X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=resource%2Fcsdk%2Fsecurity%2Fprovisioning%2Fsrc%2Foxmrandompin.c;h=314e5b7018bfca05b54eb5d41d9c917425bb87f0;hb=refs%2Ftags%2Ftizen_4.0.m2_release;hp=a3c76bc36f3b7f713f90596f889a48ee0fe57344;hpb=b2f2076a79aee404a8c01d2d01e576fce780558d;p=platform%2Fupstream%2Fiotivity.git diff --git a/resource/csdk/security/provisioning/src/oxmrandompin.c b/resource/csdk/security/provisioning/src/oxmrandompin.c index a3c76bc..314e5b7 100644 --- a/resource/csdk/security/provisioning/src/oxmrandompin.c +++ b/resource/csdk/security/provisioning/src/oxmrandompin.c @@ -21,7 +21,6 @@ #include #include "ocstack.h" -#include "ocsecurityconfig.h" #include "securevirtualresourcetypes.h" #include "doxmresource.h" #include "credresource.h" @@ -31,115 +30,172 @@ #include "oic_malloc.h" #include "logger.h" #include "pbkdf2.h" -#include "global.h" #include "base64.h" #include "oxmrandompin.h" #include "ownershiptransfermanager.h" #include "pinoxmcommon.h" +#include "oxmverifycommon.h" -#define TAG "OXM_RandomPIN" +#define TAG "OIC_OXM_RandomPIN" -char* CreatePinBasedSelectOxmPayload(OTMContext_t* otmCtx) +typedef enum PinState{ + PIN_INPUT_READY = 0, + PIN_INPUT_WAIT = 1, + PIN_INPUT_SUCCESS = 2, + PIN_INPUT_FAIL = 3 +} PinState_t; + +static PinState_t gPinState = PIN_INPUT_READY; + +OCStackResult CreatePinBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size) { - if(!otmCtx || !otmCtx->selectedDeviceInfo) + if(!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size) { - return NULL; + return OC_STACK_INVALID_PARAM; } otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_RANDOM_DEVICE_PIN; - OicUuid_t uuidPT = {.id={0}}; - if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT)) - { - OC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID"); - return NULL; - } - memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id, UUID_LENGTH); - - return BinToDoxmJSON(otmCtx->selectedDeviceInfo->doxm); + return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true); } -char* CreatePinBasedOwnerTransferPayload(OTMContext_t* otmCtx) +OCStackResult CreatePinBasedOwnerTransferPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size) { - if(!otmCtx || !otmCtx->selectedDeviceInfo) + if(!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size) { - return NULL; + return OC_STACK_INVALID_PARAM; } OicUuid_t uuidPT = {.id={0}}; + *payload = NULL; + *size = 0; if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT)) { - OC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID"); - return NULL; + OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID"); + return OC_STACK_ERROR; } memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH); - otmCtx->selectedDeviceInfo->doxm->owned = true; - return BinToDoxmJSON(otmCtx->selectedDeviceInfo->doxm); + return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true); } -OCStackResult InputPinCodeCallback(OTMContext_t* otmCtx) +OCStackResult InputPinCodeCallback(OTMContext_t *otmCtx) { - if(!otmCtx || !otmCtx->selectedDeviceInfo) + if (!otmCtx || !otmCtx->selectedDeviceInfo) { return OC_STACK_INVALID_PARAM; } - uint8_t pinData[OXM_RANDOM_PIN_SIZE + 1]; + uint8_t pinData[OXM_RANDOM_PIN_MAX_SIZE + 1] = {0}; + OCStackResult res = OC_STACK_ERROR; - OCStackResult res = InputPin((char*)pinData, OXM_RANDOM_PIN_SIZE + 1); - if(OC_STACK_OK != res) + if (PIN_INPUT_WAIT == gPinState) { - OC_LOG(ERROR, TAG, "Failed to input PIN"); - return res; + OIC_LOG(ERROR, TAG, "Pin input callback invoked already"); + NotifyInputState(); + SetResult(otmCtx, res); + return OC_STACK_NOT_ACCEPTABLE; } - OicUuid_t deviceUUID = {.id={0}}; - if (OC_STACK_OK != GetDoxmDeviceID(&deviceUUID)) + gPinState = PIN_INPUT_WAIT; + + res = InputPin((char*)pinData, sizeof(pinData)); + if (OC_STACK_OK != res) { - OC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID"); - return OC_STACK_ERROR; + OIC_LOG(ERROR, TAG, "Failed to input PIN"); + gPinState = PIN_INPUT_FAIL; + SetResult(otmCtx, res); + return res; } - - res = AddTmpPskWithPIN(&otmCtx->selectedDeviceInfo->doxm->deviceID, - SYMMETRIC_PAIR_WISE_KEY, - (char*)pinData, OXM_RANDOM_PIN_SIZE, - 1, &deviceUUID, &otmCtx->subIdForPinOxm); - if(res != OC_STACK_OK) + gPinState = PIN_INPUT_SUCCESS; + + /** + * Since PSK will be used directly while PIN based ownership transfer, + * Credential should not be saved into SVR. + * For this reason, We will use a temporary get_psk_info callback to random PIN OxM. + */ + //in case of OTM + if(!(otmCtx->selectedDeviceInfo->doxm->owned)) + { + if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskForRandomPinOxm)) + { + OIC_LOG(ERROR, TAG, "Failed to register DTLS credentials handler for random PIN OxM."); + res = OC_STACK_ERROR; + } + } +#ifdef MULTIPLE_OWNER + //in case of MOT + else if(otmCtx->selectedDeviceInfo->doxm->owned && + otmCtx->selectedDeviceInfo->doxm->mom && + OIC_MULTIPLE_OWNER_DISABLE != otmCtx->selectedDeviceInfo->doxm->mom->mode) { - OC_LOG_V(ERROR, TAG, "Failed to save the temporal PSK : %d", res); + if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskForMotRandomPinOxm)) + { + OIC_LOG(ERROR, TAG, "Failed to register TLS credentials handler for random PIN OxM."); + res = OC_STACK_ERROR; + } } +#endif //MULTIPLE_OWNER + + //Set the device id to derive temporal PSK + SetUuidForPinBasedOxm(&(otmCtx->selectedDeviceInfo->doxm->deviceID)); return res; } -OCStackResult CreateSecureSessionRandomPinCallbak(OTMContext_t* otmCtx) +OCStackResult CreateSecureSessionRandomPinCallback(OTMContext_t* otmCtx) { - OC_LOG(INFO, TAG, "IN CreateSecureSessionRandomPinCallbak"); + OIC_LOG(INFO, TAG, "IN CreateSecureSessionRandomPinCallbak"); - if(!otmCtx || !otmCtx->selectedDeviceInfo) + if (!otmCtx || !otmCtx->selectedDeviceInfo) { return OC_STACK_INVALID_PARAM; } + CAResult_t caresult = CAEnableAnonECDHCipherSuite(false); + if (CA_STATUS_OK != caresult) + { + OIC_LOG_V(ERROR, TAG, "Unable to disable anon cipher suite"); + return OC_STACK_ERROR; + } + OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled."); + + caresult = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, otmCtx->selectedDeviceInfo->endpoint.adapter); + if (CA_STATUS_OK != caresult) + { + OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"); + return OC_STACK_ERROR; + } + OIC_LOG(INFO, TAG, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 cipher suite selected."); + OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo; - CAEndpoint_t *endpoint = (CAEndpoint_t *)OICCalloc(1, sizeof (CAEndpoint_t)); - if(NULL == endpoint) + CAEndpoint_t endpoint; + memcpy(&endpoint, &selDevInfo->endpoint, sizeof(CAEndpoint_t)); + + if(CA_ADAPTER_IP == endpoint.adapter) + { + endpoint.port = selDevInfo->securePort; + caresult = CAInitiateHandshake(&endpoint); + } + else if (CA_ADAPTER_GATT_BTLE == endpoint.adapter) + { + caresult = CAInitiateHandshake(&endpoint); + } +#ifdef __WITH_TLS__ + else { - return OC_STACK_NO_MEMORY; + endpoint.port = selDevInfo->tcpPort; + caresult = CAinitiateSslHandshake(&endpoint); } - memcpy(endpoint,&selDevInfo->endpoint,sizeof(CAEndpoint_t)); - endpoint->port = selDevInfo->securePort; - CAResult_t caresult = CAInitiateHandshake(endpoint); - OICFree(endpoint); +#endif if (CA_STATUS_OK != caresult) { - OC_LOG_V(ERROR, TAG, "DTLS handshake failure."); + OIC_LOG_V(ERROR, TAG, "DTLS handshake failure."); return OC_STACK_ERROR; } - OC_LOG(INFO, TAG, "OUT CreateSecureSessionRandomPinCallbak"); + OIC_LOG(INFO, TAG, "OUT CreateSecureSessionRandomPinCallbak"); return OC_STACK_OK; }