[0.7.x] KRACK WPA2 security bugfix

README.md

@@ -71,6 +71,30 @@ The guidelines of the Cypress Community License agreement allow individuals to s
 
 If you have questions about software licensing, please contact Particle [support](https://support.particle.io/).
 
+
+### LICENSE FAQ
+
+**This firmware is released under LGPL version 3, what does that mean for you?**
+
+ * You may use this commercially to build applications for your devices!  You **DO NOT** need to distribute your object files or the source code of your Application under LGPL.  Your source code belongs to you when you build an Application using this System Firmware.
+
+**When am I required to share my code?**
+
+ * You are **NOT required** to share your Application Firmware or object files when linking against libraries or System Firmware licensed under LGPL.
+
+ * If you make and distribute changes to System Firmware licensed under LGPL, you must release the source code and documentation for those changes under a LGPL license.
+
+**Why?**
+
+ * This license allows businesses to confidently build firmware and make devices without risk to their intellectual property, while at the same time helping the community benefit from non-proprietary contributions to the shared System Firmware.
+
+**Questions / Concerns?**
+
+ * Particle intends for this firmware to be commercially useful and safe for our community of makers and enterprises.  Please [Contact Us](https://support.particle.io/) if you have any questions or concerns, or if you require special licensing.
+
+_(Note!  This FAQ isn't meant to be legal advice, if you're unsure, please consult an attorney)_
+
+
 ### CONTRIBUTE
 
 Want to contribute to the Particle firmware project? Follow [this link](http://spark.github.io/#contributions) to find out how.

communication/src/publisher.h

@@ -43,13 +43,7 @@ class Publisher
 
 	inline bool is_system(const char* event_name)
 	{
-		// if there were a strncmpi this would be easier!
-		char prefix[6];
-		if (!*event_name || strlen(event_name) < 5)
-			return false;
-		memcpy(prefix, event_name, 5);
-		prefix[5] = '\0';
-		return !strcasecmp(prefix, "spark");
+		return !strncmp(event_name, "spark", 5);
 	}
 
 	bool is_rate_limited(bool is_system_event, system_tick_t millis)

crypto/inc/mbedtls_config_photon.h

@@ -774,7 +774,7 @@
  *
  * Requires: MBEDTLS_BIGNUM_C
  */
-#define MBEDTLS_GENPRIME
+//#define MBEDTLS_GENPRIME
 
 /**
  * \def MBEDTLS_FS_IO
@@ -1998,6 +1998,14 @@
  */
 #define MBEDTLS_OID_C
 
+/**
+ * \def MBEDTLS_OID_OPTIMIZE_STRINGS
+ *
+ * Remove unused functions from oid.c that cause unused strings to get pulled in
+ *
+ */
+#define MBEDTLS_OID_OPTIMIZE_STRINGS
+
 /**
  * \def MBEDTLS_PADLOCK_C
  *

crypto/mbedtls/library/oid.c

@@ -245,8 +245,10 @@ static const oid_x520_attr_t oid_x520_attr_type[] =
     }
 };
 
+#ifndef MBEDTLS_OID_OPTIMIZE_STRINGS
 FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
 FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
+#endif
 
 /*
  * For X509 extensions
@@ -298,8 +300,10 @@ static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
     { NULL, 0, NULL, NULL },
 };
 
+#ifndef MBEDTLS_OID_OPTIMIZE_STRINGS
 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
+#endif
 #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
 
 #if defined(MBEDTLS_MD_C)
@@ -407,9 +411,13 @@ static const oid_sig_alg_t oid_sig_alg[] =
 };
 
 FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
-FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
 FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
+
+#ifndef MBEDTLS_OID_OPTIMIZE_STRINGS
+FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
 FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
+#endif
+
 #endif /* MBEDTLS_MD_C */
 
 /*
@@ -442,7 +450,9 @@ static const oid_pk_alg_t oid_pk_alg[] =
 
 FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
+#ifndef MBEDTLS_OID_OPTIMIZE_STRINGS
 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
+#endif
 
