X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=resource%2Fcsdk%2Fsecurity%2Fprovisioning%2Fsample%2Fcloud%2FcloudCommon.c;h=d4913b53409ebd5895201a682266964df84a9689;hb=7f00f942c39b7bc27c7eeecf213a239c3fe4173c;hp=ce7f7e1065543f113441f3e71110c77ccc26485e;hpb=edcfc3d2329da7b914771c0dcff5f42c9b74fd93;p=platform%2Fupstream%2Fiotivity.git diff --git a/resource/csdk/security/provisioning/sample/cloud/cloudCommon.c b/resource/csdk/security/provisioning/sample/cloud/cloudCommon.c index ce7f7e1..d4913b5 100644 --- a/resource/csdk/security/provisioning/sample/cloud/cloudCommon.c +++ b/resource/csdk/security/provisioning/sample/cloud/cloudCommon.c @@ -20,10 +20,11 @@ #include #include #include +#include #include "ocstack.h" #include "logger.h" -#include "camutex.h" +#include "octhread.h" #include "cathreadpool.h" #include "ocpayload.h" #include "payload_logging.h" @@ -32,6 +33,8 @@ #include "ocprovisioningmanager.h" #include "casecurityinterface.h" #include "mbedtls/ssl_ciphersuites.h" +#include "pkix_interface.h" +#include "../hw_emul/hw_interface.h" #include "utils.h" #include "cloudAuth.h" @@ -65,8 +68,8 @@ static char *fname = DEFAULT_DB_FILE; static uint64_t timeout; static uint16_t g_credId = 0; -static ca_cond cond; -static ca_mutex mutex; +static oc_cond cond; +static oc_mutex mutex; typedef enum { SIGN_UP = 1, @@ -80,6 +83,8 @@ typedef enum { USE_RSA = 8, SAVE_TRUST_CERT = 9, USE_SECURE_CONN = 10, + CONFIG_SELF_OWNERSHIP = 11, + SECURE_STORAGE_HW_EMULATION = 12, DISCOVERY = 13, GET = 14, @@ -144,6 +149,8 @@ static void printMenu(OCMode mode) printf("** %d - Change TLS cipher suite (ECDSA/RSA)\n", USE_RSA); printf("** %d - Save Trust Cert. Chain into Cred of SVR\n", SAVE_TRUST_CERT); printf("** %d - Change Protocol type (CoAP/CoAPs)\n", USE_SECURE_CONN); + printf("** %d - Configure SVRdb as Self-OwnerShip\n", CONFIG_SELF_OWNERSHIP); + printf("** %d - Configure Secure Storage HW Emulation\n", SECURE_STORAGE_HW_EMULATION); if (OC_CLIENT == mode) { @@ -205,9 +212,9 @@ void unlockMenu(void *data) if (!fExit) { - ca_mutex_lock(mutex); - ca_cond_signal(cond); - ca_mutex_unlock(mutex); + oc_mutex_lock(mutex); + oc_cond_signal(cond); + oc_mutex_unlock(mutex); } } @@ -334,18 +341,18 @@ static OCStackResult saveTrustCert(void) OCStackResult res = OC_STACK_ERROR; OIC_LOG(INFO, TAG, "Save Trust Cert. Chain into Cred of SVR"); - ByteArray_t trustCertChainArray = {0, 0}; + OCByteString trustCertChainArray = {0, 0}; const char *filename = "rootca.crt"; - if (!readFile(filename, (OCByteString *)&trustCertChainArray)) + if (!readFile(filename, &trustCertChainArray)) { OIC_LOG_V(ERROR, TAG, "Can't read %s file", filename); - OICFree(((OCByteString *)&trustCertChainArray)->bytes); + OICFree(trustCertChainArray.bytes); return OC_STACK_ERROR; } - OIC_LOG_BUFFER(DEBUG, TAG, trustCertChainArray.data, trustCertChainArray.len); + OIC_LOG_BUFFER(DEBUG, TAG, trustCertChainArray.bytes, trustCertChainArray.len); - res = OCSaveTrustCertChain(trustCertChainArray.data, trustCertChainArray.len, OIC_ENCODING_PEM,&g_credId); + res = OCSaveTrustCertChain(trustCertChainArray.bytes, trustCertChainArray.len, OIC_ENCODING_PEM,&g_credId); if (OC_STACK_OK != res) { @@ -355,11 +362,86 @@ static OCStackResult saveTrustCert(void) { OIC_LOG_V(INFO, TAG, "CredId of Saved Trust Cert. Chain into Cred of SVR : %d.\n", g_credId); } - OICFree(trustCertChainArray.data); + OICFree(trustCertChainArray.bytes); return res; } +static OCStackResult configSelfOwnership(void) +{ + OCStackResult res = OC_STACK_ERROR; + OIC_LOG(INFO, TAG, "Configures SVR DB as self-ownership."); + + res = OCConfigSelfOwnership(); + + if (OC_STACK_OK != res) + { + OIC_LOG(ERROR, TAG, "OCConfigSelfOwnership API error. Please check SVR DB"); + } + else + { + OIC_LOG(INFO, TAG, "Success to configures SVR DB as self-ownership"); + } + + return res; +} + +static void configSecureStorageHwEmulation() +{ + OIC_LOG(INFO, TAG, "Enable Secure Storage HW Emulation"); + + printf(" Enter Own Certificate File Path[~4095]: "); + char cert_filepath[4096] = {0,}; + for(int ret=0; 1!=ret; ) + { + ret = scanf("%255s", cert_filepath); + for( ; 0x20<=getchar(); ); // for removing overflow garbages + // '0x20<=code' is character region + } + + printf(" Enter Private Key File Path[~4095]: "); + char key_filepath[4096] = {0,}; + for(int ret=0; 1!=ret; ) + { + ret = scanf("%255s", key_filepath); + for( ; 0x20<=getchar(); ); // for removing overflow garbages + // '0x20<=code' is character region + } + + printf(" Enter Password for Key Password[~31][Press (Enter) to not set]: "); + char pwd[32] = {0,}; + for(int i=0; i < 31; i++) + { + pwd[i] = (char)getchar(); + if (0x20 <= pwd[i]) + { + pwd[i--] = '\0'; + continue; + } + if (0x0A == pwd[i]) + { + pwd[i] = '\0'; + break; + } + } + + if (0 != SSemulSetCertkeyFilepath(cert_filepath, key_filepath, pwd)) + { + OIC_LOG(ERROR, TAG, " Fail to set cert/key file path"); + return; + } + + if (0 != SetHwPkixCallbacks(HWGetKeyContext, + HWFreeKeyContext, + HWGetOwnCertificateChain, + HWSetupPkContext)) + { + OIC_LOG(ERROR, TAG, " Fail to regist HW Pkix Callbacks"); + return; + } + OIC_LOG(INFO, TAG, " Success to regist HW Pkix Callbacks"); +} + static void wrongRequest() { printf(">> Entered Wrong Menu Number. Please Enter Again\n\n"); @@ -379,8 +461,8 @@ static void userRequests(void *data) strncpy(endPoint.addr, DEFAULT_HOST, sizeof(endPoint.addr)); endPoint.port = DEFAULT_PORT; - mutex = ca_mutex_new(); - cond = ca_cond_new(); + mutex = oc_mutex_new(); + cond = oc_cond_new(); while (false == fExit) { @@ -522,7 +604,7 @@ static void userRequests(void *data) { int tmp = 0; readInteger(&tmp, "Select Cipher Suite", "0 - ECDSA, other - RSA"); - uint16_t cipher = tmp? MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA: + uint16_t cipher = tmp? MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256: MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8; if (CA_STATUS_OK != CASelectCipherSuite(cipher, CA_ADAPTER_TCP)) { @@ -543,9 +625,17 @@ static void userRequests(void *data) sendDataToServer = false; } break; + case CONFIG_SELF_OWNERSHIP: + configSelfOwnership(); + sendDataToServer = false; + break; + case SECURE_STORAGE_HW_EMULATION: + configSecureStorageHwEmulation(); + sendDataToServer = false; + break; case EXIT: - ca_mutex_free(mutex); - ca_cond_free(cond); + oc_mutex_free(mutex); + oc_cond_free(cond); fExit = true; sendDataToServer = false; break; @@ -560,9 +650,9 @@ static void userRequests(void *data) { if (OC_STACK_OK == res) { - ca_mutex_lock(mutex); - ca_cond_wait_for(cond, mutex, timeout); - ca_mutex_unlock(mutex); + oc_mutex_lock(mutex); + oc_cond_wait_for(cond, mutex, timeout); + oc_mutex_unlock(mutex); } else { @@ -627,7 +717,7 @@ bool parseCommandLineArguments(int argc, char *argv[]) OCStackResult initPersistentStorage() { //Initialize Persistent Storage for SVR database - static OCPersistentStorage ps = {server_fopen, fread, fwrite, fclose, unlink}; + static OCPersistentStorage ps = {server_fopen, fread, fwrite, fclose, unlink, NULL, NULL}; return OCRegisterPersistentStorageHandler(&ps); } @@ -641,7 +731,7 @@ OCStackResult startRequestsThread(OCMode *mode) return res; } - res = ca_thread_pool_add_task(g_threadPoolHandle, userRequests, mode); + res = ca_thread_pool_add_task(g_threadPoolHandle, userRequests, mode, NULL); if (CA_STATUS_OK != res) { OIC_LOG(ERROR, TAG, "thread pool add task error."); @@ -657,6 +747,10 @@ OCStackResult initProcess(OCMode mode) void startProcess() { + struct timespec timeout; + timeout.tv_sec = 0; + timeout.tv_nsec = 100000000L; + while(false == fExit) { if (OCProcess() != OC_STACK_OK) @@ -664,6 +758,7 @@ void startProcess() OIC_LOG(ERROR, TAG,"OCProcess process error, exit\n"); break; } + nanosleep(&timeout, NULL); } if (OCStop() != OC_STACK_OK)