From f98b4fb92e8611baeea28f04ce89324a56674f7d Mon Sep 17 00:00:00 2001
From: "ol.beketov@samsung.com"
Date: Mon, 25 Jun 2018 14:17:03 +0300
Subject: [PATCH] RPK OTM (#295)
Raw public key OTM added from client side
https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/295
(cherry picked from commit bc07c41689f3f835cb14b9e8ad70c2298fa6c839)
Change-Id: Iafeb8d467c821eca3ad350eced73f57637349a71
Signed-off-by: Oleksii Beketov
Signed-off-by: Amit KS
---
.../security/include/internal/srmresourcestrings.h | 1 +
resource/csdk/security/include/pinoxmcommon.h | 13 +
.../security/include/securevirtualresourcetypes.h | 1 +
resource/csdk/security/provisioning/SConscript | 1 +
.../provisioning/include/oxm/oxmrawpublickey.h | 83 ++++++
.../csdk/security/provisioning/include/pmtypes.h | 1 +
.../provisioning/sample/provisioningclient.c | 20 ++
.../provisioning/src/ownershiptransfermanager.c | 20 +-
.../security/provisioning/src/oxmrawpublickey.c | 302 +++++++++++++++++++++
resource/csdk/security/src/oxmpincommon.c | 3 -
resource/csdk/security/src/srmresourcestrings.c | 1 +
resource/csdk/security/src/srmutility.c | 2 +
.../tool/svrdbeditor_src/svrdbeditordoxm.c | 8 +-
13 files changed, 444 insertions(+), 12 deletions(-)
create mode 100644 resource/csdk/security/provisioning/include/oxm/oxmrawpublickey.h
create mode 100644 resource/csdk/security/provisioning/src/oxmrawpublickey.c
diff --git a/resource/csdk/security/include/internal/srmresourcestrings.h b/resource/csdk/security/include/internal/srmresourcestrings.h
index 28cb3cb..c07a3d4 100644
--- a/resource/csdk/security/include/internal/srmresourcestrings.h
+++ b/resource/csdk/security/include/internal/srmresourcestrings.h
@@ -172,6 +172,7 @@ extern const char * WILDCARD_RESOURCE_URI;
extern const char * OXM_JUST_WORKS;
extern const char * OXM_RANDOM_DEVICE_PIN;
extern const char * OXM_MANUFACTURER_CERTIFICATE;
+extern const char * OXM_RAW_PUBLIC_KEY;
#ifdef MULTIPLE_OWNER
extern const char * OXM_PRECONF_PIN;
#endif //MULTIPLE_OWNER
diff --git a/resource/csdk/security/include/pinoxmcommon.h b/resource/csdk/security/include/pinoxmcommon.h
index 5b75684..c23b24c 100644
--- a/resource/csdk/security/include/pinoxmcommon.h
+++ b/resource/csdk/security/include/pinoxmcommon.h
@@ -59,6 +59,12 @@ typedef void (*GeneratePinCallback)(char* pinData, size_t pinSize);
typedef void (*InputPinCallback)(char* pinBuf, size_t bufSize);
/**
+ * Function pointer for getting peer's public key, own public and private keys and token
+ * for raw public key generation.
+ */
+typedef void (*GetRPKMasterKeyCallback)(char *rpkMasterKey, size_t *rpkMasterKeyLen);
+
+/**
* Function pointer to close the displied PIN.
*/
typedef void (*ClosePinDisplayCallback)(void);
@@ -78,6 +84,13 @@ void SetGeneratePinCB(GeneratePinCallback pinCB);
void SetInputPinCB(InputPinCallback pinCB);
/**
+ * Function to setting RPK key callback from user.
+ *
+ * @param rpkCB implementation of RPK parameters callback.
+ */
+void SetGetRPKMasterKeyCB(GetRPKMasterKeyCallback rpkCB);
+
+/**
* Function to set the close PIN callback
* This callback will be invoked when PIN based OTM is finished.
*
diff --git a/resource/csdk/security/include/securevirtualresourcetypes.h b/resource/csdk/security/include/securevirtualresourcetypes.h
index f6de36c..e6a2f7f 100644
--- a/resource/csdk/security/include/securevirtualresourcetypes.h
+++ b/resource/csdk/security/include/securevirtualresourcetypes.h
@@ -270,6 +270,7 @@ typedef enum
#endif //MULTIPLE_OWNER
OIC_MV_JUST_WORKS = 0xFF01,
OIC_CON_MFG_CERT = 0xFF02,
+ OIC_RAW_PUB_KEY = 0xFF03,
}OicSecOxm_t;
typedef enum
diff --git a/resource/csdk/security/provisioning/SConscript b/resource/csdk/security/provisioning/SConscript
index 0e810fb..0e536e4 100644
--- a/resource/csdk/security/provisioning/SConscript
+++ b/resource/csdk/security/provisioning/SConscript
@@ -103,6 +103,7 @@ provisioning_src = [
'src/ocprovisioningmanager.c',
'src/oxmjustworks.c',
'src/oxmrandompin.c',
+ 'src/oxmrawpublickey.c',
'src/oxmmanufacturercert.c',
'src/provisioningdatabasemanager.c' ]
diff --git a/resource/csdk/security/provisioning/include/oxm/oxmrawpublickey.h b/resource/csdk/security/provisioning/include/oxm/oxmrawpublickey.h
new file mode 100644
index 0000000..56513a2
--- /dev/null
+++ b/resource/csdk/security/provisioning/include/oxm/oxmrawpublickey.h
@@ -0,0 +1,83 @@
+//******************************************************************
+//
+// Copyright 2015 Samsung Electronics All Rights Reserved.
+//
+//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+#ifndef OXM_RAW_PUBLIC_KEY_H_
+#define OXM_RAW_PUBLIC_KEY_H_
+
+#include "ocstack.h"
+#include "securevirtualresourcetypes.h"
+#include "ownershiptransfermanager.h"
+#include "pmtypes.h"
+#include "pinoxmcommon.h"
+
+#define OXM_RPK_MASTER_KEY_MAX_SIZE (32)
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+/**
+ * Callback implementation to generate RPK master key.
+ *
+ * @param otmCtx Context of OTM, It includes current device information.
+ *
+ * @return ::OC_STACK_SUCCESS in case of success and other value otherwise.
+ */
+OCStackResult GetMasterRPKCallback(OTMContext_t *otmCtx);
+
+/**
+ * Callback implemenration to establish a secure channel with PSK cipher suite.
+ *
+ * @param otmCtx Context of OTM, It includes current device information.
+ *
+ * @return ::OC_STACK_SUCCESS in case of success and other value otherwise.
+ */
+OCStackResult CreateSecureSessionRPKCallback(OTMContext_t *otmCtx);
+
+/**
+ * Generate payload for select OxM request.
+ *
+ * @param otmCtx Context of OTM, It includes current device information.
+ * @param cborPaylaod is the DOXM CBOR payload including the selected OxM.
+ * @note Returned memory should be deallocated by caller.
+ * @param cborSize is the size of the cborPayload.
+ *
+ * @return ::OC_STACK_SUCCESS in case of success and other value otherwise.
+ */
+OCStackResult CreateRPKBasedSelectOxmPayload(OTMContext_t *otmCtx, uint8_t **cborPayload,
+ size_t *cborSize);
+
+/**
+ * Generate payload for owner transfer request.
+ *
+ * @param otmCtx Context of OTM, It includes current device information.
+ * @param cborPaylaod is the DOXM CBOR payload including the owner information.
+ * @note Returned memory should be deallocated by caller.
+ * @param cborSize is the size of the cborPayload.
+ *
+ * @return ::OC_STACK_SUCCESS in case of success and other value otherwise.
+ */
+OCStackResult CreateRPKBasedOwnerTransferPayload(OTMContext_t *otmCtx, uint8_t **cborPayload,
+ size_t *cborSize);
+
+#ifdef __cplusplus
+}
+#endif
+#endif //OXM_RAW_PUBLIC_KEY_H_
diff --git a/resource/csdk/security/provisioning/include/pmtypes.h b/resource/csdk/security/provisioning/include/pmtypes.h
index 6a46dd6..2b4d5e2 100644
--- a/resource/csdk/security/provisioning/include/pmtypes.h
+++ b/resource/csdk/security/provisioning/include/pmtypes.h
@@ -119,6 +119,7 @@ typedef enum OxmAllowTableIdx {
#endif
OXM_IDX_RANDOM_DEVICE_PIN,
OXM_IDX_MANUFACTURER_CERTIFICATE,
+ OXM_IDX_RAW_PUBLIC_KEY,
OXM_IDX_CON_MFG_CERT,
OXM_IDX_DECENTRALIZED_PUBLIC_KEY,
OXM_IDX_COUNT,
diff --git a/resource/csdk/security/provisioning/sample/provisioningclient.c b/resource/csdk/security/provisioning/sample/provisioningclient.c
index 59347df..7e7aefa 100644
--- a/resource/csdk/security/provisioning/sample/provisioningclient.c
+++ b/resource/csdk/security/provisioning/sample/provisioningclient.c
@@ -313,6 +313,25 @@ static void inputPinCB(char* pin, size_t len)
}
}
+static void InputRPKMasterKeyCB(uint8_t *rpkMasterKey, int *rpkMasterKeyLen)
+{
+ if(!rpkMasterKey || !rpkMasterKeyLen)
+ {
+ OIC_LOG(ERROR, TAG, "InputRPKMasterKeyCB invalid parameters");
+ return;
+ }
+
+ uint8_t rpk[32] = {
+ 0xfd, 0xb5, 0x48, 0xec, 0x9c, 0x16, 0xc9, 0x72,
+ 0xc6, 0xee, 0xaf, 0x42, 0x64, 0x0d, 0xe5, 0xb6,
+ 0x44, 0x78, 0x84, 0x9e, 0xdd, 0x5c, 0x1d, 0x31,
+ 0xcf, 0xd0, 0xf2, 0xe8, 0xb1, 0xa4, 0xad, 0x0f
+ };
+
+ memcpy(rpkMasterKey, rpk, 32);
+ *rpkMasterKeyLen = 32;
+}
+
// function(s) for provisioning client using C-level provisioning API
static int initProvisionClient(void)
{
@@ -358,6 +377,7 @@ static int initProvisionClient(void)
}
SetInputPinCB(inputPinCB);
+ SetInputRPKMasterKeyCB(InputRPKMasterKeyCB);
return 0;
}
diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
index 92836d5..326376b 100644
--- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
+++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
@@ -66,6 +66,7 @@
#include "securevirtualresourcetypes.h"
#include "oxmjustworks.h"
#include "oxmrandompin.h"
+#include "oxmrawpublickey.h"
#include "oxmmanufacturercert.h"
#include "secureresourceprovider.h"
@@ -96,10 +97,11 @@
#ifdef MULTIPLE_OWNER
static uint8_t g_OxmAllowStatus[OXM_IDX_COUNT] = {ALLOWED_OXM, ALLOWED_OXM, ALLOWED_OXM,
ALLOWED_OXM, ALLOWED_OXM, ALLOWED_OXM,
- NOT_ALLOWED_OXM};
+ ALLOWED_OXM, NOT_ALLOWED_OXM};
#else
static uint8_t g_OxmAllowStatus[OXM_IDX_COUNT] = {ALLOWED_OXM, ALLOWED_OXM, ALLOWED_OXM,
- ALLOWED_OXM, ALLOWED_OXM, NOT_ALLOWED_OXM};
+ ALLOWED_OXM, ALLOWED_OXM, ALLOWED_OXM,
+ NOT_ALLOWED_OXM};
#endif
OCStackResult OTMSetOTCallback(OicSecOxm_t oxm, OTMCallbackData_t* callbacks)
@@ -112,9 +114,9 @@ OCStackResult OTMSetOTCallback(OicSecOxm_t oxm, OTMCallbackData_t* callbacks)
#ifdef MULTIPLE_OWNER
VERIFY_SUCCESS(TAG, (OIC_OXM_COUNT > oxm || OIC_PRECONFIG_PIN == oxm || OIC_MV_JUST_WORKS == oxm
- || OIC_CON_MFG_CERT == oxm), ERROR);
+ || OIC_CON_MFG_CERT == oxm || OIC_RAW_PUB_KEY == oxm), ERROR);
#else
- VERIFY_SUCCESS(TAG, (OIC_OXM_COUNT > oxm || OIC_MV_JUST_WORKS == oxm || OIC_CON_MFG_CERT == oxm), ERROR);
+ VERIFY_SUCCESS(TAG, (OIC_OXM_COUNT > oxm || OIC_MV_JUST_WORKS == oxm || OIC_CON_MFG_CERT == oxm || OIC_RAW_PUB_KEY == oxm), ERROR);
#endif // MULTIPLE_OWNER
switch(oxm)
@@ -160,6 +162,12 @@ OCStackResult OTMSetOTCallback(OicSecOxm_t oxm, OTMCallbackData_t* callbacks)
callbacks->createSelectOxmPayloadCB = CreateConMCertificateBasedSelectOxmPayload;
callbacks->createOwnerTransferPayloadCB = CreateMCertificateBasedOwnerTransferPayload;
break;
+ case OIC_RAW_PUB_KEY:
+ callbacks->loadSecretCB = GetMasterRPKCallback;
+ callbacks->createSecureSessionCB = CreateSecureSessionRPKCallback;
+ callbacks->createSelectOxmPayloadCB = CreateRPKBasedSelectOxmPayload;
+ callbacks->createOwnerTransferPayloadCB = CreateRPKBasedOwnerTransferPayload;
+ break;
default:
OIC_LOG_V(ERROR, TAG, "Unknown OxM : %d", (int)oxm);
return OC_STACK_INVALID_PARAM;
@@ -189,6 +197,8 @@ static OxmAllowTableIdx_t GetOxmAllowTableIdx(OicSecOxm_t oxm)
return OXM_IDX_DECENTRALIZED_PUBLIC_KEY;
case OIC_MV_JUST_WORKS:
return OXM_IDX_MV_JUST_WORKS;
+ case OIC_RAW_PUB_KEY:
+ return OXM_IDX_RAW_PUBLIC_KEY;
case OIC_CON_MFG_CERT:
return OXM_IDX_CON_MFG_CERT;
#ifdef MULTIPLE_OWNER
@@ -235,11 +245,11 @@ OCStackResult OTMSelectOwnershipTransferMethod(const OicSecOxm_t *supportedMetho
OIC_LOG(WARNING, TAG, "Invalid oxm index to access OxM allow table");
continue;
}
-
#ifdef MULTIPLE_OWNER
if (ALLOWED_OXM == g_OxmAllowStatus[selectedOxmIdx] &&
OXM_IDX_PRECONFIG_PIN != selectedOxmIdx)
#else
+
if (ALLOWED_OXM == g_OxmAllowStatus[selectedOxmIdx])
#endif //MULTIPLE_OWNER
{
diff --git a/resource/csdk/security/provisioning/src/oxmrawpublickey.c b/resource/csdk/security/provisioning/src/oxmrawpublickey.c
new file mode 100644
index 0000000..a1a62dd
--- /dev/null
+++ b/resource/csdk/security/provisioning/src/oxmrawpublickey.c
@@ -0,0 +1,302 @@
+/* *****************************************************************
+ *
+ * Copyright 2015 Samsung Electronics All Rights Reserved.
+ *
+ *
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * *****************************************************************/
+
+#include
+
+#include "ocstack.h"
+#include "securevirtualresourcetypes.h"
+#include "doxmresource.h"
+#include "credresource.h"
+#include "cacommon.h"
+#include "cainterface.h"
+#include "ocrandom.h"
+#include "oic_malloc.h"
+#include "logger.h"
+#include "pbkdf2.h"
+#include "base64.h"
+#include "oxmrawpublickey.h"
+#include "ownershiptransfermanager.h"
+#include "oxmverifycommon.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ssl_internal.h"
+
+#define TAG "OIC_OXM_RawPubKey"
+
+typedef struct RPKOxmData {
+ char rpkData[OXM_RPK_MASTER_KEY_MAX_SIZE + 1];
+ size_t rpkSize;
+ OicUuid_t newDevice;
+}RPKOxmData_t;
+
+static RPKOxmData_t g_RPKOxmData = {
+ .rpkData={0},
+ .rpkSize = 0,
+ };
+
+static GetRPKMasterKeyCallback gGetRPKMasterKeyCallback = NULL;
+
+void SetInputRPKMasterKeyCB(GetRPKMasterKeyCallback rpkCB)
+{
+ if(NULL == rpkCB)
+ {
+ OIC_LOG(ERROR, TAG, "Failed to set callback for rpk.");
+ return;
+ }
+
+ gGetRPKMasterKeyCallback = rpkCB;
+}
+
+void UnsetRPKMasterKeyCB()
+{
+ gGetRPKMasterKeyCallback = NULL;
+}
+
+OCStackResult CreateRPKBasedSelectOxmPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
+{
+ if(!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
+ {
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_RAW_PUB_KEY;
+
+ return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
+}
+
+OCStackResult CreateRPKBasedOwnerTransferPayload(OTMContext_t* otmCtx, uint8_t **payload, size_t *size)
+{
+ if(!otmCtx || !otmCtx->selectedDeviceInfo || !payload || *payload || !size)
+ {
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ OicUuid_t uuidPT = {.id={0}};
+ *payload = NULL;
+ *size = 0;
+
+ if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
+ {
+ OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
+ return OC_STACK_ERROR;
+ }
+ memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
+
+ return DoxmToCBORPayload(otmCtx->selectedDeviceInfo->doxm, payload, size, true);
+}
+
+OCStackResult GetMasterRPK(char* master, size_t* master_len)
+{
+ if(!master || !master_len)
+ {
+ OIC_LOG(ERROR, TAG, "RPK buffer is NULL");
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ if(gGetRPKMasterKeyCallback)
+ {
+ gGetRPKMasterKeyCallback(g_RPKOxmData.rpkData, &g_RPKOxmData.rpkSize);
+ }
+ else
+ {
+ OIC_LOG(ERROR, TAG, "Invoke RPK callback failed!");
+ OIC_LOG(ERROR, TAG, "Callback for input RPK should be registered to use Random RPK based OxM.");
+ return OC_STACK_ERROR;
+ }
+
+ return OC_STACK_OK;
+}
+
+void SetUuidForRPKBasedOxm(const OicUuid_t* uuid)
+{
+ if(NULL != uuid)
+ {
+ memcpy(g_RPKOxmData.newDevice.id, uuid->id, UUID_LENGTH);
+ }
+}
+
+int DerivePSKUsingRPK(uint8_t* result)
+{
+ int dtlsRes = DeriveCryptoKeyFromPassword(
+ (const unsigned char *)g_RPKOxmData.rpkData,
+ g_RPKOxmData.rpkSize,
+ g_RPKOxmData.newDevice.id,
+ UUID_LENGTH, PBKDF_ITERATIONS,
+ OWNER_PSK_LENGTH_128, result);
+
+ OIC_LOG_V(DEBUG, TAG, "DeriveCryptoKeyFromPassword Completed (%d)", dtlsRes);
+ OIC_LOG_V(DEBUG, TAG, "RPK : %s", g_RPKOxmData.rpkData);
+ OIC_LOG(DEBUG, TAG, "UUID : ");
+ OIC_LOG_BUFFER(DEBUG, TAG, g_RPKOxmData.newDevice.id, UUID_LENGTH);
+ return dtlsRes;
+}
+
+int32_t GetDtlsPskForRPKOxm( CADtlsPskCredType_t type,
+ const unsigned char *UNUSED1, size_t UNUSED2,
+ unsigned char *result, size_t result_length)
+{
+ int32_t ret = -1;
+
+ (void)UNUSED1;
+ (void)UNUSED2;
+
+ if (NULL == result || result_length < OWNER_PSK_LENGTH_128)
+ {
+ return ret;
+ }
+
+ switch (type)
+ {
+ case CA_DTLS_PSK_HINT:
+ case CA_DTLS_PSK_IDENTITY:
+ {
+ /**
+ * The server will provide PSK hint to identify PSK according to RFC 4589 and RFC 4279.
+ *
+ * At this point, The server generate random hint and
+ * provide it to client through server key exchange message.
+ */
+ OCFillRandomMem(result, result_length);
+ ret = result_length;
+ OIC_LOG(DEBUG, TAG, "PSK HINT : ");
+ OIC_LOG_BUFFER(DEBUG, TAG, result, result_length);
+ }
+ break;
+
+ case CA_DTLS_PSK_KEY:
+ {
+ if(0 == DerivePSKUsingRPK((uint8_t*)result))
+ {
+ ret = OWNER_PSK_LENGTH_128;
+ }
+ else
+ {
+ OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from RPK");
+ ret = -1;
+ }
+ }
+ break;
+
+ default:
+ {
+ OIC_LOG (ERROR, TAG, "Wrong value passed for CADtlsPskCredType_t.");
+ ret = -1;
+ }
+ break;
+ }
+ return ret;
+}
+
+OCStackResult GetMasterRPKCallback(OTMContext_t *otmCtx)
+{
+ if (!otmCtx || !otmCtx->selectedDeviceInfo)
+ {
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ uint8_t rpkData[OXM_RPK_MASTER_KEY_MAX_SIZE + 1] = {0};
+ size_t rpkLen = 0;
+ OCStackResult res = OC_STACK_ERROR;
+
+ res = GetMasterRPK((char*)rpkData, &rpkLen);
+
+ if (OC_STACK_OK != res)
+ {
+ OIC_LOG(ERROR, TAG, "Failed to generate RPK master key");
+ SetResult(otmCtx, res);
+ return res;
+ }
+
+ /**
+ * Since PSK will be used directly while RPK based ownership transfer,
+ * Credential should not be saved into SVR.
+ * For this reason, We will use a temporary get_psk_info callback to random RPK OxM.
+ */
+ //in case of OTM
+ if(!(otmCtx->selectedDeviceInfo->doxm->owned))
+ {
+ if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskForRPKOxm))
+ {
+ OIC_LOG(ERROR, TAG, "Failed to register DTLS credentials handler for random raw public key OxM.");
+ res = OC_STACK_ERROR;
+ }
+ }
+
+ //Set the device id to derive temporal PSK
+ SetUuidForRPKBasedOxm(&(otmCtx->selectedDeviceInfo->doxm->deviceID));
+
+ return res;
+}
+
+OCStackResult CreateSecureSessionRPKCallback(OTMContext_t* otmCtx)
+{
+ OIC_LOG(INFO, TAG, "IN CreateSecureSessionRPKCallback");
+
+ if (!otmCtx || !otmCtx->selectedDeviceInfo)
+ {
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ CAResult_t caresult = CAEnableAnonECDHCipherSuite(false);
+ if (CA_STATUS_OK != caresult)
+ {
+ OIC_LOG_V(ERROR, TAG, "Unable to disable anon cipher suite");
+ return OC_STACK_ERROR;
+ }
+ OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
+
+ caresult = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, otmCtx->selectedDeviceInfo->endpoint.adapter);
+ if (CA_STATUS_OK != caresult)
+ {
+ OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256");
+ return OC_STACK_ERROR;
+ }
+ OIC_LOG(INFO, TAG, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 cipher suite selected.");
+
+ OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
+ CAEndpoint_t endpoint;
+ memcpy(&endpoint, &selDevInfo->endpoint, sizeof(CAEndpoint_t));
+
+ if(CA_ADAPTER_IP == endpoint.adapter)
+ {
+ endpoint.port = selDevInfo->securePort;
+ caresult = CAInitiateHandshake(&endpoint);
+ }
+ else if (CA_ADAPTER_GATT_BTLE == endpoint.adapter)
+ {
+ caresult = CAInitiateHandshake(&endpoint);
+ }
+#ifdef __WITH_TLS__
+ else
+ {
+ endpoint.port = selDevInfo->tcpPort;
+ caresult = CAinitiateSslHandshake(&endpoint);
+ }
+#endif
+ if (CA_STATUS_OK != caresult)
+ {
+ OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
+ return OC_STACK_ERROR;
+ }
+
+ OIC_LOG(INFO, TAG, "OUT CreateSecureSessionRPKCallback");
+
+ return OC_STACK_OK;
+}
diff --git a/resource/csdk/security/src/oxmpincommon.c b/resource/csdk/security/src/oxmpincommon.c
index ad70a43..7b6dce1 100644
--- a/resource/csdk/security/src/oxmpincommon.c
+++ b/resource/csdk/security/src/oxmpincommon.c
@@ -324,7 +324,6 @@ int DerivePSKUsingPIN(uint8_t* result)
OIC_LOG_V(DEBUG, TAG, "PIN : %s", g_PinOxmData.pinData);
OIC_LOG(DEBUG, TAG, "UUID : ");
OIC_LOG_BUFFER(DEBUG, TAG, g_PinOxmData.newDevice.id, UUID_LENGTH);
-
return dtlsRes;
}
@@ -355,7 +354,6 @@ int32_t GetDtlsPskForRandomPinOxm( CADtlsPskCredType_t type,
*/
OCFillRandomMem(result, result_length);
ret = result_length;
-
OIC_LOG(DEBUG, TAG, "PSK HINT : ");
OIC_LOG_BUFFER(DEBUG, TAG, result, result_length);
}
@@ -382,7 +380,6 @@ int32_t GetDtlsPskForRandomPinOxm( CADtlsPskCredType_t type,
}
break;
}
-
return ret;
}
diff --git a/resource/csdk/security/src/srmresourcestrings.c b/resource/csdk/security/src/srmresourcestrings.c
index b847a30..6eae893 100644
--- a/resource/csdk/security/src/srmresourcestrings.c
+++ b/resource/csdk/security/src/srmresourcestrings.c
@@ -167,6 +167,7 @@ const char * WILDCARD_RESOURCE_URI = "*";
const char * OXM_JUST_WORKS = "oic.sec.doxm.jw";
const char * OXM_RANDOM_DEVICE_PIN = "oic.sec.doxm.rdp";
const char * OXM_MANUFACTURER_CERTIFICATE = "oic.sec.doxm.mfgcert";
+const char * OXM_RAW_PUBLIC_KEY = "oic.sec.doxm.rpk";
#ifdef MULTIPLE_OWNER
const char * OXM_PRECONF_PIN = "x.org.iotivity.sec.doxm.pcp";
#endif //MULTIPLE_OWNER
diff --git a/resource/csdk/security/src/srmutility.c b/resource/csdk/security/src/srmutility.c
index 2bd9bcd..96953c9 100644
--- a/resource/csdk/security/src/srmutility.c
+++ b/resource/csdk/security/src/srmutility.c
@@ -141,6 +141,8 @@ const char* GetOxmString(OicSecOxm_t oxmType)
return OXM_RANDOM_DEVICE_PIN;
case OIC_MANUFACTURER_CERTIFICATE:
return OXM_MANUFACTURER_CERTIFICATE;
+ case OIC_RAW_PUB_KEY:
+ return OXM_RAW_PUBLIC_KEY;
#ifdef MULTIPLE_OWNER
case OIC_PRECONFIG_PIN:
return OXM_PRECONF_PIN;
diff --git a/resource/csdk/security/tool/svrdbeditor_src/svrdbeditordoxm.c b/resource/csdk/security/tool/svrdbeditor_src/svrdbeditordoxm.c
index 6caa748..efc5c75 100644
--- a/resource/csdk/security/tool/svrdbeditor_src/svrdbeditordoxm.c
+++ b/resource/csdk/security/tool/svrdbeditor_src/svrdbeditordoxm.c
@@ -28,9 +28,9 @@
#include "svrdbeditordoxm.h"
#ifdef MULTIPLE_OWNER
-#define DOXM_TYPE_CNT (6)
+#define DOXM_TYPE_CNT (7)
#else
-#define DOXM_TYPE_CNT (5)
+#define DOXM_TYPE_CNT (6)
#endif //MULTIPLE_OWNER
static const char *DOXM_TYPE_STRING[DOXM_TYPE_CNT] =
@@ -39,7 +39,7 @@ static const char *DOXM_TYPE_STRING[DOXM_TYPE_CNT] =
#ifdef MULTIPLE_OWNER
"PRECONFIG_PIN",
#endif //MULTIPLE_OWNER
- "MV_JUST_WORKS", "CON_MFG_CERT"
+ "MV_JUST_WORKS", "CON_MFG_CERT", "RAW_PUB_KEY"
};
static const unsigned int DOXM_TYPE_NUMBER[DOXM_TYPE_CNT] =
@@ -48,7 +48,7 @@ static const unsigned int DOXM_TYPE_NUMBER[DOXM_TYPE_CNT] =
#ifdef MULTIPLE_OWNER
OIC_PRECONFIG_PIN,
#endif //MULTIPLE_OWNER
- OIC_MV_JUST_WORKS, OIC_CON_MFG_CERT
+ OIC_MV_JUST_WORKS, OIC_CON_MFG_CERT, OIC_RAW_PUB_KEY
};
#define DOXM_SCT_CNT (6)
--
2.7.4