74a8e7c72dc4a58789e821d0d4b04d88ea41e58d
[iotivity.git] / resource / csdk / security / include / securevirtualresourcetypes.h
1 //******************************************************************
2 //
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
4 //
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
6 //
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
10 //
11 //      http://www.apache.org/licenses/LICENSE-2.0
12 //
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
18 //
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
20
21 /**
22  * Data type definitions for all oic.sec.* types defined in the
23  * OIC Security Specification.
24  *
25  * Note that throughout, ptrs are used rather than arrays.  There
26  * are two primary reasons for this:
27  * 1) The Spec defines many structures with optional fields, so pre-
28  *    allocating these would be wasteful.
29  * 2) There are in many cases arrays of Strings or arrays of Structs,
30  *    which could not be defined as variable length arrays (e.g. array[])
31  *    without breaking from the structure order and definition in the Spec.
32  *
33  * The primary drawback to this decision is that marshalling functions
34  * will have to be written by hand to marshal these structures (e.g. to/from
35  * Persistent Storage, or across memory boundaries).
36  *
37  * We're using uint typedefs for all enum types to avoid C++ type conversion
38  * errors and enable bitfield operations on these fields (causes compilation
39  * errors on arduino builds). This may miss some type checks, but it's
40  * nearly impossible to do int/bitfield operations on enum types in C++.
41  *
42  * TODO reconcile against latest OIC Security Spec to ensure all fields correct.
43  * (Last checked against v0.95)
44  */
45
46 #ifndef OC_SECURITY_RESOURCE_TYPES_H
47 #define OC_SECURITY_RESOURCE_TYPES_H
48
49 #include "iotivity_config.h"
50
51 #include <stdint.h> // for uint8_t typedef
52 #include <stdbool.h>
53 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
54 #include "byte_array.h"
55 #endif /* __WITH_DTLS__  or __WITH_TLS__*/
56
57 #ifdef __cplusplus
58 extern "C" {
59 #endif
60
61 /**
62  * Values used to create bit-maskable enums for single-value response with
63  * embedded code.
64  */
65 #define ACCESS_GRANTED_DEF                      (1 << 0)
66 #define ACCESS_DENIED_DEF                       (1 << 1)
67 #define INSUFFICIENT_PERMISSION_DEF             (1 << 2)
68 #define SUBJECT_NOT_FOUND_DEF                   (1 << 3)
69 #define RESOURCE_NOT_FOUND_DEF                  (1 << 4)
70 #define POLICY_ENGINE_ERROR_DEF                 (1 << 5)
71 #define INVALID_PERIOD_DEF                      (1 << 6)
72 #define SEC_RESOURCE_OVER_UNSECURE_CHANNEL_DEF  (1 << 7)
73 #define REASON_MASK_DEF               (INSUFFICIENT_PERMISSION_DEF | \
74                                        INVALID_PERIOD_DEF | \
75                                        SUBJECT_NOT_FOUND_DEF | \
76                                        RESOURCE_NOT_FOUND_DEF | \
77                                        POLICY_ENGINE_ERROR_DEF | \
78                                        SEC_RESOURCE_OVER_UNSECURE_CHANNEL_DEF)
79
80
81 /**
82  * Access policy in least significant bits (from Spec):
83  * 1st lsb:  C (Create)
84  * 2nd lsb:  R (Read, Observe, Discover)
85  * 3rd lsb:  U (Write, Update)
86  * 4th lsb:  D (Delete)
87  * 5th lsb:  N (Notify)
88  */
89 #define PERMISSION_ERROR        (0x0)
90 #define PERMISSION_CREATE       (1 << 0)
91 #define PERMISSION_READ         (1 << 1)
92 #define PERMISSION_WRITE        (1 << 2)
93 #define PERMISSION_DELETE       (1 << 3)
94 #define PERMISSION_NOTIFY       (1 << 4)
95 #define PERMISSION_FULL_CONTROL (PERMISSION_CREATE | \
96                                  PERMISSION_READ | \
97                                  PERMISSION_WRITE | \
98                                  PERMISSION_DELETE | \
99                                  PERMISSION_NOTIFY)
100
101 /**
102  * @brief   Response type for all Action requests from CA layer;
103  *          may include a reason code.
104  *
105  * To extract codes use GetReasonCode function on SRMAccessResponse:
106  *
107  * SRMAccessResponse_t response = SRMRequestHandler(obj, info);
108  * if(SRM_TRUE == IsAccessGranted(response)) {
109  *     SRMAccessResponseReasonCode_t reason = GetReasonCode(response);
110  *     switch(reason) {
111  *         case INSUFFICIENT_PERMISSION:
112  *         ...etc.
113  *     }
114  * }
115  */
116 enum
117 {
118     ACCESS_GRANTED = ACCESS_GRANTED_DEF,
119     ACCESS_DENIED = ACCESS_DENIED_DEF,
120     ACCESS_DENIED_INVALID_PERIOD = ACCESS_DENIED_DEF
121         | INVALID_PERIOD_DEF,
122     ACCESS_DENIED_INSUFFICIENT_PERMISSION = ACCESS_DENIED_DEF
123         | INSUFFICIENT_PERMISSION_DEF,
124     ACCESS_DENIED_SUBJECT_NOT_FOUND = ACCESS_DENIED_DEF
125         | SUBJECT_NOT_FOUND_DEF,
126     ACCESS_DENIED_RESOURCE_NOT_FOUND = ACCESS_DENIED_DEF
127         | RESOURCE_NOT_FOUND_DEF,
128     ACCESS_DENIED_POLICY_ENGINE_ERROR = ACCESS_DENIED_DEF
129         | POLICY_ENGINE_ERROR_DEF,
130     ACCESS_DENIED_SEC_RESOURCE_OVER_UNSECURE_CHANNEL = ACCESS_DENIED_DEF
131         | SEC_RESOURCE_OVER_UNSECURE_CHANNEL_DEF,
132 };
133
134 typedef unsigned int SRMAccessResponse_t;
135
136 /**
137  * Reason code for SRMAccessResponse.
138  */
139 enum
140 {
141     NO_REASON_GIVEN = 0,
142     INSUFFICIENT_PERMISSION = INSUFFICIENT_PERMISSION_DEF,
143     SUBJECT_NOT_FOUND = SUBJECT_NOT_FOUND_DEF,
144     RESOURCE_NOT_FOUND = RESOURCE_NOT_FOUND_DEF,
145 };
146
147 typedef unsigned int SRMAccessResponseReasonCode_t;
148
149 /**
150  * Extract Reason Code from Access Response.
151  */
152 INLINE_API SRMAccessResponseReasonCode_t GetReasonCode(
153     SRMAccessResponse_t response)
154 {
155     SRMAccessResponseReasonCode_t reason =
156         (SRMAccessResponseReasonCode_t)(response & REASON_MASK_DEF);
157     return reason;
158 }
159
160 /**
161  * Returns 'true' iff request should be passed on to RI layer.
162  */
163 INLINE_API bool IsAccessGranted(SRMAccessResponse_t response)
164 {
165     if(ACCESS_GRANTED == (response & ACCESS_GRANTED))
166     {
167         return true;
168     }
169     else
170     {
171         return false;
172     }
173 }
174
175 typedef struct OicSecRsrc OicSecRsrc_t;
176
177 typedef struct OicSecValidity OicSecValidity_t;
178
179 typedef struct OicSecAce OicSecAce_t;
180
181 typedef struct OicSecAcl OicSecAcl_t;
182
183 typedef struct OicSecAmacl OicSecAmacl_t;
184
185 typedef struct OicSecCred OicSecCred_t;
186
187 /**
188  * Aid for assigning/testing vals with OicSecCredType_t.
189  * Example:
190  *  OicSecCredType_t ct = PIN_PASSWORD | ASYMMETRIC_KEY;
191  *  if((ct & PIN_PASSWORD) == PIN_PASSWORD)
192  *  {
193  *      // ct contains PIN_PASSWORD flag.
194  *  }
195  */
196 enum OSCTBitmask
197 {
198     NO_SECURITY_MODE                = 0x0,
199     SYMMETRIC_PAIR_WISE_KEY         = (0x1 << 0),
200     SYMMETRIC_GROUP_KEY             = (0x1 << 1),
201     ASYMMETRIC_KEY                  = (0x1 << 2),
202     SIGNED_ASYMMETRIC_KEY           = (0x1 << 3),
203     PIN_PASSWORD                    = (0x1 << 4),
204     ASYMMETRIC_ENCRYPTION_KEY       = (0x1 << 5),
205 };
206
207 typedef unsigned int OSCTBitmask_t;
208
209 /**
210  * /oic/sec/credtype (Credential Type) data type.
