasedOwnerTransferPayload(OTMContext_t* otmCtx)
+OCStackResult CreatePinBasedOwnerTransferPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
{
- if(!otmCtx || !otmCtx->selectedDeviceInfo)
+ if(!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
{
- return NULL;
+ return OC_STACK_INVALID_PARAM;
}
OicUuid_t uuidPT = {.id={0}};
+ *payload = NULL;
+ *size = 0;
if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
{
- OC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
- return NULL;
+ OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
+ return OC_STACK_ERROR;
}
memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
- otmCtx->selectedDeviceInfo->doxm->owned = true;
- return BinToDoxmJSON(otmCtx->selectedDeviceInfo->doxm);
+ return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
}
-OCStackResult InputPinCodeCallback(OTMContext_t* otmCtx)
+OCStackResult InputPinCodeCallback(OTMContext_t *otmCtx)
{
- if(!otmCtx || !otmCtx->selectedDeviceInfo)
+ if (!otmCtx || !otmCtx->selectedDeviceInfo)
{
return OC_STACK_INVALID_PARAM;
}
- uint8_t pinData[OXM_RANDOM_PIN_SIZE + 1];
+ uint8_t pinData[OXM_RANDOM_PIN_MAX_SIZE + 1] = {0};
+ OCStackResult res = OC_STACK_ERROR;
- OCStackResult res = InputPin((char*)pinData, OXM_RANDOM_PIN_SIZE + 1);
- if(OC_STACK_OK != res)
+ if (PIN_INPUT_WAIT == gPinState)
{
- OC_LOG(ERROR, TAG, "Failed to input PIN");
- return res;
+ OIC_LOG(ERROR, TAG, "Pin input callback invoked already");
+ NotifyInputState();
+ SetResult(otmCtx, res);
+ return OC_STACK_NOT_ACCEPTABLE;
}
- OicUuid_t deviceUUID = {.id={0}};
- if (OC_STACK_OK != GetDoxmDeviceID(&deviceUUID))
+ gPinState = PIN_INPUT_WAIT;
+
+ res = InputPin((char*)pinData, sizeof(pinData));
+ if (OC_STACK_OK != res)
{
- OC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
- return OC_STACK_ERROR;
+ OIC_LOG(ERROR, TAG, "Failed to input PIN");
+ gPinState = PIN_INPUT_FAIL;
+ SetResult(otmCtx, res);
+ return res;
}
-
- res = AddTmpPskWithPIN(&otmCtx->selectedDeviceInfo->doxm->deviceID,
- SYMMETRIC_PAIR_WISE_KEY,
- (char*)pinData, OXM_RANDOM_PIN_SIZE,
- 1, &deviceUUID, &otmCtx->subIdForPinOxm);
- if(res != OC_STACK_OK)
+ gPinState = PIN_INPUT_SUCCESS;
+
+ /**
+ * Since PSK will be used directly while PIN based ownership transfer,
+ * Credential should not be saved into SVR.
+ * For this reason, We will use a temporary get_psk_info callback to random PIN OxM.
+ */
+ //in case of OTM
+ if(!(otmCtx->selectedDeviceInfo->doxm->owned))
+ {
+ if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskForRandomPinOxm))
+ {
+ OIC_LOG(ERROR, TAG, "Failed to register DTLS credentials handler for random PIN OxM.");
+ res = OC_STACK_ERROR;
+ }
+ }
+#ifdef MULTIPLE_OWNER
+ //in case of MOT
+ else if(otmCtx->selectedDeviceInfo->doxm->owned &&
+ otmCtx->selectedDeviceInfo->doxm->mom &&
+ OIC_MULTIPLE_OWNER_DISABLE != otmCtx->selectedDeviceInfo->doxm->mom->mode)
{
- OC_LOG_V(ERROR, TAG, "Failed to save the temporal PSK : %d", res);
+ if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskForMotRandomPinOxm))
+ {
+ OIC_LOG(ERROR, TAG, "Failed to register TLS credentials handler for random PIN OxM.");
+ res = OC_STACK_ERROR;
+ }
}
+#endif //MULTIPLE_OWNER
+
+ //Set the device id to derive temporal PSK
+ SetUuidForPinBasedOxm(&(otmCtx->selectedDeviceInfo->doxm->deviceID));
return res;
}
-OCStackResult CreateSecureSessionRandomPinCallbak(OTMContext_t* otmCtx)
+OCStackResult CreateSecureSessionRandomPinCallback(OTMContext_t* otmCtx)
{
- OC_LOG(INFO, TAG, "IN CreateSecureSessionRandomPinCallbak");
+ OIC_LOG(INFO, TAG, "IN CreateSecureSessionRandomPinCallbak");
- if(!otmCtx || !otmCtx->selectedDeviceInfo)
+ if (!otmCtx || !otmCtx->selectedDeviceInfo)
{
return OC_STACK_INVALID_PARAM;
}
+ CAResult_t caresult = CAEnableAnonECDHCipherSuite(false);
+ if (CA_STATUS_OK != caresult)
+ {
+ OIC_LOG_V(ERROR, TAG, "Unable to disable anon cipher suite");
+ return OC_STACK_ERROR;
+ }
+ OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
+
+ caresult = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, otmCtx->selectedDeviceInfo->endpoint.adapter);
+ if (CA_STATUS_OK != caresult)
+ {
+ OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256");
+ return OC_STACK_ERROR;
+ }
+ OIC_LOG(INFO, TAG, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 cipher suite selected.");
+
OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
- CAEndpoint_t *endpoint = (CAEndpoint_t *)OICCalloc(1, sizeof (CAEndpoint_t));
- if(NULL == endpoint)
+ CAEndpoint_t endpoint;
+ memcpy(&endpoint, &selDevInfo->endpoint, sizeof(CAEndpoint_t));
+
+ if(CA_ADAPTER_IP == endpoint.adapter)
+ {
+ endpoint.port = selDevInfo->securePort;
+ caresult = CAInitiateHandshake(&endpoint);
+ }
+ else if (CA_ADAPTER_GATT_BTLE == endpoint.adapter)
+ {
+ caresult = CAInitiateHandshake(&endpoint);
+ }
+#ifdef __WITH_TLS__
+ else
{
- return OC_STACK_NO_MEMORY;
+ endpoint.port = selDevInfo->tcpPort;
+ caresult = CAinitiateSslHandshake(&endpoint);
}
- memcpy(endpoint,&selDevInfo->endpoint,sizeof(CAEndpoint_t));
- endpoint->port = selDevInfo->securePort;
- CAResult_t caresult = CAInitiateHandshake(endpoint);
- OICFree(endpoint);
+#endif
if (CA_STATUS_OK != caresult)
{
- OC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
+ OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
return OC_STACK_ERROR;
}
- OC_LOG(INFO, TAG, "OUT CreateSecureSessionRandomPinCallbak");
+ OIC_LOG(INFO, TAG, "OUT CreateSecureSessionRandomPinCallbak");
return OC_STACK_OK;
}
projects / platform / upstream / iotivity.git / blobdiff