Commit d5a77cda authored by Kishen Maloor's avatar Kishen Maloor

Advertise only those OTMs that the app supports

Change-Id: If96a7b5259ccc5ae6808b6837b026fe7de12eed0
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
parent 7e64d8f4
......@@ -59,6 +59,23 @@ oc_sec_doxm_init(void)
#endif /* OC_DYNAMIC_ALLOCATION */
}
static void
evaluate_supported_oxms(size_t device)
{
doxm[device].oxms[0] = OC_OXMTYPE_JW;
doxm[device].oxms[1] = -1;
doxm[device].oxms[2] = -1;
doxm[device].num_oxms = 1;
if (oc_tls_is_pin_otm_supported(device)) {
doxm[device].oxms[doxm[device].num_oxms++] = OC_OXMTYPE_RDP;
}
#ifdef OC_PKI
if (oc_tls_is_cert_otm_supported(device)) {
doxm[device].oxms[doxm[device].num_oxms++] = OC_OXMTYPE_MFG_CERT;
}
#endif /* OC_PKI */
}
void
oc_sec_doxm_default(size_t device)
{
......@@ -79,23 +96,17 @@ oc_sec_doxm_default(size_t device)
}
void
oc_sec_encode_doxm(size_t device)
oc_sec_encode_doxm(size_t device, bool to_storage)
{
#ifdef OC_PKI
int oxms[3] = { OC_OXMTYPE_JW, OC_OXMTYPE_RDP, OC_OXMTYPE_MFG_CERT };
#else /* OC_PKI */
int oxms[2] = { OC_OXMTYPE_JW, OC_OXMTYPE_RDP };
#endif /* !OC_PKI */
char uuid[37];
oc_rep_start_root_object();
oc_process_baseline_interface(
oc_core_get_resource_by_index(OCF_SEC_DOXM, device));
/* oxms */
#ifdef OC_PKI
oc_rep_set_int_array(root, oxms, oxms, 3);
#else /* OC_PKI */
oc_rep_set_int_array(root, oxms, oxms, 2);
#endif /* !OC_PKI */
/* oxms */
if (!to_storage) {
evaluate_supported_oxms(device);
oc_rep_set_int_array(root, oxms, doxm[device].oxms, doxm[device].num_oxms);
}
/* oxmsel */
oc_rep_set_int(root, oxmsel, doxm[device].oxmsel);
/* sct */
......@@ -139,7 +150,7 @@ get_doxm(oc_request_t *request, oc_interface_mask_t iface_mask, void *data)
oc_ignore_request(request);
}
} else {
oc_sec_encode_doxm(device);
oc_sec_encode_doxm(device, false);
oc_send_response(request, OC_STATUS_OK);
}
} break;
......@@ -173,9 +184,24 @@ oc_sec_decode_doxm(oc_rep_t *rep, bool from_storage, size_t device)
/* oxmsel and sct */
case OC_REP_INT:
if (len == 6 && memcmp(oc_string(t->name), "oxmsel", 6) == 0) {
if (!from_storage && ps->s != OC_DOS_RFOTM) {
OC_ERR("oc_doxm: Can set oxmsel property only in RFOTM");
return false;
if (!from_storage) {
if (ps->s != OC_DOS_RFOTM) {
OC_ERR("oc_doxm: Can set oxmsel property only in RFOTM");
return false;
} else {
evaluate_supported_oxms(device);
int oxm = 0;
while (oxm < doxm[device].num_oxms) {
if (doxm[device].oxms[oxm] == (int)t->value.integer) {
break;
}
oxm++;
}
if (oxm == doxm[device].num_oxms) {
OC_ERR("oc_doxm: Attempting to select an unsupported OXM");
return false;
}
}
}
} else if (from_storage && len == 3 &&
memcmp(oc_string(t->name), "sct", 3) == 0) {
......
......@@ -39,6 +39,8 @@ typedef enum oc_sec_doxmtype_t {
typedef struct
{
int oxmsel;
int oxms[3];
int num_oxms;
int sct;
bool owned;
oc_uuid_t deviceuuid;
......@@ -49,7 +51,7 @@ typedef struct
void oc_sec_doxm_init(void);
void oc_sec_doxm_free(void);
bool oc_sec_decode_doxm(oc_rep_t *rep, bool from_storage, size_t device);
void oc_sec_encode_doxm(size_t device);
void oc_sec_encode_doxm(size_t device, bool to_storage);
oc_sec_doxm_t *oc_sec_get_doxm(size_t device);
void oc_sec_doxm_default(size_t device);
void get_doxm(oc_request_t *request, oc_interface_mask_t iface_mask,
......
......@@ -429,7 +429,7 @@ oc_sec_dump_doxm(size_t device)
/* doxm */
oc_rep_new(buf, OC_MAX_APP_DATA_SIZE);
oc_sec_encode_doxm(device);
oc_sec_encode_doxm(device, true);
int size = oc_rep_get_encoded_payload_size();
if (size > 0) {
OC_DBG("oc_store: encoded doxm size %d", size);
......
......@@ -310,6 +310,32 @@ oc_tls_remove_peer(oc_endpoint_t *endpoint)
}
}
bool
oc_tls_is_pin_otm_supported(size_t device)
{
(void)device;
if (random_pin.cb) {
return true;
}
return false;
}
#ifdef OC_PKI
bool
oc_tls_is_cert_otm_supported(size_t device)
{
oc_x509_crt_t *crt = (oc_x509_crt_t *)oc_list_head(identity_certs);
while (crt) {
if (crt->device == device &&
crt->cred->credusage == OC_CREDUSAGE_MFG_CERT) {
return true;
}
crt = crt->next;
}
return false;
}
#endif /* OC_PKI */
static void
oc_tls_handler_schedule_read(oc_tls_peer_t *peer)
{
......
......@@ -85,6 +85,10 @@ void oc_tls_select_psk_ciphersuite(void);
void oc_tls_select_anon_ciphersuite(void);
void oc_tls_select_cloud_ciphersuite(void);
/* Internal interface for checking supported OTMs */
bool oc_tls_is_pin_otm_supported(size_t device);
bool oc_tls_is_cert_otm_supported(size_t device);
/* Internal interface for generating a random PIN */
void oc_tls_generate_random_pin(void);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment