CRED payload conversion from JSON to CBOR

Converts CRED payload from JSON to CBOR directly using tinycbor library. - CRED unit test has been updated to handle the changes. - Unit test related functions are defined in security_internals. - Parameter which were passed as char * has been converted to uint8_t as they were later converted to base64. - All the usage and base64 has been removed. Change-Id: I159d46f8500c1880b49a3acbcfc59cfa0c6da4f0 Signed-off-by: Habib Virji <habib.virji@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/5117Reviewed-by: Randeep Singh <randeep.s@samsung.com> Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org> Reviewed-on: https://gerrit.iotivity.org/gerrit/5793

CRED payload conversion from JSON to CBOR
Converts CRED payload from JSON to CBOR directly using tinycbor library. - CRED unit test has been updated to handle the changes. - Unit test related functions are defined in security_internals. - Parameter which were passed as char * has been converted to uint8_t as they were later converted to base64. - All the usage and base64 has been removed. Change-Id: I159d46f8500c1880b49a3acbcfc59cfa0c6da4f0 Signed-off-by: Habib Virji <habib.virji@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/5117Reviewed-by: Randeep Singh <randeep.s@samsung.com> Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org> Reviewed-on: https://gerrit.iotivity.org/gerrit/5793
c1385693 · Habib Virji · aa5f4de4 · c1385693 · c1385693 · c1385693
Commit c1385693 authored Feb 22, 2016 by Habib Virji
10 changed files
--- a/resource/csdk/connectivity/api/casecurityinterface.h
+++ b/resource/csdk/connectivity/api/casecurityinterface.h
@@ -66,9 +66,9 @@ typedef enum
 * @return The number of bytes written to @p result or a value
 *         less than zero on error.
 */
-typedef int (*CAGetDTLSPskCredentialsHandler)( CADtlsPskCredType_t type,
-		      const unsigned char *desc, size_t desc_len,
-		      unsigned char *result, size_t result_length);
+typedef int (*CAGetDTLSPskCredentialsHandler)(CADtlsPskCredType_t type,
+		      const uint8_t *desc, size_t desc_len,
+		      uint8_t *result, size_t result_length);

 /**
 * Register callback to receive the result of DTLS handshake.

--- a/resource/csdk/security/include/internal/credresource.h
+++ b/resource/csdk/security/include/internal/credresource.h
@@ -32,45 +32,42 @@ extern "C" {
 /**
 * Initialize credential resource by loading data from persistent storage.
 *
- * @retval
- *     OC_STACK_OK    - no errors
- *     OC_STACK_ERROR - stack process error
+ * @return ::OC_STACK_OK, if initialization is successful, else ::OC_STACK_ERROR if
+ * initialization fails.
 */
 OCStackResult InitCredResource();

 /**
 * Perform cleanup for credential resources.
 *
- * @retval
- *     OC_STACK_OK              - no errors
- *     OC_STACK_ERROR           - stack process error
- *     OC_STACK_NO_RESOURCE     - resource not found
- *     OC_STACK_INVALID_PARAM   - invalid param
+ * @return ::OC_STACK_OK, if no errors. ::OC_STACK_ERROR, if stack process error.
+ * ::OC_STACK_NO_RESOURCE, if resource not found.
+ * ::OC_STACK_INVALID_PARAM, if invalid param.
 */
 OCStackResult DeInitCredResource();

 /**
- * This method is used by tinydtls/SRM to retrieve credential for given Subject.
+ * This method is used by tinydtls/SRM to retrieve credential for given subject.
 *
- * @param subject - subject for which credential is required.
+ * @param subjectId for which credential is required.
 *
- * @retval
- *     reference to OicSecCred_t - if credential is found
- *     NULL                      - if credential not found
+ * @return reference to @ref OicSecCred_t, if credential is found, else NULL, if credential
+ * not found.
 */
 const OicSecCred_t* GetCredResourceData(const OicUuid_t* subjectId);

 /**
- * This function converts credential data into JSON format.
- * Caller needs to invoke 'free' when done using
- * returned string.
- * @param cred  pointer to instance of OicSecCred_t structure.
+ * This function converts credential data into CBOR format.
+ * Caller needs to invoke 'free' when done using returned string.
 *
- * @retval
- *      pointer to JSON credential representation - if credential for subjectId found
- *      NULL                                      - if credential for subjectId not found
+ * @param cred is the pointer to instance of OicSecCred_t structure.
+ * @param cborPayload is the CBOR converted value.
+ * @param cborSize is the size of the CBOR.
+ *
+ * @return ::OC_STACK_OK if conversion is successful, else ::OC_STACK_ERROR if unsuccessful.
 */
-char* BinToCredJSON(const OicSecCred_t* cred);
+OCStackResult CredToCBORPayload(const OicSecCred_t* cred, uint8_t **cborPayload,
+                                size_t *cborSize);

 /**
 * This function generates the bin credential data.
@@ -82,33 +79,31 @@ char* BinToCredJSON(const OicSecCred_t* cred);
 * @param ownersLen length of owners array
 * @param owners array of owners.
 *
- * @retval
- *      pointer to instance of OicSecCred_t  - success
- *      NULL                                 - error
+ * @return pointer to instance of @ref OicSecCred_t if successful. else NULL in case of error.
+
 */
 OicSecCred_t * GenerateCredential(const OicUuid_t* subject, OicSecCredType_t credType,
-                     const char * publicData, const char * privateData, size_t ownersLen,
-                     const OicUuid_t * owners);
+                     const uint8_t * publicData, const uint8_t * privateData,
+                     size_t ownersLen, const OicUuid_t * owners);

 /**
 * This function adds the new cred to the credential list.
 *
- * @param cred pointer to new credential.
+ * @param cred is the pointer to new credential.
 *
- * @retval
- *      OC_STACK_OK     - cred not NULL and persistent storage gets updated
- *      OC_STACK_ERROR  - cred is NULL or fails to update persistent storage
+ * @return ::OC_STACK_OK, cred not NULL and persistent storage gets updated.
+ * ::OC_STACK_ERROR, cred is NULL or fails to update persistent storage.
 */
 OCStackResult AddCredential(OicSecCred_t * cred);

 /**
 * Function to remove the credential from SVR DB.
 *
- * @param credId Credential ID to be deleted.
+ * @param credId is the Credential ID to be deleted.
 *
- * @return OC_STACK_OK for success and errorcode otherwise.
+ * @return ::OC_STACK_OK for success, or errorcode otherwise.
 */
-OCStackResult RemoveCredential(const OicUuid_t* credId);
+OCStackResult RemoveCredential(const OicUuid_t *credId);

 /**
 * Remove all credential data on credential resource and persistent storage
@@ -124,11 +119,11 @@ OCStackResult RemoveAllCredentials(void);
 * This internal callback is used by lower stack (i.e. CA layer) to
 * retrieve PSK credentials from RI security layer.
 *
- * @param[in]  type type of PSK data required by CA layer during DTLS handshake.
- * @param[in]  desc Additional request information.
- * @param[in]  desc_len The actual length of desc.
- * @param[out] result  Must be filled with the requested information.
- * @param[in]  result_length  Maximum size of @p result.
+ * @param type of PSK data required by CA layer during DTLS handshake.
+ * @param desc Additional request information.
+ * @param desc_len is the actual length of desc.
+ * @param result  is must be filled with the requested information.
+ * @param result_length is the maximum size of @p result.
 *
 * @return The number of bytes written to @p result or a value
 *         less than zero on error.
@@ -138,21 +133,22 @@ int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
              unsigned char *result, size_t result_length);

 /**
- * Add temporal PSK to PIN based OxM
+ * Add temporal PSK to PIN based OxM.
 *
- * @param[in] tmpSubject UUID of target device
- * @param[in] credType Type of credential to be added
- * @param[in] pin numeric characters
- * @param[in] pinSize length of 'pin'
- * @param[in] ownersLen Number of owners
- * @param[in] owners Array of owners
- * @param[out] tmpCredSubject Generated credential's subject.
+ * @param tmpSubject is the UUID of target device
+ * @param credType is the type of credential to be added
+ * @param pin is the numeric characters
+ * @param pinSize is the length of 'pin'
+ * @param ownersLen is the number of owners
+ * @param owners is the array of owners
+ * @param tmpCredSubject is the generated credential's subject.
 *
- * @return OC_STACK_OK for success and errorcode otherwise.
+ * @return ::OC_STACK_OK for success or else errorcode.
 */
 OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
                            const char * pin, size_t pinSize,
-                            size_t ownersLen, const OicUuid_t * owners, OicUuid_t* tmpCredSubject);
+                            size_t ownersLen, const OicUuid_t * owners,
+                            OicUuid_t* tmpCredSubject);

 #endif /* __WITH_DTLS__ */

@@ -160,18 +156,17 @@ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t cre
 /**
 * This function is used toretrieve certificate credentials from RI security layer.
 *
- * @param credInfo
- *     binary structure containing certificate credentials
+ * @param credInfo is the binary structure containing certificate credentials
 *
- * @retval 0  on scuccess
+ * @return 0 on success.
 */
 int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo);
 #endif /*__WITH_X509__*/

 /**
- * Function to deallocate allocated memory to OicSecCred_t
+ * Function to deallocate allocated memory to OicSecCred_t.
 *
- * @param cred pointer to cred type
+ * @param cred pointer to cred type.
 *
 */
 void DeleteCredList(OicSecCred_t* cred);
@@ -181,5 +176,3 @@ void DeleteCredList(OicSecCred_t* cred);
 #endif

 #endif //IOTVT_SRM_CREDR_H
-
-
--- a/resource/csdk/security/include/internal/security_internals.h
+++ b/resource/csdk/security/include/internal/security_internals.h
@@ -68,6 +68,33 @@ OCEntityHandlerResult PstatEntityHandler(OCEntityHandlerFlag flag,
 OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t cborSize,
                                 OicSecAmacl_t **amacl);

+/**
+ * This internal method is the entity handler for Cred resources
+ * to handle REST request (PUT/POST/DEL)
+ */
+OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
+                                        OCEntityHandlerRequest * ehRequest,
+                                        void* callbackParameter);
+
+/**
+ * This internal method is used to create '/oic/sec/Cred' resource.
+ */
+OCStackResult CreateCredResource();
+
+/**
+ * This function converts from CBOR format into credential structure .
+ * Caller needs to invoke 'free' for allocated structure.
+ *
+ * @param cborPayload is the CBOR value that is assigned to the structure.
+ * @param size is the size of the CBOR.
+ * @param secCred is the pointer to instance of @ref OicSecCred_t structure that will be allocated.
+ * If it fails it will return NULL.
+ *
+ * @return ::OC_STACK_OK if conversion is successful, else ::OC_STACK_ERROR if unsuccessful.
+ */
+OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
+                                OicSecCred_t **secCred);
+
 #ifdef __cplusplus
 }
 #endif

--- a/resource/csdk/security/include/securevirtualresourcetypes.h
+++ b/resource/csdk/security/include/securevirtualresourcetypes.h
@@ -287,7 +287,8 @@ struct OicUuid
 #define JWK_LENGTH 256/8 // 256 bit key length
 struct OicSecJwk
 {
-    char                *data;
+    uint8_t                *data;
+    size_t                  len;
 };

 /**

--- a/resource/csdk/security/provisioning/src/credentialgenerator.c
+++ b/resource/csdk/security/provisioning/src/credentialgenerator.c
@@ -19,12 +19,14 @@
 * *****************************************************************/
 #include <string.h>
 #include "credentialgenerator.h"
+#include "base64.h"
 #include "oic_malloc.h"
 #include "oic_string.h"
-#include "logger.h"
+#include "ocpayload.h"
+#include "payload_logging.h"
 #include "credresource.h"
 #include "ocrandom.h"
-#include "base64.h"
+#include "srmutility.h"
 #include "stdbool.h"
 #include "securevirtualresourcetypes.h"
 #ifdef __WITH_X509__
@@ -35,30 +37,18 @@

