X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=resource%2Fcsdk%2Fsecurity%2Fsrc%2Fcredresource.c;h=d4a7c613421d0d66d29beb9fb4c50a0b76e00d2f;hb=3c093548382bb2542c87a67e6e5fa32552c29cb3;hp=2011be01d4d9c2a4e26b5ef070b67b83d616ca7e;hpb=edcfc3d2329da7b914771c0dcff5f42c9b74fd93;p=platform%2Fupstream%2Fiotivity.git diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c index 2011be0..d4a7c61 100644 --- a/resource/csdk/security/src/credresource.c +++ b/resource/csdk/security/src/credresource.c @@ -60,10 +60,6 @@ #include #endif -#ifdef __WITH_DTLS__ -#include "global.h" -#endif - #define TAG "OIC_SRM_CREDL" /** Max credential types number used for TLS */ @@ -73,16 +69,19 @@ static const uint16_t CBOR_SIZE = 2048; /** Max cbor size payload. */ -static const uint16_t CBOR_MAX_SIZE = 4400; +//static const uint16_t CBOR_MAX_SIZE = 4400; /** CRED size - Number of mandatory items. */ static const uint8_t CRED_ROOT_MAP_SIZE = 4; static const uint8_t CRED_MAP_SIZE = 3; - static OicSecCred_t *gCred = NULL; static OCResourceHandle gCredHandle = NULL; +#ifdef MULTIPLE_OWNER +#define PRECONF_PIN_MIN_SIZE (8) +#endif + typedef enum CredCompareResult{ CRED_CMP_EQUAL = 0, CRED_CMP_NOT_EQUAL = 1, @@ -90,14 +89,48 @@ typedef enum CredCompareResult{ }CredCompareResult_t; /** + * Internal function to check a subject of SIGNED_ASYMMETRIC_KEY(Certificate). + * If that subject is NULL or wildcard, set it to own deviceID. + * @param cred credential on SVR DB file + * @param deviceID own deviceuuid of doxm resource + * + * @return + * true successfully done + * false Invalid cred + */ +static bool CheckSubjectOfCertificate(OicSecCred_t* cred, OicUuid_t deviceID) +{ + OicUuid_t emptyUuid = {.id={0}}; + OIC_LOG(DEBUG, TAG, "IN CheckSubjectOfCertificate"); + VERIFY_NON_NULL(TAG, cred, ERROR); + +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) + if ( SIGNED_ASYMMETRIC_KEY == cred->credType) + { + if((0 == memcmp(cred->subject.id, emptyUuid.id, sizeof(cred->subject.id))) || + (0 == memcmp(cred->subject.id, &WILDCARD_SUBJECT_ID, sizeof(cred->subject.id)))) + { + memcpy(cred->subject.id, deviceID.id, sizeof(deviceID.id)); + } + } +#endif + + OIC_LOG(DEBUG, TAG, "OUT CheckSubjectOfCertificate"); + return true; +exit: + OIC_LOG(ERROR, TAG, "OUT CheckSubjectOfCertificate"); + return false; +} + +/** * Internal function to check credential */ -static bool IsVaildCredential(const OicSecCred_t* cred) +static bool IsValidCredential(const OicSecCred_t* cred) { OicUuid_t emptyUuid = {.id={0}}; - OIC_LOG(DEBUG, TAG, "IN IsVaildCredential"); + OIC_LOG(INFO, TAG, "IN IsValidCredential"); VERIFY_NON_NULL(TAG, cred, ERROR); VERIFY_SUCCESS(TAG, 0 != cred->credId, ERROR); @@ -124,6 +157,10 @@ static bool IsVaildCredential(const OicSecCred_t* cred) { VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR); VERIFY_SUCCESS(TAG, 0 != cred->publicData.len, ERROR); + VERIFY_SUCCESS(TAG, \ + (OIC_ENCODING_UNKNOW < cred->publicData.encoding && \ + OIC_ENCODING_DER >= cred->publicData.encoding), + ERROR); break; } case SIGNED_ASYMMETRIC_KEY: @@ -134,10 +171,8 @@ static bool IsVaildCredential(const OicSecCred_t* cred) if(NULL != cred->optionalData.data) { VERIFY_SUCCESS(TAG, \ - (OIC_ENCODING_RAW == cred->optionalData.encoding ||\ - OIC_ENCODING_BASE64 == cred->optionalData.encoding || \ - OIC_ENCODING_PEM == cred->optionalData.encoding || \ - OIC_ENCODING_DER == cred->optionalData.encoding), \ + (OIC_ENCODING_UNKNOW < cred->optionalData.encoding && \ + OIC_ENCODING_DER >= cred->optionalData.encoding), ERROR); } break; @@ -147,10 +182,8 @@ static bool IsVaildCredential(const OicSecCred_t* cred) VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR); VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR); VERIFY_SUCCESS(TAG, \ - (OIC_ENCODING_RAW == cred->privateData.encoding ||\ - OIC_ENCODING_BASE64 == cred->privateData.encoding || \ - OIC_ENCODING_PEM == cred->privateData.encoding || \ - OIC_ENCODING_DER == cred->privateData.encoding), \ + (OIC_ENCODING_UNKNOW < cred->privateData.encoding && \ + OIC_ENCODING_DER >= cred->privateData.encoding), ERROR); break; } @@ -164,10 +197,10 @@ static bool IsVaildCredential(const OicSecCred_t* cred) VERIFY_SUCCESS(TAG, 0 != memcmp(emptyUuid.id, cred->subject.id, sizeof(cred->subject.id)), ERROR); - OIC_LOG(DEBUG, TAG, "OUT IsVaildCredential"); + OIC_LOG(INFO, TAG, "OUT IsValidCredential : Credential are valid."); return true; exit: - OIC_LOG(WARNING, TAG, "OUT IsVaildCredential : Invalid Credential detected."); + OIC_LOG(WARNING, TAG, "OUT IsValidCredential : Invalid Credential detected."); return false; } @@ -221,7 +254,7 @@ static void FreeCred(OicSecCred_t *cred) //Clean Period OICFree(cred->period); -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER //Clean eowner OICFree(cred->eownerID); #endif @@ -281,6 +314,261 @@ static size_t OicSecCredCount(const OicSecCred_t *secCred) return size; } +static char* EncodingValueToString(OicEncodingType_t encoding) +{ + char* str = NULL; + switch (encoding) + { + case OIC_ENCODING_RAW: + str = (char*)OIC_SEC_ENCODING_RAW; + break; + case OIC_ENCODING_BASE64: + str = (char*)OIC_SEC_ENCODING_BASE64; + break; + case OIC_ENCODING_DER: + str = (char*)OIC_SEC_ENCODING_DER; + break; + case OIC_ENCODING_PEM: + str = (char*)OIC_SEC_ENCODING_PEM; + break; + default: + break; + } + return str; +} + +static CborError SerializeEncodingToCborInternal(CborEncoder *map, const OicSecKey_t *value) +{ + CborError cborEncoderResult = CborNoError; + char *encoding = EncodingValueToString(value->encoding); + if (encoding) + { + cborEncoderResult = cbor_encode_text_string(map, OIC_JSON_ENCODING_NAME, + strlen(OIC_JSON_ENCODING_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Encoding Tag."); + cborEncoderResult = cbor_encode_text_string(map, encoding, + strlen(encoding)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Encoding Value."); + + cborEncoderResult = cbor_encode_text_string(map, OIC_JSON_DATA_NAME, + strlen(OIC_JSON_DATA_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Name Tag."); + if (OIC_ENCODING_DER == value->encoding || + OIC_ENCODING_RAW == value->encoding) + { + cborEncoderResult = cbor_encode_byte_string(map, + value->data, value->len); + } + else + { + cborEncoderResult = cbor_encode_text_string(map, + (char*)value->data, value->len); + } + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Name Value."); + } + else + { + OIC_LOG(ERROR, TAG, "Unknown encoding type."); + VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding Encoding Value."); + } + exit: + return cborEncoderResult; +} + +static CborError SerializeEncodingToCbor(CborEncoder *rootMap, const char* tag, const OicSecKey_t *value) +{ + CborError cborEncoderResult = CborNoError; + CborEncoder map; + const size_t mapSize = 2; + + cborEncoderResult = cbor_encode_text_string(rootMap, tag, strlen(tag)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Tag."); + + cborEncoderResult = cbor_encoder_create_map(rootMap, &map, mapSize); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Map"); + + VERIFY_CBOR_SUCCESS(TAG, SerializeEncodingToCborInternal(&map, value), + "Failed adding OicSecKey_t structure"); + + cborEncoderResult = cbor_encoder_close_container(rootMap, &map); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Map."); + + exit: + return cborEncoderResult; +} + +static CborError SerializeSecOptToCbor(CborEncoder *rootMap, const char* tag, const OicSecOpt_t *value) +{ + CborError cborEncoderResult = CborNoError; + CborEncoder map; + const size_t mapSize = 3; + + cborEncoderResult = cbor_encode_text_string(rootMap, tag, strlen(tag)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Tag."); + + cborEncoderResult = cbor_encoder_create_map(rootMap, &map, mapSize); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Map"); + + OicSecKey_t in; + in.data = value->data; + in.encoding = value->encoding; + in.len = value->len; + + VERIFY_CBOR_SUCCESS(TAG, SerializeEncodingToCborInternal(&map, &in), + "Failed adding OicSecKey_t structure"); + + cborEncoderResult = cbor_encode_text_string(&map, OIC_JSON_REVOCATION_STATUS_NAME, + strlen(OIC_JSON_REVOCATION_STATUS_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional revstat Tag."); + cborEncoderResult = cbor_encode_boolean(&map, value->revstat); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional revstat Value."); + + cborEncoderResult = cbor_encoder_close_container(rootMap, &map); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Map."); + + exit: + return cborEncoderResult; +} + +static CborError DeserializeEncodingFromCborInternal(CborValue *map, char *name, OicSecKey_t *value) +{ + size_t len = 0; + CborError cborFindResult = CborNoError; + + // data -- Mandatory + if (strcmp(name, OIC_JSON_DATA_NAME) == 0) + { + if(cbor_value_is_byte_string(map)) + { + cborFindResult = cbor_value_dup_byte_string(map, &value->data, + &value->len, NULL); + } + else if(cbor_value_is_text_string(map)) + { + cborFindResult = cbor_value_dup_text_string(map, (char**)(&value->data), + &value->len, NULL); + } + else + { + cborFindResult = CborErrorUnknownType; + OIC_LOG(ERROR, TAG, "Unknown type for private data."); + } + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PrivateData."); + } + + // encoding -- Mandatory + if (strcmp(name, OIC_JSON_ENCODING_NAME) == 0) + { + char* strEncoding = NULL; + cborFindResult = cbor_value_dup_text_string(map, &strEncoding, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType"); + + if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0) + { + value->encoding = OIC_ENCODING_RAW; + } + else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0) + { + value->encoding = OIC_ENCODING_BASE64; + } + else if(strcmp(strEncoding, OIC_SEC_ENCODING_DER) == 0) + { + value->encoding = OIC_ENCODING_DER; + } + else if(strcmp(strEncoding, OIC_SEC_ENCODING_PEM) == 0) + { + value->encoding = OIC_ENCODING_PEM; + } + else + { + //For unit test + value->encoding = OIC_ENCODING_RAW; + OIC_LOG(WARNING, TAG, "Unknown encoding type detected."); + } + OICFree(strEncoding); + } + exit: + return cborFindResult; +} + +static CborError DeserializeEncodingFromCbor(CborValue *rootMap, OicSecKey_t *value) +{ + CborValue map = { .parser = NULL }; + CborError cborFindResult = cbor_value_enter_container(rootMap, &map); + size_t len = 0; + + while (cbor_value_is_valid(&map)) + { + char* name = NULL; + CborType type = cbor_value_get_type(&map); + if (type == CborTextStringType && cbor_value_is_text_string(&map)) + { + cborFindResult = cbor_value_dup_text_string(&map, &name, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text"); + cborFindResult = cbor_value_advance(&map); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value"); + } + if (name) + { + VERIFY_CBOR_SUCCESS(TAG, DeserializeEncodingFromCborInternal(&map, name, value), + "Failed to read OicSecKey_t value"); + } + if (cbor_value_is_valid(&map)) + { + cborFindResult = cbor_value_advance(&map); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Map."); + } + OICFree(name); + } + exit: + return cborFindResult; +} + +static CborError DeserializeSecOptFromCbor(CborValue *rootMap, OicSecOpt_t *value) +{ + CborValue map = { .parser = NULL }; + CborError cborFindResult = cbor_value_enter_container(rootMap, &map); + size_t len = 0; + value->revstat = false; + + while (cbor_value_is_valid(&map)) + { + char* name = NULL; + CborType type = cbor_value_get_type(&map); + if (type == CborTextStringType && cbor_value_is_text_string(&map)) + { + cborFindResult = cbor_value_dup_text_string(&map, &name, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text"); + cborFindResult = cbor_value_advance(&map); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value"); + } + if (name) + { + // OptionalData::revstat -- Mandatory + if (strcmp(name, OIC_JSON_REVOCATION_STATUS_NAME) == 0) + { + cborFindResult = cbor_value_get_boolean(&map, &value->revstat); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding revstat Value.") + } + OicSecKey_t out; + VERIFY_CBOR_SUCCESS(TAG, DeserializeEncodingFromCborInternal(&map, name, &out), + "Failed to read OicSecKey_t value"); + + value->data = out.data; + value->encoding = out.encoding; + value->len = out.len; + } + if (cbor_value_is_valid(&map)) + { + cborFindResult = cbor_value_advance(&map); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Map."); + } + OICFree(name); + } + exit: + return cborFindResult; +} + OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload, size_t *cborSize, int secureFlag) { @@ -334,12 +622,12 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload } #if defined(__WITH_DTLS__) || defined(__WITH_TLS__) -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER if(cred->eownerID) { mapSize++; } -#endif //_ENABLE_MULTIPLE_OWNER_ +#endif //MULTIPLE_OWNER if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data) { @@ -372,7 +660,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_SUBJECTID_NAME, strlen(OIC_JSON_SUBJECTID_NAME)); VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Tag."); - inLen = (memcmp(&(cred->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN) == 0) ? + inLen = (memcmp(&(cred->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ? WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t); if(inLen == WILDCARD_SUBJECT_ID_LEN) { @@ -401,120 +689,16 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload //PublicData -- Not Mandatory if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data) { - CborEncoder publicMap; - const size_t publicMapSize = 2; - - cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PUBLICDATA_NAME, - strlen(OIC_JSON_PUBLICDATA_NAME)); + cborEncoderResult = SerializeEncodingToCbor(&credMap, + OIC_JSON_PUBLICDATA_NAME, &cred->publicData); VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Tag."); - - cborEncoderResult = cbor_encoder_create_map(&credMap, &publicMap, publicMapSize); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Map"); - - cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_DATA_NAME, - strlen(OIC_JSON_DATA_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Data Tag."); - cborEncoderResult = cbor_encode_byte_string(&publicMap, cred->publicData.data, - cred->publicData.len); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Value."); - - // TODO: Need to data strucure modification for OicSecCert_t. - cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_ENCODING_NAME, - strlen(OIC_JSON_ENCODING_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Tag."); - cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_SEC_ENCODING_DER, - strlen(OIC_SEC_ENCODING_DER)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Value."); - - cborEncoderResult = cbor_encoder_close_container(&credMap, &publicMap); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PublicData Map."); } //OptionalData -- Not Mandatory if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data) { - CborEncoder optionalMap; - const size_t optionalMapSize = 2; - - cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_OPTDATA_NAME, - strlen(OIC_JSON_OPTDATA_NAME)); + cborEncoderResult = SerializeSecOptToCbor(&credMap, + OIC_JSON_OPTDATA_NAME, &cred->optionalData); VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Tag."); - - cborEncoderResult = cbor_encoder_create_map(&credMap, &optionalMap, optionalMapSize); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Map"); - - // TODO: Need to data strucure modification for OicSecCert_t. - if(OIC_ENCODING_RAW == cred->optionalData.encoding) - { - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME, - strlen(OIC_JSON_ENCODING_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag."); - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_RAW, - strlen(OIC_SEC_ENCODING_RAW)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value."); - - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME, - strlen(OIC_JSON_DATA_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag."); - cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data, - cred->optionalData.len); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value."); - } - else if(OIC_ENCODING_BASE64 == cred->optionalData.encoding) - { - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME, - strlen(OIC_JSON_ENCODING_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag."); - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_BASE64, - strlen(OIC_SEC_ENCODING_BASE64)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value."); - - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME, - strlen(OIC_JSON_DATA_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag."); - cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data), - cred->optionalData.len); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value."); - } - else if(OIC_ENCODING_PEM == cred->optionalData.encoding) - { - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME, - strlen(OIC_JSON_ENCODING_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag."); - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_PEM, - strlen(OIC_SEC_ENCODING_PEM)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value."); - - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME, - strlen(OIC_JSON_DATA_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag."); - cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data), - cred->optionalData.len); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value."); - } - else if(OIC_ENCODING_DER == cred->optionalData.encoding) - { - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME, - strlen(OIC_JSON_ENCODING_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag."); - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_DER, - strlen(OIC_SEC_ENCODING_DER)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value."); - - cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME, - strlen(OIC_JSON_DATA_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag."); - cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data, - cred->optionalData.len); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value."); - } - else - { - OIC_LOG(ERROR, TAG, "Unknown encoding type for optional data."); - VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding optional Encoding Value."); - } - - cborEncoderResult = cbor_encoder_close_container(&credMap, &optionalMap); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing OptionalData Map."); } //CredUsage -- Not Mandatory if(cred->credUsage) @@ -530,74 +714,9 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload //PrivateData -- Not Mandatory if(!secureFlag && cred->privateData.data) { - CborEncoder privateMap; - const size_t privateMapSize = 2; - - cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PRIVATEDATA_NAME, - strlen(OIC_JSON_PRIVATEDATA_NAME)); + cborEncoderResult = SerializeEncodingToCbor(&credMap, + OIC_JSON_PRIVATEDATA_NAME, &cred->privateData); VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Tag."); - - cborEncoderResult = cbor_encoder_create_map(&credMap, &privateMap, privateMapSize); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Map"); - - // TODO: Need to data strucure modification for OicSecKey_t. - // TODO: Added as workaround, will be replaced soon. - if(OIC_ENCODING_RAW == cred->privateData.encoding) - { - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME, - strlen(OIC_JSON_ENCODING_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag."); - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_RAW, - strlen(OIC_SEC_ENCODING_RAW)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value."); - - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME, - strlen(OIC_JSON_DATA_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag."); - cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data, - cred->privateData.len); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value."); - } - else if(OIC_ENCODING_BASE64 == cred->privateData.encoding) - { - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME, - strlen(OIC_JSON_ENCODING_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag."); - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_BASE64, - strlen(OIC_SEC_ENCODING_BASE64)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value."); - - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME, - strlen(OIC_JSON_DATA_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag."); - cborEncoderResult = cbor_encode_text_string(&privateMap, (char*)(cred->privateData.data), - cred->privateData.len); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value."); - } - else if(OIC_ENCODING_DER == cred->privateData.encoding) - { - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME, - strlen(OIC_JSON_ENCODING_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag."); - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_DER, - strlen(OIC_SEC_ENCODING_DER)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value."); - - cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME, - strlen(OIC_JSON_DATA_NAME)); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag."); - cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data, - cred->privateData.len); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value."); - } - else - { - OIC_LOG(ERROR, TAG, "Unknown encoding type for private data."); - VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding Private Encoding Value."); - } - - cborEncoderResult = cbor_encoder_close_container(&credMap, &privateMap); - VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PrivateData Map."); } //Period -- Not Mandatory @@ -611,7 +730,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Value."); } -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER // Eownerid -- Not Mandatory if(cred->eownerID) { @@ -625,7 +744,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value."); OICFree(eowner); } -#endif //_ENABLE_MULTIPLE_OWNER_ +#endif //MULTIPLE_OWNER cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap); VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map."); @@ -736,6 +855,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, cbor_parser_init(cborPayload, size, 0, &parser, &credCbor); OicSecCred_t *headCred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t)); + VERIFY_NON_NULL(TAG, headCred, ERROR); // Enter CRED Root Map CborValue CredRootMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 }; @@ -781,6 +901,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, else { cred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t)); + VERIFY_NON_NULL(TAG, cred, ERROR); OicSecCred_t *temp = headCred; while (temp->next) { @@ -789,8 +910,6 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, temp->next = cred; } - VERIFY_NON_NULL(TAG, cred, ERROR); - while(cbor_value_is_valid(&credMap) && cbor_value_is_text_string(&credMap)) { char* name = NULL; @@ -832,210 +951,42 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, // credtype if (strcmp(name, OIC_JSON_CREDTYPE_NAME) == 0) { +#ifdef __TIZENRT__ + cborFindResult = cbor_value_get_int(&credMap, (int *) &cred->credType); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredType."); +#else uint64_t credType = 0; cborFindResult = cbor_value_get_uint64(&credMap, &credType); VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredType."); cred->credType = (OicSecCredType_t)credType; +#endif } // privatedata if (strcmp(name, OIC_JSON_PRIVATEDATA_NAME) == 0) { - CborValue privateMap = { .parser = NULL }; - cborFindResult = cbor_value_enter_container(&credMap, &privateMap); + cborFindResult = DeserializeEncodingFromCbor(&credMap, &cred->privateData); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to read privateData structure"); - while (cbor_value_is_valid(&privateMap)) + OicEncodingType_t encoding = cred->privateData.encoding; + if (OIC_ENCODING_DER == encoding || OIC_ENCODING_PEM == encoding) { - char* privname = NULL; - CborType type = cbor_value_get_type(&privateMap); - if (type == CborTextStringType && cbor_value_is_text_string(&privateMap)) - { - cborFindResult = cbor_value_dup_text_string(&privateMap, &privname, - &len, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text"); - cborFindResult = cbor_value_advance(&privateMap); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value"); - } - if (privname) - { - // PrivateData::privdata -- Mandatory - if (strcmp(privname, OIC_JSON_DATA_NAME) == 0) - { - if(cbor_value_is_byte_string(&privateMap)) - { - cborFindResult = cbor_value_dup_byte_string(&privateMap, &cred->privateData.data, - &cred->privateData.len, NULL); - } - else if(cbor_value_is_text_string(&privateMap)) - { - cborFindResult = cbor_value_dup_text_string(&privateMap, (char**)(&cred->privateData.data), - &cred->privateData.len, NULL); - } - else - { - cborFindResult = CborErrorUnknownType; - OIC_LOG(ERROR, TAG, "Unknown type for private data."); - } - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PrivateData."); - } - - // PrivateData::encoding -- Mandatory - if (strcmp(privname, OIC_JSON_ENCODING_NAME) == 0) - { - // TODO: Added as workaround. Will be replaced soon. - char* strEncoding = NULL; - cborFindResult = cbor_value_dup_text_string(&privateMap, &strEncoding, &len, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType"); - - if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0) - { - cred->privateData.encoding = OIC_ENCODING_RAW; - } - else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0) - { - cred->privateData.encoding = OIC_ENCODING_BASE64; - } - else - { - //For unit test - cred->privateData.encoding = OIC_ENCODING_RAW; - OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for private data."); - } - - OICFree(strEncoding); - } - } - if (cbor_value_is_valid(&privateMap)) - { - cborFindResult = cbor_value_advance(&privateMap); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing privatedata Map."); - } - OICFree(privname); + //For unit test + cred->privateData.encoding = OIC_ENCODING_RAW; + OIC_LOG(WARNING, TAG, "Unknown encoding type detected for private data."); } - } #if defined(__WITH_DTLS__) || defined(__WITH_TLS__) //PublicData -- Not Mandatory if (strcmp(name, OIC_JSON_PUBLICDATA_NAME) == 0) { - CborValue pubMap = { .parser = NULL }; - cborFindResult = cbor_value_enter_container(&credMap, &pubMap); - - while (cbor_value_is_valid(&pubMap)) - { - char* pubname = NULL; - CborType type = cbor_value_get_type(&pubMap); - if (type == CborTextStringType && cbor_value_is_text_string(&pubMap)) - { - cborFindResult = cbor_value_dup_text_string(&pubMap, &pubname, - &len, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text"); - cborFindResult = cbor_value_advance(&pubMap); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value"); - } - if (pubname) - { - // PrivateData::privdata -- Mandatory - if (strcmp(pubname, OIC_JSON_DATA_NAME) == 0 && cbor_value_is_byte_string(&pubMap)) - { - cborFindResult = cbor_value_dup_byte_string(&pubMap, &cred->publicData.data, - &cred->publicData.len, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PubData."); - } - // PublicData::encoding -- Mandatory - if (strcmp(pubname, OIC_JSON_ENCODING_NAME) == 0) - { - // TODO: Need to update data structure, just ignore encoding value now. - } - } - if (cbor_value_is_valid(&pubMap)) - { - cborFindResult = cbor_value_advance(&pubMap); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing publicdata Map."); - } - OICFree(pubname); - } + cborFindResult = DeserializeEncodingFromCbor(&credMap, &cred->publicData); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to read publicData structure"); } //OptionalData -- Not Mandatory if (strcmp(name, OIC_JSON_OPTDATA_NAME) == 0) { - CborValue optMap = { .parser = NULL }; - cborFindResult = cbor_value_enter_container(&credMap, &optMap); - - while (cbor_value_is_valid(&optMap)) - { - char* optname = NULL; - CborType type = cbor_value_get_type(&optMap); - if (type == CborTextStringType && cbor_value_is_text_string(&optMap)) - { - cborFindResult = cbor_value_dup_text_string(&optMap, &optname, - &len, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text"); - cborFindResult = cbor_value_advance(&optMap); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value"); - } - if (optname) - { - // OptionalData::optdata -- Mandatory - if (strcmp(optname, OIC_JSON_DATA_NAME) == 0) - { - if(cbor_value_is_byte_string(&optMap)) - { - cborFindResult = cbor_value_dup_byte_string(&optMap, &cred->optionalData.data, - &cred->optionalData.len, NULL); - } - else if(cbor_value_is_text_string(&optMap)) - { - cborFindResult = cbor_value_dup_text_string(&optMap, (char**)(&cred->optionalData.data), - &cred->optionalData.len, NULL); - } - else - { - cborFindResult = CborErrorUnknownType; - OIC_LOG(ERROR, TAG, "Unknown type for optional data."); - } - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding OptionalData."); - } - // OptionalData::encoding -- Mandatory - if (strcmp(optname, OIC_JSON_ENCODING_NAME) == 0) - { - // TODO: Added as workaround. Will be replaced soon. - char* strEncoding = NULL; - cborFindResult = cbor_value_dup_text_string(&optMap, &strEncoding, &len, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType"); - - if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0) - { - OIC_LOG(INFO,TAG,"cbor_value_is_byte_string"); - cred->optionalData.encoding = OIC_ENCODING_RAW; - } - else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0) - { - cred->optionalData.encoding = OIC_ENCODING_BASE64; - } - else if(strcmp(strEncoding, OIC_SEC_ENCODING_PEM) == 0) - { - cred->optionalData.encoding = OIC_ENCODING_PEM; - } - else if(strcmp(strEncoding, OIC_SEC_ENCODING_DER) == 0) - { - cred->optionalData.encoding = OIC_ENCODING_DER; - } - else - { - //For unit test - cred->optionalData.encoding = OIC_ENCODING_RAW; - OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for optional data."); - } - OICFree(strEncoding); - } - } - if (cbor_value_is_valid(&optMap)) - { - cborFindResult = cbor_value_advance(&optMap); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing optdata Map."); - } - OICFree(optname); - } + cborFindResult = DeserializeSecOptFromCbor(&credMap, &cred->optionalData); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to read optionalData structure"); } //Credusage -- Not Mandatory if (0 == strcmp(OIC_JSON_CREDUSAGE_NAME, name)) @@ -1051,7 +1002,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period."); } -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER // Eowner uuid -- Not Mandatory if (strcmp(OIC_JSON_EOWNERID_NAME, name) == 0 && cbor_value_is_text_string(&credMap)) { @@ -1067,7 +1018,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, OICFree(eowner); VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR); } -#endif //_ENABLE_MULTIPLE_OWNER_ +#endif //MULTIPLE_OWNER if (cbor_value_is_valid(&credMap)) { @@ -1125,7 +1076,7 @@ exit: return ret; } -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER bool IsValidCredentialAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, size_t size) { OicSecCred_t* cred = NULL; @@ -1149,10 +1100,10 @@ exit: return isValidCred; } -#endif //_ENABLE_MULTIPLE_OWNER_ +#endif //MULTIPLE_OWNER OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t credType, - const OicSecCert_t * publicData, const OicSecKey_t* privateData, + const OicSecKey_t * publicData, const OicSecKey_t* privateData, const OicUuid_t * rownerID, const OicUuid_t * eownerID) { OIC_LOG(DEBUG, TAG, "IN GenerateCredential"); @@ -1190,41 +1141,22 @@ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t cr VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR); memcpy(cred->privateData.data, privateData->data, privateData->len); cred->privateData.len = privateData->len; - - // TODO: Added as workaround. Will be replaced soon. cred->privateData.encoding = OIC_ENCODING_RAW; - -#if 0 - // NOTE: Test codes to use base64 for credential. - uint32_t outSize = 0; - size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((privateData->len + 1)); - char* b64Buf = (uint8_t *)OICCalloc(1, b64BufSize); - VERIFY_NON_NULL(TAG, b64Buf, ERROR); - b64Encode(privateData->data, privateData->len, b64Buf, b64BufSize, &outSize); - - OICFree( cred->privateData.data ); - cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1); - VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR); - - strcpy(cred->privateData.data, b64Buf); - cred->privateData.encoding = OIC_ENCODING_BASE64; - cred->privateData.len = outSize; - OICFree(b64Buf); -#endif //End of Test codes - } VERIFY_NON_NULL(TAG, rownerID, ERROR); memcpy(&cred->rownerID, rownerID, sizeof(OicUuid_t)); -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER if(eownerID) { cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t)); VERIFY_NON_NULL(TAG, cred->eownerID, ERROR); memcpy(cred->eownerID->id, eownerID->id, sizeof(eownerID->id)); } -#endif //_ENABLE_MULTIPLE_OWNER_ +#else + (void)(eownerID); +#endif //MULTIPLE_OWNER_ ret = OC_STACK_OK; @@ -1252,7 +1184,7 @@ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t cr { OIC_LOG_V(DEBUG, TAG, "GenerateCredential : optionalData len: %d", cred->optionalData.len); OIC_LOG_BUFFER(DEBUG, TAG, cred->optionalData.data, cred->optionalData.len); - + OIC_LOG_V(DEBUG, TAG, "GenerateCredential : optionalData revstat: %d", cred->optionalData.revstat); } #endif //defined(__WITH_DTLS__) || defined(__WITH_TLS__) @@ -1278,7 +1210,7 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred) // This added '512' is arbitrary value that is added to cover the name of the resource, map addition and ending size_t size = GetCredKeyDataSize(cred); size += (512 * OicSecCredCount(cred)); - OIC_LOG_V(DEBUG, TAG, "cred size: %" PRIu64, size); + OIC_LOG_V(INFO, TAG, "target cred size: %zu - temporal size to make room for encoding", size); int secureFlag = 0; OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag); @@ -1373,7 +1305,7 @@ static OicSecCred_t* GetCredDefault() return NULL; } -static bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2) +static bool IsSameSecOpt(const OicSecOpt_t* sk1, const OicSecOpt_t* sk2) { VERIFY_NON_NULL(TAG, sk1, WARNING); VERIFY_NON_NULL(TAG, sk2, WARNING); @@ -1386,19 +1318,18 @@ exit: return false; } -#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) -static bool IsSameCert(const OicSecCert_t* cert1, const OicSecCert_t* cert2) +static bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2) { - VERIFY_NON_NULL(TAG, cert1, WARNING); - VERIFY_NON_NULL(TAG, cert2, WARNING); + VERIFY_NON_NULL(TAG, sk1, WARNING); + VERIFY_NON_NULL(TAG, sk2, WARNING); - VERIFY_SUCCESS(TAG, (cert1->len == cert2->len), INFO); - VERIFY_SUCCESS(TAG, (0 == memcmp(cert1->data, cert2->data, cert1->len)), INFO); + VERIFY_SUCCESS(TAG, (sk1->len == sk2->len), INFO); + VERIFY_SUCCESS(TAG, (sk1->encoding == sk2->encoding), INFO); + VERIFY_SUCCESS(TAG, (0 == memcmp(sk1->data, sk2->data, sk1->len)), INFO); return true; exit: return false; } -#endif //#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) /** * Compares credential @@ -1441,13 +1372,13 @@ static CredCompareResult_t CompareCredential(const OicSecCred_t * l, const OicSe { if(l->publicData.data && r->publicData.data) { - VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO); + VERIFY_SUCCESS(TAG, IsSameSecKey(&l->publicData, &r->publicData), INFO); isCompared = true; } if(l->optionalData.data && r->optionalData.data) { - VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO); + VERIFY_SUCCESS(TAG, IsSameSecOpt(&l->optionalData, &r->optionalData), INFO); isCompared = true; } @@ -1469,13 +1400,13 @@ static CredCompareResult_t CompareCredential(const OicSecCred_t * l, const OicSe if(l->publicData.data && r->publicData.data) { - VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO); + VERIFY_SUCCESS(TAG, IsSameSecKey(&l->publicData, &r->publicData), INFO); isCompared = true; } if(l->optionalData.data && r->optionalData.data) { - VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO); + VERIFY_SUCCESS(TAG, IsSameSecOpt(&l->optionalData, &r->optionalData), INFO); isCompared = true; } @@ -1484,8 +1415,9 @@ static CredCompareResult_t CompareCredential(const OicSecCred_t * l, const OicSe #endif //__WITH_DTLS__ or __WITH_TLS__ default: { + OIC_LOG_V(ERROR, TAG, "Invalid CredType(%d)", l->credType); cmpResult = CRED_CMP_ERROR; - break; + goto exit; } } @@ -1517,7 +1449,7 @@ OCStackResult AddCredential(OicSecCred_t * newCred) VERIFY_SUCCESS(TAG, NULL != newCred, ERROR); //Assigning credId to the newCred newCred->credId = GetCredId(); - VERIFY_SUCCESS(TAG, true == IsVaildCredential(newCred), ERROR); + VERIFY_SUCCESS(TAG, true == IsValidCredential(newCred), ERROR); //the newCred is not valid if it is empty @@ -1553,6 +1485,7 @@ OCStackResult AddCredential(OicSecCred_t * newCred) //Append the new Cred to existing list if new Cred is valid if (validFlag) { + OIC_LOG(INFO, TAG, "New credentials are added to the cred resource"); LL_APPEND(gCred, newCred); } if (memcmp(&(newCred->rownerID), &emptyOwner, sizeof(OicUuid_t)) != 0) @@ -1561,9 +1494,15 @@ OCStackResult AddCredential(OicSecCred_t * newCred) } if (UpdatePersistentStorage(gCred)) { + OIC_LOG(DEBUG, TAG, "UpdatePersistentStorage() Success"); ret = OC_STACK_OK; } - + else + { + OIC_LOG(ERROR, TAG, "UpdatePersistentStorage() Failed"); + LL_DELETE(gCred, newCred); + ret = OC_STACK_INCONSISTENT_DB; + } exit: OIC_LOG(DEBUG, TAG, "OUT AddCredential"); return ret; @@ -1693,7 +1632,11 @@ static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoi // TODO: Added as workaround, will be replaced soon. if(OIC_ENCODING_RAW == receviedCred->privateData.encoding) { +#ifndef __TIZENRT__ receviedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128); +#else + receviedCred->privateData.data = (uint8_t *)OICRealloc(receviedCred->privateData.data, OWNER_PSK_LENGTH_128); +#endif VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR); receviedCred->privateData.len = OWNER_PSK_LENGTH_128; memcpy(receviedCred->privateData.data, ownerPSK, OWNER_PSK_LENGTH_128); @@ -1708,8 +1651,11 @@ static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoi b64res = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize); VERIFY_SUCCESS(TAG, B64_OK == b64res, ERROR); - +#ifndef __TIZENRT__ receviedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1); +#else + receviedCred->privateData.data = (uint8_t *)OICRealloc(receviedCred->privateData.data, b64OutSize + 1); +#endif VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR); receviedCred->privateData.len = b64OutSize; strncpy((char*)receviedCred->privateData.data, b64Buf, b64OutSize); @@ -1739,7 +1685,7 @@ exit: } -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER /** * Internal function to fill private data of SubOwner PSK. * @@ -1810,7 +1756,93 @@ exit: OICFree(b64Buf); return false; } -#endif //_ENABLE_MULTIPLE_OWNER_ +#endif //MULTIPLE_OWNER + + +OCStackResult AddPreconfPinCredential(const char* preconfPin) +{ + OIC_LOG_V(DEBUG, TAG, "In %s", __func__); + +#ifdef MULTIPLE_OWNER + OCStackResult res = OC_STACK_INVALID_PARAM; + OicSecCred_t* cred = NULL; + OicSecCred_t* pinCred = NULL; + VERIFY_NON_NULL(TAG, preconfPin, ERROR); + VERIFY_SUCCESS(TAG, (strlen(preconfPin) >= PRECONF_PIN_MIN_SIZE), ERROR); + + OIC_LOG(DEBUG, TAG, "Finding previous preconfigured PIN..."); + //Find the previous PIN + LL_FOREACH(gCred, cred) + { + if(memcmp(cred->subject.id, WILDCARD_SUBJECT_ID.id, sizeof(cred->subject.id)) == 0 && + PIN_PASSWORD == cred->credType) + { + break; + } + } + + //If previous PIN is exist, remove it. + if (cred) + { + OIC_LOG_V(DEBUG, TAG, "Preconfigured PIN already exist."); + OIC_LOG_V(DEBUG, TAG, "Previous preconfigured PIN will be removed."); + + res = RemoveCredentialByCredId(cred->credId); + if (OC_STACK_RESOURCE_DELETED != res) + { + OIC_LOG_V(ERROR, TAG, "RemoveCredentialByCredId error : %d", res); + cred = NULL; + goto exit; + } + } + + OIC_LOG(DEBUG, TAG, "Adding preconfigured PIN..."); + //Add preconfig PIN + res = OC_STACK_NO_MEMORY; + //Generate PIN based credential + size_t preconfPinLen = strlen(preconfPin); + pinCred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t)); + VERIFY_NON_NULL(TAG, pinCred, ERROR); + + pinCred->privateData.data = (uint8_t*)OICMalloc(preconfPinLen + 1); + VERIFY_NON_NULL(TAG, pinCred->privateData.data, ERROR); + + memcpy(pinCred->privateData.data, preconfPin, preconfPinLen); + pinCred->privateData.data[preconfPinLen] = '\0'; + pinCred->privateData.len = preconfPinLen; + pinCred->privateData.encoding = OIC_ENCODING_RAW; + pinCred->credType = PIN_PASSWORD; + memcpy(pinCred->subject.id, WILDCARD_SUBJECT_ID.id, sizeof(pinCred->subject.id)); + + res = AddCredential(pinCred); + if (OC_STACK_OK != res) + { + OIC_LOG_V(ERROR, TAG, "AddCredential error : %d", res); + goto exit; + } + + OIC_LOG_V(DEBUG, TAG, "Out %s", __func__); + return OC_STACK_OK; +exit: + if (cred) + { + FreeCred(cred); + } + if (pinCred) + { + FreeCred(pinCred); + } + OIC_LOG_V(DEBUG, TAG, "Out %s", __func__); + return res; +#else + OC_UNUSED(preconfPin); + OIC_LOG(DEBUG, TAG, "Multiple Owner is not enabled."); + OIC_LOG_V(DEBUG, TAG, "Out %s", __func__); + return OC_STACK_ERROR; +#endif //MULTIPLE_OWNER +} + + #endif // __WITH_DTLS__ or __WITH_TLS__ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehRequest) @@ -1838,7 +1870,31 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques case SYMMETRIC_PAIR_WISE_KEY: { OCServerRequest *request = GetServerRequestUsingHandle(ehRequest->requestHandle); + if (NULL == request) + { + OIC_LOG(ERROR, TAG, "Failed to get a server request information."); + ret = OC_EH_ERROR; + break; + } +#ifdef __TIZENRT__ + CAEndpoint_t *ep_addr = (CAEndpoint_t *)malloc(sizeof(CAEndpoint_t)); + if(!ep_addr) + { + ret = OC_STACK_NO_MEMORY; + break; + } + ep_addr->adapter= request->devAddr.adapter; + ep_addr->flags= request->devAddr.flags; + ep_addr->port = request->devAddr.port; + memcpy(ep_addr->addr,request->devAddr.addr,MAX_ADDR_STR_SIZE_CA); + ep_addr->ifindex = request->devAddr.ifindex; +#if defined (ROUTING_GATEWAY) || defined (ROUTING_EP) + memcpy(ep_addr->routeData,request->devAddr.routeData,MAX_ADDR_STR_SIZE_CA); +#endif + if(FillPrivateDataOfOwnerPSK(cred, ep_addr, doxm)) +#else if(FillPrivateDataOfOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm)) +#endif { if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject)) { @@ -1861,7 +1917,9 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques OIC_LOG(ERROR, TAG, "Failed to verify receviced OwnerPKS."); ret = OC_EH_ERROR; } - +#ifdef __TIZENRT__ + free(ep_addr); +#endif if(OC_EH_CHANGED == ret) { /** @@ -1893,12 +1951,17 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques OIC_LOG(INFO, TAG, "Anonymous cipher suite is DISABLED"); } - if(CA_STATUS_OK != - CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256, ehRequest->devAddr.adapter)) + if (CA_STATUS_OK != CASelectCipherSuite( + MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, CA_ADAPTER_IP)) { - OIC_LOG(ERROR, TAG, "Failed to select cipher suite"); + OIC_LOG(ERROR, TAG, "Failed to enable PSK cipher suite"); ret = OC_EH_ERROR; } + else + { + OIC_LOG(INFO, TAG, "PSK cipher suite is ENABLED"); + } + } break; @@ -1937,6 +2000,10 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques if((OC_ADAPTER_IP == ehRequest->devAddr.adapter && previousMsgId != ehRequest->messageID) || OC_ADAPTER_TCP == ehRequest->devAddr.adapter) { +#if defined (__WITH_TLS__) || defined(__WITH_DTLS__) + InvokeOtmEventHandler(ehRequest->devAddr.addr, ehRequest->devAddr.port, + NULL, OIC_OTM_ERROR); +#endif RestoreDoxmToInitState(); RestorePstatToInitState(); OIC_LOG(WARNING, TAG, "DOXM will be reverted."); @@ -1949,11 +2016,13 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques } } } -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER // In case SubOwner Credential else if(doxm && doxm->owned && doxm->mom && OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode && - 0 == cred->privateData.len) + 0 == cred->privateData.len && + 0 == cred->optionalData.len && + 0 == cred->publicData.len ) { switch(cred->credType) { @@ -2004,7 +2073,7 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques } } } -#endif //_ENABLE_MULTIPLE_OWNER_ +#endif //MULTIPLE_OWNER else { if(IsEmptyCred(cred)) @@ -2212,7 +2281,7 @@ OCStackResult InitCredResource() } if (data) { - // Read ACL resource from PS + // Read Cred resource from PS ret = CBORPayloadToCred(data, size, &gCred); } @@ -2226,18 +2295,49 @@ OCStackResult InitCredResource() gCred = GetCredDefault(); } - //Add a log to track the invalid credential. - LL_FOREACH(gCred, cred) + if (gCred) { - if (false == IsVaildCredential(cred)) + OicUuid_t deviceID; + OicUuid_t emptyUuid = {.id={0}}; + + ret = GetDoxmDeviceID(&deviceID); + if (ret != OC_STACK_OK) { - OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource"); - OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId); + OIC_LOG_V(WARNING, TAG, "%s: GetDoxmDeviceID failed, error %d", __func__, ret); + //Unit tests expect error code OC_STACK_INVALID_PARAM. + ret = OC_STACK_INVALID_PARAM; + goto exit; + } + + //Add a log to track the invalid credential. + LL_FOREACH(gCred, cred) + { + if (false == CheckSubjectOfCertificate(cred, deviceID)) + { + OIC_LOG(WARNING, TAG, "Check subject of Certificate was failed while InitCredResource"); + } + if (false == IsValidCredential(cred)) + { + OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource"); + OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId); + } } - } + if (0 == memcmp(&gCred->rownerID, &emptyUuid, sizeof(OicUuid_t))) + { + memcpy(&gCred->rownerID, &deviceID, sizeof(OicUuid_t)); + } + + if (!UpdatePersistentStorage(gCred)) + { + OIC_LOG(FATAL, TAG, "UpdatePersistentStorage failed!"); + } + } //Instantiate 'oic.sec.cred' ret = CreateCredResource(); + +exit: + OIC_LOG(DEBUG, TAG, "OUT InitCredResource."); OICClearMemory(data, size); OICFree(data); return ret; @@ -2313,16 +2413,17 @@ OicSecCred_t* GetCredEntryByCredId(const uint16_t credId) cred->privateData.len = tmpCred->privateData.len; cred->privateData.encoding = tmpCred->privateData.encoding; } -#if defined(__WITH_X509__) || defined(__WITH_TLS__) - else if (tmpCred->publicData.data) +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) + if (tmpCred->publicData.data) { cred->publicData.data = (uint8_t *)OICCalloc(1, tmpCred->publicData.len); VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR); memcpy(cred->publicData.data, tmpCred->publicData.data, tmpCred->publicData.len); cred->publicData.len = tmpCred->publicData.len; + cred->publicData.encoding = tmpCred->publicData.encoding; } - else if (tmpCred->optionalData.data) + if (tmpCred->optionalData.data) { cred->optionalData.data = (uint8_t *)OICCalloc(1, tmpCred->optionalData.len); VERIFY_NON_NULL(TAG, cred->optionalData.data, ERROR); @@ -2330,13 +2431,13 @@ OicSecCred_t* GetCredEntryByCredId(const uint16_t credId) memcpy(cred->optionalData.data, tmpCred->optionalData.data, tmpCred->optionalData.len); cred->optionalData.len = tmpCred->optionalData.len; cred->optionalData.encoding = tmpCred->optionalData.encoding; + cred->optionalData.revstat= tmpCred->optionalData.revstat; } - if (tmpCred->credUsage) { cred->credUsage = OICStrdup(tmpCred->credUsage); } -#endif /* __WITH_X509__ or __WITH_TLS__*/ +#endif /* __WITH_DTLS__ or __WITH_TLS__*/ return cred; } @@ -2444,7 +2545,7 @@ int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type, } OIC_LOG(DEBUG, TAG, "Can not find subject matched credential."); -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER const OicSecDoxm_t* doxm = GetDoxmResourceData(); if(doxm && doxm->mom && OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode) { @@ -2540,7 +2641,7 @@ int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type, } } } -#endif //_ENABLE_MULTIPLE_OWNER_ +#endif //MULTIPLE_OWNER } break; } @@ -2594,7 +2695,7 @@ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t cre ret = AddCredential(cred); if( OC_STACK_OK != ret) { - RemoveCredential(tmpSubject); + FreeCred(cred); OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to add credential"); } OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN OUT"); @@ -2668,24 +2769,25 @@ void GetDerCaCert(ByteArray_t * crt, const char * usage) return; } crt->len = 0; - OicSecCred_t * temp = NULL; + OicSecCred_t* temp = NULL; LL_FOREACH(gCred, temp) { - if (SIGNED_ASYMMETRIC_KEY == temp->credType && - 0 == strcmp(temp->credUsage, usage)) + if ((SIGNED_ASYMMETRIC_KEY == temp->credType) && + (0 == strcmp(temp->credUsage, usage)) && (false == temp->optionalData.revstat)) { if(OIC_ENCODING_BASE64 == temp->optionalData.encoding) { size_t bufSize = B64DECODE_OUT_SAFESIZE((temp->optionalData.len + 1)); - uint8 * buf = OICCalloc(1, bufSize); + uint8_t * buf = OICCalloc(1, bufSize); if(NULL == buf) { OIC_LOG(ERROR, TAG, "Failed to allocate memory"); return; } uint32_t outSize; - if(B64_OK != b64Decode(temp->optionalData.data, temp->optionalData.len, buf, bufSize, &outSize)) + if(B64_OK != b64Decode((char*)(temp->optionalData.data), + temp->optionalData.len, buf, bufSize, &outSize)) { OICFree(buf); OIC_LOG(ERROR, TAG, "Failed to decode base64 data"); @@ -2823,3 +2925,157 @@ void InitCipherSuiteListInternal(bool * list, const char * usage) OIC_LOG_V(DEBUG, TAG, "Out %s", __func__); } #endif + + +//Added as workaround by Chul Lee +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) +OCStackResult CredSaveTrustCertChain(const OicUuid_t* subject, uint8_t *trustCertChain, size_t chainSize, + OicEncodingType_t encodingType, const char* usage, uint16_t *credId) +{ + OIC_LOG_V(DEBUG, TAG, "IN %s", __func__); + + if(NULL == trustCertChain || NULL == credId || NULL == usage || NULL == subject) + { + OIC_LOG_V(ERROR, TAG, "Invaild param"); + return OC_STACK_INVALID_PARAM; + } + + OCStackResult res = OC_STACK_ERROR; + OicSecCred_t *cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t)); + if(NULL == cred) + { + OIC_LOG_V(ERROR, TAG, "Failed to allocate memory"); + res = OC_STACK_NO_MEMORY; + goto error; + } + cred->credId = 0; + memcpy(cred->subject.id, subject->id, sizeof(cred->subject.id)); + + cred->credUsage = OICStrdup(usage); + if (NULL == cred->credUsage) + { + OIC_LOG_V(ERROR, TAG, "Failed to allocate memory"); + res = OC_STACK_NO_MEMORY; + goto error; + } + + cred->credType = SIGNED_ASYMMETRIC_KEY; + + if (encodingType == OIC_ENCODING_PEM) + { + cred->optionalData.data = (uint8_t *)OICCalloc(1, chainSize + 1); + if(NULL == cred->optionalData.data) + { + OIC_LOG_V(ERROR, TAG, "Failed to allocate memory"); + res = OC_STACK_NO_MEMORY; + goto error; + } + cred->optionalData.len = chainSize + 1; + } + else + { + cred->optionalData.data = (uint8_t *)OICCalloc(1, chainSize); + if(NULL == cred->optionalData.data) + { + OIC_LOG_V(ERROR, TAG, "Failed to allocate memory"); + res = OC_STACK_NO_MEMORY; + goto error; + } + cred->optionalData.len = chainSize; + } + memcpy(cred->optionalData.data, trustCertChain, chainSize); + cred->optionalData.encoding = encodingType; + cred->optionalData.revstat = false; + + res = AddCredential(cred); + if(res != OC_STACK_OK) + { + goto error; + } + *credId = cred->credId; + + OIC_LOG_V(DEBUG, TAG, "OUT %s", __func__); + + return res; + +error: + DeleteCredList(cred); + OIC_LOG_V(ERROR, TAG, "OUT %s : error = %d", __func__, (int)res); + return res; +} + +OCStackResult CredSaveOwnCert(const OicUuid_t* subject, OicSecKey_t * cert, OicSecKey_t * key, + const char* usage, uint16_t *credId) +{ + OIC_LOG_V(DEBUG, TAG, "IN %s", __func__); + + if(NULL == cert || NULL == cert->data || NULL == key || NULL == key->data || + NULL == credId || NULL == usage || NULL == subject) + { + OIC_LOG_V(ERROR, TAG, "Invalid param"); + return OC_STACK_INVALID_PARAM; + } + + OCStackResult res = OC_STACK_ERROR; + OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(OicSecCred_t)); + if(NULL == cred) + { + OIC_LOG_V(ERROR, TAG, "Failed to allocate memory"); + res = OC_STACK_NO_MEMORY; + goto error; + } + cred->credId = 0; + memcpy(cred->subject.id, subject->id, sizeof(cred->subject.id)); + + cred->credUsage = OICStrdup(usage); + if (NULL == cred->credUsage) + { + OIC_LOG_V(ERROR, TAG, "Failed to allocate memory"); + res = OC_STACK_NO_MEMORY; + goto error; + } + + cred->credType = SIGNED_ASYMMETRIC_KEY; + + OicSecKey_t *publicData = &cred->publicData; + publicData->data = (uint8_t *)OICCalloc(1, cert->len); + if(NULL == publicData->data) + { + OIC_LOG_V(ERROR, TAG, "Failed to allocate memory"); + res = OC_STACK_NO_MEMORY; + goto error; + } + memcpy(publicData->data, cert->data, cert->len); + publicData->encoding = cert->encoding; + publicData->len = cert->len; + + OicSecKey_t *privateData = &cred->privateData; + privateData->data = (uint8_t *)OICCalloc(1, key->len); + if(NULL == privateData->data) + { + OIC_LOG_V(ERROR, TAG, "Failed to allocate memory"); + res = OC_STACK_NO_MEMORY; + goto error; + } + memcpy(privateData->data, key->data, key->len); + privateData->len = key->len; + privateData->encoding = key->encoding; + + res = AddCredential(cred); + if(res != OC_STACK_OK) + { + goto error; + } + *credId = cred->credId; + + OIC_LOG_V(DEBUG, TAG, "OUT %s", __func__); + + return res; + +error: + DeleteCredList(cred); + OIC_LOG_V(ERROR, TAG, "OUT %s : error = %d", __func__, (int)res); + return res; +} + +#endif // defined(__WITH_DTLS__) || defined(__WITH_TLS__)