From 630d91564e6bc0b84fa83a77c22ea3a869dcb903 Mon Sep 17 00:00:00 2001 From: Kishen Maloor Date: Mon, 31 Aug 2020 08:27:41 -0400 Subject: [PATCH] OSCORE group contexts:support "desc" property Signed-off-by: Kishen Maloor --- include/oc_obt.h | 2 ++ onboarding_tool/obtmain.c | 8 ++++---- security/oc_cred.c | 19 +++++++++++++------ security/oc_obt.c | 21 ++++++++++++++------- security/oc_obt_internal.h | 3 ++- security/oc_oscore_context.c | 11 ++++++++--- security/oc_oscore_context.h | 6 ++++-- 7 files changed, 47 insertions(+), 23 deletions(-) diff --git a/include/oc_obt.h b/include/oc_obt.h index b5836abffb..b3d0952c10 100644 --- a/include/oc_obt.h +++ b/include/oc_obt.h @@ -623,10 +623,12 @@ int oc_obt_provision_pairwise_oscore_contexts(oc_uuid_t *uuid1, void *data); int oc_obt_provision_client_group_oscore_context(oc_uuid_t *uuid, + const char *desc, oc_obt_device_status_cb_t cb, void *data); int oc_obt_provision_server_group_oscore_context(oc_uuid_t *uuid, + const char *desc, oc_obt_device_status_cb_t cb, void *data); /** diff --git a/onboarding_tool/obtmain.c b/onboarding_tool/obtmain.c index b892599a5a..65b9826b59 100644 --- a/onboarding_tool/obtmain.c +++ b/onboarding_tool/obtmain.c @@ -1242,7 +1242,7 @@ provision_server_group_oscore_context(void) otb_mutex_lock(app_sync_lock); int ret = oc_obt_provision_server_group_oscore_context( - &devices[dev]->uuid, provision_group_context_cb, NULL); + &devices[dev]->uuid, NULL, provision_group_context_cb, NULL); otb_mutex_unlock(app_sync_lock); if (ret >= 0) { PRINT("\nSuccessfully issued request to provision server group OSCORE " @@ -1288,7 +1288,7 @@ provision_client_group_oscore_context(void) otb_mutex_lock(app_sync_lock); int ret = oc_obt_provision_client_group_oscore_context( - &devices[dev]->uuid, provision_group_context_cb, NULL); + &devices[dev]->uuid, NULL, provision_group_context_cb, NULL); otb_mutex_unlock(app_sync_lock); if (ret >= 0) { PRINT("\nSuccessfully issued request to provision client group OSCORE " @@ -1336,7 +1336,7 @@ provision_oscore_contexts(void) PRINT("ERROR: Invalid selection\n"); return; } - PRINT("Select device 2:"); + PRINT("Select device 2: "); SCANF("%d", &c2); if (c2 < 0 || c2 >= i || c2 == c1) { PRINT("ERROR: Invalid selection\n"); @@ -1393,7 +1393,7 @@ provision_credentials(void) PRINT("ERROR: Invalid selection\n"); return; } - PRINT("Select device 2:"); + PRINT("Select device 2: "); SCANF("%d", &c2); if (c2 < 0 || c2 >= i || c2 == c1) { PRINT("ERROR: Invalid selection\n"); diff --git a/security/oc_cred.c b/security/oc_cred.c index 8c40e56422..5b7d81af63 100644 --- a/security/oc_cred.c +++ b/security/oc_cred.c @@ -806,6 +806,9 @@ oc_sec_encode_cred(bool persist, size_t device, oc_interface_mask_t iface_mask, oscore_ctx->recvid, oscore_ctx->recvid_len, hex_str, &hex_str_len); oc_rep_set_text_string(oscore, recipientid, hex_str); } + if (cr->credtype != OC_CREDTYPE_OSCORE) { + oc_rep_set_text_string(oscore, desc, oc_string(oscore_ctx->desc)); + } oc_rep_set_int(oscore, ssn, oscore_ctx->ssn); oc_rep_close_object(creds, oscore); } @@ -995,7 +998,7 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage, size_t publicdata_size = 0; #endif /* OC_PKI */ #ifdef OC_OSCORE - const char *sid = NULL, *rid = NULL; + const char *sid = NULL, *rid = NULL, *desc = NULL; uint64_t ssn = 0; #endif /* OC_OSCORE */ bool owner_cred = false; @@ -1105,7 +1108,7 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage, else if (len == 6 && memcmp(oc_string(cred->name), "oscore", 6) == 0) { got_oscore_ctx = true; - /* senderid, recipientid, ssn */ + /* senderid, recipientid, ssn, desc */ while (data != NULL) { len = oc_string_len(data->name); if (data->type == OC_REP_STRING && len == 8 && @@ -1127,6 +1130,9 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage, return false; } rid = oc_string(data->value.string); + } else if (data->type == OC_REP_STRING && len == 4 && + memcmp(oc_string(data->name), "desc", 4) == 0) { + desc = oc_string(data->value.string); } else if (data->type == OC_REP_INT && len == 3 && memcmp(oc_string(data->name), "ssn", 3) == 0) { if (!from_storage) { @@ -1158,17 +1164,18 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage, #ifdef OC_OSCORE if (credtype == OC_CREDTYPE_OSCORE && - (!sid || !rid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) { + (!sid || !rid || privatedata_size != OSCORE_MASTER_SECRET_LEN || + desc)) { OC_ERR("oc_cred: invalid oscore credential..rejecting"); return false; } if (credtype == OC_CREDTYPE_OSCORE_MCAST_CLIENT && - (!sid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) { + (!sid || rid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) { OC_ERR("oc_cred: invalid oscore credential..rejecting"); return false; } if (credtype == OC_CREDTYPE_OSCORE_MCAST_SERVER && - (!rid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) { + (!rid || sid || privatedata_size != OSCORE_MASTER_SECRET_LEN)) { OC_ERR("oc_cred: invalid oscore credential..rejecting"); return false; } @@ -1199,7 +1206,7 @@ oc_sec_decode_cred(oc_rep_t *rep, oc_sec_cred_t **owner, bool from_storage, #ifdef OC_OSCORE if (sid || rid) { oc_oscore_context_t *oscore_ctx = oc_oscore_add_context( - device, sid, rid, ssn, cr, from_storage); + device, sid, rid, ssn, desc, cr, from_storage); if (!oscore_ctx) { return false; } diff --git a/security/oc_obt.c b/security/oc_obt.c index 480ba356f3..17ceaf0c40 100644 --- a/security/oc_obt.c +++ b/security/oc_obt.c @@ -25,8 +25,8 @@ check oc_config.h and make sure OC_STORAGE is defined if OC_SECURITY is defined. #endif -#include "oc_obt.h" #include "oc_core_res.h" +#include "oc_obt.h" #include "security/oc_acl_internal.h" #include "security/oc_certs.h" #include "security/oc_cred_internal.h" @@ -34,9 +34,9 @@ check oc_config.h and make sure OC_STORAGE is defined if OC_SECURITY is defined. #include "security/oc_keypair.h" #include "security/oc_obt_internal.h" #include "security/oc_pstat.h" +#include "security/oc_sdi.h" #include "security/oc_store.h" #include "security/oc_tls.h" -#include "security/oc_sdi.h" #include OC_MEMB(oc_discovery_s, oc_discovery_cb_t, 1); @@ -1203,6 +1203,9 @@ free_oscoregroupprov_state(oc_oscoregroupprov_ctx_t *request, int status) if (request->switch_dos) { free_switch_dos_state(request->switch_dos); } + if (oc_string_len(request->desc) > 0) { + oc_free_string(&request->desc); + } request->cb.cb(&request->device->uuid, status, request->cb.data); oc_memb_free(&oc_oscoregroupprov_ctx_m, request); } @@ -1291,6 +1294,7 @@ deviceoscoregroup_RFPRO(int status, void *data) } else { oc_rep_set_text_string(oscore, recipientid, hex_str); } + oc_rep_set_text_string(oscore, desc, oc_string(p->desc)); oc_rep_close_object(creds, oscore); oc_rep_object_array_end_item(creds); oc_rep_close_array(root, creds); @@ -1305,7 +1309,7 @@ deviceoscoregroup_RFPRO(int status, void *data) } static int -obt_provision_group_oscore_context(oc_uuid_t *uuid, +obt_provision_group_oscore_context(oc_uuid_t *uuid, const char *desc, oc_obt_device_status_cb_t cb, oc_sec_credtype_t type, void *data) { @@ -1327,6 +1331,9 @@ obt_provision_group_oscore_context(oc_uuid_t *uuid, p->cb.data = data; p->device = device; p->type = type; + if (desc) { + oc_new_string(&p->desc, desc, strlen(desc)); + } oc_tls_select_psk_ciphersuite(); @@ -1342,21 +1349,21 @@ obt_provision_group_oscore_context(oc_uuid_t *uuid, } int -oc_obt_provision_client_group_oscore_context(oc_uuid_t *uuid, +oc_obt_provision_client_group_oscore_context(oc_uuid_t *uuid, const char *desc, oc_obt_device_status_cb_t cb, void *data) { return obt_provision_group_oscore_context( - uuid, cb, OC_CREDTYPE_OSCORE_MCAST_CLIENT, data); + uuid, desc, cb, OC_CREDTYPE_OSCORE_MCAST_CLIENT, data); } int -oc_obt_provision_server_group_oscore_context(oc_uuid_t *uuid, +oc_obt_provision_server_group_oscore_context(oc_uuid_t *uuid, const char *desc, oc_obt_device_status_cb_t cb, void *data) { return obt_provision_group_oscore_context( - uuid, cb, OC_CREDTYPE_OSCORE_MCAST_SERVER, data); + uuid, desc, cb, OC_CREDTYPE_OSCORE_MCAST_SERVER, data); } /* End of provision group OSCORE contexts */ #endif /* OC_OSCORE */ diff --git a/security/oc_obt_internal.h b/security/oc_obt_internal.h index 72b5c180a1..b436ea1ed9 100644 --- a/security/oc_obt_internal.h +++ b/security/oc_obt_internal.h @@ -17,12 +17,12 @@ #ifndef OC_OBT_INTERNAL_H #define OC_OBT_INTERNAL_H +#include "messaging/coap/oscore_constants.h" #include "oc_api.h" #include "oc_endpoint.h" #include "oc_obt.h" #include "oc_uuid.h" #include "security/oc_pstat.h" -#include "messaging/coap/oscore_constants.h" #include "util/oc_list.h" #ifdef __cplusplus @@ -127,6 +127,7 @@ typedef struct oc_oscoregroupprov_ctx_t struct oc_oscoregroupprov_ctx_t *next; oc_device_status_cb_t cb; oc_device_t *device; + oc_string_t desc; oc_switch_dos_ctx_t *switch_dos; oc_sec_credtype_t type; } oc_oscoregroupprov_ctx_t; diff --git a/security/oc_oscore_context.c b/security/oc_oscore_context.c index 959f1c96c8..4b70b83a1e 100644 --- a/security/oc_oscore_context.c +++ b/security/oc_oscore_context.c @@ -126,6 +126,9 @@ void oc_oscore_free_context(oc_oscore_context_t *ctx) { if (ctx) { + if (ctx->desc.size > 0) { + oc_free_string(&ctx->desc); + } oc_list_remove(contexts, ctx); oc_memb_free(&ctx_s, ctx); } @@ -133,8 +136,8 @@ oc_oscore_free_context(oc_oscore_context_t *ctx) oc_oscore_context_t * oc_oscore_add_context(size_t device, const char *senderid, - const char *recipientid, uint64_t ssn, void *cred_entry, - bool from_storage) + const char *recipientid, uint64_t ssn, const char *desc, + void *cred_entry, bool from_storage) { oc_oscore_context_t *ctx = (oc_oscore_context_t *)oc_memb_alloc(&ctx_s); @@ -151,7 +154,9 @@ oc_oscore_add_context(size_t device, const char *senderid, ctx->ssn += OSCORE_SSN_WRITE_FREQ_K + OSCORE_SSN_PAD_F; } ctx->cred = cred_entry; - + if (desc) { + oc_new_string(&ctx->desc, desc, strlen(desc)); + } size_t id_len = OSCORE_CTXID_LEN; if (senderid) { diff --git a/security/oc_oscore_context.h b/security/oc_oscore_context.h index 22d3167bb9..3621173f29 100644 --- a/security/oc_oscore_context.h +++ b/security/oc_oscore_context.h @@ -22,6 +22,7 @@ #include #include "oc_uuid.h" #include "messaging/coap/oscore_constants.h" +#include "oc_helpers.h" #ifdef __cplusplus extern "C" { @@ -40,6 +41,7 @@ typedef struct oc_oscore_context_t uint64_t ssn; uint8_t idctx[OSCORE_IDCTX_LEN]; uint8_t idctx_len; + oc_string_t desc; /* Derived parameters */ /* 128-bit keys */ uint8_t sendkey[OSCORE_KEY_LEN]; @@ -62,8 +64,8 @@ void oc_oscore_free_context(oc_oscore_context_t *ctx); oc_oscore_context_t *oc_oscore_add_context(size_t device, const char *senderid, const char *recipientid, - uint64_t ssn, void *cred, - bool from_storage); + uint64_t ssn, const char *desc, + void *cred, bool from_storagw); oc_oscore_context_t *oc_oscore_find_context_by_UUID(size_t device, oc_uuid_t *uuid);