From ec7511ee8f138dc8c02aa8ae8bcce5847368136c Mon Sep 17 00:00:00 2001
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Mon, 4 Mar 2019 13:19:39 +0100
Subject: [PATCH] trustfence-cst: add support for cst v3.1.0

This version supports OpenSSL v1.1.0 by default, which is used in DEY 2.6.
Trying to build older versions of the package will result in failures, so
remove support for said versions entirely.

Our patches apply cleanly except for the hab4_pki_tree.sh automation patch,
which needs a small tweak so it can get applied over the latest version of the
script.

https://jira.digi.com/browse/DEL-6476

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
 .../recipes-bsp/trustfence-cst/trustfence-cst.inc         | 8 +++++---
 .../0002-hab4_pki_tree.sh-automate-script.patch           | 8 ++++----
 .../recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb    | 3 ---
 .../recipes-bsp/trustfence-cst/trustfence-cst_2.3.3.bb    | 5 -----
 .../recipes-bsp/trustfence-cst/trustfence-cst_3.1.0.bb    | 3 +++
 5 files changed, 12 insertions(+), 15 deletions(-)
 delete mode 100644 meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb
 delete mode 100644 meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.3.bb
 create mode 100644 meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.1.0.bb

diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
index 175dd4e73..54ac3ec29 100644
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
@@ -1,4 +1,4 @@
-# Copyright (C) 2017, 2018 Digi International
+# Copyright (C) 2017-2019 Digi International
 SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
 DESCRIPTION = "Provides software code signing support designed for use with \
 i.MX processors that integrate the HAB library in the internal boot ROM."
@@ -8,7 +8,7 @@ LICENSE = "CLOSED"
 DEPENDS = "openssl"
 
 SRC_URI = " \
-    ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tar.gz', '', d)} \
+    ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tgz', '', d)} \
     file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
     file://0002-hab4_pki_tree.sh-automate-script.patch \
     file://0003-openssl_helper-use-dev-urandom-as-seed-source.patch \
@@ -27,7 +27,7 @@ python() {
         d.setVar('PREMIRRORS', "file://cst.* %s \\n %s" % (source_mirror_url, premirrors))
 }
 
-S = "${WORKDIR}/cst-${PV}"
+S = "${WORKDIR}/release"
 
 do_configure() {
 	cp -f ${WORKDIR}/Makefile .
@@ -47,5 +47,7 @@ do_install() {
 	install -m 0755 ca/v3_usr.cnf ${D}${bindir}/v3_usr.cnf
 }
 
+INSANE_SKIP_${PN} += "already-stripped"
+
 FILES_${PN} = "${bindir}"
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-hab4_pki_tree.sh-automate-script.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-hab4_pki_tree.sh-automate-script.patch
index a6686f9ee..21681dc35 100644
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-hab4_pki_tree.sh-automate-script.patch
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0002-hab4_pki_tree.sh-automate-script.patch
@@ -57,19 +57,19 @@ index 7dd67f68c8df..b2c6b71b604e 100755
 -if [ $use_ecc = "y" ]
 -then
 -    printf "Enter length for elliptic curve to be used for PKI tree:\n"
--    printf "Possible values p192, p256, p521:   \b"
+-    printf "Possible values p256, p384, p521:   \b"
 -    read kl
 -
 -    # Confirm that a valid key length has been entered
 -    case $kl in
--        p192)
--            cn="secp112r1" ;;
 -        p256)
 -            cn="prime256v1" ;;
+-        p384)
+-            cn="secp384r1" ;;
 -        p521)
 -            cn="secp521r1" ;;
 -        *)
--            echo Invalid key length. Supported key lengths: 192, 256, 521
+-            echo Invalid key length. Supported key lengths: 256, 384, 521
 -        exit 1 ;;
 -    esac
 -else
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb
deleted file mode 100644
index ef988e311..000000000
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.2.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-# Copyright (C) 2017, 2018 Digi International
-
-require trustfence-cst.inc
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.3.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.3.bb
deleted file mode 100644
index 7c93d240f..000000000
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_2.3.3.bb
+++ /dev/null
@@ -1,5 +0,0 @@
-# Copyright (C) 2017, 2018 Digi International
-
-require trustfence-cst.inc
-
-INSANE_SKIP_${PN} += "already-stripped"
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.1.0.bb b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.1.0.bb
new file mode 100644
index 000000000..04796598f
--- /dev/null
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst_3.1.0.bb
@@ -0,0 +1,3 @@
+# Copyright (C) 2019 Digi International
+
+require trustfence-cst.inc