fixup! Refactor oc_cred.c and oc_roles.c

iotivity · Jul 17, 2023 · b8fbe60 · b8fbe60
1 parent 68ad9a1
commit b8fbe60
Show file tree

Hide file tree

Showing 20 changed files with 1,348 additions and 725 deletions.
diff --git a/.github/workflows/sonar-cloud-analysis.yml b/.github/workflows/sonar-cloud-analysis.yml
@@ -28,7 +28,7 @@ jobs:
           # cloud (ipv4+tcp) on, collection create on, push on, rfotm on
           - build_args: "-DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON"
           # ipv6 dns on, oscore off, rep realloc on
-          - build_args: "-DOC_DNS_LOOKUP_IPV6_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DOC_REP_ENCODING_REALLOC=ON"
+          - build_args: "-DOC_DNS_LOOKUP_IPV6_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
           # ipv4 on, tcp on, dynamic allocation off, rfotm on
           - build_args: "-DOC_IPV4_ENABLED=ON -DOC_TCP_ENABLED=ON -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON"
           # security off, cloud (ipv4+tcp), collection create on, push on, introspection IDD off

diff --git a/api/client/unittest/clientcbtest.cpp b/api/client/unittest/clientcbtest.cpp
@@ -57,7 +57,7 @@ class TestClientCB : public testing::Test {
   static oc_discovery_flags_t discoveryHandler(const char *, const char *,
                                                oc_string_array_t,
                                                oc_interface_mask_t,
-                                               oc_endpoint_t *,
+                                               const oc_endpoint_t *,
                                                oc_resource_properties_t, void *)
   {
     TestClientCB::discoveryHandlerInvoked = true;
@@ -66,7 +66,7 @@ class TestClientCB : public testing::Test {
 
   static oc_discovery_flags_t discoveryAllHandler(
     const char *, const char *, oc_string_array_t, oc_interface_mask_t,
-    oc_endpoint_t *, oc_resource_properties_t, bool, void *)
+    const oc_endpoint_t *, oc_resource_properties_t, bool, void *)
   {
     TestClientCB::discoveryAllHandlerInvoked = true;
     return OC_STOP_DISCOVERY;

diff --git a/port/android/Makefile b/port/android/Makefile
@@ -140,7 +140,7 @@ ifeq ($(PKI),1)
 	CTIMESTAMP=../../api/c-timestamp/timestamp_tm.c
 endif
 
-CTIMESTAMP+=../../api/c-timestamp/timestamp_format.c ../../api/c-timestamp/timestamp_valid.c ../../api/c-timestamp/timestamp_parse.c
+CTIMESTAMP+=../../api/c-timestamp/timestamp_compare.c ../../api/c-timestamp/timestamp_format.c ../../api/c-timestamp/timestamp_valid.c ../../api/c-timestamp/timestamp_parse.c
 
 SRC_PORT_COMMON:=$(wildcard ../../port/common/*.c)
 ifneq ($(MEMORY_TRACE),1)
@@ -255,7 +255,7 @@ ifeq ($(PLGD_DEV_TIME),1)
 endif
 
 ifneq ($(SECURE),0)
-	SRC += $(addprefix ../../security/, oc_acl.c oc_ael.c oc_audit.c oc_certs.c oc_certs_validate.c oc_cred.c oc_csr.c oc_doxm.c oc_entropy.c \
+	SRC += $(addprefix ../../security/, oc_acl.c oc_ael.c oc_audit.c oc_certs.c oc_certs_generate.c oc_certs_validate.c oc_cred.c oc_csr.c oc_doxm.c oc_entropy.c \
 			oc_keypair.c oc_pki.c oc_pstat.c oc_roles.c oc_sdi.c oc_security.c oc_sp.c oc_store.c oc_svr.c oc_tls.c)
 	SRC_COMMON += $(addprefix $(MBEDTLS_DIR)/library/,${DTLS})
 	MBEDTLS_PATCH_FILE := $(MBEDTLS_DIR)/patched.txt

diff --git a/port/arduino/adapter/Makefile b/port/arduino/adapter/Makefile
@@ -39,7 +39,7 @@ ifeq ($(DYNAMIC),1)
 endif
 
 ifeq ($(SECURE),1)
-	SEC_SRC += $(addprefix $(ROOT_DIR)/security/, oc_acl.c oc_cred.c oc_certs.c oc_certs_validate.c oc_csr.c oc_doxm.c oc_entropy.c \
+	SEC_SRC += $(addprefix $(ROOT_DIR)/security/, oc_acl.c oc_cred.c oc_certs.c oc_certs_generate.c oc_certs_validate.c oc_csr.c oc_doxm.c oc_entropy.c \
 	              oc_keypair.c oc_pki.c oc_pstat.c oc_roles.c oc_security.c oc_sp.c oc_store.c oc_svr.c oc_tls.c)
 	SRC += $(SEC_SRC)
 	SRC_COMMON += $(addprefix $(MBEDTLS_DIR)/library/,${DTLS})

diff --git a/port/esp32/main/CMakeLists.txt b/port/esp32/main/CMakeLists.txt
@@ -157,6 +157,7 @@ if(CONFIG_SECURE)
 		${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_ael.c
 		${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_audit.c
 		${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_certs.c
+		${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_certs_generate.c
 		${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_certs_validate.c
 		${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_cred.c
 		${CMAKE_CURRENT_SOURCE_DIR}/../../../security/oc_csr.c

diff --git a/port/linux/Makefile b/port/linux/Makefile
@@ -112,7 +112,7 @@ ifeq ($(PKI),1)
 	CTIMESTAMP=../../api/c-timestamp/timestamp_tm.c
 endif
 
-CTIMESTAMP+=../../api/c-timestamp/timestamp_format.c ../../api/c-timestamp/timestamp_valid.c ../../api/c-timestamp/timestamp_parse.c
+CTIMESTAMP+=../../api/c-timestamp/timestamp_compare.c ../../api/c-timestamp/timestamp_format.c ../../api/c-timestamp/timestamp_valid.c ../../api/c-timestamp/timestamp_parse.c
 
 SRC_PORT_COMMON:=$(wildcard ../../port/common/*.c)
 ifneq ($(MEMORY_TRACE),1)
@@ -254,7 +254,7 @@ endif
 
 
 ifneq ($(SECURE),0)
-	SRC += $(addprefix ../../security/,	oc_acl.c oc_ael.c oc_audit.c oc_certs.c oc_certs_validate.c oc_cred.c oc_csr.c oc_doxm.c oc_entropy.c \
+	SRC += $(addprefix ../../security/,	oc_acl.c oc_ael.c oc_audit.c oc_certs.c oc_certs_generate.c oc_certs_validate.c oc_cred.c oc_csr.c oc_doxm.c oc_entropy.c \
 			oc_keypair.c oc_oscore_engine.c oc_oscore_crypto.c oc_oscore_context.c oc_pki.c oc_pstat.c oc_roles.c oc_sdi.c \
 			oc_security.c oc_sp.c oc_store.c oc_svr.c oc_tls.c)
 	SRC_COMMON += $(addprefix $(MBEDTLS_DIR)/library/,${DTLS})

diff --git a/port/windows/vs2015/IoTivity-lite.vcxproj b/port/windows/vs2015/IoTivity-lite.vcxproj
@@ -427,6 +427,8 @@
     <ClCompile Include="..\..\..\security\oc_ael.c" />
     <ClCompile Include="..\..\..\security\oc_audit.c" />
     <ClCompile Include="..\..\..\security\oc_certs.c" />
+    <ClCompile Include="..\..\..\security\oc_certs_generate.c" />
+    <ClCompile Include="..\..\..\security\oc_certs_validate.c" />
     <ClCompile Include="..\..\..\security\oc_cred.c" />
     <ClCompile Include="..\..\..\security\oc_csr.c" />
     <ClCompile Include="..\..\..\security\oc_doxm.c" />

diff --git a/port/windows/vs2015/IoTivity-lite.vcxproj.filters b/port/windows/vs2015/IoTivity-lite.vcxproj.filters
@@ -299,6 +299,12 @@
     <ClCompile Include="..\..\..\security\oc_certs.c">
       <Filter>Security</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\security\oc_certs_generate.c">
+      <Filter>Security</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\security\oc_certs_validate.c">
+      <Filter>Security</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\security\oc_keypair.c">
       <Filter>Security</Filter>
     </ClCompile>

diff --git a/security/oc_certs.c b/security/oc_certs.c
@@ -137,42 +137,6 @@ oc_sec_certs_ecp_group_id_is_allowed(mbedtls_ecp_group_id gid)
          (MBEDTLS_X509_ID_FLAG(gid) & g_allowed_ecp_grpids_mask) != 0;
 }
 
-int
-oc_certs_generate_serial_number(mbedtls_x509write_cert *crt, size_t size)
-{
-  mbedtls_ctr_drbg_context ctr_drbg;
-  mbedtls_ctr_drbg_init(&ctr_drbg);
-
-  mbedtls_entropy_context entropy;
-  mbedtls_entropy_init(&entropy);
-  oc_entropy_add_source(&entropy);
-
-#define PERSONALIZATION_DATA "IoTivity-Lite-Certificate_Serial_Number"
-
-  int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                  (const unsigned char *)PERSONALIZATION_DATA,
-                                  sizeof(PERSONALIZATION_DATA));
-
-#undef PERSONALIZATION_DATA
-
-  if (ret < 0) {
-    OC_ERR("error initializing RNG %d", ret);
-    return -1;
-  }
-
-  mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON);
-
-  ret = mbedtls_mpi_fill_random(&crt->serial, size, mbedtls_ctr_drbg_random,
-                                &ctr_drbg);
-
-  if (ret < 0) {
-    OC_ERR("error generating random serial number for certificate %d", ret);
-    return -1;
-  }
-
-  return 0;
-}
-
 bool
 oc_certs_is_PEM(const unsigned char *cert, size_t cert_len)
 {
@@ -485,30 +449,6 @@ oc_certs_parse_CN_for_UUID(const unsigned char *cert, size_t cert_size,
   return ok;
 }
 
-bool
-oc_certs_encode_role(const oc_role_t *role, char *buf, size_t buf_len)
-{
-  char *buffer = buf;
-  size_t length = buf_len;
-  int ret = snprintf(buffer, length, "CN=%s", oc_string(role->role));
-  if (ret < 0 || (size_t)ret >= length) {
-    OC_ERR("could not encode role");
-    return false;
-  }
-  if (oc_string_len(role->authority) == 0) {
-    return true;
-  }
-
-  buffer = buf + ret;
-  length -= ret;
-  ret = snprintf(buffer, length, ",OU=%s", oc_string(role->authority));
-  if (ret < 0 || (size_t)ret >= length) {
-    OC_ERR("could not encode authority");
-    return false;
-  }
-  return true;
-}
-
 static bool
 oc_certs_DN_is_CN(const mbedtls_x509_name *dn)
 {
@@ -624,28 +564,6 @@ oc_certs_timestamp_now(void)
   return ts;
 }
 
-bool
-oc_certs_timestamp_format(timestamp_t ts, char *buffer, size_t buffer_size)
-{
-  assert(buffer != NULL);
-
-  struct tm now_tm;
-  memset(&now_tm, 0, sizeof(struct tm));
-  if (timestamp_to_tm_utc(&ts, &now_tm) == NULL) {
-    OC_ERR("cannot convert timestamp to string: invalid timestamp");
-    return false;
-  }
-
-  int ret = snprintf(buffer, buffer_size, "%d%02d%02d%02d%02d%02d",
-                     now_tm.tm_year + 1900, now_tm.tm_mon + 1, now_tm.tm_mday,
-                     now_tm.tm_hour, now_tm.tm_min, now_tm.tm_sec);
-  if (ret < 0 || (size_t)ret >= buffer_size) {
-    OC_ERR("cannot convert timestamp to string: buffer too small");
-    return false;
-  }
-  return true;
-}
-
 uint64_t
 oc_certs_time_to_unix_timestamp(mbedtls_x509_time time)
 {