1. 16 Apr, 2020 1 commit
  2. 15 Apr, 2020 1 commit
  3. 27 Mar, 2020 1 commit
  4. 25 Jan, 2020 1 commit
    • George Nash's avatar
      Add OC_STORAGE define that is set in oc_config.h · b0e9dac7
      George Nash authored
      Persistant storage is currently only enabled if OC_SECURITY
      is defined.  This has lead implementation problems when
      implementing features like introspection, cloud, or
      software-update which also require persistant storage.
      
      This commit replaces the `#ifdef OC_SECURITY` with
      `#ifdef OC_STORAGE` in oc_storage.c.
      
      Inside config.h OC_STORAGE is defined if OC_SECURITY, OC_IDD_API
      OC_SOFTWARE_UPDATE, or OC_SECURITY is defined.
      
      Also updated samples that call oc_storage_config so they call it
      if OC_STORAGE is defined instead of OC_SECURITY.
      
      Removed the dummy storage implmentation from the
      oc_cloud_storage.c since OC_STORAGE is now defined by default
      when OC_CLOUD is defined.
      
      Some preprocessor check were added to check it one of the
      features that require OC_STORAGE is set but OC_STORAGE is not
      set. This will cause a build error and inform developers to
      check oc_config.h to make sure OC_STORAGE is set there.
      
      Change-Id: I9a9242349e939393f190cab373fe7d0252ae656c
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      b0e9dac7
  5. 26 Nov, 2019 2 commits
  6. 13 Nov, 2019 3 commits
  7. 12 Nov, 2019 1 commit
    • George Nash's avatar
      Flush the input buffer when scanf fails · 05aabd38
      George Nash authored
      If the input buffer is not flushed when scanf fails the menu
      options will go into an infinite loop when scanf fails since it
      will just continue to read the failed value from the input
      buffer over and over without asking the user for input again.
      
      Input needed to produce failure:
       - run onboarding tool
       - type 'q' enter when "Select option:" is shown
         (for some reason I keep typing 'q' instead of '99' when I
          want to exit the program.)
      
      Without this change:
       - The menu will be printed over and over in a loop.
      
      With this change
       - 'ERROR Invalid input' is printed then the menu without
         looping.
      
      Change-Id: I4407d2a1e091dc69e7e0a0b5579c4e1059e9f96e
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      05aabd38
  8. 10 Oct, 2019 1 commit
  9. 30 Sep, 2019 1 commit
  10. 26 Aug, 2019 1 commit
    • George Nash's avatar
      copy pki_certs into build folder · 837e726a
      George Nash authored
      The sample code showing certificate based OTM have hard
      coded paths to the *.pem certificates. This path is
      relative to the build output for the samples. This
      works for Linux but not for windows which does not
      use the same relative file layout for it build output
      
      Copying the *.pem certs so they are local to the sample
      makes it possible to move the build output without
      reproducing the entier directory structure of the project.
      
      In addition to copying the pki_certs into the build folder
      the Working Directory was updated in the project solution
      so if the code was lauched from the Visual Studio debugger
      it would launch from the proper directory.
      
      Added .gitattributes file.  The *.pem files must have linux
      style line ending if the windows system has core.autocrlf
      set to true the *.pem line ending will be changed to windows
      style line ending causing errors. In addition to explicity
      seting *.pem line ending some general defaults were set for
      some of the most common text formats found in the project.
      
      See https://git-scm.com/docs/gitattributes for more details
      reguarding the .gitattributes file.
      
      Change-Id: I6b63e36c3e496343f02e4af727a4238747c9c12c
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      837e726a
  11. 01 Aug, 2019 1 commit
  12. 23 Jul, 2019 1 commit
  13. 14 Jul, 2019 1 commit
  14. 11 Jul, 2019 1 commit
    • Kishen Maloor's avatar
      oc_obt & sample OBT:New provisioning capabilities · 61d11b62
      Kishen Maloor authored
      -During the first OBT initialization, oc_obt_init() generates a
      self-signed root certificate for use in the local security domain.
      -Added new provisioning APIs to oc_obt for:
       -Identity certificates signed by the OBT's root certificate.
       -Role certificates signed by the OBT's root certificate.
       -auth-crypt ACE for wildcard "*" resource with RW permissions.
       -Role ACE for wildcard "*" resource with RW permissions.
      These are all single API calls which subsume entire sequences of
      requests that are executed underneath and return the final result to
      the application (OBT).
      -Updated discover_owned_devices() to work through /oic/res instead of
      /oic/sec/doxm.
      -Update sample onboarding_tool with new set of options that exercises
      all of the above functions.
      
      Change-Id: I43000bebe554faf17e652b1563111be284b404e5
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      61d11b62
  15. 10 Jul, 2019 1 commit
    • Kishen Maloor's avatar
      oc_obt:disable mutual authentication during OTM · 1514c72b
      Kishen Maloor authored
      This change affects TLS handshakes during the Manufacturer Certificate
      Owner Transfer Method. As a consequence of this change, only OBTs
      need verify the PKI certificates of Servers. Servers do not solicit
      the OBT's PKI chain for verification. In other words, the OBT and Devices
      employ one-way authentication during the TLS handshake.
      
      The sample OBT (onboarding_tool) has been updated to not pre-install a
      PKI chain for itself, and only pre-installs all trusted roots.
      
      Change-Id: Ib935d10e494089a1b3e4f4c398bbf55c64d0d7f9
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      1514c72b
  16. 30 Sep, 2019 1 commit
  17. 24 Jun, 2019 1 commit
  18. 21 Jun, 2019 1 commit
  19. 10 Jun, 2019 1 commit
    • Kishen Maloor's avatar
      Add new APIs for realm/site-local IPv6 discovery · 6c9d33aa
      Kishen Maloor authored
      This change adds new Client APIs for performing resource discovery
      over the realm-local and site-local IPV6 scopes. The Linux IP adapter
      has been updated to set a hop limit of 255 for discovery over the
      wider IPv6 scopes.
      
      This change also adds similar APIs for issuing generalized mutlicast
      requests to any resource over the realm and site-local scopes.
      
      Lastly, oc_obt has been updated with new discovery APIs for owned
      and unowned devices over these wider scopes. The sample OBT has
      been updated with the new discovery options.
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Change-Id: Ib5c0adfb2f2c033a0a2dc2dc24796d3669acf1ec
      6c9d33aa
  20. 29 Apr, 2019 1 commit
  21. 17 Apr, 2019 1 commit
  22. 08 Apr, 2019 1 commit
    • Kishen Maloor's avatar
      oc_obt:Add onboarding support with Random PIN OTM · cb18797b
      Kishen Maloor authored
      This change adds new onboarding APIs to oc_obt for handling the Random PIN
      OTM. Specifically, it introduces two new APIs: one for requesting the peer
      device to generate (and display) a Random PIN, and one for executing the
      Random PIN OTM sequence in a TLS_PSK handshake that employs the PIN in
      deriving the symmetric key used for the handshake.
      
      OBT implementations are expected to invoke the first API and following a
      success response, accept the PIN via user input using any means defined by
      the application. Subsequently, the OBT invokes the second API, supplying
      the PIN for carrying out the entire OTM sequence.
      
      The sample onboarding_tool has been updated to support Random PIN OTM using
      these two APIs.
      
      This change also adds a new API oc_obt_shutdown() to be called by OBT
      implementations when they're about to terminate. This frees all internally
      allocated resources.
      
      Change-Id: I8ef2df9ffc08aa34c658c6d4c80ea1077a1bc9d9
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Reviewed-on: https://gerrit.iotivity.org/gerrit/29388Tested-by: default avatarIoTivity Jenkins <jenkins-daemon@iotivity.org>
      cb18797b
  23. 21 Feb, 2019 1 commit
  24. 07 Jan, 2019 1 commit
  25. 26 Nov, 2018 1 commit
    • Kishen Maloor's avatar
      Redesign on-boarding APIs in oc_obt · 2a4a594f
      Kishen Maloor authored
      This change introduces API and behavioral improvements to on-boarding
      functionality.
      
      Specifically, all oc_obt_xxx APIs accept an oc_uuid_t handle to refer to
      an OCF device. These are directly provided in the owned/un-owned device
      discovery callback, and it is assumed that applications would cache them
      for use in all future oc_obt invocations. It is further assumed that
      applications would distinguish between UUIDs of owned and un-owned devices
      and adjust its caches accordingly before and after ownership transfer.
      
      The callback following ownership transfer is also provided an oc_uuid_t
      reflecting an OCF device's persistent UUID. An application may use this as
      an opportunity to populate its owned device cache, without having to rediscover
      owned devices.
      
      The callbacks for provision ACE and hard RESET are also now provided an
      oc_uuid_t referring to the device in question.
      
      The callbacks for owned/un-owned device discovery are now invoked soon after
      responses arrive and not after some timeout/delay as was previously the case.
      This improves the user experience of the OBT.
      
      This change also by its nature fixes bugs that previously existed in oc_obt
      usage.
      
      The sample on-boarding tool has been updated to employ these changes.
      
      Change-Id: I95d90647fd64570fe8f55c0dfd525a884679bc3a
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Reviewed-on: https://gerrit.iotivity.org/gerrit/27577Tested-by: default avatarIoTivity Jenkins <jenkins-daemon@iotivity.org>
      2a4a594f
  26. 10 Jul, 2018 1 commit
    • Kishen Maloor's avatar
      oc_obt:behavioral improvements to onboarding apis · 6d37094f
      Kishen Maloor authored
      * With a new API to issue multicast requests, modified
        the discover owned/un-owned APIs to actually mutlicast GET
        to /oic/sec/doxm first, followed by a unicast GET to /oic/res
        to responding peers. The request to /oic/res is to obtain the
        full set of endpoints (secure/un-secure, IPv6/v4)
        from the "eps" parameter in the /oic/res response.
        Previously oc_obt would multicast GET to /oic/res first, followed
        by a unicast GET to /oic/sec/doxm. This would result in
        additional traffic on the network where all devices had to
        respond and handle both requests irrespective of their owned status.
        Hence, this change should reduce the overall traffic during OBT
        operations.
      * oc_obt maintains two caches: for un-owned devices and owned devices.
        Previously these caches and all device objects were freed following
        all oc_obt API calls. This change makes it so devices once
        in the owned device cache would continue to exist over the
        remaining lifetime of the application. Care is taken to ensure that
        subsequent re-discovery of owned devices does not populate duplicates
        to the owned device cache.
      * Devices on the un-owned device cache would continue to exist over
        the remaining lifetime of the application and until they are owned.
        Once owned, they are freed.
      
      Change-Id: I70831c5989fbbd32ba32710a954827a25000b6c9
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Reviewed-on: https://gerrit.iotivity.org/gerrit/26311Tested-by: default avatarIoTivity Jenkins <jenkins-daemon@iotivity.org>
      6d37094f
  27. 02 Jul, 2018 1 commit
  28. 15 Mar, 2018 1 commit
  29. 21 Dec, 2017 1 commit
    • Kishen Maloor's avatar
      Make onboarding infrastructure more fail-safe · d0c0c06a
      Kishen Maloor authored
      * Use Confirmable requests for all onboarding and
        provisioning sequences.
      * Track and maintain more state so that a severely
        delayed response that has exceeded its usefulness
        does not cause an onboarding tool to crash.
      * Return failures to clients (i.e. onboarding tools)
        soon after they’re caught rather than wait for the
        operation to timeout.
      * Set a large worst case timeout of 100s for
        onboarding APIs that would be hit in only those
        cases where device being onboarded has suddenly
        gone offline.
      * Added a MAX_OWNED_DEVICES def in the sample OBT
        which may be tweaked in one place when testing with
        a large number of devices.
      
      Change-Id: I47af4b8d0d3038291729190173f9b1a3b9df79c3
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Reviewed-on: https://gerrit.iotivity.org/gerrit/23815
      d0c0c06a
  30. 29 Nov, 2017 1 commit
  31. 20 Nov, 2017 1 commit
  32. 12 Oct, 2017 1 commit
    • Kishen Maloor's avatar
      Sec. Onboarding/provisioning APIs & sample OBT · 12ef098e
      Kishen Maloor authored
      This change adds a collection of fully asynchronous
      APIs to handle security onboarding and provisioning
      tasks. A user could build an onboarding tool
      (OBT) with a suitable user-interface and call into
      the oc_obt… APIs to discover un-owned/owned devices,
      perform ownership transfer, provision credentials
      and access-control entries, or perform a hard RESET
      of an owned device. These APIs are all laid out in
      include/oc_obt.h.
      
      The OBT would be just another IoTivity-Constrained
      application, and its storage would be handled in a
      similar fashion as any other application. It would call
      the implementation-dependent oc_storage_config() API to
      configure the location of the store.
      
      A sample command-line OBT is included that runs
      on Linux and can be used to provision devices and
      establish secure connections.
      
      Change-Id: I647564761cf35a0f0461db72a975cbfd1121038e
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Reviewed-on: https://gerrit.iotivity.org/gerrit/22771
      12ef098e