From patchwork Fri Feb 24 21:15:06 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matt Wood <mattwood2000@gmail.com>
X-Patchwork-Id: 1747700
Return-Path: <swupdate+bncBCCPRAGRUUCBBXGR4SPQMGQE4UXLXAI@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2607:f8b0:4864:20::113e; helo=mail-yw1-x113e.google.com;
 envelope-from=swupdate+bncbccpragruucbbxgr4spqmgqe4uxlxai@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20210112 header.b=AQEMu1Fx;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20210112 header.b=XG7wam29;
	dkim-atps=neutral
Received: from mail-yw1-x113e.google.com (mail-yw1-x113e.google.com
 [IPv6:2607:f8b0:4864:20::113e])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4PNjN03jhCz240k
	for <incoming@patchwork.ozlabs.org>; Sat, 25 Feb 2023 08:15:10 +1100 (AEDT)
Received: by mail-yw1-x113e.google.com with SMTP id
 00721157ae682-538116920c3sf8751637b3.15
        for <incoming@patchwork.ozlabs.org>;
 Fri, 24 Feb 2023 13:15:10 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1677273308; cv=pass;
        d=google.com; s=arc-20160816;
        b=ZY5dglbumcZo1hSRJ2tJnAdETBJ0wcYcDnfOTUH9d6twK5F5K0XEurY2CuRog9r2FL
         dA9a7qDe8dF0U+ot0EUmNc39dZ9cv3DVSFuz62hrlOWgIwM6qNhIeotgMJVjmnPGbjaG
         XJjVqt2r54K9emm1k/G85nGgZfe55xY70EOjGub1Tj8vxVVMfx8iWjMZzgkDwDlvjmi7
         wokpqJOYbh+wrX9kR0XE9FAarq5ZkBdrbbFvmFyAtmgs2W5ipUEyFJ6s+2VFbJaiqzyz
         mHI6nTZQ3AjftTQU8C72qnl4sWk09Ca0osTIBYRssCD18E86MypqH2ga4eNqtdoQeTZZ
         iDJw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:subject:from:to:content-language
         :user-agent:mime-version:date:message-id:sender:dkim-signature
         :dkim-signature;
        bh=3IHTKN8RrYsxYtA3kon2J2WnbCH6GWpFo9AmXhTJmoU=;
        b=GDrel7zTSPbSjVUB+2znAa1WSfwdQvLCwdug7yjeWOwmeiOBWALPW5HV2Ijcn19dXt
         6SWn7f0Pjft2seWSmFlAGkYg/sT58FQYOiNCHTzMubciSFs0NBEdTbhEutd7A7jdgFp3
         Y+cNcIpT/uuIKaybGAqoCqDYttC00QrG/8kHsmgfntAw8bJYb8SaZVrSORikVUGHcFUM
         2IxKD7g5IsJV/wKAtZ99tIOMos9XRJuVZvrog7mBJkoeoeJLlOGaT+KCXMaLvVg/xIl+
         Sczwcwax+3K73RhJijzBq4nPzeFYLcYY13/jsGiAV2qQrl2Txscfa7lPBRVIx+Cqujsq
         8PLA==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=fISwxa+6;
       spf=pass (google.com: domain of mattwood2000@gmail.com designates
 2607:f8b0:4864:20::830 as permitted sender)
 smtp.mailfrom=mattwood2000@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20210112;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:subject:from:to:content-language:user-agent
         :mime-version:date:message-id:sender:from:to:cc:subject:date
         :message-id:reply-to;
        bh=3IHTKN8RrYsxYtA3kon2J2WnbCH6GWpFo9AmXhTJmoU=;
        b=AQEMu1FxWjyKcGCtVEshJcyJ60zZSImXLmGojjFlcGoW7ridEH0YCQAw1kSxK7WeFy
         btbdWVsa1CO9sq7tA62wtodXEW/ReLmuJ+sP1ugRn51bozcsjSnaJvUsryD1Oxr9e66F
         Ukll3x3xauFxK7Pa2+m+iwcx9DB911Ru4C+0iKzyjFHOAkcBuq7r7oZXQ/Vl4uG4jRcw
         Cs4glZogvZeHoucJojS2CjtN7UuW3NJSKK5XrfuHw/oDMzx6vBznqL1HAvFrPcAcZrWI
         YPmiaNdl6uupZbvI5hR97YVRnceYIQBBH8ZL48oBy9F1+Db+mwgraCcerRS+cXqLnAQZ
         3VcQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:subject:from:to:content-language:user-agent
         :mime-version:date:message-id:from:to:cc:subject:date:message-id
         :reply-to;
        bh=3IHTKN8RrYsxYtA3kon2J2WnbCH6GWpFo9AmXhTJmoU=;
        b=XG7wam29qSNwFq2TbRKmrk5UAK77+SfqMx4tfO37DgpBsvfAPZX26RfjRYv5mfM8P2
         LjIXTMONCI4V9L/SqyzElyGXoA9i6L1rJCWwvefCFPNDrkqnhTlF3kq7zC/d/ow3cumh
         rUi+ZqoKgLATbgUGkjIae+dvpl60xXd8bxMOZizKswS4H4Bv8FPvpmcW0jaekUgQ9usZ
         iBN4V4otJdX6cULFo4wkM28POpJhq4NWlWpmHbfly2OzbPcRGMHjbNExXnPRG4sRqASY
         eKSlMnDjOQTXB/x67TLnNBM+3ow+NE2HTTlC+BHhYL0QxyN5RZUeZQAQxNZJWdg52b6d
         DaZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence
         :x-original-authentication-results:x-original-sender:subject:from:to
         :content-language:user-agent:mime-version:date:message-id
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=3IHTKN8RrYsxYtA3kon2J2WnbCH6GWpFo9AmXhTJmoU=;
        b=Eiq8g/WrUm4xodaOFWnmAxySe4zBukIXnCo4dhrn/pY1CXmGu7klRpZy6ItUd/WwWu
         EYE0y5V3zE1jF+W3T8gh/Es3pwkSuyNPhdhKSl84LgwAcwP4kUc522d8K/nGMsHthEwT
         b24g0/fflQm3EyYAf2b2eT0lqL5ICgLWMJt0LnO+Zegtn9vpw5Ae3dQYrtiyJY9ZeCNM
         T1rGozyltdxwVA+qJbcqQWxx8FyDwf0EFYCcDWL7nXn9MZEheNHGfmIJy3RAwEu5xJdp
         qW8ngH70TPgYAHqwJ8TtG1xuol9hl/fQ7p1M4dUXf0b84/QjY8av8c3Ar7BQ87E8JJAV
         bNyw==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AO0yUKV0I48uZnCmZ62muegivhgg8Lruru9dchQfO2ZcsKoTVMTac39Z
	97joc5h7LN4Ij3gM9UgkFZM=
X-Google-Smtp-Source: 
 AK7set/xhNpIjIwfehv/tex2s7Hx+JQrEWwbKdW+8KUzOeZVzeBt9Dr8Ejnbhi0xqXlZhfqYcuecRA==
X-Received: by 2002:a05:690c:f03:b0:52e:b74b:1b93 with SMTP id
 dc3-20020a05690c0f0300b0052eb74b1b93mr978080ywb.0.1677273308743;
        Fri, 24 Feb 2023 13:15:08 -0800 (PST)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a25:3d1:0:b0:968:1610:89cd with SMTP id
 200-20020a2503d1000000b00968161089cdls2250835ybd.6.-pod-prod-gmail;
 Fri, 24 Feb 2023 13:15:07 -0800 (PST)
X-Received: by 2002:a25:9cc3:0:b0:90d:68d6:af4b with SMTP id
 z3-20020a259cc3000000b0090d68d6af4bmr15205319ybo.50.1677273307791;
        Fri, 24 Feb 2023 13:15:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1677273307; cv=none;
        d=google.com; s=arc-20160816;
        b=lSJZrbKBwswWCHdCCp8ceoxo4X+KhTbztCz/Xr+Q1Me/j4zB0dL9s8Lw8FVB9HLn8W
         RmMHOwpedVQSRUqMWs3o0sEDPgjjXWJusEe80QrdIW+fGYVxzIsPYSvLRp3B8NHcmv/s
         UOhGwBFRzGiWA5DruKky8eUI+cLPa+LzgimHqrRbCj3jJNEuAEFE93QjNkKnVI6av684
         xE2NHojvIpgZEvbpCh3FW/HaK+w6r8YAnTq2SOZ3xWd3QPE64ocwtlPkGpoNeuQ4tA/7
         wHXz1AnGBGq+nLAmSjUrBwMrjAVJCJCAQrvs8zTWk+kMH0zeGL9ddCJpa+h8bLR6ohad
         7sfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:subject:from:to:content-language
         :user-agent:mime-version:date:message-id:dkim-signature;
        bh=773wpOXT0B5Mp201kkH/t2YzWFRhcl2J2K2TqT8KPPU=;
        b=qZPr3OyjY2/re5ViQcj9LzFELwDUI+i/y37nQFKEZrDbsfFsA+UHxVibg9eQsi9SXE
         yCI+SfwE8rNRt3lbCs8SfcjbCGY24jxMm/bD55TrZJTOV74z9FJZisJqeVUdQ2SU7lpE
         qWgt2T6UKoyj47wtwLQ51ZBWz08M3JLhltDc0Efzduc0wb/09zs7KTed2nToq7HuHaPe
         K4Cn31XAzkqIpcNMDX9kcjzw2t7KpxOMSjXu8xDSda7HoHd9hvWxIcfPEcxBUmHsYuJl
         z2OZ2HUOSfF9Qfx9n4eB/EXDPCUEh6bMnWaQ6WvJq40pkuuQYWvnl/6+wZAVHiD05pul
         WnhA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=fISwxa+6;
       spf=pass (google.com: domain of mattwood2000@gmail.com designates
 2607:f8b0:4864:20::830 as permitted sender)
 smtp.mailfrom=mattwood2000@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com.
 [2607:f8b0:4864:20::830])
        by gmr-mx.google.com with ESMTPS id
 e63-20020a253742000000b00966dfffc287si1118512yba.3.2023.02.24.13.15.07
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 24 Feb 2023 13:15:07 -0800 (PST)
Received-SPF: pass (google.com: domain of mattwood2000@gmail.com designates
 2607:f8b0:4864:20::830 as permitted sender) client-ip=2607:f8b0:4864:20::830;
Received: by mail-qt1-x830.google.com with SMTP id w23so890925qtn.6
        for <swupdate@googlegroups.com>; Fri, 24 Feb 2023 13:15:07 -0800 (PST)
X-Received: by 2002:a05:622a:100b:b0:3b8:5057:3776 with SMTP id
 d11-20020a05622a100b00b003b850573776mr29770149qte.13.1677273307144;
        Fri, 24 Feb 2023 13:15:07 -0800 (PST)
Received: from [192.168.1.205] (pool-71-184-93-9.bstnma.fios.verizon.net.
 [71.184.93.9])
        by smtp.gmail.com with ESMTPSA id
 z22-20020ac87f96000000b003b63dfad2b4sm309138qtj.0.2023.02.24.13.15.06
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 24 Feb 2023 13:15:06 -0800 (PST)
Message-ID: <8f3f7455-3a9d-a47a-4dce-906b5487bb24@gmail.com>
Date: Fri, 24 Feb 2023 16:15:06 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.1
Content-Language: en-US
To: swupdate <swupdate@googlegroups.com>
From: Matt Wood <mattwood2000@gmail.com>
Subject: [swupdate] [PATCH] Add support for downloading delta updates with ssl
X-Original-Sender: mattwood2000@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20210112 header.b=fISwxa+6;       spf=pass
 (google.com: domain of mattwood2000@gmail.com designates
 2607:f8b0:4864:20::830
 as permitted sender) smtp.mailfrom=mattwood2000@gmail.com;       dmarc=pass
 (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

Create an optional delta section in the swupdate config file and
add certificate and key paths to use ssl with the delta downloader.

Signed-off-by: Matt Wood <matt.wood@microchip.com>
---
 examples/configuration/swupdate.cfg | 17 ++++++++++++++++-
 handlers/delta_downloader.c         | 28 ++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg
index d8677a5..4b913f0 100644
--- a/examples/configuration/swupdate.cfg
+++ b/examples/configuration/swupdate.cfg
@@ -165,7 +165,7 @@ identify : (
 #                         (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=private")
 # sslcert		: string
 #			  path of the file containing the certificate for SSL connection or pkcs11 URI
-                          (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert")
+#                          (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert")
 # targettoken	: string
 #			  hawkBit target security token
 # gatewaytoken	: string
@@ -261,3 +261,18 @@ webserver :
 	groupid		= 1000;
 	timeout		= 20;
 };
+
+#
+# delta update section
+#
+# sslkey		: string
+#			  path of the file containing the key for SSL connection or pkcs11 URI
+#                         (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=private")
+# sslcert		: string
+#			  path of the file containing the certificate for SSL connection or pkcs11 URI
+#                          (ex. "pkcs11:model=ATECC608B;token=0ABC;serial=0123456789abcdef;object=device;type=cert")
+delta :
+{
+	sslkey		= "/etc/ssl/sslkey";
+	sslcert		= "/etc/ssl/sslcert";
+};
diff --git a/handlers/delta_downloader.c b/handlers/delta_downloader.c
index 8bd07ac..4f19bb6 100644
--- a/handlers/delta_downloader.c
+++ b/handlers/delta_downloader.c
@@ -33,6 +33,7 @@
 #include <channel_curl.h>
 #include "delta_handler.h"
 #include "delta_process.h"
+#include "parselib.h"
 
 /*
  * Structure used in curl callbacks
@@ -129,6 +130,23 @@ static size_t delta_callback_headers(char *buffer, size_t size, size_t nitems, v
 	return nitems * size;
 }
 
+/* Parse delta ssl options from configuration file */
+static int delta_channel_ssl_settings(void *elem, void *data)
+{
+	channel_data_t *chan = (channel_data_t *)data;
+	char tmp[128];
+
+	GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "sslkey", tmp);
+	if (strlen(tmp))
+		SETSTRING(chan->sslkey, tmp);
+
+	GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "sslcert", tmp);
+	if (strlen(tmp))
+		SETSTRING(chan->sslcert, tmp);
+
+	return 0;
+}
+
 /*
  * Process that is spawned by the handler to download the missing chunks.
  * Downloading should be done in a separate process to not break
@@ -197,6 +215,16 @@ int start_delta_downloader(const char __attribute__ ((__unused__)) *fname,
 		channel_data.range = &req->data[req->urllen + 1];
 		channel_data.user = &priv;
 
+		swupdate_cfg_handle handle;
+		swupdate_cfg_init(&handle);
+
+		/* look in config file for delta ssl options */
+		if (swupdate_cfg_read_file(&handle, fname) == 0) {
+			read_module_settings(&handle, "delta", delta_channel_ssl_settings, &channel_data);
+		}
+
+		swupdate_cfg_destroy(&handle);
+
 		if (channel->open(channel, &channel_data) == CHANNEL_OK) {
 			transfer = channel->get_file(channel, (void *)&channel_data);
 		} else {