1. 13 Mar, 2019 1 commit
    • Oleksii Beketov's avatar
      [IOT-3276] Multiple CAs allowed · 3b14423a
      Oleksii Beketov authored
      This patch unites reverted #22987 and CTT fix 23279.
      
      PEM/DER casting removed,  allowing mbedtls to manage
      certificate conversion by itself. Credresource loads
      certificates that could be either PEM or DER encoded
      to a linked list instead of pushing them to a buffer.
      
      Change-Id: I6dd0d957721d59feaf70f3dd421bf65d7c02ef1d
      Signed-off-by: default avatarOleksii Beketov <ol.beketov@samsung.com>
      3b14423a
  2. 11 Oct, 2018 1 commit
  3. 20 Sep, 2018 1 commit
    • Oleksandr Andrieiev's avatar
      [CR2390] Identity spoofing/privelege escalation · 8e30527a
      Oleksandr Andrieiev authored
      For secure connections that use certificates the SubjectUUID
      is retrieved from leaf certificate's CN. However, there is
      no binding mechanism between Root CA and Device Id that it
      can generate certificates for. Root CAs can issue certificates
      with arbitrary UUIDs, which can be used to impersonate another
      Device.
      
      The fix adds callback to the certificate chain validation
      function. This callback collects single-linked list of all
      UUIDs associated with the certificate in cred entries.
      When leaf certificate is reached, UUID of Device is retrieved
      and matched against static list. If no matching UUID is
      found, connection should be rejected.
      
      Bug: https://jira.iotivity.org/browse/IOT-3087
      Change-Id: Ic766fa2256d548c99ed4a5dd76f6f3c53b5250a9
      Signed-off-by: Oleksandr Andrieiev's avatarOleksandr Andrieiev <o.andrieiev@samsung.com>
      8e30527a
  4. 24 Jan, 2018 1 commit
  5. 11 Dec, 2017 1 commit
  6. 15 Nov, 2017 1 commit
  7. 14 Nov, 2017 2 commits
  8. 28 Oct, 2017 1 commit
  9. 26 Oct, 2017 2 commits
    • Dan Mihai's avatar
      CT1.7.4.5: Avoid DER key parse error · 150b2de8
      Dan Mihai authored
      mbedtls_pk_parse_key was not able to parse the key converted to DER
      by GetDerKey(). It encountered in the DER an unexpected key format
      version.
      
      However, mbedtls_pk_parse_key is able to parse correctly the original
      PEM format of the same key.
      
      This patch allows CT1.7.4.5 to establish a connection to an IoTivity
      server. This test case still fails later on - to be investigated.
      
      Change-Id: I933ea9d3b761ed159faa2c4f371890e477caf23f
      Signed-off-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
      150b2de8
    • Nathan Heldt-Sheller's avatar
      [IOT-2843] remove SVR restore behavior · c4025294
      Nathan Heldt-Sheller authored
      These functions were applied at incorrect times (e.g. if a normal
      Update was rejected due to read-only properties during OTM, the entire
      system would "restore" to a wrong state).  They were also wrong,
      in that they restored some values, left others unchanged, and set
      others to wrong values (e.g. presumed JustWorks OTM).
      
      Also, the duplicate message logic was not being used to any consistent
      effect and causing warnings.  It's also completely optional and so was
      removed.
      
      Change-Id: I23d23f946fbafe02cdc2d2ac6ac46abcedd1f149
      Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
      c4025294
  10. 25 Oct, 2017 1 commit
  11. 19 Oct, 2017 1 commit
  12. 17 Oct, 2017 1 commit
  13. 16 Oct, 2017 1 commit
  14. 12 Oct, 2017 1 commit
    • George Nash's avatar
      IOT-2539 Clean unused code warnnings · a855c499
      George Nash authored
      credresource.c:
      Removed the [-Wunused-const-variable=] warning
      The CRED_EMPTY_ROOT_MAP_SIZE was used in the past but is no longer
      referenced anywhere in the code.
      
      provisioningclient.c:
      Removed the [-Wunused-const-variable=] warning
      The SUPPORTED_PRMS array was used in the past but is no longer
      referenced anywhere in the code.
      
