liboctbstack_env.AppendUnique(LIBPATH = [env.get('BUILD_DIR')])
liboctbstack_env.AppendUnique(LIBS = ['coap', 'm'])
-liboctbstack_env.AppendUnique(CPPDEFINES = ['CA_SEC_MERGE_WORKAROUND'])
-
if target_os == 'arduino':
liboctbstack_env.AppendUnique(CPPDEFINES = ['NDEBUG', 'WITH_ARDUINO'])
else:
const CAResponseInfo_t *responseInfo);
#ifdef __WITH_DTLS__
+
+/**
+ * Binary blob containing device identity and the credentials for all devices
+ * trusted by this device.
+ */
+typedef struct
+{
+ unsigned char identity[DTLS_PSK_ID_LEN]; /** identity of self */
+ uint32_t num; /** number of credentials in this blob */
+ OCDtlsPskCreds *creds; /** list of credentials. Size of this
+ array is determined by 'num' variable. */
+} CADtlsPskCredsBlob_t;
+
/**
* @brief Callback function type for getting DTLS credentials.
- * @param credInfo [OUT] DTLS credentials info
+ * @param credInfo [OUT] DTLS credentials info. Handler has to allocate new memory for
+ * both credInfo and credInfo->creds which is then freed by CA
* @return NONE
*/
-typedef void (*CAGetDTLSCredentialsHandler)(OCDtlsPskCredsBlob **credInfo);
+typedef void (*CAGetDTLSCredentialsHandler)(CADtlsPskCredsBlob_t **credInfo);
#endif //__WITH_DTLS__
/**
* @param requestInfo [IN] Information for the request.
* @return #CA_STATUS_OK #CA_STATUS_FAILED #CA_MEMORY_ALLOC_FAILED
*/
-CAResult_t CASendRequest(const CARemoteEndpoint_t *object,const CARequestInfo_t *requestInfo);
+CAResult_t CASendRequest(const CARemoteEndpoint_t *object, const CARequestInfo_t *requestInfo);
/**
* @brief Send control Request on a resource to multicast group
*/
typedef struct
{
- uint16_t blobVer; /**< version of the blob */
- uint16_t reserved; /**< reserved for future use */
- unsigned char identity[DTLS_PSK_ID_LEN]; /**< identity of self */
- uint32_t num; /**< number of credentials in this blob */
- OCDtlsPskCreds *creds; /**< list of credentials. Size of this
- array is determined by 'num' variable. */
+ unsigned char identity[DTLS_PSK_ID_LEN]; /** identity of self */
+ uint32_t num; /** number of credentials in this blob */
+ OCDtlsPskCreds creds[1]; /** list of credentials. Size of this
+ array is determined by 'num' variable. */
} OCDtlsPskCredsBlob;
-
#endif //OC_SECURITY_CONFIG_H
}
#ifdef __WITH_DTLS__
-static OCDtlsPskCredsBlob *pskCredsBlob = NULL;
+static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
void clearDtlsCredentialInfo()
{
if (pskCredsBlob)
{
// Initialize sensitive data to zeroes before freeing.
