Commit c1385693 authored by Habib Virji's avatar Habib Virji

CRED payload conversion from JSON to CBOR

Converts CRED payload from JSON to CBOR directly using tinycbor library.
- CRED unit test has been updated to handle the changes.
- Unit test related functions are defined in security_internals.
- Parameter which were passed as char * has been converted to uint8_t as they were later converted to base64.
- All the usage and base64 has been removed.

Change-Id: I159d46f8500c1880b49a3acbcfc59cfa0c6da4f0
Signed-off-by: default avatarHabib Virji <habib.virji@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/5117Reviewed-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
Tested-by: default avatarjenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-on: https://gerrit.iotivity.org/gerrit/5793
parent aa5f4de4
......@@ -66,9 +66,9 @@ typedef enum
* @return The number of bytes written to @p result or a value
* less than zero on error.
*/
typedef int (*CAGetDTLSPskCredentialsHandler)( CADtlsPskCredType_t type,
const unsigned char *desc, size_t desc_len,
unsigned char *result, size_t result_length);
typedef int (*CAGetDTLSPskCredentialsHandler)(CADtlsPskCredType_t type,
const uint8_t *desc, size_t desc_len,
uint8_t *result, size_t result_length);
/**
* Register callback to receive the result of DTLS handshake.
......
......@@ -32,45 +32,42 @@ extern "C" {
/**
* Initialize credential resource by loading data from persistent storage.
*
* @retval
* OC_STACK_OK - no errors
* OC_STACK_ERROR - stack process error
* @return ::OC_STACK_OK, if initialization is successful, else ::OC_STACK_ERROR if
* initialization fails.
*/
OCStackResult InitCredResource();
/**
* Perform cleanup for credential resources.
*
* @retval
* OC_STACK_OK - no errors
* OC_STACK_ERROR - stack process error
* OC_STACK_NO_RESOURCE - resource not found
* OC_STACK_INVALID_PARAM - invalid param
* @return ::OC_STACK_OK, if no errors. ::OC_STACK_ERROR, if stack process error.
* ::OC_STACK_NO_RESOURCE, if resource not found.
* ::OC_STACK_INVALID_PARAM, if invalid param.
*/
OCStackResult DeInitCredResource();
/**
* This method is used by tinydtls/SRM to retrieve credential for given Subject.
* This method is used by tinydtls/SRM to retrieve credential for given subject.
*
* @param subject - subject for which credential is required.
* @param subjectId for which credential is required.
*
* @retval
* reference to OicSecCred_t - if credential is found
* NULL - if credential not found
* @return reference to @ref OicSecCred_t, if credential is found, else NULL, if credential
* not found.
*/
const OicSecCred_t* GetCredResourceData(const OicUuid_t* subjectId);
/**
* This function converts credential data into JSON format.
* Caller needs to invoke 'free' when done using
* returned string.
* @param cred pointer to instance of OicSecCred_t structure.
* This function converts credential data into CBOR format.
* Caller needs to invoke 'free' when done using returned string.
*
* @retval
* pointer to JSON credential representation - if credential for subjectId found
* NULL - if credential for subjectId not found
* @param cred is the pointer to instance of OicSecCred_t structure.
* @param cborPayload is the CBOR converted value.
* @param cborSize is the size of the CBOR.
*
* @return ::OC_STACK_OK if conversion is successful, else ::OC_STACK_ERROR if unsuccessful.
*/
char* BinToCredJSON(const OicSecCred_t* cred);
OCStackResult CredToCBORPayload(const OicSecCred_t* cred, uint8_t **cborPayload,
size_t *cborSize);
/**
* This function generates the bin credential data.
......@@ -82,33 +79,31 @@ char* BinToCredJSON(const OicSecCred_t* cred);
* @param ownersLen length of owners array
* @param owners array of owners.
*
* @retval
* pointer to instance of OicSecCred_t - success
* NULL - error
* @return pointer to instance of @ref OicSecCred_t if successful. else NULL in case of error.
*/
OicSecCred_t * GenerateCredential(const OicUuid_t* subject, OicSecCredType_t credType,
const char * publicData, const char * privateData, size_t ownersLen,
const OicUuid_t * owners);
const uint8_t * publicData, const uint8_t * privateData,
size_t ownersLen, const OicUuid_t * owners);
/**
* This function adds the new cred to the credential list.
*
* @param cred pointer to new credential.
* @param cred is the pointer to new credential.
*
* @retval
* OC_STACK_OK - cred not NULL and persistent storage gets updated
* OC_STACK_ERROR - cred is NULL or fails to update persistent storage
* @return ::OC_STACK_OK, cred not NULL and persistent storage gets updated.
* ::OC_STACK_ERROR, cred is NULL or fails to update persistent storage.
*/
OCStackResult AddCredential(OicSecCred_t * cred);
/**
* Function to remove the credential from SVR DB.
*
* @param credId Credential ID to be deleted.
* @param credId is the Credential ID to be deleted.
*
* @return OC_STACK_OK for success and errorcode otherwise.
* @return ::OC_STACK_OK for success, or errorcode otherwise.
*/
OCStackResult RemoveCredential(const OicUuid_t* credId);
OCStackResult RemoveCredential(const OicUuid_t *credId);
/**
* Remove all credential data on credential resource and persistent storage
......@@ -124,11 +119,11 @@ OCStackResult RemoveAllCredentials(void);
* This internal callback is used by lower stack (i.e. CA layer) to
* retrieve PSK credentials from RI security layer.
*
* @param[in] type type of PSK data required by CA layer during DTLS handshake.
* @param[in] desc Additional request information.
* @param[in] desc_len The actual length of desc.
* @param[out] result Must be filled with the requested information.
* @param[in] result_length Maximum size of @p result.
* @param type of PSK data required by CA layer during DTLS handshake.
* @param desc Additional request information.
* @param desc_len is the actual length of desc.
* @param result is must be filled with the requested information.
* @param result_length is the maximum size of @p result.
*
* @return The number of bytes written to @p result or a value
* less than zero on error.
......@@ -138,21 +133,22 @@ int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
unsigned char *result, size_t result_length);
/**
* Add temporal PSK to PIN based OxM
* Add temporal PSK to PIN based OxM.
*
* @param[in] tmpSubject UUID of target device
* @param[in] credType Type of credential to be added
* @param[in] pin numeric characters
* @param[in] pinSize length of 'pin'
* @param[in] ownersLen Number of owners
* @param[in] owners Array of owners
* @param[out] tmpCredSubject Generated credential's subject.
* @param tmpSubject is the UUID of target device
* @param credType is the type of credential to be added
* @param pin is the numeric characters
* @param pinSize is the length of 'pin'
* @param ownersLen is the number of owners
* @param owners is the array of owners
* @param tmpCredSubject is the generated credential's subject.
*
* @return OC_STACK_OK for success and errorcode otherwise.
* @return ::OC_STACK_OK for success or else errorcode.
*/
OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
const char * pin, size_t pinSize,
size_t ownersLen, const OicUuid_t * owners, OicUuid_t* tmpCredSubject);
size_t ownersLen, const OicUuid_t * owners,
OicUuid_t* tmpCredSubject);
#endif /* __WITH_DTLS__ */
......@@ -160,18 +156,17 @@ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t cre
/**
* This function is used toretrieve certificate credentials from RI security layer.
*
* @param credInfo
* binary structure containing certificate credentials
* @param credInfo is the binary structure containing certificate credentials
*
* @retval 0 on scuccess
* @return 0 on success.
*/
int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo);
#endif /*__WITH_X509__*/
/**
* Function to deallocate allocated memory to OicSecCred_t
* Function to deallocate allocated memory to OicSecCred_t.
*
* @param cred pointer to cred type
* @param cred pointer to cred type.
*
*/
void DeleteCredList(OicSecCred_t* cred);
......@@ -181,5 +176,3 @@ void DeleteCredList(OicSecCred_t* cred);
#endif
#endif //IOTVT_SRM_CREDR_H
......@@ -68,6 +68,33 @@ OCEntityHandlerResult PstatEntityHandler(OCEntityHandlerFlag flag,
OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t cborSize,
OicSecAmacl_t **amacl);
/**
* This internal method is the entity handler for Cred resources
* to handle REST request (PUT/POST/DEL)
*/
OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
OCEntityHandlerRequest * ehRequest,
void* callbackParameter);
/**
* This internal method is used to create '/oic/sec/Cred' resource.
*/
OCStackResult CreateCredResource();
/**
* This function converts from CBOR format into credential structure .
* Caller needs to invoke 'free' for allocated structure.
*
* @param cborPayload is the CBOR value that is assigned to the structure.
* @param size is the size of the CBOR.
* @param secCred is the pointer to instance of @ref OicSecCred_t structure that will be allocated.
* If it fails it will return NULL.
*
* @return ::OC_STACK_OK if conversion is successful, else ::OC_STACK_ERROR if unsuccessful.
*/
OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
OicSecCred_t **secCred);
#ifdef __cplusplus
}
#endif
......
......@@ -287,7 +287,8 @@ struct OicUuid
#define JWK_LENGTH 256/8 // 256 bit key length
struct OicSecJwk
{
char *data;
uint8_t *data;
size_t len;
};
/**
......
......@@ -19,12 +19,14 @@
* *****************************************************************/
#include <string.h>
#include "credentialgenerator.h"
#include "base64.h"
#include "oic_malloc.h"
#include "oic_string.h"
#include "logger.h"
#include "ocpayload.h"
#include "payload_logging.h"
#include "credresource.h"
#include "ocrandom.h"
#include "base64.h"
#include "srmutility.h"
#include "stdbool.h"
#include "securevirtualresourcetypes.h"
#ifdef __WITH_X509__
......@@ -35,30 +37,18 @@
#define TAG "SRPAPI-CG"
/**
* @def PM_VERIFY_SUCCESS
* @brief Macro to verify success of operation.
* eg: PM_VERIFY_SUCCESS(TAG, OC_STACK_OK == foo(), OC_STACK_ERROR, ERROR);
* @note Invoking function must define "bail:" label for goto functionality to work correctly and
* must define "OCStackResult res" for setting error code.
* */
#define PM_VERIFY_SUCCESS(tag, op, errCode, logLevel) { if (!(op)) \
{OIC_LOG((logLevel), tag, #op " failed!!"); res = errCode; goto bail;} }
/**
* @def PM_VERIFY_NON_NULL
* @brief Macro to verify argument is not equal to NULL.
* eg: PM_VERIFY_NON_NULL(TAG, ptrData, ERROR);
* @note Invoking function must define "bail:" label for goto functionality to work correctly.
* */
#define PM_VERIFY_NON_NULL(tag, arg, errCode, logLevel) { if (NULL == (arg)) \
{ OIC_LOG((logLevel), tag, #arg " is NULL"); res = errCode; goto bail;} }
static const char OIC_JSON_CRV_NAME[] = "crv";
static const char OIC_JSON_KTY_NAME[] = "kty";
static const char OIC_JSON_CERTIFICATE_NAME[] = "x5c";
static const char OIC_JSON_D_NAME[] = "d";
static const char kty[] = "EC";
static const char crv[] = "P-256";
static const uint8_t CertMapSize = 3;
OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySize,
const OicUuid_t *ptDeviceId,
const OicUuid_t *firstDeviceId, const OicUuid_t *secondDeviceId,
OicSecCred_t **firstCred, OicSecCred_t **secondCred)
const OicUuid_t *ptDeviceId, const OicUuid_t *firstDeviceId,
const OicUuid_t *secondDeviceId, OicSecCred_t **firstCred, OicSecCred_t **secondCred)
{
if (NULL == ptDeviceId || NULL == firstDeviceId || NULL != *firstCred || \
NULL == secondDeviceId || NULL != *secondCred)
{
......@@ -71,42 +61,30 @@ OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySiz
return OC_STACK_INVALID_PARAM;
}
OCStackResult res = OC_STACK_ERROR;
uint8_t* privData = NULL;
char* base64Buff = NULL;
OicSecCred_t *tempFirstCred = NULL;
OicSecCred_t *tempSecondCred = NULL;
size_t privDataKeySize = keySize;
privData = (uint8_t*) OICCalloc(privDataKeySize,sizeof(uint8_t));
PM_VERIFY_NON_NULL(TAG, privData, OC_STACK_NO_MEMORY, ERROR);
uint8_t *privData = (uint8_t *)OICCalloc(privDataKeySize, sizeof(uint8_t));
VERIFY_NON_NULL(TAG, privData, ERROR);
OCFillRandomMem(privData,privDataKeySize);
uint32_t outLen = 0;
base64Buff = (char*) OICCalloc(B64ENCODE_OUT_SAFESIZE(privDataKeySize) + 1, sizeof(char));
PM_VERIFY_NON_NULL(TAG, base64Buff, OC_STACK_NO_MEMORY, ERROR);
int memReq = (B64ENCODE_OUT_SAFESIZE(privDataKeySize) + 1) * sizeof(char);
B64Result b64Ret = b64Encode(privData, privDataKeySize*sizeof(uint8_t), base64Buff,
memReq, &outLen);
PM_VERIFY_SUCCESS(TAG, B64_OK == b64Ret, OC_STACK_ERROR, ERROR);
OCFillRandomMem(privData, privDataKeySize);
// TODO: currently owner array is 1. only provisioning tool's id.
tempFirstCred = GenerateCredential(secondDeviceId, type, NULL, base64Buff, 1, ptDeviceId);
PM_VERIFY_NON_NULL(TAG, tempFirstCred, OC_STACK_ERROR, ERROR);
tempFirstCred = GenerateCredential(secondDeviceId, type, NULL, privData, 1, ptDeviceId);
VERIFY_NON_NULL(TAG, tempFirstCred, ERROR);
// TODO: currently owner array is 1. only provisioning tool's id.
tempSecondCred = GenerateCredential(firstDeviceId, type, NULL, base64Buff, 1, ptDeviceId);
PM_VERIFY_NON_NULL(TAG, tempSecondCred, OC_STACK_ERROR, ERROR);
tempSecondCred = GenerateCredential(firstDeviceId, type, NULL, privData, 1, ptDeviceId);
VERIFY_NON_NULL(TAG, tempSecondCred, ERROR);
*firstCred = tempFirstCred;
*secondCred = tempSecondCred;
res = OC_STACK_OK;
bail:
exit:
OICFree(privData);
OICFree(base64Buff);
if(res != OC_STACK_OK)
{
......@@ -123,17 +101,22 @@ bail:
/**
* Function to compose JSON Web Key (JWK) string from a certificate and a public key.
*
* @param[in] certificateChain Array of Base64 encoded certificate strings.
* @param[in] chainLength Number of the certificates in certificateChain.
* @return Valid JWK string on success, or NULL on fail.
* @param certificateChain Array of Base64 encoded certificate strings.
* @param chainLength Number of the certificates in certificateChain.
* @param payload Valid JWK CBOR on success, or NULL on fail.
