/* wolfCrypt.cs
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
using System;
using System.Collections.Generic;
#if !WindowsCE
using System.Collections.Concurrent;
#endif
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
namespace wolfSSL.CSharp
{
public class wolfcrypt
{
private const string wolfssl_dll = "wolfssl.dll";
/********************************
* Init wolfSSL library
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static int wolfCrypt_Init();
[DllImport(wolfssl_dll)]
private extern static int wolfCrypt_Cleanup();
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wolfCrypt_Init();
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wolfCrypt_Cleanup();
#endif
/********************************
* Random
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static IntPtr wc_rng_new(IntPtr nonce, UInt32 nonceSz, IntPtr heap);
[DllImport(wolfssl_dll)]
private extern static void wc_rng_free(IntPtr rng);
[DllImport(wolfssl_dll)]
private extern static int wc_RNG_GenerateBlock(IntPtr rng, IntPtr output, UInt32 sz);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wc_rng_new(IntPtr nonce, UInt32 nonceSz, IntPtr heap);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wc_rng_free(IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RNG_GenerateBlock(IntPtr rng, IntPtr output, UInt32 sz);
#endif
/********************************
* ECC
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static IntPtr wc_ecc_key_new(IntPtr heap);
[DllImport(wolfssl_dll)]
private extern static void wc_ecc_key_free(IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_set_rng(IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_make_key_ex(IntPtr rng, int keysize, IntPtr key, int curve_id);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_sign_hash(IntPtr hashPtr, uint hashlen, IntPtr sigPtr, IntPtr siglen, IntPtr rng, IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_verify_hash(IntPtr sigPtr, uint siglen, IntPtr hashPtr, uint hashlen, IntPtr res, IntPtr key);
/* ASN.1 DER format */
[DllImport(wolfssl_dll)]
private extern static int wc_EccPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
[DllImport(wolfssl_dll)]
private static extern int wc_EccPublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll)]
private static extern int wc_EccPrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
[DllImport(wolfssl_dll)]
private static extern int wc_EccPublicKeyToDer(IntPtr key, byte[] output, uint inLen, int with_AlgCurve);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wc_ecc_key_new(IntPtr heap);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wc_ecc_key_free(IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_set_rng(IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_make_key_ex(IntPtr rng, int keysize, IntPtr key, int curve_id);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_sign_hash(IntPtr hashPtr, uint hashlen, IntPtr sigPtr, IntPtr siglen, IntPtr rng, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_verify_hash(IntPtr sigPtr, uint siglen, IntPtr hashPtr, uint hashlen, IntPtr res, IntPtr key);
/* ASN.1 DER format */
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_EccPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_EccPublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_EccPrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_EccPublicKeyToDer(IntPtr key, byte[] output, uint inLen, int with_AlgCurve);
#endif
/********************************
* ECIES
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static IntPtr wc_ecc_ctx_new(int flags, IntPtr rng);
[DllImport(wolfssl_dll)]
private extern static IntPtr wc_ecc_ctx_new_ex(int flags, IntPtr rng, IntPtr heap);
[DllImport(wolfssl_dll)]
private extern static void wc_ecc_ctx_free(IntPtr ctx);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_ctx_reset(IntPtr ctx, IntPtr rng);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_ctx_set_algo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo);
[DllImport(wolfssl_dll)]
private extern static IntPtr wc_ecc_ctx_get_own_salt(IntPtr ctx);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_ctx_set_peer_salt(IntPtr ctx, IntPtr salt);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_ctx_set_own_salt(IntPtr ctx, IntPtr salt, uint sz);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_ctx_set_kdf_salt(IntPtr ctx, IntPtr salt, uint sz);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_ctx_set_info(IntPtr ctx, IntPtr info, int sz);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_encrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_encrypt_ex(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx, int compressed);
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_decrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wc_ecc_ctx_new(int flags, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wc_ecc_ctx_new_ex(int flags, IntPtr rng, IntPtr heap);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wc_ecc_ctx_free(IntPtr ctx);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_ctx_reset(IntPtr ctx, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_ctx_set_algo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wc_ecc_ctx_get_own_salt(IntPtr ctx);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_ctx_set_peer_salt(IntPtr ctx, IntPtr salt);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_ctx_set_own_salt(IntPtr ctx, IntPtr salt, uint sz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_ctx_set_kdf_salt(IntPtr ctx, IntPtr salt, uint sz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_ctx_set_info(IntPtr ctx, IntPtr info, int sz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_encrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_encrypt_ex(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx, int compressed);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_decrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx);
#endif
/********************************
* ECDHE
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static int wc_ecc_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_ecc_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
#endif
/********************************
* RSA
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll)]
private static extern int wc_DeleteRsaKey(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll)]
private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap);
[DllImport(wolfssl_dll)]
private extern static void wc_FreeRsaKey(IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_MakeRsaKey(IntPtr key, int keysize, Int32 exponent, IntPtr rng);
[DllImport(wolfssl_dll)]
private extern static int wc_RsaSSL_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll)]
private extern static int wc_RsaSSL_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, IntPtr key);
/* ASN.1 DER format */
[DllImport(wolfssl_dll)]
private extern static int wc_RsaPublicEncrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_RsaPrivateDecrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_RsaPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
[DllImport(wolfssl_dll)]
private extern static int wc_RsaPublicKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
[DllImport(wolfssl_dll)]
private extern static int wc_RsaPSS_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, int hashType, IntPtr rng, IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_RsaPSS_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, int hashType, IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_RsaPSS_CheckPadding(IntPtr sigPtr, int sigLen, int hashType, IntPtr key);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_DeleteRsaKey(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wc_FreeRsaKey(IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_MakeRsaKey(IntPtr key, int keysize, Int32 exponent, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaSSL_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaSSL_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, IntPtr key);
/* ASN.1 DER format */
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaPublicEncrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaPrivateDecrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaPublicKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaPSS_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, int hashType, IntPtr rng, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaPSS_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, int hashType, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_RsaPSS_CheckPadding(IntPtr sigPtr, int sigLen, int hashType, IntPtr key);
#endif
/********************************
* ED25519
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_delete(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_init(IntPtr key);
[DllImport(wolfssl_dll)]
private static extern void wc_ed25519_free(IntPtr key);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_make_key(IntPtr rng, int keysize, IntPtr key);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_sign_msg(IntPtr inMsg, uint inlen, IntPtr outMsg, ref uint outlen, IntPtr key);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_verify_msg(IntPtr sig, uint siglen, IntPtr msg, uint msgLen, ref int ret, IntPtr key);
/* ASN.1 DER format */
[DllImport(wolfssl_dll)]
private static extern int wc_Ed25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll)]
private static extern int wc_Ed25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll)]
private static extern int wc_Ed25519KeyToDer(IntPtr key, byte[] output, uint inLen);
[DllImport(wolfssl_dll)]
private static extern int wc_Ed25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
[DllImport(wolfssl_dll)]
private static extern int wc_Ed25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
/* RAW format */
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_make_public(IntPtr key, IntPtr pubKey, uint pubKeySz);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_import_public(IntPtr inMsg, uint inLen, IntPtr key);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_export_public(IntPtr key, IntPtr outMsg, ref uint outLen);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_export_private(IntPtr key, IntPtr outMsg, ref uint outLen);
[DllImport(wolfssl_dll)]
private static extern int wc_ed25519_size(IntPtr key);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_delete(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_init(IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern void wc_ed25519_free(IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_make_key(IntPtr rng, int keysize, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_sign_msg(IntPtr inMsg, uint inlen, IntPtr outMsg, ref uint outlen, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_verify_msg(IntPtr sig, uint siglen, IntPtr msg, uint msgLen, ref int ret, IntPtr key);
/* ASN.1 DER format */
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Ed25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Ed25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Ed25519KeyToDer(IntPtr key, byte[] output, uint inLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Ed25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Ed25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
/* RAW format */
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_make_public(IntPtr key, IntPtr pubKey, uint pubKeySz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_import_public(IntPtr inMsg, uint inLen, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_export_public(IntPtr key, IntPtr outMsg, ref uint outLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_export_private(IntPtr key, IntPtr outMsg, ref uint outLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_ed25519_size(IntPtr key);
#endif
/********************************
* Curve25519
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll)]
private static extern int wc_curve25519_delete(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_init(IntPtr key);
[DllImport(wolfssl_dll)]
private extern static void wc_curve25519_free(IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_make_key(IntPtr rng, int keysize, IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
/* Only available when wolfSSL is built with WOLFSSL_CURVE25519_BLINDING.
* Calls are wrapped in try/catch to tolerate builds without it. */
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_set_rng(IntPtr key, IntPtr rng);
/* ASN.1 DER format */
[DllImport(wolfssl_dll)]
private static extern int wc_Curve25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll)]
private static extern int wc_Curve25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll)]
private static extern int wc_Curve25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
[DllImport(wolfssl_dll)]
private static extern int wc_Curve25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
/* RAW format */
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_import_private(IntPtr privKey, int privKeySz, IntPtr key);
[DllImport(wolfssl_dll)]
private static extern int wc_curve25519_export_public(IntPtr key, byte[] outBuffer, ref uint outLen);
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_import_public(IntPtr pubKey, int pubKeySz, IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_export_public(IntPtr key, IntPtr outPubKey, ref int outlen);
[DllImport(wolfssl_dll)]
private static extern int wc_curve25519_export_key_raw(IntPtr key, byte[] priv, ref uint privSz, byte[] pub, ref uint pubSz);
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_import_private_raw(IntPtr privKey, IntPtr pubKey, IntPtr key);
[DllImport(wolfssl_dll)]
private extern static int wc_curve25519_export_private_raw(IntPtr key, IntPtr outPrivKey, IntPtr outPubKey);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_curve25519_delete(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_init(IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wc_curve25519_free(IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_make_key(IntPtr rng, int keysize, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen);
/* Only available when wolfSSL is built with WOLFSSL_CURVE25519_BLINDING.
* Calls are wrapped in try/catch to tolerate builds without it. */
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_set_rng(IntPtr key, IntPtr rng);
/* ASN.1 DER format */
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Curve25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Curve25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Curve25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_Curve25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg);
/* RAW format */
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_import_private(IntPtr privKey, int privKeySz, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_curve25519_export_public(IntPtr key, byte[] outBuffer, ref uint outLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_import_public(IntPtr pubKey, int pubKeySz, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_export_public(IntPtr key, IntPtr outPubKey, ref int outlen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_curve25519_export_key_raw(IntPtr key, byte[] priv, ref uint privSz, byte[] pub, ref uint pubSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_import_private_raw(IntPtr privKey, IntPtr pubKey, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_curve25519_export_private_raw(IntPtr key, IntPtr outPrivKey, IntPtr outPubKey);
#endif
/********************************
* ML-KEM
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_CipherTextSize(IntPtr key, ref uint len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_SharedSecretSize(IntPtr key, ref uint len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_PrivateKeySize(IntPtr key, ref uint len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_PublicKeySize(IntPtr key, ref uint len);
[DllImport(wolfssl_dll)]
private static extern IntPtr wc_MlKemKey_New(int type, IntPtr heap, int devId);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_Delete(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_MakeKey(IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_EncodePublicKey(IntPtr key, byte[] output, uint len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_DecodePublicKey(IntPtr key, byte[] input, uint len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_Encapsulate(IntPtr key, byte[] ct, byte[] ss, IntPtr rng);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_Decapsulate(IntPtr key, byte[] ss, byte[] ct, uint len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_EncodePrivateKey(IntPtr key, byte[] output, uint len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlKemKey_DecodePrivateKey(IntPtr key, byte[] input, uint len);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_CipherTextSize(IntPtr key, ref uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_SharedSecretSize(IntPtr key, ref uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_PrivateKeySize(IntPtr key, ref uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_PublicKeySize(IntPtr key, ref uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern IntPtr wc_MlKemKey_New(int type, IntPtr heap, int devId);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_Delete(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_MakeKey(IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_EncodePublicKey(IntPtr key, byte[] output, uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_DecodePublicKey(IntPtr key, byte[] input, uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_Encapsulate(IntPtr key, byte[] ct, byte[] ss, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_Decapsulate(IntPtr key, byte[] ss, byte[] ct, uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_EncodePrivateKey(IntPtr key, byte[] output, uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlKemKey_DecodePrivateKey(IntPtr key, byte[] input, uint len);
#endif
/********************************
* ML-DSA
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private static extern IntPtr wc_dilithium_new(IntPtr heap, int devId);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_delete(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_set_level(IntPtr key, byte level);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_make_key(IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_export_private(IntPtr key, byte[] output, ref uint outLen);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_import_private(byte[] priv, uint privSz, IntPtr key);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_export_public(IntPtr key, byte[] output, ref uint outLen);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_import_public(byte[] input, uint inputLen, IntPtr key);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_sign_ctx_msg(byte[] ctx, byte ctxLen, byte[] msg, uint msgLen, byte[] sig, ref uint sigLen, IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll)]
private static extern int wc_dilithium_verify_ctx_msg(byte[] sig, uint sigLen, byte[] ctx, byte ctxLen, byte[] msg, uint msgLen, ref int res, IntPtr key);
[DllImport(wolfssl_dll)]
private static extern int wc_MlDsaKey_GetPrivLen(IntPtr key, ref int len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlDsaKey_GetPubLen(IntPtr key, ref int len);
[DllImport(wolfssl_dll)]
private static extern int wc_MlDsaKey_GetSigLen(IntPtr key, ref int len);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern IntPtr wc_dilithium_new(IntPtr heap, int devId);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_delete(IntPtr key, IntPtr key_p);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_set_level(IntPtr key, byte level);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_make_key(IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_export_private(IntPtr key, byte[] output, ref uint outLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_import_private(byte[] priv, uint privSz, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_export_public(IntPtr key, byte[] output, ref uint outLen);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_import_public(byte[] input, uint inputLen, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_sign_ctx_msg(byte[] ctx, byte ctxLen, byte[] msg, uint msgLen, byte[] sig, ref uint sigLen, IntPtr key, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_dilithium_verify_ctx_msg(byte[] sig, uint sigLen, byte[] ctx, byte ctxLen, byte[] msg, uint msgLen, ref int res, IntPtr key);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlDsaKey_GetPrivLen(IntPtr key, ref int len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlDsaKey_GetPubLen(IntPtr key, ref int len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private static extern int wc_MlDsaKey_GetSigLen(IntPtr key, ref int len);
#endif
/********************************
* AES-GCM
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static IntPtr wc_AesNew(IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll)]
private extern static int wc_AesDelete(IntPtr aes, IntPtr aes_p);
[DllImport(wolfssl_dll)]
private extern static int wc_AesFree(IntPtr aes);
[DllImport(wolfssl_dll)]
private extern static int wc_AesInit(IntPtr aes, IntPtr heap, int devId);
[DllImport(wolfssl_dll)]
private extern static int wc_AesGcmInit(IntPtr aes, IntPtr key, uint len, IntPtr iv, uint ivSz);
[DllImport(wolfssl_dll)]
private extern static int wc_AesGcmSetKey(IntPtr aes, IntPtr key, uint len);
[DllImport(wolfssl_dll)]
private extern static int wc_AesGcmEncrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
[DllImport(wolfssl_dll)]
private extern static int wc_AesGcmDecrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wc_AesNew(IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_AesDelete(IntPtr aes, IntPtr aes_p);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_AesFree(IntPtr aes);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_AesInit(IntPtr aes, IntPtr heap, int devId);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_AesGcmInit(IntPtr aes, IntPtr key, uint len, IntPtr iv, uint ivSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_AesGcmSetKey(IntPtr aes, IntPtr key, uint len);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_AesGcmEncrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_AesGcmDecrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz);
#endif
/********************************
* HPKE
* Requires: HAVE_HPKE, HAVE_ECC (or HAVE_CURVE25519), HAVE_AESGCM
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static int wc_HpkeInit(IntPtr hpke, int kem, int kdf, int aead, IntPtr heap);
[DllImport(wolfssl_dll)]
private extern static int wc_HpkeGenerateKeyPair(IntPtr hpke, ref IntPtr keypair, IntPtr rng);
[DllImport(wolfssl_dll)]
private extern static int wc_HpkeSerializePublicKey(IntPtr hpke, IntPtr key, byte[] outBuf, ref ushort outSz);
[DllImport(wolfssl_dll)]
private extern static int wc_HpkeDeserializePublicKey(IntPtr hpke, ref IntPtr key, byte[] inBuf, ushort inSz);
[DllImport(wolfssl_dll)]
private extern static void wc_HpkeFreeKey(IntPtr hpke, ushort kem, IntPtr keypair, IntPtr heap);
[DllImport(wolfssl_dll)]
private extern static int wc_HpkeSealBase(IntPtr hpke, IntPtr ephemeralKey, IntPtr receiverKey, byte[] info, uint infoSz, byte[] aad, uint aadSz, byte[] plaintext, uint ptSz, byte[] ciphertext);
[DllImport(wolfssl_dll)]
private extern static int wc_HpkeOpenBase(IntPtr hpke, IntPtr receiverKey, byte[] pubKey, ushort pubKeySz, byte[] info, uint infoSz, byte[] aad, uint aadSz, byte[] ciphertext, uint ctSz, byte[] plaintext);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HpkeInit(IntPtr hpke, int kem, int kdf, int aead, IntPtr heap);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HpkeGenerateKeyPair(IntPtr hpke, ref IntPtr keypair, IntPtr rng);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HpkeSerializePublicKey(IntPtr hpke, IntPtr key, byte[] outBuf, ref ushort outSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HpkeDeserializePublicKey(IntPtr hpke, ref IntPtr key, byte[] inBuf, ushort inSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static void wc_HpkeFreeKey(IntPtr hpke, ushort kem, IntPtr keypair, IntPtr heap);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HpkeSealBase(IntPtr hpke, IntPtr ephemeralKey, IntPtr receiverKey, byte[] info, uint infoSz, byte[] aad, uint aadSz, byte[] plaintext, uint ptSz, byte[] ciphertext);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HpkeOpenBase(IntPtr hpke, IntPtr receiverKey, byte[] pubKey, ushort pubKeySz, byte[] info, uint infoSz, byte[] aad, uint aadSz, byte[] ciphertext, uint ctSz, byte[] plaintext);
#endif
/********************************
* HASH
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll)]
private extern static int wc_HashDelete(IntPtr hash, IntPtr hash_p);
[DllImport(wolfssl_dll)]
private extern static int wc_HashInit(IntPtr hash, uint hashType);
[DllImport(wolfssl_dll)]
private extern static int wc_HashUpdate(IntPtr hash, uint hashType, IntPtr data, uint dataSz);
[DllImport(wolfssl_dll)]
private extern static int wc_HashFinal(IntPtr hash, uint hashType, IntPtr output);
[DllImport(wolfssl_dll)]
private extern static int wc_HashFree(IntPtr hash, uint hashType);
[DllImport(wolfssl_dll)]
private extern static int wc_HashGetDigestSize(uint hashType);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId, IntPtr result_code);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HashDelete(IntPtr hash, IntPtr hash_p);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HashInit(IntPtr hash, uint hashType);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HashUpdate(IntPtr hash, uint hashType, IntPtr data, uint dataSz);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HashFinal(IntPtr hash, uint hashType, IntPtr output);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HashFree(IntPtr hash, uint hashType);
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static int wc_HashGetDigestSize(uint hashType);
#endif
/********************************
* Logging
*/
#if WindowsCE
[DllImport(wolfssl_dll)]
private extern static IntPtr wc_GetErrorString(int error);
public delegate void loggingCb(int lvl, string msg);
#else
[DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)]
private extern static IntPtr wc_GetErrorString(int error);
public delegate void loggingCb(int lvl, StringBuilder msg);
#endif
private static loggingCb internal_log;
///
/// Log a message to set logging function
///
/// Level of log message
/// Message to log
#if WindowsCE
private static void log(int lvl, string msg)
{
/* if log is not set then print nothing */
if (internal_log == null)
return;
internal_log(lvl, msg);
}
#else
private static void log(int lvl, string msg)
{
/* if log is not set then print nothing */
if (internal_log == null)
return;
StringBuilder ptr = new StringBuilder(msg);
internal_log(lvl, ptr);
}
#endif
/********************************
* Enum types from wolfSSL library
*/
/* Logging levels */
public static readonly int ERROR_LOG = 0;
public static readonly int INFO_LOG = 1;
public static readonly int ENTER_LOG = 2;
public static readonly int LEAVE_LOG = 3;
public static readonly int OTHER_LOG = 4;
public static readonly int INVALID_DEVID = -2;
public static readonly int ECC_MAX_SIG_SIZE = 141; /* ECC max sig size */
public static readonly int ECC_KEY_SIZE = 32; /* ECC key size */
public static readonly int MAX_ECIES_TEST_SZ = 200; /* ECIES max sig size */
public static readonly int ED25519_SIG_SIZE = 64; /* ED25519 pub + priv */
public static readonly int ED25519_KEY_SIZE = 32; /* Private key only */
public static readonly int ED25519_PUB_KEY_SIZE = 32; /* Compressed public */
public static readonly int AES_128_KEY_SIZE = 16; /* for 128 bit */
public static readonly int AES_192_KEY_SIZE = 24; /* for 192 bit */
public static readonly int AES_256_KEY_SIZE = 32; /* for 256 bit */
public static readonly int AES_BLOCK_SIZE = 16;
/* Error codes */
public static readonly int SUCCESS = 0;
public static readonly int EXCEPTION_E = -1;
public static readonly int MEMORY_E = -125; /* Out of memory error */
public static readonly int BUFFER_E = -131; /* RSA buffer error, output too small/large */
public static readonly int ASN_PARSE_E = -140; /* ASN parsing error, invalid input */
public static readonly int ASN_VERSION_E = -141; /* ASN version error, invalid number */
public static readonly int ASN_GETINT_E = -142; /* ASN get big int error, invalid data */
public static readonly int ASN_RSA_KEY_E = -143; /* ASN key init error, invalid input */
public static readonly int ASN_OBJECT_ID_E = -144; /* ASN object id error, invalid id */
public static readonly int ASN_TAG_NULL_E = -145; /* ASN tag error, not null */
public static readonly int ASN_EXPECT_0_E = -146; /* ASN expect error, not zero */
public static readonly int ASN_BITSTR_E = -147; /* ASN bit string error, wrong id */
public static readonly int ASN_UNKNOWN_OID_E = -148; /* ASN oid error, unknown sum id */
public static readonly int ASN_DATE_SZ_E = -149; /* ASN date error, bad size */
public static readonly int ASN_BEFORE_DATE_E = -150; /* ASN date error, current date before */
public static readonly int ASN_AFTER_DATE_E = -151; /* ASN date error, current date after */
public static readonly int ASN_SIG_OID_E = -152; /* ASN signature error, mismatched oid */
public static readonly int ASN_TIME_E = -153; /* ASN time error, unknown time type */
public static readonly int ASN_INPUT_E = -154; /* ASN input error, not enough data */
public static readonly int ASN_SIG_CONFIRM_E = -155; /* ASN sig error, confirm failure */
public static readonly int ASN_SIG_HASH_E = -156; /* ASN sig error, unsupported hash type */
public static readonly int ASN_SIG_KEY_E = -157; /* ASN sig error, unsupported key type */
public static readonly int BAD_FUNC_ARG = -173; /* Bad function argument */
public static readonly int SIG_VERIFY_E = -229; /* wolfcrypt signature verify error */
/***********************************************************************
* Class Public Functions
**********************************************************************/
///
/// Initialize wolfCrypt library
///
/// 0 on success
public static int Init()
{
int ret;
try
{
ret = wolfCrypt_Init();
}
catch (Exception e)
{
log(ERROR_LOG, "wolfCrypt init error " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
///
/// Clean up wolfCrypt library memory
///
/// 0 on success
public static int Cleanup()
{
int ret;
try
{
ret = wolfCrypt_Cleanup();
}
catch (Exception e)
{
log(ERROR_LOG, "wolfCrypt cleanup error " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
/***********************************************************************
* Random
**********************************************************************/
///
/// Create new WC_RNG context
///
/// Pointer to allocated WC_RNG or null
public static IntPtr RandomNew()
{
IntPtr rng;
try
{
/* Allocate and init new WC_RNG structure */
rng = wc_rng_new(
IntPtr.Zero, 0, /* Nonce (optional / used by FIPS only) */
IntPtr.Zero); /* Heap hint for static memory only */
}
catch (Exception e)
{
log(ERROR_LOG, "random new exception " + e.ToString());
rng = IntPtr.Zero;
}
return rng;
}
///
/// Free WC_RNG context
///
/// Pointer to allocated WC_RNG
public static void RandomFree(IntPtr rng)
{
if (rng != IntPtr.Zero)
{
/* Free WC_RNG structure */
wc_rng_free(rng);
}
}
///
/// Generate random data (use existing WC_RNG context)
///
/// WC_RNG created from RandomNew()
/// buffer to populate random data
/// size of buffer
/// 0=success or negative for error
public static int Random(IntPtr rng, byte[] buf, int sz)
{
int ret;
IntPtr data;
try
{
/* Allocate global buffer for wolfAPI random */
data = Marshal.AllocHGlobal(sz);
if (data != IntPtr.Zero)
{
/* Generate random block */
ret = wc_RNG_GenerateBlock(rng, data, Convert.ToUInt32(sz));
if (ret == 0)
{
/* copy returned data */
Marshal.Copy(data, buf, 0, sz);
}
else
{
log(ERROR_LOG, "random generate block error " + ret + ": " + GetError(ret));
}
Marshal.FreeHGlobal(data);
}
else
{
ret = MEMORY_E;
}
}
catch (Exception e)
{
log(ERROR_LOG, "random generate block exception " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
///
/// Generate random data (single shot)
///
/// buffer to populate random data
/// size of buffer
/// 0=success or negative for error
public static int Random(byte[] buf, int sz)
{
int ret;
IntPtr rng = RandomNew();
if (rng == IntPtr.Zero)
{
return MEMORY_E;
}
ret = Random(rng, buf, sz);
RandomFree(rng);
return ret;
}
/* END Random */
/***********************************************************************
* ECC
**********************************************************************/
///
/// Generate a new ECC private / public key pair
///
/// Key size in bytes (example: SECP256R1 = 32)
/// Allocated ECC key structure or null
public static IntPtr EccMakeKey(int keysize, IntPtr rng)
{
int ret;
IntPtr key = IntPtr.Zero;
try
{
/* Allocate and init new WC_RNG structure */
key = wc_ecc_key_new(IntPtr.Zero);
if (key != IntPtr.Zero)
{
ret = wc_ecc_make_key_ex(rng, keysize, key, 0); /* 0=use default curve */
if (ret != 0)
{
EccFreeKey(key);
key = IntPtr.Zero;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC make key exception " + e.ToString());
EccFreeKey(key);
key = IntPtr.Zero;
}
return key;
}
///
/// Sets the ECC rng structure
///
/// Supplied key as a pointer
/// rng context as a pointer
/// Returns 0 on success
public static int EccSetRng(IntPtr key, IntPtr rng)
{
int ret = 0;
try
{
/* Check */
if (key == IntPtr.Zero)
{
log(ERROR_LOG, "Invalid key or rng pointer.");
return MEMORY_E;
}
/* Set ECC rng */
ret = wc_ecc_set_rng(key, rng);
if (ret != 0)
{
log(ERROR_LOG, "ECC set rng failed returned:" + ret);
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC set rng exception " + e.ToString());
}
return ret;
}
///
/// Generate a new ECC private / public key pair
///
/// ASN.1 private key buffer (see ecc_clikey_der_256)
/// Allocated ECC key structure or null
public static IntPtr EccImportKey(byte[] keyASN1)
{
int ret;
IntPtr key = IntPtr.Zero;
try
{
key = wc_ecc_key_new(IntPtr.Zero);
if (key != IntPtr.Zero)
{
IntPtr idx = Marshal.AllocHGlobal(sizeof(uint));
IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length);
Marshal.WriteInt32(idx, 0);
Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length);
ret = wc_EccPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length));
if (ret != 0)
{
EccFreeKey(key);
key = IntPtr.Zero;
}
Marshal.FreeHGlobal(idx); /* not used */
Marshal.FreeHGlobal(keydata);
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC import key exception " + e.ToString());
EccFreeKey(key); /* make sure its free'd */
key = IntPtr.Zero;
}
return key;
}
///
/// Sign a hash using ECC
///
/// ECC key structure
/// Hash to sign
/// Buffer to receive the signature
/// Length of the signature on success, otherwise a negative error code
public static int EccSign(IntPtr key, byte[] hash, byte[] signature)
{
int ret;
int signedLength = 0;
IntPtr hashPtr = IntPtr.Zero;
IntPtr sigPtr = IntPtr.Zero;
IntPtr sigLen = IntPtr.Zero;
IntPtr rng = IntPtr.Zero;
try
{
rng = RandomNew();
hashPtr = Marshal.AllocHGlobal(hash.Length);
sigPtr = Marshal.AllocHGlobal(signature.Length);
sigLen = Marshal.AllocHGlobal(sizeof(uint));
Marshal.WriteInt32(sigLen, signature.Length);
Marshal.Copy(hash, 0, hashPtr, hash.Length);
ret = wc_ecc_sign_hash(hashPtr, Convert.ToUInt32(hash.Length), sigPtr, sigLen, rng, key);
/* Output actual signature length */
if (ret == 0)
{
signedLength = Marshal.ReadInt32(sigLen);
if (signedLength <= signature.Length)
{
Marshal.Copy(sigPtr, signature, 0, signedLength);
}
else
{
ret = BUFFER_E;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC sign exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
if (sigLen != IntPtr.Zero) Marshal.FreeHGlobal(sigLen);
if (rng != IntPtr.Zero) RandomFree(rng);
}
return ret == 0 ? signedLength : ret;
}
///
/// Verify a signature using ECC
///
/// ECC key structure
/// Signature to verify
/// Expected hash value
/// 0 on success, otherwise an error code
public static int EccVerify(IntPtr key, byte[] signature, byte[] hash)
{
int ret;
IntPtr hashPtr = IntPtr.Zero;
IntPtr sigPtr = IntPtr.Zero;
IntPtr res = IntPtr.Zero;
try
{
hashPtr = Marshal.AllocHGlobal(hash.Length);
sigPtr = Marshal.AllocHGlobal(signature.Length);
res = Marshal.AllocHGlobal(sizeof(int));
Marshal.Copy(hash, 0, hashPtr, hash.Length);
Marshal.Copy(signature, 0, sigPtr, signature.Length);
ret = wc_ecc_verify_hash(sigPtr, Convert.ToUInt32(signature.Length), hashPtr, Convert.ToUInt32(hash.Length), res, key);
if (ret == 0)
{
int verifyResult = Marshal.ReadInt32(res);
ret = verifyResult == 1 ? 0 : EXCEPTION_E;
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC verify exception " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
if (res != IntPtr.Zero) Marshal.FreeHGlobal(res);
}
return ret;
}
///
/// Export ECC Private Key to DER format
///
/// ECC key structure
/// DER-encoded private key as byte array
public static int EccExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
{
int ret;
derKey = null;
try
{
int bufferSize = wc_EccPrivateKeyToDer(key, null, 0);
if (bufferSize < 0) {
log(ERROR_LOG, "ECC private key get size failed " + bufferSize.ToString());
return bufferSize;
}
derKey = new byte[bufferSize];
ret = wc_EccPrivateKeyToDer(key, derKey, (uint)bufferSize);
if (ret < 0)
{
log(ERROR_LOG, "ECC private key to der failed " + ret.ToString());
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC export private exception " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
///
/// Export ECC Public Key to DER format
///
/// ECC key structure
/// Include algorithm curve in the output
/// DER-encoded public key as byte array
public static int EccExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeCurve)
{
int ret;
derKey = null;
try
{
int bufferSize = wc_EccPublicKeyToDer(key, null, 0, includeCurve ? 1 : 0);
if (bufferSize < 0) {
log(ERROR_LOG, "ECC public key get size failed " + bufferSize.ToString());
return bufferSize;
}
derKey = new byte[bufferSize];
ret = wc_EccPublicKeyToDer(key, derKey, (uint)bufferSize, includeCurve ? 1 : 0);
if (ret < 0)
{
log(ERROR_LOG, "ECC public key to der failed " + ret.ToString());
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC export public exception " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
///
/// Import ECC Public Key from DER format
///
/// DER-encoded public key
/// Allocated ECC key structure or null
public static IntPtr EccImportPublicKeyFromDer(byte[] keyDer)
{
int ret;
IntPtr key = IntPtr.Zero;
try
{
key = wc_ecc_key_new(IntPtr.Zero);
if (key != IntPtr.Zero)
{
uint idx = 0;
ret = wc_EccPublicKeyDecode(keyDer, ref idx, key, (uint)keyDer.Length);
if (ret != 0)
{
EccFreeKey(key);
key = IntPtr.Zero;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC import public key exception " + e.ToString());
EccFreeKey(key);
key = IntPtr.Zero;
}
return key;
}
///
/// Free an ECC key structure
///
/// ECC key structure allocated using EccMakeKey() or EccImportKey()
public static void EccFreeKey(IntPtr key)
{
if (key != IntPtr.Zero)
{
wc_ecc_key_free(key);
}
}
/* END ECC */
/***********************************************************************
* ECIES
**********************************************************************/
///
/// Create a new ECIES context with flags, RNG, and custom heap.
///
/// Flags for the context initialization.
/// Random Number Generator (RNG) pointer.
/// Custom heap pointer for memory allocations.
/// Pointer to the newly created ECIES context or IntPtr.Zero on failure.
public static IntPtr EciesNewCtx(int flags, IntPtr rng, IntPtr heap)
{
IntPtr ctx = IntPtr.Zero;
heap = IntPtr.Zero;
try
{
ctx = wc_ecc_ctx_new_ex(flags, rng, heap);
if (ctx == IntPtr.Zero)
{
log(ERROR_LOG, "ECIES context creation with custom heap failed: returned IntPtr.Zero");
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES context creation with custom heap failed: " + e.ToString());
return IntPtr.Zero;
}
return ctx;
}
///
/// Reset the ECIES context with a new RNG.
///
/// Pointer to the ECIES context to reset.
/// New RNG to set.
/// 0 on success, or a negative error code on failure.
public static int EciesCtxReset(IntPtr ctx, IntPtr rng)
{
int ret;
try
{
ret = wc_ecc_ctx_reset(ctx, rng);
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES context reset exception: " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
///
/// Set encryption, KDF, and MAC algorithms for the ECIES context.
///
/// Pointer to the ECIES context.
/// Encryption algorithm identifier.
/// Key Derivation Function (KDF) algorithm identifier.
/// MAC algorithm identifier.
/// 0 on success, or a negative error code on failure.
public static int EciesSetAlgo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo)
{
int ret;
try
{
ret = wc_ecc_ctx_set_algo(ctx, encAlgo, kdfAlgo, macAlgo);
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES set algorithm exception: " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
///
/// Get the ECIES own salt as a byte array.
///
/// Pointer to the ECIES context.
/// Byte array representing the own salt, or null if there is an error.
public static byte[] EciesGetOwnSalt(IntPtr ctx)
{
IntPtr saltPtr = IntPtr.Zero;
byte[] salt = null;
try
{
/* Check ctx */
if (ctx == IntPtr.Zero)
{
log(ERROR_LOG, "Invalid ECIES context pointer.");
return null;
}
/* Get own salt */
saltPtr = wc_ecc_ctx_get_own_salt(ctx);
if (saltPtr == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to get own salt.");
return null;
}
/* Allocate salt size and copy to byte array */
salt = new byte[(int)ecKeySize.EXCHANGE_SALT_SZ];
Marshal.Copy(saltPtr, salt, 0, (int)ecKeySize.EXCHANGE_SALT_SZ);
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES get own salt exception: " + e.ToString());
return null;
}
finally
{
/* Cleanup */
if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
}
return salt;
}
///
/// Set the peer salt for the ECIES context.
///
/// Pointer to the ECIES context.
/// Peer salt as a byte array.
/// 0 on success, or a negative error code on failure.
public static int EciesSetPeerSalt(IntPtr ctx, byte[] salt)
{
IntPtr saltPtr = IntPtr.Zero;
int ret;
try
{
/* Allocate memory */
saltPtr = Marshal.AllocHGlobal(salt.Length);
Marshal.Copy(salt, 0, saltPtr, salt.Length);
/* Set the peer salt */
ret = wc_ecc_ctx_set_peer_salt(ctx, saltPtr);
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES set peer salt exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
}
return ret;
}
///
/// Set the own salt for the ECIES context.
///
/// Pointer to the ECIES context.
/// Own salt as a byte array.
/// 0 on success, or a negative error code on failure.
public static int EciesSetOwnSalt(IntPtr ctx, byte[] salt)
{
IntPtr saltPtr = IntPtr.Zero;
uint saltSz;
int ret;
try
{
/* Allocate memory */
saltSz = (uint)salt.Length;
saltPtr = Marshal.AllocHGlobal(salt.Length);
Marshal.Copy(salt, 0, saltPtr, salt.Length);
/* Set the own salt */
ret = wc_ecc_ctx_set_own_salt(ctx, saltPtr, saltSz);
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES set own salt exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
}
return ret;
}
///
/// Set the KDF salt for the ECIES context.
///
/// Pointer to the ECIES context.
/// KDF salt as a byte array.
/// 0 on success, or a negative error code on failure.
public static int EciesSetKdfSalt(IntPtr ctx, byte[] salt)
{
IntPtr saltPtr = IntPtr.Zero;
uint saltSz;
int ret;
try
{
/* Allocate memory */
saltSz = (uint)salt.Length;
saltPtr = Marshal.AllocHGlobal(salt.Length);
Marshal.Copy(salt, 0, saltPtr, salt.Length);
/* Set the KDF salt */
ret = wc_ecc_ctx_set_kdf_salt(ctx, saltPtr, saltSz);
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES set KDF salt exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr);
}
return ret;
}
///
/// Set the info for the ECIES context.
///
/// Pointer to the ECIES context.
/// Info as a byte array.
/// 0 on success, or a negative error code on failure.
public static int EciesSetInfo(IntPtr ctx, byte[] info)
{
IntPtr infoPtr = IntPtr.Zero;
int ret;
try
{
/* Allocate memory */
infoPtr = Marshal.AllocHGlobal(info.Length);
Marshal.Copy(info, 0, infoPtr, info.Length);
/* Set the info */
ret = wc_ecc_ctx_set_info(ctx, infoPtr, info.Length);
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES set info exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (infoPtr != IntPtr.Zero) Marshal.FreeHGlobal(infoPtr);
}
return ret;
}
///
/// Encrypt a message using ECIES.
///
/// Private key.
/// Public key.
/// Message to encrypt.
/// Message size.
/// Output buffer.
/// ECIES context.
/// 0 on success, or a negative error code on failure.
public static int EciesEncrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx)
{
int ret;
int outBufferLength = 0;
IntPtr msgPtr = IntPtr.Zero;
IntPtr outBufferPtr = IntPtr.Zero;
IntPtr outSz = IntPtr.Zero;
try
{
/* Allocate memory */
msgPtr = Marshal.AllocHGlobal(msg.Length);
outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length);
outSz = Marshal.AllocHGlobal(sizeof(uint));
Marshal.WriteInt32(outSz, outBuffer.Length);
Marshal.Copy(msg, 0, msgPtr, msg.Length);
/* Encrypt */
ret = wc_ecc_encrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx);
if (ret < 0)
{
log(ERROR_LOG, "Failed to encrypt message using ECIES. Error code: " + ret);
}
/* Output actual output buffer length */
if (ret == 0)
{
outBufferLength = Marshal.ReadInt32(outSz);
if (outBufferLength <= outBuffer.Length)
{
Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength);
}
else
{
ret = BUFFER_E;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES encryption exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr);
if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz);
}
return ret == 0 ? outBufferLength : ret;
}
///
/// Decrypt a message using ECIES.
///
/// Private key.
/// Public key.
/// Encrypted message.
/// Message size.
/// Output buffer for the decrypted message.
/// ECIES context.
/// 0 on success, or a negative error code on failure.
public static int EciesDecrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx)
{
int ret;
int outBufferLength = 0;
IntPtr msgPtr = IntPtr.Zero;
IntPtr outBufferPtr = IntPtr.Zero;
IntPtr outSz = IntPtr.Zero;
try
{
/* Allocate memory */
msgPtr = Marshal.AllocHGlobal(msg.Length);
outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length);
outSz = Marshal.AllocHGlobal(sizeof(uint));
Marshal.WriteInt32(outSz, outBuffer.Length);
Marshal.Copy(msg, 0, msgPtr, msg.Length);
/* Decrypt */
ret = wc_ecc_decrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx);
if (ret < 0)
{
log(ERROR_LOG, "Failed to decrypt message using ECIES. Error code: " + ret);
}
/* Output actual output buffer length */
if (ret == 0)
{
outBufferLength = Marshal.ReadInt32(outSz);
if (outBufferLength <= outBuffer.Length)
{
Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength);
}
else
{
ret = BUFFER_E;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECIES decryption exception: " + e.ToString());
return EXCEPTION_E;
}
finally
{
/* Cleanup */
if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr);
if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz);
}
return ret == 0 ? outBufferLength : ret;
}
///
/// Free the ECIES context.
///
/// Pointer to the ECIES context to free.
public static void EciesFreeCtx(IntPtr ctx)
{
if (ctx != IntPtr.Zero)
{
wc_ecc_ctx_free(ctx);
}
}
/********************************
* ENUMS
*/
public enum ecEncAlgo {
ecAES_128_CBC = 1, /* default */
ecAES_256_CBC = 2,
ecAES_128_CTR = 3,
ecAES_256_CTR = 4
}
public enum ecKdfAlgo {
ecHKDF_SHA256 = 1, /* default */
ecHKDF_SHA1 = 2,
ecKDF_X963_SHA1 = 3,
ecKDF_X963_SHA256 = 4,
ecKDF_SHA1 = 5,
ecKDF_SHA256 = 6
}
public enum ecMacAlgo {
ecHMAC_SHA256 = 1, /* default */
ecHMAC_SHA1 = 2
}
public enum ecKeySize {
KEY_SIZE_128 = 16,
KEY_SIZE_256 = 32,
IV_SIZE_64 = 8,
IV_SIZE_128 = 16,
ECC_MAX_IV_SIZE = 16,
EXCHANGE_SALT_SZ = 16,
EXCHANGE_INFO_SZ = 23
}
public enum ecFlags {
REQ_RESP_CLIENT = 1,
REQ_RESP_SERVER = 2
}
/* END ECIES */
/***********************************************************************
* ECDHE
**********************************************************************/
///
/// Generate a shared secret using ECC
///
/// ECC private key
/// ECC public key
/// Buffer to receive the shared secret
/// 0 on success, otherwise an error code
public static int EcdheSharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret, IntPtr rng)
{
int ret;
int secretLength = secret.Length;
try
{
/* set RNG for Public Key */
ret = EccSetRng(privateKey, rng);
if (ret != 0)
{
throw new Exception("Failed to set Public Key RNG Error code: " + ret);
}
/* set RNG for Private Key */
ret = EccSetRng(publicKey, rng);
if (ret != 0)
{
throw new Exception("Failed to set Private Key RNG. Error code: " + ret);
}
/* Generate shared secret */
if (privateKey != IntPtr.Zero || publicKey != IntPtr.Zero)
{
ret = wc_ecc_shared_secret(privateKey, publicKey, secret, ref secretLength);
if (ret != 0)
{
throw new Exception("Failed to compute ECC shared secret. Error code: " + ret);
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "ECC shared secret exception " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
/* END ECDHE */
/***********************************************************************
* RSA
**********************************************************************/
///
/// Generate a new RSA private/public key pair
///
/// Pointer to the heap for memory allocation
/// (use IntPtr.Zero if not applicable)
/// Device ID (if applicable, otherwise use 0)
/// Key size in bits (example: 2048)
/// Exponent for RSA key generation (default is 65537)
/// Allocated RSA key structure or null on failure
public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize, Int32 exponent)
{
int ret;
IntPtr key = IntPtr.Zero;
IntPtr rng = IntPtr.Zero;
try
{
/* Allocate and init new RSA key structure */
key = wc_NewRsaKey(heap, devId, IntPtr.Zero);
if (key != IntPtr.Zero)
{
rng = RandomNew();
if (rng == IntPtr.Zero)
{
throw new Exception("Failed to create rng.");
}
ret = wc_MakeRsaKey(key, keysize, exponent, rng);
if (ret != 0)
{
RsaFreeKey(key);
key = IntPtr.Zero;
}
RandomFree(rng);
rng = IntPtr.Zero;
}
}
catch (Exception e)
{
log(ERROR_LOG, "RSA make key exception " + e.ToString());
if (rng != IntPtr.Zero) RandomFree(rng);
if (key != IntPtr.Zero) RsaFreeKey(key);
key = IntPtr.Zero;
}
return key;
}
public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize)
{
return RsaMakeKey(heap, devId, keysize, 65537);
}
///
/// Import an RSA private key from ASN.1 buffer
///
/// ASN.1 private key buffer
/// Allocated RSA key structure or null
public static IntPtr RsaImportKey(byte[] keyASN1)
{
int ret;
IntPtr key = IntPtr.Zero;
try
{
key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
if (key != IntPtr.Zero)
{
IntPtr idx = Marshal.AllocHGlobal(sizeof(uint));
IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length);
Marshal.WriteInt32(idx, 0);
Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length);
ret = wc_RsaPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length));
if (ret != 0)
{
RsaFreeKey(key);
key = IntPtr.Zero;
}
Marshal.FreeHGlobal(idx); /* not used */
Marshal.FreeHGlobal(keydata);
}
}
catch (Exception e)
{
log(ERROR_LOG, "RSA make key exception " + e.ToString());
RsaFreeKey(key); /* make sure its free'd */
key = IntPtr.Zero;
}
return key;
}
///
/// Sign a hash using RSA and SSL-style padding
///
/// RSA key structure
/// Hash to sign
/// Buffer to receive the signature
/// Length of the signature on success, otherwise an error code
public static int RsaSignSSL(IntPtr key, byte[] hash, byte[] signature)
{
IntPtr hashPtr = Marshal.AllocHGlobal(hash.Length);
IntPtr sigPtr = Marshal.AllocHGlobal(signature.Length);
IntPtr rng = IntPtr.Zero;
int ret;
try
{
rng = RandomNew();
if (rng == IntPtr.Zero)
{
throw new Exception("Failed to create RNG.");
}
Marshal.Copy(hash, 0, hashPtr, hash.Length);
ret = wc_RsaSSL_Sign(hashPtr, hash.Length, sigPtr, signature.Length, key, rng);
if (ret >= 0) /* `wc_RsaSSL_Sign` returns the signature length on success */
{
Marshal.Copy(sigPtr, signature, 0, ret);
}
}
finally
{
if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
if (rng != IntPtr.Zero) RandomFree(rng);
}
return ret;
}
///
/// Verify a signature using RSA and SSL-style padding
///
/// RSA key structure
/// Signature to verify
/// Expected hash value
/// 0 on success, otherwise an error code
public static int RsaVerifySSL(IntPtr key, byte[] signature, byte[] hash)
{
IntPtr hashPtr = IntPtr.Zero;
IntPtr sigPtr = IntPtr.Zero;
int ret;
try
{
hashPtr = Marshal.AllocHGlobal(hash.Length);
sigPtr = Marshal.AllocHGlobal(signature.Length);
Marshal.Copy(signature, 0, sigPtr, signature.Length);
ret = wc_RsaSSL_Verify(sigPtr, signature.Length, hashPtr, hash.Length, key);
if (ret == hash.Length)
{
byte[] verifiedHash = new byte[hash.Length];
Marshal.Copy(hashPtr, verifiedHash, 0, hash.Length);
if (ByteArrayVerify(verifiedHash, hash))
{
ret = 0;
}
else
{
ret = SIG_VERIFY_E;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "RSA verify exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr);
if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
}
return ret;
}
///
/// Encrypt data using RSA public key encryption
///
/// RSA key structure
/// Data to encrypt
/// Buffer to receive the encrypted data
/// 0 on success, otherwise an error code
public static int RsaPublicEncrypt(IntPtr key, byte[] input, byte[] output)
{
IntPtr inPtr = Marshal.AllocHGlobal(input.Length);
IntPtr outPtr = Marshal.AllocHGlobal(output.Length);
Marshal.Copy(input, 0, inPtr, input.Length);
int ret = wc_RsaPublicEncrypt(inPtr, input.Length, outPtr, output.Length, key);
if (ret > 0)
{
Marshal.Copy(outPtr, output, 0, ret);
}
Marshal.FreeHGlobal(inPtr);
Marshal.FreeHGlobal(outPtr);
return ret > 0 ? 0 : ret;
}
///
/// Decrypt data using RSA private key decryption
///
/// RSA key structure
/// Encrypted data
/// Buffer to receive the decrypted data
/// 0 on success, otherwise an error code
public static int RsaPrivateDecrypt(IntPtr key, byte[] input, byte[] output)
{
IntPtr inPtr = Marshal.AllocHGlobal(input.Length);
IntPtr outPtr = Marshal.AllocHGlobal(output.Length);
Marshal.Copy(input, 0, inPtr, input.Length);
int ret = wc_RsaPrivateDecrypt(inPtr, input.Length, outPtr, output.Length, key);
if (ret > 0)
{
Marshal.Copy(outPtr, output, 0, ret);
}
Marshal.FreeHGlobal(inPtr);
Marshal.FreeHGlobal(outPtr);
return ret > 0 ? 0 : ret;
}
///
/// Free an RSA key structure
///
/// RSA key structure allocated using RsaMakeKey() or RsaImportKey()
public static void RsaFreeKey(IntPtr key)
{
if (key != IntPtr.Zero)
{
wc_DeleteRsaKey(key, IntPtr.Zero);
key = IntPtr.Zero;
}
}
/* END RSA */
/***********************************************************************
* ED25519
**********************************************************************/
///
/// Generate a new ED25519 key pair with a specified heap, device ID, and internally managed RNG.
///
/// Heap to use for memory allocations (can be IntPtr.Zero).
/// Device ID for hardware-based keys (can be 0 for software).
/// 0 on success, or an error code on failure.
public static IntPtr Ed25519MakeKey(IntPtr heap, int devId)
{
int ret = 0;
IntPtr rng = IntPtr.Zero;
IntPtr key = IntPtr.Zero;
try
{
rng = RandomNew();
if (rng == IntPtr.Zero)
{
throw new Exception("Failed to create RNG.");
}
key = wc_ed25519_new(heap, devId, IntPtr.Zero);
if (key != IntPtr.Zero)
{
ret = wc_ed25519_make_key(rng, 32, key);
}
}
catch (Exception e)
{
log(ERROR_LOG, "ED25519 make key exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (rng != IntPtr.Zero) RandomFree(rng);
if (ret != 0)
{
wc_ed25519_delete(key, IntPtr.Zero);
key = IntPtr.Zero;
}
}
return key;
}
///
/// Sign a message with an ED25519 private key.
///
/// Message to be signed
/// Buffer to receive the signature
/// Private key used for signing
/// 0 on success, otherwise an error code
public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key)
{
int ret;
IntPtr inMsgPtr = Marshal.AllocHGlobal(inMsg.Length);
IntPtr outMsgPtr = Marshal.AllocHGlobal(ED25519_SIG_SIZE);
outMsg = null;
try
{
Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length);
uint outMsgSize = (uint)ED25519_SIG_SIZE;
ret = wc_ed25519_sign_msg(inMsgPtr, (uint)inMsg.Length, outMsgPtr, ref outMsgSize, key);
if (ret == 0)
{
outMsg = new byte[outMsgSize];
Marshal.Copy(outMsgPtr, outMsg, 0, (int)outMsgSize);
}
}
finally
{
/* Cleanup */
if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr);
if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
}
return ret;
}
///
/// Verify a signature of a message with an ED25519 public key.
///
/// Signature to verify
/// Message that was signed
/// Public key used for verification
/// 0 if the verification succeeds, otherwise an error code
public static int Ed25519VerifyMsg(byte[] sig, byte[] msg, IntPtr key)
{
IntPtr sigPtr = IntPtr.Zero;
IntPtr msgPtr = IntPtr.Zero;
int ret = 0;
try
{
/* Allocate memory */
sigPtr = Marshal.AllocHGlobal(sig.Length);
msgPtr = Marshal.AllocHGlobal(msg.Length);
Marshal.Copy(sig, 0, sigPtr, sig.Length);
Marshal.Copy(msg, 0, msgPtr, msg.Length);
int verify = 0;
ret = wc_ed25519_verify_msg(sigPtr, (uint)sig.Length, msgPtr, (uint)msg.Length, ref verify, key);
if (ret == 0 && verify == 1)
{
ret = 0;
}
else
{
ret = SIG_VERIFY_E;
}
}
catch (Exception e)
{
log(ERROR_LOG, "ED25519 verify exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr);
if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr);
}
return ret;
}
///
/// Decode an ED25519 private key from DER format.
///
/// DER-encoded private key as byte array.
/// Allocated ED25519 key structure or IntPtr.Zero on failure.
public static IntPtr Ed25519PrivateKeyDecode(byte[] input)
{
IntPtr key = IntPtr.Zero;
uint idx = 0;
int ret;
try
{
key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
if (key != IntPtr.Zero)
{
ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length);
if (ret != 0)
{
Ed25519FreeKey(key);
key = IntPtr.Zero;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "ED25519 private key decode exception: " + e.ToString());
if (key != IntPtr.Zero) Ed25519FreeKey(key);
key = IntPtr.Zero;
}
return key;
}
///
/// Decode an ED25519 public key from DER format.
///
/// DER-encoded public key as byte array.
/// Allocated ED25519 key structure or IntPtr.Zero on failure.
public static IntPtr Ed25519PublicKeyDecode(byte[] input)
{
IntPtr key = IntPtr.Zero;
uint idx = 0;
int ret;
try
{
key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
if (key != IntPtr.Zero)
{
ret = wc_Ed25519PublicKeyDecode(input, ref idx, key, (uint)input.Length);
if (ret != 0)
{
Ed25519FreeKey(key);
key = IntPtr.Zero;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "ED25519 public key decode exception: " + e.ToString());
if (key != IntPtr.Zero) Ed25519FreeKey(key);
key = IntPtr.Zero;
}
return key;
}
///
/// Export an ED25519 key to DER format.
///
/// ED25519 key structure.
/// DER-encoded public key as byte array.
/// DER-encoded key as byte array.
public static int Ed25519ExportKeyToDer(IntPtr key, out byte[] privKey)
{
int ret;
privKey = null;
try
{
/* Get length */
int len = wc_Ed25519KeyToDer(key, null, 0);
if (len < 0)
{
log(ERROR_LOG, "Failed to determine length. Error code: " + len);
return len;
}
privKey = new byte[len];
ret = wc_Ed25519KeyToDer(key, privKey, (uint)privKey.Length);
if (ret < 0)
{
log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret);
return ret;
}
}
catch(Exception e)
{
log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString());
return EXCEPTION_E;
}
return ret;
}
///
/// Export an ED25519 private key to DER format.
///
/// ED25519 private key structure.
/// DER-encoded private key as byte array.
/// DER-encoded private key as byte array.
public static int Ed25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
{
int ret;
derKey = null;
try
{
/* Determine length */
int len = wc_Ed25519PrivateKeyToDer(key, null, 0);
if (len < 0)
{
log(ERROR_LOG, "Failed to determine length. Error code: " + len);
return len;
}
derKey = new byte[len];
ret = wc_Ed25519PrivateKeyToDer(key, derKey, (uint)derKey.Length);
if (ret < 0)
{
log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret);
return ret;
}
}
catch (Exception e)
{
log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString());
return EXCEPTION_E;
}
return ret;
}
///
/// Export an ED25519 public key to DER format.
///
/// ED25519 public key structure.
/// Whether to include the algorithm identifier in the output.
/// DER-encoded public key as byte array.
/// An error code indicating success (0) or failure (negative value).
public static int Ed25519ExportPublicKeyToDer(IntPtr key, out byte[] pubKey, bool includeAlg)
{
int ret;
pubKey = null;
try
{
/* Determine length */
int len = wc_Ed25519PublicKeyToDer(key, null, 0, 1);
if (len < 0)
{
log(ERROR_LOG, "Failed to determine length. Error code: " + len);
return len;
}
pubKey = new byte[len];
ret = wc_Ed25519PublicKeyToDer(key, pubKey, (uint)pubKey.Length, includeAlg ? 1 : 0);
if (ret < 0)
{
log(ERROR_LOG, "Failed to export ED25519 public key to DER format. Error code: " + ret);
return ret;
}
}
catch (Exception e)
{
log(ERROR_LOG, "ED25519 export public key to DER exception: " + e.ToString());
return EXCEPTION_E;
}
return ret;
}
///
/// Free an ED25519 key.
///
/// Key to be freed
public static void Ed25519FreeKey(IntPtr key)
{
wc_ed25519_delete(key, IntPtr.Zero);
key = IntPtr.Zero;
}
/* END ED25519 */
/***********************************************************************
* RAW ED25519
**********************************************************************/
///
/// Initialize an ED25519 key.
///
/// Buffer to receive the initialized key
/// 0 on success, otherwise an error code
public static int Ed25519InitKey(out IntPtr key)
{
key = IntPtr.Zero;
try
{
key = Marshal.AllocHGlobal(ED25519_SIG_SIZE);
int ret = wc_ed25519_init(key);
if (ret != 0)
{
Marshal.FreeHGlobal(key);
key = IntPtr.Zero;
}
return ret;
}
catch
{
/* Cleanup */
Marshal.FreeHGlobal(key);
key = IntPtr.Zero;
throw;
}
}
///
/// Import a public key into an ED25519 key structure.
///
/// Public key to import
/// Length of the public key
/// Buffer to receive the imported key
/// 0 on success, otherwise an error code
public static int Ed25519ImportPublic(byte[] inMsg, uint inLen, out IntPtr key)
{
int ret;
key = IntPtr.Zero;
IntPtr inMsgPtr = IntPtr.Zero;
try
{
/* Allocate memory */
key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
if (key == IntPtr.Zero)
{
throw new OutOfMemoryException("Failed to allocate memory for the key.");
}
inMsgPtr = Marshal.AllocHGlobal(inMsg.Length);
if (inMsgPtr == IntPtr.Zero)
{
throw new OutOfMemoryException("Failed to allocate memory for the input message.");
}
Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length);
ret = wc_ed25519_import_public(inMsgPtr, inLen, key);
if (ret != 0)
{
if (key != IntPtr.Zero) {
wc_ed25519_delete(key, IntPtr.Zero);
key = IntPtr.Zero;
}
return ret;
}
}
catch (Exception ex)
{
Console.WriteLine("Exception in EdImportPublic: " + ex.Message);
if (key != IntPtr.Zero) {
wc_ed25519_delete(key, IntPtr.Zero);
key = IntPtr.Zero;
}
return EXCEPTION_E;
}
finally
{
/* Cleanup */
if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr);
}
return ret;
}
///
/// Export a public key from an ED25519 key structure.
///
/// ED25519 key structure
/// Buffer to receive the exported public key
/// Length of the exported public key
/// 0 on success, otherwise an error code
public static int Ed25519ExportPublic(IntPtr key, byte[] outMsg, out uint outLen)
{
int ret;
IntPtr outMsgPtr = IntPtr.Zero;
try
{
outMsgPtr = Marshal.AllocHGlobal(outMsg.Length);
outLen = (uint)outMsg.Length;
ret = wc_ed25519_export_public(key, outMsgPtr, ref outLen);
if (ret == 0)
{
Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen);
}
else
{
outLen = 0;
}
}
finally
{
/* Cleanup */
if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
}
return ret;
}
///
/// Export a private key from an ED25519 key structure.
///
/// ED25519 key structure
/// Buffer to receive the exported private key
/// Length of the exported private key
/// 0 on success, otherwise an error code
public static int Ed25519ExportPrivate(IntPtr key, byte[] outMsg, out uint outLen)
{
int ret;
IntPtr outMsgPtr = IntPtr.Zero;
try
{
outMsgPtr = Marshal.AllocHGlobal(outMsg.Length);
outLen = (uint)outMsg.Length;
ret = wc_ed25519_export_private(key, outMsgPtr, ref outLen);
if (ret == 0)
{
Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen);
}
else
{
outLen = 0;
}
}
finally
{
/* Cleanup */
if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr);
}
return ret;
}
///
/// Generate a public key from a private key.
///
/// The private key used to generate the public key
/// Buffer to receive the public key
/// Size of the public key buffer
/// 0 on success, otherwise an error code
public static int Ed25519MakePublic(IntPtr key, byte[] pubKey, out uint pubKeySz)
{
int ret;
IntPtr pubKeyPtr = Marshal.AllocHGlobal(pubKey.Length);
try
{
pubKeySz = (uint)pubKey.Length;
ret = wc_ed25519_make_public(key, pubKeyPtr, pubKeySz);
if (ret == 0)
{
Marshal.Copy(pubKeyPtr, pubKey, 0, (int)pubKeySz);
}
}
finally
{
/* Cleanup */
if (pubKeyPtr != IntPtr.Zero) Marshal.FreeHGlobal(pubKeyPtr);
}
return ret;
}
///
/// Get the size of the ED25519 key.
///
/// ED25519 key structure
/// Size of the key, or an error code if failed
public static int Ed25519GetKeySize(IntPtr key)
{
return wc_ed25519_size(key);
}
/* END RAW ED25519 */
/***********************************************************************
* Curve25519
**********************************************************************/
///
/// Generate a new Curve25519 key pair with a specified heap, device ID, and internally managed RNG.
///
/// Heap to use for memory allocations (can be IntPtr.Zero).
/// Device ID for hardware-based keys (can be 0 for software).
/// 0 on success, or an error code on failure.
public static IntPtr Curve25519MakeKey(IntPtr heap, int devId)
{
int ret = 0;
IntPtr rng = IntPtr.Zero;
IntPtr key = IntPtr.Zero;
try
{
rng = RandomNew();
if (rng == IntPtr.Zero)
{
throw new Exception("Failed to create RNG.");
}
key = wc_curve25519_new(heap, devId, IntPtr.Zero);
if (key != IntPtr.Zero)
{
ret = wc_curve25519_make_key(rng, 32, key);
}
}
catch (Exception e)
{
log(ERROR_LOG, "Curve25519 make key exception: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (rng != IntPtr.Zero) RandomFree(rng);
if (ret != 0)
{
wc_curve25519_delete(key, IntPtr.Zero);
key = IntPtr.Zero;
}
}
return key;
}
///
/// Decode an Curve25519 private key from DER format.
///
/// DER-encoded private key as byte array.
/// Allocated Curve25519 key structure or IntPtr.Zero on failure.
public static IntPtr Curve25519PrivateKeyDecode(byte[] input)
{
IntPtr key = IntPtr.Zero;
uint idx = 0;
int ret;
try
{
key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
if (key != IntPtr.Zero)
{
ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length);
if (ret != 0)
{
Curve25519FreeKey(key);
key = IntPtr.Zero;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "Curve25519 private key decode exception: " + e.ToString());
if (key != IntPtr.Zero) Curve25519FreeKey(key);
key = IntPtr.Zero;
}
return key;
}
///
/// Decode an Curve25519 public key from DER format.
///
/// DER-encoded public key as byte array.
/// Allocated Curve25519 key structure or IntPtr.Zero on failure.
public static IntPtr Curve25519PublicKeyDecode(byte[] input)
{
IntPtr key = IntPtr.Zero;
uint idx = 0;
int ret;
try
{
key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero);
if (key != IntPtr.Zero)
{
ret = wc_Curve25519PublicKeyDecode(input, ref idx, key, (uint)input.Length);
if (ret != 0)
{
Curve25519FreeKey(key);
key = IntPtr.Zero;
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "Curve25519 public key decode exception: " + e.ToString());
if (key != IntPtr.Zero) Curve25519FreeKey(key);
key = IntPtr.Zero;
}
return key;
}
///
/// Export an Curve25519 key to DER format.
///
/// Curve25519 key structure.
/// DER-encoded public key as byte array.
/// DER-encoded key as byte array.
public static int Curve25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey)
{
int ret;
derKey = null;
try
{
/* Determine length */
int len = wc_Curve25519PrivateKeyToDer(key, null, 0);
if (len < 0)
{
log(ERROR_LOG, "Failed to determine length. Error code: " + len);
return len;
}
derKey = new byte[len];
ret = wc_Curve25519PrivateKeyToDer(key, derKey, (uint)derKey.Length);
if (ret < 0)
{
log(ERROR_LOG, "Failed to export Curve25519 private key to DER format. Error code: " + ret);
return ret;
}
}
catch (Exception e)
{
log(ERROR_LOG, "CURVE25519 export private key to DER exception: " + e.ToString());
return EXCEPTION_E;
}
return ret;
}
///
/// Export an Curve25519 public key to DER format.
///
/// Curve25519 public key structure.
/// Whether to include the algorithm identifier in the output.
/// DER-encoded public key as byte array.
/// An error code indicating success (0) or failure (negative value).
public static int Curve25519ExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeAlg)
{
int ret;
derKey = null;
try
{
/* Determine length */
int len = wc_Curve25519PublicKeyToDer(key, null, 0, 1);
if (len < 0)
{
log(ERROR_LOG, "Failed to determine length. Error code: " + len);
return len;
}
derKey = new byte[len];
ret = wc_Curve25519PublicKeyToDer(key, derKey, (uint)derKey.Length, includeAlg ? 1 : 0);
if (ret < 0)
{
log(ERROR_LOG, "Failed to export Curve25519 public key to DER format. Error code: " + ret);
}
}
catch (Exception e)
{
log(ERROR_LOG, "Curve25519 export public key to DER exception: " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
///
/// Free an Curve25519 key.
///
/// Key to be freed
public static void Curve25519FreeKey(IntPtr key)
{
wc_curve25519_delete(key, IntPtr.Zero);
key = IntPtr.Zero;
}
/* END Curve25519 */
/***********************************************************************
* RAW Curve25519
**********************************************************************/
///
/// Generate a shared secret using Curve25519
///
/// Curve25519 private key
/// Curve25519 public key
/// Buffer to receive the shared secret
/// 0 on success, otherwise an error code
public static int Curve25519SharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret)
{
int ret;
int secretLength = secret.Length;
try
{
ret = wc_curve25519_shared_secret(privateKey, publicKey, secret, ref secretLength);
if (ret != 0)
{
throw new Exception("Failed to compute Curve25519 shared secret. Error code: " + ret);
}
}
catch (Exception e)
{
log(ERROR_LOG, "Curve25519 shared secret exception " + e.ToString());
ret = EXCEPTION_E;
}
return ret;
}
///
/// Import a Curve25519 private key from a byte array
///
/// Private key byte array
/// Allocated Curve25519 key structure or null
public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey)
{
IntPtr key = IntPtr.Zero;
try
{
key = Marshal.AllocHGlobal(privateKey.Length);
Marshal.Copy(privateKey, 0, key, privateKey.Length);
int ret = wc_curve25519_import_private(key, privateKey.Length, key);
if (ret != 0)
{
Marshal.FreeHGlobal(key);
key = IntPtr.Zero;
}
}
catch (Exception e)
{
log(ERROR_LOG, "Curve25519 import private key exception " + e.ToString());
if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
key = IntPtr.Zero;
}
return key;
}
///
/// Import a Curve25519 public key from a byte array
///
/// Public key byte array
/// Allocated Curve25519 key structure or null
public static IntPtr Curve25519ImportPublicKey(byte[] publicKey)
{
IntPtr key = IntPtr.Zero;
try
{
key = Marshal.AllocHGlobal(publicKey.Length);
Marshal.Copy(publicKey, 0, key, publicKey.Length);
int ret = wc_curve25519_import_public(key, publicKey.Length, key);
if (ret != 0)
{
Marshal.FreeHGlobal(key);
key = IntPtr.Zero;
}
}
catch (Exception e)
{
log(ERROR_LOG, "Curve25519 import public key exception " + e.ToString());
if (key != IntPtr.Zero) Marshal.FreeHGlobal(key);
key = IntPtr.Zero;
}
return key;
}
///
/// Export a Curve25519 private key to a byte array
///
/// Curve25519 key structure
/// Private key as byte array
public static byte[] Curve25519ExportPrivateKey(IntPtr key)
{
byte[] privateKey = new byte[ED25519_KEY_SIZE];
uint privSize = (uint)privateKey.Length;
int ret = wc_curve25519_export_public(key, privateKey, ref privSize);
if (ret != 0)
{
throw new Exception("Failed to export Curve25519 private key. Error code: " + ret);
}
return privateKey;
}
///
/// Export a Curve25519 public key to a byte array
///
/// Curve25519 key structure
/// Public key as byte array
public static byte[] Curve25519ExportPublicKey(IntPtr key)
{
byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE];
uint pubSize = (uint)publicKey.Length;
int ret = wc_curve25519_export_public(key, publicKey, ref pubSize);
if (ret != 0)
{
throw new Exception("Failed to export Curve25519 public key. Error code: " + ret);
}
return publicKey;
}
///
/// Export both private and public keys from a Curve25519 key structure
///
/// Curve25519 key structure
/// returned raw private key as byte array
/// returned raw public key as byte array
public static void Curve25519ExportKeyRaw(IntPtr key, out byte[] privateKey, out byte[] publicKey)
{
privateKey = new byte[ED25519_KEY_SIZE];
publicKey = new byte[ED25519_PUB_KEY_SIZE];
uint privSize = (uint)privateKey.Length;
uint pubSize = (uint)publicKey.Length;
int ret = wc_curve25519_export_key_raw(key, privateKey, ref privSize, publicKey, ref pubSize);
if (ret != 0)
{
throw new Exception("Failed to export Curve25519 keys. Error code: " + ret);
}
return;
}
/* END RAW Curve25519 */
/***********************************************************************
* ML-KEM
**********************************************************************/
// These APIs work by adding several options to wolfCrypt.
// Please refer to `../user_settings.h`.
///
/// Allocate and initialize a new ML-KEM key without generating key
/// material. Use this when you intend to import or decode an existing
/// key (e.g., before calling MlKemDecodePublicKey/MlKemDecodePrivateKey).
///
/// ML-KEM parameter set type
/// Heap pointer for memory allocation
/// Device ID (if applicable)
/// Pointer to the MlKem key structure, or IntPtr.Zero on failure
public static IntPtr MlKemNew(MlKemTypes type, IntPtr heap, int devId)
{
try
{
IntPtr key = wc_MlKemKey_New((int)type, heap, devId);
if (key == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to allocate or initialize MlKem key.");
}
return key;
}
catch (Exception ex)
{
log(ERROR_LOG, "MlKem key allocation exception: " + ex.ToString());
return IntPtr.Zero;
}
}
///
/// Create a new ML-KEM key pair and initialize it with random values
///
/// ML-KEM parameter set type
/// Heap pointer for memory allocation
/// Device ID (if applicable)
/// Pointer to the MlKem key structure, or IntPtr.Zero on failure
public static IntPtr MlKemMakeKey(MlKemTypes type, IntPtr heap, int devId)
{
int ret = 0;
IntPtr key = IntPtr.Zero;
IntPtr rng = IntPtr.Zero;
bool success = false;
try
{
key = wc_MlKemKey_New((int)type, heap, devId);
if (key == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to allocate or initialize MlKem key.");
return IntPtr.Zero;
}
rng = RandomNew();
if (rng == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to create RNG for MlKem key.");
return IntPtr.Zero;
}
ret = wc_MlKemKey_MakeKey(key, rng);
if (ret != 0)
{
log(ERROR_LOG, "Failed to make MlKem key. Error code: " + ret);
return IntPtr.Zero;
}
success = true;
return key;
}
catch (Exception ex)
{
log(ERROR_LOG, "MlKem key creation exception: " + ex.ToString());
return IntPtr.Zero;
}
finally
{
if (rng != IntPtr.Zero)
{
RandomFree(rng);
}
if (!success && key != IntPtr.Zero)
{
ret = MlKemFreeKey(ref key);
if (ret != 0)
{
log(ERROR_LOG, "Failed to free MlKem key. Error code: " + ret);
}
}
}
}
///
/// Free a MlKem key structure and release its memory
///
/// Pointer to the MlKem key structure
/// 0 on success, negative value on error.
public static int MlKemFreeKey(ref IntPtr key)
{
int ret;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
ret = wc_MlKemKey_Delete(key, IntPtr.Zero);
key = IntPtr.Zero;
return ret;
}
///
/// Encode the ML-KEM public key to a byte array.
///
/// Pointer to the MlKem key structure.
/// Output byte array containing the encoded public key.
/// 0 on success, negative value on error.
public static int MlKemEncodePublicKey(IntPtr key, out byte[] publicKey)
{
publicKey = null;
int ret = 0;
uint pubLen = 0;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
try
{
ret = wc_MlKemKey_PublicKeySize(key, ref pubLen);
if (ret != 0 || pubLen == 0)
{
log(ERROR_LOG, "Failed to get MlKem public key length. Error code: " + ret);
return (ret != 0) ? ret : BAD_FUNC_ARG;
}
if (pubLen > int.MaxValue)
{
log(ERROR_LOG, "MlKem public key length too large: " + pubLen);
return BAD_FUNC_ARG;
}
publicKey = new byte[checked((int)pubLen)];
ret = wc_MlKemKey_EncodePublicKey(key, publicKey, pubLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to encode MlKem public key. Error code: " + ret);
publicKey = null;
return ret;
}
}
catch (Exception e)
{
log(ERROR_LOG, "MlKem encode public key exception: " + e.ToString());
publicKey = null;
return EXCEPTION_E;
}
return SUCCESS;
}
///
/// Encode the ML-KEM private key to a byte array.
///
/// Pointer to the MlKem key structure.
/// Output byte array containing the encoded private key.
/// 0 on success, negative value on error.
public static int MlKemEncodePrivateKey(IntPtr key, out byte[] privateKey)
{
privateKey = null;
int ret = 0;
uint privLen = 0;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
try
{
ret = wc_MlKemKey_PrivateKeySize(key, ref privLen);
if (ret != 0 || privLen == 0)
{
log(ERROR_LOG, "Failed to get MlKem private key length. Error code: " + ret);
return (ret != 0) ? ret : BAD_FUNC_ARG;
}
if (privLen > int.MaxValue)
{
log(ERROR_LOG, "MlKem private key length too large: " + privLen);
return BAD_FUNC_ARG;
}
privateKey = new byte[checked((int)privLen)];
ret = wc_MlKemKey_EncodePrivateKey(key, privateKey, privLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to encode MlKem private key. Error code: " + ret);
privateKey = null;
return ret;
}
}
catch (Exception e)
{
log(ERROR_LOG, "MlKem encode private key exception: " + e.ToString());
privateKey = null;
return EXCEPTION_E;
}
return SUCCESS;
}
///
/// Decode a ML-KEM public key from a byte array.
///
/// Pointer to the MlKem key structure.
/// Encoded public key as byte array.
/// 0 on success, negative value on error.
public static int MlKemDecodePublicKey(IntPtr key, byte[] publicKey)
{
int ret = 0;
uint pubLen = 0;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
if (publicKey == null)
{
log(ERROR_LOG, "MlKem decode public key called with null publicKey buffer.");
return BAD_FUNC_ARG;
}
try
{
ret = wc_MlKemKey_PublicKeySize(key, ref pubLen);
if (ret != 0 || pubLen == 0)
{
log(ERROR_LOG, "Failed to get MlKem public key length. Error code: " + ret);
return (ret != 0) ? ret : BAD_FUNC_ARG;
}
if ((uint)publicKey.Length != pubLen)
{
log(ERROR_LOG, "MlKem public key buffer length mismatch. Expected: " +
pubLen + ", actual: " + publicKey.Length);
return BUFFER_E;
}
ret = wc_MlKemKey_DecodePublicKey(key, publicKey, pubLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to decode MlKem public key. Error code: " + ret);
return ret;
}
}
catch (Exception ex)
{
log(ERROR_LOG, "MlKem decode public key exception: " + ex.ToString());
return EXCEPTION_E;
}
return SUCCESS;
}
///
/// Decode a ML-KEM private key from a byte array.
///
/// Pointer to the MlKem key structure.
/// Encoded private key as byte array.
/// 0 on success, negative value on error.
public static int MlKemDecodePrivateKey(IntPtr key, byte[] privateKey)
{
int ret = 0;
uint privLen = 0;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
if (privateKey == null)
{
log(ERROR_LOG, "MlKem private key buffer is null.");
return BAD_FUNC_ARG;
}
try
{
ret = wc_MlKemKey_PrivateKeySize(key, ref privLen);
if (ret != 0 || privLen == 0)
{
log(ERROR_LOG, "Failed to get MlKem private key length. Error code: " + ret);
return (ret != 0) ? ret : BAD_FUNC_ARG;
}
if ((uint)privateKey.Length != privLen)
{
log(ERROR_LOG, "MlKem private key buffer length mismatch. Required: " + privLen +
", provided: " + (uint)privateKey.Length);
return BUFFER_E;
}
ret = wc_MlKemKey_DecodePrivateKey(key, privateKey, privLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to decode MlKem private key. Error code: " + ret);
return ret;
}
}
catch (Exception ex)
{
log(ERROR_LOG, "MlKem decode private key exception: " + ex.ToString());
return EXCEPTION_E;
}
return SUCCESS;
}
///
/// Perform ML-KEM encapsulation to generate a ciphertext and shared secret
///
/// Pointer to the MlKem key structure
/// Output buffer for the ciphertext
/// Output buffer for the shared secret
/// 0 on success, otherwise an error code
public static int MlKemEncapsulate(IntPtr key, out byte[] ct, out byte[] ss)
{
int ret;
ct = null;
ss = null;
uint ctLen = 0;
uint ssLen = 0;
IntPtr rng = IntPtr.Zero;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
try
{
ret = wc_MlKemKey_CipherTextSize(key, ref ctLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to determine ciphertext length. Error code: " + ret);
return ret;
}
ret = wc_MlKemKey_SharedSecretSize(key, ref ssLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to determine shared secret length. Error code: " + ret);
return ret;
}
if (ctLen > int.MaxValue || ssLen > int.MaxValue)
{
log(ERROR_LOG, "MlKem sizes exceed maximum supported length.");
return BAD_FUNC_ARG;
}
ct = new byte[checked((int)ctLen)];
ss = new byte[checked((int)ssLen)];
rng = RandomNew();
if (rng == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to create RNG for MlKem encapsulate.");
return MEMORY_E;
}
ret = wc_MlKemKey_Encapsulate(key, ct, ss, rng);
if (ret != 0)
{
log(ERROR_LOG, "Failed to encapsulate MlKem key. Error code: " + ret);
return ret;
}
}
catch (Exception e)
{
log(ERROR_LOG, "MlKem encapsulate exception: " + e.ToString());
return EXCEPTION_E;
}
finally
{
if (rng != IntPtr.Zero)
{
RandomFree(rng);
rng = IntPtr.Zero;
}
}
return SUCCESS;
}
///
/// Perform ML-KEM decapsulation to recover the shared secret from ciphertext
///
/// Pointer to the MlKem key structure
/// Ciphertext buffer
/// Output buffer for the shared secret
/// 0 on success, otherwise an error code
public static int MlKemDecapsulate(IntPtr key, byte[] ct, out byte[] ss)
{
int ret;
ss = null;
uint ssLen = 0;
if (key == IntPtr.Zero || ct == null)
{
return BAD_FUNC_ARG;
}
try
{
uint ctLen = 0;
ret = wc_MlKemKey_CipherTextSize(key, ref ctLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to determine ciphertext length. Error code: " + ret);
return ret;
}
if ((uint)ct.Length != ctLen)
{
log(ERROR_LOG, "Ciphertext length mismatch. Expected: " + ctLen + ", got: " + ct.Length);
return BUFFER_E;
}
ret = wc_MlKemKey_SharedSecretSize(key, ref ssLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to determine shared secret length. Error code: " + ret);
return ret;
}
if (ssLen > int.MaxValue)
{
log(ERROR_LOG, "Shared secret length too large. Length: " + ssLen);
return BAD_FUNC_ARG;
}
ss = new byte[checked((int)ssLen)];
ret = wc_MlKemKey_Decapsulate(key, ss, ct, (uint)ct.Length);
if (ret != 0)
{
log(ERROR_LOG, "Failed to decapsulate MlKem key. Error code: " + ret);
return ret;
}
}
catch (Exception e)
{
log(ERROR_LOG, "MlKem decapsulate exception: " + e.ToString());
return EXCEPTION_E;
}
return SUCCESS;
}
/********************************
* ENUMS
*/
public enum MlKemTypes
{
ML_KEM_512 = 0,
ML_KEM_768 = 1,
ML_KEM_1024 = 2
}
/* END ML-KEM */
/***********************************************************************
* ML-DSA
**********************************************************************/
// These APIs work by adding several options to wolfCrypt.
// Please refer to `../user_settings.h`.
///
/// Allocate and initialize a new ML-DSA key (with level set) without
/// generating key material. Use this when you intend to import an
/// existing key (e.g., before calling MlDsaImportPublicKey or
/// MlDsaImportPrivateKey).
///
/// Heap pointer for memory allocation
/// Device ID (if applicable)
/// ML-DSA security level
/// Pointer to the ML-DSA key structure, or IntPtr.Zero on failure
public static IntPtr MlDsaNew(IntPtr heap, int devId, MlDsaLevels level)
{
IntPtr key = IntPtr.Zero;
bool success = false;
try
{
key = wc_dilithium_new(heap, devId);
if (key == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to allocate and initialize ML-DSA key.");
return IntPtr.Zero;
}
int ret = wc_dilithium_set_level(key, (byte)level);
if (ret != 0)
{
log(ERROR_LOG, "Failed to set ML-DSA level. Error code: " + ret);
return IntPtr.Zero;
}
success = true;
return key;
}
catch (Exception ex)
{
log(ERROR_LOG, "ML-DSA key allocation exception: " + ex.ToString());
return IntPtr.Zero;
}
finally
{
if (!success && key != IntPtr.Zero)
{
int ret = MlDsaFreeKey(ref key);
if (ret != 0)
{
log(ERROR_LOG, "Failed to free ML-DSA key. Error code: " + ret);
}
}
}
}
///
/// Create a new ML-DSA key pair and initialize it with random values
///
/// Heap pointer for memory allocation
/// Device ID (if applicable)
/// ML-DSA security level
/// Pointer to the ML-DSA key structure, or IntPtr.Zero on failure
public static IntPtr MlDsaMakeKey(IntPtr heap, int devId, MlDsaLevels level)
{
IntPtr key = IntPtr.Zero;
IntPtr rng = IntPtr.Zero;
int ret;
bool success = false;
try
{
key = wc_dilithium_new(heap, devId);
if (key == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to allocate and initialize ML-DSA key.");
return IntPtr.Zero;
}
ret = wc_dilithium_set_level(key, (byte)level);
if (ret != 0)
{
log(ERROR_LOG, "Failed to set ML-DSA level. Error code: " + ret);
return IntPtr.Zero;
}
rng = RandomNew();
if (rng == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to create RNG for ML-DSA key.");
return IntPtr.Zero;
}
ret = wc_dilithium_make_key(key, rng);
if (ret != 0)
{
log(ERROR_LOG, "Failed to make ML-DSA key. Error code: " + ret);
return IntPtr.Zero;
}
success = true;
return key;
}
catch (Exception ex)
{
log(ERROR_LOG, "ML-DSA key creation exception: " + ex.ToString());
return IntPtr.Zero;
}
finally
{
if (rng != IntPtr.Zero)
{
RandomFree(rng);
}
if (!success && key != IntPtr.Zero)
{
ret = MlDsaFreeKey(ref key);
if (ret != 0)
{
log(ERROR_LOG, "Failed to free ML-DSA key. Error code: " + ret);
}
}
}
}
///
/// Free an ML-DSA key structure and release its memory
///
/// Pointer to the ML-DSA key structure
/// 0 on success, negative value on error.
public static int MlDsaFreeKey(ref IntPtr key)
{
int ret;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
ret = wc_dilithium_delete(key, IntPtr.Zero);
key = IntPtr.Zero;
return ret;
}
///
/// Import an ML-DSA public key from a byte array.
///
/// Byte array containing the serialized public key.
/// Pointer to the ML-DSA key structure (must be initialized).
/// 0 on success, negative value on error.
public static int MlDsaImportPublicKey(byte[] publicKey, IntPtr key)
{
if (publicKey == null || key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
try
{
return wc_dilithium_import_public(publicKey, (uint)publicKey.Length, key);
}
catch (Exception e)
{
log(ERROR_LOG, "ML-DSA import public key exception: " + e.ToString());
return EXCEPTION_E;
}
}
///
/// Import an ML-DSA private key from a byte array.
///
/// Byte array containing the private key.
/// Pointer to the ML-DSA key structure (must be initialized and have level set).
/// 0 on success, negative value on error.
public static int MlDsaImportPrivateKey(byte[] privateKey, IntPtr key)
{
if (privateKey == null || key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
try
{
return wc_dilithium_import_private(privateKey, (uint)privateKey.Length, key);
}
catch (Exception e)
{
log(ERROR_LOG, "ML-DSA import private key exception: " + e.ToString());
return EXCEPTION_E;
}
}
///
/// Export an ML-DSA private key to a byte array.
///
/// Pointer to the ML-DSA key structure.
/// Output byte array containing the private key.
/// 0 on success, negative value on error.
public static int MlDsaExportPrivateKey(IntPtr key, out byte[] privateKey)
{
privateKey = null;
int ret = 0;
int privLen = 0;
uint outLen;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
try
{
ret = wc_MlDsaKey_GetPrivLen(key, ref privLen);
if (ret != 0 || privLen <= 0)
{
log(ERROR_LOG, "Failed to get ML-DSA private key length. Error code: " + ret);
return (ret != 0) ? ret : BAD_FUNC_ARG;
}
privateKey = new byte[privLen];
outLen = (uint)privLen;
ret = wc_dilithium_export_private(key, privateKey, ref outLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to export ML-DSA private key. Error code: " + ret);
privateKey = null;
return ret;
}
if (outLen != (uint)privLen)
{
Array.Resize(ref privateKey, (int)outLen);
}
}
catch (Exception e)
{
log(ERROR_LOG, "ML-DSA export private key exception: " + e.ToString());
privateKey = null;
return EXCEPTION_E;
}
return SUCCESS;
}
///
/// Export an ML-DSA public key to a byte array.
///
/// Pointer to the ML-DSA key structure.
/// Output byte array containing the public key.
/// 0 on success, negative value on error.
public static int MlDsaExportPublicKey(IntPtr key, out byte[] publicKey)
{
publicKey = null;
int ret = 0;
int pubLen = 0;
uint outLen;
if (key == IntPtr.Zero)
{
return BAD_FUNC_ARG;
}
try
{
ret = wc_MlDsaKey_GetPubLen(key, ref pubLen);
if (ret != 0 || pubLen <= 0)
{
log(ERROR_LOG, "Failed to get ML-DSA public key length. Error code: " + ret);
return (ret != 0) ? ret : BAD_FUNC_ARG;
}
publicKey = new byte[pubLen];
outLen = (uint)pubLen;
ret = wc_dilithium_export_public(key, publicKey, ref outLen);
if (ret != 0)
{
log(ERROR_LOG, "Failed to export ML-DSA public key. Error code: " + ret);
publicKey = null;
return ret;
}
if (outLen != (uint)pubLen)
{
Array.Resize(ref publicKey, (int)outLen);
}
}
catch (Exception e)
{
log(ERROR_LOG, "ML-DSA export public key exception: " + e.ToString());
publicKey = null;
return EXCEPTION_E;
}
return SUCCESS;
}
///
/// Sign a message using an ML-DSA private key
///
/// Pointer to the ML-DSA key structure
/// Message to sign
/// Output byte array for the signature
/// 0 on success, otherwise an error code
public static int MlDsaSignMsg(IntPtr key, byte[] msg, out byte[] sig)
{
int ret;
int sigLen = 0;
uint outLen;
sig = null;
IntPtr rng = IntPtr.Zero;
if (key == IntPtr.Zero || msg == null)
{
return BAD_FUNC_ARG;
}
try
{
ret = wc_MlDsaKey_GetSigLen(key, ref sigLen);
if (ret != 0 || sigLen <= 0)
{
log(ERROR_LOG, "Failed to get ML-DSA signature length. Error code: " + ret);
return (ret != 0) ? ret : BAD_FUNC_ARG;
}
sig = new byte[sigLen];
outLen = (uint)sigLen;
rng = RandomNew();
if (rng == IntPtr.Zero)
{
log(ERROR_LOG, "Failed to create RNG for ML-DSA signing.");
return MEMORY_E;
}
/* FIPS 204 sign with empty context (ctx=null, ctxLen=0). */
ret = wc_dilithium_sign_ctx_msg(null, 0, msg, (uint)msg.Length, sig, ref outLen, key, rng);
if (ret != 0)
{
log(ERROR_LOG, "Failed to sign message with ML-DSA key. Error code: " + ret);
return ret;
}
if (outLen != (uint)sigLen)
{
Array.Resize(ref sig, (int)outLen);
}
}
catch (Exception e)
{
log(ERROR_LOG, "ML-DSA sign message exception: " + e.ToString());
return EXCEPTION_E;
}
finally
{
if (rng != IntPtr.Zero){
RandomFree(rng);
}
}
return SUCCESS;
}
///
/// Verify an ML-DSA signature
///
/// Pointer to the ML-DSA key structure
/// Message that was signed
/// Signature to verify
/// 0 if the signature is valid, otherwise an error code
public static int MlDsaVerifyMsg(IntPtr key, byte[] msg, byte[] sig)
{
int ret;
int res = 0;
if (key == IntPtr.Zero || msg == null || sig == null)
{
return BAD_FUNC_ARG;
}
try
{
/* FIPS 204 verify with empty context (ctx=null, ctxLen=0). */
ret = wc_dilithium_verify_ctx_msg(sig, (uint)sig.Length, null, 0, msg, (uint)msg.Length, ref res, key);
if (ret != 0)
{
log(ERROR_LOG, "Failed to verify message with ML-DSA key. Error code: " + ret);
return ret;
}
if (res != 1)
{
log(ERROR_LOG, "ML-DSA signature verification failed (invalid signature).");
return SIG_VERIFY_E;
}
}
catch (Exception e)
{
log(ERROR_LOG, "ML-DSA verify message exception: " + e.ToString());
return EXCEPTION_E;
}
return SUCCESS;
}
/********************************
* ENUMS
*/
public enum MlDsaLevels
{
ML_DSA_44 = 2,
ML_DSA_65 = 3,
ML_DSA_87 = 5
}
/* END ML-DSA */
/***********************************************************************
* AES-GCM
**********************************************************************/
///
/// Creates a new AES context.
///
/// Pointer to a memory heap, or IntPtr.Zero to use the default heap.
/// The device ID to associate with this AES context.
/// A pointer to the newly created AES context, or IntPtr.Zero on failure.
public static IntPtr AesNew(IntPtr heap, int devId)
{
IntPtr aesPtr = IntPtr.Zero;
try
{
aesPtr = wc_AesNew(heap, devId, IntPtr.Zero);
if (aesPtr == IntPtr.Zero)
{
throw new Exception("Failed to create AES context.");
}
}
catch (Exception ex)
{
Console.WriteLine("AES context creation failed: " + ex.Message);
}
return aesPtr;
}
///
/// Initialize and set the AES key for AES-GCM operations.
///
/// AES-GCM context pointer.
/// The AES key (either 128, 192, or 256 bits).
/// 0 on success, otherwise an error code.
public static int AesGcmSetKey(IntPtr aes, byte[] key)
{
IntPtr keyPtr = IntPtr.Zero;
int ret;
try
{
/* Allocate memory */
keyPtr = Marshal.AllocHGlobal(key.Length);
Marshal.Copy(key, 0, keyPtr, key.Length);
ret = wc_AesGcmSetKey(aes, keyPtr, (uint)key.Length);
if (ret != 0)
{
throw new Exception("AES-GCM initialization failed with error code ret = " + ret.ToString());
}
}
finally
{
/* Cleanup */
if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr);
}
return ret;
}
///
/// Wrapper method to initialize the AES-GCM context with a given key and IV.
///
/// Pointer to the AES-GCM context that needs to be initialized.
/// Byte array containing the AES key.
/// Byte array containing the initialization vector (IV).
public static int AesGcmInit(IntPtr aes, byte[] key, byte[] iv)
{
IntPtr keyPtr = IntPtr.Zero;
IntPtr ivPtr = IntPtr.Zero;
int ret;
try
{
/* Allocate memory for key and IV */
keyPtr = Marshal.AllocHGlobal(key.Length);
Marshal.Copy(key, 0, keyPtr, key.Length);
ivPtr = Marshal.AllocHGlobal(iv.Length);
Marshal.Copy(iv, 0, ivPtr, iv.Length);
ret = wc_AesGcmInit(aes, keyPtr, (uint)key.Length, ivPtr, (uint)iv.Length);
if (ret != 0)
{
throw new Exception("AES-GCM initialization failed with error code ret = " + ret.ToString());
}
}
finally
{
/* Cleanup */
if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr);
if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
}
return ret;
}
///
/// Encrypt data using AES-GCM
///
/// AES-GCM context pointer.
/// Initialization Vector (IV)
/// Data to encrypt
/// Buffer to receive the encrypted data
/// Buffer to receive the authentication tag
/// 0 on success, otherwise an error code
public static int AesGcmEncrypt(IntPtr aes, byte[] iv, byte[] plaintext,
byte[] ciphertext, byte[] authTag, byte[] addAuth)
{
int ret;
IntPtr ivPtr = IntPtr.Zero;
IntPtr ciphertextPtr = IntPtr.Zero;
IntPtr plaintextPtr = IntPtr.Zero;
IntPtr authTagPtr = IntPtr.Zero;
IntPtr addAuthPtr = IntPtr.Zero;
uint addAuthSz = 0;
try
{
/* Allocate memory */
ivPtr = Marshal.AllocHGlobal(iv.Length);
ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length);
plaintextPtr = Marshal.AllocHGlobal(plaintext.Length);
authTagPtr = Marshal.AllocHGlobal(authTag.Length);
if (addAuth != null) {
addAuthSz = (uint)addAuth.Length;
addAuthPtr = Marshal.AllocHGlobal(addAuth.Length);
Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length);
}
Marshal.Copy(iv, 0, ivPtr, iv.Length);
Marshal.Copy(plaintext, 0, plaintextPtr, plaintext.Length);
/* Encrypt data */
ret = wc_AesGcmEncrypt(aes, ciphertextPtr, plaintextPtr, (uint)plaintext.Length,
ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz);
if (ret < 0)
{
log(ERROR_LOG, "Failed to Encrypt data using AES-GCM. Error code: " + ret);
}
else {
Marshal.Copy(ciphertextPtr, ciphertext, 0, ciphertext.Length);
Marshal.Copy(authTagPtr, authTag, 0, authTag.Length);
ret = 0;
}
}
catch (Exception e)
{
log(ERROR_LOG, "AES-GCM Encryption failed: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr);
if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr);
if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr);
if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr);
}
return ret;
}
public static int AesGcmEncrypt(IntPtr aes, byte[] iv, byte[] plaintext,
byte[] ciphertext, byte[] authTag)
{
return AesGcmEncrypt(aes, iv, plaintext, ciphertext, null);
}
///
/// Decrypt data using AES-GCM
///
/// AES-GCM context pointer.
/// Initialization Vector (IV)
/// Data to decrypt
/// Buffer to receive the decrypted data
/// Authentication tag for verification
/// 0 on success, otherwise an error code
public static int AesGcmDecrypt(IntPtr aes, byte[] iv, byte[] ciphertext,
byte[] plaintext, byte[] authTag, byte[] addAuth)
{
int ret;
IntPtr ivPtr = IntPtr.Zero;
IntPtr ciphertextPtr = IntPtr.Zero;
IntPtr plaintextPtr = IntPtr.Zero;
IntPtr authTagPtr = IntPtr.Zero;
IntPtr addAuthPtr = IntPtr.Zero;
uint addAuthSz = 0;
try
{
/* Allocate memory */
ivPtr = Marshal.AllocHGlobal(iv.Length);
ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length);
plaintextPtr = Marshal.AllocHGlobal(plaintext.Length);
authTagPtr = Marshal.AllocHGlobal(authTag.Length);
if (addAuth != null) {
addAuthSz = (uint)addAuth.Length;
addAuthPtr = Marshal.AllocHGlobal(addAuth.Length);
Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length);
}
Marshal.Copy(iv, 0, ivPtr, iv.Length);
Marshal.Copy(ciphertext, 0, ciphertextPtr, ciphertext.Length);
Marshal.Copy(authTag, 0, authTagPtr, authTag.Length);
/* Decrypt data */
ret = wc_AesGcmDecrypt(aes, plaintextPtr, ciphertextPtr, (uint)ciphertext.Length,
ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz);
if (ret < 0)
{
log(ERROR_LOG, "Failed to Decrypt data using AES-GCM. Error code: " + ret);
}
else {
Marshal.Copy(plaintextPtr, plaintext, 0, plaintext.Length);
ret = 0;
}
}
catch (Exception e)
{
log(ERROR_LOG, "AES-GCM Decryption failed: " + e.ToString());
ret = EXCEPTION_E;
}
finally
{
/* Cleanup */
if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr);
if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr);
if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr);
if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr);
if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr);
}
return ret;
}
public static int AesGcmDecrypt(IntPtr aes, byte[] iv, byte[] ciphertext,
byte[] plaintext, byte[] authTag)
{
return AesGcmDecrypt(aes, iv, ciphertext, plaintext, authTag, null);
}
///
/// Free AES-GCM context
///
/// AES-GCM context
public static void AesGcmFree(IntPtr aes)
{
if (aes != IntPtr.Zero)
{
wc_AesDelete(aes, IntPtr.Zero);
aes = IntPtr.Zero;
}
}
/* END AES-GCM */
/***********************************************************************
* HASH
**********************************************************************/
///
/// Allocate and set up a new hash context with proper error handling
///
/// The type of hash (SHA-256, SHA-384, etc.)
/// Pointer to the heap for memory allocation (use IntPtr.Zero if not applicable)
/// Device ID (if applicable, otherwise use INVALID_DEVID)
/// Allocated hash context pointer or IntPtr.Zero on failure
public static IntPtr HashNew(uint hashType, IntPtr heap, int devId)
{
IntPtr hash = IntPtr.Zero;
try
{
/* Allocate new hash */
hash = wc_HashNew(hashType, heap, devId, IntPtr.Zero);
if (hash == IntPtr.Zero)
{
throw new Exception("Failed to allocate new hash context.");
}
}
catch (Exception e)
{
log(ERROR_LOG, "HashNew Exception: " + e.ToString());
}
return hash;
}
///
/// Initialize the hash context for a specific hash type with proper error handling
///
/// Hash context pointer
/// The type of hash (SHA-256, SHA-384, etc.)
/// 0 on success, otherwise an error code
public static int InitHash(IntPtr hash, uint hashType)
{
int ret = 0;
try
{
/* Check hash */
if (hash == IntPtr.Zero)
throw new Exception("Hash context is null.");
ret = wc_HashInit(hash, hashType);
if (ret != 0)
{
throw new Exception("Failed to initialize hash context. Error code: ret = " + ret.ToString());
}
}
catch (Exception e)
{
/* Cleanup */
log(ERROR_LOG, "InitHash Exception: " + e.ToString());
if (hash != IntPtr.Zero) {
wc_HashDelete(hash, IntPtr.Zero);
hash = IntPtr.Zero;
}
}
return ret;
}
///
/// Update the hash with data
///
/// Hash context pointer
/// The type of hash
/// Byte array of the data to hash
/// 0 on success, otherwise an error code
public static int HashUpdate(IntPtr hash, uint hashType, byte[] data)
{
int ret = 0;
IntPtr dataPtr = IntPtr.Zero;
try
{
/* Check parameters */
if (hash == IntPtr.Zero)
throw new Exception("Hash context is null.");
if (data == null || data.Length == 0)
throw new Exception("Invalid data array.");
/* Allocate memory */
dataPtr = Marshal.AllocHGlobal(data.Length);
Marshal.Copy(data, 0, dataPtr, data.Length);
/* Update hash */
ret = wc_HashUpdate(hash, hashType, dataPtr, (uint)data.Length);
if (ret != 0)
{
throw new Exception("Failed to update hash. Error code: ret = " + ret.ToString());
}
}
catch (Exception e)
{
log(ERROR_LOG, "HashUpdate Exception: " + e.ToString());
}
finally
{
/* Cleanup */
if (dataPtr != IntPtr.Zero) Marshal.FreeHGlobal(dataPtr);
}
return ret;
}
///
/// Finalize the hash and output the result
///
/// Hash context pointer
/// The type of hash
/// Byte array where the hash output will be stored
/// 0 on success, otherwise an error code
public static int HashFinal(IntPtr hash, uint hashType, out byte[] output)
{
int ret = 0;
IntPtr outputPtr = IntPtr.Zero;
try
{
/* Get hash size and initialize */
int hashSize = wc_HashGetDigestSize(hashType);
output = new byte[hashSize];
/* Check hash */
if (hash == IntPtr.Zero)
throw new Exception("Hash context is null.");
if (hashSize <= 0)
throw new Exception("Invalid hash size.");
/* Allocate memory */
outputPtr = Marshal.AllocHGlobal(hashSize);
ret = wc_HashFinal(hash, hashType, outputPtr);
if (ret != 0)
{
throw new Exception("Failed to finalize hash. Error code: ret = " + ret.ToString());
}
Marshal.Copy(outputPtr, output, 0, hashSize);
}
catch (Exception e)
{
log(ERROR_LOG, "HashFinal Exception: " + e.ToString());
output = null;
}
finally
{
/* Cleanup */
if (outputPtr != IntPtr.Zero) Marshal.FreeHGlobal(outputPtr);
}
return ret;
}
///
/// Free the allocated hash context with proper error handling
///
/// Hash context pointer to be freed
/// The type of hash
/// 0 on success, otherwise an error code
public static int HashFree(IntPtr hash, uint hashType)
{
int ret = 0;
try
{
/* Check hash */
if (hash == IntPtr.Zero)
throw new Exception("Hash context is null, cannot free.");
/* Free hash */
ret = wc_HashDelete(hash, IntPtr.Zero);
hash = IntPtr.Zero;
if (ret != 0)
{
throw new Exception("Failed to free hash context. Error code: ret = " + ret.ToString());
}
}
catch (Exception e)
{
log(ERROR_LOG, "HashFree Exception: " + e.ToString());
}
return ret;
}
///
/// Hash type enum values
///
public enum hashType
{
WC_HASH_TYPE_NONE = 0,
WC_HASH_TYPE_MD2 = 1,
WC_HASH_TYPE_MD4 = 2,
WC_HASH_TYPE_MD5 = 3,
WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */
WC_HASH_TYPE_SHA224 = 5,
WC_HASH_TYPE_SHA256 = 6,
WC_HASH_TYPE_SHA384 = 7,
WC_HASH_TYPE_SHA512 = 8,
WC_HASH_TYPE_MD5_SHA = 9,
WC_HASH_TYPE_SHA3_224 = 10,
WC_HASH_TYPE_SHA3_256 = 11,
WC_HASH_TYPE_SHA3_384 = 12,
WC_HASH_TYPE_SHA3_512 = 13,
WC_HASH_TYPE_BLAKE2B = 14,
WC_HASH_TYPE_BLAKE2S = 15,
}
/* END HASH */
/***********************************************************************
* HPKE (RFC 9180) - Base mode SingleShot
* Requires: HAVE_HPKE, HAVE_ECC (or HAVE_CURVE25519), HAVE_AESGCM
**********************************************************************/
/* BEGIN HPKE */
/* HPKE KEM IDs */
public enum HpkeKem : ushort {
DHKEM_P256_HKDF_SHA256 = 0x0010,
DHKEM_P384_HKDF_SHA384 = 0x0011,
DHKEM_P521_HKDF_SHA512 = 0x0012,
DHKEM_X25519_HKDF_SHA256 = 0x0020,
DHKEM_X448_HKDF_SHA512 = 0x0021,
}
/* HPKE KDF IDs */
public enum HpkeKdf : ushort {
HKDF_SHA256 = 0x0001,
HKDF_SHA384 = 0x0002,
HKDF_SHA512 = 0x0003,
}
/* HPKE AEAD IDs */
public enum HpkeAead : ushort {
AES_128_GCM = 0x0001,
AES_256_GCM = 0x0002,
}
/* HPKE Nt (GCM tag length) */
private const int HPKE_Nt = 16;
/* HPKE max encoded public-key length (matches HPKE_Npk_MAX in hpke.h) */
private const int HPKE_Npk_MAX = 133;
/* Hpke struct is ~80 bytes on 64-bit (see hpke.h). Allocate 512 bytes
* (6x headroom) to accommodate platform alignment and future growth.
* If the native struct ever exceeds this, wc_HpkeInit will write OOB —
* keep in sync with hpke.h if the struct grows significantly. */
private const int HPKE_STRUCT_SZ = 512;
/* Per-Hpke-context state owned by the C# wrapper.
* The RNG must outlive any keypair created with this context: when
* wolfSSL is built with WOLFSSL_CURVE25519_BLINDING, wc_curve25519_make_key
* stores the rng pointer inside the keypair (via wc_curve25519_set_rng)
* and reuses it for blinding during shared-secret operations. If the
* wrapper freed the rng after key generation, that pointer would dangle
* and the next seal/open would fail with RNG_FAILURE_E (-199). */
private struct HpkeContextState
{
public IntPtr rng;
public HpkeKem kem;
}
#if WindowsCE
/* .NET Compact Framework / Windows CE does not provide
* System.Collections.Concurrent, so fall back to a plain Dictionary
* guarded by an explicit lock. */
private static readonly Dictionary hpkeContexts =
new Dictionary();
private static readonly object hpkeContextsLock = new object();
private static void HpkeContextStore(IntPtr hpke, HpkeContextState state)
{
lock (hpkeContextsLock) { hpkeContexts[hpke] = state; }
}
private static bool HpkeContextTryGet(IntPtr hpke, out HpkeContextState state)
{
lock (hpkeContextsLock) { return hpkeContexts.TryGetValue(hpke, out state); }
}
private static bool HpkeContextTryRemove(IntPtr hpke, out HpkeContextState state)
{
lock (hpkeContextsLock)
{
if (hpkeContexts.TryGetValue(hpke, out state))
{
hpkeContexts.Remove(hpke);
return true;
}
return false;
}
}
#else
private static readonly ConcurrentDictionary hpkeContexts =
new ConcurrentDictionary();
private static void HpkeContextStore(IntPtr hpke, HpkeContextState state)
{
hpkeContexts[hpke] = state;
}
private static bool HpkeContextTryGet(IntPtr hpke, out HpkeContextState state)
{
return hpkeContexts.TryGetValue(hpke, out state);
}
private static bool HpkeContextTryRemove(IntPtr hpke, out HpkeContextState state)
{
return hpkeContexts.TryRemove(hpke, out state);
}
#endif
///
/// Get the enc (encapsulated key) length for a given KEM
///
/// KEM identifier
/// Length in bytes
private static ushort HpkeEncLen(HpkeKem kem)
{
/* Values must match DHKEM_*_ENC_LEN macros in wolfssl/wolfcrypt/hpke.h.
* Not P/Invoked because wc_HpkeKemGetEncLen is currently WOLFSSL_LOCAL. */
switch (kem)
{
case HpkeKem.DHKEM_P256_HKDF_SHA256: return 65; /* DHKEM_P256_ENC_LEN */
case HpkeKem.DHKEM_P384_HKDF_SHA384: return 97; /* DHKEM_P384_ENC_LEN */
case HpkeKem.DHKEM_P521_HKDF_SHA512: return 133; /* DHKEM_P521_ENC_LEN */
case HpkeKem.DHKEM_X25519_HKDF_SHA256: return 32; /* DHKEM_X25519_ENC_LEN */
case HpkeKem.DHKEM_X448_HKDF_SHA512: return 56; /* DHKEM_X448_ENC_LEN */
default: return 0;
}
}
///
/// Allocate and initialize an HPKE context
///
/// KEM algorithm identifier
/// KDF algorithm identifier
/// AEAD algorithm identifier
/// Pointer to allocated Hpke context or IntPtr.Zero on failure
public static IntPtr HpkeInit(HpkeKem kem, HpkeKdf kdf, HpkeAead aead)
{
IntPtr hpke = IntPtr.Zero;
IntPtr rng = IntPtr.Zero;
try
{
hpke = Marshal.AllocHGlobal(HPKE_STRUCT_SZ);
if (hpke == IntPtr.Zero)
{
log(ERROR_LOG, "HPKE alloc failed");
return IntPtr.Zero;
}
/* Zero the memory */
Marshal.Copy(new byte[HPKE_STRUCT_SZ], 0, hpke, HPKE_STRUCT_SZ);
int ret = wc_HpkeInit(hpke, (int)kem, (int)kdf, (int)aead, IntPtr.Zero);
if (ret != 0)
{
log(ERROR_LOG, "HPKE init failed " + ret + ": " + GetError(ret));
Marshal.FreeHGlobal(hpke);
return IntPtr.Zero;
}
/* Allocate a persistent RNG that lives as long as this context.
* Required so curve25519 keypairs (with blinding) retain a valid
* rng pointer for shared-secret operations. */
rng = RandomNew();
if (rng == IntPtr.Zero)
{
log(ERROR_LOG, "HPKE init: RNG allocation failed");
Marshal.FreeHGlobal(hpke);
return IntPtr.Zero;
}
HpkeContextStore(hpke, new HpkeContextState { rng = rng, kem = kem });
}
catch (Exception e)
{
log(ERROR_LOG, "HPKE init exception " + e.ToString());
if (rng != IntPtr.Zero)
{
RandomFree(rng);
}
if (hpke != IntPtr.Zero)
{
Marshal.FreeHGlobal(hpke);
}
return IntPtr.Zero;
}
return hpke;
}
///
/// Generate a new HPKE keypair
///
/// HPKE context from HpkeInit()
/// Pointer to keypair or IntPtr.Zero on failure
public static IntPtr HpkeGenerateKeyPair(IntPtr hpke)
{
IntPtr keypair = IntPtr.Zero;
try
{
if (hpke == IntPtr.Zero)
{
log(ERROR_LOG, "HPKE generate keypair: invalid context");
return IntPtr.Zero;
}
HpkeContextState state;
if (!HpkeContextTryGet(hpke, out state) || state.rng == IntPtr.Zero)
{
log(ERROR_LOG, "HPKE generate keypair: no RNG associated with context");
return IntPtr.Zero;
}
int ret = wc_HpkeGenerateKeyPair(hpke, ref keypair, state.rng);
if (ret != 0)
{
log(ERROR_LOG, "HPKE generate keypair failed " + ret + ": " + GetError(ret));
return IntPtr.Zero;
}
/* For X25519, explicitly bind the persistent rng to the keypair.
* wc_curve25519_make_key already does this internally when wolfSSL
* is built with WOLFSSL_CURVE25519_BLINDING, but the explicit call
* here documents the lifetime requirement and is defensive against
* future changes. The function only exists when blinding is built
* in, so swallow EntryPointNotFoundException for builds without it. */
if (state.kem == HpkeKem.DHKEM_X25519_HKDF_SHA256 && keypair != IntPtr.Zero)
{
try
{
wc_curve25519_set_rng(keypair, state.rng);
}
catch (EntryPointNotFoundException)
{
/* wolfSSL built without WOLFSSL_CURVE25519_BLINDING; nothing to do */
}
}
}
catch (Exception e)
{
log(ERROR_LOG, "HPKE generate keypair exception " + e.ToString());
keypair = IntPtr.Zero;
}
return keypair;
}
///
/// Serialize the public key to bytes
///
/// HPKE context from HpkeInit()
/// Keypair from HpkeGenerateKeyPair()
/// Serialized public key bytes or null on failure
public static byte[] HpkeSerializePublicKey(IntPtr hpke, IntPtr keypair)
{
try
{
if (hpke == IntPtr.Zero || keypair == IntPtr.Zero)
{
log(ERROR_LOG, "HPKE serialize public key: invalid parameter");
return null;
}
ushort outSz = (ushort)HPKE_Npk_MAX;
byte[] outBuf = new byte[outSz];
int ret = wc_HpkeSerializePublicKey(hpke, keypair, outBuf, ref outSz);
if (ret != 0)
{
log(ERROR_LOG, "HPKE serialize public key failed " + ret + ": " + GetError(ret));
return null;
}
/* Trim to actual size */
byte[] result = new byte[outSz];
Array.Copy(outBuf, 0, result, 0, outSz);
return result;
}
catch (Exception e)
{
log(ERROR_LOG, "HPKE serialize public key exception " + e.ToString());
return null;
}
}
///
/// Deserialize a public key from bytes
///
/// HPKE context from HpkeInit()
/// Serialized public key bytes
/// Pointer to keypair or IntPtr.Zero on failure
public static IntPtr HpkeDeserializePublicKey(IntPtr hpke, byte[] pubKeyBytes)
{
IntPtr key = IntPtr.Zero;
try
{
if (hpke == IntPtr.Zero || pubKeyBytes == null || pubKeyBytes.Length == 0)
{
log(ERROR_LOG, "HPKE deserialize public key: invalid parameter");
return IntPtr.Zero;
}
int ret = wc_HpkeDeserializePublicKey(hpke, ref key, pubKeyBytes, (ushort)pubKeyBytes.Length);
if (ret != 0)
{
log(ERROR_LOG, "HPKE deserialize public key failed " + ret + ": " + GetError(ret));
return IntPtr.Zero;
}
}
catch (Exception e)
{
log(ERROR_LOG, "HPKE deserialize public key exception " + e.ToString());
return IntPtr.Zero;
}
return key;
}
///
/// Free a keypair created by HpkeGenerateKeyPair or HpkeDeserializePublicKey
///
/// HPKE context from HpkeInit()
/// Keypair to free
/// KEM used when the keypair was created
public static void HpkeFreeKey(IntPtr hpke, IntPtr keypair, HpkeKem kem)
{
if (hpke != IntPtr.Zero && keypair != IntPtr.Zero)
{
wc_HpkeFreeKey(hpke, (ushort)kem, keypair, IntPtr.Zero);
}
}
///
/// Free an HPKE context allocated by HpkeInit
///
/// HPKE context to free
public static void HpkeFree(IntPtr hpke)
{
if (hpke != IntPtr.Zero)
{
HpkeContextState state;
if (HpkeContextTryRemove(hpke, out state) && state.rng != IntPtr.Zero)
{
RandomFree(state.rng);
}
Marshal.FreeHGlobal(hpke);
}
}
///
/// SingleShot seal (encrypt) using HPKE Base mode.
/// Returns enc||ciphertext as a single byte array.
/// The enc length is determined by the KEM (e.g. 65 bytes for P-256).
/// Ciphertext length = plaintext length + Nt (16-byte GCM tag).
///
/// HPKE context from HpkeInit()
/// Ephemeral keypair for sender
/// Receiver public key
/// Info context bytes (can be null)
/// Additional authenticated data (can be null)
/// Plaintext to encrypt
/// enc||ciphertext byte array or null on failure
public static byte[] HpkeSealBase(IntPtr hpke, IntPtr ephemeralKey, IntPtr receiverKey,
byte[] info, byte[] aad, byte[] plaintext)
{
try
{
if (hpke == IntPtr.Zero || ephemeralKey == IntPtr.Zero || receiverKey == IntPtr.Zero)
{
log(ERROR_LOG, "HPKE seal base: invalid parameter");
return null;
}
/* Native wc_HpkeSealBase only requires plaintext to be non-NULL;
* ptSz == 0 is valid (output is just the AEAD tag). */
if (plaintext == null)
{
log(ERROR_LOG, "HPKE seal base: invalid plaintext");
return null;
}
/* Serialize the ephemeral public key (enc) */
byte[] enc = HpkeSerializePublicKey(hpke, ephemeralKey);
if (enc == null)
{
log(ERROR_LOG, "HPKE seal base: failed to serialize ephemeral key");
return null;
}
uint infoSz = (info != null) ? (uint)info.Length : 0;
uint aadSz = (aad != null) ? (uint)aad.Length : 0;
uint ptSz = (uint)plaintext.Length;
/* wc_HpkeSealBase outputs ptSz + Nt (GCM tag) bytes */
int sealLen = (int)ptSz + HPKE_Nt;
byte[] sealOut = new byte[sealLen];
int ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
info, infoSz, aad, aadSz, plaintext, ptSz, sealOut);
if (ret != 0)
{
log(ERROR_LOG, "HPKE seal base failed " + ret + ": " + GetError(ret));
return null;
}
/* Return enc || sealOut */
byte[] result = new byte[enc.Length + sealLen];
Array.Copy(enc, 0, result, 0, enc.Length);
Array.Copy(sealOut, 0, result, enc.Length, sealLen);
return result;
}
catch (Exception e)
{
log(ERROR_LOG, "HPKE seal base exception " + e.ToString());
return null;
}
}
///
/// Convenience SingleShot seal (encrypt) using HPKE Base mode.
/// Generates an ephemeral keypair internally so the caller does not
/// need to manage one.
/// Returns enc||ciphertext as a single byte array.
///
/// HPKE context from HpkeInit()
/// Receiver public key
/// Info context bytes (can be null)
/// Additional authenticated data (can be null)
/// Plaintext to encrypt
/// KEM used (needed to free the ephemeral key)
/// enc||ciphertext byte array or null on failure
public static byte[] HpkeSealBase(IntPtr hpke, IntPtr receiverKey,
byte[] info, byte[] aad, byte[] plaintext, HpkeKem kem)
{
IntPtr ephemeralKey = IntPtr.Zero;
try
{
ephemeralKey = HpkeGenerateKeyPair(hpke);
if (ephemeralKey == IntPtr.Zero)
{
log(ERROR_LOG, "HPKE seal base: ephemeral keygen failed");
return null;
}
return HpkeSealBase(hpke, ephemeralKey, receiverKey,
info, aad, plaintext);
}
catch (Exception e)
{
log(ERROR_LOG, "HPKE seal base exception " + e.ToString());
return null;
}
finally
{
if (ephemeralKey != IntPtr.Zero)
HpkeFreeKey(hpke, ephemeralKey, kem);
}
}
///
/// SingleShot open (decrypt) using HPKE Base mode.
/// Takes the full enc||ciphertext blob returned by HpkeSealBase.
///
/// HPKE context from HpkeInit()
/// Receiver private keypair
/// enc||ciphertext blob from HpkeSealBase()
/// Info context bytes (can be null)
/// Additional authenticated data (can be null)
/// Expected plaintext length
/// Decrypted plaintext byte array or null on failure
public static byte[] HpkeOpenBase(IntPtr hpke, IntPtr receiverKey,
byte[] encCiphertext, byte[] info, byte[] aad, int ptLen)
{
try
{
if (hpke == IntPtr.Zero || receiverKey == IntPtr.Zero)
{
log(ERROR_LOG, "HPKE open base: invalid parameter");
return null;
}
if (encCiphertext == null || encCiphertext.Length == 0)
{
log(ERROR_LOG, "HPKE open base: invalid ciphertext");
return null;
}
/* encCiphertext = enc || ciphertext || GCM tag
* where ciphertext is ptLen bytes, tag is Nt bytes */
if (ptLen < 0 || ptLen > int.MaxValue - HPKE_Nt)
{
log(ERROR_LOG, "HPKE open base: invalid ptLen");
return null;
}
int sealLen = ptLen + HPKE_Nt;
if (encCiphertext.Length < sealLen)
{
log(ERROR_LOG, "HPKE open base: encCiphertext too short for given ptLen");
return null;
}
int pubKeySzInt = encCiphertext.Length - sealLen;
if (pubKeySzInt < 0 || pubKeySzInt > ushort.MaxValue)
{
log(ERROR_LOG, "HPKE open base: invalid encapsulated public key size");
return null;
}
ushort pubKeySz = (ushort)pubKeySzInt;
/* Split enc and sealed data (ciphertext || tag) */
byte[] pubKey = new byte[pubKeySz];
byte[] ct = new byte[sealLen];
Array.Copy(encCiphertext, 0, pubKey, 0, pubKeySz);
Array.Copy(encCiphertext, pubKeySz, ct, 0, sealLen);
uint infoSz = (info != null) ? (uint)info.Length : 0;
uint aadSz = (aad != null) ? (uint)aad.Length : 0;
byte[] plaintext = new byte[ptLen];
/* ctSz is just the ciphertext length (without tag);
* wc_HpkeOpenBase reads the tag from ct + ctSz */
int ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
info, infoSz, aad, aadSz, ct, (uint)ptLen, plaintext);
if (ret != 0)
{
log(ERROR_LOG, "HPKE open base failed " + ret + ": " + GetError(ret));
return null;
}
return plaintext;
}
catch (Exception e)
{
log(ERROR_LOG, "HPKE open base exception " + e.ToString());
return null;
}
}
///
/// Convenience SingleShot open (decrypt) using HPKE Base mode.
/// Derives the plaintext length from the KEM enc length, so the caller
/// does not need to know ptLen.
///
/// HPKE context from HpkeInit()
/// Receiver private keypair
/// enc||ciphertext blob from HpkeSealBase()
/// Info context bytes (can be null)
/// Additional authenticated data (can be null)
/// KEM used (to derive enc length)
/// Decrypted plaintext byte array or null on failure
public static byte[] HpkeOpenBase(IntPtr hpke, IntPtr receiverKey,
byte[] encCiphertext, byte[] info, byte[] aad, HpkeKem kem)
{
ushort encLen = HpkeEncLen(kem);
if (encLen == 0)
{
log(ERROR_LOG, "HPKE open base: unsupported KEM");
return null;
}
if (encCiphertext == null || encCiphertext.Length < encLen + HPKE_Nt)
{
log(ERROR_LOG, "HPKE open base: encCiphertext too short");
return null;
}
int ptLen = encCiphertext.Length - encLen - HPKE_Nt;
return HpkeOpenBase(hpke, receiverKey, encCiphertext, info, aad, ptLen);
}
/* END HPKE */
/***********************************************************************
* Logging / Other
**********************************************************************/
///
/// Set the function to use for logging
///
/// Function that conforms as to loggingCb
/// 0 on success
public static int SetLogging(loggingCb input)
{
internal_log = input;
return SUCCESS;
}
///
/// Get error string for wolfCrypt error codes
///
/// Negative error number from wolfCrypt API
/// Error string
public static string GetError(int error)
{
try
{
IntPtr errStr = wc_GetErrorString(error);
return wolfssl.PtrToStringAnsi(errStr);
}
catch (Exception e)
{
log(ERROR_LOG, "Get error exception " + e.ToString());
return string.Empty;
}
}
///
/// Compares two byte arrays.
///
/// The first byte array to compare.
/// The second byte array to compare.
/// True if both arrays are equal; otherwise, false.
public static bool ByteArrayVerify(byte[] array1, byte[] array2)
{
if (ReferenceEquals(array1, array2)) return true;
if (array1 == null || array2 == null) return false;
if (array1.Length != array2.Length) return false;
for (int i = 0; i < array1.Length; i++)
{
if (array1[i] != array2[i]) return false;
}
return true;
}
}
}