IOT-1375 Use mbedtls base64 implementation 01/23101/9
authorGeorge Nash <george.nash@intel.com>
Tue, 7 Nov 2017 22:33:05 +0000 (14:33 -0800)
committerNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Mon, 20 Nov 2017 22:26:05 +0000 (22:26 +0000)
Maintaining only one copy is easier, and may have security
benefits since the input to base64 decode is often untrusted
input (e.g., a peer certificate).

Comparing the implementation of base64 from mbedtls the output
follows the rules specified in RFC 1521 for doing base64
encoding.

As best I can tell IoTivity's implementation follows the rules
specified in RFC 4648.

The major difference is that RFC 1521 has a limit on line length
of 76 characters. While RFC 4648 does not have the line length
limitation and will typically encode the data as one long
string.

Originally there was a lot of concern that if the base64 encoded
string were stored anywhere changing to the mbedtls
implementation could cause backward compatibility problems. For
that reason unit tests were added that encoded using IoTivity
base64 and decoded using mbedtls as well as encoding using
mbedtls and decoding base64. Both implementations were able to
handle data encoded by the other implementation.

JniSecureUtils::convertUUIDtoStr was removed after discovering it
was not use anywhere in the code.  Also there was no clear use case to convert a 128 bit UUID to a base64 string.

Bug: https://jira.iotivity.org/browse/IOT-1375
Change-Id: If7f178ff550c5d529452593ed7998a082ec1fab3
Signed-off-by: George Nash <george.nash@intel.com>
22 files changed:
java/jni/JniSecureUtils.cpp
java/jni/JniSecureUtils.h
resource/IPCA/src/pretendocprovision.cpp
resource/IPCA/unittests/mockOCProvision.cpp
resource/csdk/security/provisioning/src/credentialgenerator.c
resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c
resource/csdk/security/provisioning/src/ownershiptransfermanager.c
resource/csdk/security/provisioning/src/oxmmanufacturercert.c
resource/csdk/security/provisioning/src/oxmpreconfpin.c
resource/csdk/security/provisioning/src/oxmrandompin.c
resource/csdk/security/provisioning/src/secureresourceprovider.c
resource/csdk/security/src/credresource.c
resource/csdk/security/src/crlresource.c
resource/csdk/security/src/oxmpincommon.c
resource/csdk/security/src/oxmverifycommon.c
resource/csdk/security/src/srmutility.c
resource/csdk/security/tool/json2cbor.c
resource/csdk/security/tool/svrdbeditor_src/svrdbeditorcred.c
resource/csdk/security/unittest/base64tests.cpp
resource/provisioning/src/OCProvisioningManager.cpp
service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp
service/easy-setup/mediator/richsdk/src/RemoteEnrollee.cpp

index 32c189b..f2d92b2 100644 (file)
@@ -25,7 +25,7 @@
 #include "JniOcSecureResource.h"
 #include "oic_malloc.h"
 #include "srmutility.h"
-#include "base64.h"
+#include "mbedtls/base64.h"
 
 using namespace OC;
 
@@ -106,19 +106,6 @@ jobjectArray JniSecureUtils::convertDeviceVectorToJavaArray(JNIEnv *env,
     return devArr;
 }
 
-std::string JniSecureUtils::convertUUIDtoStr(OicUuid_t uuid)
-{
-    std::ostringstream deviceId("");
-    char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {0,};
-    size_t outLen = 0;
-
-    b64Encode(uuid.id, sizeof(uuid.id), base64Buff,
-              sizeof(base64Buff), &outLen);
-
-    deviceId << base64Buff;
-    return deviceId.str();
-}
-
 jobject JniSecureUtils::convertUUIDVectorToJavaStrList(JNIEnv *env, UuidList_t &vector)
 {
     jobject jList = env->NewObject(g_cls_LinkedList, g_mid_LinkedList_ctor);
index 22e1a8a..b697e3e 100644 (file)
@@ -26,7 +26,6 @@
 class JniSecureUtils
 {
     private:
-        static std::string convertUUIDtoStr(OicUuid_t uuid);
         static void convertStrToUUID(char *str, OicUuid_t &uuid);
     public:
         static jobject convertProvisionresultVectorToJavaList(JNIEnv *,
index 747df7c..671293a 100644 (file)
@@ -21,7 +21,6 @@
 
 #include "ocstack.h"
 #include "srmutility.h"
-#include "base64.h"
 
 #include <thread>
 
index 4e8dac9..10ae627 100644 (file)
@@ -25,7 +25,6 @@
 #include "oic_malloc.h"
 
 #include "ocstack.h"
-#include "base64.h"
 
 #include "pinoxmcommon.h"
 
index 3339b5c..ca7f24a 100644 (file)
@@ -19,7 +19,6 @@
  * *****************************************************************/
 #include <string.h>
 #include "credentialgenerator.h"
-#include "base64.h"
 #include "oic_malloc.h"
 #include "oic_string.h"
 #include "ocpayload.h"
index 59896c7..e23236c 100644 (file)
@@ -36,7 +36,6 @@
 #include "oic_string.h"
 #include "cacommon.h"
 #include "cainterface.h"
-#include "base64.h"
 #include "srmresourcestrings.h"
 #include "experimental/doxmresource.h"
 #include "pstatresource.h"
@@ -58,6 +57,7 @@
 #include "otmcontextlist.h"
 #include "ocstackinternal.h"
 #include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/base64.h"
 #include "experimental/ocrandom.h"
 #include "secureresourceprovider.h"
 
@@ -881,16 +881,30 @@ static OCStackResult SaveSubOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
         VERIFY_NOT_NULL(TAG, cred, ERROR);
 
         size_t outSize = 0;
-        size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
-        char *b64Buf = (char *)OICCalloc(1, b64BufSize);
+        int encodeResult = mbedtls_base64_encode(NULL, 0, &outSize, cred->privateData.data, cred->privateData.len);
+        if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != encodeResult)
+        {
+            OIC_LOG_V(ERROR, TAG, "%s: Error base64 encoding PSK private data", __func__);
+            res = OC_STACK_ERROR;
+            goto exit;
+        }
+        size_t b64BufSize = outSize;
+        unsigned char *b64Buf = (unsigned char *)OICCalloc(1, b64BufSize);
         VERIFY_NOT_NULL(TAG, b64Buf, ERROR);
-        b64Encode(cred->privateData.data, cred->privateData.len, b64Buf, b64BufSize, &outSize);
+        encodeResult = mbedtls_base64_encode(b64Buf, b64BufSize, &outSize, cred->privateData.data, cred->privateData.len);
+        if (0 != encodeResult)
+        {
+            OIC_LOG_V(ERROR, TAG, "%s: Error base64 encoding PSK private data", __func__);
+            OICFree(b64Buf);
+            res = OC_STACK_ERROR;
+            goto exit;
+        }
 
         OICFree(cred->privateData.data);
         cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1);
         VERIFY_NOT_NULL(TAG, cred->privateData.data, ERROR);
 
-        strncpy((char *)(cred->privateData.data), b64Buf, outSize);
+        strncpy((char *)(cred->privateData.data), (char *)b64Buf, outSize);
         cred->privateData.data[outSize] = '\0';
         cred->privateData.encoding = OIC_ENCODING_BASE64;
         cred->privateData.len = outSize;
index 32a4269..0effa5b 100644 (file)
@@ -49,7 +49,7 @@
 #include "oic_string.h"
 #include "cacommon.h"
 #include "cainterface.h"
-#include "base64.h"
+#include "mbedtls/base64.h"
 #include "utlist.h"
 #include "srmresourcestrings.h"
 #include "experimental/doxmresource.h"
@@ -835,16 +835,29 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
         VERIFY_NOT_NULL(TAG, cred, ERROR);
 
         size_t outSize = 0;
-        size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
-        char* b64Buf = (char *)OICCalloc(1, b64BufSize);
+        int encodeResult = mbedtls_base64_encode(NULL, 0, &outSize, cred->privateData.data, cred->privateData.len);
+        if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != encodeResult)
+        {
+            OIC_LOG_V(ERROR, TAG, "%s: Error base64 encoding PSK private data", __func__);
+            res = OC_STACK_ERROR;
+            goto exit;
+        }
+        size_t b64BufSize = outSize;
+        unsigned char* b64Buf = (unsigned char *)OICCalloc(1, b64BufSize);
         VERIFY_NOT_NULL(TAG, b64Buf, ERROR);
-        b64Encode(cred->privateData.data, cred->privateData.len, b64Buf, b64BufSize, &outSize);
-
+       encodeResult =  mbedtls_base64_encode(b64Buf, b64BufSize, &outSize, cred->privateData.data, cred->privateData.len);
+       if (0 != encodeResult)
+       {
+           OIC_LOG_V(ERROR, TAG, "%s: Error base64 encoding PSK private data", __func__);
+           OICFree(b64Buf);
+           res = OC_STACK_ERROR;
+           goto exit;
+       }
         OICFree( cred->privateData.data );
         cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1);
         VERIFY_NOT_NULL(TAG, cred->privateData.data, ERROR);
 
-        strncpy((char*)(cred->privateData.data), b64Buf, outSize);
+        strncpy((char*)(cred->privateData.data), (char*)b64Buf, outSize);
         cred->privateData.data[outSize] = '\0';
         cred->privateData.encoding = OIC_ENCODING_BASE64;
         cred->privateData.len = outSize;
index 4d99f2a..0a7ba2e 100644 (file)
@@ -31,7 +31,6 @@
 #include "oic_malloc.h"
 #include "experimental/logger.h"
 #include "pbkdf2.h"
-#include "base64.h"
 #include "oxmmanufacturercert.h"
 #include "ownershiptransfermanager.h"
 #include "srmresourcestrings.h"
index 43cd988..a0bd5bf 100644 (file)
@@ -31,7 +31,7 @@
 #include "oic_string.h"
 #include "experimental/logger.h"
 #include "pbkdf2.h"
-#include "base64.h"
+#include "mbedtls/base64.h"
 #include "oxmpreconfpin.h"
 #include "ownershiptransfermanager.h"
 #include "pinoxmcommon.h"
@@ -100,26 +100,32 @@ OCStackResult LoadPreconfigPinCodeCallback(OTMContext_t *otmCtx)
         }
     }
 
-    uint8_t* pinBuffer = NULL;
+    unsigned char* pinBuffer = NULL;
     size_t pinBufLen = 0;
     if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
     {
         //In case of 'preconfig PIN', secret data(PIN) already exist.
-        pinBufLen = B64DECODE_OUT_SAFESIZE(cred->privateData.len + 1);
-        pinBuffer = (uint8_t*)OICCalloc(1, pinBufLen);
-        if(NULL == pinBuffer)
+        size_t pinLen = 0;
+        int decodeResult = mbedtls_base64_decode(NULL, 0, &pinLen, cred->privateData.data, cred->privateData.len);
+        if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+        {
+            OIC_LOG(ERROR, TAG, "Failed base64 decoding for preconfig PIN");
+            return OC_STACK_ERROR;
+        }
+        pinBufLen = pinLen;
+        pinBuffer = (unsigned char*)OICCalloc(1, pinBufLen);
+        if (NULL == pinBuffer)
         {
             OIC_LOG(ERROR, TAG, "Failed to memory allocation.");
             return OC_STACK_NO_MEMORY;
         }
-        size_t pinLen = 0;
-        if(B64_OK != b64Decode((char*)cred->privateData.data, cred->privateData.len, pinBuffer, pinBufLen, &pinLen))
+        decodeResult = mbedtls_base64_decode(pinBuffer, pinBufLen, &pinLen, cred->privateData.data, cred->privateData.len);
+        if (0 != decodeResult)
         {
-            OIC_LOG(ERROR, TAG, "Failed to base64 deconding for preconfig PIN");
+            OIC_LOG(ERROR, TAG, "Failed to base64 decoding for preconfig PIN");
             OICFree(pinBuffer);
             return OC_STACK_ERROR;
         }
-        pinBufLen = pinLen;
     }
     else if(OIC_ENCODING_RAW == cred->privateData.encoding)
     {
index 36937eb..8d747e8 100644 (file)
@@ -30,7 +30,6 @@
 #include "oic_malloc.h"
 #include "experimental/logger.h"
 #include "pbkdf2.h"
-#include "base64.h"
 #include "oxmrandompin.h"
 #include "ownershiptransfermanager.h"
 #include "pinoxmcommon.h"
index 116f45a..fc43315 100644 (file)
@@ -44,7 +44,6 @@
 #include "pmutility.h"
 #include "srmutility.h"
 #include "provisioningdatabasemanager.h"
-#include "base64.h"
 #include "utlist.h"
 #include "ocpayload.h"
 #include "srmutility.h"
index a81189d..b667d76 100644 (file)
@@ -36,7 +36,6 @@
 #include "experimental/payload_logging.h"
 #include "ocstack.h"
 #include "experimental/ocrandom.h"
-#include "base64.h"
 #include "ocserverrequest.h"
 #include "oic_malloc.h"
 #include "oic_string.h"
@@ -1981,7 +1980,7 @@ static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoi
 {
     //Derive OwnerPSK locally
     const char* oxmLabel = GetOxmString(doxm->oxmSel);
-    char* b64Buf = NULL;
+    unsigned char* b64Buf = NULL;
     size_t b64BufSize = 0;
     VERIFY_NOT_NULL(TAG, oxmLabel, ERROR);
 
@@ -2008,19 +2007,21 @@ static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoi
     }
     else if(OIC_ENCODING_BASE64 == receviedCred->privateData.encoding)
     {
-        B64Result b64res = B64_OK;
+        int b64res = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
         size_t b64OutSize = 0;
-        b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
+        b64res = mbedtls_base64_encode(NULL, 0, &b64OutSize, ownerPSK, OWNER_PSK_LENGTH_128);
+        VERIFY_SUCCESS(TAG, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL == b64res, ERROR);
+        b64BufSize = b64OutSize;
         b64Buf = OICCalloc(1, b64BufSize);
         VERIFY_NOT_NULL(TAG, b64Buf, ERROR);
 
-        b64res = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize);
-        VERIFY_SUCCESS(TAG, B64_OK == b64res, ERROR);
+        b64res = mbedtls_base64_encode(b64Buf, b64BufSize, &b64OutSize, ownerPSK, OWNER_PSK_LENGTH_128);
+        VERIFY_SUCCESS(TAG, 0 == b64res, ERROR);
 
         receviedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
         VERIFY_NOT_NULL(TAG, receviedCred->privateData.data, ERROR);
         receviedCred->privateData.len = b64OutSize;
-        strncpy((char*)receviedCred->privateData.data, b64Buf, b64OutSize);
+        strncpy((char*)receviedCred->privateData.data, (char*)b64Buf, b64OutSize);
         receviedCred->privateData.data[b64OutSize] = '\0';
         OICClearMemory(b64Buf, b64BufSize);
         OICFree(b64Buf);
@@ -2063,7 +2064,7 @@ exit:
 static bool FillPrivateDataOfSubOwnerPSK(OicSecCred_t* receivedCred, const CAEndpoint_t* ownerAddr,
                            const OicSecDoxm_t* doxm, const OicUuid_t* subOwner)
 {
-    char* b64Buf = NULL;
+    unsigned char* b64Buf = NULL;
     //Derive OwnerPSK locally
     const char* oxmLabel = GetOxmString(doxm->oxmSel);
     VERIFY_NOT_NULL(TAG, oxmLabel, ERROR);
@@ -2091,18 +2092,18 @@ static bool FillPrivateDataOfSubOwnerPSK(OicSecCred_t* receivedCred, const CAEnd
     else if(OIC_ENCODING_BASE64 == receivedCred->privateData.encoding)
     {
         size_t b64OutSize = 0;
-        size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
+        int encodeResult = mbedtls_base64_encode(NULL, 0, &b64OutSize, subOwnerPSK, OWNER_PSK_LENGTH_128);
+        VERIFY_SUCCESS(TAG, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL == encodeResult, ERROR);
+        size_t b64BufSize = b64OutSize;
         b64Buf = OICCalloc(1, b64BufSize);
         VERIFY_NOT_NULL(TAG, b64Buf, ERROR);
-
-        VERIFY_SUCCESS(TAG, \
-                       B64_OK == b64Encode(subOwnerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize), \
-                       ERROR);
+        encodeResult = mbedtls_base64_encode(b64Buf, b64BufSize, &b64OutSize, subOwnerPSK, OWNER_PSK_LENGTH_128);
+        VERIFY_SUCCESS(TAG, 0 == encodeResult, ERROR);
 
         receivedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
         VERIFY_NOT_NULL(TAG, receivedCred->privateData.data, ERROR);
         receivedCred->privateData.len = b64OutSize;
-        strncpy((char*)receivedCred->privateData.data, b64Buf, b64OutSize);
+        strncpy((char*)receivedCred->privateData.data, (char*)b64Buf, b64OutSize);
         receivedCred->privateData.data[b64OutSize] = '\0';
     }
     else
@@ -2931,22 +2932,29 @@ int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
                         else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
                         {
                             OIC_LOG_V(DEBUG, TAG, "%s: OIC_ENCODING_BASE64 detected; copying PSK.", __func__);
-                            size_t outBufSize = B64DECODE_OUT_SAFESIZE((cred->privateData.len + 1));
-                            uint8_t* outKey = OICCalloc(1, outBufSize);
                             size_t outKeySize;
+                            int decodeResult = mbedtls_base64_decode(NULL, 0, &outKeySize, cred->privateData.data, cred->privateData.len);
+                            if(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+                            {
+                                OIC_LOG(ERROR, TAG, "Failed base64 decoding");
+                                goto exit;
+                            }
+                            size_t outBufSize = outKeySize;
+                            uint8_t* outKey = OICCalloc(1, outBufSize);
                             if(NULL == outKey)
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
                                 goto exit;
                             }
 
-                            if(B64_OK == b64Decode((char*)cred->privateData.data, cred->privateData.len, outKey, outBufSize, &outKeySize))
+                            if(0 == mbedtls_base64_decode(outKey, outBufSize, &outKeySize, cred->privateData.data, cred->privateData.len))
                             {
                                 if (ValueWithinBounds(outKeySize, INT32_MAX))
                                 {
                                     if (result_length < outKeySize)
                                     {
                                         OIC_LOG (ERROR, TAG, "Wrong value for result_length");
+                                        OICFree(outKey);
                                         goto exit;
                                     }
                                     memcpy(result, outKey, outKeySize);
@@ -2991,7 +2999,7 @@ int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
                                 //Read PIN/PW
                                 char* pinBuffer = NULL;
                                 size_t pinLength = 0;
-                                if(OIC_ENCODING_RAW == wildCardCred->privateData.encoding)
+                                if (OIC_ENCODING_RAW == wildCardCred->privateData.encoding)
                                 {
                                     pinBuffer = OICCalloc(1, wildCardCred->privateData.len + 1);
                                     if(NULL == pinBuffer)
@@ -3004,17 +3012,23 @@ int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
                                 }
                                 else if(OIC_ENCODING_BASE64 == wildCardCred->privateData.encoding)
                                 {
-                                    size_t pinBufSize = B64DECODE_OUT_SAFESIZE((wildCardCred->privateData.len + 1));
+                                    int decodeResult = mbedtls_base64_decode(NULL, 0, &pinLength, wildCardCred->privateData.data, wildCardCred->privateData.len);
+                                    if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+                                    {
+                                        OIC_LOG(ERROR, TAG, "Failed base64 decoding for preconfig PIN");
+                                        goto exit;
+                                    }
+                                    size_t pinBufSize = pinLength;
                                     pinBuffer = OICCalloc(1, pinBufSize);
-                                    if(NULL == pinBuffer)
+                                    if (NULL == pinBuffer)
                                     {
                                         OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
                                         goto exit;
                                     }
-
-                                    if(B64_OK != b64Decode((char*)wildCardCred->privateData.data, wildCardCred->privateData.len, (uint8_t*)pinBuffer, pinBufSize, &pinLength))
+                                    if (0 != mbedtls_base64_decode((unsigned char*)pinBuffer, pinBufSize, &pinLength, wildCardCred->privateData.data, wildCardCred->privateData.len))
                                     {
-                                        OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
+                                        OIC_LOG (ERROR, TAG, "Failed base64 decoding.");
+                                        OICFree(pinBuffer);
                                         goto exit;
                                     }
                                 }
index f1efe0f..c26613b 100644 (file)
@@ -32,7 +32,7 @@
 #include "oic_string.h"
 #include "crlresource.h"
 #include "ocpayloadcbor.h"
-#include "base64.h"
+#include "mbedtls/base64.h"
 #include <time.h>
 
 #define TAG  "OIC_SRM_CRL"
@@ -129,13 +129,16 @@ static CborError setCrlData(CborEncoder *out, const char *name, const OicSecKey_
     CborError result = CborErrorInternalError;
 
     size_t len = 0;
-    size_t encodeBufferSize = B64ENCODE_OUT_SAFESIZE((value->len + 1));
-    char *encodeBuffer = OICCalloc(1, encodeBufferSize);
+    unsigned char *encodeBuffer = NULL;
+    int b64result = mbedtls_base64_encode(NULL, 0, &len, value->data, value->len);
+    VERIFY_SUCCESS(TAG, (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL == b64result), ERROR);
 
+    size_t encodeBufferSize = len;
+    encodeBuffer = OICCalloc(1, encodeBufferSize);
     VERIFY_NOT_NULL(TAG, encodeBuffer, ERROR);
 
-    B64Result b64result = b64Encode(value->data, value->len, encodeBuffer, encodeBufferSize, &len);
-    VERIFY_SUCCESS(TAG, (B64_OK == b64result), ERROR);
+    b64result = mbedtls_base64_encode(encodeBuffer, encodeBufferSize, &len, value->data, value->len);
+    VERIFY_SUCCESS(TAG, (0 == b64result), ERROR);
 
     result = cbor_encode_text_string(out, name, strlen(name));
     VERIFY_CBOR_SUCCESS_OR_OUT_OF_MEMORY(TAG, result, "Failed Adding name Tag.");
@@ -159,7 +162,7 @@ static CborError getCrlData(CborValue *in, const char *name, OicSecKey_t *value)
 
     CborError result = CborNoError;
     CborValue crlNode = { .parser = NULL };
-    char *decodeBuffer = NULL;
+    unsigned char *decodeBuffer = NULL;
     size_t decodeBufferSize;
 
     result = cbor_value_map_find_value(in, name, &crlNode);
@@ -169,17 +172,23 @@ static CborError getCrlData(CborValue *in, const char *name, OicSecKey_t *value)
                 (char **)&decodeBuffer, &decodeBufferSize, NULL);
         VERIFY_CBOR_SUCCESS_OR_OUT_OF_MEMORY(TAG, result, "Failed Advancing Byte Array.");
 
-        value->len = B64DECODE_OUT_SAFESIZE(decodeBufferSize + 1);
+        size_t outLen = 0;
+        int decodeResult = mbedtls_base64_decode(NULL, 0, &outLen, decodeBuffer, decodeBufferSize);
+        if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+        {
+            OIC_LOG(ERROR, TAG, "Failed base64 decoding -- invalid character");
+            return CborErrorInternalError;
+        }
+        value->len = outLen;
         value->data = OICCalloc(1, value->len);
         VERIFY_NOT_NULL(TAG, value->data, ERROR);
 
-        B64Result b64result = b64Decode(decodeBuffer, decodeBufferSize, value->data, value->len, &value->len);
-        if (B64_OK != b64result)
+        decodeResult = mbedtls_base64_decode(value->data, value->len, &outLen, decodeBuffer, decodeBufferSize);
+        if (0 != decodeResult)
         {
-            OIC_LOG_V(ERROR, TAG, "CRL b64Decode error");
+            OIC_LOG_V(ERROR, TAG, "CRL mbedtls_base64_decode error");
             result = CborErrorInternalError;
         }
-
     }
 
 exit:
@@ -810,20 +819,26 @@ void GetDerCrl(ByteArray_t* out)
 
     if (OIC_ENCODING_BASE64 == crl->encoding)
     {
-        size_t decodeBufferSize = B64DECODE_OUT_SAFESIZE((crl->len + 1));
-        uint8_t *decodeBuffer = OICCalloc(1, decodeBufferSize);
+        size_t len = 0;
+        int decodeResult = mbedtls_base64_decode(NULL, 0, &len, crl->data, crl->len);
+        if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+        {
+            OIC_LOG(ERROR, TAG, "Base64 decoding failed");
+            return;
+        }
+
+        size_t decodeBufferSize = len;
+        unsigned char *decodeBuffer = OICCalloc(1, decodeBufferSize);
         if (!decodeBuffer)
         {
             OIC_LOG(ERROR, TAG, "Can't allocate memory for base64 str");
             return;
         }
-        size_t len = 0;
 
-        if(B64_OK == b64Decode((char*)crl->data, crl->len, decodeBuffer, decodeBufferSize, &len))
+        if (0 == mbedtls_base64_decode(decodeBuffer, decodeBufferSize, &len, crl->data, crl->len))
         {
             memcpy(crl->data, decodeBuffer, len);
             crl->len = (size_t)len;
-
             OIC_LOG (ERROR, TAG, "Crl successfully decoded to base64.");
         }
         else
index 9942472..0a0c1b4 100644 (file)
@@ -28,7 +28,7 @@
 #include "experimental/logger.h"
 #include "pinoxmcommon.h"
 #include "pbkdf2.h"
-#include "base64.h"
+#include "mbedtls/base64.h"
 #include "srmresourcestrings.h"
 #include "experimental/doxmresource.h"
 #include "credresource.h"
@@ -598,11 +598,11 @@ int32_t GetDtlsPskForPreconfPinOxm( CADtlsPskCredType_t type,
                     const OicSecCred_t* cred = GetCredResourceData(&uuid);
                     if(cred)
                     {
-                        char* pinBuffer = NULL;
+                        unsigned char* pinBuffer = NULL;
                         size_t pinLength = 0;
                         if(OIC_ENCODING_RAW == cred->privateData.encoding)
                         {
-                            pinBuffer = (char*)OICCalloc(1, cred->privateData.len + 1);
+                            pinBuffer = (unsigned char*)OICCalloc(1, cred->privateData.len + 1);
                             if(NULL == pinBuffer)
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to allocate memory");
@@ -613,15 +613,21 @@ int32_t GetDtlsPskForPreconfPinOxm( CADtlsPskCredType_t type,
                         }
                         else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
                         {
-                            size_t pinBufSize = B64DECODE_OUT_SAFESIZE((cred->privateData.len + 1));
-                            pinBuffer = (char*)OICCalloc(1, pinBufSize);
+                            int decodeResult = mbedtls_base64_decode(NULL, 0, &pinLength, cred->privateData.data, cred->privateData.len);
+                            if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+                            {
+                                OIC_LOG(ERROR, TAG, "Base64 decoding failed");
+                                return ret;
+                            }
+                            size_t pinBufSize = pinLength;
+                            pinBuffer = (unsigned char*)OICCalloc(1, pinBufSize);
                             if(NULL == pinBuffer)
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to allocate memory");
                                 return ret;
                             }
 
-                            if(B64_OK != b64Decode((char*)cred->privateData.data, cred->privateData.len, (uint8_t*)pinBuffer, pinBufSize, &pinLength))
+                            if(0 != mbedtls_base64_decode(pinBuffer, pinBufSize, &pinLength, cred->privateData.data, cred->privateData.len))
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
                                 OICFree(pinBuffer);
@@ -704,11 +710,11 @@ int32_t GetDtlsPskForMotPreconfPinOxm( CADtlsPskCredType_t type,
                     const OicSecCred_t* cred = GetCredResourceData(&uuid);
                     if(cred)
                     {
-                        char* pinBuffer = NULL;
+                        unsigned char* pinBuffer = NULL;
                         size_t pinLength = 0;
                         if(OIC_ENCODING_RAW == cred->privateData.encoding)
                         {
-                            pinBuffer = (char*)OICCalloc(1, cred->privateData.len + 1);
+                            pinBuffer = (unsigned char*)OICCalloc(1, cred->privateData.len + 1);
                             if(NULL == pinBuffer)
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to allocate memory");
@@ -719,15 +725,21 @@ int32_t GetDtlsPskForMotPreconfPinOxm( CADtlsPskCredType_t type,
                         }
                         else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
                         {
-                            size_t pinBufSize = B64DECODE_OUT_SAFESIZE((cred->privateData.len + 1));
-                            pinBuffer = (char*)OICCalloc(1, pinBufSize);
+                            int decodeResult = mbedtls_base64_decode(NULL, 0, &pinLength, cred->privateData.data, cred->privateData.len);
+                            if ( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+                            {
+                                OIC_LOG(ERROR, TAG, "Failed base64 decoding");
+                                return ret;
+                            }
+                            size_t pinBufSize = pinLength;
+                            pinBuffer = (unsigned char*)OICCalloc(1, pinBufSize);
                             if(NULL == pinBuffer)
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to allocate memory");
                                 return ret;
                             }
 
-                            if(B64_OK != b64Decode((char*)cred->privateData.data, cred->privateData.len, (uint8_t*)pinBuffer, pinBufSize, &pinLength))
+                            if(0 != mbedtls_base64_decode(pinBuffer, pinBufSize, &pinLength, cred->privateData.data, cred->privateData.len))
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
                                 OICFree(pinBuffer);
index a890cc9..9343fd8 100644 (file)
@@ -20,7 +20,6 @@
 
 #include "ocstack.h"
 #include "experimental/logger.h"
-#include "base64.h"
 #include "srmresourcestrings.h"
 #include "cainterface.h"
 #include "oxmverifycommon.h"
index 2bd8397..3dfcac2 100644 (file)
@@ -24,7 +24,6 @@
 #include "srmresourcestrings.h"
 #include "experimental/logger.h"
 #include "oic_malloc.h"
-#include "base64.h"
 #include "experimental/ocrandom.h"
 #include "experimental/doxmresource.h"
 
index 28a1672..39fb780 100644 (file)
@@ -23,7 +23,6 @@
 #include <inttypes.h>
 #include "utlist.h"
 #include "cJSON.h"
-#include "base64.h"
 #include "cainterface.h"
 #include "ocstack.h"
 #include "oic_malloc.h"
index 20befb4..07adf1f 100644 (file)
 #include <mbedtls/x509_crt.h>
 #include <mbedtls/pkcs12.h>
 #include <mbedtls/ssl_internal.h>
+#include <mbedtls/base64.h>
 #include <string.h>
 #include <stdbool.h>
 
 #include "utlist.h"
-#include "base64.h"
 #include "octypes.h"
 #include "oic_malloc.h"
 #include "oic_string.h"
@@ -271,16 +271,21 @@ static void ParseDerCaCert(ByteArray_t *crt, const char *usage, uint16_t credId)
         {
             if (OIC_ENCODING_BASE64 == temp->optionalData.encoding)
             {
-                size_t bufSize = B64DECODE_OUT_SAFESIZE((temp->optionalData.len + 1));
+                size_t outSize;
+                int decodeResult = mbedtls_base64_decode(NULL, 0, &outSize, temp->optionalData.data, temp->optionalData.len);
+                if ( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+                {
+                    PRINT_ERR("ParseDerCaCert : Failed to decode base64 data");
+                    return;
+                }
+                size_t bufSize = outSize;
                 uint8_t *buf = OICCalloc(1, bufSize);
                 if (NULL == buf)
                 {
                     PRINT_ERR("ParseDerCaCert : Failed to allocate memory");
                     return;
                 }
-                size_t outSize;
-                if (B64_OK != b64Decode((char *)(temp->optionalData.data), temp->optionalData.len, buf, bufSize,
-                                        &outSize))
+                if (0 != mbedtls_base64_decode(buf, bufSize, &outSize, temp->optionalData.data, temp->optionalData.len))
                 {
                     OICFree(buf);
                     PRINT_ERR("ParseDerCaCert : Failed to decode base64 data");
@@ -873,13 +878,13 @@ static int InputCredEncodingType(const char *dataType, OicEncodingType_t *encodi
 
 static int InputPSK(OicSecKey_t *secKey)
 {
-    char *data = NULL;
+    unsigned char *data = NULL;
     size_t psklen = 0;
     size_t bufSize = 0;
     uint8_t *buf = NULL;
     size_t outSize = 0;
 
-    data = InputString("\tInput encoded base64 psk (decoded psk 128 or 256 bits,\n"
+    data = (unsigned char *)InputString("\tInput encoded base64 psk (decoded psk 128 or 256 bits,\n"
                        "\te.g. BxjJidB+u21QlEwMCYBoKA== ) : ");
     if (NULL == data)
     {
@@ -887,8 +892,14 @@ static int InputPSK(OicSecKey_t *secKey)
         return -1;
     }
 
-    psklen = strlen(data);
-    bufSize = B64DECODE_OUT_SAFESIZE(psklen + 1);
+    int decodeResult = mbedtls_base64_decode(NULL, 0, &outSize, data, psklen);
+    if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != decodeResult)
+    {
+        OIC_LOG(ERROR, TAG, "Failed base64 decoding for preconfig PIN");
+        return -1;
+    }
+    psklen = strlen((char*)data);
+    bufSize = outSize;
     buf = OICCalloc(1, bufSize);
     if (NULL == buf)
     {
@@ -897,7 +908,7 @@ static int InputPSK(OicSecKey_t *secKey)
         return -1;
     }
     //validate base64 psk
-    if (B64_OK != b64Decode(data, psklen, buf, bufSize, &outSize))
+    if (0 !=  mbedtls_base64_decode(buf, bufSize, &outSize, data, psklen))
     {
         PRINT_ERR("Failed to decode base64 data. Invalid base64 input");
         OICFree(data);
index a7fd2be..84e801c 100644 (file)
@@ -23,6 +23,7 @@
 #include "oic_malloc.h"
 #include <stdlib.h>
 #include <stdint.h>
+#include "mbedtls/base64.h"
 
 // Tests for base64 encode function
 TEST(B64Test, ValidInputForEncoding)
@@ -495,6 +496,83 @@ TEST(B64Test, EncodeThenDecode)
     OICFree(outBuf);
 }
 
+// IOT-1375 Test done to see if we can safely replace our custom Base64 implementation
+// with the impementation done in the mbedtls library.
+TEST(B64Test, EncodeThenDecodeUsingMbedtls)
+{
+
+    const unsigned char input[] = "This is a string that will be passed into  the Base64 "
+                         "encoder.  After it is encoded the encoded result will "
+                         "be passed into the Base64 decoded and the result will "
+                         "be checked with the original input to make sure the "
+                         "round trip results are as expected.";
+
+    size_t b64Size = 0;
+    // encode the null character at the end of the string.
+    size_t b64BufSize = B64ENCODE_OUT_SAFESIZE(sizeof(input));
+    char *b64Buf = (char *)OICCalloc(1, b64BufSize);
+    ASSERT_NE(nullptr, b64Buf) << "memory allocation error.";
+    EXPECT_EQ(B64_OK, b64Encode((const uint8_t *)input, sizeof(input), b64Buf, b64BufSize, &b64Size));
+    EXPECT_EQ(0u, b64Size % 4) <<
+                              "The return size for all b64Encode operations should be a multiple of 4.";
+
+    size_t outSize= 0;
+    size_t outBufSize = 0;
+    int decodeResult = mbedtls_base64_decode(nullptr, 0, &outSize, (unsigned char*)b64Buf, b64Size);
+    EXPECT_EQ(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, decodeResult);
+    EXPECT_LT(0u, outSize);
+    outBufSize = outSize;
+    unsigned char* outBuf = (unsigned char*)OICCalloc(1, outBufSize);
+    if (nullptr == outBuf)
+    {
+        OICFree(b64Buf);
+    }
+    ASSERT_NE(nullptr, outBuf) << "memory allocation error.";
+    EXPECT_EQ(0, mbedtls_base64_decode(outBuf, outBufSize, &outSize, (unsigned char*)b64Buf, b64Size));
+    EXPECT_STREQ((char*)input, (char*)outBuf);
+    OICFree(b64Buf);
+    OICFree(outBuf);
+}
+
+// IOT-1375 Test done to see if we can safely replace our custom Base64 implementation
+// with the impementation done in the mbedtls library.
+TEST(B64Test, EncodeUsingMbedtlsThenDecode)
+{
+
+    const unsigned char input[] = "This is a string that will be passed into  the Base64 "
+                         "encoder.  After it is encoded the encoded result will "
+                         "be passed into the Base64 decoded and the result will "
+                         "be checked with the original input to make sure the "
+                         "round trip results are as expected.";
+
+    size_t b64Size = 0;
+    // encode the null character at the end of the string.
+    size_t b64BufSize = 0;
+    EXPECT_EQ(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, mbedtls_base64_encode(nullptr, 0, &b64Size, input, sizeof(input)));
+    EXPECT_LT(0u, b64Size);
+    b64BufSize = b64Size;
+//    size_t b64BufSize = B64ENCODE_OUT_SAFESIZE(sizeof(input));
+    unsigned char *b64Buf = (unsigned char *)OICCalloc(1, b64BufSize);
+    ASSERT_NE(nullptr, b64Buf) << "memory allocation error.";
+    EXPECT_EQ(0, mbedtls_base64_encode(b64Buf, b64BufSize, &b64Size, input, sizeof(input)));
+//    EXPECT_EQ(B64_OK, b64Encode((const uint8_t *)input, sizeof(input), b64Buf, b64BufSize, &b64Size));
+    EXPECT_EQ(0u, b64Size % 4) <<
+                              "The return size for all b64Encode operations should be a multiple of 4.";
+
+    size_t outSize;
+    size_t outBufSize = B64DECODE_OUT_SAFESIZE(b64Size);
+    uint8_t *outBuf = (uint8_t *)OICCalloc(1, outBufSize);
+    if (nullptr == outBuf)
+    {
+        OICFree(b64Buf);
+    }
+    ASSERT_NE(nullptr, outBuf) << "memory allocation error.";
+    EXPECT_EQ(B64_OK, b64Decode((char*)b64Buf, b64Size, outBuf, outBufSize, &outSize));
+    EXPECT_STREQ((char*)input, (char *)outBuf);
+    OICFree(b64Buf);
+    OICFree(outBuf);
+}
+
 TEST(B64Test, Test_B64ENCODE_OUT_SAFESIZE_macro)
 {
     EXPECT_EQ(1, B64ENCODE_OUT_SAFESIZE(0)) << "macro tested B64ENCODE_OUT_SAFESIZE(0)";
index 3741b80..3d434b1 100644 (file)
@@ -21,7 +21,6 @@
 #include "ocstack.h"
 #include "experimental/ocrandom.h"
 #include "srmutility.h"
-#include "base64.h"
 #include "OCProvisioningManager.hpp"
 
 namespace OC
index b3ae416..b2ff360 100644 (file)
@@ -18,8 +18,6 @@
 //
 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
-#include "base64.h"
-
 #include "EnrolleeSecurity.h"
 #include "oxmjustworks.h"
 #include "oxmrandompin.h"
index de07370..552f326 100644 (file)
@@ -27,7 +27,6 @@
 #include "OCResource.h"
 #ifdef __WITH_DTLS__
 #include "EnrolleeSecurity.h"
-#include "base64.h"
 #include "oic_malloc.h"
 #endif //__WITH_DTLS