Skip to content

GitLab

I
iotivity-classic
Switch branch/tag
  1. 13 Mar, 2019 1 commit
    • Oleksii Beketov's avatar
      [IOT-3276] Multiple CAs allowed · 3b14423a
      Oleksii Beketov authored 
      This patch unites reverted #22987 and CTT fix 23279.

PEM/DER casting removed,  allowing mbedtls to manage
certificate conversion by itself. Credresource loads
certificates that could be either PEM or DER encoded
to a linked list instead of pushing them to a buffer.

Change-Id: I6dd0d957721d59feaf70f3dd421bf65d7c02ef1d
Signed-off-by: default avatarOleksii Beketov <ol.beketov@samsung.com>
      3b14423a
  3. 11 Oct, 2018 1 commit
  5. 25 Sep, 2018 3 commits
  7. 20 Sep, 2018 1 commit
    • Oleksandr Andrieiev's avatar
      [CR2390] Identity spoofing/privelege escalation · 8e30527a
      Oleksandr Andrieiev authored 
      For secure connections that use certificates the SubjectUUID
is retrieved from leaf certificate's CN. However, there is
no binding mechanism between Root CA and Device Id that it
can generate certificates for. Root CAs can issue certificates
with arbitrary UUIDs, which can be used to impersonate another
Device.

The fix adds callback to the certificate chain validation
function. This callback collects single-linked list of all
UUIDs associated with the certificate in cred entries.
When leaf certificate is reached, UUID of Device is retrieved
and matched against static list. If no matching UUID is
found, connection should be rejected.

Bug: https://jira.iotivity.org/browse/IOT-3087
Change-Id: Ic766fa2256d548c99ed4a5dd76f6f3c53b5250a9
Signed-off-by: Oleksandr Andrieiev's avatarOleksandr Andrieiev <o.andrieiev@samsung.com>
      8e30527a
  9. 01 Feb, 2018 1 commit
    • George Nash's avatar
      Clean build warnings · ac153614
      George Nash authored 
      This cleans new build warnings discovered when building
iotivity with GCC 7.2.1

-Werror=format-truncation
Fixed in json2cbor that was a result of incorrect buffer size in snprintf

-Werror=implicit-fallthrough
With the addition of the [[fallthrough]] keyword in C++17 GCC now detects
fallthrough locations. The fallthrough error can be hidden by adding
the comment "fall through" to the case that is falling though.

-Werror=pragmas and -Werror=attributes
are from the external tinyCbor code. We Ignore build warnings from extern
libraries. We may fix the warnings by working witht he external project
but it should not block any work in IoTivity.

Change-Id: I86c9fb42b987858c66698fe48e4c2a405769b004
Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      ac153614
  11. 24 Jan, 2018 1 commit
  13. 11 Dec, 2017 1 commit
  15. 15 Nov, 2017 1 commit
  17. 14 Nov, 2017 2 commits
  19. 09 Nov, 2017 1 commit
    • Nathan Heldt-Sheller's avatar
      /pstat Resource CBOR fix · a2b20dc4
      Nathan Heldt-Sheller authored 
      Fix for a binary->CBOR marshaling case, where payload
is to contain "dos", but not "p".  This in in turns causes
the next Property to be incorrectly placed inside the "dos"
CBOR map (and then skipped over by the CBOR->binary
un-marshaling code).

Also improved logging.

Change-Id: Ib28fc1e30fdaf1e639afa940ee2626ba14e77584
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      a2b20dc4
  21. 02 Nov, 2017 1 commit
  23. 31 Oct, 2017 3 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Reply with error for bad key · 75f189fd
      Dan Mihai authored 
      Return an error response when a Client tries to post a role with a
mistmatched public key.

Change-Id: Ie689f862d1534093026979c076239fdf604b91e1
Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      75f189fd
    • Dan Mihai's avatar
      CT1.7.4.5: New null terminator handling · ac02c2f9
      Dan Mihai authored 
      Avoid persisting the cert null terminator, to be able to return the
original cert for RETRIEVE. Add the null terminator just temporarily,
before calling mbedtls_x509_crt_parse().

This patch allows CT1.7.4.5 to make progress past Check_3. This test
case still fails later on - to be investigated.

Change-Id: Icda1afaad478548682599f97ff46b3017b01588e
Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      ac02c2f9
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove DOXS access to /crl · 10d49e10
      Nathan Heldt-Sheller authored 
      Although the Security Spec is silent on whether DOXS has
implicit access (that is, a permanent ACE, or default ACE that
can't be modified) to the /crl Resource.  CTT interprets that
to mean it doesn't have implicit access, even though DOXS
can access related configuration Resources (/doxm, /pstat, /acl2,
/cred).  Rather than fight over it I'm changing because
either way works, it's just more effort for OBT with implicit
access reduced.  Still a reasonable inference (though not
normatively supported).

Change-Id: I86f8a7f1ed217b7bdeb3cae2ab015fb035cd8940
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      10d49e10
  25. 28 Oct, 2017 2 commits
    • Nathan Heldt-Sheller's avatar
      [IOT-2854][IOT-2858] anon ciphersuite disable · 5f568dfa
      Nathan Heldt-Sheller authored 
      Right now the /doxm handler code to disable the anon cipher suite is
not correct, so it's removed in this patch.  Instead, the /cred code disables
the anon suite after calculating PSK.

If there is a request is over secure channel, but requester ID
is Nil UUID, then (in current IoTivity at least) it means that this request
arrived over DTLS established via anon cipher suite.  A successful
connection has taken place, and that's an opportunity to disable the anon cipher
suite so no other anon connections can be made during OTM.

For now, we're just removing the incorrect /doxm code to disable,
and leaving the more aggressive disable timing for another release.

See [IOT-2858] for more info.

Change-Id: I99c2a48abbfc6f3e5aa52385ee5b778c4c80ccfc
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      5f568dfa
    • akk0rd's avatar
      [IOT-2826][IOT-2851]dat file with zero rownerid · 5fdb8a11
      akk0rd authored 
      Fixed false generating dat file, added wrapper functions with rowner parameter

Change-Id: Ia8badb9b0b78de5f620f8dbad6f070c1276ebf74
Signed-off-by: default avatarakk0rd <v.riznyk@samsung.com>
      5fdb8a11
  27. 27 Oct, 2017 1 commit
    • Abhishek Pandey's avatar
      Fixing Build Errors after applying -Werror · 1dfc200d
      Abhishek Pandey authored 
      JIRA IOT-2845: https://jira.iotivity.org/browse/IOT-2845

This seems to be side effect of JIRA [IOT-2539]. Build is
breaking on some linux platforms (i.e. i686). Most
compilation errors are related to printf format
specifiers. Probably this wasn't caught by jenkins
when merging patch for IOT-2845 due to its system
configuration matches expected size for all data types.

Fixed the error by using portable format specifiers while
logging.

%PRId - for int64_t
%PRIu - for unit64_t
%PRIuPTR - for size_t (unsigned)

Change-Id: I30a21cacdddc84776392100ee783ccbe7e1eae0d
Signed-off-by: default avatarAbhishek Pandey <abhi.siso@samsung.com>
      1dfc200d
  29. 26 Oct, 2017 2 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Avoid DER key parse error · 150b2de8
      Dan Mihai authored 
      mbedtls_pk_parse_key was not able to parse the key converted to DER
by GetDerKey(). It encountered in the DER an unexpected key format
version.

However, mbedtls_pk_parse_key is able to parse correctly the original
PEM format of the same key.

This patch allows CT1.7.4.5 to establish a connection to an IoTivity
server. This test case still fails later on - to be investigated.

Change-Id: I933ea9d3b761ed159faa2c4f371890e477caf23f
Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      150b2de8
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove SVR restore behavior · c4025294
      Nathan Heldt-Sheller authored 
      These functions were applied at incorrect times (e.g. if a normal
Update was rejected due to read-only properties during OTM, the entire
system would "restore" to a wrong state).  They were also wrong,
in that they restored some values, left others unchanged, and set
others to wrong values (e.g. presumed JustWorks OTM).

Also, the duplicate message logic was not being used to any consistent
effect and causing warnings.  It's also completely optional and so was
removed.

Change-Id: I23d23f946fbafe02cdc2d2ac6ac46abcedd1f149
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      c4025294
  31. 25 Oct, 2017 1 commit
  33. 23 Oct, 2017 2 commits
  35. 21 Oct, 2017 1 commit
  37. 20 Oct, 2017 1 commit
  39. 19 Oct, 2017 3 commits
  41. 17 Oct, 2017 4 commits
  43. 16 Oct, 2017 4 commits
  45. 12 Oct, 2017 2 commits
    • George Nash's avatar
      IOT-2539 Clean unused code warnnings · a855c499
      George Nash authored 
      credresource.c:
Removed the [-Wunused-const-variable=] warning
The CRED_EMPTY_ROOT_MAP_SIZE was used in the past but is no longer
referenced anywhere in the code.

provisioningclient.c:
Removed the [-Wunused-const-variable=] warning
The SUPPORTED_PRMS array was used in the past but is no longer
referenced anywhere in the code.

ocserver.cpp
Removed the [-Wunused-variable] warning
Looking at the logs a instance that gDeviceUUID was used could not
be found at any point in time.

stacktest.cpp:
Removed the [-Wunused-variable] warnings
Variables peer, pinNumber, and pmSel were only used in Direct Pairing
related unit tests which were removed as part of IOT-2306.

provisioningclient.cpp:
Removed the [-Wunused-function] warning
The InputPdACL function was only used by the Direct Pairing code
that was removed as part of IOT-2306.

Bug: https://jira.iotivity.org/browse/IOT-2539
Bug: https://jira.iotivity.org/browse/IOT-2306
Change-Id: I80f52619a04ee7eafc83b79b886c1121f61a6ba1
Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      a855c499
    • Nathan Heldt-Sheller's avatar
      [IOT-2806] RESET clears all bits · 4693e1f4
      Nathan Heldt-Sheller authored 
      The RESET state should clear all the cm and tm bits before
setting the two lsbs (RESET and TAKE_OWNER bits) to 0b01 for
cm and 0b10 for tm.

Change-Id: I2b602153ea806d51bb1367514463ac590d4353db
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      4693e1f4