Security error notification engine 23/20323/26
authorsaurabh.s9 <saurabh.s9@samsung.com>
Fri, 1 Sep 2017 05:40:59 +0000 (11:10 +0530)
committerRandeep Singh <randeep.s@samsung.com>
Thu, 14 Sep 2017 03:59:02 +0000 (03:59 +0000)
Purpose:
Errors happens during OCDoResource calls should be returned to app layer

Previously, session errors (handshake failed) didn't returned properly to app layer
and this cause side effects (CA retransmission works in cases when it should not)

Current state:
1. Source code builds ok
2. Secure stack samples (UDP/TCP) works well (both positive/negative cases)
3. Provisioning (OTM, 20th menu item) works well for following:
   a. justworks    positive UDP/TCP, negative UDP case
   b. mfg          positive UDP/TCP, negative UDP case
   c. mv_justworks positive UDP/TCP, negative UDP case
   d. randompin    positive UDP/TCP, negative UDP case
4. OTM in provisioning via TCP - negative case - should work properly after fix IOT-2454

How to test:
1. Positive case - just test samples (f.e secure stack samples) & provisioning with all servers
2. Negative case - add following code which artificially breaks handshake (to ca_adapter_net_ssl.c)
   if (peer->ssl.state == MBEDTLS_SSL_CERTIFICATE_REQUEST)
   {
       ret = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
   }
   And again test all samples and provisioning with all servers.
   As result - you should see an error returned to app immidiately (without timeouts, etc)
   and there should be no CA retransmission attempts (UDP case)

Change-Id: Ia1fe1c7c58f9e40040a0be5e7e83abbc66f80bfe
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Signed-off-by: saurabh.s9 <saurabh.s9@samsung.com>
24 files changed:
resource/csdk/connectivity/api/cacommon.h
resource/csdk/connectivity/api/casecurityinterface.h
resource/csdk/connectivity/inc/ca_adapter_net_ssl.h
resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
resource/csdk/connectivity/src/bt_le_adapter/caleadapter.c
resource/csdk/connectivity/src/caconnectivitymanager.c
resource/csdk/connectivity/src/camessagehandler.c
resource/csdk/connectivity/src/ip_adapter/caipadapter.c
resource/csdk/connectivity/src/tcp_adapter/catcpadapter.c
resource/csdk/connectivity/test/ssladapter_test.cpp
resource/csdk/include/octypes.h
resource/csdk/security/include/internal/doxmresource.h
resource/csdk/security/include/internal/secureresourcemanager.h
resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c
resource/csdk/security/provisioning/src/ownershiptransfermanager.c
resource/csdk/security/provisioning/src/oxmjustworks.c
resource/csdk/security/provisioning/src/oxmmanufacturercert.c
resource/csdk/security/provisioning/src/oxmpreconfpin.c
resource/csdk/security/provisioning/src/oxmrandompin.c
resource/csdk/security/src/directpairing.c
resource/csdk/security/src/doxmresource.c
resource/csdk/security/src/dpairingresource.c
resource/csdk/security/src/secureresourcemanager.c
resource/csdk/stack/src/ocstack.c

index a52326f..5297260 100644 (file)
@@ -369,6 +369,8 @@ typedef enum
     CA_NOT_SUPPORTED,               /**< Not supported */
     CA_STATUS_NOT_INITIALIZED,      /**< Not Initialized*/
     CA_DTLS_AUTHENTICATION_FAILURE, /**< Decryption error in DTLS */
+    CA_CONTINUE_OPERATION,          /**< Error happens but current operation should continue */
+    CA_HANDLE_ERROR_OTHER_MODULE,   /**< Error happens but it should be handled in other module */
     CA_STATUS_FAILED =255           /**< Failure */
     /* Result code - END HERE */
 } CAResult_t;
@@ -712,6 +714,14 @@ typedef void (*CAResponseCallback)(const CAEndpoint_t *object,
 typedef void (*CAErrorCallback)(const CAEndpoint_t *object,
                                 const CAErrorInfo_t *errorInfo);
 
+/**
+ * Callback function type for error.
+ * @param[out]   object           remote device information.
+ * @param[out]   result           error information.
+ */
+typedef CAResult_t (*CAHandshakeErrorCallback)(const CAEndpoint_t *object,
+                                               const CAErrorInfo_t *errorInfo);
+
 /**
  * Callback function type for network status changes delivery from CA common logic.
  * @param[out]   info       Endpoint object from which the network status is changed.
index 0e427a7..6f9ad80 100644 (file)
@@ -136,7 +136,7 @@ CAResult_t CAregisterGetCredentialTypesHandler(CAgetCredentialTypesHandler getCr
  * @param[in] tlsHandshakeCallback callback for get tls handshake result
  * @return ::CA_STATUS_OK
  */
-CAResult_t CAregisterSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback);
+CAResult_t CAregisterSslHandshakeCallback(CAHandshakeErrorCallback tlsHandshakeCallback);
 
 /**
  * Register callback to get TLS PSK credentials.
index ecec0ca..052b9ff 100644 (file)
@@ -26,6 +26,7 @@ extern "C" {
 
 #include "caadapterutils.h"
 #include "cainterface.h"
+#include "caadapterinterface.h"
 
 /**
  * Currently TLS supported adapters(3) WIFI, ETHENET and BLE for linux platform.
@@ -58,15 +59,17 @@ typedef ssize_t (*CAPacketSendCallback)(CAEndpoint_t *endpoint,
 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher);
 
 /**
- * Used set send and recv callbacks for different adapters(WIFI,EtherNet).
+ * Used set send,recv and error callbacks for different adapters(WIFI,EtherNet).
  *
  * @param[in]  recvCallback    packet received callback.
  * @param[in]  sendCallback    packet sent callback.
+ * @param[in]  errorCallback   packet error callback.
  * @param[in]  type  type of adapter.
  *
  */
 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
                               CAPacketSendCallback sendCallback,
+                              CAErrorHandleCallback errorCallback,
                               CATransportAdapter_t type);
 
 /**
@@ -153,7 +156,7 @@ CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint);
  * Register callback to deliver the result of TLS handshake
  * @param[in] tlsHandshakeCallback Callback to receive the result of TLS handshake.
  */
-void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback);
+void CAsetSslHandshakeCallback(CAHandshakeErrorCallback tlsHandshakeCallback);
 
 /**
  * Generate ownerPSK using PRF
index ad52677..87cd3a5 100644 (file)
@@ -188,24 +188,6 @@ do
     (ret) = mbedtls_ssl_close_notify(&(peer)->ssl);                                                \
 } while (MBEDTLS_ERR_SSL_WANT_WRITE == (ret))
 
-/**@def SSL_RES(peer, status)
- *
- * Sets SSL result for callback.
- *
- * @param[in] peer remote peer
- */
-#define SSL_RES(peer, status)                                                                      \
-do                                                                                                 \
-{                                                                                                  \
-    oc_mutex_assert_owner(g_sslContextMutex, true);                                                \
-    if (g_sslCallback)                                                                             \
-    {                                                                                              \
-        CAErrorInfo_t errorInfo;                                                                   \
-        errorInfo.result = (status);                                                               \
-        g_sslCallback(&(peer)->sep.endpoint, &errorInfo);                                          \
-    }                                                                                              \
-} while(false)
-
 /* OCF-defined EKU value indicating an identity certificate, that can be used for
  * TLS client and server authentication.  This is the DER encoding of the OID
  * 1.3.6.1.4.1.44924.1.6.
@@ -367,6 +349,7 @@ typedef struct TlsCallBacks
 {
     CAPacketReceivedCallback recvCallback;  /**< Callback used to send data to upper layer. */
     CAPacketSendCallback sendCallback;      /**< Callback used to send data to socket layer. */
+    CAErrorHandleCallback errorCallback;    /**< Callback used to pass error to upper layer. */
 } SslCallbacks_t;
 
 /**
@@ -433,7 +416,7 @@ static oc_mutex g_sslContextMutex = NULL;
  * @var g_sslCallback
  * @brief callback to deliver the TLS handshake result
  */
-static CAErrorCallback g_sslCallback = NULL;
+static CAHandshakeErrorCallback g_sslCallback = NULL;
 
 /**
  * Data structure for holding the data to be received.
@@ -482,6 +465,24 @@ void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
     OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
 }
 
+/**
+ * Sets SSL result for callback.
+ *
+ * @param[in] peer remote peer
+ */
+static CAResult_t notifySubscriber(SslEndPoint_t* peer, CAResult_t status)
+{
+    CAResult_t result = CA_STATUS_OK;
+    oc_mutex_assert_owner(g_sslContextMutex, true);
+    if (g_sslCallback)
+    {
+        CAErrorInfo_t errorInfo;
+        errorInfo.result = status;
+        result = g_sslCallback(&peer->sep.endpoint, &errorInfo);
+    }
+    return result;
+}
+
 static int GetAdapterIndex(CATransportAdapter_t adapter)
 {
     switch (adapter)
@@ -497,6 +498,9 @@ static int GetAdapterIndex(CATransportAdapter_t adapter)
             return -1;
     }
 }
+
+static void SendCacheMessages(SslEndPoint_t * tep, CAResult_t errorCode);
+
 /**
  * Write callback.
  *
@@ -1018,6 +1022,17 @@ static void DeleteCacheList(u_arraylist_t * cacheList)
 
     OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
 }
+
+static CAResult_t ConvertMbedtlsCodesToCAResult(int code)
+{
+    //TODO:properly implement
+    switch (code)
+    {
+        case 0:  return CA_STATUS_OK;
+        default: return CA_DTLS_AUTHENTICATION_FAILURE;
+    }
+}
+
 /**
  * Deletes endpoint with session.
  *
@@ -1107,14 +1122,25 @@ static bool checkSslOperation(SslEndPoint_t*  peer,
         OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -ret);
 
         // Make a copy of the endpoint, because the callback might
-        // free the peer object, during SSL_RES() below.
+        // free the peer object, during notifySubscriber() below.
         CAEndpoint_t removedEndpoint = (peer)->sep.endpoint;
 
         oc_mutex_lock(g_sslContextMutex);
 
         if (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO != ret)
         {
-            SSL_RES((peer), CA_DTLS_AUTHENTICATION_FAILURE);
+            CAResult_t result = notifySubscriber(peer, CA_DTLS_AUTHENTICATION_FAILURE);
+
+            //return an error to app layer
+            if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
+            {
+                if (CA_STATUS_OK == result)
+                {
+                    result = ConvertMbedtlsCodesToCAResult(ret);
+                }
+
+                SendCacheMessages(peer, result);
+            }
         }
 
         RemovePeerFromList(&removedEndpoint);
@@ -1906,7 +1932,7 @@ CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint,
  *
  * @param[in]  tep    remote address with session info
  */
-static void SendCacheMessages(SslEndPoint_t * tep)
+static void SendCacheMessages(SslEndPoint_t * tep, CAResult_t errorCode)
 {
     OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
 
@@ -1915,6 +1941,16 @@ static void SendCacheMessages(SslEndPoint_t * tep)
 
     VERIFY_NON_NULL_VOID(tep, NET_SSL_TAG, "Param tep is NULL");
 
+    CAErrorHandleCallback sendError = NULL;
+    if (errorCode != CA_STATUS_OK)
+    {
+        int adapterIndex = GetAdapterIndex(tep->sep.endpoint.adapter);
+        if (adapterIndex >= 0)
+        {
+            sendError = g_caSslContext->adapterCallbacks[adapterIndex].errorCallback;
+        }
+    }
+
     size_t listIndex = 0;
     size_t listLength = 0;
     listLength = u_arraylist_length(tep->cacheList);
@@ -1924,26 +1960,34 @@ static void SendCacheMessages(SslEndPoint_t * tep)
         SslCacheMessage_t * msg = (SslCacheMessage_t *) u_arraylist_get(tep->cacheList, listIndex);
         if (NULL != msg && NULL != msg->data && 0 != msg->len)
         {
-            unsigned char *dataBuf = (unsigned char *)msg->data;
-            size_t written = 0;
-
-            do
+            if (CA_STATUS_OK == errorCode)
             {
-                ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
-                if (ret < 0)
+                unsigned char *dataBuf = (unsigned char *)msg->data;
+                size_t written = 0;
+
+                do
                 {
-                    if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
+                    ret = mbedtls_ssl_write(&tep->ssl, dataBuf, msg->len - written);
+                    if (ret < 0)
                     {
-                        OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
-                        break;
+                        if (MBEDTLS_ERR_SSL_WANT_WRITE != ret)
+                        {
+                            OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedTLS write failed! returned -0x%x", -ret);
+                            break;
+                        }
+                        continue;
                     }
-                    continue;
-                }
-                OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
+                    OIC_LOG_V(DEBUG, NET_SSL_TAG, "mbedTLS write returned with sent bytes[%d]", ret);
 
-                dataBuf += ret;
-                written += ret;
-            } while (msg->len > written);
+                    dataBuf += ret;
+                    written += ret;
+                } while (msg->len > written);
+            }
+            else if (NULL != sendError)
+            {
+                //send error info via error callback to app layer
+                sendError(&tep->sep.endpoint, (uint8_t *)msg->data, msg->len, errorCode);
+            }
 
             if (u_arraylist_remove(tep->cacheList, listIndex))
             {
@@ -1966,7 +2010,7 @@ static void SendCacheMessages(SslEndPoint_t * tep)
     OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
 }
 
-void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
+void CAsetSslHandshakeCallback(CAHandshakeErrorCallback tlsHandshakeCallback)
 {
     OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s(%p)", __func__, tlsHandshakeCallback);
 
@@ -2077,10 +2121,11 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
 
         if (MBEDTLS_SSL_HANDSHAKE_OVER == peer->ssl.state)
         {
-            SSL_RES(peer, CA_STATUS_OK);
+            CAResult_t result = notifySubscriber(peer, CA_STATUS_OK);
+
             if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
             {
-                SendCacheMessages(peer);
+                SendCacheMessages(peer, result);
             }
 
             int selectedCipher = peer->ssl.session->ciphersuite;
@@ -2234,28 +2279,28 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
             return CA_STATUS_OK;
         }
 
-        if (0 > ret)
+        int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
+        if (adapterIndex >= 0)
         {
-            OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
-            //SSL_RES(peer, CA_STATUS_FAILED);
-            RemovePeerFromList(&peer->sep.endpoint);
-            oc_mutex_unlock(g_sslContextMutex);
-            return CA_STATUS_FAILED;
-        }
-        else if (0 < ret)
-        {
-            int adapterIndex = GetAdapterIndex(peer->sep.endpoint.adapter);
-            if (0 <= adapterIndex && MAX_SUPPORTED_ADAPTERS > adapterIndex)
-            {
-                g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep, decryptBuffer, ret);
-            }
-            else
+            if (0 > ret)
             {
-                OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
+                OIC_LOG_V(ERROR, NET_SSL_TAG, "mbedtls_ssl_read returned -0x%x", -ret);
+                g_caSslContext->adapterCallbacks[adapterIndex].errorCallback(&peer->sep.endpoint, peer->recBuf.buff, peer->recBuf.len, CA_STATUS_FAILED);
                 RemovePeerFromList(&peer->sep.endpoint);
                 oc_mutex_unlock(g_sslContextMutex);
                 return CA_STATUS_FAILED;
             }
+            else if (0 < ret)
+            {
+                g_caSslContext->adapterCallbacks[adapterIndex].recvCallback(&peer->sep, decryptBuffer, ret);
+            }
+        }
+        else
+        {
+            OIC_LOG(ERROR, NET_SSL_TAG, "Unsuported adapter");
+            RemovePeerFromList(&peer->sep.endpoint);
+            oc_mutex_unlock(g_sslContextMutex);
+            return CA_STATUS_FAILED;
         }
     }
 
@@ -2266,11 +2311,14 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
 
 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
                               CAPacketSendCallback sendCallback,
+                              CAErrorHandleCallback errorCallback,
                               CATransportAdapter_t type)
 {
     OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
     VERIFY_NON_NULL_VOID(sendCallback, NET_SSL_TAG, "sendCallback is NULL");
     VERIFY_NON_NULL_VOID(recvCallback, NET_SSL_TAG, "recvCallback is NULL");
+    VERIFY_NON_NULL_VOID(errorCallback, NET_SSL_TAG, "errorCallback is NULL");
+
     oc_mutex_lock(g_sslContextMutex);
     if (NULL == g_caSslContext)
     {
@@ -2279,22 +2327,12 @@ void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
         return;
     }
 
-    switch (type)
+    int index = GetAdapterIndex(type);
+    if (index >= 0)
     {
-        case CA_ADAPTER_IP:
-            g_caSslContext->adapterCallbacks[0].recvCallback = recvCallback;
-            g_caSslContext->adapterCallbacks[0].sendCallback = sendCallback;
-            break;
-        case CA_ADAPTER_TCP:
-            g_caSslContext->adapterCallbacks[1].recvCallback = recvCallback;
-            g_caSslContext->adapterCallbacks[1].sendCallback = sendCallback;
-            break;
-        case CA_ADAPTER_GATT_BTLE:
-            g_caSslContext->adapterCallbacks[2].recvCallback = recvCallback;
-            g_caSslContext->adapterCallbacks[2].sendCallback = sendCallback;
-            break;
-        default:
-            OIC_LOG_V(ERROR, NET_SSL_TAG, "Unsupported adapter: %d", type);
+        g_caSslContext->adapterCallbacks[index].recvCallback  = recvCallback;
+        g_caSslContext->adapterCallbacks[index].sendCallback  = sendCallback;
+        g_caSslContext->adapterCallbacks[index].errorCallback = errorCallback;
     }
 
     oc_mutex_unlock(g_sslContextMutex);
index d87bdcf..759410b 100644 (file)
@@ -2824,6 +2824,13 @@ static void CALESecureReceiveDataCB(const CASecureEndpoint_t *sep,
 }
 #endif
 
+static void CALEErrorHandlerInternal(const CAEndpoint_t *endpoint,
+                                     const void *data, size_t dataLen,
+                                     CAResult_t result)
+{
+    g_errorHandler(endpoint, data, dataLen, result);
+}
+
 CAResult_t CAInitializeLE(CARegisterConnectivityCallback registerCallback,
                           CANetworkPacketReceivedCallback reqRespCallback,
                           CAAdapterChangeCallback netCallback,
@@ -2890,7 +2897,7 @@ CAResult_t CAInitializeLE(CARegisterConnectivityCallback registerCallback,
     }
     else
     {
-        CAsetSslAdapterCallbacks(CALESecureReceiveDataCB, CALESecureSendDataCB, CA_ADAPTER_GATT_BTLE);
+        CAsetSslAdapterCallbacks(CALESecureReceiveDataCB, CALESecureSendDataCB, CALEErrorHandlerInternal, CA_ADAPTER_GATT_BTLE);
     }
 #endif
 
@@ -2982,7 +2989,7 @@ static void CATerminateLE()
 #endif
 
 #ifdef __WITH_DTLS__
-    CAsetSslAdapterCallbacks(NULL, NULL, CA_ADAPTER_GATT_BTLE);
+    CAsetSslAdapterCallbacks(NULL, NULL, NULL, CA_ADAPTER_GATT_BTLE);
 #endif
 
     CATerminateLEAdapterMutex();
@@ -3748,8 +3755,7 @@ static void CALEErrorHandler(const char *remoteAddress,
                                                remoteAddress,
                                                0);
 
-    // if required, will be used to build remote endpoint
-    g_errorHandler(rep, data, dataLen, result);
+    CALEErrorHandlerInternal(rep, data, dataLen, result);
 
     CAFreeEndpoint(rep);
 
index 419600c..c02992e 100644 (file)
@@ -189,7 +189,7 @@ bool CAGetSecureEndpointAttributes(const CAEndpoint_t* peer, uint32_t* attribute
     return success;
 }
 
-CAResult_t CAregisterSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback)
+CAResult_t CAregisterSslHandshakeCallback(CAHandshakeErrorCallback tlsHandshakeCallback)
 {
     OIC_LOG(DEBUG, TAG, "CAregisterSslHandshakeCallback");
 
index 7d92e47..3750801 100644 (file)
@@ -1297,6 +1297,40 @@ void CAErrorHandler(const CAEndpoint_t *endpoint,
         return;
     }
 
+#ifdef WITH_TCP
+    if (CAIsSupportedCoAPOverTCP(endpoint->adapter))
+    {
+        OIC_LOG(INFO, TAG, "retransmission is not supported");
+    }
+    else
+#endif
+    {
+        //Fix up CoAP message to adjust it to current retransmission implementation
+        coap_hdr_t *hdr = (coap_hdr_t *)(pdu->transport_hdr);
+        hdr->type = CA_MSG_RESET;
+        hdr->code = CA_EMPTY;
+
+        // for retransmission
+        void *retransmissionPdu = NULL;
+        CARetransmissionReceivedData(&g_retransmissionContext, cadata->remoteEndpoint,
+                                     pdu->transport_hdr, pdu->length, &retransmissionPdu);
+
+        // get token from saved data in retransmission list
+        if (retransmissionPdu && cadata->errorInfo)
+        {
+            CAInfo_t *info = &cadata->errorInfo->info;
+            CAResult_t res = CAGetTokenFromPDU((const coap_hdr_transport_t *)retransmissionPdu,
+                                               info, endpoint);
+            if (CA_STATUS_OK != res)
+            {
+                OIC_LOG(ERROR, TAG, "fail to get Token from retransmission list");
+                OICFree(info->token);
+                info->tokenLength = 0;
+            }
+        }
+        OICFree(retransmissionPdu);
+    }
+
     cadata->errorInfo->result = result;
 
     CAQueueingThreadAddData(&g_receiveThread, cadata, sizeof(CAData_t));
index 603a855..5d2cf9a 100644 (file)
@@ -362,7 +362,7 @@ CAResult_t CAInitializeIP(CARegisterConnectivityCallback registerCallback,
     }
     else
     {
-        CAsetSslAdapterCallbacks(CAIPPacketReceivedCB, CAIPPacketSendCB, CA_ADAPTER_IP);
+        CAsetSslAdapterCallbacks(CAIPPacketReceivedCB, CAIPPacketSendCB, CAIPErrorHandler, CA_ADAPTER_IP);
     }
 #endif
 
@@ -540,7 +540,7 @@ CAResult_t CAStopIP()
 void CATerminateIP()
 {
 #ifdef __WITH_DTLS__
-    CAsetSslAdapterCallbacks(NULL, NULL, CA_ADAPTER_IP);
+    CAsetSslAdapterCallbacks(NULL, NULL, NULL, CA_ADAPTER_IP);
 #endif
 
     CAIPSetPacketReceiveCallback(NULL);
index 5a7dfe8..e1a888d 100644 (file)
@@ -374,7 +374,7 @@ CAResult_t CAInitializeTCP(CARegisterConnectivityCallback registerCallback,
     }
     else
     {
-        CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
+        CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CATCPErrorHandler, CA_ADAPTER_TCP);
     }
 #endif
 
@@ -557,6 +557,9 @@ CAResult_t CAStopTCP()
 
 void CATerminateTCP()
 {
+#ifdef __WITH_TLS__
+    CAsetSslAdapterCallbacks(NULL, NULL, NULL, CA_ADAPTER_TCP);
+#endif
     CAStopTCP();
     CATCPSetPacketReceiveCallback(NULL);
 
index ed1b0bb..09acbfa 100644 (file)
@@ -888,6 +888,10 @@ static void CATCPPacketReceivedCB(const CASecureEndpoint_t *, const void *data,
     msglen = dataLength;
 }
 
+static void CATCPPacketErrorCB(const CAEndpoint_t *, const void *, size_t, CAResult_t)
+{
+}
+
 static void PacketReceive(unsigned char *data, int * datalen)
 {
     int n;
@@ -1001,6 +1005,10 @@ static void CATCPPacketReceivedCB_server(const CASecureEndpoint_t *, const void
     msglen = dataLength;
 }
 
+static void CATCPPacketErrorCB_server(const CAEndpoint_t *, const void *, size_t, CAResult_t)
+{
+}
+
 static void PacketReceive_server(unsigned char *data, int * datalen)
 {
     int n;
@@ -1797,11 +1805,13 @@ static int testCAsetSslAdapterCallbacks()
         return 1;
     }
 
-    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, (CATransportAdapter_t)0);
-    if (g_caSslContext->adapterCallbacks[0].recvCallback == NULL &&
-        g_caSslContext->adapterCallbacks[0].sendCallback == NULL &&
-        g_caSslContext->adapterCallbacks[1].recvCallback == NULL &&
-        g_caSslContext->adapterCallbacks[1].sendCallback == NULL)
+    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CATCPPacketErrorCB, (CATransportAdapter_t)0);
+    if (g_caSslContext->adapterCallbacks[0].recvCallback  == NULL &&
+        g_caSslContext->adapterCallbacks[0].sendCallback  == NULL &&
+        g_caSslContext->adapterCallbacks[0].errorCallback == NULL &&
+        g_caSslContext->adapterCallbacks[1].recvCallback  == NULL &&
+        g_caSslContext->adapterCallbacks[1].sendCallback  == NULL &&
+        g_caSslContext->adapterCallbacks[1].errorCallback == NULL)
     {
         ret = 0;
     }
@@ -1809,12 +1819,14 @@ static int testCAsetSslAdapterCallbacks()
     {
         ret = 1;
     }
-    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_IP);
-    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
-    if (g_caSslContext->adapterCallbacks[0].recvCallback == CATCPPacketReceivedCB &&
-        g_caSslContext->adapterCallbacks[0].sendCallback == CATCPPacketSendCB &&
-        g_caSslContext->adapterCallbacks[1].recvCallback == CATCPPacketReceivedCB &&
-        g_caSslContext->adapterCallbacks[1].sendCallback == CATCPPacketSendCB)
+    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CATCPPacketErrorCB, CA_ADAPTER_IP);
+    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CATCPPacketErrorCB, CA_ADAPTER_TCP);
+    if (g_caSslContext->adapterCallbacks[0].recvCallback  == CATCPPacketReceivedCB &&
+        g_caSslContext->adapterCallbacks[0].sendCallback  == CATCPPacketSendCB &&
+        g_caSslContext->adapterCallbacks[0].errorCallback == CATCPPacketErrorCB &&
+        g_caSslContext->adapterCallbacks[1].recvCallback  == CATCPPacketReceivedCB &&
+        g_caSslContext->adapterCallbacks[1].sendCallback  == CATCPPacketSendCB &&
+        g_caSslContext->adapterCallbacks[1].errorCallback == CATCPPacketErrorCB)
     {
         ret += 0;
     }
@@ -2061,7 +2073,7 @@ static void * testCAencryptSsl(void * arg)
 
     CAinitSslAdapter();
 
-    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
+    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CATCPPacketErrorCB, CA_ADAPTER_TCP);
 
     CAsetPkixInfoCallback(infoCallback_that_loads_x509);
 
@@ -2475,7 +2487,7 @@ static void * testCAdecryptSsl(void * arg)
 
     CAinitSslAdapter();
 
-    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
+    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CATCPPacketErrorCB, CA_ADAPTER_TCP);
 
     CAsetPkixInfoCallback(infoCallback_that_loads_x509);
 
@@ -2598,7 +2610,7 @@ static int testCAdeinitSslAdapter()
 
     CAinitSslAdapter();
 
-    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
+    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CATCPPacketErrorCB, CA_ADAPTER_TCP);
 
     CAsetPkixInfoCallback(infoCallback_that_loads_x509);
 
@@ -2648,7 +2660,7 @@ static void * testServer(void * arg)
 
     CAinitSslAdapter();
 
-    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB_server, CATCPPacketSendCB_server, CA_ADAPTER_TCP);
+    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB_server, CATCPPacketSendCB_server, CATCPPacketErrorCB_server, CA_ADAPTER_TCP);
     CAsetPkixInfoCallback(infoCallback_that_loads_x509);
 
     CAsetCredentialTypesCallback(clutch);
@@ -2977,7 +2989,7 @@ TEST(TLSAdapter, Test_11)
     mbedtls_x509_crl_init(&g_caSslContext->crl);
     oc_mutex_unlock(g_sslContextMutex);
 
-    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP);
+    CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CATCPPacketErrorCB, CA_ADAPTER_TCP);
 
     CAsetPkixInfoCallback(infoCallback_that_loads_x509);
 
index 8e22000..44cc1c8 100644 (file)
@@ -1114,6 +1114,7 @@ typedef enum
      */
     OC_STACK_AUTHENTICATION_FAILURE,
     OC_STACK_NOT_ALLOWED_OXM,
+    OC_STACK_CONTINUE_OPERATION,
 
     /** Request come from endpoint which is not mapped to the resource. */
     OC_STACK_BAD_ENDPOINT,
index fc2693d..762e8ce 100644 (file)
@@ -237,8 +237,8 @@ void RestoreDoxmToInitState();
  * @param[out]   object           remote device information.
  * @param[out]   errorInfo        CA Error information.
  */
-void MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object,
-                                const CAErrorInfo_t *errorInfo);
+CAResult_t MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object,
+                                        const CAErrorInfo_t *errorInfo);
 #endif //__WITH_DTLS__ && MULTIPLE_OWNER
 
 /**
index a5003ca..63133e8 100644 (file)
@@ -115,13 +115,6 @@ void SRMDeInitSecureResources();
 typedef bool (*SPResponseCallback) (const CAEndpoint_t *object,
                                     const CAResponseInfo_t *responseInfo);
 
-/**
- * Function to register provisoning API's response callback.
- *
- * @param respHandler response handler callback.
- */
-void SRMRegisterProvisioningResponseHandler(SPResponseCallback respHandler);
-
 /**
  * Check the security resource URI.
  * @param uri Pointers to security resource URI.
index 0f9c24f..201ea0b 100644 (file)
@@ -1263,7 +1263,7 @@ exit:
  * @param   errorInfo [IN] Error information from the endpoint.
  * @return  NONE
  */
-static void MOTDtlsHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
+static CAResult_t MOTDtlsHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
 {
     OIC_LOG_V(DEBUG, TAG, "IN %s", __func__);
 
@@ -1300,7 +1300,8 @@ static void MOTDtlsHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t
     }
 
 exit:
-    OIC_LOG_V(DEBUG, TAG, "OUT %s", __func__);
+    OIC_LOG_V(INFO, TAG, "Out %s", __func__);
+    return CA_STATUS_OK;
 }
 
 /**
index e55bb80..7e5b753 100644 (file)
@@ -193,6 +193,29 @@ static OxmAllowTableIdx_t GetOxmAllowTableIdx(OicSecOxm_t oxm)
     }
 }
 
+static uint16_t getSecurePort(const OCProvisionDev_t *device)
+{
+    uint16_t port = 0;
+
+    if (NULL == device)
+    {
+        return port;
+    }
+
+    if (OC_ADAPTER_IP == device->endpoint.adapter)
+    {
+        port = device->securePort;
+    }
+#ifdef WITH_TCP
+    else if (OC_ADAPTER_TCP == device->endpoint.adapter)
+    {
+        port = device->tcpSecurePort;
+    }
+#endif
+
+    return port;
+}
+
 /**
  * Internal API to close the secure Ownership Transfer session.
  */
@@ -202,7 +225,7 @@ static bool CloseSslConnection(const OCProvisionDev_t *selectedDeviceInfo)
 
