Skip to content

GitLab

I
iotivity-lite
Switch branch/tag
  1. 16 Apr, 2020 1 commit
  3. 15 Apr, 2020 1 commit
  5. 27 Mar, 2020 1 commit
  7. 25 Jan, 2020 1 commit
    • George Nash's avatar
      Add OC_STORAGE define that is set in oc_config.h · b0e9dac7
      George Nash authored 
      Persistant storage is currently only enabled if OC_SECURITY
is defined.  This has lead implementation problems when
implementing features like introspection, cloud, or
software-update which also require persistant storage.

This commit replaces the `#ifdef OC_SECURITY` with
`#ifdef OC_STORAGE` in oc_storage.c.

Inside config.h OC_STORAGE is defined if OC_SECURITY, OC_IDD_API
OC_SOFTWARE_UPDATE, or OC_SECURITY is defined.

Also updated samples that call oc_storage_config so they call it
if OC_STORAGE is defined instead of OC_SECURITY.

Removed the dummy storage implmentation from the
oc_cloud_storage.c since OC_STORAGE is now defined by default
when OC_CLOUD is defined.

Some preprocessor check were added to check it one of the
features that require OC_STORAGE is set but OC_STORAGE is not
set. This will cause a build error and inform developers to
check oc_config.h to make sure OC_STORAGE is set there.

Change-Id: I9a9242349e939393f190cab373fe7d0252ae656c
Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      b0e9dac7
  9. 26 Nov, 2019 2 commits
  11. 13 Nov, 2019 3 commits
  13. 12 Nov, 2019 1 commit
    • George Nash's avatar
      Flush the input buffer when scanf fails · 05aabd38
      George Nash authored 
      If the input buffer is not flushed when scanf fails the menu
options will go into an infinite loop when scanf fails since it
will just continue to read the failed value from the input
buffer over and over without asking the user for input again.

Input needed to produce failure:
 - run onboarding tool
 - type 'q' enter when "Select option:" is shown
   (for some reason I keep typing 'q' instead of '99' when I
    want to exit the program.)

Without this change:
 - The menu will be printed over and over in a loop.

With this change
 - 'ERROR Invalid input' is printed then the menu without
   looping.

Change-Id: I4407d2a1e091dc69e7e0a0b5579c4e1059e9f96e
Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      05aabd38
  15. 10 Oct, 2019 1 commit
  17. 30 Sep, 2019 1 commit
  19. 26 Aug, 2019 1 commit
    • George Nash's avatar
      copy pki_certs into build folder · 837e726a
      George Nash authored 
      The sample code showing certificate based OTM have hard
coded paths to the *.pem certificates. This path is
relative to the build output for the samples. This
works for Linux but not for windows which does not
use the same relative file layout for it build output

Copying the *.pem certs so they are local to the sample
makes it possible to move the build output without
reproducing the entier directory structure of the project.

In addition to copying the pki_certs into the build folder
the Working Directory was updated in the project solution
so if the code was lauched from the Visual Studio debugger
it would launch from the proper directory.

Added .gitattributes file.  The *.pem files must have linux
style line ending if the windows system has core.autocrlf
set to true the *.pem line ending will be changed to windows
style line ending causing errors. In addition to explicity
seting *.pem line ending some general defaults were set for
some of the most common text formats found in the project.

See https://git-scm.com/docs/gitattributes for more details
reguarding the .gitattributes file.

Change-Id: I6b63e36c3e496343f02e4af727a4238747c9c12c
Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      837e726a
  21. 01 Aug, 2019 1 commit
  23. 23 Jul, 2019 1 commit
  25. 14 Jul, 2019 1 commit
  27. 11 Jul, 2019 1 commit
    • Kishen Maloor's avatar
      oc_obt & sample OBT:New provisioning capabilities · 61d11b62
      Kishen Maloor authored 
      -During the first OBT initialization, oc_obt_init() generates a
self-signed root certificate for use in the local security domain.
-Added new provisioning APIs to oc_obt for:
 -Identity certificates signed by the OBT's root certificate.
 -Role certificates signed by the OBT's root certificate.
 -auth-crypt ACE for wildcard "*" resource with RW permissions.
 -Role ACE for wildcard "*" resource with RW permissions.
These are all single API calls which subsume entire sequences of
requests that are executed underneath and return the final result to
the application (OBT).
-Updated discover_owned_devices() to work through /oic/res instead of
/oic/sec/doxm.
-Update sample onboarding_tool with new set of options that exercises
all of the above functions.

Change-Id: I43000bebe554faf17e652b1563111be284b404e5
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      61d11b62
  29. 10 Jul, 2019 1 commit
    • Kishen Maloor's avatar
      oc_obt:disable mutual authentication during OTM · 1514c72b
      Kishen Maloor authored 
      This change affects TLS handshakes during the Manufacturer Certificate
Owner Transfer Method. As a consequence of this change, only OBTs
need verify the PKI certificates of Servers. Servers do not solicit
the OBT's PKI chain for verification. In other words, the OBT and Devices
employ one-way authentication during the TLS handshake.

The sample OBT (onboarding_tool) has been updated to not pre-install a
PKI chain for itself, and only pre-installs all trusted roots.

Change-Id: Ib935d10e494089a1b3e4f4c398bbf55c64d0d7f9
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      1514c72b
  31. 30 Sep, 2019 1 commit
  33. 24 Jun, 2019 1 commit
  35. 21 Jun, 2019 1 commit
  37. 10 Jun, 2019 1 commit
    • Kishen Maloor's avatar
      Add new APIs for realm/site-local IPv6 discovery · 6c9d33aa
      Kishen Maloor authored 
      This change adds new Client APIs for performing resource discovery
over the realm-local and site-local IPV6 scopes. The Linux IP adapter
has been updated to set a hop limit of 255 for discovery over the
wider IPv6 scopes.

This change also adds similar APIs for issuing generalized mutlicast
requests to any resource over the realm and site-local scopes.

Lastly, oc_obt has been updated with new discovery APIs for owned
and unowned devices over these wider scopes. The sample OBT has
been updated with the new discovery options.
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
Change-Id: Ib5c0adfb2f2c033a0a2dc2dc24796d3669acf1ec
      6c9d33aa
  39. 29 Apr, 2019 1 commit
  41. 17 Apr, 2019 1 commit
  43. 08 Apr, 2019 1 commit
    • Kishen Maloor's avatar
      oc_obt:Add onboarding support with Random PIN OTM · cb18797b
      Kishen Maloor authored 
      This change adds new onboarding APIs to oc_obt for handling the Random PIN
OTM. Specifically, it introduces two new APIs: one for requesting the peer
device to generate (and display) a Random PIN, and one for executing the
Random PIN OTM sequence in a TLS_PSK handshake that employs the PIN in
deriving the symmetric key used for the handshake.

OBT implementations are expected to invoke the first API and following a
success response, accept the PIN via user input using any means defined by
the application. Subsequently, the OBT invokes the second API, supplying
the PIN for carrying out the entire OTM sequence.

The sample onboarding_tool has been updated to support Random PIN OTM using
these two APIs.

This change also adds a new API oc_obt_shutdown() to be called by OBT
implementations when they're about to terminate. This frees all internally
allocated resources.

Change-Id: I8ef2df9ffc08aa34c658c6d4c80ea1077a1bc9d9
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/29388Tested-by: default avatarIoTivity Jenkins <jenkins-daemon@iotivity.org>
      cb18797b
  45. 21 Feb, 2019 1 commit
  47. 07 Jan, 2019 1 commit
  49. 26 Nov, 2018 1 commit
    • Kishen Maloor's avatar
      Redesign on-boarding APIs in oc_obt · 2a4a594f
      Kishen Maloor authored 
      This change introduces API and behavioral improvements to on-boarding
functionality.

Specifically, all oc_obt_xxx APIs accept an oc_uuid_t handle to refer to
an OCF device. These are directly provided in the owned/un-owned device
discovery callback, and it is assumed that applications would cache them
for use in all future oc_obt invocations. It is further assumed that
applications would distinguish between UUIDs of owned and un-owned devices
and adjust its caches accordingly before and after ownership transfer.

The callback following ownership transfer is also provided an oc_uuid_t
reflecting an OCF device's persistent UUID. An application may use this as
an opportunity to populate its owned device cache, without having to rediscover
owned devices.

The callbacks for provision ACE and hard RESET are also now provided an
oc_uuid_t referring to the device in question.

The callbacks for owned/un-owned device discovery are now invoked soon after
responses arrive and not after some timeout/delay as was previously the case.
This improves the user experience of the OBT.

This change also by its nature fixes bugs that previously existed in oc_obt
usage.

The sample on-boarding tool has been updated to employ these changes.

Change-Id: I95d90647fd64570fe8f55c0dfd525a884679bc3a
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/27577Tested-by: default avatarIoTivity Jenkins <jenkins-daemon@iotivity.org>
      2a4a594f
  51. 10 Jul, 2018 1 commit
    • Kishen Maloor's avatar
      oc_obt:behavioral improvements to onboarding apis · 6d37094f
      Kishen Maloor authored 
      * With a new API to issue multicast requests, modified
  the discover owned/un-owned APIs to actually mutlicast GET
  to /oic/sec/doxm first, followed by a unicast GET to /oic/res
  to responding peers. The request to /oic/res is to obtain the
  full set of endpoints (secure/un-secure, IPv6/v4)
  from the "eps" parameter in the /oic/res response.
  Previously oc_obt would multicast GET to /oic/res first, followed
  by a unicast GET to /oic/sec/doxm. This would result in
  additional traffic on the network where all devices had to
  respond and handle both requests irrespective of their owned status.
  Hence, this change should reduce the overall traffic during OBT
  operations.
* oc_obt maintains two caches: for un-owned devices and owned devices.
  Previously these caches and all device objects were freed following
  all oc_obt API calls. This change makes it so devices once
  in the owned device cache would continue to exist over the
  remaining lifetime of the application. Care is taken to ensure that
  subsequent re-discovery of owned devices does not populate duplicates
  to the owned device cache.
* Devices on the un-owned device cache would continue to exist over
  the remaining lifetime of the application and until they are owned.
  Once owned, they are freed.

Change-Id: I70831c5989fbbd32ba32710a954827a25000b6c9
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/26311Tested-by: default avatarIoTivity Jenkins <jenkins-daemon@iotivity.org>
      6d37094f
  53. 02 Jul, 2018 1 commit
  55. 15 Mar, 2018 1 commit
  57. 21 Dec, 2017 1 commit
    • Kishen Maloor's avatar
      Make onboarding infrastructure more fail-safe · d0c0c06a
      Kishen Maloor authored 
      * Use Confirmable requests for all onboarding and
  provisioning sequences.
* Track and maintain more state so that a severely
  delayed response that has exceeded its usefulness
  does not cause an onboarding tool to crash.
* Return failures to clients (i.e. onboarding tools)
  soon after they’re caught rather than wait for the
  operation to timeout.
* Set a large worst case timeout of 100s for
  onboarding APIs that would be hit in only those
  cases where device being onboarded has suddenly
  gone offline.
* Added a MAX_OWNED_DEVICES def in the sample OBT
  which may be tweaked in one place when testing with
  a large number of devices.

Change-Id: I47af4b8d0d3038291729190173f9b1a3b9df79c3
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/23815
      d0c0c06a
  59. 29 Nov, 2017 1 commit
  61. 20 Nov, 2017 1 commit
  63. 12 Oct, 2017 1 commit
    • Kishen Maloor's avatar
      Sec. Onboarding/provisioning APIs & sample OBT · 12ef098e
      Kishen Maloor authored 
      This change adds a collection of fully asynchronous
APIs to handle security onboarding and provisioning
tasks. A user could build an onboarding tool
(OBT) with a suitable user-interface and call into
the oc_obt… APIs to discover un-owned/owned devices,
perform ownership transfer, provision credentials
and access-control entries, or perform a hard RESET
of an owned device. These APIs are all laid out in
include/oc_obt.h.

The OBT would be just another IoTivity-Constrained
application, and its storage would be handled in a
similar fashion as any other application. It would call
the implementation-dependent oc_storage_config() API to
configure the location of the store.

A sample command-line OBT is included that runs
on Linux and can be used to provision devices and
establish secure connections.

Change-Id: I647564761cf35a0f0461db72a975cbfd1121038e
Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/22771
      12ef098e