Accepting request 969433 from SUSE:SLE-15-SP3:Update:Products:MicroOS52
needs a devel project to submit to Factory OBS-URL: https://build.opensuse.org/request/show/969433 OBS-URL: https://build.opensuse.org/package/show/security/fdo-client?expand=0&rev=1
This commit is contained in:
commit
03570f9175
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.osc
|
7
README
Normal file
7
README
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
For more information please have a look at the previous release:
|
||||||
|
https://github.com/schubi2/sdo-client
|
||||||
|
This client does only works with a fdo server.
|
||||||
|
The environment and examples are defined here:
|
||||||
|
https://github.com/secure-device-onboard/pri-fidoiot
|
||||||
|
|
||||||
|
NOTE: Each FDO clients has to be adapted to customers individual requirements.
|
32
_service
Normal file
32
_service
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
<services>
|
||||||
|
<service name="tar_scm" mode="disabled">
|
||||||
|
<param name="version">1.0.0</param>
|
||||||
|
<param name="versionformat">1.0.0+git%cd.%h</param>
|
||||||
|
<param name="url">git://github.com/intel/safestringlib.git</param>
|
||||||
|
<param name="revision">v1.0.0</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm" mode="disabled">
|
||||||
|
<param name="version">1.0.0</param>
|
||||||
|
<param name="versionformat">1.0.0+git%cd.%h</param>
|
||||||
|
<param name="url">git@github.com:intel/tinycbor.git</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="revision">v0.5.3</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm" mode="disabled">
|
||||||
|
<param name="version">1.0.0</param>
|
||||||
|
<param name="versionformat">1.0.0+git%cd.%h</param>
|
||||||
|
<param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
|
||||||
|
<param name="revision">v1.0.0</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="filename">fdo-client</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
</service>
|
||||||
|
<service name="recompress" mode="disabled">
|
||||||
|
<param name="compression">xz</param>
|
||||||
|
<param name="file">*.tar</param>
|
||||||
|
</service>
|
||||||
|
<service name="set_version" mode="disabled"/>
|
||||||
|
</services>
|
14
_servicedata
Normal file
14
_servicedata
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
<servicedata>
|
||||||
|
<service name="tar_scm">
|
||||||
|
<param name="url">git://github.com/intel/safestringlib.git</param>
|
||||||
|
<param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm">
|
||||||
|
<param name="url">git@github.com:intel/tinycbor.git</param>
|
||||||
|
<param name="changesrevision">755f9ef932f9830a63a712fd2ac971d838b131f1</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm">
|
||||||
|
<param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
|
||||||
|
<param name="changesrevision">baa09b537ddbb4ce9fdf289ad55e885526d045ec</param>
|
||||||
|
</service>
|
||||||
|
</servicedata>
|
169
build.patch
Normal file
169
build.patch
Normal file
@ -0,0 +1,169 @@
|
|||||||
|
diff -u a/blob_path.cmake b/blob_path.cmake
|
||||||
|
--- a/cmake/blob_path.cmake 2021-10-14 22:02:06.855474972 +0200
|
||||||
|
+++ b/cmake/blob_path.cmake 2021-10-14 22:19:21.969170219 +0200
|
||||||
|
@@ -7,17 +7,18 @@
|
||||||
|
# Note all blobs and data will be made relative.
|
||||||
|
# if absoulte is needed declare BLOB_PATH on CLI
|
||||||
|
# or export BLOB_PATH=<path>
|
||||||
|
+# RO_BLOB_PATH=<path> is for data which does not need write access
|
||||||
|
|
||||||
|
if(TARGET_OS MATCHES linux)
|
||||||
|
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||||
|
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||||
|
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||||
|
+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||||
|
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
|
||||||
|
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
|
||||||
|
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
|
||||||
|
- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||||
|
- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||||
|
+ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||||
|
+ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||||
|
)
|
||||||
|
if (${DA} MATCHES tpm)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
@@ -53,24 +54,24 @@
|
||||||
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||||
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||||
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||||
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||||
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||||
|
)
|
||||||
|
else() #Not unit tests
|
||||||
|
if (${DA} MATCHES ecdsa256) #ecdsa 256 selected
|
||||||
|
if (${DA_FILE} MATCHES pem)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.pem\")
|
||||||
|
+ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.pem\")
|
||||||
|
else()
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.dat\")
|
||||||
|
+ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.dat\")
|
||||||
|
endif()
|
||||||
|
else() # ecdsa 384 selected
|
||||||
|
if (${DA_FILE} MATCHES pem)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.pem\")
|
||||||
|
+ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.pem\")
|
||||||
|
else()
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.dat\")
|
||||||
|
+ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.dat\")
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
@@ -80,27 +81,27 @@
|
||||||
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||||
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||||
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||||
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||||
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||||
|
)
|
||||||
|
endif()
|
||||||
|
if (NOT(${HTTPPROXY} STREQUAL ""))
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DMFG_PROXY=\"${BLOB_PATH}/data/mfg_proxy.dat\"
|
||||||
|
- -DRV_PROXY=\"${BLOB_PATH}/data/rv_proxy.dat\"
|
||||||
|
- -DOWNER_PROXY=\"${BLOB_PATH}/data/owner_proxy.dat\"
|
||||||
|
+ -DMFG_PROXY=\"${RO_BLOB_PATH}/data/mfg_proxy.dat\"
|
||||||
|
+ -DRV_PROXY=\"${RO_BLOB_PATH}/data/rv_proxy.dat\"
|
||||||
|
+ -DOWNER_PROXY=\"${RO_BLOB_PATH}/data/owner_proxy.dat\"
|
||||||
|
)
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
|
if (${TARGET_OS} MATCHES mbedos)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||||
|
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||||
|
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||||
|
+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||||
|
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
|
||||||
|
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
|
||||||
|
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
|
||||||
|
- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||||
|
- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||||
|
+ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||||
|
+ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||||
|
)
|
||||||
|
if (${unit-test} MATCHES true)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
@@ -110,7 +111,7 @@
|
||||||
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||||
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||||
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||||
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||||
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||||
|
)
|
||||||
|
if (${DA_FILE} MATCHES pem)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
@@ -164,10 +165,10 @@
|
||||||
|
# Configure if needed at a later point
|
||||||
|
# configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
|
||||||
|
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/platform_iv.bin "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/Normal.blob "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/Secure.blob "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/raw.blob "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/max_serviceinfo_sz.bin "")
|
||||||
|
+file(WRITE ./data/platform_iv.bin "")
|
||||||
|
+file(WRITE ./data/platform_hmac_key.bin "")
|
||||||
|
+file(WRITE ./data/platform_aes_key.bin "")
|
||||||
|
+file(WRITE ./data/Normal.blob "")
|
||||||
|
+file(WRITE ./data/Secure.blob "")
|
||||||
|
+file(WRITE ./data/raw.blob "")
|
||||||
|
+file(WRITE ./data/max_serviceinfo_sz.bin "")
|
||||||
|
Nur in b: blob_path.cmake~.
|
||||||
|
diff -u a/cli_input.cmake b/cli_input.cmake
|
||||||
|
--- a/cmake/cli_input.cmake 2021-10-14 22:24:53.078959088 +0200
|
||||||
|
+++ b/cmake/cli_input.cmake 2021-10-14 22:26:36.187516122 +0200
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
set (STORAGE true)
|
||||||
|
set (BOARD NUCLEO_F767ZI)
|
||||||
|
set (BLOB_PATH .)
|
||||||
|
+set (RO_BLOB_PATH .)