 #define TAG "SRPAPI-CG"

-/**
- * @def PM_VERIFY_SUCCESS
- * @brief Macro to verify success of operation.
- *        eg: PM_VERIFY_SUCCESS(TAG, OC_STACK_OK == foo(), OC_STACK_ERROR, ERROR);
- * @note Invoking function must define "bail:" label for goto functionality to work correctly and
- *       must define "OCStackResult res" for setting error code.
- * */
-#define PM_VERIFY_SUCCESS(tag, op, errCode, logLevel) { if (!(op)) \
-                       {OIC_LOG((logLevel), tag, #op " failed!!"); res = errCode; goto bail;} }
-/**
- * @def PM_VERIFY_NON_NULL
- * @brief Macro to verify argument is not equal to NULL.
- *        eg: PM_VERIFY_NON_NULL(TAG, ptrData, ERROR);
- * @note Invoking function must define "bail:" label for goto functionality to work correctly.
- * */
-#define PM_VERIFY_NON_NULL(tag, arg, errCode, logLevel) { if (NULL == (arg)) \
-                   { OIC_LOG((logLevel), tag, #arg " is NULL"); res = errCode; goto bail;} }
+static const char OIC_JSON_CRV_NAME[] = "crv";
+static const char OIC_JSON_KTY_NAME[] = "kty";
+static const char OIC_JSON_CERTIFICATE_NAME[] = "x5c";
+static const char OIC_JSON_D_NAME[] = "d";
+static const char kty[] = "EC";
+static const char crv[] = "P-256";
+static const uint8_t CertMapSize = 3;

 OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySize,
-                                    const OicUuid_t *ptDeviceId,
-                                    const OicUuid_t *firstDeviceId, const OicUuid_t *secondDeviceId,
-                                    OicSecCred_t **firstCred, OicSecCred_t **secondCred)
+        const OicUuid_t *ptDeviceId, const OicUuid_t *firstDeviceId,
+        const OicUuid_t *secondDeviceId, OicSecCred_t **firstCred, OicSecCred_t **secondCred)
 {
-
    if (NULL == ptDeviceId || NULL == firstDeviceId || NULL != *firstCred || \
        NULL == secondDeviceId || NULL != *secondCred)
    {
@@ -71,42 +61,30 @@ OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySiz
        return OC_STACK_INVALID_PARAM;
    }
    OCStackResult res = OC_STACK_ERROR;
-    uint8_t* privData = NULL;
-    char* base64Buff = NULL;
    OicSecCred_t *tempFirstCred = NULL;
    OicSecCred_t *tempSecondCred = NULL;

    size_t privDataKeySize = keySize;

-    privData = (uint8_t*) OICCalloc(privDataKeySize,sizeof(uint8_t));
-    PM_VERIFY_NON_NULL(TAG, privData, OC_STACK_NO_MEMORY, ERROR);
+    uint8_t *privData = (uint8_t *)OICCalloc(privDataKeySize, sizeof(uint8_t));
+    VERIFY_NON_NULL(TAG, privData, ERROR);

-    OCFillRandomMem(privData,privDataKeySize);
-
-    uint32_t outLen = 0;
-
-    base64Buff = (char*) OICCalloc(B64ENCODE_OUT_SAFESIZE(privDataKeySize) + 1, sizeof(char));
-    PM_VERIFY_NON_NULL(TAG, base64Buff, OC_STACK_NO_MEMORY, ERROR);
-    int memReq = (B64ENCODE_OUT_SAFESIZE(privDataKeySize) + 1) * sizeof(char);
-    B64Result b64Ret = b64Encode(privData, privDataKeySize*sizeof(uint8_t), base64Buff,
-                                 memReq, &outLen);
-    PM_VERIFY_SUCCESS(TAG, B64_OK == b64Ret, OC_STACK_ERROR, ERROR);
+    OCFillRandomMem(privData, privDataKeySize);

    // TODO: currently owner array is 1. only provisioning tool's id.
-    tempFirstCred =  GenerateCredential(secondDeviceId, type, NULL, base64Buff, 1, ptDeviceId);
-    PM_VERIFY_NON_NULL(TAG, tempFirstCred, OC_STACK_ERROR, ERROR);
+    tempFirstCred =  GenerateCredential(secondDeviceId, type, NULL, privData, 1, ptDeviceId);
+    VERIFY_NON_NULL(TAG, tempFirstCred, ERROR);

    // TODO: currently owner array is 1. only provisioning tool's id.
-    tempSecondCred =  GenerateCredential(firstDeviceId, type, NULL, base64Buff, 1, ptDeviceId);
-    PM_VERIFY_NON_NULL(TAG, tempSecondCred, OC_STACK_ERROR, ERROR);
+    tempSecondCred =  GenerateCredential(firstDeviceId, type, NULL, privData, 1, ptDeviceId);
+    VERIFY_NON_NULL(TAG, tempSecondCred, ERROR);

    *firstCred = tempFirstCred;
    *secondCred = tempSecondCred;
    res = OC_STACK_OK;

-bail:
+exit:
    OICFree(privData);
-    OICFree(base64Buff);

    if(res != OC_STACK_OK)
    {
@@ -123,17 +101,22 @@ bail:
 /**
 * Function to compose JSON Web Key (JWK) string from a certificate and a public key.
 *
- * @param[in]  certificateChain    Array of Base64 encoded certificate strings.
- * @param[in]  chainLength         Number of the certificates in certificateChain.
- * @return     Valid JWK string on success, or NULL on fail.
+ * @param certificateChain    Array of Base64 encoded certificate strings.
+ * @param chainLength         Number of the certificates in certificateChain.
+ * @param payload Valid JWK CBOR on success, or NULL on fail.
+
 */
-static char *CreateCertificatePublicJWK(const char *const *certificateChain,
-                                        const size_t chainLength)
+static OCStackResult CreateCertificatePublicJWK(const char *const *certificateChain,
+       const size_t chainLength, uint8_t **cborPayload, size_t *size)
 {
+    OCStackResult ret = OC_STACK_ERROR;
+    *cborPayload = NULL;
+    *size = 0;
+
    if (NULL == certificateChain || chainLength == 0)
    {
        OIC_LOG(ERROR, TAG, "Error CreateCertificatePublicJWK: Invalid params");
-        return NULL;
+        return OC_STACK_INVALID_PARAM;
    }

