Fix demos to work with new wolfHSM API #17
Conversation
bigbrett
force-pushed
the
v1-release-updates
branch
from
8f53957 to
c28eb2f
Compare
|
|
||
| #if defined(WOLFSSL_CMAC) |
There was a problem hiding this comment.
I think we have additional constraints on CMAC like !NO_AES and WOLFSSL_AES_DIRECT. Do you capture these in the lower level? I'd love to simplify this compile-time logic to exactly what you have written here.
| @@ -48,8 +48,7 @@ | |||
| int wh_DemoClient_CryptoRsa(whClientContext* clientContext) | |||
There was a problem hiding this comment.
Do you also need WOLFSSL_KEY_GEN for the make rsakey below?
demo/client/wh_demo_client_crypto.c
Outdated
| if (ret != 0) { | ||
| printf("Failed to wh_Client_GetKeyIdRsa %d\n", ret); | ||
| return ret; | ||
| int evictRet = wh_Client_GetKeyIdEcc(eccPrivate, &keyId); |
There was a problem hiding this comment.
Isn't this supposed to be wh_Client_EccGetKeyId(...)?
| @@ -116,7 +120,7 @@ int wh_DemoClient_KeystoreCommitKey(whClientContext* clientContext) | |||
| return WH_ERROR_OK; | |||
| } | |||
|
|
|||
|
|
|||
| #ifndef NO_AES | |||
There was a problem hiding this comment.
This appears to need AES_CBC as well
|
|
||
| /* Temporarily set this to key export function */ | ||
| #define WOLFSSL_KEY_GEN | ||
| #define HAVE_CURVE25519 | ||
| #define HAVE_ECC |
There was a problem hiding this comment.
Recommend to reenable this to make sure we have coverage there as well. Ok to leave it off for now and fix it in a later PR
| #!/bin/bash | ||
|
|
||
| # ECC Keys | ||
| openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out alice-ecc256-key.pem |
There was a problem hiding this comment.
Grumble. Hate relying on openssl. Maybe we should leave some pregenerated keys in PEM format in the repo as well in case they don't have openssl available? No change recommended at this point. Just a thought.
Based on #15 but with additional improvements
Requires curve25519 fixes introduced in wolfSSL/wolfHSM#83. CI will fail until that merges.