Skip to content

Ticket #1150: Add new crypto library

Nathan Lebeau requested to merge stg_nathan_crypto into master

This branch must first be completely reworked to rely on !1045 (merged)

  • Restart from 1045 and create a new lib_dep/cyclon folder
  • Adapt build rule by restarting rom existing flags (See option(S2OPC_CRYPTO_MBEDTLS "Use MbedTLS" ON) in CommonDefs.cmake ). I don't know any way to pass a STRING-typed option to CMAKE, so I guess we can add another S2OPC_CRYPTO_CYCLON option

Rebase will probably be impossible due to highly reworked interface in crypto folder. If this is the case, it might be more efficient to reimport new files

Contributes #1150 (closed). Rebase has been done successfully. Note for the reviewers:

  1. in crypto_functions_cyclone_crypto.c:
    • not reviewed: the two functions generic_SymmEncrypt/Decrypt which are new ;
    • not reviewed: CryptoProvider_CTR_Crypt_AES256 which changed.
  2. in key_manager_cyclone_crypto.c:
    • some functions have not been implemented, for several reasons (I mentionned theses reasons as commentary of the functions) ;
    • not reviewed: SOPC_KeyManager_Certificate_GetSanDnsNames, SOPC_KeyManager_Certificate/CRL_ToDER_Files and its related static functions, SOPC_KeyManager_CertificateList_RemoveCertFromSHA1 and its related static functions, SOPC_KeyManager_Certificate_IsSelfSigned, SOPC_KeyManager_Certificate/CRL_Copy, SOPC_KeyManager_CRL_GetListLength which are new ;
    • SOPC_KeyManagerInternal_CertificateList_CheckCRL which changed.
  3. in pki_cyclone_crypto.c:
    • many changes have been made in this file. Some minor points have been reviewed (see the current open threads) but a total review of the file can clearly be envisaged.
  4. A find_package() has been added for CycloneCRYPTO and the CMakeLists have lightly changed. The scripts check-code.sh has been modified for enabling the entire verification on Cyclone sources when the compilation option is set.
  • Before merging : Restore the two CI files, and program a regular CI which builds with Cyclone and tests the built binaries.

Note: S2OPC compilation uses by default MbedTLS. If you want to compile using CycloneCRYPTO you need to add the compilation option S2OPC_CRYPTO_CYCLONE=1. For example the command ./.build-in-docker.sh S2OPC_CRYPTO_CYCLONE=1 ./build.sh builds S2OPC in the docker build using CycloneCRYPTO.

  • Before merging: Squash the commits because some changes are undone in other commits.
Edited by Nathan Lebeau

Merge request reports