Added workaround to enable security in CA branch
authorSachin Agrawal <sachin.agrawal@intel.com>
Thu, 5 Mar 2015 16:44:30 +0000 (08:44 -0800)
committerSudarshan Prasad <sudarshan.prasad@intel.com>
Thu, 5 Mar 2015 17:19:51 +0000 (17:19 +0000)
Currently there is a disconnect in the data structure used between RI
layer and CA layer to convey DTLS PSK credentials. We cannot update this
data structure in CA layer until all reviews of CA layer is completed.
This inhibits security testing of CA branch. Adding this workaround until
an update happens in CA layer to use common data structure.

Change-Id: Ieb17043c6ab3a32961133c5e009f5c06d968979f
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/369
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Sakthivel Samidurai <sakthivel.samidurai@intel.com>
Reviewed-by: Sudarshan Prasad <sudarshan.prasad@intel.com>
resource/csdk/SConscript
resource/csdk/security/include/internal/ocsecurityinternal.h
resource/csdk/security/src/ocsecurity.c

index 1466f72075e0c1edba28264187df5c99491b1291..c1b81b96a962b490f1f86c6dfc91043bb19901b0 100644 (file)
@@ -44,6 +44,8 @@ if target_os not in ['windows', 'winrt']:
 liboctbstack_env.AppendUnique(LIBPATH = [env.get('BUILD_DIR')])
 liboctbstack_env.AppendUnique(LIBS = ['coap', 'm'])
 
+liboctbstack_env.AppendUnique(CPPDEFINES = ['CA_SEC_MERGE_WORKAROUND'])
+
 if target_os == 'arduino':
        liboctbstack_env.AppendUnique(CPPDEFINES = ['NDEBUG', 'WITH_ARDUINO'])
 else:
index 8f09546ad145818324a30d6190982a4a81e4bef1..ca8fe7135c0127ebbcec4ed30e7c1cabb32223de 100644 (file)
 
 #include "ocsecurityconfig.h"
 
+
+#ifdef CA_SEC_MERGE_WORKAROUND
+/**
+ * This is a workaround to enable CA merge into master branch.
+ * This will be removed by updating code in CA library to use updated data structure.
+ */
+typedef struct
+{
+   uint32_t unused;
+   unsigned char identity[DTLS_PSK_ID_LEN];
+   uint32_t num;
+   OCDtlsPskCreds *creds;
+} CADtlsPskCredsBlob;
+#endif //CA_SEC_MERGE_WORKAROUND
+
+
 /**
  * This callback is used by lower stack (i.e. CA layer) to retrieve PSK
  * credentials from RI security layer.
index 98187fe1ad972c7614d81fe88b5b87104b7d9e85..b9eccb6a165c138d0b0e12b48027f93b83b9fa65 100644 (file)
 #include "ocmalloc.h"
 #include "ocsecurity.h"
 #include "ocsecurityconfig.h"
+#ifdef CA_SEC_MERGE_WORKAROUND
+#include "ocsecurityinternal.h"
+#endif //CA_SEC_MERGE_WORKAROUND
 #include <string.h>
 
 static OCSecConfigData* secConfigData;
 static int secConfigDataLen;
 
+/**
+ * Currently, there is a disconnect in the data structure used between RI layer
+ * and CA layer to convey DTLS PSK credentials. We cannot update this data
+ * structure until all reviews of CA layer is completed. To enable security
+ * feature in CA branch this workaround is added as a temporary stop-gap.
+ *
+ */
+#ifdef CA_SEC_MERGE_WORKAROUND
+static CADtlsPskCredsBlob *caBlob;
+#endif //CA_SEC_MERGE_WORKAROUND
+
 /**
  * This internal API removes/clears the global variable holding the security
  * config data. This needs to be invoked when OIC stack is shutting down.
@@ -43,6 +57,15 @@ void DeinitOCSecurityInfo()
         OCFree(secConfigData);
         secConfigData = NULL;
     }
+
+#ifdef CA_SEC_MERGE_WORKAROUND
+    if (caBlob)
+    {
+        OCFree(caBlob->creds);
+    }
+    OCFree(caBlob);
+#endif
+
 }
 
 /**
@@ -67,6 +90,27 @@ void GetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
         {
             if (osb->type == OC_BLOB_TYPE_PSK)
             {
+#ifdef CA_SEC_MERGE_WORKAROUND
+                OCDtlsPskCredsBlob * ocBlob = (OCDtlsPskCredsBlob *)osb->val;
+                if (!caBlob)
+                {
+                    caBlob = (CADtlsPskCredsBlob *)OCCalloc(sizeof(CADtlsPskCredsBlob), 1);
+                    if (caBlob)
+                    {
+                        memcpy(caBlob->identity, ocBlob->identity, sizeof(caBlob->identity));
+                        caBlob->num = ocBlob->num;
+                        caBlob->creds =
+                            (OCDtlsPskCreds*) OCMalloc(caBlob->num * sizeof(OCDtlsPskCreds));
+                        if (caBlob->creds)
+                        {
+                            memcpy(caBlob->creds, ocBlob->creds,
+                                    caBlob->num * sizeof(OCDtlsPskCreds));
+                        }
+                    }
+                }
+                *credInfo = caBlob;
+                break;
+#else
                 OCDtlsPskCredsBlob * blob;
                 blob = (OCDtlsPskCredsBlob *)OCMalloc(osb->len);
                 if (blob)
@@ -75,6 +119,7 @@ void GetDtlsPskCredentials(OCDtlsPskCredsBlob **credInfo)
                     *credInfo = blob;
                     break;
                 }
+#endif //CA_SEC_MERGE_WORKAROUND
             }
             osb = config_data_next_blob(osb);
         }