|
||||||
|
set (TPM2_TCTI_TYPE tabrmd)
|
||||||
|
set (RESALE true)
|
||||||
|
set (REUSE true)
|
||||||
|
@@ -501,6 +502,36 @@
|
||||||
|
message("Selected BLOB_PATH ${BLOB_PATH}")
|
||||||
|
|
||||||
|
###########################################
|
||||||
|
+# FOR RO_BLOB_PATH
|
||||||
|
+get_property(cached_ro_blob_path_value CACHE RO_BLOB_PATH PROPERTY VALUE)
|
||||||
|
+
|
||||||
|
+set(ro_blob_path_cli_arg ${cached_ro_blob_path_value})
|
||||||
|
+if(ro_blob_path_cli_arg STREQUAL CACHED_RO_BLOB_PATH)
|
||||||
|
+ unset(ro_blob_path_cli_arg)
|
||||||
|
+endif()
|
||||||
|
+
|
||||||
|
+set(ro_blob_path_app_cmake_lists ${RO_BLOB_PATH})
|
||||||
|
+if(cached_ro_blob_path_value STREQUAL RO_BLOB_PATH)
|
||||||
|
+ unset(ro_blob_path_app_cmake_lists)
|
||||||
|
+endif()
|
||||||
|
+
|
||||||
|
+if(CACHED_RO_BLOB_PATH)
|
||||||
|
+ if ((ro_blob_path_cli_arg) AND (NOT(CACHED_RO_BLOB_PATH STREQUAL ro_blob_path_cli_arg)))
|
||||||
|
+ message(WARNING "Need to do make pristine before cmake args can change.")
|
||||||
|
+ endif()
|
||||||
|
+ set(RO_BLOB_PATH ${CACHED_RO_BLOB_PATH})
|
||||||
|
+elseif(ro_blob_path_cli_arg)
|
||||||
|
+ set(RO_BLOB_PATH ${ro_blob_path_cli_arg})
|
||||||
|
+elseif(DEFINED ENV{RO_BLOB_PATH})
|
||||||
|
+ set(RO_BLOB_PATH $ENV{RO_BLOB_PATH})
|
||||||
|
+elseif(ro_blob_path_app_cmake_lists)
|
||||||
|
+ set(RO_BLOB_PATH ${ro_blob_path_app_cmake_lists})
|
||||||
|
+endif()
|
||||||
|
+
|
||||||
|
+set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
|
||||||
|
+message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
|
||||||
|
+
|
||||||
|
+###########################################
|
||||||
|
# FOR WIFI_SSID
|
||||||
|
get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
|
||||||
|
|
||||||
|
Nur in b: cli_input.cmake~.
|
3
fdo-client-1.0.0+git20210816.baa09b5.tar.xz
Normal file
3
fdo-client-1.0.0+git20210816.baa09b5.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:f35493ad6470003d707834b11614296300f578163c474c7219a9aa4eff82b3c0
|
||||||
|
size 255368
|
29
fdo-client-service
Normal file
29
fdo-client-service
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
check_file=/var/lib/fdo-client/initialized
|
||||||
|
data=/var/lib/fdo-client/data
|
||||||
|
log=/var/log/fdo-client.log
|
||||||
|
|
||||||
|
cd ${data}
|
||||||
|
|
||||||
|
if [ ! -f ${check_file} ]; then
|
||||||
|
# The first time the client will connect the manufacturer
|
||||||
|
# server in order to get information about rendevous service.
|
||||||
|
# After that the service will be stopped. The machine is now
|
||||||
|
# ready for delivery. Next time the machine will connect to
|
||||||
|
# the rendezvous service when it will be switched on.
|
||||||
|
/usr/bin/fdo-client >${log}
|
||||||
|
systemctl status fdoclient| grep 'Main PID' | awk '{print $3}' >${check_file}
|
||||||
|
/bin/systemctl stop fdoclient
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
while :
|
||||||
|
do
|
||||||
|
# The rendevous service returns the information about the
|
||||||
|
# prider platform service (only the first time). This service
|
||||||
|
# will be contacted periodically.
|
||||||
|
/usr/bin/fdo-client >>${log}
|
||||||
|
sleep 30;
|
||||||
|
done
|
||||||
|
|
||||||
|
|
5
fdo-client.changes
Normal file
5
fdo-client.changes
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
|
||||||
|
|
||||||
|
- This is the successor of sdo-client
|
||||||
|
EPIC: SLE/SLE-22946
|
145
fdo-client.spec
Normal file
145
fdo-client.spec
Normal file
@ -0,0 +1,145 @@
|
|||||||
|
#
|
||||||
|
# spec file for package fdo-client
|
||||||
|
#
|
||||||
|
# Copyright (c) 2021 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: fdo-client
|
||||||
|
Version: 1.0.0+git20210816.baa09b5
|
||||||
|
Release: 0
|
||||||
|
Summary: FIDO Device Onboard Client
|
||||||
|
License: Apache-2.0
|
||||||
|
Group: System/Base
|
||||||
|
URL: https://github.com/intel/safestringlib/tree/v1.0.0
|
||||||
|
Source0: fdo-client-%{version}.tar.xz
|
||||||
|
Source1: safestringlib-1.0.0+git20171208.5da1bad.tar.xz
|
||||||
|
Source2: tinycbor-1.0.0+git20191022.755f9ef.tar.xz
|
||||||
|
Source3: fdo-client-service
|
||||||
|
Source4: fdoclient.service
|
||||||
|
Source5: README
|
||||||
|
Patch0: build.patch
|
||||||
|
Patch1: gcc.patch
|
||||||
|
Requires: openssl
|
||||||
|
Obsoletes: sdo-client
|
||||||
|
BuildRequires: cmake
|
||||||
|
BuildRequires: vim
|
||||||
|
BuildRequires: gcc-c++
|
||||||
|
BuildRequires: libopenssl-devel
|
||||||
|
%{?systemd_ordering}
|
||||||
|
|
||||||
|
%description
|
||||||
|
FDO-Client is a portable implementation of the FIDO Device Onboard Spec.
|
||||||
|
This component is portable across multiple environments,
|
||||||
|
including to various microprocessors (MPUs) and microcontrollers (MCUs).
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: FIDO Device Onboard Client SDK
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
Requires: libopenssl-1_1-devel
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
This is a production-ready implementation of the Device component defined
|
||||||
|
in FIDO Device Onboard Spec published by the FIDO Alliance.
|
||||||
|
Appropriate security measures should be taken for storing the device
|
||||||
|
credentials while porting this to different platforms.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q
|
||||||
|
%setup -q -D -a 1
|
||||||
|
%setup -q -D -a 2
|
||||||
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
pushd .
|
||||||
|
cd safestringlib*
|
||||||
|
mkdir obj
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
cd tinycbor*
|
||||||
|
make
|
||||||
|
cd %{_builddir}/%{name}*
|
||||||
|
export SAFESTRING_ROOT=%{_builddir}/%{name}-%{version}/safestringlib-1.0.0+git20171208.5da1bad
|
||||||
|
export TINYCBOR_ROOT=%{_builddir}/%{name}-%{version}/tinycbor-1.0.0+git20191022.755f9ef
|
||||||
|
export BLOB_PATH=%{_sharedstatedir}/%{name}
|
||||||
|
export RO_BLOB_PATH=%{_datadir}/%{name}
|
||||||
|
cmake .
|
||||||
|
make
|
||||||
|
bash utils/keys_gen.sh .
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p %{buildroot}/%{_bindir}
|
||||||
|
mkdir -p %{buildroot}/%{_libdir}
|
||||||
|
mkdir -p %{buildroot}/%{_sbindir}
|
||||||
|
mkdir -p %{buildroot}/%{_docdir}/%{name}
|
||||||
|
mkdir -p %{buildroot}/%{_includedir}
|
||||||
|
mkdir -p %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
mkdir -p %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
|
||||||
|
%{__install} -m 0755 build/linux-client %{buildroot}/%{_bindir}/%{name}
|
||||||
|
%{__install} -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/fdo-client-service
|
||||||
|
%{__install} -D -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}/fdoclient.service
|
||||||
|
%{__install} -m 0644 %{SOURCE5} %{buildroot}/%{_docdir}/%{name}/README
|
||||||
|
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcfdoclient
|
||||||
|
|
||||||
|
%{__install} -m 644 build/*.a %{buildroot}/%{_libdir}
|
||||||
|
%{__install} -m 644 include/*.h %{buildroot}/%{_includedir}
|
||||||
|
|
||||||
|
%{__install} data/ecdsa* %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/manufacturer_addr.bin %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/max_serviceinfo_sz.bin %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/mfg_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/owner_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/raw.blob %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/rv_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
|
||||||
|
%{__install} data/Normal.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
%{__install} data/platform_aes_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
%{__install} data/platform_hmac_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
%{__install} data/platform_iv.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
%{__install} data/Secure.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
|
||||||
|
%pre
|
||||||
|
%service_add_pre fdoclient.service
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%service_del_preun fdoclient.service
|
||||||
|
|
||||||
|
%post
|
||||||
|
%service_add_post fdoclient.service
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%service_del_postun fdoclient.service
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license LICENSE
|
||||||
|
%doc README
|
||||||
|
%dir %{_datadir}/%{name}
|
||||||
|
%dir %{_datadir}/%{name}/data
|
||||||
|
%dir %{_sharedstatedir}/%{name}
|
||||||
|
%dir %{_sharedstatedir}/%{name}/data/
|
||||||
|
%{_bindir}/%{name}
|
||||||
|
%{_bindir}/fdo-client-service
|
||||||
|
%{_datadir}/%{name}/data/*
|
||||||
|
%{_sharedstatedir}/%{name}/data/*
|
||||||
|
%{_unitdir}/fdoclient.service
|
||||||
|
%{_sbindir}/rcfdoclient
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%license LICENSE
|
||||||
|
%{_includedir}/*.h
|
||||||
|
%{_libdir}/*.a
|
||||||
|
|
||||||
|
%changelog
|
15
fdoclient.service
Normal file
15
fdoclient.service
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=FDO client
|
||||||
|
After=remote-fs.target network-online.target
|
||||||
|
Wants=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Environment=TERM=linux
|
||||||
|
ExecStart=/usr/bin/fdo-client-service
|
||||||
|
RemainAfterExit=no
|
||||||
|
TimeoutSec=0
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
||||||
|
|
171
gcc.patch
Normal file
171
gcc.patch
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
--- org/lib/fdoprotctx.c 2021-10-18 21:51:23.914574062 +0200
|
||||||
|
+++ patch/lib/fdoprotctx.c 2021-10-18 21:49:40.170002557 +0200
|
||||||
|
@@ -118,8 +118,11 @@
|
||||||
|
|
||||||
|
switch (prot_ctx->protdata->state) {
|
||||||
|
case FDO_STATE_DI_APP_START: /* type 10 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_DI_SET_CREDENTIALS: /* type 11 */
|
||||||
|
+ {
|
||||||
|
if (prot_ctx->host_dns) {
|
||||||
|
if (prot_ctx->resolved_ip) {
|
||||||
|
fdo_free(prot_ctx->resolved_ip);
|
||||||
|
@@ -133,9 +136,12 @@
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_DI_SET_HMAC: /* type 12 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_DI_DONE: /* type 13 */
|
||||||
|
ret = connect_to_manufacturer(
|
||||||
|
prot_ctx->resolved_ip ? prot_ctx->resolved_ip : prot_ctx->host_ip,
|
||||||
|
@@ -144,24 +150,30 @@
|
||||||
|
(prot_ctx->tls ? &prot_ctx->ssl : NULL));
|
||||||
|
break;
|
||||||
|
case FDO_STATE_T01_SND_HELLO_FDO: /* type 30 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO1_RCV_HELLO_FDOACK: /* type 31 */
|
||||||
|
- if (prot_ctx->host_dns) {
|
||||||
|
- if (prot_ctx->resolved_ip) {
|
||||||
|
- fdo_free(prot_ctx->resolved_ip);
|
||||||
|
- }
|
||||||
|
- if (!resolve_dn(prot_ctx->host_dns,
|
||||||
|
- &prot_ctx->resolved_ip,
|
||||||
|
- prot_ctx->host_port,
|
||||||
|
- (prot_ctx->tls ? &prot_ctx->ssl : NULL),
|
||||||
|
- is_rv_proxy_defined())) {
|
||||||
|
- ret = false;
|
||||||
|
- fdo_free(prot_ctx->resolved_ip);
|
||||||
|
+ {
|
||||||
|
+ if (prot_ctx->host_dns) {
|
||||||
|
+ if (prot_ctx->resolved_ip) {
|
||||||
|
+ fdo_free(prot_ctx->resolved_ip);
|
||||||
|
+ }
|
||||||
|
+ if (!resolve_dn(prot_ctx->host_dns,
|
||||||
|
+ &prot_ctx->resolved_ip,
|
||||||
|
+ prot_ctx->host_port,
|
||||||
|
+ (prot_ctx->tls ? &prot_ctx->ssl : NULL),
|
||||||
|
+ is_rv_proxy_defined())) {
|
||||||
|
+ ret = false;
|
||||||
|
+ fdo_free(prot_ctx->resolved_ip);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
}
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
case FDO_STATE_TO1_SND_PROVE_TO_FDO: /* type 32 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO1_RCV_FDO_REDIRECT: /* type 33 */
|
||||||
|
// try DNS's resolved IP first, if it fails, try given IP address
|
||||||
|
ret = connect_to_rendezvous(
|
||||||
|
@@ -174,40 +186,62 @@
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case FDO_STATE_T02_SND_HELLO_DEVICE: /* type 60 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO2_RCV_PROVE_OVHDR: /* type 61 */
|
||||||
|
- if (prot_ctx->host_dns) {
|
||||||
|
- if (prot_ctx->resolved_ip) {
|
||||||
|
- fdo_free(prot_ctx->resolved_ip);
|
||||||
|
- }
|
||||||
|
- if (!resolve_dn(prot_ctx->host_dns,
|
||||||
|
- &prot_ctx->resolved_ip,
|
||||||
|
- prot_ctx->host_port,
|
||||||
|
- (prot_ctx->tls ? &prot_ctx->ssl : NULL),
|
||||||
|
- is_owner_proxy_defined())) {
|
||||||
|
- ret = false;
|
||||||
|
- fdo_free(prot_ctx->resolved_ip);
|
||||||
|
+ {
|
||||||
|
+ if (prot_ctx->host_dns) {
|
||||||
|
+ if (prot_ctx->resolved_ip) {
|
||||||
|
+ fdo_free(prot_ctx->resolved_ip);
|
||||||
|
+ }
|
||||||
|
+ if (!resolve_dn(prot_ctx->host_dns,
|
||||||
|
+ &prot_ctx->resolved_ip,
|
||||||
|
+ prot_ctx->host_port,
|
||||||
|
+ (prot_ctx->tls ? &prot_ctx->ssl : NULL),
|
||||||
|
+ is_owner_proxy_defined())) {
|
||||||
|
+ ret = false;
|
||||||
|
+ fdo_free(prot_ctx->resolved_ip);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
}
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
case FDO_STATE_TO2_SND_GET_OP_NEXT_ENTRY: /* type 62 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_T02_RCV_OP_NEXT_ENTRY: /* type 63 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO2_SND_PROVE_DEVICE: /* type 64 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO2_RCV_GET_NEXT_DEVICE_SERVICE_INFO: /* type 65 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO2_SND_NEXT_DEVICE_SERVICE_INFO: /* type 66 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO2_RCV_SETUP_DEVICE: /* type 67 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_T02_SND_GET_NEXT_OWNER_SERVICE_INFO: /* type 68 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_T02_RCV_NEXT_OWNER_SERVICE_INFO: /* type 69 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO2_SND_DONE: /* type 70 */
|
||||||
|
- ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ {
|
||||||
|
+ ATTRIBUTE_FALLTHROUGH;
|
||||||
|
+ }
|
||||||
|
case FDO_STATE_TO2_RCV_DONE_2: /* type 71 */
|
||||||
|
// try DNS's resolved IP first, if it fails, try given IP address
|
||||||
|
ret = connect_to_owner(prot_ctx->resolved_ip, prot_ctx->host_port,
|
||||||
|
--- org/lib/credentials_from_file.c 2021-10-18 22:19:33.447783075 +0200
|
||||||
|
+++ patch/lib/credentials_from_file.c 2021-10-18 22:19:20.143711330 +0200
|
||||||
|
@@ -228,8 +228,6 @@
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
- LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len);
|
||||||
|
-
|
||||||
|
fdor = fdo_alloc(sizeof(fdor_t));
|
||||||
|
if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) {
|
||||||
|
LOG(LOG_ERROR, "FDOR Initialization/Allocation failed!\n");
|
BIN
safestringlib-1.0.0+git20171208.5da1bad.tar.xz
(Stored with Git LFS)
Normal file
BIN
safestringlib-1.0.0+git20171208.5da1bad.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
tinycbor-1.0.0+git20191022.755f9ef.tar.xz
(Stored with Git LFS)
Normal file
BIN
tinycbor-1.0.0+git20191022.755f9ef.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user