Commit 933662a6 authored by Chul Lee's avatar Chul Lee Committed by Randeep

Multiple Ownership Transfer support.

[NOTE] This patch includes the following patches for MOT :
   https://gerrit.iotivity.org/gerrit/#/c/12063/
   https://gerrit.iotivity.org/gerrit/#/c/13375/
   https://gerrit.iotivity.org/gerrit/#/c/13341/
   https://gerrit.iotivity.org/gerrit/#/c/13343/

[Overview]
This patch is to support the multiple ownership transfer(MOT).
We assume the MOT authenticated client is the SubOwner.
SubOwner can access the ALL resources with full permsion except the DOXM, ACL and CRED.

This patch includes following changes :
1. Update the doxm resource to include MOT related properties.
   - New Properties
     . x.org.iotivity.mom : Mode of MOT
     . x.org.iotivity.subowneruuid : List of SubOwner
   - SubOwner has READ permission for DOXM.
   - The resource server will be update subowner list of doxm
     when MOT authentication successfully done.

2. Update the cred, acl resource to include MOT related property.
   - New Properties
     . x.org.iotivity.eowneruuid : entry owner uuid for each entry.
   - SubOwner should set the eowner as subowner's UUID
     when provision the ACL and CRED.
   - SubOwner can access only those resources that registered as eowner.

3. Update the PolicyEngine for SubOwner's access control as following :
   - DOXM : READ ONLY
   - CRED/ACL : SubOwner can access only those resources that registerd as eowner.
     . SubOwner can not provision ACL which is include the DOXM, CRED, ACL, PSTAT.
   - PSTAT : FULL permission
   - Application Resources : FULL permission

4. Add Preconfigured-PIN OxM

5. Update the sample codes
   - Test Preconfigured PIN based MOT
     1. Run the sampleserver_justworks
     2. Run the provisioningclient
     [On the provisioningclient]
     3. Perform the UnOwned Device discovery [Menu:11]
     4. Perform the OTM [Menu:20]
     5. Perform the Owned Device Discovery [Menu:12]
     6. Change the server's 'mode of MOT' [Menu:70]
     7. Perform the MOT enabled device discovery [Menu:13]
        - Check the discovered device list.
     8. POST the preconfigured-PIN credential [Menu:71]
         - sample's preconfigured-PIN is '12341234'
     9. Change the server's 'oxmsel' [Menu:72]
         - '3' is preconfigured-PIN OxM
     10. Run the subownerclient
     [On the subownerclient]
     11. Perform the MOT enabled device discovery [Menu:10]
         - Check the discovered device list.
     12. Perform the MOT [Menu:20]
     13. Perform the Multiple Owned device discovery [Menu:11]
         - Check the discovered device list.
     14. Perform the ACL provisioning TEST [Menu:40]

   - Test Random PIN based MOT
     1. Run the sampleserver_randompin
     2. Run the provisioningclient
     [On the provisioningclient]
     3. Perform the UnOwned Device discovery [Menu:11]
     4. Perform the OTM [Menu:20]
     5. Perform the Owned Device Discovery [Menu:12]
     6. Change the server's 'mode of MOT' [Menu:70]
     7. Run the subownerclient
     [On the subownerclient]
     8. Perform the MOT enabled device discovery [Menu:10]
         - Check the discovered device list.
     9. Perform the MOT [Menu:20]
         In case of random PIN based MOT, PIN input required.
     [On the sampleserver_randompin]
     10. Press 'G' or 'g' on the sampleserver_randompin.
         server will generate and display the random PIN.
     11. Input the server's PIN number on the subownerclient side.
     12. Perform the Multiple Owned device discovery [Menu:11]
         - Check the discovered device list.
