From 14af5d46721af82b5abf153b4e565c1c998e9465 Mon Sep 17 00:00:00 2001 From: Dmitriy Zhuravlev Date: Thu, 24 Mar 2016 11:15:53 +0000 Subject: [PATCH] Revert "Fix PKIX provision" This reverts commit 2e7005a00fac880b8d727cc896890f01bef26879. Change-Id: I3e94a2c70a9c8de5e700ad9c1314b1e42ae17408 Signed-off-by: Dmitriy Zhuravlev Reviewed-on: https://gerrit.iotivity.org/gerrit/6285 --- resource/csdk/connectivity/inc/pkix/pki_errors.h | 1 + .../include/internal/secureresourceprovider.h | 15 +- .../provisioning/src/credentialgenerator.c | 10 +- .../provisioning/src/secureresourceprovider.c | 10 +- resource/csdk/security/src/credresource.c | 14 +- resource/csdk/security/src/crlresource.c | 161 +++++++++++---------- 6 files changed, 102 insertions(+), 109 deletions(-) diff --git a/resource/csdk/connectivity/inc/pkix/pki_errors.h b/resource/csdk/connectivity/inc/pkix/pki_errors.h index eba488c..0d7477f 100644 --- a/resource/csdk/connectivity/inc/pkix/pki_errors.h +++ b/resource/csdk/connectivity/inc/pkix/pki_errors.h @@ -29,6 +29,7 @@ extern "C" { #endif //__cplusplus #ifdef X509_DEBUG +#warning "DEBUG is enabled" #include // #endif diff --git a/resource/csdk/security/provisioning/include/internal/secureresourceprovider.h b/resource/csdk/security/provisioning/include/internal/secureresourceprovider.h index cc1f689..df55c0b 100644 --- a/resource/csdk/security/provisioning/include/internal/secureresourceprovider.h +++ b/resource/csdk/security/provisioning/include/internal/secureresourceprovider.h @@ -41,20 +41,7 @@ extern "C" */ OCStackResult SRPProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, OicSecAcl_t *acl, OCProvisionResultCB resultCallback); - -#ifdef __WITH_X509__ -/** - * API to send CRL information to resource. - * - * @param[in] selectedDeviceInfo Selected target device. - * @param[in] crl CRL to provision. - * @param[in] resultCallback callback provided by API user, callback will be called when - * provisioning request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult SRPProvisionCRL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, - OicSecCrl_t *crl, OCProvisionResultCB resultCallback); -#endif // __WITH_X509__ + /** * API to send Direct-Pairing Configuration to a device. * diff --git a/resource/csdk/security/provisioning/src/credentialgenerator.c b/resource/csdk/security/provisioning/src/credentialgenerator.c index 7093369..456fc7c 100644 --- a/resource/csdk/security/provisioning/src/credentialgenerator.c +++ b/resource/csdk/security/provisioning/src/credentialgenerator.c @@ -177,18 +177,18 @@ static OCStackResult GenerateCertificateAndKeys(const OicUuid_t * subject, OicSe numCert ++; uint32_t len = 0; - for (size_t i = 0; i < numCert; i++) + for (size_t i = 0; i < numCert; ++i) { - certificateChain->data = (uint8_t *) OICRealloc(certificateChain->data, - len + cert[i].len + CERT_LEN_PREFIX); + certificateChain->data = (uint8_t *) OICRealloc(certificateChain->data, len + cert[i].len + CERT_LEN_PREFIX); if (NULL == certificateChain->data) { OIC_LOG(ERROR, TAG, "Error while memory allocation"); return OC_STACK_ERROR; } - uint32_t appendedLen = appendCert2Chain(certificateChain->data + len, - cert[i].data, cert[i].len); + uint32_t appendedLen = appendCert2Chain(certificateChain->data + len, cert[i].data, + cert[i].len); + //TODO function check len if (0 == appendedLen) { OIC_LOG(ERROR, TAG, "Error while certifiacate chain creation."); diff --git a/resource/csdk/security/provisioning/src/secureresourceprovider.c b/resource/csdk/security/provisioning/src/secureresourceprovider.c