     CAEndpoint_t endpoint;
     CopyDevAddrToEndpoint(&selectedDeviceInfo->endpoint, &endpoint);
-    endpoint.port = selectedDeviceInfo->securePort;
+    endpoint.port = getSecurePort(selectedDeviceInfo);
     CAResult_t caResult = CAcloseSslConnection(&endpoint);
 
     if (CA_STATUS_OK != caResult)
@@ -462,7 +485,7 @@ static void SetResult(OTMContext_t* otmCtx, const OCStackResult res)
 
     //If OTM Context was removed from previous response handler, just exit the current OTM process.
     if(NULL == GetOTMContext(otmCtx->selectedDeviceInfo->endpoint.addr,
-                             otmCtx->selectedDeviceInfo->securePort))
+                             getSecurePort(otmCtx->selectedDeviceInfo)))
     {
         OIC_LOG(WARNING, TAG, "Current OTM Process has already ended.");
     }
@@ -514,14 +537,14 @@ static void SetResult(OTMContext_t* otmCtx, const OCStackResult res)
     {
         //Remove the current OTM Context from OTM queue
         RemoveOTMContext(otmCtx->selectedDeviceInfo->endpoint.addr,
-                         otmCtx->selectedDeviceInfo->securePort);
+                         getSecurePort(otmCtx->selectedDeviceInfo));
 
         //If there is a request being performed, cancel it to prevent retransmission.
         if(otmCtx->ocDoHandle)
         {
             OIC_LOG_V(DEBUG, TAG, "OCCancel - %s : %d",
                     otmCtx->selectedDeviceInfo->endpoint.addr,
-                    otmCtx->selectedDeviceInfo->securePort);
+                    getSecurePort(otmCtx->selectedDeviceInfo));
             if(OC_STACK_OK != OCCancel(otmCtx->ocDoHandle, OC_HIGH_QOS, NULL, 0))
             {
                 OIC_LOG(WARNING, TAG, "Failed to remove registered callback");
@@ -553,11 +576,13 @@ static void SetResult(OTMContext_t* otmCtx, const OCStackResult res)
     OIC_LOG(DEBUG, TAG, "OUT SetResult");
 }
 
-static void OwnershipTransferSessionEstablished(const CAEndpoint_t *endpoint,
+static CAResult_t OwnershipTransferSessionEstablished(const CAEndpoint_t *endpoint,
         OicSecDoxm_t *newDevDoxm, OTMContext_t *otmCtx)
 {
     OIC_LOG_V(DEBUG, TAG, "IN %s", __func__);
+    CAResult_t result = CA_STATUS_OK;
     OCStackResult res = OC_STACK_ERROR;
+    OC_UNUSED(otmCtx);
 
     //In case of Mutual Verified Just-Works, display mutualVerifNum
     if (OIC_MV_JUST_WORKS == newDevDoxm->oxmSel)
@@ -573,7 +598,7 @@ static void OwnershipTransferSessionEstablished(const CAEndpoint_t *endpoint,
         if (OC_STACK_OK != res)
         {
             OIC_LOG(ERROR, TAG, "Error while retrieving Owner's device ID");
-            SetResult(otmCtx, res);
+            result = CA_HANDLE_ERROR_OTHER_MODULE;
             goto exit;
         }
         CAResult_t pskRet = CAGenerateOwnerPSK(endpoint,
@@ -586,7 +611,7 @@ static void OwnershipTransferSessionEstablished(const CAEndpoint_t *endpoint,
         if (CA_STATUS_OK != pskRet)
         {
             OIC_LOG(WARNING, TAG, "CAGenerateOwnerPSK failed");
-            SetResult(otmCtx, OC_STACK_ERROR);
+            result = CA_HANDLE_ERROR_OTHER_MODULE;
             goto exit;
         }
 
@@ -596,7 +621,7 @@ static void OwnershipTransferSessionEstablished(const CAEndpoint_t *endpoint,
         if (OC_STACK_OK != res)
         {
             OIC_LOG(ERROR, TAG, "Error while displaying mutualVerifNum");
-            SetResult(otmCtx, res);
+            result = CA_HANDLE_ERROR_OTHER_MODULE;
             goto exit;
         }
     }
@@ -607,31 +632,21 @@ static void OwnershipTransferSessionEstablished(const CAEndpoint_t *endpoint,
         if (OC_STACK_OK != res)
         {
             OIC_LOG(ERROR, TAG, "Error while displaying message");
-            SetResult(otmCtx, res);
+            result = CA_HANDLE_ERROR_OTHER_MODULE;
             goto exit;
         }
     }
 
-    //This is a secure session.
-    otmCtx->selectedDeviceInfo->connType |= CT_FLAG_SECURE;
-
-    //Send request : GET /oic/sec/doxm. Then verify that the property values obtained this way
-    //are the same as those already-stored in the otmCtx.
-    res = GetAndVerifyDoxmResource(otmCtx);
-    if(OC_STACK_OK != res)
-    {
-        OIC_LOG(ERROR, TAG, "Failed to get doxm information after establishing secure connection");
-        SetResult(otmCtx, res);
-    }
-
 exit:
     OIC_LOG_V(DEBUG, TAG, "OUT %s", __func__);
+    return result;
 }
 
-static void OwnershipTransferSessionFailed(const CAEndpoint_t *endpoint,
+static CAResult_t OwnershipTransferSessionFailed(const CAEndpoint_t *endpoint,
         const CAErrorInfo_t *info, OicSecDoxm_t *newDevDoxm, OTMContext_t *otmCtx, bool emptyOwnerUuid)
 {
     OC_UNUSED(endpoint);
+    CAResult_t result = CA_STATUS_OK;
 
     OIC_LOG_V(DEBUG, TAG, "IN %s", __func__);
 
@@ -649,7 +664,7 @@ static void OwnershipTransferSessionFailed(const CAEndpoint_t *endpoint,
         {
             OIC_LOG(WARNING, TAG, "Failed to remove the invalid owner credential");
         }
-        SetResult(otmCtx, OC_STACK_AUTHENTICATION_FAILURE);
+        result = CA_HANDLE_ERROR_OTHER_MODULE;
         goto exit;
     }
 
@@ -663,41 +678,44 @@ static void OwnershipTransferSessionFailed(const CAEndpoint_t *endpoint,
         newDevDoxm->owned = false;
         otmCtx->attemptCnt++;
 
-        RemoveOTMContext(otmCtx->selectedDeviceInfo->endpoint.addr,
-                         otmCtx->selectedDeviceInfo->securePort);
-
         // In order to re-start ownership transfer, device information should be deleted from PDM.
         OCStackResult res = PDMDeleteDevice(&(otmCtx->selectedDeviceInfo->doxm->deviceID));
         if (OC_STACK_OK != res)
         {
             OIC_LOG(ERROR, TAG, "Failed to PDMDeleteDevice");
-            SetResult(otmCtx, res);
+            result = CA_HANDLE_ERROR_OTHER_MODULE;
         }
         else
         {
-            if(WRONG_PIN_MAX_ATTEMP > otmCtx->attemptCnt)
+            if (WRONG_PIN_MAX_ATTEMP > otmCtx->attemptCnt)
             {
+                otmCtx->selectedDeviceInfo->connType &= ~CT_FLAG_SECURE;
+
                 res = StartOwnershipTransfer(otmCtx, otmCtx->selectedDeviceInfo);
-                if(OC_STACK_OK != res)
+                if (OC_STACK_OK != res)
                 {
                     OIC_LOG(ERROR, TAG, "Failed to Re-StartOwnershipTransfer");
-                    SetResult(otmCtx, res);
+                    result = CA_HANDLE_ERROR_OTHER_MODULE;
+                }
+                else
+                {
+                    result = CA_CONTINUE_OPERATION;
                 }
             }
             else
             {
                 OIC_LOG(ERROR, TAG, "User has exceeded the number of authentication attempts.");
-                SetResult(otmCtx, OC_STACK_AUTHENTICATION_FAILURE);
+                result = CA_HANDLE_ERROR_OTHER_MODULE;
             }
         }
         goto exit;
     }
 
     OIC_LOG(ERROR, TAG, "Failed to establish secure session.");
-    SetResult(otmCtx, OC_STACK_AUTHENTICATION_FAILURE);
 
 exit:
     OIC_LOG_V(DEBUG, TAG, "OUT %s", __func__);
+    return result;
 }
 
 /**
@@ -707,10 +725,12 @@ exit:
  * @param   errorInfo [IN] Error information from the endpoint.
  * @return  NONE
  */
-void DTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
+CAResult_t DTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
 {
     OIC_LOG_V(DEBUG, TAG, "In %s(endpoint = %p, info = %p)", __func__, endpoint, info);
 
+    CAResult_t result = CA_STATUS_OK;
+
     if (NULL == endpoint || NULL == info)
     {
         goto exit;
@@ -736,30 +756,31 @@ void DTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
     //Make sure the address matches.
     bool matching = (0 == strncmp(otmCtx->selectedDeviceInfo->endpoint.addr,
                                   endpoint->addr, sizeof(endpoint->addr)));
-    matching = (matching && (otmCtx->selectedDeviceInfo->securePort == endpoint->port));
+    matching = (matching && (getSecurePort(otmCtx->selectedDeviceInfo) == endpoint->port));
 
     if (!matching)
     {
         OIC_LOG_V(ERROR, TAG, "Mismatched: expected address %s:%u",
-                  otmCtx->selectedDeviceInfo->endpoint.addr, otmCtx->selectedDeviceInfo->securePort);
+                  otmCtx->selectedDeviceInfo->endpoint.addr, getSecurePort(otmCtx->selectedDeviceInfo));
         goto exit;
     }
 
     OicUuid_t emptyUuid = {.id={0}};
     bool emptyOwnerUuid = (memcmp(&(newDevDoxm->owner), &emptyUuid, sizeof(OicUuid_t)) == 0);
 
-    //If temporal secure sesstion established successfully
+    //If temporal secure session established successfully
     if ((CA_STATUS_OK == info->result) && !newDevDoxm->owned && emptyOwnerUuid)
     {
-        OwnershipTransferSessionEstablished(endpoint, newDevDoxm, otmCtx);
+        result = OwnershipTransferSessionEstablished(endpoint, newDevDoxm, otmCtx);
     }
     else
     {
-        OwnershipTransferSessionFailed(endpoint, info, newDevDoxm, otmCtx, emptyOwnerUuid);
+        result = OwnershipTransferSessionFailed(endpoint, info, newDevDoxm, otmCtx, emptyOwnerUuid);
     }
 
 exit:
     OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
+    return result;
 }
 
 /**
@@ -776,17 +797,7 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
 
     CAEndpoint_t endpoint;
     CopyDevAddrToEndpoint(&selectedDeviceInfo->endpoint, &endpoint);
-
-    if (CA_ADAPTER_IP == endpoint.adapter)
-    {
-        endpoint.port = selectedDeviceInfo->securePort;
-    }
-#ifdef WITH_TCP
-    else if (CA_ADAPTER_TCP == endpoint.adapter)
-    {
-        endpoint.port = selectedDeviceInfo->tcpSecurePort;
-    }
-#endif
+    endpoint.port = getSecurePort(selectedDeviceInfo);
 
     OicUuid_t ownerDeviceID = {.id={0}};
     if (OC_STACK_OK != GetDoxmDeviceID(&ownerDeviceID))
@@ -917,7 +928,7 @@ static OCStackApplicationResult OwnerTransferModeHandler(void *ctx, OCDoHandle U
         //Save the current context, that will be used by the DTLS handshake callback
         if(OC_STACK_OK != AddOTMContext(otmCtx,
                                         otmCtx->selectedDeviceInfo->endpoint.addr,
-                                        otmCtx->selectedDeviceInfo->securePort))
+                                        getSecurePort(otmCtx->selectedDeviceInfo)))
         {
             OIC_LOG(ERROR, TAG, "OwnerTransferModeHandler : Failed to add OTM Context into list");
             SetResult(otmCtx, res);
@@ -944,6 +955,18 @@ static OCStackApplicationResult OwnerTransferModeHandler(void *ctx, OCDoHandle U
                 SetResult(otmCtx, res);
                 return OC_STACK_DELETE_TRANSACTION;
             }
+
+            //This is a secure session.
+            otmCtx->selectedDeviceInfo->connType |= CT_FLAG_SECURE;
+
+            //Send request : GET /oic/sec/doxm. Then verify that the property values obtained this way
+            //are the same as those already-stored in the otmCtx.
+            res = GetAndVerifyDoxmResource(otmCtx);
+            if(OC_STACK_OK != res)
+            {
+                OIC_LOG(ERROR, TAG, "Failed to get doxm information after establishing secure connection");
+                SetResult(otmCtx, res);
+            }
         }
     }
     else
@@ -1468,7 +1491,11 @@ static OCStackApplicationResult GetAndVerifyDoxmHandler(void *ctx, OCDoHandle UN
     otmCtx->ocDoHandle = NULL;
     (void)UNUSED;
 
-    if (OC_STACK_OK != clientResponse->result)
+    if (OC_STACK_CONTINUE_OPERATION == clientResponse->result)
+    {
+        OIC_LOG(INFO, TAG, "Skipping error handling until pass all random pin tries");
+    }
+    else if (OC_STACK_OK != clientResponse->result)
     {
         OIC_LOG_V(WARNING, TAG, "%s : Client response is incorrect : %d",
             __func__, clientResponse->result);
@@ -1551,7 +1578,7 @@ static OCStackResult PostOwnerCredential(OTMContext_t* otmCtx)
     assert(deviceInfo->connType & CT_FLAG_SECURE);
 
     if(!PMGenerateQuery(true,
-                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->endpoint.addr, getSecurePort(deviceInfo),
                         deviceInfo->connType,
                         query, sizeof(query), OIC_RSRC_CRED_URI))
     {
@@ -1723,28 +1750,8 @@ static OCStackResult PostOwnerAcl(OTMContext_t* otmCtx, OicSecAclVersion_t aclVe
     OicSecAcl_t* ownerAcl = NULL;
     assert(deviceInfo->connType & CT_FLAG_SECURE);
 
-    CAEndpoint_t endpoint;
-    CopyDevAddrToEndpoint(&deviceInfo->endpoint, &endpoint);
-
-    if (CA_ADAPTER_IP == endpoint.adapter)
-    {
-        endpoint.port = deviceInfo->securePort;
-    }
-#ifdef WITH_TCP
-    else if (CA_ADAPTER_TCP == endpoint.adapter)
-    {
-        endpoint.port = deviceInfo->tcpSecurePort;
-    }
-#endif
-
-    if (CA_STATUS_OK != CAInitiateHandshake(&endpoint))
-    {
-        OIC_LOG(ERROR, TAG, "Failed to pass ssl handshake");
-        return OC_STACK_ERROR;
-    }
-
     if(!PMGenerateQuery(true,
-                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->endpoint.addr, getSecurePort(deviceInfo),
                         deviceInfo->connType,
                         query, sizeof(query), aclUri))
     {
@@ -1884,7 +1891,7 @@ static OCStackResult GetProvisioningStatusResource(OTMContext_t* otmCtx)
     assert(deviceInfo->connType & CT_FLAG_SECURE);
 
     if(!PMGenerateQuery(true,
-                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->endpoint.addr, getSecurePort(deviceInfo),
                         deviceInfo->connType,
                         query, sizeof(query), OIC_RSRC_PSTAT_URI))
     {
@@ -1924,7 +1931,7 @@ static OCStackResult PostOwnerUuid(OTMContext_t* otmCtx)
     assert(deviceInfo->connType & CT_FLAG_SECURE);
 
     if(!PMGenerateQuery(true,
-                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->endpoint.addr, getSecurePort(deviceInfo),
                         deviceInfo->connType,
                         query, sizeof(query), OIC_RSRC_DOXM_URI))
     {
@@ -1983,7 +1990,7 @@ static OCStackResult PostOwnershipInformation(OTMContext_t* otmCtx)
     assert(deviceInfo->connType & CT_FLAG_SECURE);
 
     if(!PMGenerateQuery(true,
-                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->endpoint.addr, getSecurePort(deviceInfo),
                         deviceInfo->connType,
                         query, sizeof(query), OIC_RSRC_DOXM_URI))
     {
@@ -2048,7 +2055,7 @@ static OCStackResult PostUpdateOperationMode(OTMContext_t* otmCtx)
     assert(deviceInfo->connType & CT_FLAG_SECURE);
 
     if(!PMGenerateQuery(true,
-                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->endpoint.addr, getSecurePort(deviceInfo),
                         deviceInfo->connType,
                         query, sizeof(query), OIC_RSRC_PSTAT_URI))
     {
@@ -2109,7 +2116,7 @@ static OCStackResult GetAndVerifyDoxmResource(OTMContext_t* otmCtx)
     assert(deviceInfo->connType & CT_FLAG_SECURE);
 
     if(!PMGenerateQuery(true,
-                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->endpoint.addr, getSecurePort(deviceInfo),
                         deviceInfo->connType,
                         query, sizeof(query), OIC_RSRC_DOXM_URI))
     {
@@ -2465,7 +2472,7 @@ OCStackResult PostProvisioningStatus(OTMContext_t* otmCtx)
 
     if(!PMGenerateQuery(true,
                         otmCtx->selectedDeviceInfo->endpoint.addr,
-                        otmCtx->selectedDeviceInfo->securePort,
+                        getSecurePort(otmCtx->selectedDeviceInfo),
                         otmCtx->selectedDeviceInfo->connType,
                         query, sizeof(query), OIC_RSRC_PSTAT_URI))
     {
@@ -2530,7 +2537,7 @@ OCStackResult PostNormalOperationStatus(OTMContext_t* otmCtx)
 
     if(!PMGenerateQuery(true,
                         otmCtx->selectedDeviceInfo->endpoint.addr,
-                        otmCtx->selectedDeviceInfo->securePort,
+                        getSecurePort(otmCtx->selectedDeviceInfo),
                         otmCtx->selectedDeviceInfo->connType,
                         query, sizeof(query), OIC_RSRC_PSTAT_URI))
     {
index 55702dd..2a3fd56 100644 (file)
@@ -121,29 +121,8 @@ OCStackResult CreateSecureSessionJustWorksCallback(OTMContext_t* otmCtx)
     }
     OIC_LOG(INFO, TAG, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA256 cipher suite selected.");
 
-    CAEndpoint_t endpoint;
-    OCProvisionDev_t *selDevInfo = otmCtx->selectedDeviceInfo;
-    CopyDevAddrToEndpoint(&selDevInfo->endpoint, &endpoint);
-
-    if (CA_ADAPTER_IP == endpoint.adapter)
-    {
-        endpoint.port = selDevInfo->securePort;
-    }
-#ifdef WITH_TCP
-    else if (CA_ADAPTER_TCP == endpoint.adapter)
-    {
-        endpoint.port = selDevInfo->tcpSecurePort;
-    }
-#endif
-
-    caresult = CAInitiateHandshake(&endpoint);
-    if (CA_STATUS_OK != caresult)
-    {
-        OIC_LOG_V(ERROR, TAG, "DTLS/TLS handshake failure.");
-        return OC_STACK_ERROR;
-    }
-
     OIC_LOG(INFO, TAG, "OUT CreateSecureSessionJustWorksCallback");
+
     return OC_STACK_OK;
 }
 
index 544669f..e170b76 100644 (file)
@@ -153,28 +153,6 @@ OCStackResult CreateSecureSessionMCertificateCallback(OTMContext_t* otmCtx)
     }
     OIC_LOG(INFO, TAG, "MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher suite selected.");
 
-    CAEndpoint_t endpoint;
-    OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
-    CopyDevAddrToEndpoint(&selDevInfo->endpoint, &endpoint);
-
-    if (CA_ADAPTER_IP == endpoint.adapter)
-    {
-        endpoint.port = selDevInfo->securePort;
-    }
-#ifdef WITH_TCP
-    else if (CA_ADAPTER_TCP == endpoint.adapter)
-    {
-        endpoint.port = selDevInfo->tcpSecurePort;
-    }
-#endif
-
-    caresult = CAInitiateHandshake(&endpoint);
-    if (CA_STATUS_OK != caresult)
-    {
-        OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
-        return OC_STACK_ERROR;
-    }
-
     OIC_LOG(INFO, TAG, "OUT CreateSecureSessionMCertificateCallback");
 
     return OC_STACK_OK;
index 06eca4e..f011fa8 100644 (file)
@@ -203,28 +203,6 @@ OCStackResult CreateSecureSessionPreconfigPinCallback(OTMContext_t* otmCtx)
     }
     OIC_LOG(INFO, TAG, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 cipher suite selected.");
 
-    CAEndpoint_t endpoint;
-    OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
-    CopyDevAddrToEndpoint(&selDevInfo->endpoint, &endpoint);
-
-    if (CA_ADAPTER_IP == endpoint.adapter)
-    {
-        endpoint.port = selDevInfo->securePort;
-    }
-#ifdef WITH_TCP
-    else if (CA_ADAPTER_TCP == endpoint.adapter)
-    {
-        endpoint.port = selDevInfo->tcpSecurePort;
-    }
-#endif
-
-    caresult = CAInitiateHandshake(&endpoint);
-    if (CA_STATUS_OK != caresult)
-    {
-        OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
-        return OC_STACK_ERROR;
-    }
-
     OIC_LOG(INFO, TAG, "OUT CreateSecureSessionPreconfigPinCallback");
 
     return OC_STACK_OK;
index d98f1e2..d969447 100644 (file)
@@ -155,28 +155,6 @@ OCStackResult CreateSecureSessionRandomPinCallback(OTMContext_t* otmCtx)
     }
     OIC_LOG(INFO, TAG, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 cipher suite selected.");
 
-    CAEndpoint_t endpoint;
-    OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
-    CopyDevAddrToEndpoint(&selDevInfo->endpoint, &endpoint);
-
-    if (CA_ADAPTER_IP == endpoint.adapter)
-    {
-        endpoint.port = selDevInfo->securePort;
-    }
-#ifdef WITH_TCP
-    else if (CA_ADAPTER_TCP == endpoint.adapter)
-    {
-        endpoint.port = selDevInfo->tcpSecurePort;
-    }
-#endif
-
-    caresult = CAInitiateHandshake(&endpoint);
-    if (CA_STATUS_OK != caresult)
-    {
-        OIC_LOG_V(ERROR, TAG, "DTLS handshake failure.");
-        return OC_STACK_ERROR;
-    }
-
     OIC_LOG(INFO, TAG, "OUT CreateSecureSessionRandomPinCallbak");
 
     return OC_STACK_OK;
index f36c3d4..0cc97a4 100644 (file)
@@ -524,10 +524,10 @@ OCStackResult FinalizeDirectPairing(void *ctx, OCDirectPairingDev_t* peer,
  * @param   errorInfo [IN] Error information from the endpoint.
  * @return  NONE
  */
-void DirectPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
+CAResult_t DirectPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
 {
     OIC_LOG(INFO, TAG, "IN DirectPairingDTLSHandshakeCB");
-
+    CAResult_t result = CA_STATUS_OK;
 
     if(g_dp_proceed_ctx && g_dp_proceed_ctx->peer && endpoint && info)
     {
@@ -551,13 +551,13 @@ void DirectPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInf
                 if(OC_STACK_OK != res)
                 {
                     OIC_LOG(ERROR, TAG, "Failed to finalize direct-pairing");
-                    resultCallback(g_dp_proceed_ctx->userCtx, peer, res);
+                    result = CA_HANDLE_ERROR_OTHER_MODULE;
                 }
             }
             else if(CA_DTLS_AUTHENTICATION_FAILURE == info->result)
             {
                 OIC_LOG(INFO, TAG, "DirectPairingDTLSHandshakeCB - Authentication failed");
-                resultCallback(g_dp_proceed_ctx->userCtx, peer, OC_STACK_AUTHENTICATION_FAILURE);
+                result = CA_HANDLE_ERROR_OTHER_MODULE;
             }
 
 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
@@ -579,6 +579,7 @@ void DirectPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInf
     }
 
     OIC_LOG(INFO, TAG, "OUT DirectPairingDTLSHandshakeCB");
+    return result;
 }
 
 /**
index adae1fd..1fe60eb 100644 (file)
@@ -1049,8 +1049,8 @@ OCStackResult DoxmUpdateWriteableProperty(const OicSecDoxm_t* src, OicSecDoxm_t*
  * @param[out]   object           remote device information.
  * @param[out]   errorInfo        CA Error information.
  */
-void MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object,
-                                const CAErrorInfo_t *errorInfo)
+CAResult_t MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object,
+                                        const CAErrorInfo_t *errorInfo)
 {
     OIC_LOG(DEBUG, TAG, "IN MultipleOwnerDTLSHandshakeCB");
 
@@ -1063,14 +1063,14 @@ void MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object,
             if (!gDoxm)
             {
                 OIC_LOG_V(WARNING, TAG, "%s: gDoxm is NULL", __func__);
-                return;
+                return CA_HANDLE_ERROR_OTHER_MODULE;
             }
 
             if (0 == memcmp(authenticationSubOwnerInfo.identity.id, gDoxm->owner.id,
                             authenticationSubOwnerInfo.identity.id_length))
             {
                 OIC_LOG(WARNING, TAG, "Super owner tried MOT, this request will be ignored.");
-                return;
+                return CA_HANDLE_ERROR_OTHER_MODULE;
             }
 
             OicSecSubOwner_t* subOwnerInst = NULL;
@@ -1093,14 +1093,14 @@ void MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object,
                     if (sizeof(subOwnerInst->uuid.id) < authenticationSubOwnerInfo.identity.id_length)
                     {
                         OIC_LOG(ERROR, TAG, "Identity id is too long");
-                        return;
+                        return CA_HANDLE_ERROR_OTHER_MODULE;
                     }
                     memcpy(subOwnerInst->uuid.id, authenticationSubOwnerInfo.identity.id,
                            authenticationSubOwnerInfo.identity.id_length);
                     if(OC_STACK_OK != ConvertUuidToStr(&subOwnerInst->uuid, &strUuid))
                     {
                         OIC_LOG(ERROR, TAG, "Failed to allocate memory.");
-                        return;
+                        return CA_HANDLE_ERROR_OTHER_MODULE;
                     }
                     OIC_LOG_V(DEBUG, TAG, "Adding New SubOwner(%s)", strUuid);
                     OICFree(strUuid);
@@ -1124,6 +1124,7 @@ void MultipleOwnerDTLSHandshakeCB(const CAEndpoint_t *object,
     }
 
     OIC_LOG(DEBUG, TAG, "OUT MultipleOwnerDTLSHandshakeCB");
+    return CA_STATUS_OK;
 }
 #endif //MULTIPLE_OWNER
 #endif // defined(__WITH_DTLS__) || defined (__WITH_TLS__)
@@ -1168,7 +1169,7 @@ static bool ValidateOxmsel(const OicSecOxm_t *supportedMethods,
 }
 
 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
-static void DoxmDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
+static CAResult_t DoxmDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
 {
     OIC_LOG_V(DEBUG, TAG, "In %s(%p, %p)", __func__, endpoint, info);
 
@@ -1183,9 +1184,10 @@ static void DoxmDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_
     }
 
     OIC_LOG_V(DEBUG, TAG, "Out %s(%p, %p)", __func__, endpoint, info);
+    return CA_STATUS_OK;
 }
 
-static void RegisterOTMSslHandshakeCallback(CAErrorCallback callback)
+static void RegisterOTMSslHandshakeCallback(CAHandshakeErrorCallback callback)
 {
     OC_VERIFY(CA_STATUS_OK == CAregisterSslHandshakeCallback(callback));
 }
index ef64526..a8f271a 100644 (file)
@@ -370,7 +370,7 @@ exit:
  * @param   errorInfo [IN] Error information from the endpoint.
  * @return  NONE
  */
-void DPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
+CAResult_t DPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
 {
     OIC_LOG(INFO, TAG, "IN DPairingDTLSHandshakeCB");
 
@@ -398,6 +398,7 @@ void DPairingDTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *
     }
 
     OIC_LOG(INFO, TAG, "OUT DPairingDTLSHandshakeCB");
+    return CA_STATUS_OK;
 }
 
 static OCEntityHandlerResult HandleDpairingPostRequest (const OCEntityHandlerRequest * ehRequest)
index 50a24b0..e50219f 100644 (file)
@@ -44,8 +44,6 @@ static CARequestCallback gRequestHandler = NULL;
 static CAResponseCallback gResponseHandler = NULL;
 //Error Callback handler
 static CAErrorCallback gErrorHandler = NULL;
-//Provisioning response callback
-static SPResponseCallback gSPResponseHandler = NULL;
 
 /**
  * A single global Request context will suffice as long
@@ -53,15 +51,6 @@ static SPResponseCallback gSPResponseHandler = NULL;
  */
 SRMRequestContext_t g_requestContext;
 
-/**
- * Function to register provisoning API's response callback.
- * @param respHandler response handler callback.
- */
-void SRMRegisterProvisioningResponseHandler(SPResponseCallback respHandler)
-{
-    gSPResponseHandler = respHandler;
-}
-
 void SetRequestedResourceType(SRMRequestContext_t *context)
 {
     context->resourceType = GetSvrTypeFromUri(context->resourceUri);
@@ -375,18 +364,7 @@ void SRMResponseHandler(const CAEndpoint_t *endPoint, const CAResponseInfo_t *re
 {
     OIC_LOG(DEBUG, TAG, "Received response from remote device");
 
-    // isProvResponse flag is to check whether response is catered by provisioning APIs or not.
-    // When token sent by CA response matches with token generated by provisioning request,
-    // gSPResponseHandler returns true and response is not sent to RI layer. In case
-    // gSPResponseHandler is null and isProvResponse is false response then the response is for
-    // RI layer.
-    bool isProvResponse = false;
-
-    if (gSPResponseHandler)
-    {
-        isProvResponse = gSPResponseHandler(endPoint, responseInfo);
-    }
-    if (!isProvResponse && gResponseHandler)
+    if (gResponseHandler)
     {
         gResponseHandler(endPoint, responseInfo);
     }
index 2cb426d..a5e83fa 100644 (file)
@@ -5869,6 +5869,10 @@ OCStackResult CAResultToOCResult(CAResult_t caResult)
             return OC_STACK_ERROR;
         case CA_NOT_SUPPORTED:
             return OC_STACK_NOTIMPL;
+        case CA_HANDLE_ERROR_OTHER_MODULE:
+            return OC_STACK_COMM_ERROR;
+        case CA_CONTINUE_OPERATION:
+            return OC_STACK_CONTINUE_OPERATION;
         default:
             return OC_STACK_ERROR;
     }