Commit c69938d0 authored by leechul's avatar leechul Committed by Randeep

Modify OTM & SRM to resolve gap in ownership transfer sequence.

According to OIC security spec B,
Current IoTivity security module(OTM/SRM) has gap in ownership transfer sequence.

This patch includes the following modifications to remove the gap :
  1. Modify to update the 'Owned' as TRUE after owner credential is determined.
  2. In case of PIN based OxM, We should not create a temporal credential.
     It will be handled directly in dtls layer.
     It means we should use another get_psk_info callback
     instead of GetDtlsPskCredentials during PIN based OxM.
  3. The PT(OBT) transmits the owner credential(OwnerPSK) directly to the client.
     The client will only need to verify recevied OwnerPSK.
  4. Modify to include the 'cm' when update pstat in end of security provisioning.

NOTE1 : Please refer to the Figure 9, Table 3 and Figure 10, Table 4 in Spec B.
NOTE2 : IMHO, The current spec B document is not perfect in implementation perspective.
So we've proposed a updated ownership transfer sequence in details through CR document.
And it is expected to be accepted.
We should be update again when spec document is released or CR codument is accepted.
Please keep this in mind.

[Patch #1] : Initial upload.
[Patch #2~#4] : Remove the compile errors and warnings.
[Patch #5] : Retrigger
[Patch #6] : Remove the compile error in doxmresource for arduino
[Patch #7] : Modify according to review comments.
[Patch #8~#9] : Retrigger

Change-Id: If88e7028b55d830d21643a915444a81dc912a948
Signed-off-by: default avatarleechul <chuls.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/5149Reviewed-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
Tested-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
parent c470d511
......@@ -21,6 +21,9 @@
#ifndef PIN_CALLBACK_DEF_H_
#define PIN_CALLBACK_DEF_H_
#include "securevirtualresourcetypes.h"
#include "casecurityinterface.h"
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
......@@ -70,6 +73,32 @@ OCStackResult GeneratePin(char* pinBuffer, size_t bufferSize);
*/
OCStackResult InputPin(char* pinBuffer, size_t bufferSize);
#ifdef __WITH_DTLS__
/**
* This function is used by OTM and SRM to
* register device UUID is required to derive the temporal PSK.
*/
void SetUuidForRandomPinOxm(const OicUuid_t* uuid);
/**
* This internal callback is used while PIN based ownership transfer.
* This callback will be used to establish a temporary secure session according to
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256.
*
* @param[in] type type of PSK data required by tinyDTLS layer during DTLS handshake.
* @param[in] desc UNUSED.
* @param[in] desc_len UNUSED.
* @param[out] result Must be filled with the requested information.
* @param[in] result_length Maximum size of @p result.
*
* @return The number of bytes written to @p result or a value
* less than zero on error.
*/
int32_t GetDtlsPskForRandomPinOxm( CADtlsPskCredType_t type,
const unsigned char *UNUSED1, size_t UNUSED2,
unsigned char *result, size_t result_length);
#endif //__WITH_DTLS__
#ifdef __cplusplus
}
......
......@@ -114,6 +114,15 @@ OicParseQueryIter_t * GetNextQuery(OicParseQueryIter_t * parseIter);
OCStackResult AddUuidArray(cJSON* jsonRoot, const char* arrayItem,
size_t *numUuids, OicUuid_t** uuids );
/**
* Function to getting string of ownership transfer method
*
* @prarm oxmType ownership transfer method
*
* @return string value of ownership transfer method
*/
const char* GetOxmString(OicSecOxm_t oxmType);
#ifdef __cplusplus
}
#endif // __cplusplus
......
......@@ -31,8 +31,6 @@
extern "C" {
#endif // __cplusplus
#define OXM_PBKDF2_ITERATIONS 1000
/**
* Callback implementation to input the PIN code from user.
*
......@@ -70,4 +68,4 @@ char* CreatePinBasedOwnerTransferPayload(OTMContext_t* otmCtx);
#ifdef __cplusplus
}
#endif
#endif //OXM_RANDOM_PIN_H_
\ No newline at end of file
#endif //OXM_RANDOM_PIN_H_
......@@ -58,7 +58,6 @@ char* CreateJustWorksOwnerTransferPayload(OTMContext_t* otmCtx)
return NULL;
}
memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
otmCtx->selectedDeviceInfo->doxm->owned = true;
return BinToDoxmJSON(otmCtx->selectedDeviceInfo->doxm);
}
......
......@@ -47,14 +47,6 @@ char* CreatePinBasedSelectOxmPayload(OTMContext_t* otmCtx)
otmCtx->selectedDeviceInfo->doxm->oxmSel = OIC_RANDOM_DEVICE_PIN;
OicUuid_t uuidPT = {.id={0}};
if (OC_STACK_OK != GetDoxmDeviceID(&uuidPT))
{
OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
return NULL;
}
memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id, UUID_LENGTH);
return BinToDoxmJSON(otmCtx->selectedDeviceInfo->doxm);
}
......@@ -73,7 +65,6 @@ char* CreatePinBasedOwnerTransferPayload(OTMContext_t* otmCtx)
return NULL;
}
memcpy(otmCtx->selectedDeviceInfo->doxm->owner.id, uuidPT.id , UUID_LENGTH);
otmCtx->selectedDeviceInfo->doxm->owned = true;
return BinToDoxmJSON(otmCtx->selectedDeviceInfo->doxm);
}
......@@ -94,21 +85,19 @@ OCStackResult InputPinCodeCallback(OTMContext_t* otmCtx)
return res;
}
OicUuid_t deviceUUID = {.id={0}};
if (OC_STACK_OK != GetDoxmDeviceID(&deviceUUID))
/**
* Since PSK will be used directly while PIN based ownership transfer,
* Credential should not be saved into SVR.
* For this reason, We will use a temporary get_psk_info callback to random PIN OxM.
*/
if(CA_STATUS_OK != CARegisterDTLSCredentialsHandler(GetDtlsPskForRandomPinOxm))
{
OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
return OC_STACK_ERROR;
OIC_LOG(ERROR, TAG, "Failed to register DTLS credentials handler for random PIN OxM.");
res = OC_STACK_ERROR;
}
res = AddTmpPskWithPIN(&otmCtx->selectedDeviceInfo->doxm->deviceID,
SYMMETRIC_PAIR_WISE_KEY,
(char*)pinData, OXM_RANDOM_PIN_SIZE,
1, &deviceUUID, &otmCtx->subIdForPinOxm);
if(res != OC_STACK_OK)
{
OIC_LOG_V(ERROR, TAG, "Failed to save the temporal PSK : %d", res);
}
//Set the device id to derive temporal PSK
SetUuidForRandomPinOxm(&(otmCtx->selectedDeviceInfo->doxm->deviceID));
return res;
}
......@@ -159,3 +148,4 @@ OCStackResult CreateSecureSessionRandomPinCallbak(OTMContext_t* otmCtx)
return OC_STACK_OK;
}
......@@ -36,6 +36,8 @@
#include "pbkdf2.h"
#include <stdlib.h>
#include "iotvticalendar.h"
#include "ocserverrequest.h"
#ifdef WITH_ARDUINO
#include <string.h>
#else
......@@ -658,6 +660,145 @@ OCStackResult RemoveAllCredentials(void)
return OC_STACK_OK;
}
#ifdef __WITH_DTLS__
/**
* Internal function to verify recevied owner PSK.
*
* @param receviedCred recevied Owner Credential from OBT(PT)
* @param ownerAdd address of OBT(PT)
* @param doxm current device's doxm resource
*
* @retval
* true valid ower psk
* false Invalid owner psk or failed to owner psk verification
*/
static bool isValidOwnerPSK(const OicSecCred_t* receviedCred, const CAEndpoint_t* ownerAddr,
const OicSecDoxm_t* doxm)
{
//Decode received PSK to verify OwnerPSKs match
uint32_t privLen = strlen(receviedCred->privateData.data);
size_t b64BufSize = B64DECODE_OUT_SAFESIZE((privLen + 1) * sizeof(char));
uint8_t* decodeBuff = OICMalloc(b64BufSize);
VERIFY_NON_NULL(TAG, decodeBuff, ERROR);
uint32_t decodedSize = 0;
B64Result b64Ret = b64Decode(receviedCred->privateData.data, privLen,
decodeBuff, b64BufSize, &decodedSize);
VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
//Derive OwnerPSK locally
const char* oxmLabel = GetOxmString(doxm->oxmSel);
VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {0};
CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
(uint8_t*)oxmLabel, strlen(oxmLabel),
doxm->owner.id, sizeof(doxm->owner.id),
doxm->deviceID.id, sizeof(doxm->deviceID.id),
ownerPSK, OWNER_PSK_LENGTH_128);
VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
OIC_LOG_V(DEBUG, TAG, "Oxm Label = %s", oxmLabel);
OIC_LOG_V(DEBUG, TAG, "PSK size compare : %s",
OWNER_PSK_LENGTH_128 == decodedSize ? "TRUE" : "FALSE");
OIC_LOG_V(DEBUG, TAG, "SubjectID compare = %s",
memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0 ?
"TRUE" : "FALSE");
OIC_LOG_V(DEBUG, TAG, "Owner PSK compare = %s",
memcmp(ownerPSK, decodeBuff, OWNER_PSK_LENGTH_128) == 0 ? "TRUE" : "FALSE");
//Verify OwnerPSKs match
return (OWNER_PSK_LENGTH_128 == decodedSize &&
memcmp(ownerPSK, decodeBuff, OWNER_PSK_LENGTH_128) == 0 &&
memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0);
exit:
return false;
}
#endif //__WITH_DTLS__
static OCEntityHandlerResult HandlePutRequest(const OCEntityHandlerRequest * ehRequest)
{
OCEntityHandlerResult ret = OC_EH_ERROR;
//Get binary representation of json
OicSecCred_t * cred = JSONToCredBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
if(cred)
{
#ifdef __WITH_DTLS__
OicUuid_t emptyUuid = {.id={0}};
const OicSecDoxm_t* doxm = GetDoxmResourceData();
if(false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
{
//in case of owner PSK
switch(cred->credType)
{
case SYMMETRIC_PAIR_WISE_KEY:
{
OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
if(isValidOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm))
{
OIC_LOG(ERROR, TAG, "OwnerPKS is matched");
if(OC_STACK_OK == AddCredential(cred))
{
ret = OC_EH_RESOURCE_CREATED;
}
else
{
OIC_LOG(ERROR, TAG, "Failed to save the OwnerPSK as cred resource");
ret = OC_EH_ERROR;
}
}
else
{
OIC_LOG(ERROR, TAG, "Failed to verify receviced OwnerPKS.");
ret = OC_EH_ERROR;
}
break;
}
case SYMMETRIC_GROUP_KEY:
case ASYMMETRIC_KEY:
case SIGNED_ASYMMETRIC_KEY:
case PIN_PASSWORD:
case ASYMMETRIC_ENCRYPTION_KEY:
{
OIC_LOG(WARNING, TAG, "Unsupported credential type for owner credential.");
ret = OC_EH_ERROR;
break;
}
default:
{
OIC_LOG(WARNING, TAG, "Unknow credential type for owner credential.");
ret = OC_EH_ERROR;
break;
}
}
}
else
{
/*
* If the post request credential has credId, it will be
* discarded and the next available credId will be assigned
* to it before getting appended to the existing credential
* list and updating svr database.
*/
ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_RESOURCE_CREATED : OC_EH_ERROR;
}
#else //not __WITH_DTLS__
/*
* If the post request credential has credId, it will be
* discarded and the next available credId will be assigned
* to it before getting appended to the existing credential
* list and updating svr database.
*/
ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_RESOURCE_CREATED : OC_EH_ERROR;
#endif//__WITH_DTLS__
}
return ret;
}
static OCEntityHandlerResult HandlePostRequest(const OCEntityHandlerRequest * ehRequest)
{
OCEntityHandlerResult ret = OC_EH_ERROR;
......@@ -671,8 +812,9 @@ static OCEntityHandlerResult HandlePostRequest(const OCEntityHandlerRequest * eh
//discarded and the next available credId will be assigned
//to it before getting appended to the existing credential
//list and updating svr database.
ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_RESOURCE_CREATED : OC_EH_ERROR;
ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_RESOURCE_CREATED : OC_EH_ERROR;
}
return ret;
}
......@@ -742,6 +884,9 @@ OCEntityHandlerResult CredEntityHandler (OCEntityHandlerFlag flag,
case OC_REST_GET:
ret = OC_EH_FORBIDDEN;
break;
case OC_REST_PUT:
ret = HandlePutRequest(ehRequest);
break;
case OC_REST_POST:
ret = HandlePostRequest(ehRequest);
break;
......@@ -967,62 +1112,6 @@ int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
return ret;
}
/**
* Add temporal PSK to PIN based OxM
*
* @param[in] tmpSubject UUID of target device
* @param[in] credType Type of credential to be added
* @param[in] pin numeric characters
* @param[in] pinSize length of 'pin'
* @param[in] ownersLen Number of owners
* @param[in] owners Array of owners
* @param[out] tmpCredSubject Generated credential's subject.
*
* @return OC_STACK_OK for success and errorcode otherwise.
*/
OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
const char * pin, size_t pinSize,
size_t ownersLen, const OicUuid_t * owners, OicUuid_t* tmpCredSubject)
{
OCStackResult ret = OC_STACK_ERROR;
if(tmpSubject == NULL || pin == NULL || pinSize == 0 || tmpCredSubject == NULL)
{
return OC_STACK_INVALID_PARAM;
}
uint8_t privData[OWNER_PSK_LENGTH_128] = {0,};
int dtlsRes = DeriveCryptoKeyFromPassword((const unsigned char *)pin, pinSize, owners->id,
UUID_LENGTH, PBKDF_ITERATIONS,
OWNER_PSK_LENGTH_128, privData);
VERIFY_SUCCESS(TAG, (dtlsRes == 0) , ERROR);
uint32_t outLen = 0;
char base64Buff[B64ENCODE_OUT_SAFESIZE(OWNER_PSK_LENGTH_128) + 1] = {};
B64Result b64Ret = b64Encode(privData, OWNER_PSK_LENGTH_128, base64Buff,
sizeof(base64Buff), &outLen);
VERIFY_SUCCESS(TAG, (B64_OK == b64Ret), ERROR);
OicSecCred_t* cred = GenerateCredential(tmpSubject, credType, NULL,
base64Buff, ownersLen, owners);
if(NULL == cred)
{
OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to generate credential");
return OC_STACK_ERROR;
}
memcpy(tmpCredSubject->id, cred->subject.id, UUID_LENGTH);
ret = AddCredential(cred);
if( OC_STACK_OK != ret)
{
OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to add credential");
}
exit:
return ret;
}
#endif /* __WITH_DTLS__ */
#ifdef __WITH_X509__
#define CERT_LEN_PREFIX (3)
......
......@@ -460,53 +460,6 @@ static OCEntityHandlerResult HandleDoxmGetRequest (const OCEntityHandlerRequest
return ehRet;
}
#ifdef __WITH_DTLS__
/*
* Generating new credential for provisioning tool
*
* PSK generated by
*/
static OCEntityHandlerResult AddOwnerPSK(const CAEndpoint_t* endpoint,
OicSecDoxm_t* ptDoxm,
const uint8_t* label, const size_t labelLen)
{
size_t ownLen = 1;
uint32_t outLen = 0;
OicSecCred_t *cred = NULL;
uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {};
CAResult_t pskRet = CAGenerateOwnerPSK(endpoint,
label, labelLen,
ptDoxm->owner.id, sizeof(ptDoxm->owner.id),
gDoxm->deviceID.id, sizeof(gDoxm->deviceID.id),
ownerPSK, OWNER_PSK_LENGTH_128);
VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
char base64Buff[B64ENCODE_OUT_SAFESIZE(OWNER_PSK_LENGTH_128) + 1] = {};
B64Result b64Ret = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, base64Buff,
sizeof(base64Buff), &outLen);
VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
OIC_LOG (DEBUG, TAG, "Doxm EntityHandle generating Credential");
cred = GenerateCredential(&ptDoxm->owner, SYMMETRIC_PAIR_WISE_KEY,
NULL, base64Buff, ownLen, &ptDoxm->owner);
VERIFY_NON_NULL(TAG, cred, ERROR);
//Adding provisioning tool credential to cred Resource.
VERIFY_SUCCESS(TAG, OC_STACK_OK == AddCredential(cred), ERROR);
gDoxm->owned = true;
gDoxm->oxmSel = ptDoxm->oxmSel;
memcpy(&(gDoxm->owner), &(ptDoxm->owner), sizeof(OicUuid_t));
return OC_EH_OK;
exit:
return OC_EH_ERROR;
}
#endif //__WITH_DTLS__
static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest)
{
OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request");
......@@ -524,165 +477,183 @@ static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest
// Iotivity SRM ONLY supports OIC_JUST_WORKS now
if (OIC_JUST_WORKS == newDoxm->oxmSel)
{
/*
* If current state of the device is un-owned, enable
* anonymous ECDH cipher in tinyDTLS so that Provisioning
* tool can initiate JUST_WORKS ownership transfer process.
