From c1385693f75263854c1938551fe37cbc0d313512 Mon Sep 17 00:00:00 2001 From: Habib Virji Date: Mon, 22 Feb 2016 16:04:11 +0000 Subject: [PATCH] CRED payload conversion from JSON to CBOR Converts CRED payload from JSON to CBOR directly using tinycbor library. - CRED unit test has been updated to handle the changes. - Unit test related functions are defined in security_internals. - Parameter which were passed as char * has been converted to uint8_t as they were later converted to base64. - All the usage and base64 has been removed. Change-Id: I159d46f8500c1880b49a3acbcfc59cfa0c6da4f0 Signed-off-by: Habib Virji Reviewed-on: https://gerrit.iotivity.org/gerrit/5117 Reviewed-by: Randeep Singh Tested-by: jenkins-iotivity Reviewed-on: https://gerrit.iotivity.org/gerrit/5793 --- .../csdk/connectivity/api/casecurityinterface.h | 6 +- .../csdk/security/include/internal/credresource.h | 103 ++- .../security/include/internal/security_internals.h | 27 + .../security/include/securevirtualresourcetypes.h | 3 +- .../provisioning/src/credentialgenerator.c | 246 +++--- .../provisioning/src/ownershiptransfermanager.c | 12 +- .../provisioning/src/secureresourceprovider.c | 25 +- resource/csdk/security/src/credresource.c | 900 ++++++++++----------- resource/csdk/security/src/psinterface.c | 2 +- .../csdk/security/unittest/credentialresource.cpp | 234 +++--- 10 files changed, 787 insertions(+), 771 deletions(-) diff --git a/resource/csdk/connectivity/api/casecurityinterface.h b/resource/csdk/connectivity/api/casecurityinterface.h index cff8681..3d12870 100644 --- a/resource/csdk/connectivity/api/casecurityinterface.h +++ b/resource/csdk/connectivity/api/casecurityinterface.h @@ -66,9 +66,9 @@ typedef enum * @return The number of bytes written to @p result or a value * less than zero on error. */ -typedef int (*CAGetDTLSPskCredentialsHandler)( CADtlsPskCredType_t type, - const unsigned char *desc, size_t desc_len, - unsigned char *result, size_t result_length); +typedef int (*CAGetDTLSPskCredentialsHandler)(CADtlsPskCredType_t type, + const uint8_t *desc, size_t desc_len, + uint8_t *result, size_t result_length); /** * Register callback to receive the result of DTLS handshake. diff --git a/resource/csdk/security/include/internal/credresource.h b/resource/csdk/security/include/internal/credresource.h index 74ea373..ae36c57 100644 --- a/resource/csdk/security/include/internal/credresource.h +++ b/resource/csdk/security/include/internal/credresource.h @@ -32,45 +32,42 @@ extern "C" { /** * Initialize credential resource by loading data from persistent storage. * - * @retval - * OC_STACK_OK - no errors - * OC_STACK_ERROR - stack process error + * @return ::OC_STACK_OK, if initialization is successful, else ::OC_STACK_ERROR if + * initialization fails. */ OCStackResult InitCredResource(); /** * Perform cleanup for credential resources. * - * @retval - * OC_STACK_OK - no errors - * OC_STACK_ERROR - stack process error - * OC_STACK_NO_RESOURCE - resource not found - * OC_STACK_INVALID_PARAM - invalid param + * @return ::OC_STACK_OK, if no errors. ::OC_STACK_ERROR, if stack process error. + * ::OC_STACK_NO_RESOURCE, if resource not found. + * ::OC_STACK_INVALID_PARAM, if invalid param. */ OCStackResult DeInitCredResource(); /** - * This method is used by tinydtls/SRM to retrieve credential for given Subject. + * This method is used by tinydtls/SRM to retrieve credential for given subject. * - * @param subject - subject for which credential is required. + * @param subjectId for which credential is required. * - * @retval - * reference to OicSecCred_t - if credential is found - * NULL - if credential not found + * @return reference to @ref OicSecCred_t, if credential is found, else NULL, if credential + * not found. */ const OicSecCred_t* GetCredResourceData(const OicUuid_t* subjectId); /** - * This function converts credential data into JSON format. - * Caller needs to invoke 'free' when done using - * returned string. - * @param cred pointer to instance of OicSecCred_t structure. + * This function converts credential data into CBOR format. + * Caller needs to invoke 'free' when done using returned string. * - * @retval - * pointer to JSON credential representation - if credential for subjectId found - * NULL - if credential for subjectId not found + * @param cred is the pointer to instance of OicSecCred_t structure. + * @param cborPayload is the CBOR converted value. + * @param cborSize is the size of the CBOR. + * + * @return ::OC_STACK_OK if conversion is successful, else ::OC_STACK_ERROR if unsuccessful. */ -char* BinToCredJSON(const OicSecCred_t* cred); +OCStackResult CredToCBORPayload(const OicSecCred_t* cred, uint8_t **cborPayload, + size_t *cborSize); /** * This function generates the bin credential data. @@ -82,33 +79,31 @@ char* BinToCredJSON(const OicSecCred_t* cred); * @param ownersLen length of owners array * @param owners array of owners. * - * @retval - * pointer to instance of OicSecCred_t - success - * NULL - error + * @return pointer to instance of @ref OicSecCred_t if successful. else NULL in case of error. + */ OicSecCred_t * GenerateCredential(const OicUuid_t* subject, OicSecCredType_t credType, - const char * publicData, const char * privateData, size_t ownersLen, - const OicUuid_t * owners); + const uint8_t * publicData, const uint8_t * privateData, + size_t ownersLen, const OicUuid_t * owners); /** * This function adds the new cred to the credential list. * - * @param cred pointer to new credential. + * @param cred is the pointer to new credential. * - * @retval - * OC_STACK_OK - cred not NULL and persistent storage gets updated - * OC_STACK_ERROR - cred is NULL or fails to update persistent storage + * @return ::OC_STACK_OK, cred not NULL and persistent storage gets updated. + * ::OC_STACK_ERROR, cred is NULL or fails to update persistent storage. */ OCStackResult AddCredential(OicSecCred_t * cred); /** * Function to remove the credential from SVR DB. * - * @param credId Credential ID to be deleted. + * @param credId is the Credential ID to be deleted. * - * @return OC_STACK_OK for success and errorcode otherwise. + * @return ::OC_STACK_OK for success, or errorcode otherwise. */ -OCStackResult RemoveCredential(const OicUuid_t* credId); +OCStackResult RemoveCredential(const OicUuid_t *credId); /** * Remove all credential data on credential resource and persistent storage @@ -124,11 +119,11 @@ OCStackResult RemoveAllCredentials(void); * This internal callback is used by lower stack (i.e. CA layer) to * retrieve PSK credentials from RI security layer. * - * @param[in] type type of PSK data required by CA layer during DTLS handshake. - * @param[in] desc Additional request information. - * @param[in] desc_len The actual length of desc. - * @param[out] result Must be filled with the requested information. - * @param[in] result_length Maximum size of @p result. + * @param type of PSK data required by CA layer during DTLS handshake. + * @param desc Additional request information. + * @param desc_len is the actual length of desc. + * @param result is must be filled with the requested information. + * @param result_length is the maximum size of @p result. * * @return The number of bytes written to @p result or a value * less than zero on error. @@ -138,21 +133,22 @@ int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type, unsigned char *result, size_t result_length); /** - * Add temporal PSK to PIN based OxM + * Add temporal PSK to PIN based OxM. * - * @param[in] tmpSubject UUID of target device - * @param[in] credType Type of credential to be added - * @param[in] pin numeric characters - * @param[in] pinSize length of 'pin' - * @param[in] ownersLen Number of owners - * @param[in] owners Array of owners - * @param[out] tmpCredSubject Generated credential's subject. + * @param tmpSubject is the UUID of target device + * @param credType is the type of credential to be added + * @param pin is the numeric characters + * @param pinSize is the length of 'pin' + * @param ownersLen is the number of owners + * @param owners is the array of owners + * @param tmpCredSubject is the generated credential's subject. * - * @return OC_STACK_OK for success and errorcode otherwise. + * @return ::OC_STACK_OK for success or else errorcode. */ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType, const char * pin, size_t pinSize, - size_t ownersLen, const OicUuid_t * owners, OicUuid_t* tmpCredSubject); + size_t ownersLen, const OicUuid_t * owners, + OicUuid_t* tmpCredSubject); #endif /* __WITH_DTLS__ */ @@ -160,18 +156,17 @@ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t cre /** * This function is used toretrieve certificate credentials from RI security layer. * - * @param credInfo - * binary structure containing certificate credentials + * @param credInfo is the binary structure containing certificate credentials * - * @retval 0 on scuccess + * @return 0 on success. */ int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo); #endif /*__WITH_X509__*/ /** - * Function to deallocate allocated memory to OicSecCred_t + * Function to deallocate allocated memory to OicSecCred_t. * - * @param cred pointer to cred type + * @param cred pointer to cred type. * */ void DeleteCredList(OicSecCred_t* cred); @@ -181,5 +176,3 @@ void DeleteCredList(OicSecCred_t* cred); #endif #endif //IOTVT_SRM_CREDR_H - - diff --git a/resource/csdk/security/include/internal/security_internals.h b/resource/csdk/security/include/internal/security_internals.h index 70ba7e6..3961af0 100644 --- a/resource/csdk/security/include/internal/security_internals.h +++ b/resource/csdk/security/include/internal/security_internals.h @@ -68,6 +68,33 @@ OCEntityHandlerResult PstatEntityHandler(OCEntityHandlerFlag flag, OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t cborSize, OicSecAmacl_t **amacl); +/** + * This internal method is the entity handler for Cred resources + * to handle REST request (PUT/POST/DEL) + */ +OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag, + OCEntityHandlerRequest * ehRequest, + void* callbackParameter); + +/** + * This internal method is used to create '/oic/sec/Cred' resource. + */ +OCStackResult CreateCredResource(); + +/** + * This function converts from CBOR format into credential structure . + * Caller needs to invoke 'free' for allocated structure. + * + * @param cborPayload is the CBOR value that is assigned to