Add minimal EC CLI tool implementation #2640
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2640 +/- ##
==========================================
+ Coverage 78.81% 78.86% +0.04%
==========================================
Files 667 669 +2
Lines 114088 114252 +164
Branches 16063 16075 +12
==========================================
+ Hits 89923 90103 +180
+ Misses 23390 23375 -15
+ Partials 775 774 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| enum Format { | ||
| FORMAT_PEM = 1, | ||
| FORMAT_DER = 2 | ||
| }; |
There was a problem hiding this comment.
NP: This type is common enough, perhaps it should be shared across the different commands?
There was a problem hiding this comment.
OpenSSL supports PEM, DER, PKCS12, SMIME, ENGINE, MSBLOB, PVK, HTTP, NSS, and TEXT formats. The implementation is located in /apps/opt.c in the opt_format() function at lines 197-272, using a centralized parser with flag-based format selection.
I believe centralizing format parsing across the CLI commands warrants its own PR to consider full implementation of opt_format() for AWS-LC.
There was a problem hiding this comment.
Maybe format parsing can be its own, but at least defining these macros/types could move to common header?
- Create ec.cc with EC-specific key processing - Support options: -inform, -in, -pubout, -out, -outform - Handle PEM/DER format conversion for EC private/public keys - Use EC-specific AWS-LC APIs for proper key handling - Integrate ecTool into build system (CMakeLists.txt, internal.h, tool.cc) - Tested format conversion and OpenSSL interoperability Assisted by Amazon Q
- Create ec_test.cc with cross-compatibility testing - Test all minimal EC options: -inform, -in, -pubout, -out, -outform - Include format conversion tests (PEM/DER) and round-trip validation - Add error handling tests for invalid inputs/outputs - Support conditional OpenSSL cross-compatibility when env vars set - Use BIO pattern consistent with other AWS-LC tool tests - All 13 tests pass including OpenSSL interoperability validation Assisted by Amazon Q
- Load original keys for comparison in both round-trip tests - Use BN_cmp() to validate private key values remain identical - Ensures data integrity through PEM↔DER format conversions
- Use isStringUpperCaseEqual() for case-insensitive format checking - Simplify error messages to show only supported formats - Make format validation consistent with other tools
justsmth
force-pushed
the
implement-ec-cli
branch
from
59b4c0e to
6b751a0
Compare
Issues:
Addresses #CryptoAlg-3382
Description of changes:
This PR implements a minimal EC CLI tool for AWS-LC to provide EC key processing capabilities similar to OpenSSL's
openssl eccommand. The tool supports essential EC key operations including format conversion between PEM/DER for both private and public keys, using AWS-LC's native EC APIs for proper key handling.Testing:
ec_test.cccovering:By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.