* Connectivity Abstraction Interface APIs.
*/
#include "cacommon.h"
-
-#ifdef __WITH_DTLS__
-#include "ocsecurityconfig.h"
-#endif
-#ifdef __WITH_X509__
-#include "pki.h"
-#endif //__WITH_X509__
+#include "casecurityinterface.h"
#ifdef __cplusplus
extern "C"
#endif //RA_ADAPTER
-#ifdef __WITH_DTLS__
-
-/**
- * Binary blob containing device identity and the credentials for all devices
- * trusted by this device.
- */
-typedef struct
-{
- unsigned char identity[DTLS_PSK_ID_LEN]; /** identity of self. */
- uint32_t num; /** number of credentials in this blob. */
- OCDtlsPskCreds *creds; /** list of credentials. Size of this
- array is determined by 'num' variable. */
-} CADtlsPskCredsBlob_t;
-
-/**
- * Callback function type for getting DTLS credentials.
- * @param[out] credInfo DTLS credentials info. Handler has to allocate new memory for.
- * both credInfo and credInfo->creds which is then freed by CA.
- */
-typedef void (*CAGetDTLSCredentialsHandler)(CADtlsPskCredsBlob_t **credInfo);
-#endif //__WITH_DTLS__
-
-#ifdef __WITH_X509__
-/**
- * Binary structure containing certificate chain and certificate credentials
- * for this device.
- */
-typedef struct
-{
- // certificate message for DTLS
- unsigned char certificateChain[MAX_CERT_MESSAGE_LEN];
- // length of the certificate message
- uint32_t certificateChainLen;
- // number of certificates in certificate message
- uint8_t chainLen;
- // x component of EC public key
- uint8_t rootPublicKeyX[PUBLIC_KEY_SIZE / 2];
- // y component of EC public key
- uint8_t rootPublicKeyY[PUBLIC_KEY_SIZE / 2];
- // EC private key
- uint8_t devicePrivateKey[PRIVATE_KEY_SIZE];
-
-} CADtlsX509Creds_t;
-
-/**
- * @brief Callback function type for getting certificate credentials.
- * @param credInfo [OUT] Certificate credentials info. Handler has to allocate new memory for
- * credInfo which is then freed by CA
- * @return NONE
- */
-typedef int (*CAGetDTLSX509CredentialsHandler)(CADtlsX509Creds_t *credInfo);
-/**
- * @brief Callback function type for getting CRL.
- * @param crlInfo [OUT] Certificate credentials info. Handler has to allocate new memory for
- * credInfo which is then freed by CA
- * @return NONE
- */
-typedef void (*CAGetDTLSCrlHandler)(ByteArray crlInfo);
-#endif //__WITH_X509__
-
/**
* Initialize the connectivity abstraction module.
* It will initialize adapters, thread pool and other modules based on the platform
void CARegisterHandler(CARequestCallback ReqHandler, CAResponseCallback RespHandler,
CAErrorCallback ErrorHandler);
-#ifdef __WITH_DTLS__
-/**
- * Register callback to get DTLS PSK credentials.
- * @param[in] GetDTLSCredentials GetDTLS Credetials callback.
- * @return ::CA_STATUS_OK
- */
-CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSCredentialsHandler GetDTLSCredentials);
-#endif //__WITH_DTLS__
-
-#ifdef __WITH_X509__
-/**
- * @brief Register callback to get DTLS Cert credentials.
- * @param GetCertCredentials [IN] GetCert Credetials callback
- * @return #CA_STATUS_OK
- */
-CAResult_t CARegisterDTLSX509CredentialsHandler(CAGetDTLSX509CredentialsHandler GetX509Credentials);
-/**
- * @brief Register callback to get CRL.
- * @param GetCrl [IN] GetCrl callback
- * @return #CA_STATUS_OK
- */
-CAResult_t CARegisterDTLSCrlHandler(CAGetDTLSCrlHandler GetCrl);
-#endif //__WITH_X509__
-
/**
* Create an endpoint description.
* @param[in] flags how the adapter should be used.
#endif
-#ifdef __WITH_DTLS__
-
-/**
- * Select the cipher suite for dtls handshake.
- *
- * @param[in] cipher cipher suite (Note : Make sure endianness).
- * 0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA
- * 0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
- * 0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- *
- * @retval ::CA_STATUS_OK Successful.
- * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
- * @retval ::CA_STATUS_FAILED Operation failed.
- */
-CAResult_t CASelectCipherSuite(const uint16_t cipher);
-
-/**
- * Enable TLS_ECDH_anon_WITH_AES_128_CBC_SHA cipher suite in dtls.
- *
- * @param[in] enable TRUE/FALSE enables/disables anonymous cipher suite.
- *
- * @retval ::CA_STATUS_OK Successful.
- * @retval ::CA_STATUS_FAILED Operation failed.
- *
- * @note anonymous cipher suite should only be enabled for 'JustWorks' provisioning.
- */
-CAResult_t CAEnableAnonECDHCipherSuite(const bool enable);
-
-
-/**
- * Generate ownerPSK using PRF.
- * OwnerPSK = TLS-PRF('master key' , 'oic.sec.doxm.jw',
- * 'ID of new device(Resource Server)',
- * 'ID of owner smart-phone(Provisioning Server)')
- *
- * @param[in] endpoint information of network address.
- * @param[in] label Ownership transfer method e.g)"oic.sec.doxm.jw".
- * @param[in] labelLen Byte length of label.
- * @param[in] rsrcServerDeviceID ID of new device(Resource Server).
- * @param[in] rsrcServerDeviceIDLen Byte length of rsrcServerDeviceID.
- * @param[in] provServerDeviceID label of previous owner.
- * @param[in] provServerDeviceIDLen byte length of provServerDeviceID.
- * @param[in,out] ownerPSK Output buffer for owner PSK.
- * @param[in] ownerPSKSize Byte length of the ownerPSK to be generated.
- *
- * @retval ::CA_STATUS_OK Successful.
- * @retval ::CA_STATUS_FAILED Operation failed.
- */
-CAResult_t CAGenerateOwnerPSK(const CAEndpoint_t *endpoint,
- const uint8_t* label, const size_t labelLen,
- const uint8_t* rsrcServerDeviceID,
- const size_t rsrcServerDeviceIDLen,
- const uint8_t* provServerDeviceID,
- const size_t provServerDeviceIDLen,
- uint8_t* ownerPSK, const size_t ownerPSKSize);
-
-/**
- * Initiate DTLS handshake with selected cipher suite.
- *
- * @param[in] endpoint information of network address.
- *
- * @retval ::CA_STATUS_OK Successful.
- * @retval ::CA_STATUS_FAILED Operation failed.
- */
-CAResult_t CAInitiateHandshake(const CAEndpoint_t *endpoint);
-
-/**
- * Close the DTLS session.
- *
- * @param[in] endpoint information of network address.
- *
- * @retval ::CA_STATUS_OK Successful.
- * @retval ::CA_STATUS_FAILED Operation failed.
- */
-CAResult_t CACloseDtlsSession(const CAEndpoint_t *endpoint);
-
-#endif /* __WITH_DTLS__ */
#ifdef __cplusplus
} /* extern "C" */
--- /dev/null
+/* *****************************************************************
+ *
+ * Copyright 2015 Samsung Electronics All Rights Reserved.
+ *
+ *
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ******************************************************************/
+
+/**
+ * @file
+ *
+ * This file contains the Security APIs for Resource Model to use.
+ */
+
+#ifndef CA_SECURITY_INTERFACE_H_
+#define CA_SECURITY_INTERFACE_H_
+
+#ifdef __WITH_X509__
+#include "pki.h"
+#endif //__WITH_X509__
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+
+#ifdef __WITH_DTLS__
+/**
+ * @enum CADtlsPskCredType_t
+ * Type of PSK credential required during DTLS handshake
+ * It does not make much sense in bringing in all definitions from dtls.h into here.
+ * Therefore, redefining them here.
+ */
+typedef enum
+{
+ CA_DTLS_PSK_HINT,
+ CA_DTLS_PSK_IDENTITY,
+ CA_DTLS_PSK_KEY
+} CADtlsPskCredType_t;
+
+/**
+ * This internal callback is used by CA layer to
+ * retrieve PSK credentials from SRM.
+ *
+ * @param[in] type type of PSK data required by CA layer during DTLS handshake set.
+ * @param[in] desc Additional request information.
+ * @param[in] desc_len The actual length of desc.
+ * @param[out] result Must be filled with the requested information.
+ * @param[in] result_length Maximum size of @p result.
+ *
+ * @return The number of bytes written to @p result or a value
+ * less than zero on error.
+ */
+typedef int (*CAGetDTLSPskCredentialsHandler)( CADtlsPskCredType_t type,
+ const unsigned char *desc, size_t desc_len,
+ unsigned char *result, size_t result_length);
+
+/**
+ * Register callback to get DTLS PSK credentials.
+ * @param[in] GetDTLSCredentials GetDTLS Credetials callback.
+ * @return ::CA_STATUS_OK
+ */
+CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSPskCredentialsHandler GetDTLSCredentials);
+
+#endif //__WITH_DTLS__
+
+#ifdef __WITH_X509__
+/**
+ * Binary structure containing certificate chain and certificate credentials
+ * for this device.
+ */
+typedef struct
+{
+ // certificate message for DTLS
+ unsigned char certificateChain[MAX_CERT_MESSAGE_LEN];
+ // length of the certificate message
+ uint32_t certificateChainLen;
+ // number of certificates in certificate message
+ uint8_t chainLen;
+ // x component of EC public key
+ uint8_t rootPublicKeyX[PUBLIC_KEY_SIZE / 2];
+ // y component of EC public key
+ uint8_t rootPublicKeyY[PUBLIC_KEY_SIZE / 2];
+ // EC private key
+ uint8_t devicePrivateKey[PRIVATE_KEY_SIZE];
+
+} CADtlsX509Creds_t;
+
+/**
+ * @brief Callback function type for getting certificate credentials.
+ * @param credInfo [OUT] Certificate credentials info. Handler has to allocate new memory for
+ * credInfo which is then freed by CA
+ * @return NONE
+ */
+typedef int (*CAGetDTLSX509CredentialsHandler)(CADtlsX509Creds_t *credInfo);
+/**
+ * @brief Callback function type for getting CRL.
+ * @param crlInfo [OUT] Certificate credentials info. Handler has to allocate new memory for
+ * credInfo which is then freed by CA
+ * @return NONE
+ */
+typedef void (*CAGetDTLSCrlHandler)(ByteArray crlInfo);
+
+/**
+ * @brief Register callback to get DTLS Cert credentials.
+ * @param GetCertCredentials [IN] GetCert Credetials callback
+ * @return #CA_STATUS_OK
+ */
+CAResult_t CARegisterDTLSX509CredentialsHandler(CAGetDTLSX509CredentialsHandler GetX509Credentials);
+/**
+ * @brief Register callback to get CRL.
+ * @param GetCrl [IN] GetCrl callback
+ * @return #CA_STATUS_OK
+ */
+CAResult_t CARegisterDTLSCrlHandler(CAGetDTLSCrlHandler GetCrl);
+#endif //__WITH_X509__
+
+
+#ifdef __WITH_DTLS__
+
+/**
+ * Select the cipher suite for dtls handshake.
+ *
+ * @param[in] cipher cipher suite (Note : Make sure endianness).
+ * 0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA
+ * 0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
+ * 0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+ *
+ * @retval ::CA_STATUS_OK Successful.
+ * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
+ * @retval ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CASelectCipherSuite(const uint16_t cipher);
+
+/**
+ * Enable TLS_ECDH_anon_WITH_AES_128_CBC_SHA cipher suite in dtls.
+ *
+ * @param[in] enable TRUE/FALSE enables/disables anonymous cipher suite.
+ *
+ * @retval ::CA_STATUS_OK Successful.
+ * @retval ::CA_STATUS_FAILED Operation failed.
+ *
+ * @note anonymous cipher suite should only be enabled for 'JustWorks' provisioning.
+ */
+CAResult_t CAEnableAnonECDHCipherSuite(const bool enable);
+
+
+/**
+ * Generate ownerPSK using PRF.
+ * OwnerPSK = TLS-PRF('master key' , 'oic.sec.doxm.jw',
+ * 'ID of new device(Resource Server)',
+ * 'ID of owner smart-phone(Provisioning Server)')
+ *
+ * @param[in] endpoint information of network address.
+ * @param[in] label Ownership transfer method e.g)"oic.sec.doxm.jw".
+ * @param[in] labelLen Byte length of label.
+ * @param[in] rsrcServerDeviceID ID of new device(Resource Server).
+ * @param[in] rsrcServerDeviceIDLen Byte length of rsrcServerDeviceID.
+ * @param[in] provServerDeviceID label of previous owner.
+ * @param[in] provServerDeviceIDLen byte length of provServerDeviceID.
+ * @param[in,out] ownerPSK Output buffer for owner PSK.
+ * @param[in] ownerPSKSize Byte length of the ownerPSK to be generated.
+ *
+ * @retval ::CA_STATUS_OK Successful.
+ * @retval ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CAGenerateOwnerPSK(const CAEndpoint_t *endpoint,
+ const uint8_t* label, const size_t labelLen,
+ const uint8_t* rsrcServerDeviceID,
+ const size_t rsrcServerDeviceIDLen,
+ const uint8_t* provServerDeviceID,
+ const size_t provServerDeviceIDLen,
+ uint8_t* ownerPSK, const size_t ownerPSKSize);
+
+/**
+ * Initiate DTLS handshake with selected cipher suite.
+ *
+ * @param[in] endpoint information of network address.
+ *
+ * @retval ::CA_STATUS_OK Successful.
+ * @retval ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CAInitiateHandshake(const CAEndpoint_t *endpoint);
+
+/**
+ * Close the DTLS session.
+ *
+ * @param[in] endpoint information of network address.
+ *
+ * @retval ::CA_STATUS_OK Successful.
+ * @retval ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CACloseDtlsSession(const CAEndpoint_t *endpoint);
+
+#endif /* __WITH_DTLS__ */
+
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+
+#endif /* CA_SECURITY_INTERFACE_H_ */
+
cp -rf %{ROOTDIR}/con/inc/caedradapter.h* %{DEST_INC_DIR}/
cp -rf %{ROOTDIR}/con/inc/caleadapter.h* %{DEST_INC_DIR}/
cp -rf %{ROOTDIR}/con/api/cainterface.h* %{DEST_INC_DIR}/
+cp -rf %{ROOTDIR}/con/api/casecurityinterface.h* %{DEST_INC_DIR}/
cp -rf %{ROOTDIR}/com.oic.ca.pc %{DEST_LIB_DIR}/pkgconfig/
+++ /dev/null
- //*******************************************************************
- //
- // Copyright 2014 Intel Mobile Communications GmbH All Rights Reserved.
- //
- //
- //
- // Licensed under the Apache License, Version 2.0 (the "License");
- // you may not use this file except in compliance with the License.
- // You may obtain a copy of the License at
- //
- // http://www.apache.org/licenses/LICENSE-2.0
- //
- // Unless required by applicable law or agreed to in writing, software
- // distributed under the License is distributed on an "AS IS" BASIS,
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- // See the License for the specific language governing permissions and
- // limitations under the License.
- //
- //
- //******************************************************************
-/**
- * @file
- *
- * This file contains all the constants which can be configured/modified as
- * per platform or security specific product usage scenarios.
- */
-
-
-#ifndef OC_SECURITY_CONFIG_H
-#define OC_SECURITY_CONFIG_H
-
-#include <stdint.h>
-
-#define DTLS_PSK_ID_LEN 16
-#define DTLS_PSK_PSK_LEN 16
-
-#define DtlsPskCredsBlobVer_1 1 /**< Credentials stored in plaintext */
-#define DtlsPskCredsBlobVer_CurrentVersion DtlsPskCredsBlobVer_1
-
-/**
- * Credentials for a device. Includes identity and the associated PSK.
- */
-typedef struct
-{
- unsigned char id[DTLS_PSK_ID_LEN];
- unsigned char psk[DTLS_PSK_PSK_LEN];
-} OCDtlsPskCreds;
-
-/**
- * Binary blob containing device identity and the credentials for all devices
- * trusted by this device.
- */
-typedef struct
-{
- unsigned char identity[DTLS_PSK_ID_LEN]; /** identity of self */
- uint32_t num; /** number of credentials in this blob */
- OCDtlsPskCreds creds[1]; /** list of credentials. Size of this
- array is determined by 'num' variable. */
-} OCDtlsPskCredsBlob;
-
-#endif //OC_SECURITY_CONFIG_H
-
-
-
#include "uarraylist.h"
#include "camutex.h"
#include "caadapterutils.h"
-#include "ocsecurityconfig.h"
#include "cainterface.h"
#include "cacommon.h"
*/
#define MAX_SUPPORTED_ADAPTERS 2
-/**
- * The implementation will be provided by OIC RI layer.
- */
-extern void OCGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo);
-
typedef void (*CAPacketReceivedCallback)(const CASecureEndpoint_t *sep,
const void *data, uint32_t dataLength);
/**
* Register callback to get DTLS PSK credentials.
- * @param[in] credCallback callback to get DTLS credentials.
+ * @param[in] credCallback callback to get DTLS PSK credentials.
*/
-void CADTLSSetCredentialsCallback(CAGetDTLSCredentialsHandler credCallback);
+void CADTLSSetCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback);
/**
* Select the cipher suite for dtls handshake
#define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
#define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
-/**
- * @def RS_IDENTITY
- * @brief
- */
-#define IDENTITY ("1111111111111111")
-/* @def RS_CLIENT_PSK
- * @brief
- */
-#define RS_CLIENT_PSK ("AAAAAAAAAAAAAAAA")
+// Iotivity Device Identity.
+const unsigned char IDENTITY[] = ("1111111111111111");
+
+// PSK between this device and peer device.
+const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
#define PORT_LENGTH 5
#define SECURE_DEFAULT_PORT 5684
}
#ifdef __WITH_DTLS__
-static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
-
-void clearDtlsCredentialInfo()
-{
- LOGI("clearDtlsCredentialInfo IN");
- if (pskCredsBlob)
- {
- // Initialize sensitive data to zeroes before freeing.
- if (NULL != pskCredsBlob->creds)
- {
- memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds)*(pskCredsBlob->num));
- free(pskCredsBlob->creds);
- }
-
- memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
- free(pskCredsBlob);
- pskCredsBlob = NULL;
- }
- LOGI("clearDtlsCredentialInfo OUT");
-}
-
// Internal API. Invoked by OC stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+int32_t CAGetDtlsPskCredentials( CADtlsPskCredType_t type,
+ const unsigned char *desc, size_t desc_len,
+ unsigned char *result, size_t result_length)
{
LOGI("CAGetDtlsPskCredentials IN");
- *credInfo = (CADtlsPskCredsBlob_t *) malloc(sizeof(CADtlsPskCredsBlob_t));
- if (NULL == *credInfo)
+
+ int32_t ret = -1;
+
+ if (NULL == result)
{
- LOGE("Failed to allocate credential blob.");
- return;
+ return ret;
}
- int16_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
- (*credInfo)->creds = (OCDtlsPskCreds *) malloc(credLen);
- if (NULL == (*credInfo)->creds)
+ switch (type)
{
- LOGE("Failed to allocate crentials.");
- free(*credInfo);
- *credInfo = NULL;
- return;
- }
+ case CA_DTLS_PSK_HINT:
+ case CA_DTLS_PSK_IDENTITY:
- memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
- (*credInfo)->num = pskCredsBlob->num;
- memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
+ if (result_length < sizeof(IDENTITY))
+ {
+ LOGE("ERROR : Wrong value for result for storing IDENTITY");
+ return ret;
+ }
- LOGI("CAGetDtlsPskCredentials OUT");
-}
+ memcpy(result, IDENTITY, sizeof(IDENTITY));
+ ret = sizeof(IDENTITY);
+ break;
-CAResult_t SetCredentials()
-{
- LOGI("SetCredentials IN");
- pskCredsBlob = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
- if (NULL == pskCredsBlob)
- {
- LOGE("Memory allocation failed!");
- return CA_MEMORY_ALLOC_FAILED;
- }
- memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
+ case CA_DTLS_PSK_KEY:
- pskCredsBlob->num = 1;
+ if ((desc_len == sizeof(IDENTITY)) &&
+ memcmp(desc, IDENTITY, sizeof(IDENTITY)) == 0)
+ {
+ if (result_length < sizeof(RS_CLIENT_PSK))
+ {
+ LOGE("ERROR : Wrong value for result for storing RS_CLIENT_PSK");
+ return ret;
+ }
- pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) *(pskCredsBlob->num));
- if (NULL == pskCredsBlob->creds)
- {
- LOGE("Memory allocation failed!");
- return CA_MEMORY_ALLOC_FAILED;
+ memcpy(result, RS_CLIENT_PSK, sizeof(RS_CLIENT_PSK));
+ ret = sizeof(RS_CLIENT_PSK);
+ }
+ break;
+
+ default:
+
+ LOGE("Wrong value passed for PSK_CRED_TYPE.");
+ ret = -1;
}
- memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
- memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
- LOGI("SetCredentials OUT");
- return CA_STATUS_OK;
+ LOGI("CAGetDtlsPskCredentials OUT\n");
+ return ret;
}
+
#endif
JNIEXPORT jint JNI_OnLoad(JavaVM *jvm, void *reserved)
}
#ifdef __WITH_DTLS__
- if (CA_STATUS_OK != SetCredentials())
- {
- LOGE("SetCredentials failed");
- return;
- }
-
res = CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials);
if(CA_STATUS_OK != res)
{
#include "cacommon.h"
#include "cainterface.h"
#include "oic_string.h"
-#ifdef __WITH_DTLS__
-#include "ocsecurityconfig.h"
-#endif
#define MAX_BUF_LEN 1024
#define MAX_OPT_LEN 16
#define BLOCK_SIZE(arg) (1 << ((arg) + 4))
#endif
-/**
- * @def RS_IDENTITY
- * @brief
- */
-#define IDENTITY ("1111111111111111")
-/* @def RS_CLIENT_PSK
- * @brief
- */
-#define RS_CLIENT_PSK ("AAAAAAAAAAAAAAAA")
+// Iotivity Device Identity.
+const unsigned char IDENTITY[] = ("1111111111111111");
+
+// PSK between this device and peer device.
+const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
int g_received;
uint16_t g_local_secure_port = SECURE_DEFAULT_PORT;
"\"if\":[\"oic.if.baseline\"],\"obs\":1}}]}";
#ifdef __WITH_DTLS__
-static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
-
-void clearDtlsCredentialInfo()
-{
- printf("clearDtlsCredentialInfo IN\n");
- if (pskCredsBlob)
- {
- // Initialize sensitive data to zeroes before freeing.
- if (pskCredsBlob->creds)
- {
- memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
- free(pskCredsBlob->creds);
- }
-
- memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
- free(pskCredsBlob);
- pskCredsBlob = NULL;
- }
- printf("clearDtlsCredentialInfo OUT\n");
-}
-
#ifdef __WITH_X509__
int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo)
{
{
return (int*) NULL;
}
-#endif
+#endif //__WITH_X509__
// Internal API. Invoked by CA stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+int32_t CAGetDtlsPskCredentials( CADtlsPskCredType_t type,
+ const unsigned char *desc, size_t desc_len,
+ unsigned char *result, size_t result_length)
{
printf("CAGetDtlsPskCredentials IN\n");
- if(!credInfo)
- {
- printf("Invalid credential container");
- return;
- }
- *credInfo = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
- if (NULL == *credInfo)
+ int32_t ret = -1;
+
+ if (NULL == result)
{
- printf("Failed to allocate credential blob.");
- return;
+ return ret;
}
- size_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
- (*credInfo)->creds = (OCDtlsPskCreds *)malloc(credLen);
- if (NULL == (*credInfo)->creds)
+ switch (type)
{
- printf("Failed to allocate credentials.");
- free(*credInfo);
- *credInfo = NULL;
- return;
- }
+ case CA_DTLS_PSK_HINT:
+ case CA_DTLS_PSK_IDENTITY:
- memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
- (*credInfo)->num = pskCredsBlob->num;
- memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
+ if (result_length < sizeof(IDENTITY))
+ {
+ printf("ERROR : Wrong value for result for storing IDENTITY");
+ return ret;
+ }
- printf("CAGetDtlsPskCredentials OUT\n");
-}
+ memcpy(result, IDENTITY, sizeof(IDENTITY));
+ ret = sizeof(IDENTITY);
+ break;
+ case CA_DTLS_PSK_KEY:
-CAResult_t SetCredentials()
-{
- printf("SetCredentials IN\n");
- pskCredsBlob = (CADtlsPskCredsBlob_t *)calloc(1, sizeof(CADtlsPskCredsBlob_t));
- if (NULL == pskCredsBlob)
- {
- printf("Memory allocation failed!\n");
- return CA_MEMORY_ALLOC_FAILED;
- }
- memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
+ if ((desc_len == sizeof(IDENTITY)) &&
+ memcmp(desc, IDENTITY, sizeof(IDENTITY)) == 0)
+ {
+ if (result_length < sizeof(RS_CLIENT_PSK))
+ {
+ printf("ERROR : Wrong value for result for storing RS_CLIENT_PSK");
+ return ret;
+ }
+ memcpy(result, RS_CLIENT_PSK, sizeof(RS_CLIENT_PSK));
+ ret = sizeof(RS_CLIENT_PSK);
+ }
+ break;
- pskCredsBlob->num = 1;
+ default:
- pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
- if (NULL == pskCredsBlob->creds)
- {
- printf("Memory allocation failed!\n");
- free(pskCredsBlob);
- return CA_MEMORY_ALLOC_FAILED;
+ printf("Wrong value passed for PSK_CRED_TYPE.");
+ ret = -1;
}
- memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
- memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
-
- printf("SetCredentials OUT\n");
- return CA_STATUS_OK;
+ printf("CAGetDtlsPskCredentials OUT\n");
+ return ret;
}
-#endif
+
+#endif //__WITH_DTLS__
int main()
{
return -1;
}
- /*
- * Read DTLS PSK credentials from persistent storage and
- * set in the OC stack.
- */
+ // Set the PSK Credentials callback handler.
#ifdef __WITH_DTLS__
- res = SetCredentials();
- if (CA_STATUS_OK != res)
- {
- printf("SetCredentials failed\n");
- return -1;
- }
-
res = CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials);
if (CA_STATUS_OK != res)
{
- printf("Set credential handler fail\n");
+ printf("Register credential handler fail\n");
return -1;
}
#endif
g_last_request_token = NULL;
CATerminate();
-#ifdef __WITH_DTLS__
- clearDtlsCredentialInfo();
-#endif
return 0;
}
#include "cacommon.h"
#include "cainterface.h"
-#ifdef __WITH_DTLS__
-#include "ocsecurityconfig.h"
-#endif
/**
* @def MAX_BUF_LEN
* @brief maximum buffer length
#define COAPS_PREFIX "coaps://"
#define COAPS_PREFIX_LEN 8
-/**
- * @def RS_IDENTITY
- * @brief
- */
-#define IDENTITY ("1111111111111111")
-/* @def RS_CLIENT_PSK
- * @brief
- */
-#define RS_CLIENT_PSK ("AAAAAAAAAAAAAAAA")
+// Iotivity Device Identity.
+const unsigned char IDENTITY[] = ("1111111111111111");
+
+// PSK between this device and peer device.
+const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
/**
* Max size for big payload.
"\"if\":[\"oic.if.baseline\"],\"obs\":1}}]}";
#ifdef __WITH_DTLS__
-static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
-
-void clearDtlsCredentialInfo()
-{
- printf("clearDtlsCredentialInfo IN\n");
- if (pskCredsBlob)
- {
- // Initialize sensitive data to zeroes before freeing.
- if (pskCredsBlob->creds)
- {
- memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
- free(pskCredsBlob->creds);
- }
-
- memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
- free(pskCredsBlob);
- pskCredsBlob = NULL;
- }
- printf("clearDtlsCredentialInfo OUT\n");
-}
-
// Internal API. Invoked by CA stack to retrieve credentials from this module.
-void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+int32_t CAGetDtlsPskCredentials( CADtlsPskCredType_t type,
+ const unsigned char *desc, size_t desc_len,
+ unsigned char *result, size_t result_length)
{
printf("CAGetDtlsPskCredentials IN\n");
- if(NULL == credInfo)
- {
- printf("Invalid credential container");
- return;
- }
+ int32_t ret = -1;
- *credInfo = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
- if (NULL == *credInfo)
+ if (NULL == result)
{
- printf("Failed to allocate credential blob.");
- return;
+ return ret;
}
- int16_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
- (*credInfo)->creds = (OCDtlsPskCreds *)malloc(credLen);
- if (NULL == (*credInfo)->creds)
+ switch (type)
{
- printf("Failed to allocate credentials.");
- free(*credInfo);
- *credInfo = NULL;
- return;
- }
+ case CA_DTLS_PSK_HINT:
+ case CA_DTLS_PSK_IDENTITY:
- memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
- (*credInfo)->num = pskCredsBlob->num;
- memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
+ if (result_length < sizeof(IDENTITY))
+ {
+ printf("ERROR : Wrong value for result for storing IDENTITY");
+ return ret;
+ }
- printf("CAGetDtlsPskCredentials OUT\n");
-}
+ memcpy(result, IDENTITY, sizeof(IDENTITY));
+ ret = sizeof(IDENTITY);
+ break;
-CAResult_t SetCredentials()
-{
- printf("SetCredentials IN\n");
- pskCredsBlob = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
- if (NULL == pskCredsBlob)
- {
- printf("Memory allocation failed!\n");
- return CA_MEMORY_ALLOC_FAILED;
- }
- memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
+ case CA_DTLS_PSK_KEY:
- pskCredsBlob->num = 1;
+ if ((desc_len == sizeof(IDENTITY)) &&
+ memcmp(desc, IDENTITY, sizeof(IDENTITY)) == 0)
+ {
+ if (result_length < sizeof(RS_CLIENT_PSK))
+ {
+ printf("ERROR : Wrong value for result for storing RS_CLIENT_PSK");
+ return ret;
+ }
- pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
- if (NULL == pskCredsBlob->creds)
- {
- printf("Memory allocation failed!\n");
- free(pskCredsBlob);
- return CA_MEMORY_ALLOC_FAILED;
- }
+ memcpy(result, RS_CLIENT_PSK, sizeof(RS_CLIENT_PSK));
+ ret = sizeof(RS_CLIENT_PSK);
+ }
+ break;
- memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
- memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
+ default:
- printf("SetCredentials OUT\n");
- return CA_STATUS_OK;
+ printf("Wrong value passed for PSK_CRED_TYPE.");
+ ret = -1;
+ }
+
+ printf("CAGetDtlsPskCredentials OUT\n");
+ return ret;
}
#endif
return -1;
}
- /*
- * Read DTLS PSK credentials from persistent storage and
- * set in the OC stack.
- */
+ // Set the PSK Credentials callback handler.
#ifdef __WITH_DTLS__
- res = SetCredentials();
- if (CA_STATUS_OK != res)
- {
- printf("SetCredentials failed\n");
- return -1;
- }
-
res = CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials);
if (CA_STATUS_OK != res)
{
CADestroyToken(g_last_request_token);
CATerminate();
-#ifdef __WITH_DTLS__
- clearDtlsCredentialInfo();
-#endif
return 0;
}
* @var g_getCredentialsCallback
* @brief callback to get DTLS credentials
*/
-static CAGetDTLSCredentialsHandler g_getCredentialsCallback = NULL;
+static CAGetDTLSPskCredentialsHandler g_getCredentialsCallback = NULL;
#ifdef __WITH_X509__
/**
}
VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_DTLS_TAG, "GetCredential callback", -1);
- VERIFY_NON_NULL_RET(result, NET_DTLS_TAG, "result", -1);
-
- CADtlsPskCredsBlob_t *credInfo = NULL;
// Retrieve the credentials blob from security module
- g_getCredentialsCallback(&credInfo);
-
- VERIFY_NON_NULL_RET(credInfo, NET_DTLS_TAG, "credInfo is NULL", -1);
- if(NULL == credInfo->creds)
- {
- OIC_LOG(DEBUG, NET_DTLS_TAG, "credentials are NULL");
- memset(credInfo, 0, sizeof(CADtlsPskCredsBlob_t));
- OICFree(credInfo);
- return -1;
- }
+ ret = g_getCredentialsCallback(type, desc, descLen, result, resultLen);
- if ((type == DTLS_PSK_HINT) || (type == DTLS_PSK_IDENTITY))
+ if (ret > 0)
{
- if (DTLS_PSK_ID_LEN <= resultLen)
- {
- memcpy(result, credInfo->identity, DTLS_PSK_ID_LEN);
- ret = DTLS_PSK_ID_LEN;
- }
- }
+ // TODO SRM needs identity of the remote end-point with every data packet to
+ // perform access control management. tinyDTLS 'frees' the handshake parameters
+ // data structure when handshake completes. Therefore, currently this is a
+ // workaround to cache remote end-point identity when tinyDTLS asks for PSK.
+ stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
+ char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
+ uint16_t port = 0;
+ CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
- if ((type == DTLS_PSK_KEY) && (desc) && (descLen == DTLS_PSK_PSK_LEN))
- {
- // Check if we have the credentials for the device with which we
- // are trying to perform a handshake
- for (uint32_t index = 0; index < credInfo->num; index++)
+ if(CA_STATUS_OK != CAAddIdToPeerInfoList(peerAddr, port, desc, descLen) )
{
- if (memcmp(desc, credInfo->creds[index].id, DTLS_PSK_ID_LEN) == 0)
- {
- // TODO SRM needs identity of the remote end-point with every data packet to
- // perform access control management. tinyDTLS 'frees' the handshake parameters
- // data structure when handshake completes. Therefore, currently this is a
- // workaround to cache remote end-point identity when tinyDTLS asks for PSK.
- stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
- char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
- uint16_t port = 0;
- CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
-
- if(CA_STATUS_OK != CAAddIdToPeerInfoList(peerAddr, port, desc, descLen) )
- {
- OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
- }
- memcpy(result, credInfo->creds[index].psk, DTLS_PSK_PSK_LEN);
- ret = DTLS_PSK_PSK_LEN;
- }
+ OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
}
}
- // Erase sensitive data before freeing.
- memset(credInfo->creds, 0, sizeof(OCDtlsPskCreds) * (credInfo->num));
- OICFree(credInfo->creds);
-
- memset(credInfo, 0, sizeof(CADtlsPskCredsBlob_t));
- OICFree(credInfo);
- credInfo = NULL;
-
return ret;
}
OIC_LOG(DEBUG, NET_DTLS_TAG, "OUT");
}
-void CADTLSSetCredentialsCallback(CAGetDTLSCredentialsHandler credCallback)
+void CADTLSSetCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback)
{
// TODO Does this method needs protection of DtlsContextMutex ?
OIC_LOG(DEBUG, NET_DTLS_TAG, "IN");
#ifdef __WITH_DTLS__
// CAAdapterNetDTLS will register the callback.
// Taking callback all the way through adapters not the right approach, hence calling here.
-extern void CADTLSSetCredentialsCallback(CAGetDTLSCredentialsHandler credCallback);
+extern void CADTLSSetCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback);
#endif
#ifdef __WITH_X509__
}
#ifdef __WITH_DTLS__
-CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSCredentialsHandler GetDTLSCredentialsHandler)
+CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSPskCredentialsHandler GetDTLSCredentialsHandler)
{
OIC_LOG(DEBUG, TAG, "CARegisterDTLSCredentialsHandler");
#ifdef __WITH_DTLS__
-/**
- * @def RS_IDENTITY
- * @brief
- */
-#define IDENTITY ("1111111111111111")
-/* @def RS_CLIENT_PSK
- * @brief
- */
-#define RS_CLIENT_PSK ("AAAAAAAAAAAAAAAA")
-
-static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
-
-void clearDtlsCredentialInfo()
-{
- printf("clearDtlsCredentialInfo IN\n");
- if (pskCredsBlob)
- {
- // Initialize sensitive data to zeroes before freeing.
- memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
- free(pskCredsBlob->creds);
+// Iotivity Device Identity.
+const unsigned char IDENTITY[] = ("1111111111111111");
- memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
- free(pskCredsBlob);
- pskCredsBlob = NULL;
- }
- printf("clearDtlsCredentialInfo OUT\n");
-}
+// PSK between this device and peer device.
+const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
-// Internal API. Invoked by OC stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+// Internal API. Invoked by CA stack to retrieve credentials from this module
+int32_t CAGetDtlsPskCredentials( CADtlsPskCredType_t type,
+ const unsigned char *desc, size_t desc_len,
+ unsigned char *result, size_t result_length)
{
printf("CAGetDtlsPskCredentials IN\n");
- if (pskCredsBlob != NULL)
+ int32_t ret = -1;
+
+ if (NULL == result)
{
- *credInfo = pskCredsBlob;
+ return ret;
}
- printf("CAGetDtlsPskCredentials OUT\n");
-}
-
-int32_t SetCredentials()
-{
- printf("SetCredentials IN\n");
- pskCredsBlob = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
-
- memset(pskCredsBlob, 0x0, sizeof(CADtlsPskCredsBlob_t));
- memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
-
- pskCredsBlob->num = 1;
-
- pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
+ switch (type)
+ {
+ case CA_DTLS_PSK_HINT:
+ case CA_DTLS_PSK_IDENTITY:
+
+ if (result_length < sizeof(IDENTITY))
+ {
+ printf("ERROR : Wrong value for result for storing IDENTITY");
+ return ret;
+ }
+
+ memcpy(result, IDENTITY, sizeof(IDENTITY));
+ ret = sizeof(IDENTITY);
+ break;
+
+ case CA_DTLS_PSK_KEY:
+
+ if ((desc_len == sizeof(IDENTITY)) &&
+ memcmp(desc, IDENTITY, sizeof(IDENTITY)) == 0)
+ {
+ if (result_length < sizeof(RS_CLIENT_PSK))
+ {
+ printf("ERROR : Wrong value for result for storing RS_CLIENT_PSK");
+ return ret;
+ }
+
+ memcpy(result, RS_CLIENT_PSK, sizeof(RS_CLIENT_PSK));
+ ret = sizeof(RS_CLIENT_PSK);
+ }
+ break;
+
+ default:
+
+ printf("Wrong value passed for PSK_CRED_TYPE.");
+ ret = -1;
+ }
- memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
- memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
- printf("SetCredentials OUT\n");
- return 1;
+ printf("CAGetDtlsPskCredentials OUT\n");
+ return ret;
}
-#endif
+#endif //__WITH_DTLS__
int main(int argc, char **argv)
{
TEST_F(CATests, RegisterDTLSCredentialsHandlerTest)
{
#ifdef __WITH_DTLS__
- if (SetCredentials() == 0)
- {
- printf("SetCredentials failed\n");
- }
-
EXPECT_EQ(CA_STATUS_OK, CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials));
#endif
}
#ifndef IOTVT_SRM_CREDR_H
#define IOTVT_SRM_CREDR_H
-#include "ocsecurityconfig.h"
#include "cainterface.h"
#include "securevirtualresourcetypes.h"
#include "octypes.h"
* This internal callback is used by lower stack (i.e. CA layer) to
* retrieve PSK credentials from RI security layer.
*
- * Note: When finished, caller should initialize memory to zeroes and
- * invoke OCFree to delete @p credInfo.
+ * @param[in] type type of PSK data required by CA layer during DTLS handshake.
+ * @param[in] desc Additional request information.
+ * @param[in] desc_len The actual length of desc.
+ * @param[out] result Must be filled with the requested information.
+ * @param[in] result_length Maximum size of @p result.
*
- * @param credInfo
- * binary blob containing PSK credentials
- *
- * @retval none
+ * @return The number of bytes written to @p result or a value
+ * less than zero on error.
*/
-void GetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo);
+int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
+ const unsigned char *desc, size_t desc_len,
+ unsigned char *result, size_t result_length);
/**
* Add temporal PSK to PIN based OxM
#include <memory.h>
#include "ocstack.h"
-#include "ocsecurityconfig.h"
#include "securevirtualresourcetypes.h"
#include "doxmresource.h"
#include "credresource.h"
* This internal callback is used by lower stack (i.e. CA layer) to
* retrieve PSK credentials from RI security layer.
*
- * Note: When finished, caller should initialize memory to zeros and
- * invoke OICFree to delete @p credInfo.
+ * @param[in] type type of PSK data required by tinyDTLS layer during DTLS handshake.
+ * @param[in] desc Additional request information.
+ * @param[in] desc_len The actual length of desc.
+ * @param[out] result Must be filled with the requested information.
+ * @param[in] result_length Maximum size of @p result.
*
- * @param credInfo
- * binary blob containing PSK credentials
- *
- * @retval none
+ * @return The number of bytes written to @p result or a value
+ * less than zero on error.
*/
-void GetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
+ const unsigned char *desc, size_t desc_len,
+ unsigned char *result, size_t result_length)
{
- CADtlsPskCredsBlob_t * caBlob = NULL;
- if(credInfo)
- {
- caBlob = (CADtlsPskCredsBlob_t *)OICCalloc(sizeof(CADtlsPskCredsBlob_t), 1);
- if (caBlob)
- {
- OicUuid_t deviceID = {.id={}};
+ int32_t ret = -1;
- // Retrieve Device ID from doxm resource and copy in PSK creds blob
- VERIFY_SUCCESS(TAG, GetDoxmDeviceID(&deviceID) == OC_STACK_OK, ERROR);
- memcpy(caBlob->identity, deviceID.id, sizeof(caBlob->identity));
+ if (NULL == result)
+ {
+ return ret;
+ }
- OicSecCred_t *cred = NULL;
- size_t count = 0;
- LL_FOREACH(gCred, cred)
+ switch (type)
+ {
+ case CA_DTLS_PSK_HINT:
+ case CA_DTLS_PSK_IDENTITY:
{
- // Currently, Iotivity supports only symmetric pair wise key credentials
- if (cred->credType == SYMMETRIC_PAIR_WISE_KEY)
+ OicUuid_t deviceID = {.id={}};
+ // Retrieve Device ID from doxm resource
+ if ( OC_STACK_OK != GetDoxmDeviceID(&deviceID) )
{
- ++count;
+ OC_LOG (ERROR, TAG, "Unable to retrieve doxm Device ID");
+ return ret;
}
+
+ if (result_length < sizeof(deviceID.id))
+ {
+ OC_LOG (ERROR, TAG, "Wrong value for result_length");
+ return ret;
+ }
+ memcpy(result, deviceID.id, sizeof(deviceID.id));
+ return (sizeof(deviceID.id));
}
- caBlob->num = count;
- if (caBlob->num)
- {
- caBlob->creds =
- (OCDtlsPskCreds*) OICMalloc(caBlob->num * sizeof(OCDtlsPskCreds));
- VERIFY_NON_NULL(TAG, caBlob->creds, ERROR);
+ break;
- unsigned int i = 0;
+ case CA_DTLS_PSK_KEY:
+ {
+ OicSecCred_t *cred = NULL;
LL_FOREACH(gCred, cred)
{
- if ((cred->credType == SYMMETRIC_PAIR_WISE_KEY) &&
- (i < count))
-
+ if (cred->credType != SYMMETRIC_PAIR_WISE_KEY)
{
- // Copy subject ID
- memcpy(caBlob->creds[i].id, cred->subject.id,
- sizeof(caBlob->creds[i].id));
+ continue;
+ }
- // Convert PSK from JSON to binary before copying
+ if ((desc_len == sizeof(cred->subject.id)) &&
+ (memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
+ {
+ // Convert PSK from Base64 encoding to binary before copying
uint32_t outLen = 0;
B64Result b64Ret = b64Decode(cred->privateData.data,
- strlen(cred->privateData.data), caBlob->creds[i].psk,
- sizeof(caBlob->creds[i].psk), &outLen);
- VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
- i++;
+ strlen(cred->privateData.data), result,
+ result_length, &outLen);
+ if (B64_OK != b64Ret)
+ {
+ OC_LOG (ERROR, TAG, "Base64 decoding failed.");
+ ret = -1;
+ return ret;
+ }
+ return outLen;
}
}
}
- }
- *credInfo = caBlob;
- // Return from here after making the credential list
- return;
- }
+ break;
-exit:
- if (caBlob)
- {
- memset(caBlob->creds, 0, caBlob->num * sizeof(OCDtlsPskCreds));
- OICFree(caBlob->creds);
+ default:
+ {
+ OC_LOG (ERROR, TAG, "Wrong value passed for CADtlsPskCredType_t.");
+ ret = -1;
+ }
+ break;
}
- OICFree(caBlob);
+
+ return ret;
}
/**