*/
static char *CreateCertificatePublicJWK(const char *const *certificateChain,
const size_t chainLength)
static OCStackResult CreateCertificatePublicJWK(const char *const *certificateChain,
const size_t chainLength, uint8_t **cborPayload, size_t *size)
{
OCStackResult ret = OC_STACK_ERROR;
*cborPayload = NULL;
*size = 0;
if (NULL == certificateChain || chainLength == 0)
{
OIC_LOG(ERROR, TAG, "Error CreateCertificatePublicJWK: Invalid params");
return NULL;
return OC_STACK_INVALID_PARAM;
}
size_t certChainSize = 0;
......@@ -146,70 +129,118 @@ static char *CreateCertificatePublicJWK(const char *const *certificateChain,
else
{
OIC_LOG(ERROR, TAG, "Error CreateCertificatePublicJWK: Invalid params");
return NULL;
}
}
/* certificates in the json array taken in quotes and separated by a comma
* so we have to count the number of characters (number of commas and quotes) required
* for embedding certificates in the array depending on the number of certificates in chain
* each certificate except last embeded in "\"%s\"," */
const int numCommasAndQuotes = chainLength * 3 - 1;
const char firstPart[] = "{\"kty\":\"EC\",\"crv\":\"P-256\",\"x5c\":[";
const char secondPart[] = "]}";
/* to calculate the size of JWK public part we need to add the value of first and second parts,
* size of certificate chain, number of additional commas and quotes and 1 for string termination symbol */
size_t certPubJWKLen = strlen(firstPart) + strlen(secondPart)
+ certChainSize + numCommasAndQuotes + 1;
char *certPubJWK = (char *)OICMalloc(certPubJWKLen);
if (NULL != certPubJWK)
{
OICStrcpy(certPubJWK, certPubJWKLen, firstPart);
size_t offset = strlen(firstPart);
for (size_t i = 0; i < chainLength; ++i)
{
offset += snprintf(certPubJWK + offset, certPubJWKLen - offset, "\"%s\",", certificateChain[i]);
return OC_STACK_INVALID_PARAM;
}
snprintf(certPubJWK + offset - 1, certPubJWK - offset - 1, secondPart);
}
else
// cborArbitraryLen is a value to conver field names and cbor map, cbor array.
size_t cborArbitraryLen = 255;
size_t cborLen = certChainSize + cborArbitraryLen;
int64_t cborEncoderResult = CborNoError;
CborEncoder encoder = { .end = 0 };
uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
VERIFY_NON_NULL(TAG, outPayload, ERROR);
cbor_encoder_init(&encoder, outPayload, cborLen, 0);
CborEncoder credMap = { .end = 0 };
cborEncoderResult |= cbor_encoder_create_map(&encoder, &credMap, CertMapSize);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map.");
cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_KTY_NAME,
strlen(OIC_JSON_KTY_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, kty, strlen(kty));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CRV_NAME,
strlen(OIC_JSON_CRV_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, crv, strlen(crv));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CERTIFICATE_NAME,
strlen(OIC_JSON_CERTIFICATE_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Name.");
CborEncoder certs = { {.ptr = NULL }, .end = 0 };
cborEncoderResult |= cbor_encoder_create_array(&credMap, &certs, chainLength);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Array.");
for (size_t i = 0; i < chainLength; i++)
{
OIC_LOG(ERROR, TAG, "Error while memory allocation");
cborEncoderResult |= cbor_encode_byte_string(&certs, (uint8_t *)certificateChain[i], strlen(certificateChain[i]));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Chain.");
}
return certPubJWK;
cborEncoderResult |= cbor_encoder_close_container(&credMap, &certs);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Certificate Chain.");
cborEncoderResult |= cbor_encoder_close_container(&encoder, &credMap);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
*cborPayload = outPayload;
*size = encoder.ptr - outPayload;
ret = OC_STACK_OK;
exit:
return ret;
}
/**
* Function to compose JWK string from a private key.
*
* @param[in] privateKey Base64 encoded private key.
* @return Valid JWK string on success, or NULL on fail.
* @param privateKey to be converted to CBOR.
* @ Valid JWK string on success, or NULL on fail.
*/
static char *CreateCertificatePrivateJWK(const char *privateKey)
OCStackResult CreateCertificatePrivateJWK(const char *privateKey, uint8_t **cborPayload,
size_t *size)
{
if (NULL == privateKey)
{
OIC_LOG(ERROR, TAG, "Error privateKey is NULL");
return NULL;
}
const char firstPart[] = "{\"kty\":\"EC\",\"crv\":\"P-256\",\"d\":\"";
const char secondPart[] = "\"}";
size_t len = strlen(firstPart) + strlen(secondPart) + strlen(privateKey) + 1;
char *certPrivJWK = (char *)OICMalloc(len);
if (NULL != certPrivJWK)
{
snprintf(certPrivJWK, len, "%s%s%s", firstPart, privateKey, secondPart);
}
else
{
OIC_LOG(ERROR, TAG, "Error while memory allocation");
}
return certPrivJWK;
*cborPayload = NULL;
*size = 0;
OCStackResult ret = OC_STACK_INVALID_PARAM;
VERIFY_NON_NULL(TAG, privateKey, ERROR);
// cborArbitraryLen is a value to conver field names and cbor map, cbor array.
