Implement Key Wrap Demo #185
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR implements a comprehensive key wrap demo that can provision flash with wrapped RSA and AES GCM keys and retrieve them for decryption operations. The implementation refactors existing key wrap test code to avoid duplication while adding new flash-based key storage functionality.
- Adds functions to write wrapped keys to NVM flash and retrieve/use them for crypto operations
- Refactors demo code to reuse test suite functions instead of duplicating logic
- Updates configuration files to support larger key sizes and communication buffers
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| test/wh_test_keywrap.h | Adds function declarations for new NVM key operations |
| test/wh_test_keywrap.c | Major refactoring with new functions for flash-based key storage and usage |
| examples/posix/tcp/wh_server_tcp/wolfhsm_cfg.h | Increases max key wrap size to support RSA keys |
| examples/posix/tcp/wh_client_tcp/wolfhsm_cfg.h | Increases communication buffer size |
| examples/posix/tcp/wh_client_tcp/Makefile | Adds test source file to build |
| examples/demo/client/wh_demo_client_keywrap.h | Updates function name |
| examples/demo/client/wh_demo_client_keywrap.c | Replaces custom implementation with test suite calls |
| examples/demo/client/wh_demo_client_all.c | Updates function call to match new name |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
billphipps
left a comment
There was a problem hiding this comment.
Handful of comments. Maybe a few fixes. I'm marking this as request changes, but probably limited changes are necessary. Let me know when you are ready for a re-review. Looks great!
f9dfef3 to
c75d666
Compare
Implement key wrap demo that can provision the flash with a wrapped RSA and AES GCM key as well as pull those keys out from flash and attempt to decrypt a blob of data. This also refactors the key wrap demo code to use the test suite code directly so we don't have repeated code.
Initialize the key wrap structs to 0. Also make the clang-tidy-builder.sh user executable to make it easier to run locally
- Use macro instead of hard coded keyid - Fix function name in error prints
5996002 to
5d98918
Compare
5d98918 to
0dae633
Compare
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
94d50f3 to
d44efb6
Compare
The key wrap demo uses posixFlashFile callbacks and structs. This must only be compiled in when WOLFHSM_CFG_TEST_POSIX is enabled.
bigbrett
left a comment
There was a problem hiding this comment.
Good changes. A few lingering things that still need to be removed
Implement key wrap demo that can provision the flash with a wrapped RSA and AES GCM key as well as pull those keys out from flash and attempt to decrypt a blob of data.
This also refactors the key wrap demo code to use the test suite code directly so we don't have repeated code.