From c3dbe29f21e078c47846904e3c55f895e48c1ec2 Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Tue, 8 Apr 2025 15:17:54 -0400 Subject: [PATCH 1/5] Update to expose reasonable DER buffer sizes for Curve448/25519 --- tests/api/test_ed448.c | 6 +++--- wolfcrypt/test/test.c | 4 ++-- wolfssl/wolfcrypt/curve25519.h | 6 ++++++ wolfssl/wolfcrypt/curve448.h | 6 ++++++ 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/tests/api/test_ed448.c b/tests/api/test_ed448.c index 87ec0e17d..e496d470f 100644 --- a/tests/api/test_ed448.c +++ b/tests/api/test_ed448.c @@ -415,7 +415,7 @@ int test_wc_Ed448PublicKeyToDer(void) #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) ed448_key key; - byte derBuf[1024]; + byte derBuf[CURVE448_BUFSIZE]; XMEMSET(&key, 0, sizeof(ed448_key)); @@ -458,7 +458,7 @@ int test_wc_Ed448KeyToDer(void) EXPECT_DECLS; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[ONEK_BUF]; + byte output[CURVE448_BUFSIZE]; ed448_key ed448Key; WC_RNG rng; word32 inLen; @@ -497,7 +497,7 @@ int test_wc_Ed448PrivateKeyToDer(void) EXPECT_DECLS; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[ONEK_BUF]; + byte output[CURVE448_BUFSIZE]; ed448_key ed448PrivKey; WC_RNG rng; word32 inLen; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6147323f1..d54164668 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -35544,8 +35544,8 @@ static wc_test_ret_t curve255519_der_test(void) 0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26 }; curve25519_key key; - byte output[128]; - word32 outputSz = 128; + byte output[CURVE25519_BUFSIZE]; + word32 outputSz = (word32)sizeof(output); word32 idx; ret = wc_curve25519_init_ex(&key, HEAP_HINT, devId); diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 79fb6d9af..c2ff16cc3 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -45,6 +45,12 @@ #define CURVE25519_KEYSIZE 32 #define CURVE25519_PUB_KEY_SIZE 32 +enum { + CURVE25519_BUFSIZE = 128, /* for exported DER keys temp buffer */ + + WOLF_ENUM_DUMMY_LAST_ELEMENT(CURVE25519) +}; + #ifdef WOLFSSL_NAMES_STATIC typedef char curve25519_str[12]; #else diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h index 756c8a3d5..d5043a2c1 100644 --- a/wolfssl/wolfcrypt/curve448.h +++ b/wolfssl/wolfcrypt/curve448.h @@ -43,6 +43,12 @@ #define CURVE448_KEY_SIZE 56 #define CURVE448_PUB_KEY_SIZE 56 +enum { + CURVE448_BUFSIZE = 128, /* for DER exported keys temp buffer */ + + WOLF_ENUM_DUMMY_LAST_ELEMENT(CURVE448) +}; + #ifndef WC_CURVE448KEY_TYPE_DEFINED typedef struct curve448_key curve448_key; #define WC_CURVE448KEY_TYPE_DEFINED From 99144ee58b783fc814817cafdd7a971f46eef2aa Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Tue, 8 Apr 2025 15:38:49 -0400 Subject: [PATCH 2/5] Update Curve448 size to 256 and add uses in Ed --- tests/api/test_curve448.c | 2 +- tests/api/test_ed25519.c | 6 +++--- wolfssl/wolfcrypt/curve448.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/api/test_curve448.c b/tests/api/test_curve448.c index 0ae3736a8..584b76525 100644 --- a/tests/api/test_curve448.c +++ b/tests/api/test_curve448.c @@ -347,7 +347,7 @@ int test_wc_Curve448PrivateKeyToDer(void) EXPECT_DECLS; #if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[ONEK_BUF]; + byte output[CURVE448_BUFSIZE]; curve448_key curve448PrivKey; WC_RNG rng; word32 inLen; diff --git a/tests/api/test_ed25519.c b/tests/api/test_ed25519.c index 884d4e1ed..acd9f3b0e 100644 --- a/tests/api/test_ed25519.c +++ b/tests/api/test_ed25519.c @@ -481,7 +481,7 @@ int test_wc_Ed25519PublicKeyToDer(void) #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) ed25519_key key; - byte derBuf[1024]; + byte derBuf[CURVE25519_BUFSIZE]; XMEMSET(&key, 0, sizeof(ed25519_key)); @@ -523,7 +523,7 @@ int test_wc_Ed25519KeyToDer(void) EXPECT_DECLS; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[ONEK_BUF]; + byte output[CURVE25519_BUFSIZE]; ed25519_key ed25519Key; WC_RNG rng; word32 inLen; @@ -563,7 +563,7 @@ int test_wc_Ed25519PrivateKeyToDer(void) EXPECT_DECLS; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[ONEK_BUF]; + byte output[CURVE25519_BUFSIZE]; ed25519_key ed25519PrivKey; WC_RNG rng; word32 inLen; diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h index d5043a2c1..a7ddd454b 100644 --- a/wolfssl/wolfcrypt/curve448.h +++ b/wolfssl/wolfcrypt/curve448.h @@ -44,7 +44,7 @@ #define CURVE448_PUB_KEY_SIZE 56 enum { - CURVE448_BUFSIZE = 128, /* for DER exported keys temp buffer */ + CURVE448_BUFSIZE = 256, /* for DER exported keys temp buffer */ WOLF_ENUM_DUMMY_LAST_ELEMENT(CURVE448) }; From 65b1bf2c032a3d325c2430f8dc5df729cf7b7e22 Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Tue, 8 Apr 2025 16:09:20 -0400 Subject: [PATCH 3/5] Revert Ed448 and Ed25519 test changes. --- tests/api/test_ed25519.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/api/test_ed25519.c b/tests/api/test_ed25519.c index acd9f3b0e..884d4e1ed 100644 --- a/tests/api/test_ed25519.c +++ b/tests/api/test_ed25519.c @@ -481,7 +481,7 @@ int test_wc_Ed25519PublicKeyToDer(void) #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) ed25519_key key; - byte derBuf[CURVE25519_BUFSIZE]; + byte derBuf[1024]; XMEMSET(&key, 0, sizeof(ed25519_key)); @@ -523,7 +523,7 @@ int test_wc_Ed25519KeyToDer(void) EXPECT_DECLS; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[CURVE25519_BUFSIZE]; + byte output[ONEK_BUF]; ed25519_key ed25519Key; WC_RNG rng; word32 inLen; @@ -563,7 +563,7 @@ int test_wc_Ed25519PrivateKeyToDer(void) EXPECT_DECLS; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[CURVE25519_BUFSIZE]; + byte output[ONEK_BUF]; ed25519_key ed25519PrivKey; WC_RNG rng; word32 inLen; From e2a7f40148c621c7d919d5e4721b94a35f97ff11 Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Tue, 8 Apr 2025 16:11:40 -0400 Subject: [PATCH 4/5] Revert test Ed448 changes. --- tests/api/test_ed448.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/api/test_ed448.c b/tests/api/test_ed448.c index e496d470f..87ec0e17d 100644 --- a/tests/api/test_ed448.c +++ b/tests/api/test_ed448.c @@ -415,7 +415,7 @@ int test_wc_Ed448PublicKeyToDer(void) #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) ed448_key key; - byte derBuf[CURVE448_BUFSIZE]; + byte derBuf[1024]; XMEMSET(&key, 0, sizeof(ed448_key)); @@ -458,7 +458,7 @@ int test_wc_Ed448KeyToDer(void) EXPECT_DECLS; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[CURVE448_BUFSIZE]; + byte output[ONEK_BUF]; ed448_key ed448Key; WC_RNG rng; word32 inLen; @@ -497,7 +497,7 @@ int test_wc_Ed448PrivateKeyToDer(void) EXPECT_DECLS; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[CURVE448_BUFSIZE]; + byte output[ONEK_BUF]; ed448_key ed448PrivKey; WC_RNG rng; word32 inLen; From eca0318fe8f12ad790e8f444840fbb879ee3c36d Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Mon, 14 Apr 2025 09:43:55 -0400 Subject: [PATCH 5/5] Rename to MAX_KEY_TO_DER_SZ, set to 130. Remove Curve448 changes. --- tests/api/test_curve448.c | 2 +- wolfcrypt/test/test.c | 2 +- wolfssl/wolfcrypt/curve25519.h | 2 +- wolfssl/wolfcrypt/curve448.h | 6 ------ 4 files changed, 3 insertions(+), 9 deletions(-) diff --git a/tests/api/test_curve448.c b/tests/api/test_curve448.c index 584b76525..0ae3736a8 100644 --- a/tests/api/test_curve448.c +++ b/tests/api/test_curve448.c @@ -347,7 +347,7 @@ int test_wc_Curve448PrivateKeyToDer(void) EXPECT_DECLS; #if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) - byte output[CURVE448_BUFSIZE]; + byte output[ONEK_BUF]; curve448_key curve448PrivKey; WC_RNG rng; word32 inLen; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d54164668..a68619fc5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -35544,7 +35544,7 @@ static wc_test_ret_t curve255519_der_test(void) 0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26 }; curve25519_key key; - byte output[CURVE25519_BUFSIZE]; + byte output[CURVE25519_MAX_KEY_TO_DER_SZ]; word32 outputSz = (word32)sizeof(output); word32 idx; diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index c2ff16cc3..acdb9574a 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -46,7 +46,7 @@ #define CURVE25519_PUB_KEY_SIZE 32 enum { - CURVE25519_BUFSIZE = 128, /* for exported DER keys temp buffer */ + CURVE25519_MAX_KEY_TO_DER_SZ = 82, /* for exported DER keys temp buffer */ WOLF_ENUM_DUMMY_LAST_ELEMENT(CURVE25519) }; diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h index a7ddd454b..756c8a3d5 100644 --- a/wolfssl/wolfcrypt/curve448.h +++ b/wolfssl/wolfcrypt/curve448.h @@ -43,12 +43,6 @@ #define CURVE448_KEY_SIZE 56 #define CURVE448_PUB_KEY_SIZE 56 -enum { - CURVE448_BUFSIZE = 256, /* for DER exported keys temp buffer */ - - WOLF_ENUM_DUMMY_LAST_ELEMENT(CURVE448) -}; - #ifndef WC_CURVE448KEY_TYPE_DEFINED typedef struct curve448_key curve448_key; #define WC_CURVE448KEY_TYPE_DEFINED