Add crypto callback only mode for ed25519#10830
Conversation
|
|
||
| #ifdef WOLF_CRYPTO_CB | ||
| if (key->devId != INVALID_DEVID) { | ||
| #ifndef WOLF_CRYPTO_CB_FIND |
There was a problem hiding this comment.
Semi-related change to add these missing guards. The cb find mechanism would have failed here.
|
Jenkins retest this please |
|
retest this please |
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10830
Scan targets checked: wolfcrypt-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src
No new issues found in the changed files. ✅
|
80c6f68 to
37b0c37
Compare
|
jenkins retest this please |
rizlik
left a comment
There was a problem hiding this comment.
Great work, but the problem is that make_public and check-key survives and so ge_operations can't be removed from the build.
Given that the main goal of ONLY_ED25519 is to reduce code/data size, we should aim at removing all the software math.
I see two options:
- Gating out the make_public and check_key with new gating macros
- Adding two crypto callbacks for make_public and check_key
| #if defined(WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN) && \ | ||
| !defined(WOLF_CRYPTO_CB_ONLY_ED25519) |
There was a problem hiding this comment.
To me it looks like that the priv check must be inside the software blocks, not outside. So this is a bug that predate the PR. Probably a good idea to move it inside that software block instead of gating on !ONLY_ED25519, or just ignore it in this PR.
There was a problem hiding this comment.
Great find. I moved this block up.
Frauschi
left a comment
There was a problem hiding this comment.
🐺 Skoll Code Review
Overall recommendation: COMMENT
Findings: 1 total — 1 posted, 0 skipped
Posted findings
- [Low] Sign CB_ONLY path omits (void)ed25519Ctx suppression present in verify path —
wolfcrypt/src/ed25519.c:445
Review generated by Skoll via Claude/Codex
| (void)type; | ||
| ret = se050_ed25519_sign_msg(in, inLen, out, outLen, key); | ||
| #elif defined(WOLF_CRYPTO_CB_ONLY_ED25519) | ||
| ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); |
There was a problem hiding this comment.
🔵 [Low] Sign CB_ONLY path omits (void)ed25519Ctx suppression present in verify path
🔧 NIT convention
The WOLF_CRYPTO_CB_ONLY_ED25519 branch of wc_ed25519_verify_msg_ex adds (void)ed25519Ctx; to suppress an unused-const-variable warning, but the equivalent WOLF_CRYPTO_CB_ONLY_ED25519 branch of wc_ed25519_sign_msg_ex does not. ed25519Ctx is defined whenever HAVE_ED25519_SIGN || HAVE_ED25519_VERIFY. In a narrow configuration built with HAVE_ED25519_SIGN but without HAVE_ED25519_VERIFY under WOLF_CRYPTO_CB_ONLY_ED25519, ed25519Ctx is never referenced (both the sign software path and the streaming-verify code that use it are compiled out), which can trigger -Wunused-const-variable under -Werror. The default/CI configs enable both sign and verify, so this does not fire in the added CI job.
Recommendation: For symmetry with the verify branch and to avoid a possible unused-const warning in sign-only configurations, add (void)ed25519Ctx; at the top of the sign CB_ONLY branch.
67cd0ad to
d4cb29c
Compare
Option 2 added, following the pattern from ECC. The ge operations are completely gone, but I did have to inline a small chunk of math. |
8379f8d to
ef4e304
Compare
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10830
Scan targets checked: wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src
Findings: 3
3 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
| ctx->exampleVar = 99; | ||
| ret = wc_ed25519_verify_msg(sig, (word32)sizeof(sig), msg, | ||
| (word32)sizeof(msg) - 1, &res, &key); | ||
| if (ret != 0) |
There was a problem hiding this comment.
🔵 [Low] Verify dispatch test never checks res output from callback · Weak or missing assertions
The exampleVar==99 (cb-handles) verify test checks only ret == 0, never res == 1. The mock callback returns 0 without writing *res, so res stays 0 after the call. A regression where the callback's res output is never populated would pass undetected.
Fix: Set *info->pk.ed25519verify.res = 1 in the exampleVar==99 branch of myCryptoDevCb, then assert res == 1 after the verify call in ed25519_onlycb_test.
| /* reset devId */ | ||
| info->pk.ed25519makepub.key->devId = devIdArg; | ||
| } | ||
| else if (info->pk.type == WC_PK_TYPE_ED25519_CHECK_KEY) { |
There was a problem hiding this comment.
🔵 [Low] WC_PK_TYPE_ED25519_CHECK_KEY handler gated on HAVE_ED25519_MAKE_KEY in test callback · Missing/incorrect platform conditionals
The WC_PK_TYPE_ED25519_CHECK_KEY dispatch arm is an else if branch inside #if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY), so it is compiled out when HAVE_ED25519_MAKE_KEY is absent. wc_ed25519_check_key requires only HAVE_ED25519; the reference swdev.c callback correctly places this case under #ifdef HAVE_ED25519 alone (line 964). In any HAVE_ED25519 && !HAVE_ED25519_MAKE_KEY build the callback returns NOT_COMPILED_IN instead of the expected result, causing ed25519_onlycb_test to fail.
Fix: Move the WC_PK_TYPE_ED25519_CHECK_KEY handler into a separate #if defined(HAVE_ED25519) block, outside the HAVE_ED25519_MAKE_KEY guard.
| WC_ALLOC_VAR(pubOnly, ed25519_key, 1, key->heap); | ||
| if (!WC_VAR_OK(pubOnly)) | ||
| return MEMORY_E; | ||
| ret = wc_ed25519_init_ex(pubOnly, key->heap, INVALID_DEVID); |
There was a problem hiding this comment.
🔵 [Low] Resource leak when wc_ed25519_init_ex fails in swdev_ed25519_check_key · Resource leaks
wc_ed25519_free(pubOnly) is inside if (ret == 0), so if wc_ed25519_init_ex fails (e.g., under WOLFSSL_ED25519_PERSISTENT_SHA where ed25519_hash_init can fail), any partially allocated SHA state is not released before WC_FREE_VAR frees the struct.
Fix: Move wc_ed25519_free(pubOnly) outside the if (ret == 0) block so it always runs before WC_FREE_VAR.
ef4e304 to
031d58b
Compare
031d58b to
9a941fb
Compare
Description
Expand existing ed25519 crypto callback to support the "only" mode which strips the software implementation for use with HSM or other hardware accelerators.
make_key,check_key,make_pub,sign_msgandverify_msgsupported. No streaming support.Testing
Added unit test and updated CI workflow
Checklist