TEST(GenerateAndAddCredentialTest, GenerateAndAddCredentialValidInput)
{
OicUuid_t owners[1];
OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId11");
OicUuid_t subject = {{0}};
OICStrcpy((char *)subject.id, sizeof(subject.id), "subject11");
char privateKey[] = "My private Key11";
OicSecCred_t * cred1 = NULL;
OicSecCred_t * headCred = NULL;
cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
privateKey, 1, owners);
EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1));
headCred = cred1;
OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId22");
OICStrcpy((char *)subject.id, sizeof(subject.id), "subject22");
cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
privateKey, 1, owners);
EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1));
OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId33");
OICStrcpy((char *)subject.id, sizeof(subject.id), "subject33");
cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
privateKey, 1, owners);
EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1));
const OicSecCred_t* credList = GetCredResourceData(&headCred->subject);
printCred(credList);
DeleteCredList(headCred);
}
TEST(CredResourceTest, GenerateAndAddCredentialValidInput)
{
OicUuid_t rownerID = {{0}};
OICStrcpy((char *)rownerID.id, sizeof(rownerID.id), "ownersId11");
OicUuid_t subject = {{0}};
OICStrcpy((char *)subject.id, sizeof(subject.id), "subject11");
uint8_t privateKey[] = "My private Key11";
OicSecKey_t key = {privateKey, sizeof(privateKey)};
OicSecCred_t *cred1 = NULL;
OicSecCred_t *headCred = NULL;
cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
&key, &rownerID);
EXPECT_EQ(OC_STACK_OK, AddCredential(cred1));
headCred = cred1;
OICStrcpy((char *)rownerID.id, sizeof(rownerID.id), "ownersId22");
OICStrcpy((char *)subject.id, sizeof(subject.id), "subject22");
cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
&key, &rownerID);
EXPECT_EQ(OC_STACK_OK, AddCredential(cred1));
OICStrcpy((char *)rownerID.id, sizeof(rownerID.id), "ownersId33");
OICStrcpy((char *)subject.id, sizeof(subject.id), "subject33");
cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
&key, &rownerID);
EXPECT_EQ(OC_STACK_OK, AddCredential(cred1));
const OicSecCred_t* credList = GetCredResourceData(&headCred->subject);
printCred(credList);
DeleteCredList(headCred);
}
TEST(CredGenerateCredentialTest, GenerateCredentialValidInput)
{
OicUuid_t owners[1];
OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId21");
OicUuid_t subject = {{0}};
OICStrcpy((char *)subject.id, sizeof(subject.id), "subject11");
char privateKey[] = "My private Key11";
OicSecCred_t * cred = NULL;
cred = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
privateKey, 1, owners);
printCred(cred);
EXPECT_TRUE(NULL != cred);
DeleteCredList(cred);
}
TEST(CredResourceTest, GenerateCredentialValidInput)
{
OicUuid_t rownerID = {{0}};
OICStrcpy((char *)rownerID.id, sizeof(rownerID.id), "ownersId21");
OicUuid_t subject = {{0}};
OICStrcpy((char *)subject.id, sizeof(subject.id), "subject11");
uint8_t privateKey[] = "My private Key11";
OicSecKey_t key = {privateKey, sizeof(privateKey)};
OicSecCred_t * cred = NULL;
cred = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
&key, &rownerID);
printCred(cred);
ASSERT_TRUE(NULL != cred);
DeleteCredList(cred);
}
/*
* Generating new credential for provisioning tool
*
* PSK generated by
*/
static OCEntityHandlerResult AddOwnerPSK(const CAEndpoint_t* endpoint,
OicSecDoxm_t* ptDoxm,
const uint8_t* label, const size_t labelLen)
{
size_t ownLen = 1;
uint32_t outLen = 0;
OicSecCred_t *cred = NULL;
uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {};
CAResult_t pskRet = CAGenerateOwnerPSK(endpoint,
label, labelLen,
ptDoxm->owner.id, sizeof(ptDoxm->owner.id),
gDoxm->deviceID.id, sizeof(gDoxm->deviceID.id),
ownerPSK, OWNER_PSK_LENGTH_128);
VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
char base64Buff[B64ENCODE_OUT_SAFESIZE(OWNER_PSK_LENGTH_128) + 1] = {};
B64Result b64Ret = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, base64Buff,
sizeof(base64Buff), &outLen);
VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
OIC_LOG (DEBUG, TAG, "Doxm EntityHandle generating Credential");
cred = GenerateCredential(&ptDoxm->owner, SYMMETRIC_PAIR_WISE_KEY,
NULL, base64Buff, ownLen, &ptDoxm->owner);
VERIFY_NON_NULL(TAG, cred, ERROR);
//Adding provisioning tool credential to cred Resource.
VERIFY_SUCCESS(TAG, OC_STACK_OK == AddCredential(cred), ERROR);
gDoxm->owned = true;
gDoxm->oxmSel = ptDoxm->oxmSel;
memcpy(&(gDoxm->owner), &(ptDoxm->owner), sizeof(OicUuid_t));
return OC_EH_OK;
exit:
return OC_EH_ERROR;
}
/**
* Function to save ownerPSK at provisioning tool end.
*
* @param[in] selectedDeviceInfo selected device information to performing provisioning.
* @return OC_STACK_OK on success
*/
static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
{
OC_LOG(DEBUG, TAG, "IN SaveOwnerPSK");
OCStackResult res = OC_STACK_ERROR;
CAEndpoint_t endpoint;
memset(&endpoint, 0x00, sizeof(CAEndpoint_t));
OICStrcpy(endpoint.addr, MAX_ADDR_STR_SIZE_CA, selectedDeviceInfo->endpoint.addr);
endpoint.addr[MAX_ADDR_STR_SIZE_CA - 1] = '\0';
endpoint.port = selectedDeviceInfo->securePort;
OicUuid_t ptDeviceID = {.id={0}};
if (OC_STACK_OK != GetDoxmDeviceID(&ptDeviceID))
{
OC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
return res;
}
uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {0};
//Generating OwnerPSK
CAResult_t pskRet = CAGenerateOwnerPSK(&endpoint,
(uint8_t *)GetOxmString(selectedDeviceInfo->doxm->oxmSel),
strlen(GetOxmString(selectedDeviceInfo->doxm->oxmSel)), ptDeviceID.id,
sizeof(ptDeviceID.id), selectedDeviceInfo->doxm->deviceID.id,
sizeof(selectedDeviceInfo->doxm->deviceID.id), ownerPSK,
OWNER_PSK_LENGTH_128);
if (CA_STATUS_OK == pskRet)
{
OC_LOG(INFO, TAG,"ownerPSK dump:\n");
OC_LOG_BUFFER(INFO, TAG,ownerPSK, OWNER_PSK_LENGTH_128);
//Generating new credential for provisioning tool
size_t ownLen = 1;
uint32_t outLen = 0;
char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(ownerPSK)) + 1] = {};
B64Result b64Ret = b64Encode(ownerPSK, sizeof(ownerPSK), base64Buff, sizeof(base64Buff),
&outLen);
VERIFY_SUCCESS(TAG, B64_OK == b64Ret, ERROR);
OicSecCred_t *cred = GenerateCredential(&selectedDeviceInfo->doxm->deviceID,
SYMMETRIC_PAIR_WISE_KEY, NULL,
base64Buff, ownLen, &ptDeviceID);
VERIFY_NON_NULL(TAG, cred, ERROR);
res = AddCredential(cred);
if(res != OC_STACK_OK)
{
DeleteCredList(cred);
return res;
}
}
else
{
OC_LOG(ERROR, TAG, "CAGenerateOwnerPSK failed");
}
OC_LOG(DEBUG, TAG, "OUT SaveOwnerPSK");
exit:
return res;
}
static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest)
{
OC_LOG (INFO, TAG, PCF("Doxm EntityHandle processing PUT request"));
OCEntityHandlerResult ehRet = OC_EH_ERROR;
OicUuid_t emptyOwner = {.id = {0}};
/*
* Convert JSON Doxm data into binary. This will also validate
* the Doxm data received.
*/
OicSecDoxm_t* newDoxm = JSONToDoxmBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
if (newDoxm)
{
// Iotivity SRM ONLY supports OIC_JUST_WORKS now
if (OIC_JUST_WORKS == newDoxm->oxmSel)
{
/*
* If current state of the device is un-owned, enable
* anonymous ECDH cipher in tinyDTLS so that Provisioning
* tool can initiate JUST_WORKS ownership transfer process.
*/
if ((false == gDoxm->owned) && (false == newDoxm->owned))
{
OC_LOG (INFO, TAG, PCF("Doxm EntityHandle enabling AnonECDHCipherSuite"));
#ifdef __WITH_DTLS__
ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
#endif //__WITH_DTLS__
goto exit;
}
/*
* When current state of the device is un-owned and Provisioning
* Tool is attempting to change the state to 'Owned' with a
* qualified value for the field 'Owner'
*/
if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0))
{
/*
* Generate OwnerPSK and create credential for Provisioning
* tool with the generated OwnerPSK.
* Update persistent storage and disable anonymous ECDH cipher
*
*/
#ifdef __WITH_DTLS__
CAResult_t pskRet;
OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {};
//Generating OwnerPSK
OC_LOG (INFO, TAG, PCF("Doxm EntityHandle generating OwnerPSK"));
pskRet = CAGenerateOwnerPSK((CAEndpoint_t *)&request->devAddr,
(uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS),
newDoxm->owner.id, sizeof(newDoxm->owner.id),
gDoxm->deviceID.id, sizeof(gDoxm->deviceID.id),
ownerPSK, OWNER_PSK_LENGTH_128);
VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
//Generating new credential for provisioning tool
size_t ownLen = 1;
uint32_t outLen = 0;
char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(ownerPSK)) + 1] = {};
B64Result b64Ret = b64Encode(ownerPSK, sizeof(ownerPSK), base64Buff,
sizeof(base64Buff), &outLen);
VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
OC_LOG (INFO, TAG, PCF("Doxm EntityHandle generating Credential"));
OicSecCred_t *cred = GenerateCredential(&newDoxm->owner, SYMMETRIC_PAIR_WISE_KEY,
NULL, base64Buff, ownLen, &newDoxm->owner);
VERIFY_NON_NULL(TAG, cred, ERROR);
//Adding provisioning tool credential to cred Resource.
VERIFY_SUCCESS(TAG, OC_STACK_OK == AddCredential(cred), ERROR);
gDoxm->owned = true;
memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
// Update new state in persistent storage
if (true == UpdatePersistentStorage(gDoxm))
{
ehRet = OC_EH_OK;
}
else
{
ehRet = OC_EH_ERROR;
/*
* If persistent storage update failed, revert back the state
* for global variable.
*/
gDoxm->owned = false;
memset(&(gDoxm->owner), 0, sizeof(OicUuid_t));
}
/*
* Disable anonymous ECDH cipher in tinyDTLS since device is now
* in owned state.
*/
CAEnableAnonECDHCipherSuite(false);
#endif //__WITH_DTLS__
}
}
}
exit:
//Send payload to request originator
if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL))
{
OC_LOG (ERROR, TAG, PCF("SendSRMResponse failed in HandlePstatPostRequest"));
}
DeleteDoxmBinData(newDoxm);
return ehRet;
}
