1. 13 Mar, 2019 1 commit
    • Oleksii Beketov's avatar
      [IOT-3276] Multiple CAs allowed · 3b14423a
      Oleksii Beketov authored
      This patch unites reverted #22987 and CTT fix 23279.
      
      PEM/DER casting removed,  allowing mbedtls to manage
      certificate conversion by itself. Credresource loads
      certificates that could be either PEM or DER encoded
      to a linked list instead of pushing them to a buffer.
      
      Change-Id: I6dd0d957721d59feaf70f3dd421bf65d7c02ef1d
      Signed-off-by: default avatarOleksii Beketov <ol.beketov@samsung.com>
      3b14423a
  2. 11 Oct, 2018 1 commit
  3. 25 Sep, 2018 3 commits
  4. 20 Sep, 2018 1 commit
    • Oleksandr Andrieiev's avatar
      [CR2390] Identity spoofing/privelege escalation · 8e30527a
      Oleksandr Andrieiev authored
      For secure connections that use certificates the SubjectUUID
      is retrieved from leaf certificate's CN. However, there is
      no binding mechanism between Root CA and Device Id that it
      can generate certificates for. Root CAs can issue certificates
      with arbitrary UUIDs, which can be used to impersonate another
      Device.
      
      The fix adds callback to the certificate chain validation
      function. This callback collects single-linked list of all
      UUIDs associated with the certificate in cred entries.
      When leaf certificate is reached, UUID of Device is retrieved
      and matched against static list. If no matching UUID is
      found, connection should be rejected.
      
      Bug: https://jira.iotivity.org/browse/IOT-3087
      Change-Id: Ic766fa2256d548c99ed4a5dd76f6f3c53b5250a9
      Signed-off-by: Oleksandr Andrieiev's avatarOleksandr Andrieiev <o.andrieiev@samsung.com>
      8e30527a
  5. 01 Feb, 2018 1 commit
    • George Nash's avatar
      Clean build warnings · ac153614
      George Nash authored
      This cleans new build warnings discovered when building
      iotivity with GCC 7.2.1
      
      -Werror=format-truncation
      Fixed in json2cbor that was a result of incorrect buffer size in snprintf
      
      -Werror=implicit-fallthrough
      With the addition of the [[fallthrough]] keyword in C++17 GCC now detects
      fallthrough locations. The fallthrough error can be hidden by adding
      the comment "fall through" to the case that is falling though.
      
      -Werror=pragmas and -Werror=attributes
      are from the external tinyCbor code. We Ignore build warnings from extern
      libraries. We may fix the warnings by working witht he external project
      but it should not block any work in IoTivity.
      
      Change-Id: I86c9fb42b987858c66698fe48e4c2a405769b004
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      ac153614
  6. 24 Jan, 2018 1 commit
  7. 11 Dec, 2017 1 commit
  8. 15 Nov, 2017 1 commit
  9. 14 Nov, 2017 2 commits
  10. 09 Nov, 2017 1 commit
    • Nathan Heldt-Sheller's avatar
      /pstat Resource CBOR fix · a2b20dc4
      Nathan Heldt-Sheller authored
      Fix for a binary->CBOR marshaling case, where payload
      is to contain "dos", but not "p".  This in in turns causes
      the next Property to be incorrectly placed inside the "dos"
      CBOR map (and then skipped over by the CBOR->binary
      un-marshaling code).
      
      Also improved logging.
      
      Change-Id: Ib28fc1e30fdaf1e639afa940ee2626ba14e77584
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      a2b20dc4
  11. 02 Nov, 2017 1 commit
  12. 31 Oct, 2017 3 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Reply with error for bad key · 75f189fd
      Dan Mihai authored
      Return an error response when a Client tries to post a role with a
      mistmatched public key.
      
      Change-Id: Ie689f862d1534093026979c076239fdf604b91e1
      Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      75f189fd
    • Dan Mihai's avatar
      CT1.7.4.5: New null terminator handling · ac02c2f9
      Dan Mihai authored
      Avoid persisting the cert null terminator, to be able to return the
      original cert for RETRIEVE. Add the null terminator just temporarily,
      before calling mbedtls_x509_crt_parse().
      
      This patch allows CT1.7.4.5 to make progress past Check_3. This test
      case still fails later on - to be investigated.
      
      Change-Id: Icda1afaad478548682599f97ff46b3017b01588e
      Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      ac02c2f9
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove DOXS access to /crl · 10d49e10
      Nathan Heldt-Sheller authored
      Although the Security Spec is silent on whether DOXS has
      implicit access (that is, a permanent ACE, or default ACE that
      can't be modified) to the /crl Resource.  CTT interprets that
      to mean it doesn't have implicit access, even though DOXS
      can access related configuration Resources (/doxm, /pstat, /acl2,
      /cred).  Rather than fight over it I'm changing because
      either way works, it's just more effort for OBT with implicit
      access reduced.  Still a reasonable inference (though not
      normatively supported).
      
      Change-Id: I86f8a7f1ed217b7bdeb3cae2ab015fb035cd8940
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      10d49e10
  13. 28 Oct, 2017 2 commits
    • Nathan Heldt-Sheller's avatar
      [IOT-2854][IOT-2858] anon ciphersuite disable · 5f568dfa
      Nathan Heldt-Sheller authored
      Right now the /doxm handler code to disable the anon cipher suite is
      not correct, so it's removed in this patch.  Instead, the /cred code disables
      the anon suite after calculating PSK.
      
      If there is a request is over secure channel, but requester ID
      is Nil UUID, then (in current IoTivity at least) it means that this request
      arrived over DTLS established via anon cipher suite.  A successful
      connection has taken place, and that's an opportunity to disable the anon cipher
      suite so no other anon connections can be made during OTM.
      
      For now, we're just removing the incorrect /doxm code to disable,
      and leaving the more aggressive disable timing for another release.
      
      See [IOT-2858] for more info.
      
      Change-Id: I99c2a48abbfc6f3e5aa52385ee5b778c4c80ccfc
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      5f568dfa
    • akk0rd's avatar
      [IOT-2826][IOT-2851]dat file with zero rownerid · 5fdb8a11
      akk0rd authored
      Fixed false generating dat file, added wrapper functions with rowner parameter
      
      Change-Id: Ia8badb9b0b78de5f620f8dbad6f070c1276ebf74
      Signed-off-by: default avatarakk0rd <v.riznyk@samsung.com>
      5fdb8a11
  14. 27 Oct, 2017 1 commit
    • Abhishek Pandey's avatar
      Fixing Build Errors after applying -Werror · 1dfc200d
      Abhishek Pandey authored
      JIRA IOT-2845: https://jira.iotivity.org/browse/IOT-2845
      
      This seems to be side effect of JIRA [IOT-2539]. Build is
      breaking on some linux platforms (i.e. i686). Most
      compilation errors are related to printf format
      specifiers. Probably this wasn't caught by jenkins
      when merging patch for IOT-2845 due to its system
      configuration matches expected size for all data types.
      
      Fixed the error by using portable format specifiers while
      logging.
      
      %PRId - for int64_t
      %PRIu - for unit64_t
      %PRIuPTR - for size_t (unsigned)
      
      Change-Id: I30a21cacdddc84776392100ee783ccbe7e1eae0d
      Signed-off-by: default avatarAbhishek Pandey <abhi.siso@samsung.com>
      1dfc200d
  15. 26 Oct, 2017 2 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Avoid DER key parse error · 150b2de8
      Dan Mihai authored
      mbedtls_pk_parse_key was not able to parse the key converted to DER
      by GetDerKey(). It encountered in the DER an unexpected key format
      version.
      
      However, mbedtls_pk_parse_key is able to parse correctly the original
      PEM format of the same key.
      
      This patch allows CT1.7.4.5 to establish a connection to an IoTivity
      server. This test case still fails later on - to be investigated.
      
      Change-Id: I933ea9d3b761ed159faa2c4f371890e477caf23f
      Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      150b2de8
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove SVR restore behavior · c4025294
      Nathan Heldt-Sheller authored
      These functions were applied at incorrect times (e.g. if a normal
      Update was rejected due to read-only properties during OTM, the entire
      system would "restore" to a wrong state).  They were also wrong,
      in that they restored some values, left others unchanged, and set
      others to wrong values (e.g. presumed JustWorks OTM).
      
      Also, the duplicate message logic was not being used to any consistent
      effect and causing warnings.  It's also completely optional and so was
      removed.
      
      Change-Id: I23d23f946fbafe02cdc2d2ac6ac46abcedd1f149
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      c4025294
  16. 25 Oct, 2017 1 commit
  17. 23 Oct, 2017 2 commits
  18. 21 Oct, 2017 1 commit
  19. 20 Oct, 2017 1 commit
  20. 19 Oct, 2017 3 commits
  21. 17 Oct, 2017 4 commits
  22. 16 Oct, 2017 4 commits
  23. 12 Oct, 2017 2 commits
    • George Nash's avatar
      IOT-2539 Clean unused code warnnings · a855c499
      George Nash authored
      credresource.c:
      Removed the [-Wunused-const-variable=] warning
      The CRED_EMPTY_ROOT_MAP_SIZE was used in the past but is no longer
      referenced anywhere in the code.
      
      provisioningclient.c:
      Removed the [-Wunused-const-variable=] warning
      The SUPPORTED_PRMS array was used in the past but is no longer
      referenced anywhere in the code.
      
      ocserver.cpp
      Removed the [-Wunused-variable] warning
      Looking at the logs a instance that gDeviceUUID was used could not
      be found at any point in time.
      
      stacktest.cpp:
      Removed the [-Wunused-variable] warnings
      Variables peer, pinNumber, and pmSel were only used in Direct Pairing
      related unit tests which were removed as part of IOT-2306.
      
      provisioningclient.cpp:
      Removed the [-Wunused-function] warning
      The InputPdACL function was only used by the Direct Pairing code
      that was removed as part of IOT-2306.
      
      Bug: https://jira.iotivity.org/browse/IOT-2539
      Bug: https://jira.iotivity.org/browse/IOT-2306
      Change-Id: I80f52619a04ee7eafc83b79b886c1121f61a6ba1
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      a855c499
    • Nathan Heldt-Sheller's avatar
      [IOT-2806] RESET clears all bits · 4693e1f4
      Nathan Heldt-Sheller authored
      The RESET state should clear all the cm and tm bits before
      setting the two lsbs (RESET and TAKE_OWNER bits) to 0b01 for
      cm and 0b10 for tm.
      
      Change-Id: I2b602153ea806d51bb1367514463ac590d4353db
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      4693e1f4