From 03570f9175f34777d00dbc14822051f520499cc0b6b9a68db7fa77da5e359e00 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 12 Apr 2022 13:54:01 +0000 Subject: [PATCH] Accepting request 969433 from SUSE:SLE-15-SP3:Update:Products:MicroOS52 needs a devel project to submit to Factory OBS-URL: https://build.opensuse.org/request/show/969433 OBS-URL: https://build.opensuse.org/package/show/security/fdo-client?expand=0&rev=1 --- .gitattributes | 23 +++ .gitignore | 1 + README | 7 + _service | 32 ++++ _servicedata | 14 ++ build.patch | 169 +++++++++++++++++ fdo-client-1.0.0+git20210816.baa09b5.tar.xz | 3 + fdo-client-service | 29 +++ fdo-client.changes | 5 + fdo-client.spec | 145 +++++++++++++++ fdoclient.service | 15 ++ gcc.patch | 171 ++++++++++++++++++ ...stringlib-1.0.0+git20171208.5da1bad.tar.xz | 3 + tinycbor-1.0.0+git20191022.755f9ef.tar.xz | 3 + 14 files changed, 620 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 README create mode 100644 _service create mode 100644 _servicedata create mode 100644 build.patch create mode 100644 fdo-client-1.0.0+git20210816.baa09b5.tar.xz create mode 100644 fdo-client-service create mode 100644 fdo-client.changes create mode 100644 fdo-client.spec create mode 100644 fdoclient.service create mode 100644 gcc.patch create mode 100644 safestringlib-1.0.0+git20171208.5da1bad.tar.xz create mode 100644 tinycbor-1.0.0+git20191022.755f9ef.tar.xz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README b/README new file mode 100644 index 0000000..727a630 --- /dev/null +++ b/README @@ -0,0 +1,7 @@ +For more information please have a look at the previous release: +https://github.com/schubi2/sdo-client +This client does only works with a fdo server. +The environment and examples are defined here: +https://github.com/secure-device-onboard/pri-fidoiot + +NOTE: Each FDO clients has to be adapted to customers individual requirements. diff --git a/_service b/_service new file mode 100644 index 0000000..1be0df4 --- /dev/null +++ b/_service @@ -0,0 +1,32 @@ + + + 1.0.0 + 1.0.0+git%cd.%h + git://github.com/intel/safestringlib.git + v1.0.0 + git + enable + + + 1.0.0 + 1.0.0+git%cd.%h + git@github.com:intel/tinycbor.git + git + v0.5.3 + enable + + + 1.0.0 + 1.0.0+git%cd.%h + git@github.com:secure-device-onboard/client-sdk-fidoiot.git + v1.0.0 + git + fdo-client + enable + + + xz + *.tar + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..e1678df --- /dev/null +++ b/_servicedata @@ -0,0 +1,14 @@ + + + git://github.com/intel/safestringlib.git + 5da1badd337e68c1334fb232c778166f46f6d9f9 + + + git@github.com:intel/tinycbor.git + 755f9ef932f9830a63a712fd2ac971d838b131f1 + + + git@github.com:secure-device-onboard/client-sdk-fidoiot.git + baa09b537ddbb4ce9fdf289ad55e885526d045ec + + \ No newline at end of file diff --git a/build.patch b/build.patch new file mode 100644 index 0000000..b3934d4 --- /dev/null +++ b/build.patch @@ -0,0 +1,169 @@ +diff -u a/blob_path.cmake b/blob_path.cmake +--- a/cmake/blob_path.cmake 2021-10-14 22:02:06.855474972 +0200 ++++ b/cmake/blob_path.cmake 2021-10-14 22:19:21.969170219 +0200 +@@ -7,17 +7,18 @@ + # Note all blobs and data will be made relative. + # if absoulte is needed declare BLOB_PATH on CLI + # or export BLOB_PATH= ++# RO_BLOB_PATH= is for data which does not need write access + + if(TARGET_OS MATCHES linux) + + client_sdk_compile_definitions( +- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\" +- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\" ++ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\" ++ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\" + -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\" + -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\" + -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\" +- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\" +- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\" ++ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\" ++ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\" + ) + if (${DA} MATCHES tpm) + client_sdk_compile_definitions( +@@ -53,24 +54,24 @@ + -DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\" + -DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\" + -DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\" +- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\" ++ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\" + ) + else() #Not unit tests + if (${DA} MATCHES ecdsa256) #ecdsa 256 selected + if (${DA_FILE} MATCHES pem) + client_sdk_compile_definitions( +- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.pem\") ++ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.pem\") + else() + client_sdk_compile_definitions( +- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.dat\") ++ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.dat\") + endif() + else() # ecdsa 384 selected + if (${DA_FILE} MATCHES pem) + client_sdk_compile_definitions( +- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.pem\") ++ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.pem\") + else() + client_sdk_compile_definitions( +- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.dat\") ++ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.dat\") + endif() + endif() + client_sdk_compile_definitions( +@@ -80,27 +81,27 @@ + -DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\" + -DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\" + -DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\" +- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\" ++ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\" + ) + endif() + if (NOT(${HTTPPROXY} STREQUAL "")) + client_sdk_compile_definitions( +- -DMFG_PROXY=\"${BLOB_PATH}/data/mfg_proxy.dat\" +- -DRV_PROXY=\"${BLOB_PATH}/data/rv_proxy.dat\" +- -DOWNER_PROXY=\"${BLOB_PATH}/data/owner_proxy.dat\" ++ -DMFG_PROXY=\"${RO_BLOB_PATH}/data/mfg_proxy.dat\" ++ -DRV_PROXY=\"${RO_BLOB_PATH}/data/rv_proxy.dat\" ++ -DOWNER_PROXY=\"${RO_BLOB_PATH}/data/owner_proxy.dat\" + ) + endif() + endif() + + if (${TARGET_OS} MATCHES mbedos) + client_sdk_compile_definitions( +- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\" +- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\" ++ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\" ++ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\" + -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\" + -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\" + -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\" +- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\" +- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\" ++ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\" ++ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\" + ) + if (${unit-test} MATCHES true) + client_sdk_compile_definitions( +@@ -110,7 +111,7 @@ + -DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\" + -DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\" + -DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\" +- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\" ++ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\" + ) + if (${DA_FILE} MATCHES pem) + client_sdk_compile_definitions( +@@ -164,10 +165,10 @@ + # Configure if needed at a later point + # configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS) + +-file(WRITE ${BLOB_PATH}/data/platform_iv.bin "") +-file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "") +-file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "") +-file(WRITE ${BLOB_PATH}/data/Normal.blob "") +-file(WRITE ${BLOB_PATH}/data/Secure.blob "") +-file(WRITE ${BLOB_PATH}/data/raw.blob "") +-file(WRITE ${BLOB_PATH}/data/max_serviceinfo_sz.bin "") ++file(WRITE ./data/platform_iv.bin "") ++file(WRITE ./data/platform_hmac_key.bin "") ++file(WRITE ./data/platform_aes_key.bin "") ++file(WRITE ./data/Normal.blob "") ++file(WRITE ./data/Secure.blob "") ++file(WRITE ./data/raw.blob "") ++file(WRITE ./data/max_serviceinfo_sz.bin "") +Nur in b: blob_path.cmake~. +diff -u a/cli_input.cmake b/cli_input.cmake +--- a/cmake/cli_input.cmake 2021-10-14 22:24:53.078959088 +0200 ++++ b/cmake/cli_input.cmake 2021-10-14 22:26:36.187516122 +0200 +@@ -24,6 +24,7 @@ + set (STORAGE true) + set (BOARD NUCLEO_F767ZI) + set (BLOB_PATH .) ++set (RO_BLOB_PATH .) + set (TPM2_TCTI_TYPE tabrmd) + set (RESALE true) + set (REUSE true) +@@ -501,6 +502,36 @@ + message("Selected BLOB_PATH ${BLOB_PATH}") + + ########################################### ++# FOR RO_BLOB_PATH ++get_property(cached_ro_blob_path_value CACHE RO_BLOB_PATH PROPERTY VALUE) ++ ++set(ro_blob_path_cli_arg ${cached_ro_blob_path_value}) ++if(ro_blob_path_cli_arg STREQUAL CACHED_RO_BLOB_PATH) ++ unset(ro_blob_path_cli_arg) ++endif() ++ ++set(ro_blob_path_app_cmake_lists ${RO_BLOB_PATH}) ++if(cached_ro_blob_path_value STREQUAL RO_BLOB_PATH) ++ unset(ro_blob_path_app_cmake_lists) ++endif() ++ ++if(CACHED_RO_BLOB_PATH) ++ if ((ro_blob_path_cli_arg) AND (NOT(CACHED_RO_BLOB_PATH STREQUAL ro_blob_path_cli_arg))) ++ message(WARNING "Need to do make pristine before cmake args can change.") ++ endif() ++ set(RO_BLOB_PATH ${CACHED_RO_BLOB_PATH}) ++elseif(ro_blob_path_cli_arg) ++ set(RO_BLOB_PATH ${ro_blob_path_cli_arg}) ++elseif(DEFINED ENV{RO_BLOB_PATH}) ++ set(RO_BLOB_PATH $ENV{RO_BLOB_PATH}) ++elseif(ro_blob_path_app_cmake_lists) ++ set(RO_BLOB_PATH ${ro_blob_path_app_cmake_lists}) ++endif() ++ ++set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH") ++message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}") ++ ++########################################### + # FOR WIFI_SSID + get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE) + +Nur in b: cli_input.cmake~. diff --git a/fdo-client-1.0.0+git20210816.baa09b5.tar.xz b/fdo-client-1.0.0+git20210816.baa09b5.tar.xz new file mode 100644 index 0000000..bf8b0e3 --- /dev/null +++ b/fdo-client-1.0.0+git20210816.baa09b5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f35493ad6470003d707834b11614296300f578163c474c7219a9aa4eff82b3c0 +size 255368 diff --git a/fdo-client-service b/fdo-client-service new file mode 100644 index 0000000..2c3c2db --- /dev/null +++ b/fdo-client-service @@ -0,0 +1,29 @@ +#!/bin/sh +check_file=/var/lib/fdo-client/initialized +data=/var/lib/fdo-client/data +log=/var/log/fdo-client.log + +cd ${data} + +if [ ! -f ${check_file} ]; then + # The first time the client will connect the manufacturer + # server in order to get information about rendevous service. + # After that the service will be stopped. The machine is now + # ready for delivery. Next time the machine will connect to + # the rendezvous service when it will be switched on. + /usr/bin/fdo-client >${log} + systemctl status fdoclient| grep 'Main PID' | awk '{print $3}' >${check_file} + /bin/systemctl stop fdoclient + exit 0 +fi + +while : +do + # The rendevous service returns the information about the + # prider platform service (only the first time). This service + # will be contacted periodically. + /usr/bin/fdo-client >>${log} + sleep 30; +done + + diff --git a/fdo-client.changes b/fdo-client.changes new file mode 100644 index 0000000..4c7a1cc --- /dev/null +++ b/fdo-client.changes @@ -0,0 +1,5 @@ +------------------------------------------------------------------- +Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert + +- This is the successor of sdo-client + EPIC: SLE/SLE-22946 diff --git a/fdo-client.spec b/fdo-client.spec new file mode 100644 index 0000000..2fc24bb --- /dev/null +++ b/fdo-client.spec @@ -0,0 +1,145 @@ +# +# spec file for package fdo-client +# +# Copyright (c) 2021 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: fdo-client +Version: 1.0.0+git20210816.baa09b5 +Release: 0 +Summary: FIDO Device Onboard Client +License: Apache-2.0 +Group: System/Base +URL: https://github.com/intel/safestringlib/tree/v1.0.0 +Source0: fdo-client-%{version}.tar.xz +Source1: safestringlib-1.0.0+git20171208.5da1bad.tar.xz +Source2: tinycbor-1.0.0+git20191022.755f9ef.tar.xz +Source3: fdo-client-service +Source4: fdoclient.service +Source5: README +Patch0: build.patch +Patch1: gcc.patch +Requires: openssl +Obsoletes: sdo-client +BuildRequires: cmake +BuildRequires: vim +BuildRequires: gcc-c++ +BuildRequires: libopenssl-devel +%{?systemd_ordering} + +%description +FDO-Client is a portable implementation of the FIDO Device Onboard Spec. +This component is portable across multiple environments, +including to various microprocessors (MPUs) and microcontrollers (MCUs). + +%package devel +Summary: FIDO Device Onboard Client SDK +Group: Development/Libraries/C and C++ +Requires: libopenssl-1_1-devel + +%description devel +This is a production-ready implementation of the Device component defined +in FIDO Device Onboard Spec published by the FIDO Alliance. +Appropriate security measures should be taken for storing the device +credentials while porting this to different platforms. + +%prep +%setup -q +%setup -q -D -a 1 +%setup -q -D -a 2 +%patch0 -p1 +%patch1 -p1 + +%build +pushd . +cd safestringlib* +mkdir obj +make +popd +cd tinycbor* +make +cd %{_builddir}/%{name}* +export SAFESTRING_ROOT=%{_builddir}/%{name}-%{version}/safestringlib-1.0.0+git20171208.5da1bad +export TINYCBOR_ROOT=%{_builddir}/%{name}-%{version}/tinycbor-1.0.0+git20191022.755f9ef +export BLOB_PATH=%{_sharedstatedir}/%{name} +export RO_BLOB_PATH=%{_datadir}/%{name} +cmake . +make +bash utils/keys_gen.sh . + +%install +mkdir -p %{buildroot}/%{_bindir} +mkdir -p %{buildroot}/%{_libdir} +mkdir -p %{buildroot}/%{_sbindir} +mkdir -p %{buildroot}/%{_docdir}/%{name} +mkdir -p %{buildroot}/%{_includedir} +mkdir -p %{buildroot}/%{_datadir}/%{name}/data +mkdir -p %{buildroot}/%{_sharedstatedir}/%{name}/data + +%{__install} -m 0755 build/linux-client %{buildroot}/%{_bindir}/%{name} +%{__install} -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/fdo-client-service +%{__install} -D -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}/fdoclient.service +%{__install} -m 0644 %{SOURCE5} %{buildroot}/%{_docdir}/%{name}/README +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcfdoclient + +%{__install} -m 644 build/*.a %{buildroot}/%{_libdir} +%{__install} -m 644 include/*.h %{buildroot}/%{_includedir} + +%{__install} data/ecdsa* %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/manufacturer_addr.bin %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/max_serviceinfo_sz.bin %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/mfg_proxy.dat %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/owner_proxy.dat %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/raw.blob %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/rv_proxy.dat %{buildroot}/%{_datadir}/%{name}/data + +%{__install} data/Normal.blob %{buildroot}/%{_sharedstatedir}/%{name}/data +%{__install} data/platform_aes_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data +%{__install} data/platform_hmac_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data +%{__install} data/platform_iv.bin %{buildroot}/%{_sharedstatedir}/%{name}/data +%{__install} data/Secure.blob %{buildroot}/%{_sharedstatedir}/%{name}/data + +%pre +%service_add_pre fdoclient.service + +%preun +%service_del_preun fdoclient.service + +%post +%service_add_post fdoclient.service + +%postun +%service_del_postun fdoclient.service + +%files +%license LICENSE +%doc README +%dir %{_datadir}/%{name} +%dir %{_datadir}/%{name}/data +%dir %{_sharedstatedir}/%{name} +%dir %{_sharedstatedir}/%{name}/data/ +%{_bindir}/%{name} +%{_bindir}/fdo-client-service +%{_datadir}/%{name}/data/* +%{_sharedstatedir}/%{name}/data/* +%{_unitdir}/fdoclient.service +%{_sbindir}/rcfdoclient + +%files devel +%license LICENSE +%{_includedir}/*.h +%{_libdir}/*.a + +%changelog diff --git a/fdoclient.service b/fdoclient.service new file mode 100644 index 0000000..9eaf04f --- /dev/null +++ b/fdoclient.service @@ -0,0 +1,15 @@ +[Unit] +Description=FDO client +After=remote-fs.target network-online.target +Wants=network-online.target + +[Service] +Type=simple +Environment=TERM=linux +ExecStart=/usr/bin/fdo-client-service +RemainAfterExit=no +TimeoutSec=0 + +[Install] +WantedBy=default.target + diff --git a/gcc.patch b/gcc.patch new file mode 100644 index 0000000..b7a7232 --- /dev/null +++ b/gcc.patch @@ -0,0 +1,171 @@ +--- org/lib/fdoprotctx.c 2021-10-18 21:51:23.914574062 +0200 ++++ patch/lib/fdoprotctx.c 2021-10-18 21:49:40.170002557 +0200 +@@ -118,8 +118,11 @@ + + switch (prot_ctx->protdata->state) { + case FDO_STATE_DI_APP_START: /* type 10 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_DI_SET_CREDENTIALS: /* type 11 */ ++ { + if (prot_ctx->host_dns) { + if (prot_ctx->resolved_ip) { + fdo_free(prot_ctx->resolved_ip); +@@ -133,9 +136,12 @@ + break; + } + } +- ATTRIBUTE_FALLTHROUGH; ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_DI_SET_HMAC: /* type 12 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_DI_DONE: /* type 13 */ + ret = connect_to_manufacturer( + prot_ctx->resolved_ip ? prot_ctx->resolved_ip : prot_ctx->host_ip, +@@ -144,24 +150,30 @@ + (prot_ctx->tls ? &prot_ctx->ssl : NULL)); + break; + case FDO_STATE_T01_SND_HELLO_FDO: /* type 30 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO1_RCV_HELLO_FDOACK: /* type 31 */ +- if (prot_ctx->host_dns) { +- if (prot_ctx->resolved_ip) { +- fdo_free(prot_ctx->resolved_ip); +- } +- if (!resolve_dn(prot_ctx->host_dns, +- &prot_ctx->resolved_ip, +- prot_ctx->host_port, +- (prot_ctx->tls ? &prot_ctx->ssl : NULL), +- is_rv_proxy_defined())) { +- ret = false; +- fdo_free(prot_ctx->resolved_ip); ++ { ++ if (prot_ctx->host_dns) { ++ if (prot_ctx->resolved_ip) { ++ fdo_free(prot_ctx->resolved_ip); ++ } ++ if (!resolve_dn(prot_ctx->host_dns, ++ &prot_ctx->resolved_ip, ++ prot_ctx->host_port, ++ (prot_ctx->tls ? &prot_ctx->ssl : NULL), ++ is_rv_proxy_defined())) { ++ ret = false; ++ fdo_free(prot_ctx->resolved_ip); ++ } + } ++ ATTRIBUTE_FALLTHROUGH; + } +- ATTRIBUTE_FALLTHROUGH; + case FDO_STATE_TO1_SND_PROVE_TO_FDO: /* type 32 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO1_RCV_FDO_REDIRECT: /* type 33 */ + // try DNS's resolved IP first, if it fails, try given IP address + ret = connect_to_rendezvous( +@@ -174,40 +186,62 @@ + } + break; + case FDO_STATE_T02_SND_HELLO_DEVICE: /* type 60 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO2_RCV_PROVE_OVHDR: /* type 61 */ +- if (prot_ctx->host_dns) { +- if (prot_ctx->resolved_ip) { +- fdo_free(prot_ctx->resolved_ip); +- } +- if (!resolve_dn(prot_ctx->host_dns, +- &prot_ctx->resolved_ip, +- prot_ctx->host_port, +- (prot_ctx->tls ? &prot_ctx->ssl : NULL), +- is_owner_proxy_defined())) { +- ret = false; +- fdo_free(prot_ctx->resolved_ip); ++ { ++ if (prot_ctx->host_dns) { ++ if (prot_ctx->resolved_ip) { ++ fdo_free(prot_ctx->resolved_ip); ++ } ++ if (!resolve_dn(prot_ctx->host_dns, ++ &prot_ctx->resolved_ip, ++ prot_ctx->host_port, ++ (prot_ctx->tls ? &prot_ctx->ssl : NULL), ++ is_owner_proxy_defined())) { ++ ret = false; ++ fdo_free(prot_ctx->resolved_ip); ++ } + } ++ ATTRIBUTE_FALLTHROUGH; + } +- ATTRIBUTE_FALLTHROUGH; + case FDO_STATE_TO2_SND_GET_OP_NEXT_ENTRY: /* type 62 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_T02_RCV_OP_NEXT_ENTRY: /* type 63 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO2_SND_PROVE_DEVICE: /* type 64 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO2_RCV_GET_NEXT_DEVICE_SERVICE_INFO: /* type 65 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO2_SND_NEXT_DEVICE_SERVICE_INFO: /* type 66 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO2_RCV_SETUP_DEVICE: /* type 67 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_T02_SND_GET_NEXT_OWNER_SERVICE_INFO: /* type 68 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_T02_RCV_NEXT_OWNER_SERVICE_INFO: /* type 69 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO2_SND_DONE: /* type 70 */ +- ATTRIBUTE_FALLTHROUGH; ++ { ++ ATTRIBUTE_FALLTHROUGH; ++ } + case FDO_STATE_TO2_RCV_DONE_2: /* type 71 */ + // try DNS's resolved IP first, if it fails, try given IP address + ret = connect_to_owner(prot_ctx->resolved_ip, prot_ctx->host_port, +--- org/lib/credentials_from_file.c 2021-10-18 22:19:33.447783075 +0200 ++++ patch/lib/credentials_from_file.c 2021-10-18 22:19:20.143711330 +0200 +@@ -228,8 +228,6 @@ + return true; + } + +- LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len); +- + fdor = fdo_alloc(sizeof(fdor_t)); + if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) { + LOG(LOG_ERROR, "FDOR Initialization/Allocation failed!\n"); diff --git a/safestringlib-1.0.0+git20171208.5da1bad.tar.xz b/safestringlib-1.0.0+git20171208.5da1bad.tar.xz new file mode 100644 index 0000000..de36804 --- /dev/null +++ b/safestringlib-1.0.0+git20171208.5da1bad.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8ab93a68c870122b0353990b03a94aebfd285cb5810572973352f034d04d10a0 +size 51912 diff --git a/tinycbor-1.0.0+git20191022.755f9ef.tar.xz b/tinycbor-1.0.0+git20191022.755f9ef.tar.xz new file mode 100644 index 0000000..69e28e3 --- /dev/null +++ b/tinycbor-1.0.0+git20191022.755f9ef.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:96a87fa1ccb5c4683fc847311c68e8b9fd4dc8366f8d4f4795a641e800ca34b1 +size 70016