Added workaround to enable security in CA branch

Currently there is a disconnect in the data structure used between RI
layer and CA layer to convey DTLS PSK credentials. We cannot update this
data structure in CA layer until all reviews of CA layer is completed.
This inhibits security testing of CA branch. Adding this workaround until
an update happens in CA layer to use common data structure.

Change-Id: Ieb17043c6ab3a32961133c5e009f5c06d968979f
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/369
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Sakthivel Samidurai <sakthivel.samidurai@intel.com>
Reviewed-by: Sudarshan Prasad <sudarshan.prasad@intel.com>

diff --git a/resource/csdk/SConscript b/resource/csdk/SConscript
index 1466f72..c1b81b9 100644 (file)
--- a/resource/csdk/SConscript
+++ b/resource/csdk/SConscript
@@ -44,6 +44,8 @@ if target_os not in ['windows', 'winrt']:
 liboctbstack_env.AppendUnique(LIBPATH = [env.get('BUILD_DIR')])
 liboctbstack_env.AppendUnique(LIBS = ['coap', 'm'])
 
+liboctbstack_env.AppendUnique(CPPDEFINES = ['CA_SEC_MERGE_WORKAROUND'])
+
 if target_os == 'arduino':
        liboctbstack_env.AppendUnique(CPPDEFINES = ['NDEBUG', 'WITH_ARDUINO'])
 else:

diff --git a/resource/csdk/security/include/internal/ocsecurityinternal.h b/resource/csdk/security/include/internal/ocsecurityinternal.h
index 8f09546..ca8fe71 100644 (file)
--- a/resource/csdk/security/include/internal/ocsecurityinternal.h
+++ b/resource/csdk/security/include/internal/ocsecurityinternal.h
@@ -23,6 +23,22 @@
 
 #include "ocsecurityconfig.h"
 
+
+#ifdef CA_SEC_MERGE_WORKAROUND
+/**
+ * This is a workaround to enable CA merge into master branch.
+ * This will be removed by updating code in CA library to use updated data structure.
+ */
+typedef struct
+{
+   uint32_t unused;
+   unsigned char identity[DTLS_PSK_ID_LEN];
+   uint32_t num;
+   OCDtlsPskCreds *creds;
+} CADtlsPskCredsBlob;
+#endif //CA_SEC_MERGE_WORKAROUND
+
+
 /**
  * This callback is used by lower stack (i.e. CA layer) to retrieve PSK
  * credentials from RI security layer.

diff --git a/resource/csdk/security/src/ocsecurity.c b/resource/csdk/security/src/ocsecurity.c
index 98187fe..b9eccb6 100644 (file)
--- a/resource/csdk/security/src/ocsecurity.c
+++ b/resource/csdk/security/src/ocsecurity.c
@@ -22,12 +22,26 @@
 #include "ocmalloc.h"
 #include "ocsecurity.h"
 #include "ocsecurityconfig.h"
+#ifdef CA_SEC_MERGE_WORKAROUND
+#include "ocsecurityinternal.h"
+#endif //CA_SEC_MERGE_WORKAROUND
 #include <string.h>
 
 static OCSecConfigData* secConfigData;
 static int secConfigDataLen;
 
 /**
+ * Currently, there is a disconnect in the data structure used between RI layer
+ * and CA layer to convey DTLS PSK credentials. We cannot update this data
+ * structure until all reviews of CA layer is completed. To enable security
+ * feature in CA branch this workaround is added as a temporary stop-gap.
+ *
+ */
+#ifdef CA_SEC_MERGE_WORKAROUND
+static CADtlsPskCredsBlob *caBlob;
+#endif //CA_SEC_MERGE_WORKAROUND
+
+/**
  * This internal API removes/clears the global variable holding the security
  * config data. This needs to be invoked when OIC stack is shutting down.
  *
@@ -43,6 +57,15 @@ void DeinitOCSecurityInfo()
         OCFree(secConfigData);
         secConfigData = NULL;
     }
+
+#ifdef CA_SEC_MERGE_WORKAROUND
+    if (caBlob)
+    {
+        OCFree(caBlob->creds);
+    }
+    OCFree(caBlob);
+#endif
+
 }
 
 /**
@@ -67,6 +90,27 @@ void GetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
         {
             if (osb->type == OC_BLOB_TYPE_PSK)
             {
+#ifdef CA_SEC_MERGE_WORKAROUND
+                OCDtlsPskCredsBlob * ocBlob = (OCDtlsPskCredsBlob *)osb->val;
+                if (!caBlob)
+                {
+                    caBlob = (CADtlsPskCredsBlob *)OCCalloc(sizeof(CADtlsPskCredsBlob), 1);
+                    if (caBlob)
+                    {
+                        memcpy(caBlob->identity, ocBlob->identity, sizeof(caBlob->identity));
+                        caBlob->num = ocBlob->num;
+                        caBlob->creds =
+                            (OCDtlsPskCreds*) OCMalloc(caBlob->num * sizeof(OCDtlsPskCreds));
+                        if (caBlob->creds)
+                        {
+                            memcpy(caBlob->creds, ocBlob->creds,
+                                    caBlob->num * sizeof(OCDtlsPskCreds));
+                        }
+                    }
+                }
+                *credInfo = caBlob;
+                break;
+#else
                 OCDtlsPskCredsBlob * blob;
                 blob = (OCDtlsPskCredsBlob *)OCMalloc(osb->len);
                 if (blob)
@@ -75,6 +119,7 @@ void GetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
                     *credInfo = blob;
                     break;
                 }
+#endif //CA_SEC_MERGE_WORKAROUND
             }
             osb = config_data_next_blob(osb);
         }