Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions src/wp_ecx_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -511,11 +511,15 @@ static int wp_ecx_get_security_bits(wp_Ecx* ecx)
{
int bits = 0;

if (ecx->data->bits >= 456) {
bits = 224;
}
else if (ecx->data->bits >= 256) {
bits = 128;
switch (ecx->data->keyType) {
case WP_KEY_TYPE_X448:
case WP_KEY_TYPE_ED448:
bits = 224;
break;
case WP_KEY_TYPE_X25519:
case WP_KEY_TYPE_ED25519:
bits = 128;
break;
}

return bits;
Expand Down
90 changes: 87 additions & 3 deletions test/test_ecx.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@
#include <wolfssl/wolfcrypt/ed25519.h>
#include <wolfssl/wolfcrypt/ed448.h>

#if defined(WP_HAVE_ED25519) || defined(WP_HAVE_ECD448)

#ifndef ARRAY_SIZE
#define ARRAY_SIZE(a) ((sizeof(a)/sizeof(a[0])))
#endif

#if defined(WP_HAVE_ED25519) || defined(WP_HAVE_ED448)

#ifndef MAX
#define MAX(a,b) ((a) > (b) ? (a) : (b))
#endif
Expand Down Expand Up @@ -895,5 +895,89 @@ int test_ecx_dup(void *data)
return err;
}

#endif /* defined(WP_HAVE_ED25519) || defined(WP_HAVE_ECD444) */
#endif /* defined(WP_HAVE_ED25519) || defined(WP_HAVE_ED448) */

#if defined(WP_HAVE_X25519) || defined(WP_HAVE_X448)

/*
* Check that the correct security bits are provided for x25519 and x448
*/
int test_ecx_x_security_bits(void *data)
{
int err = 0;
(void)data;

EVP_PKEY *pkey_ossl = NULL;
EVP_PKEY *pkey_wolf = NULL;
EVP_PKEY_CTX *ctx_ossl = NULL;
EVP_PKEY_CTX *ctx_wolf = NULL;

struct {
const char *name;
int expectedBits;
} types[] = {
#ifdef WP_HAVE_X25519
{ "X25519", 128 },
#endif
#ifdef WP_HAVE_X448
{ "X448", 224 },
#endif
};

for (unsigned i = 0; i < ARRAY_SIZE(types) && err == 0; i++) {
Comment thread
gasbytes marked this conversation as resolved.
if (err == 0) {
ctx_ossl = EVP_PKEY_CTX_new_from_name(osslLibCtx, types[i].name,
NULL);
err = ctx_ossl == NULL;
}
if (err == 0) {
ctx_wolf = EVP_PKEY_CTX_new_from_name(wpLibCtx, types[i].name,
NULL);
err = ctx_wolf == NULL;
}
if (err == 0) {
err = EVP_PKEY_keygen_init(ctx_ossl) != 1;
}
if (err == 0) {
err = EVP_PKEY_keygen_init(ctx_wolf) != 1;
}
if (err == 0) {
pkey_ossl = NULL;
err = EVP_PKEY_generate(ctx_ossl, &pkey_ossl) != 1;
}
if (err == 0) {
pkey_wolf = NULL;
err = EVP_PKEY_generate(ctx_wolf, &pkey_wolf) != 1;
}
if (err == 0) {
Comment thread
gasbytes marked this conversation as resolved.
int sec_ossl = EVP_PKEY_get_security_bits(pkey_ossl);
int sec_wolf = EVP_PKEY_get_security_bits(pkey_wolf);
if (sec_ossl != sec_wolf) {
PRINT_MSG("EVP_PKEY_get_security_bits mismatch for %s:"
" OpenSSL %d, wolfProvider %d", types[i].name, sec_ossl,
sec_wolf);
err = 1;
}
else if (sec_wolf != types[i].expectedBits) {
PRINT_MSG("EVP_PKEY_get_security_bits failed for %s:"
" expected %d, got %d", types[i].name,
types[i].expectedBits, sec_wolf);
err = 1;
}
}

EVP_PKEY_free(pkey_ossl);
EVP_PKEY_free(pkey_wolf);
EVP_PKEY_CTX_free(ctx_ossl);
EVP_PKEY_CTX_free(ctx_wolf);
pkey_ossl = NULL;
pkey_wolf = NULL;
ctx_ossl = NULL;
ctx_wolf = NULL;
}

return err;
}

#endif /* defined(WP_HAVE_X25519) || defined(WP_HAVE_X448) */

3 changes: 3 additions & 0 deletions test/unit.c
Original file line number Diff line number Diff line change
Expand Up @@ -472,6 +472,9 @@ TEST_CASE test_case[] = {
#endif
TEST_DECL(test_ecx_dup, NULL),
#endif
#if defined(WP_HAVE_X25519) || defined(WP_HAVE_X448)
TEST_DECL(test_ecx_x_security_bits, NULL),
#endif

TEST_DECL(test_pkcs7_x509_sign_verify, NULL),
TEST_DECL(test_x509_cert, NULL),
Expand Down
4 changes: 4 additions & 0 deletions test/unit.h
Original file line number Diff line number Diff line change
Expand Up @@ -470,6 +470,10 @@ int test_ecx_x25519_raw_priv_roundtrip(void *data);
int test_ecx_dup(void *data);
#endif

#if defined(WP_HAVE_X25519) || defined(WP_HAVE_X448)
int test_ecx_x_security_bits(void *data);
#endif

int test_pkcs7_x509_sign_verify(void *data);
int test_x509_cert(void *data);

Expand Down
Loading