Commit 64ad7d86 authored by Dmitriy Zhuravlev's avatar Dmitriy Zhuravlev

Fix PKIX provision

There is an issue with payload converter

Change-Id: I6377cecd53b52986515fee7f7022680099cf05be
Signed-off-by: default avatarDmitriy Zhuravlev <d.zhuravlev@samsung.com>
Signed-off-by: default avatari.pazderskyy <i.pazderskyy@samsung.com>
Signed-off-by: default avatarDmitriy Zhuravlev <d.zhuravlev@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/6291Tested-by: default avatarjenkins-iotivity <jenkins-iotivity@opendaylight.org>
parent 273312fa
......@@ -52,10 +52,10 @@ extern "C" {
*/
#undef GET_SHA_256
#define GET_SHA_256(tbs, sha256) do{ \
SHA256_CTX ctx256; \
SHA256_Init(&ctx256); \
SHA256_Update(&ctx256, tbs.data, tbs.len); \
SHA256_Final(sha256, &ctx256); \
DTLS_SHA256_CTX ctx256; \
DTLS_SHA256_Init(&ctx256); \
DTLS_SHA256_Update(&ctx256, tbs.data, tbs.len); \
DTLS_SHA256_Final(sha256, &ctx256); \
}while(0)
/**@def CHECK_SIGN(structure, caPubKey)
......
......@@ -437,6 +437,9 @@ void SendGetRequest()
OCStackResult ret;
OIC_LOG(INFO, TAG, "Send Get REQ to Light server");
//select ciphersuite for certificates
CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
initAddress();
char szQueryUri[64] = { '\0'};
......
......@@ -3,7 +3,7 @@
"aclist":{
"aces":[
{
"subject": "*",
"subjectuuid": "*",
"resources": [
{
"href": "/oic/res",
......@@ -29,7 +29,7 @@
"permission": 2
},
{
"subject": "*",
"subjectuuid": "*",
"resources": [
{
"href": "/oic/sec/doxm",
......@@ -61,16 +61,16 @@
}
]
},
"rownerid" : "646F6F72-4465-7669-6365-555549443030"
"rowneruuid" : "646F6F72-4465-7669-6365-555549443030"
},
"pstat": {
"isop": false,
"deviceid": "646F6F72-4465-7669-6365-555549443030",
"rownerid": "646F6F72-4465-7669-6365-555549443030",
"deviceuuid": "646F6F72-4465-7669-6365-555549443030",
"rowneruuid": "646F6F72-4465-7669-6365-555549443030",
"cm": 2,
"tm": 0,
"om": 3,
"sm": [3]
"sm": 3
},
"doxm": {
"oxms": [0],
......@@ -79,7 +79,7 @@
"owned": false,
"didformat": 0,
"dpc": false,
"deviceid": "646F6F72-4465-7669-6365-555549443030",
"rownerid": "646F6F72-4465-7669-6365-555549443030"
"deviceuuid": "646F6F72-4465-7669-6365-555549443030",
"rowneruuid": "646F6F72-4465-7669-6365-555549443030"
}
}
......@@ -3,7 +3,7 @@
"aclist":{
"aces":[
{
"subject": "*",
"subjectuuid": "*",
"resources": [
{
"href": "/oic/res",
......@@ -29,7 +29,7 @@
"permission": 2
},
{
"subject": "*",
"subjectuuid": "*",
"resources": [
{
"href": "/oic/sec/doxm",
......@@ -61,16 +61,16 @@
}
]
},
"rownerid" : "6C696768-7444-6576-6963-655555494430"
"rowneruuid" : "6C696768-7444-6576-6963-655555494430"
},
"pstat": {
"isop": false,
"deviceid": "6C696768-7444-6576-6963-655555494430",
"rownerid": "6C696768-7444-6576-6963-655555494430",
"deviceuuid": "6C696768-7444-6576-6963-655555494430",
"rowneruuid": "6C696768-7444-6576-6963-655555494430",
"cm": 2,
"tm": 0,
"om": 3,
"sm": [3]
"sm": 3
},
"doxm": {
"oxms": [0],
......@@ -79,7 +79,7 @@
"owned": false,
"dpc": false,
"didformat": 0,
"deviceid": "6C696768-7444-6576-6963-655555494430",
"rownerid": "6C696768-7444-6576-6963-655555494430"
"deviceuuid": "6C696768-7444-6576-6963-655555494430",
"rowneruuid": "6C696768-7444-6576-6963-655555494430"
}
}
......@@ -3,7 +3,7 @@
"aclist":{
"aces":[
{
"subject": "*",
"subjectuuid": "*",
"resources": [
{
"href": "/oic/res",
......@@ -34,7 +34,7 @@
"permission": 2
},
{
"subject": "*",
"subjectuuid": "*",
"resources": [
{
"href": "/oic/sec/doxm",
......@@ -51,26 +51,25 @@
}
]
},
"rownerid" : "61646D69-6E44-6576-6963-655555494430"
"rowneruuid" : "61646D69-6E44-6576-6963-655555494430"
},
"pstat": {
"isop": true,
"cm": 2,
"tm": 0,
"om": 3,
"sm": [3],
"deviceid": "61646D69-6E44-6576-6963-655575696430",
"rownerid": "61646D69-6E44-6576-6963-655575696430"
"sm": 3,
"deviceuuid": "61646D69-6E44-6576-6963-655575696430",
"rowneruuid": "61646D69-6E44-6576-6963-655575696430"
},
"doxm": {
"oxms": [0],
"oxmsel": 0,
"sct": 1,
"owned": true,
"didformat": 0,
"deviceid": "61646D69-6E44-6576-6963-655575696430",
"deviceuuid": "61646D69-6E44-6576-6963-655575696430",
"dpc": false,
"devownerid": "61646D69-6E44-6576-6963-655575696430",
"rownerid": "61646D69-6E44-6576-6963-655575696430"
"devowneruuid": "61646D69-6E44-6576-6963-655575696430",
"rowneruuid": "61646D69-6E44-6576-6963-655575696430"
}
}
......@@ -41,7 +41,20 @@ extern "C"
*/
OCStackResult SRPProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo,
OicSecAcl_t *acl, OCProvisionResultCB resultCallback);
#ifdef __WITH_X509__
/**
* API to send CRL information to resource.
*
* @param[in] selectedDeviceInfo Selected target device.
* @param[in] crl CRL to provision.
* @param[in] resultCallback callback provided by API user, callback will be called when
* provisioning request recieves a response from resource server.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult SRPProvisionCRL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo,
OicSecCrl_t *crl, OCProvisionResultCB resultCallback);
#endif // __WITH_X509__
/**
* API to send Direct-Pairing Configuration to a device.
*
......
......@@ -177,18 +177,18 @@ static OCStackResult GenerateCertificateAndKeys(const OicUuid_t * subject, OicSe
numCert ++;
uint32_t len = 0;
for (size_t i = 0; i < numCert; ++i)
for (size_t i = 0; i < numCert; i++)
{
certificateChain->data = (uint8_t *) OICRealloc(certificateChain->data, len + cert[i].len + CERT_LEN_PREFIX);
certificateChain->data = (uint8_t *) OICRealloc(certificateChain->data,
len + cert[i].len + CERT_LEN_PREFIX);
if (NULL == certificateChain->data)
{
OIC_LOG(ERROR, TAG, "Error while memory allocation");
return OC_STACK_ERROR;
}
uint32_t appendedLen = appendCert2Chain(certificateChain->data + len, cert[i].data,
cert[i].len);
//TODO function check len
uint32_t appendedLen = appendCert2Chain(certificateChain->data + len,
cert[i].data, cert[i].len);
if (0 == appendedLen)
{
OIC_LOG(ERROR, TAG, "Error while certifiacate chain creation.");
......
......@@ -629,17 +629,19 @@ OCStackResult SRPProvisionCredentials(void *ctx, OicSecCredType_t type, size_t k
const OCProvisionDev_t *pDev2,
OCProvisionResultCB resultCallback)
{
if (!pDev1 || !pDev2 || !pDev1->doxm || !pDev2->doxm)
VERIFY_NON_NULL(TAG, pDev1, ERROR, OC_STACK_INVALID_PARAM);
if (SYMMETRIC_PAIR_WISE_KEY == type)
{
OIC_LOG(INFO, TAG, "SRPUnlinkDevices : NULL parameters");
return OC_STACK_INVALID_PARAM;
VERIFY_NON_NULL(TAG, pDev2, ERROR, OC_STACK_INVALID_PARAM);
}
VERIFY_NON_NULL(TAG, resultCallback, ERROR, OC_STACK_INVALID_CALLBACK);
if (!resultCallback)
{
OIC_LOG(INFO, TAG, "SRPUnlinkDevices : NULL Callback");
return OC_STACK_INVALID_CALLBACK;
}
if (0 == memcmp(&pDev1->doxm->deviceID, &pDev2->doxm->deviceID, sizeof(OicUuid_t)))
if (SYMMETRIC_PAIR_WISE_KEY == type &&
0 == memcmp(&pDev1->doxm->deviceID, &pDev2->doxm->deviceID, sizeof(OicUuid_t)))
{
OIC_LOG(INFO, TAG, "SRPUnlinkDevices : Same device ID");
return OC_STACK_INVALID_PARAM;
......
......@@ -178,7 +178,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload
mapSize++;
}
#ifdef __WITH_X509__
if (cred->publicData.data)
if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
{
mapSize++;
}
......@@ -216,7 +216,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload
#ifdef __WITH_X509__
//PublicData -- Not Mandatory
if (cred->publicData.data)
if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
{
CborEncoder publicMap = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
const size_t publicMapSize = 2;
......@@ -293,7 +293,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload
cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
cred = cred->next;
}
cborEncoderResult = cbor_encoder_close_container(&credRootMap, &credArray);
......@@ -1403,11 +1403,13 @@ int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo)
{
goto exit;
}
credInfo->chainLen = 2;
memcpy(credInfo->certificateChain, cred->publicData.data, cred->publicData.len);
memcpy(credInfo->devicePrivateKey, cred->privateData.data, cred->privateData.len);
credInfo->certificateChainLen = parseCertPrefix(cred->publicData.data);
credInfo->certificateChainLen = cred->publicData.len;
GetCAPublicKeyData(credInfo);
ret = 0;
exit:
return ret;
......
......@@ -26,6 +26,7 @@
#include "srmutility.h"
#include "doxmresource.h"
#include "ocpayload.h"
#include "oic_malloc.h"
#ifdef __WITH_X509__
#include "crlresource.h"
#include "crl.h"
......@@ -41,7 +42,7 @@
#define OIC_CBOR_CRL_ID "CRLId"
#define OIC_CBOR_CRL_THIS_UPDATE "ThisUpdate"
#define OIC_CBOR_CRL_DATA "CRLData"
#define CRL_DEFAULT_CRL_ID 1
#define CRL_DEFAULT_CRL_ID (1)
#define CRL_DEFAULT_THIS_UPDATE "150101000000Z"
#define CRL_DEFAULT_CRL_DATA "-"
......@@ -167,18 +168,13 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size,
OCStackResult ret = OC_STACK_ERROR;
*secCrl = NULL;
CborValue crlCbor = { .parser = NULL };
CborParser parser = { .end = NULL };
CborValue crlCbor = {.parser = NULL};
CborParser parser = {.end = NULL};
CborError cborFindResult = CborNoError;
int cborLen = size;
if (0 == size)
{
cborLen = CBOR_SIZE;
}
int cborLen = (size == 0) ? CBOR_SIZE : size;
cbor_parser_init(cborPayload, cborLen, 0, &parser, &crlCbor);
CborValue crlMap = { .parser = NULL } ;
CborValue crlMap = { .parser = NULL};
OicSecCrl_t *crl = NULL;
char *name = NULL;
size_t outLen = 0;
cborFindResult = cbor_value_enter_container(&crlCbor, &crlMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
......@@ -186,74 +182,26 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size,
crl = (OicSecCrl_t *)OICCalloc(1, sizeof(OicSecCrl_t));
VERIFY_NON_NULL(TAG, crl, ERROR);
while (cbor_value_is_valid(&crlMap))
cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_ID, &crlMap);
if (CborNoError == cborFindResult && cbor_value_is_integer(&crlMap))
{
size_t len = 0;
cborFindResult = cbor_value_dup_text_string(&crlMap, &name, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
cborFindResult = cbor_value_advance(&crlMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
CborType type = cbor_value_get_type(&crlMap);
if (0 == strcmp(OIC_CBOR_CRL_ID, name))
{
cborFindResult = cbor_value_get_int(&crlMap, (int *) &crl->CrlId);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
}
if (0 == strcmp(OIC_CBOR_CRL_THIS_UPDATE, name))
{
uint8_t *crlByte = NULL;
cborFindResult = cbor_value_dup_byte_string(&crlMap, &crlByte, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
crl->ThisUpdate.data = (uint8_t*) OICMalloc(len);
VERIFY_NON_NULL(TAG, crl->ThisUpdate.data, ERROR);
memcpy(crl->ThisUpdate.data, crlByte, len);
crl->ThisUpdate.len = len;
OICFree(crlByte);
}
if (0 == strcmp(OIC_CBOR_CRL_DATA, name))
{
uint8_t *crlByte = NULL;
cborFindResult = cbor_value_dup_byte_string(&crlMap, &crlByte, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
crl->CrlData.data = (uint8_t*) OICMalloc(len);
VERIFY_NON_NULL(TAG, crl->CrlData.data, ERROR);
memcpy(crl->CrlData.data, crlByte, len);
crl->CrlData.len = len;
OICFree(crlByte);
}
if (CborMapType != type && cbor_value_is_valid(&crlMap))
{
cborFindResult = cbor_value_advance(&crlMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
}
OICFree(name);
name = NULL;
}
// PUT/POST CBOR may not have mandatory values set default values.
if (!crl->CrlId)
{
VERIFY_NON_NULL(TAG, gCrl, ERROR);
crl->CrlId = gCrl->CrlId;
cborFindResult = cbor_value_get_int(&crlMap, (int *) &crl->CrlId);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CrlId.");
}
if (!crl->ThisUpdate.data)
cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_THIS_UPDATE, &crlMap);
if (CborNoError == cborFindResult && cbor_value_is_byte_string(&crlMap))
{
VERIFY_NON_NULL(TAG, gCrl, ERROR);
outLen = gCrl->ThisUpdate.len;
crl->ThisUpdate.data = (uint8_t*) OICMalloc(outLen);
VERIFY_NON_NULL(TAG, crl->ThisUpdate.data, ERROR);
memcpy(crl->ThisUpdate.data, gCrl->ThisUpdate.data, outLen);
crl->ThisUpdate.len = outLen;
cborFindResult = cbor_value_dup_byte_string(&crlMap,
&crl->ThisUpdate.data, &crl->ThisUpdate.len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Byte Array.");
}
if (!crl->CrlData.data)
cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_DATA, &crlMap);
if (CborNoError == cborFindResult && cbor_value_is_byte_string(&crlMap))
{
VERIFY_NON_NULL(TAG, gCrl, ERROR);
outLen = gCrl->CrlData.len;
crl->CrlData.data = (uint8_t*) OICMalloc(outLen);
VERIFY_NON_NULL(TAG, crl->CrlData.data, ERROR);
memcpy(crl->CrlData.data, gCrl->CrlData.data, outLen);
crl->CrlData.len = outLen;
cborFindResult = cbor_value_dup_byte_string(&crlMap,
&crl->CrlData.data, &crl->CrlData.len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Byte Array.");
}
*secCrl = crl;
......@@ -261,15 +209,54 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size,
exit:
if (CborNoError != cborFindResult)
{
OIC_LOG (ERROR, TAG, "CBORPayloadToCrl failed");
DeleteCrlBinData(crl);
crl = NULL;
*secCrl = NULL;
ret = OC_STACK_ERROR;
}
if (name)
{
OICFree(name);
// PUT/POST CBOR may not have mandatory values set default values.
if (gCrl)
{
OIC_LOG (DEBUG, TAG, "Set default values");
crl->CrlId = gCrl->CrlId;
if (crl->ThisUpdate.data)
{
OICFree(crl->ThisUpdate.data);
}
outLen = gCrl->ThisUpdate.len;
crl->ThisUpdate.data = (uint8_t*) OICMalloc(outLen);
if (crl->ThisUpdate.data)
{
memcpy(crl->ThisUpdate.data, gCrl->ThisUpdate.data, outLen);
crl->ThisUpdate.len = outLen;
}
else
{
crl->ThisUpdate.len = 0;
OIC_LOG(ERROR, TAG, "Set default failed");
}
if (crl->CrlData.data)
{
OICFree(crl->CrlData.data);
}
outLen = gCrl->CrlData.len;
crl->CrlData.data = (uint8_t*) OICMalloc(outLen);
if (crl->CrlData.data && gCrl->CrlData.data)
{
memcpy(crl->CrlData.data, gCrl->CrlData.data, outLen);
crl->CrlData.len = outLen;
}
else
{
crl->CrlData.len = 0;
OIC_LOG (ERROR, TAG, "Set default failed");
}
*secCrl = crl;
ret = OC_STACK_OK;
}
else
{
OIC_LOG (ERROR, TAG, "CBORPayloadToCrl failed");
DeleteCrlBinData(crl);
crl = NULL;
ret = OC_STACK_ERROR;
}
}
return ret;
}
......@@ -293,11 +280,12 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest *
OCEntityHandlerResult ehRet = OC_EH_ERROR;
OicSecCrl_t *crl = NULL;
uint8_t *payload = ((OCSecurityPayload *)ehRequest->payload)->securityData1;
size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
if (payload)
{
OIC_LOG(INFO, TAG, "UpdateSVRDB...");
CBORPayloadToCrl(payload, CBOR_SIZE, &crl);
CBORPayloadToCrl(payload, size, &crl);
VERIFY_NON_NULL(TAG, crl, ERROR);
gCrl->CrlId = crl->CrlId;
......@@ -315,10 +303,9 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest *
memcpy(gCrl->CrlData.data, crl->CrlData.data, crl->CrlData.len);
gCrl->CrlData.len = crl->CrlData.len;
size_t size = 0;
if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_CBOR_CRL_NAME, payload, size))
{
ehRet = OC_EH_OK;
ehRet = OC_EH_RESOURCE_CREATED;
}
DeleteCrlBinData(crl);
......@@ -327,7 +314,7 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest *
exit:
// Send payload to request originator
SendSRMResponse(ehRequest, ehRet, NULL);
SendSRMCBORResponse(ehRequest, ehRet, NULL, 0);
OIC_LOG_V(INFO, TAG, "%s RetVal %d", __func__, ehRet);
return ehRet;
......@@ -369,7 +356,7 @@ static OCEntityHandlerResult CRLEntityHandler(OCEntityHandlerFlag flag,
default:
ehRet = OC_EH_ERROR;
SendSRMResponse(ehRequest, ehRet, NULL);
SendSRMCBORResponse(ehRequest, ehRet, NULL, 0);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment