Address review comments and github open issues (fido-device-onboard#248)

Signed-off-by: Shrikant Temburwar <[email protected]>

app/blob.c

@@ -24,7 +24,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include "safe_lib.h"
-#include "fdoCryptoHal.h"
+#include "fdo_crypto_hal.h"
 #if defined(USE_OPENSSL)
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
@@ -35,7 +35,7 @@
 #include "blob.h"
 #if defined(DEVICE_TPM20_ENABLED)
 #include "tpm20_Utils.h"
-#include "fdoCrypto.h"
+#include "fdo_crypto.h"
 #endif
 
 #if !defined(DEVICE_TPM20_ENABLED)

app/main.c

@@ -257,7 +257,7 @@ int app_main(bool is_resale)
 		LOG(LOG_DEBUG, "Sv_info Modules not loaded!\n");
 	}
 
-	/* Init fdo sdk */
+	/* Init FDO sdk */
 	if (FDO_SUCCESS !=
 	    fdo_sdk_init(error_cb, FDO_MAX_MODULES, module_info)) {
 		LOG(LOG_ERROR, "fdo_sdk_init failed!!\n");

crypto/CMakeLists.txt

@@ -17,41 +17,41 @@ add_library(crypto "")
 
 client_sdk_sources_with_lib(
   crypto
-  common/fdoOvVerify.c
-  common/fdoKeyExchange.c
-  common/fdoAes.c
-  common/fdoHmac.c
-  common/fdoDevSign.c
-  common/fdoCryptoCommon.c
-  common/fdoDevAttest.c
+  common/fdo_ov_verify.c
+  common/fdo_key_exchange.c
+  common/fdo_aes.c
+  common/fdo_hmac.c
+  common/fdo_dev_sign.c
+  common/fdo_crypto_common.c
+  common/fdo_dev_attest.c
   )
 
 
 #################################################################
 #openssl build
 if (${TLS} STREQUAL openssl)
   client_sdk_sources_with_lib( crypto
-    openssl/openssl_AESRoutines.c
-    openssl/openssl_cryptoSupport.c
-    openssl/openssl_SSLRoutines.c
+    openssl/openssl_AES_routines.c
+    openssl/openssl_crypto_support.c
+    openssl/openssl_SSL_routines.c
     openssl/BN_support.c
     openssl/openssl_key_exchange_ecdh.c)
 
     ### Signature verifications types
     if (${CRYPTO_HW} STREQUAL false)
-          client_sdk_sources_with_lib( crypto openssl/openssl_ECDSAVerifyRoutines.c)
+          client_sdk_sources_with_lib( crypto openssl/openssl_ECDSA_verify_routines.c)
     endif()
 
     if (${DA} STREQUAL cse_ecdsa384)
     client_sdk_sources_with_lib ( crypto
-    openssl/cse_cryptoSupport.c
+    openssl/cse_crypto_support.c
     )
     endif()
 
 
     if (${DA} MATCHES tpm)
 	  client_sdk_sources_with_lib ( crypto
-	    openssl/tpm20_ECDSASignRoutines.c
+	    openssl/tpm20_ECDSA_sign_routines.c
 	    openssl/tpm20_Utils.c
 	    openssl/openssl_csr.c
 	    openssl/ec_key.c
@@ -60,15 +60,15 @@ if (${TLS} STREQUAL openssl)
     elseif (${DA} MATCHES ecdsa)
       if (${CRYPTO_HW} MATCHES false)
 	  client_sdk_sources_with_lib ( crypto
-	    openssl/openssl_ECDSASignRoutines.c
+	    openssl/openssl_ECDSA_sign_routines.c
 	    openssl/openssl_csr.c
 	    openssl/ec_key.c
             ecdsa/ecdsa_privkey.c)
         endif()
     endif()
 
     if (${CRYPTO_HW} MATCHES true)
-	  client_sdk_sources_with_lib( crypto openssl/openssl_DERRoutines.c)
+	  client_sdk_sources_with_lib( crypto openssl/openssl_DER_routines.c)
     endif()
 endif()
 
@@ -115,13 +115,13 @@ endif()
 
 if (${CRYPTO_HW} MATCHES true)
   client_sdk_sources_with_lib( crypto
-    se/se_AESGCMRoutines.c
-    se/se_cryptoSupport.c
+    se/se_AES_GCM_routines.c
+    se/se_crypto_support.c
     se/se_csr.c
-    se/se_ECDSAVerifyRoutines.c)
+    se/se_ECDSA_verify_routines.c)
 
   if (${DA} STREQUAL ecdsa256 )
-    client_sdk_sources_with_lib( crypto se/se_ECDSASignRoutines.c)
+    client_sdk_sources_with_lib( crypto se/se_ECDSA_sign_routines.c)
     endif()
   endif()
 

crypto/common/fdoAes.c → crypto/common/fdo_aes.c

@@ -3,11 +3,11 @@
  * SPDX-License-Identifier: Apache 2.0
  */
 
-#include "fdoCryptoHal.h"
+#include "fdo_crypto_hal.h"
 #include "util.h"
 #include "safe_lib.h"
-#include "fdoCryptoCtx.h"
-#include "fdoCrypto.h"
+#include "fdo_crypto_ctx.h"
+#include "fdo_crypto.h"
 #include "network_al.h"
 
 /**

crypto/common/fdoCryptoCommon.c → crypto/common/fdo_crypto_common.c

@@ -3,13 +3,13 @@
  * SPDX-License-Identifier: Apache 2.0
  */
 
-#include "fdoCryptoHal.h"
+#include "fdo_crypto_hal.h"
 #include "util.h"
 #include "safe_lib.h"
 #include "snprintf_s.h"
 #include "stdlib.h"
-#include "fdoCryptoCtx.h"
-#include "fdoCrypto.h"
+#include "fdo_crypto_ctx.h"
+#include "fdo_crypto.h"
 #if defined(DEVICE_TPM20_ENABLED)
 #include "tpm20_Utils.h"
 #endif
@@ -49,25 +49,25 @@ fdo_aes_keyset_t *get_keyset(void)
  * This function returns the address of Ownership voucher hmac key.
  * @return Byte array which holds the OV hmac key
  */
-fdo_byte_array_t **getOVKey(void)
+fdo_byte_array_t **get_OV_key(void)
 {
-	return &crypto_ctx.OVKey;
+	return &crypto_ctx.OV_key;
 }
 
 /**
  * This function returns the address of Ownership voucher replacement hmac key.
  * @return Byte array which holds the OV replacement hmac key
  */
-fdo_byte_array_t **getreplacementOVKey(void)
+fdo_byte_array_t **get_replacement_OV_key(void)
 {
-	return &crypto_ctx.replacement_OVKey;
+	return &crypto_ctx.replacement_OV_key;
 }
 
 /**
  * This function returns the address of the dev key struct inside crypto
  * context.
  */
-fdo_dev_key_ctx_t *getfdo_dev_key_ctx(void)
+fdo_dev_key_ctx_t *get_fdo_dev_key_ctx(void)
 {
 	return &crypto_ctx.dev_key;
 }
@@ -76,7 +76,7 @@ fdo_dev_key_ctx_t *getfdo_dev_key_ctx(void)
  * This function returns the address of the kex struct inside crypto
  * context.
  */
-fdo_kex_ctx_t *getfdo_key_ctx(void)
+fdo_kex_ctx_t *get_fdo_key_ctx(void)
 {
 	return &crypto_ctx.kex;
 }
@@ -131,11 +131,11 @@ static void cleanup_ctx(void)
 	}
 
 	/* cleanup ovkey */
-	fdo_byte_array_free(crypto_ctx.OVKey);
-	crypto_ctx.OVKey = NULL;
-	if (crypto_ctx.replacement_OVKey) {
-		fdo_byte_array_free(crypto_ctx.replacement_OVKey);
-		crypto_ctx.replacement_OVKey = NULL;
+	fdo_byte_array_free(crypto_ctx.OV_key);
+	crypto_ctx.OV_key = NULL;
+	if (crypto_ctx.replacement_OV_key) {
+		fdo_byte_array_free(crypto_ctx.replacement_OV_key);
+		crypto_ctx.replacement_OV_key = NULL;
 	}
 }
 

crypto/common/fdoDevAttest.c → crypto/common/fdo_dev_attest.c

@@ -11,8 +11,8 @@
 #include <stdlib.h>
 #include "util.h"
 #include "safe_lib.h"
-#include "fdoCryptoHal.h"
-#include "fdoCrypto.h"
+#include "fdo_crypto_hal.h"
+#include "fdo_crypto.h"
 
 /* Do nothing for ECDSA based attestation */
 int32_t dev_attestation_init(void)

crypto/common/fdoDevSign.c → crypto/common/fdo_dev_sign.c

@@ -3,13 +3,13 @@
  * SPDX-License-Identifier: Apache 2.0
  */
 
-#include "fdoCryptoHal.h"
+#include "fdo_crypto_hal.h"
 #include "util.h"
 #include "safe_lib.h"
 #include "snprintf_s.h"
 #include "stdlib.h"
-#include "fdoCryptoCtx.h"
-#include "fdoCrypto.h"
+#include "fdo_crypto_ctx.h"
+#include "fdo_crypto.h"
 #if defined(DEVICE_CSE_ENABLED)
 #include "cse_utils.h"
 #endif

crypto/common/fdoHmac.c → crypto/common/fdo_hmac.c

@@ -3,11 +3,11 @@
  * SPDX-License-Identifier: Apache 2.0
  */
 
-#include "fdoCryptoHal.h"
+#include "fdo_crypto_hal.h"
 #include "util.h"
 #include "safe_lib.h"
-#include "fdoCryptoCtx.h"
-#include "fdoCrypto.h"
+#include "fdo_crypto_ctx.h"
+#include "fdo_crypto.h"
 #include "fdoprot.h"
 #include "storage_al.h"
 #include "platform_utils.h"
@@ -30,7 +30,7 @@
 int32_t set_ov_key(fdo_byte_array_t *OVkey, size_t OVKey_len)
 {
 	int ret = -1;
-	fdo_byte_array_t **ovkeyctx = getOVKey();
+	fdo_byte_array_t **ovkeyctx = get_OV_key();
 
 	if ((NULL == OVkey) || !(OVkey->bytes) ||
 	    !((BUFF_SIZE_32_BYTES == OVKey_len) ||
@@ -74,7 +74,7 @@ int32_t set_ov_key(fdo_byte_array_t *OVkey, size_t OVKey_len)
 int32_t set_ov_replacement_key(fdo_byte_array_t *OVkey, size_t OVKey_len)
 {
 	int ret = -1;
-	fdo_byte_array_t **ovkeyctx = getreplacementOVKey();
+	fdo_byte_array_t **ovkeyctx = get_replacement_OV_key();
 
 	if ((NULL == OVkey) || !(OVkey->bytes) ||
 	    !((BUFF_SIZE_32_BYTES == OVKey_len) ||
@@ -154,14 +154,14 @@ int32_t fdo_device_ov_hmac(uint8_t *OVHdr, size_t OVHdr_len, uint8_t *hmac,
 					TPM_HMAC_REPLACEMENT_PUB_KEY,
 					TPM_HMAC_REPLACEMENT_PRIV_KEY);
 #else
-		keyset = getreplacementOVKey();
+		keyset = get_replacement_OV_key();
 #endif
 	} else {
 #if defined(DEVICE_TPM20_ENABLED)
 		return fdo_tpm_get_hmac(OVHdr, OVHdr_len, hmac, hmac_len,
 					TPM_HMAC_PUB_KEY, TPM_HMAC_PRIV_KEY);
 #else
-		keyset = getOVKey();
+		keyset = get_OV_key();
 #endif
 	}
 	if (!keyset || !*keyset) {
@@ -324,7 +324,7 @@ int32_t fdo_commit_ov_replacement_hmac_key(void)
 
 	ret = 0;
 #else
-	fdo_byte_array_t **secret = getreplacementOVKey();
+	fdo_byte_array_t **secret = get_replacement_OV_key();
 
 	if (!secret || !(*secret) || !(*secret)->bytes) {
 		LOG(LOG_ERROR, "Failed to read OV replacement HMAC key\n");

crypto/common/fdoKeyExchange.c → crypto/common/fdo_key_exchange.c

@@ -5,13 +5,13 @@
 
 #include <math.h>
 #include "fdokeyexchange.h"
-#include "fdoCryptoHal.h"
+#include "fdo_crypto_hal.h"
 #include "util.h"
 #include "safe_lib.h"
 #include "snprintf_s.h"
 #include "stdlib.h"
-#include "fdoCryptoCtx.h"
-#include "fdoCrypto.h"
+#include "fdo_crypto_ctx.h"
+#include "fdo_crypto.h"
 
 /* Static functions */
 static int32_t remove_java_compatible_byte_array(fdo_byte_array_t *BArray);
@@ -27,7 +27,7 @@ static int32_t remove_java_compatible_byte_array(fdo_byte_array_t *BArray);
 int32_t fdo_kex_init(void)
 {
 	int32_t ret = -1;
-	fdo_kex_ctx_t *kex_ctx = getfdo_key_ctx();
+	fdo_kex_ctx_t *kex_ctx = get_fdo_key_ctx();
 	fdo_to2Sym_enc_ctx_t *to2sym_ctx = get_fdo_to2_ctx();
 	size_t cs = COSE_ENC_TYPE;
 
