cleanups

wolfSSL · Nov 1, 2024 · 74d47ba · 74d47ba
1 parent bd13216
commit 74d47ba
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 28 deletions.
diff --git a/src/wh_crypto.c b/src/wh_crypto.c
@@ -225,7 +225,7 @@ WOLFSSL_API int wc_Curve25519PublicKeyToDer(
 #endif /* HAVE_CURVE25519 */
 
 
-/* TODO make input key const */
+/* Store a curve25519_key to a byte sequence in DER format */
 int wh_Crypto_Curve25519SerializeKey(curve25519_key* key, uint8_t* buffer,
                                      uint16_t* derSize)
 {
@@ -245,10 +245,10 @@ int wh_Crypto_Curve25519SerializeKey(curve25519_key* key, uint8_t* buffer,
     return ret;
 }
 
+/* Restore a curve25519_key from a byte sequence in DER format */
 int wh_Crypto_Curve25519DeserializeKey(const uint8_t* derBuffer,
                                        uint16_t derSize, curve25519_key* key)
 {
-    int    ret = WH_ERROR_OK;
     word32 idx = 0;
 
     if ((derBuffer == NULL) || (key == NULL)) {

diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
@@ -430,40 +430,42 @@ int wh_Server_EccKeyCacheExport(whServerContext* ctx, whKeyId keyId,
 
 #ifdef HAVE_CURVE25519
 int wh_Server_CacheImportCurve25519Key(whServerContext* server,
-        curve25519_key* key,
-        whKeyId keyId, whNvmFlags flags, uint16_t label_len, uint8_t* label)
+                                       curve25519_key* key, whKeyId keyId,
+                                       whNvmFlags flags, uint16_t label_len,
+                                       uint8_t* label)
 {
-    uint8_t* cacheBuf;
+    uint8_t*       cacheBuf;
     whNvmMetadata* cacheMeta;
-    int ret;
-    /* TODO: This should be enough, but does wolfCrypt have a macro for the max
-     * size of DER encoded key? Can we just use ECC? */
-    uint16_t keySz = CURVE25519_KEYSIZE * 4;
+    int            ret;
+    /* Max size of a DER encoded curve25519 keypair with SubjectPublicKeyInfo
+     * included. Determined by experiment */
+    const uint16_t MAX_DER_SIZE = 128;
+    uint16_t       keySz        = keySz;
 
-    if (    (server == NULL) ||
-            (key == NULL) ||
-            (WH_KEYID_ISERASED(keyId)) ||
-            ((label != NULL) && (label_len > sizeof(cacheMeta->label)))) {
+    uint8_t der_buf[MAX_DER_SIZE];
+
+
+    if ((server == NULL) || (key == NULL) || (WH_KEYID_ISERASED(keyId)) ||
+        ((label != NULL) && (label_len > sizeof(cacheMeta->label)))) {
         return WH_ERROR_BADARGS;
     }
 
-    /* get a free slot */
-    /* TODO: Should we serialize first, to get the size up front? */
-    ret = hsmCacheFindSlotAndZero(server, keySz, &cacheBuf, &cacheMeta);
-    if (ret == 0) {
-        ret = wh_Crypto_Curve25519SerializeKey(key, cacheBuf, &keySz);
-    }
+    /* Serialize the key into the temporary buffer so we can get the size */
+    ret = wh_Crypto_Curve25519SerializeKey(key, der_buf, &keySz);
 
+    /* if successful, find a free cache slot and copy in the key data */
     if (ret == 0) {
-        /* set meta */
-        cacheMeta->id = keyId;
-        cacheMeta->len = keySz;
-        cacheMeta->flags = flags;
-        cacheMeta->access = WH_NVM_ACCESS_ANY;
-
-        if (    (label != NULL) &&
-                (label_len > 0) ) {
-            memcpy(cacheMeta->label, label, label_len);
+        ret = hsmCacheFindSlotAndZero(server, keySz, &cacheBuf, &cacheMeta);
+        if (ret == 0) {
+            memcpy(cacheBuf, der_buf, keySz);
+            /* Update metadata to cache the key */
+            cacheMeta->id     = keyId;
+            cacheMeta->len    = keySz;
+            cacheMeta->flags  = flags;
+            cacheMeta->access = WH_NVM_ACCESS_ANY;
+            if ((label != NULL) && (label_len > 0)) {
+                memcpy(cacheMeta->label, label, label_len);
+            }
         }
     }
     return ret;