Merge pull request #79 from cisco/int_2_ext

Int 2 ext
cisco · Jul 6, 2020 · 70824dd · 70824dd
2 parents 0e2d85f + 93c774e
commit 70824dd
Show file tree

Hide file tree

Showing 492 changed files with 101,669 additions and 4,356 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,3 @@
+#openssl CA index file is getting managled 
+#on windows, set it to lf
+index.txt text eol=lf
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,56 @@
+############################
+# Autotools
+###########################
+Makefile
+
+/stamp-h?
+.deps/
+.dirstamp
+.libs/
+/libtool
+/autom4te.cache/
+
+/config.h
+/config.log
+/config.status
+
+############################
+# Generated est_config.h file
+############################
+/est_config.h
+/version
+
+############################
+# Compiled obj files
+############################
+*.lo
+*.o
+
+############################
+# Compiled dynamic libraries
+############################
+*.so
+
+############################
+# Compiled static libraries
+############################
+*.la
+*.a
+
+
+############################
+# Project executables
+############################
+/example/client-simple/estclient_simple
+/example/client/estclient
+/example/proxy/estproxy
+/example/server/estserver
+/example/server/estCA
+/example/server/extCA
+/test/UT/runtest
+/test/DT/runtest
+
+############################
+# Python generated files
+############################
+*.pyc
diff --git a/AUTHORS b/AUTHORS
@@ -1,4 +1,6 @@
 John Foley, Cisco Systems
 Pete Beal, Cisco Systems
 Barry Fussell, Cisco Systems
-Max Pritikin, Cisco Systems
+Ryan Granger, Cisco Systems
+John Manuel, Cisco Systems
+Alex Harrison, Cisco Systems
diff --git a/COPYING b/COPYING
@@ -59,7 +59,7 @@ OF THE POSSIBILITY OF SUCH DAMAGE.
 ******************************************************************************
 * libcurl license
 *
-* CiscoEST uses RFC 6125 FQDN logic from libcurl
+* LibEST uses RFC 6125 FQDN logic from libcurl
 ******************************************************************************
 COPYRIGHT AND PERMISSION NOTICE
 
@@ -88,7 +88,7 @@ in this Software without prior written authorization of the copyright holder.
 ******************************************************************************
 * libwww license
 *
-* CiscoEST uses HTTP header parsing logic from libwww
+* LibEST uses HTTP header parsing logic from libwww
 ******************************************************************************
 libwww: W3C's implementation of HTTP can be found at: http://www.w3.org/Library/
 

diff --git a/Makefile.am b/Makefile.am
@@ -1,4 +1,9 @@
 ACLOCAL_AMFLAGS = -I m4
 
-SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/server example/proxy
-EXTRA_DIST = autogen.sh example/util LICENSE  $(srcdir)/build.gradle $(srcdir)/example/build_examples.gradle
+if ENABLE_CLIENT_ONLY 
+SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/client-brski
+else 
+SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/server example/proxy example/client-brski
+endif
+
+EXTRA_DIST = autogen.sh example/util LICENSE README.brski $(srcdir)/build.gradle $(srcdir)/example/build_examples.gradle
diff --git a/Makefile.in b/Makefile.in
@@ -157,7 +157,9 @@ am__define_uniq_tagged_files = \
 ETAGS = etags
 CTAGS = ctags
 CSCOPE = cscope
-DIST_SUBDIRS = $(SUBDIRS)
+DIST_SUBDIRS = safe_c_stub src java/jni example/client \
+	example/client-simple example/server example/proxy \
+	example/client-brski
 am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/version.in \
 	$(top_srcdir)/config/compile $(top_srcdir)/config/config.guess \
 	$(top_srcdir)/config/config.sub \
@@ -332,8 +334,9 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 ACLOCAL_AMFLAGS = -I m4
-SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/server example/proxy
-EXTRA_DIST = autogen.sh example/util LICENSE  $(srcdir)/build.gradle $(srcdir)/example/build_examples.gradle
+@ENABLE_CLIENT_ONLY_FALSE@SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/server example/proxy example/client-brski
+@ENABLE_CLIENT_ONLY_TRUE@SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/client-brski
+EXTRA_DIST = autogen.sh example/util LICENSE README.brski $(srcdir)/build.gradle $(srcdir)/example/build_examples.gradle
 all: all-recursive
 
 .SUFFIXES:

diff --git a/README b/README
@@ -22,6 +22,12 @@ Getting started
     the sample EST client.  There is a README in this directory
     with detailed instructions.
 
+For further detailed instructions, build the reference manual PDF for
+libEST and refer to it.  Steps to build the reference manual are in 
+README.doxy
+
+
+
 Getting started - Windows
 --------------------------
 libEST can be built natively on Windows, but only client
@@ -69,8 +75,8 @@ build an EST dll with Gradle:
 
 Cross-compiling
 ---------------
-libEST has been cross-compiled for Android, but no testing
-has been performed.  Follow these steps to compile using the 
+It has been quite a while, but libEST has been cross-compiled for Android, 
+but no testing has been performed.  Follow these steps to compile using the 
 Android NDK:
 
 1.  Compile and install OpenSSL for Android.  See OpenSSL docs

diff --git a/README.brski b/README.brski
@@ -0,0 +1,115 @@
+
+The BRSKI support in LibEST is a work in progress.  The functionality that's
+implemented does not yet address every aspect of the BRSKI draft and voucher
+profile draft.  In addition, both drafts are continuing to be refined and this
+code will necessarily fall behind the latest versions of the draft as they
+continue to evolve.  This first pass of functionality is implemented to
+version 7 of the BRSKI draft and version 5 of the voucher profile draft.
+
+The BRSKI support is not yet integrated into the full functionality of libest.
+The first phase of support is to add BRSKI pledge support only into EST client
+mode.  There is currently no official support for the BRSKI based primitives
+in EST server or proxy modes of operation.  However, in order to test the
+BRSKI pledge support there does contain experimental functionality in the EST
+server mode to address the BRSKI primitives.
+
+The following work items are currently being worked on and will be made
+available as they are completed,
+
+- Uplift to the lasted version of the BRSKI draft and Voucher profile draft
+- Support for provisional TLS connections
+- Support for signed voucher requests and vouchers
+- Support for mfg credentials in the example applications
+- Support for unprintable ASCII characters in JSON based payloads
+- Support for Registrar Discovery
+
+Current BRSKI Pledge Assumptions
+================================
+
+1. The BRSKI pledge support is integrated into libest and is therefore
+dependent upon OpenSSL and assumes that OpenSSL is available for use.
+
+2. The BRSKI pledge support assumes that a valid realtime clock is available
+in the system, specifically through the use of the Linux time() function.
+
+Building libest
+=================
+
+The following steps are used to build and use the current BRSKI support in
+libest,
+
+1. At a minimum, libest requires OpenSSL.  It's best to get the latest
+OpenSSL, build and install it, and use it in the building of libest.
+
+2. The BRSKI support is conditioned off a compile time flag.  This flag is set
+by adding '--enable-brski' on the configure statement.
+
+./configure --prefix=<intended location of private install of libest> \
+            --with-ssl-dir=<location of installation of OpenSSL> \
+            --enable-brski
+
+3. libest can be conditionally compiled to only include the client side
+functionality.  This is enabled by adding '--enable-client-only' on the
+configure command.  The name of the library that is created changes from
+libest.so to libest_client.so to differentiate it from the full function
+libest library.
+
+Running libest's BRSKI support
+================================
+
+libest is a library and is not a standalone executable.  That being said,
+there are simple example applications that utilize the libest APIs.  Two of
+these applications have been enhanced to make use of the BRSKI APIs,
+estclient_brski and estserver.  estclient_brski is a new example application
+based on the estclient_simple application.
+
+1. It helps to set up the following in the environment before invoking the 
+estserver example application,
+
+export EST_DIR=<path to libest installation>
+export OPENSSL_DIR=<path to OpenSSL installation>
+export CURL_DIR=<path to cURL installation (optional)>
+export URIPARSER_DIR=<path to uriparser library installation (optional)>
+export LD_LIBRARY_PATH=$OPENSSL_DIR/lib:$WORKSPACE/src/est/.libs:$URIPARSER_DIR/lib
+export PATH=$OPENSSL_DIR/bin:$PATH
+
+# set up the keys and certs used by the server
+cd example/server
+echo "S" | ./createCA.sh
+
+export EST_TRUSTED_CERTS=./estCA/cacert.crt
+export EST_CACERTS_RESP=./estCA/cacert.crt
+export EST_OPENSSL_CACONFIG=./estExampleCA.cnf
+
+The server example application is started with BRSKI support using the
+following command,
+
+./estserver -p 9231 -c estCA/private/estservercertandkey.pem -k estCA/private/estservercertandkey.pem -r estrealm -v --enable-brski -n
+
+2. The estclient example with BRSKI support is invoked with the following
+commands,
+
+cd ../client-brski/
+
+# Point to the test CA Cert in the server example app
+export EST_OPENSSL_CACERT=../server/estCA/cacert.crt
+
+# Generate a test manufacturing identity for this test node.
+# - First, generate a key pair and a Certificate Signing Request (CSR)
+openssl req -nodes -days 365 -sha256 -newkey rsa:2048 -subj '/CN=www.iotrus.com/O=IOT-R-US, Inc./C=US/ST=NC/L=RTP/serialNumber=IOTRUS-0123456789'  -keyout ./est_client_mfg_privkey.pem -out ./est_client_mfg_csr.pem
+
+# - Then move over to the test CA to get a certificate generated
+cd ..
+cd server
+openssl ca -config ../server/estExampleCA.cnf -in ../client-brski/est_client_mfg_csr.pem -extensions v3_ca -out ../client-brski/est_client_mfg_cert.pem -batch
+cd ..
+cd client-brski/
+
+# - Finally, invoke the estclient test app with the additional BRSKI calls to 
+#   - Issue a voucher request to obtain a voucher
+#   - Send the voucher status
+#   - Issue an EST /simpleenroll to enroll another new key into the domain
+#   - Send the enroll status
+./estclient_brski -s 127.0.0.1 -p 9231 -c est_client_mfg_cert.pem  -k est_client_mfg_privkey.pem 
+
+
diff --git a/README.md b/README.md
diff --git a/build.gradle b/build.gradle
@@ -8,16 +8,16 @@ model {
                 headers.srcDir System.getenv().SSL_DIR + "\\include"
                         binaries.withType(SharedLibraryBinary) {
                     sharedLibraryFile =
-                            file(System.getenv().SSL_DIR + "\\bin\\libeay32.dll")
-                            sharedLibraryLinkFile = file(System.getenv().SSL_DIR + "\\lib\\libeay32.lib")
+                            file(System.getenv().SSL_DIR + "\\bin\\libcrypto-1_1.dll")
+                            sharedLibraryLinkFile = file(System.getenv().SSL_DIR + "\\lib\\libcrypto.lib")
                 }
             }
             libssl {
                 headers.srcDir System.getenv().SSL_DIR + "\\include"
                         binaries.withType(SharedLibraryBinary) {
                     sharedLibraryFile =
-                            file(System.getenv().SSL_DIR + "\\bin\\ssleay32.dll")
-                            sharedLibraryLinkFile = file(System.getenv().SSL_DIR + "\\lib\\ssleay32.lib")
+                            file(System.getenv().SSL_DIR + "\\bin\\libssl-1_1.dll")
+                            sharedLibraryLinkFile = file(System.getenv().SSL_DIR + "\\lib\\libssl.lib")
                 }
             }
             if(file(System.getenv().URIPARSER_DIR +"\\lib\\uriparser.lib").exists()) {
@@ -48,11 +48,8 @@ model {
 model {
     visualStudio {
         projects.all {
-            projectFile.location = "vs/${name}.vcxproj"
-                    filtersFile.location = "vs/${name}.vcxproj.filters"
-        }
-        solutions.all {
-            solutionFile.location = "vs/${name}.sln"
+            projectFile.location = "${name}.vcxproj"
+                    filtersFile.location = "${name}.vcxproj.filters"
         }
     }
 }
@@ -131,11 +128,20 @@ model {
                 cCompiler.define "LIBEST_EXPORTS", "1"
                 cCompiler.define "DISABLE_BACKTRACE"
                 cCompiler.define "__STDC_WANT_SECURE_LIB__" , "0"
-                cCompiler.define "PACKAGE_STRING", "\"libest 2.1.0\""               
+                cCompiler.define "PACKAGE_STRING", "\"libest 2.0.0\""               
                 cCompiler.define "DISABLE_PTHREADS", "1"
                 cCompiler.args "/GS", "/GL", "/analyze-", "/W3", "/Gy", "/Zc:wchar_t", "/Zi", "/Gm-", "/fp:precise", "/errorReport:prompt", "/WX-", "/Zc:forScope", "/Gd", "/Oy-","/Oi","/MD", "/EHsc", "/nologo", "/FS"
                 linker.args "/DYNAMICBASE","/SAFESEH", "/LTCG", "/NXCOMPAT"
             }
         }
     }
 }
+
+task gatherInstall (type: Copy) {
+    from "$buildDir\\libs\\est\\shared\\release\\est.dll", "$buildDir\\libs\\est\\shared\\release\\est.lib"
+    into "$buildDir\\install"
+    from ("$buildDir\\libs\\est\\shared\\release\\") {
+        include "include\\**"
+    }
+    into "$buildDir\\install"
+}