int main() { OIC_LOG(DEBUG, TAG, "OCServer is starting..."); SetPersistentHandler(&ps); if (OCInit(NULL, 0, OC_SERVER) != OC_STACK_OK) { OIC_LOG(ERROR, TAG, "OCStack init error"); return 0; } /* * Declare and create the example resource: Light */ createLightResource(gResourceUri, &Light); CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); struct timespec timeout; timeout.tv_sec = 0; timeout.tv_nsec = 100000000L; // Break from loop with Ctrl-C OIC_LOG(INFO, TAG, "Entering ocserver main loop..."); signal(SIGINT, handleSigInt); while (!gQuitFlag) { if (OCProcess() != OC_STACK_OK) { OIC_LOG(ERROR, TAG, "OCStack process error"); return 0; } nanosleep(&timeout, NULL); } OIC_LOG(INFO, TAG, "Exiting ocserver main loop..."); if (OCStop() != OC_STACK_OK) { OIC_LOG(ERROR, TAG, "OCStack process error"); } return 0; }
/** * Callback handler for OwnershipInformationHandler API. * * @param[in] ctx ctx value passed to callback from calling function. * @param[in] UNUSED handle to an invocation * @param[in] clientResponse Response from queries to remote servers. * @return OC_STACK_DELETE_TRANSACTION to delete the transaction * and OC_STACK_KEEP_TRANSACTION to keep it. */ static OCStackApplicationResult OwnershipInformationHandler(void *ctx, OCDoHandle UNUSED, OCClientResponse *clientResponse) { VERIFY_NON_NULL(TAG, clientResponse, WARNING); VERIFY_NON_NULL(TAG, ctx, WARNING); OC_LOG(DEBUG, TAG, "IN OwnershipInformationHandler"); (void)UNUSED; OCStackResult res = OC_STACK_OK; OTMContext_t* otmCtx = (OTMContext_t*)ctx; if (OC_STACK_OK == clientResponse->result) { if(OIC_RANDOM_DEVICE_PIN == otmCtx->selectedDeviceInfo->doxm->oxmSel) { res = RemoveCredential(&otmCtx->subIdForPinOxm); if(OC_STACK_RESOURCE_DELETED != res) { OC_LOG_V(ERROR, TAG, "Failed to remove temporal PSK : %d", res); return OC_STACK_DELETE_TRANSACTION; } } res = SaveOwnerPSK(otmCtx->selectedDeviceInfo); if(OC_STACK_OK != res) { OC_LOG(ERROR, TAG, "OperationModeUpdate : Failed to owner PSK generation"); SetResult(otmCtx, res); return OC_STACK_DELETE_TRANSACTION; } CAEndpoint_t* endpoint = (CAEndpoint_t *)&otmCtx->selectedDeviceInfo->endpoint; endpoint->port = otmCtx->selectedDeviceInfo->securePort; CAResult_t caResult = CACloseDtlsSession(endpoint); if(CA_STATUS_OK != caResult) { OC_LOG(ERROR, TAG, "Failed to close DTLS session"); SetResult(otmCtx, caResult); return OC_STACK_DELETE_TRANSACTION; } /** * If we select NULL cipher, * client will select appropriate cipher suite according to server's cipher-suite list. */ caResult = CASelectCipherSuite(TLS_NULL_WITH_NULL_NULL); if(CA_STATUS_OK != caResult) { OC_LOG(ERROR, TAG, "Failed to select TLS_NULL_WITH_NULL_NULL"); SetResult(otmCtx, caResult); return OC_STACK_DELETE_TRANSACTION; } OC_LOG(INFO, TAG, "Ownership transfer was successfully completed."); OC_LOG(INFO, TAG, "Start defualt ACL & commit-hash provisioning."); res = FinalizeProvisioning(otmCtx); if(OC_STACK_OK != res) { SetResult(otmCtx, res); } } else { res = clientResponse->result; } OC_LOG(DEBUG, TAG, "OUT OwnershipInformationHandler"); exit: return OC_STACK_DELETE_TRANSACTION; }
static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest) { OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request"); OCEntityHandlerResult ehRet = OC_EH_ERROR; OicUuid_t emptyOwner = {.id = {0}}; /* * Convert JSON Doxm data into binary. This will also validate * the Doxm data received. */ OicSecDoxm_t* newDoxm = JSONToDoxmBin(((OCSecurityPayload*)ehRequest->payload)->securityData); if (newDoxm) { // Iotivity SRM ONLY supports OIC_JUST_WORKS now if (OIC_JUST_WORKS == newDoxm->oxmSel) { if ((false == gDoxm->owned) && (false == newDoxm->owned)) { /* * If current state of the device is un-owned, enable * anonymous ECDH cipher in tinyDTLS so that Provisioning * tool can initiate JUST_WORKS ownership transfer process. */ if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0) { OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite"); #ifdef __WITH_DTLS__ ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR; #endif //__WITH_DTLS__ goto exit; } else { #ifdef __WITH_DTLS__ //Save the owner's UUID to derive owner credential memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t)); // OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle; // //Generating OwnerPSK // OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK"); // //Generate new credential for provisioning tool // ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm, // (uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS)); // VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR); // Update new state in persistent storage if (true == UpdatePersistentStorage(gDoxm)) { ehRet = OC_EH_OK; } else { OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage"); ehRet = OC_EH_ERROR; } /* * Disable anonymous ECDH cipher in tinyDTLS since device is now * in owned state. */ CAResult_t caRes = CA_STATUS_OK; caRes = CAEnableAnonECDHCipherSuite(false); VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR); OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED"); #ifdef __WITH_X509__ #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); #endif //__WITH_X509__ #endif //__WITH_DTLS__ } } } else if(OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel) { if ((false == gDoxm->owned) && (false == newDoxm->owned)) { /* * If current state of the device is un-owned, enable * anonymous ECDH cipher in tinyDTLS so that Provisioning * tool can initiate JUST_WORKS ownership transfer process. */ if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0) { gDoxm->oxmSel = newDoxm->oxmSel; //Update new state in persistent storage if((UpdatePersistentStorage(gDoxm) == true)) { ehRet = OC_EH_OK; } else { OIC_LOG(WARNING, TAG, "Failed to update DOXM in persistent storage"); ehRet = OC_EH_ERROR; } #ifdef __WITH_DTLS__ CAResult_t caRes = CA_STATUS_OK; caRes = CAEnableAnonECDHCipherSuite(false); VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR); OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED"); caRes = CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256); VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR); char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,}; if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1)) { //Set the device id to derive temporal PSK SetUuidForRandomPinOxm(&gDoxm->deviceID); /** * Since PSK will be used directly by DTLS layer while PIN based ownership transfer, * Credential should not be saved into SVR. * For this reason, use a temporary get_psk_info callback to random PIN OxM. */ caRes = CARegisterDTLSCredentialsHandler(GetDtlsPskForRandomPinOxm); VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR); ehRet = OC_EH_OK; } else { OIC_LOG(ERROR, TAG, "Failed to generate random PIN"); ehRet = OC_EH_ERROR; } #endif //__WITH_DTLS__ } else { #ifdef __WITH_DTLS__ //Save the owner's UUID to derive owner credential memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t)); //Update new state in persistent storage if((UpdatePersistentStorage(gDoxm) == true)) { ehRet = OC_EH_OK; } else { OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage"); ehRet = OC_EH_ERROR; } #endif } } } /* * When current state of the device is un-owned and Provisioning * Tool is attempting to change the state to 'Owned' with a * qualified value for the field 'Owner' */ if ((false == gDoxm->owned) && (true == newDoxm->owned) && (memcmp(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t)) == 0)) { gDoxm->owned = true; // Update new state in persistent storage if (UpdatePersistentStorage(gDoxm)) { //Update default ACL of security resource to prevent anonymous user access. if(OC_STACK_OK == UpdateDefaultSecProvACL()) { ehRet = OC_EH_OK; } else { OIC_LOG(ERROR, TAG, "Failed to remove default ACL for security provisioning"); ehRet = OC_EH_ERROR; } } else { OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage"); ehRet = OC_EH_ERROR; } } } exit: if(OC_EH_OK != ehRet) { OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\ "DOXM will be reverted."); /* * If some error is occured while ownership transfer, * ownership transfer related resource should be revert back to initial status. */ RestoreDoxmToInitState(); RestorePstatToInitState(); } //Send payload to request originator if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL)) { OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandlePstatPostRequest"); } DeleteDoxmBinData(newDoxm); return ehRet; }
static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest) { OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request"); OCEntityHandlerResult ehRet = OC_EH_ERROR; OicUuid_t emptyOwner = {.id = {0}}; /* * Convert JSON Doxm data into binary. This will also validate * the Doxm data received. */ OicSecDoxm_t* newDoxm = JSONToDoxmBin(((OCSecurityPayload*)ehRequest->payload)->securityData); if (newDoxm) { // Iotivity SRM ONLY supports OIC_JUST_WORKS now if (OIC_JUST_WORKS == newDoxm->oxmSel) { /* * If current state of the device is un-owned, enable * anonymous ECDH cipher in tinyDTLS so that Provisioning * tool can initiate JUST_WORKS ownership transfer process. */ if ((false == gDoxm->owned) && (false == newDoxm->owned)) { OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite"); #ifdef __WITH_DTLS__ ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR; #endif //__WITH_DTLS__ goto exit; } /* * When current state of the device is un-owned and Provisioning * Tool is attempting to change the state to 'Owned' with a * qualified value for the field 'Owner' */ if ((false == gDoxm->owned) && (true == newDoxm->owned) && (memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0)) { /* * Generate OwnerPSK and create credential for Provisioning * tool with the generated OwnerPSK. * Update persistent storage and disable anonymous ECDH cipher * */ #ifdef __WITH_DTLS__ OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle; //Generating OwnerPSK OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK"); //Generate new credential for provisioning tool ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm, (uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS)); VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR); // Update new state in persistent storage if (true == UpdatePersistentStorage(gDoxm)) { ehRet = OC_EH_OK; } else { ehRet = OC_EH_ERROR; /* * If persistent storage update failed, revert back the state * for global variable. */ gDoxm->owned = false; gDoxm->oxmSel = 0; memset(&(gDoxm->owner), 0, sizeof(OicUuid_t)); } /* * Disable anonymous ECDH cipher in tinyDTLS since device is now * in owned state. */ CAEnableAnonECDHCipherSuite(false); #ifdef __WITH_X509__ #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); #endif //__WITH_X509__ #endif //__WITH_DTLS__ } } else if(OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel) { #ifdef __WITH_DTLS__ //this temp Credential ID is used to track temporal Cred Id static OicUuid_t tmpCredId = {.id={0}}; static bool tmpCredGenFlag = false; #endif //__WITH_DTLS__ if ((false == gDoxm->owned) && (false == newDoxm->owned)) { #ifdef __WITH_DTLS__ CAEnableAnonECDHCipherSuite(false); OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED"); CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256); char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,}; if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1)) { if(tmpCredGenFlag) { OIC_LOG(INFO, TAG, "Corrupted PSK is detected!!!"); VERIFY_SUCCESS(TAG, OC_STACK_RESOURCE_DELETED == RemoveCredential(&tmpCredId), ERROR); } OCStackResult res = AddTmpPskWithPIN( &(newDoxm->owner), SYMMETRIC_PAIR_WISE_KEY, ranPin, OXM_RANDOM_PIN_SIZE, 1, &(newDoxm->owner), &tmpCredId); VERIFY_SUCCESS(TAG, res == OC_STACK_OK, ERROR); tmpCredGenFlag = true; ehRet = OC_EH_OK; } else { OIC_LOG(ERROR, TAG, "Failed to generate random PIN"); ehRet = OC_EH_ERROR; } #endif //__WITH_DTLS__ } /* * When current state of the device is un-owned and Provisioning * Tool is attempting to change the state to 'Owned' with a * qualified value for the field 'Owner' */ if ((false == gDoxm->owned) && (true == newDoxm->owned) && (memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0)) { #ifdef __WITH_DTLS__ OCServerRequest * request = (OCServerRequest *)ehRequest->requestHandle; //Remove Temporal Credential resource if(tmpCredGenFlag) { VERIFY_SUCCESS(TAG, OC_STACK_RESOURCE_DELETED == RemoveCredential(&tmpCredId), ERROR); tmpCredGenFlag = false; } //Generate new credential for provisioning tool ehRet = AddOwnerPSK((CAEndpoint_t*)(&request->devAddr), newDoxm, (uint8_t*)OXM_RANDOM_DEVICE_PIN, strlen(OXM_RANDOM_DEVICE_PIN)); VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR); //Update new state in persistent storage if((UpdatePersistentStorage(gDoxm) == true)) { ehRet = OC_EH_OK; } else { /* * If persistent storage update failed, revert back the state * for global variable. */ gDoxm->owned = false; gDoxm->oxmSel = 0; memset(&(gDoxm->owner), 0, sizeof(OicUuid_t)); ehRet = OC_EH_ERROR; } #endif } } } exit: //Send payload to request originator if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL)) { OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandlePstatPostRequest"); } DeleteDoxmBinData(newDoxm); return ehRet; }