Add ExportPublicKey API for cached asymmetric keys#346
Open
Frauschi wants to merge 1 commit intowolfSSL:mainfrom
Open
Add ExportPublicKey API for cached asymmetric keys#346Frauschi wants to merge 1 commit intowolfSSL:mainfrom
Frauschi wants to merge 1 commit intowolfSSL:mainfrom
Conversation
Introduces a new keystore action WH_KEY_EXPORT_PUBLIC that re-emits only the public portion of a cached public-key object, so callers that need a public key for a client-side operation (signature verification, key transport, etc.) no longer have to pull private material out of the HSM. A new WH_KS_OP_EXPORT_PUBLIC policy branch gates the path and intentionally bypasses NONEXPORTABLE since public material is non-sensitive. Wired end-to-end for RSA, ECC, Ed25519, Curve25519, and ML-DSA, with per-algorithm client wrappers (wh_Client_<Algo>ExportPublicKey) and smoke tests that round-trip real operations (sign/verify, ECDH) against the exported public keys, plus a negative test for unknown keyId. Also adds a DMA variant (WH_KEY_EXPORT_PUBLIC_DMA) with a generic client transport and an ML-DSA-specific wrapper, byte-identity cross-validation against the non-DMA path, and a NOSPACE bounds-check test. Documentation added to docs/src/chapter05.md and docs/src-ja/chapter05.md. New message structs registered in the padding-check test.
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add ExportPublicKey API for cached asymmetric key objects
Summary
Adds a dedicated path for extracting only the public half of a cached public-key keypair, so callers that need a public key on the client side (signature verification, certificate building, key transport, etc.) no longer have to pull the private material out of the HSM.
Previously, the only way to get the public half of a cached keypair was to call
wh_Client_<Algo>ExportKey(), which goes through the algorithm-agnosticwh_Client_KeyExport()and returns the raw cached DER — including any private material. For the common case "I cached a keypair for on-HSM signing and I just need the public key on the client," shipping the private key defeats the security benefit of caching.This PR adds:
WH_KEY_EXPORT_PUBLIC+ per-algorithm client wrappers.WH_KEY_EXPORT_PUBLIC_DMA+wh_Client_KeyExportPublicDmageneric transport + per-algorithm DMA wrapper for ML-DSA (matches the existing ML-DSA-only DMA-export precedent).Algorithms wired end-to-end
wh_Client_RsaExportPublicKeywh_Client_EccExportPublicKeywh_Client_Ed25519ExportPublicKeywh_Client_Curve25519ExportPublicKeywh_Client_MlDsaExportPublicKeywh_Client_MlDsaExportPublicKeyDmaDesign notes
WH_KEY_EXPORTinstead of duplicating it per algorithm. The selector is a newWH_KEY_ALGO_*enum inwolfhsm/wh_common.h.NONEXPORTABLEcarve-out.WH_NVM_FLAGS_NONEXPORTABLEblocks full-export but not public-only export, because public material is non-sensitive and blocking it would make cached keys unusable for any external verification or key-transport use case. This is a dedicatedWH_KS_OP_EXPORT_PUBLICbranch in_KeystoreCheckPolicy(not a silent bypass) and is called out explicitly in the docs.cacheBuf/cacheMetausing the existingwh_Crypto_*DeserializeKeyDerhelpers (which already fall back to public-only decode), then re-emits public-only DER via the matchingwc_*PublicKeyToDer. No new server-side crypto helpers introduced.resp_packet(the DMA response struct itself only occupies the header), thenwhServerDma_CopyToClients it into the client-provided buffer. The response sent over the wire is justsizeof(resp).WH_ERROR_NOTFOUND.wc_*PublicKeyToDerreturning 0 →WH_ERROR_ABORTED(explicitly, not a silent zero-length success). Too-small DMA client buffer →WH_ERROR_NOSPACE.Wire protocol
New keystore actions (appended to
enum WH_KEY_ENUMso existing numeric values are preserved):WH_KEY_EXPORT_PUBLICWH_KEY_EXPORT_PUBLIC_DMA(underWOLFHSM_CFG_DMA)Each takes a
uint16_t algoselector alongside the standardkeyId. Integrators with custom transports route these the same way they routeWH_KEY_EXPORT/WH_KEY_EXPORT_DMA.Test plan
End-to-end per algorithm:
NONEXPORTABLEcached key → full export denied withWH_ERROR_ACCESS→wh_Client_RsaExportPublicKeysucceeds → client-sidewc_RsaPublicEncrypt/ HSM-sidewc_RsaPrivateDecryptround-trips plaintext. Includes wrong-algo and unknown-keyId (WH_ERROR_NOTFOUND) negative cases.type == ECC_PUBLICKEY.wh_Client_Ed25519Sign, client verifies withwc_ed25519_verify_msg; assertspubKeySet==1 && privKeySet==0.local_priv·hsm_pub == hsm_priv·local_pub.wh_Client_MlDsaExportPublicKey→ assertspubKeySet==1 && prvKeySet==0.DMA-specific coverage:
wh_Client_KeyExportPublicDma(generic transport).wh_Client_MlDsaExportPublicKeyDma+ flag assertions, plus a byte-identity check comparing DMA-path DER vs. non-DMA-path DER for the same cached key, plus aWH_ERROR_NOSPACEnegative test with an undersized client buffer.Docs updated in
docs/src/chapter05.mdanddocs/src-ja/chapter05.md.