211  * Derived from OIC Security Spec /oic/sec/cred; see Spec for details.
212  *              0:  no security mode
213  *              1:  symmetric pair-wise key
214  *              2:  symmetric group key
215  *              4:  asymmetric key
216  *              8:  signed asymmetric key (aka certificate)
217  *              16: PIN /password
218  */
219 typedef OSCTBitmask_t OicSecCredType_t;
220
221 typedef enum OicSecDeviceOnboardingState
222 {
223     DOS_RESET = 0,
224     DOS_RFOTM,
225     DOS_RFPRO,
226     DOS_RFNOP,
227     DOS_SRESET,
228     DOS_STATE_COUNT
229 } OicSecDeviceOnboardingState_t;
230
231 typedef struct OicSecDostype
232 {
233     OicSecDeviceOnboardingState_t state;
234     bool                          pending;
235 } OicSecDostype_t;
236
237 typedef struct OicSecDoxm OicSecDoxm_t;
238
239 /**
240  * The oic.sec.dpmtype
241  */
242 enum OicSecDpm
243 {
244     NORMAL                          = 0x0,
245     RESET                           = (0x1 << 0),
246     TAKE_OWNER                      = (0x1 << 1),
247     BOOTSTRAP_SERVICE               = (0x1 << 2),
248     SECURITY_MANAGEMENT_SERVICES    = (0x1 << 3),
249     PROVISION_CREDENTIALS           = (0x1 << 4),
250     PROVISION_ACLS                  = (0x1 << 5),
251     VERIFY_SOFTWARE_VERSION         = (0x1 << 6),
252     UPDATE_SOFTWARE                 = (0x1 << 7),
253 #ifdef MULTIPLE_OWNER
254     TAKE_SUB_OWNER                  = (0x1 << 13),
255 #endif
256 };
257
258 typedef unsigned int OicSecDpm_t;
259
260 // These types are taken from the Security Spec v1.1.12 /pstat resource definition
261 // Note that per the latest spec, there is NO definition for Multiple Service Client Directed
262 // provisioning mode, so that enum value has been removed.
263 enum OicSecDpom
264 {
265     MULTIPLE_SERVICE_SERVER_DRIVEN    = (0x1 << 0),
266     SINGLE_SERVICE_SERVER_DRIVEN      = (0x1 << 1),
267     SINGLE_SERVICE_CLIENT_DRIVEN      = (0x1 << 2),
268 };
269
270 typedef unsigned int OicSecDpom_t;
271
272 enum OicSecSvcType
273 {
274     SERVICE_UNKNOWN                 = 0x0,
275     ACCESS_MGMT_SERVICE             = 0x1,  //urn:oic.sec.ams
276 };
277
278 typedef unsigned int OicSecSvcType_t;
279
280 //TODO: Need more clarification on deviceIDFormat field type.
281 #if 0
282 enum
283 {
284     URN = 0x0
285 };
286
287 typedef unsigned int OicSecDvcIdFrmt_t;
288 #endif
289
290 enum
291 {
292     OIC_RESOURCE_TYPE_ERROR = 0,
293     OIC_R_ACL_TYPE,
294     OIC_R_AMACL_TYPE,
295     OIC_R_CRED_TYPE,
296     OIC_R_CRL_TYPE,
297     OIC_R_DOXM_TYPE,
298     OIC_R_DPAIRING_TYPE,
299     OIC_R_PCONF_TYPE,
300     OIC_R_PSTAT_TYPE,
301     OIC_R_SACL_TYPE,
302     OIC_R_SVC_TYPE,
303     OIC_R_CSR_TYPE,
304     OIC_R_ACL2_TYPE,
305     OIC_R_ROLES_TYPE,
306     OIC_SEC_SVR_TYPE_COUNT, //define the value to number of SVR
307     NOT_A_SVR_RESOURCE = 99
308 };
309
310 typedef unsigned int OicSecSvrType_t;
311
312 enum
313 {
314     OIC_JUST_WORKS                          = 0x0,
315     OIC_RANDOM_DEVICE_PIN                   = 0x1,
316     OIC_MANUFACTURER_CERTIFICATE            = 0x2,
317     OIC_DECENTRALIZED_PUBLIC_KEY            = 0x3,
318     OIC_OXM_COUNT,
319 #ifdef MULTIPLE_OWNER
320     OIC_PRECONFIG_PIN                       = 0xFF00,
321 #endif //MULTIPLE_OWNER
322     OIC_MV_JUST_WORKS                       = 0xFF01,
323     OIC_CON_MFG_CERT                        = 0xFF02,
324 };
325
326 typedef unsigned int OicSecOxm_t;
327
328 enum
329 {
330     OIC_ENCODING_UNKNOW = 0,
331     OIC_ENCODING_RAW = 1,
332     OIC_ENCODING_BASE64 = 2,
333     OIC_ENCODING_PEM = 3,
334     OIC_ENCODING_DER = 4
335 };
336
337 typedef unsigned int OicEncodingType_t;
338
339 #ifdef MULTIPLE_OWNER
340 enum
341 {
342     MOT_STATUS_READY = 0,
343     MOT_STATUS_IN_PROGRESS = 1,
344     MOT_STATUS_DONE = 2,
345 };
346
347 typedef unsigned int MotStatus_t;
348 #endif //MULTIPLE_OWNER
349
350 /**
351  * oic.sec.mom type definition
352  * TODO: This type will be included to OIC Security Spec.
353  * 0 : Disable multiple owner
354  * 1 : Enable multiple owner (Always on)
355  * 2 : Timely multiple owner enable
356  */
357 enum
358 {
359     OIC_MULTIPLE_OWNER_DISABLE = 0,
360     OIC_MULTIPLE_OWNER_ENABLE = 1,
361     OIC_MULTIPLE_OWNER_TIMELY_ENABLE = 2,
362     OIC_NUMBER_OF_MOM_TYPE = 3
363 };
364
365 typedef unsigned int OicSecMomType_t;
366
367 typedef struct OicSecKey OicSecKey_t;
368
369 typedef struct OicSecOpt OicSecOpt_t;
370
371 typedef struct OicSecPstat OicSecPstat_t;
372
373 typedef struct OicSecRole OicSecRole_t;
374
375 typedef struct OicSecSvc OicSecSvc_t;
376
377 typedef char *OicUrn_t; //TODO is URN type defined elsewhere?
378
379 typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere?
380
381 #ifdef MULTIPLE_OWNER
382 typedef struct OicSecSubOwner OicSecSubOwner_t;
383 typedef struct OicSecMom OicSecMom_t;
384 #endif //MULTIPLE_OWNER
385
386
387 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
388 typedef struct OicSecCrl OicSecCrl_t;
389 typedef ByteArray_t OicSecCert_t;
390 #else
391 typedef void OicSecCert_t;
392 #endif /* __WITH_DTLS__ or __WITH_TLS__*/
393
394 /**
395  * /oic/uuid (Universal Unique Identifier) data type.
396  */
397 #define UUID_LENGTH 128/8 // 128-bit GUID length
398 //TODO: Confirm the length and type of ROLEID.
399 #define ROLEID_LENGTH 64 // 64-byte authority max length
400 #define ROLEAUTHORITY_LENGTH 64 // 64-byte authority max length
401 #define OWNER_PSK_LENGTH_128 128/8 //byte size of 128-bit key size
402 #define OWNER_PSK_LENGTH_256 256/8 //byte size of 256-bit key size
403
404 struct OicUuid
405 {
406     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
407     //TODO fill in unless this is defined elsewhere?
408     uint8_t             id[UUID_LENGTH];
409 };
410
411 /**
412  * /oic/sec/jwk (JSON Web Key) data type.
413  * See JSON Web Key (JWK)  draft-ietf-jose-json-web-key-41
414  */
415 #define JWK_LENGTH 256/8 // 256 bit key length
416 struct OicSecKey
417 {
418     uint8_t                *data;
419     size_t                  len;
420
421     // TODO: This field added as workaround. Will be replaced soon.
