Add crypto callback only mode for ed25519#10830
Conversation
|
|
||
| #ifdef WOLF_CRYPTO_CB | ||
| if (key->devId != INVALID_DEVID) { | ||
| #ifndef WOLF_CRYPTO_CB_FIND |
There was a problem hiding this comment.
Semi-related change to add these missing guards. The cb find mechanism would have failed here.
|
Jenkins retest this please |
|
retest this please |
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10830
Scan targets checked: wolfcrypt-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src
No new issues found in the changed files. ✅
|
80c6f68 to
37b0c37
Compare
|
jenkins retest this please |
rizlik
left a comment
There was a problem hiding this comment.
Great work, but the problem is that make_public and check-key survives and so ge_operations can't be removed from the build.
Given that the main goal of ONLY_ED25519 is to reduce code/data size, we should aim at removing all the software math.
I see two options:
- Gating out the make_public and check_key with new gating macros
- Adding two crypto callbacks for make_public and check_key
| #if defined(WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN) && \ | ||
| !defined(WOLF_CRYPTO_CB_ONLY_ED25519) |
There was a problem hiding this comment.
To me it looks like that the priv check must be inside the software blocks, not outside. So this is a bug that predate the PR. Probably a good idea to move it inside that software block instead of gating on !ONLY_ED25519, or just ignore it in this PR.
Description
Expand existing ed25519 crypto callback to support the "only" mode which strips the software implementation for use with HSM or other hardware accelerators.
make_key,sign_msgandverify_msgsupported. No streaming support.Testing
Added unit test and updated CI workflow
Checklist