Skip to content

GitLab

I
iotivity-classic
Open
Opened by Rami Alshafi@ramiOwner

IoTivity sets wrong identity hint during PIN-based OTM handshake

An OCF vendor is trying to migrate to Lite and wants to use Lite’s onboarding. One of their requests was to ensure that the Lite OBT
handles IoTvity devices and adapts to its idiosyncrasies.
I am able to do JW OTM, but ran into an issue with the PIN OTM.
 
It seems that IoTivity may have a bug in the PIN OTM that’s never been found since the CTT is able to onboard it in the PIN OTM TC.
 
As such, I think the CTT implementation of CT
1.7.2.2
.2 may have a small bug that’s not catching the problem in IoTivity.
So, I wanted to confirm.
 
Basically, in PIN OTM both the IUT and CTT would compute a PSK at the very beginning based on the PIN obtained from the IUT.
After establishing the PSK, they launch off a DTLS session. During that DTLS handshake, the IUT would send its identity to the CTT
(and vice-versa). The expectation is that the IUT would send its known temporary UUID so the CTT/OBT can map it to the right
PSK (which it just derived from the PIN).
I believe the CTT has an issue where it does not actually bother to verify the IUT’s identity during the handshake and directly applies
the PSK (must be cached somewhere in the context of this TC), and hence passes this TC.
 
The thing is IoTivity does not send its temporary UUID as its identity (as required by the architecture) and instead sends something else.
So, my OBT cannot map that to the PIN-based PSK and bails.
If the CTT was correctly checking the IUT’s identity, the CTT would’ve likely failed this TC with IoTivity.
~Kishen Maloor
 
Issue is already resolved on CTT side.
Logs: 

JIRA migration meta data

  • JIRA Issue ID: IOT-3293
  • Reporter: michal.wieckowski
  • Assignee: avolkov
  • Creator: michal.wieckowski
  • Created at: 2019-07-10T02:53:31.000-0700
  • Found in Version: master
  • Fix in Version: None
  • Issue Severity: Normal
  • Reproducibility: Always (100%)
  • Operating System: Ubuntu
  • Hardware/ OEM Platform: None
  • External URL: None
  • Bugzilla ID: None
  • Product: None
  • Status: Resolved
  • Components: SDK
  • Priority: P1
  • Due Date: None
  • Issue Type: Bug
    END of JIRA migration meta data