feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #8494 from Laboratory-for-Safe-and-Secure-Systems/various

Browse Source 
Various fixes and improvements
This commit is contained in:
Sean Parkinson
2025-02-27 09:40:06 +10:00
committed by GitHub
parent 92ed003a58 75d63071df
commit 99f25c6399
13 changed files with 166 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
CMakeLists.txt
View File

@@ -655,6 +655,16 @@ else()
endif() endif()
endif() endif()
# LMS
add_option(WOLFSSL_LMS
"Enable the wolfSSL LMS implementation (default: disabled)"
"no" "yes;no")
# XMSS
add_option(WOLFSSL_XMSS
"Enable the wolfSSL XMSS implementation (default: disabled)"
"no" "yes;no")
# TODO: - Lean PSK # TODO: - Lean PSK
# - Lean TLS # - Lean TLS
# - Low resource # - Low resource
@@ -668,8 +678,6 @@ endif()
# - Atomic user record layer # - Atomic user record layer
# - Public key callbacks # - Public key callbacks
# - Microchip/Atmel CryptoAuthLib # - Microchip/Atmel CryptoAuthLib
# - XMSS
# - LMS
# - dual-certs # - dual-certs
# AES-CBC # AES-CBC

16
cmake/functions.cmake
View File

@@ -208,6 +208,12 @@ function(generate_build_flags)
set(BUILD_EXT_KYBER "yes" PARENT_SCOPE) set(BUILD_EXT_KYBER "yes" PARENT_SCOPE)
set(BUILD_OQS_HELPER "yes" PARENT_SCOPE) set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
endif() endif()
if(WOLFSSL_LMS OR WOLFSSL_USER_SETTINGS)
set(BUILD_WC_LMS "yes" PARENT_SCOPE)
endif()
if(WOLFSSL_XMSS OR WOLFSSL_USER_SETTINGS)
set(BUILD_WC_XMSS "yes" PARENT_SCOPE)
endif()
if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS) if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS)
message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA") message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA")
# we cannot actually build, as we only have pre-compiled bin # we cannot actually build, as we only have pre-compiled bin
@@ -818,6 +824,16 @@ function(generate_lib_src_list LIB_SOURCES)
list(APPEND LIB_SOURCES wolfcrypt/src/ext_kyber.c) list(APPEND LIB_SOURCES wolfcrypt/src/ext_kyber.c)
endif() endif()
if(BUILD_WC_LMS)
list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms.c)
list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms_impl.c)
endif()
if(BUILD_WC_XMSS)
list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss.c)
list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss_impl.c)
endif()
if(BUILD_LIBZ) if(BUILD_LIBZ)
list(APPEND LIB_SOURCES wolfcrypt/src/compress.c) list(APPEND LIB_SOURCES wolfcrypt/src/compress.c)
endif() endif()

8
cmake/options.h.in
View File

@@ -382,6 +382,14 @@ extern "C" {
#cmakedefine HAVE_ECC_KOBLITZ #cmakedefine HAVE_ECC_KOBLITZ
#undef HAVE_ECC_CDH #undef HAVE_ECC_CDH
#cmakedefine HAVE_ECC_CDH #cmakedefine HAVE_ECC_CDH
#undef WOLFSSL_HAVE_LMS
#cmakedefine WOLFSSL_HAVE_LMS
#undef WOLFSSL_WC_LMS
#cmakedefine WOLFSSL_WC_LMS
#undef WOLFSSL_HAVE_XMSS
#cmakedefine WOLFSSL_HAVE_XMSS
#undef WOLFSSL_WC_XMSS
#cmakedefine WOLFSSL_WC_XMSS
#ifdef __cplusplus #ifdef __cplusplus
} }

4
src/internal.c
View File

@@ -8906,6 +8906,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey); FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
ssl->peerFalconKeyPresent = 0; ssl->peerFalconKeyPresent = 0;
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
#endif /* HAVE_DILITHIUM */
} }
#ifdef HAVE_ECC #ifdef HAVE_ECC

6
src/ssl.c
View File

@@ -18569,11 +18569,11 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
"Dilithium Level 5", "Dilithium Level 5"}, "Dilithium Level 5", "Dilithium Level 5"},
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
{ CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k, oidKeyType, { CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k, oidKeyType,
"ML_DSA Level 2", "ML_DSA Level 2"}, "ML-DSA 44", "ML-DSA 44"},
{ CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k, oidKeyType, { CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k, oidKeyType,
"ML_DSA Level 3", "ML_DSA Level 3"}, "ML-DSA 65", "ML-DSA 65"},
{ CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k, oidKeyType, { CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k, oidKeyType,
"ML_DSA Level 5", "ML_DSA Level 5"}, "ML-DSA 87", "ML-DSA 87"},
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */
/* oidCurveType */ /* oidCurveType */

80
src/tls13.c
View File

@@ -7181,7 +7181,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ERROR_OUT(MATCH_SUITE_ERROR, exit_dch); ERROR_OUT(MATCH_SUITE_ERROR, exit_dch);
} }
#ifdef HAVE_SESSION_TICKET #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
if (ssl->options.resuming) { if (ssl->options.resuming) {
ssl->options.resuming = 0; ssl->options.resuming = 0;
ssl->arrays->psk_keySz = 0; ssl->arrays->psk_keySz = 0;
@@ -9145,41 +9145,12 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
#endif #endif
#if defined(HAVE_FALCON) #if defined(HAVE_FALCON)
else if (ssl->hsType == DYNAMIC_TYPE_FALCON) { else if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
falcon_key* fkey = (falcon_key*)ssl->hsKey; args->sigAlgo = ssl->buffers.keyType;
byte level = 0;
if (wc_falcon_get_level(fkey, &level) != 0) {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
if (level == 1) {
args->sigAlgo = falcon_level1_sa_algo;
}
else if (level == 5) {
args->sigAlgo = falcon_level5_sa_algo;
}
else {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
} }
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) #if defined(HAVE_DILITHIUM)
else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
dilithium_key* fkey = (dilithium_key*)ssl->hsKey; args->sigAlgo = ssl->buffers.keyType;
byte level = 0;
if (wc_dilithium_get_level(fkey, &level) != 0) {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
if (level == 2) {
args->sigAlgo = dilithium_level2_sa_algo;
}
else if (level == 3) {
args->sigAlgo = dilithium_level3_sa_algo;
}
else if (level == 5) {
args->sigAlgo = dilithium_level5_sa_algo;
}
else {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
} }
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */
else { else {
@@ -9463,9 +9434,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz, ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->sigData,
sigOut, &args->sigLen, args->sigDataSz, sigOut,
(dilithium_key*)ssl->hsKey, ssl->rng); &args->sigLen,
(dilithium_key*)ssl->hsKey,
ssl->rng);
args->length = (word16)args->sigLen; args->length = (word16)args->sigLen;
} }
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */
@@ -9557,11 +9530,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) { if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
ret = wc_dilithium_sign_msg(args->altSigData, ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->altSigData,
args->altSigDataSz, sigOut, args->altSigDataSz, sigOut, &args->altSigLen,
&args->altSigLen, (dilithium_key*)ssl->hsAltKey, ssl->rng);
(dilithium_key*)ssl->hsAltKey,
ssl->rng);
} }
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */
@@ -10546,6 +10517,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
(void**)&ssl->peerFalconKey); (void**)&ssl->peerFalconKey);
ssl->peerFalconKeyPresent = 0; ssl->peerFalconKeyPresent = 0;
} }
else if ((ret >= 0) && (res == 0)) {
WOLFSSL_MSG("Falcon signature verification failed");
ret = SIG_VERIFY_E;
}
} }
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
@@ -10555,9 +10530,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
(ssl->peerDilithiumKeyPresent)) { (ssl->peerDilithiumKeyPresent)) {
int res = 0; int res = 0;
WOLFSSL_MSG("Doing Dilithium peer cert verify"); WOLFSSL_MSG("Doing Dilithium peer cert verify");
ret = wc_dilithium_verify_msg(sig, args->sigSz, ret = wc_dilithium_verify_ctx_msg(sig, args->sigSz, NULL, 0,
args->sigData, args->sigDataSz, args->sigData, args->sigDataSz,
&res, ssl->peerDilithiumKey); &res, ssl->peerDilithiumKey);
if ((ret >= 0) && (res == 1)) { if ((ret >= 0) && (res == 1)) {
/* CLIENT/SERVER: data verified with public key from /* CLIENT/SERVER: data verified with public key from
@@ -10568,6 +10543,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
(void**)&ssl->peerDilithiumKey); (void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0; ssl->peerDilithiumKeyPresent = 0;
} }
else if ((ret >= 0) && (res == 0)) {
WOLFSSL_MSG("Dilithium signature verification failed");
ret = SIG_VERIFY_E;
}
} }
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */
@@ -10648,6 +10627,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
(void**)&ssl->peerFalconKey); (void**)&ssl->peerFalconKey);
ssl->peerFalconKeyPresent = 0; ssl->peerFalconKeyPresent = 0;
} }
else if ((ret >= 0) && (res == 0)) {
WOLFSSL_MSG("Falcon signature verification failed");
ret = SIG_VERIFY_E;
}
} }
#endif /* HAVE_FALCON */ #endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
@@ -10657,9 +10640,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
(ssl->peerDilithiumKeyPresent)) { (ssl->peerDilithiumKeyPresent)) {
int res = 0; int res = 0;
WOLFSSL_MSG("Doing Dilithium peer cert alt verify"); WOLFSSL_MSG("Doing Dilithium peer cert alt verify");
ret = wc_dilithium_verify_msg(sig, args->altSignatureSz, ret = wc_dilithium_verify_ctx_msg(sig, args->altSignatureSz,
args->altSigData, args->altSigDataSz, NULL, 0, args->altSigData,
&res, ssl->peerDilithiumKey); args->altSigDataSz, &res,
ssl->peerDilithiumKey);
if ((ret >= 0) && (res == 1)) { if ((ret >= 0) && (res == 1)) {
/* CLIENT/SERVER: data verified with public key from /* CLIENT/SERVER: data verified with public key from
@@ -10670,6 +10654,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
(void**)&ssl->peerDilithiumKey); (void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0; ssl->peerDilithiumKeyPresent = 0;
} }
else if ((ret >= 0) && (res == 0)) {
WOLFSSL_MSG("Dilithium signature verification failed");
ret = SIG_VERIFY_E;
}
} }
#endif /* HAVE_DILITHIUM */ #endif /* HAVE_DILITHIUM */

4
wolfcrypt/src/asn.c
View File

@@ -17282,6 +17282,10 @@ int ConfirmSignature(SignatureCtx* sigCtx,
level = WC_ML_DSA_87_DRAFT; level = WC_ML_DSA_87_DRAFT;
} }
#endif #endif
else {
WOLFSSL_MSG("Invalid Dilithium key OID");
goto exit_cs;
}
sigCtx->verify = 0; sigCtx->verify = 0;
sigCtx->key.dilithium = (dilithium_key*)XMALLOC( sigCtx->key.dilithium = (dilithium_key*)XMALLOC(
sizeof(dilithium_key), sigCtx->heap, sizeof(dilithium_key), sigCtx->heap,

12
wolfcrypt/src/cryptocb.c
View File

@@ -1043,7 +1043,8 @@ int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize,
} }
int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
WC_RNG* rng, int type, void* key) const byte* context, byte contextLen, word32 preHashType, WC_RNG* rng,
int type, void* key)
{ {
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
int devId = INVALID_DEVID; int devId = INVALID_DEVID;
@@ -1068,6 +1069,9 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
cryptoInfo.pk.pqc_sign.inlen = inlen; cryptoInfo.pk.pqc_sign.inlen = inlen;
cryptoInfo.pk.pqc_sign.out = out; cryptoInfo.pk.pqc_sign.out = out;
cryptoInfo.pk.pqc_sign.outlen = outlen; cryptoInfo.pk.pqc_sign.outlen = outlen;
cryptoInfo.pk.pqc_sign.context = context;
cryptoInfo.pk.pqc_sign.contextLen = contextLen;
cryptoInfo.pk.pqc_sign.preHashType = preHashType;
cryptoInfo.pk.pqc_sign.rng = rng; cryptoInfo.pk.pqc_sign.rng = rng;
cryptoInfo.pk.pqc_sign.key = key; cryptoInfo.pk.pqc_sign.key = key;
cryptoInfo.pk.pqc_sign.type = type; cryptoInfo.pk.pqc_sign.type = type;
@@ -1079,7 +1083,8 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
} }
int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg,
word32 msglen, int* res, int type, void* key) word32 msglen, const byte* context, byte contextLen, word32 preHashType,
int* res, int type, void* key)
{ {
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
int devId = INVALID_DEVID; int devId = INVALID_DEVID;
@@ -1104,6 +1109,9 @@ int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg,
cryptoInfo.pk.pqc_verify.siglen = siglen; cryptoInfo.pk.pqc_verify.siglen = siglen;
cryptoInfo.pk.pqc_verify.msg = msg; cryptoInfo.pk.pqc_verify.msg = msg;
cryptoInfo.pk.pqc_verify.msglen = msglen; cryptoInfo.pk.pqc_verify.msglen = msglen;
cryptoInfo.pk.pqc_verify.context = context;
cryptoInfo.pk.pqc_verify.contextLen = contextLen;
cryptoInfo.pk.pqc_verify.preHashType = preHashType;
cryptoInfo.pk.pqc_verify.res = res; cryptoInfo.pk.pqc_verify.res = res;
cryptoInfo.pk.pqc_verify.key = key; cryptoInfo.pk.pqc_verify.key = key;
cryptoInfo.pk.pqc_verify.type = type; cryptoInfo.pk.pqc_verify.type = type;

70
wolfcrypt/src/dilithium.c
View File

@@ -8024,8 +8024,8 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
if (key->devId != INVALID_DEVID) if (key->devId != INVALID_DEVID)
#endif #endif
{ {
ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, ctx, ctxLen,
WC_PQC_SIG_TYPE_DILITHIUM, key); WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */
@@ -8075,8 +8075,8 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
if (key->devId != INVALID_DEVID) if (key->devId != INVALID_DEVID)
#endif #endif
{ {
ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, NULL, 0,
WC_PQC_SIG_TYPE_DILITHIUM, key); WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */
@@ -8127,6 +8127,22 @@ int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
#ifdef WOLF_CRYPTO_CB
if (ret == 0) {
#ifndef WOLF_CRYPTO_CB_FIND
if (key->devId != INVALID_DEVID)
#endif
{
ret = wc_CryptoCb_PqcSign(hash, hashLen, sig, sigLen, ctx, ctxLen,
hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
/* fall-through when unavailable */
ret = 0;
}
}
#endif
if (ret == 0) { if (ret == 0) {
/* Sign message. */ /* Sign message. */
#ifdef WOLFSSL_WC_DILITHIUM #ifdef WOLFSSL_WC_DILITHIUM
@@ -8301,6 +8317,22 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
#ifdef WOLF_CRYPTO_CB
if (ret == 0) {
#ifndef WOLF_CRYPTO_CB_FIND
if (key->devId != INVALID_DEVID)
#endif
{
ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, ctx, ctxLen,
WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
/* fall-through when unavailable */
ret = 0;
}
}
#endif
if (ret == 0) { if (ret == 0) {
/* Verify message with signature. */ /* Verify message with signature. */
#ifdef WOLFSSL_WC_DILITHIUM #ifdef WOLFSSL_WC_DILITHIUM
@@ -8339,21 +8371,21 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
if (ret == 0) { if (ret == 0) {
#ifndef WOLF_CRYPTO_CB_FIND #ifndef WOLF_CRYPTO_CB_FIND
if (key->devId != INVALID_DEVID) if (key->devId != INVALID_DEVID)
#endif #endif
{ {
ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0,
WC_PQC_SIG_TYPE_DILITHIUM, key); WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */
ret = 0; ret = 0;
} }
} }
#endif #endif
if (ret == 0) { if (ret == 0) {
/* Verify message with signature. */ /* Verify message with signature. */
@@ -8397,6 +8429,22 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
#ifdef WOLF_CRYPTO_CB
if (ret == 0) {
#ifndef WOLF_CRYPTO_CB_FIND
if (key->devId != INVALID_DEVID)
#endif
{
ret = wc_CryptoCb_PqcVerify(sig, sigLen, hash, hashLen, ctx, ctxLen,
hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret;
/* fall-through when unavailable */
ret = 0;
}
}
#endif
if (ret == 0) { if (ret == 0) {
/* Verify message with signature. */ /* Verify message with signature. */
#ifdef WOLFSSL_WC_DILITHIUM #ifdef WOLFSSL_WC_DILITHIUM
@@ -9228,7 +9276,7 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
ret = MEMORY_E; ret = MEMORY_E;
} }
else { else {
XMEMSET(key->a, 0, params->aSz); XMEMSET(key->a, 0, key->params->aSz);
} }
} }
#endif #endif

8
wolfcrypt/src/falcon.c
View File

@@ -73,8 +73,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
if (key->devId != INVALID_DEVID) if (key->devId != INVALID_DEVID)
#endif #endif
{ {
ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng, ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, NULL, 0,
WC_PQC_SIG_TYPE_FALCON, key); WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_FALCON, key);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */
@@ -171,8 +171,8 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
if (key->devId != INVALID_DEVID) if (key->devId != INVALID_DEVID)
#endif #endif
{ {
ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0,
WC_PQC_SIG_TYPE_FALCON, key); WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_FALCON, key);
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */

3
wolfcrypt/src/wc_lms.c
View File

@@ -1162,7 +1162,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen)
if (ret == 0) { if (ret == 0) {
XMEMCPY(key->pub, in, inLen); XMEMCPY(key->pub, in, inLen);
key->state = WC_LMS_STATE_VERIFYONLY; if (key->state != WC_LMS_STATE_OK)
key->state = WC_LMS_STATE_VERIFYONLY;
} }
return ret; return ret;

12
wolfssl/wolfcrypt/cryptocb.h
View File

@@ -294,6 +294,9 @@ typedef struct wc_CryptoInfo {
WC_RNG* rng; WC_RNG* rng;
void* key; void* key;
int type; /* enum wc_PqcSignatureType */ int type; /* enum wc_PqcSignatureType */
const byte* context;
byte contextLen;
word32 preHashType; /* enum wc_HashType */
} pqc_sign; } pqc_sign;
struct { struct {
const byte* sig; const byte* sig;
@@ -303,6 +306,9 @@ typedef struct wc_CryptoInfo {
int* res; int* res;
void* key; void* key;
int type; /* enum wc_PqcSignatureType */ int type; /* enum wc_PqcSignatureType */
const byte* context;
byte contextLen;
word32 preHashType; /* enum wc_HashType */
} pqc_verify; } pqc_verify;
struct { struct {
void* key; void* key;
@@ -560,10 +566,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type,
int keySize, void* key); int keySize, void* key);
WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out,
word32 *outlen, WC_RNG* rng, int type, void* key); word32 *outlen, const byte* context, byte contextLen, word32 preHashType,
WC_RNG* rng, int type, void* key);
WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen,
const byte* msg, word32 msglen, int* res, int type, void* key); const byte* msg, word32 msglen, const byte* context, byte contextLen,
word32 preHashType, int* res, int type, void* key);
WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type, WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
const byte* pubKey, word32 pubKeySz); const byte* pubKey, word32 pubKeySz);

2
zephyr/CMakeLists.txt
View File

@@ -119,6 +119,8 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber_poly.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber_poly.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms_impl.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c) zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)