Skip to content

GitLab

I
iotivity-classic
Switch branch/tag
  1. 13 Mar, 2019 1 commit
    • Oleksii Beketov's avatar
      [IOT-3276] Multiple CAs allowed · 3b14423a
      Oleksii Beketov authored 
      This patch unites reverted #22987 and CTT fix 23279.

PEM/DER casting removed,  allowing mbedtls to manage
certificate conversion by itself. Credresource loads
certificates that could be either PEM or DER encoded
to a linked list instead of pushing them to a buffer.

Change-Id: I6dd0d957721d59feaf70f3dd421bf65d7c02ef1d
Signed-off-by: default avatarOleksii Beketov <ol.beketov@samsung.com>
      3b14423a
  3. 11 Oct, 2018 1 commit
  5. 25 Sep, 2018 3 commits
  7. 20 Sep, 2018 1 commit
    • Oleksandr Andrieiev's avatar
      [CR2390] Identity spoofing/privelege escalation · 8e30527a
      Oleksandr Andrieiev authored 
      For secure connections that use certificates the SubjectUUID
is retrieved from leaf certificate's CN. However, there is
no binding mechanism between Root CA and Device Id that it
can generate certificates for. Root CAs can issue certificates
with arbitrary UUIDs, which can be used to impersonate another
Device.

The fix adds callback to the certificate chain validation
function. This callback collects single-linked list of all
UUIDs associated with the certificate in cred entries.
When leaf certificate is reached, UUID of Device is retrieved
and matched against static list. If no matching UUID is
found, connection should be rejected.

Bug: https://jira.iotivity.org/browse/IOT-3087
Change-Id: Ic766fa2256d548c99ed4a5dd76f6f3c53b5250a9
Signed-off-by: Oleksandr Andrieiev's avatarOleksandr Andrieiev <o.andrieiev@samsung.com>
      8e30527a
  9. 23 Jul, 2018 1 commit
  11. 23 Mar, 2018 1 commit
  13. 09 Mar, 2018 1 commit
  15. 09 Feb, 2018 1 commit
  17. 06 Feb, 2018 1 commit
  19. 01 Feb, 2018 1 commit
    • George Nash's avatar
      Clean build warnings · ac153614
      George Nash authored 
      This cleans new build warnings discovered when building
iotivity with GCC 7.2.1

-Werror=format-truncation
Fixed in json2cbor that was a result of incorrect buffer size in snprintf

-Werror=implicit-fallthrough
With the addition of the [[fallthrough]] keyword in C++17 GCC now detects
fallthrough locations. The fallthrough error can be hidden by adding
the comment "fall through" to the case that is falling though.

-Werror=pragmas and -Werror=attributes
are from the external tinyCbor code. We Ignore build warnings from extern
libraries. We may fix the warnings by working witht he external project
but it should not block any work in IoTivity.

Change-Id: I86c9fb42b987858c66698fe48e4c2a405769b004
Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      ac153614
  21. 29 Jan, 2018 1 commit
  23. 24 Jan, 2018 1 commit
  25. 02 Jan, 2018 4 commits
  27. 11 Dec, 2017 1 commit
  29. 08 Dec, 2017 3 commits
  31. 30 Nov, 2017 1 commit
  33. 22 Nov, 2017 2 commits
  35. 15 Nov, 2017 1 commit
  37. 14 Nov, 2017 2 commits
  39. 09 Nov, 2017 1 commit
    • Nathan Heldt-Sheller's avatar
      /pstat Resource CBOR fix · a2b20dc4
      Nathan Heldt-Sheller authored 
      Fix for a binary->CBOR marshaling case, where payload
is to contain "dos", but not "p".  This in in turns causes
the next Property to be incorrectly placed inside the "dos"
CBOR map (and then skipped over by the CBOR->binary
un-marshaling code).

Also improved logging.

Change-Id: Ib28fc1e30fdaf1e639afa940ee2626ba14e77584
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      a2b20dc4
  41. 08 Nov, 2017 1 commit
    • Ibrahim Esmat's avatar
      Cherry Pick change to enable building with SCons3 · e5418f06
      Ibrahim Esmat authored 
      Cherry Pick Mats change from master to enable building with SCons 3.0
in 1.3-rel branch. This change and the change in review
https://gerrit.iotivity.org/gerrit/#/c/22809 will be needed to merge
together.

With these 2 changes merged to 1.3-rel, you can successfully build
IoTivity with SCons 3.0. Which will also allow you to build the
UWP versions of the libraries needed for UWP Apps.

Change in master:
Prepare for scons3: change prints and others

In preparation for scons3, recently released, modify remaining print
statements by surrounding them with parens so they look like function
calls. That takes care of the scons3 syntax requirement.

The remaining instances of the sequence "print FOO; Exit(1)" were
changed to "msg = FOO; Exit(msg)" - this helps with the change by
not even using the print statement, and by giving the message to
the output function, it is sent to the error stream rather than
the output stream.

Calls to dictionary keys() and values() are now wrapped in list(),
on Python 3 these return special objects, not the expected list.
That's harmless to Python 2 usage.

The old exception format "except FooErr, err" is no longer supported;
since the Python 3 format "except FooErr as err" has been available
since Python 2.6, there is no problem switching these.

Some instances of using the commands module in extlibs changes to use
subprocess module. Change is transparent.

A couple of instances of filter(lambda ...)) were changes to
a python list comprehension, this is considered preferred for
Python 3 (change was suggested by a conversion tool)

Note on print() change:

  When running with Python2, the print statement is still used. That
  has a bit of an impact: print(a) is just prints the argument, but
  print(a, b, c) is interpreted as printing a tuple (a, b, c), so we
  could see:

  >>> print "This", "is", "a", "test"
  This is a test
  >>> print("This", "is", "a", "test")
  ('This', 'is', 'a', 'test')

  The second is not pretty.  You can make Python2 code use the function
  instead of the statement:

  >>> from __future__ import print_function
  >>> print("This", "is", "a", "test")
  This is a test

  but that's a pain, so the small number of existing prints which
  used a comma as argument separators were updated to use addition,
  so now we're concatenating a string to produce one arg instead
  of supplying multiple "arguments" that would be misinterpreted
  as a tuple in print().  It's fine to add the import statement
  if it's needed.

Change-Id: Idac00e1389b79ee65da4a2eb6ef3246551b66843
Signed-off-by: default avatarMats Wichmann <mats@linux.com>
Signed-off-by: default avatarIbrahim Esmat <iesmat@microsoft.com>
      e5418f06
  43. 02 Nov, 2017 1 commit
  45. 31 Oct, 2017 4 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Reply with error for bad key · 75f189fd
      Dan Mihai authored 
      Return an error response when a Client tries to post a role with a
mistmatched public key.

Change-Id: Ie689f862d1534093026979c076239fdf604b91e1
Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      75f189fd
    • Dan Mihai's avatar
      CT1.7.4.5: New null terminator handling · ac02c2f9
      Dan Mihai authored 
      Avoid persisting the cert null terminator, to be able to return the
original cert for RETRIEVE. Add the null terminator just temporarily,
before calling mbedtls_x509_crt_parse().

This patch allows CT1.7.4.5 to make progress past Check_3. This test
case still fails later on - to be investigated.

Change-Id: Icda1afaad478548682599f97ff46b3017b01588e
Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      ac02c2f9
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove DOXS access to /crl · 10d49e10
      Nathan Heldt-Sheller authored 
      Although the Security Spec is silent on whether DOXS has
implicit access (that is, a permanent ACE, or default ACE that
can't be modified) to the /crl Resource.  CTT interprets that
to mean it doesn't have implicit access, even though DOXS
can access related configuration Resources (/doxm, /pstat, /acl2,
/cred).  Rather than fight over it I'm changing because
either way works, it's just more effort for OBT with implicit
access reduced.  Still a reasonable inference (though not
normatively supported).

Change-Id: I86f8a7f1ed217b7bdeb3cae2ab015fb035cd8940
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      10d49e10
    • Mats Wichmann's avatar
      Plug memory leak in json2cbor · 19426a57
      Mats Wichmann authored 
      In recently introduced code, a pair of temporary buffers is used
to help convert ascii digits to a number; one is a static
allocation but the other is OICMalloc'd, but was not freed.

Change-Id: Iab1e8ce48c20aa6332d375c891f6b38ecb6939e7
Bug: https://jira.iotivity.org/browse/IOT-2863Signed-off-by: default avatarMats Wichmann <mats@linux.com>
      19426a57
  47. 28 Oct, 2017 2 commits
    • Nathan Heldt-Sheller's avatar
      [IOT-2854][IOT-2858] anon ciphersuite disable · 5f568dfa
      Nathan Heldt-Sheller authored 
      Right now the /doxm handler code to disable the anon cipher suite is
not correct, so it's removed in this patch.  Instead, the /cred code disables
the anon suite after calculating PSK.

If there is a request is over secure channel, but requester ID
is Nil UUID, then (in current IoTivity at least) it means that this request
arrived over DTLS established via anon cipher suite.  A successful
connection has taken place, and that's an opportunity to disable the anon cipher
suite so no other anon connections can be made during OTM.

For now, we're just removing the incorrect /doxm code to disable,
and leaving the more aggressive disable timing for another release.

See [IOT-2858] for more info.

Change-Id: I99c2a48abbfc6f3e5aa52385ee5b778c4c80ccfc
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      5f568dfa
    • akk0rd's avatar
      [IOT-2826][IOT-2851]dat file with zero rownerid · 5fdb8a11
      akk0rd authored 
      Fixed false generating dat file, added wrapper functions with rowner parameter

Change-Id: Ia8badb9b0b78de5f620f8dbad6f070c1276ebf74
Signed-off-by: default avatarakk0rd <v.riznyk@samsung.com>
      5fdb8a11
  49. 27 Oct, 2017 1 commit
    • Abhishek Pandey's avatar
      Fixing Build Errors after applying -Werror · 1dfc200d
      Abhishek Pandey authored 
      JIRA IOT-2845: https://jira.iotivity.org/browse/IOT-2845

This seems to be side effect of JIRA [IOT-2539]. Build is
breaking on some linux platforms (i.e. i686). Most
compilation errors are related to printf format
specifiers. Probably this wasn't caught by jenkins
when merging patch for IOT-2845 due to its system
configuration matches expected size for all data types.

Fixed the error by using portable format specifiers while
logging.

%PRId - for int64_t
%PRIu - for unit64_t
%PRIuPTR - for size_t (unsigned)

Change-Id: I30a21cacdddc84776392100ee783ccbe7e1eae0d
Signed-off-by: default avatarAbhishek Pandey <abhi.siso@samsung.com>
      1dfc200d
  51. 26 Oct, 2017 2 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Avoid DER key parse error · 150b2de8
      Dan Mihai authored 
      mbedtls_pk_parse_key was not able to parse the key converted to DER
by GetDerKey(). It encountered in the DER an unexpected key format
version.

However, mbedtls_pk_parse_key is able to parse correctly the original
PEM format of the same key.

This patch allows CT1.7.4.5 to establish a connection to an IoTivity
server. This test case still fails later on - to be investigated.

Change-Id: I933ea9d3b761ed159faa2c4f371890e477caf23f
Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      150b2de8
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove SVR restore behavior · c4025294
      Nathan Heldt-Sheller authored 
      These functions were applied at incorrect times (e.g. if a normal
Update was rejected due to read-only properties during OTM, the entire
system would "restore" to a wrong state).  They were also wrong,
in that they restored some values, left others unchanged, and set
others to wrong values (e.g. presumed JustWorks OTM).

Also, the duplicate message logic was not being used to any consistent
effect and causing warnings.  It's also completely optional and so was
removed.

Change-Id: I23d23f946fbafe02cdc2d2ac6ac46abcedd1f149
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      c4025294