New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for v2 signing with mlca_framework #41
Conversation
$(CC) -g -Wall -Wextra -I. $^ -o $@ -lssl -lcrypto -std=gnu99 | ||
|
||
gendilkey: gendilkey.c | ||
$(CC) -g -Wall -Wextra -I. -I${MLCA_PATH}/include -I${MLCA_PATH}/qsc/crystals $^ -o $@ ${MLCA_PATH}/build/libmlca2.a -std=gnu99 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How is ${MLCA_PATH}/build/libmlca2.a
supposed to integrate into op-build? Reading over this review, it looks like this is supposed to be an external library - but its usage/linkage seems to be hard coded into all of the build files and include paths.
My expectation would be that op-build/buildroot would build the library and install it somewhere in the "host" buildroot. Then the tooling here would pick it up from some system location.
It's just very weird to have a static link dependency without any documentation/information how how it is supposed to exist.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
op-build doesn't use these static makefiles it uses autoconf. And for that it doesn't use MLCA_PATH as (like you mentioned) it the MLCA library gets installed into 'host' paths so special include paths are not required. MLCA_PATH is a way to enable building when you just have both git clones side by side.
@@ -0,0 +1,38 @@ | |||
all: create-container print-container hashkeys gendilkey gendilsig verifydilsig extractdilkey |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is there an entirely new makefile instead of extending the existing makefile? default
does not need to include the dilithium tools.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just a simple makefile the main build process uses automake. Doing this I didn't have to take the time to figure out how to build print-container differently based on the build target
extractdilkey.c
Outdated
|
||
for (sIdx = 1; sIdx < argc; sIdx ++) | ||
{ | ||
if (strcmp(argv[sIdx], "-h") == 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reinventing getopt
gendilsig.c
Outdated
|
||
mlca_ctx_t sCtx; | ||
MLCA_RC sMlRc = 0; | ||
unsigned char* sDigest = malloc(BUF_SIZE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pointer checks
gendilsig.c
Outdated
unsigned char* sPrivKey = malloc(BUF_SIZE); | ||
unsigned char* sWirePrivKey = malloc(BUF_SIZE); | ||
|
||
sRc = readFile(sDigest,&sDigestBytes,sDigestFile); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having a single "readdilkeyfromfile" routine might be useful
gendilsig.c
Outdated
if (0 == sRc) | ||
{ | ||
// Raw private key size for dilithium r2 8/7 | ||
if (5136 == sWirePrivKeyBytes) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
constant
gendilsig.c
Outdated
int gRc = mlca_sign(sSignature, sSignatureBytes, /// validate RC | ||
sDigest, sDigestBytes, | ||
sPrivKey, sPrivKeyBytes, | ||
(const unsigned char *)CR_OID_DIL_R2_8x7, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The library doesn't provide the OID in the correct data type to use?
gendilsig.c
Outdated
sRc = 1; | ||
} | ||
#else | ||
int gRc = mlca_sign(sSignature, sSignatureBytes, /// validate RC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gRc?
No description provided.