diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index fc9a56100..daf9cb99b 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -1043,7 +1043,8 @@ int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize, } int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, - WC_RNG* rng, int type, void* key) + const byte* context, byte contextLen, word32 preHashType, WC_RNG* rng, + int type, void* key) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; @@ -1068,6 +1069,9 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, cryptoInfo.pk.pqc_sign.inlen = inlen; cryptoInfo.pk.pqc_sign.out = out; cryptoInfo.pk.pqc_sign.outlen = outlen; + cryptoInfo.pk.pqc_sign.context = context; + cryptoInfo.pk.pqc_sign.contextLen = contextLen; + cryptoInfo.pk.pqc_sign.preHashType = preHashType; cryptoInfo.pk.pqc_sign.rng = rng; cryptoInfo.pk.pqc_sign.key = key; cryptoInfo.pk.pqc_sign.type = type; @@ -1079,7 +1083,8 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, } int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, - word32 msglen, int* res, int type, void* key) + word32 msglen, const byte* context, byte contextLen, word32 preHashType, + int* res, int type, void* key) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; @@ -1104,6 +1109,9 @@ int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, cryptoInfo.pk.pqc_verify.siglen = siglen; cryptoInfo.pk.pqc_verify.msg = msg; cryptoInfo.pk.pqc_verify.msglen = msglen; + cryptoInfo.pk.pqc_verify.context = context; + cryptoInfo.pk.pqc_verify.contextLen = contextLen; + cryptoInfo.pk.pqc_verify.preHashType = preHashType; cryptoInfo.pk.pqc_verify.res = res; cryptoInfo.pk.pqc_verify.key = key; cryptoInfo.pk.pqc_verify.type = type; diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index 9a65ce78e..6e5df5954 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -8024,8 +8024,8 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, ctx, ctxLen, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -8075,8 +8075,8 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, NULL, 0, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -8127,6 +8127,22 @@ int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcSign(hash, hashLen, sig, sigLen, ctx, ctxLen, + hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Sign message. */ #ifdef WOLFSSL_WC_DILITHIUM @@ -8301,6 +8317,22 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, ctx, ctxLen, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Verify message with signature. */ #ifdef WOLFSSL_WC_DILITHIUM @@ -8339,21 +8371,21 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, ret = BAD_FUNC_ARG; } - #ifdef WOLF_CRYPTO_CB +#ifdef WOLF_CRYPTO_CB if (ret == 0) { - #ifndef WOLF_CRYPTO_CB_FIND + #ifndef WOLF_CRYPTO_CB_FIND if (key->devId != INVALID_DEVID) - #endif + #endif { - ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; } } - #endif +#endif if (ret == 0) { /* Verify message with signature. */ @@ -8397,6 +8429,22 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcVerify(sig, sigLen, hash, hashLen, ctx, ctxLen, + hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Verify message with signature. */ #ifdef WOLFSSL_WC_DILITHIUM diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c index 6b44edd28..ab529f7e2 100644 --- a/wolfcrypt/src/falcon.c +++ b/wolfcrypt/src/falcon.c @@ -73,8 +73,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng, - WC_PQC_SIG_TYPE_FALCON, key); + ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, NULL, 0, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_FALCON, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -171,8 +171,8 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, - WC_PQC_SIG_TYPE_FALCON, key); + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_FALCON, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 15289f699..d2d90fe37 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -294,6 +294,9 @@ typedef struct wc_CryptoInfo { WC_RNG* rng; void* key; int type; /* enum wc_PqcSignatureType */ + const byte* context; + byte contextLen; + word32 preHashType; /* enum wc_HashType */ } pqc_sign; struct { const byte* sig; @@ -303,6 +306,9 @@ typedef struct wc_CryptoInfo { int* res; void* key; int type; /* enum wc_PqcSignatureType */ + const byte* context; + byte contextLen; + word32 preHashType; /* enum wc_HashType */ } pqc_verify; struct { void* key; @@ -560,10 +566,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, - word32 *outlen, WC_RNG* rng, int type, void* key); + word32 *outlen, const byte* context, byte contextLen, word32 preHashType, + WC_RNG* rng, int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, - const byte* msg, word32 msglen, int* res, int type, void* key); + const byte* msg, word32 msglen, const byte* context, byte contextLen, + word32 preHashType, int* res, int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type, const byte* pubKey, word32 pubKeySz);