Commit 06b7dc1f authored by Chul Lee's avatar Chul Lee Committed by Randeep

Add credential verification API and add logs for debugging

Change-Id: Ib23f99acd7e82fa1dc9fec42cc08c5179294a5eb
Signed-off-by: default avatarChul Lee <chuls.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/13477Tested-by: default avatarjenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: default avatarKevin Kane <kkane@microsoft.com>
Reviewed-by: default avatarDmitriy Zhuravlev <d.zhuravlev@samsung.com>
Reviewed-by: default avatardongik Lee <dongik.lee@samsung.com>
Reviewed-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
parent bbe7232e
...@@ -88,6 +88,88 @@ typedef enum CredCompareResult{ ...@@ -88,6 +88,88 @@ typedef enum CredCompareResult{
CRED_CMP_ERROR = 2 CRED_CMP_ERROR = 2
}CredCompareResult_t; }CredCompareResult_t;
/**
* Internal function to check credential
*/
static bool IsVaildCredential(const OicSecCred_t* cred)
{
OicUuid_t emptyUuid = {.id={0}};
OIC_LOG(DEBUG, TAG, "IN IsVaildCredential");
VERIFY_NON_NULL(TAG, cred, ERROR);
VERIFY_SUCCESS(TAG, 0 != cred->credId, ERROR);
OIC_LOG_V(DEBUG, TAG, "Cred ID = %d", cred->credId);
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
OIC_LOG_V(DEBUG, TAG, "Cred Type = %d", cred->credType);
switch(cred->credType)
{
case SYMMETRIC_PAIR_WISE_KEY:
case SYMMETRIC_GROUP_KEY:
case PIN_PASSWORD:
{
VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
VERIFY_SUCCESS(TAG, \
(OIC_ENCODING_RAW == cred->privateData.encoding || \
OIC_ENCODING_BASE64 == cred->privateData.encoding), \
ERROR);
break;
}
case ASYMMETRIC_KEY:
{
VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
VERIFY_SUCCESS(TAG, 0 != cred->publicData.len, ERROR);
break;
}
case SIGNED_ASYMMETRIC_KEY:
{
VERIFY_SUCCESS(TAG, (NULL != cred->publicData.data ||NULL != cred->optionalData.data) , ERROR);
VERIFY_SUCCESS(TAG, (0 != cred->publicData.len || 0 != cred->optionalData.len), ERROR);
if(NULL != cred->optionalData.data)
{
VERIFY_SUCCESS(TAG, \
(OIC_ENCODING_RAW == cred->optionalData.encoding ||\
OIC_ENCODING_BASE64 == cred->optionalData.encoding || \
OIC_ENCODING_PEM == cred->optionalData.encoding || \
OIC_ENCODING_DER == cred->optionalData.encoding), \
ERROR);
}
break;
}
case ASYMMETRIC_ENCRYPTION_KEY:
{
VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
VERIFY_SUCCESS(TAG, \
(OIC_ENCODING_RAW == cred->privateData.encoding ||\
OIC_ENCODING_BASE64 == cred->privateData.encoding || \
OIC_ENCODING_PEM == cred->privateData.encoding || \
OIC_ENCODING_DER == cred->privateData.encoding), \
ERROR);
break;
}
default:
{
OIC_LOG(WARNING, TAG, "Unknown credential type");
return false;
}
}
#endif
VERIFY_SUCCESS(TAG, 0 != memcmp(emptyUuid.id, cred->subject.id, sizeof(cred->subject.id)), ERROR);
OIC_LOG(DEBUG, TAG, "OUT IsVaildCredential");
return true;
exit:
OIC_LOG(WARNING, TAG, "OUT IsVaildCredential : Invalid Credential detected.");
return false;
}
/** /**
* This function frees OicSecCred_t object's fields and object itself. * This function frees OicSecCred_t object's fields and object itself.
*/ */
...@@ -1053,6 +1135,8 @@ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t cr ...@@ -1053,6 +1135,8 @@ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t cr
const OicSecCert_t * publicData, const OicSecKey_t* privateData, const OicSecCert_t * publicData, const OicSecKey_t* privateData,
const OicUuid_t * rownerID, const OicUuid_t * eownerID) const OicUuid_t * rownerID, const OicUuid_t * eownerID)
{ {
OIC_LOG(DEBUG, TAG, "IN GenerateCredential");
(void)publicData; (void)publicData;
OCStackResult ret = OC_STACK_ERROR; OCStackResult ret = OC_STACK_ERROR;
...@@ -1123,18 +1207,49 @@ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t cr ...@@ -1123,18 +1207,49 @@ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t cr
#endif //_ENABLE_MULTIPLE_OWNER_ #endif //_ENABLE_MULTIPLE_OWNER_
ret = OC_STACK_OK; ret = OC_STACK_OK;
OIC_LOG_V(DEBUG, TAG, "GenerateCredential : result: %d", ret);
OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credId: %d", cred->credId);
OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credType: %d", cred->credType);
OIC_LOG_BUFFER(DEBUG, TAG, cred->subject.id, sizeof(cred->subject.id));
if (cred->privateData.data)
{
OIC_LOG_V(DEBUG, TAG, "GenerateCredential : privateData len: %d", cred->privateData.len);
OIC_LOG_BUFFER(DEBUG, TAG, cred->privateData.data, cred->privateData.len);
}
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
if(cred->credUsage)
{
OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credUsage: %s", cred->credUsage);
}
if (cred->publicData.data)
{
OIC_LOG_V(DEBUG, TAG, "GenerateCredential : publicData len: %d", cred->publicData.len);
OIC_LOG_BUFFER(DEBUG, TAG, cred->publicData.data, cred->publicData.len);
}
if (cred->optionalData.data)
{
OIC_LOG_V(DEBUG, TAG, "GenerateCredential : optionalData len: %d", cred->optionalData.len);
OIC_LOG_BUFFER(DEBUG, TAG, cred->optionalData.data, cred->optionalData.len);
}
#endif //defined(__WITH_DTLS__) || defined(__WITH_TLS__)
exit: exit:
if (OC_STACK_OK != ret) if (OC_STACK_OK != ret)
{ {
DeleteCredList(cred); DeleteCredList(cred);
cred = NULL; cred = NULL;
} }
OIC_LOG(DEBUG, TAG, "OUT GenerateCredential");
return cred; return cred;
} }
static bool UpdatePersistentStorage(const OicSecCred_t *cred) static bool UpdatePersistentStorage(const OicSecCred_t *cred)
{ {
bool ret = false; bool ret = false;
OIC_LOG(DEBUG, TAG, "IN Cred UpdatePersistentStorage");
// Convert Cred data into JSON for update to persistent storage // Convert Cred data into JSON for update to persistent storage
if (cred) if (cred)
...@@ -1143,6 +1258,7 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred) ...@@ -1143,6 +1258,7 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred)
// This added '512' is arbitrary value that is added to cover the name of the resource, map addition and ending // This added '512' is arbitrary value that is added to cover the name of the resource, map addition and ending
size_t size = GetCredKeyDataSize(cred); size_t size = GetCredKeyDataSize(cred);
size += (512 * OicSecCredCount(cred)); size += (512 * OicSecCredCount(cred));
OIC_LOG_V(DEBUG, TAG, "cred size: %" PRIu64, size);
int secureFlag = 0; int secureFlag = 0;
OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag); OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
...@@ -1162,6 +1278,7 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred) ...@@ -1162,6 +1278,7 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred)
ret = true; ret = true;
} }
} }
OIC_LOG(DEBUG, TAG, "OUT Cred UpdatePersistentStorage");
return ret; return ret;
} }
...@@ -1373,11 +1490,13 @@ OCStackResult AddCredential(OicSecCred_t * newCred) ...@@ -1373,11 +1490,13 @@ OCStackResult AddCredential(OicSecCred_t * newCred)
OicSecCred_t * temp = NULL; OicSecCred_t * temp = NULL;
bool validFlag = true; bool validFlag = true;
OicUuid_t emptyOwner = { .id = {0} }; OicUuid_t emptyOwner = { .id = {0} };
VERIFY_SUCCESS(TAG, NULL != newCred, ERROR);
OIC_LOG(DEBUG, TAG, "IN AddCredential");
VERIFY_SUCCESS(TAG, NULL != newCred, ERROR);
//Assigning credId to the newCred //Assigning credId to the newCred
newCred->credId = GetCredId(); newCred->credId = GetCredId();
VERIFY_SUCCESS(TAG, newCred->credId != 0, ERROR); VERIFY_SUCCESS(TAG, true == IsVaildCredential(newCred), ERROR);
//the newCred is not valid if it is empty //the newCred is not valid if it is empty
...@@ -1423,6 +1542,7 @@ OCStackResult AddCredential(OicSecCred_t * newCred) ...@@ -1423,6 +1542,7 @@ OCStackResult AddCredential(OicSecCred_t * newCred)
} }
exit: exit:
OIC_LOG(DEBUG, TAG, "OUT AddCredential");
return ret; return ret;
} }
...@@ -2012,6 +2132,7 @@ OCStackResult CreateCredResource() ...@@ -2012,6 +2132,7 @@ OCStackResult CreateCredResource()
OCStackResult InitCredResource() OCStackResult InitCredResource()
{ {
OCStackResult ret = OC_STACK_ERROR; OCStackResult ret = OC_STACK_ERROR;
OicSecCred_t* cred = NULL;
//Read Cred resource from PS //Read Cred resource from PS
uint8_t *data = NULL; uint8_t *data = NULL;
...@@ -2037,6 +2158,17 @@ OCStackResult InitCredResource() ...@@ -2037,6 +2158,17 @@ OCStackResult InitCredResource()
{ {
gCred = GetCredDefault(); gCred = GetCredDefault();
} }
//Add a log to track the invalid credential.
LL_FOREACH(gCred, cred)
{
if (false == IsVaildCredential(cred))
{
OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource");
OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId);
}
}
//Instantiate 'oic.sec.cred' //Instantiate 'oic.sec.cred'
ret = CreateCredResource(); ret = CreateCredResource();
OICFree(data); OICFree(data);
......
...@@ -54,6 +54,7 @@ OicSecCred_t * getCredList() ...@@ -54,6 +54,7 @@ OicSecCred_t * getCredList()
cred->credType = SYMMETRIC_PAIR_WISE_KEY; cred->credType = SYMMETRIC_PAIR_WISE_KEY;
cred->privateData.encoding = OIC_ENCODING_RAW; cred->privateData.encoding = OIC_ENCODING_RAW;
cred->privateData.data = (uint8_t *)OICCalloc(1, strlen("My private Key11") + 1); cred->privateData.data = (uint8_t *)OICCalloc(1, strlen("My private Key11") + 1);
cred->privateData.len = strlen("My private Key11");
VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR); VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
OICStrcpy((char *)cred->privateData.data, strlen("My private Key11")+1,"My private Key11"); OICStrcpy((char *)cred->privateData.data, strlen("My private Key11")+1,"My private Key11");
// use |memcpy| for copying full-lengthed UUID without null termination // use |memcpy| for copying full-lengthed UUID without null termination
...@@ -68,7 +69,8 @@ OicSecCred_t * getCredList() ...@@ -68,7 +69,8 @@ OicSecCred_t * getCredList()
#endif #endif
cred->next->credType = SYMMETRIC_PAIR_WISE_KEY; cred->next->credType = SYMMETRIC_PAIR_WISE_KEY;
cred->next->privateData.encoding = OIC_ENCODING_RAW; cred->next->privateData.encoding = OIC_ENCODING_RAW;
sz = strlen("My private Key21") + 1; cred->next->privateData.len = strlen("My private Key21");
sz = cred->next->privateData.len + 1;
cred->next->privateData.data = (uint8_t *)OICCalloc(1, sz); cred->next->privateData.data = (uint8_t *)OICCalloc(1, sz);
VERIFY_NON_NULL(TAG, cred->next->privateData.data, ERROR); VERIFY_NON_NULL(TAG, cred->next->privateData.data, ERROR);
OICStrcpy((char *)cred->next->privateData.data, sz, "My private Key21"); OICStrcpy((char *)cred->next->privateData.data, sz, "My private Key21");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment