Refactor PSK Credential retrieval interface 09/3009/6
authorSachin Agrawal <sachin.agrawal@intel.com>
Fri, 25 Sep 2015 18:20:29 +0000 (11:20 -0700)
committerSachin Agrawal <sachin.agrawal@intel.com>
Mon, 28 Sep 2015 22:04:46 +0000 (22:04 +0000)
When CA requests PSK credentials during DTLS handshake, SRM retrieves
credential for all devices and provides it to CA. This is un-necessary
and is in-efficient approach. Updated code to only provide credential
which has been requested by tinydtls.

Change-Id: Ie9bdc0ff1236b9f1f198215d211a682df416e731
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/3009
Reviewed-by: Jon A. Cruz <jonc@osg.samsung.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
14 files changed:
resource/csdk/connectivity/api/cainterface.h
resource/csdk/connectivity/api/casecurityinterface.h [new file with mode: 0644]
resource/csdk/connectivity/build/tizen/packaging/com.oic.ca.spec
resource/csdk/connectivity/external/inc/ocsecurityconfig.h [deleted file]
resource/csdk/connectivity/inc/caadapternetdtls.h
resource/csdk/connectivity/samples/android/casample/sampleService/src/main/jni/ResourceModel.c
resource/csdk/connectivity/samples/linux/sample_main.c
resource/csdk/connectivity/samples/tizen/casample.c
resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c
resource/csdk/connectivity/src/caconnectivitymanager.c
resource/csdk/connectivity/test/ca_api_unittest.cpp
resource/csdk/security/include/internal/credresource.h
resource/csdk/security/provisioning/src/oxmrandompin.c
resource/csdk/security/src/credresource.c

index ca67e76..6b4d8a2 100644 (file)
  * Connectivity Abstraction Interface APIs.
  */
 #include "cacommon.h"
-
-#ifdef __WITH_DTLS__
-#include "ocsecurityconfig.h"
-#endif
-#ifdef __WITH_X509__
-#include "pki.h"
-#endif //__WITH_X509__
+#include "casecurityinterface.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -93,66 +87,6 @@ typedef struct
 
 #endif //RA_ADAPTER
 
-#ifdef __WITH_DTLS__
-
-/**
- * Binary blob containing device identity and the credentials for all devices
- * trusted by this device.
- */
-typedef struct
-{
-   unsigned char identity[DTLS_PSK_ID_LEN]; /** identity of self. */
-   uint32_t num;                            /** number of credentials in this blob. */
-   OCDtlsPskCreds *creds;                   /** list of credentials. Size of this
-                                                array is determined by 'num' variable. */
-} CADtlsPskCredsBlob_t;
-
-/**
- * Callback function type for getting DTLS credentials.
- * @param[out]   credInfo     DTLS credentials info. Handler has to allocate new memory for.
- *                            both credInfo and credInfo->creds which is then freed by CA.
- */
-typedef void (*CAGetDTLSCredentialsHandler)(CADtlsPskCredsBlob_t **credInfo);
-#endif //__WITH_DTLS__
-
-#ifdef __WITH_X509__
-/**
- * Binary structure containing certificate chain and certificate credentials
- * for this device.
- */
-typedef struct
-{
-    // certificate message  for DTLS
-    unsigned char certificateChain[MAX_CERT_MESSAGE_LEN];
-    // length of the certificate message
-    uint32_t  certificateChainLen;
-    // number of certificates in  certificate message
-    uint8_t   chainLen;
-    // x component of EC public key
-    uint8_t   rootPublicKeyX[PUBLIC_KEY_SIZE / 2];
-    // y component of EC public key
-    uint8_t   rootPublicKeyY[PUBLIC_KEY_SIZE / 2];
-    // EC private key
-    uint8_t   devicePrivateKey[PRIVATE_KEY_SIZE];
-
-} CADtlsX509Creds_t;
-
-/**
- * @brief   Callback function type for getting certificate credentials.
- * @param   credInfo          [OUT] Certificate credentials info. Handler has to allocate new memory for
- *                                  credInfo which is then freed by CA
- * @return  NONE
- */
-typedef int (*CAGetDTLSX509CredentialsHandler)(CADtlsX509Creds_t *credInfo);
-/**
- * @brief   Callback function type for getting CRL.
- * @param   crlInfo          [OUT] Certificate credentials info. Handler has to allocate new memory for
- *                                  credInfo which is then freed by CA
- * @return  NONE
- */
-typedef void (*CAGetDTLSCrlHandler)(ByteArray crlInfo);
-#endif //__WITH_X509__
-
 /**
  * Initialize the connectivity abstraction module.
  * It will initialize adapters, thread pool and other modules based on the platform
@@ -196,30 +130,6 @@ CAResult_t CAStartDiscoveryServer();
 void CARegisterHandler(CARequestCallback ReqHandler, CAResponseCallback RespHandler,
                        CAErrorCallback ErrorHandler);
 
-#ifdef __WITH_DTLS__
-/**
- * Register callback to get DTLS PSK credentials.
- * @param[in]   GetDTLSCredentials    GetDTLS Credetials callback.
- * @return  ::CA_STATUS_OK
- */
-CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSCredentialsHandler GetDTLSCredentials);
-#endif //__WITH_DTLS__
-
-#ifdef __WITH_X509__
-/**
- * @brief   Register callback to get DTLS Cert credentials.
- * @param   GetCertCredentials   [IN] GetCert Credetials callback
- * @return  #CA_STATUS_OK
- */
-CAResult_t CARegisterDTLSX509CredentialsHandler(CAGetDTLSX509CredentialsHandler GetX509Credentials);
-/**
- * @brief   Register callback to get CRL.
- * @param   GetCrl   [IN] GetCrl callback
- * @return  #CA_STATUS_OK
- */
-CAResult_t CARegisterDTLSCrlHandler(CAGetDTLSCrlHandler GetCrl);
-#endif //__WITH_X509__
-
 /**
  * Create an endpoint description.
  * @param[in]   flags                 how the adapter should be used.
@@ -330,83 +240,6 @@ CAResult_t CASetRAInfo(const CARAInfo_t *caraInfo);
 #endif
 
 
-#ifdef __WITH_DTLS__
-
-/**
- * Select the cipher suite for dtls handshake.
- *
- * @param[in] cipher  cipher suite (Note : Make sure endianness).
- *                    0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA
- *                    0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
- *                    0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- *
- * @retval  ::CA_STATUS_OK    Successful.
- * @retval  ::CA_STATUS_INVALID_PARAM  Invalid input arguments.
- * @retval  ::CA_STATUS_FAILED Operation failed.
- */
-CAResult_t CASelectCipherSuite(const uint16_t cipher);
-
-/**
- * Enable TLS_ECDH_anon_WITH_AES_128_CBC_SHA cipher suite in dtls.
- *
- * @param[in] enable  TRUE/FALSE enables/disables anonymous cipher suite.
- *
- * @retval  ::CA_STATUS_OK    Successful.
- * @retval  ::CA_STATUS_FAILED Operation failed.
- *
- * @note anonymous cipher suite should only be enabled for 'JustWorks' provisioning.
- */
-CAResult_t CAEnableAnonECDHCipherSuite(const bool enable);
-
-
-/**
- * Generate ownerPSK using PRF.
- * OwnerPSK = TLS-PRF('master key' , 'oic.sec.doxm.jw',
- *                    'ID of new device(Resource Server)',
- *                    'ID of owner smart-phone(Provisioning Server)')
- *
- * @param[in] endpoint  information of network address.
- * @param[in] label  Ownership transfer method e.g)"oic.sec.doxm.jw".
- * @param[in] labelLen  Byte length of label.
- * @param[in] rsrcServerDeviceID  ID of new device(Resource Server).
- * @param[in] rsrcServerDeviceIDLen  Byte length of rsrcServerDeviceID.
- * @param[in] provServerDeviceID  label of previous owner.
- * @param[in] provServerDeviceIDLen  byte length of provServerDeviceID.
- * @param[in,out] ownerPSK  Output buffer for owner PSK.
- * @param[in] ownerPSKSize  Byte length of the ownerPSK to be generated.
- *
- * @retval  ::CA_STATUS_OK    Successful.
- * @retval  ::CA_STATUS_FAILED Operation failed.
- */
-CAResult_t CAGenerateOwnerPSK(const CAEndpoint_t *endpoint,
-                              const uint8_t* label, const size_t labelLen,
-                              const uint8_t* rsrcServerDeviceID,
-                              const size_t rsrcServerDeviceIDLen,
-                              const uint8_t* provServerDeviceID,
-                              const size_t provServerDeviceIDLen,
-                              uint8_t* ownerPSK, const size_t ownerPSKSize);
-
-/**
- * Initiate DTLS handshake with selected cipher suite.
- *
- * @param[in] endpoint  information of network address.
- *
- * @retval  ::CA_STATUS_OK    Successful.
- * @retval  ::CA_STATUS_FAILED Operation failed.
- */
-CAResult_t CAInitiateHandshake(const CAEndpoint_t *endpoint);
-
-/**
- * Close the DTLS session.
- *
- * @param[in] endpoint  information of network address.
- *
- * @retval  ::CA_STATUS_OK    Successful.
- * @retval  ::CA_STATUS_FAILED Operation failed.
- */
-CAResult_t CACloseDtlsSession(const CAEndpoint_t *endpoint);
-
-#endif /* __WITH_DTLS__ */
 
 #ifdef __cplusplus
 } /* extern "C" */
diff --git a/resource/csdk/connectivity/api/casecurityinterface.h b/resource/csdk/connectivity/api/casecurityinterface.h
new file mode 100644 (file)
index 0000000..fb8afdb
--- /dev/null
@@ -0,0 +1,218 @@
+/* *****************************************************************
+ *
+ * Copyright 2015 Samsung Electronics All Rights Reserved.
+ *
+ *
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ******************************************************************/
+
+/**
+ * @file
+ *
+ * This file contains the Security APIs for Resource Model to use.
+ */
+
+#ifndef CA_SECURITY_INTERFACE_H_
+#define CA_SECURITY_INTERFACE_H_
+
+#ifdef __WITH_X509__
+#include "pki.h"
+#endif //__WITH_X509__
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+
+#ifdef __WITH_DTLS__
+/**
+ * @enum CADtlsPskCredType_t
+ * Type of PSK credential required during DTLS handshake
+ * It does not make much sense in bringing in all definitions from dtls.h into here.
+ * Therefore, redefining them here.
+ */
+typedef enum
+{
+    CA_DTLS_PSK_HINT,
+    CA_DTLS_PSK_IDENTITY,
+    CA_DTLS_PSK_KEY
+} CADtlsPskCredType_t;
+
+/**
+ * This internal callback is used by CA layer to
+ * retrieve PSK credentials from SRM.
+ *
+ * @param[in]  type type of PSK data required by CA layer during DTLS handshake set.
+ * @param[in]  desc    Additional request information.
+ * @param[in]  desc_len The actual length of desc.
+ * @param[out] result  Must be filled with the requested information.
+ * @param[in]  result_length  Maximum size of @p result.
+ *
+ * @return The number of bytes written to @p result or a value
+ *         less than zero on error.
+ */
+typedef int (*CAGetDTLSPskCredentialsHandler)( CADtlsPskCredType_t type,
+                     const unsigned char *desc, size_t desc_len,
+                     unsigned char *result, size_t result_length);
+
+/**
+ * Register callback to get DTLS PSK credentials.
+ * @param[in]   GetDTLSCredentials    GetDTLS Credetials callback.
+ * @return  ::CA_STATUS_OK
+ */
+CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSPskCredentialsHandler GetDTLSCredentials);
+
+#endif //__WITH_DTLS__
+
+#ifdef __WITH_X509__
+/**
+ * Binary structure containing certificate chain and certificate credentials
+ * for this device.
+ */
+typedef struct
+{
+    // certificate message  for DTLS
+    unsigned char certificateChain[MAX_CERT_MESSAGE_LEN];
+    // length of the certificate message
+    uint32_t  certificateChainLen;
+    // number of certificates in  certificate message
+    uint8_t   chainLen;
+    // x component of EC public key
+    uint8_t   rootPublicKeyX[PUBLIC_KEY_SIZE / 2];
+    // y component of EC public key
+    uint8_t   rootPublicKeyY[PUBLIC_KEY_SIZE / 2];
+    // EC private key
+    uint8_t   devicePrivateKey[PRIVATE_KEY_SIZE];
+
+} CADtlsX509Creds_t;
+
+/**
+ * @brief   Callback function type for getting certificate credentials.
+ * @param   credInfo          [OUT] Certificate credentials info. Handler has to allocate new memory for
+ *                                  credInfo which is then freed by CA
+ * @return  NONE
+ */
+typedef int (*CAGetDTLSX509CredentialsHandler)(CADtlsX509Creds_t *credInfo);
+/**
+ * @brief   Callback function type for getting CRL.
+ * @param   crlInfo          [OUT] Certificate credentials info. Handler has to allocate new memory for
+ *                                  credInfo which is then freed by CA
+ * @return  NONE
+ */
+typedef void (*CAGetDTLSCrlHandler)(ByteArray crlInfo);
+
+/**
+ * @brief   Register callback to get DTLS Cert credentials.
+ * @param   GetCertCredentials   [IN] GetCert Credetials callback
+ * @return  #CA_STATUS_OK
+ */
+CAResult_t CARegisterDTLSX509CredentialsHandler(CAGetDTLSX509CredentialsHandler GetX509Credentials);
+/**
+ * @brief   Register callback to get CRL.
+ * @param   GetCrl   [IN] GetCrl callback
+ * @return  #CA_STATUS_OK
+ */
+CAResult_t CARegisterDTLSCrlHandler(CAGetDTLSCrlHandler GetCrl);
+#endif //__WITH_X509__
+
+
+#ifdef __WITH_DTLS__
+
+/**
+ * Select the cipher suite for dtls handshake.
+ *
+ * @param[in] cipher  cipher suite (Note : Make sure endianness).
+ *                    0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA
+ *                    0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
+ *                    0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+ *
+ * @retval  ::CA_STATUS_OK    Successful.
+ * @retval  ::CA_STATUS_INVALID_PARAM  Invalid input arguments.
+ * @retval  ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CASelectCipherSuite(const uint16_t cipher);
+
+/**
+ * Enable TLS_ECDH_anon_WITH_AES_128_CBC_SHA cipher suite in dtls.
+ *
+ * @param[in] enable  TRUE/FALSE enables/disables anonymous cipher suite.
+ *
+ * @retval  ::CA_STATUS_OK    Successful.
+ * @retval  ::CA_STATUS_FAILED Operation failed.
+ *
+ * @note anonymous cipher suite should only be enabled for 'JustWorks' provisioning.
+ */
+CAResult_t CAEnableAnonECDHCipherSuite(const bool enable);
+
+
+/**
+ * Generate ownerPSK using PRF.
+ * OwnerPSK = TLS-PRF('master key' , 'oic.sec.doxm.jw',
+ *                    'ID of new device(Resource Server)',
+ *                    'ID of owner smart-phone(Provisioning Server)')
+ *
+ * @param[in] endpoint  information of network address.
+ * @param[in] label  Ownership transfer method e.g)"oic.sec.doxm.jw".
+ * @param[in] labelLen  Byte length of label.
+ * @param[in] rsrcServerDeviceID  ID of new device(Resource Server).
+ * @param[in] rsrcServerDeviceIDLen  Byte length of rsrcServerDeviceID.
+ * @param[in] provServerDeviceID  label of previous owner.
+ * @param[in] provServerDeviceIDLen  byte length of provServerDeviceID.
+ * @param[in,out] ownerPSK  Output buffer for owner PSK.
+ * @param[in] ownerPSKSize  Byte length of the ownerPSK to be generated.
+ *
+ * @retval  ::CA_STATUS_OK    Successful.
+ * @retval  ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CAGenerateOwnerPSK(const CAEndpoint_t *endpoint,
+                              const uint8_t* label, const size_t labelLen,
+                              const uint8_t* rsrcServerDeviceID,
+                              const size_t rsrcServerDeviceIDLen,
+                              const uint8_t* provServerDeviceID,
+                              const size_t provServerDeviceIDLen,
+                              uint8_t* ownerPSK, const size_t ownerPSKSize);
+
+/**
+ * Initiate DTLS handshake with selected cipher suite.
+ *
+ * @param[in] endpoint  information of network address.
+ *
+ * @retval  ::CA_STATUS_OK    Successful.
+ * @retval  ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CAInitiateHandshake(const CAEndpoint_t *endpoint);
+
+/**
+ * Close the DTLS session.
+ *
+ * @param[in] endpoint  information of network address.
+ *
+ * @retval  ::CA_STATUS_OK    Successful.
+ * @retval  ::CA_STATUS_FAILED Operation failed.
+ */
+CAResult_t CACloseDtlsSession(const CAEndpoint_t *endpoint);
+
+#endif /* __WITH_DTLS__ */
+
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+
+#endif /* CA_SECURITY_INTERFACE_H_ */
+
index 8533188..1602200 100644 (file)
@@ -52,6 +52,7 @@ cp -rf %{ROOTDIR}/con/inc/caipadapter.h* %{DEST_INC_DIR}/
 cp -rf %{ROOTDIR}/con/inc/caedradapter.h* %{DEST_INC_DIR}/
 cp -rf %{ROOTDIR}/con/inc/caleadapter.h* %{DEST_INC_DIR}/
 cp -rf %{ROOTDIR}/con/api/cainterface.h* %{DEST_INC_DIR}/
+cp -rf %{ROOTDIR}/con/api/casecurityinterface.h* %{DEST_INC_DIR}/
 cp -rf %{ROOTDIR}/com.oic.ca.pc %{DEST_LIB_DIR}/pkgconfig/
 
 
diff --git a/resource/csdk/connectivity/external/inc/ocsecurityconfig.h b/resource/csdk/connectivity/external/inc/ocsecurityconfig.h
deleted file mode 100644 (file)
index c7af532..0000000
+++ /dev/null
@@ -1,64 +0,0 @@
- //*******************************************************************
- //
- // Copyright 2014 Intel Mobile Communications GmbH All Rights Reserved.
- //
- //
- //
- // Licensed under the Apache License, Version 2.0 (the "License");
- // you may not use this file except in compliance with the License.
- // You may obtain a copy of the License at
- //
- //      http://www.apache.org/licenses/LICENSE-2.0
- //
- // Unless required by applicable law or agreed to in writing, software
- // distributed under the License is distributed on an "AS IS" BASIS,
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- // See the License for the specific language governing permissions and
- // limitations under the License.
- //
- //
- //******************************************************************
-/**
- * @file
- *
- * This file contains all the constants which can be configured/modified as
- * per platform or security specific product usage scenarios.
- */
-
-
-#ifndef OC_SECURITY_CONFIG_H
-#define OC_SECURITY_CONFIG_H
-
-#include <stdint.h>
-
-#define DTLS_PSK_ID_LEN 16
-#define DTLS_PSK_PSK_LEN 16
-
-#define DtlsPskCredsBlobVer_1 1 /**< Credentials stored in plaintext */
-#define DtlsPskCredsBlobVer_CurrentVersion DtlsPskCredsBlobVer_1
-
-/**
- * Credentials for a device. Includes identity and the associated PSK.
- */
-typedef struct
-{
-   unsigned char id[DTLS_PSK_ID_LEN];
-   unsigned char psk[DTLS_PSK_PSK_LEN];
-} OCDtlsPskCreds;
-
-/**
- * Binary blob containing device identity and the credentials for all devices
- * trusted by this device.
- */
-typedef struct
-{
-   unsigned char identity[DTLS_PSK_ID_LEN]; /** identity of self */
-   uint32_t num;                            /** number of credentials in this blob */
-   OCDtlsPskCreds creds[1];                 /** list of credentials. Size of this
-                                                array is determined by 'num' variable. */
-} OCDtlsPskCredsBlob;
-
-#endif //OC_SECURITY_CONFIG_H
-
-
-
index d766451..1ef7fb6 100644 (file)
@@ -24,7 +24,6 @@
 #include "uarraylist.h"
 #include "camutex.h"
 #include "caadapterutils.h"
-#include "ocsecurityconfig.h"
 #include "cainterface.h"
 #include "cacommon.h"
 
  */
 #define MAX_SUPPORTED_ADAPTERS 2
 
-/**
- * The implementation will be provided by OIC RI layer.
- */
-extern void OCGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo);
-
 typedef void (*CAPacketReceivedCallback)(const CASecureEndpoint_t *sep,
                                          const void *data, uint32_t dataLength);
 
@@ -130,9 +124,9 @@ void CADTLSSetAdapterCallbacks(CAPacketReceivedCallback recvCallback,
 
 /**
  * Register callback to get DTLS PSK credentials.
- * @param[in]  credCallback    callback to get DTLS credentials.
+ * @param[in]  credCallback    callback to get DTLS PSK credentials.
  */
-void CADTLSSetCredentialsCallback(CAGetDTLSCredentialsHandler credCallback);
+void CADTLSSetCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback);
 
 /**
  * Select the cipher suite for dtls handshake
index 0c62fff..c041f83 100644 (file)
 #define  LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
 #define  LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
 
-/**
- * @def RS_IDENTITY
- * @brief
- */
-#define IDENTITY     ("1111111111111111")
-/* @def RS_CLIENT_PSK
- * @brief
- */
-#define RS_CLIENT_PSK   ("AAAAAAAAAAAAAAAA")
+// Iotivity Device Identity.
+const unsigned char IDENTITY[] = ("1111111111111111");
+
+// PSK between this device and peer device.
+const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
 
 #define PORT_LENGTH 5
 #define SECURE_DEFAULT_PORT 5684
@@ -104,80 +100,61 @@ Java_org_iotivity_ca_service_RMInterface_setNativeResponseListener(JNIEnv *env,
 }
 
 #ifdef __WITH_DTLS__
-static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
-
-void clearDtlsCredentialInfo()
-{
-    LOGI("clearDtlsCredentialInfo IN");
-    if (pskCredsBlob)
-    {
-        // Initialize sensitive data to zeroes before freeing.
-        if (NULL != pskCredsBlob->creds)
-        {
-            memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds)*(pskCredsBlob->num));
-            free(pskCredsBlob->creds);
-        }
-
-        memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
-        free(pskCredsBlob);
-        pskCredsBlob = NULL;
-    }
-    LOGI("clearDtlsCredentialInfo OUT");
-}
-
 // Internal API. Invoked by OC stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+int32_t CAGetDtlsPskCredentials( CADtlsPskCredType_t type,
+              const unsigned char *desc, size_t desc_len,
+              unsigned char *result, size_t result_length)
 {
     LOGI("CAGetDtlsPskCredentials IN");
-    *credInfo = (CADtlsPskCredsBlob_t *) malloc(sizeof(CADtlsPskCredsBlob_t));
-    if (NULL == *credInfo)
+
+    int32_t ret = -1;
+
+    if (NULL == result)
     {
-        LOGE("Failed to allocate credential blob.");
-        return;
+        return ret;
     }
 
-    int16_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
-    (*credInfo)->creds = (OCDtlsPskCreds *) malloc(credLen);
-    if (NULL == (*credInfo)->creds)
+    switch (type)
     {
-        LOGE("Failed to allocate crentials.");
-        free(*credInfo);
-        *credInfo = NULL;
-        return;
-    }
+        case CA_DTLS_PSK_HINT:
+        case CA_DTLS_PSK_IDENTITY:
 
-    memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
-    (*credInfo)->num = pskCredsBlob->num;
-    memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
+            if (result_length < sizeof(IDENTITY))
+            {
+                LOGE("ERROR : Wrong value for result for storing IDENTITY");
+                return ret;
+            }
 
-    LOGI("CAGetDtlsPskCredentials OUT");
-}
+            memcpy(result, IDENTITY, sizeof(IDENTITY));
+            ret = sizeof(IDENTITY);
+            break;
 
-CAResult_t SetCredentials()
-{
-    LOGI("SetCredentials IN");
-    pskCredsBlob = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
-    if (NULL == pskCredsBlob)
-    {
-        LOGE("Memory allocation failed!");
-        return CA_MEMORY_ALLOC_FAILED;
-    }
-    memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
+        case CA_DTLS_PSK_KEY:
 
-    pskCredsBlob->num = 1;
+            if ((desc_len == sizeof(IDENTITY)) &&
+                memcmp(desc, IDENTITY, sizeof(IDENTITY)) == 0)
+            {
+                if (result_length < sizeof(RS_CLIENT_PSK))
+                {
+                    LOGE("ERROR : Wrong value for result for storing RS_CLIENT_PSK");
+                    return ret;
+                }
 
-    pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) *(pskCredsBlob->num));
-    if (NULL == pskCredsBlob->creds)
-    {
-        LOGE("Memory allocation failed!");
-        return CA_MEMORY_ALLOC_FAILED;
+                memcpy(result, RS_CLIENT_PSK, sizeof(RS_CLIENT_PSK));
+                ret = sizeof(RS_CLIENT_PSK);
+            }
+            break;
+
+        default:
+
+            LOGE("Wrong value passed for PSK_CRED_TYPE.");
+            ret = -1;
     }
-    memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
-    memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
 
-    LOGI("SetCredentials OUT");
-    return CA_STATUS_OK;
+    LOGI("CAGetDtlsPskCredentials OUT\n");
+    return ret;
 }
+
 #endif
 
 JNIEXPORT jint JNI_OnLoad(JavaVM *jvm, void *reserved)
@@ -232,12 +209,6 @@ Java_org_iotivity_ca_service_RMInterface_RMInitialize(JNIEnv *env, jobject obj,
     }
 
 #ifdef __WITH_DTLS__
-    if (CA_STATUS_OK != SetCredentials())
-    {
-        LOGE("SetCredentials failed");
-        return;
-    }
-
     res = CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials);
     if(CA_STATUS_OK != res)
     {
index 0a40dab..57063bf 100644 (file)
@@ -28,9 +28,6 @@
 #include "cacommon.h"
 #include "cainterface.h"
 #include "oic_string.h"
-#ifdef __WITH_DTLS__
-#include "ocsecurityconfig.h"
-#endif
 
 #define MAX_BUF_LEN 1024
 #define MAX_OPT_LEN 16
 #define BLOCK_SIZE(arg) (1 << ((arg) + 4))
 #endif
 
-/**
- * @def RS_IDENTITY
- * @brief
- */
-#define IDENTITY     ("1111111111111111")
-/* @def RS_CLIENT_PSK
- * @brief
- */
-#define RS_CLIENT_PSK   ("AAAAAAAAAAAAAAAA")
+// Iotivity Device Identity.
+const unsigned char IDENTITY[] = ("1111111111111111");
+
+// PSK between this device and peer device.
+const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
 
 int g_received;
 uint16_t g_local_secure_port = SECURE_DEFAULT_PORT;
@@ -119,27 +112,6 @@ static const char NORMAL_INFO_DATA[] =
                                      "\"if\":[\"oic.if.baseline\"],\"obs\":1}}]}";
 
 #ifdef __WITH_DTLS__
-static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
-
-void clearDtlsCredentialInfo()
-{
-    printf("clearDtlsCredentialInfo IN\n");
-    if (pskCredsBlob)
-    {
-        // Initialize sensitive data to zeroes before freeing.
-        if (pskCredsBlob->creds)
-        {
-            memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
-            free(pskCredsBlob->creds);
-        }
-
-        memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
-        free(pskCredsBlob);
-        pskCredsBlob = NULL;
-    }
-    printf("clearDtlsCredentialInfo OUT\n");
-}
-
 #ifdef __WITH_X509__
 int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo)
 {
@@ -150,72 +122,64 @@ int * GetCRLResource()
 {
     return (int*) NULL;
 }
-#endif
+#endif //__WITH_X509__
 
 // Internal API. Invoked by CA stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+int32_t CAGetDtlsPskCredentials( CADtlsPskCredType_t type,
+              const unsigned char *desc, size_t desc_len,
+              unsigned char *result, size_t result_length)
 {
     printf("CAGetDtlsPskCredentials IN\n");
-    if(!credInfo)
-    {
-        printf("Invalid credential container");
-        return;
-    }
 
-    *credInfo = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
-    if (NULL == *credInfo)
+    int32_t ret = -1;
+
+    if (NULL == result)
     {
-        printf("Failed to allocate credential blob.");
-        return;
+        return ret;
     }
 
-    size_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
-    (*credInfo)->creds = (OCDtlsPskCreds *)malloc(credLen);
-    if (NULL == (*credInfo)->creds)
+    switch (type)
     {
-        printf("Failed to allocate credentials.");
-        free(*credInfo);
-        *credInfo = NULL;
-        return;
-    }
+        case CA_DTLS_PSK_HINT:
+        case CA_DTLS_PSK_IDENTITY:
 
-    memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
-    (*credInfo)->num = pskCredsBlob->num;
-    memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
+            if (result_length < sizeof(IDENTITY))
+            {
+                printf("ERROR : Wrong value for result for storing IDENTITY");
+                return ret;
+            }
 
-    printf("CAGetDtlsPskCredentials OUT\n");
-}
+            memcpy(result, IDENTITY, sizeof(IDENTITY));
+            ret = sizeof(IDENTITY);
+            break;
 
+        case CA_DTLS_PSK_KEY:
 
-CAResult_t SetCredentials()
-{
-    printf("SetCredentials IN\n");
-    pskCredsBlob = (CADtlsPskCredsBlob_t *)calloc(1, sizeof(CADtlsPskCredsBlob_t));
-    if (NULL == pskCredsBlob)
-    {
-        printf("Memory allocation failed!\n");
-        return CA_MEMORY_ALLOC_FAILED;
-     }
-    memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
+            if ((desc_len == sizeof(IDENTITY)) &&
+                memcmp(desc, IDENTITY, sizeof(IDENTITY)) == 0)
+            {
+                if (result_length < sizeof(RS_CLIENT_PSK))
+                {
+                    printf("ERROR : Wrong value for result for storing RS_CLIENT_PSK");
+                    return ret;
+                }
 
+                memcpy(result, RS_CLIENT_PSK, sizeof(RS_CLIENT_PSK));
+                ret = sizeof(RS_CLIENT_PSK);
+            }
+            break;
 
-    pskCredsBlob->num = 1;
+        default:
 
-    pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
-    if (NULL == pskCredsBlob->creds)
-    {
-        printf("Memory allocation failed!\n");
-        free(pskCredsBlob);
-        return CA_MEMORY_ALLOC_FAILED;
+            printf("Wrong value passed for PSK_CRED_TYPE.");
+            ret = -1;
     }
 
-    memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
-    memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
-
-    printf("SetCredentials OUT\n");
-    return CA_STATUS_OK;
+    printf("CAGetDtlsPskCredentials OUT\n");
+    return ret;
 }
-#endif
+
+#endif //__WITH_DTLS__
 
 int main()
 {
@@ -238,22 +202,12 @@ int main()
         return -1;
     }
 
-    /*
-    * Read DTLS PSK credentials from persistent storage and
-    * set in the OC stack.
-    */
+    // Set the PSK Credentials callback handler.
 #ifdef __WITH_DTLS__
-    res = SetCredentials();
-    if (CA_STATUS_OK != res)
-    {
-        printf("SetCredentials failed\n");
-        return -1;
-    }
-
     res = CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials);
     if (CA_STATUS_OK != res)
     {
-        printf("Set credential handler fail\n");
+        printf("Register credential handler fail\n");
         return -1;
     }
 #endif
@@ -268,9 +222,6 @@ int main()
     g_last_request_token = NULL;
 
     CATerminate();
-#ifdef __WITH_DTLS__
-    clearDtlsCredentialInfo();
-#endif
     return 0;
 }
 
index 8c2651e..b86a50d 100644 (file)
@@ -28,9 +28,6 @@
 #include "cacommon.h"
 #include "cainterface.h"
 
-#ifdef __WITH_DTLS__
-#include "ocsecurityconfig.h"
-#endif
 /**
  * @def MAX_BUF_LEN
  * @brief maximum buffer length
 #define COAPS_PREFIX         "coaps://"
 #define COAPS_PREFIX_LEN     8
 
-/**
- * @def RS_IDENTITY
- * @brief
- */
-#define IDENTITY     ("1111111111111111")
-/* @def RS_CLIENT_PSK
- * @brief
- */
-#define RS_CLIENT_PSK   ("AAAAAAAAAAAAAAAA")
+// Iotivity Device Identity.
+const unsigned char IDENTITY[] = ("1111111111111111");
+
+// PSK between this device and peer device.
+const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
 
 /**
  * Max size for big payload.
@@ -129,88 +122,59 @@ static const char NORMAL_INFO_DATA[] =
     "\"if\":[\"oic.if.baseline\"],\"obs\":1}}]}";
 
 #ifdef __WITH_DTLS__
-static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
-
-void clearDtlsCredentialInfo()
-{
-    printf("clearDtlsCredentialInfo IN\n");
-    if (pskCredsBlob)
-    {
-        // Initialize sensitive data to zeroes before freeing.
-        if (pskCredsBlob->creds)
-        {
-            memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
-            free(pskCredsBlob->creds);
-        }
-
-        memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
-        free(pskCredsBlob);
-        pskCredsBlob = NULL;
-    }
-    printf("clearDtlsCredentialInfo OUT\n");
-}
-
 // Internal API. Invoked by CA stack to retrieve credentials from this module.
-void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+int32_t CAGetDtlsPskCredentials( CADtlsPskCredType_t type,
+              const unsigned char *desc, size_t desc_len,
+              unsigned char *result, size_t result_length)
 {
     printf("CAGetDtlsPskCredentials IN\n");
 
-    if(NULL == credInfo)
-    {
-        printf("Invalid credential container");
-        return;
-    }
+    int32_t ret = -1;
 
-    *credInfo = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
-    if (NULL == *credInfo)
+    if (NULL == result)
     {
-        printf("Failed to allocate credential blob.");
-        return;
+        return ret;
     }
 
-    int16_t credLen = sizeof(OCDtlsPskCreds) * (pskCredsBlob->num);
-    (*credInfo)->creds = (OCDtlsPskCreds *)malloc(credLen);
-    if (NULL == (*credInfo)->creds)
+    switch (type)
     {
-        printf("Failed to allocate credentials.");
-        free(*credInfo);
-        *credInfo = NULL;
-        return;
-    }
+        case CA_DTLS_PSK_HINT:
+        case CA_DTLS_PSK_IDENTITY:
 
-    memcpy((*credInfo)->identity, pskCredsBlob->identity, DTLS_PSK_ID_LEN);
-    (*credInfo)->num = pskCredsBlob->num;
-    memcpy((*credInfo)->creds, pskCredsBlob->creds, credLen);
+            if (result_length < sizeof(IDENTITY))
+            {
+                printf("ERROR : Wrong value for result for storing IDENTITY");
+                return ret;
+            }
 
-    printf("CAGetDtlsPskCredentials OUT\n");
-}
+            memcpy(result, IDENTITY, sizeof(IDENTITY));
+            ret = sizeof(IDENTITY);
+            break;
 
-CAResult_t SetCredentials()
-{
-    printf("SetCredentials IN\n");
-    pskCredsBlob = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
-    if (NULL == pskCredsBlob)
-    {
-        printf("Memory allocation failed!\n");
-        return CA_MEMORY_ALLOC_FAILED;
-    }
-    memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
+        case CA_DTLS_PSK_KEY:
 
-    pskCredsBlob->num = 1;
+            if ((desc_len == sizeof(IDENTITY)) &&
+                memcmp(desc, IDENTITY, sizeof(IDENTITY)) == 0)
+            {
+                if (result_length < sizeof(RS_CLIENT_PSK))
+                {
+                    printf("ERROR : Wrong value for result for storing RS_CLIENT_PSK");
+                    return ret;
+                }
 
-    pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
-    if (NULL == pskCredsBlob->creds)
-    {
-        printf("Memory allocation failed!\n");
-        free(pskCredsBlob);
-        return CA_MEMORY_ALLOC_FAILED;
-    }
+                memcpy(result, RS_CLIENT_PSK, sizeof(RS_CLIENT_PSK));
+                ret = sizeof(RS_CLIENT_PSK);
+            }
+            break;
 
-    memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
-    memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
+        default:
 
-    printf("SetCredentials OUT\n");
-    return CA_STATUS_OK;
+            printf("Wrong value passed for PSK_CRED_TYPE.");
+            ret = -1;
+    }
+
+    printf("CAGetDtlsPskCredentials OUT\n");
+    return ret;
 }
 #endif
 
@@ -263,18 +227,8 @@ int main()
         return -1;
     }
 
-    /*
-     * Read DTLS PSK credentials from persistent storage and
-     * set in the OC stack.
-     */
+    // Set the PSK Credentials callback handler.
 #ifdef __WITH_DTLS__
-    res = SetCredentials();
-    if (CA_STATUS_OK != res)
-    {
-        printf("SetCredentials failed\n");
-        return -1;
-    }
-
     res = CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials);
     if (CA_STATUS_OK != res)
     {
@@ -291,9 +245,6 @@ int main()
     CADestroyToken(g_last_request_token);
 
     CATerminate();
-#ifdef __WITH_DTLS__
-    clearDtlsCredentialInfo();
-#endif
     return 0;
 }
 
index 4ef1397..599423c 100644 (file)
@@ -62,7 +62,7 @@ static ca_mutex g_dtlsContextMutex = NULL;
  * @var g_getCredentialsCallback
  * @brief callback to get DTLS credentials
  */
-static CAGetDTLSCredentialsHandler g_getCredentialsCallback = NULL;
+static CAGetDTLSPskCredentialsHandler g_getCredentialsCallback = NULL;
 
 #ifdef __WITH_X509__
 /**
@@ -540,66 +540,27 @@ static int32_t CAGetPskCredentials(dtls_context_t *ctx,
     }
 
     VERIFY_NON_NULL_RET(g_getCredentialsCallback, NET_DTLS_TAG, "GetCredential callback", -1);
-    VERIFY_NON_NULL_RET(result, NET_DTLS_TAG, "result", -1);
-
-    CADtlsPskCredsBlob_t *credInfo = NULL;
 
     // Retrieve the credentials blob from security module
-    g_getCredentialsCallback(&credInfo);
-
-    VERIFY_NON_NULL_RET(credInfo, NET_DTLS_TAG, "credInfo is NULL", -1);
-    if(NULL == credInfo->creds)
-    {
-        OIC_LOG(DEBUG, NET_DTLS_TAG, "credentials are NULL");
-        memset(credInfo, 0, sizeof(CADtlsPskCredsBlob_t));
-        OICFree(credInfo);
-        return -1;
-    }
+    ret =  g_getCredentialsCallback(type, desc, descLen, result, resultLen);
 
-    if ((type == DTLS_PSK_HINT) || (type == DTLS_PSK_IDENTITY))
+    if (ret > 0)
     {
-        if (DTLS_PSK_ID_LEN <= resultLen)
-        {
-            memcpy(result, credInfo->identity, DTLS_PSK_ID_LEN);
-            ret = DTLS_PSK_ID_LEN;
-        }
-    }
+        // TODO SRM needs identity of the remote end-point with every data packet to
+        // perform access control management. tinyDTLS 'frees' the handshake parameters
+        // data structure when handshake completes. Therefore, currently this is a
+        // workaround to cache remote end-point identity when tinyDTLS asks for PSK.
+        stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
+        char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
+        uint16_t port = 0;
+        CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
 
-    if ((type == DTLS_PSK_KEY) && (desc) && (descLen == DTLS_PSK_PSK_LEN))
-    {
-        // Check if we have the credentials for the device with which we
-        // are trying to perform a handshake
-        for (uint32_t index = 0; index < credInfo->num; index++)
+        if(CA_STATUS_OK != CAAddIdToPeerInfoList(peerAddr, port, desc, descLen) )
         {
-            if (memcmp(desc, credInfo->creds[index].id, DTLS_PSK_ID_LEN) == 0)
-            {
-                // TODO SRM needs identity of the remote end-point with every data packet to
-                // perform access control management. tinyDTLS 'frees' the handshake parameters
-                // data structure when handshake completes. Therefore, currently this is a
-                // workaround to cache remote end-point identity when tinyDTLS asks for PSK.
-                stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
-                char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
-                uint16_t port = 0;
-                CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
-
-                if(CA_STATUS_OK != CAAddIdToPeerInfoList(peerAddr, port, desc, descLen) )
-                {
-                    OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
-                }
-                memcpy(result, credInfo->creds[index].psk, DTLS_PSK_PSK_LEN);
-                ret = DTLS_PSK_PSK_LEN;
-            }
+            OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
         }
     }
 
