Skip to content

Key Agree Update#686

Merged
JacobBarthelmeh merged 3 commits intowolfSSL:masterfrom
ejohnstown:key-agree-update
May 13, 2024
Merged

Key Agree Update#686
JacobBarthelmeh merged 3 commits intowolfSSL:masterfrom
ejohnstown:key-agree-update

Conversation

@ejohnstown
Copy link
Copy Markdown
Contributor

@ejohnstown ejohnstown commented May 2, 2024

  1. Found some issues in some of the compiler guards for the key agreement functions.
  2. Broke the key agreement out into separate functions to make the jumbo Kex functions a little smaller.
  3. Added a ForceZero() for the Ecdh/Kyber shared secret.
  4. Made explicit flags for all the kex types and check for them specifically. Fixes a miss in some Ecdh cases.

This should fix issue #678 and #679. This supercedes pull request #684.

ejohnstown added 2 commits May 1, 2024 16:38
@ejohnstown
Key Agree Update
5060dc2 
1. In the key signature block, add flag for Ecc, and for the key
   allocation.
2. Add FreePubKey() to delete the pub key stored in the key signature
   block.
3. In DoKexDhReply(), break down the key agreement actions for the
   various supported key types into their own functions. Remove the
   redundant variables.
4. Using flags that are always present, reduce some of the complicated
   flag checks.
5. Fix a compile guard where the ECDH private key used by the client is
   disabled by ECDSA.
@ejohnstown
Key Agree Update
49c420d 
1. In SendKexDhReply(), break down the key agreement actions for the
   various supported key types into their own functions. Remove
   the redundant variables.
2. In DoKexDhInit(), add flags for the various key agreement types, and
   set them as appropriate when checking the selected kexId. The flags
   are always present no matter the build options.
3. Simplify some of the flag checks for optional options.
@ejohnstown ejohnstown mentioned this pull request May 2, 2024
Closed
@ejohnstown
Key Agree Update
6e93b92 
1. Add a parameter to the client key agree functions for the hashId.
   It's only really used for EcdhKyber1, but it keeps the functions
   parallel.
2. Add and update some top-of-function comments for the key agree
   functions.
3. Renamed the X25519 key agreement functions to Curve25519 to match the
   naming in the RFC.
4. Removed the temporary hashId local in the client EcdhKyber1
   function.
5. Messed around with some variable declarations in a few of the
   functions.
6. Fix a couple breaks for small stack build.
7. Fix where GEX-SHA2 key exchange wasn't allowed to work.
8. Disable EcdhKyber1 is ECDH-NISTP256 is disabled.
@ejohnstown ejohnstown requested review from JacobBarthelmeh and anhu May 2, 2024 02:51
@ejohnstown ejohnstown assigned ejohnstown and unassigned ejohnstown May 2, 2024
@JacobBarthelmeh JacobBarthelmeh self-assigned this May 8, 2024
@ejohnstown ejohnstown removed the request for review from anhu May 8, 2024 20:27
anhu
anhu approved these changes May 10, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@anhu anhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!!

@JacobBarthelmeh JacobBarthelmeh merged commit d11ec5f into wolfSSL:master May 13, 2024
@ejohnstown ejohnstown deleted the key-agree-update branch May 13, 2024 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anhu anhu anhu approved these changes

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

Assignees

@JacobBarthelmeh JacobBarthelmeh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ejohnstown @anhu @JacobBarthelmeh