Draft
Conversation
night1rider
force-pushed
the
setkey-callbacks
branch
3 times, most recently
from
895126c to
19ef100
Compare
utilities for generic SetKey and ExportKey operations on HMAC, RSA, ECC, and AES. Add wc_ecc_size/wc_ecc_sig_size callback hooks for hardware-only keys. Integrate into configure.ac as --enable-cryptocbutils=setkey,export options with CI test configurations in os-check.yml. Add test handlers in test.c and api.c with export/import delegation pattern, small-stack-safe allocations, custom curve support, and DEBUG_CRYPTOCB helpers.
night1rider
force-pushed
the
setkey-callbacks
branch
from
1935260 to
3284bc5
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
WOLF_CRYPTO_CB_SETKEY, a generic SetKey crypto callback that notifies callback handlers when key material is imported for HMAC, RSA, ECC, and AES. For RSA and ECC, the callback passes a fully-populated temporary key struct (initialized withINVALID_DEVIDto prevent recursion) alongside the real destination key object. This lets callback implementors use whatever wolfSSL export function best suits their hardware:wc_RsaKeyToDer,wc_ecc_export_x963, raw component exports, etc. rather than the library trying to anticipate every format a hardware backend might need. The temporary key handles all the parsing complexity so the callback can focus solely on getting key material into hardware.SetKey callbacks are wired into:
wc_AesSetKey,wc_HmacSetKey,wc_RsaPublicKeyDecodeRaw,wc_RsaPrivateKeyDecodeRaw,wc_RsaPrivateKeyDecode,wc_ecc_import_x963_ex2,wc_ecc_import_raw_private, andwc_ecc_import_private_key_ex. All RSA and ECC callsites pass the actual key size in bytes via thekeySzparameter.The feature is enabled via
--enable-cryptocbutils=setkey,--enable-cryptocbutils, or-DWOLF_CRYPTO_CB_SETKEYwith corresponding CI test configurations. Includes test handlers intest.candapi.c, aGetSetKeyTypeStrdebug helper for readable type names underDEBUG_CRYPTOCB.