Draft
Conversation
…A, ECC, and AES with test handler in test.c using export/import delegation pattern. Integrate into configure.ac as a --enable-cryptocbutils=setkey option and add CI test configurations in os-check.yml.
…_PUB and WC_SETKEY_RSA_PRIV cases with WOLFSSL_KEY_TO_DER, and add --enable-keygen to CI setkey test configs to ensure RSA DER export functions are available
…GetSetKeyTypeStr debug helper in cryptocb.c for readable SetKey type names under DEBUG_CRYPTOCB
…cc_import_private_key_ex so all RSA/ECC key import paths notify crypto callback handlers.
…without public point
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
WOLF_CRYPTO_CB_SETKEY, a generic SetKey crypto callback that notifies callback handlers when key material is imported for HMAC, RSA, ECC, and AES. For RSA and ECC, the callback passes a fully-populated temporary key struct (initialized withINVALID_DEVIDto prevent recursion) alongside the real destination key object. This lets callback implementors use whatever wolfSSL export function best suits their hardware:wc_RsaKeyToDer,wc_ecc_export_x963, raw component exports, etc. rather than the library trying to anticipate every format a hardware backend might need. The temporary key handles all the parsing complexity so the callback can focus solely on getting key material into hardware.SetKey callbacks are wired into:
wc_AesSetKey,wc_HmacSetKey,wc_RsaPublicKeyDecodeRaw,wc_RsaPrivateKeyDecodeRaw,wc_RsaPrivateKeyDecode,wc_ecc_import_x963_ex2,wc_ecc_import_raw_private, andwc_ecc_import_private_key_ex. All RSA and ECC callsites pass the actual key size in bytes via thekeySzparameter.The feature is enabled via
--enable-cryptocbutils=setkey,--enable-cryptocbutils, or-DWOLF_CRYPTO_CB_SETKEYwith corresponding CI test configurations. Includes test handlers intest.candapi.c, aGetSetKeyTypeStrdebug helper for readable type names underDEBUG_CRYPTOCB.