     13. Perform the ACL provisioning TEST [Menu:40]
     14. Press 'E' or 'e' on the sampleserver_randompin to exit server.

Change-Id: I25d029839b3567455743031afafb34d2fc78278c
Signed-off-by: default avatarChul Lee <chuls.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/13419Tested-by: default avatarjenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
parent 34a692f4
......@@ -112,6 +112,7 @@ else:
help_vars.Add(EnumVariable('TARGET_ARCH', 'Target architecture', default_arch, os_arch_map[target_os]))
help_vars.Add(EnumVariable('SECURED', 'Build with DTLS', '0', allowed_values=('0', '1')))
help_vars.Add(EnumVariable('MULTIPLE_OWNER', 'Enable multiple owner', '0', allowed_values=('0', '1')))
help_vars.Add(EnumVariable('TEST', 'Run unit tests', '0', allowed_values=('0', '1')))
help_vars.Add(BoolVariable('LOGGING', 'Enable stack logging', logging_default))
help_vars.Add(BoolVariable('UPLOAD', 'Upload binary ? (For Arduino)', require_upload))
......
......@@ -65,6 +65,20 @@ typedef enum
typedef int (*CAgetPskCredentialsHandler)(CADtlsPskCredType_t type,
const uint8_t *desc, size_t desc_len,
uint8_t *result, size_t result_length);
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* API to get a secure connected peer information
*
* @param[in] peer peer information includs IP address and port.
*
* @return secure connected peer information on success, otherwise NULL
*/
const CASecureEndpoint_t *CAGetSecureEndpointData(const CAEndpoint_t *peer);
#endif //_ENABLE_MULTIPLE_OWNER_
#endif
/**
* This internal callback is used by CA layer to
* retrieve all credential types from SRM
......
......@@ -171,6 +171,18 @@ CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
uint8_t* ownerPsk, const size_t ownerPskSize);
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* Gets CA secure endpoint info corresponding for endpoint.
*
* @param[in] peer remote address
*
* @return CASecureEndpoint or NULL
*/
const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer);
#endif
#ifdef __cplusplus
}
#endif //__cplusplus
......
......@@ -131,12 +131,6 @@ void CADTLSSetAdapterCallbacks(CAPacketReceivedCallback recvCallback,
*/
void CADTLSSetHandshakeCallback(CAErrorCallback dtlsHandshakeCallback);
/**
* Register callback to get DTLS PSK credentials.
* @param[in] credCallback callback to get DTLS PSK credentials.
*/
void CADTLSSetCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback);
/**
* Select the cipher suite for dtls handshake
*
......@@ -256,6 +250,18 @@ CAResult_t CAAdapterNetDtlsDecrypt(const CASecureEndpoint_t *sep,
uint8_t *data,
uint32_t dataLen);
/**
* API to get a secure connected peer information
* NOTE : This API use the mutex lock to access 'g_caDtlsContext',
* Please do not invoke this API for internal function of dtls adapter
*
* @param[in] peer peer information includs IP address and port.
*
* @ return secure connected peer information on success, otherwise NULL
*/
CASecureEndpoint_t *CAGetSecurePeerInfo(const CAEndpoint_t *peer);
#endif /* CA_ADAPTER_NET_DTLS_H_ */
......@@ -8,6 +8,7 @@ Import('env')
ca_os = env.get('TARGET_OS')
ca_transport = env.get('TARGET_TRANSPORT')
secured = env.get('SECURED')
multiple_owner = env.get('MULTIPLE_OWNER')
with_ra = env.get ('WITH_RA')
with_ra_ibb = env.get('WITH_RA_IBB')
with_tcp = env.get('WITH_TCP')
......@@ -84,6 +85,9 @@ if env.get('SECURED') == '1':
if ((secured == '1') and (with_tcp == True)):
env.AppendUnique(CPPDEFINES = ['__WITH_TLS__'])
if (multiple_owner == '1'):
env.AppendUnique(CPPDEFINES=['_ENABLE_MULTIPLE_OWNER_'])
ca_common_src = None
......
......@@ -765,6 +765,45 @@ static SslEndPoint_t *GetSslPeer(const CAEndpoint_t *peer)
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
return NULL;
}
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* Gets CA secure endpoint info corresponding for endpoint.
*
* @param[in] peer remote address
*
* @return CASecureEndpoint or NULL
*/
const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer)
{
OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
// TODO: Added as workaround, need to debug
oc_mutex_unlock(g_sslContextMutex);
oc_mutex_lock(g_sslContextMutex);
if (NULL == g_caSslContext)
{
OIC_LOG(ERROR, NET_SSL_TAG, "Context is NULL");
oc_mutex_unlock(g_sslContextMutex);
return NULL;
}
SslEndPoint_t* sslPeer = GetSslPeer(peer);
if(sslPeer)
{
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
oc_mutex_unlock(g_sslContextMutex);
return &sslPeer->sep;
}
OIC_LOG(DEBUG, NET_SSL_TAG, "Return NULL");
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
oc_mutex_unlock(g_sslContextMutex);
return NULL;
}
#endif
/**
* Deletes cached message.
*
......@@ -1959,6 +1998,9 @@ CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
VERIFY_NON_NULL_RET(provServerDeviceId, NET_SSL_TAG, "provId is NULL", CA_STATUS_INVALID_PARAM);
VERIFY_NON_NULL_RET(ownerPsk, NET_SSL_TAG, "ownerPSK is NULL", CA_STATUS_INVALID_PARAM);
// TODO: Added as workaround, need to debug
oc_mutex_unlock(g_sslContextMutex);
oc_mutex_lock(g_sslContextMutex);
if (NULL == g_caSslContext)
{
......
......@@ -140,7 +140,24 @@ void CARegisterHandler(CARequestCallback ReqHandler, CAResponseCallback RespHand
CASetInterfaceCallbacks(ReqHandler, RespHandler, ErrorHandler);
}
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
#ifdef _ENABLE_MULTIPLE_OWNER_
const CASecureEndpoint_t *CAGetSecureEndpointData(const CAEndpoint_t *peer)
{
OIC_LOG(DEBUG, TAG, "IN CAGetSecurePeerInfo");
if (!g_isInitialized)
{
OIC_LOG(DEBUG, TAG, "CA is not initialized");
return NULL;
}
OIC_LOG(DEBUG, TAG, "OUT CAGetSecurePeerInfo");
return GetCASecureEndpointData(peer);
}
#endif //_ENABLE_MULTIPLE_OWNER_
CAResult_t CAregisterSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
{
OIC_LOG(DEBUG, TAG, "CAregisterSslHandshakeCallback");
......
......@@ -88,6 +88,9 @@ if target_os in ['darwin', 'ios']:
if env.get('LOGGING'):
libocsrm_env.AppendUnique(CPPDEFINES = ['TB_LOG'])
if env.get('MULTIPLE_OWNER') == '1':
libocsrm_env.AppendUnique(CPPDEFINES=['_ENABLE_MULTIPLE_OWNER_'])
######################################################################
# Source files and Targets
######################################################################
......
......@@ -62,6 +62,20 @@ const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **
*/
OCStackResult AclToCBORPayload(const OicSecAcl_t * acl, uint8_t **outPayload, size_t *size);
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* Function to check the ACL access of SubOwner
*
* @param[in] uuid SubOwner's UUID
* @param[in] cborPayload CBOR payload of ACL
* @param[in] size Byte length of cborPayload
*
* @return ::true for valid access, otherwise invalid access
*/
bool IsValidAclAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, const size_t size);
#endif //_ENABLE_MULTIPLE_OWNER_
/**
* This method removes ACE for the subject and resource from the ACL
*
......
......@@ -80,6 +80,19 @@ OicSecCred_t* GetCredResourceDataByCredId(const uint16_t credId);
OCStackResult CredToCBORPayload(const OicSecCred_t* cred, uint8_t **cborPayload,
size_t *cborSize, int secureFlag);
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* Function to check the credential access of SubOwner
*
* @param[in] uuid SubOwner's UUID
* @param[in] cborPayload CBOR payload of credential
* @param[in] size Byte length of cborPayload
*
* @return ::true for valid access, otherwise invalid access
*/
bool IsValidCredentialAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, size_t size);
#endif //_ENABLE_MULTIPLE_OWNER_
/**
* This function generates the bin credential data.
*
......@@ -88,13 +101,14 @@ OCStackResult CredToCBORPayload(const OicSecCred_t* cred, uint8_t **cborPayload,
* @param publicData public data such as public key.
* @param privateData private data such as private key.
* @param rownerID Resource owner's UUID.
* @param eownerID Entry owner's UUID.
*
* @return pointer to instance of @ref OicSecCred_t if successful. else NULL in case of error.
*/
OicSecCred_t * GenerateCredential(const OicUuid_t* subject, OicSecCredType_t credType,
const OicSecCert_t * publicData, const OicSecKey_t * privateData,
const OicUuid_t * rownerID);
const OicUuid_t * rownerID, const OicUuid_t * eownerID);
/**
* This function adds the new cred to the credential list.
......
......@@ -22,6 +22,9 @@
#define IOTVT_SRM_DOXM_H
#include "octypes.h"
#ifdef _ENABLE_MULTIPLE_OWNER_
#include "cacommon.h"
#endif //_ENABLE_MULTIPLE_OWNER_
#ifdef __cplusplus
extern "C" {
......@@ -106,7 +109,7 @@ OCStackResult GetDoxmDevOwnerId(OicUuid_t *devownerid);
* Gets the bool state of "isOwned" property on the doxm resource.
*
* @param isOwned a pointer to be assigned to isOwned property
* @return ::OC_STACK_OK if isOwned is assigned correctly, else ::OC_STACK_ERROR.
* @return ::OC_STACK_OK if isOwned is assigned correctly, else ::OC_STACK_ERROR.
*/
OCStackResult GetDoxmIsOwned(bool *isOwned);
......@@ -118,6 +121,17 @@ OCStackResult GetDoxmIsOwned(bool *isOwned);
*/
OCStackResult GetDoxmRownerId(OicUuid_t *rowneruuid);
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* Compare the UUID to SubOwner.
*
* @param[in] uuid device UUID
*
* @return true if uuid exists in the SubOwner list of doxm, else false.
*/
bool IsSubOwner(const OicUuid_t* uuid);
#endif //_ENABLE_MULTIPLE_OWNER_
/** This function deallocates the memory for OicSecDoxm_t .
*
* @param doxm is the pointer to @ref OicSecDoxm_t.
......@@ -130,6 +144,16 @@ void DeleteDoxmBinData(OicSecDoxm_t* doxm);
*/
void RestoreDoxmToInitState();
#if defined(__WITH_DTLS__) && defined(_ENABLE_MULTIPLE_OWNER_)
/**
* Callback function to handle MOT DTLS handshake result.
* @param[out] object remote device information.
* @param[out] errorInfo CA Error information.
*/
void MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object,
const CAErrorInfo_t *errorInfo);
#endif //__WITH_DTLS__ && _ENABLE_MULTIPLE_OWNER_
#ifdef __cplusplus
}
#endif
......
......@@ -50,6 +50,11 @@ typedef struct PEContext
bool amsProcessing;
SRMAccessResponse_t retVal;
AmsMgrContext_t *amsMgrContext;
#ifdef _ENABLE_MULTIPLE_OWNER_
uint8_t* payload;
size_t payloadSize;
#endif //_ENABLE_MULTIPLE_OWNER_
} PEContext_t;
/**
......
