function extract_key_pair is a workaround for the faulty function wc_Ed25519PrivateKeyDecode

helkoulak · helkoulak · commit afb2ffdf900d · 2025-11-24T11:15:46.000+01:00
diff --git a/rustls-wolfcrypt-provider/src/sign/eddsa.rs b/rustls-wolfcrypt-provider/src/sign/eddsa.rs
@@ -20,6 +20,87 @@ pub struct Ed25519PrivateKey {
     algo: SignatureAlgorithm,
 }
 
+impl Ed25519PrivateKey {
+    /// Extract ED25519 private and if available public key values from a PKCS#8 DER formatted key
+    fn extract_key_pair(input_key: &[u8]) -> Result<([u8; 32], Option<[u8; 32]>), rustls::Error> {
+        let mut public_key_raw: [u8; 32] = [0; ED25519_PUB_KEY_SIZE as usize];
+        let mut private_key_raw: [u8; 32] = [0; ED25519_KEY_SIZE as usize];
+        let mut skip_bytes: usize;
+        let mut key_sub_slice = input_key;
+
+        const SHORT_FORM_LEN_MAX: u8 = 127;
+        const TAG_SEQUENCE: u8 = 0x30;
+        const TAG_OCTET_SEQUENCE: u8 = 0x04;
+        const TAG_OPTIONAL_SET_OF_ATTRIBUTES: u8 = 0x80; //Implicit, context-specific, and primitive underlying type (SET OF)
+        const TAG_OPTIONAL_PUBLIC_KEY_BIT_STRING: u8 = 0x81; //Implicit, context-specific, and primitive underlying type (BIT STRING)
+
+        // The input key is encoded in PKCS#8 DER format with a structure as in
+        // https://www.rfc-editor.org/rfc/rfc5958.html
+        //
+        // AsymmetricKeyPackage ::= SEQUENCE SIZE (1..MAX) OF OneAsymmetricKey
+
+        // OneAsymmetricKey ::= SEQUENCE {
+        //     version                   Version,
+        //     privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
+        //     privateKey                PrivateKey,
+        //     attributes            [0] Attributes OPTIONAL,
+        //     ...,
+        //     [[2: publicKey        [1] PublicKey OPTIONAL ]],
+        //     ...
+        //     }
+
+        // The key structure must begin with a SEQUENCE tag with at least 2 bytes length if short
+        // length format is used
+        if key_sub_slice[0] != TAG_SEQUENCE || key_sub_slice.len() < 2 {
+            return Err(rustls::Error::General(
+                "Faulty PKCS#8 ED25519 private key structure".into(),
+            ));
+        }
+        // Check which length format and skip tag and length encoding bytes
+        if key_sub_slice[1] > SHORT_FORM_LEN_MAX {
+            skip_bytes = (2 + (key_sub_slice[1] & 0x7F)) as usize;
+        } else {
+            skip_bytes = 2;
+        }
+
+        // Skip version (3 bytes), algorithm ID sequence (0x30 + length encoding bytes + 5 ID bytes),
+        skip_bytes += 3 + 7;
+        key_sub_slice = input_key.get(skip_bytes..).unwrap();
+
+        // Check if next bytes are 0x04, 0x22, 0x04, 0x20
+        if !matches!(
+            key_sub_slice,
+            [TAG_OCTET_SEQUENCE, 0x22, TAG_OCTET_SEQUENCE, 0x20, ..]
+        ) {
+            return Err(rustls::Error::General(
+                "Faulty PKCS#8 ED25519 private key structure".into(),
+            ));
+        }
+
+        // Copy private key value
+        skip_bytes += 4;
+        key_sub_slice = input_key.get(skip_bytes..).unwrap();
+        private_key_raw.copy_from_slice(&key_sub_slice[..ED25519_KEY_SIZE as usize]);
+        skip_bytes += ED25519_KEY_SIZE as usize;
+        key_sub_slice = input_key.get(skip_bytes..).unwrap();
+
+        // Check if optional SET OF attributes exists and skip
+        if key_sub_slice[0] == TAG_OPTIONAL_SET_OF_ATTRIBUTES {
+            skip_bytes += (2 + (key_sub_slice[1])) as usize;
+            key_sub_slice = input_key.get(skip_bytes..).unwrap();
+        }
+
+        // Check if optional public key value exists. If exists, skip tag, length encoding byte,
+        // and bits-used byte
+        if key_sub_slice[0] == TAG_OPTIONAL_PUBLIC_KEY_BIT_STRING {
+            public_key_raw.copy_from_slice(&key_sub_slice[3..(3 + ED25519_KEY_SIZE as usize)]);
+            Ok((private_key_raw, Some(public_key_raw)))
+        } else {
+            Ok((private_key_raw, None))
+        }
+    }
+}
+
 impl TryFrom<&PrivateKeyDer<'_>> for Ed25519PrivateKey {
     type Error = rustls::Error;
 
@@ -28,57 +109,35 @@ impl TryFrom<&PrivateKeyDer<'_>> for Ed25519PrivateKey {
             PrivateKeyDer::Pkcs8(der) => {
                 let mut ed25519_c_type: ed25519_key = unsafe { mem::zeroed() };
                 let ed25519_key_object = ED25519KeyObject::new(&mut ed25519_c_type);
-                let mut priv_key_raw: [u8; 32] = [0; 32];
-                let mut priv_key_raw_len: word32 = priv_key_raw.len() as word32;
-                let mut pub_key_raw: [u8; 32] = [0; 32];
-                let pub_key_raw_len: word32 = pub_key_raw.len() as word32;
+                let mut pub_raw: [u8; 32] = [0; 32];
+                let pub_key_raw_len: word32 = pub_raw.len() as word32;
                 let pkcs8: &[u8] = der.secret_pkcs8_der();
-                let pkcs8_sz: word32 = pkcs8.len() as word32;
-                let mut ret;
+                let (priv_key_raw, pub_key_raw) = match Ed25519PrivateKey::extract_key_pair(pkcs8) {
+                    Ok((priv_raw, pub_raw)) => (priv_raw, pub_raw),
+
+                    Err(error) => return Err(error),
+                };
 
                 // This function initiliazes an ed25519_key object for
                 // using it to sign a message.
                 ed25519_key_object.init();
 
-                let mut idx: u32 = 0;
-
-                // This function reads in an ED25519 private key from the input buffer, input,
-                // parses the private key, and uses it to generate an ed25519_key object,
-                // which it stores in key.
-                ret = unsafe {
-                    wc_Ed25519PrivateKeyDecode(
-                        pkcs8.as_ptr() as *mut u8,
-                        &mut idx,
-                        ed25519_key_object.as_ptr(),
-                        pkcs8_sz,
-                    )
-                };
-                check_if_zero(ret)
-                    .map_err(|_| rustls::Error::General("FFI function failed".into()))?;
-
-                ret = unsafe {
-                    wc_ed25519_make_public(
-                        ed25519_key_object.as_ptr(),
-                        pub_key_raw.as_mut_ptr(),
-                        pub_key_raw_len,
-                    )
-                };
-                check_if_zero(ret)
-                    .map_err(|_| rustls::Error::General("FFI function failed".into()))?;
-
-                ret = unsafe {
-                    wc_ed25519_export_private_only(
-                        ed25519_key_object.as_ptr(),
-                        priv_key_raw.as_mut_ptr(),
-                        &mut priv_key_raw_len,
-                    )
-                };
-                check_if_zero(ret)
-                    .map_err(|_| rustls::Error::General("FFI function failed".into()))?;
+                // Generate pub key part if not given
+                if pub_key_raw.is_none() {
+                    let ret = unsafe {
+                        wc_ed25519_make_public(
+                            ed25519_key_object.as_ptr(),
+                            pub_raw.as_mut_ptr(),
+                            pub_key_raw_len,
+                        )
+                    };
+                    check_if_zero(ret)
+                        .map_err(|_| rustls::Error::General("FFI function failed".into()))?;
+                }
 
                 Ok(Self {
                     priv_key: Arc::new(priv_key_raw.to_vec()),
-                    pub_key: Arc::new(pub_key_raw.to_vec()),
+                    pub_key: Arc::new(pub_raw.to_vec()),
                     algo: SignatureAlgorithm::ED25519,
                 })
             }
