1. 08 Oct, 2019 2 commits
  2. 07 Oct, 2019 1 commit
  3. 06 Jul, 2019 1 commit
  4. 30 Sep, 2019 1 commit
  5. 24 Sep, 2019 1 commit
  6. 18 Sep, 2019 1 commit
  7. 17 Sep, 2019 2 commits
  8. 26 Aug, 2019 2 commits
    • George Nash's avatar
      copy pki_certs into build folder · 837e726a
      George Nash authored
      The sample code showing certificate based OTM have hard
      coded paths to the *.pem certificates. This path is
      relative to the build output for the samples. This
      works for Linux but not for windows which does not
      use the same relative file layout for it build output
      
      Copying the *.pem certs so they are local to the sample
      makes it possible to move the build output without
      reproducing the entier directory structure of the project.
      
      In addition to copying the pki_certs into the build folder
      the Working Directory was updated in the project solution
      so if the code was lauched from the Visual Studio debugger
      it would launch from the proper directory.
      
      Added .gitattributes file.  The *.pem files must have linux
      style line ending if the windows system has core.autocrlf
      set to true the *.pem line ending will be changed to windows
      style line ending causing errors. In addition to explicity
      seting *.pem line ending some general defaults were set for
      some of the most common text formats found in the project.
      
      See https://git-scm.com/docs/gitattributes for more details
      reguarding the .gitattributes file.
      
      Change-Id: I6b63e36c3e496343f02e4af727a4238747c9c12c
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      837e726a
    • George Nash's avatar
      Add new files to Windows build solution · 5c4339f7
      George Nash authored
      This adds oc_mnt.c/.h and oc_session_events_internal.h
      to the windows build solution.
      
      Change-Id: I752f0d5128683fac2baf4ba568eaf1350a96fa09
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      5c4339f7
  9. 20 Aug, 2019 1 commit
  10. 18 Jul, 2019 2 commits
    • Kishen Maloor's avatar
      Update Android port · b2fe726c
      Kishen Maloor authored
      * Fix/update TCP and IP adapters to achieve functional equivalence
        to the Linux adapters.
      * Add missing PKI and Cloud related code components to the Makefile.
      
      Change-Id: Ib0d8b823014a42321b3d67dbea9a9315ea16bd8f
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      b2fe726c
    • George Nash's avatar
      Update windows build solution · 663298b8
      George Nash authored
      Rename IoTivity-Constraned to IoTivity-lite
      
      Add new oc_obt (secuirty) files
      
      With out this fix the windows build will fail due to multiple
      link errors.
      
      Add OC_PKI to the preprocessor options for the onboarding_tool
      sample
      
      Change-Id: I8e5fdee8bba5b31097cf28257d7814266be58316
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      663298b8
  11. 14 Jul, 2019 1 commit
  12. 11 Jul, 2019 3 commits
    • Kishen Maloor's avatar
      oc_obt & sample OBT:New provisioning capabilities · 61d11b62
      Kishen Maloor authored
      -During the first OBT initialization, oc_obt_init() generates a
      self-signed root certificate for use in the local security domain.
      -Added new provisioning APIs to oc_obt for:
       -Identity certificates signed by the OBT's root certificate.
       -Role certificates signed by the OBT's root certificate.
       -auth-crypt ACE for wildcard "*" resource with RW permissions.
       -Role ACE for wildcard "*" resource with RW permissions.
      These are all single API calls which subsume entire sequences of
      requests that are executed underneath and return the final result to
      the application (OBT).
      -Updated discover_owned_devices() to work through /oic/res instead of
      /oic/sec/doxm.
      -Update sample onboarding_tool with new set of options that exercises
      all of the above functions.
      
      Change-Id: I43000bebe554faf17e652b1563111be284b404e5
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      61d11b62
    • Kishen Maloor's avatar
      oc_certs: fixes and new APIs · 21fdbf9c
      Kishen Maloor authored
      -Added new internal APIs:
       -oc_certs_generate_serial_number()
        Serial numbers for X.509 certificates.
       -oc_certs_encode_CN_with_UUID()
        Returns a string of the form uuid:<UUID>, which is encoded into the
        Subject/CN component of certificates.
       -oc_certs_is_PEM()
        Checks if the input string is encoded in the PEM format.
       -oc_certs_validate_csr()
        Verifies that the hash of the CertificateRequestInfo structure of the
        CSR message matches the signature in the CSR. This proves that the device
        possesses the private key corresponding to the public key provided with
        the CSR. A mismatch in hashes is deemed as an invalid CSR.
      
      -Fix oc_certs_parse_role_certificate().
      
      Change-Id: I4fda0d88a9c82f20bf0dd0742ecf7c1b51ee03b0
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      21fdbf9c
    • Kishen Maloor's avatar
      Set addr_local in client-discovered resource eps · 7a3abd1f
      Kishen Maloor authored
      Change-Id: Ia8789e3a3176536a903dc70d7fcbf7c58803d58b
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      7a3abd1f
  13. 10 Jun, 2019 6 commits
    • George Nash's avatar
      Add tcpadapter to Android/update Makefile · 8edc9d03
      George Nash authored
      This updates the Android makefile so it is able to build again.
      Notable changes:
       - add x509x source files to DTLS code
       - changed default value for ANDROID_API from 19 to 23
       - added default values for DYNAMIC, SECURE, and PKI build options
       - updated starting CFLAGS value
         - -fPIE -pie changed to -fPIC
         - -fno-reorder-functions and -fno-defer-pop were removed
           due to warnings about them being unknown tags
       - add misc. security files to the build.
      
      The tcpadapter code is a straight copy/paste of the tcpadapter.c/.h
      from the Linux port. No modifications were made to tcpadapter.
      Only changes made were:
       - added the adapter_receive_state_t to ipcontext.h needed by
         tcpadapter.
      
      Most Makefile changes were obtained by referencing the Makefile
      found in the `swig` branch.
      
      Change-Id: Ifddcac31ad60a42c363206e397760a57466a551a
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      8edc9d03
    • Kishen Maloor's avatar
      Complete OCF Cloud Support and sample test apps · 28ae13db
      Kishen Maloor authored
      This change massively overhauls OCF Cloud code and fully
      integrates it into the stack as a core feature. It has
      been tested for compliance with the current OCF Specification
      via the OCF conformance tool.
      
      Below is a high level summary of the changes:
      
      -Introduced new Cloud APIs to register, login, logout,
      deregister, perform token refresh, and publish resources.
      This enables application logic to drive their interactions with
      the OCF Cloud.
      
      Support for the Cloud Manager is being maintained per earlier
      contributions and serve as an alternative method for
      applications to connect with the Cloud. The cloud_manager_start/_stop
      APIs may be invoked by applications with a callback to
      provide an indication of connection state. The state machine has
      been updated to not switch to a "reconnecting" state upon
      receiving a redirect, but rather to just close the current
      connection and attempt a "login" with the REGISTERED bit staying
      set (more on this below wrt to the handling of oc_cloud_status_t).
      
      The full set of public APIs for Cloud support is now declared
      in include/oc_cloud.h.
      
      Response callbacks for all Cloud APIs has been kept consistent
      and only include the current Cloud Status and user parameter.
      
      -The CoAPCloudConf resource is now instantiated internally as an
      OCF "core resource" and is treated as a Device Configuration
      Resource (DCR) for access-control behaviors.
      
      -Initialization and shutdown of the internal constructs for Cloud
      support is now handled internally. Applications only ever need to
      invoke the aforementioned APIs for working with the Cloud feature
      anytime after oc_main_init().
      
      -Device Ownership State (dos) is checked internally in all Cloud
      API implementations to ensure that requests are not issued unless
      the dos is RFNOP.
      
      -Following a hard reset via /oic/sec/pstat or /oic/mnt, the Device
      is made to deregister from the Cloud, the connection is closed,
      and CoAPCloudConf is fully cleared, as required by the specification.
      
      -Internal response handlers for all Cloud requests have been updated
      to correctly handle the distinction between an "error response" and
      "error connect" in setting the last error code.
      
      -As Cloud support requires full support of Client and Server
      functions, it is incorporated into the Client_Server configuration.
      Accordingly, applications must link in the lib..client-server..
      library.
      
      Cloud support code is guarded by #ifdef OC_CLOUD (to make it
      optional), and all references to the Cloud feature in the rest of
      the stack require both OC_CLIENT and OC_SERVER to be defined.
      
      -oc_cloud_status_t has been updated to act as a bit mask (not
      exclusive) and hence all Cloud API callbacks must query the
      status for all relevant bits and take appropriate actions.
      For e.g., after successfully logging into the Cloud, the cloud
      status has both the REGISTERED and LOGGED_IN bits set. The
      sample applications illustrate the use of this pattern.
      
      -The status flags in oc_cloud_status_t have been renamed to match
      their names from the Cloud specification for sake of consistency.
      Further, new flags have been added to capture the LOGGED_OUT and
      DEREGISTERED statuses. When a response from the Cloud includes the
      expires_in property, the new status bit TOKEN_EXPIRY is set.
      Applications are expected to query this bit, and if set must
      retrieve the "expires_in" value using the new
      oc_cloud_get_token_expiry() API.
      
      -All of the Cloud code has been moved under api/cloud.
      
      -Preexisting unit tests have been updated but may need to be
      reworked,and possibly new tests added for better coverage. They
      are currently excluded from the Linux build pending their
      completion.
      
      -A new sample cloud_certification_tests has been added to
      illustrate the use of all Cloud APs with a command-line interface
      and serves as the means to perform all certification tests
      pertaining to the Cloud using OCF's Conformance Test Tool.
      The cloud_linux sample has been updated to reflect the recent
      API updates.
      
      -Misc. cleanup and code style fixes.
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Change-Id: I6f65551dfd0f02cf37186ecf3ccc0320c16ad251
      28ae13db
    • Kishen Maloor's avatar
      linux/Makefile:add -fsanitize=address with ASAN=1 · b3625819
      Kishen Maloor authored
      This change adds the address sanitizer to the Linux build
      using the ASAN=1 command-line switch while running make.
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Change-Id: If2dac8ce6a4bbc10e16b8d66ecfcd61be807b472
      b3625819
    • Kishen Maloor's avatar
      Add new APIs for realm/site-local IPv6 discovery · 6c9d33aa
      Kishen Maloor authored
      This change adds new Client APIs for performing resource discovery
      over the realm-local and site-local IPV6 scopes. The Linux IP adapter
      has been updated to set a hop limit of 255 for discovery over the
      wider IPv6 scopes.
      
      This change also adds similar APIs for issuing generalized mutlicast
      requests to any resource over the realm and site-local scopes.
      
      Lastly, oc_obt has been updated with new discovery APIs for owned
      and unowned devices over these wider scopes. The sample OBT has
      been updated with the new discovery options.
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Change-Id: Ib5c0adfb2f2c033a0a2dc2dc24796d3669acf1ec
      6c9d33aa
    • Kishen Maloor's avatar
      oc_session_events: clear deadlock · 2c7be5bc
      Kishen Maloor authored
      This change clears a deadlock arising in free_session_state_delayed()
      from the invocation of oc_session_end_event() while freeing
      TCP session state. The problem was fixed by synchronizing access
      only to the session list and excluding the rest of the code block
      in free_session_state_delayed() which is where a call to
      oc_session_end_event() is made.
      
      Further, oc_tls was updated to call oc_handle_session() directly
      rather than using the session_events process as routines in
      oc_tls always execute on the main (background) thread.
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Change-Id: I7bdbec84acae463dee9bed9bbe4868a022430fde
      2c7be5bc
    • Kishen Maloor's avatar
      Propagate TLS errors to the app layer in Clients · 39b106c2
      Kishen Maloor authored
      This change adds a mechanism to free active Client callbacks
      associated with an endpoint on encountering an error at the TLS layer.
      Before freeing the callback, it is once invoked internally with no
      payload and supplying it the 5.03 (Service_Unavailable) status code
      in order to notify Client application logic of the failure.
      
      Previously, Client applications received no such notification
      in their request handlers.
      They could only set a separate session_events callback to track session
      state per endpoint, requiring multiple such callbacks and more logic to
      discern the states of requests. This change obviates the need for those
      callbacks and vastly simplifies application logic.
      
      In other scenarios involving long sequences of requests, this change
      makes it possible to immediately terminate the sequence following a
      TLS error instead of requiring to waiting for a timeout at the
      CoAP layer to expire.
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Change-Id: I4501360cb6de7c04dbb90bd5310b60b67fcef4ed
      39b106c2
  14. 23 May, 2019 2 commits
    • Jozef Kralik's avatar
      [LITE-43] Implement Cloud service · 04471e61
      Jozef Kralik authored
      Provides API for connect a device to the Cloud Interface.
      
      Cloud Sample apps/cloud_linux.c
      Cloud API: service/cloud/include/cloud.h
      
      Limitations:
       * Cloud always try to connect to the Cloud Interface
       * Delays are not configurable (ping, publish resources, ...)
       * Sid isn't verified
      
      Change-Id: I3faf440f0fd00648cf0e01f50763d80c785cd734
      Signed-off-by: Jozef Kralik's avatarJozef Kralik <jojo.lwin@gmail.com>
      04471e61
    • George Nash's avatar
      Rework of oc_introspection.h · 55de9c39
      George Nash authored
      The oc_set_introspection_file is no long avalible. Now
      it will default to the file IDD_<device_index> from oc_storage.
      
      This adds the oc_set_introspection_data function to
      the oc_introspection.h header. This enables setting
      the introspection data by passing in an array of bytes via
      the oc_set_introspection_data function.
      
      The compiler define OC_IDD_FILE was change to OC_IDD_API since
      we no longer specify file names.
      
      As a side in the windows  build OC_IDD_API is set as the
      default.
      
      Users can get the same behavior as building the code without
      OC_IDD_API by including server_introspection.dat.h in their
      server program and calling
      oc_set_interspection_data(0,
                                introspection_Data,
                                introspection_data_size);
      
      The function oc_create_introspection_resourcewas moved
      to a new internal header file oc_introspection_internal.h.
      The function is only expected to be called by the framework
      and there is no need to expose it to end users as public APIs.
      
      Change-Id: I9ec452afbf96510c82557eeb1b8b79a8949eeb25
      Signed-off-by: George Nash's avatarGeorge Nash <george.nash@intel.com>
      55de9c39
  15. 12 Apr, 2019 1 commit
  16. 11 Apr, 2019 1 commit
  17. 08 Apr, 2019 2 commits
    • Kishen Maloor's avatar
      oc_obt:Add onboarding support with Random PIN OTM · cb18797b
      Kishen Maloor authored
      This change adds new onboarding APIs to oc_obt for handling the Random PIN
      OTM. Specifically, it introduces two new APIs: one for requesting the peer
      device to generate (and display) a Random PIN, and one for executing the
      Random PIN OTM sequence in a TLS_PSK handshake that employs the PIN in
      deriving the symmetric key used for the handshake.
      
      OBT implementations are expected to invoke the first API and following a
      success response, accept the PIN via user input using any means defined by
      the application. Subsequently, the OBT invokes the second API, supplying
      the PIN for carrying out the entire OTM sequence.
      
      The sample onboarding_tool has been updated to support Random PIN OTM using
      these two APIs.
      
      This change also adds a new API oc_obt_shutdown() to be called by OBT
      implementations when they're about to terminate. This frees all internally
      allocated resources.
      
      Change-Id: I8ef2df9ffc08aa34c658c6d4c80ea1077a1bc9d9
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Reviewed-on: https://gerrit.iotivity.org/gerrit/29388Tested-by: default avatarIoTivity Jenkins <jenkins-daemon@iotivity.org>
      cb18797b
    • Kishen Maloor's avatar
      Refactor oc_obt to implement OTMs separately · ce2177ae
      Kishen Maloor authored
      This change restructures oc_obt to seaprate out the core request sequences
      for the different OTMs from common functions that apply to all OTM
      sequences and other horizontal security provisioning functions.
      
      As a result, each OTM may be implemented in individual modules thus
      improving their maintainability. A new internal header oc_obt_internal.h
      contains all the common internal structures and APIs to be harnessed by
      all OTM implementations.
      
      Change-Id: Ib8eea60a63423f64ab62e9cd1da90d200cf9ba0b
      Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
      Reviewed-on: https://gerrit.iotivity.org/gerrit/29387Tested-by: default avatarIoTivity Jenkins <jenkins-daemon@iotivity.org>
      ce2177ae
  18. 05 Apr, 2019 1 commit
  19. 15 Mar, 2019 1 commit
  20. 21 Feb, 2019 5 commits
  21. 01 Feb, 2019 2 commits
  22. 24 Jan, 2019 1 commit