size_t cborArbitraryLen = 255;
size_t cborLen = strlen(privateKey) + cborArbitraryLen;
int64_t cborEncoderResult = CborNoError;
ret = OC_STACK_ERROR;
uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
VERIFY_NON_NULL(TAG, outPayload, ERROR);
CborEncoder encoder = { .end = 0 };
cbor_encoder_init(&encoder, outPayload, cborLen, 0);
CborEncoder credMap = { .end = 0 };
cborEncoderResult |= cbor_encoder_create_map(&encoder, &credMap, 3);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_KTY_NAME,
strlen(OIC_JSON_KTY_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, kty, strlen(kty));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CRV_NAME,
strlen(OIC_JSON_CRV_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, crv, strlen(crv));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_D_NAME,
strlen(OIC_JSON_D_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding D tag.");
cborEncoderResult |= cbor_encode_byte_string(&credMap, (uint8_t *)privateKey, strlen(privateKey));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding D Value.");
cborEncoderResult |= cbor_encoder_close_container(&encoder, &credMap);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
*cborPayload = outPayload;
*size = encoder.ptr - outPayload;
ret = OC_STACK_OK;
exit:
return ret;
}
/**
* Function to generate Base64 encoded credential data for device.
*
......@@ -339,7 +370,6 @@ memclean:
return OC_STACK_OK;
}
OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId,
const OicUuid_t *deviceId, OicSecCred_t **const cred)
{
......@@ -357,8 +387,18 @@ OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId,
return OC_STACK_ERROR;
}
char *publicJWK = CreateCertificatePublicJWK(certificateChain, certChainLen);
char *privateJWK = CreateCertificatePrivateJWK(privKey);
uint8_t *publicJWK = NULL;
size_t len = 0;
if (OC_STACK_OK == CreateCertificatePublicJWK(certificateChain, certChainLen, &publicJWK, &len))
{
}
uint8_t *privateJWK = NULL;
size_t len1 = 0;
if (OC_STACK_OK == CreateCertificatePrivateJWK(privKey, &privateJWK, &len1))
{
}
for (size_t i = 0; i < certChainLen; ++i)
{
OICFree(certificateChain[i]);
......
......@@ -439,16 +439,10 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
OIC_LOG_BUFFER(INFO, TAG,ownerPSK, OWNER_PSK_LENGTH_128);
//Generating new credential for provisioning tool
size_t ownLen = 1;
uint32_t outLen = 0;
char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(ownerPSK)) + 1] = {};
B64Result b64Ret = b64Encode(ownerPSK, sizeof(ownerPSK), base64Buff, sizeof(base64Buff),
&outLen);
VERIFY_SUCCESS(TAG, B64_OK == b64Ret, ERROR);
OicSecCred_t *cred = GenerateCredential(&selectedDeviceInfo->doxm->deviceID,
SYMMETRIC_PAIR_WISE_KEY, NULL,
base64Buff, ownLen, &ptDeviceID);
ownerPSK, ownLen, &ptDeviceID);
VERIFY_NON_NULL(TAG, cred, ERROR);
res = AddCredential(cred);
......@@ -936,8 +930,8 @@ static OCStackResult PutOwnerCredential(OTMContext_t* otmCtx)
newCredential.privateData.data = NULL;
//Send owner credential to new device : PUT /oic/sec/cred [ owner credential ]
secPayload->securityData = BinToCredJSON(&newCredential);
if (NULL == secPayload->securityData)
size_t size = 0;
if (OC_STACK_OK != CredToCBORPayload(&newCredential, &secPayload->securityData1, &size))
{
OICFree(secPayload);
OIC_LOG(ERROR, TAG, "Error while converting bin to json");
......
......@@ -298,21 +298,21 @@ static OCStackResult provisionCredentials(const OicSecCred_t *cred,
OCClientResponseHandler responseHandler)
{
OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
if(!secPayload)