[IOT-2748] Fix OCProvisionSymmetricRoleCredentials 11/22611/2
authorAlex Kelley <alexke@microsoft.com>
Mon, 25 Sep 2017 22:54:10 +0000 (15:54 -0700)
committerNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Wed, 27 Sep 2017 05:51:38 +0000 (05:51 +0000)
This chanage updates OCProvisionSymmetricRoleCredentials to use internal
APIs that change the DOS state before and after updating credentials.

Change-Id: I351ee00c9a1a182d8ffe41f73c5eaf4eda4dfb52
Signed-off-by: Alex Kelley <alexke@microsoft.com>
resource/csdk/security/provisioning/include/internal/secureresourceprovider.h
resource/csdk/security/provisioning/src/ocprovisioningmanager.c
resource/csdk/security/provisioning/src/secureresourceprovider.c

index 49728b9..94fc9a5 100644 (file)
@@ -239,14 +239,22 @@ OCStackResult SRPProvisionCredentials(void *ctx,OicSecCredType_t type, size_t ke
  * @param[in] keySize size of key
  * @param[in] pDev1 Pointer to PMOwnedDeviceInfo_t instance, representing the resource to be provisioned.
  * @param[in] pDev2 Pointer to PMOwnedDeviceInfo_t instance, representing the resource to be provisioned.
+ * @param[in] role1 When provisioning a PSK (type is SYMMETRIC_PAIR_WISE_KEY), this is the role which
+ *                  the device indicated by pDev1 will also have when communicating with pDev2. Use NULL
+ *                  to associate no role with this credential.
+ * @param[in] role2 When provisioning a PSK (type is SYMMETRIC_PAIR_WISE_KEY), this is the role which
+ *                  the device indicated by pDev1 will also have when communicating with pDev2. Use NULL
+ *                  to associate no role with this credential.
  * @param[in] resultCallback callback provided by API user, callback will be called when
  *            provisioning request recieves a response from first resource server.
  * @return OC_STACK_OK in case of success and other value otherwise.
  */
 OCStackResult SRPProvisionCredentialsDos(void *ctx,OicSecCredType_t type, size_t keySize,
-                                      const OCProvisionDev_t *pDev1,
-                                      const OCProvisionDev_t *pDev2,
-                                      OCProvisionResultCB resultCallback);
+                                         const OCProvisionDev_t *pDev1,
+                                         const OCProvisionDev_t *pDev2,
+                                         const OicSecRole_t *role1,
+                                         const OicSecRole_t *role2,
+                                         OCProvisionResultCB resultCallback);
 
 /**
  * Function to unlink devices.
index 384a700..17835a7 100644 (file)
@@ -499,8 +499,7 @@ OCStackResult OC_CALL OCProvisionCredentials(void *ctx, OicSecCredType_t type, s
                                              const OCProvisionDev_t *pDev2,
                                              OCProvisionResultCB resultCallback)
 {
-    return SRPProvisionCredentialsDos(ctx, type, keySize,
-                                      pDev1, pDev2, resultCallback);
+    return SRPProvisionCredentialsDos(ctx, type, keySize, pDev1, pDev2, NULL, NULL, resultCallback);
 }
 
 /**
@@ -527,7 +526,7 @@ OCStackResult OC_CALL OCProvisionSymmetricRoleCredentials(void *ctx, OicSecCredT
                                                           const OicSecRole_t *role2,
                                                           OCProvisionResultCB resultCallback)
 {
-    return SRPProvisionCredentials(ctx, type, keySize, pDev1, pDev2, NULL, role1, role2, resultCallback);
+    return SRPProvisionCredentialsDos(ctx, type, keySize, pDev1, pDev2, role1, role2, resultCallback);
 }
 
 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
@@ -1275,8 +1274,7 @@ OCStackResult OC_CALL OCProvisionPairwiseDevices(void* ctx, OicSecCredType_t typ
     link->resultCallback = resultCallback;
     link->currentCountResults = 0;
     link->resArr = (OCProvisionResult_t*) OICMalloc(sizeof(OCProvisionResult_t)*noOfResults);
-    res = SRPProvisionCredentialsDos(link, type, keySize,
-                                     pDev1, pDev2, &ProvisionCredsCB);
+    res = SRPProvisionCredentialsDos(link, type, keySize, pDev1, pDev2, NULL, NULL, &ProvisionCredsCB);
     if (res != OC_STACK_OK)
     {
         OICFree(link->resArr);
index 1b8e6b5..f7eb8be 100644 (file)
@@ -192,6 +192,7 @@ static OCStackResult provisionCredentials(OicSecCred_t *cred,
         OCClientResponseHandler responseHandler);
 static OCStackApplicationResult  ProvisionPskCB(void *ctx, OCDoHandle UNUSED,
         OCClientResponse *clientResponse);
+static OCStackResult ProvisionLocalCredential(void *ctx, OicSecCred_t *cred);
 
 typedef enum {
     DEVICE_1_FINISHED,
@@ -489,7 +490,10 @@ static OCStackApplicationResult ProvisionCredentialDosCB1(void *ctx, OCDoHandle
     OIC_LOG_V(DEBUG, TAG, "IN %s", __func__);
     VERIFY_NOT_NULL_RETURN(TAG, ctx, ERROR, OC_STACK_DELETE_TRANSACTION);
     (void) UNUSED;
+    OCStackResult res = OC_STACK_OK;
     CredentialData_t *credData = (CredentialData_t *) ((Data_t *) ctx)->ctx;
+    const OCProvisionDev_t *deviceInfo = credData->deviceInfo[1];
+    OicSecCred_t *credInfo = credData->credInfo[1];
     const OCProvisionResultCB resultCallback = credData->resultCallback;
     if (clientResponse)
     {
@@ -497,10 +501,25 @@ static OCStackApplicationResult ProvisionCredentialDosCB1(void *ctx, OCDoHandle
         {
             // send credentials to second device
             registerResultForCredProvisioning(credData, OC_STACK_RESOURCE_CHANGED, DEVICE_1_FINISHED);
-            OCStackResult res = SetDOS((Data_t *) ctx, DOS_RFPRO, ProvisionPskCB);
+
             // If deviceInfo is NULL, this device is the second device. Don't delete the cred
             // because provisionCredentials added it to the local cred store and it now owns
             // the memory.
+            if (NULL != deviceInfo)
+            {
+                // A second device was specifed. Set the device into RFPRO and send it the cred.
+                res = SetDOS((Data_t *)ctx, DOS_RFPRO, ProvisionPskCB);
+            }
+            else
+            {
+                // A second device was not specified. Add the cred to the local cred store.
+                res = ProvisionLocalCredential(ctx, credInfo);
+            }
+            
+            if ((NULL != deviceInfo) || (OC_STACK_OK != res))
+            {
+                DeleteCredList(credInfo);
+            }
             if (OC_STACK_OK != res)
             {
                 registerResultForCredProvisioning(credData, res, 2);
@@ -620,7 +639,6 @@ static OCStackResult ProvisionCredentialsDos(void *ctx, OicSecCred_t *cred,
         const OCProvisionDev_t *deviceInfo, OCClientResponseHandler responseHandler)
 {
     OCStackResult res = OC_STACK_OK;
-    CredentialData_t *credData = (CredentialData_t *) ((Data_t *) ctx)->ctx;
 
     if (NULL != deviceInfo)
     {
@@ -674,17 +692,29 @@ static OCStackResult ProvisionCredentialsDos(void *ctx, OicSecCred_t *cred,
     }
     else
     {
-        /* Provision this credential to the local cred store. On success, the cred resource takes
-         * ownership of the memory. On failure, ProvisionCredentialDosCB1 will delete the cred object.
-         */
-        res = AddCredential(cred);
-        /* Call the result callback directly. */
-        registerResultForCredProvisioning(credData, OC_STACK_RESOURCE_CHANGED, DEVICE_LOCAL_FINISHED);
-        (credData->resultCallback)(credData->ctx, credData->numOfResults, credData->resArr, false);
-        return res;
+        /* Provision this credential to the local cred store. */
+        return ProvisionLocalCredential(ctx, cred);
     }
 }
 
+/**
+ * Internal function for adding credentials to the local cred store
+ *
+ * @param[in] cred Instance of cred resource.
+ * @return  OC_STACK_OK in case of success and other value otherwise.
+ */
+static OCStackResult ProvisionLocalCredential(void *ctx, OicSecCred_t *cred)
+{
+    CredentialData_t *credData = (CredentialData_t *)((Data_t *)ctx)->ctx;
+
+    OCStackResult res = AddCredential(cred);
+    
+    /* Call the result callback directly. */
+    registerResultForCredProvisioning(credData, OC_STACK_RESOURCE_CHANGED, DEVICE_LOCAL_FINISHED);
+    (credData->resultCallback)(credData->ctx, credData->numOfResults, credData->resArr, false);
+    return res;
+}
+
 /**
  * Updates result in result array of the target device.
  */
@@ -1665,9 +1695,11 @@ OCStackResult SRPProvisionCredentials(void *ctx, OicSecCredType_t type, size_t k
 }
 
 OCStackResult SRPProvisionCredentialsDos(void *ctx, OicSecCredType_t type, size_t keySize,
-                                      const OCProvisionDev_t *pDev1,
-                                      const OCProvisionDev_t *pDev2,
-                                      OCProvisionResultCB resultCallback)
+                                         const OCProvisionDev_t *pDev1,
+                                         const OCProvisionDev_t *pDev2,
+                                         const OicSecRole_t *role1,
+                                         const OicSecRole_t *role2,
+                                         OCProvisionResultCB resultCallback)
 {
     VERIFY_NOT_NULL_RETURN(TAG, pDev1, ERROR,  OC_STACK_INVALID_PARAM);
     if (!resultCallback)
@@ -1682,11 +1714,6 @@ OCStackResult SRPProvisionCredentialsDos(void *ctx, OicSecCredType_t type, size_
         OIC_LOG(INFO, TAG, "SRPProvisionCredentialsDos : Same device ID");
         return OC_STACK_INVALID_PARAM;
     }
-    if (SYMMETRIC_PAIR_WISE_KEY == type && NULL == pDev2)
-    {
-        OIC_LOG(INFO, TAG, "SRPProvisionCredentialsDos : NULL device");
-        return OC_STACK_INVALID_PARAM;
-    }
 
     if (SYMMETRIC_PAIR_WISE_KEY == type &&
        !(OWNER_PSK_LENGTH_128 == keySize || OWNER_PSK_LENGTH_256 == keySize))
@@ -1745,9 +1772,9 @@ OCStackResult SRPProvisionCredentialsDos(void *ctx, OicSecCredType_t type, size_
             OCStackResult res = PMGeneratePairWiseCredentials(type, keySize, &provTooldeviceID,
                                 &pDev1->doxm->deviceID, (NULL != pDev2) ? &pDev2->doxm->deviceID :
                                 &provTooldeviceID,
-                                NULL, NULL,
+                                role1, role2,
                                 &firstCred, &secondCred);
-            VERIFY_SUCCESS_RETURN(TAG, (res == OC_STACK_OK), ERROR, OC_STACK_ERROR);
+            VERIFY_SUCCESS_RETURN(TAG, (OC_STACK_OK == res), ERROR, OC_STACK_ERROR);
             OIC_LOG(INFO, TAG, "Credentials generated successfully");
 
             credData->deviceInfo[0] = pDev1;
@@ -1773,7 +1800,6 @@ OCStackResult SRPProvisionCredentialsDos(void *ctx, OicSecCredType_t type, size_
             }
 
             res = SetDOS(data, DOS_RFPRO, ProvisionPskCB);
-
             if (OC_STACK_OK != res)
             {
                 DeleteCredList(firstCred);