@@ -83,7 +83,7 @@ int32_t fdo_kex_init(void)
  */
 int32_t fdo_kex_close(void)
 {
-	struct fdo_kex_ctx *kex_ctx = getfdo_key_ctx();
+	struct fdo_kex_ctx *kex_ctx = get_fdo_key_ctx();
 	fdo_to2Sym_enc_ctx_t *to2sym_ctx = get_fdo_to2_ctx();
 	/* Free "KEX" string (Key Exchange) */
 	if (kex_ctx->kx) {
@@ -133,7 +133,7 @@ int32_t fdo_kex_close(void)
 static int32_t set_encrypt_key(fdo_public_key_t *encrypt_key)
 {
 #ifdef KEX_ASYM_ENABLED
-	struct fdo_kex_ctx *kex_ctx = getfdo_key_ctx();
+	struct fdo_kex_ctx *kex_ctx = get_fdo_key_ctx();
 
 	return set_encrypt_key_asym(kex_ctx->context, encrypt_key);
 #endif
@@ -152,7 +152,7 @@ static int32_t set_encrypt_key(fdo_public_key_t *encrypt_key)
 int32_t fdo_get_kex_paramB(fdo_byte_array_t **xB)
 {
 	int32_t ret = -1;
-	fdo_kex_ctx_t *kex_ctx = getfdo_key_ctx();
+	fdo_kex_ctx_t *kex_ctx = get_fdo_key_ctx();
 	uint32_t bufsize = 0;
 	fdo_byte_array_t *tmp_xB = NULL;
 
@@ -227,7 +227,7 @@ static int32_t prep_kdf_input(uint8_t *kdf_input, size_t kdf_input_len,
 			      const int index, const int keymat_bit_length)
 {
 	int ret = -1;
-	struct fdo_kex_ctx *kex_ctx = getfdo_key_ctx();
+	struct fdo_kex_ctx *kex_ctx = get_fdo_key_ctx();
 	size_t ofs = 0;
 	uint8_t idx0_val;
 	size_t kdf_label_len = 0;
@@ -292,8 +292,8 @@ static fdo_byte_array_t *get_secret(void)
 	fdo_byte_array_t *b = NULL;
 	uint8_t *shared_secret_buffer = NULL;
 	uint32_t secret_size = 0;
-	struct fdo_kex_ctx *kex_ctx = getfdo_key_ctx();
-	fdo_kex_ctx_t *key_ex_data = (fdo_kex_ctx_t *)(getfdo_key_ctx());
+	struct fdo_kex_ctx *kex_ctx = get_fdo_key_ctx();
+	fdo_kex_ctx_t *key_ex_data = (fdo_kex_ctx_t *)(get_fdo_key_ctx());
 
 	if (crypto_hal_get_secret(key_ex_data->context, NULL, &secret_size) !=
 	    0) {
@@ -351,7 +351,7 @@ static fdo_byte_array_t *get_secret(void)
 static int32_t kex_kdf(void)
 {
 	int ret = -1;
-	struct fdo_kex_ctx *kex_ctx = getfdo_key_ctx();
+	struct fdo_kex_ctx *kex_ctx = get_fdo_key_ctx();
 	fdo_byte_array_t *shse = get_secret();
 	fdo_aes_keyset_t *keyset = get_keyset();
 	// input data to the KDF
@@ -511,7 +511,7 @@ int32_t fdo_set_kex_paramA(fdo_byte_array_t *xA, fdo_public_key_t *encrypt_key)
 
 {
 	int32_t ret = true;
-	fdo_kex_ctx_t *key_ex_data = (fdo_kex_ctx_t *)(getfdo_key_ctx());
+	fdo_kex_ctx_t *key_ex_data = (fdo_kex_ctx_t *)(get_fdo_key_ctx());
 
 	if (!xA) {
 		return -1;

crypto/common/fdoOvVerify.c → crypto/common/fdo_ov_verify.c

@@ -9,8 +9,8 @@
  */
 
 #include "fdotypes.h"
-#include "fdoCryptoHal.h"
-#include "fdoCrypto.h"
+#include "fdo_crypto_hal.h"
+#include "fdo_crypto.h"
 
 /**
  * This function verifies if the signature message_signature of length