From: Minji Park Date: Wed, 23 Nov 2016 10:53:28 +0000 (+0900) Subject: [IOT-1593] TLS ports and CA_SECURE flag added for secure socket accept X-Git-Tag: 1.2.1~40 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=594eb6b56aaf37aea01718ea280d5877fe7dc7f9;p=platform%2Fupstream%2Fiotivity.git [IOT-1593] TLS ports and CA_SECURE flag added for secure socket accept - TLS port and secure flag added in tcp server - TLS port information added in discovery payload Change-Id: Ib409e069869c52e10f1bd99d35cd6f94ab90fff2 Signed-off-by: Minji Park Reviewed-on: https://gerrit.iotivity.org/gerrit/14667 Reviewed-by: Jaehong Jo Tested-by: jenkins-iotivity Reviewed-by: Phil Coval Reviewed-by: Ziran Sun --- diff --git a/resource/csdk/connectivity/api/cacommon.h b/resource/csdk/connectivity/api/cacommon.h old mode 100644 new mode 100755 index 9fd62d1..1f31730 --- a/resource/csdk/connectivity/api/cacommon.h +++ b/resource/csdk/connectivity/api/cacommon.h @@ -528,7 +528,9 @@ typedef struct struct tcpports { uint16_t u4; /**< unicast IPv4 socket port */ + uint16_t u4s; /**< unicast IPv6 socket secure port */ uint16_t u6; /**< unicast IPv6 socket port */ + uint16_t u6s; /**< unicast IPv6 socket secure port */ } tcp; #endif } CAPorts_t; @@ -591,7 +593,9 @@ typedef struct { void *threadpool; /**< threadpool between Initialize and Start */ CASocket_t ipv4; /**< IPv4 accept socket */ + CASocket_t ipv4s; /**< IPv4 accept socket secure */ CASocket_t ipv6; /**< IPv6 accept socket */ + CASocket_t ipv6s; /**< IPv6 accept socket secure */ void *svrlist; /**< unicast IPv4 TCP server information*/ int selectTimeout; /**< in seconds */ int listenBacklog; /**< backlog counts*/ diff --git a/resource/csdk/connectivity/src/tcp_adapter/catcpadapter.c b/resource/csdk/connectivity/src/tcp_adapter/catcpadapter.c old mode 100644 new mode 100755 index 1230ae4..b08d3c0 --- a/resource/csdk/connectivity/src/tcp_adapter/catcpadapter.c +++ b/resource/csdk/connectivity/src/tcp_adapter/catcpadapter.c @@ -294,7 +294,16 @@ void CATCPAdapterHandler(CATransportAdapter_t adapter, CANetworkStatus_t status) static void CAInitializeTCPGlobals() { caglobals.tcp.ipv4.fd = -1; + caglobals.tcp.ipv4s.fd = -1; caglobals.tcp.ipv6.fd = -1; + caglobals.tcp.ipv6s.fd = -1; + + // Set the port number received from application. + caglobals.tcp.ipv4.port = caglobals.ports.tcp.u4; + caglobals.tcp.ipv4s.port = caglobals.ports.tcp.u4s; + caglobals.tcp.ipv6.port = caglobals.ports.tcp.u6; + caglobals.tcp.ipv6s.port = caglobals.ports.tcp.u6s; + caglobals.tcp.selectTimeout = CA_TCP_SELECT_TIMEOUT; caglobals.tcp.listenBacklog = CA_TCP_LISTEN_BACKLOG; caglobals.tcp.svrlist = NULL; @@ -378,10 +387,6 @@ CAResult_t CAStartTCP() // Start network monitoring to receive adapter status changes. CAIPStartNetworkMonitor(CATCPAdapterHandler, CA_ADAPTER_TCP); - // Set the port number received from application. - caglobals.tcp.ipv4.port = caglobals.ports.tcp.u4; - caglobals.tcp.ipv6.port = caglobals.ports.tcp.u6; - #ifndef SINGLE_THREAD if (CA_STATUS_OK != CATCPInitializeQueueHandles()) { diff --git a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c index 7d8e80d..2d56a1c 100644 --- a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c +++ b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c @@ -236,7 +236,9 @@ static void CAFindReadyMessage() FD_ZERO(&readFds); CA_FD_SET(ipv4, &readFds); + CA_FD_SET(ipv4s, &readFds); CA_FD_SET(ipv6, &readFds); + CA_FD_SET(ipv6s, &readFds); if (OC_INVALID_SOCKET != caglobals.tcp.shutdownFds[0]) { @@ -285,11 +287,21 @@ static void CASelectReturned(fd_set *readFds) CAAcceptConnection(CA_IPV4, &caglobals.tcp.ipv4); return; } + else if (caglobals.tcp.ipv4s.fd != -1 && FD_ISSET(caglobals.tcp.ipv4s.fd, readFds)) + { + CAAcceptConnection(CA_IPV4 | CA_SECURE, &caglobals.tcp.ipv4s); + return; + } else if (caglobals.tcp.ipv6.fd != -1 && FD_ISSET(caglobals.tcp.ipv6.fd, readFds)) { CAAcceptConnection(CA_IPV6, &caglobals.tcp.ipv6); return; } + else if (caglobals.tcp.ipv6s.fd != -1 && FD_ISSET(caglobals.tcp.ipv6s.fd, readFds)) + { + CAAcceptConnection(CA_IPV6 | CA_SECURE, &caglobals.tcp.ipv6s); + return; + } else if (-1 != caglobals.tcp.connectionFds[0] && FD_ISSET(caglobals.tcp.connectionFds[0], readFds)) { @@ -1077,11 +1089,17 @@ CAResult_t CATCPStartServer(const ca_thread_pool_t threadPool) if (caglobals.server) { NEWSOCKET(AF_INET, ipv4); + NEWSOCKET(AF_INET, ipv4s); NEWSOCKET(AF_INET6, ipv6); + NEWSOCKET(AF_INET6, ipv6s); OIC_LOG_V(DEBUG, TAG, "IPv4 socket fd=%d, port=%d", caglobals.tcp.ipv4.fd, caglobals.tcp.ipv4.port); + OIC_LOG_V(DEBUG, TAG, "IPv4 secure socket fd=%d, port=%d", + caglobals.tcp.ipv4s.fd, caglobals.tcp.ipv4s.port); OIC_LOG_V(DEBUG, TAG, "IPv6 socket fd=%d, port=%d", caglobals.tcp.ipv6.fd, caglobals.tcp.ipv6.port); + OIC_LOG_V(DEBUG, TAG, "IPv6 secure socket fd=%d, port=%d", + caglobals.tcp.ipv6s.fd, caglobals.tcp.ipv6s.port); } // create pipe for fast shutdown @@ -1135,7 +1153,9 @@ void CATCPStopServer() // close accept socket. CLOSE_SOCKET(ipv4); + CLOSE_SOCKET(ipv4s); CLOSE_SOCKET(ipv6); + CLOSE_SOCKET(ipv6s); if (caglobals.tcp.started) { diff --git a/resource/csdk/stack/include/octypes.h b/resource/csdk/stack/include/octypes.h old mode 100644 new mode 100755 index ecc63de..e57cd30 --- a/resource/csdk/stack/include/octypes.h +++ b/resource/csdk/stack/include/octypes.h @@ -221,6 +221,9 @@ extern "C" { /** TCP Port. */ #define OC_RSRVD_TCP_PORT "tcp" +/** TLS Port. */ +#define OC_RSRVD_TLS_PORT "tls" + /** For Server instance ID.*/ #define OC_RSRVD_SERVER_INSTANCE_ID "sid" diff --git a/resource/csdk/stack/src/ocpayloadconvert.c b/resource/csdk/stack/src/ocpayloadconvert.c old mode 100644 new mode 100755 index 69a928e..9961f72 --- a/resource/csdk/stack/src/ocpayloadconvert.c +++ b/resource/csdk/stack/src/ocpayloadconvert.c @@ -352,11 +352,27 @@ static int64_t OCConvertDiscoveryPayload(OCDiscoveryPayload *payload, uint8_t *o } #ifdef TCP_ADAPTER - err |= cbor_encode_text_string(&policyMap, OC_RSRVD_TCP_PORT, - sizeof(OC_RSRVD_TCP_PORT) - 1); - VERIFY_CBOR_SUCCESS(TAG, err, "Failed adding tcp port tag"); - err |= cbor_encode_uint(&policyMap, resource->tcpPort); - VERIFY_CBOR_SUCCESS(TAG, err, "Failed adding tcp port value"); +#ifdef __WITH_TLS__ + // tls + if (resource->secure) + { + err |= cbor_encode_text_string(&policyMap, OC_RSRVD_TLS_PORT, + sizeof(OC_RSRVD_TLS_PORT) - 1); + VERIFY_CBOR_SUCCESS(TAG, err, "Failed adding tcp secure port tag"); + err |= cbor_encode_uint(&policyMap, resource->tcpPort); + VERIFY_CBOR_SUCCESS(TAG, err, "Failed adding tcp secure port value"); + } + + // tcp + else +#endif + { + err |= cbor_encode_text_string(&policyMap, OC_RSRVD_TCP_PORT, + sizeof(OC_RSRVD_TCP_PORT) - 1); + VERIFY_CBOR_SUCCESS(TAG, err, "Failed adding tcp port tag"); + err |= cbor_encode_uint(&policyMap, resource->tcpPort); + VERIFY_CBOR_SUCCESS(TAG, err, "Failed adding tcp port value"); + } #endif err |= cbor_encoder_close_container(&linkMap, &policyMap); diff --git a/resource/csdk/stack/src/ocpayloadparse.c b/resource/csdk/stack/src/ocpayloadparse.c old mode 100644 new mode 100755 index 3366fc2..ebb7d55 --- a/resource/csdk/stack/src/ocpayloadparse.c +++ b/resource/csdk/stack/src/ocpayloadparse.c @@ -344,6 +344,19 @@ static OCStackResult OCParseDiscoveryPayload(OCPayload **outPayload, CborValue * VERIFY_CBOR_SUCCESS(TAG, err, "to find tcp port value"); resource->tcpPort = (uint16_t)tcpPort; } + +#ifdef __WITH_TLS__ + // TLS Port + err = cbor_value_map_find_value(&policyMap, OC_RSRVD_TLS_PORT, &curVal); + if (cbor_value_is_valid(&curVal)) + { + int tlsPort; + + err = cbor_value_get_int(&curVal, &tlsPort); + VERIFY_CBOR_SUCCESS(TAG, err, "to find tcp tls port value"); + resource->tcpPort = (uint16_t)tlsPort; + } +#endif #endif err = cbor_value_advance(&resourceMap); diff --git a/resource/csdk/stack/src/ocresource.c b/resource/csdk/stack/src/ocresource.c index 9e95fa3..3405556 100755 --- a/resource/csdk/stack/src/ocresource.c +++ b/resource/csdk/stack/src/ocresource.c @@ -112,7 +112,7 @@ static OCStackResult GetSecurePortInfo(OCDevAddr *endpoint, uint16_t *port) #ifdef TCP_ADAPTER /* This method will retrieve the tcp port */ -static OCStackResult GetTCPPortInfo(OCDevAddr *endpoint, uint16_t *port) +static OCStackResult GetTCPPortInfo(OCDevAddr *endpoint, uint16_t *port, bool secured) { uint16_t p = 0; @@ -120,11 +120,11 @@ static OCStackResult GetTCPPortInfo(OCDevAddr *endpoint, uint16_t *port) { if (endpoint->flags & OC_IP_USE_V4) { - p = caglobals.tcp.ipv4.port; + p = secured ? caglobals.tcp.ipv4s.port : caglobals.tcp.ipv4.port; } else if (endpoint->flags & OC_IP_USE_V6) { - p = caglobals.tcp.ipv6.port; + p = secured ? caglobals.tcp.ipv6s.port : caglobals.tcp.ipv6.port; } } @@ -458,10 +458,8 @@ OCStackResult BuildVirtualResourceResponse(const OCResource *resourcePtr, #ifdef TCP_ADAPTER uint16_t tcpPort = 0; - if (GetTCPPortInfo(devAddr, &tcpPort) != OC_STACK_OK) - { - tcpPort = 0; - } + GetTCPPortInfo(devAddr, &tcpPort, (resourcePtr->resourceProperties & OC_SECURE)); + OCDiscoveryPayloadAddResource(payload, resourcePtr, securePort, tcpPort); #else OCDiscoveryPayloadAddResource(payload, resourcePtr, securePort);