Skip to content

Commit 66b4a45

Browse files
aidangarskeaidangarske
committed
fix ed25519 in yocto
1 parent cec8015 commit 66b4a45

File tree

1 file changed

+56
-31
lines changed

1 file changed

+56
-31
lines changed

src/wp_ecx_exch.c

Lines changed: 56 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -641,49 +641,37 @@ static int wp_x25519_derive(wp_EcxCtx* ctx, unsigned char* secret,
641641
(test_peer_pub[CURVE25519_KEYSIZE - 1] & 0x80) ? "SET" : "CLEAR");
642642
}
643643

644-
/* CRITICAL: Always normalize both keys' public keys by re-importing with MSB cleared */
645-
/* This ensures the INTERNAL structure (p.point[]) has MSB clear, which is what */
646-
/* wc_curve25519_shared_secret checks, not the exported bytes */
647-
/* Re-importing public key on LOCAL keypair is safe - it only updates the public portion */
648-
if (ok && test_local_pub_rc == 0 && test_local_pub_len == CURVE25519_KEYSIZE) {
649-
/* Always clear MSB and re-import LOCAL public key to ensure internal structure is correct */
650-
byte local_pub_normalized[CURVE25519_KEYSIZE];
651-
XMEMCPY(local_pub_normalized, test_local_pub, CURVE25519_KEYSIZE);
652-
local_pub_normalized[CURVE25519_KEYSIZE - 1] &= 0x7f;
653-
654-
int fix_local_rc = wc_curve25519_import_public_ex(local_pub_normalized, CURVE25519_KEYSIZE, local_key, EC25519_LITTLE_ENDIAN);
655-
if (fix_local_rc != 0) {
656-
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] ERROR - Failed to normalize LOCAL key public key! rc=%d\n", fix_local_rc);
657-
fflush(stderr);
658-
ok = 0;
659-
} else {
660-
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] Normalized LOCAL key public key (MSB cleared in internal structure)\n");
661-
fflush(stderr);
662-
663-
/* Verify private key is still there after re-importing public */
664-
word32 verify_priv_len = CURVE25519_KEYSIZE;
665-
byte verify_priv[CURVE25519_KEYSIZE];
666-
int verify_priv_rc = wc_curve25519_export_private_raw_ex(local_key, verify_priv, &verify_priv_len, EC25519_LITTLE_ENDIAN);
667-
if (verify_priv_rc != 0 || verify_priv_len != CURVE25519_KEYSIZE) {
668-
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] ERROR - LOCAL key lost private key after public key re-import! rc=%d\n", verify_priv_rc);
669-
fflush(stderr);
670-
ok = 0;
671-
}
672-
}
673-
} else if (ok) {
644+
/* CRITICAL: Verify LOCAL key pubSet/privSet flags are set correctly */
645+
/* The LOCAL key is generated, so it should already be correct - we don't re-import it */
646+
/* Re-importing might clear pubSet/privSet flags, causing the -199 error */
647+
if (ok && (test_local_pub_rc != 0 || test_local_pub_len != CURVE25519_KEYSIZE)) {
674648
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] ERROR: LOCAL key pubSet is FALSE (cannot export public key) rc=%d, len=%u\n",
675649
test_local_pub_rc, test_local_pub_len);
676650
fflush(stderr);
677651
ok = 0;
678652
}
679653

654+
/* Check for MSB on LOCAL key - if set, log warning but don't try to fix */
655+
/* Re-importing might clear pubSet/privSet flags */
656+
if (ok && test_local_pub_rc == 0 && test_local_pub_len == CURVE25519_KEYSIZE) {
657+
if (test_local_pub[CURVE25519_KEYSIZE - 1] & 0x80) {
658+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] WARNING: LOCAL key MSB is SET (0x%02x) but not fixing to avoid clearing pubSet/privSet flags\n",
659+
test_local_pub[CURVE25519_KEYSIZE - 1]);
660+
fflush(stderr);
661+
/* Note: This might cause -199 if wolfSSL checks MSB, but re-importing might clear flags */
662+
}
663+
}
664+
680665
if (ok && (test_local_priv_rc != 0 || test_local_priv_len != CURVE25519_KEYSIZE)) {
681666
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] ERROR: LOCAL key privSet is FALSE (cannot export private key) rc=%d, len=%u\n",
682667
test_local_priv_rc, test_local_priv_len);
683668
fflush(stderr);
684669
ok = 0;
685670
}
686671

672+
/* CRITICAL: Normalize PEER key public key by re-importing with MSB cleared */
673+
/* PEER key is public-only, so re-importing is safe and won't affect privSet */
674+
/* This ensures the INTERNAL structure (p.point[]) has MSB clear */
687675
if (ok && test_peer_pub_rc == 0 && test_peer_pub_len == CURVE25519_KEYSIZE) {
688676
/* Always clear MSB and re-import PEER public key to ensure internal structure is correct */
689677
byte peer_pub_normalized[CURVE25519_KEYSIZE];
@@ -696,8 +684,19 @@ static int wp_x25519_derive(wp_EcxCtx* ctx, unsigned char* secret,
696684
fflush(stderr);
697685
ok = 0;
698686
} else {
699-
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] Normalized PEER key public key (MSB cleared in internal structure)\n");
687+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] Normalized PEER key public key (MSB cleared, pubSet should be true)\n");
700688
fflush(stderr);
689+
690+
/* Verify pubSet is still set after re-import */
691+
word32 verify_peer_pub_len = CURVE25519_KEYSIZE;
692+
byte verify_peer_pub[CURVE25519_KEYSIZE];
693+
int verify_peer_pub_rc = wc_curve25519_export_public_ex(peer_key_derive, verify_peer_pub, &verify_peer_pub_len, EC25519_LITTLE_ENDIAN);
694+
if (verify_peer_pub_rc != 0 || verify_peer_pub_len != CURVE25519_KEYSIZE) {
695+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] ERROR - PEER key lost pubSet after re-import! rc=%d, len=%u\n",
696+
verify_peer_pub_rc, verify_peer_pub_len);
697+
fflush(stderr);
698+
ok = 0;
699+
}
701700
}
702701
} else if (ok) {
703702
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] ERROR: PEER key pubSet is FALSE (cannot export public key) rc=%d, len=%u\n",
@@ -709,10 +708,36 @@ static int wp_x25519_derive(wp_EcxCtx* ctx, unsigned char* secret,
709708
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] Secret buffer: %p, len pointer: %p, current len value: %u\n",
710709
secret, &len, len);
711710
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [BEFORE] Pre-call validation: ok=%d\n", ok);
711+
712+
/* DEBUG: Check which code path wolfSSL will take based on compilation flags */
713+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [COMPILE-CHECK] Checking compilation flags...\n");
714+
#ifdef WOLFSSL_SE050
715+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [COMPILE-CHECK] WOLFSSL_SE050 is DEFINED - privSet check will be SKIPPED\n");
716+
#else
717+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [COMPILE-CHECK] WOLFSSL_SE050 is NOT defined - privSet check will be PERFORMED\n");
718+
#endif
719+
#ifdef WOLF_CRYPTO_CB
720+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [COMPILE-CHECK] WOLF_CRYPTO_CB is DEFINED - crypto callback path available\n");
721+
#else
722+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [COMPILE-CHECK] WOLF_CRYPTO_CB is NOT defined - no crypto callback path\n");
723+
#endif
724+
#ifdef WOLFSSL_CURVE25519_BLINDING
725+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [COMPILE-CHECK] WOLFSSL_CURVE25519_BLINDING is DEFINED - using blinded scalar multiplication\n");
726+
#else
727+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [COMPILE-CHECK] WOLFSSL_CURVE25519_BLINDING is NOT defined - using standard scalar multiplication\n");
728+
#endif
712729
fflush(stderr);
713730

714731
if (ok) {
715732
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [CALL] Executing wc_curve25519_shared_secret...\n");
733+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [CALL] Note: -199 (ECC_BAD_ARG_E) can come from:\n");
734+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [CALL] 1. !public_key->pubSet\n");
735+
#ifndef WOLFSSL_SE050
736+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [CALL] 2. !private_key->privSet (checked because WOLFSSL_SE050 not defined)\n");
737+
#else
738+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [CALL] 2. !private_key->privSet (SKIPPED because WOLFSSL_SE050 defined)\n");
739+
#endif
740+
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [CALL] 3. MSB check: public_key->p.point[31] & 0x80\n");
716741
fflush(stderr);
717742
rc = wc_curve25519_shared_secret(local_key, peer_key_derive, secret, &len);
718743
fprintf(stderr, "[X25519-DEBUG] wp_x25519_derive: [AFTER] wc_curve25519_shared_secret returned: rc=%d\n", rc);

0 commit comments

Comments
 (0)