Removed the filter to add 'identity' info on selective connections
authorSachin Agrawal <sachin.agrawal@intel.com>
Fri, 25 Sep 2015 15:36:48 +0000 (08:36 -0700)
committerSachin Agrawal <sachin.agrawal@intel.com>
Fri, 25 Sep 2015 20:12:02 +0000 (20:12 +0000)
Ir-respective of the end-point being a SERVER or CLIENT, it may be
useful for RI and upper layers to know the true identity of the sender
of the message. Therefore, removed the filter which was checking for
'SERVER' only mode.

Change-Id: I21cda0a645d79df6df3a3a4113cccbac4a7ae8d6
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/2949
Reviewed-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c

index 0359ccafc9e02aeb32357513a9c7dfeb0427aa08..4ef13973deb8849438f47c81fb2f0aa0372b1a4d 100644 (file)
@@ -573,22 +573,18 @@ static int32_t CAGetPskCredentials(dtls_context_t *ctx,
         {
             if (memcmp(desc, credInfo->creds[index].id, DTLS_PSK_ID_LEN) == 0)
             {
-                if(NULL != ctx->peers && DTLS_SERVER == ctx->peers->role )
+                // TODO SRM needs identity of the remote end-point with every data packet to
+                // perform access control management. tinyDTLS 'frees' the handshake parameters
+                // data structure when handshake completes. Therefore, currently this is a
+                // workaround to cache remote end-point identity when tinyDTLS asks for PSK.
+                stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
+                char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
+                uint16_t port = 0;
+                CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
+
+                if(CA_STATUS_OK != CAAddIdToPeerInfoList(peerAddr, port, desc, descLen) )
                 {
-                    // TODO SRM needs identity of the remote end-point with every data packet to
-                    // perform access control management. tinyDTLS 'frees' the handshake parameters
-                    // data structure when handshake completes. Therefore, currently this is a
-                    // workaround to cache remote end-point identity when tinyDTLS asks for PSK.
-                    stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
-                    char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
-                    uint16_t port = 0;
-                    CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
-
-                    CAResult_t result = CAAddIdToPeerInfoList(peerAddr, port, desc, descLen);
-                    if(CA_STATUS_OK != result )
-                    {
-                        OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
-                    }
+                    OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
                 }
                 memcpy(result, credInfo->creds[index].psk, DTLS_PSK_PSK_LEN);
                 ret = DTLS_PSK_PSK_LEN;
@@ -940,6 +936,11 @@ static int CAVerifyCertificate(struct dtls_context_t *ctx, const session_t *sess
     ByteArray caPubKey = BYTE_ARRAY_INITIALIZER;
     unsigned char ca_pub_key[PUBLIC_KEY_SIZE];
 
+    if ( !ctx ||  !session ||  !cert || !x || !y)
+    {
+        return -PKI_NULL_PASSED;
+    }
+
     CAGetRootKey (&ca_pub_x, &ca_pub_y);
 
     certDerCode.data = (uint8_t *)cert;
@@ -968,26 +969,27 @@ static int CAVerifyCertificate(struct dtls_context_t *ctx, const session_t *sess
     memcpy(x, crtChain[0].pubKey.data, xLen);
     memcpy(y, crtChain[0].pubKey.data + PUBLIC_KEY_SIZE / 2, yLen);
 
+    stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
+    char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
+    uint16_t port = 0;
+    CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
 
-    if (NULL != ctx->peers && DTLS_SERVER == ctx->peers->role )
+    CAResult_t result = CAAddIdToPeerInfoList(peerAddr, port,
+            crtChain[0].subject.data + DER_SUBJECT_HEADER_LEN + 2, crtChain[0].subject.data[DER_SUBJECT_HEADER_LEN + 1]);
+    if (CA_STATUS_OK != result )
     {
-        stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
-        char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
-        uint16_t port = 0;
-        CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
-
-        CAResult_t result = CAAddIdToPeerInfoList(peerAddr, port,
-        crtChain[0].subject.data + DER_SUBJECT_HEADER_LEN + 2, crtChain[0].subject.data[DER_SUBJECT_HEADER_LEN + 1]);
-        if (CA_STATUS_OK != result )
-        {
-            OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
-        }
+        OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
     }
 
-
 exit:
-    if (ret != 0) OIC_LOG(DEBUG, NET_DTLS_TAG, "Certificate verification FAILED\n");
-    else OIC_LOG(DEBUG, NET_DTLS_TAG, "Certificate verification SUCCESS\n");
+    if (ret != 0)
+    {
+        OIC_LOG(DEBUG, NET_DTLS_TAG, "Certificate verification FAILED\n");
+    }
+    else
+    {
+        OIC_LOG(DEBUG, NET_DTLS_TAG, "Certificate verification SUCCESS\n");
+    }
     return -ret;
 }