Conversation
keerthanakalyan
left a comment
keerthanakalyan
left a comment
There was a problem hiding this comment.
General comment:
- Remove log_level logic
- Make sure error messages and properly tagged to LOGGER_ERR
- Minimize the LOGGER_DEBUG message and remove it in places which are not necessary
- Move the declarations to start of the function
- Remove functions which are not required (like bin_2_hex_print)
- Make sure the buffers allocated are freed during error conditions and in out.
- Run static analyzer tool to fix memory issues.
| switch(acvp_cipher & ACVP_HASHMASK) | ||
| { | ||
| case ACVP_SHA1: | ||
| if((type & ACVP_DRBGMASK) == ACVP_DRBGHMAC) |
There was a problem hiding this comment.
Can we move this piece of logic common before?
backends/backend_libkcapi.c
Outdated
| return -EINVAL; | ||
| } | ||
|
|
||
| char cipher[CIPHERMAXNAME]; |
There was a problem hiding this comment.
Nit: Move all the declarations to the start of the function.
backends/backend_libkcapi.c
Outdated
| goto out; | ||
| CKINT_LOG(alloc_buf(data->rnd_data_bits_len/8, &data->random), "drbg: data->random buffer could not be allocated\n"); | ||
|
|
||
| #if log_level==2 |
There was a problem hiding this comment.
Where is log_level defined? I do not see its usage in the existing code for debugging message
backends/backend_libkcapi.c
Outdated
| ret = kcapi_rng_set_entropy(rng, ent1.buf, ent1.len); | ||
| if(ret < 0) | ||
| { | ||
| logger(LOGGER_DEBUG, "drbg: entropy set failed with error = %d\n", ret); |
There was a problem hiding this comment.
It should be LOGGER_ERR. Please make sure all the errors are properly classified as LOGGER_ERR
backends/backend_libkcapi.c
Outdated
| } | ||
| (void)parsed_flags; | ||
|
|
||
| struct kcapi_handle *handle = NULL; |
There was a problem hiding this comment.
Nit: Move all declarations to the start of function.
| size_t len = 0; | ||
| (void)parsed_flags; | ||
|
|
||
| switch(data->cipher) { |
There was a problem hiding this comment.
Is this logic needed? Looks like only used for logging
| else | ||
| ecdsa_get_bufferlen(ACVP_NISTP256, &dlen, &qxlen, &qylen); | ||
|
|
||
| CKINT_LOG(alloc_buf(qxlen, &data->Qx), "ecdsa: Qx could not be allocated\n"); |
There was a problem hiding this comment.
Are these buffers freed anywhere?
| goto out; | ||
| } | ||
|
|
||
| CKINT_LOG(alloc_buf(qxlen + qylen, &key), "ecdh: local public Key buffer could not be allocated\n"); |
There was a problem hiding this comment.
where is this buffer getting freed?
| pk.len = 0; | ||
| pk.buf = NULL; | ||
|
|
||
| CKINT_LOG(alloc_buf(data->Qx.len + data->Qy.len + 1, &pk), "ecdsa: public key buffer could not be allocated\n"); |
There was a problem hiding this comment.
where is this buffer getting freed?
| CKINT_LOG(alloc_buf(data->Qx.len + data->Qy.len + 1, &pk), "ecdsa: public key buffer could not be allocated\n"); | ||
| ptr = (&pk)->buf; | ||
|
|
||
| ptr[0] = 0x04; |
There was a problem hiding this comment.
why is this hardcoded to 0x04? Can you make it a macro with self explanatory name?
…rification rsa_sigver - performs signature verification rsa_siggen - performs signature generation rsa_private_key_ber_encode - perform BER encoding for the RSA private key rsa_public_key_ber_encode - perform BER encoding for the RSA public key Co-authored-by: Srish Srinivasan <srish.srinivasan@broadcom.com>
decryption and Monte Carlo Test sym_cipher - perform AES cipher selection sym_encrypt - perform AES encryption sym_decrypt - perform AES decryption Co-authored-by: Srish Srinivasan <srish.srinivasan@broadcom.com>
sha_mac_cipher - performs sha and mac cipher selection sha_generate - generates hash mac_generate - generates message authentication code Co-authored-by: Srish Srinivasan <srish.srinivasan@broadcom.com>
backends/backend_libkcapi.c
Outdated
| static int gcm_encrypt(struct aead_data *data, flags_t parsed_flags) | ||
| { | ||
| struct kcapi_handle *handle = NULL; | ||
| char *cipher = "gcm(aes)"; |
There was a problem hiding this comment.
As discussed, please use existing function to return the name, instead of hardcoding.
backends/backend_libkcapi.c
Outdated
| uint8_t *buf = NULL, *newiv = NULL; | ||
| uint32_t outbuflen = 0, inbuflen = 0; | ||
|
|
||
| uint32_t newivlen = 12; |
backends/backend_libkcapi.c
Outdated
| static int gcm_decrypt(struct aead_data *data, flags_t parsed_flags) | ||
| { | ||
| struct kcapi_handle *handle = NULL; | ||
| char cipher[] = "gcm(aes)"; |
There was a problem hiding this comment.
As discussed, please use existing function to return the name, instead of hardcoding.
backends/backend_libkcapi.c
Outdated
| uint8_t *buf = NULL, *newiv = NULL;; | ||
| uint32_t outbuflen = 0, inbuflen = 0; | ||
| /* Only IV size of 12 bytes is supported by the kernel */ | ||
| uint32_t newivlen = 12; |
backends/backend_libkcapi.c
Outdated
| static int ccm_encrypt(struct aead_data *data, flags_t parsed_flags) | ||
| { | ||
| struct kcapi_handle *handle = NULL; | ||
| char cipher[] = "ccm(aes)"; |
There was a problem hiding this comment.
As discussed, please use existing function to return the name, instead of hardcoding.
backends/backend_libkcapi.c
Outdated
| uint8_t *outbuf = NULL, *newiv = NULL; | ||
| uint32_t outbuflen = 0, inbuflen = 0; | ||
| /* Only IV size of 16 bytes is supported by the kernel */ | ||
| uint32_t newivlen = 16; |
backends/backend_libkcapi.c
Outdated
| static int ccm_decrypt(struct aead_data *data, flags_t parsed_flags) | ||
| { | ||
| struct kcapi_handle *handle = NULL; | ||
| char cipher[] = "ccm(aes)"; |
There was a problem hiding this comment.
As discussed, please use existing function to return the name, instead of hardcoding.
backends/backend_libkcapi.c
Outdated
| uint8_t *buf = NULL, *newiv = NULL; | ||
| uint32_t outbuflen = 0, inbuflen = 0; | ||
| /* Only IV size of 16 bytes is supported by the kernel */ | ||
| uint32_t newivlen = 16; |
backends/backend_libkcapi.c
Outdated
|
|
||
| if((data->cipher & ACVP_CURVEMASK) == ACVP_NISTP256) | ||
| { | ||
| curve = "ecdh-nist-p256"; |
There was a problem hiding this comment.
please use macro for curve, curve_id and ss_key_len values.
backends/backend_libkcapi.c
Outdated
|
|
||
| if((data->cipher & ACVP_CURVEMASK) == ACVP_NISTP256) | ||
| { | ||
| curve = "ecdh-nist-p256"; |
There was a problem hiding this comment.
please use macro for curve, curve_id and ss_key_len values.
…d signature verification ecdsa_keygen - generates ECDSA keypair ecdsa_keyver - verifies ECDSA keypair ecdsa_sigver - verifies ECDSA signature Co-authored-by: Srish Srinivasan <srish.srinivasan@broadcom.com>
…and CCM gcm_encrypt - performs GCM encryption gcm_decrypt - performs GCM decryption ccm_encrypt - performs CCM encryption ccm_decrypt - performs CCM decryption Signed-off-by: Srish Srinivasan <srish.srinivasan@broadcom.com>
…ation ecdh_ss_ver - performs ECDH shared secret verification ecdh_ss - performs ECDH shared secret generation Signed-off-by: Srish Srinivasan <srish.srinivasan@broadcom.com>
drbg_cipher - performs DRBG cipher selection drbg_generate - performs DRBG generation Signed-off-by: Srish Srinivasan <srish.srinivasan@broadcom.com>
…age of the deprecated API (#1) * LMS algorithm was added * Removed usage of the deprecated API * Changed compilation lines due to specific OpenSSL layout on Windows + Corrected cryptomb backendns because FIPS CAVP vectors representation was changed Signed-off-by: Stephan Mueller <smueller@chronox.de>
3 participants
No description provided.