Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix wolfSSL/wolfCrypt key generation #30

Open
quapka opened this issue Jul 23, 2024 · 2 comments
Open

Fix wolfSSL/wolfCrypt key generation #30

quapka opened this issue Jul 23, 2024 · 2 comments

Comments

@quapka
Copy link
Collaborator

quapka commented Jul 23, 2024

WolfSSL complaints about keysize, which affects the tests. This does not show immediately in the GitHub Actions, because the exit code of the test itself is 0, e.g. here.

However, the output of the test-case is this (see default_wolfCrypt.txt file in this artefact):

═══ Running test suite: default ═══
═══ The default test suite run basic support of ECDH and ECDSA.
═══ Supports options:
═══ 	 - gt/kpg-type
═══ 	 - kt/ka-type
═══ 	 - st/sig-type
═══ 	 - key-type
═══ Date: 2024.07.23 08:30:22
═══ ECTester version: v0.3.3
═══ Library: wolfCrypt (wolfJCE)
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (0) KeyPairGenerator EC on                                                                          ┃ ERROR     ┃ [2/2] GenKeyPair   -> java.lang.RuntimeException : Keysize is 0, please set before generating key ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (1) KeyPairGenerator EC on                                                                          ┃ ERROR     ┃ [2/2] GenKeyPair   -> java.lang.RuntimeException : Keysize is 0, please set before generating key ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (2) KeyAgreement ECDH                                                                               ┃ ERROR     ┃ [1/5] GetPrivate   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (3) Signature SHA1withECDSA                                                                         ┃ ERROR     ┃ [1/7] GetKeys   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (4) Signature SHA384withECDSA                                                                       ┃ ERROR     ┃ [1/7] GetKeys   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (5) Signature SHA512withECDSA                                                                       ┃ ERROR     ┃ [1/7] GetKeys   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
■━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━┓
NOK ━ (6) Signature SHA256withECDSA                                                                       ┃ ERROR     ┃ [1/7] GetKeys   -> java.lang.NullPointerException : Cannot invoke "java.security.KeyPair.getPrivate()" because the return value of "cz.crcs.ectester.standalone.test.base.KeyGeneratorTestable.getKeyPair()" is null ┃ Error.
@J08nY
Copy link
Member

J08nY commented Jul 25, 2024

It took me some time but I figured out this is the source of the first exception:
https://github.com/wolfSSL/wolfcrypt-jni/blob/5ce2d0ea9a9e54efa204ae7b1a725db9f6543b9a/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyPairGenerator.java#L295

ECTester expects that the provider will choose some default parameters/keysize when the KeyPairGenerator is not provided with them but wolfCrypt does not do that and instead raises an exception.

@J08nY
Copy link
Member

J08nY commented Jul 25, 2024

Other issues of the sort "com.wolfssl.wolfcrypt.WolfCryptException : ASN parsing error, invalid input" are due to the wolfCrypt provider expecting keys in ASN.1 DER format (as it internally uses the wc_EccPublicKeyDecode function) while ECTester (and the rest of the Java providers/the world) uses the ANSI X9.62 format.

J08nY added a commit that referenced this issue Jul 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants