On 01/23/2018 12:14 PM, Steve Saunders (CableLabs) wrote:
> HI All,
>
> I have been working on creating .json configuration files with certificate
> info, for example
>
> {
> "credid": 1,
> "credusage": "oic.sec.cred.mfgcert",
> "subjectuuid": "22222222-2222-2222-2222-222222222222",
> "credtype": 8,
> "publicdata": {
> "encoding": "oic.sec.encoding.der",
> "data": “308<… bunch of hex …>896"
> },
> "privatedata": {
> "encoding": "oic.sec.encoding.raw",
> "data": “307<… bunch of hex …>a86"
> }
> },
>
> I was finding that json2cbor created .dat files for which svrdbeditor could
> not make out the certificate information. In addition, IoTivity could not
> decode the cert content either.
>
> Upon further investigation (and assuming that the publicData, privateData,
> optionalData in .json files is hex string encoded) json2cbor uses the
> following loop to convert hex strings to byte values:
>
> for(size_t i =0, p =0 ; i < jsonObjLen; i+=2, ++p)
> {
> snprintf(tmp, 2, "%c%c", jsonPub->valuestring[i],
> jsonPub->valuestring[i+1]);
> buf[p] = (char)strtol(tmp, NULL, 16);
> }
>
>
> As best that I can tell this produces improper values. Lets take the example
> of a hex encoding of '30', which translates to a decimal byte value of 48.
> The snprintf statement:
>
> snprintf(tmp, 2, "%c%c", '3', '0');
> buf[p] = (char)strtol(tmp, NULL, 16);
>
> ... produces tmp as: tmp[0] = '3' , tmp[1] = '\000', and buf[p] of decimal
> value 3.
>
> … but it should be tmp[0] = '3' , tmp[1] = '0', and buf[p] of decimal value
> 48.
>
>
> If this loop is converted to the following, the encoding happens correctly
> (i.e. but[p] = decimal 48)
>
> for(size_t i =0, p =0 ; i < jsonObjLen; i+=2, ++p)
> {
> tmp[0] = jsonPub->valuestring[i];
> tmp[1] = jsonPub->valuestring[i+1];
> tmp[2] = '\0';
> buf[p] = (char)strtol(tmp, NULL, 16);
> }
>
> After changing all of the json2cbor loops to the above and generating the
> .dat file, now svrdbeditor can decode and present cert info.
>
> So, I created a Jira Ticket, and I can submit a patch, but I just wanted to
> have the group comment on this, because it seems like such a fundamental
> problem, and I am surprised any cert info in .json files ever worked …. just
> want to make sure that I am not missing something.
turns out there are two separate patches proposing this change... based
on gcc7 compiler warnings. now we're happier that there's a good reason
for it beyond just compiler being pedantic.
leave a comment here:
https://gerrit.iotivity.org/gerrit/#/c/23965/
(the other one is
https://gerrit.iotivity.org/gerrit/23979
but I'll probably abandon that one in favor of George's.)
and once it's in we will pull it to master as well.
_______________________________________________
iotivity-dev mailing list
[email protected]
https://lists.iotivity.org/mailman/listinfo/iotivity-dev
