Thanks Kishen this is good information to have. Just so you know, simpleclient and simpleserver are not currently validated with SECURED=1 builds, and I do not believe they can be expected to "just work". I agree with you that they *should* be enabled and tested, however! But at this point, you are attempting untested uses, so failing to provision simpleserver (for example) doesn't necessarily mean the provisioning tool is broken.
As an aside, enabling the sample applications for SECURED=1 builds is something that would be very helpful to the community if you or anyone else is so inclined! Otherwise, it will have to wait until more critical tasks are completed (which has resulted in this task being pushed out again and again). I believe the enabling steps are very simple for anyone familiar with a given app. As for your issue, I'm just guessing at this point (since I haven't tried those two apps nor looked at them recently) but if you are seeing code in those two applications to enable security, it may be that the code is out of date... have you checked the code in "simpleserver.cpp" against the "ocserverbasicsops.cpp" code, which *is* tested with SECURED=1? Thanks, Nathan -----Original Message----- From: iotivity-dev-bounces at lists.iotivity.org [mailto:[email protected]] On Behalf Of Maloor, Kishen Sent: Wednesday, April 13, 2016 11:17 AM To: iotivity-dev at lists.iotivity.org Subject: [dev] IoTivity security provisioning tools broken. Hello, It appears that the sample provisioning tools in IoTivity are broken. I?m working off the 1.1-rel branch. I want to be able to 1) take ownership of both simpleclient and simpleserver using ?Just Works", 2) Provision credentials between simpleclient and simpleserver, and 3) Provision ACLs. Both samples seem to be configured via the persistent storage interface to support security; so I expect 1), 2) and 3) above to just work using the two available provisioning tools, but neither work. In all tests below, I?m using resource/provisioning/examples/provisioningclient , with its PDM.db deleted and a fresh oic_svr_db_client.dat each time, for consistency sake. Here are some observations: 1) After deleting oic_svr_db_client/server.dat in resource/examples to start afresh (I assume they?ll get recreated), I run each of the apps separately along with the provisioning tool, and can discover them, but receive the ?Error!!! in OwnershipTransfer? message. 2) If I however copy the prebuilt resource/csdk/security/provisioning/sample/oic_svr_db_svr_justworks.dat into either oic_svr_db_client/server.dat, and again separately run the samples with the tool, I am able to discover them as un-owned and provision them successfully. This makes no sense to me, but I say it to provide more data to possibly help with the fix. 3) Even if I?m able to get two apps ?owned" in the view of the provisioning tool through hacks, I?m unable to provision a 128-bit symmetric key between the two samples. I see the following error messages: 31:56.294 INFO: SRPAPI: In SRPProvisionCredentials 31:56.294 DEBUG: PDM: Binding Done 31:56.294 ERROR: PDM: Requested value not found 31:56.294 ERROR: SRPAPI: Internal error occured provisionCredentials is failed 4) If I try to provision an ACL, the tool asks me for "16 digit URNs" instead of a text representation of UUIDs, which is what I would?ve expected. I?ve noticed that the parsing code in the ACL resource handler expects a CBOR Text String with the UUID, so this clearly seems to be an issue. Is there a plan or intention to fix these issues? Will it get into the 1.1 release? I believe they are essential, if we are at all serious about demonstrating and better exercising security features in IoTivity? Thanks. - Kishen Maloor Intel Open Source Technology Center _______________________________________________ iotivity-dev mailing list iotivity-dev at lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
