X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=resource%2Fcsdk%2Fsecurity%2Finclude%2Fsecurevirtualresourcetypes.h;h=f6de36cb2b2e34271a18cb7947b65d5244bd96bd;hb=refs%2Ftags%2Ftizen_4.0.m2_release;hp=83dc60f171dac70e2174db7e7fa08165b79fa5e8;hpb=1d22cff71dc61544eadadb13037995a6f13bb6f0;p=platform%2Fupstream%2Fiotivity.git diff --git a/resource/csdk/security/include/securevirtualresourcetypes.h b/resource/csdk/security/include/securevirtualresourcetypes.h index 83dc60f..f6de36c 100644 --- a/resource/csdk/security/include/securevirtualresourcetypes.h +++ b/resource/csdk/security/include/securevirtualresourcetypes.h @@ -41,19 +41,21 @@ #ifndef OC_SECURITY_RESOURCE_TYPES_H #define OC_SECURITY_RESOURCE_TYPES_H +#include "iotivity_config.h" + #include // for uint8_t typedef #include -#ifdef __WITH_X509__ +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) #include "byte_array.h" -#endif /* __WITH_X509__ */ +#endif /* __WITH_DTLS__ or __WITH_TLS__*/ #ifdef __cplusplus extern "C" { #endif /** - * @brief Values used to create bit-maskable enums for single-value - * response with embedded code. + * Values used to create bit-maskable enums for single-value response with + * embedded code. */ #define ACCESS_GRANTED_DEF (1 << 0) #define ACCESS_DENIED_DEF (1 << 1) @@ -139,7 +141,7 @@ typedef enum /** * Extract Reason Code from Access Response. */ -static inline SRMAccessResponseReasonCode_t GetReasonCode( +INLINE_API SRMAccessResponseReasonCode_t GetReasonCode( SRMAccessResponse_t response) { SRMAccessResponseReasonCode_t reason = @@ -150,7 +152,7 @@ static inline SRMAccessResponseReasonCode_t GetReasonCode( /** * Returns 'true' iff request should be passed on to RI layer. */ -static inline bool IsAccessGranted(SRMAccessResponse_t response) +INLINE_API bool IsAccessGranted(SRMAccessResponse_t response) { if(ACCESS_GRANTED == (response & ACCESS_GRANTED)) { @@ -162,6 +164,12 @@ static inline bool IsAccessGranted(SRMAccessResponse_t response) } } +typedef struct OicSecRsrc OicSecRsrc_t; + +typedef struct OicSecValidity OicSecValidity_t; + +typedef struct OicSecAce OicSecAce_t; + typedef struct OicSecAcl OicSecAcl_t; typedef struct OicSecAmacl OicSecAmacl_t; @@ -189,8 +197,8 @@ typedef enum OSCTBitmask } OSCTBitmask_t; /** - * @brief /oic/sec/credtype (Credential Type) data type. - * Derived from OIC Security Spec /oic/sec/cred; see Spec for details. + * /oic/sec/credtype (Credential Type) data type. + * Derived from OIC Security Spec /oic/sec/cred; see Spec for details. * 0: no security mode * 1: symmetric pair-wise key * 2: symmetric group key @@ -211,24 +219,22 @@ typedef enum OicSecDpm SECURITY_MANAGEMENT_SERVICES = (0x1 << 3), PROVISION_CREDENTIALS = (0x1 << 4), PROVISION_ACLS = (0x1 << 5), - // << 6 THROUGH 15 RESERVED +#ifdef MULTIPLE_OWNER + TAKE_SUB_OWNER = (0x1 << 6), +#endif + // << 7 THROUGH 15 RESERVED } OicSecDpm_t; +// These types are taken from the Security Spec v1.1.12 /pstat resource definition +// Note that per the latest spec, there is NO definition for Multiple Service Client Directed +// provisioning mode, so that enum value has been removed. typedef enum OicSecDpom { - MULTIPLE_SERVICE_SERVER_DRIVEN = 0x0, - SINGLE_SERVICE_SERVER_DRIVEN = 0x1, - MULTIPLE_SERVICE_CLIENT_DRIVEN = 