 #if defined(MBEDTLS_ECP_C)
 /*
@@ -527,9 +537,12 @@ static const oid_ecp_grp_t oid_ecp_grp[] =
     },
 };
 
+#ifndef MBEDTLS_OID_OPTIMIZE_STRINGS
 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
+#endif
+
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_CIPHER_C)
@@ -557,8 +570,11 @@ static const oid_cipher_alg_t oid_cipher_alg[] =
     },
 };
 
+#ifndef MBEDTLS_OID_OPTIMIZE_STRINGS
 FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
 FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
+#endif
+
 #endif /* MBEDTLS_CIPHER_C */
 
 #if defined(MBEDTLS_MD_C)
@@ -653,8 +669,11 @@ static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
     },
 };
 
+#ifndef MBEDTLS_OID_OPTIMIZE_STRINGS
 FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
 FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
+#endif
+
 #endif /* MBEDTLS_PKCS12_C */
 
 #define OID_SAFE_SNPRINTF                               \

modules/photon/system-part1/build.mk

@@ -1,5 +1,5 @@
 # This is specific to the photon. Include the WICED WIFI
-WIFI_MODULE_WICED_LIB_FILES = $(HAL_LIB_COREV2)/resources.a $(HAL_LIB_DIR)/src/photon/resources.o
+WIFI_MODULE_WICED_LIB_FILES = $(HAL_LIB_COREV2)/resources.a $(HAL_LIB_DIR)/src/photon/resources.o $(HAL_LIB_COREV2)/FreeRTOS/STM32F2xx.a
 # if !USE_MBEDTLS
 # WIFI_MODULE_WICED_LIB_FILES += $(HAL_LIB_COREV2)/BESL.ARM_CM3.release.a
 # WIFI_MODULE_WICED_LIB_FILES += $(HAL_LIB_COREV2)/Lib_crypto_open.a $(HAL_SRC_COREV2_PATH)/lib/Lib_micro_ecc.a

modules/photon/system-part1/inc/wifi_dynalib.h

@@ -31,7 +31,7 @@ DYNALIB_BEGIN(wifi_resource)
 DYNALIB_FN(0, wifi_resource, wwd_firmware_image_resource, const resource_hnd_t*(void))
 DYNALIB_FN(1, wifi_resource, wwd_nvram_image_resource, const resource_hnd_t*(void))
 DYNALIB_FN(2, wifi_resource, wwd_select_nvram_image_resource, int(uint8_t, void*))
-
+DYNALIB_FN(3, wifi_resource, resource_read, resource_result_t(const resource_hnd_t*, uint32_t, uint32_t, uint32_t*, void*))
 DYNALIB_END(wifi_resource)
 
 

modules/photon/system-part1/src/wifi_dynalib.c

@@ -1,4 +1,6 @@
 
 #define DYNALIB_EXPORT
+#include "wiced_resource.h"
+#include "platform_resource.h"
 #include "wwd_resources.h"
 #include "wifi_dynalib.h"

services/src/logging.cpp

@@ -94,6 +94,7 @@ void log_message_v(int level, const char *category, LogAttributes *attr, void *r
         }
         msg_callback(buf, level, category, attr, 0);
     } else {
+#if 0
         // Using compatibility callback
         const char* const levelName = log_level_name(level, 0);
         int n = 0;
@@ -114,6 +115,7 @@ void log_message_v(int level, const char *category, LogAttributes *attr, void *r
         }
         log_compat_callback(buf);
         log_compat_callback("\r\n");
+#endif
     }
 }
 
@@ -132,6 +134,7 @@ void log_write(int level, const char *category, const char *data, size_t size, v
     if (write_callback) {
         write_callback(data, size, level, category, 0);
     } else if (log_compat_callback && level >= log_compat_level) {
+#if 0
         // Compatibility callback expects null-terminated strings
         if (!data[size - 1]) {
             log_compat_callback(data);
@@ -146,6 +149,7 @@ void log_write(int level, const char *category, const char *data, size_t size, v
                 offs += n;
             } while (offs < size);
         }
+#endif
     }
 }
 

services/src/system_error.cpp

@@ -32,7 +32,9 @@
 
 const char* system_error_message(int error, void* reserved) {
     switch (error) {
+#if PLATFORM_ID == 3
         SYSTEM_ERROR_MESSAGE_SWITCH_CASES()
+#endif
         default:
             return "Unknown error";
     }

system/system-versions.md

@@ -13,7 +13,7 @@
 |     |   8 | 0.4.7 | |
 |     |   9 | 0.4.8-rc.1 |         (2nd release to MFG for Photon) |
 |     |  10 | 0.4.8-rc.6 |         (Electron MFG Release) |
-|     |  11 | 0.4.9 | |
+|   7 |  11 | 0.4.9 | |
 |     |  12 | 0.5.0-rc.1 |         (Core, Photon, P1, Electron) |
 |     |  13 | 0.5.0-rc.2 / 0.5.0 | (Core, Photon, P1, Electron) |
 |     |  14 | 0.5.1-rc.1 |         (Core, Photon, P1, Electron) |
@@ -27,7 +27,7 @@
 |     | 100 | 0.6.0-rc.1 |         (Core, Photon, P1, Electron) |
 |     | 101 | 0.6.0-rc.2 |         (Core, Photon, P1, Electron) |
 |     | 102 | 0.6.0 |              (Core, Photon, P1, Electron) |
-|     | 103 | 0.6.1-rc.1 |         (Core, Photon, P1, Electron) |
+|   9 | 103 | 0.6.1-rc.1 |         (Core, Photon, P1, Electron) |
 |     | 104 | 0.6.1-rc.2 |         (Core, Photon, P1, Electron) |
 |     | 105 | 0.6.1 |              (Core, Photon, P1, Electron) |
 |     | 106 | 0.6.2-rc.1 |         (Core, Photon, P1, Electron) |

user/tests/unit/logging.cpp

@@ -509,7 +509,7 @@ TEST_CASE("Message logging") {
         log.checkNext().messageEquals("error").levelEquals(LOG_LEVEL_ERROR);
     }
 }
-
+/*
 TEST_CASE("Message logging (compatibility callback)") {
     CompatLogHandler log(LOG_LEVEL_ALL);
     SECTION("default attributes") {
@@ -535,7 +535,7 @@ TEST_CASE("Message logging (compatibility callback)") {
         check(log.stream()).endsWith(s.substr(0, LOG_MAX_STRING_LENGTH - 2) + "~\r\n");
     }
 }
-
+*/
 TEST_CASE("Direct logging") {
     DefaultLogHandler log(LOG_LEVEL_ALL);
     SECTION("write") {
@@ -585,7 +585,7 @@ TEST_CASE("Direct logging") {
 #endif
     }
 }
-
+/*
 // Copy-pase of above test case with DefaultLogHandler replaced with CompatLogHandler
 TEST_CASE("Direct logging (compatibility callback)") {
     CompatLogHandler log(LOG_LEVEL_ALL);
@@ -636,7 +636,7 @@ TEST_CASE("Direct logging (compatibility callback)") {
 #endif
     }
 }
-
+*/
 TEST_CASE("Basic filtering") {
     SECTION("warn") {
         DefaultLogHandler log(LOG_LEVEL_WARN); // TRACE and INFO should be filtered out
@@ -657,7 +657,7 @@ TEST_CASE("Basic filtering") {
         check(log.stream()).isEmpty();
     }
 }
-
+/*
 TEST_CASE("Basic filtering (compatibility callback)") {
     CompatLogHandler log(LOG_LEVEL_WARN); // TRACE and INFO should be filtered out
     CHECK((!LOG_ENABLED(TRACE) && !LOG_ENABLED(INFO) && LOG_ENABLED(WARN) && LOG_ENABLED(ERROR)));
@@ -690,7 +690,7 @@ TEST_CASE("Basic filtering (compatibility callback)") {
         check(log.stream()).endsWith("ERROR: message\r\nprint,printf,00");
     }
 }
-
+*/
 TEST_CASE("Scoped category") {
     DefaultLogHandler log(LOG_LEVEL_ALL);
     CHECK(LOG_THIS_CATEGORY() == SOURCE_CATEGORY);