OSCORE group contexts:support "desc" property

Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>
Danielius1922 · Oct 15, 2020 · 630d915 · 630d915
1 parent 59e7852
commit 630d915
Show file tree

Hide file tree

Showing 7 changed files with 47 additions and 23 deletions.
diff --git a/include/oc_obt.h b/include/oc_obt.h
@@ -623,10 +623,12 @@ int oc_obt_provision_pairwise_oscore_contexts(oc_uuid_t *uuid1,
                                               void *data);
 
 int oc_obt_provision_client_group_oscore_context(oc_uuid_t *uuid,
+                                                 const char *desc,
                                                  oc_obt_device_status_cb_t cb,
                                                  void *data);
 
 int oc_obt_provision_server_group_oscore_context(oc_uuid_t *uuid,
+                                                 const char *desc,
                                                  oc_obt_device_status_cb_t cb,
                                                  void *data);
 /**

diff --git a/onboarding_tool/obtmain.c b/onboarding_tool/obtmain.c
@@ -1242,7 +1242,7 @@ provision_server_group_oscore_context(void)
 
   otb_mutex_lock(app_sync_lock);
   int ret = oc_obt_provision_server_group_oscore_context(
-    &devices[dev]->uuid, provision_group_context_cb, NULL);
+    &devices[dev]->uuid, NULL, provision_group_context_cb, NULL);
   otb_mutex_unlock(app_sync_lock);
   if (ret >= 0) {
     PRINT("\nSuccessfully issued request to provision server group OSCORE "
@@ -1288,7 +1288,7 @@ provision_client_group_oscore_context(void)
 
   otb_mutex_lock(app_sync_lock);
   int ret = oc_obt_provision_client_group_oscore_context(
-    &devices[dev]->uuid, provision_group_context_cb, NULL);
+    &devices[dev]->uuid, NULL, provision_group_context_cb, NULL);
   otb_mutex_unlock(app_sync_lock);
   if (ret >= 0) {
     PRINT("\nSuccessfully issued request to provision client group OSCORE "
@@ -1336,7 +1336,7 @@ provision_oscore_contexts(void)
     PRINT("ERROR: Invalid selection\n");
     return;
   }
-  PRINT("Select device 2:");
+  PRINT("Select device 2: ");
   SCANF("%d", &c2);
   if (c2 < 0 || c2 >= i || c2 == c1) {
     PRINT("ERROR: Invalid selection\n");
@@ -1393,7 +1393,7 @@ provision_credentials(void)
     PRINT("ERROR: Invalid selection\n");
     return;
   }
-  PRINT("Select device 2:");
+  PRINT("Select device 2: ");
   SCANF("%d", &c2);
   if (c2 < 0 || c2 >= i || c2 == c1) {
     PRINT("ERROR: Invalid selection\n");

diff --git a/security/oc_cred.c b/security/oc_cred.c
@@ -806,6 +806,9 @@ oc_sec_encode_cred(bool persist, size_t device, oc_interface_mask_t iface_mask,
           oscore_ctx->recvid, oscore_ctx->recvid_len, hex_str, &hex_str_len);
         oc_rep_set_text_string(oscore, recipientid, hex_str);
       }
+      if (cr->credtype != OC_CREDTYPE_OSCORE) {
+        oc_rep_set_text_string(oscore, desc, oc_string(oscore_ctx->desc));
+      }
       oc_rep_set_int(oscore, ssn, oscore_ctx->ssn);
       oc_rep_close_object(creds, oscore);
     }
@@ -995,7 +998,7 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage,
           size_t publicdata_size = 0;
 #endif /* OC_PKI */
 #ifdef OC_OSCORE
-          const char *sid = NULL, *rid = NULL;
+          const char *sid = NULL, *rid = NULL, *desc = NULL;
           uint64_t ssn = 0;
 #endif /* OC_OSCORE */
           bool owner_cred = false;
@@ -1105,7 +1108,7 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage,
               else if (len == 6 &&
                        memcmp(oc_string(cred->name), "oscore", 6) == 0) {
                 got_oscore_ctx = true;
-                /* senderid, recipientid, ssn */
+                /* senderid, recipientid, ssn, desc */
                 while (data != NULL) {
                   len = oc_string_len(data->name);
                   if (data->type == OC_REP_STRING && len == 8 &&
@@ -1127,6 +1130,9 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage,
                       return false;
                     }
                     rid = oc_string(data->value.string);
+                  } else if (data->type == OC_REP_STRING && len == 4 &&
+                             memcmp(oc_string(data->name), "desc", 4) == 0) {
+                    desc = oc_string(data->value.string);
                   } else if (data->type == OC_REP_INT && len == 3 &&
                              memcmp(oc_string(data->name), "ssn", 3) == 0) {
                     if (!from_storage) {
@@ -1158,17 +1164,18 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage,
 
 #ifdef OC_OSCORE
           if (credtype == OC_CREDTYPE_OSCORE &&
-              (!sid || !rid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) {
+              (!sid || !rid || privatedata_size != OSCORE_MASTER_SECRET_LEN ||
+               desc)) {
             OC_ERR("oc_cred: invalid oscore credential..rejecting");
             return false;
           }
           if (credtype == OC_CREDTYPE_OSCORE_MCAST_CLIENT &&
-              (!sid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) {
+              (!sid || rid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) {
             OC_ERR("oc_cred: invalid oscore credential..rejecting");
             return false;
           }
           if (credtype == OC_CREDTYPE_OSCORE_MCAST_SERVER &&
-              (!rid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) {
+              (!rid || sid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) {
             OC_ERR("oc_cred: invalid oscore credential..rejecting");
             return false;
           }
@@ -1199,7 +1206,7 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage,
 #ifdef OC_OSCORE
               if (sid || rid) {
                 oc_oscore_context_t *oscore_ctx = oc_oscore_add_context(
-                  device, sid, rid, ssn, cr, from_storage);
+                  device, sid, rid, ssn, desc, cr, from_storage);
                 if (!oscore_ctx) {
                   return false;
                 }

diff --git a/security/oc_obt.c b/security/oc_obt.c
@@ -25,18 +25,18 @@
 check oc_config.h and make sure OC_STORAGE is defined if OC_SECURITY is defined.
 #endif
 
-#include "oc_obt.h"
 #include "oc_core_res.h"
+#include "oc_obt.h"
 #include "security/oc_acl_internal.h"
 #include "security/oc_certs.h"
 #include "security/oc_cred_internal.h"
 #include "security/oc_doxm.h"
 #include "security/oc_keypair.h"
 #include "security/oc_obt_internal.h"
 #include "security/oc_pstat.h"
+#include "security/oc_sdi.h"
 #include "security/oc_store.h"
 #include "security/oc_tls.h"
-#include "security/oc_sdi.h"
 #include <stdlib.h>
 
 OC_MEMB(oc_discovery_s, oc_discovery_cb_t, 1);
@@ -1203,6 +1203,9 @@ free_oscoregroupprov_state(oc_oscoregroupprov_ctx_t *request, int status)
   if (request->switch_dos) {
     free_switch_dos_state(request->switch_dos);
   }
+  if (oc_string_len(request->desc) > 0) {
+    oc_free_string(&request->desc);
+  }
   request->cb.cb(&request->device->uuid, status, request->cb.data);
   oc_memb_free(&oc_oscoregroupprov_ctx_m, request);
 }
@@ -1291,6 +1294,7 @@ deviceoscoregroup_RFPRO(int status, void *data)
       } else {
         oc_rep_set_text_string(oscore, recipientid, hex_str);
       }
+      oc_rep_set_text_string(oscore, desc, oc_string(p->desc));
       oc_rep_close_object(creds, oscore);
       oc_rep_object_array_end_item(creds);
       oc_rep_close_array(root, creds);
@@ -1305,7 +1309,7 @@ deviceoscoregroup_RFPRO(int status, void *data)
 }
 
 static int
-obt_provision_group_oscore_context(oc_uuid_t *uuid,
+obt_provision_group_oscore_context(oc_uuid_t *uuid, const char *desc,
                                    oc_obt_device_status_cb_t cb,
                                    oc_sec_credtype_t type, void *data)
 {
@@ -1327,6 +1331,9 @@ obt_provision_group_oscore_context(oc_uuid_t *uuid,
   p->cb.data = data;
   p->device = device;
   p->type = type;
+  if (desc) {
+    oc_new_string(&p->desc, desc, strlen(desc));
+  }
 
   oc_tls_select_psk_ciphersuite();
 
@@ -1342,21 +1349,21 @@ obt_provision_group_oscore_context(oc_uuid_t *uuid,
 }
 
 int
-oc_obt_provision_client_group_oscore_context(oc_uuid_t *uuid,
+oc_obt_provision_client_group_oscore_context(oc_uuid_t *uuid, const char *desc,
                                              oc_obt_device_status_cb_t cb,
                                              void *data)
 {
   return obt_provision_group_oscore_context(
-    uuid, cb, OC_CREDTYPE_OSCORE_MCAST_CLIENT, data);
+    uuid, desc, cb, OC_CREDTYPE_OSCORE_MCAST_CLIENT, data);
 }
 
 int
-oc_obt_provision_server_group_oscore_context(oc_uuid_t *uuid,
+oc_obt_provision_server_group_oscore_context(oc_uuid_t *uuid, const char *desc,
                                              oc_obt_device_status_cb_t cb,
                                              void *data)
 {
   return obt_provision_group_oscore_context(
-    uuid, cb, OC_CREDTYPE_OSCORE_MCAST_SERVER, data);
+    uuid, desc, cb, OC_CREDTYPE_OSCORE_MCAST_SERVER, data);
 }
 /* End of provision group OSCORE contexts */
 #endif /* OC_OSCORE */

diff --git a/security/oc_obt_internal.h b/security/oc_obt_internal.h
@@ -17,12 +17,12 @@
 #ifndef OC_OBT_INTERNAL_H
 #define OC_OBT_INTERNAL_H
 
+#include "messaging/coap/oscore_constants.h"
 #include "oc_api.h"
 #include "oc_endpoint.h"
 #include "oc_obt.h"
 #include "oc_uuid.h"
 #include "security/oc_pstat.h"
-#include "messaging/coap/oscore_constants.h"
 #include "util/oc_list.h"
 
 #ifdef __cplusplus
@@ -127,6 +127,7 @@ typedef struct oc_oscoregroupprov_ctx_t
   struct oc_oscoregroupprov_ctx_t *next;
   oc_device_status_cb_t cb;
   oc_device_t *device;
+  oc_string_t desc;
   oc_switch_dos_ctx_t *switch_dos;
   oc_sec_credtype_t type;
 } oc_oscoregroupprov_ctx_t;

diff --git a/security/oc_oscore_context.c b/security/oc_oscore_context.c
@@ -126,15 +126,18 @@ void
 oc_oscore_free_context(oc_oscore_context_t *ctx)
 {
   if (ctx) {
+    if (ctx->desc.size > 0) {
+      oc_free_string(&ctx->desc);
+    }
     oc_list_remove(contexts, ctx);
     oc_memb_free(&ctx_s, ctx);
   }
 }
 
 oc_oscore_context_t *
 oc_oscore_add_context(size_t device, const char *senderid,
-                      const char *recipientid, uint64_t ssn, void *cred_entry,
-                      bool from_storage)
+                      const char *recipientid, uint64_t ssn, const char *desc,
+                      void *cred_entry, bool from_storage)
 {
   oc_oscore_context_t *ctx = (oc_oscore_context_t *)oc_memb_alloc(&ctx_s);
 
@@ -151,7 +154,9 @@ oc_oscore_add_context(size_t device, const char *senderid,
     ctx->ssn += OSCORE_SSN_WRITE_FREQ_K + OSCORE_SSN_PAD_F;
   }
   ctx->cred = cred_entry;
-
+  if (desc) {
+    oc_new_string(&ctx->desc, desc, strlen(desc));
+  }
   size_t id_len = OSCORE_CTXID_LEN;
 
   if (senderid) {

diff --git a/security/oc_oscore_context.h b/security/oc_oscore_context.h
@@ -22,6 +22,7 @@
 #include <stdbool.h>
 #include "oc_uuid.h"
 #include "messaging/coap/oscore_constants.h"
+#include "oc_helpers.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -40,6 +41,7 @@ typedef struct oc_oscore_context_t
   uint64_t ssn;
   uint8_t idctx[OSCORE_IDCTX_LEN];
   uint8_t idctx_len;
+  oc_string_t desc;
   /* Derived parameters */
   /* 128-bit keys */
   uint8_t sendkey[OSCORE_KEY_LEN];
@@ -62,8 +64,8 @@ void oc_oscore_free_context(oc_oscore_context_t *ctx);
 
 oc_oscore_context_t *oc_oscore_add_context(size_t device, const char *senderid,
                                            const char *recipientid,
-                                           uint64_t ssn, void *cred,
-                                           bool from_storage);
+                                           uint64_t ssn, const char *desc,
+                                           void *cred, bool from_storagw);
 
 oc_oscore_context_t *oc_oscore_find_context_by_UUID(size_t device,
                                                     oc_uuid_t *uuid);