wolfssl: expose trusted argument in ed25519/ed448 der export#10911
Open
rizlik wants to merge 1 commit into
Open
wolfssl: expose trusted argument in ed25519/ed448 der export#10911rizlik wants to merge 1 commit into
rizlik wants to merge 1 commit into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds extended DER private-key decode APIs for Ed25519 and Ed448 that expose a trusted flag, allowing callers to optionally skip validation of a bundled public key during PKCS#8/DER decode, while preserving the existing decode APIs as wrappers with default behavior.
Changes:
- Introduce
wc_Ed25519PrivateKeyDecode_ex(..., int trusted)andwc_Ed448PrivateKeyDecode_ex(..., int trusted)and re-implement the existing decode functions as wrappers passingtrusted=0. - Plumb the
trustedflag through towc_ed25519_import_private_key_ex/wc_ed448_import_private_key_ex. - Add API tests covering acceptance/rejection behavior for corrupted bundled public keys, and update Doxygen documentation.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
wolfssl/wolfcrypt/asn_public.h |
Adds public prototypes for the new _ex decode APIs. |
wolfcrypt/src/asn.c |
Implements the new _ex decode functions and keeps legacy APIs via wrappers. |
tests/api/test_ed448.h |
Registers the new Ed448 decode _ex test. |
tests/api/test_ed448.c |
Adds coverage for trusted behavior in Ed448 DER decode. |
tests/api/test_ed25519.h |
Registers the new Ed25519 decode _ex test. |
tests/api/test_ed25519.c |
Adds coverage for trusted behavior in Ed25519 DER decode. |
doc/dox_comments/header_files/asn_public.h |
Documents the new APIs and links from existing decode docs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+2840
to
+2856
| \brief Decodes Ed25519 private key from DER format with control over | ||
| validation of a bundled public key. When the DER contains a public key | ||
| and trusted is 0, the public key is checked to match the private key. | ||
| When trusted is 1 this check is skipped. wc_Ed25519PrivateKeyDecode() | ||
| behaves as trusted set to 0. | ||
|
|
||
| \return 0 on success | ||
| \return negative on error | ||
|
|
||
| \param input DER encoded Ed25519 private key buffer | ||
| \param inOutIdx Pointer to index in buffer | ||
| \param key Ed25519 key structure to store key | ||
| \param inSz Size of input buffer | ||
| \param trusted Indicates whether the public key data is trusted. | ||
| When 0, checks public key matches private key. | ||
| When 1, doesn't check public key matches private key. | ||
|
|
Comment on lines
+2998
to
+3013
| \brief Decodes Ed448 private key from DER format with control over | ||
| validation of a bundled public key. When the DER contains a public key | ||
| and trusted is 0, the public key is checked to match the private key. | ||
| When trusted is 1 this check is skipped. wc_Ed448PrivateKeyDecode() | ||
| behaves as trusted set to 0. | ||
|
|
||
| \return 0 on success | ||
| \return negative on error | ||
|
|
||
| \param input DER encoded Ed448 private key buffer | ||
| \param inOutIdx Pointer to index in buffer | ||
| \param key Ed448 key structure to store key | ||
| \param inSz Size of input buffer | ||
| \param trusted Indicates whether the public key data is trusted. | ||
| When 0, checks public key matches private key. | ||
| When 1, doesn't check public key matches private key. |
5b33cca to
eb8b92c
Compare
|
eb8b92c to
7af2c16
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Allow to skip keys check in wc_Ed25519PrivateKeyDecode_ex/wc_Ed448PrivateKeyDecode.