- 18 Apr, 2017 1 commit
-
-
Greg Zaverucha authored
If a role certificate is added a second time to the roles resource, do not add it again. Change-Id: Ifce27b93404216fb2bbac5b02aeb414a75f0398c Signed-off-by:
Greg Zaverucha <gregz@microsoft.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/18831Reviewed-by:
Kevin Kane <kkane@microsoft.com> Tested-by:
jenkins-iotivity <jenkins@iotivity.org>
-
- 07 Apr, 2017 2 commits
-
-
Kevin Kane authored
Implement roleId property of an oic.sec.cred object. Fix error path bugs in CRED<->CBOR code to fail properly if certain serialization subroutines fail; error codes were being ignored. Fix error path memory leaks. Also fix the ACL/ACL2<->CBOR code to use the correct JSON field names per the schema. Fix error path memory leaks. Change-Id: Ie9aa8baba5903c482acb3adc6ef617a1ced7db31 Signed-off-by:
Alex Kelley <alexke@microsoft.com> Tested-by:
Dave Thaler <dthaler@microsoft.com> Reviewed-by:
-
Greg Zaverucha authored
GetCredEntryByCredId was using WITH_X509 instead of WITH_DTLS, causing a block of code to not be included in certain build configurations. Change-Id: I16c05f38c7d2e317a727d6480289151e30229d71 Signed-off-by:
Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
-
- 04 Apr, 2017 1 commit
-
-
Andrii Shtompel authored
Checking identity added to avoid including PSK suite if no appropriate PSK in SVR DB. Change-Id: I118c4b5864929cc8fdd0597af855f3c06b9332dc Signed-off-by:
Dmitriy Zhuravlev <d.zhuravlev@samsung.com> Signed-off-by:
Andrii Shtompel <a.shtompel@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/16731Tested-by:
Oleksii Beketov <ol.beketov@samsung.com> Reviewed-by:
Randeep Singh <randeep.s@samsung.com>
-
- 31 Mar, 2017 1 commit
-
-
Greg Zaverucha authored
Add end-to-end testing of role certificate scenario: - provision role certs - test role-based ACLs provisioning and enforcement - test assertion of role certificates Fix bugs and add new functions as necessary. Added the ROLE_CERT usage to distinguish role certs (which can't be used for TLS) from identity certs. Previously they were both saved as PRIMARY_CERT. Some small changes to save and retrieve role certificates locally. Add functionality to assert roles (POST the certs to /oic/sec/roles). Change-Id: I9080e0ca6b0809608621eb8b23dd4bbbfbbb176c Signed-off-by:
-
- 29 Mar, 2017 1 commit
-
-
Greg Zaverucha authored
Add unit test to exercise certificate provisioning and use (previously only provisioning was tested). Fixed bugs in credresource and ca_adapter_net_ssl. Configure mbedtls to use OCF certificate EKUs. Added more logging in many places. Exposed API to remove credentials locally for use by test code. Change-Id: Ia55c7f3a7518f12c99f60280062f156954bdf4ac Signed-off-by:
-
- 23 Mar, 2017 1 commit
-
-
Kevin Kane authored
Change cred resource to always provide own certificate as a PEM string, and no longer require ParseChain to heuristically parse a mixed bag of DER and PEM certs. Also, go back to having ParseChain return an int rather than a size_t which was changed during /W4 warning cleanup; it must be able to return negative values to indicate errors. Change-Id: Id36962ed580eb3bccc110aac0350349b05674ee7 Signed-off-by:
-
- 22 Mar, 2017 1 commit
-
-
js126.lee authored
Issue : If the first character of deviceuuid generated ramdomly is *(2a) in PT, subjectuuid of cred is set to * wrongly instead of actual deviceuuid during generating cred payload during OT. Change-Id: Idc6587d71456a1eb7a816bd083bfcbb5c94e9c34 Signed-off-by:js126.lee <js126.lee@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/18041Tested-by:
-
- 10 Mar, 2017 1 commit
-
-
Kevin Kane authored
Also change "ret == 0" to "0 == ret" for IOT-1870; opened from a previous code review. Change-Id: I829192698b9a8fed920e865f9cd4c2b968f8c951 Signed-off-by:
Way Vadhanasin <wayvad@microsoft.com> Reviewed-by:
Dan Mihai <Daniel.Mihai@microsoft.com> Tested-by:
-
- 09 Mar, 2017 2 commits
-
-
Greg Zaverucha authored
- Shell script to create IoTivity identity certificates using OpenSSL command line tools. - Partial unit test for providing credentails to the CA adapter layer. Tests loading of PEM cert and key. - Misc changes and fixes to the cred resource - updated provisioning client to provision certs - helper code to create certs from CSRs Change-Id: I7d3ab4810c7f7d6247ed90420cb97cbdb5f829a4 Signed-off-by:
-
Oleksii Beketov authored
Some minor defects (NULL checks and double frees) fixed. Change-Id: I066a238a9379d45d1f377cc5a144c0bc0a97ccb7 Signed-off-by:
-
- 08 Mar, 2017 1 commit
-
-
Alex Kelley authored
Change-Id: I70ff36b675418f7e441b1af594d922c231430918 Signed-off-by:
-
- 02 Mar, 2017 1 commit
-
-
Jongmin Choi authored
SetupCipher() modified to support multiple ciphersuites rather than using a fixed one Patch #1: initial upload Patch #2: Rebased and SetupCipher() related changes applied Patch #3: Rebased Change-Id: I6cb57605984c273bcdb98c5130da9a9995ae50db Signed-off-by:
Jongmin Choi <jminl.choi@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/16251Tested-by:
-
- 01 Mar, 2017 1 commit
-
-
Pawel Winogrodzki authored
A fix for the broken Windows build, if run.bat was used with the "-logging" option. Change-Id: Ic8d506535889c9dd948310461d6b60516b597096 Signed-off-by:
Pawel Winogrodzki <pawelwi@microsoft.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/17545Tested-by:
Mike Fenelon <mike.fenelon@microsoft.com> Reviewed-by:
-
- 28 Feb, 2017 1 commit
-
-
Alex Kelley authored
These changes include the following: - Prepare resource/csdk/security/SConscript to enable /W4. - Fix W4 warnings under resource/csdk/security/src - Fix W4 warnings under resource/csdk/security/tool Changes to resource/csdk/security/provisioning will come in another review. Change-Id: I3a26fa952103b3b218569155cd1341aa696944e1 Signed-off-by:
-
- 23 Feb, 2017 2 commits
-
-
Philippe Coval authored
[Chul Lee] Remove tinydtls library [Philippe Coval] Ported from 1.2-rel branch to master, and removed presence is other SConscript. Conflicts: service/coap-http-proxy/unittests/SConscript resource/csdk/SConscript resource/csdk/connectivity/src/SConscript resource/csdk/stack/test/SConscript resource/csdk/security/src/doxmresource.c Change-Id: I78f470af822587f2cd50eac6e9b1fb4ff5b87219 Signed-off-by:
Chul Lee <chuls.lee@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/16137Tested-by:
jenkins-iotivity <jenkins-iotivity@opendaylight.org> Reviewed-by:
Philippe Coval <philippe.coval@osg.samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/16941Tested-by:
Ashwini Kumar <k.ashwini@samsung.com> Reviewed-by:
Ziran Sun <ziran.sun@samsung.com>
-
Kevin Kane authored
Change-Id: I04a98127e2414c2e3c35f00c4d702bb228fb7dec Signed-off-by:
-
- 21 Feb, 2017 1 commit
-
-
Dan Mihai authored