......@@ -101,9 +101,15 @@ extern const char * OIC_JSON_PERMISSION_NAME;
extern const char * OIC_JSON_OWNERS_NAME;
extern const char * OIC_JSON_OWNER_NAME;
extern const char * OIC_JSON_DEVOWNERID_NAME;
#ifdef _ENABLE_MULTIPLE_OWNER_
extern const char * OIC_JSON_SUBOWNERID_NAME;
#endif //_ENABLE_MULTIPLE_OWNER_
extern const char * OIC_JSON_OWNED_NAME;
extern const char * OIC_JSON_OXM_NAME;
extern const char * OIC_JSON_OXMS_NAME;
#ifdef _ENABLE_MULTIPLE_OWNER_
extern const char * OIC_JSON_MOM_NAME;
#endif //_ENABLE_MULTIPLE_OWNER_
extern const char * OIC_JSON_OXM_TYPE_NAME;
extern const char * OIC_JSON_OXM_SEL_NAME;
extern const char * OIC_JSON_DEVICE_ID_FORMAT_NAME;
......@@ -146,6 +152,9 @@ extern const char * OIC_JSON_REL_NAME;
extern const char * OIC_JSON_RT_NAME;
extern const char * OIC_JSON_IF_NAME;
extern const char * OIC_JSON_ROWNERID_NAME;
#ifdef _ENABLE_MULTIPLE_OWNER_
extern const char * OIC_JSON_EOWNERID_NAME;
#endif //_ENABLE_MULTIPLE_OWNER_
extern const char * OIC_JSON_ENCODING_NAME;
extern const char * OIC_JSON_DATA_NAME;
extern const char * OIC_JSON_SEC_V_NAME;
......@@ -164,6 +173,9 @@ extern const char * WILDCARD_RESOURCE_URI;
extern const char * OXM_JUST_WORKS;
extern const char * OXM_RANDOM_DEVICE_PIN;
extern const char * OXM_MANUFACTURER_CERTIFICATE;
#ifdef _ENABLE_MULTIPLE_OWNER_
extern const char * OXM_PRECONF_PIN;
#endif //_ENABLE_MULTIPLE_OWNER_
extern const char * OIC_SEC_ENCODING_BASE64;
extern const char * OIC_SEC_ENCODING_RAW;
......
......@@ -28,7 +28,9 @@
extern "C" {
#endif // __cplusplus
#define OXM_RANDOM_PIN_SIZE 8
#define OXM_RANDOM_PIN_SIZE (8)
#define OXM_PRECONFIG_PIN_SIZE (OXM_RANDOM_PIN_SIZE)
/**
* Function pointer to print pin code.
......@@ -54,6 +56,15 @@ void SetGeneratePinCB(GeneratePinCallback pinCB);
*/
void SetInputPinCB(InputPinCallback pinCB);
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* Function to save the preconfig PIN getter from user.
*
* @param pinCB implementation of preconfig PIN function.
*/
void SetGetPreconfigPinCB(InputPinCallback pinCB);
#endif //_ENABLE_MULTIPLE_OWNER_
/**
* Function to generate random PIN.
* This function will send generated PIN to user via callback.
......@@ -75,22 +86,45 @@ OCStackResult GeneratePin(char* pinBuffer, size_t bufferSize);
*/
OCStackResult InputPin(char* pinBuffer, size_t bufferSize);
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* Function to save the Pre-configured PIN.
*
* @param[in] pinBuffer PIN data
* @param[in] pinLength byte length of PIN
*
* @return ::OC_STACK_SUCCESS in case of success or other value in ccase of error.
*/
OCStackResult SetPreconfigPin(const char* pinBuffer, size_t pinLength);
/**
* Function to read preconfig PIN.
*
* @param[in,out] pinBuffer is the reference to the buffer to store the preconfigured PIN.
* @param[in] bufferSize is the size of buffer.
*
* @return ::OC_STACK_SUCCESS in case of success or other value in ccase of error.
*/
OCStackResult GetPreconfigPin(char* pinBuffer, size_t bufferSize);
#endif
#ifdef __WITH_DTLS__
/**
* This function is used by OTM and SRM to
* register device UUID is required to derive the temporal PSK.
*/
void SetUuidForRandomPinOxm(const OicUuid_t* uuid);
void SetUuidForPinBasedOxm(const OicUuid_t* uuid);
/**
* This internal callback is used while PIN based ownership transfer.
* This internal callback is used while Random PIN based OTM.
* This callback will be used to establish a temporary secure session according to
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256.
*
* @param[in] type type of PSK data required by tinyDTLS layer during DTLS handshake.
* @param[in] desc UNUSED.
* @param[in] desc_len UNUSED.
* @param[in] UNUSED1 UNUSED.
* @param[in] UNUSED2 UNUSED.
* @param[out] result Must be filled with the requested information.
* @param[in] result_length Maximum size of @p result.
*
......@@ -100,6 +134,77 @@ void SetUuidForRandomPinOxm(const OicUuid_t* uuid);
int32_t GetDtlsPskForRandomPinOxm( CADtlsPskCredType_t type,
const unsigned char *UNUSED1, size_t UNUSED2,
unsigned char *result, size_t result_length);
#ifdef _ENABLE_MULTIPLE_OWNER_
/**
* This internal callback is used while Random PIN based MOT.
* This callback will be used to establish a temporary secure session according to
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256.
*
* @param[in] type type of PSK data required by tinyDTLS layer during DTLS handshake.
* @param[in] UNUSED1 UNUSED.
* @param[in] UNUSED2 UNUSED.
* @param[out] result Must be filled with the requested information.
* @param[in] result_length Maximum size of @p result.
*
* @return The number of bytes written to @p result or a value
* less than zero on error.
*/
int32_t GetDtlsPskForMotRandomPinOxm( CADtlsPskCredType_t type,
const unsigned char *UNUSED1, size_t UNUSED2,
unsigned char *result, size_t result_length);
/**
* This internal callback is used while Preconfigured-PIN OTM.
* This callback will be used to establish a temporary secure session according to
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256.
*
* @param[in] type type of PSK data required by tinyDTLS layer during DTLS handshake.
* @param[in] UNUSED1 UNUSED.
* @param[in] UNUSED2 UNUSED.
* @param[out] result Must be filled with the requested information.
* @param[in] result_length Maximum size of @p result.
*
* @return The number of bytes written to @p result or a value
* less than zero on error.
*/
int32_t GetDtlsPskForPreconfPinOxm( CADtlsPskCredType_t type,
const unsigned char *UNUSED1, size_t UNUSED2,
unsigned char *result, size_t result_length);
/**
* This internal callback is used while Preconfigured-PIN MOT.
* This callback will be used to establish a temporary secure session according to
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256.
*
* @param[in] type type of PSK data required by tinyDTLS layer during DTLS handshake.
* @param[in] UNUSED1 UNUSED.
* @param[in] UNUSED2 UNUSED.
* @param[out] result Must be filled with the requested information.
* @param[in] result_length Maximum size of @p result.
*
* @return The number of bytes written to @p result or a value
* less than zero on error.
*/
int32_t GetDtlsPskForMotPreconfPinOxm( CADtlsPskCredType_t type,
const unsigned char *UNUSED1, size_t UNUSED2,
unsigned char *result, size_t result_length);
#endif //_ENABLE_MULTIPLE_OWNER_
/**
* API to derive the PSK based on PIN and new device's UUID.
* New device's UUID should be set through SetUuidForPinBasedOxm() API before this API is invoked.
*
* @param[out] result generated PSK
*
* @return 0 for success, otherwise error.
*/
int DerivePSKUsingPIN(uint8_t* result);
#endif //__WITH_DTLS__
#ifdef __cplusplus
......
......@@ -219,7 +219,10 @@ typedef enum OicSecDpm
SECURITY_MANAGEMENT_SERVICES = (0x1 << 3),
PROVISION_CREDENTIALS = (0x1 << 4),
PROVISION_ACLS = (0x1 << 5),
// << 6 THROUGH 15 RESERVED
#ifdef _ENABLE_MULTIPLE_OWNER_
TAKE_SUB_OWNER = (0x1 << 6),
#endif
// << 7 THROUGH 15 RESERVED
} OicSecDpm_t;
// These types are taken from the Security Spec v1.1.12 /pstat resource definition
......@@ -268,6 +271,9 @@ typedef enum
OIC_JUST_WORKS = 0x0,
OIC_RANDOM_DEVICE_PIN = 0x1,
OIC_MANUFACTURER_CERTIFICATE = 0x2,
#ifdef _ENABLE_MULTIPLE_OWNER_
OIC_PRECONFIG_PIN = 0x3,
#endif //_ENABLE_MULTIPLE_OWNER_
OIC_OXM_COUNT
}OicSecOxm_t;
......@@ -280,6 +286,30 @@ typedef enum
OIC_ENCODING_DER = 4
}OicEncodingType_t;
#ifdef _ENABLE_MULTIPLE_OWNER_
typedef enum
{
MOT_STATUS_READY = 0,
MOT_STATUS_IN_PROGRESS = 1,
MOT_STATUS_DONE = 2,
}MotStatus_t;
#endif //_ENABLE_MULTIPLE_OWNER_
/*
* oic.sec.mom type definition
* TODO: This type will be included to OIC Security Spec.
* 0 : Disable multiple owner
* 1 : Enable multiple owner (Always on)
* 2 : Timely multiple owner enable
*/
typedef enum
{
OIC_MULTIPLE_OWNER_DISABLE = 0,
OIC_MULTIPLE_OWNER_ENABLE = 1,
OIC_MULTIPLE_OWNER_TIMELY_ENABLE = 2,
OIC_NUMBER_OF_MOM_TYPE = 3
}OicSecMomType_t;
typedef struct OicSecKey OicSecKey_t;
typedef struct OicSecPstat OicSecPstat_t;
......@@ -294,6 +324,11 @@ typedef char *OicUrn_t; //TODO is URN type defined elsewhere?
typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere?
#ifdef _ENABLE_MULTIPLE_OWNER_
typedef struct OicSecSubOwner OicSecSubOwner_t;
typedef struct OicSecMom OicSecMom_t;
#endif //_ENABLE_MULTIPLE_OWNER_
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
typedef struct OicSecCrl OicSecCrl_t;
......@@ -355,10 +390,13 @@ struct OicSecValidity
struct OicSecAce
{
// <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
OicUuid_t subjectuuid; // 0:R:S:Y:uuid
OicSecRsrc_t *resources; // 1:R:M:Y:Resource
uint16_t permission; // 2:R:S:Y:UINT16
OicSecValidity_t *validities; // 3:R:M:N:Time-interval
OicUuid_t subjectuuid; // 0:R:S:Y:uuid
OicSecRsrc_t *resources; // 1:R:M:Y:Resource
uint16_t permission; // 2:R:S:Y:UINT16
OicSecValidity_t *validities; // 3:R:M:N:Time-interval
#ifdef _ENABLE_MULTIPLE_OWNER_
OicUuid_t* eownerID; //4:R:S:N:oic.uuid
#endif
OicSecAce_t *next;
};
......@@ -409,10 +447,25 @@ struct OicSecCred
#endif /* __WITH_DTLS__ or __WITH_TLS__*/
OicSecKey_t privateData; // 6:R:S:N:oic.sec.key
char *period; // 7:R:S:N:String
OicUuid_t rownerID; // 8:R:S:Y:oic.uuid
OicUuid_t rownerID; // 8:R:S:Y:oic.uuid
#ifdef _ENABLE_MULTIPLE_OWNER_
OicUuid_t *eownerID; //9:R:S:N:oic.uuid
#endif //_ENABLE_MULTIPLE_OWNER_
OicSecCred_t *next;
};
#ifdef _ENABLE_MULTIPLE_OWNER_
struct OicSecSubOwner {
OicUuid_t uuid;
MotStatus_t status;
OicSecSubOwner_t* next;
};
struct OicSecMom{
OicSecMomType_t mode;
};
#endif //_ENABLE_MULTIPLE_OWNER_
/**
* /oic/sec/doxm (Device Owner Transfer Methods) data type
* Derived from OIC Security Spec; see Spec for details.
......@@ -432,7 +485,11 @@ struct OicSecDoxm
OicUuid_t deviceID; // 6:R:S:Y:oic.uuid
bool