- if (pskCredsBlob->creds != NULL)
+ if (pskCredsBlob->creds)
{
- memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCredsBlob)*(pskCredsBlob->num));
+ memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds)*(pskCredsBlob->num));
free(pskCredsBlob->creds);
}
- memset(pskCredsBlob, 0, sizeof(OCDtlsPskCredsBlob));
+ memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
free(pskCredsBlob);
pskCredsBlob = NULL;
}
LOGI("clearDtlsCredentialInfo OUT\n");
}
-// Internal API. Invoked by OC stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
+// Internal API. Invoked by CA stack to retrieve credentials from this module
+void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
{
LOGI("CAGetDtlsPskCredentials IN\n");
+ if(!credInfo)
+ {
+ LOGE("Invalid credential container");
+ return;
+ }
+
+ *credInfo = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
+ if (NULL == *credInfo)
+ {
+ LOGE("Failed to allocate credential blob.");
+ return;
+ }
+
+ int16_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
+ (*credInfo)->creds = (OCDtlsPskCreds *)malloc(credLen);
+ if (NULL == (*credInfo)->creds)
+ {
+ LOGE("Failed to allocate crentials.");
+ free(*credInfo);
+ *credInfo = NULL;
+ return;
+ }
- *credInfo = pskCredsBlob;
+ memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
+ (*credInfo)->num = pskCredsBlob->num;
+ memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
LOGI("CAGetDtlsPskCredentials OUT\n");
}
-int32_t SetCredentials()
+bool SetCredentials()
{
LOGI("SetCredentials IN\n");
- pskCredsBlob = (OCDtlsPskCredsBlob *)calloc(1, sizeof(OCDtlsPskCredsBlob));
+ pskCredsBlob = (CADtlsPskCredsBlob_t *)calloc(1, sizeof(CADtlsPskCredsBlob_t));
if (NULL == pskCredsBlob)
{
- LOGI("Memory allocation failed!\n");
- return -1;
+ LOGE("Memory allocation failed!\n");
+ return false;
}
- memcpy(pskCredsBlob->rsIdentity, IDENTITY, DTLS_PSK_ID_LEN);
-
+ memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
pskCredsBlob->num = 1;
- pskCredsBlob->creds = (OCDtlsPskCredsBlob *)malloc(sizeof(OCDtlsPskCredsBlob) *
- (pskCredsBlob->num));
+ pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
if (NULL == pskCredsBlob->creds)
{
- LOGI("Memory allocation failed!\n");
- return -1;
+ LOGE("Memory allocation failed!\n");
+ free(pskCredsBlob);
+ return false;
}
- uint32_t i;
- for (i = 0; i < pskCredsBlob->num; i++)
- {
- memcpy(pskCredsBlob->creds[i].id, IDENTITY, DTLS_PSK_ID_LEN);
- memcpy(pskCredsBlob->creds[i].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
- }
+ memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
+ memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
+
LOGI("SetCredentials OUT\n");
- return 1;
+ return true;
}
#endif
CAResult_t res;
#ifdef __WITH_DTLS__
- if (SetCredentials() != 1)
+ if (true != SetCredentials())
{
LOGI("SetCredentials failed\n");
return;
"\"if\":[\"oc.mi.def\"],\"obs\":1}}]}";
#ifdef __WITH_DTLS__
-static OCDtlsPskCredsBlob *pskCredsBlob = NULL;
+static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
void clearDtlsCredentialInfo()
{
free(pskCredsBlob->creds);
}
- memset(pskCredsBlob, 0, sizeof(OCDtlsPskCredsBlob));
+ memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
free(pskCredsBlob);
pskCredsBlob = NULL;
}
printf("clearDtlsCredentialInfo OUT\n");
}
-// Internal API. Invoked by OC stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
+// Internal API. Invoked by CA stack to retrieve credentials from this module
+void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
{
printf("CAGetDtlsPskCredentials IN\n");
+ if(!credInfo)
+ {
+ printf("Invalid credential container");
+ return;
+ }
- if (pskCredsBlob != NULL)
+ *credInfo = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
+ if (NULL == *credInfo)
{
- *credInfo = pskCredsBlob;
+ printf("Failed to allocate credential blob.");
+ return;
}
+ size_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
+ (*credInfo)->creds = (OCDtlsPskCreds *)malloc(credLen);
+ if (NULL == (*credInfo)->creds)
+ {
+ printf("Failed to allocate credentials.");
+ free(*credInfo);
+ *credInfo = NULL;
+ return;
+ }
+
+ memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
+ (*credInfo)->num = pskCredsBlob->num;
+ memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
+
printf("CAGetDtlsPskCredentials OUT\n");
}
+
CAResult_t SetCredentials()
{
printf("SetCredentials IN\n");
- pskCredsBlob = (OCDtlsPskCredsBlob *)calloc(1, sizeof(OCDtlsPskCredsBlob));
+ pskCredsBlob = (CADtlsPskCredsBlob_t *)calloc(1, sizeof(CADtlsPskCredsBlob_t));
if (NULL == pskCredsBlob)
- {
+ {
printf("Memory allocation failed!\n");
return CA_MEMORY_ALLOC_FAILED;
}
memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
+
pskCredsBlob->num = 1;
pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
if (NULL == pskCredsBlob->creds)
{
printf("Memory allocation failed!\n");
+ free(pskCredsBlob);
return CA_MEMORY_ALLOC_FAILED;
}
"\"if\":[\"oc.mi.def\"],\"obs\":1}}]}";
#ifdef __WITH_DTLS__
-static OCDtlsPskCredsBlob *pskCredsBlob = NULL;
+static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
void ClearDtlsCredentialInfo()
{
if (pskCredsBlob)
{
// Initialize sensitive data to zeroes before freeing.
- memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
- free(pskCredsBlob->creds);
+ if (pskCredsBlob->creds)
+ {
+ memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
+ free(pskCredsBlob->creds);
+ }
- memset(pskCredsBlob, 0, sizeof(OCDtlsPskCredsBlob));
+ memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
free(pskCredsBlob);
pskCredsBlob = NULL;
}
printf("clearDtlsCredentialInfo OUT\n");
}
-// Internal API. Invoked by OC stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
+// Internal API. Invoked by CA stack to retrieve credentials from this module
+void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
{
printf("CAGetDtlsPskCredentials IN\n");
-
if(!credInfo)
{
- printf("Memory is not allocated for credInfo\n");
+ printf("Invalid credential container");
+ return;
+ }
+
+ *credInfo = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
+ if (NULL == *credInfo)
+ {
+ printf("Failed to allocate credential blob.");
+ return;
+ }
+
+ int16_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
+ (*credInfo)->creds = (OCDtlsPskCreds *)malloc(credLen);
+ if (NULL == (*credInfo)->creds)
+ {
+ printf("Failed to allocate credentials.");
+ free(*credInfo);
+ *credInfo = NULL;
return;
}
- *credInfo = pskCredsBlob;
+ memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
+ (*credInfo)->num = pskCredsBlob->num;
+ memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
printf("CAGetDtlsPskCredentials OUT\n");
}
bool SetCredentials()
{
printf("SetCredentials IN\n");
- pskCredsBlob = (OCDtlsPskCredsBlob *)malloc(sizeof(OCDtlsPskCredsBlob));
-
- if(!pskCredsBlob)
+ pskCredsBlob = (CADtlsPskCredsBlob_t *)calloc(1, sizeof(CADtlsPskCredsBlob_t));
+ if (NULL == pskCredsBlob)
{
- printf("Memory allocation is failed\n");
- return 0;
+ printf("Memory allocation failed!\n");
+ return false;
}
- memset(pskCredsBlob, 0x0, sizeof(OCDtlsPskCredsBlob));
memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
-
pskCredsBlob->num = 1;
pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
-
- if(!pskCredsBlob->creds)
+ if (NULL == pskCredsBlob->creds)
{
- printf("Memory allocation is failed\n");
- return 0;
+ printf("Memory allocation failed!\n");
+ free(pskCredsBlob);
+ return false;
}
-
memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
printf("SetCredentials OUT\n");
- return 1;
+ return true;
}
#endif
* set in the OC stack.
