Commit 7fc33d50 authored by Sachin Agrawal's avatar Sachin Agrawal

Add check for expired symmetric keys

Iotivity should refuse DTLS session formation with devices whose
credentials have been expired.

Change-Id: Ic4708fbdd50ebc59e57f09c37211e7f36dbcf931
Signed-off-by: default avatarSachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/3015Tested-by: default avatarjenkins-iotivity <jenkins-iotivity@opendaylight.org>
parent 134d7027
......@@ -35,6 +35,7 @@
#include "cainterface.h"
#include "pbkdf2.h"
#include <stdlib.h>
#include "iotvticalendar.h"
#ifdef WITH_ARDUINO
#include <string.h>
#else
......@@ -906,6 +907,20 @@ int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
if ((desc_len == sizeof(cred->subject.id)) &&
(memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
{
/*
* If the credentials are valid for limited time,
* check their expiry.
*/
if (cred->period)
{
if(IOTVTICAL_VALID_ACCESS != IsRequestWithinValidTime(cred->period, NULL))
{
OC_LOG (INFO, TAG, "Credentials are expired.");
ret = -1;
return ret;
}
}
// Convert PSK from Base64 encoding to binary before copying
uint32_t outLen = 0;
B64Result b64Ret = b64Decode(cred->privateData.data,
......
......@@ -45,6 +45,7 @@
"credid": 1,
"sub": "MTExMTExMTExMTExMTExMQ==",
"credtyp": 1,
"prd": "20150630T060000/20990920T220000",
"pvdata": "QUFBQUFBQUFBQUFBQUFBQQ==",
"ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
}]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment