Skip to content

[x509] native wn_x509 lightweight X.509 parser as default cert backend#90

Merged
aidangarske merged 7 commits into
mainfrom
wn-x509-m0
Jul 2, 2026
Merged

[x509] native wn_x509 lightweight X.509 parser as default cert backend#90
aidangarske merged 7 commits into
mainfrom
wn-x509-m0

Conversation

@aidangarske

@aidangarske aidangarske commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Summary

Adds wn_x509, a hand-written zero-allocation X.509 v3 parser + verifier as an
opt-in cert backend for the TLS 1.3 client (WOLFNANO_X509_LITE, make X509_LITE=1).
The default stays wolfSSL asn.c/DecodedCert (full DN, policies, name
constraints, CRL/OCSP, ML-DSA leaf keys). The cert path calls one stable
wn_X509_* seam; the backend is a compile-time choice.

Provenance: the DER TLV layer is lifted from wolfTPM tpm2_asn.c; the field walk
follows wolfSSL examples/asn1/asn1.c + RFC 5280. All signature math stays in
wolfCrypt wc_*. In-place references into the caller's DER, no allocation.

Footprint (Cortex-M33, -Os -flto -Wl,--gc-sections, ArmGNU 14.2)

TLS 1.3 cert client WOLFNANO_X509_LITE (native) default (wolfSSL asn.c) reduction
X.509, P-256 53.1 KB (54,396 B) 62.4 KB (63,877 B) 14.8%
X.509 + ML-DSA-44 67.8 KB (69,396 B) 79.8 KB (81,722 B) 15.1%

The LITE backend drops asn.c's reachable cert parser (~14-16 KB after
gc-sections) for the ~4-5 KB wn_x509 walker. Reproduce: sh bench/footprint-clients.sh.

Parser + verify (feature-macro gated)

  • Fields: SPKI/raw pubkey, keyAlg/curve/sigAlg with an inner==outer sigAlg match,
    validity, subject CN; strict DER (minimal lengths, exact TLV consumption).
  • Extensions: basicConstraints, keyUsage (padding bits checked), extKeyUsage, SAN
    dNSName; critical-unknown fail-closed, duplicate-ext reject, dNSName
    embedded-NUL reject.
  • Chain: per-hop signature (ECDSA/RSA/Ed25519), keyCertSign + CA enforced on
    presented intermediates, pinned anchor trusted a priori; pure-function
    wn_X509_TimeValid (caller supplies the time via the XTIME seam).

Intended scope (use the default asn.c backend for these): no DN name-chaining,
pathLen, name constraints, or CRL/OCSP; the model is a pinned trust anchor.

Testing (both backends, vs wolfSSL master + pin)

  • Differential vs wc_ParseCert over 13 certs (ECC P-256/P-384, Ed25519,
    RSA-2048/3072), every field byte-compared.
  • Negative suite: crafted adversarial certs + all 9 wolfSSL certs/test/bad-*
    vectors; chain-verify, generated-PKI constraint tests, ML-DSA-44 leaf, libFuzzer harness.
  • Hardened through multiple skoll RFC 5280 / security passes and independent code review.

Comment thread src/wn_x509.c Outdated
Comment thread src/wn_x509.c Outdated
Comment thread src/wn_x509.c Outdated
Comment thread src/wn_x509.c Outdated
Comment thread src/wn_x509.c
Comment thread src/wn_x509.c
Comment thread src/wn_x509.c Outdated
@aidangarske aidangarske merged commit 9ce88e1 into main Jul 2, 2026
51 checks passed
@aidangarske aidangarske deleted the wn-x509-m0 branch July 2, 2026 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants