static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest)
{
OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request");
OCEntityHandlerResult ehRet = OC_EH_ERROR;
OicUuid_t emptyOwner = {.id = {0}};
/*
* Convert JSON Doxm data into binary. This will also validate
* the Doxm data received.
*/
OicSecDoxm_t* newDoxm = JSONToDoxmBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
if (newDoxm)
{
// Iotivity SRM ONLY supports OIC_JUST_WORKS now
if (OIC_JUST_WORKS == newDoxm->oxmSel)
{
if ((false == gDoxm->owned) && (false == newDoxm->owned))
{
/*
* If current state of the device is un-owned, enable
* anonymous ECDH cipher in tinyDTLS so that Provisioning
* tool can initiate JUST_WORKS ownership transfer process.
*/
if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
{
OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
#ifdef __WITH_DTLS__
ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
#endif //__WITH_DTLS__
goto exit;
}
else
{
#ifdef __WITH_DTLS__
//Save the owner's UUID to derive owner credential
memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
// OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
// //Generating OwnerPSK
// OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK");
// //Generate new credential for provisioning tool
// ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm,
// (uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS));
// VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
// Update new state in persistent storage
if (true == UpdatePersistentStorage(gDoxm))
{
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
ehRet = OC_EH_ERROR;
}
/*
* Disable anonymous ECDH cipher in tinyDTLS since device is now
* in owned state.
*/
CAResult_t caRes = CA_STATUS_OK;
caRes = CAEnableAnonECDHCipherSuite(false);
VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
#ifdef __WITH_X509__
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
#endif //__WITH_X509__
#endif //__WITH_DTLS__
}
}
}
else if(OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel)
{
if ((false == gDoxm->owned) && (false == newDoxm->owned))
{
/*
* If current state of the device is un-owned, enable
* anonymous ECDH cipher in tinyDTLS so that Provisioning
* tool can initiate JUST_WORKS ownership transfer process.
*/
if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
{
gDoxm->oxmSel = newDoxm->oxmSel;
//Update new state in persistent storage
if((UpdatePersistentStorage(gDoxm) == true))
{
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(WARNING, TAG, "Failed to update DOXM in persistent storage");
ehRet = OC_EH_ERROR;
}
#ifdef __WITH_DTLS__
CAResult_t caRes = CA_STATUS_OK;
caRes = CAEnableAnonECDHCipherSuite(false);
VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
caRes = CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,};
if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1))
{
//Set the device id to derive temporal PSK
SetUuidForRandomPinOxm(&gDoxm->deviceID);
/**
* Since PSK will be used directly by DTLS layer while PIN based ownership transfer,
* Credential should not be saved into SVR.
* For this reason, use a temporary get_psk_info callback to random PIN OxM.
*/
caRes = CARegisterDTLSCredentialsHandler(GetDtlsPskForRandomPinOxm);
VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(ERROR, TAG, "Failed to generate random PIN");
ehRet = OC_EH_ERROR;
}
#endif //__WITH_DTLS__
}
else
{
#ifdef __WITH_DTLS__
//Save the owner's UUID to derive owner credential
memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
//Update new state in persistent storage
if((UpdatePersistentStorage(gDoxm) == true))
{
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
ehRet = OC_EH_ERROR;
}
#endif
}
}
}
/*
* When current state of the device is un-owned and Provisioning
* Tool is attempting to change the state to 'Owned' with a
* qualified value for the field 'Owner'
*/
if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
(memcmp(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t)) == 0))
{
gDoxm->owned = true;
// Update new state in persistent storage
if (UpdatePersistentStorage(gDoxm))
{
//Update default ACL of security resource to prevent anonymous user access.
if(OC_STACK_OK == UpdateDefaultSecProvACL())
{
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(ERROR, TAG, "Failed to remove default ACL for security provisioning");
ehRet = OC_EH_ERROR;
}
}
else
{
OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
ehRet = OC_EH_ERROR;
}
}
}
exit:
if(OC_EH_OK != ehRet)
{
OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
"DOXM will be reverted.");
/*
* If some error is occured while ownership transfer,
* ownership transfer related resource should be revert back to initial status.
*/
RestoreDoxmToInitState();
RestorePstatToInitState();
}
//Send payload to request originator
if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL))
{
OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandlePstatPostRequest");
}
DeleteDoxmBinData(newDoxm);
return ehRet;
}
static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest)
{
OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request");
OCEntityHandlerResult ehRet = OC_EH_ERROR;
OicUuid_t emptyOwner = {.id = {0}};
/*
* Convert JSON Doxm data into binary. This will also validate
* the Doxm data received.
*/
OicSecDoxm_t* newDoxm = JSONToDoxmBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
if (newDoxm)
{
// Iotivity SRM ONLY supports OIC_JUST_WORKS now
if (OIC_JUST_WORKS == newDoxm->oxmSel)
{
/*
* If current state of the device is un-owned, enable
* anonymous ECDH cipher in tinyDTLS so that Provisioning
* tool can initiate JUST_WORKS ownership transfer process.
*/
if ((false == gDoxm->owned) && (false == newDoxm->owned))
{
OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
#ifdef __WITH_DTLS__
ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
#endif //__WITH_DTLS__
goto exit;
}
/*
* When current state of the device is un-owned and Provisioning
* Tool is attempting to change the state to 'Owned' with a
* qualified value for the field 'Owner'
*/
if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0))
{
/*
* Generate OwnerPSK and create credential for Provisioning
* tool with the generated OwnerPSK.
* Update persistent storage and disable anonymous ECDH cipher
*
*/
#ifdef __WITH_DTLS__
OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
//Generating OwnerPSK
OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK");
//Generate new credential for provisioning tool
ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm,
(uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS));
VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
// Update new state in persistent storage
if (true == UpdatePersistentStorage(gDoxm))
{
ehRet = OC_EH_OK;
}
else
{
ehRet = OC_EH_ERROR;
/*
* If persistent storage update failed, revert back the state
* for global variable.
*/
gDoxm->owned = false;
gDoxm->oxmSel = 0;
memset(&(gDoxm->owner), 0, sizeof(OicUuid_t));
}
/*
* Disable anonymous ECDH cipher in tinyDTLS since device is now
* in owned state.
*/
CAEnableAnonECDHCipherSuite(false);
#ifdef __WITH_X509__
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
#endif //__WITH_X509__
#endif //__WITH_DTLS__
}
}
else if(OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel)
{
#ifdef __WITH_DTLS__
//this temp Credential ID is used to track temporal Cred Id
static OicUuid_t tmpCredId = {.id={0}};
static bool tmpCredGenFlag = false;
#endif //__WITH_DTLS__
if ((false == gDoxm->owned) && (false == newDoxm->owned))
{
#ifdef __WITH_DTLS__
CAEnableAnonECDHCipherSuite(false);
OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,};
if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1))
{
if(tmpCredGenFlag)
{
OIC_LOG(INFO, TAG, "Corrupted PSK is detected!!!");
VERIFY_SUCCESS(TAG,
OC_STACK_RESOURCE_DELETED == RemoveCredential(&tmpCredId),
ERROR);
}
OCStackResult res = AddTmpPskWithPIN( &(newDoxm->owner), SYMMETRIC_PAIR_WISE_KEY,
ranPin, OXM_RANDOM_PIN_SIZE, 1, &(newDoxm->owner), &tmpCredId);
VERIFY_SUCCESS(TAG, res == OC_STACK_OK, ERROR);
tmpCredGenFlag = true;
ehRet = OC_EH_OK;
}
else
{
OIC_LOG(ERROR, TAG, "Failed to generate random PIN");
ehRet = OC_EH_ERROR;
}
#endif //__WITH_DTLS__
}
/*
* When current state of the device is un-owned and Provisioning
* Tool is attempting to change the state to 'Owned' with a
* qualified value for the field 'Owner'
*/
if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0))
{
#ifdef __WITH_DTLS__
OCServerRequest * request = (OCServerRequest *)ehRequest->requestHandle;
//Remove Temporal Credential resource
if(tmpCredGenFlag)
{
VERIFY_SUCCESS(TAG,
OC_STACK_RESOURCE_DELETED == RemoveCredential(&tmpCredId),
ERROR);
tmpCredGenFlag = false;
}
//Generate new credential for provisioning tool
ehRet = AddOwnerPSK((CAEndpoint_t*)(&request->devAddr), newDoxm,
(uint8_t*)OXM_RANDOM_DEVICE_PIN, strlen(OXM_RANDOM_DEVICE_PIN));
VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
//Update new state in persistent storage
if((UpdatePersistentStorage(gDoxm) == true))
{
ehRet = OC_EH_OK;
}
else
{
/*
* If persistent storage update failed, revert back the state
* for global variable.
*/
gDoxm->owned = false;
gDoxm->oxmSel = 0;
memset(&(gDoxm->owner), 0, sizeof(OicUuid_t));
ehRet = OC_EH_ERROR;
}
#endif
}
}
}
exit:
//Send payload to request originator
if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL))
{
OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandlePstatPostRequest");
}
DeleteDoxmBinData(newDoxm);
return ehRet;
}
