Skip to content

Add crypto callback only mode for ed25519#10830

Open
padelsbach wants to merge 2 commits into
wolfSSL:masterfrom
padelsbach:ed25519-cryptocb-only
Open

Add crypto callback only mode for ed25519#10830
padelsbach wants to merge 2 commits into
wolfSSL:masterfrom
padelsbach:ed25519-cryptocb-only

Conversation

@padelsbach

Copy link
Copy Markdown
Contributor

Description

Expand existing ed25519 crypto callback to support the "only" mode which strips the software implementation for use with HSM or other hardware accelerators.

make_key, sign_msg and verify_msg supported. No streaming support.

Testing

Added unit test and updated CI workflow

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

Comment thread wolfcrypt/src/ed25519.c

#ifdef WOLF_CRYPTO_CB
if (key->devId != INVALID_DEVID) {
#ifndef WOLF_CRYPTO_CB_FIND

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semi-related change to add these missing guards. The cb find mechanism would have failed here.

@padelsbach padelsbach self-assigned this Jul 1, 2026
@padelsbach

Copy link
Copy Markdown
Contributor Author

Jenkins retest this please

@padelsbach padelsbach marked this pull request as ready for review July 1, 2026 19:51
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

retest this please

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10830

Scan targets checked: wolfcrypt-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src

No new issues found in the changed files. ✅

@padelsbach padelsbach force-pushed the ed25519-cryptocb-only branch from 80c6f68 to 37b0c37 Compare July 6, 2026 15:34
@padelsbach padelsbach requested review from bigbrett and rizlik July 6, 2026 18:10
@padelsbach padelsbach removed their assignment Jul 6, 2026
@padelsbach padelsbach requested a review from Frauschi July 6, 2026 18:10
@bigbrett bigbrett assigned padelsbach and unassigned rizlik Jul 6, 2026
@padelsbach

Copy link
Copy Markdown
Contributor Author

jenkins retest this please

@rizlik rizlik left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, but the problem is that make_public and check-key survives and so ge_operations can't be removed from the build.
Given that the main goal of ONLY_ED25519 is to reduce code/data size, we should aim at removing all the software math.

I see two options:

  1. Gating out the make_public and check_key with new gating macros
  2. Adding two crypto callbacks for make_public and check_key

Comment thread wolfcrypt/src/ed25519.c
Comment on lines +636 to +637
#if defined(WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN) && \
!defined(WOLF_CRYPTO_CB_ONLY_ED25519)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me it looks like that the priv check must be inside the software blocks, not outside. So this is a bug that predate the PR. Probably a good idea to move it inside that software block instead of gating on !ONLY_ED25519, or just ignore it in this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants