- 26 Oct, 2017 2 commits
-
-
Dan Mihai authored
mbedtls_pk_parse_key was not able to parse the key converted to DER by GetDerKey(). It encountered in the DER an unexpected key format version. However, mbedtls_pk_parse_key is able to parse correctly the original PEM format of the same key. This patch allows CT1.7.4.5 to establish a connection to an IoTivity server. This test case still fails later on - to be investigated. Change-Id: I933ea9d3b761ed159faa2c4f371890e477caf23f Signed-off-by:Dan Mihai <Daniel.Mihai@microsoft.com>
-
Nathan Heldt-Sheller authored
These functions were applied at incorrect times (e.g. if a normal Update was rejected due to read-only properties during OTM, the entire system would "restore" to a wrong state). They were also wrong, in that they restored some values, left others unchanged, and set others to wrong values (e.g. presumed JustWorks OTM). Also, the duplicate message logic was not being used to any consistent effect and causing warnings. It's also completely optional and so was removed. Change-Id: I23d23f946fbafe02cdc2d2ac6ac46abcedd1f149 Signed-off-by:Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
-
- 25 Oct, 2017 1 commit
-
-
Nathan Heldt-Sheller authored
See JIRA IOT-2830 for more information. Change-Id: If043f6705ccdede4630b469c13e1933a2b53af16 Signed-off-by:
-
- 19 Oct, 2017 1 commit
-
-
George Nash authoredWhen built with build option SECURED=0 some functions are no longer used due to preprocessor macros. The functions WithinBounds and IsEmptyCred were moved within the if defined(__WITH_DTLS__) || defined(__WITH_TLS__) macro Bug: https://jira.iotivity.org/browse/IOT-2539 Change-Id: I9c0e3fa57dee5531bd9661216f2b5160fb002f33 Signed-off-by:
George Nash <george.nash@intel.com>
-
- 17 Oct, 2017 1 commit
-
-
Nathan Heldt-Sheller authored
Fix a few log messages that are incorrectly logged as ERROR type. Change-Id: I417b148840fbc6c6df641b0101fdfc3233f8b511 Signed-off-by:
-
- 16 Oct, 2017 1 commit
-
-
Aleksey authored
Fixing usage rownerid. Change-Id: I89f65d4f5ab404d2766fa179c26948439c16a686 Signed-off-by:
Oleksandr Dmytrenko <o.dmytrenko@samsung.com> Signed-off-by:
Aleksey Volkov <a.volkov@samsung.com>
-
- 12 Oct, 2017 1 commit
-
-
George Nash authored
credresource.c: Removed the [-Wunused-const-variable=] warning The CRED_EMPTY_ROOT_MAP_SIZE was used in the past but is no longer referenced anywhere in the code. provisioningclient.c: Removed the [-Wunused-const-variable=] warning The SUPPORTED_PRMS array was used in the past but is no longer referenced anywhere in the code. ocserver.cpp Removed the [-Wunused-variable] warning Looking at the logs a instance that gDeviceUUID was used could not be found at any point in time. stacktest.cpp: Removed the [-Wunused-variable] warnings Variables peer, pinNumber, and pmSel were only used in Direct Pairing related unit tests which were removed as part of IOT-2306. provisioningclient.cpp: Removed the [-Wunused-function] warning The InputPdACL function was only used by the Direct Pairing code that was removed as part of IOT-2306. Bug: https://jira.iotivity.org/browse/IOT-2539 Bug: https://jira.iotivity.org/browse/IOT-2306 Change-Id: I80f52619a04ee7eafc83b79b886c1121f61a6ba1 Signed-off-by:
George Nash <george.nash@intel.com>
-
- 11 Oct, 2017 1 commit
-
-
Aleksey authored
This patch allows /cred updates originating from internal stack. Change-Id: If9dec4776770d96f740118b4dc2ef595c9433e8b Signed-off-by:
-
- 04 Oct, 2017 2 commits
-
-
Aleksey authored
This patch fixes `4.00 Bad Request` error on /oic/sec/cred CON UPDATE request in CT1.7.8.11 This adds an additional check of the incoming credential subjectid for OwnerPSK generation. Before, credresource tried to generate owner psk for any subjectid in case if doxm->owner value already saved, but doxm->owned flag not yet set in true. This led to an error at the POST handler return. Change-Id: If2b683ee417bb058f954734ff0c1b64e145c9a6b Signed-off-by: -
Aleksey authored
This change adds /pstat.dos state check to protect credentials modifications in read-only states. Change-Id: I9a3402e458db8c5fa62a5a0fa0e08c1dd432ceaf Signed-off-by:
-
- 27 Sep, 2017 1 commit
-
-
Steven Saunders authored
to VERIFY_CBOR_SUCCESS_OR_OUT_OF_MEMORY Change-Id: I5ee8795a21d8d84708737f83957fe260cf1234d2 Signed-off-by:Steven Saunders <s.saunders-contractor@cablelabs.com>
-
- 14 Sep, 2017 1 commit
-
-
Aleksey authored
This change revert some lines from https://gerrit.iotivity.org/gerrit/22153 This is workaround to keep compatibility with other modules which use credentials with rownerId inside. Anyway, this behavior should be refactored in next releases. Change-Id: Ib338ba1e41366c40f878743080d9271446d95fff Signed-off-by:
-
- 08 Sep, 2017 1 commit
-
-
Alex Kelley authored
Previously we expected the leaf certificate to be present in public data and the chain of intermediate CAs to be present in optional data. After discussion it was agreed to update IoTivity to expect the entire chain of certificates to be present in public data. Change-Id: Ib4a53b31451205da4b06c41404b5088568844825 Signed-off-by:Alex Kelley <alexke@microsoft.com>
-
- 07 Sep, 2017 1 commit
-
-
Aleksey authored
This changes includes some refactoring of credential resource design: each credential structure instance has own rowner id value and it was changed to common rowner value. IOT-2641 depends on it. Tested with CT1.7.9.3 and 1.7.9.1, 1.7.4.1 json2cbor and svrdbeditor sources should be fixed accordingly by their owners Change-Id: I50afae10ac9f702c86d321dcf758525968f7bc31 Signed-off-by:
-
- 28 Aug, 2017 1 commit
-
-
George Nash authored
The CompareCredential function is unused. Any code that is unused is not maintained. This removes the unused function. If the CompareCredential is needed in the future it can be restored by reverting this commit. Bug: https://jira.iotivity.org/browse/IOT-2539 Change-Id: Ib5c1fee9a2bd90db3b55066a6e3b057760199b68 Signed-off-by:
George Nash <george.nash@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/21747Tested-by: jenkins-iotivity <jenkins@iotivity.org> Reviewed-by:
Kevin Kane <kkane@microsoft.com> Reviewed-by:
Mats Wichmann <mats@linux.com> Reviewed-by:
Rick Bell <richard.s.bell@intel.com> (cherry picked from commit fa9191dc)
-
- 22 Aug, 2017 1 commit
-
-
Dan Mihai authored
Add null terminator at the end of the cert, required by mbedtls_x509_crt_parse. This patch allows CT1.7.8.5 to make progress with its DTLS handshake. Handshake fails later on, for different reasons, being investigated. Change-Id: Iebfcf17be2661f080499961fbd259cef3b1c06d8 Signed-off-by:
Way Vadhanasin <wayvad@microsoft.com> Tested-by:
-
- 18 Aug, 2017 3 commits
-
-
Dan Mihai authored
GetCaCert must pick up this cert from the publicData of the credential sent by CTT/OBT, rather than optionalData. This behavior is clarified by OCF Security WG CR1938. This patch allows CT1.7.8.5: DTLS handshake to make progress. The handshake still fails later on, for different reasons that are being investigated. Change-Id: I76962e9f116ad7acb80a6da6c85fb089ebba3481 https://jira.iotivity.org/browse/IOT-2621Signed-off-by:
-
Dan Mihai authored
mbedtls_pem_read_buffer doc specifies that the data must be null terminated. This patch allows CT1.7.8.5 to make progress with DTLS handshake. The handshake still fails later on, due to different reasons that are being investigated. Change-Id: I46c89f8cb0eec6156202a9ae3ef3e7b73c85a0f5 Signed-off-by:
-
Oleksandr Dmytrenko authored
child from [IOT-2263]: 'dos' feature enabling 4) CERT Change-Id: I0006b0dd357023a3892a0fb6385157cd66274ab1 Signed-off-by:
Oleh Vasyliev <o.vasyliev@samsung.com> Reviewed-by:
Randeep Singh <randeep.s@samsung.com>
-
- 15 Aug, 2017 1 commit
-
-
Dan Mihai authored
CBORPayloadToCred returns a list of creds, but list entries other than the head were being ignored (and leaked) by HandlePostRequest. Also, go back to LL_APPEND in AddCredential(). Commit 0d511009 changed that recently to LL_PREPEND, but the gCred->rownerID update below LL_PREPEND dosn't make sense anymore (because gCred points to newCred). The remaining gCred->rownerID updates still look fragile, so it's very possible those still don't work well. This patch allows CT1.7.8.5 to find a common ciphersuite with the target device, when trying to connect using cert credentials. The target device did not have proper cert creds before this patch - and therefore the ciphersuites did not match. CT1.7.8.5 still fails later on, during DTLS handshake - to be investigated later. Change-Id: I8205925ca5d30619fdd306847847026a32c8b749 Signed-off-by:
-
- 28 Jul, 2017 1 commit
-
-
Andrii Shtompel authored
Change-Id: If167119a1f5c3e49ebc0e01600adb992e79ddbe6 Signed-off-by:
Andrii Shtompel <a.shtompel@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/21595Tested-by:
-
- 20 Jul, 2017 1 commit
-
-
Andrii Shtompel authored
Verified with CTT 1.5.12 test CT 1.7.4.2 - PASSED Change-Id: Iaf734e89d4bf5521814a089145d54702b215324e Signed-off-by:
-
- 19 Jul, 2017 1 commit
-
-
Andrii Shtompel authored
Verified using CTT 1.5.11 test CT1.7.9.3 DELETE delete all credentials return PASSED Change-Id: Ie52c6af9fb9205a650b766acf0084e0ac2dcdcf1 Signed-off-by:
Oleksii Beketov <ol.beketov@samsung.com> Reviewed-by:
-
- 15 Jun, 2017 1 commit
-
-
Nathan Heldt-Sheller authored
The CTT was posting an Update to /acl2 that included only rowneruuid in the payload. The IUT was rejecting because it could not determine that the payload was /acl2 (vs. /acl v1). This is wrong behavior by IUT because such a payload is actually valid /acl2 and/or /acl v1 payload. This patch changes the logic so that it only rejects an Update based on version if it can determine it is an incompatible version - in this case, v1 - and accepts it otherwise. A similar problem exists in the /cred Update handler, which (in a particular state) treats a payload containing just rowneruuid as a failed attempt to Update the Owner credential. This patch changes that logic too, to no longer treat a "NO_SECURITY_MODE" credType as an Owner credential. Change-Id: Ica9bde112cb87bd6ad6ee014cf7526928545d786 Signed-off-by:
Mushfiqul Islam <i.mushfiq@samsung.com> Reviewed-by:
-
- 21 May, 2017 1 commit
-
-
Dmitriy Zhuravlev authored
Fix compiler warnings in credresource.c Change-Id: Ibf6d9a115771c444e656329950a8f5c88e9f5ff6 Signed-off-by:
Dmitriy Zhuravlev <d.zhuravlev@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/20195Reviewed-by:
-
- 20 May, 2017 3 commits
-
-
Dmitriy Zhuravlev authored
Updates provisioning flow for: 1) Trust Chain 2) PSK 3) ACL Change-Id: Id1824b3ef7974658857a203125d36ca25a653add Signed-off-by:
-
ol.beketov authored
Fix for manufacturer certificate ownership transfer Patch 4: remove workaround and fixed original issue for certOTM Change-Id: I44bcc2c09f75c3170644e48fc297c8ac323b7405 Signed-off-by:
Jongsung Lee <js126.lee@samsung.com> Signed-off-by:
dongik Lee <dongik.lee@samsung.com> Reviewed-by:
-
ol.beketov authored
Fix return value in GetDtlsPskCredentials() from credresource.c missed in patchset #19785 Change-Id: Id79111409f574ce49f037adb6602a4195666db0c Signed-off-by:
-
- 18 May, 2017 2 commits
-
-
ol.beketov authored
Change-Id: Ie1b99a3815c8126e35576d4c3daa91c73ad66c6d Signed-off-by:
Phil Coval <philippe.coval@osg.samsung.com> Reviewed-by:
-
ol.beketov authored
Change-Id: I539a8f21fd149b7d468d96b52e7bcadc964f6931 Signed-off-by:
-
- 15 May, 2017 2 commits
-
-
Dmitriy Zhuravlev authored
Workaround to pass Easy-Setup samples Change-Id: Ib62f8de9f8a039ec9c6d1f7e6eb0a2f5544a905c Signed-off-by:
Jihun Ha <jihun.ha@samsung.com> Tested-by:
Uze Choi <uzchoi@samsung.com>
-
Dmitriy Zhuravlev authored
Allow to load PSK suites in case of empty deviceId Change-Id: Idaf55bb3624c2f1d1a1825b0cdcaaa1bdd7d5caf Signed-off-by:
Senthil Kumar G S <senthil.gs@samsung.com> Tested-by:
-
- 09 May, 2017 1 commit
-
-
Alex Kelley authored
These changes do the following: 1. Pass additional information in the request to add a Preconfigured Pin to identify it as an update to a Preconfigured Pin credential. 2. Add additional checks to determine if the credential being updated is a Preconfigured Pin credential. 3. Remove an existing Preconfigured Pin credential (if it exists) before adding a new one. Change-Id: I75bfc8a55e25a2da0ec366fa6628e98430c29d00 Signed-off-by:
-
- 04 May, 2017 1 commit
-
-
Nathan Heldt-Sheller authored
Implementation of CR 22 feature to deny UPDATE to /cred if any Property in the POST representation is read-only in the current /pstat.dos.s state. Change-Id: I2acb34b8ceff1eeba0a4b12101fa60d7c2dee9dc Signed-off-by:
-
- 25 Apr, 2017 1 commit
-
-
Nathan Heldt-Sheller authored
Implements CR1616 which requires all SVRs to be marked "Discoverable", and also to expose a Secure Endpoint. Change-Id: I0cae25b0ac83ac194fd03ed45245bcb9afc98eeb Signed-off-by:
-
- 18 Apr, 2017 2 commits
-
-
Nathan Heldt-Sheller authored
Implementation of CR 32 "Device Offboarding and Soft Reset". Note that there are a handful of minor updates still to be done after the provisioning tool is fully updated, but this can be done during QA cycle after merge to 1.3-rel. See [IOT-2023]. Note also that the unit tests are not written yet; however, the critical onboarding path from RFOTM->RFPRO->RFNOP has been verified using the provisioning tool sample app. See [IOT-2024]. patch set 2,3: rebase patch set 4,5: address review comments patch set 6,7: fix jenkins issues patch set 8: rebase patch set 9: fix jenkins issues patch set 10: rebase patsh set 11: address review comments Change-Id: I7dc8adb5ad90bd168f3ab485461568b9ab7805e0 Signed-off-by:
-
Greg Zaverucha authored
If a role certificate is added a second time to the roles resource, do not add it again. Change-Id: Ifce27b93404216fb2bbac5b02aeb414a75f0398c Signed-off-by:
Greg Zaverucha <gregz@microsoft.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/18831Reviewed-by:
-
- 07 Apr, 2017 2 commits
-
-
Kevin Kane authored
Implement roleId property of an oic.sec.cred object. Fix error path bugs in CRED<->CBOR code to fail properly if certain serialization subroutines fail; error codes were being ignored. Fix error path memory leaks. Also fix the ACL/ACL2<->CBOR code to use the correct JSON field names per the schema. Fix error path memory leaks. Change-Id: Ie9aa8baba5903c482acb3adc6ef617a1ced7db31 Signed-off-by:
Dave Thaler <dthaler@microsoft.com> Reviewed-by:
-
Greg Zaverucha authored
GetCredEntryByCredId was using WITH_X509 instead of WITH_DTLS, causing a block of code to not be included in certain build configurations. Change-Id: I16c05f38c7d2e317a727d6480289151e30229d71 Signed-off-by:
-
- 04 Apr, 2017 1 commit
-
-
Andrii Shtompel authored
Checking identity added to avoid including PSK suite if no appropriate PSK in SVR DB. Change-Id: I118c4b5864929cc8fdd0597af855f3c06b9332dc Signed-off-by:
-