-    // Erase sensitive data before freeing.
-    memset(credInfo->creds, 0, sizeof(OCDtlsPskCreds) * (credInfo->num));
-    OICFree(credInfo->creds);
-
-    memset(credInfo, 0, sizeof(CADtlsPskCredsBlob_t));
-    OICFree(credInfo);
-    credInfo = NULL;
-
     return ret;
 }
 
@@ -628,7 +589,7 @@ void CADTLSSetAdapterCallbacks(CAPacketReceivedCallback recvCallback,
     OIC_LOG(DEBUG, NET_DTLS_TAG, "OUT");
 }
 
-void CADTLSSetCredentialsCallback(CAGetDTLSCredentialsHandler credCallback)
+void CADTLSSetCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback)
 {
     // TODO Does this method needs protection of DtlsContextMutex ?
     OIC_LOG(DEBUG, NET_DTLS_TAG, "IN");
index 690772b..cc54c4a 100644 (file)
@@ -47,7 +47,7 @@ static bool g_isInitialized = false;
 #ifdef __WITH_DTLS__
 // CAAdapterNetDTLS will register the callback.
 // Taking callback all the way through adapters not the right approach, hence calling here.
-extern void CADTLSSetCredentialsCallback(CAGetDTLSCredentialsHandler credCallback);
+extern void CADTLSSetCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback);
 #endif
 
 #ifdef __WITH_X509__
@@ -126,7 +126,7 @@ void CARegisterHandler(CARequestCallback ReqHandler, CAResponseCallback RespHand
 }
 
 #ifdef __WITH_DTLS__
-CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSCredentialsHandler GetDTLSCredentialsHandler)
+CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSPskCredentialsHandler GetDTLSCredentialsHandler)
 {
     OIC_LOG(DEBUG, TAG, "CARegisterDTLSCredentialsHandler");
 
index 299d39a..433cf8c 100644 (file)
@@ -82,66 +82,68 @@ static const char NORMAL_INFO_DATA[] =
 
 #ifdef __WITH_DTLS__
 
-/**
- * @def RS_IDENTITY
- * @brief
- */
-#define IDENTITY     ("1111111111111111")
-/* @def RS_CLIENT_PSK
- * @brief
- */
-#define RS_CLIENT_PSK   ("AAAAAAAAAAAAAAAA")
-
-static CADtlsPskCredsBlob_t *pskCredsBlob = NULL;
-
-void clearDtlsCredentialInfo()
-{
-    printf("clearDtlsCredentialInfo IN\n");
-    if (pskCredsBlob)
-    {
-        // Initialize sensitive data to zeroes before freeing.
-        memset(pskCredsBlob->creds, 0, sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
-        free(pskCredsBlob->creds);
+// Iotivity Device Identity.
+const unsigned char IDENTITY[] = ("1111111111111111");
 
-        memset(pskCredsBlob, 0, sizeof(CADtlsPskCredsBlob_t));
-        free(pskCredsBlob);
-        pskCredsBlob = NULL;
-    }
-    printf("clearDtlsCredentialInfo OUT\n");
-}
+// PSK between this device and peer device.
+const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA");
 
-// Internal API. Invoked by OC stack to retrieve credentials from this module
-void CAGetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+// Internal API. Invoked by CA stack to retrieve credentials from this module
+int32_t CAGetDtlsPskCredentials( CADtlsPskCredType_t type,
+              const unsigned char *desc, size_t desc_len,
+              unsigned char *result, size_t result_length)
 {
     printf("CAGetDtlsPskCredentials IN\n");
 
-    if (pskCredsBlob != NULL)
+    int32_t ret = -1;
+
+    if (NULL == result)
     {
-        *credInfo = pskCredsBlob;
+        return ret;
     }
 
-    printf("CAGetDtlsPskCredentials OUT\n");
-}
-
-int32_t SetCredentials()
-{
-    printf("SetCredentials IN\n");
-    pskCredsBlob = (CADtlsPskCredsBlob_t *)malloc(sizeof(CADtlsPskCredsBlob_t));
-
-    memset(pskCredsBlob, 0x0, sizeof(CADtlsPskCredsBlob_t));
-    memcpy(pskCredsBlob->identity, IDENTITY, DTLS_PSK_ID_LEN);
-
-    pskCredsBlob->num = 1;
-
-    pskCredsBlob->creds = (OCDtlsPskCreds *)malloc(sizeof(OCDtlsPskCreds) * (pskCredsBlob->num));
+    switch (type)
+    {
+        case CA_DTLS_PSK_HINT:
+        case CA_DTLS_PSK_IDENTITY:
+
+            if (result_length < sizeof(IDENTITY))
+            {
+                printf("ERROR : Wrong value for result for storing IDENTITY");
+                return ret;
+            }
+
+            memcpy(result, IDENTITY, sizeof(IDENTITY));
+            ret = sizeof(IDENTITY);
+            break;
+
+        case CA_DTLS_PSK_KEY:
+
+            if ((desc_len == sizeof(IDENTITY)) &&
+                memcmp(desc, IDENTITY, sizeof(IDENTITY)) == 0)
+            {
+                if (result_length < sizeof(RS_CLIENT_PSK))
+                {
+                    printf("ERROR : Wrong value for result for storing RS_CLIENT_PSK");
+                    return ret;
+                }
+
+                memcpy(result, RS_CLIENT_PSK, sizeof(RS_CLIENT_PSK));
+                ret = sizeof(RS_CLIENT_PSK);
+            }
+            break;
+
+        default:
+
+            printf("Wrong value passed for PSK_CRED_TYPE.");
+            ret = -1;
+    }
 
-    memcpy(pskCredsBlob->creds[0].id, IDENTITY, DTLS_PSK_ID_LEN);
-    memcpy(pskCredsBlob->creds[0].psk, RS_CLIENT_PSK, DTLS_PSK_PSK_LEN);
 
-    printf("SetCredentials OUT\n");
-    return 1;
+    printf("CAGetDtlsPskCredentials OUT\n");
+    return ret;
 }
-#endif
+#endif  //__WITH_DTLS__
 
 int main(int argc, char **argv)
 {
@@ -494,11 +496,6 @@ TEST_F (CATests, GetNetworkInformationTestGood)
 TEST_F(CATests, RegisterDTLSCredentialsHandlerTest)
 {
 #ifdef __WITH_DTLS__
-    if (SetCredentials() == 0)
-    {
-        printf("SetCredentials failed\n");
-    }
-
     EXPECT_EQ(CA_STATUS_OK, CARegisterDTLSCredentialsHandler(CAGetDtlsPskCredentials));
 #endif
 }
index 9af4e20..ae092df 100644 (file)
@@ -21,7 +21,6 @@
 #ifndef IOTVT_SRM_CREDR_H
 #define IOTVT_SRM_CREDR_H
 
-#include "ocsecurityconfig.h"
 #include "cainterface.h"
 #include "securevirtualresourcetypes.h"
 #include "octypes.h"
@@ -116,15 +115,18 @@ OCStackResult RemoveCredential(const OicUuid_t* credId);
  * This internal callback is used by lower stack (i.e. CA layer) to
  * retrieve PSK credentials from RI security layer.
  *
- * Note: When finished, caller should initialize memory to zeroes and
- * invoke OCFree to delete @p credInfo.
+ * @param[in]  type type of PSK data required by CA layer during DTLS handshake.
+ * @param[in]  desc Additional request information.
+ * @param[in]  desc_len The actual length of desc.
+ * @param[out] result  Must be filled with the requested information.
+ * @param[in]  result_length  Maximum size of @p result.
  *
- * @param credInfo
- *     binary blob containing PSK credentials
- *
- * @retval none
+ * @return The number of bytes written to @p result or a value
+ *         less than zero on error.
  */
-void GetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo);
+int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
+              const unsigned char *desc, size_t desc_len,
+              unsigned char *result, size_t result_length);
 
 /**
  * Add temporal PSK to PIN based OxM
index a3c76bc..ec069a0 100644 (file)
@@ -21,7 +21,6 @@
 #include <memory.h>
 
 #include "ocstack.h"
-#include "ocsecurityconfig.h"
 #include "securevirtualresourcetypes.h"
 #include "doxmresource.h"
 #include "credresource.h"
index 2e5fced..79163ea 100644 (file)
@@ -850,79 +850,88 @@ const OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
  * This internal callback is used by lower stack (i.e. CA layer) to
  * retrieve PSK credentials from RI security layer.
  *
- * Note: When finished, caller should initialize memory to zeros and
- * invoke OICFree to delete @p credInfo.
+ * @param[in]  type type of PSK data required by tinyDTLS layer during DTLS handshake.
+ * @param[in]  desc Additional request information.
+ * @param[in]  desc_len The actual length of desc.
+ * @param[out] result  Must be filled with the requested information.
+ * @param[in]  result_length  Maximum size of @p result.
  *
- * @param credInfo
- *     binary blob containing PSK credentials
- *
- * @retval none
+ * @return The number of bytes written to @p result or a value
+ *         less than zero on error.
  */
-void GetDtlsPskCredentials(CADtlsPskCredsBlob_t **credInfo)
+int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
+              const unsigned char *desc, size_t desc_len,
+              unsigned char *result, size_t result_length)
 {
-    CADtlsPskCredsBlob_t * caBlob = NULL;
-    if(credInfo)
-    {
-        caBlob = (CADtlsPskCredsBlob_t *)OICCalloc(sizeof(CADtlsPskCredsBlob_t), 1);
-        if (caBlob)
-        {
-            OicUuid_t deviceID = {.id={}};
+    int32_t ret = -1;
 
-            // Retrieve Device ID from doxm resource and copy in PSK creds blob
-            VERIFY_SUCCESS(TAG, GetDoxmDeviceID(&deviceID) == OC_STACK_OK, ERROR);
-            memcpy(caBlob->identity, deviceID.id, sizeof(caBlob->identity));
+    if (NULL == result)
+    {
+        return ret;
+    }
 
-            OicSecCred_t *cred = NULL;
-            size_t count = 0;
-            LL_FOREACH(gCred, cred)
+    switch (type)
+    {
+        case CA_DTLS_PSK_HINT:
+        case CA_DTLS_PSK_IDENTITY:
             {
-                // Currently, Iotivity supports only symmetric pair wise key credentials
-                if (cred->credType == SYMMETRIC_PAIR_WISE_KEY)
+                OicUuid_t deviceID = {.id={}};
+                // Retrieve Device ID from doxm resource
+                if ( OC_STACK_OK != GetDoxmDeviceID(&deviceID) )
                 {
-                    ++count;
+                    OC_LOG (ERROR, TAG, "Unable to retrieve doxm Device ID");
+                    return ret;
                 }
+
+                if (result_length < sizeof(deviceID.id))
+                {
+                    OC_LOG (ERROR, TAG, "Wrong value for result_length");
+                    return ret;
+                }
+                memcpy(result, deviceID.id, sizeof(deviceID.id));
+                return (sizeof(deviceID.id));
             }
-            caBlob->num = count;
-            if (caBlob->num)
-            {
-                caBlob->creds =
-                    (OCDtlsPskCreds*) OICMalloc(caBlob->num * sizeof(OCDtlsPskCreds));
-                VERIFY_NON_NULL(TAG, caBlob->creds, ERROR);
+            break;
 
-                unsigned int i = 0;
+        case CA_DTLS_PSK_KEY:
+            {
+                OicSecCred_t *cred = NULL;
                 LL_FOREACH(gCred, cred)
                 {
-                    if ((cred->credType == SYMMETRIC_PAIR_WISE_KEY) &&
-                            (i < count))
-
+                    if (cred->credType != SYMMETRIC_PAIR_WISE_KEY)
                     {
-                        // Copy subject ID
-                        memcpy(caBlob->creds[i].id, cred->subject.id,
-                                sizeof(caBlob->creds[i].id));
+                        continue;
+                    }
 
-                        // Convert PSK from JSON to binary before copying
+                    if ((desc_len == sizeof(cred->subject.id)) &&
+                        (memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
+                    {
+                        // Convert PSK from Base64 encoding to binary before copying
                         uint32_t outLen = 0;
                         B64Result b64Ret = b64Decode(cred->privateData.data,
-                                strlen(cred->privateData.data), caBlob->creds[i].psk,
-                                sizeof(caBlob->creds[i].psk), &outLen);
-                        VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
-                        i++;
+                                strlen(cred->privateData.data), result,
+                                result_length, &outLen);
+                        if (B64_OK != b64Ret)
+                        {
+                            OC_LOG (ERROR, TAG, "Base64 decoding failed.");
+                            ret = -1;
+                            return ret;
+                        }
+                        return outLen;
                     }
                 }
             }
-        }
-        *credInfo = caBlob;
-        // Return from here after making the credential list
-        return;
-    }
+            break;
 
-exit:
-    if (caBlob)
-    {
-        memset(caBlob->creds, 0, caBlob->num * sizeof(OCDtlsPskCreds));
-        OICFree(caBlob->creds);
+        default:
+            {
+                OC_LOG (ERROR, TAG, "Wrong value passed for CADtlsPskCredType_t.");
+                ret = -1;
+            }
+            break;
     }
-    OICFree(caBlob);
+
+    return ret;
 }
 
 /**