From 800fe89e1e9242eb396777f6debc6f893b46b414 Mon Sep 17 00:00:00 2001 From: Jade Philipoom Date: Thu, 18 Jan 2024 09:28:25 +0100 Subject: [PATCH] [crypto] Change ordering of buffer fields to match Rust. This is helpful for compatibility when the cryptolib is called from Rust code. Signed-off-by: Jade Philipoom --- .../lib/crypto/impl/key_transport_unittest.cc | 50 +++++++++---------- sw/device/lib/crypto/include/datatypes.h | 36 +++++++++---- 2 files changed, 51 insertions(+), 35 deletions(-) diff --git a/sw/device/lib/crypto/impl/key_transport_unittest.cc b/sw/device/lib/crypto/impl/key_transport_unittest.cc index 1c5a89390b29d7..26a12f28cfc9b0 100644 --- a/sw/device/lib/crypto/impl/key_transport_unittest.cc +++ b/sw/device/lib/crypto/impl/key_transport_unittest.cc @@ -129,12 +129,12 @@ TEST(KeyTransport, BlindedKeyImportExport) { // Import the key into the blinded key struct. EXPECT_EQ(status_ok(otcrypto_import_blinded_key( (otcrypto_const_word32_buf_t){ - .len = share0.size(), .data = share0.data(), + .len = share0.size(), }, (otcrypto_const_word32_buf_t){ - .len = share1.size(), .data = share1.data(), + .len = share1.size(), }, &blinded_key)), true); @@ -145,15 +145,15 @@ TEST(KeyTransport, BlindedKeyImportExport) { // Export the key again. otcrypto_word32_buf_t share0_buf = { - .len = share0.size(), .data = share0.data(), + .len = share0.size(), }; otcrypto_word32_buf_t share1_buf = { - .len = share1.size(), .data = share1.data(), + .len = share1.size(), }; - EXPECT_EQ(status_ok(otcrypto_export_blinded_key(blinded_key, &share0_buf, - &share1_buf)), + EXPECT_EQ(status_ok(otcrypto_export_blinded_key(blinded_key, share0_buf, + share1_buf)), true); // Unmask the result and compare to the unmasked key. @@ -179,12 +179,12 @@ TEST(KeyTransport, BlindedKeyImportBadLengths) { // Set a bad length for share 0 and expect the import to fail. EXPECT_EQ(status_ok(otcrypto_import_blinded_key( (otcrypto_const_word32_buf_t){ - .len = share0.size() - 1, .data = share0.data(), + .len = share0.size() - 1, }, (otcrypto_const_word32_buf_t){ - .len = share1.size(), .data = share1.data(), + .len = share1.size(), }, &blinded_key)), false); @@ -192,12 +192,12 @@ TEST(KeyTransport, BlindedKeyImportBadLengths) { // Set a bad length for share 1 and expect the import to fail. EXPECT_EQ(status_ok(otcrypto_import_blinded_key( (otcrypto_const_word32_buf_t){ - .len = share0.size(), .data = share0.data(), + .len = share0.size(), }, (otcrypto_const_word32_buf_t){ - .len = share1.size() - 1, .data = share1.data(), + .len = share1.size() - 1, }, &blinded_key)), false); @@ -210,12 +210,12 @@ TEST(KeyTransport, BlindedKeyImportBadLengths) { }; EXPECT_EQ(status_ok(otcrypto_import_blinded_key( (otcrypto_const_word32_buf_t){ - .len = share0.size(), .data = share0.data(), + .len = share0.size(), }, (otcrypto_const_word32_buf_t){ - .len = share1.size(), .data = share1.data(), + .len = share1.size(), }, &bad_blinded_key)), false); @@ -238,33 +238,33 @@ TEST(KeyTransport, BlindedKeyExportBadLengths) { // Import the key. EXPECT_EQ(status_ok(otcrypto_import_blinded_key( (otcrypto_const_word32_buf_t){ - .len = share0.size(), .data = share0.data(), + .len = share0.size(), }, (otcrypto_const_word32_buf_t){ - .len = share1.size(), .data = share1.data(), + .len = share1.size(), }, &blinded_key)), true); otcrypto_word32_buf_t share_with_good_length = { - .len = share0.size(), .data = share0.data(), + .len = share0.size(), }; otcrypto_word32_buf_t share_with_bad_length = { - .len = share1.size() - 1, .data = share1.data(), + .len = share1.size() - 1, }; // Set a bad length for share 0 and expect the import to fail. EXPECT_EQ(status_ok(otcrypto_export_blinded_key( - blinded_key, &share_with_bad_length, &share_with_good_length)), + blinded_key, share_with_bad_length, share_with_good_length)), false); // Set a bad length for share 1 and expect the import to fail. EXPECT_EQ(status_ok(otcrypto_export_blinded_key( - blinded_key, &share_with_good_length, &share_with_bad_length)), + blinded_key, share_with_good_length, share_with_bad_length)), false); // Set a bad length for the keyblob and expect the export to fail. @@ -275,7 +275,7 @@ TEST(KeyTransport, BlindedKeyExportBadLengths) { }; EXPECT_EQ( status_ok(otcrypto_export_blinded_key( - bad_blinded_key, &share_with_good_length, &share_with_good_length)), + bad_blinded_key, share_with_good_length, share_with_good_length)), false); } @@ -296,27 +296,27 @@ TEST(KeyTransport, BlindedKeyExportNotExportable) { // Import the key. EXPECT_EQ(status_ok(otcrypto_import_blinded_key( (otcrypto_const_word32_buf_t){ - .len = share0.size(), .data = share0.data(), + .len = share0.size(), }, (otcrypto_const_word32_buf_t){ - .len = share1.size(), .data = share1.data(), + .len = share1.size(), }, &blinded_key)), true); // Expect key export to fail. otcrypto_word32_buf_t share0_buf = { - .len = share0.size(), .data = share0.data(), + .len = share0.size(), }; otcrypto_word32_buf_t share1_buf = { - .len = share1.size(), .data = share1.data(), + .len = share1.size(), }; - EXPECT_EQ(status_ok(otcrypto_export_blinded_key(blinded_key, &share0_buf, - &share1_buf)), + EXPECT_EQ(status_ok(otcrypto_export_blinded_key(blinded_key, share0_buf, + share1_buf)), false); } diff --git a/sw/device/lib/crypto/include/datatypes.h b/sw/device/lib/crypto/include/datatypes.h index 7966b3c7bab9a9..daa6d200972bc3 100644 --- a/sw/device/lib/crypto/include/datatypes.h +++ b/sw/device/lib/crypto/include/datatypes.h @@ -79,12 +79,16 @@ typedef enum otcrypto_status_value { * Note: the caller must (1) allocate sufficient space and (2) set the `len` * field and `data` pointer when `otcrypto_byte_buf_t` is used for output. The * crypto library will throw an error if `len` doesn't match expectations. + * + * The order of `data` and `len` is important here for Rust compatibility; if + * `data` comes first, the representation exactly matches slices and is easier + * to call from Rust. */ typedef struct otcrypto_byte_buf { - // Length of the data in bytes. - size_t len; // Pointer to the data. uint8_t *data; + // Length of the data in bytes. + size_t len; } otcrypto_byte_buf_t; /** @@ -94,12 +98,16 @@ typedef struct otcrypto_byte_buf { * necessary to have this structure separate from `otcrypto_byte_buf_t` because * data pointed to by a struct does not inherit `const`, so `const * otcrypto_byte_buf_t` would still allow data to change. + * + * The order of `data` and `len` is important here for Rust compatibility; if + * `data` comes first, the representation exactly matches slices and is easier + * to call from Rust. */ typedef struct otcrypto_const_byte_buf { - // Length of the data in bytes. - const size_t len; // Pointer to the data. const uint8_t *const data; + // Length of the data in bytes. + const size_t len; } otcrypto_const_byte_buf_t; /** @@ -108,12 +116,16 @@ typedef struct otcrypto_const_byte_buf { * Note: the caller must (1) allocate sufficient space and (2) set the `len` * field and `data` pointer when `otcrypto_word32_buf_t` is used for output. The * crypto library will throw an error if `len` doesn't match expectations. + * + * The order of `data` and `len` is important here for Rust compatibility; if + * `data` comes first, the representation exactly matches slices and is easier + * to call from Rust. */ typedef struct otcrypto_word32_buf { - // Length of the data in words. - size_t len; // Pointer to the data. uint32_t *data; + // Length of the data in words. + size_t len; } otcrypto_word32_buf_t; /** @@ -123,12 +135,16 @@ typedef struct otcrypto_word32_buf { * necessary to have this structure separate from `otcrypto_word32_buf_t` * because data pointed to by a struct does not inherit `const`, so `const * otcrypto_word32_buf_t` would still allow data to change. + * + * The order of `data` and `len` is important here for Rust compatibility; if + * `data` comes first, the representation exactly matches slices and is easier + * to call from Rust. */ typedef struct otcrypto_const_word32_buf { - // Length of the data in words. - const size_t len; // Pointer to the data. const uint32_t *const data; + // Length of the data in words. + const size_t len; } otcrypto_const_word32_buf_t; /** @@ -445,10 +461,10 @@ typedef enum otcrypto_hash_mode { typedef struct otcrypto_hash_digest { // Digest type. otcrypto_hash_mode_t mode; - // Digest length in 32-bit words. - size_t len; // Digest data. uint32_t *data; + // Digest length in 32-bit words. + size_t len; } otcrypto_hash_digest_t; #ifdef __cplusplus