0x2, - SINGLE_SERVICE_CLIENT_DRIVEN = 0x3, + MULTIPLE_SERVICE_SERVER_DRIVEN = (0x1 << 0), + SINGLE_SERVICE_SERVER_DRIVEN = (0x1 << 1), + SINGLE_SERVICE_CLIENT_DRIVEN = (0x1 << 2), } OicSecDpom_t; -typedef enum OicSecSvcType -{ - SERVICE_UNKNOWN = 0x0, - ACCESS_MGMT_SERVICE = 0x1, //urn:oic.sec.ams -} OicSecSvcType_t; - - //TODO: Need more clarification on deviceIDFormat field type. #if 0 typedef enum @@ -239,13 +245,69 @@ typedef enum typedef enum { + OIC_R_ACL_TYPE = 0, + OIC_R_AMACL_TYPE, + OIC_R_CRED_TYPE, + OIC_R_CRL_TYPE, + OIC_R_DOXM_TYPE, + OIC_R_DPAIRING_TYPE, + OIC_R_PCONF_TYPE, + OIC_R_PSTAT_TYPE, + OIC_R_SACL_TYPE, + OIC_SEC_SVR_TYPE_COUNT, //define the value to number of SVR + NOT_A_SVR_RESOURCE = 99 +}OicSecSvrType_t; + +typedef enum +{ OIC_JUST_WORKS = 0x0, OIC_RANDOM_DEVICE_PIN = 0x1, - OIC_MANUFACTURER_CERTIFICATE = 0x2, - OIC_OXM_COUNT + OIC_MANUFACTURER_CERTIFICATE = 0x2, + OIC_DECENTRALIZED_PUBLIC_KEY = 0x3, + OIC_OXM_COUNT, +#ifdef MULTIPLE_OWNER + OIC_PRECONFIG_PIN = 0xFF00, +#endif //MULTIPLE_OWNER + OIC_MV_JUST_WORKS = 0xFF01, + OIC_CON_MFG_CERT = 0xFF02, }OicSecOxm_t; -typedef struct OicSecJwk OicSecJwk_t; +typedef enum +{ + OIC_ENCODING_UNKNOW = 0, + OIC_ENCODING_RAW = 1, + OIC_ENCODING_BASE64 = 2, + OIC_ENCODING_PEM = 3, + OIC_ENCODING_DER = 4 +}OicEncodingType_t; + +#ifdef MULTIPLE_OWNER +typedef enum +{ + MOT_STATUS_READY = 0, + MOT_STATUS_IN_PROGRESS = 1, + MOT_STATUS_DONE = 2, +}MotStatus_t; +#endif //MULTIPLE_OWNER + +/* + * oic.sec.mom type definition + * TODO: This type will be included to OIC Security Spec. + * 0 : Disable multiple owner + * 1 : Enable multiple owner (Always on) + * 2 : Timely multiple owner enable + */ +typedef enum +{ + OIC_MULTIPLE_OWNER_DISABLE = 0, + OIC_MULTIPLE_OWNER_ENABLE = 1, + OIC_MULTIPLE_OWNER_TIMELY_ENABLE = 2, + OIC_NUMBER_OF_MOM_TYPE = 3 +}OicSecMomType_t; + +typedef struct OicSecKey OicSecKey_t; + +typedef struct OicSecOpt OicSecOpt_t; typedef struct OicSecPstat OicSecPstat_t; @@ -253,19 +315,25 @@ typedef struct OicSecRole OicSecRole_t; typedef struct OicSecSacl OicSecSacl_t; -typedef struct OicSecSvc OicSecSvc_t; - typedef char *OicUrn_t; //TODO is URN type defined elsewhere? typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere? +#ifdef MULTIPLE_OWNER +typedef struct OicSecSubOwner OicSecSubOwner_t; +typedef struct OicSecMom OicSecMom_t; +#endif //MULTIPLE_OWNER + -#ifdef __WITH_X509__ +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) typedef struct OicSecCrl OicSecCrl_t; -#endif /* __WITH_X509__ */ +typedef ByteArray_t OicSecCert_t; +#else +typedef void OicSecCert_t; +#endif /* __WITH_DTLS__ or __WITH_TLS__*/ /** - * @brief /oic/uuid (Universal Unique Identifier) data type. + * /oic/uuid (Universal Unique Identifier) data type. */ #define UUID_LENGTH 128/8 // 128-bit GUID length //TODO: Confirm the length and type of ROLEID. @@ -281,44 +349,75 @@ struct OicUuid }; /** - * @brief /oic/sec/jwk (JSON Web Key) data type. - * See JSON Web Key (JWK) draft-ietf-jose-json-web-key-41 + * /oic/sec/jwk (JSON Web Key) data type. + * See JSON Web Key (JWK) draft-ietf-jose-json-web-key-41 */ #define JWK_LENGTH 256/8 // 256 bit key length -struct OicSecJwk +struct OicSecKey { - char *data; + uint8_t *data; + size_t len; + + // TODO: This field added as workaround. Will be replaced soon. + OicEncodingType_t encoding; + +}; + +struct OicSecOpt +{ + uint8_t *data; + size_t len; + + OicEncodingType_t encoding; + bool revstat; +}; + +struct OicSecRsrc +{ + char *href; // 0:R:S:Y:String + char *rel; // 1:R:S:N:String + char** types; // 2:R:S:N:String Array + size_t typeLen; // the number of elts in types + char** interfaces; // 3:R:S:N:String Array + size_t interfaceLen; // the number of elts in interfaces + OicSecRsrc_t *next; +}; + +struct OicSecValidity +{ + char* period; // 0:R:S:Y:String + char** recurrences; // 1:R:M:Y:Array of String + size_t recurrenceLen; // the number of elts in recurrence + OicSecValidity_t *next; +}; + +struct OicSecAce +{ + // :::: + OicUuid_t subjectuuid; // 0:R:S:Y:uuid + OicSecRsrc_t *resources; // 1:R:M:Y:Resource + uint16_t permission; // 2:R:S:Y:UINT16 + OicSecValidity_t *validities; // 3:R:M:N:Time-interval +#ifdef MULTIPLE_OWNER + OicUuid_t* eownerID; //4:R:S:N:oic.uuid +#endif + OicSecAce_t *next; }; /** - * @brief /oic/sec/acl (Access Control List) data type. - * Derived from OIC Security Spec; see Spec for details. + * /oic/sec/acl (Access Control List) data type. + * Derived from OIC Security Spec; see Spec for details. */ struct OicSecAcl { // :::: - OicUuid_t subject; // 0:R:S:Y:uuid TODO: this deviates - // from spec and needs to be updated - // in spec (where it's a String). - size_t resourcesLen; // the number of elts in Resources - char **resources; // 1:R:M:Y:String - uint16_t permission; // 2:R:S:Y:UINT16 - size_t prdRecrLen; // the number of elts in Periods - char **periods; // 3:R:M*:N:String (<--M*; see Spec) - char **recurrences; // 5:R:M:N:String - size_t ownersLen; // the number of elts in Owners - OicUuid_t *owners; // 8:R:M:Y:oic.uuid - // NOTE: we are using UUID for Owners instead of Svc type for mid-April - // SRM version only; this will change to Svc type for full implementation. - //TODO change Owners type to oic.sec.svc - //OicSecSvc_t *Owners; // 6:R:M:Y:oic.sec.svc - OicSecAcl_t *next; + OicUuid_t rownerID; // 0:R:S:Y:oic.uuid + OicSecAce_t *aces; // 1:R:M:N:ACE }; /** - * @brief /oic/sec/amacl (Access Manager Service Accesss Control List) - * data type. - * Derived from OIC Security Spec; see Spec for details. + * /oic/sec/amacl (Access Manager Service Accesss Control List) data type. + * Derived from OIC Security Spec; see Spec for details. */ struct OicSecAmacl { @@ -327,18 +426,13 @@ struct OicSecAmacl char **resources; // 0:R:M:Y:String size_t amssLen; // the number of elts in Amss OicUuid_t *amss; // 1:R:M:Y:acl - size_t ownersLen; // the number of elts in Owners - OicUuid_t *owners; // 2:R:M:Y:oic.uuid - // NOTE: we are using UUID for Owners instead of Svc type for mid-April - // SRM version only; this will change to Svc type for full implementation. - //TODO change Owners type to oic.sec.svc - //OicSecSvc_t *Owners; // 2:R:M:Y:oic.sec.svc + OicUuid_t rownerID; // 2:R:S:Y:oic.uuid OicSecAmacl_t *next; }; /** - * @brief /oic/sec/cred (Credential) data type. - * Derived from OIC Security Spec; see Spec for details. + * /oic/sec/cred (Credential) data type. + * Derived from OIC Security Spec; see Spec for details. */ struct OicSecCred { @@ -350,21 +444,35 @@ struct OicSecCred //size_t roleIdsLen; // the number of elts in RoleIds //OicSecRole_t *roleIds; // 2:R:M:N:oic.sec.role OicSecCredType_t credType; // 3:R:S:Y:oic.sec.credtype - OicSecJwk_t publicData; // 5:R:S:N:oic.sec.jwk - OicSecJwk_t privateData; // 6:R:S:N:oic.sec.jwk +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) + OicSecKey_t publicData; // own cerificate chain + char *credUsage; // 4:R:S:N:String + OicSecOpt_t optionalData; // CA's cerificate chain +#endif /* __WITH_DTLS__ or __WITH_TLS__*/ + OicSecKey_t privateData; // 6:R:S:N:oic.sec.key char *period; // 7:R:S:N:String - size_t ownersLen; // the number of elts in Owners - OicUuid_t *owners; // 8:R:M:Y:oic.uuid - // NOTE: we are using UUID for Owners instead of Svc type for mid-April - // SRM version only; this will change to Svc type for full implementation. - //OicSecSvc_t *Owners; // 8:R:M:Y:oic.sec.svc - //TODO change Owners type to oic.sec.svc + OicUuid_t rownerID; // 8:R:S:Y:oic.uuid +#ifdef MULTIPLE_OWNER + OicUuid_t *eownerID; //9:R:S:N:oic.uuid +#endif //MULTIPLE_OWNER OicSecCred_t *next; }; +#ifdef MULTIPLE_OWNER +struct OicSecSubOwner { + OicUuid_t uuid; + MotStatus_t status; + OicSecSubOwner_t* next; +}; + +struct OicSecMom{ + OicSecMomType_t mode; +}; +#endif //MULTIPLE_OWNER + /** - * @brief /oic/sec/doxm (Device Owner Transfer Methods) data type - * Derived from OIC Security Spec; see Spec for details. + * /oic/sec/doxm (Device Owner Transfer Methods) data type + * Derived from OIC Security Spec; see Spec for details. */ struct OicSecDoxm { @@ -379,18 +487,17 @@ struct OicSecDoxm //TODO: Need more clarification on deviceIDFormat field type. //OicSecDvcIdFrmt_t deviceIDFormat; // 5:R:S:Y:UINT8 OicUuid_t deviceID; // 6:R:S:Y:oic.uuid - OicUuid_t owner; // 7:R:S:Y:oic.uuid - // NOTE: we are using UUID for Owner instead of Svc type for mid-April - // SRM version only; this will change to Svc type for full implementation. - //OicSecSvc_t devOwner; // 7:R:S:Y:oic.sec.svc - //OicSecSvc_t rOwner; // 8:R:S:Y:oic.sec.svc - //TODO change Owner type to oic.sec.svc + bool dpc; // 7:R:S:Y:Boolean + OicUuid_t owner; // 8:R:S:Y:oic.uuid +#ifdef MULTIPLE_OWNER + OicSecSubOwner_t* subOwners; //9:R/W:M:N:oic.uuid + OicSecMom_t *mom; //10:R/W:S:N:oic.sec.mom +#endif //MULTIPLE_OWNER + OicUuid_t rownerID; // 11:R:S:Y:oic.uuid }; /** - * @brief /oic/sec/pstat (Provisioning Status) data type. - * NOTE: this struct is ahead of Spec v0.95 in definition to include Sm. - * TODO: change comment when reconciled to Spec v0.96. + * /oic/sec/pstat (Provisioning Status) data type. */ struct OicSecPstat { @@ -403,13 +510,12 @@ struct OicSecPstat size_t smLen; // the number of elts in Sm OicSecDpom_t *sm; // 5:R:M:Y:oic.sec.dpom uint16_t commitHash; // 6:R:S:Y:oic.sec.sha256 - //TODO: this is supposed to be a 256-bit uint; temporarily use uint16_t - //TODO: need to decide which 256 bit and 128 bit types to use... boost? + OicUuid_t rownerID; // 7:R:S:Y:oic.uuid }; /** - * @brief /oic/sec/role (Role) data type. - * Derived from OIC Security Spec; see Spec for details. + * /oic/sec/role (Role) data type. + * Derived from OIC Security Spec; see Spec for details. */ struct OicSecRole { @@ -419,37 +525,120 @@ struct OicSecRole }; /** - * @brief /oic/sec/sacl (Signed Access Control List) data type. - * Derived from OIC Security Spec; see Spec for details. + * /oic/sec/sacl (Signed Access Control List) data type. + * Derived from OIC Security Spec; see Spec for details. */ struct OicSecSacl { // :::: //TODO fill in from OIC Security Spec +#if defined(_MSC_VER) + uint8_t unused; // VS doesn't like empty structs +#endif +}; + +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) +struct OicSecCrl +{ + uint16_t CrlId; + ByteArray_t ThisUpdate; + OicSecKey_t CrlData; +}; +#endif /* __WITH_DTLS__ or __WITH_TLS__ */ + +/** + * @brief direct pairing data type + */ +typedef struct OicPin OicDpPin_t; + +typedef struct OicSecPdAcl OicSecPdAcl_t; + +typedef struct OicSecPconf OicSecPconf_t; + +typedef struct OicSecDpairing OicSecDpairing_t; + +#define DP_PIN_LENGTH 8 // temporary length + +/** + * @brief /oic/sec/prmtype (Pairing Method Type) data type. + * 0: not allowed + * 1: pre-configured pin + * 2: random pin + */ +typedef enum PRMBitmask +{ + PRM_NOT_ALLOWED = 0x0, + PRM_PRE_CONFIGURED = (0x1 << 0), + PRM_RANDOM_PIN = (0x1 << 1), +} PRMBitmask_t; + +typedef PRMBitmask_t OicSecPrm_t; + + +struct OicPin +{ + uint8_t val[DP_PIN_LENGTH]; }; /** - * @brief /oic/sec/svc (Service requiring a secure connection) data type. - * Derived from OIC Security Spec; see Spec for details. + * @brief oic.sec.dpacltype (Device Pairing Access Control List) data type. */ -struct OicSecSvc +struct OicSecPdAcl { // :::: - OicUuid_t svcdid; //0:R:S:Y:oic.uuid - OicSecSvcType_t svct; //1:R:M:Y:OIC Service Type - size_t ownersLen; //2:the number of elts in Owners - OicUuid_t *owners; //3:R:M:Y:oic.uuid - OicSecSvc_t *next; + char **resources; // 0:R:M:Y:String + size_t resourcesLen; // the number of elts in Resources + uint16_t permission; // 1:R:S:Y:UINT16 + char **periods; // 2:R:M*:N:String (<--M*; see Spec) + char **recurrences; // 3:R:M:N:String + size_t prdRecrLen; // the number of elts in Periods/Recurrences + OicSecPdAcl_t *next; }; -#ifdef __WITH_X509__ -struct OicSecCrl +/** + * @brief /oic/sec/pconf (Pairing Configuration) data type + */ +struct OicSecPconf { - uint16_t CrlId; - ByteArray ThisUpdate; - ByteArray CrlData; + // :::: + bool edp; // 0:W:S:M:Boolean + OicSecPrm_t *prm; // 1:R:M:N:UINT16 + size_t prmLen; // the number of elts in Prm + OicDpPin_t pin; // 2:R:S:Y:String + OicSecPdAcl_t *pdacls; // 3:R:M:Y:oic.sec.pdacltype + OicUuid_t *pddevs; // 4:R:M:Y:oic.uuid + size_t pddevLen; // the number of elts in pddev + OicUuid_t deviceID; // 5:R:S:Y:oic.uuid + OicUuid_t rownerID; // 6:R:S:Y:oic.uuid +}; + +/** + * @brief /oic/sec/dpairing (Device Pairing) data type + */ +struct OicSecDpairing +{ + // :::: + OicSecPrm_t spm; // 0:R/W:S:Y:UINT16 + OicUuid_t pdeviceID; // 1:R:S:Y:oic.uuid + OicUuid_t rownerID; // 2:R:S:Y:oic.uuid +}; + +#define OIC_SEC_MAX_VER_LEN 16 // Security Version length. i.e., 00.00.000 + reserved space + +/** + * @brief security version data type + */ +typedef struct OicSecVer OicSecVer_t; + +/** + * @brief /oic/sec/ver (Security Version) data type + */ +struct OicSecVer +{ + // :::: + char secv[OIC_SEC_MAX_VER_LEN]; // 0:R:S:Y:String + OicUuid_t deviceID; // 1:R:S:Y:oic.uuid }; -#endif /* __WITH_X509__ */ #ifdef __cplusplus }