Add missing hpke.c to project. Add overload to support internal ephemeral key generation

dgarske · dgarske · commit 6dd961591df9 · 2026-04-08T16:05:24.000-07:00
diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs
@@ -976,6 +976,28 @@ private static void hpke_test()
                 throw new Exception("Decrypted text does not match original plaintext");
             }
             Console.WriteLine("HPKE Base mode test PASSED.");
+
+            /* Test convenience overload (no ephemeral key) */
+            Console.WriteLine("Testing HpkeSealBase convenience overload...");
+            byte[] encCiphertext2 = wolfcrypt.HpkeSealBase(hpke, receiverKey,
+                info, aad, plaintext, kem);
+            if (encCiphertext2 == null)
+            {
+                throw new Exception("HpkeSealBase (convenience) failed");
+            }
+            Console.WriteLine($"HpkeSealBase convenience passed. Output length: {encCiphertext2.Length}");
+
+            byte[] decrypted2 = wolfcrypt.HpkeOpenBase(hpke, receiverKey,
+                encCiphertext2, info, aad, plaintext.Length);
+            if (decrypted2 == null)
+            {
+                throw new Exception("HpkeOpenBase (convenience) failed");
+            }
+            if (!wolfcrypt.ByteArrayVerify(plaintext, decrypted2))
+            {
+                throw new Exception("Convenience seal/open: decrypted text does not match");
+            }
+            Console.WriteLine("HPKE convenience overload test PASSED.");
         }
         finally
         {
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs
@@ -3302,10 +3302,7 @@ public static IntPtr HpkeInit(HpkeKem kem, HpkeKdf kdf, HpkeAead aead)
                 }
 
                 /* Zero the memory */
-                for (int i = 0; i < HPKE_STRUCT_SZ; i++)
-                {
-                    Marshal.WriteByte(hpke, i, 0);
-                }
+                Marshal.Copy(new byte[HPKE_STRUCT_SZ], 0, hpke, HPKE_STRUCT_SZ);
 
                 int ret = wc_HpkeInit(hpke, (int)kem, (int)kdf, (int)aead, IntPtr.Zero);
                 if (ret != 0)
@@ -3537,6 +3534,48 @@ public static byte[] HpkeSealBase(IntPtr hpke, IntPtr ephemeralKey, IntPtr recei
             }
         }
 
+        /// <summary>
+        /// Convenience SingleShot seal (encrypt) using HPKE Base mode.
+        /// Generates an ephemeral keypair internally so the caller does not
+        /// need to manage one.
+        /// Returns enc||ciphertext as a single byte array.
+        /// </summary>
+        /// <param name="hpke">HPKE context from HpkeInit()</param>
+        /// <param name="receiverKey">Receiver public key</param>
+        /// <param name="info">Info context bytes (can be null)</param>
+        /// <param name="aad">Additional authenticated data (can be null)</param>
+        /// <param name="plaintext">Plaintext to encrypt</param>
+        /// <param name="kem">KEM used (needed to free the ephemeral key)</param>
+        /// <returns>enc||ciphertext byte array or null on failure</returns>
+        public static byte[] HpkeSealBase(IntPtr hpke, IntPtr receiverKey,
+            byte[] info, byte[] aad, byte[] plaintext, HpkeKem kem)
+        {
+            IntPtr ephemeralKey = IntPtr.Zero;
+
+            try
+            {
+                ephemeralKey = HpkeGenerateKeyPair(hpke);
+                if (ephemeralKey == IntPtr.Zero)
+                {
+                    log(ERROR_LOG, "HPKE seal base: ephemeral keygen failed");
+                    return null;
+                }
+
+                return HpkeSealBase(hpke, ephemeralKey, receiverKey,
+                    info, aad, plaintext);
+            }
+            catch (Exception e)
+            {
+                log(ERROR_LOG, "HPKE seal base exception " + e.ToString());
+                return null;
+            }
+            finally
+            {
+                if (ephemeralKey != IntPtr.Zero)
+                    HpkeFreeKey(hpke, ephemeralKey, kem);
+            }
+        }
+
         /// <summary>
         /// SingleShot open (decrypt) using HPKE Base mode.
         /// Takes the full enc||ciphertext blob returned by HpkeSealBase.
diff --git a/wrapper/CSharp/wolfssl.vcxproj b/wrapper/CSharp/wolfssl.vcxproj
@@ -317,6 +317,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hpke.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
     <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
     <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
@@ -332,6 +333,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
     <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
     <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rng_bank.c" />
     <ClCompile Include="..\..\wolfcrypt\src\rc2.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
     <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
