Skip to content

Commit 18ce2cd

Browse files
parthdagia050yi0
authored andcommitted
feat(wasi_crypto): implement EdDSA public key verification (#4927)
Implement Eddsa::PublicKey::verify() using EVP_PKEY_public_check. Part of #2669. Signed-off-by: Parth Dagia <parth.24bcs10414@sst.scaler.com>
1 parent 2c90c54 commit 18ce2cd

2 files changed

Lines changed: 30 additions & 1 deletion

File tree

plugins/wasi_crypto/signatures/eddsa.cpp

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,15 @@ Eddsa::PublicKey::import(Span<const uint8_t> Encoded,
3535
}
3636

3737
WasiCryptoExpect<void> Eddsa::PublicKey::verify() const noexcept {
38-
return WasiCryptoUnexpect(__WASI_CRYPTO_ERRNO_NOT_IMPLEMENTED);
38+
EvpPkeyCtxPtr CheckCtx{EVP_PKEY_CTX_new(Ctx.get(), nullptr)};
39+
ensureOrReturn(CheckCtx, __WASI_CRYPTO_ERRNO_ALGORITHM_FAILURE);
40+
// EVP_PKEY_public_check() returns 1 for a valid key and 0 for an invalid
41+
// one. A negative value means the check is unsupported for this key type
42+
// (e.g. Ed25519 on OpenSSL 1.1.1), so only an explicit 0 is treated as
43+
// invalid.
44+
ensureOrReturn(EVP_PKEY_public_check(CheckCtx.get()) != 0,
45+
__WASI_CRYPTO_ERRNO_INVALID_KEY);
46+
return {};
3947
}
4048

4149
WasiCryptoExpect<std::vector<uint8_t>> Eddsa::PublicKey::exportData(

test/plugins/wasi_crypto/signatures.cpp

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,27 @@ TEST_F(WasiCryptoTest, Signatures) {
5252
SigTest(__WASI_ALGORITHM_TYPE_SIGNATURES, "RSA_PSS_3072_SHA512"sv);
5353
SigTest(__WASI_ALGORITHM_TYPE_SIGNATURES, "RSA_PSS_4096_SHA512"sv);
5454

55+
// Verify that a generated public key is well-formed.
56+
auto PublicKeyVerifyTest = [this](__wasi_algorithm_type_e_t AlgType,
57+
std::string_view Alg) {
58+
SCOPED_TRACE(Alg);
59+
WASI_CRYPTO_EXPECT_SUCCESS(KpHandle,
60+
keypairGenerate(AlgType, Alg, std::nullopt));
61+
WASI_CRYPTO_EXPECT_SUCCESS(PkHandle, keypairPublickey(KpHandle));
62+
WASI_CRYPTO_EXPECT_TRUE(publickeyVerify(PkHandle));
63+
};
64+
PublicKeyVerifyTest(__WASI_ALGORITHM_TYPE_SIGNATURES, "Ed25519"sv);
65+
66+
// A raw public key with an invalid length is rejected on import.
67+
auto PublicKeyImportInvalidTest = [this](__wasi_algorithm_type_e_t AlgType,
68+
std::string_view Alg) {
69+
SCOPED_TRACE(Alg);
70+
WASI_CRYPTO_EXPECT_FAILURE(
71+
publickeyImport(AlgType, Alg, "00"_u8v, __WASI_PUBLICKEY_ENCODING_RAW),
72+
__WASI_CRYPTO_ERRNO_INVALID_KEY);
73+
};
74+
PublicKeyImportInvalidTest(__WASI_ALGORITHM_TYPE_SIGNATURES, "Ed25519"sv);
75+
5576
auto SigEncodingTest =
5677
[this](
5778
std::string_view Alg,

0 commit comments

Comments
 (0)