small changes:

- better ifdef's in hpke api.c tests
- updated ssl_ech.c to use wc_HpkeKemGetEncLen in both locations
- removed Ndh check in hpke.c, made it inline with the ecc cases
This commit is contained in:
sebastian-carpenter
2026-03-20 14:39:29 -06:00
parent cbb7bfc53a
commit 25dcc0082d
3 changed files with 34 additions and 45 deletions
+9 -33
View File
@@ -316,6 +316,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
{
int i;
word16 totalLen = 0;
word16 kemEncLen;
word16 publicNameLen;
if (config == NULL || (output == NULL && outputLen == NULL))
@@ -338,7 +339,10 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
totalLen += 2;
/* hpke_pub_key */
totalLen += wc_HpkeKemGetEncLen(config->kemId);
kemEncLen = wc_HpkeKemGetEncLen(config->kemId);
if (kemEncLen == 0)
return BAD_FUNC_ARG;
totalLen += kemEncLen;
/* cipherSuitesLen */
totalLen += 2;
@@ -378,38 +382,10 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
output += 2;
/* length and key itself */
switch (config->kemId) {
case DHKEM_P256_HKDF_SHA256:
c16toa(DHKEM_P256_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_P256_ENC_LEN);
output += DHKEM_P256_ENC_LEN;
break;
case DHKEM_P384_HKDF_SHA384:
c16toa(DHKEM_P384_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_P384_ENC_LEN);
output += DHKEM_P384_ENC_LEN;
break;
case DHKEM_P521_HKDF_SHA512:
c16toa(DHKEM_P521_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_P521_ENC_LEN);
output += DHKEM_P521_ENC_LEN;
break;
case DHKEM_X25519_HKDF_SHA256:
c16toa(DHKEM_X25519_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_X25519_ENC_LEN);
output += DHKEM_X25519_ENC_LEN;
break;
case DHKEM_X448_HKDF_SHA512:
c16toa(DHKEM_X448_ENC_LEN, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, DHKEM_X448_ENC_LEN);
output += DHKEM_X448_ENC_LEN;
break;
}
c16toa(kemEncLen, output);
output += 2;
XMEMCPY(output, config->receiverPubkey, kemEncLen);
output += kemEncLen;
/* cipherSuites len */
c16toa(config->numCipherSuites * 4, output);
+7 -5
View File
@@ -14572,22 +14572,24 @@ static int test_wolfSSL_Tls13_ECH_all_algos(void)
int k;
static const word16 kems[] = {
#if defined(HAVE_ECC)
#if (defined(WOLFSSL_SHA224) || !defined(NO_SHA256))
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256)
DHKEM_P256_HKDF_SHA256,
#endif
#if defined(WOLFSSL_SHA384)
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
defined(WOLFSSL_SHA384)
DHKEM_P384_HKDF_SHA384,
#endif
#if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
defined(WOLFSSL_SHA512)
DHKEM_P521_HKDF_SHA512,
#endif
#endif /* HAVE_ECC */
#if defined(HAVE_CURVE25519) && (defined(WOLFSSL_SHA224) || !defined(NO_SHA256))
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
DHKEM_X25519_HKDF_SHA256,
#endif
};
static const word16 kdfs[] = {
#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
#if !defined(NO_SHA256)
HKDF_SHA256,
#endif
#ifdef WOLFSSL_SHA384
+18 -7
View File
@@ -153,7 +153,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
hpke->curveId = ECC_SECP256R1;
hpke->Nsecret = WC_SHA256_DIGEST_SIZE;
hpke->kemDigest = WC_SHA256;
hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId);
ret = wc_ecc_get_curve_size_from_id(hpke->curveId);
if (ret < 0) {
break;
}
hpke->Ndh = (word32)ret;
ret = 0;
hpke->Npk = 1 + hpke->Ndh * 2;
break;
#endif
@@ -164,7 +169,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
hpke->curveId = ECC_SECP384R1;
hpke->Nsecret = WC_SHA384_DIGEST_SIZE;
hpke->kemDigest = WC_SHA384;
hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId);
ret = wc_ecc_get_curve_size_from_id(hpke->curveId);
if (ret < 0) {
break;
}
hpke->Ndh = (word32)ret;
ret = 0;
hpke->Npk = 1 + hpke->Ndh * 2;
break;
#endif
@@ -175,7 +185,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
hpke->curveId = ECC_SECP521R1;
hpke->Nsecret = WC_SHA512_DIGEST_SIZE;
hpke->kemDigest = WC_SHA512;
hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId);
ret = wc_ecc_get_curve_size_from_id(hpke->curveId);
if (ret < 0) {
break;
}
hpke->Ndh = (word32)ret;
ret = 0;
hpke->Npk = 1 + hpke->Ndh * 2;
break;
#endif
@@ -260,10 +275,6 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
}
}
if ((int)hpke->Ndh < 0) {
return (int)hpke->Ndh;
}
return ret;
}