Public key export#8
Open
Frauschi wants to merge 6 commits into
Open
Conversation
Backport the LMS/XMSS keygen ergonomic to RSA: when a key is generated and cached in the HSM (non-ephemeral), the server now also serializes the generated public key into the keygen response body. The client gets both the keyId and a usable public key in one round-trip instead of following up with a separate wh_Client_RsaExportPublicKey call. The response reuses the existing keyId + len + body layout, so there is no wire-format change. Existing wh_Client_RsaMakeCacheKey callers ignore the extra body bytes and are unaffected. Add wh_Client_RsaMakeCacheKeyAndExportPublic, which caches the key and returns its public key into the caller's RsaKey object, pointing that object at the cached keyId for follow-on HSM operations. Add tests in both the main and refactored crypto test suites that cross-check the keygen-returned public key against wh_Client_RsaExportPublicKey and prove it is usable via an encrypt/HSM-decrypt round-trip.
Extend the cached ECC keygen path to serialize the generated public key into the keygen response body, so the client receives both the keyId and a usable public key in one round-trip instead of a follow-up wh_Client_EccExportPublicKey call. The response reuses the existing keyId + len + body layout, so there is no wire-format change and existing wh_Client_EccMakeCacheKey callers are unaffected. Add wh_Client_EccMakeCacheKeyAndExportPublic, which caches the key and returns its public key into the caller's ecc_key object, pointing that object at the cached keyId for follow-on HSM operations. Also drop the stale "TODO: RSA has the following" comment blocks in _HandleEccKeyGen that this change resolves. Add tests in both crypto test suites that cross-check the keygen-returned public key against wh_Client_EccExportPublicKey and verify an HSM-produced signature with it.
Extend the cached Curve25519 keygen path to serialize the generated public key into the keygen response body, so the client receives both the keyId and a usable public key in one round-trip instead of a follow-up wh_Client_Curve25519ExportPublicKey call. The response reuses the existing keyId + len + body layout, so there is no wire-format change. _Curve25519MakeKey now deserializes the response body whenever it is present rather than only for EPHEMERAL keygen, so the cached path can hand the public key back through the same key object. Existing MakeCacheKey (key == NULL) and MakeExportKey callers are unaffected. Add wh_Client_Curve25519MakeCacheKeyAndExportPublic plus tests in both crypto test suites that cross-check the keygen-returned public key against wh_Client_Curve25519ExportPublicKey and prove it via an X25519 shared-secret round-trip with the cached private key.
Extend the cached Ed25519 keygen path to serialize the generated public key into the keygen response body, so the client receives both the keyId and a usable public key in one round-trip instead of a follow-up wh_Client_Ed25519ExportPublicKey call. The response reuses the existing keyId + outSz + body layout, so there is no wire-format change. _Ed25519MakeKey now deserializes the response body whenever it is present rather than only for EPHEMERAL keygen, so the cached path can hand the public key back through the same key object. Existing MakeCacheKey (key == NULL) and MakeExportKey callers are unaffected. Add wh_Client_Ed25519MakeCacheKeyAndExportPublic plus tests in both crypto test suites that cross-check the keygen-returned public key against wh_Client_Ed25519ExportPublicKey and verify an HSM-produced signature with it.
Extend both the non-DMA and DMA cached ML-DSA keygen paths to return the generated public key to the client in one round-trip instead of a follow-up wh_Client_MlDsaExportPublicKey call. Non-DMA: the cache branch of _HandleMlDsaKeyGen serializes the public key into the response body (reusing the existing keyId + len + body layout). DMA: the cache branch of _HandleMlDsaKeyGenDma streams the public key back through the client's existing key DMA buffer and reports its size in keySize. Both are guarded by WOLFSSL_MLDSA_PUBLIC_KEY, matching the keystore public export path. No wire-format changes. _MlDsaMakeKey and _MlDsaMakeKeyDma now deserialize the response body/buffer whenever it is present rather than only for EPHEMERAL keygen, so the cached paths can hand the public key back through the same key object. Existing MakeCacheKey (key == NULL) and MakeExportKey callers are unaffected. Add wh_Client_MlDsaMakeCacheKeyAndExportPublic and wh_Client_MlDsaMakeCacheKeyDma, plus non-DMA and DMA tests in both crypto test suites that cross-check the keygen-returned public key against wh_Client_MlDsaExportPublicKey[Dma] and verify an HSM-produced signature with it.
Extend both the non-DMA and DMA cached ML-KEM keygen paths to return the generated public key to the client in one round-trip instead of a follow-up wh_Client_MlKemExportPublicKey call. Non-DMA: the cache branch of _HandleMlKemKeyGen encodes the public key into the response body (reusing the existing keyId + len + body layout). DMA: the cache branch of _HandleMlKemKeyGenDma streams the public key back through the client's existing key DMA buffer and reports its size in keySize. Both use wc_MlKemKey_PublicKeySize / wc_MlKemKey_EncodePublicKey, matching the keystore public export path. No wire-format changes. _MlKemMakeKey and _MlKemMakeKeyDma now deserialize the response body/buffer whenever it is present rather than only for EPHEMERAL keygen, so the cached paths can hand the public key back through the same key object. Existing MakeCacheKey (key == NULL) and MakeExportKey callers are unaffected. Add wh_Client_MlKemMakeCacheKeyAndExportPublic and wh_Client_MlKemMakeCacheKeyDma, plus non-DMA and DMA tests that cross-check the keygen-returned public key against wh_Client_MlKemExportPublicKey[Dma] and prove it via a KEM encapsulate/decapsulate round-trip with the cached private key.
4476066 to
c25623b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.