1. 13 Mar, 2019 1 commit
    • Oleksii Beketov's avatar
      [IOT-3276] Multiple CAs allowed · 3b14423a
      Oleksii Beketov authored
      This patch unites reverted #22987 and CTT fix 23279.
      PEM/DER casting removed,  allowing mbedtls to manage
      certificate conversion by itself. Credresource loads
      certificates that could be either PEM or DER encoded
      to a linked list instead of pushing them to a buffer.
      Change-Id: I6dd0d957721d59feaf70f3dd421bf65d7c02ef1d
      Signed-off-by: default avatarOleksii Beketov <ol.beketov@samsung.com>
  2. 11 Oct, 2018 1 commit
  3. 25 Sep, 2018 3 commits
  4. 20 Sep, 2018 1 commit
    • Oleksandr Andrieiev's avatar
      [CR2390] Identity spoofing/privelege escalation · 8e30527a
      Oleksandr Andrieiev authored
      For secure connections that use certificates the SubjectUUID
      is retrieved from leaf certificate's CN. However, there is
      no binding mechanism between Root CA and Device Id that it
      can generate certificates for. Root CAs can issue certificates
      with arbitrary UUIDs, which can be used to impersonate another
      The fix adds callback to the certificate chain validation
      function. This callback collects single-linked list of all
      UUIDs associated with the certificate in cred entries.
      When leaf certificate is reached, UUID of Device is retrieved
      and matched against static list. If no matching UUID is
      found, connection should be rejected.
      Bug: https://jira.iotivity.org/browse/IOT-3087
      Change-Id: Ic766fa2256d548c99ed4a5dd76f6f3c53b5250a9
      Signed-off-by: Oleksandr Andrieiev's avatarOleksandr Andrieiev <o.andrieiev@samsung.com>
  5. 23 Jul, 2018 1 commit
  6. 23 Mar, 2018 1 commit
  7. 09 Mar, 2018 1 commit
  8. 09 Feb, 2018 1 commit
  9. 06 Feb, 2018 1 commit
  10. 01 Feb, 2018 1 commit
    • George Nash's avatar
      Clean build warnings · ac153614
      George Nash authored
      This cleans new build warnings discovered when building
      iotivity with GCC 7.2.1
      Fixed in json2cbor that was a result of incorrect buffer size in snprintf
      With the addition of the [[fallthrough]] keyword in C++17 GCC now detects
      fallthrough locations. The fallthrough error can be hidden by adding
      the comment "fall through" to the case that is falling though.
      -Werror=pragmas and -Werror=attributes
      are from the external tinyCbor code. We Ignore build warnings from extern
      libraries. We may fix the warnings by working witht he external project
      but it should not block any work in IoTivity.
      Change-Id: I86c9fb42b987858c66698fe48e4c2a405769b004
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
  11. 29 Jan, 2018 1 commit
  12. 24 Jan, 2018 1 commit
  13. 02 Jan, 2018 4 commits
  14. 11 Dec, 2017 1 commit
  15. 08 Dec, 2017 3 commits
  16. 30 Nov, 2017 1 commit
  17. 22 Nov, 2017 2 commits
  18. 15 Nov, 2017 1 commit
  19. 14 Nov, 2017 2 commits
  20. 09 Nov, 2017 1 commit
    • Nathan Heldt-Sheller's avatar
      /pstat Resource CBOR fix · a2b20dc4
      Nathan Heldt-Sheller authored
      Fix for a binary->CBOR marshaling case, where payload
      is to contain "dos", but not "p".  This in in turns causes
      the next Property to be incorrectly placed inside the "dos"
      CBOR map (and then skipped over by the CBOR->binary
      un-marshaling code).
      Also improved logging.
      Change-Id: Ib28fc1e30fdaf1e639afa940ee2626ba14e77584
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
  21. 08 Nov, 2017 1 commit
    • Ibrahim Esmat's avatar
      Cherry Pick change to enable building with SCons3 · e5418f06
      Ibrahim Esmat authored
      Cherry Pick Mats change from master to enable building with SCons 3.0
      in 1.3-rel branch. This change and the change in review
      https://gerrit.iotivity.org/gerrit/#/c/22809 will be needed to merge
      With these 2 changes merged to 1.3-rel, you can successfully build
      IoTivity with SCons 3.0. Which will also allow you to build the
      UWP versions of the libraries needed for UWP Apps.
      Change in master:
      Prepare for scons3: change prints and others
      In preparation for scons3, recently released, modify remaining print
      statements by surrounding them with parens so they look like function
      calls. That takes care of the scons3 syntax requirement.
      The remaining instances of the sequence "print FOO; Exit(1)" were
      changed to "msg = FOO; Exit(msg)" - this helps with the change by
      not even using the print statement, and by giving the message to
      the output function, it is sent to the error stream rather than
      the output stream.
      Calls to dictionary keys() and values() are now wrapped in list(),
      on Python 3 these return special objects, not the expected list.
      That's harmless to Python 2 usage.
      The old exception format "except FooErr, err" is no longer supported;
      since the Python 3 format "except FooErr as err" has been available
      since Python 2.6, there is no problem switching these.
      Some instances of using the commands module in extlibs changes to use
      subprocess module. Change is transparent.
      A couple of instances of filter(lambda ...)) were changes to
      a python list comprehension, this is considered preferred for
      Python 3 (change was suggested by a conversion tool)
      Note on print() change:
        When running with Python2, the print statement is still used. That
        has a bit of an impact: print(a) is just prints the argument, but
        print(a, b, c) is interpreted as printing a tuple (a, b, c), so we
        could see:
        >>> print "This", "is", "a", "test"
        This is a test
        >>> print("This", "is", "a", "test")
        ('This', 'is', 'a', 'test')
        The second is not pretty.  You can make Python2 code use the function
        instead of the statement:
        >>> from __future__ import print_function
        >>> print("This", "is", "a", "test")
        This is a test
        but that's a pain, so the small number of existing prints which
        used a comma as argument separators were updated to use addition,
        so now we're concatenating a string to produce one arg instead
        of supplying multiple "arguments" that would be misinterpreted
        as a tuple in print().  It's fine to add the import statement
        if it's needed.
      Change-Id: Idac00e1389b79ee65da4a2eb6ef3246551b66843
      Signed-off-by: default avatarMats Wichmann <mats@linux.com>
      Signed-off-by: default avatarIbrahim Esmat <iesmat@microsoft.com>
  22. 02 Nov, 2017 1 commit
  23. 31 Oct, 2017 4 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Reply with error for bad key · 75f189fd
      Dan Mihai authored
      Return an error response when a Client tries to post a role with a
      mistmatched public key.
      Change-Id: Ie689f862d1534093026979c076239fdf604b91e1
      Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
    • Dan Mihai's avatar
      CT1.7.4.5: New null terminator handling · ac02c2f9
      Dan Mihai authored
      Avoid persisting the cert null terminator, to be able to return the
      original cert for RETRIEVE. Add the null terminator just temporarily,
      before calling mbedtls_x509_crt_parse().
      This patch allows CT1.7.4.5 to make progress past Check_3. This test
      case still fails later on - to be investigated.
      Change-Id: Icda1afaad478548682599f97ff46b3017b01588e
      Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove DOXS access to /crl · 10d49e10
      Nathan Heldt-Sheller authored
      Although the Security Spec is silent on whether DOXS has
      implicit access (that is, a permanent ACE, or default ACE that
      can't be modified) to the /crl Resource.  CTT interprets that
      to mean it doesn't have implicit access, even though DOXS
      can access related configuration Resources (/doxm, /pstat, /acl2,
      /cred).  Rather than fight over it I'm changing because
      either way works, it's just more effort for OBT with implicit
      access reduced.  Still a reasonable inference (though not
      normatively supported).
      Change-Id: I86f8a7f1ed217b7bdeb3cae2ab015fb035cd8940
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
    • Mats Wichmann's avatar
      Plug memory leak in json2cbor · 19426a57
      Mats Wichmann authored
      In recently introduced code, a pair of temporary buffers is used
      to help convert ascii digits to a number; one is a static
      allocation but the other is OICMalloc'd, but was not freed.
      Change-Id: Iab1e8ce48c20aa6332d375c891f6b38ecb6939e7
      Bug: https://jira.iotivity.org/browse/IOT-2863Signed-off-by: default avatarMats Wichmann <mats@linux.com>
  24. 28 Oct, 2017 2 commits
    • Nathan Heldt-Sheller's avatar
      [IOT-2854][IOT-2858] anon ciphersuite disable · 5f568dfa
      Nathan Heldt-Sheller authored
      Right now the /doxm handler code to disable the anon cipher suite is
      not correct, so it's removed in this patch.  Instead, the /cred code disables
      the anon suite after calculating PSK.
      If there is a request is over secure channel, but requester ID
      is Nil UUID, then (in current IoTivity at least) it means that this request
      arrived over DTLS established via anon cipher suite.  A successful
      connection has taken place, and that's an opportunity to disable the anon cipher
      suite so no other anon connections can be made during OTM.
      For now, we're just removing the incorrect /doxm code to disable,
      and leaving the more aggressive disable timing for another release.
      See [IOT-2858] for more info.
      Change-Id: I99c2a48abbfc6f3e5aa52385ee5b778c4c80ccfc
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
    • akk0rd's avatar
      [IOT-2826][IOT-2851]dat file with zero rownerid · 5fdb8a11
      akk0rd authored
      Fixed false generating dat file, added wrapper functions with rowner parameter
      Change-Id: Ia8badb9b0b78de5f620f8dbad6f070c1276ebf74
      Signed-off-by: default avatarakk0rd <v.riznyk@samsung.com>
  25. 27 Oct, 2017 1 commit
    • Abhishek Pandey's avatar
      Fixing Build Errors after applying -Werror · 1dfc200d
      Abhishek Pandey authored
      JIRA IOT-2845: https://jira.iotivity.org/browse/IOT-2845
      This seems to be side effect of JIRA [IOT-2539]. Build is
      breaking on some linux platforms (i.e. i686). Most
      compilation errors are related to printf format
      specifiers. Probably this wasn't caught by jenkins
      when merging patch for IOT-2845 due to its system
      configuration matches expected size for all data types.
      Fixed the error by using portable format specifiers while
      %PRId - for int64_t
      %PRIu - for unit64_t
      %PRIuPTR - for size_t (unsigned)
      Change-Id: I30a21cacdddc84776392100ee783ccbe7e1eae0d
      Signed-off-by: default avatarAbhishek Pandey <abhi.siso@samsung.com>
  26. 26 Oct, 2017 2 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Avoid DER key parse error · 150b2de8
      Dan Mihai authored
      mbedtls_pk_parse_key was not able to parse the key converted to DER
      by GetDerKey(). It encountered in the DER an unexpected key format
      However, mbedtls_pk_parse_key is able to parse correctly the original
      PEM format of the same key.
      This patch allows CT1.7.4.5 to establish a connection to an IoTivity
      server. This test case still fails later on - to be investigated.
      Change-Id: I933ea9d3b761ed159faa2c4f371890e477caf23f
      Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove SVR restore behavior · c4025294
      Nathan Heldt-Sheller authored
      These functions were applied at incorrect times (e.g. if a normal
      Update was rejected due to read-only properties during OTM, the entire
      system would "restore" to a wrong state).  They were also wrong,
      in that they restored some values, left others unchanged, and set
      others to wrong values (e.g. presumed JustWorks OTM).
      Also, the duplicate message logic was not being used to any consistent
      effect and causing warnings.  It's also completely optional and so was
      Change-Id: I23d23f946fbafe02cdc2d2ac6ac46abcedd1f149
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>