From 316e8321ade46123b13b557275406bdf2c4955b0 Mon Sep 17 00:00:00 2001 From: "js126.lee" Date: Mon, 12 Dec 2016 19:08:48 +0900 Subject: [PATCH] Adding API to configure SVR db as self-ownership This patch is 1) to configure SVR db as self-ownership for device (ex. onboarding tool) that is not required to Ownership Transfer by other device. 2) DeviceID of both doxm and pstat remains as same after reset. - Test Configure SVR as self-ownership 1. Build with scons SECURED=1 WITH_TCP=1 WITH_CLOUD=1 2. Run the cloudClient with dat file that is configured as Ready-For-OTM ex) ./cloudClient oic_svr_db_server_randompin.dat 3. Perfrom Configure SVRdb as Self-OwnerShip [Menu:11] -Patch 1: Upload patch -Patch 2: Fixed build error on arduino -Patch 3-5 : Rebase due to Jenkins problem -Patch 6 : Apply review comment -Patch 7,8 : Apply Greg's review commnets -Patch 9: Rebase due to merge conflict Change-Id: I12f178e5955d2d963ba46b88972042ee1c90dff8 Signed-off-by: js126.lee Reviewed-on: https://gerrit.iotivity.org/gerrit/15495 Reviewed-by: Jongmin Choi Tested-by: jenkins-iotivity Reviewed-by: Randeep Singh (cherry picked from commit 1494606f170d49087b06da294afc9af8eac7ba2a) Reviewed-on: https://gerrit.iotivity.org/gerrit/15825 --- resource/csdk/octbstack_product_secured.def | 1 + .../csdk/security/include/internal/doxmresource.h | 9 +++ .../csdk/security/include/internal/pstatresource.h | 9 +++ .../include/internal/ownershiptransfermanager.h | 7 ++ .../provisioning/include/ocprovisioningmanager.h | 7 ++ .../provisioning/sample/cloud/cloudCommon.c | 25 +++++++ .../provisioning/src/ocprovisioningmanager.c | 10 +++ .../provisioning/src/ownershiptransfermanager.c | 79 ++++++++++++++++++++++ resource/csdk/security/src/doxmresource.c | 35 ++++++++++ resource/csdk/security/src/psinterface.c | 34 +--------- resource/csdk/security/src/pstatresource.c | 41 +++++++++++ 11 files changed, 224 insertions(+), 33 deletions(-) diff --git a/resource/csdk/octbstack_product_secured.def b/resource/csdk/octbstack_product_secured.def index 3a4b672..b047ec4 100644 --- a/resource/csdk/octbstack_product_secured.def +++ b/resource/csdk/octbstack_product_secured.def @@ -12,6 +12,7 @@ CreateSecureSessionRandomPinCallback InputPinCodeCallback LoadSecretJustWorksCallback +OCConfigSelfOwnership OCDeleteACLList OCDeleteDiscoveredDevices OCDeletePdAclList diff --git a/resource/csdk/security/include/internal/doxmresource.h b/resource/csdk/security/include/internal/doxmresource.h index fa37070..757bfd8 100644 --- a/resource/csdk/security/include/internal/doxmresource.h +++ b/resource/csdk/security/include/internal/doxmresource.h @@ -154,6 +154,15 @@ void MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object, const CAErrorInfo_t *errorInfo); #endif //__WITH_DTLS__ && MULTIPLE_OWNER +/** + * Internal function to change doxm resource to Ready for Normal Operation. + * + * @param newROwner new owner + * + * @retval ::OC_STACK_OK for Success, otherwise some error value + */ +OCStackResult SetDoxmSelfOwnership(const OicUuid_t* newROwner); + #ifdef __cplusplus } #endif diff --git a/resource/csdk/security/include/internal/pstatresource.h b/resource/csdk/security/include/internal/pstatresource.h index c603f34..5f0959c 100644 --- a/resource/csdk/security/include/internal/pstatresource.h +++ b/resource/csdk/security/include/internal/pstatresource.h @@ -100,6 +100,15 @@ OCStackResult GetPstatRownerId(OicUuid_t *rowneruuid); */ bool GetPstatIsop(); +/** + * Internal function to change pastat resource to Ready for Normal Operation. + * + * @param newROwner new owner + * + * @retval ::OC_STACK_OK for Success, otherwise some error value + */ +OCStackResult SetPstatSelfOwnership(const OicUuid_t* newROwner); + #ifdef __cplusplus } #endif diff --git a/resource/csdk/security/provisioning/include/internal/ownershiptransfermanager.h b/resource/csdk/security/provisioning/include/internal/ownershiptransfermanager.h index 1ef3fa4..2ed1f91 100644 --- a/resource/csdk/security/provisioning/include/internal/ownershiptransfermanager.h +++ b/resource/csdk/security/provisioning/include/internal/ownershiptransfermanager.h @@ -135,6 +135,13 @@ OCStackResult OTMSetOTCallback(OicSecOxm_t oxm, OTMCallbackData_t* callbacks); OCStackResult OTMSelectOwnershipTransferMethod(const OicSecOxm_t *supportedMethods, size_t numberOfMethods, OicSecOxm_t *selectedMethod, OwnerType_t ownerType); +/** + * This function configures SVR DB as self-ownership. + * + *@return OC_STACK_OK in case of successful configue and other value otherwise. + */ +OCStackResult ConfigSelfOwnership(void); + #ifdef __cplusplus } #endif diff --git a/resource/csdk/security/provisioning/include/ocprovisioningmanager.h b/resource/csdk/security/provisioning/include/ocprovisioningmanager.h index 75ac24c..da4c0f2 100644 --- a/resource/csdk/security/provisioning/include/ocprovisioningmanager.h +++ b/resource/csdk/security/provisioning/include/ocprovisioningmanager.h @@ -387,6 +387,13 @@ OCStackResult OCResetDevice(void* ctx, unsigned short waitTimeForOwnedDeviceDisc OCStackResult OCResetSVRDB(void); /** + * This function configures SVR DB as self-ownership. + * + *@return OC_STACK_OK in case of successful configue and other value otherwise. + */ +OCStackResult OCConfigSelfOwnership(void); + +/** * API to get status of all the devices in current subnet. The status include endpoint information * and doxm information which can be extracted duing owned and unowned discovery. Along with this * information. The API will provide information about devices' status diff --git a/resource/csdk/security/provisioning/sample/cloud/cloudCommon.c b/resource/csdk/security/provisioning/sample/cloud/cloudCommon.c index f946656..e7050ce 100644 --- a/resource/csdk/security/provisioning/sample/cloud/cloudCommon.c +++ b/resource/csdk/security/provisioning/sample/cloud/cloudCommon.c @@ -80,6 +80,7 @@ typedef enum { USE_RSA = 8, SAVE_TRUST_CERT = 9, USE_SECURE_CONN = 10, + CONFIG_SELF_OWNERSHIP = 11, DISCOVERY = 13, GET = 14, @@ -144,6 +145,7 @@ static void printMenu(OCMode mode) printf("** %d - Change TLS cipher suite (ECDSA/RSA)\n", USE_RSA); printf("** %d - Save Trust Cert. Chain into Cred of SVR\n", SAVE_TRUST_CERT); printf("** %d - Change Protocol type (CoAP/CoAPs)\n", USE_SECURE_CONN); + printf("** %d - Configure SVRdb as Self-OwnerShip\n", CONFIG_SELF_OWNERSHIP); if (OC_CLIENT == mode) { @@ -359,6 +361,25 @@ static OCStackResult saveTrustCert(void) return res; } +static OCStackResult configSelfOwnership(void) +{ + OCStackResult res = OC_STACK_ERROR; + OIC_LOG(INFO, TAG, "Configures SVR DB as self-ownership."); + + res = OCConfigSelfOwnership(); + + if (OC_STACK_OK != res) + { + OIC_LOG(ERROR, TAG, "OCConfigSelfOwnership API error. Please check SVR DB"); + } + else + { + OIC_LOG(INFO, TAG, "Success to configures SVR DB as self-ownership"); + } + + return res; +} + static void wrongRequest() { printf(">> Entered Wrong Menu Number. Please Enter Again\n\n"); @@ -542,6 +563,10 @@ static void userRequests(void *data) sendDataToServer = false; } break; + case CONFIG_SELF_OWNERSHIP: + configSelfOwnership(); + sendDataToServer = false; + break; case EXIT: oc_mutex_free(mutex); oc_cond_free(cond); diff --git a/resource/csdk/security/provisioning/src/ocprovisioningmanager.c b/resource/csdk/security/provisioning/src/ocprovisioningmanager.c index 0894de4..913e4c5 100644 --- a/resource/csdk/security/provisioning/src/ocprovisioningmanager.c +++ b/resource/csdk/security/provisioning/src/ocprovisioningmanager.c @@ -854,6 +854,16 @@ OCStackResult OCResetSVRDB(void) } /** + * This function configures SVR DB as self-ownership. + * + *@return OC_STACK_OK in case of successful configue and other value otherwise. + */ +OCStackResult OCConfigSelfOwnership(void) +{ + return ConfigSelfOwnership(); +} + +/** * Internal Function to update result in link result array. */ static void UpdateLinkResults(Linkdata_t *link, int device, OCStackResult stackresult) diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c index bf31ed5..69c8ccc 100644 --- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c +++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c @@ -73,6 +73,7 @@ #include "payload_logging.h" #include "pkix_interface.h" #include "oxmverifycommon.h" +#include "psinterface.h" #define TAG "OIC_OTM" @@ -2198,3 +2199,81 @@ OCStackResult PostNormalOperationStatus(OTMContext_t* otmCtx) return ret; } + +OCStackResult ConfigSelfOwnership(void) +{ + OIC_LOG(INFO, TAG, "IN ConfigSelfOwnership"); + + bool isDeviceOwned = true; + if (OC_STACK_OK != GetDoxmIsOwned(&isDeviceOwned)) + { + OIC_LOG (ERROR, TAG, "Unable to retrieve doxm owned state"); + return OC_STACK_ERROR; + } + if( (true == isDeviceOwned) ||(true == GetPstatIsop()) ) + { + OIC_LOG(ERROR, TAG, "The state of device is not Ready for Ownership transfer."); + return OC_STACK_ERROR; + } + OicUuid_t deviceID = {.id={0}}; + if ( OC_STACK_OK != GetDoxmDeviceID(&deviceID) ) + { + OIC_LOG (ERROR, TAG, "Unable to retrieve doxm Device ID"); + return OC_STACK_ERROR; + } + + OCStackResult ret = OC_STACK_OK; + //Update the pstat resource as Normal Operation. + ret = SetPstatSelfOwnership(&deviceID); + if(OC_STACK_OK != ret) + { + OIC_LOG (ERROR, TAG, "Unable to update pstat resource as Normal Operation"); + goto exit; + } + //Update the doxm resource as Normal Operation. + ret = SetDoxmSelfOwnership(&deviceID); + if(OC_STACK_OK != ret) + { + OIC_LOG (ERROR, TAG, "Unable to update doxm resource as Normal Operation"); + goto exit; + } + //Update default ACE of security resource to prevent anonymous user access. + ret = UpdateDefaultSecProvACE(); + if(OC_STACK_OK != ret) + { + OIC_LOG (ERROR, TAG, "Unable to update default ace in ConfigSelfOwnership"); + goto exit; + } + //Update the acl resource owner as owner device. + ret = SetAclRownerId(&deviceID); + if(OC_STACK_OK != ret) + { + OIC_LOG (ERROR, TAG, "Unable to update acl resource in ConfigSelfOwnership"); + goto exit; + } + //Update the cred resource owner as owner device. + ret = SetCredRownerId(&deviceID); + if(OC_STACK_OK != ret) + { + // Cred resouce may be empty in Ready for Ownership transfer state. + if (OC_STACK_NO_RESOURCE == ret) + { + OIC_LOG (INFO, TAG, "Cred resource is empty"); + ret = OC_STACK_OK; + goto exit; + } + OIC_LOG (ERROR, TAG, "Unable to update cred resource in ConfigSelfOwnership"); + } + +exit: + if(OC_STACK_OK != ret) + { + /* + * If some error is occured while configure self-ownership, + * ownership related resource should be revert back to initial status. + */ + ResetSecureResourceInPS(); + } + + return ret; +} diff --git a/resource/csdk/security/src/doxmresource.c b/resource/csdk/security/src/doxmresource.c index 317a079..54e3c6b 100644 --- a/resource/csdk/security/src/doxmresource.c +++ b/resource/csdk/security/src/doxmresource.c @@ -1883,3 +1883,38 @@ void RestoreDoxmToInitState() } } } + +OCStackResult SetDoxmSelfOwnership(const OicUuid_t* newROwner) +{ + OCStackResult ret = OC_STACK_ERROR; + uint8_t *cborPayload = NULL; + size_t size = 0; + + if(NULL == gDoxm) + { + ret = OC_STACK_NO_RESOURCE; + return ret; + } + + if( newROwner && (false == gDoxm->owned) ) + { + gDoxm->owned = true; + memcpy(gDoxm->owner.id, newROwner->id, sizeof(newROwner->id)); + memcpy(gDoxm->rownerID.id, newROwner->id, sizeof(newROwner->id)); + + ret = DoxmToCBORPayload(gDoxm, &cborPayload, &size, false); + VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR); + + ret = UpdateSecureResourceInPS(OIC_JSON_DOXM_NAME, cborPayload, size); + VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR); + + OICFree(cborPayload); + } + + return ret; + +exit: + OICFree(cborPayload); + return ret; +} + diff --git a/resource/csdk/security/src/psinterface.c b/resource/csdk/security/src/psinterface.c index 9eed75c..033e64a 100644 --- a/resource/csdk/security/src/psinterface.c +++ b/resource/csdk/security/src/psinterface.c @@ -588,7 +588,7 @@ exit: * Creates Reset Profile from the initial secure virtual resources. * This function copies the secure resources * and creates the Reset Profile in the Persistent Storage. - * Device ID in doxm and pstat are left empty as it will be renewed after reset. + * Device ID in doxm and pstat remains as same after reset. * * @return OCStackResult - result of updating Secure Virtual Resource(s) */ @@ -640,38 +640,6 @@ OCStackResult CreateResetProfile(void) } } - // Set the Device ID in doxm and pstat to empty - if (pstatCbor) - { - OicSecPstat_t *pstat = NULL; - ret = CBORPayloadToPstat(pstatCbor, pstatCborLen, &pstat); - OICFree(pstatCbor); - pstatCbor = NULL; - pstatCborLen = 0; - - OicUuid_t emptyUuid = {.id = {0} }; - memcpy(&pstat->deviceID, &emptyUuid, sizeof(OicUuid_t)); - memcpy(&pstat->rownerID, &emptyUuid, sizeof(OicUuid_t)); - - ret = PstatToCBORPayload(pstat, &pstatCbor, &pstatCborLen, false); - DeletePstatBinData(pstat); - } - if (doxmCbor) - { - OicSecDoxm_t *doxm = NULL; - ret = CBORPayloadToDoxm(doxmCbor, doxmCborLen, &doxm); - OICFree(doxmCbor); - doxmCbor = NULL; - doxmCborLen = 0; - - OicUuid_t emptyUuid = {.id = {0} }; - memcpy(&doxm->deviceID, &emptyUuid, sizeof(OicUuid_t)); - memcpy(&doxm->rownerID, &emptyUuid, sizeof(OicUuid_t)); - - ret = DoxmToCBORPayload(doxm, &doxmCbor, &doxmCborLen, false); - DeleteDoxmBinData(doxm); - } - { size_t size = aclCborLen + pstatCborLen + doxmCborLen + 255; resetPfCbor = (uint8_t *) OICCalloc(1, size); diff --git a/resource/csdk/security/src/pstatresource.c b/resource/csdk/security/src/pstatresource.c index 3a9e291..db79631 100644 --- a/resource/csdk/security/src/pstatresource.c +++ b/resource/csdk/security/src/pstatresource.c @@ -878,3 +878,44 @@ OCStackResult GetPstatRownerId(OicUuid_t *rowneruuid) } return retVal; } + +OCStackResult SetPstatSelfOwnership(const OicUuid_t* newROwner) +{ + OCStackResult ret = OC_STACK_ERROR; + uint8_t *cborPayload = NULL; + size_t size = 0; + + if(NULL == gPstat) + { + ret = OC_STACK_NO_RESOURCE; + return ret; + } + + if( newROwner && (false == gPstat->isOp) && (true == (TAKE_OWNER && gPstat->cm)) ) + { + gPstat->cm = (OicSecDpm_t)(gPstat->cm & (~TAKE_OWNER)); + gPstat->isOp = true; + + memcpy(gPstat->deviceID.id, newROwner->id, sizeof(newROwner->id)); + memcpy(gPstat->rownerID.id, newROwner->id, sizeof(newROwner->id)); + + ret = PstatToCBORPayload(gPstat, &cborPayload, &size, false); + VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR); + + ret = UpdateSecureResourceInPS(OIC_JSON_PSTAT_NAME, cborPayload, size); + VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR); + + OICFree(cborPayload); + } + else + { + OIC_LOG(ERROR, TAG, "The state of PSTAT is not Ready For OTM"); + } + + return ret; + +exit: + OICFree(cborPayload); + return ret; +} + -- 2.7.4