ai-code-review #289
Open
ai-code-review #289
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Shrikant Temburwar <[email protected]>
* Update TPM library installation script * Readme updates Signed-off-by: Shrikant Temburwar <[email protected]>
* Readme updates * Update TPM lib installation script for RHEL Signed-off-by: Shrikant Temburwar <[email protected]>
* Add ECDSA-384 key support for TPM * Add SHA384 HMAC support for TPM * Add AES 256-bit key type for TPM ECDSA 384 Signed-off-by: Shrikant Temburwar <[email protected]>
Fix coverity scan findings Signed-off-by: Shrikant Temburwar <[email protected]>
* Openssl 3 porting (fido-device-onboard#194) * CSDK code updated with openssl 3 APIs The deprecated openssl APIs are updated with openssl 3 APIs. Signed-off-by: tajnisha <[email protected]> * CSDK updated with openssl 3 APIs Added minor clean-ups on top of original changes. Signed-off-by: tajnisha <[email protected]> * Add OpenSSL 3.0 support for CSDK TPM Signed-off-by: Shrikant Temburwar <[email protected]> * Fix memory leaks Signed-off-by: Shrikant Temburwar <[email protected]> * Addressed review comments for openssl 3 csdk changes. Signed-off-by: Tajunnisha N <[email protected]> Signed-off-by: tajnisha <[email protected]> Signed-off-by: Shrikant Temburwar <[email protected]> Signed-off-by: Tajunnisha N <[email protected]> Co-authored-by: Shrikant Temburwar <[email protected]> Signed-off-by: Shrikant Temburwar <[email protected]> * Update TPM lib version and installation script Signed-off-by: Shrikant Temburwar <[email protected]> * Updated Readme file for openssl 3 setup steps Signed-off-by: Shrikant Temburwar <[email protected]> * Readme updates Signed-off-by: Shrikant Temburwar <[email protected]> * Update Readme and installation scripts Signed-off-by: Shrikant Temburwar <[email protected]> * Readme and script updates Signed-off-by: Shrikant Temburwar <[email protected]> * * Readme update * Added OpenSSL and Curl path to /opt/ by default in the openssl and tpm lib installation script * Updated unit tests for OpenSSL 3 Signed-off-by: Shrikant Temburwar <[email protected]> * Update Readmes and TPM lib installation scripts Signed-off-by: Shrikant Temburwar <[email protected]> * Added OpenSSL and Curl path in Jenkinsfile.yml Signed-off-by: Shrikant Temburwar <[email protected]> * Readme update Signed-off-by: Shrikant Temburwar <[email protected]> --------- Signed-off-by: tajnisha <[email protected]> Signed-off-by: Shrikant Temburwar <[email protected]> Signed-off-by: Tajunnisha N <[email protected]> Co-authored-by: tajnisha <[email protected]>
Fix Klockwork scan finding Signed-off-by: Shrikant Temburwar <[email protected]>
…do-device-onboard#229) Update TPM library installation script for RHEL and readme update Signed-off-by: Shrikant Temburwar <[email protected]>
) Signed-off-by: tajnisha <[email protected]>
* Updating NOTICE files for 1.1.5 Release Updating NOTICE files for 1.1.5 Release. Signed-off-by: Davis Benny <[email protected]> * Removing additional NOTICE file Signed-off-by: Davis Benny <[email protected]> --------- Signed-off-by: Davis Benny <[email protected]>
Signed-off-by: Peeush Thakur <[email protected]> Co-authored-by: KiranSukhavasi <[email protected]>
* Enable SNI based on compile option. SNI support is added in this patch to handle a cutomer request. * Removed extra logs and updated SNI in Readme. checking tls support for sni. --------- Signed-off-by: Tajunnisha N <[email protected]>
Multiple curl_easy_cleanup performed without respective curl_easy_init that caused seg fault. That is fixed by invoked the init call at appropriate place inside the loop in resolve_dn. Signed-off-by: tajnisha <[email protected]> Co-authored-by: Shrikant Temburwar <[email protected]>
When curl is not installed in system path and only at custom path, TO1 fails with hosted RV. Root cause: This is because of http2 is selected during negotiation with hosted RV and currently our CSDK implementation does not support it. Fix: Configure Client to use http 1.1 with curl Signed-off-by: tajnisha <[email protected]> Co-authored-by: KiranSukhavasi <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]> Co-authored-by: KiranSukhavasi <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
* Refactor and format CSDK code based on the parameters in .clang-format file * Enable unit tests execution while performing smoke testt * Revert manufacturer_addr.bin back to host.docker.internal --------- Signed-off-by: Shrikant Temburwar <[email protected]>
…vice-onboard#239) * Fix connection issue when providing invalid DNS and valid IP * Enable SNI by default * Formatting the code Signed-off-by: Shrikant Temburwar <[email protected]>
) Older network APIs were using sockets for communication and supported only HTTP1.1 connection. Remove socket dependency and move to Curl APIs for network communication. Signed-off-by: Shrikant Temburwar <[email protected]>
…ript (fido-device-onboard#243) - Add --with-nghttp2 flag to build curl to support HTTP2 - Fix memory leak caused by curl_slist_append() Signed-off-by: Shrikant Temburwar <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
Signed-off-by: adarshanand67 <[email protected]> Co-authored-by: Shrikant Temburwar <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
Onboarding of device was failing with SVI [exec, exec_cb and fetch] because of returning invalid value. Fixed SVI by returning correct value. Signed-off-by: Shrikant Temburwar <[email protected]>
Make SNI=true as default Signed-off-by: Shrikant Temburwar <[email protected]>
* Github workflow for client-sdk-fidoiot` * Add smoke test to client-sdk-fidoiot * Download pri-fidoiot artifacts from fido-device-onboard org Signed-off-by: B, Prashanth Natraj <[email protected]>
Signed-off-by: adarsh-intel <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
) * Remove file extension check for SVI instruction SVI instruction was failing when provided with tar files. Remove file extension check for exec, exec_cb, and fetch commands. * Update execv to execvp to fetch command path from PATH environment Signed-off-by: Shrikant Temburwar <[email protected]>
* Fixing OpenSSL Deprecation issues * Updated gitignore, uncommented build.sh and removed comments * Uncomment CmakeFile tests and remove commented code * fdoDevSign files modified back Signed-off-by: adarsh-intel <[email protected]> Co-authored-by: Shrikant Temburwar <[email protected]>
* Enable mTLS connection support Enable mutual TLS (mTLS) connection support for mutual authentication. * Add an option to enable curl logs * Update Safestring and Metee lib version tag in Jenkinsfile.yml Signed-off-by: Shrikant Temburwar <[email protected]>
…ce-onboard#256) Update EC point conversion from compressed to uncompressed Signed-off-by: Shrikant Temburwar <[email protected]>
…vice-onboard#257) * Add run time argument to take input for manufacturer address Add "-ip" runtime argument to take input for manufacturer address. If -ip is not specified, the manufacturer_addr.bin file is used. * Add a note about linux-client binary usage Signed-off-by: Shrikant Temburwar <[email protected]>
…onboard#258) * Add support to get device serial from system BIOS table Added support to get device serial from system BIOS table. linux-client required elevated privileges. Use 'sudo' to execute. * Add compile time option to get device serial number from system BIOS table * Update build_conf.md Signed-off-by: Shrikant Temburwar <[email protected]>
* Fix onboarding when using RVByPass with SNI When using RVByPass, prot_ctx->host_dns was pointing to an invalid value after msg 70. Fixed it by copying host_dns value to prot_ctx->host_dns instead of pointing prot_ctx->host_dns to host_dns. * Update logs Signed-off-by: Shrikant Temburwar <[email protected]>
…vice-onboard#260) Signed-off-by: Shrikant Temburwar <[email protected]>
…oard#263) Add input validation in get_device_serial() function Add const to char *cmd Signed-off-by: Shrikant Temburwar <[email protected]>
…-device-onboard#262) * Add a check to ensure the response message type is valid or not. * Update msglen to 0 incase of invalid message type Signed-off-by: Shrikant Temburwar <[email protected]>
… is larger than 1024 bytes (fido-device-onboard#264) Curl automatically sets it when the request is a POST and the data size is larger than 1024 bytes. Requests with the Expect: 100-Continue header have an increased probability of becoming separated from one another, and hence returning with an error. It can be disabled via setting the Expect: header to the empty string. Signed-off-by: Shrikant Temburwar <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
Remove unused variables and change log type Signed-off-by: Shrikant Temburwar <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]> Co-authored-by: KiranSukhavasi <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]> Co-authored-by: KiranSukhavasi <[email protected]>
* Add fdo-sim support for Client-SDK Implement fdo.download and fdo.command fsim modules. * FSIM regression fixes * Remove unused code * Fix Hash calculation when using ECDSA256 * Fix multiple script execution in FSIM --------- Signed-off-by: Shrikant Temburwar <[email protected]> Co-authored-by: KiranSukhavasi <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
) * Add support to store device credentials and device status inside TPM NV storage * Add support to store TPM private keys and device CSR inside TPM NV storage * Add execution logs in clear_tpm_nv.sh * Update TPM code as per specs * Update device key generation according to FDO TPM spec * Update tpm scripts * Add DCActive flag usecase as per FDO TPM spec * - Update DCActive value to bool - Add TPM2_NV_WriteLock/TPM2_NV_ReadLock support - Update readme for FDO TPM usage * Add command to lock the Device CSR Non-Volatile (NV) index for further writes --------- Signed-off-by: Shrikant Temburwar <[email protected]>
…e from device to owner (fido-device-onboard#272) * Add support to send fdo.download:done message from device to owner fdo.download:done message indicates that the download has completed, returns the length of the target file. Value of -1 indicates the sha-384 check failed, or other file write error * Fix memory leaks * * Add support to send fdo.command:exitcode message from device to owner * Fix FDO_SIM to work with FDO_SYS --------- Signed-off-by: Shrikant Temburwar <[email protected]> Co-authored-by: KiranSukhavasi <[email protected]>
…e-onboard#277) Added this check to fix client CSE. Signed-off-by: Shrikant Temburwar <[email protected]>
…vice-onboard#273) * Fix multiple file download for FSIM fdo.download:done module * Implement a queue to store fdo.download:done messages for multiple file downloads * Implement a queue to store fdo.command.exitcode messages Signed-off-by: Shrikant Temburwar <[email protected]> --------- Signed-off-by: Shrikant Temburwar <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]>
* Update verifying device serial logic * Update get device serial logic * Add a check for empty device serial * Add a note to use sudo to get device serial from system BIOS table --------- Signed-off-by: Shrikant Temburwar <[email protected]>
…vice-onboard#279) Signed-off-by: Shrikant Temburwar <[email protected]> Co-authored-by: Davis Benny <[email protected]>
…nboard#281) Signed-off-by: Shrikant Temburwar <[email protected]>
Signed-off-by: Shrikant Temburwar <[email protected]> Co-authored-by: KiranSukhavasi <[email protected]>
…d#284) Signed-off-by: Shrikant Temburwar <[email protected]>
fido-device-onboard#287) * Added support for sending device MAC addresses as part of Device Mfg Info * Fix CSE build * Update CSE code to send empty MAC address as part of DeviceMfgInfo * Fix invalid blob entry for CSE build Signed-off-by: Shrikant Temburwar <[email protected]>
…vice-onboard#288) * Update install_tpm_libs.sh script * Update OpenSSL version to v3.0.14 and curl version to v8.8.0 Fix install_tpm_libs.sh script Signed-off-by: Shrikant Temburwar <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.