    size_t certChainSize = 0;
@@ -146,70 +129,118 @@ static char *CreateCertificatePublicJWK(const char *const *certificateChain,
        else
        {
            OIC_LOG(ERROR, TAG, "Error CreateCertificatePublicJWK: Invalid params");
-            return NULL;
-        }
-
-    }
-    /* certificates in the json array taken in quotes and separated by a comma
-     * so we have to count the number of characters (number of commas and quotes) required
-     * for embedding certificates in the array depending on the number of certificates in chain
-     * each certificate except last embeded in  "\"%s\"," */
-    const int numCommasAndQuotes = chainLength * 3 - 1;
-    const char firstPart[] = "{\"kty\":\"EC\",\"crv\":\"P-256\",\"x5c\":[";
-    const char secondPart[] = "]}";
-    /* to calculate the size of JWK public part we need to add the value of first and  second parts,
-     * size of certificate chain, number of additional commas and quotes and 1 for string termination symbol */
-    size_t certPubJWKLen = strlen(firstPart) + strlen(secondPart)
-                                             + certChainSize + numCommasAndQuotes + 1;
-    char *certPubJWK = (char *)OICMalloc(certPubJWKLen);
-
-    if (NULL != certPubJWK)
-    {
-        OICStrcpy(certPubJWK, certPubJWKLen, firstPart);
-        size_t offset = strlen(firstPart);
-        for (size_t i = 0; i < chainLength; ++i)
-        {
-            offset += snprintf(certPubJWK + offset, certPubJWKLen - offset, "\"%s\",", certificateChain[i]);
+            return OC_STACK_INVALID_PARAM;
        }
-        snprintf(certPubJWK + offset - 1, certPubJWK - offset - 1, secondPart);
    }
-    else
+
+    // cborArbitraryLen is a value to conver field names and cbor map, cbor array.
+    size_t cborArbitraryLen = 255;
+    size_t cborLen = certChainSize + cborArbitraryLen;
+    int64_t cborEncoderResult = CborNoError;
+    CborEncoder encoder = { .end = 0 };
+    uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
+    VERIFY_NON_NULL(TAG, outPayload, ERROR);
+    cbor_encoder_init(&encoder, outPayload, cborLen, 0);
+
+    CborEncoder credMap = { .end = 0 };
+    cborEncoderResult |= cbor_encoder_create_map(&encoder, &credMap, CertMapSize);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map.");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_KTY_NAME,
+            strlen(OIC_JSON_KTY_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+    cborEncoderResult |= cbor_encode_text_string(&credMap, kty, strlen(kty));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CRV_NAME,
+            strlen(OIC_JSON_CRV_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+    cborEncoderResult |= cbor_encode_text_string(&credMap, crv, strlen(crv));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CERTIFICATE_NAME,
+            strlen(OIC_JSON_CERTIFICATE_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Name.");
+    CborEncoder certs = { {.ptr = NULL }, .end = 0 };
+    cborEncoderResult |= cbor_encoder_create_array(&credMap, &certs, chainLength);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Array.");
+    for (size_t i = 0; i < chainLength; i++)
    {
-        OIC_LOG(ERROR, TAG, "Error while memory allocation");
+        cborEncoderResult |= cbor_encode_byte_string(&certs, (uint8_t *)certificateChain[i], strlen(certificateChain[i]));
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Chain.");
    }
-    return certPubJWK;
+    cborEncoderResult |= cbor_encoder_close_container(&credMap, &certs);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Certificate Chain.");
+
+    cborEncoderResult |= cbor_encoder_close_container(&encoder, &credMap);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
+
+    *cborPayload = outPayload;
+    *size = encoder.ptr - outPayload;
+    ret = OC_STACK_OK;
+
+exit:
+    return ret;
 }

 /**
 * Function to compose JWK string from a private key.
 *
- * @param[in]  privateKey    Base64 encoded private key.
- * @return     Valid JWK string on success, or NULL on fail.
+ * @param privateKey to be converted to CBOR.
+ * @ Valid JWK string on success, or NULL on fail.
 */
-static char *CreateCertificatePrivateJWK(const char *privateKey)
+OCStackResult CreateCertificatePrivateJWK(const char *privateKey, uint8_t **cborPayload,
+        size_t *size)
 {
-    if (NULL == privateKey)
-    {
-        OIC_LOG(ERROR, TAG, "Error privateKey is NULL");
-        return NULL;
-    }
-    const char firstPart[] = "{\"kty\":\"EC\",\"crv\":\"P-256\",\"d\":\"";
-    const char secondPart[] = "\"}";
-    size_t len = strlen(firstPart) + strlen(secondPart) + strlen(privateKey) + 1;
-    char *certPrivJWK = (char *)OICMalloc(len);
-
-    if (NULL != certPrivJWK)
-    {
-        snprintf(certPrivJWK, len, "%s%s%s", firstPart, privateKey, secondPart);
-    }
-    else
-    {
-        OIC_LOG(ERROR, TAG, "Error while memory allocation");
-    }
-    return certPrivJWK;
+    *cborPayload = NULL;
+    *size = 0;
+    OCStackResult ret = OC_STACK_INVALID_PARAM;
+    VERIFY_NON_NULL(TAG, privateKey, ERROR);
+
+    // cborArbitraryLen is a value to conver field names and cbor map, cbor array.
+    size_t cborArbitraryLen = 255;
+    size_t cborLen = strlen(privateKey) + cborArbitraryLen;
+    int64_t cborEncoderResult = CborNoError;
+    ret = OC_STACK_ERROR;
+    uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
+    VERIFY_NON_NULL(TAG, outPayload, ERROR);
+
+    CborEncoder encoder = { .end = 0 };
+    cbor_encoder_init(&encoder, outPayload, cborLen, 0);
+
+    CborEncoder credMap = { .end = 0 };
+    cborEncoderResult |= cbor_encoder_create_map(&encoder, &credMap, 3);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_KTY_NAME,
+            strlen(OIC_JSON_KTY_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+    cborEncoderResult |= cbor_encode_text_string(&credMap, kty, strlen(kty));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CRV_NAME,
+            strlen(OIC_JSON_CRV_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+    cborEncoderResult |= cbor_encode_text_string(&credMap, crv, strlen(crv));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_D_NAME,
+            strlen(OIC_JSON_D_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding D tag.");
+    cborEncoderResult |= cbor_encode_byte_string(&credMap, (uint8_t *)privateKey, strlen(privateKey));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding D Value.");
+
+    cborEncoderResult |= cbor_encoder_close_container(&encoder, &credMap);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
+
+    *cborPayload = outPayload;
+    *size = encoder.ptr - outPayload;
+    ret = OC_STACK_OK;
+
+exit:
+    return ret;
 }