index 7fa4851..892ee3f 100644 --- a/resource/csdk/security/provisioning/src/secureresourceprovider.c +++ b/resource/csdk/security/provisioning/src/secureresourceprovider.c @@ -629,19 +629,17 @@ OCStackResult SRPProvisionCredentials(void *ctx, OicSecCredType_t type, size_t k const OCProvisionDev_t *pDev2, OCProvisionResultCB resultCallback) { - VERIFY_NON_NULL(TAG, pDev1, ERROR, OC_STACK_INVALID_PARAM); - if (SYMMETRIC_PAIR_WISE_KEY == type) + if (!pDev1 || !pDev2 || !pDev1->doxm || !pDev2->doxm) { - VERIFY_NON_NULL(TAG, pDev2, ERROR, OC_STACK_INVALID_PARAM); + OIC_LOG(INFO, TAG, "SRPUnlinkDevices : NULL parameters"); + return OC_STACK_INVALID_PARAM; } - VERIFY_NON_NULL(TAG, resultCallback, ERROR, OC_STACK_INVALID_CALLBACK); if (!resultCallback) { OIC_LOG(INFO, TAG, "SRPUnlinkDevices : NULL Callback"); return OC_STACK_INVALID_CALLBACK; } - if (SYMMETRIC_PAIR_WISE_KEY == type && - 0 == memcmp(&pDev1->doxm->deviceID, &pDev2->doxm->deviceID, sizeof(OicUuid_t))) + if (0 == memcmp(&pDev1->doxm->deviceID, &pDev2->doxm->deviceID, sizeof(OicUuid_t))) { OIC_LOG(INFO, TAG, "SRPUnlinkDevices : Same device ID"); return OC_STACK_INVALID_PARAM; diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c index a13aa06..d4108a9 100644 --- a/resource/csdk/security/src/credresource.c +++ b/resource/csdk/security/src/credresource.c @@ -133,7 +133,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload { return OC_STACK_INVALID_PARAM; } - OIC_LOG(DEBUG, TAG, "CredToCBORPayload IN"); + OCStackResult ret = OC_STACK_ERROR; CborError cborEncoderResult = CborNoError; @@ -178,7 +178,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload mapSize++; } #ifdef __WITH_X509__ - if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data) + if (cred->publicData.data) { mapSize++; } @@ -216,7 +216,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload #ifdef __WITH_X509__ //PublicData -- Not Mandatory - if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data) + if (cred->publicData.data) { CborEncoder publicMap = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 }; const size_t publicMapSize = 2; @@ -360,9 +360,6 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, { return OC_STACK_INVALID_PARAM; } - OIC_LOG(DEBUG, TAG, "CBORPayloadToCred IN"); - - *secCred = NULL; OCStackResult ret = OC_STACK_ERROR; CborValue credCbor = { .parser = NULL }; @@ -594,8 +591,6 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, *secCred = headCred; ret = OC_STACK_OK; - OIC_LOG(DEBUG, TAG, "CBORPayloadToCred OUT"); - exit: if (CborNoError != cborFindResult) { @@ -1408,10 +1403,9 @@ int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo) { goto exit; } - credInfo->chainLen = 2; memcpy(credInfo->certificateChain, cred->publicData.data, cred->publicData.len); memcpy(credInfo->devicePrivateKey, cred->privateData.data, cred->privateData.len); - credInfo->certificateChainLen = cred->publicData.len; + credInfo->certificateChainLen = parseCertPrefix(cred->publicData.data); GetCAPublicKeyData(credInfo); ret = 0; exit: diff --git a/resource/csdk/security/src/crlresource.c b/resource/csdk/security/src/crlresource.c index bf9041d..7b62c57 100644 --- a/resource/csdk/security/src/crlresource.c +++ b/resource/csdk/security/src/crlresource.c @@ -26,7 +26,6 @@ #include "srmutility.h" #include "doxmresource.h" #include "ocpayload.h" -#include "oic_malloc.h" #ifdef __WITH_X509__ #include "crlresource.h" #include "crl.h" @@ -42,7 +41,7 @@ #define OIC_CBOR_CRL_ID "CRLId" #define OIC_CBOR_CRL_THIS_UPDATE "ThisUpdate" #define OIC_CBOR_CRL_DATA "CRLData" -#define CRL_DEFAULT_CRL_ID (1) +#define CRL_DEFAULT_CRL_ID 1 #define CRL_DEFAULT_THIS_UPDATE "150101000000Z" #define CRL_DEFAULT_CRL_DATA "-" @@ -168,13 +167,18 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size, OCStackResult ret = OC_STACK_ERROR; *secCrl = NULL; - CborValue crlCbor = {.parser = NULL}; - CborParser parser = {.end = NULL}; + CborValue crlCbor = { .parser = NULL }; + CborParser parser = { .end = NULL }; CborError cborFindResult = CborNoError; - int cborLen = (size == 0) ? CBOR_SIZE : size; + int cborLen = size; + if (0 == size) + { + cborLen = CBOR_SIZE; + } cbor_parser_init(cborPayload, cborLen, 0, &parser, &crlCbor); - CborValue crlMap = { .parser = NULL}; + CborValue crlMap = { .parser = NULL } ; OicSecCrl_t *crl = NULL; + char *name = NULL; size_t outLen = 0; cborFindResult = cbor_value_enter_container(&crlCbor, &crlMap); VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR); @@ -182,26 +186,74 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size, crl = (OicSecCrl_t *)OICCalloc(1, sizeof(OicSecCrl_t)); VERIFY_NON_NULL(TAG, crl, ERROR); - cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_ID, &crlMap); - if (CborNoError == cborFindResult && cbor_value_is_integer(&crlMap)) + while (cbor_value_is_valid(&crlMap)) { - cborFindResult = cbor_value_get_int(&crlMap, (int *) &crl->CrlId); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CrlId."); + size_t len = 0; + cborFindResult = cbor_value_dup_text_string(&crlMap, &name, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR); + cborFindResult = cbor_value_advance(&crlMap); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR); + + CborType type = cbor_value_get_type(&crlMap); + + if (0 == strcmp(OIC_CBOR_CRL_ID, name)) + { + cborFindResult = cbor_value_get_int(&crlMap, (int *) &crl->CrlId); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR); + } + if (0 == strcmp(OIC_CBOR_CRL_THIS_UPDATE, name)) + { + uint8_t *crlByte = NULL; + cborFindResult = cbor_value_dup_byte_string(&crlMap, &crlByte, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR); + crl->ThisUpdate.data = (uint8_t*) OICMalloc(len); + VERIFY_NON_NULL(TAG, crl->ThisUpdate.data, ERROR); + memcpy(crl->ThisUpdate.data, crlByte, len); + crl->ThisUpdate.len = len; + OICFree(crlByte); + } + if (0 == strcmp(OIC_CBOR_CRL_DATA, name)) + { + uint8_t *crlByte = NULL; + cborFindResult = cbor_value_dup_byte_string(&crlMap, &crlByte, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR); + crl->CrlData.data = (uint8_t*) OICMalloc(len); + VERIFY_NON_NULL(TAG, crl->CrlData.data, ERROR); + memcpy(crl->CrlData.data, crlByte, len); + crl->CrlData.len = len; + OICFree(crlByte); + } + if (CborMapType != type && cbor_value_is_valid(&crlMap)) + { + cborFindResult = cbor_value_advance(&crlMap); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR); + } + OICFree(name); + name = NULL; + } + // PUT/POST CBOR may not have mandatory values set default values. + if (!crl->CrlId) + { + VERIFY_NON_NULL(TAG, gCrl, ERROR); + crl->CrlId = gCrl->CrlId; } - - cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_THIS_UPDATE, &crlMap); - if (CborNoError == cborFindResult && cbor_value_is_byte_string(&crlMap)) + if (!crl->ThisUpdate.data) { - cborFindResult = cbor_value_dup_byte_string(&crlMap, - &crl->ThisUpdate.data, &crl->ThisUpdate.len, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Byte Array."); + VERIFY_NON_NULL(TAG, gCrl, ERROR); + outLen = gCrl->ThisUpdate.len; + crl->ThisUpdate.data = (uint8_t*) OICMalloc(outLen); + VERIFY_NON_NULL(TAG, crl->ThisUpdate.data, ERROR); + memcpy(crl->ThisUpdate.data, gCrl->ThisUpdate.data, outLen); + crl->ThisUpdate.len = outLen; } - cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_DATA, &crlMap); - if (CborNoError == cborFindResult && cbor_value_is_byte_string(&crlMap)) + if (!crl->CrlData.data) { - cborFindResult = cbor_value_dup_byte_string(&crlMap, - &crl->CrlData.data, &crl->CrlData.len, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Byte Array."); + VERIFY_NON_NULL(TAG, gCrl, ERROR); + outLen = gCrl->CrlData.len; + crl->CrlData.data = (uint8_t*) OICMalloc(outLen); + VERIFY_NON_NULL(TAG, crl->CrlData.data, ERROR); + memcpy(crl->CrlData.data, gCrl->CrlData.data, outLen); + crl->CrlData.len = outLen; } *secCrl = crl; @@ -209,54 +261,15 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size, exit: if (CborNoError != cborFindResult) { - // PUT/POST CBOR may not have mandatory values set default values. - if (gCrl) - { - OIC_LOG (DEBUG, TAG, "Set default values"); - crl->CrlId = gCrl->CrlId; - if (crl->ThisUpdate.data) - { - OICFree(crl->ThisUpdate.data); - } - outLen = gCrl->ThisUpdate.len; - crl->ThisUpdate.data = (uint8_t*) OICMalloc(outLen); - if (crl->ThisUpdate.data) - { - memcpy(crl->ThisUpdate.data, gCrl->ThisUpdate.data, outLen); - crl->ThisUpdate.len = outLen; - } - else - { - crl->ThisUpdate.len = 0; - OIC_LOG(ERROR, TAG, "Set default failed"); - } - if (crl->CrlData.data) - { - OICFree(crl->CrlData.data); - } - outLen = gCrl->CrlData.len; - crl->CrlData.data = (uint8_t*) OICMalloc(outLen); - if (crl->CrlData.data && gCrl->CrlData.data) - { - memcpy(crl->CrlData.data, gCrl->CrlData.data, outLen); - crl->CrlData.len = outLen; - } - else - { - crl->CrlData.len = 0; - OIC_LOG (ERROR, TAG, "Set default failed"); - } - - *secCrl = crl; - ret = OC_STACK_OK; - } - else - { - OIC_LOG (ERROR, TAG, "CBORPayloadToCrl failed"); - DeleteCrlBinData(crl); - crl = NULL; - ret = OC_STACK_ERROR; - } + OIC_LOG (ERROR, TAG, "CBORPayloadToCrl failed"); + DeleteCrlBinData(crl); + crl = NULL; + *secCrl = NULL; + ret = OC_STACK_ERROR; + } + if (name) + { + OICFree(name); } return ret; } @@ -280,12 +293,11 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest * OCEntityHandlerResult ehRet = OC_EH_ERROR; OicSecCrl_t *crl = NULL; uint8_t *payload = ((OCSecurityPayload *)ehRequest->payload)->securityData1; - size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize; if (payload) { OIC_LOG(INFO, TAG, "UpdateSVRDB..."); - CBORPayloadToCrl(payload, size, &crl); + CBORPayloadToCrl(payload, CBOR_SIZE, &crl); VERIFY_NON_NULL(TAG, crl, ERROR); gCrl->CrlId = crl->CrlId; @@ -303,9 +315,10 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest * memcpy(gCrl->CrlData.data, crl->CrlData.data, crl->CrlData.len); gCrl->CrlData.len = crl->CrlData.len; + size_t size = 0; if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_CBOR_CRL_NAME, payload, size)) { - ehRet = OC_EH_RESOURCE_CREATED; + ehRet = OC_EH_OK; } DeleteCrlBinData(crl); @@ -314,7 +327,7 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest * exit: // Send payload to request originator - SendSRMCBORResponse(ehRequest, ehRet, NULL, 0); + SendSRMResponse(ehRequest, ehRet, NULL); OIC_LOG_V(INFO, TAG, "%s RetVal %d", __func__, ehRet); return ehRet; @@ -356,7 +369,7 @@ static OCEntityHandlerResult CRLEntityHandler(OCEntityHandlerFlag flag, default: ehRet = OC_EH_ERROR; - SendSRMCBORResponse(ehRequest, ehRet, NULL, 0); + SendSRMResponse(ehRequest, ehRet, NULL); } } -- 2.7.4