diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index cc9f0b782..be961f8b8 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -28158,8 +28158,7 @@ int wc_Falcon_PrivateKeyDecode(const byte* input, word32* inOutIdx, pubKey, &pubKeyLen, keytype); if (ret == 0) { if (pubKeyLen == 0) { - ret = wc_falcon_import_private_only(privKey, privKeyLen, - key); + ret = wc_falcon_import_private_only(input, inSz, key); } else { ret = wc_falcon_import_private_key(privKey, privKeyLen, diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c index 00dbe7705..04ea642c5 100644 --- a/wolfcrypt/src/falcon.c +++ b/wolfcrypt/src/falcon.c @@ -588,9 +588,22 @@ int wc_falcon_export_key(falcon_key* key, byte* priv, word32 *privSz, */ int wc_falcon_check_key(falcon_key* key) { - /* Might want to try to sign and verify a random message here. */ + /* Sign and verify a message. */ int ret = 0; - (void)key; + int res = 0; + byte msg[] = "The wolfSSL team is here to make you ready for quantum computers!!"; + word32 msglen = sizeof(msg); + byte sig[FALCON_MAX_SIG_SIZE]; + word32 siglen = sizeof(sig); + + ret = wc_falcon_sign_msg(msg, msglen, sig, &siglen, key); + + if (ret == 0) { + ret = wc_falcon_verify_msg(sig, siglen, msg, msglen, &res, key); + if ((ret != 0) || (res != 1)) { + ret = SIG_VERIFY_E; + } + } return ret; } diff --git a/wolfssl/wolfcrypt/falcon.h b/wolfssl/wolfcrypt/falcon.h index 3ff83a4ba..56c459b84 100644 --- a/wolfssl/wolfcrypt/falcon.h +++ b/wolfssl/wolfcrypt/falcon.h @@ -51,7 +51,7 @@ #define FALCON_LEVEL5_PUB_KEY_SIZE OQS_SIG_falcon_1024_length_public_key #define FALCON_LEVEL5_PRV_KEY_SIZE (FALCON_LEVEL5_PUB_KEY_SIZE+FALCON_LEVEL5_KEY_SIZE) -#define FALCON_MAX_KEY_SIZE FALCON_LEVEL5_KEY_SIZE +#define FALCON_MAX_KEY_SIZE FALCON_LEVEL5_PRV_KEY_SIZE #define FALCON_MAX_SIG_SIZE FALCON_LEVEL5_SIG_SIZE #define FALCON_MAX_PUB_KEY_SIZE FALCON_LEVEL5_PUB_KEY_SIZE #define FALCON_MAX_PRV_KEY_SIZE FALCON_LEVEL5_PRV_KEY_SIZE