Restore the error code expected by the unit test, recently modified by change df063552. Change-Id: If5393030a4019485aad5dc0c13159b5b895dc2f8 Signed-off-by:
-
- 20 Feb, 2017 1 commit
-
-
Pawel Winogrodzki authored
Removing the /W3 warnings and adding a /WX option to prevent new ones from being added inside the resource/csdk/stack/ directory. Change-Id: I59190795483086a9f5a4f3293091e3a84e7013a7 Signed-off-by:
-
- 16 Feb, 2017 1 commit
-
-
js126.lee authored
Issue : If deviceuuid is null and required pre-install certificate in SVR DB, it is impossible to set a subject of SIGNED_ASYMMETRIC_KEY type (certificate). According to OCF Security Spec and Raml, subject of Cred allows UUID format only, so CTT decides a failure in case of wildcard(*). But, it is not clear how to set a subject of cred in case of SIGNED_ASYMMETRIC_KEY on spec. So, this patch set it with own deviceuuid in case of NULL or wildcard, because own deviceuuid is only UUID a device knows at all time. Patch 1,2: Upload patch Patch 3 : Set subject of cred with own deviceuuid in case of NULL or wildcard Patch 4: Apply review comment Patch 5-8 : Re-trigger jenkins build Change-Id: Idb09357a821be81bb9f05489ebb40403e66c3514 Signed-off-by:
-
- 01 Feb, 2017 2 commits
-
-
Andrii Shtompel authored
Change-Id: Ibebbad962e6c9626f8387e16aabd558f496de667 Signed-off-by:
-
Pawel Winogrodzki authored
I'm also refactoring some SConscript files in order to enable /W3 and /WX only for specific directories and I'm adding _CRT_NONSTDC_NO_WARNINGS to disable warnings about issues we cannot change anyway, because the code has to build for multiple platforms. Change-Id: Ifef66b6c59540df2ceb40a54af47865d56a302d7 Signed-off-by:
-
- 30 Jan, 2017 1 commit
-
-
George Nash authoredRemoved the CBOR_MAX_SIZE const variable. In other parts of the code the CBOR_MAX_SIZE is used to check if realocation can be used to resolve an out-of-memory cborEncoderResult. In credresource.c it is not used and can be removed. Change-Id: I967b84375dd7f3d3532f191aa503d2d80542ffb1 Signed-off-by:
George Nash <george.nash@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/16805Tested-by:
-
- 19 Jan, 2017 1 commit
-
-
Oleksii Beketov authored
1. Suites added: TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_256 0xC027 2. Removed: TLS_RSA_WITH_AES_256_CBC_SHA 0x35 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 3. SSL code refactored 4. Added unit tests for new cipher suites 5. CAsslGenerateOwnerPsk modified to support all suites Change-Id: If22925d175751a08121c66b90cc2907dd27ebee5 Signed-off-by:
-
- 17 Jan, 2017 1 commit
-
-
Andrii Shtompel authored
Change-Id: Id5bfd6b1a08c295b49981bd7b938ec5d23522db4 Signed-off-by:
-
- 09 Jan, 2017 1 commit
-
-
Chul Lee authored
Patch #1 : initial upload. Patch #2 : retrigger. Patch #3~4 : update according to comments. Patch #5 : rebase Change-Id: Ie5009c484f50d40c8a2e2f9ac7c361cd9a712d93 Signed-off-by:
-
- 02 Jan, 2017 1 commit
-
-
js126.lee authored
Accoding to ocf security spec, revstat is mandatory property. "revstat": { "type": "boolean", "description": "Revocation status flag - true = revoked, false = not revoked" Patch 1: upload patch. Patch 2: update json2cbor.c to convert revstat Change-Id: Ifbb7743f8321cb8afbf69cfa307694598e24ea6e Signed-off-by:
-
- 08 Dec, 2016 2 commits
-
-
George Nash authored
Change-Id: I16278adc2a1864ec1e95886014a6c6746d94e661 Signed-off-by:
George Nash <george.nash@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/15203Reviewed-by: Larry Sachs <larry.j.sachs@intel.com> Tested-by:
-
Chul Lee authored
Previously, If owner(PT) tried DTLS handshake while MOT, owner's uuid added as subowner. This patch will fix it. Change-Id: I6a062d89a630b5582330ac0461e72e62c1e08376 Signed-off-by:
Jihun Ha <jihun.ha@samsung.com> Reviewed-by:
dongik Lee <dongik.lee@samsung.com> Reviewed-by:
-
- 07 Dec, 2016 1 commit
-
-
Kevin Kane authored
The Windows platform provides a way to encrypt and decrypt data with system-managed keys. Since the cred resource contains sensitive symmetric and private keys, keep this resource encrypted on disk. Change-Id: I88f3cab76f2e782ce778bc64830491822b7d9842 Signed-off-by:
-
- 05 Dec, 2016 1 commit
-
-
saurabh.s9 authored
Patch #11 Fix Review comments Changed MACRO _ENABLE_MULTIPLE_OWNER_ to MULTIPLE_OWNER and this change propagated upto C-API's. Change-Id: I55305d5cf9210b25c68f0eaf04c1362111735979 Signed-off-by:
saurabh.s9 <saurabh.s9@samsung.com> Signed-off-by:
Sandeep Sharma <sandeep.s9@samsung.com> Signed-off-by:
-
- 28 Nov, 2016 1 commit
-
-
Oleksandr Dmytrenko authored
Change-Id: Iaf883a1a63a3b221bbcfe9f13bb4856d676de9fe Signed-off-by:
Oleksandr Dmytrenko <o.dmytrenko@samsung.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/14511Tested-by:
Uze Choi <uzchoi@samsung.com> Reviewed-by:
-
- 18 Nov, 2016 2 commits
-
-
David Antler authored
Change-Id: I9cc9019fb90d38913151b9d6678f359ca35c06a4 Signed-off-by:
David Antler <david.a.antler@intel.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/13567Tested-by:
-
Kevin Kane authored
Owner PSK secret was cleared too early; only clear after all uses are finished. Change-Id: Ie39990a5aabfcd71b8370103b7182cb76cb09f40 Signed-off-by:
-
- 17 Nov, 2016 2 commits
-
-
Kevin Kane authored
Add an OICClearMemory helper function, and use it to securely clear buffers that contain keys and other secret data that shouldn't be left in the stack or on the heap. Rename privateKey to g_privateKey in csr.c. Fix a couple of leaked payloads on error return paths in secureresourceprovider.c (which will also now zero their contents). Change-Id: If79c840ad758be2a7ca1bf7e6ccccb6dbdc39cf2 Signed-off-by:
-
js126.lee authored
https://jira.iotivity.org/browse/IOT-1550 issue : Rowner of cred is reset, when saving Cert. chain using SRPSaveTrustCertChain and SRPSaveOwnCertChain. Patch 1: upload patch Patch 2: rebase Patch 3: Apply review comment Change-Id: I59cdbfb30253c61e1c27dcf640958899af976a96 Signed-off-by:
-
- 12 Nov, 2016 1 commit
-
-
Oleksii Beketov authored
1. Added ability to switch TLS between different credential usage types 2. Manufacturer credentials injected to oic_svr_db_client.dat and oic_svr_db_server_mfg.dat Change-Id: Ide5ec7f849a03a787e45bb77e31076e94e1eb1b3 Signed-off-by:
-
- 11 Nov, 2016 1 commit
-
-
Jongmin Choi authored
The anonymous union member of struct CborEncoder is no longer anonymous. References to the union member are replaced by API added for them Patch #1: Initial upload Change-Id: Ie47779bee68cfae4fa578ae39ae087ea23b905df Signed-off-by:
-
- 09 Nov, 2016 1 commit
-
-
Chul Lee authored
Change-Id: I6802265094222c0d01acc000a14b9b5afdacf6ee Signed-off-by:
-
- 07 Nov, 2016 1 commit
-
-
Chul Lee authored
This update can handle the following payload : {"rowneruuid":"28516ab8-b35a-4726-a082-ee7685c33c8c"} Change-Id: Ibee20c99ff05409fdaf44c2bdac209b871bde043 Signed-off-by:
-