422     OicEncodingType_t encoding;
423
424 };
425
426 struct OicSecOpt
427 {
428     uint8_t                *data;
429     size_t                  len;
430
431     OicEncodingType_t encoding;
432     bool                revstat;
433 };
434
435 typedef enum OicSecAceResourceWildcard
436 {
437     NO_WILDCARD = 0,
438     ALL_DISCOVERABLE,       // maps to "+" in JSON/CBOR
439     ALL_NON_DISCOVERABLE,   // maps to "-" in JSON/CBOR
440     ALL_RESOURCES           // maps to "*" in JSON/CBOR
441 } OicSecAceResourceWildcard_t;
442
443 struct OicSecRsrc
444 {
445     char *href; // 0:R:S:Y:String
446     char *rel; // 1:R:S:N:String
447     char** types; // 2:R:S:N:String Array
448     size_t typeLen; // the number of elts in types
449     char** interfaces; // 3:R:S:N:String Array
450     size_t interfaceLen; // the number of elts in interfaces
451     OicSecAceResourceWildcard_t wildcard;
452     OicSecRsrc_t *next;
453 };
454
455 struct OicSecValidity
456 {
457     char* period; // 0:R:S:Y:String
458     char** recurrences; // 1:R:M:Y:Array of String
459     size_t recurrenceLen; // the number of elts in recurrence
460     OicSecValidity_t *next;
461 };
462
463 typedef enum
464 {
465     OIC_SEC_ACL_UNKNOWN = 0,
466     OIC_SEC_ACL_V1 = 1,
467     OIC_SEC_ACL_V2 = 2
468 } OicSecAclVersion_t;
469
470 typedef enum
471 {
472     DISCOVERABLE_NOT_KNOWN = 0,
473     DISCOVERABLE_TRUE = 1,
474     DISCOVERABLE_FALSE = 2
475 } OicSecDiscoverable_t;
476
477 #define OIC_SEC_ACL_LATEST OIC_SEC_ACL_V2
478
479 typedef enum
480 {
481     OicSecAceUuidSubject = 0, /* Default to this type. */
482     OicSecAceRoleSubject,
483     OicSecAceConntypeSubject
484 } OicSecAceSubjectType;
485
486 /**
487  * /oic/sec/role (Role) data type.
488  * Derived from OIC Security Spec; see Spec for details.
489  */
490 struct OicSecRole
491 {
492     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
493     char id[ROLEID_LENGTH];                 // 0:R:S:Y:String
494     char authority[ROLEAUTHORITY_LENGTH];   // 1:R:S:N:String
495 };
496
497 typedef enum OicSecConntype
498 {
499     AUTH_CRYPT, // any subject requesting over authenticated and encrypted channel
500     ANON_CLEAR, // any subject requesting over anonymous and unencrypted channel
501 } OicSecConntype_t;
502
503 struct OicSecAce
504 {
505     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
506     OicSecAceSubjectType subjectType;
507     union                               // 0:R:S:Y:{roletype|didtype|"*"}
508     {
509         OicUuid_t subjectuuid;          // Only valid for subjectType == OicSecAceUuidSubject
510         OicSecRole_t subjectRole;       // Only valid for subjectType == OicSecAceRoleSubject
511         OicSecConntype_t subjectConn;   // Only valid for subjectType == OicSecAceConntypeSubject
512     };
513     OicSecRsrc_t *resources;            // 1:R:M:Y:Resource
514     uint16_t permission;                // 2:R:S:Y:UINT16
515     OicSecValidity_t *validities;       // 3:R:M:N:Time-interval
516     uint16_t aceid;                     // mandatory in ACE2
517 #ifdef MULTIPLE_OWNER
518     OicUuid_t* eownerID;                //4:R:S:N:oic.uuid
519 #endif
520     OicSecAce_t *next;
521 };
522
523 /**
524  * /oic/sec/acl (Access Control List) data type.
525  * Derived from OIC Security Spec; see Spec for details.
526  */
527 struct OicSecAcl
528 {
529     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
530     OicUuid_t           rownerID;        // 0:R:S:Y:oic.uuid
531     OicSecAce_t         *aces; // 1:R:M:N:ACE
532 };
533
534 /**
535  * /oic/sec/amacl (Access Manager Service Accesss Control List) data type.
536  * Derived from OIC Security Spec; see Spec for details.
537  */
538 struct OicSecAmacl
539 {
540     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
541     size_t              resourcesLen;   // the number of elts in Resources
542     char                **resources;    // 0:R:M:Y:String
543     OicSecAmacl_t         *next;
544 };
545
546 /**
547  * /oic/sec/cred (Credential) data type.
548  * Derived from OIC Security Spec; see Spec for details.
549  */
550 struct OicSecCred
551 {
552     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
553     uint16_t            credId;         // 0:R:S:Y:UINT16
554     OicUuid_t           subject;        // 1:R:S:Y:oic.uuid
555     // If roleId.id is all zeroes, this property is not set.
556     OicSecRole_t        roleId;         // 2:R:M:N:oic.sec.roletype
557     OicSecCredType_t    credType;       // 3:R:S:Y:oic.sec.credtype
558 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
559     OicSecKey_t         publicData;     // own cerificate chain
560     char            *credUsage;            // 4:R:S:N:String
561     OicSecOpt_t        optionalData;   // CA's cerificate chain
562 #endif /* __WITH_DTLS__  or __WITH_TLS__*/
563     OicSecKey_t         privateData;    // 6:R:S:N:oic.sec.key
564     char                *period;        // 7:R:S:N:String
565     OicUuid_t           rownerID;       // 8:R:S:Y:oic.uuid
566 #ifdef MULTIPLE_OWNER
567     OicUuid_t           *eownerID;      //9:R:S:N:oic.uuid
568 #endif //MULTIPLE_OWNER
569     OicSecCred_t        *next;
570 };
571
572 #ifdef MULTIPLE_OWNER
573 struct OicSecSubOwner {
574     OicUuid_t uuid;
575     MotStatus_t status;
576     OicSecSubOwner_t* next;
577 };
578
579 struct OicSecMom{
580     OicSecMomType_t mode;
581 };
582 #endif //MULTIPLE_OWNER
583
584 /**
585  * /oic/sec/doxm (Device Owner Transfer Methods) data type
586  * Derived from OIC Security Spec; see Spec for details.
587  * @note If the struct is updated please update
588  * DoxmUpdateWriteableProperty appropriately.
589  */
590 struct OicSecDoxm
591 {
592     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
593     OicSecOxm_t         *oxm;           // 1:R:M:N:UINT16
594     size_t              oxmLen;         // the number of elts in Oxm
595     OicSecOxm_t         oxmSel;         // 2:R/W:S:Y:UINT16
596     OicSecCredType_t    sct;            // 3:R:S:Y:oic.sec.credtype
597     bool                owned;          // 4:R:S:Y:Boolean
598     OicUuid_t           deviceID;       // 6:R:S:Y:oic.uuid
599     bool                dpc;            // 7:R:S:Y:Boolean
600     OicUuid_t           owner;          // 8:R:S:Y:oic.uuid
601 #ifdef MULTIPLE_OWNER
602     OicSecSubOwner_t* subOwners;        //9:R/W:M:N:oic.uuid
603     OicSecMom_t *mom;                   //10:R/W:S:N:oic.sec.mom
604 #endif //MULTIPLE_OWNER
605     OicUuid_t           rownerID;       // 11:R:S:Y:oic.uuid
606 };
607
608 /**
609  * /oic/sec/pstat (Provisioning Status) data type.
610  */
611 struct OicSecPstat
612 {
613     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
614     OicSecDostype_t     dos;            // -:RW:S:Y:oic.sec.dostype
615     bool                isOp;           // 0:R:S:Y:Boolean
616     OicSecDpm_t         cm;             // 1:R:S:Y:oic.sec.dpmtype
617     OicSecDpm_t         tm;             // 2:RW:S:Y:oic.sec.dpmtype
618     OicSecDpom_t        om;             // 4:RW:M:Y:oic.sec.dpom
619     size_t              smLen;          // the number of elts in Sm
620     OicSecDpom_t        *sm;            // 5:R:M:Y:oic.sec.dpom
621     uint16_t            commitHash;     // 6:R:S:Y:oic.sec.sha256
622     OicUuid_t           rownerID;       // 7:R:S:Y:oic.uuid
623 };
624
625
626 #if defined(__WITH_DTLS__) ||  defined(__WITH_TLS__)
627 struct OicSecCrl
628 {
629     uint16_t CrlId;
630     ByteArray_t ThisUpdate;
631     OicSecKey_t CrlData;
632 };
633 #endif /* __WITH_DTLS__ or __WITH_TLS__ */
634
635 /**
636  * @brief   direct pairing data type
637  */
638 typedef struct OicPin OicDpPin_t;
639
640 typedef struct OicSecPdAcl OicSecPdAcl_t;
641
642 typedef struct OicSecPconf OicSecPconf_t;
643
644 typedef struct OicSecDpairing OicSecDpairing_t;
645
646 #define DP_PIN_LENGTH 8 // temporary length
647
648 /**
649  * @brief   /oic/sec/prmtype (Pairing Method Type) data type.
650  *              0:  not allowed
651  *              1:  pre-configured pin
652  *              2:  random pin
653  */
654 enum PRMBitmask
655 {
656     PRM_NOT_ALLOWED             = 0x0,
657     PRM_PRE_CONFIGURED        = (0x1 << 0),
658     PRM_RANDOM_PIN               = (0x1 << 1),
659 };
660
661 typedef unsigned int OicSecPrm_t;
662
663
664 struct OicPin
665 {
666     uint8_t             val[DP_PIN_LENGTH];
667 };
668
669 /**
670  * @brief   oic.sec.dpacltype (Device Pairing Access Control List) data type.
671  */
672 struct OicSecPdAcl
673 {
674     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
675     char                  **resources;        // 0:R:M:Y:String
676     size_t                resourcesLen;      // the number of elts in Resources
677     uint16_t             permission;        // 1:R:S:Y:UINT16
678     char                  **periods;            // 2:R:M*:N:String (<--M*; see Spec)
679     char                  **recurrences;    // 3:R:M:N:String
680     size_t                prdRecrLen;         // the number of elts in Periods/Recurrences
681     OicSecPdAcl_t    *next;
682 };
683
684 /**
685  * @brief   /oic/sec/pconf (Pairing Configuration) data type
686  */
687 struct OicSecPconf
688 {
689     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
690     bool                  edp;                // 0:W:S:M:Boolean
691     OicSecPrm_t      *prm;              // 1:R:M:N:UINT16
692     size_t                prmLen;          // the number of elts in Prm
693     OicDpPin_t          pin;               // 2:R:S:Y:String
694     OicSecPdAcl_t    *pdacls;         // 3:R:M:Y:oic.sec.pdacltype
695     OicUuid_t           *pddevs;        // 4:R:M:Y:oic.uuid
696     size_t                 pddevLen;     // the number of elts in pddev
697     OicUuid_t           deviceID;       // 5:R:S:Y:oic.uuid
698     OicUuid_t           rownerID;          // 6:R:S:Y:oic.uuid
699 };
700
701 /**
702  * @brief   /oic/sec/dpairing (Device Pairing) data type
703  */
704 struct OicSecDpairing
705 {
706     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
707     OicSecPrm_t      spm;               // 0:R/W:S:Y:UINT16
708     OicUuid_t           pdeviceID;     // 1:R:S:Y:oic.uuid
709     OicUuid_t           rownerID;          // 2:R:S:Y:oic.uuid
710 };
711
712 #define SPEC_MAX_VER_LEN (sizeof("core.x.x.x") + 1) // Spec Version length.
713 /**
714  * @def GET_ACL_VER(specVer)
715  * Gets ACL version depending on spec. version.
716  * Version value has "ocf.x.x.x" for ocf device and "core.x.x.x" for oic device.
717  *
718  * @param specVer spec. version string
719  * @return ACL version
720  */
721
722 #define GET_ACL_VER(specVer) ((specVer)[0] == 'o' && (specVer)[1] == 'c' && (specVer)[2] == 'f' ?      \
723                              OIC_SEC_ACL_V2 : OIC_SEC_ACL_V1)
724 #define IS_OIC(specVer) ((specVer)[0] == 'c' && (specVer)[1] == 'o' && (specVer)[2] == 'r' && (specVer)[3] == 'e')
725
726 #ifdef __cplusplus
727 }
728 #endif
729
730 #endif //OC_SECURITY_RESOURCE_TYPES_H