[dev] OCRepPayloadGetPropDouble() casting "uint64_t" to "long"
Hi all, I've noticed that OCRepPayloadGetPropDouble() inside resource/csdk/stack/src/ocpayload.c is implemented to work with payload values of type OCREP_PROP_INT (in addition to OCREP_PROP_DOUBLE), which are defined as "int64_t". That causes a int64_t->double cast, so there's a possibility of data loss, since "double" is not precise enough to represent higher values of "int64_t". Is that the expected behavior? I haven't seen any tests for this scenario, nor found any usage of the API, except for one occurrence inside resource/csdk/stack/test/cbortests.cpp. Thanks, Pawel Winogrodzki -- next part -- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161220/54ce0baa/attachment.html>
[dev] IoTivity Infrastructure Maintainence: Sat, December 24, 8AM - 10AM PDT
When: Saturday, December 24, 08:00-10:00 PST Saturday, December 24, 16:00-18:00 UTC Sunday, December 25, 01:00-03:00 KST What: IoTivity Infrastructure Maintenance Why: Build blocking updates to Jenkins Impact: Brief outage as Jenkins services is restarted We will be performing Jenkins plugin updates to address continuous integration service limitations related to JIRA integration, comment-based event triggers and build timeout handlers. If you have any questions or concerns, please reach out through helpdesk at iotivity.org. Notices will be sent to the list prior to, and after, updates. Cheers, C.J. Collier -- next part -- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161220/9f3fc1cd/attachment.html>
[dev] Security in IoTivity
Welcome ! :) Thanks, Karthikeyan Prakash, Software Engineer, On Tue, Dec 20, 2016 at 1:52 PM, Khaled Elsayed wrote: > Thanks a lot for the informative reply. This is a useful set of documents. > > > On Tue, Dec 20, 2016 at 10:18 AM, Prakash Karthikeyan < > prakash.karthikeyan at smartron.com> wrote: > >> Hi Kaled, >> >> Please find replies In-line. >> >> Thanks, >> Karthikeyan Prakash, >> Software Engineer, >> >> >> >> On Tue, Dec 20, 2016 at 12:55 PM, Khaled Elsayed >> wrote: >> >>> Hi, >>> >>> I am trying to gather some information on the security features in >>> iotivity. I know DTLS is used, but is there anything like authorization >>> from devices when they are discovered? Is any client capable of discovering >>> whatever device running the stack? Is there a document that explain >>> iotivity security with some good details? >>> >> >> IoTivity Secured Servers can be discovered by any Secured Clients. There >> is nothing like authorization to check whether it is authenticated device. >> The next step after discovery is OT (Ownership Transfer). This Document ( >> https://openconnectivity.org/wp-content/uploads/2016/01/Habib-Virji.pdf) >> can provide you details about overall architecture and building/running >> samples. >> >> http://events.linuxfoundation.org/sites/events/files/slides/ >> LinuxConEU2015_IoTivitySecurity_0.pdf >> Provisioning - https://wiki.iotivity.org/provisioning >> >>> >>> Also, this Internet Draft https://tools.ietf.org/html/dr >>> aft-ietf-core-object-security-01 just came out and it proposes using >>> CBOR for application layer security. I know CBOR is used in the iotivity >>> stack, so is this ID along the same line of thought in iotivity or is the >>> model different? >>> >>> CBOR is essentially used in IoTivity to encode the payload it also used >> in store/retrieve the credentials, Device details etc.,. People here can >> give you more precise details in CBOR in IoTivity >> >> >> >>> Best regards, >>> >>> Khaled >>> >>> >>> >>> ___ >>> iotivity-dev mailing list >>> iotivity-dev at lists.iotivity.org >>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>> >>> >> >> ___ >> iotivity-dev mailing list >> iotivity-dev at lists.iotivity.org >> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >> >> > -- next part -- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161220/aa36e094/attachment.html>
[dev] Security in IoTivity