-
 /**
 * Function to generate Base64 encoded credential data for device.
 *
@@ -339,7 +370,6 @@ memclean:
    return OC_STACK_OK;
 }

-
 OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId,
        const OicUuid_t *deviceId, OicSecCred_t **const cred)
 {
@@ -357,8 +387,18 @@ OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId,
        return OC_STACK_ERROR;
    }

-    char *publicJWK = CreateCertificatePublicJWK(certificateChain, certChainLen);
-    char *privateJWK = CreateCertificatePrivateJWK(privKey);
+    uint8_t *publicJWK = NULL;
+    size_t len = 0;
+    if (OC_STACK_OK == CreateCertificatePublicJWK(certificateChain, certChainLen, &publicJWK, &len))
+    {
+
+    }
+    uint8_t *privateJWK = NULL;
+    size_t len1 = 0;
+    if (OC_STACK_OK == CreateCertificatePrivateJWK(privKey, &privateJWK, &len1))
+    {
+
+    }
    for (size_t i = 0; i < certChainLen; ++i)
    {
        OICFree(certificateChain[i]);

--- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
+++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
@@ -439,16 +439,10 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
        OIC_LOG_BUFFER(INFO, TAG,ownerPSK, OWNER_PSK_LENGTH_128);
        //Generating new credential for provisioning tool
        size_t ownLen = 1;
-        uint32_t outLen = 0;
-
-        char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(ownerPSK)) + 1] = {};
-        B64Result b64Ret = b64Encode(ownerPSK, sizeof(ownerPSK), base64Buff, sizeof(base64Buff),
-                &outLen);
-        VERIFY_SUCCESS(TAG, B64_OK == b64Ret, ERROR);

        OicSecCred_t *cred = GenerateCredential(&selectedDeviceInfo->doxm->deviceID,
                SYMMETRIC_PAIR_WISE_KEY, NULL,
-                base64Buff, ownLen, &ptDeviceID);
+                ownerPSK, ownLen, &ptDeviceID);
        VERIFY_NON_NULL(TAG, cred, ERROR);

        res = AddCredential(cred);
@@ -936,8 +930,8 @@ static OCStackResult PutOwnerCredential(OTMContext_t* otmCtx)
        newCredential.privateData.data = NULL;

        //Send owner credential to new device : PUT /oic/sec/cred [ owner credential ]
-        secPayload->securityData = BinToCredJSON(&newCredential);
-        if (NULL == secPayload->securityData)
+        size_t size = 0;
+        if (OC_STACK_OK != CredToCBORPayload(&newCredential, &secPayload->securityData1, &size))
        {
            OICFree(secPayload);
            OIC_LOG(ERROR, TAG, "Error while converting bin to json");

--- a/resource/csdk/security/provisioning/src/secureresourceprovider.c
+++ b/resource/csdk/security/provisioning/src/secureresourceprovider.c
@@ -298,21 +298,21 @@ static OCStackResult provisionCredentials(const OicSecCred_t *cred,
        OCClientResponseHandler responseHandler)
 {
    OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
-    if(!secPayload)