*/
if ((false == gDoxm->owned) && (false == newDoxm->owned))
{
OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
#ifdef __WITH_DTLS__
ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
#endif //__WITH_DTLS__
goto exit;
}
/*
* When current state of the device is un-owned and Provisioning
* Tool is attempting to change the state to 'Owned' with a
* qualified value for the field 'Owner'
*/
if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0))
{
/*
* Generate OwnerPSK and create credential for Provisioning
* tool with the generated OwnerPSK.
* Update persistent storage and disable anonymous ECDH cipher
*
* If current state of the device is un-owned, enable
* anonymous ECDH cipher in tinyDTLS so that Provisioning
* tool can initiate JUST_WORKS ownership transfer process.
*/
#ifdef __WITH_DTLS__
OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
//Generating OwnerPSK
OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK");
//Generate new credential for provisioning tool
ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm,
(uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS));
VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
// Update new state in persistent storage
if (true == UpdatePersistentStorage(gDoxm))
if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
{
ehRet = OC_EH_OK;
OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
#ifdef __WITH_DTLS__
ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
#endif //__WITH_DTLS__
goto exit;
}
else
{
ehRet = OC_EH_ERROR;
#ifdef __WITH_DTLS__
//Save the owner's UUID to derive owner credential
memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
// OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
// //Generating OwnerPSK
// OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK");
// //Generate new credential for provisioning tool
// ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm,
// (uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS));
// VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
// Update new state in persistent storage
if (true == UpdatePersistentStorage(gDoxm))
{
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
ehRet = OC_EH_ERROR;
}
/*
* If persistent storage update failed, revert back the state
* for global variable.
* Disable anonymous ECDH cipher in tinyDTLS since device is now
* in owned state.
*/
gDoxm->owned = false;
gDoxm->oxmSel = 0;
memset(&(gDoxm->owner), 0, sizeof(OicUuid_t));
}
/*
* Disable anonymous ECDH cipher in tinyDTLS since device is now
* in owned state.
*/
CAEnableAnonECDHCipherSuite(false);
CAEnableAnonECDHCipherSuite(false);
#ifdef __WITH_X509__
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
#endif //__WITH_X509__
#endif //__WITH_DTLS__
}
}
}
else if(OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel)
{
#ifdef __WITH_DTLS__
//this temp Credential ID is used to track temporal Cred Id
static OicUuid_t tmpCredId = {.id={0}};
static bool tmpCredGenFlag = false;
#endif //__WITH_DTLS__
if ((false == gDoxm->owned) && (false == newDoxm->owned))
{
#ifdef __WITH_DTLS__
CAEnableAnonECDHCipherSuite(false);
OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,};
if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1))
/*
* If current state of the device is un-owned, enable
* anonymous ECDH cipher in tinyDTLS so that Provisioning
* tool can initiate JUST_WORKS ownership transfer process.
*/
if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
{
if(tmpCredGenFlag)
gDoxm->oxmSel = newDoxm->oxmSel;
//Update new state in persistent storage
if((UpdatePersistentStorage(gDoxm) == true))
{
OIC_LOG(INFO, TAG, "Corrupted PSK is detected!!!");
VERIFY_SUCCESS(TAG,
OC_STACK_RESOURCE_DELETED == RemoveCredential(&tmpCredId),
ERROR);
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(WARNING, TAG, "Failed to update DOXM in persistent storage");
ehRet = OC_EH_ERROR;
}
OCStackResult res = AddTmpPskWithPIN( &(newDoxm->owner), SYMMETRIC_PAIR_WISE_KEY,
ranPin, OXM_RANDOM_PIN_SIZE, 1, &(newDoxm->owner), &tmpCredId);
VERIFY_SUCCESS(TAG, res == OC_STACK_OK, ERROR);
tmpCredGenFlag = true;
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(ERROR, TAG, "Failed to generate random PIN");
ehRet = OC_EH_ERROR;
}
#endif //__WITH_DTLS__
}
/*
* When current state of the device is un-owned and Provisioning
* Tool is attempting to change the state to 'Owned' with a
* qualified value for the field 'Owner'
*/
if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0))
{
#ifdef __WITH_DTLS__
OCServerRequest * request = (OCServerRequest *)ehRequest->requestHandle;
CAResult_t caRes = CA_STATUS_OK;
//Remove Temporal Credential resource
if(tmpCredGenFlag)
{
VERIFY_SUCCESS(TAG,
OC_STACK_RESOURCE_DELETED == RemoveCredential(&tmpCredId),
ERROR);
tmpCredGenFlag = false;
}
caRes = CAEnableAnonECDHCipherSuite(false);