      ocserver.cpp
      Removed the [-Wunused-variable] warning
      Looking at the logs a instance that gDeviceUUID was used could not
      be found at any point in time.
      
      stacktest.cpp:
      Removed the [-Wunused-variable] warnings
      Variables peer, pinNumber, and pmSel were only used in Direct Pairing
      related unit tests which were removed as part of IOT-2306.
      
      provisioningclient.cpp:
      Removed the [-Wunused-function] warning
      The InputPdACL function was only used by the Direct Pairing code
      that was removed as part of IOT-2306.
      
      Bug: https://jira.iotivity.org/browse/IOT-2539
      Bug: https://jira.iotivity.org/browse/IOT-2306
      Change-Id: I80f52619a04ee7eafc83b79b886c1121f61a6ba1
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      a855c499
  15. 11 Oct, 2017 1 commit
  16. 04 Oct, 2017 2 commits
    • Aleksey's avatar
      [IOT-2726] /cred fix for CT1.7.8.11 · 366409bf
      Aleksey authored
      This patch fixes `4.00 Bad Request` error on
      /oic/sec/cred CON UPDATE request in CT1.7.8.11
      
      This adds an additional check of the incoming credential
      subjectid for OwnerPSK generation. Before, credresource
      tried to generate owner psk for any subjectid in case if
      doxm->owner value already saved, but doxm->owned flag
      not yet set in true.
      This led to an error at the POST handler return.
      
      Change-Id: If2b683ee417bb058f954734ff0c1b64e145c9a6b
      Signed-off-by: Aleksey's avatarAleksey Volkov <a.volkov@samsung.com>
      366409bf
    • Aleksey's avatar
      [IOT-2726] Add pstat.dos check in AddCredential · add093b1
      Aleksey authored
      This change adds /pstat.dos state check to protect credentials modifications in read-only states.
      
      Change-Id: I9a3402e458db8c5fa62a5a0fa0e08c1dd432ceaf
      Signed-off-by: Aleksey's avatarAleksey Volkov <a.volkov@samsung.com>
      add093b1
  17. 27 Sep, 2017 1 commit
  18. 14 Sep, 2017 1 commit
  19. 08 Sep, 2017 1 commit
    • Alex Kelley's avatar
      [IOT-2696] Allow chain of certs in public data · 9f4d7e00
      Alex Kelley authored
      Previously we expected the leaf certificate to be present in public data
      and the chain of intermediate CAs to be present in optional data. After
      discussion it was agreed to update IoTivity to expect the entire chain
      of certificates to be present in public data.
      
      Change-Id: Ib4a53b31451205da4b06c41404b5088568844825
      Signed-off-by: default avatarAlex Kelley <alexke@microsoft.com>
      9f4d7e00
  20. 07 Sep, 2017 1 commit
    • Aleksey's avatar
      [IOT-2641] /cred resource rownerid fix · 4589605d
      Aleksey authored
      This changes includes some refactoring of credential resource design:
       each credential structure instance has own rowner id value
       and it was changed to common rowner value.
      
      IOT-2641 depends on it.
      
      Tested with CT1.7.9.3 and 1.7.9.1, 1.7.4.1
      
      json2cbor and svrdbeditor sources should be fixed accordingly by their owners
      
      Change-Id: I50afae10ac9f702c86d321dcf758525968f7bc31
      Signed-off-by: Aleksey's avatarAleksey Volkov <a.volkov@samsung.com>
      4589605d
  21. 28 Aug, 2017 1 commit
  22. 22 Aug, 2017 1 commit
  23. 18 Aug, 2017 3 commits
  24. 15 Aug, 2017 1 commit
  25. 28 Jul, 2017 1 commit
  26. 20 Jul, 2017 1 commit
  27. 19 Jul, 2017 1 commit
  28. 15 Jun, 2017 1 commit
  29. 21 May, 2017 1 commit
  30. 20 May, 2017 3 commits
  31. 18 May, 2017 2 commits
  32. 15 May, 2017 1 commit