passing unit tests with new Curve25519 unified funcitons

wolfSSL · Nov 1, 2024 · bd13216 · bd13216
1 parent 1600e2d
commit bd13216
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 24 deletions.
diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c
@@ -1185,8 +1185,8 @@ int wh_Client_Curve25519ImportKey(whClientContext* ctx, curve25519_key* key,
         key_id = *inout_keyId;
     }
 
-    ret = wh_Crypto_Curve25519SerializeKey(key, sizeof(buffer),buffer,
-            &buffer_len);
+    buffer_len = sizeof(buffer);
+    ret        = wh_Crypto_Curve25519SerializeKey(key, buffer, &buffer_len);
     if (ret == 0) {
         /* Cache the key and get the keyID */
         ret = wh_Client_KeyCache(ctx,
@@ -1220,8 +1220,7 @@ int wh_Client_Curve25519ExportKey(whClientContext* ctx, whKeyId keyId,
             buffer, &buffer_len);
     if (ret == 0) {
         /* Update the key structure */
-        ret = wh_Crypto_Curve25519DeserializeKey(
-                buffer_len, buffer, key);
+        ret = wh_Crypto_Curve25519DeserializeKey(buffer, buffer_len, key);
     }
 
     return ret;
@@ -1311,8 +1310,7 @@ static int _Curve25519MakeKey(whClientContext* ctx,
 
                 if (flags & WH_NVM_FLAGS_EPHEMERAL) {
                     /* Response has the exported key */
-                    ret = wh_Crypto_Curve25519DeserializeKey(
-                            der_size, key_der, key);
+                    ret = wh_Crypto_Curve25519DeserializeKey(key_der, der_size, key);
 #ifdef DEBUG_CRYPTOCB_VERBOSE
                     wh_Utils_Hexdump("[client] KeyGen export:", key_der, der_size);
 #endif

diff --git a/src/wh_crypto.c b/src/wh_crypto.c
@@ -36,6 +36,7 @@
 #include "wolfssl/wolfcrypt/types.h"
 #include "wolfssl/wolfcrypt/error-crypt.h"
 #include "wolfssl/wolfcrypt/asn.h"
+#include "wolfssl/wolfcrypt/asn_public.h"
 #include "wolfssl/wolfcrypt/rsa.h"
 #include "wolfssl/wolfcrypt/curve25519.h"
 #include "wolfssl/wolfcrypt/ecc.h"
@@ -207,7 +208,57 @@ int wh_Crypto_EccUpdatePrivateOnlyKeyDer(ecc_key* key, uint16_t pub_size,
 #endif /* HAVE_ECC */
 
 #ifdef HAVE_CURVE25519
- int wh_Crypto_Curve25519SerializeKey(curve25519_key* key,
+
+#ifdef HAVE_CURVE25519
+#ifdef HAVE_CURVE25519_KEY_IMPORT
+WOLFSSL_API int wc_Curve25519PrivateKeyDecode(
+    const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
+WOLFSSL_API int wc_Curve25519PublicKeyDecode(
+    const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz);
+#endif
+#ifdef HAVE_CURVE25519_KEY_EXPORT
+WOLFSSL_API int wc_Curve25519PrivateKeyToDer(
+    curve25519_key* key, byte* output, word32 inLen);
+WOLFSSL_API int wc_Curve25519PublicKeyToDer(
+    curve25519_key* key, byte* output, word32 inLen, int withAlg);
+#endif
+#endif /* HAVE_CURVE25519 */
+
+
+/* TODO make input key const */
+int wh_Crypto_Curve25519SerializeKey(curve25519_key* key, uint8_t* buffer,
+                                     uint16_t* derSize)
+{
+    int ret = 0;
+
+    if ((key == NULL) || (buffer == NULL) || (derSize == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    ret = wc_Curve25519KeyToDer(key, buffer, *derSize, 0);
+
+    /* ASN.1 functions return the size of the DER encoded key on success */
+    if (ret > 0) {
+        *derSize = ret;
+        ret      = WH_ERROR_OK;
+    }
+    return ret;
+}
+
+int wh_Crypto_Curve25519DeserializeKey(const uint8_t* derBuffer,
+                                       uint16_t derSize, curve25519_key* key)
+{
+    int    ret = WH_ERROR_OK;
+    word32 idx = 0;
+
+    if ((derBuffer == NULL) || (key == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    return wc_Curve25519KeyDecode(derBuffer, &idx, key, derSize);
+}
+
+int wh_Crypto_Curve25519SerializeKeyRaw(curve25519_key* key,
         uint16_t max_size, uint8_t* buffer, uint16_t *out_size)
 {
     int ret = 0;
@@ -229,7 +280,7 @@ int wh_Crypto_EccUpdatePrivateOnlyKeyDer(ecc_key* key, uint16_t pub_size,
     return ret;
 }
 
-int wh_Crypto_Curve25519DeserializeKey(uint16_t size,
+int wh_Crypto_Curve25519DeserializeKeyRaw(uint16_t size,
         const uint8_t* buffer, curve25519_key* key)
 {
     int ret = 0;

diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
@@ -436,8 +436,9 @@ int wh_Server_CacheImportCurve25519Key(whServerContext* server,
     uint8_t* cacheBuf;
     whNvmMetadata* cacheMeta;
     int ret;
-    const uint16_t keySz = CURVE25519_KEYSIZE * 2;
-    uint16_t size = 0;
+    /* TODO: This should be enough, but does wolfCrypt have a macro for the max
+     * size of DER encoded key? Can we just use ECC? */
+    uint16_t keySz = CURVE25519_KEYSIZE * 4;
 
     if (    (server == NULL) ||
             (key == NULL) ||
@@ -447,15 +448,16 @@ int wh_Server_CacheImportCurve25519Key(whServerContext* server,
     }
 
     /* get a free slot */
+    /* TODO: Should we serialize first, to get the size up front? */
     ret = hsmCacheFindSlotAndZero(server, keySz, &cacheBuf, &cacheMeta);
     if (ret == 0) {
-        ret = wh_Crypto_Curve25519SerializeKey(key, keySz, cacheBuf, &size);
+        ret = wh_Crypto_Curve25519SerializeKey(key, cacheBuf, &keySz);
     }
 
     if (ret == 0) {
         /* set meta */
         cacheMeta->id = keyId;
-        cacheMeta->len = size;
+        cacheMeta->len = keySz;
         cacheMeta->flags = flags;
         cacheMeta->access = WH_NVM_ACCESS_ANY;
 
@@ -483,7 +485,7 @@ int wh_Server_CacheExportCurve25519Key(whServerContext* server, whKeyId keyId,
     ret = hsmFreshenKey(server, keyId, &cacheBuf, &cacheMeta);
 
     if (ret == 0) {
-        ret = wh_Crypto_Curve25519DeserializeKey(cacheMeta->len, cacheBuf, key);
+        ret = wh_Crypto_Curve25519DeserializeKey(cacheBuf, cacheMeta->len, key);
 #ifdef DEBUG_CRYPTOCB_VERBOSE
         printf("[server] Export25519Key id:%u ret:%d\n", keyId, ret);
         wh_Utils_Hexdump("[server] export key:", cacheBuf, cacheMeta->len);
@@ -795,9 +797,9 @@ static int _HandleCurve25519KeyGen(whServerContext* server, whPacket* packet,
 
     /* Response Message */
     uint8_t* out        = (uint8_t*)(res + 1);
-    uint16_t max_size   = (word32)(WOLFHSM_CFG_COMM_DATA_LEN -
+    /* Initialize the key size to the max size of the buffer */
+    uint16_t ser_size   = (word32)(WOLFHSM_CFG_COMM_DATA_LEN -
                             (out - (uint8_t*)packet));
-    uint16_t res_size   = 0;
 
     /* init key */
     ret = wc_curve25519_init_ex(key, NULL, server->crypto->devId);
@@ -809,11 +811,10 @@ static int _HandleCurve25519KeyGen(whServerContext* server, whPacket* packet,
             if (flags & WH_NVM_FLAGS_EPHEMERAL) {
                 /* Must serialize the key into the response packet */
                 key_id = WH_KEYID_ERASED;
-                ret = wh_Crypto_Curve25519SerializeKey(key, max_size,
-                        out, &res_size);
+                ret = wh_Crypto_Curve25519SerializeKey(key, out, &ser_size);
             } else {
+                ser_size = 0;
                 /* Must import the key into the cache and return keyid */
-                res_size = 0;
                 if (WH_KEYID_ISERASED(key_id)) {
                     /* Generate a new id */
                     ret = hsmGetUniqueId(server, &key_id);
@@ -836,8 +837,8 @@ static int _HandleCurve25519KeyGen(whServerContext* server, whPacket* packet,
 
     if (ret == 0) {
         res->keyId  = WH_KEYID_ID(key_id);
-        res->len    = res_size;
-        *out_size   = WH_PACKET_STUB_SIZE + sizeof(*res) + res_size;
+        res->len    = ser_size;
+        *out_size   = WH_PACKET_STUB_SIZE + sizeof(*res) + ser_size;
     }
     return ret;
 }

diff --git a/wolfhsm/wh_crypto.h b/wolfhsm/wh_crypto.h
@@ -77,11 +77,17 @@ int wh_Crypto_EccUpdatePrivateOnlyKeyDer(ecc_key* key, uint16_t pub_size,
 
 #ifdef HAVE_CURVE25519
 /* Store a curve25519_key to a byte sequence */
-int wh_Crypto_Curve25519SerializeKey(curve25519_key* key,
-        uint16_t max_size, uint8_t* buffer, uint16_t *out_size);
+int wh_Crypto_Curve25519SerializeKey(curve25519_key* key, uint8_t* buffer,
+                                     uint16_t* out_size);
 /* Restore a curve25519_key from a byte sequence */
-int wh_Crypto_Curve25519DeserializeKey(uint16_t size,
-        const uint8_t* buffer, curve25519_key* key);
+int wh_Crypto_Curve25519DeserializeKey(const uint8_t* derBuffer,
+                                       uint16_t derSize, curve25519_key* key);
+/* Store a curve25519_key to a byte sequence in raw format */
+int wh_Crypto_Curve25519SerializeKeyRaw(curve25519_key* key, uint16_t max_size,
+                                        uint8_t* buffer, uint16_t* out_size);
+/* Restore a curve25519_key from a byte sequence in raw format */
+int wh_Crypto_Curve25519DeserializeKeyRaw(uint16_t size, const uint8_t* buffer,
+                                          curve25519_key* key);
 #endif /* HAVE_CURVE25519 */
 
 #endif  /* !WOLFHSM_CFG_NO_CRYPTO */