Guard old non-ctx ML-DSA API by default

This commit is contained in:
Tobias Frauenschläger
2026-03-23 14:38:33 +01:00
parent 4b8c5247fe
commit 3fd13b819d
10 changed files with 7872 additions and 28 deletions
+1
View File
@@ -34,6 +34,7 @@ jobs:
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium=yes,no-ctx --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
]
name: make check
if: github.repository_owner == 'wolfssl'
+4 -1
View File
@@ -1819,8 +1819,11 @@ do
draft|fips204-draft)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_FIPS204_DRAFT"
;;
no-ctx)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_CTX"
;;
*)
AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.])
AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87,no-ctx]: $ENABLED_DILITHIUM.])
break;;
esac
done
+7791 -5
View File
File diff suppressed because it is too large Load Diff
+4
View File
@@ -34,6 +34,8 @@ int test_wc_dilithium_public_der_decode(void);
int test_wc_dilithium_der(void);
int test_wc_dilithium_make_key_from_seed(void);
int test_wc_dilithium_sig_kats(void);
int test_wc_dilithium_sign_ctx_kats(void);
int test_wc_dilithium_verify_ctx_kats(void);
int test_wc_dilithium_verify_kats(void);
int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void);
int test_mldsa_pkcs8_import_OpenSSL_form(void);
@@ -51,6 +53,8 @@ int test_mldsa_pkcs12(void);
TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_ctx_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_ctx_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \
TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form), \
+6 -6
View File
@@ -15557,10 +15557,10 @@ void bench_dilithiumKeySign(byte level)
do {
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
ret = wc_dilithium_sign_msg(msg, DILITHIUM_BENCH_MSG_SIZE, sig, &x, key,
GLOBAL_RNG);
ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg,
DILITHIUM_BENCH_MSG_SIZE, sig, &x, key, GLOBAL_RNG);
if (ret != 0) {
printf("wc_dilithium_sign_msg failed\n");
printf("wc_dilithium_sign_ctx_msg failed\n");
}
}
RECORD_MULTI_VALUE_STATS();
@@ -15631,11 +15631,11 @@ void bench_dilithiumKeySign(byte level)
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
int verify = 0;
ret = wc_dilithium_verify_msg(sig, x, msg, DILITHIUM_BENCH_MSG_SIZE,
&verify, key);
ret = wc_dilithium_verify_ctx_msg(sig, x, NULL, 0, msg,
DILITHIUM_BENCH_MSG_SIZE, &verify, key);
if (ret != 0 || verify != 1) {
printf("wc_dilithium_verify_msg failed %d, verify %d\n",
printf("wc_dilithium_verify_ctx_msg failed %d, verify %d\n",
ret, verify);
ret = -1;
}
+20 -5
View File
@@ -9038,6 +9038,7 @@ static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key,
* @return MEMORY_E when memory allocation fails.
* @return Other negative when an error occurs.
*/
#ifdef WOLFSSL_DILITHIUM_NO_CTX
static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
{
@@ -9058,6 +9059,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed,
return ret;
}
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
/* Sign a message with the key and a random number generator.
*
@@ -9153,6 +9155,7 @@ static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng,
* @return MEMORY_E when memory allocation fails.
* @return Other negative when an error occurs.
*/
#ifdef WOLFSSL_DILITHIUM_NO_CTX
static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng,
const byte* msg, word32 msgLen, byte* sig, word32 *sigLen)
{
@@ -9183,6 +9186,7 @@ static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng,
return ret;
}
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
/* Sign a pre-hashed message with the key and a seed.
*
@@ -9825,6 +9829,7 @@ static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx,
return ret;
}
#ifdef WOLFSSL_DILITHIUM_NO_CTX
/* Verify signature of message using public key.
*
* @param [in, out] key Dilithium key.
@@ -9867,6 +9872,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg,
return ret;
}
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
/* Verify signature of message using public key.
*
@@ -10084,7 +10090,7 @@ static int oqs_dilithium_verify_msg(const byte* sig, word32 sigLen,
}
return ret;
}
#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
#else
#error "No dilithium implementation chosen."
@@ -10222,6 +10228,7 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
return ret;
}
#ifdef WOLFSSL_DILITHIUM_NO_CTX
/* Sign the message using the dilithium private key.
*
* msg [in] Message to sign.
@@ -10233,6 +10240,8 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
* returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
* BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
* 0 otherwise.
* NOTE: This is a pre-FIPS 204 API without context support. New code should
* use wc_dilithium_sign_ctx_msg() with ctx=NULL/ctxLen=0 instead.
*/
int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
word32 *sigLen, dilithium_key* key, WC_RNG* rng)
@@ -10271,6 +10280,7 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
return ret;
}
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
/* Sign the message hash using the dilithium private key.
*
@@ -10379,6 +10389,7 @@ int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
return ret;
}
#ifdef WOLFSSL_DILITHIUM_NO_CTX
/* Sign the message using the dilithium private key.
*
* msg [in] Message to sign.
@@ -10390,6 +10401,8 @@ int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
* returns BAD_FUNC_ARG when a parameter is NULL or public key not set,
* BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
* 0 otherwise.
* NOTE: This is a pre-FIPS 204 API without context support. New code should
* use wc_dilithium_sign_ctx_msg_with_seed() instead.
*/
int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
word32 *sigLen, dilithium_key* key, const byte* seed)
@@ -10414,6 +10427,7 @@ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
return ret;
}
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
/* Sign the message using the dilithium private key.
*
@@ -10514,16 +10528,14 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
ret = dilithium_verify_ctx_msg(key, ctx, ctxLen, msg, msgLen, sig,
sigLen, res);
#elif defined(HAVE_LIBOQS)
ret = NOT_COMPILED_IN;
(void)sigLen;
(void)msgLen;
(void)res;
ret = oqs_dilithium_verify_msg(sig, sigLen, msg, msgLen, res, key);
#endif
}
return ret;
}
#ifdef WOLFSSL_DILITHIUM_NO_CTX
/* Verify the message using the dilithium public key.
*
* sig [in] Signature to verify.
@@ -10535,6 +10547,8 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
* returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and
* BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE,
* 0 otherwise.
* NOTE: This is a pre-FIPS 204 API without context support. New code should
* use wc_dilithium_verify_ctx_msg() with ctx=NULL/ctxLen=0 instead.
*/
int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, dilithium_key* key)
@@ -10573,6 +10587,7 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
return ret;
}
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
/* Verify the message using the dilithium public key.
*
+4 -4
View File
@@ -50246,14 +50246,14 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
if (sigLen <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_dilithium_sign_msg(msg, (word32)sizeof(msg), sig, &sigLen, key,
rng);
ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg, (word32)sizeof(msg), sig,
&sigLen, key, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res,
key);
ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
(word32)sizeof(msg), &res, key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (res != 1)
+33 -1
View File
@@ -803,6 +803,13 @@ struct dilithium_key {
#define WC_DILITHIUMKEY_TYPE_DEFINED
#endif
/* When WOLFSSL_DILITHIUM_FIPS204_DRAFT is enabled the legacy (pre-FIPS 204)
* no-context sign/verify API is required to handle draft-format signatures. */
#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) && \
!defined(WOLFSSL_DILITHIUM_NO_CTX)
#define WOLFSSL_DILITHIUM_NO_CTX
#endif
/* Functions */
#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY
@@ -811,9 +818,15 @@ int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng);
WOLFSSL_API
int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed);
/* Legacy sign API without context parameter (pre-FIPS 204).
* Only available when WOLFSSL_DILITHIUM_NO_CTX is defined.
* New code should use wc_dilithium_sign_ctx_msg() with ctx=NULL/ctxLen=0
* for FIPS 204 compliant signing with an empty context. */
#ifdef WOLFSSL_DILITHIUM_NO_CTX
WOLFSSL_API
int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
word32* sigLen, dilithium_key* key, WC_RNG* rng);
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
WOLFSSL_API
int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng);
@@ -821,9 +834,14 @@ WOLFSSL_API
int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
const byte* hash, word32 hashLen, byte* sig, word32* sigLen,
dilithium_key* key, WC_RNG* rng);
/* Legacy seed-based sign API without context parameter (pre-FIPS 204).
* Only available when WOLFSSL_DILITHIUM_NO_CTX is defined.
* New code should use wc_dilithium_sign_ctx_msg_with_seed() instead. */
#ifdef WOLFSSL_DILITHIUM_NO_CTX
WOLFSSL_API
int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig,
word32 *sigLen, dilithium_key* key, const byte* seed);
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
WOLFSSL_API
int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen,
const byte* msg, word32 msgLen, byte* sig, word32 *sigLen,
@@ -832,10 +850,16 @@ WOLFSSL_API
int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen,
int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen,
dilithium_key* key, const byte* seed);
#endif
#endif /* !WOLFSSL_DILITHIUM_VERIFY_ONLY */
/* Legacy verify API without context parameter (pre-FIPS 204).
* Only available when WOLFSSL_DILITHIUM_NO_CTX is defined.
* New code should use wc_dilithium_verify_ctx_msg() with ctx=NULL/ctxLen=0
* for FIPS 204 compliant verification with an empty context. */
#ifdef WOLFSSL_DILITHIUM_NO_CTX
WOLFSSL_API
int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, dilithium_key* key);
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
WOLFSSL_API
int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
byte ctxLen, const byte* msg, word32 msgLen, int* res,
@@ -1074,8 +1098,12 @@ WOLFSSL_LOCAL void wc_mldsa_poly_make_pos_avx2(sword32* a);
wc_dilithium_export_private_only(key, out, outLen)
#define wc_MlDsaKey_ImportPrivRaw(key, in, inLen) \
wc_dilithium_import_private_only(in, inLen, key)
/* Legacy no-context sign alias: only available with WOLFSSL_DILITHIUM_NO_CTX.
* Prefer wc_MlDsaKey_SignCtx() with empty context for FIPS 204 compliance. */
#ifdef WOLFSSL_DILITHIUM_NO_CTX
#define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng) \
wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng)
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
#define wc_MlDsaKey_SignCtx(key, ctx, ctxSz, sig, sigSz, msg, msgSz, rng) \
wc_dilithium_sign_ctx_msg(ctx, ctxSz, msg, msgSz, sig, sigSz, key, rng)
#define wc_MlDsaKey_SignCtxHash(key, ctx, ctxSz, sig, sigSz, hash, hashSz, \
@@ -1088,8 +1116,12 @@ WOLFSSL_LOCAL void wc_mldsa_poly_make_pos_avx2(sword32* a);
wc_dilithium_export_public(key, out, outLen)
#define wc_MlDsaKey_ImportPubRaw(key, in, inLen) \
wc_dilithium_import_public(in, inLen, key)
/* Legacy no-context verify alias: only available with WOLFSSL_DILITHIUM_NO_CTX.
* Prefer wc_MlDsaKey_VerifyCtx() with empty context for FIPS 204 compliance. */
#ifdef WOLFSSL_DILITHIUM_NO_CTX
#define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \
wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key)
#endif /* WOLFSSL_DILITHIUM_NO_CTX */
#define wc_MlDsaKey_VerifyCtx(key, sig, sigSz, ctx, ctxSz, msg, msgSz, res) \
wc_dilithium_verify_ctx_msg(sig, sigSz, ctx, ctxSz, msg, msgSz, res, key)
#define wc_MlDsaKey_VerifyCtxHash(key, sig, sigSz, ctx, ctxSz, hash, hashSz, \
+3 -3
View File
@@ -316,9 +316,9 @@ fn scan_cfg() -> Result<()> {
check_cfg(&binding, "wc_dilithium_init", "dilithium");
check_cfg(&binding, "wc_dilithium_make_key", "dilithium_make_key");
check_cfg(&binding, "wc_dilithium_make_key_from_seed", "dilithium_make_key_from_seed");
check_cfg(&binding, "wc_dilithium_sign_msg", "dilithium_sign");
check_cfg(&binding, "wc_dilithium_sign_msg_with_seed", "dilithium_sign_with_seed");
check_cfg(&binding, "wc_dilithium_verify_msg", "dilithium_verify");
check_cfg(&binding, "wc_dilithium_sign_ctx_msg", "dilithium_sign");
check_cfg(&binding, "wc_dilithium_sign_ctx_msg_with_seed", "dilithium_sign_with_seed");
check_cfg(&binding, "wc_dilithium_verify_ctx_msg", "dilithium_verify");
check_cfg(&binding, "wc_dilithium_import_public", "dilithium_import");
check_cfg(&binding, "wc_dilithium_export_public", "dilithium_export");
check_cfg(&binding, "wc_dilithium_check_key", "dilithium_check_key");
@@ -867,7 +867,8 @@ impl Dilithium {
let msg_len = msg.len() as u32;
let mut sig_len = sig.len() as u32;
let rc = unsafe {
sys::wc_dilithium_sign_msg(
sys::wc_dilithium_sign_ctx_msg(
core::ptr::null(), 0,
msg.as_ptr(), msg_len,
sig.as_mut_ptr(), &mut sig_len,
&mut self.ws_key,
@@ -1038,7 +1039,8 @@ impl Dilithium {
let msg_len = msg.len() as u32;
let mut sig_len = sig.len() as u32;
let rc = unsafe {
sys::wc_dilithium_sign_msg_with_seed(
sys::wc_dilithium_sign_ctx_msg_with_seed(
core::ptr::null(), 0,
msg.as_ptr(), msg_len,
sig.as_mut_ptr(), &mut sig_len,
&mut self.ws_key,
@@ -1184,8 +1186,9 @@ impl Dilithium {
let msg_len = msg.len() as u32;
let mut res = 0i32;
let rc = unsafe {
sys::wc_dilithium_verify_msg(
sys::wc_dilithium_verify_ctx_msg(
sig.as_ptr(), sig_len,
core::ptr::null(), 0,
msg.as_ptr(), msg_len,
&mut res,
&mut self.ws_key,