From ffc61f467d231d1cc85e26e86e4ea84a742794d9 Mon Sep 17 00:00:00 2001 From: Parkhi Date: Thu, 9 Feb 2017 16:30:21 +0900 Subject: [PATCH] Update MOT Enable API and added some ESResult. - Security-layer support MOT enabled API. So updated MOT enabled API. Please check following changes. 1. When the mediator finds an owned-secured resource that is MOT disabled, it can enable it according to whether it is the owner or the sub-owner. 2. MOT related functions are separated. 3. Changes in DB synchronized check logic have occurred as the above changes occur. - Added some ESResult(e.g. ES_MOT_NOT_SUPPORTED, ES_MOT_ENABLING_FAILURE) Change-Id: I5af3bdfcfbdf6b62b50a07e2d6d699c96a7a2667 Signed-off-by: Parkhi Reviewed-on: https://gerrit.iotivity.org/gerrit/17087 Reviewed-by: Jihun Ha Reviewed-by: Uze Choi Tested-by: Uze Choi --- service/easy-setup/inc/escommon.h | 73 +++++--- .../mediator/richsdk/src/EnrolleeSecurity.cpp | 206 ++++++++++++++++----- .../mediator/richsdk/src/EnrolleeSecurity.h | 9 +- 3 files changed, 220 insertions(+), 68 deletions(-) diff --git a/service/easy-setup/inc/escommon.h b/service/easy-setup/inc/escommon.h index ec74a57..20e4e43 100755 --- a/service/easy-setup/inc/escommon.h +++ b/service/easy-setup/inc/escommon.h @@ -166,7 +166,7 @@ typedef enum /** * Security opertion is not supported because Mediator is built as unsecured mode. */ - ES_SEC_OPERATION_IS_NOT_SUPPORTED = 20, + ES_SEC_OPERATION_IS_NOT_SUPPORTED, /** * Security resource discovery fails due to loss of discovery packet or absence of the resource in a network @@ -179,31 +179,22 @@ typedef enum * E.g. Mediator's owned status is 'unowned' * E.g. A user confirmation for random pin-based or certificate-based OT fails */ - ES_OWNERSHIP_TRANSFER_FAILURE, + ES_OWNERSHIP_TRANSFER_FAILURE = 20, /** - * ACL provisioning fails in cloud provisioning. - * It could be that UUID format of cloud server is wrong. - * Or any response for the provisioning request is not arrived at Mediator - */ - ES_ACL_PROVISIONING_FAILURE, - - /** - * Cert. provisioning fails in cloud provisioning. - * It could be that you put a wrong cred ID of which the corresponding certificate does not exist in SVR DB. - * Or any response for the provisioning request is not arrived at Mediator + * Ownership transfer which is cert-based method fails due to user confirmation is denied. */ - ES_CERT_PROVISIONING_FAILURE, + ES_USER_DENIED_CONFIRMATION_REQ, /** - * MOT method selection is failed + * Ownership transfer which is cert-based method fails due to wrong certificate. */ - ES_MOT_METHOD_SELECTION_FAILURE, + ES_AUTHENTICATION_FAILURE_WITH_WRONG_CERT, /** - * A provisioning of Pre-configured pin number for MOT is failed + * Ownership transfer which is random-pin method fails due to wrong pin. */ - ES_PRE_CONFIG_PIN_PROVISIONING_FAILURE, + ES_AUTHENTICATION_FAILURE_WITH_WRONG_PIN, /** * Ownership information is not synchronized between Mediator and Enrollee. @@ -217,23 +208,59 @@ typedef enum ES_OWNERSHIP_IS_NOT_SYNCHRONIZED, /** - * Ownership transfer which is cert-based method fails due to user confirmation is denied. + * MOT is not supported at the target Enrollee device. + * + * @note This ESResult values will be returned ONLY IF a mediator is a first owner to an Enrollee. + * @note If the mediator gets this values, it means OT has been successfully done + * (or already took an ownership, before), but failed MOT configuration. */ - ES_USER_DENIED_CONFIRMATION_REQ, + ES_MOT_NOT_SUPPORTED = 30, /** - * Ownership transfer which is cert-based method fails due to wrong certificate. + * MOT enabling is failed. + * + * @note This ESResult values will be returned ONLY IF a mediator is a first owner to an Enrollee. + * @note If the mediator gets this values, it means OT has been successfully done + * (or already took an ownership, before), but failed MOT configuration. */ - ES_AUTHENTICATION_FAILURE_WITH_WRONG_CERT, + ES_MOT_ENABLING_FAILURE, /** - * Ownership transfer which is random-pin method fails due to wrong pin. + * MOT method selection is failed + * + * @note This ESResult values will be returned ONLY IF a mediator is a first owner to an Enrollee. + * @note If the mediator gets this values, it means OT has been successfully done + * (or already took an ownership, before), but failed MOT configuration. */ - ES_AUTHENTICATION_FAILURE_WITH_WRONG_PIN, + ES_MOT_METHOD_SELECTION_FAILURE, + + /** + * A provisioning of Pre-configured pin number for MOT is failed + * + * @note This ESResult values will be returned ONLY IF a mediator is a first owner to an Enrollee. + * @note If the mediator gets this values, it means OT has been successfully done + * (or already took an ownership, before), but failed MOT configuration. + */ + ES_PRE_CONFIG_PIN_PROVISIONING_FAILURE, + + /** + * ACL provisioning fails in cloud provisioning. + * It could be that UUID format of cloud server is wrong. + * Or any response for the provisioning request is not arrived at Mediator + */ + ES_ACL_PROVISIONING_FAILURE = 40, + + /** + * Cert. provisioning fails in cloud provisioning. + * It could be that you put a wrong cred ID of which the corresponding certificate does not exist in SVR DB. + * Or any response for the provisioning request is not arrived at Mediator + */ + ES_CERT_PROVISIONING_FAILURE, /** * Provisioning fails for some reason. */ + ES_ERROR = 255 } ESResult; diff --git a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp index fcde0b0..2f2079b 100755 --- a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp +++ b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp @@ -255,6 +255,26 @@ namespace OIC return ret; } + void EnrolleeSecurity::changeMOTMethodCB(PMResultList_t *result, int hasError) + { + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "changeMOTMethodCB IN"); + if (hasError) + { + OIC_LOG_V(ERROR, ENROLEE_SECURITY_TAG, + "requestEnableMOTMode API is failed with error %d", hasError); + enableMOTModeResult = false; + } + else + { + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "requestEnableMOTMode API is succeeded"); + enableMOTModeResult = true; + } + + delete result; + m_cond.notify_all(); + } + + void EnrolleeSecurity::SelectMOTMethodCB(PMResultList_t *result, int hasError) { OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "SelectMOTMethodCB IN"); @@ -332,7 +352,7 @@ namespace OIC } } - ESResult EnrolleeSecurity::RequestSetPreconfPinData(const ESOwnershipTransferData ownershipTransferData) + ESResult EnrolleeSecurity::RequestSetPreconfPinData(const ESOwnershipTransferData& MOTData) { OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "RequestSetPreconfPinData IN"); @@ -345,7 +365,7 @@ namespace OIC this, std::placeholders::_1, std::placeholders::_2)), shared_from_this()); - std::string pin = ownershipTransferData.getPreConfiguredPin(); + std::string pin = MOTData.getPreConfiguredPin(); OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "provisionPreconfPin is called."); if(OC_STACK_OK != m_securedResource->provisionPreconfPin( @@ -369,13 +389,12 @@ namespace OIC return ESResult::ES_OK; } - ESResult EnrolleeSecurity::RequestSetMOTMethod(const ESOwnershipTransferData ownershipTransferData) + ESResult EnrolleeSecurity::RequestSetMOTMethod(const ESOwnershipTransferData& MOTData) { OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "RequestSetMOTMethod IN"); ESResult res = ESResult::ES_ERROR; - OC::ResultCallBack selectMOTMethodCB = std::bind( &EnrolleeSecurity::onEnrolleeSecuritySafetyCB, std::placeholders::_1, std::placeholders::_2, @@ -385,7 +404,7 @@ namespace OIC OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "selectMOTMethod is called."); if(OC_STACK_OK != m_securedResource->selectMOTMethod( - ownershipTransferData.getMOTMethod(), + MOTData.getMOTMethod(), selectMOTMethodCB)) { OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "selectMOTMethod API error"); @@ -405,6 +424,76 @@ namespace OIC return ESResult::ES_OK; } + + ESResult EnrolleeSecurity::requestEnableMOTMode() + { + ESResult res = ESResult:: ES_ERROR; + + OC::ResultCallBack changeMOTMethodCB = std::bind( + &EnrolleeSecurity::onEnrolleeSecuritySafetyCB, + std::placeholders::_1, std::placeholders::_2, + static_cast(std::bind(&EnrolleeSecurity::changeMOTMethodCB, + this, std::placeholders::_1, std::placeholders::_2)), + shared_from_this()); + + if(OC_STACK_OK != + m_securedResource->changeMOTMode(OIC_MULTIPLE_OWNER_ENABLE, changeMOTMethodCB)) + { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "changeMOTMode is failed."); + return ESResult:: ES_MOT_ENABLING_FAILURE; + } + + std::unique_lock lck(m_mtx); + m_cond.wait(lck); + + if(!enableMOTModeResult) + { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "requestEnableMOTMode is failed."); + res = ESResult:: ES_MOT_ENABLING_FAILURE; + return res; + } + + return ESResult::ES_OK; + } + + ESResult EnrolleeSecurity::provisionMOTConfig(const ESOwnershipTransferData& MOTData) + { + ESResult res = ESResult:: ES_ERROR; + + if(!m_securedResource->isMOTEnabled()) + { + res = requestEnableMOTMode(); + if(res != ESResult::ES_OK) + { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "requestEnableMOTMode is failed."); + return res; + } + } + + if( OIC_PRECONFIG_PIN == MOTData.getMOTMethod() && + !MOTData.getPreConfiguredPin().empty()) + { + res = RequestSetPreconfPinData(MOTData); + + if(res != ESResult::ES_OK) + { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "RequestSetPreconfPinData is failed."); + return res; + } + } + if(OIC_PRECONFIG_PIN == MOTData.getMOTMethod() || + OIC_RANDOM_DEVICE_PIN == MOTData.getMOTMethod()) + { + res = RequestSetMOTMethod(MOTData); + + if(res != ESResult::ES_OK) + { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "RequestSetMOTMethod is failed."); + return res; + } + } + return res; + } #endif void EnrolleeSecurity::ownershipTransferCb(OC::PMResultList_t *result, int hasError @@ -690,29 +779,81 @@ namespace OIC if(m_securedResource->getOwnedStatus()) { + if(isOwnedDeviceRegisteredInDB()) + { #ifdef MULTIPLE_OWNER - if(isOwnedDeviceRegisteredInDB() && - (isOwnerIDMatched(m_securedResource) || - isSubOwnerIDMatched(m_securedResource))) -#else - if(isOwnedDeviceRegisteredInDB() && - isOwnerIDMatched(m_securedResource)) -#endif + if(isSubOwnerIDMatched(m_securedResource)) + { + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, + "The found device is already owned by Mediator.(SUCCESS)"); + res = ESResult::ES_OK; + return res; + } - { - OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, - "The found device is already owned by Mediator.(SUCCESS)"); - res = ESResult::ES_OK; + if(isOwnerIDMatched(m_securedResource)) + { + if((OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() || + OIC_RANDOM_DEVICE_PIN == ownershipTransferData.getMOTMethod())) + { + if(m_securedResource->isMOTSupported()) + { + res = provisionMOTConfig(ownershipTransferData); + if(res != ES_OK) + { + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, + "provisionMOTConfig is failed."); + return res; + } + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, + "The found device is already owned by Mediator and enabled MOT mode."); + return res; + } + else + { + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, + "The found device is not supported MOT"); + return ESResult:: ES_MOT_NOT_SUPPORTED; + } + } + else + { + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, + "The found device is already owned by Mediator.(SUCCESS)"); + res = ESResult::ES_OK; + return res; + } + } + + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, + "An ownership transfer knowledge is not synchronized" + "between mediator and found enrollee.(FAILED)"); + res = ESResult::ES_OWNERSHIP_IS_NOT_SYNCHRONIZED; return res; +#else + if(isOwnerIDMatched(m_securedResource)) + { + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, + "The found device is already owned by Mediator.(SUCCESS)"); + res = ESResult::ES_OK; + return res; + } + else + { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, + "An ownership transfer knowledge is not synchronized" + "between mediator and found enrollee.(FAILED)"); + res = ESResult::ES_OWNERSHIP_IS_NOT_SYNCHRONIZED; + return res; + } +#endif } #ifdef MULTIPLE_OWNER else if( !isOwnedDeviceRegisteredInDB() && !isOwnerIDMatched(m_securedResource) && !isSubOwnerIDMatched(m_securedResource) && - m_securedResource->isMOTSupported() && m_securedResource->isMOTEnabled() && - OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() && - !ownershipTransferData.getPreConfiguredPin().empty()) + (OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() || + OIC_RANDOM_DEVICE_PIN == ownershipTransferData.getMOTMethod())) { // MOT case; res = performMultipleOwnershipTransfer(ownershipTransferData); @@ -766,32 +907,11 @@ namespace OIC return res; } #ifdef MULTIPLE_OWNER - if( m_securedResource->isMOTSupported() && - m_securedResource->isMOTEnabled() && - OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() && - !ownershipTransferData.getPreConfiguredPin().empty()) + if( m_securedResource->isMOTSupported()) { - res = RequestSetPreconfPinData(ownershipTransferData); - - if(res != ESResult::ES_OK) - { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "RequestSetPreconfPinData is failed."); - return res; - } - } - if( m_securedResource->isMOTSupported() && - m_securedResource->isMOTEnabled() && - (OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() || - OIC_RANDOM_DEVICE_PIN == ownershipTransferData.getMOTMethod())) - { - res = RequestSetMOTMethod(ownershipTransferData); - - if(res != ESResult::ES_OK) - { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "RequestSetMOTMethod is failed."); - return res; - } + res = provisionMOTConfig(ownershipTransferData); } + return res; #endif } } diff --git a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h index 6c023b1..b463f11 100755 --- a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h +++ b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h @@ -65,6 +65,7 @@ namespace OIC std::mutex m_mtx; std::condition_variable m_cond; std::atomic OTMResult; + std::atomic enableMOTModeResult; std::atomic MOTMethodProvResult; std::atomic PreConfigPinProvResult; std::atomic removeDeviceResult; @@ -88,12 +89,16 @@ namespace OIC ESResult syncUpWithMediatorDB(); #ifdef MULTIPLE_OWNER ESResult performMultipleOwnershipTransfer(const ESOwnershipTransferData& MOTdata); + void changeMOTMethodCB(PMResultList_t *result, int hasError); + void SelectMOTMethodCB(PMResultList_t *result, int hasError); void PreconfigPinProvCB(PMResultList_t *result, int hasError); void MultipleOwnershipTransferCb(OC::PMResultList_t *result, int hasError); bool isSubOwnerIDMatched(std::shared_ptr< OC::OCSecureResource > foundDevice); - ESResult RequestSetPreconfPinData(const ESOwnershipTransferData ownershipTransferData); - ESResult RequestSetMOTMethod(const ESOwnershipTransferData ownershipTransferData); + ESResult RequestSetPreconfPinData(const ESOwnershipTransferData& MOTData); + ESResult RequestSetMOTMethod(const ESOwnershipTransferData& MOTData); + ESResult requestEnableMOTMode(); + ESResult provisionMOTConfig(const ESOwnershipTransferData& MOTData); #endif void ownershipTransferCb(OC::PMResultList_t *result, int hasError, ESResult& res); void convertUUIDToString(const uint8_t uuid[UUID_SIZE], -- 2.7.4