Add support for v2 signing with mlca_framework #41
Conversation
| $(CC) -g -Wall -Wextra -I. $^ -o $@ -lssl -lcrypto -std=gnu99 | ||
|
|
||
| gendilkey: gendilkey.c | ||
| $(CC) -g -Wall -Wextra -I. -I${MLCA_PATH}/include -I${MLCA_PATH}/qsc/crystals $^ -o $@ ${MLCA_PATH}/build/libmlca2.a -std=gnu99 |
There was a problem hiding this comment.
How is ${MLCA_PATH}/build/libmlca2.a supposed to integrate into op-build? Reading over this review, it looks like this is supposed to be an external library - but its usage/linkage seems to be hard coded into all of the build files and include paths.
My expectation would be that op-build/buildroot would build the library and install it somewhere in the "host" buildroot. Then the tooling here would pick it up from some system location.
It's just very weird to have a static link dependency without any documentation/information how how it is supposed to exist.
There was a problem hiding this comment.
op-build doesn't use these static makefiles it uses autoconf. And for that it doesn't use MLCA_PATH as (like you mentioned) it the MLCA library gets installed into 'host' paths so special include paths are not required. MLCA_PATH is a way to enable building when you just have both git clones side by side.
| @@ -0,0 +1,38 @@ | |||
| all: create-container print-container hashkeys gendilkey gendilsig verifydilsig extractdilkey | |||
There was a problem hiding this comment.
Why is there an entirely new makefile instead of extending the existing makefile? default does not need to include the dilithium tools.
There was a problem hiding this comment.
This is just a simple makefile the main build process uses automake. Doing this I didn't have to take the time to figure out how to build print-container differently based on the build target
extractdilkey.c
Outdated
|
|
||
| for (sIdx = 1; sIdx < argc; sIdx ++) | ||
| { | ||
| if (strcmp(argv[sIdx], "-h") == 0) |
gendilsig.c
Outdated
|
|
||
| mlca_ctx_t sCtx; | ||
| MLCA_RC sMlRc = 0; | ||
| unsigned char* sDigest = malloc(BUF_SIZE); |
gendilsig.c
Outdated
| unsigned char* sPrivKey = malloc(BUF_SIZE); | ||
| unsigned char* sWirePrivKey = malloc(BUF_SIZE); | ||
|
|
||
| sRc = readFile(sDigest,&sDigestBytes,sDigestFile); |
There was a problem hiding this comment.
Having a single "readdilkeyfromfile" routine might be useful
gendilsig.c
Outdated
| if (0 == sRc) | ||
| { | ||
| // Raw private key size for dilithium r2 8/7 | ||
| if (5136 == sWirePrivKeyBytes) |
gendilsig.c
Outdated
| int gRc = mlca_sign(sSignature, sSignatureBytes, /// validate RC | ||
| sDigest, sDigestBytes, | ||
| sPrivKey, sPrivKeyBytes, | ||
| (const unsigned char *)CR_OID_DIL_R2_8x7, |
There was a problem hiding this comment.
The library doesn't provide the OID in the correct data type to use?
gendilsig.c
Outdated
| sRc = 1; | ||
| } | ||
| #else | ||
| int gRc = mlca_sign(sSignature, sSignatureBytes, /// validate RC |
No description provided.