Hi Kaled, Please find replies In-line. Thanks, Karthikeyan Prakash, Software Engineer, On Tue, Dec 20, 2016 at 12:55 PM, Khaled Elsayed wrote: > Hi, > > I am trying to gather some information on the security features in > iotivity. I know DTLS is used, but is there anything like authorization > from devices when they are discovered? Is any client capable of discovering > whatever device running the stack? Is there a document that explain > iotivity security with some good details? > IoTivity Secured Servers can be discovered by any Secured Clients. There is nothing like authorization to check whether it is authenticated device. The next step after discovery is OT (Ownership Transfer). This Document ( https://openconnectivity.org/wp-content/uploads/2016/01/Habib-Virji.pdf) can provide you details about overall architecture and building/running samples. http://events.linuxfoundation.org/sites/events/files/slides/LinuxConEU2015_IoTivitySecurity_0.pdf Provisioning - https://wiki.iotivity.org/provisioning > > Also, this Internet Draft https://tools.ietf.org/html/ > draft-ietf-core-object-security-01 just came out and it proposes using > CBOR for application layer security. I know CBOR is used in the iotivity > stack, so is this ID along the same line of thought in iotivity or is the > model different? > > CBOR is essentially used in IoTivity to encode the payload it also used in store/retrieve the credentials, Device details etc.,. People here can give you more precise details in CBOR in IoTivity > Best regards, > > Khaled > > > > ___ > iotivity-dev mailing list > iotivity-dev at lists.iotivity.org > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > > -- next part -- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161220/5be28104/attachment.html>
[dev] Provisioning Client Error
What is your base version... pls share branch and commut id u r working on. Are your changes before the discovery request or post it? Thanks, Ashwini On 14 Dec 2016 11:45 a.m., "Prakash Karthikeyan" < prakash.karthikeyan at smartron.com> wrote: > Debug build output > > > Discovering All Un/Owned Devices on Network.. > 14:28.827 DEBUG: OIC_PM_UTILITY: IN PMDeviceDiscovery > 14:28.855 INFO: OIC_RI_STACK: Entering OCDoResource > 14:28.871 DEBUG: OIC_CA_CONN_MGR: CAGenerateToken > 14:28.871 DEBUG: OIC_CA_PRTCL_MSG: token len:8, token: > 14:28.871 DEBUG: OIC_CA_PRTCL_MSG: 29 CD BA AB F2 FB E3 46 > 14:28.871 INFO: OIC_RI_CLIENTCB: Adding client callback with token > 14:28.871 INFO: OIC_RI_CLIENTCB: 29 CD BA AB F2 FB E3 46 > 14:28.871 INFO: OIC_RI_CLIENTCB: Added Callback for uri : > /oic/sec/doxm?Owned=FALSE > 14:28.871 DEBUG: OIC_RM_UTIL: IN > 14:28.871 DEBUG: OIC_RM_UTIL: IN > 14:28.871 ERROR: OIC_RM_UTIL: Invalid input:options > 14:28.871 INFO: OIC_RM_UTIL: Route option is not present > 14:28.871 DEBUG: OIC_RM_RAP: IN > 14:28.871 DEBUG: OIC_RM_RAP: createoption dlen 0 slen [0] > 14:28.871 DEBUG: OIC_RM_RAP: Source and destination is not present > 14:28.871 DEBUG: OIC_RM_RAP: OptValue NOR Message Type > 14:28.871 INFO: OIC_RM_RAP: Option Length is 1 > 14:28.871 DEBUG: OIC_RM_RAP: OUT > 14:28.871 DEBUG: OIC_RM_UTIL: OUT > 14:28.871 DEBUG: OIC_CA_CONN_MGR: CASendRequest > 14:28.871 ERROR: OIC_RI_STACK: CASendRequest failed with CA error 13 > 14:28.871 ERROR: OIC_RI_STACK: OCDoResource error > 14:28.871 INFO: OIC_RI_CLIENTCB: Deleting token > 14:28.871 INFO: OIC_RI_CLIENTCB: 29 CD BA AB F2 FB E3 46 > 14:28.871 DEBUG: OIC_CA_CONN_MGR: CADestroyToken > 14:28.871 DEBUG: OIC_CA_CONN_MGR: OUT > 14:28.871 INFO: OIC_RI_CLIENTCB: Deleting callback with uri > /oic/sec/doxm?Owned=FALSE > 14:28.871 DEBUG: OIC_PM_UTILITY: IN DeviceDiscoveryDeleteHandler > 14:28.871 DEBUG: OIC_PM_UTILITY: OUT DeviceDiscoveryDeleteHandler > 14:28.871 DEBUG: OIC_CA_CONN_MGR: CADestroyToken > 14:28.871 DEBUG: OIC_CA_CONN_MGR: OUT > 14:28.871 ERROR: OIC_PM_UTILITY: OCStack resource error > 14:28.871 ERROR: OIC_OCPMAPI: Error in unowned discovery > 14:28.871 ERROR: provisioningclient: OCGetDevInfoFromNetwork API error > 14:28.871 ERROR: provisioningclient: _10_DISCOV_ALL_DEVS_: error > > > Thanks, > Karthikeyan Prakash, > Software Engineer, > > > > On Tue, Dec 13, 2016 at 9:23 PM, Thiago Macieira < > thiago.macieira at intel.com> wrote: > >> On ter?a-feira, 13 de dezembro de 2016 16:51:39 PST Prakash Karthikeyan >> wrote: >> > Segmentation fault (core dumped) >> >> The application crashed. >> >> Please provide the backtrace from a debug build. >> >> -- >> Thiago Macieira - thiago.macieira (AT) intel.com >> Software Architect - Intel Open Source Technology Center >> >> ___ >> iotivity-dev mailing list >> iotivity-dev at lists.iotivity.org >> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >> > > > ___ > iotivity-dev mailing list > iotivity-dev at lists.iotivity.org > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > > -- next part -- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161220/c47ef093/attachment.html>
[dev] Security in IoTivity
Hello, There is no authorization from device on discovery. Any client can discover the devices aroun which are discoverable. For documebts you can refer wiki.iotivity.org Thanks Ashwini On 20 Dec 2016 12:55 p.m., "Khaled Elsayed" wrote: > Hi, > > I am trying to gather some information on the security features in > iotivity. I know DTLS is used, but is there anything like authorization > from devices when they are discovered? Is any client capable of discovering > whatever device running the stack? Is there a document that explain > iotivity security with some good details? > > Also, this Internet Draft https://tools.ietf.org/html/ > draft-ietf-core-object-security-01 just came out and it proposes using > CBOR for application layer security. I know CBOR is used in the iotivity > stack, so is this ID along the same line of thought in iotivity or is the > model different? > > Best regards, > > Khaled > > > > ___ > iotivity-dev mailing list > iotivity-dev at lists.iotivity.org > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > > -- next part -- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161220/4cfaefb3/attachment.html>
[dev] Security in IoTivity
Thanks a lot for the informative reply. This is a useful set of documents. On Tue, Dec 20, 2016 at 10:18 AM, Prakash Karthikeyan < prakash.karthikeyan at smartron.com> wrote: > Hi Kaled, > > Please find replies In-line. > > Thanks, > Karthikeyan Prakash, > Software Engineer, > > > > On Tue, Dec 20, 2016 at 12:55 PM, Khaled Elsayed > wrote: > >> Hi, >> >> I am trying to gather some information on the security features in >> iotivity. I know DTLS is used, but is there anything like authorization >> from devices when they are discovered? Is any client capable of discovering >> whatever device running the stack? Is there a document that explain >> iotivity security with some good details? >> > > IoTivity Secured Servers can be discovered by any Secured Clients. There > is nothing like authorization to check whether it is authenticated device. > The next step after discovery is OT (Ownership Transfer). This Document ( > https://openconnectivity.org/wp-content/uploads/2016/01/Habib-Virji.pdf) > can provide you details about overall architecture and building/running > samples. > > http://events.linuxfoundation.org/sites/events/files/slides/ > LinuxConEU2015_IoTivitySecurity_0.pdf > Provisioning - https://wiki.iotivity.org/provisioning > >> >> Also, this Internet Draft https://tools.ietf.org/html/dr >> aft-ietf-core-object-security-01 just came out and it proposes using >> CBOR for application layer security. I know CBOR is used in the iotivity >> stack, so is this ID along the same line of thought in iotivity or is the >> model different? >> >> CBOR is essentially used in IoTivity to encode the payload it also used > in store/retrieve the credentials, Device details etc.,. People here can > give you more precise details in CBOR in IoTivity > > > >> Best regards, >> >> Khaled >> >> >> >> ___ >> iotivity-dev mailing list >> iotivity-dev at lists.iotivity.org >> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >> >> > > ___ > iotivity-dev mailing list > iotivity-dev at lists.iotivity.org > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > > -- next part -- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161220/2620cd53/attachment.html>
[dev] Security in IoTivity
Hi, I am trying to gather some information on the security features in iotivity. I know DTLS is used, but is there anything like authorization from devices when they are discovered? Is any client capable of discovering whatever device running the stack? Is there a document that explain iotivity security with some good details? Also, this Internet Draft https://tools.ietf.org/html/draft-ietf-core-object-security-01 just came out and it proposes using CBOR for application layer security. I know CBOR is used in the iotivity stack, so is this ID along the same line of thought in iotivity or is the model different? Best regards, Khaled -- next part -- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161220/58f2a48b/attachment.html>
