Create individual crypto callbacks for hkdf extract and hkdf expand#10598
Create individual crypto callbacks for hkdf extract and hkdf expand#10598twcook86 wants to merge 3 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR refines the crypto-callback (WOLF_CRYPTO_CB) KDF interface by splitting HKDF into distinct callback operations for HKDF-Extract and HKDF-Expand, and updates library internals and tests accordingly.
Changes:
- Introduces new KDF callback types and
wc_CryptoInfopayloads for HKDF extract/expand. - Adds new internal crypto-callback dispatch helpers (
wc_CryptoCb_Hkdf_Extract/wc_CryptoCb_Hkdf_Expand) and wires them into HKDF code paths. - Expands HKDF tests to exercise extract+expand flows in addition to one-shot HKDF.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfssl/wolfcrypt/types.h | Adds new wc_KdfType values for HKDF extract/expand. |
| wolfssl/wolfcrypt/cryptocb.h | Extends wc_CryptoInfo KDF union with HKDF extract/expand structs and declares new callback helpers. |
| wolfcrypt/src/hmac.c | Routes HKDF Extract/Expand through crypto callbacks when available. |
| wolfcrypt/src/cryptocb.c | Implements new crypto-callback helper functions and updates debug strings for KDF type. |
| wolfcrypt/test/test.c | Adds HKDF extract/expand test coverage and updates test crypto-device callback handling. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
bigbrett
left a comment
bigbrett
left a comment
There was a problem hiding this comment.
Would prefer you append-only to public structs, but its fine as is since it is only used by CryptoCbs and those aren't ABI restricted
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10598
Scan targets checked: wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src
Findings: 3
3 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
|
billphipps
left a comment
billphipps
left a comment
There was a problem hiding this comment.
Please move the check for cryptocb into the hdkf functions, not in the side that is using it. Check on unit testing the interface as well. Looks like a great start!
|
Jenkins retest this please |
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: COMMENT
Findings: 3 total — 2 posted, 1 skipped
2 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [Low] New inKey/out NULL validation in wc_HKDF_Expand_ex lacks a negative test —
wolfcrypt/test/test.c:34951-34962 - [Info] Misaligned indentation in new Extract callback block —
wolfcrypt/src/hmac.c:1764
Skipped findings
- [Medium]
Existing KDF crypto-cb devices now receive new HKDF_EXTRACT/HKDF_EXPAND callbacks
Review generated by Skoll
Description
Fixes zd#21919
Testing
built-in test.c expanded
Checklist