fido-device-onboard · KiranSukhavasi · Mar 17, 2023 · Mar 20, 2023 · Mar 27, 2023 · Apr 18, 2023
diff --git a/.github/Dockerfile b/.github/Dockerfile
@@ -0,0 +1,71 @@
+FROM ubuntu:22.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update -y && apt-get upgrade -y && apt-get install -y \
+  git \
+  build-essential \
+  cmake \
+  libxml2-dev \
+  uuid-dev \
+  libcurl4-openssl-dev \
+  openssl \
+  libssl-dev \
+  wget \
+  bsdmainutils \
+  unzip \
+  libglib2.0-dev \
+  xxd \
+  nghttp2 \
+  libnghttp2-dev \
+  ruby
+
+RUN mkdir build_dir
+
+# Build & Install Curl version 8.1.2
+WORKDIR /build_dir/
+RUN wget https://curl.se/download/curl-8.1.2.tar.gz -O - | tar -xz && cd curl-8.1.2 && \
+./configure --with-openssl --enable-versioned-symbols --with-nghttp2 && make && make install
+
+# Setup safestring
+WORKDIR /build_dir
+RUN git clone -b v1.2.0 --progress --verbose https://github.com/intel/safestringlib.git safestring
+ENV SAFESTRING_ROOT /build_dir/safestring
+WORKDIR ${SAFESTRING_ROOT}
+RUN mkdir obj && make
+
+# Setup tinycbor
+WORKDIR /build_dir
+RUN git clone -b v0.6.0 --progress --verbose https://github.com/intel/tinycbor.git tinycbor
+ENV TINYCBOR_ROOT /build_dir/tinycbor
+WORKDIR ${TINYCBOR_ROOT}
+RUN make
+
+# Setup metee
+WORKDIR /build_dir
+RUN git clone --progress --verbose https://github.com/intel/metee.git metee
+ENV METEE_ROOT /build_dir/metee
+WORKDIR ${METEE_ROOT}
+RUN cmake . && make && make install
+
+ENV OPENSSL3_ROOT /usr
+ENV CURL_ROOT /usr
+
+# Setup client-sdk-fidoiot.
+# clone client-sdk-fidoiot to the current Dockerfile directory
+WORKDIR /build_dir/
+RUN mkdir /cse-fdoout
+WORKDIR /build_dir/cse-fdoout/
+RUN mkdir /client-sdk 
+WORKDIR /build_dir/fdoout/client-sdk/
+COPY . .
+
+# Install tpm libraries
+RUN grep -rl '/opt/openssl' ./ | xargs sed -i 's/\/opt\/openssl/\/usr/g'
+RUN grep -rl '/opt/curl' ./ | xargs sed -i 's/\/opt\/curl/\/usr/g'
+RUN sed -i 's/lib64/lib\/x86_64-linux-gnu/' utils/install_tpm_libs.sh
+RUN sed -i 's/==/-eq/' utils/tpm_make_ready_ecdsa.sh
+RUN sh utils/install_tpm_libs.sh -i
+
+
+CMD ["bash", "build.sh"]
diff --git a/.github/workflows/ai-review-cache.yaml b/.github/workflows/ai-review-cache.yaml
@@ -0,0 +1,89 @@
+name: "AI Reviewer Cache"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+    # TODO: Update with the repos trunk branch.
+      - "client-sdk-fidoiot-ai-code-review"
+
+jobs:
+  generate-cache:
+    name: Generate AI Cache
+    container: amr-registry.caas.intel.com/devops-ai-platform/gasp-oidc:0.0.4
+    # TODO: Update'runs-on' to specify the type of runner your repo uses.
+    # If using GASP, do not add additional labels. Use ONLY "gasp".
+    runs-on: gasp
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+      id-token: write
+
+    steps:
+    # Login using OIDC Auth
+    - name: Authenticate
+      uses: azure/login@v1
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+    # Get a temporary access token. Expires in 5-60 minutes.
+    - name: Retrieve Access Token
+      id: auth
+      run: |
+        export output=$(az account get-access-token --resource https://cognitiveservices.azure.com --query \"accessToken\" -o tsv);
+        echo "result=$output" >> $GITHUB_OUTPUT;
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Cache embeddings
+      id: cache-embeddings
+      uses: actions/cache@v4
+      env:
+        cache-name: cache-embeddings
+      with:
+        path: ./cache
+        key: ${{ env.cache-name }}-${{ github.run_id }}
+        restore-keys: ${{ env.cache-name }}
+
+    - name: Create Document Embeddings
+      uses: intel-innersource/frameworks.devops.ai-devops-platform.embedding-action@v3
+      env:
+        no_proxy: "*.azure.com"
+      with:
+        name: documentation_lookup
+        description: Used to answer questions about documentation.
+        service_model: embedding
+        service_token: bearer ${{ steps.auth.outputs.result }}
+        # TODO: Update 'file_types' with the code file extensions to parse. *Note it is a newline delimited list.
+        file_types: |
+          .md
+        # TODO: Update 'languages' to include the languages in the repository. *Note it is a newline delimited list.
+        # Supports the following values: 'cpp', 'go', 'java', 'js', 'php', 'proto', 'python', 'rst', 'ruby', 'rust', 'scala', 'swift', 'markdown', 'latex', 'html'
+        languages: |
+          markdown
+        # TODO: Update 'path' to represent the top level path where code files are found.
+        path: ./src
+        cache_path: ./cache
+
+    - name: Create Code Embeddings
+      uses: intel-innersource/frameworks.devops.ai-devops-platform.embedding-action@v3
+      env:
+        no_proxy: "*.azure.com"
+      with:
+        name: code_lookup
+        description: Used to get additional context for code.
+        service_model: embedding
+        service_token: bearer ${{ steps.auth.outputs.result }}
+        # TODO: Update 'file_types' with the code file extensions to parse. *Note it is a newline delimited list.
+        file_types: |
+          .ts
+        # TODO: Update 'languages' to include the languages in the repository. *Note it is a newline delimited list.
+        # Supports the following values: 'cpp', 'go', 'java', 'js', 'php', 'proto', 'python', 'rst', 'ruby', 'rust', 'scala', 'swift', 'markdown', 'latex', 'html'
+        languages: |
+          js
+        # TODO: Update 'path' to represent the top level path where code files are found.
+        path: ./src
+        cache_path: ./cache
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -0,0 +1,78 @@
+name: client-sdk-fidoiot-build
+on:
+  workflow_dispatch:
+  push:
+    branches: [master, '*rel']
+  pull_request:
+    branches: [master, '*rel']
+permissions:
+  contents: read
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: scm checkout
+        uses: actions/checkout@v3
+      - name: Build docker image
+        run: docker build -t client-sdk -f '.github/Dockerfile' .
+      - name: run Docker container
+        run: docker run -v $PWD:/build_dir/fdoout/client-sdk/ client-sdk:latest
+      - name: tar client-sdk binaries
+        run: |
+          mkdir client-sdk-binaries && cd client-sdk-binaries
+          cp -r ../x86_ecdsa* ../tpm_ecdsa* ../cse_ecdsa* .
+          mkdir utils
+          cp ../utils/tpm_make_ready_ecdsa.sh ../utils/install_tpm_libs*.sh ../utils/keys_gen.sh utils/
+          cd .. && tar -cvzf client-sdk-binaries.tar.gz client-sdk-binaries
+      - name: checkout test-fidoiot
+        uses: actions/checkout@v3
+        with:
+          repository: fido-device-onboard/test-fidoiot
+          ref: master
+          path: test-fidoiot
+      - name: Download pri-fidoiot artifact
+        id: download-artifact
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          name: demo.tar.gz
+          repo: fido-device-onboard/pri-fidoiot
+          workflow: main.yaml
+          path: test-fidoiot/binaries/pri-fidoiot/
+          search_artifacts: true
+      - name: Add host to /etc/hosts
+        run: |
+          sudo echo "127.0.0.1 host.docker.internal" | sudo tee -a /etc/hosts
+      - name: Smoke Test
+        run : |
+          mkdir -p test-fidoiot/binaries/client-sdk-fidoiot
+          tar -xvzf test-fidoiot/binaries/pri-fidoiot/demo.tar.gz
+          cp -r demo/* test-fidoiot/binaries/pri-fidoiot/
+          cp x86_ecdsa256_gcm_bin/linux-client test-fidoiot/binaries/client-sdk-fidoiot/
+          cp -r x86_ecdsa256_gcm_bin/data test-fidoiot/
+          bash utils/install_openssl_curl.sh -i -v 3.0.8
+          bash utils/keys_gen.sh test-fidoiot
+          cd test-fidoiot/binaries/pri-fidoiot/scripts
+          bash demo_ca.sh
+          bash web_csr_req.sh
+          bash user_csr_req.sh
+          bash keys_gen.sh
+          chmod -R 777 secrets/
+          cp -r service.env secrets/ ../aio/
+          cp -r secrets/ ../db/
+          sed -i '/<security-constraint>/,/<.security-constraint>/d' ../aio/WEB-INF/web.xml
+          sed -i '/^innodb/d' ../db/custom/config-file.cnf
+          cd ${{ github.workspace }}/test-fidoiot/data
+          sed -i 's/8039/8080/g' manufacturer_addr.bin
+          cd ${{ github.workspace }}/test-fidoiot
+          export TEST_DIR=`pwd`
+          mvn clean test -Dgroups=fdo_clientsdk_smoketest
+      - name: archive artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: client-sdk-binaries.tar.gz
+          path: client-sdk-binaries.tar.gz
+          retention-days: 5
+        if: github.event_name != 'pull_request'
+
+
+
diff --git a/.gitignore b/.gitignore
@@ -12,6 +12,12 @@
 *.so
 *.so.*
 *.a
+*.blob
+*.bin
+*.pem
+*.dat
+*.ctx
+*.key
 
 # Packages #
 ############
@@ -51,6 +57,7 @@ Thumbs.db
 ###############
 CMakeCache.txt
 CMakeFiles
+Makefile
 CMakeScripts
 cmake_install.cmake
 install_manifest.txt
@@ -92,6 +99,7 @@ buildNumber.properties
 .metadata
 *.iml
 *.ipr
+.vscode
 
 # Visual Studio files #
 #######################

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -16,6 +16,13 @@ include(cmake/cli_input.cmake)
 include(cmake/extension.cmake)
 include(cmake/blob_path.cmake)
 
+if (NOT(DEFINED ENV{OPENSSL3_ROOT}))
+  message(FATAL_ERROR "OPENSSL3_ROOT not set")
+endif()
+
+if (NOT(DEFINED ENV{CURL_ROOT}))
+  message(FATAL_ERROR "CURL_ROOT not set")
+endif()
 
 if (NOT(DEFINED ENV{SAFESTRING_ROOT}))
   message(FATAL_ERROR "SAFESTRING_ROOT not set")
@@ -43,7 +50,6 @@ client_sdk_compile_options(
   -Wswitch-default
   -Wunused-parameter
   -Wsign-compare
-  -Wno-deprecated-declarations
   -Wpedantic
   -Werror
   -Wimplicit-function-declaration
@@ -71,6 +77,8 @@ client_sdk_compile_options(
 if(${TARGET_OS} MATCHES linux)
 # Safestring lib
 client_sdk_include_directories(
+  $ENV{OPENSSL3_ROOT}/include
+  $ENV{CURL_ROOT}/include
   $ENV{SAFESTRING_ROOT}/include
   $ENV{TINYCBOR_ROOT}/src
   include
@@ -121,11 +129,14 @@ if(${TARGET_OS} MATCHES linux)
     -L$ENV{TINYCBOR_ROOT}/lib/
     -l:libtinycbor.a
     -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now
+    -L$ENV{CURL_ROOT}/lib
     -lcurl
     )
 
   if (${TLS} STREQUAL openssl)
     client_sdk_ld_options(
+      -L$ENV{OPENSSL3_ROOT}/lib64
+      -L$ENV{OPENSSL3_ROOT}/lib
       -Wl,--no-whole-archive -lssl -lcrypto -ldl
       )
   elseif(${TLS} MATCHES mbedtls)

diff --git a/Jenkinsfile.yml b/Jenkinsfile.yml
@@ -3,17 +3,15 @@ node('ccode'){
         'REPO_Safestring=https://github.com/intel/safestringlib.git',
         'REPO_TinyCBOR=https://github.com/intel/tinycbor.git',
         'REPO_METEE=https://github.com/intel/metee.git',
-        "TEST_DIR=${WORKSPACE}/test-fidoiot",
-        "MANUFACTURER_DB_CONNECT_STRING=jdbc:mariadb://127.0.0.1:3306/sdo",
-        "RESELLER_DB_CONNECT_STRING=jdbc:mariadb://127.0.0.1:4306/sdo"
+        "TEST_DIR=${WORKSPACE}/test-fidoiot"
       ])
   {
     stage('Clone Client-SDK'){
       cleanWs()
       dir('client-sdk'){
         checkout scm
       }
-      sh 'git clone "${REPO_Safestring}"'
+      sh 'git clone -b v1.2.0 "${REPO_Safestring}"'
       sh 'git clone "${REPO_TinyCBOR}"'
       sh 'git clone "${REPO_METEE}"'
       }
@@ -22,6 +20,7 @@ node('ccode'){
       sh '''
         cd $WORKSPACE/safestringlib
         echo 'Building safestring'
+        git checkout v1.2.0
         mkdir obj
         make
       '''
@@ -31,7 +30,7 @@ node('ccode'){
       sh '''
         cd $WORKSPACE/tinycbor
         echo 'Building TinyCBOR'
-        git checkout v0.5.3
+        git checkout v0.6.0
         make
       '''
     }
@@ -40,6 +39,7 @@ node('ccode'){
       sh '''
         cd $WORKSPACE/metee
         echo 'Building METEE'
+        git checkout 3.2.3
         cmake .
         make -j$(nproc)
         sudo make install
@@ -54,8 +54,12 @@ node('ccode'){
         echo $TINYCBOR_ROOT
         export METEE_ROOT=$WORKSPACE/metee
         echo $METEE_ROOT
+        export OPENSSL3_ROOT=/opt/openssl
+        echo $OPENSSL3_ROOT
+        export CURL_ROOT=/opt/curl
+        echo $CURL_ROOT
         cd $WORKSPACE/client-sdk
-        $WORKSPACE/client-sdk/build.sh -s
+        $WORKSPACE/client-sdk/build.sh
         mkdir client-sdk-binaries
         cd client-sdk-binaries
         cp -r ../x86_ecdsa256_gcm_bin .
@@ -64,6 +68,8 @@ node('ccode'){
         cp -r ../x86_ecdsa384_ccm_bin .
         cp -r ../tpm_ecdsa256_gcm_bin .
         cp -r ../tpm_ecdsa256_ccm_bin .
+        cp -r ../tpm_ecdsa384_gcm_bin .
+        cp -r ../tpm_ecdsa384_ccm_bin .
         cp -r ../cse_ecdsa384_gcm_bin .
         cp -r ../cse_ecdsa384_ccm_bin .
         mkdir utils
@@ -150,4 +156,4 @@ node('ccode'){
 
     cleanWs cleanWhenFailure: false, cleanWhenNotBuilt: false, notFailBuild: true
   }
-}
+}