-
Notifications
You must be signed in to change notification settings - Fork 34
fix wp_ecx_get_security_bits to return the correct security bits for x448 and x25519 #417
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -897,3 +897,79 @@ int test_ecx_dup(void *data) | |
|
|
||
| #endif /* defined(WP_HAVE_ED25519) || defined(WP_HAVE_ECD444) */ | ||
|
|
||
| #if defined(WP_HAVE_X25519) || defined(WP_HAVE_X448) | ||
|
|
||
| /* | ||
| * Check that the correct security bits are provided for x25519 and x448 | ||
| */ | ||
| int test_ecx_x_security_bits(void *data) | ||
| { | ||
| int err = 0; | ||
| (void)data; | ||
|
|
||
| EVP_PKEY *pkey_ossl = NULL; | ||
| EVP_PKEY *pkey_wolf = NULL; | ||
| EVP_PKEY_CTX *ctx_ossl = NULL; | ||
| EVP_PKEY_CTX *ctx_wolf = NULL; | ||
|
|
||
| struct { | ||
| const char *name; | ||
| } types[] = { | ||
| #ifdef WP_HAVE_X25519 | ||
| { "X25519" }, | ||
| #endif | ||
| #ifdef WP_HAVE_X448 | ||
| { "X448" }, | ||
| #endif | ||
| }; | ||
|
|
||
| for (unsigned i = 0; i < ARRAY_SIZE(types) && err == 0; i++) { | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🔴 [High] New test uses ARRAY_SIZE outside its defining feature guard — compile break in curve-only builds The new test Fix: Hoist the |
||
| if (err == 0) { | ||
| ctx_ossl = EVP_PKEY_CTX_new_from_name(osslLibCtx, types[i].name, | ||
| NULL); | ||
| err = ctx_ossl == NULL; | ||
| } | ||
| if (err == 0) { | ||
| ctx_wolf = EVP_PKEY_CTX_new_from_name(wpLibCtx, types[i].name, | ||
| NULL); | ||
| err = ctx_wolf == NULL; | ||
| } | ||
| if (err == 0) { | ||
| err = EVP_PKEY_keygen_init(ctx_ossl) != 1; | ||
| } | ||
| if (err == 0) { | ||
| err = EVP_PKEY_keygen_init(ctx_wolf) != 1; | ||
| } | ||
| if (err == 0) { | ||
| pkey_ossl = NULL; | ||
| err = EVP_PKEY_generate(ctx_ossl, &pkey_ossl) != 1; | ||
| } | ||
| if (err == 0) { | ||
| pkey_wolf = NULL; | ||
| err = EVP_PKEY_generate(ctx_wolf, &pkey_wolf) != 1; | ||
| } | ||
| if (err == 0) { | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🟠 [Medium] Security-bits test only checks parity with OpenSSL, not the expected absolute values The test validates correctness only by comparing wolfProvider's Fix: Optionally assert the absolute expected security bits (128 for X25519, 224 for X448) in addition to the OpenSSL parity check, so the test directly pins the threshold logic this PR changed. |
||
| int sec_ossl = EVP_PKEY_get_security_bits(pkey_ossl); | ||
| int sec_wolf = EVP_PKEY_get_security_bits(pkey_wolf); | ||
| if (sec_ossl != sec_wolf) { | ||
| PRINT_MSG("EVP_PKEY_get_security_bits failed for %s:" | ||
| " expected %d, got %d", types[i].name, sec_ossl, sec_wolf); | ||
| err = 1; | ||
| } | ||
| } | ||
|
|
||
| EVP_PKEY_free(pkey_ossl); | ||
| EVP_PKEY_free(pkey_wolf); | ||
| EVP_PKEY_CTX_free(ctx_ossl); | ||
| EVP_PKEY_CTX_free(ctx_wolf); | ||
| pkey_ossl = NULL; | ||
| pkey_wolf = NULL; | ||
| ctx_ossl = NULL; | ||
| ctx_wolf = NULL; | ||
| } | ||
|
|
||
| return err; | ||
| } | ||
|
|
||
| #endif /* defined(WP_HAVE_X25519) || defined(WP_HAVE_X448) */ | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔵 [Low] Magic-number thresholds in wp_ecx_get_security_bits are undocumented
The thresholds
>= 448and>= 255are derived from thedata->bitsvalues assigned to each curve (x25519=255, x448=448, ed25519=256, ed448=456), but that relationship is non-obvious to a reader. The function infers a security level from a key-size threshold even thoughdata->keyType(WP_KEY_TYPE_X25519, etc.) is available and would express intent more directly. The pre-existing code already used magic numbers, so this matches existing style, but a short comment mapping the thresholds to the curve families would help future maintainers and prevent regressions like the off-by-a-few-bits values this PR is fixing.Fix: Add a brief comment explaining how the 255/448 thresholds map to the X/Ed curve families, or switch on
data->keyTypefor clarity. Non-blocking.