From db25958b4229d8bc4e50d46111cbbcc06e6c10b8 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Wed, 29 Jan 2025 15:27:32 -0500
Subject: [PATCH 1/2] New codepoint for MLDSA and MLKEM

---
 wolfssl/internal.h | 16 +++++++++-------
 wolfssl/ssl.h      | 24 ++++++++++++------------
 2 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 3389b6096..e973a124a 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1839,18 +1839,20 @@ enum Misc {
 
     PQC_SA_MAJOR        = 0xFE,/* Most significant byte used with PQC sig algs */
 
-    /* These values for falcon and dilithium match what OQS has defined. */
+    /* These values for falcon match what OQS has defined. */
     FALCON_LEVEL1_SA_MAJOR = 0xFE,
     FALCON_LEVEL1_SA_MINOR = 0xAE,
     FALCON_LEVEL5_SA_MAJOR = 0xFE,
     FALCON_LEVEL5_SA_MINOR = 0xB1,
 
-    DILITHIUM_LEVEL2_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL2_SA_MINOR = 0xD0,
-    DILITHIUM_LEVEL3_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL3_SA_MINOR = 0xD1,
-    DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
-    DILITHIUM_LEVEL5_SA_MINOR = 0xD2,
+    /* these values for MLDSA (Dilithium) correspond to what is proposed in the
+     * IETF. */
+    DILITHIUM_LEVEL2_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL2_SA_MINOR = 0x04,
+    DILITHIUM_LEVEL3_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL3_SA_MINOR = 0x05,
+    DILITHIUM_LEVEL5_SA_MAJOR = 0x09,
+    DILITHIUM_LEVEL5_SA_MINOR = 0x06,
 
     MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
     MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index a2679635f..d9622b9bc 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -4602,22 +4602,22 @@ enum {
 #endif
 #ifndef WOLFSSL_NO_ML_KEM
 #ifndef WOLFSSL_KYBER_ORIGINAL
-    WOLFSSL_PQC_MIN               = 583,
-    WOLFSSL_PQC_SIMPLE_MIN        = 583,
+    WOLFSSL_PQC_MIN               = 512,
+    WOLFSSL_PQC_SIMPLE_MIN        = 512,
 #endif
-    WOLFSSL_ML_KEM_512            = 583, /* ML-KEM 512 */
-    WOLFSSL_ML_KEM_768            = 584, /* ML-KEM 768 */
-    WOLFSSL_ML_KEM_1024           = 585, /* ML-KEM 1024 */
-    WOLFSSL_PQC_SIMPLE_MAX        = 585,
+    WOLFSSL_ML_KEM_512            = 512, /* ML-KEM 512 */
+    WOLFSSL_ML_KEM_768            = 513, /* ML-KEM 768 */
+    WOLFSSL_ML_KEM_1024           = 514, /* ML-KEM 1024 */
+    WOLFSSL_PQC_SIMPLE_MAX        = 514,
 
 #ifndef WOLFSSL_KYBER_ORIGINAL
-    WOLFSSL_PQC_HYBRID_MIN        = 12103,
+    WOLFSSL_PQC_HYBRID_MIN        = 12107,
 #endif
-    WOLFSSL_P256_ML_KEM_512       = 12103,
-    WOLFSSL_P384_ML_KEM_768       = 12104,
-    WOLFSSL_P521_ML_KEM_1024      = 12105,
-    WOLFSSL_PQC_HYBRID_MAX        = 12105,
-    WOLFSSL_PQC_MAX               = 12105,
+    WOLFSSL_P256_ML_KEM_512       = 12107,
+    WOLFSSL_P384_ML_KEM_768       = 12108,
+    WOLFSSL_P521_ML_KEM_1024      = 12109,
+    WOLFSSL_PQC_HYBRID_MAX        = 12109,
+    WOLFSSL_PQC_MAX               = 12109,
 #endif /* !WOLFSSL_NO_ML_KEM */
 #endif /* HAVE_PQC */
     WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H)

From aa59eab732f86bfafc42d2cfbb8c960f2523baec Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Wed, 12 Feb 2025 17:17:22 -0500
Subject: [PATCH 2/2] More minor mods.  Now interops with oqs-provider.

---
 src/internal.c     | 16 +++++++---------
 src/tls13.c        |  9 +++++----
 wolfssl/internal.h |  3 ++-
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 288571c14..f143e6839 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4582,14 +4582,11 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
             }
             break;
     #endif
-#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-        case PQC_SA_MAJOR:
-            /* Hash performed as part of sign/verify operation.
-             * However, if we want a dual alg signature with a
-             * classic algorithm as alternative, we need an explicit
-             * hash algo here.
-             */
+    /* Hash performed as part of sign/verify operation.
+     * However, if we want a dual alg signature with a classic algorithm as
+     * alternative, we need an explicit hash algo here. */
     #ifdef HAVE_FALCON
+        case FALCON_SA_MAJOR:
             if (input[1] == FALCON_LEVEL1_SA_MINOR) {
                 *hsType = falcon_level1_sa_algo;
                 *hashAlgo = sha256_mac;
@@ -4598,8 +4595,10 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
                 *hsType = falcon_level5_sa_algo;
                 *hashAlgo = sha512_mac;
             }
+            break;
     #endif /* HAVE_FALCON */
     #ifdef HAVE_DILITHIUM
+        case DILITHIUM_SA_MAJOR:
             if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
                 *hsType = dilithium_level2_sa_algo;
                 *hashAlgo = sha256_mac;
@@ -4612,9 +4611,8 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
                 *hsType = dilithium_level5_sa_algo;
                 *hashAlgo = sha512_mac;
             }
-    #endif /* HAVE_DILITHIUM */
             break;
-#endif
+    #endif /* HAVE_DILITHIUM */
         default:
             *hashAlgo = input[0];
             *hsType   = input[1];
diff --git a/src/tls13.c b/src/tls13.c
index 0f868a859..f41f1f42f 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -8015,9 +8015,8 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
             else
                 ret = INVALID_PARAMETER;
             break;
-#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-        case PQC_SA_MAJOR:
 #if defined(HAVE_FALCON)
+        case FALCON_SA_MAJOR:
             if (input[1] == FALCON_LEVEL1_SA_MINOR) {
                 *hsType = falcon_level1_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
@@ -8028,8 +8027,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
                 *hashAlgo = sha512_mac;
             }
             else
+                ret = INVALID_PARAMETER;
+            break;
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM)
+        case DILITHIUM_SA_MAJOR:
             if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
                 *hsType = dilithium_level2_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
@@ -8044,12 +8046,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
                 *hashAlgo = sha512_mac;
             }
             else
-#endif /* HAVE_DILITHIUM */
             {
                 ret = INVALID_PARAMETER;
             }
             break;
-#endif
+#endif /* HAVE_DILITHIUM */
         default:
             *hashAlgo = input[0];
             *hsType   = input[1];
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index e973a124a..5ce7890c2 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1837,7 +1837,8 @@ enum Misc {
     SM2_SA_MAJOR        = 7,   /* Most significant byte for SM2 with SM3 */
     SM2_SA_MINOR        = 8,   /* Least significant byte for SM2 with SM3 */
 
-    PQC_SA_MAJOR        = 0xFE,/* Most significant byte used with PQC sig algs */
+    FALCON_SA_MAJOR     = 0xFE,/* Most significant byte used with falcon sig algs */
+    DILITHIUM_SA_MAJOR  = 0x09,/* Most significant byte used with dilithium sig algs */
 
     /* These values for falcon match what OQS has defined. */
     FALCON_LEVEL1_SA_MAJOR = 0xFE,