Skip to content

rsa pki encoding/decoding tests and fix for encoding rsapss to pki #333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sebastian-carpenter wants to merge 1 commit into
base: master
Choose a base branch
from
Open

rsa pki encoding/decoding tests and fix for encoding rsapss to pki #333

sebastian-carpenter wants to merge 1 commit into from
+487 −122

Conversation

@sebastian-carpenter
Copy link
Contributor

@sebastian-carpenter sebastian-carpenter commented Nov 21, 2025
edited
Loading

This mainly contains testing for encoding / decoding RSA and RSASSA-PSS keys to / from pki.

Found some bugs and fixed them:

  • RSASSA-PSS key params are not encoded to DER when using pki encoding. Copied some code from the spki encoding section for a fix (altered it slightly for different offsets).
  • WolfProvider returns digest names that do not match those of OSSL. Made a mapping function based on a wolfcrypt enum.

Addendum:

  • When doing the encoding test the created der was then decoded with ossl and wp. Changed test_rsa_decode_pkcs8_evp_pkey to allow decoding ctx to be specified. Now decoding can be done with ossl and wp, or just ossl.

@sebastian-carpenter sebastian-carpenter self-assigned this Nov 21, 2025
SparkiDev
SparkiDev requested changes Nov 23, 2025
View reviewed changes
Copy link
Contributor

@SparkiDev SparkiDev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does wp_rsa_import have a parameter with a string that is the wrong name form?
We have places we set mdName to something explicitly and they can be changed but the import should be the same as

test/test_rsa.c Outdated
static int test_rsa_encode_pkcs8_evp_pkey(const unsigned char *p, long len)
{
int err = 0;
PKCS8_PRIV_KEY_INFO* p8inf1;
Copy link
Contributor

@SparkiDev SparkiDev Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initialise these four pointer.

Copy link
Contributor Author

@sebastian-carpenter sebastian-carpenter Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now initialized to NULL

src/wp_rsa_kmgmt.c
case WC_HASH_TYPE_SHA3_384:
case WC_HASH_TYPE_SHA3_512:
case WC_HASH_TYPE_BLAKE2B:
case WC_HASH_TYPE_BLAKE2S:
Copy link
Contributor

@SparkiDev SparkiDev Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing SHA512-224 and SHA512-256

Copy link
Contributor Author

@sebastian-carpenter sebastian-carpenter Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added both types and several others. Wrapped new additions in ifdef's

src/wp_rsa_kmgmt.c Outdated
{
int ok = 1;
OSSL_PARAM* p;
const char *ossl_digest;
Copy link
Contributor

@SparkiDev SparkiDev Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initialise to NULL.

Copy link
Contributor Author

@sebastian-carpenter sebastian-carpenter Nov 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initalized to NULL and changed name to osslDigest

@sebastian-carpenter
Copy link
Contributor Author

sebastian-carpenter commented Nov 25, 2025

Why does wp_rsa_import have a parameter with a string that is the wrong name form? We have places we set mdName to something explicitly and they can be changed but the import should be the same as

comment seems cut off so I took my best guess. I didn't do anything to wp_rsa_import so I'm thinking this is meant to refer to wp_digest_to_ossl_digest. Previously the parameter was ossl_digest so I changed it to osslDigest in the rebase.

As for why this functions exists: When you get parameters from wolfProvider the md and mgf should match what OpenSSL uses for their digest names. I didn't edit what the md and mgf were set to in wolfProvider since it seems like that could cause issues in wolfCrypt (though I'm not certain).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SparkiDev SparkiDev SparkiDev requested changes

@ColtonWilley ColtonWilley Awaiting requested review from ColtonWilley

@aidangarske aidangarske Awaiting requested review from aidangarske

@padelsbach padelsbach Awaiting requested review from padelsbach

Requested changes must be addressed to merge this pull request.

Assignees

@sebastian-carpenter sebastian-carpenter

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sebastian-carpenter @SparkiDev