Refactor authcrypt example #95
Conversation
There was a problem hiding this comment.
Since it seems that all you did is move the code to C++ style, and put the object in the heap, I have more of C++ comments, in addition to what I already wrote.
Since this is a C++ Class now, I would split the code to authcrypt.h , which defines the class, authcrypt.cpp which implements the class (except specific cases where you want iniline implementation) , and main.cpp which allocates and uses the object.
authcrypt/main.cpp
Outdated
|
|
||
| class Authcrypt { | ||
| public: | ||
| Authcrypt() : ciphertext(), decrypted() |
There was a problem hiding this comment.
Since the default constructors are being called, no real need to implicitly call them.
I would add in the CTOR body also:
memset(ciphertext,0,sizeof(ciphertext))
memset(decrypted,0,sizeof(decrypted))
authcrypt/main.cpp
Outdated
| if (ret != 0) { | ||
| mbedtls_printf("mbedtls_cipher_setup() returned -0x%04X\r\n", -ret); | ||
| return 1; | ||
| mbedtls_entropy_free(&entropy); |
There was a problem hiding this comment.
in general practice, it is better to deallocate\terminate resources in opposite sequence as theyu were initiated.
I would change the sequence to:
mbedtls_cipher_free
mbedtls_ctr_drbg_free
mbedtls_entropy_free
authcrypt/main.cpp
Outdated
| int ret = example(); | ||
| if (ret != 0) { | ||
| int ret; | ||
| Authcrypt *authcrypt = new Authcrypt(); |
There was a problem hiding this comment.
check if the heap is contigous. If not, the ciphertext and decrypted will not be properly read by HW acceleration engines
|
@RonEld: I have fixed some of the issues you pointed out. However, I do not think that we should split the source file into .h and .c as this is a fairly simple class. |
|
@andresag01 thanks for addressing my comments |
|
On splitting the code I agree with Ron. When we look at C++ code we want to see two things
|
authcrypt/main.cpp
Outdated
| if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { | ||
| mbedtls_printf("Something bad is happening! Data is not " | ||
| "authentic!\r\n"); | ||
| return 1; |
There was a problem hiding this comment.
Why are we changing return from ret to 0? At https://github.com/ARMmbed/mbed-os-example-tls/pull/95/files#diff-64da713f1246019fb29c1e604285e6e0R211 the return code is printed again and will always have 1.
Applies to all places returning 1.
There was a problem hiding this comment.
Ahh thanks for spotting that. This is because I did not modify the original code, just changed the memory allocation. I will change this as well.
authcrypt/main.cpp
Outdated
| /* Message that should be protected */ | ||
| static const char message[] = "Some things are better left unread"; | ||
| /* Metadata transmitted in the clear but authenticated */ | ||
| static const char metadata[] = "eg sequence number, routing info"; |
There was a problem hiding this comment.
Any particular reason for leaving message, metadata and secret_key outside the class. If this data belongs to this class then it should be encapsulated inside this class.
authcrypt/main.cpp
Outdated
| int ret = example(); | ||
| if (ret != 0) { | ||
| int ret; | ||
| Authcrypt *authcrypt = new Authcrypt(); |
There was a problem hiding this comment.
new can fail to allocate the memory. We can assert or simply print error if we can run the example.
|
@mazimkhan, @RonEld: I have modified the example according to your comments. Could you please take a look again? |
|
Can you please also put a NULL check here b3cebca#diff-64da713f1246019fb29c1e604285e6e0R28 |
|
@mazimkhan: I looked into this at some point, but I do not think new returns null: http://www.cplusplus.com/reference/new/operator%20new/. I believe the normal behaviour is to throw an exception if allocation is not possible. However, exceptions are disabled in mbed OS. An alternative could be to use nothrow, but that is not enabled in mbed OS either... |
|
|
||
| const char Authcrypt::message[] = "Some things are better left unread"; | ||
|
|
||
| const char Authcrypt::metadata[] = "eg sequence number, routing info"; |
There was a problem hiding this comment.
why not initialize message and metadata in the CTOR:
Authcrypt():message("Some things are better left unread"),metadata("eg sequence number, routing info")
This way, these members would remain private
There was a problem hiding this comment.
These members are already private. They are under the private section of the class declaration.
There was a problem hiding this comment.
message and metadata are static const members, in the public section
There was a problem hiding this comment.
Thanks for pointing it out that they were public, I have now made them private members.
|
Referring to my previous comment #95 (comment) Just check whether mbed-os throws bad alloc if new fails or returns NULL. For former we don't need to do anything. |
|
@mazimkhan: I do not think there is anything we can do. If new fails we just die, check here: https://github.com/ARMmbed/mbed-os/blob/master/platform/mbed_retarget.cpp#L941 |
|
Thanks for looking into this. |
|
LGTM |
The example is refactored to use C++ classes and allocate the bulk of the mbed TLS context structures in the heap instead of stack.
andresag01
force-pushed
the
refactor-authcrypt
branch
from
a4669be to
a087163
Compare
|
Rebase changes to run the CI with the latest mbed OS version 5.5.2 |
|
The change has been approved and the relevant tests pass in the CI, merging this PR. |
The example is refactored to use C++ classes and allocate the bulk of
the mbed TLS context structures in the heap instead of stack.
This change should fix #91.