[IOT-2262][IOT-2232][IOT-2305] Fix manufacturer certificate OTM 99/19899/11
authorol.beketov <ol.beketov@samsung.com>
Fri, 19 May 2017 10:52:50 +0000 (13:52 +0300)
committerDmitriy Zhuravlev <d.zhuravlev@samsung.com>
Sat, 20 May 2017 12:14:04 +0000 (12:14 +0000)
Fix for manufacturer certificate ownership transfer

Patch 4: remove workaround and fixed original issue for certOTM

Change-Id: I44bcc2c09f75c3170644e48fc297c8ac323b7405
Signed-off-by: ol.beketov <ol.beketov@samsung.com>
Signed-off-by: Jongsung Lee <js126.lee@samsung.com>
Signed-off-by: ol.beketov <ol.beketov@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/19899
Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: dongik Lee <dongik.lee@samsung.com>
Reviewed-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
resource/csdk/security/provisioning/sample/oic_svr_db_client.dat
resource/csdk/security/provisioning/sample/oic_svr_db_client.json
resource/csdk/security/provisioning/sample/oic_svr_db_server_mfg.dat
resource/csdk/security/provisioning/sample/oic_svr_db_server_mfg.json [new file with mode: 0644]
resource/csdk/security/src/credresource.c
resource/csdk/security/src/doxmresource.c
resource/csdk/security/src/policyengine.c

index 8c7994f..d569fc3 100644 (file)
Binary files a/resource/csdk/security/provisioning/sample/oic_svr_db_client.dat and b/resource/csdk/security/provisioning/sample/oic_svr_db_client.dat differ
index 1f2b4ed..3dd3a74 100644 (file)
@@ -1,4 +1,36 @@
 {\r
+    "cred": {\r
+        "creds": [\r
+            {\r
+                "credid": 1,\r
+                "subjectuuid": "61646d69-6e44-6576-6963-655575696430",\r
+                "credtype": 8,\r
+                "publicdata": {\r
+                    "encoding": "oic.sec.encoding.der",\r
+                    "data": "308201FA3082019FA003020102020105300A06082A8648CE3D04030230683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F434620537562204341301E170D3136313130343134353535335A170D3336313130343134353535335A3068310B3009060355040613024B523110300E060355040A130753616D73756E6731133011060355040B130A4F4346204465766963653132303006035504031329757569643A36313634366436392D366534342D363537362D363936332D3635353537353639363433303059301306072A8648CE3D020106082A8648CE3D030107034200044310BC484A3B33F03B9BC66021B93A2BEA388D49398791C8E10E70437A40548DDA5F389FC16DA44E1A4DDC739D30C1CFD6AC82D141897129D8C162601D804323A33A303830360603551D11042F302D822B7573657269643A38646561366332642D653064392D346536342D383035632D333230316638376336633934300A06082A8648CE3D0403020349003046022100C34554A93FCF4EA1A9CC9783A7F29B6CC2B86FEBCB15495DEECD8548EAB3414B02210090CDD6731FE3BE7E2BE5F13F178B9A59E8DAC8EFBEFBFE4D9F456F629E73AA55"\r
+                },\r
+                "credusage": "oic.sec.cred.mfgcert",\r
+                "privatedata": {\r
+                    "encoding": "oic.sec.encoding.raw",\r
+                    "data": "3077020101042074A0348F8CB40E58FABAFAC494C4472CA04BECFEA6340276DFB4BA2F609F1A6FA00A06082A8648CE3D030107A144034200044310BC484A3B33F03B9BC66021B93A2BEA388D49398791C8E10E70437A40548DDA5F389FC16DA44E1A4DDC739D30C1CFD6AC82D141897129D8C162601D804323"\r
+                }\r
+            },\r
+            {\r
+                "credid": 2,\r
+                "subjectuuid": "*",\r
+                "credtype": 8,\r
+                "optionaldata": {\r
+                    "encoding": "oic.sec.encoding.der",\r
+                    "data": "308201CF30820175A003020102020101300A06082A8648CE3D04030230683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F434620537562204341301E170D3136313130343132343933325A170D3336313130343132343933325A30683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F4346205375622043413059301306072A8648CE3D020106082A8648CE3D03010703420004A334EF1F497964DF840DF2F5BA2BFD6A0241FAD9C0D8E88A71821A46FD5CF800F5099627BD5473AE495678EB2D6F62474CFAC6C1C8B9DB47FA86373AB8330EBCA310300E300C0603551D13040530030101FF300A06082A8648CE3D0403020348003045022100AF5E06A44002579F13F47B19F299078A7B35FB6B2C707F7CC926319F744F2BB40220533AC74FA77F42AAFEAA2EED7E1BA2A440DEA6A99C7C3377D86AC4231B1D6D3B",\r
+                    "revstat": false\r
+                },\r
+                "credusage": "oic.sec.cred.mfgtrustca"\r
+            }\r
+        ],\r
+        "rowneruuid": "00000000-0000-0000-0000-000000000000",\r
+        "rt": ["oic.r.cred"],\r
+        "if": ["oic.if.baseline"]\r
+    },\r
     "acl": {\r
         "aclist2": [\r
             {\r
                 "permission": 14\r
             }\r
         ],\r
-        "rowneruuid" : "61646D69-6E44-6576-6963-655575696430"\r
+        "rowneruuid": "61646d69-6e44-6576-6963-655575696430",\r
+        "rt": ["oic.r.acl"],\r
+        "if": ["oic.if.baseline"]\r
     },\r
     "pstat": {\r
-        "dos": {"s": 3, "p": false},\r
+        "dos": {\r
+            "s": 3,\r
+            "p": false\r
+        },\r
         "isop": true,\r
         "cm": 0,\r
         "tm": 0,\r
         "om": 4,\r
         "sm": 4,\r
-        "deviceuuid": "61646D69-6E44-6576-6963-655575696430",\r
-        "rowneruuid": "61646D69-6E44-6576-6963-655575696430"\r
+        "rowneruuid": "61646d69-6e44-6576-6963-655575696430",\r
+        "rt": ["oic.r.pstat"],\r
+        "if": ["oic.if.baseline"]\r
     },\r
     "doxm": {\r
         "oxms": [0],\r
@@ -58,6 +96,8 @@
         "owned": true,\r
         "deviceuuid": "61646D69-6E44-6576-6963-655575696430",\r
         "devowneruuid": "61646D69-6E44-6576-6963-655575696430",\r
-        "rowneruuid": "61646D69-6E44-6576-6963-655575696430"\r
+        "rowneruuid": "61646D69-6E44-6576-6963-655575696430",\r
+        "rt": ["oic.r.doxm"],\r
+        "if": ["oic.if.baseline"]\r
     }\r
 }\r
index d914a09..ab836c1 100644 (file)
Binary files a/resource/csdk/security/provisioning/sample/oic_svr_db_server_mfg.dat and b/resource/csdk/security/provisioning/sample/oic_svr_db_server_mfg.dat differ
diff --git a/resource/csdk/security/provisioning/sample/oic_svr_db_server_mfg.json b/resource/csdk/security/provisioning/sample/oic_svr_db_server_mfg.json
new file mode 100644 (file)
index 0000000..5098025
--- /dev/null
@@ -0,0 +1,104 @@
+{\r
+   "cred": {\r
+      "creds": [\r
+         {\r
+            "credid": 1,\r
+            "subjectuuid": "4d617566-6163-7475-7265-724365727430",\r
+            "credtype": 8,\r
+            "publicdata": {\r
+               "encoding": "oic.sec.encoding.der",\r
+               "data": "308201F93082019FA003020102020107300A06082A8648CE3D04030230683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F434620537562204341301E170D3136313130343135303830395A170D3336313130343135303830395A3068310B3009060355040613024B523110300E060355040A130753616D73756E6731133011060355040B130A4F4346204465766963653132303006035504031329757569643A36613735373337342D373736662D373236622D343436352D3736353537353639363433303059301306072A8648CE3D020106082A8648CE3D03010703420004A86446F9A4B5A424922F4FB16730C80B21BEF558F792517D7737FDC49FD8CF982910F617805698DD4EE4DDA6C3B30918246B4D3540C74B836B1ECAC1A122B1BAA33A303830360603551D11042F302D822B7573657269643A36373434363731642D323936332D346339322D613862622D333831313762343836353865300A06082A8648CE3D0403020348003045022100D75F26C5D486782C9C8CDAAF3CB60562298E873EDD1C297C64A4112989CF8C65022060625A591EEA2E1B58E1A52B1AD9F086C5F1F265BE8FB8C024CB6C9FC69C9FCC"\r
+            },\r
+            "credusage": "oic.sec.cred.mfgcert",\r
+            "privatedata": {\r
+               "encoding": "oic.sec.encoding.raw",\r
+               "data": "3078020101042100E00D6E162B33F56D50B40E57288DF284F76D5CE7F1F800F7559882AB126B5813A00A06082A8648CE3D030107A14403420004A86446F9A4B5A424922F4FB16730C80B21BEF558F792517D7737FDC49FD8CF982910F617805698DD4EE4DDA6C3B30918246B4D3540C74B836B1ECAC1A122B1BA"\r
+            }\r
+         },\r
+         {\r
+            "credid": 2,\r
+            "subjectuuid": "*",\r
+            "credtype": 8,\r
+            "optionaldata": {\r
+               "encoding": "oic.sec.encoding.der",\r
+               "data": "308201CF30820175A003020102020101300A06082A8648CE3D04030230683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F434620537562204341301E170D3136313130343132343933325A170D3336313130343132343933325A30683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F4346205375622043413059301306072A8648CE3D020106082A8648CE3D03010703420004A334EF1F497964DF840DF2F5BA2BFD6A0241FAD9C0D8E88A71821A46FD5CF800F5099627BD5473AE495678EB2D6F62474CFAC6C1C8B9DB47FA86373AB8330EBCA310300E300C0603551D13040530030101FF300A06082A8648CE3D0403020348003045022100AF5E06A44002579F13F47B19F299078A7B35FB6B2C707F7CC926319F744F2BB40220533AC74FA77F42AAFEAA2EED7E1BA2A440DEA6A99C7C3377D86AC4231B1D6D3B",\r
+               "revstat": false\r
+            },\r
+            "credusage": "oic.sec.cred.mfgtrustca"\r
+         }\r
+      ],\r
+      "rowneruuid": "4d617566-6163-7475-7265-724365727430",\r
+      "rt": ["oic.r.cred"],\r
+      "if": ["oic.if.baseline"]\r
+   },\r
+   "acl": {\r
+      "aclist2": [\r
+            {\r
+                "aceid": 1,\r
+                "subject": { "conntype": "anon-clear" },\r
+                "resources": [\r
+                    { "href": "/oic/res" },\r
+                    { "href": "/oic/d" },\r
+                    { "href": "/oic/p"}\r
+                ],\r
+                "permission": 2\r
+            },\r
+            {\r
+                "aceid": 2,\r
+                "subject": { "conntype": "auth-crypt" },\r
+                "resources": [\r
+                    { "href": "/oic/res" },\r
+                    { "href": "/oic/d" },\r
+                    { "href": "/oic/p"}\r
+                ],\r
+                "permission": 2\r
+            },\r
+            {\r
+                "aceid": 3,\r
+                "subject": { "conntype": "anon-clear" },\r
+                "resources": [\r
+                    { "href": "/oic/sec/doxm" }\r
+                ],\r
+                "permission": 14\r
+            },\r
+            {\r
+                "aceid": 4,\r
+                "subject": { "conntype": "auth-crypt" },\r
+                "resources": [\r
+                    { "href": "/oic/sec/doxm" },\r
+                    { "href": "/oic/sec/roles" }\r
+                ],\r
+                "permission": 14\r
+            }\r
+        ],\r
+      "rowneruuid": "4d617566-6163-7475-7265-724365727430",\r
+      "rt": ["oic.r.acl"],\r
+      "if": ["oic.if.baseline"]\r
+   },\r
+   "pstat": {\r
+      "dos": {\r
+         "s": 1,\r
+         "p": false\r
+      },\r
+      "isop": false,\r
+      "cm": 2,\r
+      "tm": 0,\r
+      "om": 4,\r
+      "sm": 4,\r
+      "rowneruuid": "4d617566-6163-7475-7265-724365727430",\r
+      "rt": ["oic.r.pstat"],\r
+      "if": ["oic.if.baseline"]\r
+   },\r
+   "doxm": {\r
+      "oxms": [0, 1, 2],\r
+      "oxmsel": 2,\r
+      "sct": 1,\r
+      "owned": false,\r
+      "deviceuuid": "4d617566-6163-7475-7265-724365727430",\r
+      "devowneruuid": "4d617566-6163-7475-7265-724365727430",\r
+      "rowneruuid": "4d617566-6163-7475-7265-724365727430",\r
+      "x.org.iotivity.dpc": true,\r
+      "rt": ["oic.r.doxm"],\r
+      "if": ["oic.if.baseline"]\r
+   }\r
+}
\ No newline at end of file
index c2a4acb..a062a0c 100644 (file)
@@ -3236,15 +3236,15 @@ static OCStackResult GetCaCert(ByteArray_t * crt, const char * usage, OicEncodin
                 }
 
                 uint8_t *oldData = crt->data;
-                crt->data = OICRealloc(crt->data, crt->len + temp->optionalData.len);
+                crt->data = OICRealloc(crt->data, crt->len + pemLen);
                 if (NULL == crt->data)
                 {
                     OIC_LOG(ERROR, TAG, "No memory reallocating crt->data");
                     OICFree(oldData);
                     return OC_STACK_NO_MEMORY;
                 }
-                memcpy(crt->data + crt->len, temp->optionalData.data, temp->optionalData.len);
-                crt->len += temp->optionalData.len;
+                memcpy(crt->data + crt->len, pem, pemLen);
+                crt->len += pemLen;
             }
         }
     }
@@ -3543,7 +3543,7 @@ void GetDerKey(ByteArray_t * key, const char * usage)
                 mbedtls_pem_free(&ctx);
                 break;
             }
-            else if(temp->privateData.encoding == OIC_ENCODING_DER)
+            else if(temp->privateData.encoding == OIC_ENCODING_DER || temp->privateData.encoding == OIC_ENCODING_RAW)
             {
                 uint8_t *tmp = OICRealloc(key->data, key->len + temp->privateData.len);
                 if (NULL == tmp)
index a689851..40737c3 100644 (file)
@@ -1598,7 +1598,7 @@ static OCEntityHandlerResult HandleDoxmPostRequest(OCEntityHandlerRequest * ehRe
                         ehRet = OC_EH_ERROR;
                     }
 
-                    RegisterOTMSslHandshakeCallback(NULL);
+                    RegisterOTMSslHandshakeCallback(DoxmDTLSHandshakeCB);
                     CAResult_t caRes = CAEnableAnonECDHCipherSuite(false);
                     VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
                     OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
index f0fb8f2..a41aaff 100644 (file)
@@ -100,9 +100,9 @@ static bool IsRequestFromDevOwner(SRMRequestContext_t *context)
         if (!retVal)
         {
             OIC_LOG(DEBUG, TAG, "Owner UUID  :");
-            OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&doxm->owner.id, sizeof(&doxm->owner.id));
+            OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&doxm->owner.id, sizeof(OicUuid_t));
             OIC_LOG(DEBUG, TAG, "Request UUID:");
-            OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&context->subjectUuid.id, sizeof(&context->subjectUuid.id));
+            OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&context->subjectUuid.id, sizeof(OicUuid_t));
         }
     }
 exit: