feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5378 from anhu/dilithium

Browse Source 
Initial commit to add Dilithium NIST PQC winner.
This commit is contained in:
David Garske
2022-08-12 09:29:42 -07:00
committed by GitHub
parent 0d78bd2127 82a900b438
commit 60437bba6e
29 changed files with 7222 additions and 439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/dilithium/bench_dilithium_aes_level2_key.der Normal file
View File

Binary file not shown.

BIN
certs/dilithium/bench_dilithium_aes_level3_key.der Normal file
View File

Binary file not shown.

BIN
certs/dilithium/bench_dilithium_aes_level5_key.der Normal file
View File

Binary file not shown.

BIN
certs/dilithium/bench_dilithium_level2_key.der Normal file
View File

Binary file not shown.

BIN
certs/dilithium/bench_dilithium_level3_key.der Normal file
View File

Binary file not shown.

BIN
certs/dilithium/bench_dilithium_level5_key.der Normal file
View File

Binary file not shown.

11
certs/dilithium/include.am Normal file
View File

@@ -0,0 +1,11 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/dilithium/bench_dilithium_level2_key.der \
certs/dilithium/bench_dilithium_level3_key.der \
certs/dilithium/bench_dilithium_level5_key.der \
certs/dilithium/bench_dilithium_aes_level2_key.der \
certs/dilithium/bench_dilithium_aes_level3_key.der \
certs/dilithium/bench_dilithium_aes_level5_key.der

1
certs/include.am
View File

@@ -129,4 +129,5 @@ include certs/test-pathlen/include.am
include certs/intermediate/include.am
include certs/falcon/include.am
include certs/rsapss/include.am
include certs/dilithium/include.am

33
gencertbuf.pl
View File

@@ -105,6 +105,17 @@ my @fileList_falcon = (
["certs/falcon/bench_falcon_level5_key.der", "bench_falcon_level5_key" ],
);
#Dilithium Post-Quantum Keys
#Used with HAVE_PQC
my @fileList_dilithium = (
["certs/dilithium/bench_dilithium_level2_key.der", "bench_dilithium_level2_key" ],
["certs/dilithium/bench_dilithium_level3_key.der", "bench_dilithium_level3_key" ],
["certs/dilithium/bench_dilithium_level5_key.der", "bench_dilithium_level5_key" ],
["certs/dilithium/bench_dilithium_aes_level2_key.der", "bench_dilithium_aes_level2_key" ],
["certs/dilithium/bench_dilithium_aes_level3_key.der", "bench_dilithium_aes_level3_key" ],
["certs/dilithium/bench_dilithium_aes_level5_key.der", "bench_dilithium_aes_level5_key" ],
);
# ----------------------------------------------------------------------------
my $num_ecc = @fileList_ecc;
@@ -114,6 +125,7 @@ my $num_2048 = @fileList_2048;
my $num_3072 = @fileList_3072;
my $num_4096 = @fileList_4096;
my $num_falcon = @fileList_falcon;
my $num_dilithium = @fileList_dilithium;
# open our output file, "+>" creates and/or truncates
open OUT_FILE, "+>", $outputFile or die $!;
@@ -194,7 +206,7 @@ for (my $i = 0; $i < $num_4096; $i++) {
print OUT_FILE "#endif /* USE_CERT_BUFFERS_4096 */\n\n";
# convert and print falcon keys
print OUT_FILE "#ifdef HAVE_PQC\n\n";
print OUT_FILE "#ifdef HAVE_PQC && HAVE_FALCON\n\n";
for (my $i = 0; $i < $num_falcon; $i++) {
my $fname = $fileList_falcon[$i][0];
@@ -208,7 +220,24 @@ for (my $i = 0; $i < $num_falcon; $i++) {
print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
}
print OUT_FILE "#endif /* HAVE_PQC */\n\n";
print OUT_FILE "#endif /* HAVE_PQC && HAVE_FALCON */\n\n";
# convert and print dilithium keys
print OUT_FILE "#ifdef HAVE_PQC && HAVE_DILITHIUM\n\n";
for (my $i = 0; $i < $num_dilithium; $i++) {
my $fname = $fileList_dilithium[$i][0];
my $sname = $fileList_dilithium[$i][1];
print OUT_FILE "/* $fname */\n";
print OUT_FILE "static const unsigned char $sname\[] =\n";
print OUT_FILE "{\n";
file_to_hex($fname);
print OUT_FILE "};\n";
print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
}
print OUT_FILE "#endif /* HAVE_PQC && HAVE_DILITHIUM */\n\n";
# convert and print 256-bit cert/keys
print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n";

3
rpm/spec.in
View File

@@ -266,6 +266,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/wolfssl/wolfcrypt/ed448.h
%{_includedir}/wolfssl/wolfcrypt/error-crypt.h
%{_includedir}/wolfssl/wolfcrypt/falcon.h
%{_includedir}/wolfssl/wolfcrypt/dilithium.h
%{_includedir}/wolfssl/wolfcrypt/fe_448.h
%{_includedir}/wolfssl/wolfcrypt/fe_operations.h
%{_includedir}/wolfssl/wolfcrypt/fips_test.h
@@ -313,6 +314,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/pkgconfig/wolfssl.pc
%changelog
* Fri Jul 20 2022 Anthony Hu <anthony@wolfssl.com>
- Add a new header dilithium.h.
* Fri July 8 2022 Jacob Barthelmeh <jacob@wolfssl.com>
- Add missing sp_int.h file
* Mon May 2 2022 Jacob Barthelmeh <jacob@wolfssl.com>

1
src/include.am
View File

@@ -652,6 +652,7 @@ endif
if BUILD_LIBOQS
src_libwolfssl_la_SOURCES += wolfcrypt/src/falcon.c
src_libwolfssl_la_SOURCES += wolfcrypt/src/dilithium.c
endif
if BUILD_LIBZ

528
src/internal.c
View File

@@ -2094,10 +2094,17 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
}
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ssl->options.haveFalconSig = 1; /* always on client side */
}
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ssl->options.haveDilithiumSig = 1; /* always on client side */
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
if (ssl->options.side == WOLFSSL_CLIENT_END) {
@@ -2173,8 +2180,13 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
ctx->eccTempKeySz = ECDHE_SIZE;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
ctx->minFalconKeySz = MIN_FALCONKEY_SZ;
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
ctx->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
ctx->verifyDepth = MAX_CHAIN_DEPTH;
#ifdef OPENSSL_EXTRA
ctx->cbioFlag = WOLFSSL_CBIO_NONE;
@@ -2234,10 +2246,17 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#endif /* WOLFSSL_USER_IO */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (method->side == WOLFSSL_CLIENT_END)
ctx->haveFalconSig = 1; /* always on client side */
/* server can turn on by loading key */
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (method->side == WOLFSSL_CLIENT_END)
ctx->haveDilithiumSig = 1; /* always on client side */
/* server can turn on by loading key */
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef HAVE_ECC
if (method->side == WOLFSSL_CLIENT_END) {
ctx->haveECDSAsig = 1; /* always on client side */
@@ -2796,6 +2815,7 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
else
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (sigAlgo == falcon_level1_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = FALCON_LEVEL1_SA_MAJOR;
*inOutIdx += 1;
@@ -2810,7 +2830,52 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
*inOutIdx += 1;
}
else
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (sigAlgo == dilithium_level2_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL2_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL2_SA_MINOR;
*inOutIdx += 1;
}
else
if (sigAlgo == dilithium_level3_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL3_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL3_SA_MINOR;
*inOutIdx += 1;
}
else
if (sigAlgo == dilithium_level5_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL5_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_LEVEL5_SA_MINOR;
*inOutIdx += 1;
}
else
if (sigAlgo == dilithium_aes_level2_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL2_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL2_SA_MINOR;
*inOutIdx += 1;
}
else
if (sigAlgo == dilithium_aes_level3_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL3_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL3_SA_MINOR;
*inOutIdx += 1;
}
else
if (sigAlgo == dilithium_aes_level5_sa_algo) {
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL5_SA_MAJOR;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL5_SA_MINOR;
*inOutIdx += 1;
}
else
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef WC_RSA_PSS
if (sigAlgo == rsa_pss_sa_algo) {
/* RSA PSS is sig then mac */
@@ -2838,8 +2903,8 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
}
void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
int haveFalconSig, int haveAnon, int tls1_2,
int keySz)
int haveFalconSig, int haveDilithiumSig,
int haveAnon, int tls1_2, int keySz)
{
word16 idx = 0;
@@ -2873,8 +2938,28 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
if (haveFalconSig) {
#if defined(HAVE_PQC)
#ifdef HAVE_FALCON
AddSuiteHashSigAlgo(suites, no_mac, falcon_level1_sa_algo, keySz, &idx);
AddSuiteHashSigAlgo(suites, no_mac, falcon_level5_sa_algo, keySz, &idx);
#endif /* HAVE_FALCON */
#endif /* HAVE_PQC */
}
if (haveDilithiumSig) {
#if defined(HAVE_PQC)
#ifdef HAVE_DILITHIUM
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level2_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level3_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level5_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level2_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level3_sa_algo, keySz,
&idx);
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level5_sa_algo, keySz,
&idx);
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
}
if (haveRSAsig) {
@@ -2926,8 +3011,8 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
word16 havePSK, word16 haveDH, word16 haveECDSAsig,
word16 haveECC, word16 haveStaticRSA, word16 haveStaticECC,
word16 haveFalconSig, word16 haveAnon, word16 haveNull,
int side)
word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon,
word16 haveNull, int side)
{
word16 idx = 0;
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
@@ -2959,6 +3044,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
(void)haveAnon; /* anon ciphers optional */
(void)haveNull;
(void)haveFalconSig;
(void)haveDilithiumSig;
if (suites == NULL) {
WOLFSSL_MSG("InitSuites pointer error");
@@ -3887,7 +3973,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
if (suites->hashSigAlgoSz == 0) {
InitSuitesHashSigAlgo(suites, haveECDSAsig | haveECC,
haveRSAsig | haveRSA, haveFalconSig,
0, tls1_2, keySz);
haveDilithiumSig, 0, tls1_2, keySz);
}
}
@@ -3938,16 +4024,43 @@ static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsTy
break;
#ifdef HAVE_PQC
case PQC_SA_MAJOR:
/* Hash performed as part of sign/verify operation. */
#ifdef HAVE_FALCON
if (input[1] == FALCON_LEVEL1_SA_MINOR) {
*hsType = falcon_level1_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
}
else if (input[1] == FALCON_LEVEL5_SA_MINOR) {
*hsType = falcon_level5_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
}
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
*hsType = dilithium_level2_sa_algo;
*hashAlgo = sha512_mac;
}
else if (input[1] == DILITHIUM_LEVEL3_SA_MINOR) {
*hsType = dilithium_level3_sa_algo;
*hashAlgo = sha512_mac;
}
else if (input[1] == DILITHIUM_LEVEL5_SA_MINOR) {
*hsType = dilithium_level5_sa_algo;
*hashAlgo = sha512_mac;
}
else if (input[1] == DILITHIUM_AES_LEVEL2_SA_MINOR) {
*hsType = dilithium_aes_level2_sa_algo;
*hashAlgo = sha512_mac;
}
else if (input[1] == DILITHIUM_AES_LEVEL3_SA_MINOR) {
*hsType = dilithium_aes_level3_sa_algo;
*hashAlgo = sha512_mac;
}
else if (input[1] == DILITHIUM_AES_LEVEL5_SA_MINOR) {
*hsType = dilithium_aes_level5_sa_algo;
*hashAlgo = sha512_mac;
}
#endif /* HAVE_DILITHIUM */
break;
#endif
default:
@@ -5905,14 +6018,15 @@ int InitSSL_Suites(WOLFSSL* ssl)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
}
else {
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, TRUE,
ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
ssl->options.haveStaticECC, ssl->options.haveFalconSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
ssl->options.haveDilithiumSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
}
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
@@ -6119,12 +6233,13 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->options.downgrade = ctx->method->downgrade;
ssl->options.minDowngrade = ctx->minDowngrade;
ssl->options.haveRSA = ctx->haveRSA;
ssl->options.haveDH = ctx->haveDH;
ssl->options.haveECDSAsig = ctx->haveECDSAsig;
ssl->options.haveECC = ctx->haveECC;
ssl->options.haveStaticECC = ctx->haveStaticECC;
ssl->options.haveFalconSig = ctx->haveFalconSig;
ssl->options.haveRSA = ctx->haveRSA;
ssl->options.haveDH = ctx->haveDH;
ssl->options.haveECDSAsig = ctx->haveECDSAsig;
ssl->options.haveECC = ctx->haveECC;
ssl->options.haveStaticECC = ctx->haveStaticECC;
ssl->options.haveFalconSig = ctx->haveFalconSig;
ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
#ifndef NO_PSK
ssl->options.havePSK = ctx->havePSK;
@@ -6156,8 +6271,13 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->options.minEccKeySz = ctx->minEccKeySz;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
ssl->options.minFalconKeySz = ctx->minFalconKeySz;
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
ssl->options.minDilithiumKeySz = ctx->minDilithiumKeySz;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
ssl->options.verifyDepth = ctx->verifyDepth;
#endif
@@ -6942,11 +7062,18 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
wc_curve448_free((curve448_key*)*pKey);
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
wc_falcon_free((falcon_key*)*pKey);
break;
#endif /* HAVE_PQC && HAVE_FALCON */
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DYNAMIC_TYPE_DILITHIUM:
wc_dilithium_free((dilithium_key*)*pKey);
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifndef NO_DH
case DYNAMIC_TYPE_DH:
wc_FreeDhKey((DhKey*)*pKey);
@@ -7009,10 +7136,17 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
sz = sizeof(curve448_key);
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
sz = sizeof(falcon_key);
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DYNAMIC_TYPE_DILITHIUM:
sz = sizeof(dilithium_key);
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifndef NO_DH
case DYNAMIC_TYPE_DH:
@@ -7059,12 +7193,20 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
ret = 0;
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
wc_falcon_init((falcon_key*)*pKey);
ret = 0;
break;
#endif
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DYNAMIC_TYPE_DILITHIUM:
wc_dilithium_init((dilithium_key*)*pKey);
ret = 0;
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef HAVE_CURVE448
case DYNAMIC_TYPE_CURVE448:
wc_curve448_init((curve448_key*)*pKey);
@@ -7090,7 +7232,8 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_CURVE25519) || defined(HAVE_ED448) || \
defined(HAVE_CURVE448) || (defined(HAVE_PQC) && defined(HAVE_FALCON))
defined(HAVE_CURVE448) || (defined(HAVE_PQC) && defined(HAVE_FALCON)) || \
(defined(HAVE_PQC) && defined(HAVE_DILITHIUM))
static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
{
int ret = 0;
@@ -12585,26 +12728,55 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
if (ssl->options.minFalconKeySz < 0 ||
FALCON_LEVEL1_KEY_SIZE < (word16)ssl->options.minFalconKeySz) {
WOLFSSL_MSG(
"Falcon key size in cert chain error");
FALCON_LEVEL1_KEY_SIZE < (word16)ssl->options.minFalconKeySz) {
WOLFSSL_MSG("Falcon key size in cert chain error");
ret = FALCON_KEY_SIZE_E;
WOLFSSL_ERROR_VERBOSE(ret);
}
break;
case FALCON_LEVEL5k:
if (ssl->options.minFalconKeySz < 0 ||
FALCON_LEVEL5_KEY_SIZE < (word16)ssl->options.minFalconKeySz) {
WOLFSSL_MSG(
"Falcon key size in cert chain error");
FALCON_LEVEL5_KEY_SIZE < (word16)ssl->options.minFalconKeySz) {
WOLFSSL_MSG("Falcon key size in cert chain error");
ret = FALCON_KEY_SIZE_E;
WOLFSSL_ERROR_VERBOSE(ret);
}
break;
#endif /* HAVE_PQC && HAVE_FALCON */
#endif /* HAVE_FALCON */
#endif /* HAVE_PQC */
#if defined(HAVE_DILITHIUM)
case DILITHIUM_LEVEL2k:
case DILITHIUM_AES_LEVEL2k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL2_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
}
break;
case DILITHIUM_LEVEL3k:
case DILITHIUM_AES_LEVEL3k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL3_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG( "Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
}
break;
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL5k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL5_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
}
break;
#endif /* HAVE_DILITHIUM */
default:
WOLFSSL_MSG("Key size not checked");
/* key not being checked for size if not in
@@ -13889,7 +14061,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break;
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
{
@@ -13935,8 +14108,87 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
WOLFSSL_ERROR_VERBOSE(ret);
WOLFSSL_MSG("Peer Falcon key is too small");
}
break;
}
#endif /* HAVE_PQC && HAVE_FALCON */
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL2k:
case DILITHIUM_AES_LEVEL3k:
case DILITHIUM_AES_LEVEL5k:
{
int keyRet = 0;
if (ssl->peerDilithiumKey == NULL) {
/* alloc/init on demand */
keyRet = AllocKey(ssl, DYNAMIC_TYPE_DILITHIUM,
(void**)&ssl->peerDilithiumKey);
} else if (ssl->peerDilithiumKeyPresent) {
keyRet = ReuseKey(ssl, DYNAMIC_TYPE_DILITHIUM,
ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
}
if (keyRet == 0) {
if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 2,
SHAKE_VARIANT);
}
else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 3,
SHAKE_VARIANT);
}
else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 5,
SHAKE_VARIANT);
}
else if (args->dCert->keyOID
== DILITHIUM_AES_LEVEL2k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 2,
AES_VARIANT);
}
else if (args->dCert->keyOID
== DILITHIUM_AES_LEVEL3k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 3,
AES_VARIANT);
}
else if (args->dCert->keyOID
== DILITHIUM_AES_LEVEL5k) {
keyRet = wc_dilithium_set_level_and_sym(
ssl->peerDilithiumKey, 5,
AES_VARIANT);
}
}
if (keyRet != 0 ||
wc_dilithium_import_public(args->dCert->publicKey,
args->dCert->pubKeySize,
ssl->peerDilithiumKey)
!= 0) {
ret = PEER_KEY_ERROR;
}
else {
ssl->peerDilithiumKeyPresent = 1;
}
/* check size of peer Dilithium key */
if (ret == 0 && ssl->peerDilithiumKeyPresent &&
!ssl->options.verifyNone &&
DILITHIUM_MAX_KEY_SIZE <
ssl->options.minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("Peer Dilithium key is too small");
}
break;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
default:
break;
}
@@ -22566,6 +22818,8 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case FALCON_KEY_SIZE_E:
return "Wrong key size for Falcon.";
case DILITHIUM_KEY_SIZE_E:
return "Wrong key size for Dilithium.";
#ifdef WOLFSSL_QUIC
case QUIC_TP_MISSING_E:
@@ -23500,21 +23754,22 @@ ciphersuites introduced through the "bulk" ciphersuites.
*/
int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
{
int ret = 0;
int idx = 0;
int haveRSAsig = 0;
int haveECDSAsig = 0;
int haveFalconSig = 0;
int haveAnon = 0;
int ret = 0;
int idx = 0;
int haveRSAsig = 0;
int haveECDSAsig = 0;
int haveFalconSig = 0;
int haveDilithiumSig = 0;
int haveAnon = 0;
#ifdef OPENSSL_EXTRA
int haveRSA = 0;
int haveDH = 0;
int haveECC = 0;
int haveStaticRSA = 1; /* allowed by default if compiled in */
int haveStaticECC = 0;
int haveNull = 1; /* allowed by default if compiled in */
int callInitSuites = 0;
int havePSK = 0;
int haveRSA = 0;
int haveDH = 0;
int haveECC = 0;
int haveStaticRSA = 1; /* allowed by default if compiled in */
int haveStaticECC = 0;
int haveNull = 1; /* allowed by default if compiled in */
int callInitSuites = 0;
int havePSK = 0;
#endif
const int suiteSz = GetCipherNamesSize();
const char* next = list;
@@ -23735,8 +23990,13 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
haveECDSAsig = 1;
#endif
#if defined(HAVE_PQC)
#ifdef HAVE_FALCON
haveFalconSig = 1;
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
haveDilithiumSig = 1;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
}
else
#endif
@@ -23782,7 +24042,8 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
(word16)havePSK, (word16)haveDH, (word16)haveECDSAsig,
(word16)haveECC, (word16)haveStaticRSA,
(word16)haveStaticECC, (word16)haveFalconSig,
(word16)haveAnon, (word16)haveNull, ctx->method->side);
(word16)haveDilithiumSig, (word16)haveAnon,
(word16)haveNull, ctx->method->side);
/* Restore user ciphers ahead of defaults */
XMEMMOVE(suites->suites + idx, suites->suites,
min(suites->suiteSz, WOLFSSL_MAX_SUITE_SZ-idx));
@@ -23793,7 +24054,8 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
{
suites->suiteSz = (word16)idx;
InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig,
haveFalconSig, haveAnon, 1, keySz);
haveFalconSig, haveDilithiumSig, haveAnon,
1, keySz);
}
suites->setSuites = 1;
}
@@ -23975,6 +24237,7 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
}
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (ssl->pkCurveOID == CTC_FALCON_LEVEL1) {
/* Certificate has Falcon level 1 key, only match with Falcon level 1
* sig alg */
@@ -23985,7 +24248,34 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
* sig alg */
return sigAlgo == falcon_level5_sa_algo;
}
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2) {
/* Certificate has Dilithium level 2 key, only match with it. */
return sigAlgo == dilithium_level2_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3) {
/* Certificate has Dilithium level 3 key, only match with it. */
return sigAlgo == dilithium_level3_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) {
/* Certificate has Dilithium level 5 key, only match with it. */
return sigAlgo == dilithium_level5_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL2) {
/* Certificate has Dilithium AES level 2 key, only match with it. */
return sigAlgo == dilithium_aes_level2_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL3) {
/* Certificate has Dilithium AES level 3 key, only match with it. */
return sigAlgo == dilithium_aes_level3_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL5) {
/* Certificate has Dilithium AES level 5 key, only match with it. */
return sigAlgo == dilithium_aes_level5_sa_algo;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef WC_RSA_PSS
/* RSA certificate and PSS sig alg. */
if (ssl->suites->sigAlgo == rsa_sa_algo) {
@@ -24090,6 +24380,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (ssl->pkCurveOID == CTC_FALCON_LEVEL1 ||
ssl->pkCurveOID == CTC_FALCON_LEVEL5 ) {
/* Matched Falcon - set chosen and finished. */
@@ -24098,7 +24389,22 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
ret = 0;
break;
}
#endif
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2 ||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 ||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5 ||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL2 ||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL3 ||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL5 ) {
/* Matched Dilithium - set chosen and finished. */
ssl->suites->sigAlgo = sigAlgo;
ssl->suites->hashAlgo = hashAlgo;
ret = 0;
break;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#if defined(WOLFSSL_ECDSA_MATCH_HASH) && defined(USE_ECDSA_KEYSZ_HASH_ALGO)
#error "WOLFSSL_ECDSA_MATCH_HASH and USE_ECDSA_KEYSZ_HASH_ALGO cannot "
@@ -24463,8 +24769,8 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
}
#endif /* WOLF_PRIVATE_KEY_ID && !NO_CHECK_PRIVATE_KEY */
/* Decode the private key - RSA/ECC/Ed25519/Ed448/Falcon - and creates a key
* object.
/* Decode the private key - RSA/ECC/Ed25519/Ed448/Falcon/Dilithium - and
* creates a key object.
*
* The signature type is set as well.
* The maximum length of a signature is returned.
@@ -24786,7 +25092,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
}
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (ssl->buffers.keyType == falcon_level1_sa_algo ||
ssl->buffers.keyType == falcon_level5_sa_algo ||
ssl->buffers.keyType == 0) {
@@ -24846,7 +25153,93 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
goto exit_dpk;
}
}
#endif /* HAVE_PQC && HAVE_FALCON */
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
if (ssl->buffers.keyType == dilithium_level2_sa_algo ||
ssl->buffers.keyType == dilithium_level3_sa_algo ||
ssl->buffers.keyType == dilithium_level5_sa_algo ||
ssl->buffers.keyType == dilithium_aes_level2_sa_algo ||
ssl->buffers.keyType == dilithium_aes_level3_sa_algo ||
ssl->buffers.keyType == dilithium_aes_level5_sa_algo ||
ssl->buffers.keyType == 0) {
ssl->hsType = DYNAMIC_TYPE_DILITHIUM;
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
if (ret != 0) {
goto exit_dpk;
}
if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
2, SHAKE_VARIANT);
}
else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
3, SHAKE_VARIANT);
}
else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
5, SHAKE_VARIANT);
}
else if (ssl->buffers.keyType == dilithium_aes_level2_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
2, AES_VARIANT);
}
else if (ssl->buffers.keyType == dilithium_aes_level3_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
3, AES_VARIANT);
}
else if (ssl->buffers.keyType == dilithium_aes_level5_sa_algo) {
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
5, AES_VARIANT);
}
else {
/* What if ssl->buffers.keyType is 0? We might want to do something
* more graceful here. */
ret = ALGO_ID_E;
}
if (ret != 0) {
goto exit_dpk;
}
#if defined(HAVE_ED448)
WOLFSSL_MSG("Trying Dilithium private key, ED448 didn't work");
#elif defined(HAVE_ED25519)
WOLFSSL_MSG("Trying Dilithium private key, ED25519 didn't work");
#elif defined(HAVE_ECC)
WOLFSSL_MSG("Trying Dilithium private key, ECC didn't work");
#elif !defined(NO_RSA)
WOLFSSL_MSG("Trying Dilithium private key, RSA didn't work");
#elif defined(HAVE_FALCON)
WOLFSSL_MSG("Trying Dilithium private key, Falcon didn't work");
#else
WOLFSSL_MSG("Trying Dilithium private key");
#endif
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is a Dilithium private key. */
ret = wc_dilithium_import_private_only(ssl->buffers.key->buffer,
ssl->buffers.key->length,
(dilithium_key*)ssl->hsKey);
if (ret == 0) {
WOLFSSL_MSG("Using Dilithium private key");
/* Check it meets the minimum Dilithium key size requirements. */
if (DILITHIUM_MAX_KEY_SIZE < ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size too small");
ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*length = DILITHIUM_MAX_SIG_SIZE;
goto exit_dpk;
}
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
(void)idx;
(void)keySz;
@@ -31477,8 +31870,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon,
TRUE, ssl->options.side);
}
/* suite size */
@@ -31874,8 +32268,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon,
TRUE, ssl->options.side);
}
/* check if option is set to not allow the current version
@@ -31945,8 +32340,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig,
ssl->options.haveDilithiumSig, ssl->options.haveAnon,
TRUE, ssl->options.side);
}
}

401
src/ssl.c
View File

@@ -118,8 +118,13 @@
#include <wolfssl/wolfcrypt/ed25519.h>
#include <wolfssl/wolfcrypt/curve448.h>
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#include <wolfssl/wolfcrypt/falcon.h>
#endif
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#include <wolfssl/wolfcrypt/dilithium.h>
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
#ifdef HAVE_OCSP
#include <wolfssl/openssl/ocsp.h>
@@ -2171,8 +2176,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
}
WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
@@ -4198,8 +4203,13 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
cm->minEccKeySz = MIN_ECCKEY_SZ;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
cm->minFalconKeySz = MIN_FALCONKEY_SZ;
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
cm->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
cm->heap = heap;
}
@@ -4715,9 +4725,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
return WOLFSSL_SUCCESS;
}
#endif /* !leanpsk */
@@ -5152,7 +5161,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
if (cm->minFalconKeySz < 0 ||
FALCON_LEVEL1_KEY_SIZE < (word16)cm->minFalconKeySz) {
@@ -5167,7 +5177,34 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
WOLFSSL_MSG("\tCA Falcon level 5 key size error");
}
break;
#endif /* HAVE_PQC && HAVE_FALCON */
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DILITHIUM_LEVEL2k:
case DILITHIUM_AES_LEVEL2k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
}
break;
case DILITHIUM_LEVEL3k:
case DILITHIUM_AES_LEVEL3k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
}
break;
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL5k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
default:
WOLFSSL_MSG("\tNo key size check done on CA");
@@ -6076,7 +6113,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
return ret;
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) ||
(*keyFormat == FALCON_LEVEL5k))) {
/* make sure Falcon key can be used */
@@ -6142,7 +6180,119 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (ret != 0)
return ret;
}
#endif /* HAVE_PQC && HAVE_FALCON */
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
if ((*keyFormat == 0) ||
(*keyFormat == DILITHIUM_LEVEL2k) ||
(*keyFormat == DILITHIUM_LEVEL3k) ||
(*keyFormat == DILITHIUM_LEVEL5k) ||
(*keyFormat == DILITHIUM_AES_LEVEL2k) ||
(*keyFormat == DILITHIUM_AES_LEVEL3k) ||
(*keyFormat == DILITHIUM_AES_LEVEL5k)) {
/* make sure Dilithium key can be used */
dilithium_key* key = (dilithium_key*)XMALLOC(sizeof(dilithium_key),
heap,
DYNAMIC_TYPE_DILITHIUM);
if (key == NULL) {
return MEMORY_E;
}
ret = wc_dilithium_init(key);
if (ret == 0) {
if (*keyFormat == DILITHIUM_LEVEL2k) {
ret = wc_dilithium_set_level_and_sym(key, 2, SHAKE_VARIANT);
}
else if (*keyFormat == DILITHIUM_LEVEL3k) {
ret = wc_dilithium_set_level_and_sym(key, 3, SHAKE_VARIANT);
}
else if (*keyFormat == DILITHIUM_LEVEL5k) {
ret = wc_dilithium_set_level_and_sym(key, 5, SHAKE_VARIANT);
}
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
ret = wc_dilithium_set_level_and_sym(key, 2, AES_VARIANT);
}
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
ret = wc_dilithium_set_level_and_sym(key, 3, AES_VARIANT);
}
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
ret = wc_dilithium_set_level_and_sym(key, 5, AES_VARIANT);
}
else {
/* What if *keyformat is 0? We might want to do something more
* graceful here. */
wc_dilithium_free(key);
ret = ALGO_ID_E;
}
}
if (ret == 0) {
*idx = 0;
ret = wc_dilithium_import_private_only(der->buffer, der->length,
key);
if (ret == 0) {
/* check for minimum key size and then free */
int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz;
*keySz = DILITHIUM_MAX_KEY_SIZE;
if (*keySz < minKeySz) {
WOLFSSL_MSG("Dilithium private key too small");
ret = DILITHIUM_KEY_SIZE_E;
}
if (ssl) {
if (*keyFormat == DILITHIUM_LEVEL2k) {
ssl->buffers.keyType = dilithium_level2_sa_algo;
}
else if (*keyFormat == DILITHIUM_LEVEL3k) {
ssl->buffers.keyType = dilithium_level3_sa_algo;
}
else if (*keyFormat == DILITHIUM_LEVEL5k) {
ssl->buffers.keyType = dilithium_level5_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
ssl->buffers.keyType = dilithium_aes_level2_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
ssl->buffers.keyType = dilithium_aes_level3_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
ssl->buffers.keyType = dilithium_aes_level5_sa_algo;
}
ssl->buffers.keySz = *keySz;
}
else {
if (*keyFormat == DILITHIUM_LEVEL2k) {
ctx->privateKeyType = dilithium_level2_sa_algo;
}
else if (*keyFormat == DILITHIUM_LEVEL3k) {
ctx->privateKeyType = dilithium_level3_sa_algo;
}
else if (*keyFormat == DILITHIUM_LEVEL5k) {
ctx->privateKeyType = dilithium_level5_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
ctx->privateKeyType = dilithium_aes_level2_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
ctx->privateKeyType = dilithium_aes_level3_sa_algo;
}
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
ctx->privateKeyType = dilithium_aes_level5_sa_algo;
}
ctx->privateKeySz = *keySz;
}
if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
*resetSuites = 1;
}
}
wc_dilithium_free(key);
}
XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
if (ret != 0) {
return ret;
}
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
return ret;
}
@@ -6502,6 +6652,18 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
else if (ctx)
ctx->haveFalconSig = 1;
break;
case CTC_DILITHIUM_LEVEL2:
case CTC_DILITHIUM_LEVEL3:
case CTC_DILITHIUM_LEVEL5:
case CTC_DILITHIUM_AES_LEVEL2:
case CTC_DILITHIUM_AES_LEVEL3:
case CTC_DILITHIUM_AES_LEVEL5:
WOLFSSL_MSG("Dilithium cert signature");
if (ssl)
ssl->options.haveDilithiumSig = 1;
else if (ctx)
ctx->haveDilithiumSig = 1;
break;
default:
WOLFSSL_MSG("Not ECDSA cert signature");
break;
@@ -6539,11 +6701,23 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
else if (cert->keyOID == FALCON_LEVEL1k ||
cert->keyOID == FALCON_LEVEL5k) {
ssl->options.haveFalconSig = 1;
}
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
else if (cert->keyOID == DILITHIUM_LEVEL2k ||
cert->keyOID == DILITHIUM_LEVEL3k ||
cert->keyOID == DILITHIUM_LEVEL5k ||
cert->keyOID == DILITHIUM_AES_LEVEL2k ||
cert->keyOID == DILITHIUM_AES_LEVEL3k ||
cert->keyOID == DILITHIUM_AES_LEVEL5k) {
ssl->options.haveDilithiumSig = 1;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#else
ssl->options.haveECC = ssl->options.haveECDSAsig;
#endif
@@ -6577,11 +6751,23 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
else if (cert->keyOID == FALCON_LEVEL1k ||
cert->keyOID == FALCON_LEVEL5k) {
ctx->haveFalconSig = 1;
}
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
else if (cert->keyOID == DILITHIUM_LEVEL2k ||
cert->keyOID == DILITHIUM_LEVEL3k ||
cert->keyOID == DILITHIUM_LEVEL5k ||
cert->keyOID == DILITHIUM_AES_LEVEL2k ||
cert->keyOID == DILITHIUM_AES_LEVEL3k ||
cert->keyOID == DILITHIUM_AES_LEVEL5k) {
ctx->haveDilithiumSig = 1;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#else
ctx->haveECC = ctx->haveECDSAsig;
#endif
@@ -6692,7 +6878,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
/* Falcon is fixed key size */
@@ -6712,7 +6899,33 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
}
break;
#endif /* HAVE_PQC && HAVE_FALCON */
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
case DILITHIUM_AES_LEVEL2k:
case DILITHIUM_AES_LEVEL3k:
case DILITHIUM_AES_LEVEL5k:
/* Dilithium is fixed key size */
keySz = DILITHIUM_MAX_KEY_SIZE;
if (ssl && !ssl->options.verifyNone) {
if (ssl->options.minDilithiumKeySz < 0 ||
keySz < (int)ssl->options.minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("Certificate Dilithium key size error");
}
}
else if (ctx && !ctx->verifyNone) {
if (ctx->minDilithiumKeySz < 0 ||
keySz < (int)ctx->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("Certificate Dilithium key size error");
}
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
default:
WOLFSSL_MSG("No key size check done on certificate");
@@ -6775,8 +6988,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
}
return WOLFSSL_SUCCESS;
@@ -8920,10 +9133,11 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
{
int isFalcon = 0;
#ifdef WOLFSSL_SMALL_STACK
falcon_key *falcon = (falcon_key *)MALLOC(sizeof(falcon_key), NULL,
falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(falcon_key), NULL,
DYNAMIC_TYPE_FALCON);
if (falcon == NULL) {
return NULL;
@@ -8979,6 +9193,115 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
}
}
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
{
int isDilithium = 0;
#ifdef WOLFSSL_SMALL_STACK
dilithium_key *dilithium = (dilithium_key *)
XMALLOC(sizeof(dilithium_key), NULL, DYNAMIC_TYPE_DILITHIUM);
if (dilithium == NULL) {
return NULL;
}
#else
dilithium_key dilithium[1];
#endif
if (wc_dilithium_init(dilithium) == 0) {
/* Test if Dilithium key. Try all levels for both SHAKE and AES */
if (priv) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
SHAKE_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
SHAKE_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
SHAKE_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
AES_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
AES_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
AES_VARIANT) == 0 &&
wc_dilithium_import_private_only(mem,
(word32)memSz, dilithium) == 0;
}
} else {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
SHAKE_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
SHAKE_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
SHAKE_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
AES_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
AES_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
if (!isDilithium) {
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
AES_VARIANT) == 0 &&
wc_dilithium_import_public(mem, (word32)memSz,
dilithium) == 0;
}
}
wc_dilithium_free(dilithium);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
#endif
if (isDilithium) {
/* Create a fake Dilithium EVP_PKEY. In the future, we might
* integrate Dilithium into the compatibility layer. */
pkey = wolfSSL_EVP_PKEY_new();
if (pkey == NULL) {
WOLFSSL_MSG("Dilithium wolfSSL_EVP_PKEY_new error");
return NULL;
}
pkey->type = EVP_PKEY_DILITHIUM;
pkey->pkey.ptr = NULL;
pkey->pkey_sz = 0;
return pkey;
}
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
if (pkey == NULL) {
@@ -14597,8 +14920,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
}
#ifdef OPENSSL_EXTRA
/**
@@ -14650,8 +14973,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
}
const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
@@ -22698,8 +23021,8 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
return ssl->options.mask;
}
@@ -25865,11 +26188,27 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
{ NID_ED25519, ED25519k, oidKeyType, "ED25519", "ED25519"},
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
{ CTC_FALCON_LEVEL1, FALCON_LEVEL1k, oidKeyType, "Falcon Level 1",
"Falcon Level 1"},
{ CTC_FALCON_LEVEL5, FALCON_LEVEL5k, oidKeyType, "Falcon Level 5",
"Falcon Level 5"},
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
{ CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k, oidKeyType,
"Dilithium Level 2", "Dilithium Level 2"},
{ CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k, oidKeyType,
"Dilithium Level 3", "Dilithium Level 3"},
{ CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType,
"Dilithium Level 5", "Dilithium Level 5"},
{ CTC_DILITHIUM_AES_LEVEL2, DILITHIUM_AES_LEVEL2k, oidKeyType,
"Dilithium AES Level 2", "Dilithium AES Level 2"},
{ CTC_DILITHIUM_AES_LEVEL3, DILITHIUM_AES_LEVEL3k, oidKeyType,
"Dilithium AES Level 3", "Dilithium AES Level 3"},
{ CTC_DILITHIUM_AES_LEVEL5, DILITHIUM_AES_LEVEL5k, oidKeyType,
"Dilithium AES Level 5", "Dilithium AES Level 5"},
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
/* oidCurveType */
#ifdef HAVE_ECC
@@ -27537,9 +27876,19 @@ struct WOLFSSL_HashSigInfo {
{ no_mac, ed448_sa_algo, CTC_ED448 },
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
{ no_mac, falcon_level1_sa_algo, CTC_FALCON_LEVEL1 },
{ no_mac, falcon_level5_sa_algo, CTC_FALCON_LEVEL5 },
#endif
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
{ no_mac, dilithium_level2_sa_algo, CTC_DILITHIUM_LEVEL2 },
{ no_mac, dilithium_level3_sa_algo, CTC_DILITHIUM_LEVEL3 },
{ no_mac, dilithium_level5_sa_algo, CTC_DILITHIUM_LEVEL5 },
{ no_mac, dilithium_aes_level2_sa_algo, CTC_DILITHIUM_AES_LEVEL2 },
{ no_mac, dilithium_aes_level3_sa_algo, CTC_DILITHIUM_AES_LEVEL3 },
{ no_mac, dilithium_aes_level5_sa_algo, CTC_DILITHIUM_AES_LEVEL5 },
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifndef NO_DSA
#ifndef NO_SHA
{ sha_mac, dsa_sa_algo, CTC_SHAwDSA },

210
src/tls13.c
View File

@@ -6058,7 +6058,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
ssl->options.buildingMsg = 1;
if (ssl->options.side == WOLFSSL_SERVER_END)
InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1,
InitSuitesHashSigAlgo(ssl->suites, 1, 1, 1, 1,
0, 1, ssl->buffers.keySz);
ext = TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS);
@@ -6190,6 +6190,7 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
break;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
case falcon_level1_sa_algo:
output[0] = FALCON_LEVEL1_SA_MAJOR;
output[1] = FALCON_LEVEL1_SA_MINOR;
@@ -6198,6 +6199,33 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
output[0] = FALCON_LEVEL5_SA_MAJOR;
output[1] = FALCON_LEVEL5_SA_MINOR;
break;
#endif
#ifdef HAVE_DILITHIUM
case dilithium_level2_sa_algo:
output[0] = DILITHIUM_LEVEL2_SA_MAJOR;
output[1] = DILITHIUM_LEVEL2_SA_MINOR;
break;
case dilithium_level3_sa_algo:
output[0] = DILITHIUM_LEVEL3_SA_MAJOR;
output[1] = DILITHIUM_LEVEL3_SA_MINOR;
break;
case dilithium_level5_sa_algo:
output[0] = DILITHIUM_LEVEL5_SA_MAJOR;
output[1] = DILITHIUM_LEVEL5_SA_MINOR;
break;
case dilithium_aes_level2_sa_algo:
output[0] = DILITHIUM_AES_LEVEL2_SA_MAJOR;
output[1] = DILITHIUM_AES_LEVEL2_SA_MINOR;
break;
case dilithium_aes_level3_sa_algo:
output[0] = DILITHIUM_AES_LEVEL3_SA_MAJOR;
output[1] = DILITHIUM_AES_LEVEL3_SA_MINOR;
break;
case dilithium_aes_level5_sa_algo:
output[0] = DILITHIUM_AES_LEVEL5_SA_MAJOR;
output[1] = DILITHIUM_AES_LEVEL5_SA_MINOR;
break;
#endif
#endif
default:
break;
@@ -6244,17 +6272,47 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
break;
#ifdef HAVE_PQC
case PQC_SA_MAJOR:
#if defined(HAVE_FALCON)
if (input[1] == FALCON_LEVEL1_SA_MINOR) {
*hsType = falcon_level1_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else
if (input[1] == FALCON_LEVEL5_SA_MINOR) {
*hsType = falcon_level1_sa_algo;
} else if (input[1] == FALCON_LEVEL5_SA_MINOR) {
*hsType = falcon_level5_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
}
else {
else
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
*hsType = dilithium_level2_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_LEVEL3_SA_MINOR) {
*hsType = dilithium_level3_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_LEVEL5_SA_MINOR) {
*hsType = dilithium_level5_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_AES_LEVEL2_SA_MINOR) {
*hsType = dilithium_aes_level2_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_AES_LEVEL3_SA_MINOR) {
*hsType = dilithium_aes_level3_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_AES_LEVEL5_SA_MINOR) {
*hsType = dilithium_aes_level5_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
}
else
#endif /* HAVE_DILITHIUM */
{
ret = INVALID_PARAMETER;
}
break;
@@ -7097,7 +7155,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
else if (ssl->hsType == DYNAMIC_TYPE_ED448)
args->sigAlgo = ed448_sa_algo;
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
else if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
falcon_key* fkey = (falcon_key*)ssl->hsKey;
byte level = 0;
@@ -7108,13 +7167,45 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
args->sigAlgo = falcon_level1_sa_algo;
}
else if (level == 5) {
args->sigAlgo = falcon_level1_sa_algo;
args->sigAlgo = falcon_level5_sa_algo;
}
else {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
}
#endif
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
dilithium_key* fkey = (dilithium_key*)ssl->hsKey;
byte level = 0;
byte sym = 0;
if (wc_dilithium_get_level_and_sym(fkey, &level, &sym) != 0) {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
if ((level == 2) && (sym == SHAKE_VARIANT)) {
args->sigAlgo = dilithium_level2_sa_algo;
}
else if ((level == 3) && (sym == SHAKE_VARIANT)) {
args->sigAlgo = dilithium_level3_sa_algo;
}
else if ((level == 5) && (sym == SHAKE_VARIANT)) {
args->sigAlgo = dilithium_level5_sa_algo;
}
else if ((level == 2) && (sym == AES_VARIANT)) {
args->sigAlgo = dilithium_aes_level2_sa_algo;
}
else if ((level == 3) && (sym == AES_VARIANT)) {
args->sigAlgo = dilithium_aes_level3_sa_algo;
}
else if ((level == 5) && (sym == AES_VARIANT)) {
args->sigAlgo = dilithium_aes_level5_sa_algo;
}
else {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
else {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
@@ -7191,11 +7282,18 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
sig->length = ED448_SIG_SIZE;
}
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
sig->length = FALCON_MAX_SIG_SIZE;
}
#endif /* HAVE_PQC && HAVE_FALCON */
#endif
#if defined(HAVE_DILITHIUM)
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
sig->length = DILITHIUM_MAX_SIG_SIZE;
}
#endif
#endif /* HAVE_PQC */
/* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_DO;
@@ -7247,7 +7345,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
args->length = (word16)sig->length;
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz,
args->verify + HASH_SIG_SIZE +
@@ -7255,7 +7354,17 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
(falcon_key*)ssl->hsKey);
args->length = (word16)sig->length;
}
#endif /* HAVE_PQC && HAVE_FALCON */
#endif
#if defined(HAVE_DILITHIUM)
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz,
args->verify + HASH_SIG_SIZE +
VERIFY_HEADER, (word32*)&sig->length,
(dilithium_key*)ssl->hsKey);
args->length = (word16)sig->length;
}
#endif
#endif /* HAVE_PQC */
#ifndef NO_RSA
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
ret = RsaSign(ssl, sig->buffer, (word32)sig->length,
@@ -7623,12 +7732,42 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
if (args->sigAlgo == falcon_level1_sa_algo) {
WOLFSSL_MSG("Peer sent Falcon Level 1 sig");
validSigAlgo = (ssl->peerFalconKey != NULL) &&
ssl->peerFalconKeyPresent;
ssl->peerFalconKeyPresent;
}
if (args->sigAlgo == falcon_level5_sa_algo) {
WOLFSSL_MSG("Peer sent Falcon Level 5 sig");
validSigAlgo = (ssl->peerFalconKey != NULL) &&
ssl->peerFalconKeyPresent;
ssl->peerFalconKeyPresent;
}
if (args->sigAlgo == dilithium_level2_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium Level 2 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
if (args->sigAlgo == dilithium_level3_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium Level 3 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
if (args->sigAlgo == dilithium_level5_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium Level 5 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
if (args->sigAlgo == dilithium_aes_level2_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium AES Level 2 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
if (args->sigAlgo == dilithium_aes_level3_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium AES Level 3 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
if (args->sigAlgo == dilithium_aes_level5_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium AES Level 5 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
}
#endif
#ifndef NO_RSA
@@ -7717,6 +7856,19 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
ret = 0;
}
if (ssl->peerDilithiumKeyPresent) {
WOLFSSL_MSG("Doing Dilithium peer cert verify");
args->sigData = (byte*)XMALLOC(MAX_SIG_DATA_SZ, ssl->heap,
DYNAMIC_TYPE_SIGNATURE);
if (args->sigData == NULL) {
ERROR_OUT(MEMORY_E, exit_dcv);
}
CreateSigData(ssl, args->sigData, &args->sigDataSz, 1);
ret = 0;
}
#endif
/* Advance state and proceed */
@@ -7825,6 +7977,24 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
}
}
#endif /* HAVE_PQC && HAVE_FALCON */
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
if (ssl->peerDilithiumKeyPresent) {
int res = 0;
WOLFSSL_MSG("Doing Dilithium peer cert verify");
ret = wc_dilithium_verify_msg(input + args->idx, args->sz,
args->sigData, args->sigDataSz,
&res, ssl->peerDilithiumKey);
if ((ret >= 0) && (res == 1)) {
/* CLIENT/SERVER: data verified with public key from
* certificate. */
ssl->options.peerAuthGood = 1;
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
(void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
}
}
#endif /* HAVE_PQC && HAVE_DILITHIUM */
/* Check for error */
if (ret != 0) {
@@ -10857,8 +11027,8 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
}
/* Set the PSK callback that returns the cipher suite for a client to use
@@ -10908,8 +11078,8 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
}
/* Set the PSK callback that returns the cipher suite for a server to use
@@ -10956,8 +11126,8 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveECDSAsig,
ssl->options.haveECC, TRUE, ssl->options.haveStaticECC,
ssl->options.haveFalconSig, ssl->options.haveAnon, TRUE,
ssl->options.side);
ssl->options.haveFalconSig, ssl->options.haveDilithiumSig,
ssl->options.haveAnon, TRUE, ssl->options.side);
}
/* Get name of first supported cipher suite that uses the hash indicated.

261
wolfcrypt/benchmark/benchmark.c
View File

@@ -263,9 +263,17 @@
#ifdef HAVE_LIBOQS
#include <oqs/kem.h>
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#include <wolfssl/wolfcrypt/falcon.h>
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#include <wolfssl/wolfcrypt/falcon.h>
#endif
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_DILITHIUM)
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#endif
#ifdef HAVE_PQM4
#include <api_kyber.h>
#define PQM4_PUBLIC_KEY_LENGTH CRYPTO_PUBLICKEYBYTES
@@ -442,34 +450,38 @@
#define BENCH_SAKKE 0x80000000
/* Post-Quantum Asymmetric algorithms. */
#define BENCH_FALCON_LEVEL1_SIGN 0x00000001
#define BENCH_FALCON_LEVEL5_SIGN 0x00000002
#define BENCH_KYBER_LEVEL1_KEYGEN 0x00000004
#define BENCH_KYBER_LEVEL1_ENCAP 0x00000008
#define BENCH_KYBER_LEVEL3_KEYGEN 0x00000010
#define BENCH_KYBER_LEVEL3_ENCAP 0x00000020
#define BENCH_KYBER_LEVEL5_KEYGEN 0x00000040
#define BENCH_KYBER_LEVEL5_ENCAP 0x00000080
#define BENCH_KYBER90S_LEVEL1_KEYGEN 0x00000100
#define BENCH_KYBER90S_LEVEL1_ENCAP 0x00000200
#define BENCH_KYBER90S_LEVEL3_KEYGEN 0x00000400
#define BENCH_KYBER90S_LEVEL3_ENCAP 0x00000800
#define BENCH_KYBER90S_LEVEL5_KEYGEN 0x00001000
#define BENCH_KYBER90S_LEVEL5_ENCAP 0x00002000
#define BENCH_SABER_LEVEL1_KEYGEN 0x00004000
#define BENCH_SABER_LEVEL1_ENCAP 0x00008000
#define BENCH_SABER_LEVEL3_KEYGEN 0x00010000
#define BENCH_SABER_LEVEL3_ENCAP 0x00020000
#define BENCH_SABER_LEVEL5_KEYGEN 0x00040000
#define BENCH_SABER_LEVEL5_ENCAP 0x00080000
#define BENCH_NTRUHPS_LEVEL1_KEYGEN 0x00100000
#define BENCH_NTRUHPS_LEVEL1_ENCAP 0x00200000
#define BENCH_NTRUHPS_LEVEL3_KEYGEN 0x00400000
#define BENCH_NTRUHPS_LEVEL3_ENCAP 0x00800000
#define BENCH_NTRUHPS_LEVEL5_KEYGEN 0x01000000
#define BENCH_NTRUHPS_LEVEL5_ENCAP 0x02000000
#define BENCH_NTRUHRSS_LEVEL3_KEYGEN 0x04000000
#define BENCH_NTRUHRSS_LEVEL3_ENCAP 0x08000000
#define BENCH_FALCON_LEVEL1_SIGN 0x00000001
#define BENCH_FALCON_LEVEL5_SIGN 0x00000002
#define BENCH_KYBER_LEVEL1_KEYGEN 0x00000004
#define BENCH_KYBER_LEVEL1_ENCAP 0x00000008
#define BENCH_KYBER_LEVEL3_KEYGEN 0x00000010
#define BENCH_KYBER_LEVEL3_ENCAP 0x00000020
#define BENCH_KYBER_LEVEL5_KEYGEN 0x00000040
#define BENCH_KYBER_LEVEL5_ENCAP 0x00000080
#define BENCH_KYBER90S_LEVEL1_KEYGEN 0x00000100
#define BENCH_KYBER90S_LEVEL1_ENCAP 0x00000200
#define BENCH_KYBER90S_LEVEL3_KEYGEN 0x00000400
#define BENCH_KYBER90S_LEVEL3_ENCAP 0x00000800
#define BENCH_KYBER90S_LEVEL5_KEYGEN 0x00001000
#define BENCH_KYBER90S_LEVEL5_ENCAP 0x00002000
#define BENCH_SABER_LEVEL1_KEYGEN 0x00004000
#define BENCH_SABER_LEVEL1_ENCAP 0x00008000
#define BENCH_SABER_LEVEL3_KEYGEN 0x00010000
#define BENCH_SABER_LEVEL3_ENCAP 0x00020000
#define BENCH_SABER_LEVEL5_KEYGEN 0x00040000
#define BENCH_SABER_LEVEL5_ENCAP 0x00080000
#define BENCH_NTRUHPS_LEVEL1_KEYGEN 0x00100000
#define BENCH_NTRUHPS_LEVEL1_ENCAP 0x00200000
#define BENCH_NTRUHPS_LEVEL3_KEYGEN 0x00400000
#define BENCH_NTRUHPS_LEVEL3_ENCAP 0x00800000
#define BENCH_NTRUHPS_LEVEL5_KEYGEN 0x01000000
#define BENCH_NTRUHPS_LEVEL5_ENCAP 0x02000000
#define BENCH_DILITHIUM_LEVEL2_SIGN 0x04000000
#define BENCH_DILITHIUM_LEVEL3_SIGN 0x08000000
#define BENCH_DILITHIUM_LEVEL5_SIGN 0x10000000
#define BENCH_DILITHIUM_AES_LEVEL2_SIGN 0x20000000
#define BENCH_DILITHIUM_AES_LEVEL3_SIGN 0x40000000
#define BENCH_DILITHIUM_AES_LEVEL5_SIGN 0x80000000
/* Other */
#define BENCH_RNG 0x00000001
@@ -736,10 +748,23 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
{ "-kyber_level1-ed", BENCH_KYBER_LEVEL1_ENCAP, NULL },
#endif
#ifdef HAVE_LIBOQS
{ "-falcon_level1", BENCH_FALCON_LEVEL1_SIGN,
{ "-falcon_level1", BENCH_FALCON_LEVEL1_SIGN,
OQS_SIG_alg_falcon_512 },
{ "-falcon_level5", BENCH_FALCON_LEVEL5_SIGN,
{ "-falcon_level5", BENCH_FALCON_LEVEL5_SIGN,
OQS_SIG_alg_falcon_1024 },
{ "-dilithium_level2", BENCH_DILITHIUM_LEVEL2_SIGN,
OQS_SIG_alg_dilithium_2 },
{ "-dilithium_level3", BENCH_DILITHIUM_LEVEL3_SIGN,
OQS_SIG_alg_dilithium_3 },
{ "-dilithium_level5", BENCH_DILITHIUM_LEVEL5_SIGN,
OQS_SIG_alg_dilithium_5 },
{ "-dilithium_aes_level2", BENCH_DILITHIUM_AES_LEVEL2_SIGN,
OQS_SIG_alg_dilithium_2_aes },
{ "-dilithium_aes_level3", BENCH_DILITHIUM_AES_LEVEL3_SIGN,
OQS_SIG_alg_dilithium_3_aes },
{ "-dilithium_aes_level5", BENCH_DILITHIUM_AES_LEVEL5_SIGN,
OQS_SIG_alg_dilithium_5_aes },
{ "-kyber_level1-kg", BENCH_KYBER_LEVEL1_KEYGEN,
OQS_KEM_alg_kyber_512 },
{ "-kyber_level1-ed", BENCH_KYBER_LEVEL1_ENCAP,
@@ -788,10 +813,6 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
OQS_KEM_alg_ntru_hps4096821 },
{ "-ntruHPS_level5-ed", BENCH_NTRUHPS_LEVEL5_ENCAP,
OQS_KEM_alg_ntru_hps4096821 },
{ "-ntruHRSS_level3-kg", BENCH_NTRUHRSS_LEVEL3_KEYGEN,
OQS_KEM_alg_ntru_hrss701 },
{ "-ntruHRSS_level3-ed", BENCH_NTRUHRSS_LEVEL3_ENCAP,
OQS_KEM_alg_ntru_hrss701 },
#endif
{ NULL, 0, NULL }
};
@@ -2332,16 +2353,27 @@ static void* benchmarks_do(void* args)
bench_pqcKemKeygen(BENCH_NTRUHPS_LEVEL5_KEYGEN);
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHPS_LEVEL5_ENCAP))
bench_pqcKemEncapDecap(BENCH_NTRUHPS_LEVEL5_ENCAP);
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHRSS_LEVEL3_KEYGEN))
bench_pqcKemKeygen(BENCH_NTRUHRSS_LEVEL3_KEYGEN);
if (bench_all || (bench_pq_asym_algs & BENCH_NTRUHRSS_LEVEL3_ENCAP))
bench_pqcKemEncapDecap(BENCH_NTRUHRSS_LEVEL3_ENCAP);
#ifdef HAVE_FALCON
if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL1_SIGN))
bench_falconKeySign(1);
if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL5_SIGN))
bench_falconKeySign(5);
#endif
#ifdef HAVE_DILITHIUM
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN))
bench_dilithiumKeySign(2, SHAKE_VARIANT);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL3_SIGN))
bench_dilithiumKeySign(3, SHAKE_VARIANT);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL5_SIGN))
bench_dilithiumKeySign(5, SHAKE_VARIANT);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL2_SIGN))
bench_dilithiumKeySign(2, AES_VARIANT);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL3_SIGN))
bench_dilithiumKeySign(3, AES_VARIANT);
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL5_SIGN))
bench_dilithiumKeySign(5, AES_VARIANT);
#endif
#endif /* HAVE_LIBOQS */
#ifdef WOLFCRYPT_HAVE_SAKKE
@@ -7251,12 +7283,12 @@ void bench_falconKeySign(byte level)
if (ret == 0) {
if (level == 1) {
x = FALCON_LEVEL1_SIG_SIZE;
ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key);
}
else {
x = FALCON_LEVEL5_SIG_SIZE;
ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key);
}
ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key);
if (ret != 0) {
printf("wc_falcon_sign_msg failed\n");
}
@@ -7274,18 +7306,11 @@ void bench_falconKeySign(byte level)
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
int verify = 0;
if (level == 1) {
ret = wc_falcon_verify_msg(sig, x, msg, sizeof(msg),
&verify, &key);
}
else {
ret = wc_falcon_verify_msg(sig, x, msg, sizeof(msg),
&verify, &key);
}
ret = wc_falcon_verify_msg(sig, x, msg, sizeof(msg), &verify,
&key);
if (ret != 0 || verify != 1) {
printf("wc_falcon_verify_msg failed %d, verify %d\n",
ret, verify);
ret, verify);
ret = -1;
}
}
@@ -7300,7 +7325,137 @@ void bench_falconKeySign(byte level)
wc_falcon_free(&key);
}
#endif /* HAVE_FALCON */
#endif /* HAVE_PQC && HAVE_LIBOQS */
#ifdef HAVE_DILITHIUM
void bench_dilithiumKeySign(byte level, byte sym)
{
int ret = 0;
dilithium_key key;
double start;
int i, count;
byte sig[DILITHIUM_MAX_SIG_SIZE];
byte msg[512];
word32 x = 0;
const char**desc = bench_desc_words[lng_index];
ret = wc_dilithium_init(&key);
if (ret != 0) {
printf("wc_dilithium_init failed %d\n", ret);
return;
}
ret = wc_dilithium_set_level_and_sym(&key, level, sym);
if (ret != 0) {
printf("wc_dilithium_set_level_and_sym() failed %d\n", ret);
}
if (ret == 0) {
ret = -1;
if ((level == 2) && (sym == SHAKE_VARIANT)) {
ret = wc_dilithium_import_private_key(bench_dilithium_level2_key,
sizeof_bench_dilithium_level2_key, NULL, 0, &key);
}
else if ((level == 3) && (sym == SHAKE_VARIANT)) {
ret = wc_dilithium_import_private_key(bench_dilithium_level3_key,
sizeof_bench_dilithium_level3_key, NULL, 0, &key);
}
else if ((level == 5) && (sym == SHAKE_VARIANT)) {
ret = wc_dilithium_import_private_key(bench_dilithium_level5_key,
sizeof_bench_dilithium_level5_key, NULL, 0, &key);
}
else if ((level == 2) && (sym == AES_VARIANT)) {
ret = wc_dilithium_import_private_key(
bench_dilithium_aes_level2_key,
sizeof_bench_dilithium_level2_key, NULL, 0, &key);
}
else if ((level == 3) && (sym == AES_VARIANT)) {
ret = wc_dilithium_import_private_key(
bench_dilithium_aes_level3_key,
sizeof_bench_dilithium_level3_key, NULL, 0, &key);
}
else if ((level == 5) && (sym == AES_VARIANT)) {
ret = wc_dilithium_import_private_key(
bench_dilithium_aes_level5_key,
sizeof_bench_dilithium_level5_key, NULL, 0, &key);
}
if (ret != 0) {
printf("wc_dilithium_import_private_key failed %d\n", ret);
}
}
/* make dummy msg */
for (i = 0; i < (int)sizeof(msg); i++) {
msg[i] = (byte)i;
}
bench_stats_start(&count, &start);
do {
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
if (level == 2) {
x = DILITHIUM_LEVEL2_SIG_SIZE;
}
else if (level == 3) {
x = DILITHIUM_LEVEL3_SIG_SIZE;
}
else {
x = DILITHIUM_LEVEL5_SIG_SIZE;
}
ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key);
if (ret != 0) {
printf("wc_dilithium_sign_msg failed\n");
}
}
}
count += i;
} while (bench_stats_sym_check(start));
if (ret == 0) {
if (sym == SHAKE_VARIANT) {
bench_stats_asym_finish("DILITHIUM", level, desc[4], 0, count,
start, ret);
}
else {
bench_stats_asym_finish("DILITHIUM-AES", level, desc[4], 0, count,
start, ret);
}
}
bench_stats_start(&count, &start);
do {
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
int verify = 0;
ret = wc_dilithium_verify_msg(sig, x, msg, sizeof(msg), &verify,
&key);
if (ret != 0 || verify != 1) {
printf("wc_dilithium_verify_msg failed %d, verify %d\n",
ret, verify);
ret = -1;
}
}
}
count += i;
} while (bench_stats_sym_check(start));
if (ret == 0) {
if (sym == SHAKE_VARIANT) {
bench_stats_asym_finish("DILITHIUM", level, desc[5], 0, count,
start, ret);
}
else {
bench_stats_asym_finish("DILITHIUM-AES", level, desc[5], 0, count,
start, ret);
}
}
wc_dilithium_free(&key);
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifndef HAVE_STACK_SIZE
#if defined(_WIN32) && !defined(INTIME_RTOS)

1
wolfcrypt/benchmark/benchmark.h
View File

@@ -108,6 +108,7 @@ void bench_blake2b(void);
void bench_blake2s(void);
void bench_pbkdf2(void);
void bench_falconKeySign(byte level);
void bench_dilithiumKeySign(byte level, byte sym);
void bench_pqcKemKeygen(word32 alg);
void bench_pqcKemEncapDecap(word32 alg);

1180
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

1028
wolfcrypt/src/dilithium.c Normal file
View File

File diff suppressed because it is too large Load Diff

162
wolfcrypt/src/falcon.c
View File

@@ -30,7 +30,7 @@
#include <wolfssl/wolfcrypt/asn.h>
#ifdef HAVE_PQC
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#ifdef HAVE_LIBOQS
#include <oqs/oqs.h>
@@ -114,6 +114,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
if (oqssig != NULL) {
OQS_SIG_free(oqssig);
}
#else
ret = NOT_COMPILED_IN;
#endif
return ret;
}
@@ -171,6 +173,8 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
if (oqssig != NULL) {
OQS_SIG_free(oqssig);
}
#else
ret = NOT_COMPILED_IN;
#endif
return ret;
@@ -251,7 +255,7 @@ void wc_falcon_free(falcon_key* key)
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when outLen is less than FALCON_LEVEL1_PUB_KEY_SIZE,
* BUFFER_E when outLen is less than FALCON_LEVEL1_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_falcon_export_public(falcon_key* key,
@@ -471,7 +475,7 @@ int wc_falcon_import_private_key(const byte* priv, word32 privSz,
* outLen [in/out] On in, the number of bytes in array.
* On out, the number bytes put into array.
* returns BAD_FUNC_ARG when a parameter is NULL,
* ECC_BAD_ARG_E when outLen is less than FALCON_LEVEL1_KEY_SIZE,
* BUFFER_E when outLen is less than FALCON_LEVEL1_KEY_SIZE,
* 0 otherwise.
*/
int wc_falcon_export_private_only(falcon_key* key, byte* out, word32* outLen)
@@ -687,4 +691,154 @@ int wc_falcon_sig_size(falcon_key* key)
return BAD_FUNC_ARG;
}
#endif /* HAVE_PQC */
int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx,
falcon_key* key, word32 inSz)
{
int ret = 0;
byte privKey[FALCON_MAX_KEY_SIZE], pubKey[FALCON_MAX_PUB_KEY_SIZE];
word32 privKeyLen = (word32)sizeof(privKey);
word32 pubKeyLen = (word32)sizeof(pubKey);
int keytype = 0;
if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
return BAD_FUNC_ARG;
}
if (key->level == 1) {
keytype = FALCON_LEVEL1k;
}
else if (key->level == 5) {
keytype = FALCON_LEVEL5k;
}
else {
return BAD_FUNC_ARG;
}
ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen,
pubKey, &pubKeyLen, keytype);
if (ret == 0) {
if (pubKeyLen == 0) {
ret = wc_falcon_import_private_only(input, inSz, key);
}
else {
ret = wc_falcon_import_private_key(privKey, privKeyLen,
pubKey, pubKeyLen, key);
}
}
return ret;
}
int wc_Falcon_PublicKeyDecode(const byte* input, word32* inOutIdx,
falcon_key* key, word32 inSz)
{
int ret = 0;
byte pubKey[FALCON_MAX_PUB_KEY_SIZE];
word32 pubKeyLen = (word32)sizeof(pubKey);
int keytype = 0;
if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) {
return BAD_FUNC_ARG;
}
if (key->level == 1) {
keytype = FALCON_LEVEL1k;
}
else if (key->level == 5) {
keytype = FALCON_LEVEL5k;
}
else {
return BAD_FUNC_ARG;
}
ret = DecodeAsymKeyPublic(input, inOutIdx, inSz, pubKey, &pubKeyLen,
keytype);
if (ret == 0) {
ret = wc_falcon_import_public(pubKey, pubKeyLen, key);
}
return ret;
}
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
/* Encode the public part of an Falcon key in DER.
*
* Pass NULL for output to get the size of the encoding.
*
* @param [in] key Falcon key object.
* @param [out] output Buffer to put encoded data in.
* @param [in] outLen Size of buffer in bytes.
* @param [in] withAlg Whether to use SubjectPublicKeyInfo format.
* @return Size of encoded data in bytes on success.
* @return BAD_FUNC_ARG when key is NULL.
* @return MEMORY_E when dynamic memory allocation failed.
*/
int wc_Falcon_PublicKeyToDer(falcon_key* key, byte* output, word32 inLen,
int withAlg)
{
int ret;
byte pubKey[FALCON_MAX_PUB_KEY_SIZE];
word32 pubKeyLen = (word32)sizeof(pubKey);
int keytype = 0;
if (key == NULL || output == NULL) {
return BAD_FUNC_ARG;
}
if (key->level == 1) {
keytype = FALCON_LEVEL1k;
}
else if (key->level == 5) {
keytype = FALCON_LEVEL5k;
}
else {
return BAD_FUNC_ARG;
}
ret = wc_falcon_export_public(key, pubKey, &pubKeyLen);
if (ret == 0) {
ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, output, inLen, keytype,
withAlg);
}
return ret;
}
#endif
int wc_Falcon_KeyToDer(falcon_key* key, byte* output, word32 inLen)
{
if (key == NULL) {
return BAD_FUNC_ARG;
}
if (key->level == 1) {
return SetAsymKeyDer(key->k, FALCON_LEVEL1_KEY_SIZE, key->p,
FALCON_LEVEL1_KEY_SIZE, output, inLen,
FALCON_LEVEL1k);
}
else if (key->level == 5) {
return SetAsymKeyDer(key->k, FALCON_LEVEL5_KEY_SIZE, key->p,
FALCON_LEVEL5_KEY_SIZE, output, inLen,
FALCON_LEVEL5k);
}
return BAD_FUNC_ARG;
}
int wc_Falcon_PrivateKeyToDer(falcon_key* key, byte* output, word32 inLen)
{
if (key == NULL) {
return BAD_FUNC_ARG;
}
if (key->level == 1) {
return SetAsymKeyDer(key->k, FALCON_LEVEL1_KEY_SIZE, NULL, 0, output,
inLen, FALCON_LEVEL1k);
}
else if (key->level == 5) {
return SetAsymKeyDer(key->k, FALCON_LEVEL5_KEY_SIZE, NULL, 0, output,
inLen, FALCON_LEVEL5k);
}
return BAD_FUNC_ARG;
}
#endif /* HAVE_PQC && HAVE_FALCON */

3512
wolfssl/certs_test.h
View File

File diff suppressed because it is too large Load Diff

1
wolfssl/error-ssl.h
View File

@@ -177,6 +177,7 @@ enum wolfSSL_ErrorCodes {
UNSUPPORTED_PROTO_VERSION = -450, /* bad/unsupported protocol version*/
FALCON_KEY_SIZE_E = -451, /* Wrong key size for Falcon. */
QUIC_TP_MISSING_E = -452, /* QUIC transport parameter missing */
DILITHIUM_KEY_SIZE_E = -453, /* Wrong key size for Dilithium. */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */

74
wolfssl/internal.h
View File

@@ -112,6 +112,7 @@
#endif
#ifdef HAVE_PQC
#include <wolfssl/wolfcrypt/falcon.h>
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#ifdef HAVE_HKDF
#include <wolfssl/wolfcrypt/kdf.h>
@@ -1277,7 +1278,7 @@ enum Misc {
#endif
#endif
#ifdef HAVE_PQC
ENCRYPT_LEN = 1500, /* allow 1500 byte static buffer for falcon */
ENCRYPT_LEN = 4600, /* allow 4600 byte buffer for dilithium. */
#else
#ifndef NO_PSK
ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2,
@@ -1487,20 +1488,33 @@ enum Misc {
ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
PQC_SA_MAJOR = 0xFE,/* Most significant byte used with PQC sig algos
*/
/* These match what OQS has defined in their OpenSSL fork. */
PQC_SA_MAJOR = 0xFE,/* Most significant byte used with PQC sig algs */
/* These values for falcon and dilithium match what OQS has defined in their OpenSSL fork. */
FALCON_LEVEL1_SA_MAJOR = 0xFE,
FALCON_LEVEL1_SA_MINOR = 0x0B,
FALCON_LEVEL5_SA_MAJOR = 0xFE,
FALCON_LEVEL5_SA_MINOR = 0x0E,
DILITHIUM_LEVEL2_SA_MAJOR = 0xFE,
DILITHIUM_LEVEL2_SA_MINOR = 0xA0,
DILITHIUM_LEVEL3_SA_MAJOR = 0xFE,
DILITHIUM_LEVEL3_SA_MINOR = 0xA3,
DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
DILITHIUM_LEVEL5_SA_MINOR = 0xA5,
DILITHIUM_AES_LEVEL2_SA_MAJOR = 0xFE,
DILITHIUM_AES_LEVEL2_SA_MINOR = 0xA7,
DILITHIUM_AES_LEVEL3_SA_MAJOR = 0xFE,
DILITHIUM_AES_LEVEL3_SA_MINOR = 0xAA,
DILITHIUM_AES_LEVEL5_SA_MAJOR = 0xFE,
DILITHIUM_AES_LEVEL5_SA_MINOR = 0xAC,
MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
#if defined(HAVE_PQC)
MAX_CERT_VERIFY_SZ = 1600, /* For Falcon */
MAX_CERT_VERIFY_SZ = 6000, /* For Dilithium */
#elif !defined(NO_RSA)
MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */
#elif defined(HAVE_ECC)
@@ -1531,7 +1545,7 @@ enum Misc {
#endif
#if defined(HAVE_PQC)
MAX_X509_SIZE = 5120, /* max static x509 buffer size; falcon is big */
MAX_X509_SIZE = 8*1024, /* max static x509 buffer size; dilithium is big */
#elif defined(WOLFSSL_HAPROXY)
MAX_X509_SIZE = 3072, /* max static x509 buffer size */
#else
@@ -1614,10 +1628,12 @@ enum Misc {
#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
#ifdef HAVE_PQC
/* set minimum Falcon key size allowed */
#ifndef MIN_FALCONKEY_SZ
#define MIN_FALCONKEY_SZ 897
#endif
#ifndef MIN_DILITHIUMKEY_SZ
#define MIN_DILITHIUMKEY_SZ 1312
#endif
#endif
/* set minimum RSA key size allowed */
@@ -1993,16 +2009,16 @@ struct Suites {
#endif
};
WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
int haveRSAsig, int haveFalconSig,
int haveAnon, int tls1_2, int keySz);
int haveDilithiumSig, int haveAnon,
int tls1_2, int keySz);
WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz,
word16 haveRSA, word16 havePSK, word16 haveDH,
word16 haveECDSAsig, word16 haveECC,
word16 haveStaticRSA, word16 haveStaticECC,
word16 haveFalconSig, word16 haveAnon,
word16 haveNull, int side);
word16 haveFalconSig, word16 haveDilithiumSig,
word16 haveAnon, word16 haveNull, int side);
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites,
@@ -2214,6 +2230,7 @@ struct WOLFSSL_CERT_MANAGER {
int refCount; /* reference count */
#ifdef HAVE_PQC
short minFalconKeySz; /* minimum allowed Falcon key size */
short minDilithiumKeySz; /* minimum allowed Dilithium key size */
#endif
};
@@ -2933,6 +2950,7 @@ struct WOLFSSL_CTX {
byte haveDH:1; /* server DH parms set by user */
byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
byte haveFalconSig:1; /* server cert signed w/ Falcon */
byte haveDilithiumSig:1;/* server cert signed w/ Dilithium */
byte haveStaticECC:1; /* static server ECC private key */
byte partialWrite:1; /* only one msg per write call */
byte autoRetry:1; /* retry read/write on a WANT_{READ|WRITE} */
@@ -3005,6 +3023,7 @@ struct WOLFSSL_CTX {
#endif
#ifdef HAVE_PQC
short minFalconKeySz; /* minimum Falcon key size */
short minDilithiumKeySz;/* minimum Dilithium key size */
#endif
unsigned long mask; /* store SSL_OP_ flags */
#ifdef OPENSSL_EXTRA
@@ -3302,17 +3321,23 @@ enum KeyExchangeAlgorithm {
/* Supported Authentication Schemes */
enum SignatureAlgorithm {
anonymous_sa_algo = 0,
rsa_sa_algo = 1,
dsa_sa_algo = 2,
ecc_dsa_sa_algo = 3,
rsa_pss_sa_algo = 8,
ed25519_sa_algo = 9,
rsa_pss_pss_algo = 10,
ed448_sa_algo = 11,
falcon_level1_sa_algo = 12,
falcon_level5_sa_algo = 13,
invalid_sa_algo = 255
anonymous_sa_algo = 0,
rsa_sa_algo = 1,
dsa_sa_algo = 2,
ecc_dsa_sa_algo = 3,
rsa_pss_sa_algo = 8,
ed25519_sa_algo = 9,
rsa_pss_pss_algo = 10,
ed448_sa_algo = 11,
falcon_level1_sa_algo = 12,
falcon_level5_sa_algo = 13,
dilithium_level2_sa_algo = 14,
dilithium_level3_sa_algo = 15,
dilithium_level5_sa_algo = 16,
dilithium_aes_level2_sa_algo = 17,
dilithium_aes_level3_sa_algo = 18,
dilithium_aes_level5_sa_algo = 19,
invalid_sa_algo = 255
};
#define PSS_RSAE_TO_PSS_PSS(macAlgo) \
@@ -3347,6 +3372,7 @@ enum ClientCertificateType {
rsa_fixed_ecdh = 65,
ecdsa_fixed_ecdh = 66,
falcon_sign = 67,
dilithium_sign = 68,
};
@@ -3872,6 +3898,7 @@ typedef struct Options {
word16 haveECDSAsig:1; /* server ECDSA signed cert */
word16 haveStaticECC:1; /* static server ECC private key */
word16 haveFalconSig:1; /* server Falcon signed cert */
word16 haveDilithiumSig:1; /* server Dilithium signed cert */
word16 havePeerCert:1; /* do we have peer's cert */
word16 havePeerVerify:1; /* and peer's cert verify */
word16 usingPSK_cipher:1; /* are using psk as cipher */
@@ -3996,6 +4023,7 @@ typedef struct Options {
#endif
#if defined(HAVE_PQC)
short minFalconKeySz; /* minimum Falcon key size */
short minDilithiumKeySz;/* minimum Dilithium key size */
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte verifyDepth; /* maximum verification depth */
@@ -4702,6 +4730,8 @@ struct WOLFSSL {
#ifdef HAVE_PQC
falcon_key* peerFalconKey;
byte peerFalconKeyPresent;
dilithium_key* peerDilithiumKey;
byte peerDilithiumKeyPresent;
#endif
#ifdef HAVE_LIBZ
z_stream c_stream; /* compression stream */

1
wolfssl/openssl/evp.h
View File

@@ -267,6 +267,7 @@ enum {
EVP_PKEY_HMAC = NID_hmac,
EVP_PKEY_HKDF = NID_hkdf,
EVP_PKEY_FALCON = 300, /* Randomly picked value. */
EVP_PKEY_DILITHIUM= 301, /* Randomly picked value. */
AES_128_CFB1_TYPE = 24,
AES_192_CFB1_TYPE = 25,
AES_256_CFB1_TYPE = 26,

67
wolfssl/wolfcrypt/asn.h
View File

@@ -1078,17 +1078,23 @@ enum Block_Sum {
enum Key_Sum {
DSAk = 515,
RSAk = 645,
RSAPSSk = 654,
ECDSAk = 518,
ED25519k = 256, /* 1.3.101.112 */
X25519k = 254, /* 1.3.101.110 */
ED448k = 257, /* 1.3.101.113 */
X448k = 255, /* 1.3.101.111 */
DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
FALCON_LEVEL1k = 268, /* 1.3.9999.3.1 */
FALCON_LEVEL5k = 271 /* 1.3.9999.3.4 */
DSAk = 515,
RSAk = 645,
RSAPSSk = 654,
ECDSAk = 518,
ED25519k = 256, /* 1.3.101.112 */
X25519k = 254, /* 1.3.101.110 */
ED448k = 257, /* 1.3.101.113 */
X448k = 255, /* 1.3.101.111 */
DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
FALCON_LEVEL1k = 268, /* 1.3.9999.3.1 */
FALCON_LEVEL5k = 271, /* 1.3.9999.3.4 */
DILITHIUM_LEVEL2k = 213, /* 1.3.6.1.4.1.2.267.7.4.4 */
DILITHIUM_LEVEL3k = 216, /* 1.3.6.1.4.1.2.267.7.6.5 */
DILITHIUM_LEVEL5k = 220, /* 1.3.6.1.4.1.2.267.7.8.7 */
DILITHIUM_AES_LEVEL2k = 217,/* 1.3.6.1.4.1.2.267.11.4.4 */
DILITHIUM_AES_LEVEL3k = 221,/* 1.3.6.1.4.1.2.267.11.6.5 + 1 (See GetOID() in asn.c) */
DILITHIUM_AES_LEVEL5k = 224,/* 1.3.6.1.4.1.2.267.11.8.7 */
};
#if !defined(NO_AES) || defined(HAVE_PKCS7)
@@ -1404,6 +1410,7 @@ struct SignatureCtx {
#endif
#ifdef HAVE_PQC
struct falcon_key* falcon;
struct dilithium_key* dilithium;
#endif
void* ptr;
} key;
@@ -2208,13 +2215,19 @@ WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head);
#ifdef WOLFSSL_CERT_GEN
enum cert_enums {
RSA_KEY = 10,
ECC_KEY = 12,
ED25519_KEY = 13,
ED448_KEY = 14,
DSA_KEY = 15,
FALCON_LEVEL1_KEY = 16,
FALCON_LEVEL5_KEY = 17
RSA_KEY = 10,
ECC_KEY = 12,
ED25519_KEY = 13,
ED448_KEY = 14,
DSA_KEY = 15,
FALCON_LEVEL1_KEY = 16,
FALCON_LEVEL5_KEY = 17,
DILITHIUM_LEVEL2_KEY = 18,
DILITHIUM_LEVEL3_KEY = 19,
DILITHIUM_LEVEL5_KEY = 20,
DILITHIUM_AES_LEVEL2_KEY = 21,
DILITHIUM_AES_LEVEL3_KEY = 22,
DILITHIUM_AES_LEVEL5_KEY = 23,
};
#endif /* WOLFSSL_CERT_GEN */
@@ -2442,6 +2455,24 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
#endif /* !NO_ASN */
#if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \
|| (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
|| (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
|| (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
|| (defined(HAVE_PQC) && defined(HAVE_FALCON)) \
|| (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)))
WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx,
word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey,
word32* pubKeyLen, int keyType);
#endif
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
WOLFSSL_LOCAL int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
const byte* pubKey, word32 pubKeyLen, byte* output, word32 outLen,
int keyType);
#endif
#if !defined(NO_ASN) || !defined(NO_PWDBASED)
#ifndef PKCS_MAX_KEY_SIZE

41
wolfssl/wolfcrypt/asn_public.h
View File

@@ -72,6 +72,10 @@ This library defines the interface APIs for X509 certificates.
typedef struct falcon_key falcon_key;
#define WC_FALCONKEY_TYPE_DEFINED
#endif
#ifndef WC_DILITHIUMKEY_TYPE_DEFINED
typedef struct dilithium_key dilithium_key;
#define WC_DILITHIUMKEY_TYPE_DEFINED
#endif
enum Ecc_Sum {
ECC_SECP112R1_OID = 182,
@@ -137,6 +141,12 @@ enum CertType {
X942_PARAM_TYPE,
FALCON_LEVEL1_TYPE,
FALCON_LEVEL5_TYPE,
DILITHIUM_LEVEL2_TYPE,
DILITHIUM_LEVEL3_TYPE,
DILITHIUM_LEVEL5_TYPE,
DILITHIUM_AES_LEVEL2_TYPE,
DILITHIUM_AES_LEVEL3_TYPE,
DILITHIUM_AES_LEVEL5_TYPE,
};
@@ -173,7 +183,14 @@ enum Ctc_SigType {
CTC_ED448 = 257,
CTC_FALCON_LEVEL1 = 268,
CTC_FALCON_LEVEL5 = 271
CTC_FALCON_LEVEL5 = 271,
CTC_DILITHIUM_LEVEL2 = 213,
CTC_DILITHIUM_LEVEL3 = 216,
CTC_DILITHIUM_LEVEL5 = 220,
CTC_DILITHIUM_AES_LEVEL2 = 217,
CTC_DILITHIUM_AES_LEVEL3 = 221,
CTC_DILITHIUM_AES_LEVEL5 = 224,
};
enum Ctc_Encoding {
@@ -688,7 +705,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \
(defined(HAVE_PQC) && defined(HAVE_FALCON)))
(defined(HAVE_PQC) && (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))))
#define WC_ENABLE_ASYM_KEY_EXPORT
#endif
@@ -751,14 +768,28 @@ WOLFSSL_API int wc_Ed448PublicKeyToDer(
#ifdef HAVE_PQC
WOLFSSL_API int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx,
falcon_key* key, word32 inSz);
falcon_key* key, word32 inSz);
WOLFSSL_API int wc_Falcon_PublicKeyDecode(const byte* input, word32* inOutIdx,
falcon_key* key, word32 inSz);
WOLFSSL_API int wc_Falcon_KeyToDer(falcon_key* key, byte* output, word32 inLen);
falcon_key* key, word32 inSz);
WOLFSSL_API int wc_Falcon_KeyToDer(falcon_key* key, byte* output,
word32 inLen);
WOLFSSL_API int wc_Falcon_PrivateKeyToDer(falcon_key* key, byte* output,
word32 inLen);
WOLFSSL_API int wc_Falcon_PublicKeyToDer(falcon_key* key, byte* output,
word32 inLen, int withAlg);
WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input,
word32* inOutIdx,
dilithium_key* key, word32 inSz);
WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input,
word32* inOutIdx,
dilithium_key* key, word32 inSz);
WOLFSSL_API int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output,
word32 inLen);
WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
word32 inLen);
WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output,
word32 inLen, int withAlg);
#endif /* HAVE_PQC */
#ifdef HAVE_CURVE448

142
wolfssl/wolfcrypt/dilithium.h Normal file
View File

@@ -0,0 +1,142 @@
/* dilithium.h
*
* Copyright (C) 2022 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/dilithium.h
*/
/* Interfaces for Dilithium NIST Level 1 (Dilithium512) and Dilithium NIST Level 5
* (Dilithium1024). */
#ifndef WOLF_CRYPT_DILITHIUM_H
#define WOLF_CRYPT_DILITHIUM_H
#include <wolfssl/wolfcrypt/types.h>
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#ifdef HAVE_LIBOQS
#include <oqs/oqs.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* Macros Definitions */
#ifdef HAVE_LIBOQS
#define DILITHIUM_LEVEL2_KEY_SIZE OQS_SIG_dilithium_2_length_secret_key
#define DILITHIUM_LEVEL2_SIG_SIZE OQS_SIG_dilithium_2_length_signature
#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_dilithium_2_length_public_key
#define DILITHIUM_LEVEL2_PRV_KEY_SIZE (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE)
#define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_dilithium_3_length_secret_key
#define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_dilithium_3_length_signature
#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_dilithium_3_length_public_key
#define DILITHIUM_LEVEL3_PRV_KEY_SIZE (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE)
#define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_dilithium_5_length_secret_key
#define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_dilithium_5_length_signature
#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_dilithium_5_length_public_key
#define DILITHIUM_LEVEL5_PRV_KEY_SIZE (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
#endif
#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL5_SIG_SIZE
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
#define SHAKE_VARIANT 1
#define AES_VARIANT 2
/* Structs */
struct dilithium_key {
bool pubKeySet;
bool prvKeySet;
byte level; /* 2,3 or 5 */
byte sym; /* SHAKE_VARIANT or AES_VARIANT */
byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
byte k[DILITHIUM_MAX_PRV_KEY_SIZE];
};
#ifndef WC_DILITHIUMKEY_TYPE_DEFINED
typedef struct dilithium_key dilithium_key;
#define WC_DILITHIUMKEY_TYPE_DEFINED
#endif
/* Functions */
WOLFSSL_API
int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
dilithium_key* key);
WOLFSSL_API
int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, dilithium_key* key);
WOLFSSL_API
int wc_dilithium_init(dilithium_key* key);
WOLFSSL_API
int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym);
WOLFSSL_API
int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte *sym);
WOLFSSL_API
void wc_dilithium_free(dilithium_key* key);
WOLFSSL_API
int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key);
WOLFSSL_API
int wc_dilithium_import_private_only(const byte* priv, word32 privSz,
dilithium_key* key);
WOLFSSL_API
int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz,
dilithium_key* key);
WOLFSSL_API
int wc_dilithium_export_public(dilithium_key*, byte* out, word32* outLen);
WOLFSSL_API
int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz);
WOLFSSL_API
int wc_dilithium_check_key(dilithium_key* key);
WOLFSSL_API
int wc_dilithium_size(dilithium_key* key);
WOLFSSL_API
int wc_dilithium_priv_size(dilithium_key* key);
WOLFSSL_API
int wc_dilithium_pub_size(dilithium_key* key);
WOLFSSL_API
int wc_dilithium_sig_size(dilithium_key* key);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* HAVE_PQC && HAVE_DILITHIUM */
#endif /* WOLF_CRYPT_DILITHIUM_H */

1
wolfssl/wolfcrypt/include.am
View File

@@ -22,6 +22,7 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/curve448.h \
wolfssl/wolfcrypt/ed448.h \
wolfssl/wolfcrypt/falcon.h \
wolfssl/wolfcrypt/dilithium.h \
wolfssl/wolfcrypt/fe_448.h \
wolfssl/wolfcrypt/ge_448.h \
wolfssl/wolfcrypt/eccsi.h \

1
wolfssl/wolfcrypt/settings.h
View File

@@ -2720,6 +2720,7 @@ extern void uITRON4_free(void *p) ;
#ifdef HAVE_LIBOQS
#define HAVE_PQC
#define HAVE_FALCON
#define HAVE_DILITHIUM
#define HAVE_KYBER
#endif

1
wolfssl/wolfcrypt/types.h
View File

@@ -947,6 +947,7 @@ typedef struct w64wrapper {
DYNAMIC_TYPE_CMAC = 94,
DYNAMIC_TYPE_FALCON = 95,
DYNAMIC_TYPE_SESSION = 96,
DYNAMIC_TYPE_DILITHIUM = 97,
DYNAMIC_TYPE_SNIFFER_SERVER = 1000,
DYNAMIC_TYPE_SNIFFER_SESSION = 1001,
DYNAMIC_TYPE_SNIFFER_PB = 1002,