*/
#ifdef __WITH_DTLS__
- if (SetCredentials() == 0)
+ if (SetCredentials() == false)
{
printf("SetCredentials failed\n");
return 1;
VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_DTLS_TAG, "GetCredential callback", -1);
VERIFY_NON_NULL_RET(result, NET_DTLS_TAG, "result", -1);
- OCDtlsPskCredsBlob *credInfo = NULL;
+ CADtlsPskCredsBlob_t *credInfo = NULL;
// Retrieve the credentials blob from security module
- // OCGetDtlsPskCredentials(&credInfo);
g_getCredentialsCallback(&credInfo);
- VERIFY_NON_NULL_RET(credInfo, NET_DTLS_TAG, "CAGetDtlsPskCredentials credInfo is NULL", -1);
+ VERIFY_NON_NULL_RET(credInfo, NET_DTLS_TAG, "credInfo is NULL", -1);
+ if(NULL == credInfo->creds)
+ {
+ OIC_LOG(DEBUG, NET_DTLS_TAG, "credentials are NULL");
+ memset(credInfo, 0, sizeof(CADtlsPskCredsBlob_t));
+ OICFree(credInfo);
+ return -1;
+ }
if ((type == DTLS_PSK_HINT) || (type == DTLS_PSK_IDENTITY))
{
if ((type == DTLS_PSK_KEY) && (desc) && (descLen == DTLS_PSK_PSK_LEN))
{
- //Check if we have the credentials for the device with which we
- //are trying to perform a handshake
+ // Check if we have the credentials for the device with which we
+ // are trying to perform a handshake
int index = 0;
for (index = 0; index < credInfo->num; index++)
{
}
}
+ // Erase sensitive data before freeing.
+ memset(credInfo->creds, 0, sizeof(OCDtlsPskCreds) * (credInfo->num));
+ OICFree(credInfo->creds);
+
+ memset(credInfo, 0, sizeof(CADtlsPskCredsBlob_t));
+ OICFree(credInfo);
+ credInfo = NULL;
+
return ret;
}
"\"if\":[\"oc.mi.def\"],\"obs\":1}}]}";
#ifdef __WITH_DTLS__
-static OCDtlsPskCredsBlob *pskCredsBlob = NULL;
+
+/**
+ * @def RS_IDENTITY
+ * @brief
+ */
+#define IDENTITY ("1111111111111111")
+/* @def RS_CLIENT_PSK
+ * @brief
+ */
+#define RS_CLIENT_PSK ("AAAAAAAAAAAAAAAA")
+
+static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
void clearDtlsCredentialInfo()
{
memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
free(pskCredsBlob->creds);
- memset(pskCredsBlob, 0, sizeof(OCDtlsPskCredsBlob));
+ memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
free(pskCredsBlob);
pskCredsBlob = NULL;
}
}
// Internal API. Invoked by OC stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
+void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
{
printf("CAGetDtlsPskCredentials IN\n");
int32_t SetCredentials()
{
printf("SetCredentials IN\n");
- pskCredsBlob = (OCDtlsPskCredsBlob *)malloc(sizeof(OCDtlsPskCredsBlob));
+ pskCredsBlob = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
- memset(pskCredsBlob, 0x0, sizeof(OCDtlsPskCredsBlob));
+ memset(pskCredsBlob, 0x0, sizeof(CADtlsPskCredsBlob_t));
memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
pskCredsBlob->num = 1;
if (SetCredentials() == 0)
{
printf("SetCredentials failed\n");
- return 0;
}
- res = CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials);
EXPECT_EQ(CA_STATUS_OK, CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials));
#endif
}
#include "ocsecurityconfig.h"
-
-#ifdef CA_SEC_MERGE_WORKAROUND
-/**
- * This is a workaround to enable CA merge into master branch.
- * This will be removed by updating code in CA library to use updated data structure.
- */
-typedef struct
-{
- uint32_t unused;
- unsigned char identity[DTLS_PSK_ID_LEN];
- uint32_t num;
- OCDtlsPskCreds *creds;
-} CADtlsPskCredsBlob;
-#endif //CA_SEC_MERGE_WORKAROUND
-
-
/**
* This callback is used by lower stack (i.e. CA layer) to retrieve PSK
* credentials from RI security layer.
*
* @retval none
*/
-void GetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo);
+#ifdef __WITH_DTLS__
+void GetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo);
+#endif //__WITH_DTLS__
/**
#include "ocmalloc.h"
#include "ocsecurity.h"
#include "ocsecurityconfig.h"
-#ifdef CA_SEC_MERGE_WORKAROUND
-#include "ocsecurityinternal.h"
-#endif //CA_SEC_MERGE_WORKAROUND
+#include "cainterface.h"
#include <string.h>
static OCSecConfigData* secConfigData;
static int secConfigDataLen;
-/**
- * Currently, there is a disconnect in the data structure used between RI layer
- * and CA layer to convey DTLS PSK credentials. We cannot update this data
- * structure until all reviews of CA layer is completed. To enable security
- * feature in CA branch this workaround is added as a temporary stop-gap.
- *
- */
-#ifdef CA_SEC_MERGE_WORKAROUND
-static CADtlsPskCredsBlob *caBlob;
-#endif //CA_SEC_MERGE_WORKAROUND
/**
* This internal API removes/clears the global variable holding the security
OCFree(secConfigData);
secConfigData = NULL;
}
-
-#ifdef CA_SEC_MERGE_WORKAROUND
- if (caBlob)
- {
- OCFree(caBlob->creds);
- }
- OCFree(caBlob);
-#endif
-
}
/**
*
* @retval none
*/
-void GetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
+#ifdef __WITH_DTLS__
+void GetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
{
+ // CA layer interface publishes security data structures ONLY if
+ // stack is compiled in SECURED mode
+ CADtlsPskCredsBlob_t * caBlob = NULL;
if(secConfigData && credInfo)
{
unsigned int i = 0;
{
if (osb->type == OC_BLOB_TYPE_PSK)
{
-#ifdef CA_SEC_MERGE_WORKAROUND
- OCDtlsPskCredsBlob * ocBlob = (OCDtlsPskCredsBlob *)osb->val;
- if (!caBlob)
+ caBlob = (CADtlsPskCredsBlob_t *)OCCalloc(sizeof(CADtlsPskCredsBlob_t), 1);
+ if (caBlob)
{
- caBlob = (CADtlsPskCredsBlob *)OCCalloc(sizeof(CADtlsPskCredsBlob), 1);
- if (caBlob)
+ OCDtlsPskCredsBlob * ocBlob = (OCDtlsPskCredsBlob *)osb->val;
+
+ memcpy(caBlob->identity, ocBlob->identity, sizeof(caBlob->identity));
+ caBlob->num = ocBlob->num;
+ caBlob->creds =
+ (OCDtlsPskCreds*) OCMalloc(caBlob->num * sizeof(OCDtlsPskCreds));
+ if (caBlob->creds)
{
- memcpy(caBlob->identity, ocBlob->identity, sizeof(caBlob->identity));
- caBlob->num = ocBlob->num;
- caBlob->creds =
- (OCDtlsPskCreds*) OCMalloc(caBlob->num * sizeof(OCDtlsPskCreds));
- if (caBlob->creds)
- {
- memcpy(caBlob->creds, ocBlob->creds,
- caBlob->num * sizeof(OCDtlsPskCreds));
- }
+ memcpy(caBlob->creds, ocBlob->creds,
+ caBlob->num * sizeof(OCDtlsPskCreds));
+ *credInfo = caBlob;
+ // We copied the credential blob in the CA data structure.
+ // Let's get out of here.
+ return;
}
}
- *credInfo = (OCDtlsPskCredsBlob *) caBlob;
break;
-#else
- OCDtlsPskCredsBlob * blob;
- blob = (OCDtlsPskCredsBlob *)OCMalloc(osb->len);
- if (blob)
- {
- memcpy(blob, osb->val, osb->len);
- *credInfo = blob;
- break;
- }
-#endif //CA_SEC_MERGE_WORKAROUND
}
osb = config_data_next_blob(osb);
}
}
+
+ // Clear memory if any memory allocation failed above
+ if(caBlob)
+ {
+ OCFree(caBlob->creds);
+ OCFree(caBlob);
+ }
}
+#endif //__WITH_DTLS__
/**