ai-code-review #289
Open
ai-code-review #289
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Update TPM library installation script * Readme updates Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Readme updates * Update TPM lib installation script for RHEL Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Add ECDSA-384 key support for TPM * Add SHA384 HMAC support for TPM * Add AES 256-bit key type for TPM ECDSA 384 Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Fix coverity scan findings Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Openssl 3 porting (fido-device-onboard#194) * CSDK code updated with openssl 3 APIs The deprecated openssl APIs are updated with openssl 3 APIs. Signed-off-by: tajnisha <tajunnisha.n@intel.com> * CSDK updated with openssl 3 APIs Added minor clean-ups on top of original changes. Signed-off-by: tajnisha <tajunnisha.n@intel.com> * Add OpenSSL 3.0 support for CSDK TPM Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Fix memory leaks Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Addressed review comments for openssl 3 csdk changes. Signed-off-by: Tajunnisha N <tajunnisha.n@intel.com> Signed-off-by: tajnisha <tajunnisha.n@intel.com> Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Signed-off-by: Tajunnisha N <tajunnisha.n@intel.com> Co-authored-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Update TPM lib version and installation script Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Updated Readme file for openssl 3 setup steps Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Readme updates Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Update Readme and installation scripts Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Readme and script updates Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * * Readme update * Added OpenSSL and Curl path to /opt/ by default in the openssl and tpm lib installation script * Updated unit tests for OpenSSL 3 Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Update Readmes and TPM lib installation scripts Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Added OpenSSL and Curl path in Jenkinsfile.yml Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> * Readme update Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> --------- Signed-off-by: tajnisha <tajunnisha.n@intel.com> Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Signed-off-by: Tajunnisha N <tajunnisha.n@intel.com> Co-authored-by: tajnisha <tajunnisha.n@intel.com>
Fix Klockwork scan finding Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…do-device-onboard#229) Update TPM library installation script for RHEL and readme update Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Updating NOTICE files for 1.1.5 Release Updating NOTICE files for 1.1.5 Release. Signed-off-by: Davis Benny <davis.benny@intel.com> * Removing additional NOTICE file Signed-off-by: Davis Benny <davis.benny@intel.com> --------- Signed-off-by: Davis Benny <davis.benny@intel.com>
Signed-off-by: Peeush Thakur <peeush.thakur@intel.com> Co-authored-by: KiranSukhavasi <kiran.sukhavasi@intel.com>
* Enable SNI based on compile option. SNI support is added in this patch to handle a cutomer request. * Removed extra logs and updated SNI in Readme. checking tls support for sni. --------- Signed-off-by: Tajunnisha N <tajunnisha.n@intel.com>
Multiple curl_easy_cleanup performed without respective curl_easy_init that caused seg fault. That is fixed by invoked the init call at appropriate place inside the loop in resolve_dn. Signed-off-by: tajnisha <tajunnisha.n@intel.com> Co-authored-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
When curl is not installed in system path and only at custom path, TO1 fails with hosted RV. Root cause: This is because of http2 is selected during negotiation with hosted RV and currently our CSDK implementation does not support it. Fix: Configure Client to use http 1.1 with curl Signed-off-by: tajnisha <tajunnisha.n@intel.com> Co-authored-by: KiranSukhavasi <kiran.sukhavasi@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Co-authored-by: KiranSukhavasi <kiran.sukhavasi@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Refactor and format CSDK code based on the parameters in .clang-format file * Enable unit tests execution while performing smoke testt * Revert manufacturer_addr.bin back to host.docker.internal --------- Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…vice-onboard#239) * Fix connection issue when providing invalid DNS and valid IP * Enable SNI by default * Formatting the code Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…ript (fido-device-onboard#243) - Add --with-nghttp2 flag to build curl to support HTTP2 - Fix memory leak caused by curl_slist_append() Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: adarshanand67 <adarsh.anand.20031@iitgoa.ac.in> Co-authored-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Onboarding of device was failing with SVI [exec, exec_cb and fetch] because of returning invalid value. Fixed SVI by returning correct value. Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Make SNI=true as default Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Github workflow for client-sdk-fidoiot` * Add smoke test to client-sdk-fidoiot * Download pri-fidoiot artifacts from fido-device-onboard org Signed-off-by: B, Prashanth Natraj <Prashanth.Natraj.B@intel.com>
Signed-off-by: adarsh-intel <adarsh.anand@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
) * Remove file extension check for SVI instruction SVI instruction was failing when provided with tar files. Remove file extension check for exec, exec_cb, and fetch commands. * Update execv to execvp to fetch command path from PATH environment Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Fixing OpenSSL Deprecation issues * Updated gitignore, uncommented build.sh and removed comments * Uncomment CmakeFile tests and remove commented code * fdoDevSign files modified back Signed-off-by: adarsh-intel <adarsh.anand@intel.com> Co-authored-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Enable mTLS connection support Enable mutual TLS (mTLS) connection support for mutual authentication. * Add an option to enable curl logs * Update Safestring and Metee lib version tag in Jenkinsfile.yml Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…ce-onboard#256) Update EC point conversion from compressed to uncompressed Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…vice-onboard#257) * Add run time argument to take input for manufacturer address Add "-ip" runtime argument to take input for manufacturer address. If -ip is not specified, the manufacturer_addr.bin file is used. * Add a note about linux-client binary usage Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…onboard#258) * Add support to get device serial from system BIOS table Added support to get device serial from system BIOS table. linux-client required elevated privileges. Use 'sudo' to execute. * Add compile time option to get device serial number from system BIOS table * Update build_conf.md Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Fix onboarding when using RVByPass with SNI When using RVByPass, prot_ctx->host_dns was pointing to an invalid value after msg 70. Fixed it by copying host_dns value to prot_ctx->host_dns instead of pointing prot_ctx->host_dns to host_dns. * Update logs Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…vice-onboard#260) Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…oard#263) Add input validation in get_device_serial() function Add const to char *cmd Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…-device-onboard#262) * Add a check to ensure the response message type is valid or not. * Update msglen to 0 incase of invalid message type Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
… is larger than 1024 bytes (fido-device-onboard#264) Curl automatically sets it when the request is a POST and the data size is larger than 1024 bytes. Requests with the Expect: 100-Continue header have an increased probability of becoming separated from one another, and hence returning with an error. It can be disabled via setting the Expect: header to the empty string. Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Remove unused variables and change log type Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Co-authored-by: KiranSukhavasi <kiran.sukhavasi@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Co-authored-by: KiranSukhavasi <kiran.sukhavasi@intel.com>
* Add fdo-sim support for Client-SDK Implement fdo.download and fdo.command fsim modules. * FSIM regression fixes * Remove unused code * Fix Hash calculation when using ECDSA256 * Fix multiple script execution in FSIM --------- Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Co-authored-by: KiranSukhavasi <kiran.sukhavasi@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
) * Add support to store device credentials and device status inside TPM NV storage * Add support to store TPM private keys and device CSR inside TPM NV storage * Add execution logs in clear_tpm_nv.sh * Update TPM code as per specs * Update device key generation according to FDO TPM spec * Update tpm scripts * Add DCActive flag usecase as per FDO TPM spec * - Update DCActive value to bool - Add TPM2_NV_WriteLock/TPM2_NV_ReadLock support - Update readme for FDO TPM usage * Add command to lock the Device CSR Non-Volatile (NV) index for further writes --------- Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…e from device to owner (fido-device-onboard#272) * Add support to send fdo.download:done message from device to owner fdo.download:done message indicates that the download has completed, returns the length of the target file. Value of -1 indicates the sha-384 check failed, or other file write error * Fix memory leaks * * Add support to send fdo.command:exitcode message from device to owner * Fix FDO_SIM to work with FDO_SYS --------- Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Co-authored-by: KiranSukhavasi <kiran.sukhavasi@intel.com>
…e-onboard#277) Added this check to fix client CSE. Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…vice-onboard#273) * Fix multiple file download for FSIM fdo.download:done module * Implement a queue to store fdo.download:done messages for multiple file downloads * Implement a queue to store fdo.command.exitcode messages Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> --------- Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
* Update verifying device serial logic * Update get device serial logic * Add a check for empty device serial * Add a note to use sudo to get device serial from system BIOS table --------- Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…vice-onboard#279) Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Co-authored-by: Davis Benny <davis.benny@intel.com>
…nboard#281) Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com> Co-authored-by: KiranSukhavasi <kiran.sukhavasi@intel.com>
…d#284) Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
fido-device-onboard#287) * Added support for sending device MAC addresses as part of Device Mfg Info * Fix CSE build * Update CSE code to send empty MAC address as part of DeviceMfgInfo * Fix invalid blob entry for CSE build Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
…vice-onboard#288) * Update install_tpm_libs.sh script * Update OpenSSL version to v3.0.14 and curl version to v8.8.0 Fix install_tpm_libs.sh script Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.