the structure. + * @param size is the size of the CBOR. + * @param secCred is the pointer to instance of @ref OicSecCred_t structure that will be allocated. + * If it fails it will return NULL. + * + * @return ::OC_STACK_OK if conversion is successful, else ::OC_STACK_ERROR if unsuccessful. + */ +OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, + OicSecCred_t **secCred); + #ifdef __cplusplus } #endif diff --git a/resource/csdk/security/include/securevirtualresourcetypes.h b/resource/csdk/security/include/securevirtualresourcetypes.h index d8f7048..d7597e1 100644 --- a/resource/csdk/security/include/securevirtualresourcetypes.h +++ b/resource/csdk/security/include/securevirtualresourcetypes.h @@ -287,7 +287,8 @@ struct OicUuid #define JWK_LENGTH 256/8 // 256 bit key length struct OicSecJwk { - char *data; + uint8_t *data; + size_t len; }; /** diff --git a/resource/csdk/security/provisioning/src/credentialgenerator.c b/resource/csdk/security/provisioning/src/credentialgenerator.c index df7754b..eb16fd6 100644 --- a/resource/csdk/security/provisioning/src/credentialgenerator.c +++ b/resource/csdk/security/provisioning/src/credentialgenerator.c @@ -19,12 +19,14 @@ * *****************************************************************/ #include #include "credentialgenerator.h" +#include "base64.h" #include "oic_malloc.h" #include "oic_string.h" -#include "logger.h" +#include "ocpayload.h" +#include "payload_logging.h" #include "credresource.h" #include "ocrandom.h" -#include "base64.h" +#include "srmutility.h" #include "stdbool.h" #include "securevirtualresourcetypes.h" #ifdef __WITH_X509__ @@ -35,30 +37,18 @@ #define TAG "SRPAPI-CG" -/** - * @def PM_VERIFY_SUCCESS - * @brief Macro to verify success of operation. - * eg: PM_VERIFY_SUCCESS(TAG, OC_STACK_OK == foo(), OC_STACK_ERROR, ERROR); - * @note Invoking function must define "bail:" label for goto functionality to work correctly and - * must define "OCStackResult res" for setting error code. - * */ -#define PM_VERIFY_SUCCESS(tag, op, errCode, logLevel) { if (!(op)) \ - {OIC_LOG((logLevel), tag, #op " failed!!"); res = errCode; goto bail;} } -/** - * @def PM_VERIFY_NON_NULL - * @brief Macro to verify argument is not equal to NULL. - * eg: PM_VERIFY_NON_NULL(TAG, ptrData, ERROR); - * @note Invoking function must define "bail:" label for goto functionality to work correctly. - * */ -#define PM_VERIFY_NON_NULL(tag, arg, errCode, logLevel) { if (NULL == (arg)) \ - { OIC_LOG((logLevel), tag, #arg " is NULL"); res = errCode; goto bail;} } +static const char OIC_JSON_CRV_NAME[] = "crv"; +static const char OIC_JSON_KTY_NAME[] = "kty"; +static const char OIC_JSON_CERTIFICATE_NAME[] = "x5c"; +static const char OIC_JSON_D_NAME[] = "d"; +static const char kty[] = "EC"; +static const char crv[] = "P-256"; +static const uint8_t CertMapSize = 3; OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySize, - const OicUuid_t *ptDeviceId, - const OicUuid_t *firstDeviceId, const OicUuid_t *secondDeviceId, - OicSecCred_t **firstCred, OicSecCred_t **secondCred) + const OicUuid_t *ptDeviceId, const OicUuid_t *firstDeviceId, + const OicUuid_t *secondDeviceId, OicSecCred_t **firstCred, OicSecCred_t **secondCred) { - if (NULL == ptDeviceId || NULL == firstDeviceId || NULL != *firstCred || \ NULL == secondDeviceId || NULL != *secondCred) { @@ -71,42 +61,30 @@ OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySiz return OC_STACK_INVALID_PARAM; } OCStackResult res = OC_STACK_ERROR; - uint8_t* privData = NULL; - char* base64Buff = NULL; OicSecCred_t *tempFirstCred = NULL; OicSecCred_t *tempSecondCred = NULL; size_t privDataKeySize = keySize; - privData = (uint8_t*) OICCalloc(privDataKeySize,sizeof(uint8_t)); - PM_VERIFY_NON_NULL(TAG, privData, OC_STACK_NO_MEMORY, ERROR); + uint8_t *privData = (uint8_t *)OICCalloc(privDataKeySize, sizeof(uint8_t)); + VERIFY_NON_NULL(TAG, privData, ERROR); - OCFillRandomMem(privData,privDataKeySize); - - uint32_t outLen = 0; - - base64Buff = (char*) OICCalloc(B64ENCODE_OUT_SAFESIZE(privDataKeySize) + 1, sizeof(char)); - PM_VERIFY_NON_NULL(TAG, base64Buff, OC_STACK_NO_MEMORY, ERROR); - int memReq = (B64ENCODE_OUT_SAFESIZE(privDataKeySize) + 1) * sizeof(char); - B64Result b64Ret = b64Encode(privData, privDataKeySize*sizeof(uint8_t), base64Buff, - memReq, &outLen); - PM_VERIFY_SUCCESS(TAG, B64_OK == b64Ret, OC_STACK_ERROR, ERROR); + OCFillRandomMem(privData, privDataKeySize); // TODO: currently owner array is 1. only provisioning tool's id. - tempFirstCred = GenerateCredential(secondDeviceId, type, NULL, base64Buff, 1, ptDeviceId); - PM_VERIFY_NON_NULL(TAG, tempFirstCred, OC_STACK_ERROR, ERROR); + tempFirstCred = GenerateCredential(secondDeviceId, type, NULL, privData, 1, ptDeviceId); + VERIFY_NON_NULL(TAG, tempFirstCred, ERROR); // TODO: currently owner array is 1. only provisioning tool's id. - tempSecondCred = GenerateCredential(firstDeviceId, type, NULL, base64Buff, 1, ptDeviceId); - PM_VERIFY_NON_NULL(TAG, tempSecondCred, OC_STACK_ERROR, ERROR); + tempSecondCred = GenerateCredential(firstDeviceId, type, NULL, privData, 1, ptDeviceId); + VERIFY_NON_NULL(TAG, tempSecondCred, ERROR); *firstCred = tempFirstCred; *secondCred = tempSecondCred; res = OC_STACK_OK; -bail: +exit: OICFree(privData); - OICFree(base64Buff); if(res != OC_STACK_OK) { @@ -123,17 +101,22 @@ bail: /** * Function to compose JSON Web Key (JWK) string from a certificate and a public key. * - * @param[in] certificateChain Array of Base64 encoded certificate strings. - * @param[in] chainLength Number of the certificates in certificateChain. - * @return Valid JWK string on success, or NULL on fail. + * @param certificateChain Array of Base64 encoded certificate strings. + * @param chainLength Number of the certificates in certificateChain. + * @param payload Valid JWK CBOR on success, or NULL on fail. + */ -static char *CreateCertificatePublicJWK(const char *const *certificateChain, - const size_t chainLength) +static OCStackResult CreateCertificatePublicJWK(const char *const *certificateChain, + const size_t chainLength, uint8_t **cborPayload, size_t *size) { + OCStackResult ret = OC_STACK_ERROR; + *cborPayload = NULL; + *size = 0; + if (NULL == certificateChain || chainLength == 0) { OIC_LOG(ERROR, TAG, "Error CreateCertificatePublicJWK: Invalid params"); - return NULL; + return OC_STACK_INVALID_PARAM; } size_t certChainSize = 0; @@ -146,70 +129,118 @@ static char *CreateCertificatePublicJWK(const char *const *certificateChain, else { OIC_LOG(ERROR, TAG, "Error CreateCertificatePublicJWK: Invalid params"); - return NULL; - } - - } - /* certificates in the json array taken in quotes and separated by a comma - * so we have to count the number of characters (number of commas and quotes) required - * for embedding certificates in the array depending on the number of certificates in chain - * each certificate except last embeded in "\"%s\"," */ - const int numCommasAndQuotes = chainLength * 3 - 1; - const char firstPart[] = "{\"kty\":\"EC\",\"crv\":\"P-256\",\"x5c\":["; - const char secondPart[] = "]}"; - /* to calculate the size of JWK public part we need to add the value of first and second parts, - * size of certificate chain, number of additional commas and quotes and 1 for string termination symbol */ - size_t certPubJWKLen = strlen(firstPart) + strlen(secondPart) - + certChainSize + numCommasAndQuotes + 1; - char *certPubJWK = (char *)OICMalloc(certPubJWKLen); - - if (NULL != certPubJWK) - { - OICStrcpy(certPubJWK, certPubJWKLen, firstPart); - size_t offset = strlen(firstPart); - for (size_t i = 0; i < chainLength; ++i) - { - offset += snprintf(certPubJWK + offset, certPubJWKLen - offset, "\"%s\",", certificateChain[i]); + return OC_STACK_INVALID_PARAM; } - snprintf(certPubJWK + offset - 1, certPubJWK - offset - 1, secondPart); } - else + + // cborArbitraryLen is a value to conver field names and cbor map, cbor array. + size_t cborArbitraryLen = 255; + size_t cborLen = certChainSize + cborArbitraryLen; + int64_t cborEncoderResult = CborNoError; + CborEncoder encoder = { .end = 0 }; + uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen); + VERIFY_NON_NULL(TAG, outPayload, ERROR); + cbor_encoder_init(&encoder, outPayload, cborLen, 0); + + CborEncoder credMap = { .end = 0 }; + cborEncoderResult |= cbor_encoder_create_map(&encoder, &credMap, CertMapSize); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map."); + + cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_KTY_NAME, + strlen(OIC_JSON_KTY_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + cborEncoderResult |= cbor_encode_text_string(&credMap, kty, strlen(kty)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + + cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CRV_NAME, + strlen(OIC_JSON_CRV_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + cborEncoderResult |= cbor_encode_text_string(&credMap, crv, strlen(crv)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + + cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CERTIFICATE_NAME, + strlen(OIC_JSON_CERTIFICATE_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Name."); + CborEncoder certs = { {.ptr = NULL }, .end = 0 }; + cborEncoderResult |= cbor_encoder_create_array(&credMap, &certs, chainLength); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Array."); + for (size_t i = 0; i < chainLength; i++) { - OIC_LOG(ERROR, TAG, "Error while memory allocation"); + cborEncoderResult |= cbor_encode_byte_string(&certs, (uint8_t *)certificateChain[i], strlen(certificateChain[i])); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Chain."); } - return certPubJWK; + cborEncoderResult |= cbor_encoder_close_container(&credMap, &certs); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Certificate Chain."); + + cborEncoderResult |= cbor_encoder_close_container(&encoder, &credMap); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map."); + + *cborPayload = outPayload; + *size = encoder.ptr - outPayload; + ret = OC_STACK_OK; + +exit: + return ret; } /** * Function to compose JWK string from a private key. * - * @param[in] privateKey Base64 encoded private key. - * @return Valid JWK string on success, or NULL on fail. + * @param privateKey to be converted to CBOR. + * @ Valid JWK string on success, or NULL on fail. */ -static char *CreateCertificatePrivateJWK(const char *privateKey) +OCStackResult CreateCertificatePrivateJWK(const char *privateKey, uint8_t **cborPayload, + size_t *size) { - if (NULL == privateKey) - { - OIC_LOG(ERROR, TAG, "Error privateKey is NULL"); - return NULL; - } - const char firstPart[] = "{\"kty\":\"EC\",\"crv\":\"P-256\",\"d\":\""; - const char secondPart[] = "\"}"; - size_t len = strlen(firstPart) + strlen(secondPart) + strlen(privateKey) + 1; - char *certPrivJWK = (char *)OICMalloc(len); - - if (NULL != certPrivJWK) - { - snprintf(certPrivJWK, len, "%s%s%s", firstPart, privateKey, secondPart); - } - else - { - OIC_LOG(ERROR, TAG, "Error while memory allocation"); - } - return certPrivJWK; + *cborPayload = NULL; + *size = 0; + OCStackResult ret = OC_STACK_INVALID_PARAM; + VERIFY_NON_NULL(TAG, privateKey, ERROR); + + // cborArbitraryLen is a value to conver field names and cbor map, cbor array. + size_t cborArbitraryLen = 255; + size_t cborLen = strlen(privateKey) + cborArbitraryLen; + int64_t cborEncoderResult = CborNoError; + ret = OC_STACK_ERROR; + uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen); + VERIFY_NON_NULL(TAG, outPayload, ERROR); + + CborEncoder encoder = { .end = 0 }; + cbor_encoder_init(&encoder, outPayload, cborLen, 0); + + CborEncoder credMap = { .end = 0 }; + cborEncoderResult |= cbor_encoder_create_map(&encoder, &credMap, 3); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + + cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_KTY_NAME, + strlen(OIC_JSON_KTY_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + cborEncoderResult |= cbor_encode_text_string(&credMap, kty, strlen(kty)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + + cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CRV_NAME, + strlen(OIC_JSON_CRV_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + cborEncoderResult |= cbor_encode_text_string(&credMap, crv, strlen(crv)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding "); + + cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_D_NAME, + strlen(OIC_JSON_D_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding D tag."); + cborEncoderResult |= cbor_encode_byte_string(&credMap, (uint8_t *)privateKey, strlen(privateKey)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding D Value."); + + cborEncoderResult |= cbor_encoder_close_container(&encoder, &credMap); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map."); + + *cborPayload = outPayload; + *size = encoder.ptr - outPayload; + ret = OC_STACK_OK; + +exit: + return ret; } - /** * Function to generate Base64 encoded credential data for device. * @@ -339,7 +370,6 @@ memclean: return OC_STACK_OK; } - OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId, const OicUuid_t *deviceId, OicSecCred_t **const cred) { @@ -357,8 +387,18 @@ OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId, return OC_STACK_ERROR; } - char *publicJWK = CreateCertificatePublicJWK(certificateChain, certChainLen); - char *privateJWK = CreateCertificatePrivateJWK(privKey); + uint8_t *publicJWK = NULL; + size_t len = 0; + if (OC_STACK_OK == CreateCertificatePublicJWK(certificateChain, certChainLen, &publicJWK, &len)) + { + + } + uint8_t *privateJWK = NULL; + size_t len1 = 0; + if (OC_STACK_OK == CreateCertificatePrivateJWK(privKey, &privateJWK, &len1)) + { + + } for (size_t i = 0; i < certChainLen; ++i) { OICFree(certificateChain[i]); diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c index e1ba69b..0ae6b4f 100644 --- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c +++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c @@ -439,16 +439,10 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo) OIC_LOG_BUFFER(INFO, TAG,ownerPSK, OWNER_PSK_LENGTH_128); //Generating new credential for provisioning tool size_t ownLen = 1; - uint32_t outLen = 0; - - char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(ownerPSK)) + 1] = {}; - B64Result b64Ret = b64Encode(ownerPSK, sizeof(ownerPSK), base64Buff, sizeof(base64Buff), - &outLen); - VERIFY_SUCCESS(TAG, B64_OK == b64Ret, ERROR); OicSecCred_t *cred = GenerateCredential(&selectedDeviceInfo->doxm->deviceID, SYMMETRIC_PAIR_WISE_KEY, NULL, - base64Buff, ownLen, &ptDeviceID); + ownerPSK, ownLen, &ptDeviceID); VERIFY_NON_NULL(TAG, cred, ERROR); res = AddCredential(cred); @@ -936,8 +930,8 @@ static OCStackResult PutOwnerCredential(OTMContext_t* otmCtx) newCredential.privateData.data = NULL; //Send owner credential to new device : PUT /oic/sec/cred [ owner credential ] - secPayload->securityData = BinToCredJSON(&newCredential); - if (NULL == secPayload->securityData) + size_t size = 0; + if (OC_STACK_OK != CredToCBORPayload(&newCredential, &secPayload->securityData1, &size)) { OICFree(secPayload); OIC_LOG(ERROR, TAG, "Error while converting bin to json"); diff --git a/resource/csdk/security/provisioning/src/secureresourceprovider.c b/resource/csdk/security/provisioning/src/secureresourceprovider.c index 2214164..35bcd77 100644 --- a/resource/csdk/security/provisioning/src/secureresourceprovider.c +++ b/resource/csdk/security/provisioning/src/secureresourceprovider.c @@ -298,21 +298,21 @@ static OCStackResult provisionCredentials(const OicSecCred_t *cred, OCClientResponseHandler responseHandler) { OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload)); - if(!secPayload) + if (!secPayload) { OIC_LOG(ERROR, TAG, "Failed to memory allocation"); return OC_STACK_NO_MEMORY; } secPayload->base.type = PAYLOAD_TYPE_SECURITY; - secPayload->securityData = BinToCredJSON(cred); - if(NULL == secPayload->securityData) + size_t size = 0; + OCStackResult res = CredToCBORPayload(cred, &secPayload->securityData1, &size); + if((OC_STACK_OK != res) && (NULL == secPayload->securityData1)) { - OICFree(secPayload); - OIC_LOG(ERROR, TAG, "Failed to BinToCredJSON"); + OCPayloadDestroy((OCPayload *)secPayload); + OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload"); return OC_STACK_NO_MEMORY; } - OIC_LOG_V(INFO, TAG, "Credential for provisioning : %s",secPayload->securityData); char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0}; if(!PMGenerateQuery(true, deviceInfo->endpoint.addr, @@ -498,7 +498,7 @@ OCStackResult SRPProvisionCRL(void *ctx, const OCProvisionDev_t *selectedDeviceI crlData->resArr = (OCProvisionResult_t*)OICCalloc(1, sizeof(OCProvisionResult_t)); if (crlData->resArr == NULL) { - OICFree(secPayload->securityData); + OICFree(secPayload->securityData1); OICFree(secPayload); OIC_LOG(ERROR, TAG, "Unable to allocate memory"); return OC_STACK_NO_MEMORY; @@ -542,16 +542,16 @@ static OCStackResult provisionCertCred(const OicSecCred_t *cred, return OC_STACK_NO_MEMORY; } secPayload->base.type = PAYLOAD_TYPE_SECURITY; - secPayload->securityData = BinToCredJSON(cred); + size_t size = 0; + OCStackResult res = CredToCBORPayload(cred, &secPayload->securityData1, &size); - if (NULL == secPayload->securityData) + if ((OC_STACK_OK != res) || (NULL == secPayload->securityData1)) { OICFree(secPayload); - OIC_LOG(ERROR, TAG, "Failed to BinToCredJSON"); + OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload"); return OC_STACK_NO_MEMORY; } - OIC_LOG_V(INFO, TAG, "Credential for provisioning : %s",secPayload->securityData); char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0}; if(!PMGenerateQuery(true, deviceInfo->endpoint.addr, @@ -560,8 +560,7 @@ static OCStackResult provisionCertCred(const OicSecCred_t *cred, query, sizeof(query), OIC_RSRC_CRED_URI)) { OIC_LOG(ERROR, TAG, "DeviceDiscoveryHandler : Failed to generate query"); - OICFree(secPayload->securityData); - OICFree(secPayload); + OCPayloadDestroy((OCPayload *)secPayload); return OC_STACK_ERROR; } OIC_LOG_V(DEBUG, TAG, "Query=%s", query); diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c index 54f17b4..b30eeae 100644 --- a/resource/csdk/security/src/credresource.c +++ b/resource/csdk/security/src/credresource.c @@ -19,38 +19,49 @@ //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= #define __STDC_LIMIT_MACROS + +#include +#ifdef WITH_ARDUINO +#include +#else +#include +#endif +#include + +#include "cainterface.h" +#include "payload_logging.h" #include "ocstack.h" -#include "logger.h" +#include "ocrandom.h" +#include "ocserverrequest.h" #include "oic_malloc.h" -#include "cJSON.h" -#include "resourcemanager.h" -#include "psinterface.h" +#include "ocpayload.h" #include "utlist.h" -#include "srmresourcestrings.h" #include "credresource.h" -#include "ocrandom.h" #include "doxmresource.h" -#include "base64.h" -#include "srmutility.h" -#include "cainterface.h" -#include "pbkdf2.h" -#include +#include "pstatresource.h" #include "iotvticalendar.h" -#include "ocserverrequest.h" +#include "pbkdf2.h" +#include "resourcemanager.h" +#include "srmresourcestrings.h" +#include "srmutility.h" +#include "psinterface.h" +#include "pinoxmcommon.h" #ifdef __WITH_DTLS__ #include "global.h" -#endif //__WITH_DTLS__ - -#ifdef WITH_ARDUINO -#include -#else -#include #endif -#include #define TAG "SRM-CREDL" +/** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory. + * The value of payload size is increased until reaching belox max cbor size. */ +static const uint8_t CBOR_SIZE = 255; + +/** Max cbor size payload. */ +static const uint16_t CBOR_MAX_SIZE = 4400; + +/** CRED Map size - Number of mandatory items. */ +static const uint8_t CRED_MAP_SIZE = 4; static OicSecCred_t *gCred = NULL; static OCResourceHandle gCredHandle = NULL; @@ -62,7 +73,7 @@ static void FreeCred(OicSecCred_t *cred) { if(NULL == cred) { - OIC_LOG (ERROR, TAG, "Invalid Parameter"); + OIC_LOG(ERROR, TAG, "Invalid Parameter"); return; } //Note: Need further clarification on roleID data type @@ -100,244 +111,292 @@ void DeleteCredList(OicSecCred_t* cred) } } -/** - * This function converts credential data into JSON format. - * Caller needs to invoke 'free' when done using - * returned string. - * @param cred pointer to instance of OicSecCred_t structure. - * - * @retval - * pointer to JSON credential representation - if credential for subjectId found - * NULL - if credential for subjectId not found - */ -char * BinToCredJSON(const OicSecCred_t * cred) +static size_t OicSecCredCount(const OicSecCred_t *secCred) { - cJSON *jsonRoot = NULL; - char *jsonStr = NULL; + size_t size = 0; + for (const OicSecCred_t *cred = secCred; cred; cred = cred->next) + { + size++; + } + return size; +} - if (cred) +OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload, + size_t *cborSize) +{ + if (NULL == credS || NULL == cborPayload || NULL != *cborPayload || NULL == cborSize) { - char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {}; - uint32_t outLen = 0; - B64Result b64Ret = B64_OK; + return OC_STACK_INVALID_PARAM; + } - jsonRoot = cJSON_CreateObject(); - VERIFY_NON_NULL(TAG, jsonRoot, ERROR); + OCStackResult ret = OC_STACK_ERROR; + size_t cborLen = *cborSize; + if (0 == cborLen) + { + cborLen = CBOR_SIZE; + } - cJSON *jsonCredArray = NULL; - cJSON_AddItemToObject(jsonRoot, OIC_JSON_CRED_NAME, - jsonCredArray = cJSON_CreateArray()); - VERIFY_NON_NULL(TAG, jsonCredArray, ERROR); + *cborSize = 0; + *cborPayload = NULL; - while(cred) - { - cJSON *jsonCred = cJSON_CreateObject(); - VERIFY_NON_NULL(TAG, jsonCred, ERROR); + CborEncoder encoder = { {.ptr = NULL }, .end = 0 }; + CborEncoder credArray = { {.ptr = NULL }, .end = 0 }; + CborError cborEncoderResult = CborNoError; - //CredID -- Mandatory - cJSON_AddNumberToObject(jsonCred, OIC_JSON_CREDID_NAME, (int)cred->credId); + const OicSecCred_t *cred = credS; + size_t mapSize = CRED_MAP_SIZE; + if (cred->period) + { + mapSize++; + } + if (cred->publicData.data) + { + mapSize++; + } + if (cred->privateData.data) + { + mapSize++; + } + if (cred->period) + { + mapSize++; + } + uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen); + VERIFY_NON_NULL(TAG, outPayload, ERROR); + cbor_encoder_init(&encoder, outPayload, cborLen, 0); - //Subject -- Mandatory - outLen = 0; - memset(base64Buff, 0, sizeof(base64Buff)); - b64Ret = b64Encode(cred->subject.id, sizeof(cred->subject.id), base64Buff, - sizeof(base64Buff), &outLen); - VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR); - cJSON_AddStringToObject(jsonCred, OIC_JSON_SUBJECT_NAME, base64Buff); + // Create CRED Array + cborEncoderResult = cbor_encoder_create_array(&encoder, &credArray, OicSecCredCount(cred)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding0 Cred Array."); - //Note: Need further clarification on roleID data type -#if 0 - //RoleId -- Not Mandatory - if(cred->roleIdsLen > 0) - { - cJSON *jsonRoleIdsArray = NULL; - cJSON_AddItemToObject (jsonCred, OIC_JSON_ROLEIDS_NAME, - jsonRoleIdsArray = cJSON_CreateArray()); - VERIFY_NON_NULL(TAG, jsonRoleIdsArray, ERROR); - for (size_t i = 0; i < cred->roleIdsLen; i++) - { - cJSON_AddItemToArray (jsonRoleIdsArray, - cJSON_CreateString((char *)cred->roleIds[i].id)); - } - } -#endif - - //CredType -- Mandatory - cJSON_AddNumberToObject(jsonCred, OIC_JSON_CREDTYPE_NAME,(int)cred->credType); + while (cred) + { + CborEncoder credMap = { {.ptr = NULL }, .end = 0 }; + cborEncoderResult = cbor_encoder_create_map(&credArray, &credMap, mapSize); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map"); + + //CredID -- Mandatory + cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDID_NAME, + strlen(OIC_JSON_CREDID_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Tag. "); + cborEncoderResult = cbor_encode_int(&credMap, cred->credId); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Value."); + + //Subject -- Mandatory + cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_SUBJECT_NAME, + strlen(OIC_JSON_SUBJECT_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Tag."); + cborEncoderResult = cbor_encode_byte_string(&credMap, cred->subject.id, + sizeof(cred->subject.id)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Value."); + + //CredType -- Mandatory + cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDTYPE_NAME, + strlen(OIC_JSON_CREDTYPE_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag."); + cborEncoderResult = cbor_encode_int(&credMap, cred->credType); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value."); #ifdef __WITH_X509__ - //PublicData -- Not Mandatory - if(cred->publicData.data) - { - if (SIGNED_ASYMMETRIC_KEY == cred->credType) - { - cJSON_AddItemToObject(jsonCred, OIC_JSON_PUBLICDATA_NAME, - cJSON_Parse(cred->publicData.data)); - } - else - { - cJSON_AddStringToObject(jsonCred, OIC_JSON_PUBLICDATA_NAME, cred->publicData.data); - } - } + //PublicData -- Not Mandatory + if (cred->publicData.data) + { + cborEncoderResult = cbor_encode_text_string(&credMap, + OIC_JSON_PUBLICDATA_NAME, strlen(OIC_JSON_PUBLICDATA_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Data Tag."); + cborEncoderResult = cbor_encode_byte_string(&credMap, cred->publicData.data, + sizeof(cred->publicData.data)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Tag Value."); + } #endif /*__WITH_X509__*/ - //PrivateData -- Not Mandatory - if(cred->privateData.data) - { -#ifdef __WITH_X509__ - if (SIGNED_ASYMMETRIC_KEY == cred->credType) - { - cJSON_AddItemToObject(jsonCred, OIC_JSON_PRIVATEDATA_NAME, - cJSON_Parse(cred->privateData.data)); - } - else - { - cJSON_AddStringToObject(jsonCred, OIC_JSON_PRIVATEDATA_NAME, cred->privateData.data); - } -#else - cJSON_AddStringToObject(jsonCred, OIC_JSON_PRIVATEDATA_NAME, cred->privateData.data); -#endif - } + //PrivateData -- Not Mandatory + if(cred->privateData.data) + { + cborEncoderResult = cbor_encode_text_string(&credMap, + OIC_JSON_PRIVATEDATA_NAME, strlen(OIC_JSON_PRIVATEDATA_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Data Tag"); + cborEncoderResult = cbor_encode_byte_string(&credMap, cred->privateData.data, + sizeof(cred->privateData.data)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Data Value."); + } - //Period -- Not Mandatory - if(cred->period) - { - cJSON_AddStringToObject(jsonCred, OIC_JSON_PERIOD_NAME, - cred->period); - } + //Period -- Not Mandatory + if(cred->period) + { + cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PERIOD_NAME, + strlen(OIC_JSON_PERIOD_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Tag."); + cborEncoderResult = cbor_encode_text_string(&credMap, cred->period, + strlen(cred->period)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Value."); + } - //Owners -- Mandatory - cJSON *jsonOwnrArray = NULL; - cJSON_AddItemToObject (jsonCred, OIC_JSON_OWNERS_NAME, - jsonOwnrArray = cJSON_CreateArray()); - VERIFY_NON_NULL(TAG, jsonOwnrArray, ERROR); + //Owners -- Mandatory + { + cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_OWNERS_NAME, + strlen(OIC_JSON_OWNERS_NAME)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owners Name Tag."); + CborEncoder owners = { {.ptr = NULL }, .end = 0 }; + cborEncoderResult = cbor_encoder_create_array(&credMap, &owners, cred->ownersLen); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owners Name Array."); for (size_t i = 0; i < cred->ownersLen; i++) { - outLen = 0; - memset(base64Buff, 0, sizeof(base64Buff)); - b64Ret = b64Encode(cred->owners[i].id, sizeof(cred->owners[i].id), - base64Buff, sizeof(base64Buff), &outLen); - VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR); - cJSON_AddItemToArray (jsonOwnrArray, - cJSON_CreateString((char *)(base64Buff))); + cborEncoderResult = cbor_encode_byte_string(&owners, + (uint8_t *)cred->owners[i].id, + sizeof(cred->owners[i].id)); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owners Array Value."); } - - /* Attach current cred node to cred Array */ - cJSON_AddItemToArray(jsonCredArray, jsonCred); - cred = cred->next; + cborEncoderResult = cbor_encoder_close_container(&credMap, &owners); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Owners Name Array."); } + cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map."); - jsonStr = cJSON_PrintUnformatted(jsonRoot); + cred = cred->next; + } + cborEncoderResult = cbor_encoder_close_container(&encoder, &credArray); + VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Array."); + + if (CborNoError == cborEncoderResult) + { + *cborPayload = outPayload; + *cborSize = encoder.ptr - outPayload; + ret = OC_STACK_OK; } exit: - if (jsonRoot) + if ((CborErrorOutOfMemory == cborEncoderResult) && (cborLen < CBOR_MAX_SIZE)) { - cJSON_Delete(jsonRoot); + // reallocate and try again! + OICFree(outPayload); + outPayload = NULL; + // Since the allocated initial memory failed, double the memory. + cborLen += encoder.ptr - encoder.end; + cborEncoderResult = CborNoError; + ret = CredToCBORPayload(credS, cborPayload, &cborLen); + if (CborNoError == cborEncoderResult) + { + *cborSize = cborLen; + ret = OC_STACK_OK; + } } - return jsonStr; + + if (CborNoError != cborEncoderResult) + { + OICFree(outPayload); + outPayload = NULL; + *cborSize = 0; + *cborPayload = NULL; + ret = OC_STACK_ERROR; + } + + return ret; } -/* - * This internal method converts JSON cred into binary cred. - */ -OicSecCred_t * JSONToCredBin(const char * jsonStr) +OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, + OicSecCred_t **secCred) { + if (NULL == cborPayload || NULL == secCred || NULL != *secCred) + { + return OC_STACK_INVALID_PARAM; + } + + *secCred = NULL; + OCStackResult ret = OC_STACK_ERROR; - OicSecCred_t * headCred = NULL; - OicSecCred_t * prevCred = NULL; - cJSON *jsonCredArray = NULL; - cJSON *jsonRoot = cJSON_Parse(jsonStr); - VERIFY_NON_NULL(TAG, jsonRoot, ERROR); + CborValue credCbor = { .parser = NULL }; + CborParser parser = { .end = NULL }; + CborError cborFindResult = CborNoError; + OicSecCred_t *cred = NULL; + char *name = NULL; - jsonCredArray = cJSON_GetObjectItem(jsonRoot, OIC_JSON_CRED_NAME); - VERIFY_NON_NULL(TAG, jsonCredArray, ERROR); - if (cJSON_Array == jsonCredArray->type) + int cborLen = size; + if (0 == size) { - int numCred = cJSON_GetArraySize(jsonCredArray); - int idx = 0; + cborLen = CBOR_SIZE; + } + cbor_parser_init(cborPayload, cborLen, 0, &parser, &credCbor); - unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {}; - uint32_t outLen = 0; - B64Result b64Ret = B64_OK; + OicSecCred_t *headCred = NULL; - VERIFY_SUCCESS(TAG, numCred > 0, ERROR); - do - { - cJSON *jsonCred = cJSON_GetArrayItem(jsonCredArray, idx); - VERIFY_NON_NULL(TAG, jsonCred, ERROR); + CborValue credArray = { .parser = NULL }; + cborFindResult = cbor_value_enter_container(&credCbor, &credArray); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Array."); - OicSecCred_t *cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t)); - VERIFY_NON_NULL(TAG, cred, ERROR); + while (cbor_value_is_valid(&credArray)) + { + CborValue credMap = { .parser = NULL }; + cborFindResult = cbor_value_enter_container(&credArray, &credMap); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map."); - headCred = (headCred) ? headCred : cred; - if (prevCred) - { - prevCred->next = cred; - } - size_t jsonObjLen = 0; - cJSON *jsonObj = NULL; + cred = (OicSecCred_t *) OICCalloc(1, sizeof(*cred)); + VERIFY_NON_NULL(TAG, cred, ERROR); + + while (cbor_value_is_valid(&credMap)) + { + size_t len = 0; + cborFindResult = cbor_value_dup_text_string(&credMap, &name, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Name."); + cborFindResult = cbor_value_advance(&credMap); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Cred Name. "); + + CborType type = cbor_value_get_type(&credMap); //CredId -- Mandatory - jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_CREDID_NAME); - if(jsonObj) + if (0 == strcmp(OIC_JSON_CREDID_NAME, name)) { - VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR); - cred->credId = jsonObj->valueint; + cborFindResult = cbor_value_get_int(&credMap, (int *) &cred->credId); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Id Value."); } - //subject -- Mandatory - jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_SUBJECT_NAME); - VERIFY_NON_NULL(TAG, jsonObj, ERROR); - VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR); - outLen = 0; - memset(base64Buff, 0, sizeof(base64Buff)); - b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), - base64Buff, sizeof(base64Buff), &outLen); - VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(cred->subject.id)), - ERROR); - memcpy(cred->subject.id, base64Buff, outLen); - - //CredType -- Mandatory - jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_CREDTYPE_NAME); - VERIFY_NON_NULL(TAG, jsonObj, ERROR); - VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR); - cred->credType = (OicSecCredType_t)jsonObj->valueint; - - //PrivateData is mandatory for some of the credential types listed below. - jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_PRIVATEDATA_NAME); - if ((cred->credType & SYMMETRIC_PAIR_WISE_KEY) || - (cred->credType & SYMMETRIC_GROUP_KEY) || - (cred->credType & PIN_PASSWORD)) + if (0 == strcmp(OIC_JSON_SUBJECT_NAME, name)) { - if(jsonObj) - { - VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR); - } + uint8_t *id = NULL; + cborFindResult = cbor_value_dup_byte_string(&credMap, &id, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Subject Name Value."); + memcpy(cred->subject.id, id, len); + OICFree(id); } -#ifdef __WITH_X509__ - else if (cred->credType & SIGNED_ASYMMETRIC_KEY) + //CredType -- Mandatory + if (0 == strcmp(OIC_JSON_CREDTYPE_NAME, name)) { - VERIFY_NON_NULL(TAG, jsonObj, ERROR); - VERIFY_SUCCESS(TAG, cJSON_Object == jsonObj->type, ERROR); + cborFindResult = cbor_value_get_int(&credMap, (int *) &cred->credType); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Type Value."); } -#endif // __WITH_X509__ - if (NULL != jsonObj) + //Owners -- Mandatory + if (0 == strcmp(OIC_JSON_OWNERS_NAME, name)) { - if (cJSON_String == jsonObj->type) + CborValue owners = { .parser = NULL }; + cborFindResult = cbor_value_get_array_length(&credMap, &cred->ownersLen); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owners Name Array Len."); + cborFindResult = cbor_value_enter_container(&credMap, &owners); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owners Name."); + int i = 0; + cred->owners = (OicUuid_t *)OICCalloc(cred->ownersLen, sizeof(*cred->owners)); + VERIFY_NON_NULL(TAG, cred->owners, ERROR); + while (cbor_value_is_valid(&owners)) { - jsonObjLen = strlen(jsonObj->valuestring) + 1; - cred->privateData.data = (char *)OICMalloc(jsonObjLen); - VERIFY_NON_NULL(TAG, (cred->privateData.data), ERROR); - strncpy((char *)cred->privateData.data, (char *)jsonObj->valuestring, jsonObjLen); + uint8_t *owner = NULL; + cborFindResult = cbor_value_dup_byte_string(&owners, &owner, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owner Value."); + memcpy(cred->owners[i].id, owner, len); + OICFree(owner); + cborFindResult = cbor_value_advance(&owners); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Owner Value."); } -#ifdef __WITH_X509__ - else if (SIGNED_ASYMMETRIC_KEY == cred->credType && cJSON_Object == jsonObj->type) + } + //PrivateData is mandatory for some of the credential types listed below. + if (0 == strcmp(OIC_JSON_PRIVATEDATA_NAME, name)) + { + if ((cred->credType & SYMMETRIC_PAIR_WISE_KEY) || + (cred->credType & SYMMETRIC_GROUP_KEY) || + (cred->credType & PIN_PASSWORD)) { - cred->privateData.data = cJSON_PrintUnformatted(jsonObj); - VERIFY_NON_NULL(TAG, (cred->privateData.data), ERROR); + cborFindResult = cbor_value_dup_byte_string(&credMap, + &cred->privateData.data, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Private Data Value."); } -#endif // __WITH_X509__ } else { @@ -345,77 +404,69 @@ OicSecCred_t * JSONToCredBin(const char * jsonStr) } //PublicData is mandatory only for SIGNED_ASYMMETRIC_KEY credentials type. - jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_PUBLICDATA_NAME); -#ifdef __WITH_X509__ - if (cred->credType & SIGNED_ASYMMETRIC_KEY) - { - VERIFY_NON_NULL(TAG, jsonObj, ERROR); - VERIFY_SUCCESS(TAG, cJSON_Object == jsonObj->type, ERROR); - } -#endif // __WITH_X509__ - if (NULL != jsonObj) + if (0 == strcmp(OIC_JSON_PUBLICDATA_NAME, name)) { - if (cJSON_String == jsonObj->type) + if (cred->credType & SIGNED_ASYMMETRIC_KEY) { - jsonObjLen = strlen(jsonObj->valuestring) + 1; - cred->publicData.data = (char *)OICMalloc(jsonObjLen); - VERIFY_NON_NULL(TAG, (cred->publicData.data), ERROR); - strncpy((char *)cred->publicData.data, (char *)jsonObj->valuestring, jsonObjLen); + cborFindResult = cbor_value_dup_byte_string(&credMap, + &cred->publicData.data, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding "); } -#ifdef __WITH_X509__ - else if (SIGNED_ASYMMETRIC_KEY == cred->credType && cJSON_Object == jsonObj->type) - { - cred->publicData.data = cJSON_PrintUnformatted(jsonObj); - VERIFY_NON_NULL(TAG, (cred->publicData.data), ERROR); - } -#endif // __WITH_X509__ } - //Period -- Not Mandatory - jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_PERIOD_NAME); - if(jsonObj && cJSON_String == jsonObj->type) + if (0 == strcmp(OIC_JSON_PERIOD_NAME, name)) { - jsonObjLen = strlen(jsonObj->valuestring) + 1; - cred->period = (char *)OICMalloc(jsonObjLen); - VERIFY_NON_NULL(TAG, cred->period, ERROR); - strncpy(cred->period, jsonObj->valuestring, jsonObjLen); + cborFindResult = cbor_value_dup_text_string(&credMap, + &cred->period, &len, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period Name Value."); } + if (CborMapType != type && cbor_value_is_valid(&credMap)) + { + cborFindResult = cbor_value_advance(&credMap); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Cred Map."); + } + OICFree(name); + name = NULL; + } - //Owners -- Mandatory - jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_OWNERS_NAME); - VERIFY_NON_NULL(TAG, jsonObj, ERROR); - VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR); - cred->ownersLen = (size_t)cJSON_GetArraySize(jsonObj); - VERIFY_SUCCESS(TAG, cred->ownersLen > 0, ERROR); - cred->owners = (OicUuid_t*)OICCalloc(cred->ownersLen, sizeof(OicUuid_t)); - VERIFY_NON_NULL(TAG, (cred->owners), ERROR); - for(size_t i = 0; i < cred->ownersLen; i++) + cred->next = NULL; + if (NULL == headCred) + { + headCred = cred; + } + else + { + OicSecCred_t *temp = headCred; + while (temp->next) { - cJSON *jsonOwnr = cJSON_GetArrayItem(jsonObj, i); - VERIFY_NON_NULL(TAG, jsonOwnr, ERROR); - VERIFY_SUCCESS(TAG, cJSON_String == jsonOwnr->type, ERROR); - outLen = 0; - memset(base64Buff, 0, sizeof(base64Buff)); - b64Ret = b64Decode(jsonOwnr->valuestring, strlen(jsonOwnr->valuestring), - base64Buff, sizeof(base64Buff), &outLen); - VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && - outLen <= sizeof(cred->owners[i].id)), ERROR); - memcpy(cred->owners[i].id, base64Buff, outLen); + temp = temp->next; } - prevCred = cred; - } while( ++idx < numCred); + temp->next = cred; + } + if (cbor_value_is_valid(&credArray)) + { + cborFindResult = cbor_value_advance(&credArray); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Cred Array. "); + } } - + *secCred = headCred; ret = OC_STACK_OK; - exit: - cJSON_Delete(jsonRoot); - if (OC_STACK_OK != ret) + if (CborNoError != cborFindResult) { DeleteCredList(headCred); headCred = NULL; + ret = OC_STACK_ERROR; } - return headCred; + if (cred) + { + DeleteCredList(cred); + } + if (name) + { + OICFree(name); + } + return ret; } /** @@ -434,13 +485,13 @@ exit: * NULL - error */ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t credType, - const char * publicData, const char * privateData, - size_t ownersLen, const OicUuid_t * owners) + const uint8_t * publicData, const uint8_t* privateData, + size_t ownersLen, const OicUuid_t * owners) { (void)publicData; OCStackResult ret = OC_STACK_ERROR; - OicSecCred_t *cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t)); + OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred)); VERIFY_NON_NULL(TAG, cred, ERROR); //CredId is assigned before appending new cred to the existing @@ -457,23 +508,25 @@ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t cr #ifdef __WITH_X509__ if(publicData) { - cred->publicData.data = (char *)OICMalloc(strlen(publicData)+1); + cred->publicData.data = (uint8_t *)OICCalloc(1, PUBLIC_KEY_SIZE); VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR); - strncpy((char *)cred->publicData.data, publicData, strlen(publicData)+1); + memcpy(cred->publicData.data, publicData, PUBLIC_KEY_SIZE); } #endif // __WITH_X509__ if(privateData) { - cred->privateData.data = (char *)OICMalloc(strlen(privateData)+1); +#ifdef __WITH_X509__ + cred->privateData.data = (uint8_t *)OICCalloc(1, PRIVATE_KEY_SIZE); VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR); - strncpy((char *)cred->privateData.data, privateData, strlen(privateData)+1); + memcpy(cred->privateData.data, privateData, PRIVATE_KEY_SIZE); +#endif // __WITH_X509__ } VERIFY_SUCCESS(TAG, ownersLen > 0, ERROR); cred->ownersLen = ownersLen; - cred->owners = (OicUuid_t*)OICCalloc(cred->ownersLen, sizeof(OicUuid_t)); + cred->owners = (OicUuid_t *)OICCalloc(cred->ownersLen, sizeof(*cred->owners)); VERIFY_NON_NULL(TAG, cred->owners, ERROR); for(size_t i = 0; i < cred->ownersLen; i++) { @@ -495,22 +548,20 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred) bool ret = false; // Convert Cred data into JSON for update to persistent storage - char *jsonStr = BinToCredJSON(cred); - if (jsonStr) + uint8_t *payload = NULL; + size_t size = 0; + OCStackResult res = CredToCBORPayload(cred, &payload, &size); + if ((OC_STACK_OK == res) && payload) { - cJSON *jsonCred = cJSON_Parse(jsonStr); - OICFree(jsonStr); - - if ((jsonCred) && - (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_CRED_NAME, jsonCred))) + if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, payload, size)) { ret = true; } - cJSON_Delete(jsonCred ); + OICFree(payload); } else //Empty cred list { - if (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_CRED_NAME, NULL)) + if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, NULL, size)) { ret = true; } @@ -531,11 +582,11 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred) */ static int CmpCredId(const OicSecCred_t * first, const OicSecCred_t *second) { - if(first->credId < second->credId) + if (first->credId < second->credId) { return -1; } - else if(first->credId > second->credId) + else if (first->credId > second->credId) { return 1; } @@ -603,18 +654,15 @@ static OicSecCred_t* GetCredDefault() OCStackResult AddCredential(OicSecCred_t * newCred) { OCStackResult ret = OC_STACK_ERROR; - VERIFY_SUCCESS(TAG, NULL != newCred, ERROR); //Assigning credId to the newCred newCred->credId = GetCredId(); - VERIFY_SUCCESS(TAG, newCred->credId != 0, ERROR); //Append the new Cred to existing list LL_APPEND(gCred, newCred); - - if(UpdatePersistentStorage(gCred)) + if (UpdatePersistentStorage(gCred)) { ret = OC_STACK_OK; } @@ -701,34 +749,16 @@ static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoi OIC_LOG_BUFFER(DEBUG, TAG, ownerPSK, OWNER_PSK_LENGTH_128); //Generate owner credential based on recevied credential information - size_t b64BufSize = B64ENCODE_OUT_SAFESIZE(OWNER_PSK_LENGTH_128 * sizeof(char)); - uint8_t* encodeBuff = OICMalloc((b64BufSize + 1) * sizeof(char)); - VERIFY_NON_NULL(TAG, encodeBuff, ERROR); - uint32_t encodedSize = 0; - B64Result b64Ret = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, - (char*)encodeBuff, b64BufSize + 1, &encodedSize); - VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR); - encodeBuff[encodedSize] = '\0'; - - //memory re-allocation for private data - OICFree(receviedCred->privateData.data); - receviedCred->privateData.data = (char*)OICMalloc((encodedSize + 1) * sizeof(char)); + receviedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128); VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR); - - //fill the base64 encoded private data - strncpy(receviedCred->privateData.data, (char*)encodeBuff, b64BufSize + 1); - + memcpy(receviedCred->privateData.data, ownerPSK, OWNER_PSK_LENGTH_128); OIC_LOG(INFO, TAG, "PrivateData of OwnerPSK was calculated successfully"); - //deallocate local memory - OICFree(encodeBuff); - //Verify OwnerPSK information return (memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0 && receviedCred->credType == SYMMETRIC_PAIR_WISE_KEY); exit: //receviedCred->privateData.data will be deallocated when deleting credential. - OICFree(encodeBuff); return false; } @@ -739,9 +769,11 @@ static OCEntityHandlerResult HandlePutRequest(const OCEntityHandlerRequest * ehR OCEntityHandlerResult ret = OC_EH_ERROR; //Get binary representation of json - OicSecCred_t * cred = JSONToCredBin(((OCSecurityPayload*)ehRequest->payload)->securityData); - - if(cred) + OicSecCred_t * cred = NULL; + uint8_t *payload = (((OCSecurityPayload*)ehRequest->payload)->securityData1); + //size_t size = (((OCSecurityPayload*)ehRequest->payload)->payloadSize); + OCStackResult res = CBORPayloadToCred(payload, 0, &cred); + if (res == OC_STACK_OK) { #ifdef __WITH_DTLS__ OicUuid_t emptyUuid = {.id={0}}; @@ -883,10 +915,11 @@ static OCEntityHandlerResult HandlePostRequest(const OCEntityHandlerRequest * eh { OCEntityHandlerResult ret = OC_EH_ERROR; - //Get binary representation of json - OicSecCred_t * cred = JSONToCredBin(((OCSecurityPayload*)ehRequest->payload)->securityData); - - if(cred) + //Get binary representation of CBOR + OicSecCred_t *cred = NULL; + uint8_t *payload = ((OCSecurityPayload*)ehRequest->payload)->securityData1; + OCStackResult res = CBORPayloadToCred(payload, 0, &cred); + if ((OC_STACK_OK == res) && cred) { //If the Post request credential has credId, it will be //discarded and the next available credId will be assigned @@ -909,7 +942,7 @@ static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *e return ehRet; } - OicParseQueryIter_t parseIter = {.attrPos=NULL}; + OicParseQueryIter_t parseIter = { .attrPos=NULL }; OicUuid_t subject = {.id={0}}; //Parsing REST query to get the subject @@ -919,15 +952,7 @@ static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *e if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECT_NAME, parseIter.attrLen) == 0) { - unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {}; - uint32_t outLen = 0; - B64Result b64Ret = B64_OK; - - b64Ret = b64Decode((char *)parseIter.valPos, parseIter.valLen, - base64Buff, sizeof(base64Buff), &outLen); - - VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(subject.id)), ERROR); - memcpy(subject.id, base64Buff, outLen); + memcpy(subject.id, parseIter.valPos, parseIter.valLen); } } @@ -936,15 +961,10 @@ static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *e ehRet = OC_EH_RESOURCE_DELETED; } -exit: return ehRet; } -/* - * This internal method is the entity handler for Cred resources - * to handle REST request (PUT/POST/DEL) - */ -OCEntityHandlerResult CredEntityHandler (OCEntityHandlerFlag flag, +OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest, void* callbackParameter) { @@ -980,15 +1000,12 @@ OCEntityHandlerResult CredEntityHandler (OCEntityHandlerFlag flag, } //Send payload to request originator - ret = (SendSRMResponse(ehRequest, ret, NULL) == OC_STACK_OK ? - ret : OC_EH_ERROR); + ret = (SendSRMCBORResponse(ehRequest, ret, NULL) == OC_STACK_OK) ? + ret : OC_EH_ERROR; return ret; } -/* - * This internal method is used to create '/oic/sec/Cred' resource. - */ OCStackResult CreateCredResource() { OCStackResult ret; @@ -1009,49 +1026,40 @@ OCStackResult CreateCredResource() return ret; } -/** - * Initialize Cred resource by loading data from persistent storage. - * - * @retval - * OC_STACK_OK - no errors - * OC_STACK_ERROR - stack process error - */ OCStackResult InitCredResource() { OCStackResult ret = OC_STACK_ERROR; //Read Cred resource from PS - char* jsonSVRDatabase = GetSVRDatabase(); - - if (jsonSVRDatabase) + uint8_t *data = NULL; + size_t size = 0; + ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_CRED_NAME, &data, &size); + // If database read failed + if (ret != OC_STACK_OK) + { + OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed"); + } + if (data) { - //Convert JSON Cred into binary format - gCred = JSONToCredBin(jsonSVRDatabase); + // Read ACL resource from PS + ret = CBORPayloadToCred(data, size, &gCred); } + /* * If SVR database in persistent storage got corrupted or * is not available for some reason, a default Cred is created * which allows user to initiate Cred provisioning again. */ - if (!jsonSVRDatabase || !gCred) + if (ret != OC_STACK_OK || !data || !gCred) { gCred = GetCredDefault(); } //Instantiate 'oic.sec.cred' ret = CreateCredResource(); - OICFree(jsonSVRDatabase); + OICFree(data); return ret; } -/** - * Perform cleanup for Cred resources. - * - * @return - * OC_STACK_OK - no errors - * OC_STACK_ERROR - stack process error - * OC_STACK_NO_RESOURCE - resource not found - * OC_STACK_INVALID_PARAM - invalid param - */ OCStackResult DeInitCredResource() { OCStackResult result = OCDeleteResource(gCredHandle); @@ -1060,15 +1068,6 @@ OCStackResult DeInitCredResource() return result; } -/** - * This method is used by tinydtls/SRM to retrieve credential for given Subject. - * - * @param subject - subject for which credential is required. - * - * @retval - * reference to OicSecCred_t - if credential is found - * NULL - if credential not found - */ const OicSecCred_t* GetCredResourceData(const OicUuid_t* subject) { OicSecCred_t *cred = NULL; @@ -1090,22 +1089,9 @@ const OicSecCred_t* GetCredResourceData(const OicUuid_t* subject) #if defined(__WITH_DTLS__) -/** - * This internal callback is used by lower stack (i.e. CA layer) to - * retrieve PSK credentials from RI security layer. - * - * @param[in] type type of PSK data required by tinyDTLS layer during DTLS handshake. - * @param[in] desc Additional request information. - * @param[in] desc_len The actual length of desc. - * @param[out] result Must be filled with the requested information. - * @param[in] result_length Maximum size of @p result. - * - * @return The number of bytes written to @p result or a value - * less than zero on error. - */ -int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type, - const unsigned char *desc, size_t desc_len, - unsigned char *result, size_t result_length) +int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type, + const uint8_t *desc, size_t desc_len, + uint8_t *result, size_t result_length) { int32_t ret = -1; @@ -1164,18 +1150,10 @@ int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type, } } - // Convert PSK from Base64 encoding to binary before copying - uint32_t outLen = 0; - B64Result b64Ret = b64Decode(cred->privateData.data, - strlen(cred->privateData.data), result, - result_length, &outLen); - if (B64_OK != b64Ret) - { - OIC_LOG (ERROR, TAG, "Base64 decoding failed."); - ret = -1; - return ret; - } - return outLen; + // Copy PSK. + result_length = sizeof(cred->privateData.data); + memcpy(result, cred->privateData.data, result_length); + return result_length; } } } @@ -1217,19 +1195,14 @@ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t cre } uint8_t privData[OWNER_PSK_LENGTH_128] = {0,}; + OicSecCred_t* cred = NULL; int dtlsRes = DeriveCryptoKeyFromPassword((const unsigned char *)pin, pinSize, owners->id, UUID_LENGTH, PBKDF_ITERATIONS, OWNER_PSK_LENGTH_128, privData); VERIFY_SUCCESS(TAG, (0 == dtlsRes) , ERROR); - uint32_t outLen = 0; - char base64Buff[B64ENCODE_OUT_SAFESIZE(OWNER_PSK_LENGTH_128) + 1] = {}; - B64Result b64Ret = b64Encode(privData, OWNER_PSK_LENGTH_128, base64Buff, - sizeof(base64Buff), &outLen); - VERIFY_SUCCESS(TAG, (B64_OK == b64Ret), ERROR); - - OicSecCred_t* cred = GenerateCredential(tmpSubject, credType, NULL, - base64Buff, ownersLen, owners); + cred = GenerateCredential(tmpSubject, credType, NULL, + privData, ownersLen, owners); if(NULL == cred) { OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to generate credential"); @@ -1272,7 +1245,7 @@ static uint32_t ParseCertPrefix(uint8_t *prefix) uint32_t res = 0; if(NULL != prefix) { - for(int i=0; i < CERT_LEN_PREFIX; ++i) + for (int i = 0; i < CERT_LEN_PREFIX; ++i) { res |= (((uint32_t) prefix[i]) << ((CERT_LEN_PREFIX - 1 -i) * BYTE_SIZE)); } @@ -1280,34 +1253,30 @@ static uint32_t ParseCertPrefix(uint8_t *prefix) return res; } -static uint32_t appendCert2Chain(uint8_t *appendPoint, char *cert, uint32_t max_len) +static uint32_t appendCert2Chain(uint8_t *appendPoint, uint8_t *cert, size_t len, uint32_t max_len) { uint32_t ret = 0; VERIFY_NON_NULL(TAG, appendPoint, ERROR); VERIFY_NON_NULL(TAG, cert, ERROR); - uint32_t certLen; - VERIFY_SUCCESS(TAG, B64_OK == b64Decode(cert, strlen(cert), appendPoint + CERT_LEN_PREFIX, - max_len - CERT_LEN_PREFIX, &certLen), ERROR); - WriteCertPrefix(appendPoint, certLen); + memcpy(appendPoint + CERT_LEN_PREFIX, cert, max_len - CERT_LEN_PREFIX); + WriteCertPrefix(appendPoint, len); - ret = certLen + CERT_LEN_PREFIX; + ret = len + CERT_LEN_PREFIX; exit: return ret; } -static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo){ +static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo) +{ OCStackResult ret = OC_STACK_ERROR; uint8_t *ccPtr = credInfo->certificateChain; - for(uint32_t i =0; i < credInfo->chainLen - 1; ++i) + for(uint8_t i = 0; i < credInfo->chainLen - 1; ++i) { ccPtr += CERT_LEN_PREFIX + ParseCertPrefix(ccPtr); } - ByteArray cert = { - .data = ccPtr + CERT_LEN_PREFIX, - .len = ParseCertPrefix(ccPtr) - }; + ByteArray cert = { .data = ccPtr + CERT_LEN_PREFIX, .len = ParseCertPrefix(ccPtr) }; CertificateX509 certStruct; VERIFY_SUCCESS(TAG, PKI_SUCCESS == DecodeCertificate(cert, &certStruct), ERROR); @@ -1322,70 +1291,6 @@ static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo){ return ret; } -static OCStackResult GetCertCredPublicData(CADtlsX509Creds_t *credInfo, OicSecCred_t *cred) -{ - OCStackResult ret = OC_STACK_ERROR; - cJSON *jsonRoot = NULL; - - VERIFY_NON_NULL(TAG, credInfo, ERROR); - VERIFY_NON_NULL(TAG, cred, ERROR); - VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR); - //VERIFY_SUCCESS(TAG, NULL == credInfo->certificateChain.data, ERROR); - jsonRoot = cJSON_Parse(cred->publicData.data); - VERIFY_NON_NULL(TAG, jsonRoot, ERROR); - - //Get certificate chain - cJSON *jsonObj = cJSON_GetObjectItem(jsonRoot, CERTIFICATE);//TODO define field names constants - VERIFY_SUCCESS(TAG, NULL != jsonObj && cJSON_Array == jsonObj->type, ERROR); - - size_t certChainLen = (size_t)cJSON_GetArraySize(jsonObj); - credInfo->chainLen = certChainLen; - VERIFY_SUCCESS(TAG, MAX_CHAIN_LEN >= certChainLen, ERROR); - - uint32_t len = 0; - for (size_t i = 0; i < certChainLen; ++i) - { - cJSON *item = cJSON_GetArrayItem(jsonObj, i); - VERIFY_NON_NULL(TAG, item, ERROR); - VERIFY_SUCCESS(TAG, cJSON_String == item->type, ERROR); - uint32_t appendedLen = appendCert2Chain(credInfo->certificateChain + len, item->valuestring, - MAX_CERT_MESSAGE_LEN - len); - VERIFY_SUCCESS(TAG, 0 != appendedLen, ERROR); - len += appendedLen; - } - credInfo->certificateChainLen = len; - VERIFY_SUCCESS(TAG, OC_STACK_OK == GetCAPublicKeyData(credInfo), ERROR); - ret = OC_STACK_OK; -exit: - cJSON_Delete(jsonRoot); - return ret; -} - -static OCStackResult GetCertCredPrivateData(CADtlsX509Creds_t *credInfo, OicSecCred_t *cred) -{ - OCStackResult ret = OC_STACK_ERROR; - cJSON *jsonRoot = NULL; - VERIFY_NON_NULL(TAG, credInfo, ERROR); - VERIFY_NON_NULL(TAG, cred, ERROR); - VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR); - jsonRoot = cJSON_Parse(cred->privateData.data); - VERIFY_NON_NULL(TAG, jsonRoot, ERROR); - - cJSON *jsonObj = cJSON_GetObjectItem(jsonRoot, PRIVATE_KEY);//TODO define field names constants - VERIFY_SUCCESS(TAG, NULL != jsonObj && cJSON_String == jsonObj->type, ERROR); - - uint32_t read = 0u; - VERIFY_SUCCESS(TAG, B64_OK == b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), - credInfo->devicePrivateKey, PRIVATE_KEY_SIZE, &read) - && PRIVATE_KEY_SIZE == read, ERROR); - - ret = OC_STACK_OK; - -exit: - cJSON_Delete(jsonRoot); - return ret; -} - int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo) { int ret = 1; @@ -1399,8 +1304,41 @@ int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo) LL_SEARCH_SCALAR(gCred, cred, credType, SIGNED_ASYMMETRIC_KEY); VERIFY_NON_NULL(TAG, cred, ERROR); - VERIFY_SUCCESS(TAG, OC_STACK_OK == GetCertCredPrivateData(credInfo, cred), ERROR); - VERIFY_SUCCESS(TAG, OC_STACK_OK == GetCertCredPublicData(credInfo, cred), ERROR); + CborValue credCbor = { .parser = NULL }; + CborParser parser = { .end = NULL }; + CborError cborFindResult = CborNoError; + uint8_t *cborPayload = cred->publicData.data; + int cborLen = cred->publicData.len; + cbor_parser_init(cborPayload, cborLen, 0, &parser, &credCbor); + CborValue certMap; + cborFindResult = cbor_value_enter_container(&credCbor, &certMap); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map."); + + CborValue certs; + cborFindResult = cbor_value_map_find_value(&certs, CERTIFICATE, &certs); + if (cbor_value_is_array(&certs)) + { + cborFindResult = cbor_value_get_array_length(&certs, (size_t *)&credInfo->chainLen); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Chain Len."); + CborValue cert; + cborFindResult = cbor_value_enter_container(&certs, &cert); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Container."); + size_t len = 0; + size_t certLen = 0; + uint8_t *val = NULL; + while (cbor_value_is_byte_string(&cert)) + { + cborFindResult = cbor_value_dup_byte_string(&cert, &val, &certLen, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Value."); + cborFindResult = cbor_value_advance(&cert); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a Period Array."); + uint32_t appendedLen = appendCert2Chain(credInfo->certificateChain + len, val, certLen, MAX_CERT_MESSAGE_LEN - len); + len += appendedLen; + } + credInfo->certificateChainLen = len; + GetCAPublicKeyData(credInfo); + } + memcpy(credInfo->devicePrivateKey, cred->privateData.data, PRIVATE_KEY_SIZE); ret = 0; exit: diff --git a/resource/csdk/security/src/psinterface.c b/resource/csdk/security/src/psinterface.c index 269591b..809be93 100644 --- a/resource/csdk/security/src/psinterface.c +++ b/resource/csdk/security/src/psinterface.c @@ -280,7 +280,7 @@ OCStackResult UpdateSecureResourceInPS(const char* rsrcName, const uint8_t* psPa /* * This function stores cbor payload of each resource by appending resource name. */ - if (!rsrcName || !*psPayload) + if (!rsrcName || !psPayload) { return OC_STACK_INVALID_PARAM; } diff --git a/resource/csdk/security/unittest/credentialresource.cpp b/resource/csdk/security/unittest/credentialresource.cpp index dd62f15..4c4e0c9 100644 --- a/resource/csdk/security/unittest/credentialresource.cpp +++ b/resource/csdk/security/unittest/credentialresource.cpp @@ -1,3 +1,5 @@ +//****************************************************************** +// // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved. // //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= @@ -17,45 +19,25 @@ //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= #include "gtest/gtest.h" -#include "ocstack.h" +#include "logger.h" #include "ocpayload.h" -#include "resourcemanager.h" -#include "securevirtualresourcetypes.h" -#include "credresource.h" +#include "ocstack.h" #include "oic_malloc.h" #include "oic_string.h" +#include "resourcemanager.h" +#include "credresource.h" +#include "securevirtualresourcetypes.h" #include "srmtestcommon.h" #include "srmutility.h" -#include "logger.h" +#include "psinterface.h" +#include "security_internals.h" #define TAG "SRM-CRED-UT" -#ifdef __cplusplus -extern "C" { -#endif - -//Declare Cred resource methods for testing -OCStackResult CreateCredResource(); -OCEntityHandlerResult CredEntityHandler (OCEntityHandlerFlag flag, - OCEntityHandlerRequest * ehRequest); -char * BinToCredJSON(const OicSecCred_t * pstat); -OicSecCred_t * JSONToCredBin(const char * jsonStr); -void InitSecCredInstance(OicSecCred_t * cred); -void DeleteCredList(OicSecCred_t* cred); -const OicSecCred_t* GetCredResourceData(const OicUuid_t* subject); - -#ifdef __cplusplus -} -#endif - - OicSecCred_t * getCredList() { - - OicSecCred_t * cred = NULL; size_t sz = 0; - - cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t)); + OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred)); VERIFY_NON_NULL(TAG, cred, ERROR); cred->credId = 1234; OICStrcpy((char *)cred->subject.id, sizeof(cred->subject.id), "subject1"); @@ -70,15 +52,14 @@ OicSecCred_t * getCredList() #endif cred->credType = SYMMETRIC_PAIR_WISE_KEY; - cred->privateData.data = (char *)OICCalloc(1, strlen("My private Key11") + 1); + cred->privateData.data = (uint8_t *)OICCalloc(1, strlen("My private Key11") + 1); VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR); - OICStrcpy(cred->privateData.data, strlen("My private Key11")+1,"My private Key11"); + OICStrcpy((char *)cred->privateData.data, strlen("My private Key11")+1,"My private Key11"); cred->ownersLen = 1; - cred->owners = (OicUuid_t*)OICCalloc(cred->ownersLen, sizeof(OicUuid_t)); + cred->owners = (OicUuid_t *)OICCalloc(cred->ownersLen, sizeof(*cred->owners)); VERIFY_NON_NULL(TAG, cred->owners, ERROR); OICStrcpy((char *)cred->owners[0].id, sizeof(cred->owners[0].id), "ownersId11"); - - cred->next = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t)); + cred->next = (OicSecCred_t*)OICCalloc(1, sizeof(*cred->next)); VERIFY_NON_NULL(TAG, cred->next, ERROR); cred->next->credId = 5678; OICStrcpy((char *)cred->next->subject.id, sizeof(cred->next->subject.id), "subject2"); @@ -87,9 +68,9 @@ OicSecCred_t * getCredList() #endif cred->next->credType = SYMMETRIC_PAIR_WISE_KEY; sz = strlen("My private Key21") + 1; - cred->next->privateData.data = (char *)OICCalloc(1, sz); + cred->next->privateData.data = (uint8_t *)OICCalloc(1, sz); VERIFY_NON_NULL(TAG, cred->next->privateData.data, ERROR); - OICStrcpy(cred->next->privateData.data, sz,"My private Key21"); + OICStrcpy((char *)cred->next->privateData.data, sz, "My private Key21"); #if 0 sz = strlen("My Public Key123") + 1 cred->next->publicData.data = (char *)OICCalloc(1, sz); @@ -97,7 +78,7 @@ OicSecCred_t * getCredList() OICStrcpy(cred->next->publicData.data, sz,"My Public Key123"); #endif cred->next->ownersLen = 2; - cred->next->owners = (OicUuid_t*)OICCalloc(cred->next->ownersLen, sizeof(OicUuid_t)); + cred->next->owners = (OicUuid_t *)OICCalloc(cred->next->ownersLen, sizeof(*cred->next->owners)); VERIFY_NON_NULL(TAG, cred->next->owners, ERROR); OICStrcpy((char *)cred->next->owners[0].id, sizeof(cred->next->owners[0].id), "ownersId21"); OICStrcpy((char *)cred->next->owners[1].id, sizeof(cred->next->owners[1].id), "ownersId22"); @@ -118,7 +99,7 @@ static void printCred(const OicSecCred_t * cred) EXPECT_TRUE(NULL != cred); const OicSecCred_t *credTmp1 = NULL; - for(credTmp1 = cred; credTmp1; credTmp1 = credTmp1->next) + for (credTmp1 = cred; credTmp1; credTmp1 = credTmp1->next) { OIC_LOG_V(INFO, TAG, "\ncred->credId = %d", credTmp1->credId); OIC_LOG_V(INFO, TAG, "cred->subject.id = %s", credTmp1->subject.id); @@ -140,68 +121,78 @@ static void printCred(const OicSecCred_t * cred) } //InitCredResource Tests -TEST(InitCredResourceTest, InitCredResource) +TEST(CredResourceTest, InitCredResource) { EXPECT_EQ(OC_STACK_INVALID_PARAM, InitCredResource()); } //DeInitCredResource Tests -TEST(DeInitCredResourceTest, DeInitCredResource) +TEST(CredResourceTest, DeInitCredResource) { EXPECT_EQ(OC_STACK_INVALID_PARAM, DeInitCredResource()); } //CreateCredResource Tests -TEST(CreateCredResourceTest, CreateCredResource) +TEST(CredResourceTest, CreateCredResource) { EXPECT_EQ(OC_STACK_INVALID_PARAM, CreateCredResource()); } //CredEntityHandler Tests -TEST(CredEntityHandlerTest, CredEntityHandlerWithDummyRequest) +TEST(CredResourceTest, CredEntityHandlerWithDummyRequest) { OCEntityHandlerRequest req; EXPECT_EQ(OC_EH_ERROR, - CredEntityHandler(OCEntityHandlerFlag::OC_REQUEST_FLAG, &req)); + CredEntityHandler(OCEntityHandlerFlag::OC_REQUEST_FLAG, &req, NULL)); } -TEST(CredEntityHandlerTest, CredEntityHandlerWithNULLRequest) +TEST(CredResourceTest, CredEntityHandlerWithNULLRequest) { EXPECT_EQ(OC_EH_ERROR, - CredEntityHandler(OCEntityHandlerFlag::OC_REQUEST_FLAG, NULL)); + CredEntityHandler(OCEntityHandlerFlag::OC_REQUEST_FLAG, NULL, NULL)); } -TEST(CredEntityHandlerTest, CredEntityHandlerInvalidFlag) +TEST(CredResourceTest, CredEntityHandlerInvalidFlag) { OCEntityHandlerRequest req; EXPECT_EQ(OC_EH_ERROR, - CredEntityHandler(OCEntityHandlerFlag::OC_OBSERVE_FLAG, &req)); + CredEntityHandler(OCEntityHandlerFlag::OC_OBSERVE_FLAG, &req, NULL)); } //Cred DELETE request -TEST(CredEntityHandlerTest, CredEntityHandlerDeleteTest) +TEST(CredResourceTest, CredEntityHandlerDeleteTest) { OCEntityHandlerRequest ehReq = OCEntityHandlerRequest(); static OCPersistentStorage ps = OCPersistentStorage(); const OicSecCred_t* subjectCred1 = NULL; const OicSecCred_t* subjectCred2 = NULL; - char *jsonStr = NULL; OCEntityHandlerResult ehRet = OC_EH_ERROR; - char query[] = "sub=c3ViamVjdDE="; + char query[] = "sub=subject1"; SetPersistentHandler(&ps, true); OicSecCred_t *cred = getCredList(); - VERIFY_NON_NULL(TAG, cred, ERROR); + ASSERT_TRUE(NULL != cred); - jsonStr = BinToCredJSON(cred); - VERIFY_NON_NULL(TAG, jsonStr, ERROR); + uint8_t *payload = NULL; + size_t size = 0; + EXPECT_EQ(OC_STACK_OK, CredToCBORPayload(cred, &payload, &size)); + if (!payload) + { + DeleteCredList(cred); + } + ASSERT_TRUE(NULL != payload); // Create Entity Handler POST request payload ehReq.method = OC_REST_POST; - ehReq.payload = (OCPayload*)OCSecurityPayloadCreate(jsonStr); - ehRet = CredEntityHandler(OC_REQUEST_FLAG, &ehReq); - EXPECT_TRUE(OC_EH_ERROR == ehRet); + ehReq.payload = (OCPayload *)OCSecurityPayloadCBORCreate(payload); + if (!ehReq.payload) + { + OICFree(payload); + DeleteCredList(cred); + } + ASSERT_TRUE( NULL != ehReq.payload); + EXPECT_EQ(OC_EH_ERROR, CredEntityHandler(OC_REQUEST_FLAG, &ehReq, NULL)); // Verify if SRM contains Credential for the subject subjectCred1 = GetCredResourceData(&cred->subject); @@ -209,96 +200,129 @@ TEST(CredEntityHandlerTest, CredEntityHandlerDeleteTest) // Create Entity Handler DELETE request ehReq.method = OC_REST_DELETE; - ehReq.query = (char*)OICMalloc(strlen(query)+1); - VERIFY_NON_NULL(TAG, ehReq.query, ERROR); + ehReq.query = (char *)OICCalloc(1, strlen(query)+1); + if (!ehReq.query) + { + OICFree(payload); + DeleteCredList(cred); + } + ASSERT_TRUE(NULL != ehReq.query); OICStrcpy(ehReq.query, strlen(query)+1, query); - ehRet = CredEntityHandler(OC_REQUEST_FLAG, &ehReq); - EXPECT_TRUE(OC_EH_ERROR == ehRet); + ehRet = CredEntityHandler(OC_REQUEST_FLAG, &ehReq, NULL); + EXPECT_EQ(OC_EH_ERROR, ehRet); // Verify if SRM has deleted ACE for the subject subjectCred2 = GetCredResourceData(&cred->subject); EXPECT_TRUE(NULL == subjectCred2); -exit: // Perform cleanup OICFree(ehReq.query); - OICFree(jsonStr); - OCPayloadDestroy(ehReq.payload); - if(NULL != cred) + OICFree(payload); + if (NULL != cred) { DeInitCredResource(); DeleteCredList(cred); } } -//BinToCredJSON Tests -TEST(BinToCredJSONTest, BinToCredJSONNullCred) +TEST(CredResourceTest, CredToCBORPayloadNULL) { - char* value = BinToCredJSON(NULL); - EXPECT_TRUE(value == NULL); + OicSecCred_t *cred = getCredList(); + EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(NULL, NULL, 0)); + size_t size = 0; + uint8_t *cborPayload = (uint8_t *) OICCalloc(1, 10); + if (!cborPayload) + { + DeleteCredList(cred); + } + ASSERT_TRUE(NULL != cborPayload); + EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(cred, &cborPayload, &size)); + OICFree(cborPayload); + cborPayload = NULL; + EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(NULL, &cborPayload, &size)); + EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(cred, &cborPayload, 0)); + EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(cred, NULL, &size)); + DeleteCredList(cred); } -TEST(BinToCredJSONTest, BinToCredJSONValidCred) +TEST(CredResourceTest, CredToCBORPayloadVALID) { - char* json = NULL; - OicSecCred_t * cred = getCredList(); + uint8_t* payload = NULL; + size_t size = 0; + OicSecCred_t *cred = getCredList(); - json = BinToCredJSON(cred); + EXPECT_EQ(OC_STACK_OK, CredToCBORPayload(cred, &payload, &size)); + if (!payload) + { + DeleteCredList(cred); + } + ASSERT_TRUE(NULL != payload); - OIC_LOG_V(INFO, TAG, "BinToCredJSON:%s\n", json); - EXPECT_TRUE(json != NULL); DeleteCredList(cred); - OICFree(json); + OICFree(payload); } -//JSONToCredBin Tests -TEST(JSONToCredBinTest, JSONToCredBinValidJSON) +TEST(CredResourceTest, CBORPayloadToCredVALID) { - OicSecCred_t* cred1 = getCredList(); - char* json = BinToCredJSON(cred1); + OicSecCred_t *cred1 = getCredList(); - EXPECT_TRUE(json != NULL); - OicSecCred_t *cred2 = JSONToCredBin(json); - EXPECT_TRUE(cred2 != NULL); + uint8_t *payload = NULL; + size_t size = 0; + EXPECT_EQ(OC_STACK_OK, CredToCBORPayload(cred1, &payload, &size)); DeleteCredList(cred1); - DeleteCredList(cred2); - OICFree(json); + ASSERT_TRUE(NULL != payload); + + OicSecCred_t *cred2 = NULL; + EXPECT_EQ(OC_STACK_OK, CBORPayloadToCred(payload, size, &cred2)); + OICFree(payload); + ASSERT_TRUE(cred2 != NULL); } -TEST(JSONToCredBinTest, JSONToCredBinNullJSON) +TEST(CredResourceTest, CBORPayloadToCredNULL) { - OicSecCred_t *cred = JSONToCredBin(NULL); - EXPECT_TRUE(cred == NULL); + OicSecCred_t *cred = NULL; + EXPECT_EQ(OC_STACK_INVALID_PARAM, CBORPayloadToCred(NULL, 0, NULL)); + uint8_t *cborPayload = (uint8_t *) OICCalloc(1, 10); + ASSERT_TRUE(NULL != cborPayload); + EXPECT_EQ(OC_STACK_INVALID_PARAM, CBORPayloadToCred(NULL, 0, &cred)); + EXPECT_EQ(OC_STACK_INVALID_PARAM, CBORPayloadToCred(cborPayload, 0, NULL)); + cred = getCredList(); + EXPECT_EQ(OC_STACK_INVALID_PARAM, CBORPayloadToCred(cborPayload, 0, &cred)); + DeleteCredList(cred); + OICFree(cborPayload); } //GetCredResourceData Test -TEST(CredGetResourceDataTest, GetCredResourceDataNULLSubject) +TEST(CredResourceTest, GetCredResourceDataNULLSubject) { - EXPECT_TRUE(NULL == GetCredResourceData(NULL)); + EXPECT_EQ(NULL, GetCredResourceData(NULL)); } -TEST(CredGenerateCredentialTest, GenerateCredentialValidInput) +TEST(CredResourceTest, GenerateCredentialValidInput) { OicUuid_t owners[1]; - OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId21"); + OICStrcpy((char *)owners[0].id, strlen("ownersId21"), "ownersId21"); OicUuid_t subject = {{0}}; - OICStrcpy((char *)subject.id, sizeof(subject.id), "subject11"); + OICStrcpy((char *)subject.id, strlen("subject11"), "subject11"); char privateKey[] = "My private Key11"; + uint8_t *pk = (uint8_t *)OICCalloc(1, strlen(privateKey)); + OICStrcpy((char *)pk, sizeof(pk), privateKey); OicSecCred_t * cred = NULL; cred = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL, - privateKey, 1, owners); + pk, 1, owners); printCred(cred); - EXPECT_TRUE(NULL != cred); + ASSERT_TRUE(NULL != cred); DeleteCredList(cred); + OICFree(pk); } -TEST(GenerateAndAddCredentialTest, GenerateAndAddCredentialValidInput) +TEST(CredResourceTest, GenerateAndAddCredentialValidInput) { OicUuid_t owners[1]; OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId11"); @@ -307,34 +331,36 @@ TEST(GenerateAndAddCredentialTest, GenerateAndAddCredentialValidInput) OICStrcpy((char *)subject.id, sizeof(subject.id), "subject11"); char privateKey[] = "My private Key11"; + uint8_t *pk = (uint8_t *)OICCalloc(1, strlen(privateKey)); + OICStrcpy((char *)pk, sizeof(pk), privateKey); - OicSecCred_t * cred1 = NULL; - OicSecCred_t * headCred = NULL; + OicSecCred_t *cred1 = NULL; + OicSecCred_t *headCred = NULL; cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL, - privateKey, 1, owners); + pk, 1, owners); - EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1)); + EXPECT_EQ(OC_STACK_OK, AddCredential(cred1)); headCred = cred1; OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId22"); OICStrcpy((char *)subject.id, sizeof(subject.id), "subject22"); cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL, - privateKey, 1, owners); - EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1)); + pk, 1, owners); + EXPECT_EQ(OC_STACK_OK, AddCredential(cred1)); OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId33"); OICStrcpy((char *)subject.id, sizeof(subject.id), "subject33"); cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL, - privateKey, 1, owners); - EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1)); + pk, 1, owners); + EXPECT_EQ(OC_STACK_OK, AddCredential(cred1)); const OicSecCred_t* credList = GetCredResourceData(&headCred->subject); printCred(credList); DeleteCredList(headCred); - + OICFree(pk); } #if 0 @@ -344,5 +370,3 @@ TEST(CredGetResourceDataTest, GetCredResourceDataValidSubject) EXPECT_TRUE(NULL != GetCredResourceData(cred->subject)); } #endif - - -- 2.7.4