Skip to content

Add crypto callback only mode for ed25519#10830

Open
padelsbach wants to merge 2 commits into
wolfSSL:masterfrom
padelsbach:ed25519-cryptocb-only
Open

Add crypto callback only mode for ed25519#10830
padelsbach wants to merge 2 commits into
wolfSSL:masterfrom
padelsbach:ed25519-cryptocb-only

Conversation

@padelsbach

Copy link
Copy Markdown
Contributor

Description

Expand existing ed25519 crypto callback to support the "only" mode which strips the software implementation for use with HSM or other hardware accelerators.

make_key, sign_msg and verify_msg supported. No streaming support.

Testing

Added unit test and updated CI workflow

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

Comment thread wolfcrypt/src/ed25519.c

#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
#ifndef WOLF_CRYPTO_CB_FIND

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semi-related change to add these missing guards. The cb find mechanism would have failed here.

@padelsbach padelsbach self-assigned this Jul 1, 2026
@padelsbach

Copy link
Copy Markdown
Contributor Author

Jenkins retest this please

@padelsbach padelsbach marked this pull request as ready for review July 1, 2026 19:51
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

retest this please

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10830

Scan targets checked: wolfcrypt-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src

No new issues found in the changed files. ✅

@padelsbach padelsbach force-pushed the ed25519-cryptocb-only branch from 80c6f68 to 37b0c37 Compare July 6, 2026 15:34
@padelsbach padelsbach requested review from bigbrett and rizlik July 6, 2026 18:10
@padelsbach padelsbach removed their assignment Jul 6, 2026
@padelsbach padelsbach requested a review from Frauschi July 6, 2026 18:10
@bigbrett bigbrett assigned padelsbach and unassigned rizlik Jul 6, 2026
@padelsbach

Copy link
Copy Markdown
Contributor Author

jenkins retest this please

@rizlik rizlik left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, but the problem is that make_public and check-key survives and so ge_operations can't be removed from the build.
Given that the main goal of ONLY_ED25519 is to reduce code/data size, we should aim at removing all the software math.

I see two options:

  1. Gating out the make_public and check_key with new gating macros
  2. Adding two crypto callbacks for make_public and check_key

Comment thread wolfcrypt/src/ed25519.c
Comment on lines +636 to +637
#if defined(WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ED25519)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me it looks like that the priv check must be inside the software blocks, not outside. So this is a bug that predate the PR. Probably a good idea to move it inside that software block instead of gating on !ONLY_ED25519, or just ignore it in this PR.

@Frauschi Frauschi left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐺 Skoll Code Review

Overall recommendation: COMMENT
Findings: 1 total — 1 posted, 0 skipped

Posted findings

  • [Low] Sign CB_ONLY path omits (void)ed25519Ctx suppression present in verify pathwolfcrypt/src/ed25519.c:445

Review generated by Skoll via Claude/Codex

Comment thread wolfcrypt/src/ed25519.c
(void)type;
ret = se050_ed25519_sign_msg(in, inLen, out, outLen, key);
#elif defined(WOLF_CRYPTO_CB_ONLY_ED25519)
ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔵 [Low] Sign CB_ONLY path omits (void)ed25519Ctx suppression present in verify path
🔧 NIT convention

The WOLF_CRYPTO_CB_ONLY_ED25519 branch of wc_ed25519_verify_msg_ex adds (void)ed25519Ctx; to suppress an unused-const-variable warning, but the equivalent WOLF_CRYPTO_CB_ONLY_ED25519 branch of wc_ed25519_sign_msg_ex does not. ed25519Ctx is defined whenever HAVE_ED25519_SIGN || HAVE_ED25519_VERIFY. In a narrow configuration built with HAVE_ED25519_SIGN but without HAVE_ED25519_VERIFY under WOLF_CRYPTO_CB_ONLY_ED25519, ed25519Ctx is never referenced (both the sign software path and the streaming-verify code that use it are compiled out), which can trigger -Wunused-const-variable under -Werror. The default/CI configs enable both sign and verify, so this does not fire in the added CI job.

Recommendation: For symmetry with the verify branch and to avoid a possible unused-const warning in sign-only configurations, add (void)ed25519Ctx; at the top of the sign CB_ONLY branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants