Merge pull request #10516 from Frauschi/mldsa_rename

Finalize ML-DSA renaming
This commit is contained in:
David Garske
2026-05-26 08:05:04 -07:00
committed by GitHub
58 changed files with 8139 additions and 9456 deletions
+7 -7
View File
@@ -19,15 +19,15 @@ jobs:
matrix:
config: [
# Add new configs here
'--disable-shared --enable-dilithium --enable-mlkem CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=undefined" CPPFLAGS="-DWOLFSSL_DILITHIUM_ALIGNMENT=4"',
'--disable-shared --enable-dilithium --enable-mlkem CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=undefined" CPPFLAGS="-DWOLFSSL_MLDSA_ALIGNMENT=4"',
'--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS="-DWOLFSSL_ML_KEM_USE_OLD_IDS"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-tls-mlkem-standalone --enable-extra-pqc-hybrids --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"',
'--enable-intelasm --enable-sp-math --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --disable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-tls-mlkem-standalone --enable-extra-pqc-hybrids --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"',
'--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++',
'--disable-intelasm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"',
'--disable-intelasm --enable-smallstack --enable-smallstackcache --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"',
'--disable-intelasm --enable-all --disable-mlkem --enable-lms=yes,small,verify-only --enable-xmss=yes,small,verify-only --enable-slhdsa=yes,small,verify-only --enable-dilithium=yes,small,verify-only --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"',
'--disable-intelasm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM -DWOLFSSL_MLDSA_NO_LARGE_CODE"',
'--disable-intelasm --enable-smallstack --enable-smallstackcache --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM -DWOLFSSL_MLDSA_NO_LARGE_CODE"',
'--disable-intelasm --enable-all --disable-mlkem --enable-lms=yes,small,verify-only --enable-xmss=yes,small,verify-only --enable-slhdsa=yes,small,verify-only --enable-dilithium=yes,small,verify-only --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_NO_LARGE_CODE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,512 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
@@ -37,9 +37,9 @@ jobs:
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium=yes,no-ctx --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem,cache-a CPPFLAGS="-DWOLFSSL_MLKEM_DYNAMIC_KEYS"',
'--enable-intelasm --enable-sp-asm --enable-dilithium=yes CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
'--disable-intelasm --enable-dilithium=yes,small CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
'--disable-intelasm --enable-dilithium=44,65,87,verify-only CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
'--enable-intelasm --enable-sp-asm --enable-dilithium=yes CPPFLAGS="-DWOLFSSL_MLDSA_DYNAMIC_KEYS"',
'--disable-intelasm --enable-dilithium=yes,small CPPFLAGS="-DWOLFSSL_MLDSA_DYNAMIC_KEYS"',
'--disable-intelasm --enable-dilithium=44,65,87,verify-only CPPFLAGS="-DWOLFSSL_MLDSA_DYNAMIC_KEYS"',
]
name: make check
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
+9 -9
View File
@@ -19,16 +19,16 @@ jobs:
matrix:
config: [
# Add new configs here
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa=yes,small --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_ALIGNMENT=0 -DWC_XMSS_FULL_HASH -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa=yes,small --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_ALIGNMENT=0 -DWC_XMSS_FULL_HASH -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
'--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa=yes,draft --enable-lms --enable-xmss CPPFLAGS="-DWC_LMS_FULL_HASH -DWOLFSSL_LMS_LARGE_CACHES -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa=yes,no-ctx --enable-lms=yes,small --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_XMSS_LARGE_SECRET_KEY -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC -DWOLFSSL_WC_LMS_SERIALIZE_STATE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A -DWOLFSSL_WC_XMSS_NO_SHA512 -DWOLFSSL_LMS_NO_SIG_CACHE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128 -Wcast-qual"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa=yes,verify-only --enable-lms=yes,small,sha256-192,shake256 --enable-xmss=yes,verify-only CPPFLAGS="-DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_NO_MALLOC -DWOLFSSL_DILITHIUM_SMALL_MEM_POLY64 -DWOLFSSL_WC_XMSS_NO_SHAKE128 -DWOLFSSL_WC_XMSS_NO_SHAKE256 -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-slhdsa=yes,small --enable-mldsa --enable-lms --enable-xmss=yes,small CPPFLAGS="-DWC_DILITHIUM_CACHE_MATRIX_A -DWOLFSSL_LMS_NO_SIGN_SMOOTHING -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code --enable-slhdsa=yes,small-mem --enable-mldsa --enable-lms=yes,sha256-192,shake256 --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_NO_LARGE_CODE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
'--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa --enable-lms=yes,verify-only --enable-xmss CPPFLAGS="-DWC_DILITHIUM_CACHE_PRIV_VECTORS -DWC_DILITHIUM_CACHE_PUB_VECTORS -DWOLFSSL_DILITHIUM_DYNAMIC_KEYS -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,verify-only --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_ASN1 -DWOLFSSL_DILITHIUM_ALIGNMENT=0 -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa=yes,no-ctx --enable-lms=yes,small --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM -DWOLFSSL_XMSS_LARGE_SECRET_KEY -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC -DWOLFSSL_WC_LMS_SERIALIZE_STATE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC_A -DWOLFSSL_WC_XMSS_NO_SHA512 -DWOLFSSL_LMS_NO_SIG_CACHE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128 -Wcast-qual"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa=yes,verify-only --enable-lms=yes,small,sha256-192,shake256 --enable-xmss=yes,verify-only CPPFLAGS="-DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_VERIFY_NO_MALLOC -DWOLFSSL_MLDSA_SMALL_MEM_POLY64 -DWOLFSSL_WC_XMSS_NO_SHAKE128 -DWOLFSSL_WC_XMSS_NO_SHAKE256 -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-slhdsa=yes,small --enable-mldsa --enable-lms --enable-xmss=yes,small CPPFLAGS="-DWC_MLDSA_CACHE_MATRIX_A -DWOLFSSL_LMS_NO_SIGN_SMOOTHING -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code --enable-slhdsa=yes,small-mem --enable-mldsa --enable-lms=yes,sha256-192,shake256 --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_NO_LARGE_CODE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
'--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa --enable-lms=yes,verify-only --enable-xmss CPPFLAGS="-DWC_MLDSA_CACHE_PRIV_VECTORS -DWC_MLDSA_CACHE_PUB_VECTORS -DWOLFSSL_MLDSA_DYNAMIC_KEYS -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,verify-only --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLDSA_NO_ASN1 -DWOLFSSL_MLDSA_ALIGNMENT=0 -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-slhdsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
]
name: build library
+1
View File
@@ -2939,6 +2939,7 @@ if(WOLFSSL_EXAMPLES)
tests/api/test_ed448.c
tests/api/test_mlkem.c
tests/api/test_mldsa.c
tests/api/test_mldsa_legacy.c
tests/api/test_slhdsa.c
tests/api/test_signature.c
tests/api/test_dtls.c
Binary file not shown.
Binary file not shown.
Binary file not shown.
-8
View File
@@ -1,8 +0,0 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/dilithium/bench_dilithium_level2_key.der \
certs/dilithium/bench_dilithium_level3_key.der \
certs/dilithium/bench_dilithium_level5_key.der
-1
View File
@@ -160,7 +160,6 @@ include certs/test-serial0/include.am
include certs/intermediate/include.am
include certs/falcon/include.am
include certs/rsapss/include.am
include certs/dilithium/include.am
include certs/slhdsa/include.am
include certs/lms/include.am
include certs/xmss/include.am
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+7 -1
View File
@@ -33,4 +33,10 @@ EXTRA_DIST += \
certs/mldsa/mldsa65-cert.der \
certs/mldsa/mldsa87-key.pem \
certs/mldsa/mldsa87-cert.pem \
certs/mldsa/mldsa87-cert.der
certs/mldsa/mldsa87-cert.der \
certs/mldsa/bench_mldsa_44_key.der \
certs/mldsa/bench_mldsa_44_pubkey.der \
certs/mldsa/bench_mldsa_65_key.der \
certs/mldsa/bench_mldsa_65_pubkey.der \
certs/mldsa/bench_mldsa_87_key.der \
certs/mldsa/bench_mldsa_87_pubkey.der
+130 -131
View File
@@ -41,6 +41,16 @@ the legacy API.
| `DILITHIUM_LEVEL{2,3,5}_*_SIZE`, `ML_DSA_LEVEL{2,3,5}_*_SIZE`, `DILITHIUM_ML_DSA_{44,65,87}_*_SIZE` | `WC_MLDSA_{44,65,87}_*_SIZE` |
| `DEBUG_DILITHIUM` | `DEBUG_MLDSA` |
The three legacy size-constant families
(`DILITHIUM_LEVEL{2,3,5}_*_SIZE`, `ML_DSA_LEVEL{2,3,5}_*_SIZE`,
`DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`) remain reachable through the
dilithium.h shim as `#define`-style aliases for the canonical
`WC_MLDSA_{44,65,87}_*_SIZE` family — eight spellings per parameter
set (`KEY_SIZE`, `PRV_KEY_SIZE`, `PUB_KEY_SIZE`, `SIG_SIZE`,
`PRV_KEY_DER_SIZE`, `PUB_KEY_DER_SIZE`, `BOTH_KEY_DER_SIZE`,
`BOTH_KEY_PEM_SIZE`). All of them are gated on
`!defined(WOLFSSL_NO_DILITHIUM_LEGACY_NAMES)`.
The `WC_ML_DSA_{44,65,87}` / `WC_ML_DSA_{44,65,87}_DRAFT` / `WC_ML_DSA_DRAFT`
public level identifiers and the `PARAMS_ML_DSA_{44,65,87}_*`
per-parameter-set internal constants intentionally **keep** their
@@ -85,6 +95,60 @@ projects.
The configure summary echoes `ML-DSA: yes` rather than `DILITHIUM: yes`.
### Public error-code rename
The error-code enumerator in `wolfssl/error-ssl.h` was renamed:
| Legacy | Canonical | Numeric value |
|-------------------------|----------------------|---------------|
| `DILITHIUM_KEY_SIZE_E` | `MLDSA_KEY_SIZE_E` | `-453` (unchanged) |
The numeric value is unchanged, so any code that compares against the
literal `-453` (or stores the value) continues to work. Code that
references the symbol by name is covered by a legacy `#define
DILITHIUM_KEY_SIZE_E MLDSA_KEY_SIZE_E` alias, gated on
`!defined(WOLFSSL_NO_DILITHIUM_LEGACY_NAMES)`. The error string returned
by `wolfSSL_ERR_reason_error_string` is now `"Wrong key size for
ML-DSA."`.
### Public ASN.1 / OID identifier renames
The pre-standardization `LEVEL2/3/5` spellings of the ML-DSA public ASN.1
key-type, certificate-type, and OID enumerators were renamed to match
the FIPS 204 parameter-set numbers (44 / 65 / 87), and to match the
existing `WC_MLDSA_{44,65,87}_*_SIZE` / `BENCH_ML_DSA_{44,65,87}_SIGN`
spellings:
| Legacy | Canonical | Defined in |
|------------------------------|------------------------|------------|
| `ML_DSA_LEVEL{2,3,5}_TYPE` | `ML_DSA_{44,65,87}_TYPE` | `wolfssl/wolfcrypt/asn_public.h` (`enum CertType`) |
| `ML_DSA_LEVEL{2,3,5}_KEY` | `ML_DSA_{44,65,87}_KEY` | `wolfssl/wolfcrypt/asn.h` (cert-gen key type) |
| `ML_DSA_LEVEL{2,3,5}k` | `ML_DSA_{44,65,87}k` | `wolfssl/wolfcrypt/oid_sum.h` (`enum Key_Sum`) |
| `CTC_ML_DSA_LEVEL{2,3,5}` | `CTC_ML_DSA_{44,65,87}` | `wolfssl/wolfcrypt/oid_sum.h` (`enum Ctc_SigType`) |
All four families keep their numeric values (e.g. `ML_DSA_44k` is still
`431`), so ABI is preserved. Source-level back-compat for unmigrated
consumers is provided by `#define`-style legacy aliases next to each
enum, gated on `!defined(WOLFSSL_NO_DILITHIUM_LEGACY_NAMES)` (the same
gate as the rest of the dilithium.h shim — see header comment in
`<wolfssl/wolfcrypt/dilithium.h>` for the gate's full coverage).
The `DILITHIUM_LEVEL{2,3,5}k` / `CTC_DILITHIUM_LEVEL{2,3,5}` /
`DILITHIUM_LEVEL{2,3,5}_TYPE` / `DILITHIUM_LEVEL{2,3,5}_KEY`
pre-standardization (NIST PQC round 3) enumerators are intentionally
**not** renamed: they identify a distinct draft-era OID surface and
coexist with the FIPS 204 entries in the same enum. For the same reason
the `"Dilithium Level {2,3,5}"` OID-name labels in
`wolfssl_object_info[]` (`src/ssl.c`) are kept under the Dilithium name
and coexist with parallel `"ML-DSA {44,65,87}"` rows.
The PEM header / footer markers used by `wc_MlDsaKey_*` PEM
import/export (`"-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----"`, etc.) are
**intentionally unchanged** — the string contents are a serialization
format and renaming them would break PEM files written by older
wolfSSL. The C identifier names (`BEGIN_ML_DSA_LEVEL{2,3,5}_PRIV`,
`END_*`) are likewise unchanged.
### OpenSSL compatibility
The OpenSSL-compat enum value `WC_EVP_PKEY_DILITHIUM` and macro
@@ -115,7 +179,10 @@ migration), define one or both of:
- `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES` — suppresses the legacy
`dilithium_key` / `wc_dilithium_*` / `wc_Dilithium_*` macro / inline
aliases.
aliases, the `ML_DSA_LEVEL{2,3,5}*` / `CTC_ML_DSA_LEVEL{2,3,5}` /
`DILITHIUM_KEY_SIZE_E` enum aliases, and the legacy size-constant
family (`DILITHIUM_LEVEL{2,3,5}_*_SIZE`, `ML_DSA_LEVEL{2,3,5}_*_SIZE`,
`DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`).
- `WOLFSSL_NO_DILITHIUM_LEGACY_GATES` — suppresses the bidirectional
sub-config gate translations (legacy `WOLFSSL_DILITHIUM_*` /
`WC_DILITHIUM_*` ↔ canonical `WOLFSSL_MLDSA_*` / `WC_MLDSA_*`). The
@@ -124,146 +191,78 @@ migration), define one or both of:
compile the canonical implementation file; the reverse arm honors
this opt-out.
> **Note on `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`:** in this release the
> opt-out is only useful for builds whose consumer code (TLS, ASN.1,
> EVP, tests, benchmark, examples, ...) has already been migrated to
> the canonical names. The standard wolfSSL distribution still uses
> `wc_dilithium_*` and `dilithium_key` in `wolfcrypt/src/asn.c`,
> `src/ssl_load.c`, `src/internal.c`, `wolfcrypt/test/test.c`, and
> elsewhere; suppressing the macro / inline aliases breaks those
> translation units (e.g. `wc_dilithium_verify_ctx_msg` becomes an
> implicit declaration). The flag is intended primarily for downstream
> projects that have completed their own migration; in-tree consumers
> will be migrated in a follow-up PR.
In-tree consumers have been migrated to the canonical names in this
release, so a build that defines `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`
(with or without `WOLFSSL_NO_DILITHIUM_LEGACY_GATES`) compiles cleanly
and `make check` passes.
## Internal infrastructure files migrated to canonical sub-gates
### Internal API note (no back-compat aliases)
One wolfSSL-internal file outside the dilithium.h reach had its
`WOLFSSL_DILITHIUM_NO_SIGN` / `WOLFSSL_DILITHIUM_NO_VERIFY` sub-gate
references migrated to canonical `WOLFSSL_MLDSA_*` spellings:
A handful of identifiers that were defined only in wolfSSL-internal
headers (no presence in `dilithium.h`, no public-API surface) were
renamed in place **without** a backwards-compatibility alias. They
affect downstream code only if it reached into `wolfssl/internal.h` or
similar internal headers:
- `wolfssl/certs_test.h` — auto-generated cert-data buffers, has zero
`#include` directives. Reachable from external TUs (examples,
embedded apps) that pull in only `<wolfssl/ssl.h>` and do not
transitively include `dilithium.h`. Reads 11 sub-gate references
(`_NO_SIGN` / `_NO_VERIFY`).
| Legacy | Canonical | Defined in |
|-------------------------------------------------------|---------------------------------------------------|------------|
| `DILITHIUM_SA_MAJOR`, `DILITHIUM_LEVEL{2,3,5}_SA_{MAJOR,MINOR}` | `MLDSA_SA_MAJOR`, `MLDSA_{44,65,87}_SA_{MAJOR,MINOR}` | `wolfssl/internal.h` |
| `SIG_DILITHIUM` | `SIG_MLDSA` | `wolfssl/internal.h` |
| `dilithium_level{2,3,5}_sa_algo` (`enum SignatureAlgorithm`) | `mldsa_{44,65,87}_sa_algo` | `wolfssl/internal.h` |
| `dilithium_sign` (`enum ClientCertificateType`) | `mldsa_sign` | `wolfssl/internal.h` |
| `MIN_DILITHIUMKEY_SZ` | `MIN_MLDSAKEY_SZ` | `wolfssl/internal.h` |
| `minDilithiumKeySz` (struct field on `WOLFSSL_CTX`, `WOLFSSL_CERT_MANAGER`, `Options`) | `minMlDsaKeySz` | `wolfssl/internal.h` |
| `haveDilithiumSig` (bitfield on `WOLFSSL_CTX`, `Options`) | `haveMlDsaSig` | `wolfssl/internal.h` |
| `peerDilithiumKey`, `peerDilithiumKeyPresent` (`WOLFSSL`) | `peerMlDsaKey`, `peerMlDsaKeyPresent` | `wolfssl/internal.h` |
| `HYBRID_*_DILITHIUM_LEVEL*_SA_MINOR` | `HYBRID_*_MLDSA_{44,65,87}_SA_MINOR` | `src/tls13.c` (file-local) |
| `dilithium` (union field on `SignatureCtx::key`) | `mldsa` | `wolfssl/wolfcrypt/asn.h` |
| `dilithium_test` (test-driver entry point) | `mldsa_test` | `wolfcrypt/test/test.{c,h}` |
| `bench_dilithium_level{2,3,5}_{key,pubkey,sig}` | `bench_mldsa_{44,65,87}_{key,pubkey,sig}` | `wolfssl/certs_test.h`, `wolfcrypt/benchmark/benchmark.c` |
| `bench_dilithiumKeySign` | `bench_mldsaKeySign` | `wolfcrypt/benchmark/benchmark.{c,h}` |
| `BENCH_DILITHIUM_LEVEL{2,3,5}_SIGN` | `BENCH_ML_DSA_{44,65,87}_SIGN` (legacy macros deleted as redundant duplicates) | `wolfcrypt/benchmark/benchmark.c` |
`wolfssl/wolfcrypt/memory.h` previously branched its static-pool sizing
(`LARGEST_MEM_BUCKET` / `WOLFMEM_BUCKETS` / `WOLFMEM_DIST`) on a
combination of `WOLFSSL_MLDSA_VERIFY_SMALL_MEM` /
`WOLFSSL_MLDSA_SIGN_SMALL_MEM` / `WOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM` /
`WOLFSSL_MLDSA_VERIFY_ONLY`. Those branches were removed: when
`WOLFSSL_HAVE_MLDSA` is defined, the file now picks the larger sizing
unconditionally. The static-pool macros are consumed only by
`wolfcrypt/src/memory.c` and the test harnesses; production deployments
that need different sizing already override `LARGEST_MEM_BUCKET` /
`WOLFMEM_BUCKETS` / `WOLFMEM_DIST` directly. Removing the conditional
gating drops memory.h's dependency on ML-DSA sub-gates entirely.
The benchmark CLI options `-dilithium_level{2,3,5}` are retained as
deprecated aliases for `-ml-dsa-{44,65,87}` and will be removed
alongside the dilithium.h shim.
To keep the legacy `user_settings.h` path working for `certs_test.h`
i.e. a build that defines only `WOLFSSL_DILITHIUM_NO_SIGN` /
`WOLFSSL_DILITHIUM_NO_VERIFY` and never reaches `dilithium.h` before
the cert-buffer header is processed — the forward translations for
those two gates live in `<wolfssl/wolfcrypt/settings.h>`. settings.h is
included transitively by any TU that pulls in `certs_test.h`, so the
canonical sub-gates are always defined before they are read. The
remaining ~30 sub-gates are read only from wc\_mldsa.h / wc\_mldsa.c,
both of which transitively pull in dilithium.h first; their forward
translations stay there to keep settings.h lean. The reverse arm
(canonical → legacy) lives entirely in dilithium.h because it is only
consumed by unmigrated code, which by definition includes dilithium.h.
The generator script (`gencertbuf.pl`) was updated correspondingly.
### Test coverage
`certs_test.h` and the `memory.h` static-pool macros are both
wolfSSL-internal infrastructure (an auto-generated cert-buffer data
file and the static allocator's default sizing), not consumer-facing
API; these changes do not require downstream code changes.
The canonical ML-DSA API is exercised by `tests/api/test_mldsa.c`
(~24 `test_mldsa_*` functions), `wolfcrypt/test/test.c::mldsa_test`,
and the TLS / X.509 paths in `tests/api.c` that exercise ML-DSA
end-to-end. These run under all build configurations including builds
that suppress the legacy alias surface.
## Macro / comment cleanup inside `wc_mldsa.{c,h}`
The legacy-name shim itself is covered by
`tests/api/test_mldsa_legacy.c::test_mldsa_legacy_shim`, a single
focused regression test combining three layers of check:
A follow-on cleanup of the ML-DSA implementation file finished the
internal naming migration that the file/symbol rename above started:
- **Compile-time `wc_static_assert`** over every alias spelling — all
three size-constant families (LEVEL, DILITHIUM_LEVEL,
DILITHIUM_ML_DSA) at all 8 spellings per parameter set, every public
enum alias, the error-code alias, and the FIPS 204
algorithm-parameter macros.
- **Typed function-pointer assignments without casts** that bind each
symbol-form alias (`wc_dilithium_init_ex`, `wc_dilithium_free`, …) to
a pointer with the canonical signature, so a signature drift in the
shim trips a build error.
- **Compile-time invocation of every arg-reordering macro** under
`if (0)` so the compiler type-checks the macro expansion in every
configuration (including verify-only builds where the runtime smoke
test below is skipped).
- **Runtime make-key / sign / verify / export / import / DER round-trip**
driving the arg-reordering macros with valid inputs; a same-type arg
swap (which the compile-time invocation can't catch) shows up as a
verification or import failure.
- All algorithm-parameter macros defined in `wolfssl/wolfcrypt/wc_mldsa.h`
(`DILITHIUM_Q`, `DILITHIUM_N`, `DILITHIUM_D`, `DILITHIUM_ETA_*`,
`DILITHIUM_GAMMA1_*`, `DILITHIUM_K_SZ`, `DILITHIUM_MU_SZ`,
`DILITHIUM_MAX_*`, …) were renamed to canonical `MLDSA_*` spellings
matching the `MLKEM_*` internal constants in
`<wolfssl/wolfcrypt/wc_mlkem.h>`. The `PARAMS_ML_DSA_{44,65,87}_*`
per-parameter-set internal constants and the
`WC_ML_DSA_{44,65,87}` / `WC_ML_DSA_{44,65,87}_DRAFT` /
`WC_ML_DSA_DRAFT` public level identifiers keep their underscored
spelling — the level identifiers are established public names and
the `PARAMS_*` family is internal-only.
- The per-parameter-set size constants previously existed in **three**
redundant spellings — `DILITHIUM_LEVEL{2,3,5}_*_SIZE`,
`ML_DSA_LEVEL{2,3,5}_*_SIZE`, and
`DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`. They were consolidated to a
single canonical family, `WC_MLDSA_{44,65,87}_*_SIZE`. All three
legacy spellings remain reachable as aliases through the
`<wolfssl/wolfcrypt/dilithium.h>` shim (gated by
`WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`); a duplicate `MLDSA_N`
definition in `wc_mldsa.h` was also removed.
- All ~20 file-local macros inside `wolfcrypt/src/wc_mldsa.c`
(`DILITHIUM_SIGN_BYTES`, `DILITHIUM_GEN_S_*`, `DILITHIUM_HASH_OID_LEN`,
`DILITHIUM_PARAMS_CNT`, `DILITHIUM_COEFF_S*`, `DILITHIUM_QINV`,
`DILITHIUM_NTT_ZETA_1`, `DILITHIUM_POS_OFFSET`, …) were renamed
to `MLDSA_*`. The file-local macros are not user-visible and have no
alias in the shim.
- The user-tunable knobs documented in the `wc_mldsa.c` file-top
comment block — `DEBUG_DILITHIUM` and the five performance-tuning
defines `DILITHIUM_MUL_SLOW`, `DILITHIUM_MUL_44_SLOW`,
`DILITHIUM_MUL_11_SLOW`, `DILITHIUM_MUL_QINV_SLOW`,
`DILITHIUM_MUL_Q_SLOW` — were renamed to `DEBUG_MLDSA` /
`MLDSA_MUL_*_SLOW`. These are set from `user_settings.h` or `-D`,
so a forward-translation block was added to the legacy-gates arm
in `<wolfssl/wolfcrypt/dilithium.h>` (gated by
`WOLFSSL_NO_DILITHIUM_LEGACY_GATES`) so consumers using the legacy
spelling continue to get the intended code path.
- A long-standing typo, `dilitihium_get_der_length()` (5 call sites,
`static`-scope), was corrected to `mldsa_get_der_length()`.
- All `DILITHIUM_*` legacy macro spellings remain reachable from
unmigrated in-tree consumers (`wolfcrypt/src/asn.c`, `src/ssl_load.c`,
`src/internal.c`, `src/tls13.c`, `src/ssl.c`, `src/x509.c`,
`src/ssl_api_pk.c`, `src/ssl_certman.c`, `wolfssl/internal.h`,
`wolfssl/wolfcrypt/asn.h`, `asn_public.h`, `oid_sum.h`,
`examples/configs/user_settings_pq.h`,
`wolfcrypt/benchmark/benchmark.c`, `wolfcrypt/test/test.c`,
`tests/api/test_mldsa.c`) and downstream code through a new
reverse-arm macro alias block in `<wolfssl/wolfcrypt/dilithium.h>`,
gated by the existing `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES` opt-out.
- All function and section comments inside `wc_mldsa.c` had their
"Dilithium" / "dilithium" prose replaced with "ML-DSA" (the file-top
credit retains a parenthetical mention of the historical name).
- Every algorithm-step citation was re-numbered against FIPS 204 Final
(August 2024). The implementation was previously annotated with the
draft (IPD) numbering — e.g. `Algorithm 18 skEncode`, `Algorithm 26
ExpandA`, `Algorithm 29 Power2Round`. These were updated to the
Final numbering (`Algorithm 24 skEncode`, `Algorithm 32 ExpandA`,
`Algorithm 35 Power2Round`, …) and the section references were
retargeted from the draft `§8.x` building-blocks group to the Final
`§7.x` arrangement. SHAKE128/256 notation references were redirected
from the IPD `§8.3` to the Final `§3.7`. Citation punctuation was
normalized from `FIPS 204. N.M:` to `FIPS 204 §N.M,`.
The runtime portion requires both sign and verify; in a verify-only
build it skips and the compile-time layers carry the coverage. A
same-type arg swap on the verify side specifically is then caught only
by the canonical KAT-driven verify tests in
`test_mldsa.c::test_mldsa_verify_*_kats`, which always run.
These changes are contained to `wolfcrypt/src/wc_mldsa.c`,
`wolfssl/wolfcrypt/wc_mldsa.h`, and the macro-alias block in
`wolfssl/wolfcrypt/dilithium.h`. No external consumer is touched.
### Retained internal symbols
A few internal-only spellings are intentionally **not** renamed in this
PR:
- `DYNAMIC_TYPE_DILITHIUM` — heap-allocation tag string used by
`WC_ALLOC_VAR` / `WC_FREE_VAR_EX` inside `wc_mldsa.c`. Pure
bookkeeping, never crosses the public API surface.
- `ML_DSA_PCT_E` — internal error code returned only by the FIPS
Pairwise Consistency Test path inside `wc_MlDsaKey_MakeKey`. Not part
of the documented external error-code surface for this algorithm.
These are scheduled for renaming alongside the eventual removal of the
`dilithium.h` shim.
The whole file becomes a `TEST_SKIPPED` stub when
`WOLFSSL_NO_DILITHIUM_LEGACY_NAMES` is defined.
## ABI note
+2 -3
View File
@@ -146,9 +146,8 @@ extern "C" {
/* ------------------------------------------------- */
/* Post-Quantum Certificates */
/* ------------------------------------------------- */
#if 0 /* ML-DSA / Dilithium certificates */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define HAVE_DILITHIUM
#if 0 /* ML-DSA (FIPS 204) certificates */
#define WOLFSSL_HAVE_MLDSA
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
#endif
+2 -5
View File
@@ -87,13 +87,10 @@ extern "C" {
/* ML-DSA / Dilithium (Signatures) */
/* ------------------------------------------------- */
#if 1 /* ML-DSA (FIPS 204) */
#define HAVE_DILITHIUM
#define DILITHIUM_LEVEL2 /* Level 2: ~128-bit security */
#define DILITHIUM_LEVEL3 /* Level 3: ~192-bit security */
#define DILITHIUM_LEVEL5 /* Level 5: ~256-bit security */
#define WOLFSSL_HAVE_MLDSA
/* Uses FIPS 204 final standard by default */
#if 0 /* FIPS 204 Draft version */
#define WOLFSSL_DILITHIUM_FIPS204_DRAFT
#define WOLFSSL_MLDSA_FIPS204_DRAFT
#endif
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
@@ -115,12 +115,12 @@ extern "C" {
/* ------------------------------------------------- */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#if 1 /* ML-DSA / Dilithium */
#define HAVE_DILITHIUM
#if 1 /* ML-DSA (FIPS 204) */
#define WOLFSSL_HAVE_MLDSA
/* Builds to FIPS 204 final standard by default.
* Set to 1 for draft version. */
#if 0 /* FIPS 204 Draft */
#define WOLFSSL_DILITHIUM_FIPS204_DRAFT
#define WOLFSSL_MLDSA_FIPS204_DRAFT
#endif
#ifndef ML_DSA_LEVEL
#define ML_DSA_LEVEL 2
+28 -1800
View File
File diff suppressed because it is too large Load Diff
+27 -6
View File
@@ -170,6 +170,25 @@ sub print_sum_enum {
print_enum($_[0] . "_Sum", $_[1], $_[2], 32, 48);
}
# Emit legacy ML-DSA "LEVEL{2,3,5}" #define aliases for an enum whose
# canonical entries use the FIPS 204 parameter-set numbers (44/65/87).
# Required for source-level back-compat with code written before the
# pre-standardization Dilithium identifiers were renamed.
# $_[0] - canonical prefix (e.g. "ML_DSA_", "CTC_ML_DSA_")
# $_[1] - canonical suffix appended to each entry (e.g. "k", "")
sub print_mldsa_legacy_aliases {
my $prefix = $_[0];
my $suffix = $_[1];
print "#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES\n";
print "/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will\n";
print " * be removed alongside the dilithium.h shim. */\n";
print "#define ${prefix}LEVEL2${suffix} ${prefix}44${suffix}\n";
print "#define ${prefix}LEVEL3${suffix} ${prefix}65${suffix}\n";
print "#define ${prefix}LEVEL5${suffix} ${prefix}87${suffix}\n";
print "#endif\n\n";
}
sub print_header {
my $t = Time::Piece->new();
@@ -336,9 +355,9 @@ my @keys = (
{ name => "DILITHIUM_LEVEL2", oid => \@dilithium_2 },
{ name => "DILITHIUM_LEVEL3", oid => \@dilithium_3 },
{ name => "DILITHIUM_LEVEL5", oid => \@dilithium_5 },
{ name => "ML_DSA_LEVEL2", oid => \@mldsa_2 },
{ name => "ML_DSA_LEVEL3", oid => \@mldsa_3 },
{ name => "ML_DSA_LEVEL5", oid => \@mldsa_5 },
{ name => "ML_DSA_44", oid => \@mldsa_2 },
{ name => "ML_DSA_65", oid => \@mldsa_3 },
{ name => "ML_DSA_87", oid => \@mldsa_5 },
{ name => "SLH_DSA_SHA2_128S", oid => \@slhdsa_sha2_128s },
{ name => "SLH_DSA_SHA2_128F", oid => \@slhdsa_sha2_128f },
{ name => "SLH_DSA_SHA2_192S", oid => \@slhdsa_sha2_192s },
@@ -357,6 +376,7 @@ my @keys = (
);
print_sum_enum("Key", "k", \@keys);
print_mldsa_legacy_aliases("ML_DSA_", "k");
my @aes128_kw = ( 2, 16, 840, 1, 101, 3, 4, 1, 5 );
@@ -1137,11 +1157,11 @@ my @sig_types = (
same => 1 },
{ name => "CTC_DILITHIUM_LEVEL5", oid => \@dilithium_5,
same => 1 },
{ name => "CTC_ML_DSA_LEVEL2", oid => \@mldsa_2,
{ name => "CTC_ML_DSA_44", oid => \@mldsa_2,
same => 1 },
{ name => "CTC_ML_DSA_LEVEL3", oid => \@mldsa_3,
{ name => "CTC_ML_DSA_65", oid => \@mldsa_3,
same => 1 },
{ name => "CTC_ML_DSA_LEVEL5", oid => \@mldsa_5,
{ name => "CTC_ML_DSA_87", oid => \@mldsa_5,
same => 1 },
{ name => "CTC_SLH_DSA_SHA2_128S", oid => \@slhdsa_sha2_128s,
same => 1 },
@@ -1176,6 +1196,7 @@ my @sig_types = (
);
print_enum("Ctc_SigType", "", \@sig_types, 32, 48);
print_mldsa_legacy_aliases("CTC_ML_DSA_", "");
my @p7t_pkcs7_msg = ( 1, 2, 840, 113549, 1, 7 );
+222 -222
View File
@@ -2313,11 +2313,11 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
ssl->options.haveFalconSig = 1; /* always on client side */
}
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ssl->options.haveDilithiumSig = 1; /* always on client side */
ssl->options.haveMlDsaSig = 1; /* always on client side */
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
if (ssl->options.side == WOLFSSL_CLIENT_END) {
@@ -2658,9 +2658,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#ifdef HAVE_FALCON
ctx->minFalconKeySz = MIN_FALCONKEY_SZ;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
ctx->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
#endif /* HAVE_DILITHIUM */
#ifdef WOLFSSL_HAVE_MLDSA
ctx->minMlDsaKeySz = MIN_MLDSAKEY_SZ;
#endif /* WOLFSSL_HAVE_MLDSA */
ctx->verifyDepth = MAX_CHAIN_DEPTH;
#ifdef OPENSSL_EXTRA
ctx->cbioFlag = WOLFSSL_CBIO_NONE;
@@ -2731,11 +2731,11 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
ctx->haveFalconSig = 1; /* always on client side */
/* server can turn on by loading key */
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
if (method->side == WOLFSSL_CLIENT_END)
ctx->haveDilithiumSig = 1; /* always on client side */
ctx->haveMlDsaSig = 1; /* always on client side */
/* server can turn on by loading key */
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifdef HAVE_ECC
if (method->side == WOLFSSL_CLIENT_END) {
ctx->haveECDSAsig = 1; /* always on client side */
@@ -3415,23 +3415,23 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
}
else
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (sigAlgo == dilithium_level2_sa_algo) {
#ifdef WOLFSSL_HAVE_MLDSA
if (sigAlgo == mldsa_44_sa_algo) {
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx,
DILITHIUM_LEVEL2_SA_MAJOR, DILITHIUM_LEVEL2_SA_MINOR);
MLDSA_44_SA_MAJOR, MLDSA_44_SA_MINOR);
}
else
if (sigAlgo == dilithium_level3_sa_algo) {
if (sigAlgo == mldsa_65_sa_algo) {
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx,
DILITHIUM_LEVEL3_SA_MAJOR, DILITHIUM_LEVEL3_SA_MINOR);
MLDSA_65_SA_MAJOR, MLDSA_65_SA_MINOR);
}
else
if (sigAlgo == dilithium_level5_sa_algo) {
if (sigAlgo == mldsa_87_sa_algo) {
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx,
DILITHIUM_LEVEL5_SA_MAJOR, DILITHIUM_LEVEL5_SA_MINOR);
MLDSA_87_SA_MAJOR, MLDSA_87_SA_MINOR);
}
else
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifdef WC_RSA_PSS
if (sigAlgo == rsa_pss_sa_algo) {
/* RSA PSS is sig then mac */
@@ -3536,16 +3536,16 @@ void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2,
&idx);
}
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (haveSig & SIG_DILITHIUM) {
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level2_sa_algo,
#ifdef WOLFSSL_HAVE_MLDSA
if (haveSig & SIG_MLDSA) {
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, mldsa_44_sa_algo,
keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level3_sa_algo,
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, mldsa_65_sa_algo,
keySz, &idx);
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level5_sa_algo,
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, mldsa_87_sa_algo,
keySz, &idx);
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
if (haveSig & SIG_RSA) {
#ifdef WC_RSA_PSS
if (tls1_2) {
@@ -4784,22 +4784,22 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
}
break;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
case DILITHIUM_SA_MAJOR:
if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
*hsType = dilithium_level2_sa_algo;
#ifdef WOLFSSL_HAVE_MLDSA
case MLDSA_SA_MAJOR:
if (input[1] == MLDSA_44_SA_MINOR) {
*hsType = mldsa_44_sa_algo;
*hashAlgo = sha256_mac;
}
else if (input[1] == DILITHIUM_LEVEL3_SA_MINOR) {
*hsType = dilithium_level3_sa_algo;
else if (input[1] == MLDSA_65_SA_MINOR) {
*hsType = mldsa_65_sa_algo;
*hashAlgo = sha384_mac;
}
else if (input[1] == DILITHIUM_LEVEL5_SA_MINOR) {
*hsType = dilithium_level5_sa_algo;
else if (input[1] == MLDSA_87_SA_MINOR) {
*hsType = mldsa_87_sa_algo;
*hashAlgo = sha512_mac;
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
default:
*hashAlgo = input[0];
*hsType = input[1];
@@ -7180,7 +7180,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->options.haveECC = ctx->haveECC;
ssl->options.haveStaticECC = ctx->haveStaticECC;
ssl->options.haveFalconSig = ctx->haveFalconSig;
ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
ssl->options.haveMlDsaSig = ctx->haveMlDsaSig;
#ifndef NO_PSK
ssl->options.havePSK = (word16)(ctx->havePSK);
@@ -7217,9 +7217,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#ifdef HAVE_FALCON
ssl->options.minFalconKeySz = ctx->minFalconKeySz;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
ssl->options.minDilithiumKeySz = ctx->minDilithiumKeySz;
#endif /* HAVE_DILITHIUM */
#ifdef WOLFSSL_HAVE_MLDSA
ssl->options.minMlDsaKeySz = ctx->minMlDsaKeySz;
#endif /* WOLFSSL_HAVE_MLDSA */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
ssl->options.verifyDepth = ctx->verifyDepth;
#endif
@@ -8363,11 +8363,11 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
wc_falcon_free((falcon_key*)*pKey);
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DYNAMIC_TYPE_DILITHIUM:
wc_dilithium_free((dilithium_key*)*pKey);
#if defined(WOLFSSL_HAVE_MLDSA)
case DYNAMIC_TYPE_MLDSA:
wc_MlDsaKey_Free((wc_MlDsaKey*)*pKey);
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifndef NO_DH
case DYNAMIC_TYPE_DH:
#if defined(WC_DH_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
@@ -8471,11 +8471,11 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
sz = sizeof(falcon_key);
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DYNAMIC_TYPE_DILITHIUM:
sz = sizeof(dilithium_key);
#if defined(WOLFSSL_HAVE_MLDSA)
case DYNAMIC_TYPE_MLDSA:
sz = sizeof(wc_MlDsaKey);
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifndef NO_DH
case DYNAMIC_TYPE_DH:
sz = sizeof(DhKey);
@@ -8588,12 +8588,12 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
ret = 0;
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DYNAMIC_TYPE_DILITHIUM:
wc_dilithium_init_ex((dilithium_key*)*pKey, ssl->heap, ssl->devId);
#if defined(WOLFSSL_HAVE_MLDSA)
case DYNAMIC_TYPE_MLDSA:
wc_MlDsaKey_Init((wc_MlDsaKey*)*pKey, ssl->heap, ssl->devId);
ret = 0;
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifdef HAVE_CURVE448
case DYNAMIC_TYPE_CURVE448:
wc_curve448_init((curve448_key*)*pKey);
@@ -8639,7 +8639,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_CURVE25519) || defined(HAVE_ED448) || \
defined(HAVE_CURVE448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
defined(HAVE_CURVE448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
{
int ret = 0;
@@ -8691,12 +8691,12 @@ static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
ret = wc_falcon_init((falcon_key*)pKey);
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DYNAMIC_TYPE_DILITHIUM:
wc_dilithium_free((dilithium_key*)pKey);
ret = wc_dilithium_init((dilithium_key*)pKey);
#if defined(WOLFSSL_HAVE_MLDSA)
case DYNAMIC_TYPE_MLDSA:
wc_MlDsaKey_Free((wc_MlDsaKey*)pKey);
ret = wc_MlDsaKey_Init((wc_MlDsaKey*)pKey, NULL, INVALID_DEVID);
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifndef NO_DH
case DYNAMIC_TYPE_DH:
wc_FreeDhKey((DhKey*)pKey);
@@ -9036,9 +9036,9 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
}
#endif
#endif
#if defined(HAVE_DILITHIUM)
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
#if defined(WOLFSSL_HAVE_MLDSA)
FreeKey(ssl, DYNAMIC_TYPE_MLDSA, (void**)&ssl->peerMlDsaKey);
ssl->peerMlDsaKeyPresent = 0;
#endif
#if defined(HAVE_FALCON)
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
@@ -9317,10 +9317,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
ssl->peerFalconKeyPresent = 0;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
#endif /* HAVE_DILITHIUM */
#if defined(WOLFSSL_HAVE_MLDSA)
FreeKey(ssl, DYNAMIC_TYPE_MLDSA, (void**)&ssl->peerMlDsaKey);
ssl->peerMlDsaKeyPresent = 0;
#endif /* WOLFSSL_HAVE_MLDSA */
}
#ifdef HAVE_ECC
@@ -15781,58 +15781,58 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
}
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL2_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
if (ssl->options.minMlDsaKeySz < 0 ||
WC_MLDSA_44_KEY_SIZE
< (word16)ssl->options.minMlDsaKeySz) {
WOLFSSL_MSG("ML-DSA key size in cert chain error");
ret = MLDSA_KEY_SIZE_E;
}
break;
case DILITHIUM_LEVEL3k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL3_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG( "Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
if (ssl->options.minMlDsaKeySz < 0 ||
WC_MLDSA_65_KEY_SIZE
< (word16)ssl->options.minMlDsaKeySz) {
WOLFSSL_MSG("ML-DSA key size in cert chain error");
ret = MLDSA_KEY_SIZE_E;
}
break;
case DILITHIUM_LEVEL5k:
if (ssl->options.minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL5_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
if (ssl->options.minMlDsaKeySz < 0 ||
WC_MLDSA_87_KEY_SIZE
< (word16)ssl->options.minMlDsaKeySz) {
WOLFSSL_MSG("ML-DSA key size in cert chain error");
ret = MLDSA_KEY_SIZE_E;
}
break;
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
case ML_DSA_LEVEL2k:
if (ssl->options.minDilithiumKeySz < 0 ||
ML_DSA_LEVEL2_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
case ML_DSA_44k:
if (ssl->options.minMlDsaKeySz < 0 ||
WC_MLDSA_44_KEY_SIZE
< (word16)ssl->options.minMlDsaKeySz) {
WOLFSSL_MSG("ML-DSA key size in cert chain error");
ret = MLDSA_KEY_SIZE_E;
}
break;
case ML_DSA_LEVEL3k:
if (ssl->options.minDilithiumKeySz < 0 ||
ML_DSA_LEVEL3_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG( "Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
case ML_DSA_65k:
if (ssl->options.minMlDsaKeySz < 0 ||
WC_MLDSA_65_KEY_SIZE
< (word16)ssl->options.minMlDsaKeySz) {
WOLFSSL_MSG("ML-DSA key size in cert chain error");
ret = MLDSA_KEY_SIZE_E;
}
break;
case ML_DSA_LEVEL5k:
if (ssl->options.minDilithiumKeySz < 0 ||
ML_DSA_LEVEL5_KEY_SIZE
< (word16)ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size in cert chain error");
ret = DILITHIUM_KEY_SIZE_E;
case ML_DSA_87k:
if (ssl->options.minMlDsaKeySz < 0 ||
WC_MLDSA_87_KEY_SIZE
< (word16)ssl->options.minMlDsaKeySz) {
WOLFSSL_MSG("ML-DSA key size in cert chain error");
ret = MLDSA_KEY_SIZE_E;
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
default:
WOLFSSL_MSG("Key size not checked");
/* key not being checked for size if not in
@@ -17562,79 +17562,79 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
case ML_DSA_LEVEL2k:
case ML_DSA_LEVEL3k:
case ML_DSA_LEVEL5k:
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
case ML_DSA_44k:
case ML_DSA_65k:
case ML_DSA_87k:
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
#endif
{
int keyRet = 0;
if (ssl->peerDilithiumKey == NULL) {
if (ssl->peerMlDsaKey == NULL) {
/* alloc/init on demand */
keyRet = AllocKey(ssl, DYNAMIC_TYPE_DILITHIUM,
(void**)&ssl->peerDilithiumKey);
} else if (ssl->peerDilithiumKeyPresent) {
keyRet = ReuseKey(ssl, DYNAMIC_TYPE_DILITHIUM,
ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
keyRet = AllocKey(ssl, DYNAMIC_TYPE_MLDSA,
(void**)&ssl->peerMlDsaKey);
} else if (ssl->peerMlDsaKeyPresent) {
keyRet = ReuseKey(ssl, DYNAMIC_TYPE_MLDSA,
ssl->peerMlDsaKey);
ssl->peerMlDsaKeyPresent = 0;
}
if (keyRet == 0) {
if (args->dCert->keyOID == ML_DSA_LEVEL2k) {
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, WC_ML_DSA_44);
if (args->dCert->keyOID == ML_DSA_44k) {
keyRet = wc_MlDsaKey_SetParams(
ssl->peerMlDsaKey, WC_ML_DSA_44);
}
else if (args->dCert->keyOID == ML_DSA_LEVEL3k) {
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, WC_ML_DSA_65);
else if (args->dCert->keyOID == ML_DSA_65k) {
keyRet = wc_MlDsaKey_SetParams(
ssl->peerMlDsaKey, WC_ML_DSA_65);
}
else if (args->dCert->keyOID == ML_DSA_LEVEL5k) {
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, WC_ML_DSA_87);
else if (args->dCert->keyOID == ML_DSA_87k) {
keyRet = wc_MlDsaKey_SetParams(
ssl->peerMlDsaKey, WC_ML_DSA_87);
}
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
else if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, WC_ML_DSA_44_DRAFT);
keyRet = wc_MlDsaKey_SetParams(
ssl->peerMlDsaKey, WC_ML_DSA_44_DRAFT);
}
else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, WC_ML_DSA_65_DRAFT);
keyRet = wc_MlDsaKey_SetParams(
ssl->peerMlDsaKey, WC_ML_DSA_65_DRAFT);
}
else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
keyRet = wc_dilithium_set_level(
ssl->peerDilithiumKey, WC_ML_DSA_87_DRAFT);
keyRet = wc_MlDsaKey_SetParams(
ssl->peerMlDsaKey, WC_ML_DSA_87_DRAFT);
}
#endif
}
if (keyRet != 0 ||
wc_dilithium_import_public(args->dCert->publicKey,
args->dCert->pubKeySize,
ssl->peerDilithiumKey)
wc_MlDsaKey_ImportPubRaw(ssl->peerMlDsaKey,
args->dCert->publicKey,
args->dCert->pubKeySize)
!= 0) {
ret = PEER_KEY_ERROR;
}
else {
ssl->peerDilithiumKeyPresent = 1;
ssl->peerMlDsaKeyPresent = 1;
}
/* check size of peer Dilithium key */
if (ret == 0 && ssl->peerDilithiumKeyPresent &&
if (ret == 0 && ssl->peerMlDsaKeyPresent &&
!ssl->options.verifyNone &&
DILITHIUM_MAX_KEY_SIZE <
ssl->options.minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("Peer Dilithium key is too small");
MLDSA_MAX_KEY_SIZE <
ssl->options.minMlDsaKeySz) {
ret = MLDSA_KEY_SIZE_E;
WOLFSSL_MSG("Peer ML-DSA key is too small");
}
break;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
default:
break;
}
@@ -27939,8 +27939,8 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case FALCON_KEY_SIZE_E:
return "Wrong key size for Falcon.";
case DILITHIUM_KEY_SIZE_E:
return "Wrong key size for Dilithium.";
case MLDSA_KEY_SIZE_E:
return "Wrong key size for ML-DSA.";
case QUIC_TP_MISSING_E:
return "QUIC transport parameter not set";
@@ -29398,9 +29398,9 @@ static int ParseCipherList(Suites* suites,
#ifdef HAVE_FALCON
haveSig |= SIG_FALCON;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
haveSig |= SIG_DILITHIUM;
#endif /* HAVE_DILITHIUM */
#ifdef WOLFSSL_HAVE_MLDSA
haveSig |= SIG_MLDSA;
#endif /* WOLFSSL_HAVE_MLDSA */
}
else
#ifdef BUILD_TLS_SM4_GCM_SM3
@@ -29566,7 +29566,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
int haveRSAsig = 0;
int haveECDSAsig = 0;
int haveFalconSig = 0;
int haveDilithiumSig = 0;
int haveMlDsaSig = 0;
int haveAnon = 0;
int tls1_3 = 0;
@@ -29638,9 +29638,9 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
#ifdef HAVE_FALCON
haveFalconSig = 1;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
haveDilithiumSig = 1;
#endif /* HAVE_DILITHIUM */
#ifdef WOLFSSL_HAVE_MLDSA
haveMlDsaSig = 1;
#endif /* WOLFSSL_HAVE_MLDSA */
}
else
#endif /* WOLFSSL_TLS13 */
@@ -29678,7 +29678,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
#endif
haveSig |= haveRSAsig ? SIG_RSA : 0;
haveSig |= haveFalconSig ? SIG_FALCON : 0;
haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0;
haveSig |= haveMlDsaSig ? SIG_MLDSA : 0;
haveSig |= haveAnon ? SIG_ANON : 0;
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, tls1_3,
keySz, &suites->hashSigAlgoSz);
@@ -29903,34 +29903,34 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
return sigAlgo == falcon_level5_sa_algo;
}
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_HAVE_MLDSA
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2) {
/* Certificate has Dilithium level 2 key, only match with it. */
return sigAlgo == dilithium_level2_sa_algo;
return sigAlgo == mldsa_44_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3) {
/* Certificate has Dilithium level 3 key, only match with it. */
return sigAlgo == dilithium_level3_sa_algo;
return sigAlgo == mldsa_65_sa_algo;
}
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) {
/* Certificate has Dilithium level 5 key, only match with it. */
return sigAlgo == dilithium_level5_sa_algo;
return sigAlgo == mldsa_87_sa_algo;
}
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2) {
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
if (ssl->pkCurveOID == CTC_ML_DSA_44) {
/* Certificate has ML-DSA level 2 key, only match with it. */
return sigAlgo == dilithium_level2_sa_algo;
return sigAlgo == mldsa_44_sa_algo;
}
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL3) {
if (ssl->pkCurveOID == CTC_ML_DSA_65) {
/* Certificate has ML-DSA level 3 key, only match with it. */
return sigAlgo == dilithium_level3_sa_algo;
return sigAlgo == mldsa_65_sa_algo;
}
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL5) {
if (ssl->pkCurveOID == CTC_ML_DSA_87) {
/* Certificate has ML-DSA level 5 key, only match with it. */
return sigAlgo == dilithium_level5_sa_algo;
return sigAlgo == mldsa_87_sa_algo;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifdef WC_RSA_PSS
/* RSA certificate and PSS sig alg. */
if (ssl->options.sigAlgo == rsa_sa_algo) {
@@ -30126,15 +30126,15 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
break;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2 ||
ssl->pkCurveOID == CTC_ML_DSA_LEVEL3 ||
ssl->pkCurveOID == CTC_ML_DSA_LEVEL5
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
if (ssl->pkCurveOID == CTC_ML_DSA_44 ||
ssl->pkCurveOID == CTC_ML_DSA_65 ||
ssl->pkCurveOID == CTC_ML_DSA_87
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
) {
/* Matched ML-DSA or Dilithium - set chosen and finished. */
ssl->options.sigAlgo = sigAlgo;
@@ -30142,7 +30142,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
ret = 0;
break;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#if defined(HAVE_ECC_BRAINPOOL)
if (ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID ||
ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID ||
@@ -30560,28 +30560,28 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
}
#endif
}
else if (hsType == DYNAMIC_TYPE_DILITHIUM) {
#if defined(HAVE_DILITHIUM)
dilithium_key* dilithiumKey;
else if (hsType == DYNAMIC_TYPE_MLDSA) {
#if defined(WOLFSSL_HAVE_MLDSA)
wc_MlDsaKey* mldsaKey;
dilithiumKey = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
DYNAMIC_TYPE_DILITHIUM);
if (dilithiumKey == NULL) {
mldsaKey = (wc_MlDsaKey*)XMALLOC(sizeof(wc_MlDsaKey), heap,
DYNAMIC_TYPE_MLDSA);
if (mldsaKey == NULL) {
return MEMORY_E;
}
if (label) {
ret = wc_dilithium_init_label(dilithiumKey, (char*)data,
ret = wc_MlDsaKey_InitLabel(mldsaKey, (char*)data,
heap, devId);
}
else if (id) {
ret = wc_dilithium_init_id(dilithiumKey, data, length, heap, devId);
ret = wc_MlDsaKey_InitId(mldsaKey, data, length, heap, devId);
}
if (ret == 0) {
*pkey = (void*)dilithiumKey;
*pkey = (void*)mldsaKey;
}
else {
XFREE(dilithiumKey, heap, DYNAMIC_TYPE_DILITHIUM);
XFREE(mldsaKey, heap, DYNAMIC_TYPE_MLDSA);
}
#endif
}
@@ -30668,10 +30668,10 @@ static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key,
else if ((keyType == falcon_level1_sa_algo) ||
(keyType == falcon_level5_sa_algo))
*hsType = DYNAMIC_TYPE_FALCON;
else if ((keyType == dilithium_level2_sa_algo) ||
(keyType == dilithium_level3_sa_algo) ||
(keyType == dilithium_level5_sa_algo))
*hsType = DYNAMIC_TYPE_DILITHIUM;
else if ((keyType == mldsa_44_sa_algo) ||
(keyType == mldsa_65_sa_algo) ||
(keyType == mldsa_87_sa_algo))
*hsType = DYNAMIC_TYPE_MLDSA;
/* Create the private key */
ret = CreateDevPrivateKey(hsKey, key->buffer,
@@ -30731,29 +30731,29 @@ static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key,
ret = NOT_COMPILED_IN;
#endif
}
else if (*hsType == DYNAMIC_TYPE_DILITHIUM) {
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
if (keyType == dilithium_level2_sa_algo) {
ret = wc_dilithium_set_level((dilithium_key*)*hsKey,
else if (*hsType == DYNAMIC_TYPE_MLDSA) {
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN)
if (keyType == mldsa_44_sa_algo) {
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey,
WC_ML_DSA_44);
}
else if (keyType == dilithium_level3_sa_algo) {
ret = wc_dilithium_set_level((dilithium_key*)*hsKey,
else if (keyType == mldsa_65_sa_algo) {
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey,
WC_ML_DSA_65);
}
else if (keyType == dilithium_level5_sa_algo) {
ret = wc_dilithium_set_level((dilithium_key*)*hsKey,
else if (keyType == mldsa_87_sa_algo) {
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey,
WC_ML_DSA_87);
}
if (ret == 0) {
if (keySz < ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size too small");
ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
if (keySz < ssl->options.minMlDsaKeySz) {
WOLFSSL_MSG("ML-DSA key size too small");
ERROR_OUT(MLDSA_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*sigLen = wc_dilithium_sig_size((dilithium_key*)*hsKey);
*sigLen = wc_MlDsaKey_SigSize((wc_MlDsaKey*)*hsKey);
}
#else
ret = NOT_COMPILED_IN;
@@ -31030,31 +31030,31 @@ static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key,
}
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_ASN1)
#if !defined(NO_RSA) || defined(HAVE_ECC)
FreeKey(ssl, *hsType, hsKey);
#endif
if (keyType == dilithium_level2_sa_algo ||
keyType == dilithium_level3_sa_algo ||
keyType == dilithium_level5_sa_algo ||
if (keyType == mldsa_44_sa_algo ||
keyType == mldsa_65_sa_algo ||
keyType == mldsa_87_sa_algo ||
keyType == 0) {
*hsType = DYNAMIC_TYPE_DILITHIUM;
*hsType = DYNAMIC_TYPE_MLDSA;
ret = AllocKey(ssl, *hsType, hsKey);
if (ret != 0) {
goto exit_dpk;
}
if (keyType == dilithium_level2_sa_algo) {
ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_44);
if (keyType == mldsa_44_sa_algo) {
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey, WC_ML_DSA_44);
}
else if (keyType == dilithium_level3_sa_algo) {
ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_65);
else if (keyType == mldsa_65_sa_algo) {
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey, WC_ML_DSA_65);
}
else if (keyType == dilithium_level5_sa_algo) {
ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_87);
else if (keyType == mldsa_87_sa_algo) {
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey, WC_ML_DSA_87);
}
else {
/* What if keyType is 0? We might want to do something
@@ -31066,39 +31066,39 @@ static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key,
goto exit_dpk;
}
WOLFSSL_MSG("Trying Dilithium private key");
WOLFSSL_MSG("Trying ML-DSA private key");
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is a Dilithium private key. The FIPS
* wrapper for wc_dilithium_import_private gates on the per-thread
/* Decode the key assuming it is an ML-DSA private key. The FIPS
* wrapper for wc_MlDsaKey_ImportPrivRaw gates on the per-thread
* privateKeyReadEnable flag, which is unset by default in any
* thread that hasn't called PRIVATE_KEY_UNLOCK(). Without the
* bracket, decoding a Dilithium/ML-DSA private key from a
* handshake worker thread fails with FIPS_PRIVATE_KEY_LOCKED_E. */
* bracket, decoding an ML-DSA private key from a handshake worker
* thread fails with FIPS_PRIVATE_KEY_LOCKED_E. */
PRIVATE_KEY_UNLOCK();
ret = wc_Dilithium_PrivateKeyDecode(key->buffer,
&idx,
(dilithium_key*)*hsKey,
key->length);
ret = wc_MlDsaKey_PrivateKeyDecode((wc_MlDsaKey*)*hsKey,
key->buffer,
key->length,
&idx);
PRIVATE_KEY_LOCK();
if (ret == 0) {
WOLFSSL_MSG("Using Dilithium private key");
WOLFSSL_MSG("Using ML-DSA private key");
/* Check it meets the minimum Dilithium key size requirements. */
keySzDecoded = wc_dilithium_size((dilithium_key*)*hsKey);
if (keySzDecoded < ssl->options.minDilithiumKeySz) {
WOLFSSL_MSG("Dilithium key size too small");
ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
/* Check it meets the minimum ML-DSA key size requirements. */
keySzDecoded = wc_MlDsaKey_Size((wc_MlDsaKey*)*hsKey);
if (keySzDecoded < ssl->options.minMlDsaKeySz) {
WOLFSSL_MSG("ML-DSA key size too small");
ERROR_OUT(MLDSA_KEY_SIZE_E, exit_dpk);
}
/* Return the maximum signature length. */
*sigLen = wc_dilithium_sig_size((dilithium_key*)*hsKey);
*sigLen = wc_MlDsaKey_SigSize((wc_MlDsaKey*)*hsKey);
goto exit_dpk;
}
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
(void)idx;
(void)keySzDecoded;
+26 -23
View File
@@ -115,9 +115,9 @@
#if defined(HAVE_FALCON)
#include <wolfssl/wolfcrypt/falcon.h>
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#include <wolfssl/wolfcrypt/dilithium.h>
#endif /* HAVE_DILITHIUM */
#if defined(WOLFSSL_HAVE_MLDSA)
#include <wolfssl/wolfcrypt/wc_mldsa.h>
#endif /* WOLFSSL_HAVE_MLDSA */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
#ifdef HAVE_OCSP
#include <wolfssl/openssl/ocsp.h>
@@ -8632,14 +8632,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
case falcon_level5_sa_algo:
*sigAlgo = FALCON_LEVEL5k;
break;
case dilithium_level2_sa_algo:
*sigAlgo = ML_DSA_LEVEL2k;
case mldsa_44_sa_algo:
*sigAlgo = ML_DSA_44k;
break;
case dilithium_level3_sa_algo:
*sigAlgo = ML_DSA_LEVEL3k;
case mldsa_65_sa_algo:
*sigAlgo = ML_DSA_65k;
break;
case dilithium_level5_sa_algo:
*sigAlgo = ML_DSA_LEVEL5k;
case mldsa_87_sa_algo:
*sigAlgo = ML_DSA_87k;
break;
case sm2_sa_algo:
*sigAlgo = SM2k;
@@ -13488,22 +13488,25 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
{ CTC_FALCON_LEVEL5, FALCON_LEVEL5k, oidKeyType, "Falcon Level 5",
"Falcon Level 5"},
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_HAVE_MLDSA
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
/* Pre-standardization (NIST PQC round 3) Dilithium OID labels.
* These coexist with the FIPS 204 "ML-DSA 44/65/87" entries below
* and are intentionally kept under the Dilithium name. */
{ CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k, oidKeyType,
"Dilithium Level 2", "Dilithium Level 2"},
{ CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k, oidKeyType,
"Dilithium Level 3", "Dilithium Level 3"},
{ CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType,
"Dilithium Level 5", "Dilithium Level 5"},
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
{ CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k, oidKeyType,
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
{ CTC_ML_DSA_44, ML_DSA_44k, oidKeyType,
"ML-DSA 44", "ML-DSA 44"},
{ CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k, oidKeyType,
{ CTC_ML_DSA_65, ML_DSA_65k, oidKeyType,
"ML-DSA 65", "ML-DSA 65"},
{ CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k, oidKeyType,
{ CTC_ML_DSA_87, ML_DSA_87k, oidKeyType,
"ML-DSA 87", "ML-DSA 87"},
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
/* oidCurveType */
#ifdef HAVE_ECC
@@ -13885,14 +13888,14 @@ static int SaToNid(byte sa, int* nid)
case falcon_level5_sa_algo:
*nid = CTC_FALCON_LEVEL5;
break;
case dilithium_level2_sa_algo:
*nid = CTC_ML_DSA_LEVEL2;
case mldsa_44_sa_algo:
*nid = CTC_ML_DSA_44;
break;
case dilithium_level3_sa_algo:
*nid = CTC_ML_DSA_LEVEL3;
case mldsa_65_sa_algo:
*nid = CTC_ML_DSA_65;
break;
case dilithium_level5_sa_algo:
*nid = CTC_ML_DSA_LEVEL5;
case mldsa_87_sa_algo:
*nid = CTC_ML_DSA_87;
break;
case sm2_sa_algo:
*nid = WC_NID_sm2;
@@ -15993,7 +15996,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->options.haveECC = ctx->haveECC;
ssl->options.haveStaticECC = ctx->haveStaticECC;
ssl->options.haveFalconSig = ctx->haveFalconSig;
ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
ssl->options.haveMlDsaSig = ctx->haveMlDsaSig;
#ifdef WOLFSSL_DUAL_ALG_CERTS
#ifndef WOLFSSL_BLIND_PRIVATE_KEY
ssl->buffers.altKey = ctx->altPrivateKey;
+17 -17
View File
@@ -72,16 +72,16 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
type = DYNAMIC_TYPE_ECC;
break;
#endif
#if defined(HAVE_DILITHIUM)
case ML_DSA_LEVEL2k:
case ML_DSA_LEVEL3k:
case ML_DSA_LEVEL5k:
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
case ML_DSA_44k:
case ML_DSA_65k:
case ML_DSA_87k:
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
#endif
type = DYNAMIC_TYPE_DILITHIUM;
type = DYNAMIC_TYPE_MLDSA;
break;
#endif
#if defined(HAVE_FALCON)
@@ -112,11 +112,11 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
pubSz);
break;
#endif
#if defined(HAVE_DILITHIUM)
case ML_DSA_LEVEL2k:
case ML_DSA_LEVEL3k:
case ML_DSA_LEVEL5k:
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
case ML_DSA_44k:
case ML_DSA_65k:
case ML_DSA_87k:
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
@@ -157,16 +157,16 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
wc_ecc_free((ecc_key*)pkey);
break;
#endif
#if defined(HAVE_DILITHIUM)
case ML_DSA_LEVEL2k:
case ML_DSA_LEVEL3k:
case ML_DSA_LEVEL5k:
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
case ML_DSA_44k:
case ML_DSA_65k:
case ML_DSA_87k:
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
#endif
wc_dilithium_free((dilithium_key*)pkey);
wc_MlDsaKey_Free((wc_MlDsaKey*)pkey);
break;
#endif
#if defined(HAVE_FALCON)
+34 -34
View File
@@ -158,9 +158,9 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
#ifdef HAVE_FALCON
cm->minFalconKeySz = MIN_FALCONKEY_SZ;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
cm->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
#endif /* HAVE_DILITHIUM */
#ifdef WOLFSSL_HAVE_MLDSA
cm->minMlDsaKeySz = MIN_MLDSAKEY_SZ;
#endif /* WOLFSSL_HAVE_MLDSA */
}
/* Dispose of certificate manager on error. The reference count may not
@@ -3145,52 +3145,52 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
}
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
if (cm->minMlDsaKeySz < 0 ||
WC_MLDSA_44_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
ret = MLDSA_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ML-DSA level 2 key size error");
}
break;
case DILITHIUM_LEVEL3k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
if (cm->minMlDsaKeySz < 0 ||
WC_MLDSA_65_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
ret = MLDSA_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ML-DSA level 3 key size error");
}
break;
case DILITHIUM_LEVEL5k:
if (cm->minDilithiumKeySz < 0 ||
DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
if (cm->minMlDsaKeySz < 0 ||
WC_MLDSA_87_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
ret = MLDSA_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ML-DSA level 5 key size error");
}
break;
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
case ML_DSA_LEVEL2k:
if (cm->minDilithiumKeySz < 0 ||
ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
case ML_DSA_44k:
if (cm->minMlDsaKeySz < 0 ||
WC_MLDSA_44_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
ret = MLDSA_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ML-DSA level 2 key size error");
}
break;
case ML_DSA_LEVEL3k:
if (cm->minDilithiumKeySz < 0 ||
ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
case ML_DSA_65k:
if (cm->minMlDsaKeySz < 0 ||
WC_MLDSA_65_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
ret = MLDSA_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ML-DSA level 3 key size error");
}
break;
case ML_DSA_LEVEL5k:
if (cm->minDilithiumKeySz < 0 ||
ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
case ML_DSA_87k:
if (cm->minMlDsaKeySz < 0 ||
WC_MLDSA_87_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
ret = MLDSA_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ML-DSA level 5 key size error");
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
default:
WOLFSSL_MSG("\tNo key size check done on CA");
+142 -142
View File
@@ -919,8 +919,8 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
#endif
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_ASN1)
/* See if DER data is an Dilithium private key.
*
* Checks size meets minimum Falcon key size.
@@ -934,69 +934,69 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
* @param [out] keyType Type of key.
* @param [out] keySize Size of key.
* @return 0 on success or not a Dilithium key and format unknown.
* @return DILITHIUM_KEY_SIZE_E when key size doesn't meet minimum required.
* @return MLDSA_KEY_SIZE_E when key size doesn't meet minimum required.
*/
static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
static int ProcessBufferTryDecodeMlDsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize)
{
int ret;
word32 idx;
dilithium_key* key;
wc_MlDsaKey* key;
int keyFormatTemp = 0;
int keyTypeTemp = 0;
int keySizeTemp = 0;
/* Allocate a Dilithium key to parse into. */
key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
DYNAMIC_TYPE_DILITHIUM);
key = (wc_MlDsaKey*)XMALLOC(sizeof(wc_MlDsaKey), heap,
DYNAMIC_TYPE_MLDSA);
if (key == NULL) {
return MEMORY_E;
}
/* Initialize Dilithium key. */
ret = wc_dilithium_init(key);
/* Initialize ML-DSA key. */
ret = wc_MlDsaKey_Init(key, NULL, INVALID_DEVID);
if (ret == 0) {
/* Decode as a Dilithium private key. The FIPS wrapper for
* wc_dilithium_import_private gates on the per-thread
/* Decode as an ML-DSA private key. The FIPS wrapper for
* wc_MlDsaKey_ImportPrivRaw gates on the per-thread
* privateKeyReadEnable flag, which is unset by default in any
* thread that hasn't called PRIVATE_KEY_UNLOCK(). Without the
* bracket, loading a Dilithium/ML-DSA private key from a
* worker thread fails with FIPS_PRIVATE_KEY_LOCKED_E. */
* bracket, loading an ML-DSA private key from a worker thread
* fails with FIPS_PRIVATE_KEY_LOCKED_E. */
idx = 0;
PRIVATE_KEY_UNLOCK();
ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key,
der->length);
ret = wc_MlDsaKey_PrivateKeyDecode(key, der->buffer,
der->length, &idx);
PRIVATE_KEY_LOCK();
if (ret == 0) {
ret = dilithium_get_oid_sum(key, &keyFormatTemp);
ret = mldsa_get_oid_sum(key, &keyFormatTemp);
if (ret == 0) {
/* Format is known. */
#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
#if defined(WOLFSSL_MLDSA_FIPS204_DRAFT)
if (keyFormatTemp == DILITHIUM_LEVEL2k) {
keyTypeTemp = dilithium_level2_sa_algo;
keySizeTemp = DILITHIUM_LEVEL2_KEY_SIZE;
keyTypeTemp = mldsa_44_sa_algo;
keySizeTemp = WC_MLDSA_44_KEY_SIZE;
}
else if (keyFormatTemp == DILITHIUM_LEVEL3k) {
keyTypeTemp = dilithium_level3_sa_algo;
keySizeTemp = DILITHIUM_LEVEL3_KEY_SIZE;
keyTypeTemp = mldsa_65_sa_algo;
keySizeTemp = WC_MLDSA_65_KEY_SIZE;
}
else if (keyFormatTemp == DILITHIUM_LEVEL5k) {
keyTypeTemp = dilithium_level5_sa_algo;
keySizeTemp = DILITHIUM_LEVEL5_KEY_SIZE;
keyTypeTemp = mldsa_87_sa_algo;
keySizeTemp = WC_MLDSA_87_KEY_SIZE;
}
else
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
if (keyFormatTemp == ML_DSA_LEVEL2k) {
keyTypeTemp = dilithium_level2_sa_algo;
keySizeTemp = ML_DSA_LEVEL2_KEY_SIZE;
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
if (keyFormatTemp == ML_DSA_44k) {
keyTypeTemp = mldsa_44_sa_algo;
keySizeTemp = WC_MLDSA_44_KEY_SIZE;
}
else if (keyFormatTemp == ML_DSA_LEVEL3k) {
keyTypeTemp = dilithium_level3_sa_algo;
keySizeTemp = ML_DSA_LEVEL3_KEY_SIZE;
else if (keyFormatTemp == ML_DSA_65k) {
keyTypeTemp = mldsa_65_sa_algo;
keySizeTemp = WC_MLDSA_65_KEY_SIZE;
}
else if (keyFormatTemp == ML_DSA_LEVEL5k) {
keyTypeTemp = dilithium_level5_sa_algo;
keySizeTemp = ML_DSA_LEVEL5_KEY_SIZE;
else if (keyFormatTemp == ML_DSA_87k) {
keyTypeTemp = mldsa_87_sa_algo;
keySizeTemp = WC_MLDSA_87_KEY_SIZE;
}
else {
ret = ALGO_ID_E;
@@ -1006,13 +1006,13 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
if (ret == 0) {
/* Get the minimum Dilithium key size from SSL or SSL context
* object. */
int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz;
int minKeySz = ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz;
/* Check that the size of the Dilithium key is enough. */
if (keySizeTemp < minKeySz) {
WOLFSSL_MSG("Dilithium private key too small");
ret = DILITHIUM_KEY_SIZE_E;
WOLFSSL_MSG("ML-DSA private key too small");
ret = MLDSA_KEY_SIZE_E;
}
}
@@ -1023,20 +1023,20 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
}
else if (*keyFormat == 0) {
WOLFSSL_MSG("Not a Dilithium key");
WOLFSSL_MSG("Not an ML-DSA key");
/* Unknown format wasn't dilithium, so keep trying other formats. */
ret = 0;
}
/* Free dynamically allocated data in key. */
wc_dilithium_free(key);
wc_MlDsaKey_Free(key);
}
/* Dispose of allocated key. */
XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
XFREE(key, heap, DYNAMIC_TYPE_MLDSA);
return ret;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
/* Try to decode DER data is a known private key.
*
@@ -1161,26 +1161,26 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
matchAnyKey = 1;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_ASN1)
/* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown.
*/
if ((ret == 0) &&
((*keyFormat == 0) ||
(*keyFormat == ML_DSA_LEVEL2k) ||
(*keyFormat == ML_DSA_LEVEL3k) ||
(*keyFormat == ML_DSA_LEVEL5k)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
(*keyFormat == ML_DSA_44k) ||
(*keyFormat == ML_DSA_65k) ||
(*keyFormat == ML_DSA_87k)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|| (*keyFormat == DILITHIUM_LEVEL2k)
|| (*keyFormat == DILITHIUM_LEVEL3k)
|| (*keyFormat == DILITHIUM_LEVEL5k)
#endif
)) {
ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap,
ret = ProcessBufferTryDecodeMlDsa(ctx, ssl, der, keyFormat, heap,
keyType, keySz);
matchAnyKey = 1;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
/* Check we know the format. */
if ((ret == 0) &&
@@ -1489,23 +1489,23 @@ static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
case ML_DSA_LEVEL2k:
case ML_DSA_LEVEL3k:
case ML_DSA_LEVEL5k:
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_HAVE_MLDSA
case ML_DSA_44k:
case ML_DSA_65k:
case ML_DSA_87k:
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
#endif
if (ssl != NULL) {
ssl->options.haveDilithiumSig = 1;
ssl->options.haveMlDsaSig = 1;
}
else {
ctx->haveDilithiumSig = 1;
ctx->haveMlDsaSig = 1;
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
default:
WOLFSSL_MSG("Cert key not supported");
break;
@@ -1527,7 +1527,7 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
/* Reset signatures we have in SSL. */
ssl->options.haveECDSAsig = 0;
ssl->options.haveFalconSig = 0;
ssl->options.haveDilithiumSig = 0;
ssl->options.haveMlDsaSig = 0;
}
/* Set which signature we have based on the type in the cert. */
@@ -1565,21 +1565,21 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif
#ifdef HAVE_DILITHIUM
case CTC_ML_DSA_LEVEL2:
case CTC_ML_DSA_LEVEL3:
case CTC_ML_DSA_LEVEL5:
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_HAVE_MLDSA
case CTC_ML_DSA_44:
case CTC_ML_DSA_65:
case CTC_ML_DSA_87:
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case CTC_DILITHIUM_LEVEL2:
case CTC_DILITHIUM_LEVEL3:
case CTC_DILITHIUM_LEVEL5:
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
WOLFSSL_MSG("Dilithium cert signature");
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
WOLFSSL_MSG("ML-DSA cert signature");
if (ssl) {
ssl->options.haveDilithiumSig = 1;
ssl->options.haveMlDsaSig = 1;
}
else if (ctx) {
ctx->haveDilithiumSig = 1;
ctx->haveMlDsaSig = 1;
}
break;
#endif
@@ -1589,7 +1589,7 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || !defined(NO_RSA)
defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || !defined(NO_RSA)
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
/* Set the private key curve OID. */
if (ssl != NULL) {
@@ -1754,70 +1754,70 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
keyType = dilithium_level2_sa_algo;
keyType = mldsa_44_sa_algo;
/* Dilithium is fixed key size */
keySz = DILITHIUM_LEVEL2_KEY_SIZE;
keySz = WC_MLDSA_44_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
case DILITHIUM_LEVEL3k:
keyType = dilithium_level3_sa_algo;
keyType = mldsa_65_sa_algo;
/* Dilithium is fixed key size */
keySz = DILITHIUM_LEVEL3_KEY_SIZE;
keySz = WC_MLDSA_65_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
case DILITHIUM_LEVEL5k:
keyType = dilithium_level5_sa_algo;
keyType = mldsa_87_sa_algo;
/* Dilithium is fixed key size */
keySz = DILITHIUM_LEVEL5_KEY_SIZE;
keySz = WC_MLDSA_87_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
case ML_DSA_LEVEL2k:
keyType = dilithium_level2_sa_algo;
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
case ML_DSA_44k:
keyType = mldsa_44_sa_algo;
/* Dilithium is fixed key size */
keySz = ML_DSA_LEVEL2_KEY_SIZE;
keySz = WC_MLDSA_44_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
case ML_DSA_LEVEL3k:
keyType = dilithium_level3_sa_algo;
case ML_DSA_65k:
keyType = mldsa_65_sa_algo;
/* Dilithium is fixed key size */
keySz = ML_DSA_LEVEL3_KEY_SIZE;
keySz = WC_MLDSA_65_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
case ML_DSA_LEVEL5k:
keyType = dilithium_level5_sa_algo;
case ML_DSA_87k:
keyType = mldsa_87_sa_algo;
/* Dilithium is fixed key size */
keySz = ML_DSA_LEVEL5_KEY_SIZE;
keySz = WC_MLDSA_87_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
default:
WOLFSSL_MSG("No key size check done on public key in certificate");
@@ -1964,70 +1964,70 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
keyType = dilithium_level2_sa_algo;
keyType = mldsa_44_sa_algo;
/* Dilithium is fixed key size */
keySz = DILITHIUM_LEVEL2_KEY_SIZE;
keySz = WC_MLDSA_44_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
case DILITHIUM_LEVEL3k:
keyType = dilithium_level3_sa_algo;
keyType = mldsa_65_sa_algo;
/* Dilithium is fixed key size */
keySz = DILITHIUM_LEVEL3_KEY_SIZE;
keySz = WC_MLDSA_65_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
case DILITHIUM_LEVEL5k:
keyType = dilithium_level5_sa_algo;
keyType = mldsa_87_sa_algo;
/* Dilithium is fixed key size */
keySz = DILITHIUM_LEVEL5_KEY_SIZE;
keySz = WC_MLDSA_87_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
case ML_DSA_LEVEL2k:
keyType = dilithium_level2_sa_algo;
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
case ML_DSA_44k:
keyType = mldsa_44_sa_algo;
/* Dilithium is fixed key size */
keySz = ML_DSA_LEVEL2_KEY_SIZE;
keySz = WC_MLDSA_44_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
case ML_DSA_LEVEL3k:
keyType = dilithium_level3_sa_algo;
case ML_DSA_65k:
keyType = mldsa_65_sa_algo;
/* Dilithium is fixed key size */
keySz = ML_DSA_LEVEL3_KEY_SIZE;
keySz = WC_MLDSA_65_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
case ML_DSA_LEVEL5k:
keyType = dilithium_level5_sa_algo;
case ML_DSA_87k:
keyType = mldsa_87_sa_algo;
/* Dilithium is fixed key size */
keySz = ML_DSA_LEVEL5_KEY_SIZE;
keySz = WC_MLDSA_87_KEY_SIZE;
if (checkKeySz) {
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
DILITHIUM_KEY_SIZE_E);
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
MLDSA_KEY_SIZE_E);
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
default:
/* In this case, there was an OID that we didn't recognize.
+158 -159
View File
@@ -183,7 +183,7 @@ static const byte
#ifndef NO_CERTS
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
static WC_INLINE int GetMsgHash(WOLFSSL* ssl, byte* hash);
@@ -8507,7 +8507,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
#ifndef NO_CERTS
#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \
(!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA))
/* Encode the signature algorithm into buffer.
*
* hashalgo The hash algorithm.
@@ -8592,18 +8592,18 @@ static WC_INLINE void EncodeSigAlg(const WOLFSSL * ssl, byte hashAlgo,
output[1] = FALCON_LEVEL5_SA_MINOR;
break;
#endif
#ifdef HAVE_DILITHIUM
case dilithium_level2_sa_algo:
output[0] = DILITHIUM_LEVEL2_SA_MAJOR;
output[1] = DILITHIUM_LEVEL2_SA_MINOR;
#ifdef WOLFSSL_HAVE_MLDSA
case mldsa_44_sa_algo:
output[0] = MLDSA_44_SA_MAJOR;
output[1] = MLDSA_44_SA_MINOR;
break;
case dilithium_level3_sa_algo:
output[0] = DILITHIUM_LEVEL3_SA_MAJOR;
output[1] = DILITHIUM_LEVEL3_SA_MINOR;
case mldsa_65_sa_algo:
output[0] = MLDSA_65_SA_MAJOR;
output[1] = MLDSA_65_SA_MINOR;
break;
case dilithium_level5_sa_algo:
output[0] = DILITHIUM_LEVEL5_SA_MAJOR;
output[1] = DILITHIUM_LEVEL5_SA_MINOR;
case mldsa_87_sa_algo:
output[0] = MLDSA_87_SA_MAJOR;
output[1] = MLDSA_87_SA_MINOR;
break;
#endif
default:
@@ -8613,24 +8613,24 @@ static WC_INLINE void EncodeSigAlg(const WOLFSSL * ssl, byte hashAlgo,
#endif
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
#ifdef WOLFSSL_DUAL_ALG_CERTS
/* These match up with what the OQS team has defined. */
#define HYBRID_SA_MAJOR 0xFE
#define HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR 0xA1
#define HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR 0xA2
#define HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR 0xA4
#define HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR 0xA6
#define HYBRID_P256_MLDSA_44_SA_MINOR 0xA1
#define HYBRID_RSA3072_MLDSA_44_SA_MINOR 0xA2
#define HYBRID_P384_MLDSA_65_SA_MINOR 0xA4
#define HYBRID_P521_MLDSA_87_SA_MINOR 0xA6
/* Falcon hybrid codepoints aligned with oqs-provider. */
#define HYBRID_P256_FALCON_LEVEL1_SA_MINOR 0xD8
#define HYBRID_RSA3072_FALCON_LEVEL1_SA_MINOR 0xD9
#define HYBRID_P521_FALCON_LEVEL5_SA_MINOR 0xDB
/* Custom defined ones for PQC first */
#define HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR 0xD1
#define HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR 0xD2
#define HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR 0xD3
#define HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR 0xD4
#define HYBRID_MLDSA_44_P256_SA_MINOR 0xD1
#define HYBRID_MLDSA_44_RSA3072_SA_MINOR 0xD2
#define HYBRID_MLDSA_65_P384_SA_MINOR 0xD3
#define HYBRID_MLDSA_87_P521_SA_MINOR 0xD4
#define HYBRID_FALCON_LEVEL1_P256_SA_MINOR 0xD5
#define HYBRID_FALCON_LEVEL1_RSA3072_SA_MINOR 0xD6
#define HYBRID_FALCON_LEVEL5_P521_SA_MINOR 0xD7
@@ -8642,20 +8642,20 @@ static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output)
output[0] = 0x0;
output[1] = 0x0;
if (sigAlg == ecc_dsa_sa_algo && altSigAlg == dilithium_level2_sa_algo) {
output[1] = HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR;
if (sigAlg == ecc_dsa_sa_algo && altSigAlg == mldsa_44_sa_algo) {
output[1] = HYBRID_P256_MLDSA_44_SA_MINOR;
}
else if (sigAlg == rsa_pss_sa_algo &&
altSigAlg == dilithium_level2_sa_algo) {
output[1] = HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR;
altSigAlg == mldsa_44_sa_algo) {
output[1] = HYBRID_RSA3072_MLDSA_44_SA_MINOR;
}
else if (sigAlg == ecc_dsa_sa_algo &&
altSigAlg == dilithium_level3_sa_algo) {
output[1] = HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR;
altSigAlg == mldsa_65_sa_algo) {
output[1] = HYBRID_P384_MLDSA_65_SA_MINOR;
}
else if (sigAlg == ecc_dsa_sa_algo &&
altSigAlg == dilithium_level5_sa_algo) {
output[1] = HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR;
altSigAlg == mldsa_87_sa_algo) {
output[1] = HYBRID_P521_MLDSA_87_SA_MINOR;
}
else if (sigAlg == ecc_dsa_sa_algo &&
altSigAlg == falcon_level1_sa_algo) {
@@ -8669,21 +8669,21 @@ static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output)
altSigAlg == falcon_level5_sa_algo) {
output[1] = HYBRID_P521_FALCON_LEVEL5_SA_MINOR;
}
else if (sigAlg == dilithium_level2_sa_algo &&
else if (sigAlg == mldsa_44_sa_algo &&
altSigAlg == ecc_dsa_sa_algo) {
output[1] = HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR;
output[1] = HYBRID_MLDSA_44_P256_SA_MINOR;
}
else if (sigAlg == dilithium_level2_sa_algo &&
else if (sigAlg == mldsa_44_sa_algo &&
altSigAlg == rsa_pss_sa_algo) {
output[1] = HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR;
output[1] = HYBRID_MLDSA_44_RSA3072_SA_MINOR;
}
else if (sigAlg == dilithium_level3_sa_algo &&
else if (sigAlg == mldsa_65_sa_algo &&
altSigAlg == ecc_dsa_sa_algo) {
output[1] = HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR;
output[1] = HYBRID_MLDSA_65_P384_SA_MINOR;
}
else if (sigAlg == dilithium_level5_sa_algo &&
else if (sigAlg == mldsa_87_sa_algo &&
altSigAlg == ecc_dsa_sa_algo) {
output[1] = HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR;
output[1] = HYBRID_MLDSA_87_P521_SA_MINOR;
}
else if (sigAlg == falcon_level1_sa_algo &&
altSigAlg == ecc_dsa_sa_algo) {
@@ -8806,18 +8806,18 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
ret = INVALID_PARAMETER;
break;
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DILITHIUM_SA_MAJOR:
if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
*hsType = dilithium_level2_sa_algo;
#if defined(WOLFSSL_HAVE_MLDSA)
case MLDSA_SA_MAJOR:
if (input[1] == MLDSA_44_SA_MINOR) {
*hsType = mldsa_44_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_LEVEL3_SA_MINOR) {
*hsType = dilithium_level3_sa_algo;
} else if (input[1] == MLDSA_65_SA_MINOR) {
*hsType = mldsa_65_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} else if (input[1] == DILITHIUM_LEVEL5_SA_MINOR) {
*hsType = dilithium_level5_sa_algo;
} else if (input[1] == MLDSA_87_SA_MINOR) {
*hsType = mldsa_87_sa_algo;
/* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
}
@@ -8826,7 +8826,7 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
ret = INVALID_PARAMETER;
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
default:
*hashAlgo = input[0];
*hsType = input[1];
@@ -8852,25 +8852,25 @@ static WC_INLINE int DecodeTls13HybridSigAlg(byte* input, byte* hashAlg,
return INVALID_PARAMETER;
}
if (input[1] == HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR) {
if (input[1] == HYBRID_P256_MLDSA_44_SA_MINOR) {
*sigAlg = ecc_dsa_sa_algo;
*hashAlg = sha256_mac;
*altSigAlg = dilithium_level2_sa_algo;
*altSigAlg = mldsa_44_sa_algo;
}
else if (input[1] == HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR) {
else if (input[1] == HYBRID_RSA3072_MLDSA_44_SA_MINOR) {
*sigAlg = rsa_pss_sa_algo;
*hashAlg = sha256_mac;
*altSigAlg = dilithium_level2_sa_algo;
*altSigAlg = mldsa_44_sa_algo;
}
else if (input[1] == HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR) {
else if (input[1] == HYBRID_P384_MLDSA_65_SA_MINOR) {
*sigAlg = ecc_dsa_sa_algo;
*hashAlg = sha384_mac;
*altSigAlg = dilithium_level3_sa_algo;
*altSigAlg = mldsa_65_sa_algo;
}
else if (input[1] == HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR) {
else if (input[1] == HYBRID_P521_MLDSA_87_SA_MINOR) {
*sigAlg = ecc_dsa_sa_algo;
*hashAlg = sha512_mac;
*altSigAlg = dilithium_level5_sa_algo;
*altSigAlg = mldsa_87_sa_algo;
}
else if (input[1] == HYBRID_P256_FALCON_LEVEL1_SA_MINOR) {
*sigAlg = ecc_dsa_sa_algo;
@@ -8887,23 +8887,23 @@ static WC_INLINE int DecodeTls13HybridSigAlg(byte* input, byte* hashAlg,
*hashAlg = sha512_mac;
*altSigAlg = falcon_level5_sa_algo;
}
else if (input[1] == HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR) {
*sigAlg = dilithium_level2_sa_algo;
else if (input[1] == HYBRID_MLDSA_44_P256_SA_MINOR) {
*sigAlg = mldsa_44_sa_algo;
*hashAlg = sha256_mac;
*altSigAlg = ecc_dsa_sa_algo;
}
else if (input[1] == HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR) {
*sigAlg = dilithium_level2_sa_algo;
else if (input[1] == HYBRID_MLDSA_44_RSA3072_SA_MINOR) {
*sigAlg = mldsa_44_sa_algo;
*hashAlg = sha256_mac;
*altSigAlg = rsa_pss_sa_algo;
}
else if (input[1] == HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR) {
*sigAlg = dilithium_level3_sa_algo;
else if (input[1] == HYBRID_MLDSA_65_P384_SA_MINOR) {
*sigAlg = mldsa_65_sa_algo;
*hashAlg = sha384_mac;
*altSigAlg = ecc_dsa_sa_algo;
}
else if (input[1] == HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR) {
*sigAlg = dilithium_level5_sa_algo;
else if (input[1] == HYBRID_MLDSA_87_P521_SA_MINOR) {
*sigAlg = mldsa_87_sa_algo;
*hashAlg = sha512_mac;
*altSigAlg = ecc_dsa_sa_algo;
}
@@ -9769,7 +9769,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
#if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM)) && \
defined(WOLFSSL_HAVE_MLDSA)) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
typedef struct Scv13Args {
byte* output; /* not allocated */
@@ -10021,11 +10021,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
args->sigAlgo = ssl->buffers.keyType;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
#if defined(WOLFSSL_HAVE_MLDSA)
else if (ssl->hsType == DYNAMIC_TYPE_MLDSA) {
args->sigAlgo = ssl->buffers.keyType;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
else {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
@@ -10057,9 +10057,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
if (ssl->buffers.altKeyType == ecc_dsa_sa_algo ||
ssl->buffers.altKeyType == falcon_level1_sa_algo ||
ssl->buffers.altKeyType == falcon_level5_sa_algo ||
ssl->buffers.altKeyType == dilithium_level2_sa_algo ||
ssl->buffers.altKeyType == dilithium_level3_sa_algo ||
ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
ssl->buffers.altKeyType == mldsa_44_sa_algo ||
ssl->buffers.altKeyType == mldsa_65_sa_algo ||
ssl->buffers.altKeyType == mldsa_87_sa_algo) {
args->altSigAlgo = ssl->buffers.altKeyType;
}
else if (ssl->buffers.altKeyType == rsa_sa_algo &&
@@ -10187,11 +10187,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
args->sigLen = FALCON_MAX_SIG_SIZE;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
args->sigLen = DILITHIUM_MAX_SIG_SIZE;
#if defined(WOLFSSL_HAVE_MLDSA)
if (ssl->hsType == DYNAMIC_TYPE_MLDSA) {
args->sigLen = MLDSA_MAX_SIG_SIZE;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifdef WOLFSSL_DUAL_ALG_CERTS
if (ssl->sigSpec != NULL &&
@@ -10306,16 +10306,15 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
args->length = (word16)args->sigLen;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->sigData,
args->sigDataSz, sigOut,
&args->sigLen,
(dilithium_key*)ssl->hsKey,
ssl->rng);
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN)
if (ssl->hsType == DYNAMIC_TYPE_MLDSA) {
ret = wc_MlDsaKey_SignCtx((wc_MlDsaKey*)ssl->hsKey, NULL, 0,
sigOut, &args->sigLen,
args->sigData, args->sigDataSz,
ssl->rng);
args->length = (word16)args->sigLen;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY)
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
@@ -10404,13 +10403,13 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
ssl->rng);
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->altSigData,
args->altSigDataSz, sigOut, &args->altSigLen,
(dilithium_key*)ssl->hsAltKey, ssl->rng);
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN)
if (ssl->hsAltType == DYNAMIC_TYPE_MLDSA) {
ret = wc_MlDsaKey_SignCtx((wc_MlDsaKey*)ssl->hsAltKey,
NULL, 0, sigOut, &args->altSigLen,
args->altSigData, args->altSigDataSz, ssl->rng);
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
/* Check for error */
if (ret != 0) {
@@ -10779,36 +10778,36 @@ static int decodeEccKey(WOLFSSL* ssl)
}
#endif /* HAVE_ECC */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
* dilithium public key. Convert it into a usable public key. */
static int decodeDilithiumKey(WOLFSSL* ssl, int level)
* ML-DSA public key. Convert it into a usable public key. */
static int decodeMlDsaKey(WOLFSSL* ssl, int level)
{
int keyRet;
word32 tmpIdx = 0;
if (ssl->peerDilithiumKeyPresent)
if (ssl->peerMlDsaKeyPresent)
return INVALID_PARAMETER;
keyRet = AllocKey(ssl, DYNAMIC_TYPE_DILITHIUM,
(void**)&ssl->peerDilithiumKey);
keyRet = AllocKey(ssl, DYNAMIC_TYPE_MLDSA,
(void**)&ssl->peerMlDsaKey);
if (keyRet != 0)
return PEER_KEY_ERROR;
ssl->peerDilithiumKeyPresent = 1;
keyRet = wc_dilithium_set_level(ssl->peerDilithiumKey, level);
ssl->peerMlDsaKeyPresent = 1;
keyRet = wc_MlDsaKey_SetParams(ssl->peerMlDsaKey, level);
if (keyRet != 0)
return PEER_KEY_ERROR;
keyRet = wc_Dilithium_PublicKeyDecode(ssl->peerCert.sapkiDer, &tmpIdx,
ssl->peerDilithiumKey,
ssl->peerCert.sapkiLen);
keyRet = wc_MlDsaKey_PublicKeyDecode(ssl->peerMlDsaKey,
ssl->peerCert.sapkiDer,
ssl->peerCert.sapkiLen, &tmpIdx);
if (keyRet != 0)
return PEER_KEY_ERROR;
return 0;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifdef HAVE_FALCON
/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
@@ -11014,15 +11013,15 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
ret = decodeEccKey(ssl);
break;
#endif
#ifdef HAVE_DILITHIUM
case dilithium_level2_sa_algo:
ret = decodeDilithiumKey(ssl, WC_ML_DSA_44);
#ifdef WOLFSSL_HAVE_MLDSA
case mldsa_44_sa_algo:
ret = decodeMlDsaKey(ssl, WC_ML_DSA_44);
break;
case dilithium_level3_sa_algo:
ret = decodeDilithiumKey(ssl, WC_ML_DSA_65);
case mldsa_65_sa_algo:
ret = decodeMlDsaKey(ssl, WC_ML_DSA_65);
break;
case dilithium_level5_sa_algo:
ret = decodeDilithiumKey(ssl, WC_ML_DSA_87);
case mldsa_87_sa_algo:
ret = decodeMlDsaKey(ssl, WC_ML_DSA_87);
break;
#endif
#ifdef HAVE_FALCON
@@ -11058,14 +11057,14 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
ssl->peerEccDsaKeyPresent = 0;
}
#endif
#ifdef HAVE_DILITHIUM
else if (ssl->peerDilithiumKeyPresent &&
sa != dilithium_level2_sa_algo &&
sa != dilithium_level3_sa_algo &&
sa != dilithium_level5_sa_algo) {
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
(void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
#ifdef WOLFSSL_HAVE_MLDSA
else if (ssl->peerMlDsaKeyPresent &&
sa != mldsa_44_sa_algo &&
sa != mldsa_65_sa_algo &&
sa != mldsa_87_sa_algo) {
FreeKey(ssl, DYNAMIC_TYPE_MLDSA,
(void**)&ssl->peerMlDsaKey);
ssl->peerMlDsaKeyPresent = 0;
}
#endif
#ifdef HAVE_FALCON
@@ -11127,21 +11126,21 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
ssl->peerFalconKeyPresent;
}
#endif
#ifdef HAVE_DILITHIUM
if (ssl->options.peerSigAlgo == dilithium_level2_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium Level 2 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
#ifdef WOLFSSL_HAVE_MLDSA
if (ssl->options.peerSigAlgo == mldsa_44_sa_algo) {
WOLFSSL_MSG("Peer sent ML-DSA Level 2 sig");
validSigAlgo = (ssl->peerMlDsaKey != NULL) &&
ssl->peerMlDsaKeyPresent;
}
if (ssl->options.peerSigAlgo == dilithium_level3_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium Level 3 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
if (ssl->options.peerSigAlgo == mldsa_65_sa_algo) {
WOLFSSL_MSG("Peer sent ML-DSA Level 3 sig");
validSigAlgo = (ssl->peerMlDsaKey != NULL) &&
ssl->peerMlDsaKeyPresent;
}
if (ssl->options.peerSigAlgo == dilithium_level5_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium Level 5 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
ssl->peerDilithiumKeyPresent;
if (ssl->options.peerSigAlgo == mldsa_87_sa_algo) {
WOLFSSL_MSG("Peer sent ML-DSA Level 5 sig");
validSigAlgo = (ssl->peerMlDsaKey != NULL) &&
ssl->peerMlDsaKeyPresent;
}
#endif
#ifndef NO_RSA
@@ -11425,32 +11424,32 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
}
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
if (((ssl->options.peerSigAlgo == dilithium_level2_sa_algo) ||
(ssl->options.peerSigAlgo == dilithium_level3_sa_algo) ||
(ssl->options.peerSigAlgo == dilithium_level5_sa_algo)) &&
(ssl->peerDilithiumKeyPresent)) {
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_VERIFY)
if (((ssl->options.peerSigAlgo == mldsa_44_sa_algo) ||
(ssl->options.peerSigAlgo == mldsa_65_sa_algo) ||
(ssl->options.peerSigAlgo == mldsa_87_sa_algo)) &&
(ssl->peerMlDsaKeyPresent)) {
int res = 0;
WOLFSSL_MSG("Doing Dilithium peer cert verify");
ret = wc_dilithium_verify_ctx_msg(sig, args->sigSz, NULL, 0,
args->sigData, args->sigDataSz,
&res, ssl->peerDilithiumKey);
WOLFSSL_MSG("Doing ML-DSA peer cert verify");
ret = wc_MlDsaKey_VerifyCtx(ssl->peerMlDsaKey, sig, args->sigSz,
NULL, 0, args->sigData,
args->sigDataSz, &res);
if ((ret >= 0) && (res == 1)) {
/* CLIENT/SERVER: data verified with public key from
* certificate. */
ssl->options.peerAuthGood = 1;
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
(void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
FreeKey(ssl, DYNAMIC_TYPE_MLDSA,
(void**)&ssl->peerMlDsaKey);
ssl->peerMlDsaKeyPresent = 0;
}
else if ((ret >= 0) && (res == 0)) {
WOLFSSL_MSG("Dilithium signature verification failed");
WOLFSSL_MSG("ML-DSA signature verification failed");
ret = SIG_VERIFY_E;
}
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
/* Check for error */
if (ret != 0) {
@@ -11535,33 +11534,33 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
}
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
if (((args->altSigAlgo == dilithium_level2_sa_algo) ||
(args->altSigAlgo == dilithium_level3_sa_algo) ||
(args->altSigAlgo == dilithium_level5_sa_algo)) &&
(ssl->peerDilithiumKeyPresent)) {
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_VERIFY)
if (((args->altSigAlgo == mldsa_44_sa_algo) ||
(args->altSigAlgo == mldsa_65_sa_algo) ||
(args->altSigAlgo == mldsa_87_sa_algo)) &&
(ssl->peerMlDsaKeyPresent)) {
int res = 0;
WOLFSSL_MSG("Doing Dilithium peer cert alt verify");
ret = wc_dilithium_verify_ctx_msg(sig, args->altSignatureSz,
NULL, 0, args->altSigData,
args->altSigDataSz, &res,
ssl->peerDilithiumKey);
WOLFSSL_MSG("Doing ML-DSA peer cert alt verify");
ret = wc_MlDsaKey_VerifyCtx(ssl->peerMlDsaKey, sig,
args->altSignatureSz, NULL, 0,
args->altSigData,
args->altSigDataSz, &res);
if ((ret >= 0) && (res == 1)) {
/* CLIENT/SERVER: data verified with public key from
* certificate. */
args->altPeerAuthGood = 1;
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
(void**)&ssl->peerDilithiumKey);
ssl->peerDilithiumKeyPresent = 0;
FreeKey(ssl, DYNAMIC_TYPE_MLDSA,
(void**)&ssl->peerMlDsaKey);
ssl->peerMlDsaKeyPresent = 0;
}
else if ((ret >= 0) && (res == 0)) {
WOLFSSL_MSG("Dilithium signature verification failed");
WOLFSSL_MSG("ML-DSA signature verification failed");
ret = SIG_VERIFY_E;
}
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
/* Check for error */
if (ret != 0) {
@@ -13683,7 +13682,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
case certificate_verify:
WOLFSSL_MSG("processing certificate verify");
ret = DoTls13CertificateVerify(ssl, input, inOutIdx, size);
@@ -14374,7 +14373,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
case FIRST_REPLY_THIRD:
#if (!defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
defined(HAVE_ED25519) || defined(HAVE_ED448) || \
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))) && \
defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA))) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
if (!ssl->options.resuming && ssl->options.sendVerify) {
ssl->error = SendTls13CertificateVerify(ssl);
@@ -15558,7 +15557,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
case TLS13_CERT_SENT :
#if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM))
defined(WOLFSSL_HAVE_MLDSA))
if (!ssl->options.resuming && ssl->options.sendVerify) {
if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
+44 -44
View File
@@ -6405,10 +6405,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
else if (x509->pubKeyOID == DSAk) {
key->type = WC_EVP_PKEY_DSA;
}
#ifdef HAVE_DILITHIUM
else if (x509->pubKeyOID == ML_DSA_LEVEL2k ||
x509->pubKeyOID == ML_DSA_LEVEL3k ||
x509->pubKeyOID == ML_DSA_LEVEL5k) {
#ifdef WOLFSSL_HAVE_MLDSA
else if (x509->pubKeyOID == ML_DSA_44k ||
x509->pubKeyOID == ML_DSA_65k ||
x509->pubKeyOID == ML_DSA_87k) {
key->type = WC_EVP_PKEY_DILITHIUM;
}
#endif
@@ -12258,8 +12258,8 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
#if defined(HAVE_FALCON)
falcon_key* falcon = NULL;
#endif
#if defined(HAVE_DILITHIUM)
dilithium_key* dilithium = NULL;
#if defined(WOLFSSL_HAVE_MLDSA)
wc_MlDsaKey* mldsa = NULL;
#endif
#if defined(WOLFSSL_HAVE_SLHDSA)
SlhDsaKey* slhdsa = NULL;
@@ -12429,68 +12429,68 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
key = (void*)falcon;
}
#endif
#if defined(HAVE_DILITHIUM)
if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
(x509->pubKeyOID == ML_DSA_LEVEL3k) ||
(x509->pubKeyOID == ML_DSA_LEVEL5k)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
if ((x509->pubKeyOID == ML_DSA_44k) ||
(x509->pubKeyOID == ML_DSA_65k) ||
(x509->pubKeyOID == ML_DSA_87k)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|| (x509->pubKeyOID == DILITHIUM_LEVEL2k)
|| (x509->pubKeyOID == DILITHIUM_LEVEL3k)
|| (x509->pubKeyOID == DILITHIUM_LEVEL5k)
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
) {
dilithium = (dilithium_key*)XMALLOC(sizeof(dilithium_key), NULL,
DYNAMIC_TYPE_DILITHIUM);
if (dilithium == NULL) {
WOLFSSL_MSG("Failed to allocate memory for dilithium_key");
mldsa = (wc_MlDsaKey*)XMALLOC(sizeof(wc_MlDsaKey), NULL,
DYNAMIC_TYPE_MLDSA);
if (mldsa == NULL) {
WOLFSSL_MSG("Failed to allocate memory for wc_MlDsaKey");
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
return WOLFSSL_FAILURE;
}
ret = wc_dilithium_init(dilithium);
ret = wc_MlDsaKey_Init(mldsa, NULL, INVALID_DEVID);
if (ret != 0) {
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
XFREE(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
return ret;
}
if (x509->pubKeyOID == ML_DSA_LEVEL2k) {
type = ML_DSA_LEVEL2_TYPE;
wc_dilithium_set_level(dilithium, WC_ML_DSA_44);
if (x509->pubKeyOID == ML_DSA_44k) {
type = ML_DSA_44_TYPE;
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_44);
}
else if (x509->pubKeyOID == ML_DSA_LEVEL3k) {
type = ML_DSA_LEVEL3_TYPE;
wc_dilithium_set_level(dilithium, WC_ML_DSA_65);
else if (x509->pubKeyOID == ML_DSA_65k) {
type = ML_DSA_65_TYPE;
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_65);
}
else if (x509->pubKeyOID == ML_DSA_LEVEL5k) {
type = ML_DSA_LEVEL5_TYPE;
wc_dilithium_set_level(dilithium, WC_ML_DSA_87);
else if (x509->pubKeyOID == ML_DSA_87k) {
type = ML_DSA_87_TYPE;
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_87);
}
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
else if (x509->pubKeyOID == DILITHIUM_LEVEL2k) {
type = DILITHIUM_LEVEL2_TYPE;
wc_dilithium_set_level(dilithium, WC_ML_DSA_44_DRAFT);
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_44_DRAFT);
}
else if (x509->pubKeyOID == DILITHIUM_LEVEL3k) {
type = DILITHIUM_LEVEL3_TYPE;
wc_dilithium_set_level(dilithium, WC_ML_DSA_65_DRAFT);
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_65_DRAFT);
}
else if (x509->pubKeyOID == DILITHIUM_LEVEL5k) {
type = DILITHIUM_LEVEL5_TYPE;
wc_dilithium_set_level(dilithium, WC_ML_DSA_87_DRAFT);
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_87_DRAFT);
}
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
ret = wc_Dilithium_PublicKeyDecode(x509->pubKey.buffer, &idx,
dilithium, x509->pubKey.length);
ret = wc_MlDsaKey_PublicKeyDecode(mldsa, x509->pubKey.buffer,
x509->pubKey.length, &idx);
if (ret != 0) {
WOLFSSL_ERROR_VERBOSE(ret);
wc_dilithium_free(dilithium);
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
wc_MlDsaKey_Free(mldsa);
XFREE(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
return ret;
}
key = (void*)dilithium;
key = (void*)mldsa;
}
#endif
#if defined(WOLFSSL_HAVE_SLHDSA)
@@ -12654,18 +12654,18 @@ cleanup:
XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
}
#endif
#if defined(HAVE_DILITHIUM)
if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
(x509->pubKeyOID == ML_DSA_LEVEL3k) ||
(x509->pubKeyOID == ML_DSA_LEVEL5k)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA)
if ((x509->pubKeyOID == ML_DSA_44k) ||
(x509->pubKeyOID == ML_DSA_65k) ||
(x509->pubKeyOID == ML_DSA_87k)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|| (x509->pubKeyOID == DILITHIUM_LEVEL2k)
|| (x509->pubKeyOID == DILITHIUM_LEVEL3k)
|| (x509->pubKeyOID == DILITHIUM_LEVEL5k)
#endif
) {
wc_dilithium_free(dilithium);
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
wc_MlDsaKey_Free(mldsa);
XFREE(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
}
#endif
#if defined(WOLFSSL_HAVE_SLHDSA)
+70 -70
View File
@@ -169,8 +169,8 @@
#include <sys/uio.h>
#endif
#ifdef HAVE_DILITHIUM
#include <wolfssl/wolfcrypt/dilithium.h>
#ifdef WOLFSSL_HAVE_MLDSA
#include <wolfssl/wolfcrypt/wc_mldsa.h>
#endif
#if defined(WOLFSSL_HAVE_MLKEM)
#include <wolfssl/wolfcrypt/wc_mlkem.h>
@@ -1561,11 +1561,11 @@ static int test_dual_alg_crit_ext_support(void)
static int test_dual_alg_ecdsa_mldsa(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_DUAL_ALG_CERTS) && defined(HAVE_DILITHIUM) && \
#if defined(WOLFSSL_DUAL_ALG_CERTS) && defined(WOLFSSL_HAVE_MLDSA) && \
defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK)
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK)
WOLFSSL_CERT_MANAGER * cm = NULL;
wc_MlDsaKey alt_ca_key;
ecc_key ca_key;
@@ -1660,8 +1660,8 @@ static int test_dual_alg_ecdsa_mldsa(void)
ExpectIntGT(tbs_der_sz, 0);
alt_sig_sz = wc_MakeSigWithBitStr(alt_sig, alt_sig_sz,
CTC_ML_DSA_LEVEL2, tbs_der, tbs_der_sz,
ML_DSA_LEVEL2_TYPE, &alt_ca_key, &rng);
CTC_ML_DSA_44, tbs_der, tbs_der_sz,
ML_DSA_44_TYPE, &alt_ca_key, &rng);
ExpectIntGT(alt_sig_sz, 0);
ret = wc_SetCustomExtension(&new_cert, 0, "2.5.29.74", alt_sig, alt_sig_sz);
@@ -19273,7 +19273,7 @@ static int test_wolfSSL_sigalg_info(void)
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO];
word16 len = 0;
word16 idx = 0;
int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_DILITHIUM;
int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_MLDSA;
InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 1, 0xFFFFFFFF, &len);
for (idx = 0; idx < len; idx += 2) {
@@ -19946,47 +19946,47 @@ static int test_wolfSSL_ticket_keys(void)
#ifndef NO_BIO
#if defined(OPENSSL_EXTRA) && defined(HAVE_DILITHIUM)
/* Verify wc_dilithium auto detects the expected ML-DSA level from the OID
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_MLDSA)
/* Verify wc_MlDsaKey auto detects the expected ML-DSA level from the OID
* in a SPKI / PKCS#8 DER buffer. Returns 0 on match. */
static int check_dilithium_der_level(const byte* der, word32 derSz,
static int check_mldsa_der_level(const byte* der, word32 derSz,
byte expectedLevel, int isPrivate)
{
dilithium_key key;
wc_MlDsaKey key;
word32 idx = 0;
byte level = 0;
int rc;
#ifndef WOLFSSL_DILITHIUM_PRIVATE_KEY
#ifndef WOLFSSL_MLDSA_PRIVATE_KEY
(void)isPrivate;
#endif
if ((rc = wc_dilithium_init(&key)) != 0) {
if ((rc = wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID)) != 0) {
return rc;
}
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY)
if (isPrivate) {
rc = wc_Dilithium_PrivateKeyDecode(der, &idx, &key, derSz);
rc = wc_MlDsaKey_PrivateKeyDecode(&key, der, derSz, &idx);
}
else
#endif
{
rc = wc_Dilithium_PublicKeyDecode(der, &idx, &key, derSz);
rc = wc_MlDsaKey_PublicKeyDecode(&key, der, derSz, &idx);
}
if (rc == 0) {
rc = wc_dilithium_get_level(&key, &level);
rc = wc_MlDsaKey_GetParams(&key, &level);
}
if (rc == 0 && level != expectedLevel) {
rc = -1;
}
wc_dilithium_free(&key);
wc_MlDsaKey_Free(&key);
return rc;
}
#endif /* OPENSSL_EXTRA && HAVE_DILITHIUM */
#endif /* OPENSSL_EXTRA && WOLFSSL_HAVE_MLDSA */
static int test_wolfSSL_d2i_PUBKEY(void)
{
@@ -20038,12 +20038,12 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_VERIFY)
#if !defined(WOLFSSL_NO_ML_DSA_44)
/* ML-DSA-44 PUBKEY test (raw key bytes) */
ExpectIntGT(BIO_write(bio, bench_dilithium_level2_pubkey,
sizeof_bench_dilithium_level2_pubkey), 0);
ExpectIntGT(BIO_write(bio, bench_mldsa_44_pubkey,
sizeof_bench_mldsa_44_pubkey), 0);
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
EVP_PKEY_free(pkey);
@@ -20053,7 +20053,7 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
ExpectIntGT(BIO_write(bio, mldsa44_pub_spki, sizeof_mldsa44_pub_spki), 0);
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
ExpectIntEQ(check_dilithium_der_level(mldsa44_pub_spki,
ExpectIntEQ(check_mldsa_der_level(mldsa44_pub_spki,
sizeof_mldsa44_pub_spki, WC_ML_DSA_44, 0), 0);
EVP_PKEY_free(pkey);
pkey = NULL;
@@ -20061,8 +20061,8 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
#if !defined(WOLFSSL_NO_ML_DSA_65)
/* ML-DSA-65 PUBKEY test (raw key bytes) */
ExpectIntGT(BIO_write(bio, bench_dilithium_level3_pubkey,
sizeof_bench_dilithium_level3_pubkey), 0);
ExpectIntGT(BIO_write(bio, bench_mldsa_65_pubkey,
sizeof_bench_mldsa_65_pubkey), 0);
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
EVP_PKEY_free(pkey);
@@ -20072,7 +20072,7 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
ExpectIntGT(BIO_write(bio, mldsa65_pub_spki, sizeof_mldsa65_pub_spki), 0);
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
ExpectIntEQ(check_dilithium_der_level(mldsa65_pub_spki,
ExpectIntEQ(check_mldsa_der_level(mldsa65_pub_spki,
sizeof_mldsa65_pub_spki, WC_ML_DSA_65, 0), 0);
EVP_PKEY_free(pkey);
pkey = NULL;
@@ -20080,8 +20080,8 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
#if !defined(WOLFSSL_NO_ML_DSA_87)
/* ML-DSA-87 PUBKEY test (raw key bytes) */
ExpectIntGT(BIO_write(bio, bench_dilithium_level5_pubkey,
sizeof_bench_dilithium_level5_pubkey), 0);
ExpectIntGT(BIO_write(bio, bench_mldsa_87_pubkey,
sizeof_bench_mldsa_87_pubkey), 0);
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
EVP_PKEY_free(pkey);
@@ -20091,13 +20091,13 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
ExpectIntGT(BIO_write(bio, mldsa87_pub_spki, sizeof_mldsa87_pub_spki), 0);
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
ExpectIntEQ(check_dilithium_der_level(mldsa87_pub_spki,
ExpectIntEQ(check_mldsa_der_level(mldsa87_pub_spki,
sizeof_mldsa87_pub_spki, WC_ML_DSA_87, 0), 0);
EVP_PKEY_free(pkey);
pkey = NULL;
#endif
#endif /* HAVE_DILITHIUM && !NO_VERIFY */
#endif /* WOLFSSL_HAVE_MLDSA && !NO_VERIFY */
/* Negative test, invalid input must return NULL */
{
@@ -20211,12 +20211,12 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
}
#endif
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN)
#if !defined(WOLFSSL_NO_ML_DSA_44)
/* ML-DSA-44 PrivateKey test (raw bytes) */
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
ExpectIntGT(BIO_write(bio, bench_dilithium_level2_key,
sizeof_bench_dilithium_level2_key), 0);
ExpectIntGT(BIO_write(bio, bench_mldsa_44_key,
sizeof_bench_mldsa_44_key), 0);
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
EVP_PKEY_free(pkey);
@@ -20230,7 +20230,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
sizeof_mldsa44_priv_only), 0);
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
ExpectIntEQ(check_dilithium_der_level(mldsa44_priv_only,
ExpectIntEQ(check_mldsa_der_level(mldsa44_priv_only,
sizeof_mldsa44_priv_only, WC_ML_DSA_44, 1), 0);
EVP_PKEY_free(pkey);
pkey = NULL;
@@ -20248,7 +20248,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
BIO_free(bio);
bio = NULL;
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
/* ML-DSA-44 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
* requires wc_dilithium_make_key_from_seed to expand the seed. */
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
@@ -20266,8 +20266,8 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
#if !defined(WOLFSSL_NO_ML_DSA_65)
/* ML-DSA-65 PrivateKey test (raw bytes) */
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
ExpectIntGT(BIO_write(bio, bench_dilithium_level3_key,
sizeof_bench_dilithium_level3_key), 0);
ExpectIntGT(BIO_write(bio, bench_mldsa_65_key,
sizeof_bench_mldsa_65_key), 0);
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
EVP_PKEY_free(pkey);
@@ -20281,7 +20281,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
sizeof_mldsa65_priv_only), 0);
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
ExpectIntEQ(check_dilithium_der_level(mldsa65_priv_only,
ExpectIntEQ(check_mldsa_der_level(mldsa65_priv_only,
sizeof_mldsa65_priv_only, WC_ML_DSA_65, 1), 0);
EVP_PKEY_free(pkey);
pkey = NULL;
@@ -20299,7 +20299,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
BIO_free(bio);
bio = NULL;
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
/* ML-DSA-65 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
* requires wc_dilithium_make_key_from_seed to expand the seed. */
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
@@ -20317,8 +20317,8 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
#if !defined(WOLFSSL_NO_ML_DSA_87)
/* ML-DSA-87 PrivateKey test (raw bytes) */
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
ExpectIntGT(BIO_write(bio, bench_dilithium_level5_key,
sizeof_bench_dilithium_level5_key), 0);
ExpectIntGT(BIO_write(bio, bench_mldsa_87_key,
sizeof_bench_mldsa_87_key), 0);
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
EVP_PKEY_free(pkey);
@@ -20332,7 +20332,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
sizeof_mldsa87_priv_only), 0);
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
ExpectIntEQ(check_dilithium_der_level(mldsa87_priv_only,
ExpectIntEQ(check_mldsa_der_level(mldsa87_priv_only,
sizeof_mldsa87_priv_only, WC_ML_DSA_87, 1), 0);
EVP_PKEY_free(pkey);
pkey = NULL;
@@ -20350,7 +20350,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
BIO_free(bio);
bio = NULL;
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
/* ML-DSA-87 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
* requires wc_dilithium_make_key_from_seed to expand the seed. */
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
@@ -20364,7 +20364,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
bio = NULL;
#endif
#endif
#endif /* HAVE_DILITHIUM && !NO_SIGN */
#endif /* WOLFSSL_HAVE_MLDSA && !NO_SIGN */
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
#ifndef NO_WOLFSSL_SERVER
@@ -39041,10 +39041,10 @@ static int test_DhAgree_rejects_p_minus_1(void)
static int test_mldsa_verify_hash(void)
{
EXPECT_DECLS;
#if defined(HAVE_DILITHIUM) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
dilithium_key key;
#if defined(WOLFSSL_HAVE_MLDSA) && \
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
wc_MlDsaKey key;
WC_RNG rng;
int res = 0;
byte sig[4000];
@@ -39056,22 +39056,22 @@ static int test_mldsa_verify_hash(void)
XMEMSET(hash, 'A', sizeof(hash));
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_dilithium_init(&key), 0);
ExpectIntEQ(wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID), 0);
#ifndef WOLFSSL_NO_ML_DSA_65
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_65), 0);
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_65), 0);
#elif !defined(WOLFSSL_NO_ML_DSA_44)
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_44), 0);
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_44), 0);
#else
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_87), 0);
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_87), 0);
#endif
ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
ExpectIntEQ(wc_MlDsaKey_MakeKey(&key, &rng), 0);
/* hashLen=4096 must be rejected, not overflow the stack */
ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sizeof(sig), NULL, 0,
WC_HASH_TYPE_SHA256, hash, sizeof(hash), &res, &key),
ExpectIntEQ(wc_MlDsaKey_VerifyCtxHash(&key, sig, sizeof(sig), NULL, 0,
hash, sizeof(hash), WC_HASH_TYPE_SHA256, &res),
WC_NO_ERR_TRACE(BAD_LENGTH_E));
wc_dilithium_free(&key);
wc_MlDsaKey_Free(&key);
DoExpectIntEQ(wc_FreeRng(&rng), 0);
#endif
return EXPECT_RESULT();
@@ -39959,10 +39959,10 @@ static int test_pkcs7_enveloped_content_size_overflow(void)
static int test_dilithium_hash(void)
{
EXPECT_DECLS;
#if defined(HAVE_DILITHIUM) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
dilithium_key key;
#if defined(WOLFSSL_HAVE_MLDSA) && \
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
wc_MlDsaKey key;
WC_RNG rng;
int res = 0;
byte sig[4000];
@@ -39974,20 +39974,20 @@ static int test_dilithium_hash(void)
XMEMSET(msg, 'A', sizeof(msg));
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_dilithium_init(&key), 0);
ExpectIntEQ(wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID), 0);
#ifndef WOLFSSL_NO_ML_DSA_65
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_65), 0);
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_65), 0);
#elif !defined(WOLFSSL_NO_ML_DSA_44)
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_44), 0);
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_44), 0);
#else
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_87), 0);
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_87), 0);
#endif
ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
ExpectIntEQ(wc_MlDsaKey_MakeKey(&key, &rng), 0);
ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sizeof(sig), NULL, 0,
msg, 0xFFFFFFC0, &res, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wc_MlDsaKey_VerifyCtx(&key, sig, sizeof(sig), NULL, 0,
msg, 0xFFFFFFC0, &res), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
wc_dilithium_free(&key);
wc_MlDsaKey_Free(&key);
DoExpectIntEQ(wc_FreeRng(&rng), 0);
#endif
return EXPECT_RESULT();
+1
View File
@@ -48,6 +48,7 @@ tests_unit_test_SOURCES += tests/api/test_curve448.c
tests_unit_test_SOURCES += tests/api/test_ed448.c
tests_unit_test_SOURCES += tests/api/test_mlkem.c
tests_unit_test_SOURCES += tests/api/test_mldsa.c
tests_unit_test_SOURCES += tests/api/test_mldsa_legacy.c
tests_unit_test_SOURCES += tests/api/test_slhdsa.c
tests_unit_test_SOURCES += tests/api/test_signature.c
# TLS Protocol
+874 -1086
View File
File diff suppressed because it is too large Load Diff
+51 -40
View File
@@ -24,53 +24,64 @@
#include <tests/api/api_decl.h>
int test_wc_dilithium(void);
int test_wc_dilithium_sign_pubonly_fails(void);
int test_wc_dilithium_make_key(void);
int test_wc_dilithium_sign(void);
int test_wc_dilithium_verify(void);
int test_wc_dilithium_sign_vfy(void);
int test_wc_dilithium_check_key(void);
int test_wc_dilithium_public_der_decode(void);
int test_wc_dilithium_der(void);
int test_wc_dilithium_oneasymkey_version(void);
int test_wc_dilithium_make_key_from_seed(void);
int test_wc_dilithium_sig_kats(void);
int test_wc_dilithium_sign_ctx_kats(void);
int test_wc_dilithium_verify_ctx_kats(void);
int test_wc_dilithium_verify_kats(void);
int test_wc_dilithium_sign_mu_kats(void);
int test_wc_dilithium_verify_mu_kats(void);
int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void);
/* Canonical ML-DSA tests defined in tests/api/test_mldsa.c.
* These exercise the wc_MlDsaKey / wc_MlDsaKey_* / WC_MLDSA_* API surface
* directly and run under all build configurations. */
int test_mldsa(void);
int test_mldsa_sign_pubonly_fails(void);
int test_mldsa_make_key(void);
int test_mldsa_sign(void);
int test_mldsa_verify(void);
int test_mldsa_sign_vfy(void);
int test_mldsa_check_key(void);
int test_mldsa_public_der_decode(void);
int test_mldsa_der(void);
int test_mldsa_oneasymkey_version(void);
int test_mldsa_make_key_from_seed(void);
int test_mldsa_sig_kats(void);
int test_mldsa_sign_ctx_kats(void);
int test_mldsa_verify_ctx_kats(void);
int test_mldsa_verify_kats(void);
int test_mldsa_sign_mu_kats(void);
int test_mldsa_verify_mu_kats(void);
int test_mldsa_PrivateKeyDecode_OpenSSL_form(void);
int test_mldsa_pkcs8_import_OpenSSL_form(void);
int test_mldsa_pkcs8_export_import_wolfSSL_form(void);
int test_wc_dilithium_encode_w1_large_values(void);
int test_mldsa_encode_w1_large_values(void);
int test_mldsa_pkcs12(void);
int test_mldsa_x509_pubkey_sigtype(void);
/* Legacy-name shim coverage defined in tests/api/test_mldsa_legacy.c.
* Single function -- compile-time wc_static_assert checks for every alias
* + one runtime smoke test that drives each arg-reordering macro family.
* Becomes a TEST_SKIPPED stub when WOLFSSL_NO_DILITHIUM_LEGACY_NAMES is
* defined. */
int test_mldsa_legacy_shim(void);
#define TEST_MLDSA_DECLS \
TEST_DECL_GROUP("mldsa", test_wc_dilithium), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_pubonly_fails), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_oneasymkey_version), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_ctx_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_ctx_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_mu_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_mu_kats), \
TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \
TEST_DECL_GROUP("mldsa", test_mldsa), \
TEST_DECL_GROUP("mldsa", test_mldsa_sign_pubonly_fails), \
TEST_DECL_GROUP("mldsa", test_mldsa_make_key), \
TEST_DECL_GROUP("mldsa", test_mldsa_sign), \
TEST_DECL_GROUP("mldsa", test_mldsa_verify), \
TEST_DECL_GROUP("mldsa", test_mldsa_sign_vfy), \
TEST_DECL_GROUP("mldsa", test_mldsa_check_key), \
TEST_DECL_GROUP("mldsa", test_mldsa_public_der_decode), \
TEST_DECL_GROUP("mldsa", test_mldsa_der), \
TEST_DECL_GROUP("mldsa", test_mldsa_oneasymkey_version), \
TEST_DECL_GROUP("mldsa", test_mldsa_make_key_from_seed), \
TEST_DECL_GROUP("mldsa", test_mldsa_sig_kats), \
TEST_DECL_GROUP("mldsa", test_mldsa_sign_ctx_kats), \
TEST_DECL_GROUP("mldsa", test_mldsa_verify_ctx_kats), \
TEST_DECL_GROUP("mldsa", test_mldsa_verify_kats), \
TEST_DECL_GROUP("mldsa", test_mldsa_sign_mu_kats), \
TEST_DECL_GROUP("mldsa", test_mldsa_verify_mu_kats), \
TEST_DECL_GROUP("mldsa", test_mldsa_PrivateKeyDecode_OpenSSL_form), \
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form), \
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_export_import_wolfSSL_form), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_encode_w1_large_values), \
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12), \
TEST_DECL_GROUP("mldsa", test_mldsa_x509_pubkey_sigtype)
TEST_DECL_GROUP("mldsa", test_mldsa_encode_w1_large_values), \
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12), \
TEST_DECL_GROUP("mldsa", test_mldsa_x509_pubkey_sigtype), \
TEST_DECL_GROUP("mldsa", test_mldsa_legacy_shim)
#endif /* WOLFCRYPT_TEST_MLDSA_H */
+512
View File
@@ -0,0 +1,512 @@
/* test_mldsa_legacy.c
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Coverage for the temporary Dilithium -> ML-DSA legacy-name shim
* (<wolfssl/wolfcrypt/dilithium.h>). The shim is purely a set of
* #define aliases and typedef redirects; correctness reduces to:
*
* 1. every legacy name resolves to the canonical symbol / value, and
* 2. the arg-reordering wrappers dispatch to the canonical function
* with the arguments in the right slots.
*
* This file exercises both axes:
*
* - Compile-time: wc_static_assert checks every per-level size-constant
* spelling and every public-enum alias against the canonical value;
* typed function-pointer assignments (no casts) verify every
* symbol-form alias has the canonical signature; a never-called
* `if (0)` block invokes every arg-reordering macro with correctly
* typed dummy arguments so the compiler type-checks the expanded
* canonical call.
*
* - Runtime: a single make-key / sign / verify / export / import /
* DER round-trip drives the arg-reordering macros with valid inputs,
* so a same-type arg swap (which the compile-time invocation can't
* catch) shows up as a verification or import failure.
*
* Functional coverage of the canonical ML-DSA API itself lives in
* tests/api/test_mldsa.c (~24 test_mldsa_* functions),
* wolfcrypt/test/test.c::mldsa_test, and the TLS / X.509 paths in
* tests/api.c that exercise ML-DSA end-to-end; this file is solely a
* regression net for the shim. When WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
* is defined every test below becomes a TEST_SKIPPED stub.
*
* Note on verify-only builds: the runtime smoke test below requires the
* sign side too (to produce a signature against a freshly-made key).
* In a verify-only build the compile-time invocation block still drives
* every verify-side shim macro through its arg-reordering expansion, so
* signature / arg-count regressions are caught at compile time even
* without a KAT-driven runtime verify. A same-type arg swap on the
* verify side specifically (e.g. swapping the two `const byte*` /
* `word32` pairs in `wc_dilithium_verify_ctx_msg`) would not be caught
* in a verify-only build by this file alone; the canonical KAT-driven
* tests in test_mldsa.c::test_mldsa_verify_*_kats cover that case in
* builds that include the canonical headers (which all in-tree builds
* do). */
#include <tests/unit.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#ifdef WOLFSSL_HAVE_MLDSA
#include <wolfssl/wolfcrypt/dilithium.h>
#include <wolfssl/wolfcrypt/wc_mldsa.h>
#endif
#include <wolfssl/wolfcrypt/types.h>
#include <tests/api/api.h>
#include <tests/api/test_mldsa.h>
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_NO_DILITHIUM_LEGACY_NAMES)
/* === Compile-time checks =============================================== */
/* Type aliases collapse to the canonical struct. A sizeof-equality check is
* a sufficient and portable proxy for "same type": both legacy spellings
* are typedefs of `struct wc_MlDsaKey`, so any divergence in the typedef
* chain would change sizeof and trip the assert at compile time. */
wc_static_assert(sizeof(dilithium_key) == sizeof(wc_MlDsaKey));
wc_static_assert(sizeof(MlDsaKey) == sizeof(wc_MlDsaKey));
wc_static_assert(sizeof(wc_dilithium_params) == sizeof(wc_MlDsaParams));
/* Per-parameter-set size constants. Every spelling family (LEVEL{2,3,5}_*,
* DILITHIUM_LEVEL{2,3,5}_*, DILITHIUM_ML_DSA_{44,65,87}_*) lives in its own
* `#define` line in <dilithium.h>, so each is checked separately. */
#define MLDSA_LEGACY_SIZE_ASSERT(LEGACY, CANONICAL) \
wc_static_assert(LEGACY == CANONICAL)
/* LEVEL2 = ML-DSA-44 */
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_KEY_SIZE, WC_MLDSA_44_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_PRV_KEY_SIZE, WC_MLDSA_44_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_PUB_KEY_SIZE, WC_MLDSA_44_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_SIG_SIZE, WC_MLDSA_44_SIG_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_PRV_KEY_DER_SIZE, WC_MLDSA_44_PRV_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_PUB_KEY_DER_SIZE, WC_MLDSA_44_PUB_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE, WC_MLDSA_44_BOTH_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE, WC_MLDSA_44_BOTH_KEY_PEM_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_KEY_SIZE, WC_MLDSA_44_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_PRV_KEY_SIZE, WC_MLDSA_44_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_PUB_KEY_SIZE, WC_MLDSA_44_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_SIG_SIZE, WC_MLDSA_44_SIG_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE,WC_MLDSA_44_PRV_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE,WC_MLDSA_44_PUB_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE,WC_MLDSA_44_BOTH_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE,WC_MLDSA_44_BOTH_KEY_PEM_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_44_KEY_SIZE, WC_MLDSA_44_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_44_PRV_KEY_SIZE, WC_MLDSA_44_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_44_PUB_KEY_SIZE, WC_MLDSA_44_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_44_SIG_SIZE, WC_MLDSA_44_SIG_SIZE);
/* LEVEL3 = ML-DSA-65 */
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_KEY_SIZE, WC_MLDSA_65_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_PRV_KEY_SIZE, WC_MLDSA_65_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_PUB_KEY_SIZE, WC_MLDSA_65_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_SIG_SIZE, WC_MLDSA_65_SIG_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_PRV_KEY_DER_SIZE, WC_MLDSA_65_PRV_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_PUB_KEY_DER_SIZE, WC_MLDSA_65_PUB_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE, WC_MLDSA_65_BOTH_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE, WC_MLDSA_65_BOTH_KEY_PEM_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_KEY_SIZE, WC_MLDSA_65_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_PRV_KEY_SIZE, WC_MLDSA_65_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_PUB_KEY_SIZE, WC_MLDSA_65_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_SIG_SIZE, WC_MLDSA_65_SIG_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE,WC_MLDSA_65_PRV_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE,WC_MLDSA_65_PUB_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE,WC_MLDSA_65_BOTH_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE,WC_MLDSA_65_BOTH_KEY_PEM_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_65_KEY_SIZE, WC_MLDSA_65_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_65_PRV_KEY_SIZE, WC_MLDSA_65_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_65_PUB_KEY_SIZE, WC_MLDSA_65_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_65_SIG_SIZE, WC_MLDSA_65_SIG_SIZE);
/* LEVEL5 = ML-DSA-87 */
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_KEY_SIZE, WC_MLDSA_87_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_PRV_KEY_SIZE, WC_MLDSA_87_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_PUB_KEY_SIZE, WC_MLDSA_87_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_SIG_SIZE, WC_MLDSA_87_SIG_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_PRV_KEY_DER_SIZE, WC_MLDSA_87_PRV_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_PUB_KEY_DER_SIZE, WC_MLDSA_87_PUB_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE, WC_MLDSA_87_BOTH_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE, WC_MLDSA_87_BOTH_KEY_PEM_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_KEY_SIZE, WC_MLDSA_87_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_PRV_KEY_SIZE, WC_MLDSA_87_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_PUB_KEY_SIZE, WC_MLDSA_87_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_SIG_SIZE, WC_MLDSA_87_SIG_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE,WC_MLDSA_87_PRV_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE,WC_MLDSA_87_PUB_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE,WC_MLDSA_87_BOTH_KEY_DER_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE,WC_MLDSA_87_BOTH_KEY_PEM_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_87_KEY_SIZE, WC_MLDSA_87_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_87_PRV_KEY_SIZE, WC_MLDSA_87_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_87_PUB_KEY_SIZE, WC_MLDSA_87_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_87_SIG_SIZE, WC_MLDSA_87_SIG_SIZE);
/* Maxima (used as stack/heap sizing on the call sites). */
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_MAX_KEY_SIZE, MLDSA_MAX_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_MAX_PRV_KEY_SIZE, MLDSA_MAX_PRV_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_MAX_PUB_KEY_SIZE, MLDSA_MAX_PUB_KEY_SIZE);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_MAX_SIG_SIZE, MLDSA_MAX_SIG_SIZE);
/* FIPS 204 algorithm-parameter constants -- spot-check the families that
* exist as both DILITHIUM_* and MLDSA_* spellings. */
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_Q, MLDSA_Q);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_N, MLDSA_N);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_SEED_SZ, MLDSA_SEED_SZ);
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_TR_SZ, MLDSA_TR_SZ);
#undef MLDSA_LEGACY_SIZE_ASSERT
/* Public-enum aliases (asn_public.h / asn.h / oid_sum.h). These are
* #define aliases for FIPS 204 enumerators that were renamed in this
* PR; the legacy LEVEL{2,3,5} spellings live behind the same
* WOLFSSL_NO_DILITHIUM_LEGACY_NAMES gate as the dilithium.h shim. Casts
* are deliberately omitted: enum constants are integer constant
* expressions in C, and a hidden enum-width divergence is itself a
* regression worth surfacing. */
wc_static_assert(ML_DSA_LEVEL2_TYPE == ML_DSA_44_TYPE);
wc_static_assert(ML_DSA_LEVEL3_TYPE == ML_DSA_65_TYPE);
wc_static_assert(ML_DSA_LEVEL5_TYPE == ML_DSA_87_TYPE);
#ifdef WOLFSSL_CERT_GEN
wc_static_assert(ML_DSA_LEVEL2_KEY == ML_DSA_44_KEY);
wc_static_assert(ML_DSA_LEVEL3_KEY == ML_DSA_65_KEY);
wc_static_assert(ML_DSA_LEVEL5_KEY == ML_DSA_87_KEY);
#endif
wc_static_assert(ML_DSA_LEVEL2k == ML_DSA_44k);
wc_static_assert(ML_DSA_LEVEL3k == ML_DSA_65k);
wc_static_assert(ML_DSA_LEVEL5k == ML_DSA_87k);
wc_static_assert(CTC_ML_DSA_LEVEL2 == CTC_ML_DSA_44);
wc_static_assert(CTC_ML_DSA_LEVEL3 == CTC_ML_DSA_65);
wc_static_assert(CTC_ML_DSA_LEVEL5 == CTC_ML_DSA_87);
/* Error-code rename: the symbol stays at the same numeric value, and the
* legacy spelling is a #define for the canonical enumerator. */
wc_static_assert(WC_NO_ERR_TRACE(DILITHIUM_KEY_SIZE_E) ==
WC_NO_ERR_TRACE(MLDSA_KEY_SIZE_E));
/* Function-symbol aliases. Each entry below is a #define legacy canonical
* (a pure symbol redirect, no arg reordering). Assigning to a typed
* function pointer **without a cast** is the actual check: the compiler
* fails the build if the alias's signature drifts from the typedef. The
* casts are deliberately absent -- adding them would silently coerce
* signature mismatches and defeat the purpose. */
static void mldsa_legacy_shim_symbol_aliases_compile_check(void)
{
typedef int (*init_fn)(wc_MlDsaKey*, void*, int);
typedef void (*free_fn)(wc_MlDsaKey*);
typedef int (*set_level_fn)(wc_MlDsaKey*, byte);
typedef int (*get_level_fn)(wc_MlDsaKey*, byte*);
typedef int (*size_fn)(wc_MlDsaKey*);
typedef int (*check_fn)(wc_MlDsaKey*);
typedef int (*export_fn)(wc_MlDsaKey*, byte*, word32*);
init_fn f_init_ex = &wc_dilithium_init_ex;
free_fn f_free = &wc_dilithium_free;
set_level_fn f_set_level = &wc_dilithium_set_level;
get_level_fn f_get_level = &wc_dilithium_get_level;
size_fn f_sig_size = &wc_dilithium_sig_size;
(void)f_init_ex; (void)f_free; (void)f_set_level; (void)f_get_level;
(void)f_sig_size;
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
{
size_fn f_size = &wc_dilithium_size;
export_fn f_export_priv = &wc_dilithium_export_private;
(void)f_size; (void)f_export_priv;
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
{
size_fn f_priv_size = &wc_dilithium_priv_size;
(void)f_priv_size;
}
#endif
}
#endif
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
{
size_fn f_pub_size = &wc_dilithium_pub_size;
export_fn f_export_pub = &wc_dilithium_export_public;
(void)f_pub_size; (void)f_export_pub;
}
#endif
#ifdef WOLFSSL_MLDSA_CHECK_KEY
{
check_fn f_check = &wc_dilithium_check_key;
(void)f_check;
}
#else
(void)((check_fn)NULL);
#endif
#ifdef WOLF_PRIVATE_KEY_ID
{
typedef int (*init_id_fn)(wc_MlDsaKey*, const unsigned char*, int,
void*, int);
typedef int (*init_label_fn)(wc_MlDsaKey*, const char*, void*, int);
init_id_fn f_init_id = &wc_dilithium_init_id;
init_label_fn f_init_label = &wc_dilithium_init_label;
(void)f_init_id; (void)f_init_label;
}
#endif
#if !defined(WOLFSSL_MLDSA_NO_ASN1)
{
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
{
typedef int (*to_der_fn)(wc_MlDsaKey*, byte*, word32, int);
to_der_fn f_pub_to_der = &wc_Dilithium_PublicKeyToDer;
(void)f_pub_to_der;
}
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
{
typedef int (*to_der_priv_fn)(wc_MlDsaKey*, byte*, word32);
to_der_priv_fn f_priv_to_der = &wc_Dilithium_PrivateKeyToDer;
to_der_priv_fn f_key_to_der = &wc_Dilithium_KeyToDer;
(void)f_priv_to_der; (void)f_key_to_der;
}
#endif
}
#endif
}
/* Compile-time invocation of every arg-reordering shim macro. The macros
* are function-like #defines, so they can only be checked by expansion at
* a call site. The block below is guarded by `if (0)` so it never runs at
* runtime -- the compiler still parses and type-checks every macro
* expansion, so a signature regression or arg-count change in the shim
* trips a build error here even in configurations (e.g. verify-only)
* where the happy-path runtime test below is skipped.
*
* Limitation: a same-type arg swap inside a shim macro (e.g. swapping the
* two `const byte*` operands in `wc_dilithium_verify_msg`) compiles
* cleanly here and is caught only by the runtime smoke test, which
* requires sign+verify. */
static void mldsa_legacy_shim_macro_invocations_compile_check(void)
{
wc_MlDsaKey* key = NULL;
const byte* inp = NULL;
byte* outp = NULL;
word32 inLen = 0;
word32 outLen = 0;
word32 idx = 0;
int res = 0;
WC_RNG* rng = NULL;
const byte* seed = NULL;
/* The bodies are dead code (`if (0)`), but the macro expansions are
* still parsed and type-checked. Return values are discarded with a
* cast to `(void)`. */
if (0) {
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
(void)wc_dilithium_import_public(inp, inLen, key);
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
(void)wc_dilithium_import_private(inp, inLen, key);
(void)wc_dilithium_import_private_only(inp, inLen, key);
(void)wc_dilithium_import_key(inp, inLen, inp, inLen, key);
#endif
#ifndef WOLFSSL_MLDSA_VERIFY_ONLY
#ifdef WOLFSSL_MLDSA_NO_CTX
(void)wc_dilithium_sign_msg(inp, inLen, outp, &outLen, key, rng);
(void)wc_dilithium_sign_msg_with_seed(inp, inLen, outp, &outLen,
key, seed);
#endif
(void)wc_dilithium_sign_ctx_msg(inp, (byte)0, inp, inLen,
outp, &outLen, key, rng);
(void)wc_dilithium_sign_ctx_hash(inp, (byte)0, 0, inp, inLen,
outp, &outLen, key, rng);
(void)wc_dilithium_sign_ctx_msg_with_seed(inp, (byte)0, inp, inLen,
outp, &outLen, key, seed);
(void)wc_dilithium_sign_ctx_hash_with_seed(inp, (byte)0, 0, inp,
inLen, outp, &outLen, key, seed);
(void)wc_dilithium_sign_mu_with_seed(inp, inLen, outp, &outLen,
key, seed);
#endif
#ifdef WOLFSSL_MLDSA_NO_CTX
(void)wc_dilithium_verify_msg(inp, inLen, inp, inLen, &res, key);
#endif
(void)wc_dilithium_verify_ctx_msg(inp, inLen, inp, (byte)0, inp,
inLen, &res, key);
(void)wc_dilithium_verify_ctx_hash(inp, inLen, inp, (byte)0, 0, inp,
inLen, &res, key);
(void)wc_dilithium_verify_mu(inp, inLen, inp, inLen, &res, key);
#if !defined(WOLFSSL_MLDSA_NO_ASN1)
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
(void)wc_Dilithium_PrivateKeyDecode(inp, &idx, key, inLen);
#endif
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
(void)wc_Dilithium_PublicKeyDecode(inp, &idx, key, inLen);
#endif
#endif
/* 1-arg init shim. */
(void)wc_dilithium_init(key);
}
(void)key; (void)inp; (void)outp; (void)inLen; (void)outLen;
(void)idx; (void)res; (void)rng; (void)seed;
}
/* === Runtime checks ==================================================== */
/* Smoke test exercising the arg-reordering macros that are reachable
* end-to-end via a make-key / sign / verify / export / import / decode
* happy-path. A same-type arg swap inside any of these macros shows up as
* a verification or import failure here.
*
* Verify-only / sign-only / no-ASN1 builds skip the corresponding
* sub-blocks; the compile-time invocation check above still type-checks
* every shim macro in those configurations. */
int test_mldsa_legacy_shim(void)
{
EXPECT_DECLS;
/* Reference the compile-only checks so the compiler doesn't drop them
* (and so -Wunused-function stays quiet under strict warning levels).
* These are no-ops at runtime; the work is in the parse/type-check
* the compiler did on the file. */
(void)&mldsa_legacy_shim_symbol_aliases_compile_check;
(void)&mldsa_legacy_shim_macro_invocations_compile_check;
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && !defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44) && \
defined(WOLFSSL_MLDSA_PUBLIC_KEY) && defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WC_NO_RNG)
{
dilithium_key key; /* legacy typedef */
WC_RNG rng;
byte level = 0;
byte pubBuf[WC_MLDSA_44_PUB_KEY_SIZE];
byte privBuf[WC_MLDSA_44_KEY_SIZE];
word32 pubLen = (word32)sizeof(pubBuf);
word32 privLen = (word32)sizeof(privBuf);
static const byte msg[] = "wolfSSL ML-DSA legacy shim smoke test";
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&rng, 0, sizeof(rng));
ExpectIntEQ(wc_InitRng(&rng), 0);
/* 1-arg shim macro -> wc_MlDsaKey_Init(key, NULL, INVALID_DEVID). */
ExpectIntEQ(wc_dilithium_init(&key), 0);
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_44), 0);
ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0);
ExpectIntEQ((int)level, WC_ML_DSA_44);
/* Sizes -- pure symbol aliases. PrivSize is the export size of the
* "private key" form (priv + pub combined), not the raw secret-key
* buffer. */
ExpectIntEQ(wc_dilithium_priv_size(&key), WC_MLDSA_44_PRV_KEY_SIZE);
ExpectIntEQ(wc_dilithium_pub_size(&key), WC_MLDSA_44_PUB_KEY_SIZE);
ExpectIntEQ(wc_dilithium_sig_size(&key), WC_MLDSA_44_SIG_SIZE);
PRIVATE_KEY_UNLOCK();
ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
PRIVATE_KEY_LOCK();
#ifdef WOLFSSL_MLDSA_CHECK_KEY
ExpectIntEQ(wc_dilithium_check_key(&key), 0);
#endif
/* Sign + verify drive the arg-reordering sign/verify shim macros
* with a real signature; a same-type arg swap shows up as a
* verification failure. */
#ifdef WOLFSSL_MLDSA_NO_CTX
{
byte sig[WC_MLDSA_44_SIG_SIZE];
word32 sigLen = (word32)sizeof(sig);
int verifyRes = 0;
ExpectIntEQ(wc_dilithium_sign_msg(msg, (word32)sizeof(msg),
sig, &sigLen, &key, &rng), 0);
ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen,
msg, (word32)sizeof(msg), &verifyRes, &key), 0);
ExpectIntEQ(verifyRes, 1);
}
#else
{
byte sig[WC_MLDSA_44_SIG_SIZE];
word32 sigLen = (word32)sizeof(sig);
int verifyRes = 0;
ExpectIntEQ(wc_dilithium_sign_ctx_msg(NULL, 0,
msg, (word32)sizeof(msg), sig, &sigLen, &key, &rng), 0);
ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0,
msg, (word32)sizeof(msg), &verifyRes, &key), 0);
ExpectIntEQ(verifyRes, 1);
}
#endif
/* Export raw key material and re-import via the legacy arg order. */
ExpectIntEQ(wc_dilithium_export_public(&key, pubBuf, &pubLen), 0);
ExpectIntEQ((int)pubLen, WC_MLDSA_44_PUB_KEY_SIZE);
ExpectIntEQ(wc_dilithium_export_private(&key, privBuf, &privLen), 0);
ExpectIntEQ((int)privLen, WC_MLDSA_44_KEY_SIZE);
{
dilithium_key imported;
XMEMSET(&imported, 0, sizeof(imported));
ExpectIntEQ(wc_dilithium_init(&imported), 0);
ExpectIntEQ(wc_dilithium_set_level(&imported, WC_ML_DSA_44), 0);
ExpectIntEQ(wc_dilithium_import_public(pubBuf, pubLen, &imported),
0);
ExpectIntEQ(wc_dilithium_import_private(privBuf, privLen,
&imported), 0);
wc_dilithium_free(&imported);
}
/* ASN.1 round-trip through the legacy Decode wrapper (arg order:
* input, inOutIdx, key, inSz). */
#if !defined(WOLFSSL_MLDSA_NO_ASN1)
{
byte der[MLDSA_MAX_PRV_KEY_DER_SIZE];
int derSz;
word32 idx = 0;
dilithium_key decoded;
XMEMSET(&decoded, 0, sizeof(decoded));
derSz = wc_Dilithium_PrivateKeyToDer(&key, der,
(word32)sizeof(der));
ExpectIntGT(derSz, 0);
ExpectIntEQ(wc_dilithium_init(&decoded), 0);
ExpectIntEQ(wc_dilithium_set_level(&decoded, WC_ML_DSA_44), 0);
PRIVATE_KEY_UNLOCK();
ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, &decoded,
(word32)derSz), 0);
PRIVATE_KEY_LOCK();
wc_dilithium_free(&decoded);
}
#endif
wc_dilithium_free(&key);
wc_FreeRng(&rng);
}
#endif /* sign+verify happy-path */
return EXPECT_RESULT();
}
#else /* !WOLFSSL_HAVE_MLDSA || WOLFSSL_NO_DILITHIUM_LEGACY_NAMES */
int test_mldsa_legacy_shim(void)
{
return TEST_SKIPPED;
}
#endif
+2 -2
View File
@@ -1263,7 +1263,7 @@ int SuiteTest(int argc, char** argv)
goto exit;
}
#endif
#if defined(WOLFSSL_HAVE_SLHDSA) && defined(HAVE_DILITHIUM) && \
#if defined(WOLFSSL_HAVE_SLHDSA) && defined(WOLFSSL_HAVE_MLDSA) && \
defined(WOLFSSL_SLHDSA_PARAM_128S) && \
defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_ML_DSA_44)
/* SLH-DSA-SHAKE-128s root + ML-DSA-44 entity cert tests (TLS 1.3) */
@@ -1294,7 +1294,7 @@ int SuiteTest(int argc, char** argv)
args.argc = 2;
#endif
#if defined(WOLFSSL_HAVE_SLHDSA) && defined(WOLFSSL_SLHDSA_SHA2) && \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) && defined(HAVE_DILITHIUM) && \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) && defined(WOLFSSL_HAVE_MLDSA) && \
defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_ML_DSA_44)
/* SLH-DSA-SHA2-128s root + ML-DSA-44 entity cert tests (TLS 1.3) */
XSTRLCPY(argv0[1], "tests/test-tls13-slhdsa-sha2.conf",
File diff suppressed because it is too large Load Diff
+1 -1
View File
@@ -140,7 +140,7 @@ void bench_blake2s(void);
void bench_ascon_hash(void);
void bench_pbkdf2(void);
void bench_falconKeySign(byte level);
void bench_dilithiumKeySign(byte level);
void bench_mldsaKeySign(byte level);
void bench_stats_print(void);
+341 -342
View File
File diff suppressed because it is too large Load Diff
+60 -60
View File
@@ -6070,7 +6070,7 @@ static int SetValidity(byte* output, int daysValid)
static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key,
ed448_key* ed448Key, falcon_key* falconKey,
dilithium_key* dilithiumKey, SlhDsaKey* slhDsaKey)
wc_MlDsaKey* mldsaKey, SlhDsaKey* slhDsaKey)
{
int ret;
@@ -6080,7 +6080,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* make sure at least one key type is provided */
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
dsaKey == NULL && ed448Key == NULL && falconKey == NULL &&
dilithiumKey == NULL && slhDsaKey == NULL) {
mldsaKey == NULL && slhDsaKey == NULL) {
return PUBLIC_KEY_E;
}
@@ -6168,24 +6168,24 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
(word32)sizeof(der->publicKey), 1);
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
(cert->keyType == ML_DSA_LEVEL3_KEY) ||
(cert->keyType == ML_DSA_LEVEL5_KEY)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_ASN1)
if ((cert->keyType == ML_DSA_44_KEY) ||
(cert->keyType == ML_DSA_65_KEY) ||
(cert->keyType == ML_DSA_87_KEY)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|| (cert->keyType == DILITHIUM_LEVEL2_KEY)
|| (cert->keyType == DILITHIUM_LEVEL3_KEY)
|| (cert->keyType == DILITHIUM_LEVEL5_KEY)
#endif
) {
if (dilithiumKey == NULL)
if (mldsaKey == NULL)
return PUBLIC_KEY_E;
der->publicKeySz =
wc_Dilithium_PublicKeyToDer(dilithiumKey, der->publicKey,
wc_MlDsaKey_PublicKeyToDer(mldsaKey, der->publicKey,
(word32)sizeof(der->publicKey), 1);
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#if defined(WOLFSSL_HAVE_SLHDSA)
if ((cert->keyType == SLH_DSA_SHAKE_128F_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_192F_KEY) ||
@@ -6669,7 +6669,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
DsaKey* dsaKey, ed25519_key* ed25519Key,
ed448_key* ed448Key, falcon_key* falconKey,
dilithium_key* dilithiumKey, SlhDsaKey* slhDsaKey)
wc_MlDsaKey* mldsaKey, SlhDsaKey* slhDsaKey)
{
int ret;
WC_DECLARE_VAR(der, DerCert, 1, 0);
@@ -6693,34 +6693,34 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
else if ((falconKey != NULL) && (falconKey->level == 5))
cert->keyType = FALCON_LEVEL5_KEY;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
#ifdef WOLFSSL_HAVE_MLDSA
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_44_DRAFT)) {
cert->keyType = DILITHIUM_LEVEL2_KEY;
}
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_65_DRAFT)) {
cert->keyType = DILITHIUM_LEVEL3_KEY;
}
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_87_DRAFT)) {
cert->keyType = DILITHIUM_LEVEL5_KEY;
}
#endif
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_44)) {
cert->keyType = ML_DSA_LEVEL2_KEY;
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_44)) {
cert->keyType = ML_DSA_44_KEY;
}
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_65)) {
cert->keyType = ML_DSA_LEVEL3_KEY;
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_65)) {
cert->keyType = ML_DSA_65_KEY;
}
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_87)) {
cert->keyType = ML_DSA_LEVEL5_KEY;
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_87)) {
cert->keyType = ML_DSA_87_KEY;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifdef WOLFSSL_HAVE_SLHDSA
else if ((slhDsaKey != NULL) && (slhDsaKey->params != NULL) &&
(SlhDsaParamToKeyType(slhDsaKey->params->param) != 0)) {
@@ -6734,7 +6734,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
return MEMORY_E);
ret = EncodeCert(cert, der, rsaKey, eccKey, rng, dsaKey, ed25519Key,
ed448Key, falconKey, dilithiumKey, slhDsaKey);
ed448Key, falconKey, mldsaKey, slhDsaKey);
if (ret == 0) {
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
ret = BUFFER_E;
@@ -6909,7 +6909,7 @@ static int SetCustomObjectId(Cert* cert, byte* output, word32 outSz,
static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
DsaKey* dsaKey, ecc_key* eccKey,
ed25519_key* ed25519Key, ed448_key* ed448Key,
falcon_key* falconKey, dilithium_key* dilithiumKey,
falcon_key* falconKey, wc_MlDsaKey* mldsaKey,
SlhDsaKey* slhDsaKey)
{
int ret;
@@ -6918,7 +6918,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
(void)ed25519Key;
(void)ed448Key;
(void)falconKey;
(void)dilithiumKey;
(void)mldsaKey;
(void)slhDsaKey;
if (cert == NULL || der == NULL)
@@ -6926,7 +6926,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
dsaKey == NULL && ed448Key == NULL && falconKey == NULL &&
dilithiumKey == NULL && slhDsaKey == NULL) {
mldsaKey == NULL && slhDsaKey == NULL) {
return PUBLIC_KEY_E;
}
@@ -7017,19 +7017,19 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
der->publicKey, (word32)sizeof(der->publicKey), 1);
}
#endif
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
(cert->keyType == ML_DSA_LEVEL3_KEY) ||
(cert->keyType == ML_DSA_LEVEL5_KEY)
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_ASN1)
if ((cert->keyType == ML_DSA_44_KEY) ||
(cert->keyType == ML_DSA_65_KEY) ||
(cert->keyType == ML_DSA_87_KEY)
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|| (cert->keyType == DILITHIUM_LEVEL2_KEY)
|| (cert->keyType == DILITHIUM_LEVEL3_KEY)
|| (cert->keyType == DILITHIUM_LEVEL5_KEY)
#endif
) {
if (dilithiumKey == NULL)
if (mldsaKey == NULL)
return PUBLIC_KEY_E;
der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey,
der->publicKeySz = wc_MlDsaKey_PublicKeyToDer(mldsaKey,
der->publicKey, (word32)sizeof(der->publicKey), 1);
}
#endif
@@ -7301,7 +7301,7 @@ static int WriteCertReqBody(DerCert* der, byte* buf)
static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey,
ed25519_key* ed25519Key, ed448_key* ed448Key,
falcon_key* falconKey, dilithium_key* dilithiumKey,
falcon_key* falconKey, wc_MlDsaKey* mldsaKey,
SlhDsaKey* slhDsaKey)
{
int ret;
@@ -7323,34 +7323,34 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
else if ((falconKey != NULL) && (falconKey->level == 5))
cert->keyType = FALCON_LEVEL5_KEY;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
#ifdef WOLFSSL_HAVE_MLDSA
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_44_DRAFT)) {
cert->keyType = DILITHIUM_LEVEL2_KEY;
}
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_65_DRAFT)) {
cert->keyType = DILITHIUM_LEVEL3_KEY;
}
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_87_DRAFT)) {
cert->keyType = DILITHIUM_LEVEL5_KEY;
}
#endif
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_44)) {
cert->keyType = ML_DSA_LEVEL2_KEY;
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_44)) {
cert->keyType = ML_DSA_44_KEY;
}
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_65)) {
cert->keyType = ML_DSA_LEVEL3_KEY;
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_65)) {
cert->keyType = ML_DSA_65_KEY;
}
else if ((dilithiumKey != NULL) &&
(dilithiumKey->params->level == WC_ML_DSA_87)) {
cert->keyType = ML_DSA_LEVEL5_KEY;
else if ((mldsaKey != NULL) &&
(mldsaKey->params->level == WC_ML_DSA_87)) {
cert->keyType = ML_DSA_87_KEY;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#ifdef WOLFSSL_HAVE_SLHDSA
else if ((slhDsaKey != NULL) && (slhDsaKey->params != NULL) &&
(SlhDsaParamToKeyType(slhDsaKey->params->param) != 0)) {
@@ -7364,7 +7364,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
return MEMORY_E);
ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key,
falconKey, dilithiumKey, slhDsaKey);
falconKey, mldsaKey, slhDsaKey);
if (ret == 0) {
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
+4 -4
View File
@@ -1288,7 +1288,7 @@ int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen,
}
#endif /* WOLFSSL_HAVE_MLKEM */
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || \
defined(WOLFSSL_HAVE_SLHDSA)
int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
{
@@ -1298,9 +1298,9 @@ int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
return devId;
/* get devId */
#if defined(HAVE_DILITHIUM)
#if defined(WOLFSSL_HAVE_MLDSA)
if (type == WC_PQC_SIG_TYPE_MLDSA) {
devId = ((dilithium_key*) key)->devId;
devId = ((wc_MlDsaKey*) key)->devId;
}
#endif
#if defined(HAVE_FALCON)
@@ -1462,7 +1462,7 @@ int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* HAVE_FALCON || HAVE_DILITHIUM || WOLFSSL_HAVE_SLHDSA */
#endif /* HAVE_FALCON || WOLFSSL_HAVE_MLDSA || WOLFSSL_HAVE_SLHDSA */
#ifndef NO_AES
#ifdef HAVE_AESGCM
+1 -1
View File
@@ -10060,7 +10060,7 @@ int wolfSSL_EVP_PKEY_type(int type)
return WC_EVP_PKEY_EC;
case WC_EVP_PKEY_DH:
return WC_EVP_PKEY_DH;
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
case WC_EVP_PKEY_DILITHIUM:
return WC_EVP_PKEY_DILITHIUM;
#endif
+30 -30
View File
@@ -852,9 +852,9 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
}
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
/**
* Try to make a Dilithium EVP PKEY from data.
* Try to make an ML-DSA EVP PKEY from data.
*
* Accepts either raw key bytes or DER (PKCS#8 / SPKI). Raw bytes are
* size-keyed, so each level is tried in turn. DER input is decoded once,
@@ -870,81 +870,81 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
* object creation/import failed.
* @return WOLFSSL_FATAL_ERROR when input is not this key type.
*/
static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
static int d2iTryMlDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
long memSz, int priv)
{
static const byte levels[] = { WC_ML_DSA_44, WC_ML_DSA_65, WC_ML_DSA_87 };
word32 inSz = (word32)memSz;
word32 keyIdx = 0;
int isDilithium = 0;
int isMlDsa = 0;
int i, numLevels, rc;
WC_DECLARE_VAR(dilithium, dilithium_key, 1, NULL);
WC_DECLARE_VAR(mldsa, wc_MlDsaKey, 1, NULL);
#if !defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
#if !defined(WOLFSSL_MLDSA_PRIVATE_KEY)
if (priv) {
return WOLFSSL_FATAL_ERROR;
}
#endif
WC_ALLOC_VAR_EX(dilithium, dilithium_key, 1, NULL, DYNAMIC_TYPE_DILITHIUM,
WC_ALLOC_VAR_EX(mldsa, wc_MlDsaKey, 1, NULL, DYNAMIC_TYPE_MLDSA,
return 0);
if (wc_dilithium_init(dilithium) != 0) {
WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
if (wc_MlDsaKey_Init(mldsa, NULL, INVALID_DEVID) != 0) {
WC_FREE_VAR_EX(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
return 0;
}
/* Raw key bytes are size-keyed, try each level */
numLevels = (int)(sizeof(levels) / sizeof(levels[0]));
for (i = 0; i < numLevels && !isDilithium; i++) {
if (wc_dilithium_set_level(dilithium, levels[i]) != 0) {
for (i = 0; i < numLevels && !isMlDsa; i++) {
if (wc_MlDsaKey_SetParams(mldsa, levels[i]) != 0) {
continue;
}
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY)
if (priv) {
rc = wc_dilithium_import_private(mem, inSz, dilithium);
rc = wc_MlDsaKey_ImportPrivRaw(mldsa, mem, inSz);
}
else
#endif
{
rc = wc_dilithium_import_public(mem, inSz, dilithium);
rc = wc_MlDsaKey_ImportPubRaw(mldsa, mem, inSz);
}
if (rc == 0) {
isDilithium = 1;
isMlDsa = 1;
}
}
/* DER input includes auto level detection */
if (!isDilithium) {
wc_dilithium_free(dilithium);
if (wc_dilithium_init(dilithium) != 0) {
WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
if (!isMlDsa) {
wc_MlDsaKey_Free(mldsa);
if (wc_MlDsaKey_Init(mldsa, NULL, INVALID_DEVID) != 0) {
WC_FREE_VAR_EX(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
return 0;
}
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY)
if (priv) {
rc = wc_Dilithium_PrivateKeyDecode(mem, &keyIdx, dilithium, inSz);
rc = wc_MlDsaKey_PrivateKeyDecode(mldsa, mem, inSz, &keyIdx);
}
else
#endif
{
rc = wc_Dilithium_PublicKeyDecode(mem, &keyIdx, dilithium, inSz);
rc = wc_MlDsaKey_PublicKeyDecode(mldsa, mem, inSz, &keyIdx);
}
if (rc == 0) {
isDilithium = 1;
isMlDsa = 1;
}
}
wc_dilithium_free(dilithium);
WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
wc_MlDsaKey_Free(mldsa);
WC_FREE_VAR_EX(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
if (!isDilithium) {
if (!isMlDsa) {
return WOLFSSL_FATAL_ERROR;
}
return d2i_make_pkey(out, NULL, 0, priv, WC_EVP_PKEY_DILITHIUM);
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
/**
* Try to make a WOLFSSL_EVP_PKEY from data.
@@ -1030,12 +1030,12 @@ static WOLFSSL_EVP_PKEY* d2i_evp_pkey_try(WOLFSSL_EVP_PKEY** out,
}
else
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
if (d2iTryDilithiumKey(&pkey, *in, inSz, priv) >= 0) {
#ifdef WOLFSSL_HAVE_MLDSA
if (d2iTryMlDsaKey(&pkey, *in, inSz, priv) >= 0) {
found = 1;
}
else
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
{
WOLFSSL_MSG("d2i_evp_pkey_try couldn't determine key type");
}
+27 -28
View File
@@ -148,13 +148,12 @@
#if defined(WOLFSSL_HAVE_MLDSA)
/* Pull in the legacy compatibility shim. settings.h has already run the
* forward arm of the sub-config gate translation block (legacy
* WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> canonical WOLFSSL_MLDSA_* /
* WC_MLDSA_*) so wc_mldsa.h's own conditional declarations read the
* canonical gates regardless of which spelling was used by the build
* system or user_settings.h. This include brings in the reverse arm
* (canonical -> legacy) and the legacy macro / inline aliases. */
/* Pull in the legacy compatibility shim. wc_mldsa.h pulls in dilithium.h
* itself for the forward arm of the sub-config gate translation (so the
* canonical WOLFSSL_MLDSA_* gates are visible to wc_mldsa.h's own
* conditional declarations regardless of which spelling was used by the
* build system or user_settings.h). This include brings in the reverse
* arm (canonical -> legacy) and the legacy macro / inline aliases. */
#include <wolfssl/wolfcrypt/dilithium.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/sha3.h>
@@ -11931,11 +11930,11 @@ int wc_MlDsaKey_ExportKey(wc_MlDsaKey* key, byte* priv, word32 *privSz,
static int mapOidToSecLevel(int oid)
{
switch (oid) {
case ML_DSA_LEVEL2k:
case ML_DSA_44k:
return WC_ML_DSA_44;
case ML_DSA_LEVEL3k:
case ML_DSA_65k:
return WC_ML_DSA_65;
case ML_DSA_LEVEL5k:
case ML_DSA_87k:
return WC_ML_DSA_87;
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
case DILITHIUM_LEVEL2k:
@@ -11970,13 +11969,13 @@ int mldsa_get_oid_sum(wc_MlDsaKey* key, int* keyFormat) {
else
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
if (key->level == WC_ML_DSA_44) {
*keyFormat = ML_DSA_LEVEL2k;
*keyFormat = ML_DSA_44k;
}
else if (key->level == WC_ML_DSA_65) {
*keyFormat = ML_DSA_LEVEL3k;
*keyFormat = ML_DSA_65k;
}
else if (key->level == WC_ML_DSA_87) {
*keyFormat = ML_DSA_LEVEL5k;
*keyFormat = ML_DSA_87k;
}
else {
/* Level is not set */
@@ -12048,13 +12047,13 @@ int wc_MlDsaKey_PrivateKeyDecode(wc_MlDsaKey* key, const byte* input,
}
#endif
else if (key->level == WC_ML_DSA_44) {
keyType = ML_DSA_LEVEL2k;
keyType = ML_DSA_44k;
}
else if (key->level == WC_ML_DSA_65) {
keyType = ML_DSA_LEVEL3k;
keyType = ML_DSA_65k;
}
else if (key->level == WC_ML_DSA_87) {
keyType = ML_DSA_LEVEL5k;
keyType = ML_DSA_87k;
}
else {
ret = BAD_FUNC_ARG;
@@ -12368,13 +12367,13 @@ int wc_MlDsaKey_PublicKeyDecode(wc_MlDsaKey* key, const byte* input,
else
#endif
if (key->level == WC_ML_DSA_44) {
keyType = ML_DSA_LEVEL2k;
keyType = ML_DSA_44k;
}
else if (key->level == WC_ML_DSA_65) {
keyType = ML_DSA_LEVEL3k;
keyType = ML_DSA_65k;
}
else if (key->level == WC_ML_DSA_87) {
keyType = ML_DSA_LEVEL5k;
keyType = ML_DSA_87k;
}
else {
/* Level not set by caller, decode from DER */
@@ -12554,15 +12553,15 @@ int wc_MlDsaKey_PublicKeyToDer(wc_MlDsaKey* key, byte* output, word32 len,
else
#endif
if (key->level == WC_ML_DSA_44) {
keyType = ML_DSA_LEVEL2k;
keyType = ML_DSA_44k;
pubKeyLen = WC_MLDSA_44_PUB_KEY_SIZE;
}
else if (key->level == WC_ML_DSA_65) {
keyType = ML_DSA_LEVEL3k;
keyType = ML_DSA_65k;
pubKeyLen = WC_MLDSA_65_PUB_KEY_SIZE;
}
else if (key->level == WC_ML_DSA_87) {
keyType = ML_DSA_LEVEL5k;
keyType = ML_DSA_87k;
pubKeyLen = WC_MLDSA_87_PUB_KEY_SIZE;
}
else {
@@ -12627,15 +12626,15 @@ int wc_MlDsaKey_KeyToDer(wc_MlDsaKey* key, byte* output, word32 len)
#endif
if (key->level == WC_ML_DSA_44) {
ret = SetAsymKeyDer(key->k, WC_MLDSA_44_KEY_SIZE, key->p,
WC_MLDSA_44_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL2k);
WC_MLDSA_44_PUB_KEY_SIZE, output, len, ML_DSA_44k);
}
else if (key->level == WC_ML_DSA_65) {
ret = SetAsymKeyDer(key->k, WC_MLDSA_65_KEY_SIZE, key->p,
WC_MLDSA_65_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL3k);
WC_MLDSA_65_PUB_KEY_SIZE, output, len, ML_DSA_65k);
}
else if (key->level == WC_ML_DSA_87) {
ret = SetAsymKeyDer(key->k, WC_MLDSA_87_KEY_SIZE, key->p,
WC_MLDSA_87_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL5k);
WC_MLDSA_87_PUB_KEY_SIZE, output, len, ML_DSA_87k);
}
}
@@ -12681,15 +12680,15 @@ int wc_MlDsaKey_PrivateKeyToDer(wc_MlDsaKey* key, byte* output, word32 len)
#endif
if (key->level == WC_ML_DSA_44) {
ret = SetAsymKeyDer(key->k, WC_MLDSA_44_KEY_SIZE, NULL, 0, output,
len, ML_DSA_LEVEL2k);
len, ML_DSA_44k);
}
else if (key->level == WC_ML_DSA_65) {
ret = SetAsymKeyDer(key->k, WC_MLDSA_65_KEY_SIZE, NULL, 0, output,
len, ML_DSA_LEVEL3k);
len, ML_DSA_65k);
}
else if (key->level == WC_ML_DSA_87) {
ret = SetAsymKeyDer(key->k, WC_MLDSA_87_KEY_SIZE, NULL, 0, output,
len, ML_DSA_LEVEL5k);
len, ML_DSA_87k);
}
}
+51 -51
View File
@@ -66,8 +66,8 @@
#if defined(NO_PKCS11_RNG) && !defined(WC_NO_RNG)
#define WC_NO_RNG
#endif
#if defined(NO_PKCS11_MLDSA) && defined(HAVE_DILITHIUM)
#undef HAVE_DILITHIUM
#if defined(NO_PKCS11_MLDSA) && defined(WOLFSSL_HAVE_MLDSA)
#undef WOLFSSL_HAVE_MLDSA
#endif
#if defined(NO_PKCS11_MLKEM) && defined(WOLFSSL_HAVE_MLKEM)
#undef WOLFSSL_HAVE_MLKEM
@@ -81,7 +81,7 @@ static CK_BBOOL ckFalse = CK_FALSE;
#endif
#if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
(defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \
!defined(NO_HMAC) || defined(HAVE_DILITHIUM) || \
!defined(NO_HMAC) || defined(WOLFSSL_HAVE_MLDSA) || \
defined(WOLFSSL_HAVE_MLKEM)
/* Pointer to true required for templates. */
static CK_BBOOL ckTrue = CK_TRUE;
@@ -99,11 +99,11 @@ static CK_KEY_TYPE ecKeyType = CKK_EC;
/* Pointer to ML-KEM key type required for templates. */
static CK_KEY_TYPE mlkemKeyType = CKK_ML_KEM;
#endif
#if defined(HAVE_DILITHIUM)
#if defined(WOLFSSL_HAVE_MLDSA)
/* Pointer to ML-DSA key type required for templates. */
static CK_KEY_TYPE mldsaKeyType = CKK_ML_DSA;
#endif
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_DILITHIUM) || \
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(WOLFSSL_HAVE_MLDSA) || \
defined(WOLFSSL_HAVE_MLKEM)
/* Pointer to public key class required for templates. */
static CK_OBJECT_CLASS pubKeyClass = CKO_PUBLIC_KEY;
@@ -1773,7 +1773,7 @@ static int Pkcs11CreateMlKemPrivateKey(CK_OBJECT_HANDLE* privateKey,
}
#endif /* WOLFSSL_HAVE_MLKEM */
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
/**
* Create a PKCS#11 object containing the ML-DSA public key data.
* @param handle [out] Handle to public key object.
@@ -1824,21 +1824,21 @@ static int Pkcs11CreateMldsaPublicKey(CK_OBJECT_HANDLE* handle,
}
if ((key->level == WC_ML_DSA_44) &&
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) {
publicKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
(mechInfo->ulMinKeySize <= WC_MLDSA_44_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= WC_MLDSA_44_PUB_KEY_SIZE)) {
publicKeyLen = WC_MLDSA_44_PUB_KEY_SIZE;
param_set = CKP_ML_DSA_44;
}
else if ((key->level == WC_ML_DSA_65) &&
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) {
publicKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
(mechInfo->ulMinKeySize <= WC_MLDSA_65_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= WC_MLDSA_65_PUB_KEY_SIZE)) {
publicKeyLen = WC_MLDSA_65_PUB_KEY_SIZE;
param_set = CKP_ML_DSA_65;
}
else if ((key->level == WC_ML_DSA_87) &&
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) {
publicKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
(mechInfo->ulMinKeySize <= WC_MLDSA_87_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= WC_MLDSA_87_PUB_KEY_SIZE)) {
publicKeyLen = WC_MLDSA_87_PUB_KEY_SIZE;
param_set = CKP_ML_DSA_87;
}
else {
@@ -1907,21 +1907,21 @@ static int Pkcs11CreateMldsaPrivateKey(CK_OBJECT_HANDLE* privateKey,
}
if ((key->level == WC_ML_DSA_44) &&
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) {
privateKeyLen = ML_DSA_LEVEL2_KEY_SIZE;
(mechInfo->ulMinKeySize <= WC_MLDSA_44_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= WC_MLDSA_44_PUB_KEY_SIZE)) {
privateKeyLen = WC_MLDSA_44_KEY_SIZE;
param_set = CKP_ML_DSA_44;
}
else if ((key->level == WC_ML_DSA_65) &&
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) {
privateKeyLen = ML_DSA_LEVEL3_KEY_SIZE;
(mechInfo->ulMinKeySize <= WC_MLDSA_65_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= WC_MLDSA_65_PUB_KEY_SIZE)) {
privateKeyLen = WC_MLDSA_65_KEY_SIZE;
param_set = CKP_ML_DSA_65;
}
else if ((key->level == WC_ML_DSA_87) &&
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) {
privateKeyLen = ML_DSA_LEVEL5_KEY_SIZE;
(mechInfo->ulMinKeySize <= WC_MLDSA_87_PUB_KEY_SIZE) &&
(mechInfo->ulMaxKeySize >= WC_MLDSA_87_PUB_KEY_SIZE)) {
privateKeyLen = WC_MLDSA_87_KEY_SIZE;
param_set = CKP_ML_DSA_87;
}
else {
@@ -1943,11 +1943,11 @@ static int Pkcs11CreateMldsaPrivateKey(CK_OBJECT_HANDLE* privateKey,
return ret;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
(defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \
!defined(NO_HMAC) || defined(HAVE_DILITHIUM) || \
!defined(NO_HMAC) || defined(WOLFSSL_HAVE_MLDSA) || \
defined(WOLFSSL_HAVE_MLKEM)
/**
* Check if mechanism is available in session on token.
@@ -2220,7 +2220,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
break;
}
#endif /* WOLFSSL_HAVE_MLKEM */
#if defined(HAVE_DILITHIUM)
#if defined(WOLFSSL_HAVE_MLDSA)
case PKCS11_KEY_TYPE_MLDSA: {
wc_MlDsaKey* mldsaKey = (wc_MlDsaKey*) key;
CK_MECHANISM_INFO mechInfo;
@@ -2246,19 +2246,19 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
session.func->C_DestroyObject(session.handle, privKey);
}
}
#if !defined(WOLFSSL_DILITHIUM_ASSIGN_KEY) && \
!defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)
#if !defined(WOLFSSL_MLDSA_ASSIGN_KEY) && \
!defined(WOLFSSL_MLDSA_DYNAMIC_KEYS)
if (ret == 0 && clear) {
ForceZero(mldsaKey->k, sizeof(mldsaKey->k));
}
#elif defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)
#elif defined(WOLFSSL_MLDSA_DYNAMIC_KEYS)
if (ret == 0 && clear && mldsaKey->k != NULL) {
ForceZero(mldsaKey->k, mldsaKey->kSz);
}
#endif
break;
}
#endif /* HAVE_DILITHIUM*/
#endif /* WOLFSSL_HAVE_MLDSA */
default:
ret = NOT_COMPILED_IN;
break;
@@ -4748,7 +4748,7 @@ static int Pkcs11PqcKemDecapsulate(Pkcs11Session* session, wc_CryptoInfo* info)
}
#endif /* WOLFSSL_HAVE_MLKEM */
#if defined(HAVE_DILITHIUM)
#if defined(WOLFSSL_HAVE_MLDSA)
/**
* Find the PKCS#11 object containing the ML-DSA public or private key data.
*
@@ -4852,11 +4852,11 @@ static int Pkcs11GetMldsaPublicKey(wc_MlDsaKey* key,
PKCS11_DUMP_TEMPLATE("ML-DSA Public Key", tmpl, tmplCnt);
}
if (ret == 0) {
if (pubKeySize == ML_DSA_LEVEL2_PUB_KEY_SIZE)
if (pubKeySize == WC_MLDSA_44_PUB_KEY_SIZE)
wc_MlDsaKey_SetParams(key, WC_ML_DSA_44);
else if (pubKeySize == ML_DSA_LEVEL3_PUB_KEY_SIZE)
else if (pubKeySize == WC_MLDSA_65_PUB_KEY_SIZE)
wc_MlDsaKey_SetParams(key, WC_ML_DSA_65);
else if (pubKeySize == ML_DSA_LEVEL5_PUB_KEY_SIZE)
else if (pubKeySize == WC_MLDSA_87_PUB_KEY_SIZE)
wc_MlDsaKey_SetParams(key, WC_ML_DSA_87);
else
ret = WC_KEY_SIZE_E;
@@ -4965,18 +4965,18 @@ static int Pkcs11MldsaKeyGen(Pkcs11Session* session, wc_MlDsaKey* key)
ret = Pkcs11MechAvail(session, CKM_ML_DSA_KEY_PAIR_GEN, &mechInfo);
if (ret == 0) {
if ((key->level == WC_ML_DSA_44) &&
(mechInfo.ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) &&
(mechInfo.ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) {
(mechInfo.ulMinKeySize <= WC_MLDSA_44_PUB_KEY_SIZE) &&
(mechInfo.ulMaxKeySize >= WC_MLDSA_44_PUB_KEY_SIZE)) {
param_set = CKP_ML_DSA_44;
}
else if ((key->level == WC_ML_DSA_65) &&
(mechInfo.ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) &&
(mechInfo.ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) {
(mechInfo.ulMinKeySize <= WC_MLDSA_65_PUB_KEY_SIZE) &&
(mechInfo.ulMaxKeySize >= WC_MLDSA_65_PUB_KEY_SIZE)) {
param_set = CKP_ML_DSA_65;
}
else if ((key->level == WC_ML_DSA_87) &&
(mechInfo.ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) &&
(mechInfo.ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) {
(mechInfo.ulMinKeySize <= WC_MLDSA_87_PUB_KEY_SIZE) &&
(mechInfo.ulMaxKeySize >= WC_MLDSA_87_PUB_KEY_SIZE)) {
param_set = CKP_ML_DSA_87;
}
else {
@@ -5333,7 +5333,7 @@ static int Pkcs11MldsaCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
wc_MlDsaKey* privKey = (wc_MlDsaKey*) info->pk.pqc_sig_check.key;
WC_DECLARE_VAR(pubKey, wc_MlDsaKey, 1, privKey->heap);
WC_ALLOC_VAR_EX(pubKey, wc_MlDsaKey, 1, privKey->heap, DYNAMIC_TYPE_DILITHIUM,
WC_ALLOC_VAR_EX(pubKey, wc_MlDsaKey, 1, privKey->heap, DYNAMIC_TYPE_MLDSA,
ret = MEMORY_E);
/* Get the ML-DSA public key object. */
@@ -5357,11 +5357,11 @@ static int Pkcs11MldsaCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
if (ret == 0) {
if (key_level == WC_ML_DSA_44)
storedKeySize = ML_DSA_LEVEL2_PUB_KEY_SIZE;
storedKeySize = WC_MLDSA_44_PUB_KEY_SIZE;
else if (key_level == WC_ML_DSA_65)
storedKeySize = ML_DSA_LEVEL3_PUB_KEY_SIZE;
storedKeySize = WC_MLDSA_65_PUB_KEY_SIZE;
else if (key_level == WC_ML_DSA_87)
storedKeySize = ML_DSA_LEVEL5_PUB_KEY_SIZE;
storedKeySize = WC_MLDSA_87_PUB_KEY_SIZE;
else
ret = WC_KEY_SIZE_E;
}
@@ -5385,7 +5385,7 @@ static int Pkcs11MldsaCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
wc_MlDsaKey_Free(pubKey);
}
WC_FREE_VAR_EX(pubKey, privKey->heap, DYNAMIC_TYPE_DILITHIUM);
WC_FREE_VAR_EX(pubKey, privKey->heap, DYNAMIC_TYPE_MLDSA);
return ret;
}
@@ -5512,7 +5512,7 @@ static int Pkcs11PqcSigCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
return ret;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#if !defined(NO_AES) && defined(HAVE_AESGCM)
/**
@@ -6329,7 +6329,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
*/
if (ret == 0) {
if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_DILITHIUM) || \
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(WOLFSSL_HAVE_MLDSA) || \
defined(WOLFSSL_HAVE_MLKEM)
switch (info->pk.type) {
#ifndef NO_RSA
@@ -6433,7 +6433,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
}
break;
#endif
#if defined(HAVE_DILITHIUM)
#if defined(WOLFSSL_HAVE_MLDSA)
case WC_PK_TYPE_PQC_SIG_KEYGEN:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
@@ -6469,7 +6469,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
}
#else
ret = NOT_COMPILED_IN;
#endif /* !NO_RSA || HAVE_ECC || HAVE_DILITHIUM || WOLFSSL_HAVE_MLKEM */
#endif /* !NO_RSA || HAVE_ECC || WOLFSSL_HAVE_MLDSA || WOLFSSL_HAVE_MLKEM */
}
else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#ifndef NO_AES
@@ -6629,7 +6629,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
}
else
#endif
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
if (info->free.algo == WC_ALGO_TYPE_PK &&
info->free.type == WC_PK_TYPE_PQC_SIG_KEYGEN &&
info->free.subType == WC_PQC_SIG_TYPE_MLDSA) {
+2 -2
View File
@@ -7840,7 +7840,7 @@ static const byte slhdsakey_oid_sha3_512[] = {
* corresponding OID for the chosen hash algorithm.
*
* The HashSLH-DSA family takes the digest as input rather than the full
* message. This mirrors the wc_dilithium_*_ctx_hash interface and matches the
* message. This mirrors the wc_MlDsaKey_*Ctx_Hash interface and matches the
* convention used by NIST ACVP signatureInterface=external / preHash test
* vectors and other libraries (OpenSSL HASH-ML-DSA, leancrypto SLH-DSA,
* mldsa-native pre_hash_internal). The expected digest length is fixed by
@@ -9185,7 +9185,7 @@ int wc_SlhDsaKey_PublicKeyDecode(const byte* input, word32* inOutIdx,
* parameter set -- callers chaining decoders must pass inSz scoped to
* just the public-key buffer or the import will reject the length and
* fall through to SPKI parsing. Mirrors the raw-first fallback in
* wc_Dilithium_PublicKeyDecode and wc_Falcon_PublicKeyDecode so all PQ
* wc_MlDsaKey_PublicKeyDecode and wc_Falcon_PublicKeyDecode so all PQ
* public-key decoders accept either raw bytes or SPKI.
*
* The length check in ImportPublic is the disambiguator: a real SPKI
+229 -229
View File
@@ -395,8 +395,8 @@ static const byte const_byte_array[] = "A+Gd\0\0\0";
#ifdef WOLFSSL_HAVE_MLKEM
#include <wolfssl/wolfcrypt/wc_mlkem.h>
#endif
#ifdef HAVE_DILITHIUM
#include <wolfssl/wolfcrypt/dilithium.h>
#ifdef WOLFSSL_HAVE_MLDSA
#include <wolfssl/wolfcrypt/wc_mldsa.h>
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#include <wolfssl/wolfcrypt/wc_xmss.h>
@@ -965,8 +965,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
#ifdef WOLFSSL_HAVE_MLKEM
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void);
#endif
#ifdef HAVE_DILITHIUM
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void);
#ifdef WOLFSSL_HAVE_MLDSA
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mldsa_test(void);
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
@@ -1447,14 +1447,14 @@ static WC_MAYBE_UNUSED Aes* test_AesGcmNew(void* heap, int declaredDevId,
#ifdef WOLFSSL_STATIC_MEMORY
#if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
#elif defined(HAVE_DILITHIUM)
#if defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) && \
defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) && \
defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM) && \
defined(WOLFSSL_DILITHIUM_VERIFY_ONLY)
static byte gTestMemory[192*1024]; /* Dilithium low mem */
#elif defined(WOLFSSL_HAVE_MLDSA)
#if defined(WOLFSSL_MLDSA_VERIFY_SMALL_MEM) && \
defined(WOLFSSL_MLDSA_SIGN_SMALL_MEM) && \
defined(WOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM) && \
defined(WOLFSSL_MLDSA_VERIFY_ONLY)
static byte gTestMemory[192*1024]; /* ML-DSA low mem */
#else
static byte gTestMemory[576*1024]; /* Dilithium full mem */
static byte gTestMemory[576*1024]; /* ML-DSA full mem */
#endif
#elif defined(BENCH_EMBEDDED)
static byte gTestMemory[14000];
@@ -3130,12 +3130,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
PRIVATE_KEY_LOCK();
#endif
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
PRIVATE_KEY_UNLOCK();
if ( (ret = dilithium_test()) != 0)
TEST_FAIL("DILITHIUM test failed!\n", ret);
if ( (ret = mldsa_test()) != 0)
TEST_FAIL("ML-DSA test failed!\n", ret);
else
TEST_PASS("DILITHIUM test passed!\n");
TEST_PASS("ML-DSA test passed!\n");
PRIVATE_KEY_LOCK();
#endif
@@ -52263,22 +52263,22 @@ out:
}
#endif /* WOLFSSL_HAVE_MLKEM */
#ifdef HAVE_DILITHIUM
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
#ifdef WOLFSSL_HAVE_MLDSA
#ifndef WOLFSSL_MLDSA_NO_VERIFY
static wc_test_ret_t mldsa_param_vfy_test(int param, const byte* pubKey,
word32 pubKeyLen, const byte* sig, word32 sigLen)
{
#ifndef DILITHIUM_TEST_MSG_SZ
#define DILITHIUM_TEST_MSG_SZ 512
#ifndef WC_MLDSA_TEST_MSG_SZ
#define WC_MLDSA_TEST_MSG_SZ 512
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* msg = NULL;
dilithium_key* key = NULL;
wc_MlDsaKey* key = NULL;
byte* pubExported = NULL;
#else
byte msg[DILITHIUM_TEST_MSG_SZ];
dilithium_key key[1];
byte pubExported[DILITHIUM_MAX_PUB_KEY_SIZE];
byte msg[WC_MLDSA_TEST_MSG_SZ];
wc_MlDsaKey key[1];
byte pubExported[MLDSA_MAX_PUB_KEY_SIZE];
#endif
wc_test_ret_t ret;
int i;
@@ -52287,9 +52287,9 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
int n_diff = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
msg = (byte*)XMALLOC(DILITHIUM_TEST_MSG_SZ, HEAP_HINT,
msg = (byte*)XMALLOC(WC_MLDSA_TEST_MSG_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
@@ -52299,33 +52299,33 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
#endif
/* make dummy msg */
for (i = 0; i < DILITHIUM_TEST_MSG_SZ; i++) {
for (i = 0; i < WC_MLDSA_TEST_MSG_SZ; i++) {
msg[i] = (byte)i;
}
ret = wc_dilithium_init_ex(key, NULL, devId);
ret = wc_MlDsaKey_Init(key, NULL, devId);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
return ret;
}
ret = wc_dilithium_set_level(key, param);
ret = wc_MlDsaKey_SetParams(key, param);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_dilithium_import_public(pubKey, pubKeyLen, key);
ret = wc_MlDsaKey_ImportPubRaw(key, pubKey, pubKeyLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (param >= WC_ML_DSA_DRAFT) {
ret = wc_dilithium_verify_msg(sig, sigLen, msg, DILITHIUM_TEST_MSG_SZ,
&res, key);
ret = wc_MlDsaKey_Verify(key, sig, sigLen, msg, WC_MLDSA_TEST_MSG_SZ,
&res);
}
else
#endif
{
ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
DILITHIUM_TEST_MSG_SZ, &res, key);
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
WC_MLDSA_TEST_MSG_SZ, &res);
}
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -52333,7 +52333,7 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
/* Now test the export pub raw API, verify we recover the original pub. */
ret = wc_dilithium_export_public(key, pubExported, &lenExported);
ret = wc_MlDsaKey_ExportPubRaw(key, pubExported, &lenExported);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
@@ -52349,7 +52349,7 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
}
out:
wc_dilithium_free(key);
wc_MlDsaKey_Free(key);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -52359,7 +52359,7 @@ out:
}
#ifndef WOLFSSL_NO_ML_DSA_44
static wc_test_ret_t dilithium_param_44_vfy_test(void)
static wc_test_ret_t mldsa_param_44_vfy_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = {
0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04,
@@ -52473,7 +52473,7 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5,
0x70, 0x8d, 0x8b, 0x9c
};
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = {
0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
@@ -52813,7 +52813,7 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a
};
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = {
0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a,
0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5,
@@ -53061,12 +53061,12 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
#endif
wc_test_ret_t ret;
ret = dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
ret = mldsa_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
(word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig,
(word32)sizeof(ml_dsa_44_sig));
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (ret == 0) {
ret = dilithium_param_vfy_test(WC_ML_DSA_44_DRAFT,
ret = mldsa_param_vfy_test(WC_ML_DSA_44_DRAFT,
ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key),
ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig));
}
@@ -53077,7 +53077,7 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
static wc_test_ret_t dilithium_param_65_vfy_test(void)
static wc_test_ret_t mldsa_param_65_vfy_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = {
0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd,
@@ -53244,7 +53244,7 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0,
0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6
};
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = {
0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
@@ -53722,7 +53722,7 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25
};
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = {
0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc,
0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e,
@@ -54059,12 +54059,12 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
#endif
wc_test_ret_t ret;
ret = dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
ret = mldsa_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
(word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig,
(word32)sizeof(ml_dsa_65_sig));
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (ret == 0) {
ret = dilithium_param_vfy_test(WC_ML_DSA_65_DRAFT,
ret = mldsa_param_vfy_test(WC_ML_DSA_65_DRAFT,
ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key),
ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig));
}
@@ -54075,7 +54075,7 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
static wc_test_ret_t dilithium_param_87_vfy_test(void)
static wc_test_ret_t mldsa_param_87_vfy_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = {
0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e,
@@ -54295,7 +54295,7 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50,
0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4
};
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = {
0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
@@ -54947,7 +54947,7 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f
};
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = {
0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0,
0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf,
@@ -55416,12 +55416,12 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
#endif
wc_test_ret_t ret;
ret = dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
ret = mldsa_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
(word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig,
(word32)sizeof(ml_dsa_87_sig));
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (ret == 0) {
ret = dilithium_param_vfy_test(WC_ML_DSA_87_DRAFT,
ret = mldsa_param_vfy_test(WC_ML_DSA_87_DRAFT,
ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key),
ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig));
}
@@ -55432,64 +55432,64 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
#endif
#endif
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
static wc_test_ret_t mldsa_param_test(int param, WC_RNG* rng)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
dilithium_key* key = NULL;
wc_MlDsaKey* key = NULL;
byte* sig = NULL;
#else
dilithium_key key[1];
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
byte sig[DILITHIUM_MAX_SIG_SIZE];
wc_MlDsaKey key[1];
#ifndef WOLFSSL_MLDSA_NO_SIGN
byte sig[MLDSA_MAX_SIG_SIZE];
#endif
#endif
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
#ifndef WOLFSSL_MLDSA_NO_SIGN
word32 sigLen;
byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
#ifndef WOLFSSL_MLDSA_NO_VERIFY
int res = 0;
#endif
#endif
dilithium_key* tmpKey = NULL;
wc_MlDsaKey* tmpKey = NULL;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT,
sig = (byte*)XMALLOC(MLDSA_MAX_SIG_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL || sig == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
#endif
ret = wc_dilithium_init_ex(key, NULL, devId);
ret = wc_MlDsaKey_Init(key, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_dilithium_set_level(key, param);
ret = wc_MlDsaKey_SetParams(key, param);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_dilithium_make_key(key, rng);
ret = wc_MlDsaKey_MakeKey(key, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
sigLen = wc_dilithium_sig_size(key);
#ifndef WOLFSSL_MLDSA_NO_SIGN
sigLen = wc_MlDsaKey_SigSize(key);
if (sigLen <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg, (word32)sizeof(msg), sig,
&sigLen, key, rng);
ret = wc_MlDsaKey_SignCtx(key, NULL, 0, sig, &sigLen,
msg, (word32)sizeof(msg), rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
(word32)sizeof(msg), &res, key);
#ifndef WOLFSSL_MLDSA_NO_VERIFY
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
(word32)sizeof(msg), &res);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (res != 1)
@@ -55497,16 +55497,16 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
#endif
#endif
tmpKey = wc_dilithium_new(HEAP_HINT, devId);
tmpKey = wc_MlDsaKey_New(HEAP_HINT, devId);
if (tmpKey == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_dilithium_delete(tmpKey, &tmpKey);
ret = wc_MlDsaKey_Delete(tmpKey, &tmpKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
out:
wc_dilithium_free(key);
wc_MlDsaKey_Free(key);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -55515,77 +55515,77 @@ out:
}
#endif
#if defined(WC_DILITHIUM_CACHE_MATRIX_A) && \
!defined(WC_DILITHIUM_FIXED_ARRAY) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
#if defined(WC_MLDSA_CACHE_MATRIX_A) && \
!defined(WC_MLDSA_FIXED_ARRAY) && \
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
/* Regression test for sign path matrix A cache allocation.
*
* dilithium_sign_with_seed_mu() previously stored the result of XMALLOC for
* mldsa_sign_with_seed_mu() previously stored the result of XMALLOC for
* the matrix A cache into a local variable instead of key->a. The local was
* then immediately overwritten by `a = key->a` (still NULL), so the just-
* allocated buffer was leaked and a NULL pointer was passed to
* dilithium_expand_a().
* mldsa_expand_a().
*
* This test exercises that exact code path by clearing the cache state on a
* key after make_key, then signing. The post-condition asserts that key->a
* was populated (proving the allocation made it into the key, not the local)
* and that signing produces a verifiable signature.
*/
static wc_test_ret_t dilithium_sign_cache_alloc_test(int param, WC_RNG* rng)
static wc_test_ret_t mldsa_sign_cache_alloc_test(int param, WC_RNG* rng)
{
wc_test_ret_t ret;
dilithium_key* key = NULL;
wc_MlDsaKey* key = NULL;
byte* sig = NULL;
word32 sigLen;
byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int res = 0;
key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
/* Init before further allocations so wc_dilithium_free() in the cleanup
/* Init before further allocations so wc_MlDsaKey_Free() in the cleanup
* path operates on a zeroed struct, not garbage cached-pointer fields. */
ret = wc_dilithium_init_ex(key, NULL, devId);
ret = wc_MlDsaKey_Init(key, NULL, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT,
sig = (byte*)XMALLOC(MLDSA_MAX_SIG_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (sig == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
ret = wc_dilithium_set_level(key, param);
ret = wc_MlDsaKey_SetParams(key, param);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_dilithium_make_key(key, rng);
ret = wc_MlDsaKey_MakeKey(key, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Drop the cached matrix A so the next sign exercises the allocation
* branch in dilithium_sign_with_seed_mu(). */
XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM);
* branch in mldsa_sign_with_seed_mu(). */
XFREE(key->a, key->heap, DYNAMIC_TYPE_MLDSA);
key->a = NULL;
key->aSet = 0;
#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
#ifdef WC_MLDSA_CACHE_PRIV_VECTORS
XFREE(key->s1, key->heap, DYNAMIC_TYPE_MLDSA);
key->s1 = NULL;
key->s2 = NULL;
key->t0 = NULL;
key->privVecsSet = 0;
#endif
sigLen = wc_dilithium_sig_size(key);
sigLen = wc_MlDsaKey_SigSize(key);
if (sigLen <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg, (word32)sizeof(msg), sig,
&sigLen, key, rng);
ret = wc_MlDsaKey_SignCtx(key, NULL, 0, sig, &sigLen,
msg, (word32)sizeof(msg), rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -55597,8 +55597,8 @@ static wc_test_ret_t dilithium_sign_cache_alloc_test(int param, WC_RNG* rng)
if (key->aSet != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
(word32)sizeof(msg), &res, key);
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
(word32)sizeof(msg), &res);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (res != 1)
@@ -55606,48 +55606,48 @@ static wc_test_ret_t dilithium_sign_cache_alloc_test(int param, WC_RNG* rng)
out:
if (key != NULL)
wc_dilithium_free(key);
wc_MlDsaKey_Free(key);
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* WC_DILITHIUM_CACHE_MATRIX_A && !WC_DILITHIUM_FIXED_ARRAY &&
* !WOLFSSL_DILITHIUM_NO_MAKE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN &&
* !WOLFSSL_DILITHIUM_NO_VERIFY */
#endif /* WC_MLDSA_CACHE_MATRIX_A && !WC_MLDSA_FIXED_ARRAY &&
* !WOLFSSL_MLDSA_NO_MAKE_KEY && !WOLFSSL_MLDSA_NO_SIGN &&
* !WOLFSSL_MLDSA_NO_VERIFY */
#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \
(defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY))
#if (defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)) || \
(defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY))
/* Tests decoding a key from DER without the security level specified */
static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
static wc_test_ret_t test_mldsa_decode_level(const byte* rawKey,
word32 rawKeySz,
int expectedLevel,
int isPublicOnlyKey)
{
int ret = 0;
#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
#if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
/* Size the buffer to accommodate the largest encoded key size */
const word32 maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE;
const word32 maxDerSz = MLDSA_MAX_PRV_KEY_DER_SIZE;
word32 derSz;
word32 idx;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* der = NULL;
#else
byte der[DILITHIUM_MAX_PRV_KEY_DER_SIZE];
byte der[MLDSA_MAX_PRV_KEY_DER_SIZE];
#endif
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
dilithium_key *key = NULL;
wc_MlDsaKey *key = NULL;
#else
dilithium_key key[1];
wc_MlDsaKey key[1];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
/* Allocate DER buffer */
der = (byte*)XMALLOC(maxDerSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT,
key = (wc_MlDsaKey *)XMALLOC(sizeof(*key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL || key == NULL) {
ret = MEMORY_E;
@@ -55656,38 +55656,38 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
/* Initialize key */
if (ret == 0) {
ret = wc_dilithium_init_ex(key, NULL, devId);
ret = wc_MlDsaKey_Init(key, NULL, devId);
}
/* Import raw key, setting the security level */
if (ret == 0) {
ret = wc_dilithium_set_level(key, expectedLevel);
ret = wc_MlDsaKey_SetParams(key, expectedLevel);
}
if (ret == 0) {
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
if (isPublicOnlyKey) {
ret = wc_dilithium_import_public(rawKey, rawKeySz, key);
ret = wc_MlDsaKey_ImportPubRaw(key, rawKey, rawKeySz);
}
#endif
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
if (!isPublicOnlyKey) {
ret = wc_dilithium_import_private(rawKey, rawKeySz, key);
ret = wc_MlDsaKey_ImportPrivRaw(key, rawKey, rawKeySz);
}
#endif
}
#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
#if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
/* Export raw key as DER */
if (ret == 0) {
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
if (isPublicOnlyKey) {
ret = wc_Dilithium_PublicKeyToDer(key, der, maxDerSz, 1);
ret = wc_MlDsaKey_PublicKeyToDer(key, der, maxDerSz, 1);
}
#endif
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
if (!isPublicOnlyKey) {
ret = wc_Dilithium_PrivateKeyToDer(key, der, maxDerSz);
ret = wc_MlDsaKey_PrivateKeyToDer(key, der, maxDerSz);
}
#endif
if (ret >= 0) {
@@ -55698,63 +55698,63 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
/* Free and reinit key to test fresh decode */
if (ret == 0) {
wc_dilithium_free(key);
ret = wc_dilithium_init_ex(key, NULL, devId);
wc_MlDsaKey_Free(key);
ret = wc_MlDsaKey_Init(key, NULL, devId);
}
/* First test decoding when security level is set externally */
if (ret == 0) {
ret = wc_dilithium_set_level(key, expectedLevel);
ret = wc_MlDsaKey_SetParams(key, expectedLevel);
}
if (ret == 0) {
idx = 0;
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
if (isPublicOnlyKey) {
ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz);
ret = wc_MlDsaKey_PublicKeyDecode(key, der, derSz, &idx);
}
#endif
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
if (!isPublicOnlyKey) {
ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz);
ret = wc_MlDsaKey_PrivateKeyDecode(key, der, derSz, &idx);
}
#endif
}
/* Free and reinit key to test fresh decode */
if (ret == 0) {
wc_dilithium_free(key);
ret = wc_dilithium_init_ex(key, NULL, devId);
wc_MlDsaKey_Free(key);
ret = wc_MlDsaKey_Init(key, NULL, devId);
}
#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
#ifndef WOLFSSL_MLDSA_FIPS204_DRAFT
/* Test decoding without setting security level - should auto-detect */
if (ret == 0) {
idx = 0;
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
if (isPublicOnlyKey) {
ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz);
ret = wc_MlDsaKey_PublicKeyDecode(key, der, derSz, &idx);
}
#endif
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
if (!isPublicOnlyKey) {
ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz);
ret = wc_MlDsaKey_PrivateKeyDecode(key, der, derSz, &idx);
}
#endif
}
/* Verify auto-detected security level */
if (ret == 0 && key->level != expectedLevel) {
printf("Dilithium key decode failed to detect level.\n"
printf("ML-DSA key decode failed to detect level.\n"
"\tExpected level=%d\n\tGot level=%d\n",
expectedLevel, key->level);
ret = WC_TEST_RET_ENC_NC;
}
#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */
#endif /* !WOLFSSL_MLDSA_FIPS204_DRAFT */
#endif /* !WOLFSSL_MLDSA_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */
/* Cleanup */
wc_dilithium_free(key);
wc_MlDsaKey_Free(key);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -55763,97 +55763,97 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
}
/* Test Dilithium key decoding and security level detection */
static wc_test_ret_t dilithium_decode_test(void)
static wc_test_ret_t mldsa_decode_test(void)
{
wc_test_ret_t ret;
const byte* key;
word32 keySz;
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)
const int isPrvKey = 0;
#endif
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
const int isPubKey = 1;
#endif
#ifndef WOLFSSL_NO_ML_DSA_44
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)
/* Test ML-DSA-44 */
key = bench_dilithium_level2_key;
keySz = sizeof_bench_dilithium_level2_key;
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPrvKey);
key = bench_mldsa_44_key;
keySz = sizeof_bench_mldsa_44_key;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_44, isPrvKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
key = bench_dilithium_level2_pubkey;
keySz = sizeof_bench_dilithium_level2_pubkey;
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPubKey);
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
key = bench_mldsa_44_pubkey;
keySz = sizeof_bench_mldsa_44_pubkey;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_44, isPubKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
#endif /* WOLFSSL_NO_ML_DSA_44 */
#ifndef WOLFSSL_NO_ML_DSA_65
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)
/* Test ML-DSA-65 */
key = bench_dilithium_level3_key;
keySz = sizeof_bench_dilithium_level3_key;
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPrvKey);
key = bench_mldsa_65_key;
keySz = sizeof_bench_mldsa_65_key;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_65, isPrvKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
key = bench_dilithium_level3_pubkey;
keySz = sizeof_bench_dilithium_level3_pubkey;
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPubKey);
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
key = bench_mldsa_65_pubkey;
keySz = sizeof_bench_mldsa_65_pubkey;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_65, isPubKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
#endif /* WOLFSSL_NO_ML_DSA_65 */
#ifndef WOLFSSL_NO_ML_DSA_87
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)
/* Test ML-DSA-87 */
key = bench_dilithium_level5_key;
keySz = sizeof_bench_dilithium_level5_key;
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPrvKey);
key = bench_mldsa_87_key;
keySz = sizeof_bench_mldsa_87_key;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_87, isPrvKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
key = bench_dilithium_level5_pubkey;
keySz = sizeof_bench_dilithium_level5_pubkey;
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPubKey);
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
key = bench_mldsa_87_pubkey;
keySz = sizeof_bench_mldsa_87_pubkey;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_87, isPubKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
#endif /* WOLFSSL_NO_ML_DSA_87 */
return ret;
}
#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) ||
* (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */
#endif /* (WOLFSSL_MLDSA_PUBLIC_KEY && !WOLFSSL_MLDSA_NO_VERIFY) ||
* (WOLFSSL_MLDSA_PRIVATE_KEY && !WOLFSSL_MLDSA_NO_SIGN) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mldsa_test(void)
{
wc_test_ret_t ret;
WC_RNG rng;
@@ -55869,85 +55869,85 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
}
#ifndef WOLFSSL_NO_ML_DSA_44
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
ret = dilithium_param_44_vfy_test();
#ifndef WOLFSSL_MLDSA_NO_VERIFY
ret = mldsa_param_44_vfy_test();
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
ret = dilithium_param_test(WC_ML_DSA_44, &rng);
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
ret = mldsa_param_test(WC_ML_DSA_44, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
ret = dilithium_param_65_vfy_test();
#ifndef WOLFSSL_MLDSA_NO_VERIFY
ret = mldsa_param_65_vfy_test();
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
ret = dilithium_param_test(WC_ML_DSA_65, &rng);
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
ret = mldsa_param_test(WC_ML_DSA_65, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
ret = dilithium_param_87_vfy_test();
#ifndef WOLFSSL_MLDSA_NO_VERIFY
ret = mldsa_param_87_vfy_test();
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
ret = dilithium_param_test(WC_ML_DSA_87, &rng);
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
ret = mldsa_param_test(WC_ML_DSA_87, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#endif
#if defined(WC_DILITHIUM_CACHE_MATRIX_A) && \
!defined(WC_DILITHIUM_FIXED_ARRAY) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
#if defined(WC_MLDSA_CACHE_MATRIX_A) && \
!defined(WC_MLDSA_FIXED_ARRAY) && \
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
#ifndef WOLFSSL_NO_ML_DSA_44
ret = dilithium_sign_cache_alloc_test(WC_ML_DSA_44, &rng);
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_44, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
ret = dilithium_sign_cache_alloc_test(WC_ML_DSA_65, &rng);
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_65, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
ret = dilithium_sign_cache_alloc_test(WC_ML_DSA_87, &rng);
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_87, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#endif
#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \
(defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY))
ret = dilithium_decode_test();
#if (defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)) || \
(defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY))
ret = mldsa_decode_test();
if (ret != 0) {
ERROR_OUT(ret, out);
}
#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) ||
* (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */
#endif /* (WOLFSSL_MLDSA_PUBLIC_KEY && !WOLFSSL_MLDSA_NO_VERIFY) ||
* (WOLFSSL_MLDSA_PRIVATE_KEY && !WOLFSSL_MLDSA_NO_SIGN) */
#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) || \
defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
!defined(WOLFSSL_MLDSA_NO_VERIFY) || \
defined(WOLFSSL_MLDSA_PRIVATE_KEY) || \
defined(WOLFSSL_MLDSA_PUBLIC_KEY)
out:
#endif
wc_FreeRng(&rng);
return ret;
}
#endif /* HAVE_DILITHIUM */
#endif /* WOLFSSL_HAVE_MLDSA */
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz,
@@ -73047,14 +73047,14 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
break;
}
#endif
#if defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA)
#if defined(WOLFSSL_HAVE_MLDSA) || defined(WOLFSSL_HAVE_SLHDSA)
case WC_PK_TYPE_PQC_SIG_KEYGEN:
{
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
if (info->free.subType == WC_PQC_SIG_TYPE_MLDSA) {
dilithium_key* dil = (dilithium_key*)info->free.obj;
wc_MlDsaKey* dil = (wc_MlDsaKey*)info->free.obj;
dil->devId = INVALID_DEVID;
wc_dilithium_free(dil);
wc_MlDsaKey_Free(dil);
ret = 0;
}
#endif
@@ -73729,9 +73729,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
if (ret == 0)
ret = mlkem_test();
#endif
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
if (ret == 0)
ret = dilithium_test();
ret = mldsa_test();
#endif
#ifdef WOLFSSL_HAVE_SLHDSA
if (ret == 0) {
+2 -2
View File
@@ -307,8 +307,8 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
#ifdef WOLFSSL_HAVE_MLKEM
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void);
#endif
#ifdef HAVE_DILITHIUM
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void);
#ifdef WOLFSSL_HAVE_MLDSA
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mldsa_test(void);
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
+1763 -1776
View File
File diff suppressed because it is too large Load Diff
+1792 -1812
View File
File diff suppressed because it is too large Load Diff
+7 -1
View File
@@ -197,7 +197,7 @@ enum wolfSSL_ErrorCodes {
UNSUPPORTED_PROTO_VERSION = -450, /* bad/unsupported protocol version*/
FALCON_KEY_SIZE_E = -451, /* Wrong key size for Falcon. */
QUIC_TP_MISSING_E = -452, /* QUIC transport parameter missing */
DILITHIUM_KEY_SIZE_E = -453, /* Wrong key size for Dilithium. */
MLDSA_KEY_SIZE_E = -453, /* Wrong key size for ML-DSA. */
DTLS_CID_ERROR = -454, /* Wrong or missing CID */
DTLS_TOO_MANY_FRAGMENTS_E = -455, /* Received too many fragments */
QUIC_WRONG_ENC_LEVEL = -456, /* QUIC data received on wrong encryption level */
@@ -251,6 +251,12 @@ enum wolfSSL_ErrorCodes {
wc_static_assert((int)WC_LAST_E <= (int)WOLFSSL_LAST_E);
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
/* Legacy alias for code written against the pre-standardization
* Dilithium name. Will be removed alongside the dilithium.h shim. */
#define DILITHIUM_KEY_SIZE_E MLDSA_KEY_SIZE_E
#endif
/* I/O Callback default errors */
enum IOerrors {
WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */
+35 -36
View File
@@ -126,8 +126,8 @@
#ifdef HAVE_FALCON
#include <wolfssl/wolfcrypt/falcon.h>
#endif
#ifdef HAVE_DILITHIUM
#include <wolfssl/wolfcrypt/dilithium.h>
#ifdef WOLFSSL_HAVE_MLDSA
#include <wolfssl/wolfcrypt/wc_mldsa.h>
#endif
#ifdef HAVE_HKDF
#include <wolfssl/wolfcrypt/kdf.h>
@@ -1778,7 +1778,7 @@ enum Misc {
SM2_SA_MINOR = 8, /* Least significant byte for SM2 with SM3 */
FALCON_SA_MAJOR = 0xFE,/* Most significant byte used with falcon sig algs */
DILITHIUM_SA_MAJOR = 0x09,/* Most significant byte used with dilithium sig algs */
MLDSA_SA_MAJOR = 0x09,/* Most significant byte used with ML-DSA sig algs */
/* These values for falcon match what OQS has defined. */
FALCON_LEVEL1_SA_MAJOR = 0xFE,
@@ -1786,14 +1786,13 @@ enum Misc {
FALCON_LEVEL5_SA_MAJOR = 0xFE,
FALCON_LEVEL5_SA_MINOR = 0xDA,
/* these values for MLDSA (Dilithium) correspond to what is proposed in the
* IETF. */
DILITHIUM_LEVEL2_SA_MAJOR = 0x09,
DILITHIUM_LEVEL2_SA_MINOR = 0x04,
DILITHIUM_LEVEL3_SA_MAJOR = 0x09,
DILITHIUM_LEVEL3_SA_MINOR = 0x05,
DILITHIUM_LEVEL5_SA_MAJOR = 0x09,
DILITHIUM_LEVEL5_SA_MINOR = 0x06,
/* These values for ML-DSA correspond to what is proposed in the IETF. */
MLDSA_44_SA_MAJOR = 0x09,
MLDSA_44_SA_MINOR = 0x04,
MLDSA_65_SA_MAJOR = 0x09,
MLDSA_65_SA_MINOR = 0x05,
MLDSA_87_SA_MAJOR = 0x09,
MLDSA_87_SA_MINOR = 0x06,
MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
@@ -1894,7 +1893,7 @@ WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
/* number of items in the signature algo list */
#ifndef WOLFSSL_MAX_SIGALGO
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
/* If we are building with post-quantum algorithms, we likely want to
* inter-op with OQS's OpenSSL and they send a lot more sigalgs.
*/
@@ -1928,9 +1927,9 @@ WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
#define MIN_FALCONKEY_SZ 1281
#endif
#endif
#ifdef HAVE_DILITHIUM
#ifndef MIN_DILITHIUMKEY_SZ
#define MIN_DILITHIUMKEY_SZ 2528
#ifdef WOLFSSL_HAVE_MLDSA
#ifndef MIN_MLDSAKEY_SZ
#define MIN_MLDSAKEY_SZ 2528
#endif
#endif
@@ -1973,8 +1972,8 @@ WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
#endif
#ifndef MAX_X509_SIZE
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
#define MAX_X509_SIZE (8*1024) /* max static x509 buffer size; dilithium is big */
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
#define MAX_X509_SIZE (8*1024) /* max static x509 buffer size; ML-DSA is big */
#elif defined(WOLFSSL_HAPROXY)
#define MAX_X509_SIZE 3072 /* max static x509 buffer size */
#else
@@ -2689,8 +2688,8 @@ struct WOLFSSL_CERT_MANAGER {
#ifdef HAVE_FALCON
short minFalconKeySz; /* minimum allowed Falcon key size */
#endif
#ifdef HAVE_DILITHIUM
short minDilithiumKeySz; /* minimum allowed Dilithium key size */
#ifdef WOLFSSL_HAVE_MLDSA
short minMlDsaKeySz; /* minimum allowed ML-DSA key size */
#endif
#ifdef WC_ASN_UNKNOWN_EXT_CB
wc_UnknownExtCallback unknownExtCallback;
@@ -3989,7 +3988,7 @@ struct WOLFSSL_CTX {
byte haveDH:1; /* server DH params set by user */
byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
byte haveFalconSig:1; /* server cert signed w/ Falcon */
byte haveDilithiumSig:1;/* server cert signed w/ Dilithium */
byte haveMlDsaSig:1; /* server cert signed w/ ML-DSA */
byte haveStaticECC:1; /* static server ECC private key */
byte partialWrite:1; /* only one msg per write call */
byte autoRetry:1; /* retry read/write on a WANT_{READ|WRITE} */
@@ -4082,8 +4081,8 @@ struct WOLFSSL_CTX {
#ifdef HAVE_FALCON
short minFalconKeySz; /* minimum Falcon key size */
#endif
#ifdef HAVE_DILITHIUM
short minDilithiumKeySz;/* minimum Dilithium key size */
#ifdef WOLFSSL_HAVE_MLDSA
short minMlDsaKeySz; /* minimum ML-DSA key size */
#endif
unsigned long mask; /* store SSL_OP_ flags */
#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
@@ -4450,11 +4449,11 @@ enum KeyExchangeAlgorithm {
#define SIG_RSA 0x02
#define SIG_SM2 0x04
#define SIG_FALCON 0x08
#define SIG_DILITHIUM 0x10
#define SIG_MLDSA 0x10
#define SIG_ANON 0x20
/* SIG_ANON is omitted by default */
#define SIG_ALL (SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | \
SIG_DILITHIUM)
SIG_MLDSA)
/* Supported Authentication Schemes */
enum SignatureAlgorithm {
@@ -4468,9 +4467,9 @@ enum SignatureAlgorithm {
ed448_sa_algo = 11,
falcon_level1_sa_algo = 12,
falcon_level5_sa_algo = 13,
dilithium_level2_sa_algo = 14,
dilithium_level3_sa_algo = 15,
dilithium_level5_sa_algo = 16,
mldsa_44_sa_algo = 14,
mldsa_65_sa_algo = 15,
mldsa_87_sa_algo = 16,
sm2_sa_algo = 17,
any_sa_algo = 18,
ecc_brainpool_sa_algo = 19,
@@ -4521,7 +4520,7 @@ enum ClientCertificateType {
rsa_fixed_ecdh = 65,
ecdsa_fixed_ecdh = 66,
falcon_sign = 67,
dilithium_sign = 68,
mldsa_sign = 68,
};
@@ -5138,7 +5137,7 @@ struct Options {
word16 haveECDSAsig:1; /* server ECDSA signed cert */
word16 haveStaticECC:1; /* static server ECC private key */
word16 haveFalconSig:1; /* server Falcon signed cert */
word16 haveDilithiumSig:1; /* server Dilithium signed cert */
word16 haveMlDsaSig:1; /* server ML-DSA signed cert */
word16 havePeerCert:1; /* do we have peer's cert */
word16 havePeerVerify:1; /* and peer's cert verify */
word16 usingPSK_cipher:1; /* are using psk as cipher */
@@ -5329,8 +5328,8 @@ struct Options {
#if defined(HAVE_FALCON)
short minFalconKeySz; /* minimum Falcon key size */
#endif
#if defined(HAVE_DILITHIUM)
short minDilithiumKeySz;/* minimum Dilithium key size */
#if defined(WOLFSSL_HAVE_MLDSA)
short minMlDsaKeySz; /* minimum ML-DSA key size */
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
byte verifyDepth; /* maximum verification depth */
@@ -5544,7 +5543,7 @@ struct WOLFSSL_X509 {
int pubKeyOID;
DNS_entry* altNamesNext; /* hint for retrieval */
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
word32 pkCurveOID;
#endif
#ifndef NO_CERTS
@@ -6139,7 +6138,7 @@ struct WOLFSSL {
word32 hsType; /* Type of Handshake key (hsKey) */
WOLFSSL_CIPHER cipher;
#ifdef WOLFSSL_DUAL_ALG_CERTS
void* hsAltKey; /* Handshake key (dilithium, falcon)
void* hsAltKey; /* Handshake key (ML-DSA, falcon)
* allocated from heap */
word32 hsAltType; /* Type of Handshake key (hsAltKey) */
#endif
@@ -6261,9 +6260,9 @@ struct WOLFSSL {
falcon_key* peerFalconKey;
byte peerFalconKeyPresent;
#endif
#ifdef HAVE_DILITHIUM
dilithium_key* peerDilithiumKey;
byte peerDilithiumKeyPresent;
#ifdef WOLFSSL_HAVE_MLDSA
wc_MlDsaKey* peerMlDsaKey;
byte peerMlDsaKeyPresent;
#endif
#ifdef HAVE_LIBZ
z_stream c_stream; /* compression stream */
+22 -14
View File
@@ -79,8 +79,8 @@ that can be serialized and deserialized in a cross-platform way.
#ifdef HAVE_FALCON
#include <wolfssl/wolfcrypt/falcon.h>
#endif
#ifdef HAVE_DILITHIUM
#include <wolfssl/wolfcrypt/dilithium.h>
#ifdef WOLFSSL_HAVE_MLDSA
#include <wolfssl/wolfcrypt/wc_mldsa.h>
#endif
#ifndef NO_SHA
#include <wolfssl/wolfcrypt/sha.h>
@@ -883,8 +883,8 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
#endif
#endif
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
#define WC_MAX_CERT_VERIFY_SZ 6000 /* For Dilithium */
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
#define WC_MAX_CERT_VERIFY_SZ 6000 /* For ML-DSA */
#elif defined(WOLFSSL_CERT_EXT)
#define WC_MAX_CERT_VERIFY_SZ 2048 /* For larger extensions */
#elif !defined(NO_RSA) && defined(WC_MAX_RSA_BITS)
@@ -1547,7 +1547,7 @@ struct SignatureCtx {
#endif
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
!defined(NO_DSA) || defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
!defined(NO_DSA) || defined(WOLFSSL_HAVE_MLDSA) || defined(HAVE_FALCON) || \
defined(WOLFSSL_HAVE_SLHDSA) || defined(WOLFSSL_HAVE_LMS) || \
defined(WOLFSSL_HAVE_XMSS)
int verify;
@@ -1595,11 +1595,11 @@ struct SignatureCtx {
struct falcon_key* falcon;
#endif
#endif
#ifdef HAVE_DILITHIUM
#ifdef WOLFSSL_HAVE_MLDSA
#ifdef WOLFSSL_NO_MALLOC
dilithium_key dilithium[1];
wc_MlDsaKey mldsa[1];
#else
dilithium_key* dilithium;
wc_MlDsaKey* mldsa;
#endif
#endif
#ifdef WOLFSSL_HAVE_SLHDSA
@@ -1884,14 +1884,14 @@ struct DecodedCert {
#endif /* WOLFSSL_SUBJ_INFO_ACC */
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
defined(WOLFSSL_HAVE_MLDSA) || defined(HAVE_FALCON) || \
defined(WOLFSSL_HAVE_SLHDSA) || defined(WOLFSSL_HAVE_LMS) || \
defined(WOLFSSL_HAVE_XMSS)
word32 pkCurveOID; /* Public Key's curve OID */
#ifdef WOLFSSL_CUSTOM_CURVES
int pkCurveSize; /* Public Key's curve size */
#endif
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || HAVE_DILITHIUM ||
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || WOLFSSL_HAVE_MLDSA ||
* HAVE_FALCON || WOLFSSL_HAVE_SLHDSA || WOLFSSL_HAVE_LMS ||
* WOLFSSL_HAVE_XMSS */
const byte* beforeDate;
@@ -2759,9 +2759,9 @@ enum cert_enums {
DILITHIUM_LEVEL2_KEY = 18,
DILITHIUM_LEVEL3_KEY = 19,
DILITHIUM_LEVEL5_KEY = 20,
ML_DSA_LEVEL2_KEY = 21,
ML_DSA_LEVEL3_KEY = 22,
ML_DSA_LEVEL5_KEY = 23,
ML_DSA_44_KEY = 21,
ML_DSA_65_KEY = 22,
ML_DSA_87_KEY = 23,
SLH_DSA_SHA2_128S_KEY = 24,
SLH_DSA_SHA2_128F_KEY = 25,
SLH_DSA_SHA2_192S_KEY = 26,
@@ -2776,6 +2776,14 @@ enum cert_enums {
SLH_DSA_SHAKE_256F_KEY = 35
};
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will
* be removed alongside the dilithium.h shim. */
#define ML_DSA_LEVEL2_KEY ML_DSA_44_KEY
#define ML_DSA_LEVEL3_KEY ML_DSA_65_KEY
#define ML_DSA_LEVEL5_KEY ML_DSA_87_KEY
#endif
#endif /* WOLFSSL_CERT_GEN */
/* hashes type for asn */
@@ -3211,7 +3219,7 @@ WOLFSSL_TEST_VIS int wolfssl_local_MatchIpSubnet(const byte* ip, int ipSz,
|| (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
|| (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
|| (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
|| defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA))
|| defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || defined(WOLFSSL_HAVE_SLHDSA))
WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx,
word32 inSz, const byte** seed, word32* seedLen, const byte** privKey,
word32* privKeyLen, const byte** pubKey, word32* pubKeyLen,
+11 -3
View File
@@ -154,9 +154,9 @@ enum CertType {
DILITHIUM_LEVEL2_TYPE,
DILITHIUM_LEVEL3_TYPE,
DILITHIUM_LEVEL5_TYPE,
ML_DSA_LEVEL2_TYPE,
ML_DSA_LEVEL3_TYPE,
ML_DSA_LEVEL5_TYPE,
ML_DSA_44_TYPE,
ML_DSA_65_TYPE,
ML_DSA_87_TYPE,
SLH_DSA_SHA2_128S_TYPE,
SLH_DSA_SHA2_128F_TYPE,
SLH_DSA_SHA2_192S_TYPE,
@@ -175,6 +175,14 @@ enum CertType {
TRUSTED_CERT_TYPE
};
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will
* be removed alongside the dilithium.h shim. */
#define ML_DSA_LEVEL2_TYPE ML_DSA_44_TYPE
#define ML_DSA_LEVEL3_TYPE ML_DSA_65_TYPE
#define ML_DSA_LEVEL5_TYPE ML_DSA_87_TYPE
#endif
enum Ctc_Encoding {
CTC_UTF8 = 0x0c, /* utf8 */
+5 -5
View File
@@ -80,8 +80,8 @@
#ifdef WOLFSSL_HAVE_MLKEM
#include <wolfssl/wolfcrypt/wc_mlkem.h>
#endif
#if defined(HAVE_DILITHIUM)
#include <wolfssl/wolfcrypt/dilithium.h>
#if defined(WOLFSSL_HAVE_MLDSA)
#include <wolfssl/wolfcrypt/wc_mldsa.h>
#endif
#if defined(HAVE_FALCON)
#include <wolfssl/wolfcrypt/falcon.h>
@@ -315,7 +315,7 @@ typedef struct wc_CryptoInfo {
int type; /* enum wc_PqcKemType */
} pqc_decaps;
#endif
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || \
defined(WOLFSSL_HAVE_SLHDSA)
struct {
WC_RNG* rng;
@@ -780,7 +780,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext,
int type, void* key);
#endif /* WOLFSSL_HAVE_MLKEM */
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || \
defined(WOLFSSL_HAVE_SLHDSA)
WOLFSSL_LOCAL int wc_CryptoCb_PqcSigGetDevId(int type, void* key);
@@ -797,7 +797,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen,
WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
const byte* pubKey, word32 pubKeySz);
#endif /* HAVE_FALCON || HAVE_DILITHIUM || WOLFSSL_HAVE_SLHDSA */
#endif /* HAVE_FALCON || WOLFSSL_HAVE_MLDSA || WOLFSSL_HAVE_SLHDSA */
#ifndef NO_AES
#ifdef HAVE_AESGCM
+108 -19
View File
@@ -57,6 +57,26 @@
* written against the pre-standardization API keeps compiling. Suppressed
* by defining WOLFSSL_NO_DILITHIUM_LEGACY_NAMES.
*
* WOLFSSL_NO_DILITHIUM_LEGACY_NAMES additionally suppresses several
* identifier families that share its opt-out gate but are not
* defined inside this header:
*
* - `ML_DSA_LEVEL{2,3,5}_TYPE` / `_KEY` / `k`, `CTC_ML_DSA_LEVEL{2,3,5}`
* aliases in <wolfssl/wolfcrypt/asn_public.h>,
* <wolfssl/wolfcrypt/asn.h>, <wolfssl/wolfcrypt/oid_sum.h>.
* These were spelled in ML-DSA form on master but used the
* pre-standardization NIST-security-category numbering (2/3/5)
* rather than the FIPS 204 parameter-set numbers (44/65/87).
*
* - The `DILITHIUM_KEY_SIZE_E` error-code alias in
* <wolfssl/error-ssl.h>.
*
* - The three per-parameter-set size-constant alias families
* (`ML_DSA_LEVEL{2,3,5}_*_SIZE`,
* `DILITHIUM_LEVEL{2,3,5}_*_SIZE`,
* `DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`) defined immediately
* below in this header.
*
* New code must include <wolfssl/wolfcrypt/wc_mldsa.h> directly and use
* the wc_MlDsaKey / wc_MlDsaKey_* / WOLFSSL_MLDSA_* names. */
@@ -71,7 +91,10 @@
* <wolfssl/wolfcrypt/settings.h> so that header sees the canonical
* spelling without going through dilithium.h. The block below covers
* the remaining sub-gates, all of which are read only by wc_mldsa.h /
* wc_mldsa.c (which transitively include this file first). */
* wc_mldsa.c. wc_mldsa.h pulls this file in at its own top (see the
* #include block in <wolfssl/wolfcrypt/wc_mldsa.h>) so the forward arm
* fires before wc_mldsa.h reads any canonical gate -- including when
* wc_mldsa.h is reached transitively via <asn.h> / <asn_public.h>. */
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_GATES
@@ -267,6 +290,46 @@
#endif /* !WOLFSSL_NO_DILITHIUM_LEGACY_GATES */
/* === Derived canonical gates ========================================== */
/* Derive secondary canonical gates from the primary NO_* gates. Lives in
* this file (rather than in wc_mldsa.h alongside the struct definition)
* so the reverse arm at the bottom of this file sees the derived set
* fully populated without needing wc_mldsa.h to finish parsing first.
* wc_mldsa.h includes this file at its top, so by the time control
* returns from that include the gates are already set and wc_mldsa.h's
* struct definition / conditional declarations read them directly. */
#if defined(WOLFSSL_HAVE_MLDSA)
#if defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY) && \
!defined(WOLFSSL_MLDSA_VERIFY_ONLY)
#define WOLFSSL_MLDSA_VERIFY_ONLY
#endif
#ifdef WOLFSSL_MLDSA_VERIFY_ONLY
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
#define WOLFSSL_MLDSA_NO_MAKE_KEY
#endif
#ifndef WOLFSSL_MLDSA_NO_SIGN
#define WOLFSSL_MLDSA_NO_SIGN
#endif
#endif
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
#define WOLFSSL_MLDSA_PUBLIC_KEY
#endif
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
!defined(WOLFSSL_MLDSA_NO_SIGN)
#define WOLFSSL_MLDSA_PRIVATE_KEY
#endif
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_CHECK_KEY) && \
!defined(WOLFSSL_MLDSA_CHECK_KEY)
#define WOLFSSL_MLDSA_CHECK_KEY
#endif
#endif /* WOLFSSL_HAVE_MLDSA */
/* === wc_mldsa.h is now reachable with canonical gates correctly set === */
#include <wolfssl/wolfcrypt/wc_mldsa.h>
@@ -397,27 +460,53 @@
* dlsym() or callback tables that key off the legacy spelling will see the
* canonical name in the resulting pointer. */
#define wc_dilithium_init_ex wc_MlDsaKey_Init
#define wc_dilithium_init_id wc_MlDsaKey_InitId
#define wc_dilithium_init_label wc_MlDsaKey_InitLabel
#define wc_dilithium_new wc_MlDsaKey_New
#define wc_dilithium_delete wc_MlDsaKey_Delete
#ifdef WOLF_PRIVATE_KEY_ID
#define wc_dilithium_init_id wc_MlDsaKey_InitId
#define wc_dilithium_init_label wc_MlDsaKey_InitLabel
#endif
#ifndef WC_NO_CONSTRUCTORS
#define wc_dilithium_new wc_MlDsaKey_New
#define wc_dilithium_delete wc_MlDsaKey_Delete
#endif
#define wc_dilithium_free wc_MlDsaKey_Free
#define wc_dilithium_set_level wc_MlDsaKey_SetParams
#define wc_dilithium_get_level wc_MlDsaKey_GetParams
#define wc_dilithium_make_key wc_MlDsaKey_MakeKey
#define wc_dilithium_make_key_from_seed wc_MlDsaKey_MakeKeyFromSeed
#define wc_dilithium_size wc_MlDsaKey_Size
#define wc_dilithium_priv_size wc_MlDsaKey_PrivSize
#define wc_dilithium_pub_size wc_MlDsaKey_PubSize
#define wc_dilithium_sig_size wc_MlDsaKey_SigSize
#define wc_dilithium_check_key wc_MlDsaKey_CheckKey
#define wc_dilithium_export_public wc_MlDsaKey_ExportPubRaw
#define wc_dilithium_export_private wc_MlDsaKey_ExportPrivRaw
#define wc_dilithium_export_private_only wc_MlDsaKey_ExportPrivRaw
#define wc_dilithium_export_key wc_MlDsaKey_ExportKey
#define wc_Dilithium_PublicKeyToDer wc_MlDsaKey_PublicKeyToDer
#define wc_Dilithium_PrivateKeyToDer wc_MlDsaKey_PrivateKeyToDer
#define wc_Dilithium_KeyToDer wc_MlDsaKey_KeyToDer
#ifndef WOLFSSL_MLDSA_VERIFY_ONLY
#define wc_dilithium_make_key wc_MlDsaKey_MakeKey
#define wc_dilithium_make_key_from_seed wc_MlDsaKey_MakeKeyFromSeed
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
#define wc_dilithium_size wc_MlDsaKey_Size
#endif
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && defined(WOLFSSL_MLDSA_PUBLIC_KEY)
#define wc_dilithium_priv_size wc_MlDsaKey_PrivSize
#endif
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
#define wc_dilithium_pub_size wc_MlDsaKey_PubSize
#endif
#if !defined(WOLFSSL_MLDSA_NO_SIGN) || !defined(WOLFSSL_MLDSA_NO_VERIFY)
#define wc_dilithium_sig_size wc_MlDsaKey_SigSize
#endif
#ifdef WOLFSSL_MLDSA_CHECK_KEY
#define wc_dilithium_check_key wc_MlDsaKey_CheckKey
#endif
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
#define wc_dilithium_export_public wc_MlDsaKey_ExportPubRaw
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
#define wc_dilithium_export_private wc_MlDsaKey_ExportPrivRaw
#define wc_dilithium_export_private_only wc_MlDsaKey_ExportPrivRaw
#define wc_dilithium_export_key wc_MlDsaKey_ExportKey
#endif
#ifndef WOLFSSL_MLDSA_NO_ASN1
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
#define wc_Dilithium_PublicKeyToDer wc_MlDsaKey_PublicKeyToDer
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
#define wc_Dilithium_PrivateKeyToDer wc_MlDsaKey_PrivateKeyToDer
#define wc_Dilithium_KeyToDer wc_MlDsaKey_KeyToDer
#endif
#endif /* !WOLFSSL_MLDSA_NO_ASN1 */
/* Legacy default-args / arg-reorder wrappers. The legacy form takes the key
* pointer last (or near last); the FIPS 204 / ML-KEM convention used by the
+28 -12
View File
@@ -191,11 +191,11 @@ enum Key_Sum {
/* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */
DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */
ML_DSA_LEVEL2k = 431, /* 2.16.840.1.101.3.4.3.17 */
ML_DSA_44k = 431, /* 2.16.840.1.101.3.4.3.17 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */
ML_DSA_LEVEL3k = 432, /* 2.16.840.1.101.3.4.3.18 */
ML_DSA_65k = 432, /* 2.16.840.1.101.3.4.3.18 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
ML_DSA_LEVEL5k = 433, /* 2.16.840.1.101.3.4.3.19 */
ML_DSA_87k = 433, /* 2.16.840.1.101.3.4.3.19 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
SLH_DSA_SHA2_128Sk = 434, /* 2.16.840.1.101.3.4.3.20 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
@@ -262,11 +262,11 @@ enum Key_Sum {
/* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */
DILITHIUM_LEVEL5k = 0x707b0cd9, /* 1.3.6.1.4.1.2.267.12.8.7 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */
ML_DSA_LEVEL2k = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */
ML_DSA_44k = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */
ML_DSA_LEVEL3k = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
ML_DSA_65k = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
ML_DSA_LEVEL5k = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
ML_DSA_87k = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
SLH_DSA_SHA2_128Sk = 0x7db37aee, /* 2.16.840.1.101.3.4.3.20 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
@@ -300,6 +300,14 @@ enum Key_Sum {
#endif
};
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will
* be removed alongside the dilithium.h shim. */
#define ML_DSA_LEVEL2k ML_DSA_44k
#define ML_DSA_LEVEL3k ML_DSA_65k
#define ML_DSA_LEVEL5k ML_DSA_87k
#endif
enum KeyWrap_Sum {
#ifdef WOLFSSL_OLD_OID_SUM
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05 */
@@ -1611,11 +1619,11 @@ enum Ctc_SigType {
/* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */
CTC_DILITHIUM_LEVEL5 = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */
CTC_ML_DSA_LEVEL2 = 431, /* 2.16.840.1.101.3.4.3.17 */
CTC_ML_DSA_44 = 431, /* 2.16.840.1.101.3.4.3.17 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */
CTC_ML_DSA_LEVEL3 = 432, /* 2.16.840.1.101.3.4.3.18 */
CTC_ML_DSA_65 = 432, /* 2.16.840.1.101.3.4.3.18 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
CTC_ML_DSA_LEVEL5 = 433, /* 2.16.840.1.101.3.4.3.19 */
CTC_ML_DSA_87 = 433, /* 2.16.840.1.101.3.4.3.19 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
CTC_SLH_DSA_SHA2_128S = 434, /* 2.16.840.1.101.3.4.3.20 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
@@ -1710,11 +1718,11 @@ enum Ctc_SigType {
/* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */
CTC_DILITHIUM_LEVEL5 = 0x707b0cd9, /* 1.3.6.1.4.1.2.267.12.8.7 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */
CTC_ML_DSA_LEVEL2 = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */
CTC_ML_DSA_44 = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */
CTC_ML_DSA_LEVEL3 = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
CTC_ML_DSA_65 = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
CTC_ML_DSA_LEVEL5 = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
CTC_ML_DSA_87 = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
CTC_SLH_DSA_SHA2_128S = 0x7db37aee, /* 2.16.840.1.101.3.4.3.20 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
@@ -1748,6 +1756,14 @@ enum Ctc_SigType {
#endif
};
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will
* be removed alongside the dilithium.h shim. */
#define CTC_ML_DSA_LEVEL2 CTC_ML_DSA_44
#define CTC_ML_DSA_LEVEL3 CTC_ML_DSA_65
#define CTC_ML_DSA_LEVEL5 CTC_ML_DSA_87
#endif
enum PKCS7_TYPES {
#ifdef WOLFSSL_OLD_OID_SUM
/* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07 */
+3 -2
View File
@@ -396,8 +396,9 @@
* gencertbuf.pl with zero #include directives, so a TU can pull it in
* (transitively, via <wolfssl/ssl.h> etc.) without ever including
* dilithium.h. The remaining ML-DSA sub-gates are read only from
* wc_mldsa.h / wc_mldsa.c, both of which transitively pull in
* dilithium.h first; their forward translations live there.
* wc_mldsa.h / wc_mldsa.c; wc_mldsa.c includes dilithium.h before
* asn.h so the canonical names are set before wc_mldsa.h is first
* parsed via either route. Their forward translations live there.
* Suppressible by defining WOLFSSL_NO_DILITHIUM_LEGACY_GATES. */
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_GATES
#ifdef WOLFSSL_DILITHIUM_NO_SIGN
+9 -9
View File
@@ -1564,7 +1564,7 @@ enum wc_PkType {
#undef _WC_PK_TYPE_MAX
#define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_KEM_DECAPS
#endif
#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
#if defined(WOLFSSL_HAVE_MLDSA) || defined(HAVE_FALCON) || \
defined(WOLFSSL_HAVE_SLHDSA)
WC_PK_TYPE_PQC_SIG_KEYGEN = 21,
WC_PK_TYPE_PQC_SIG_SIGN = 22,
@@ -1606,13 +1606,13 @@ enum wc_PkType {
#define WC_PQC_KEM_TYPE_KYBER WC_PQC_KEM_TYPE_MLKEM
#endif
#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
#if defined(WOLFSSL_HAVE_MLDSA) || defined(HAVE_FALCON) || \
defined(WOLFSSL_HAVE_SLHDSA)
/* Post quantum signature algorithms */
enum wc_PqcSignatureType {
WC_PQC_SIG_TYPE_NONE = 0,
#define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_NONE
#if defined(HAVE_DILITHIUM)
#if defined(WOLFSSL_HAVE_MLDSA)
WC_PQC_SIG_TYPE_MLDSA = 1,
#undef _WC_PQC_SIG_TYPE_MAX
#define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_MLDSA
@@ -1630,7 +1630,7 @@ enum wc_PkType {
WC_PQC_SIG_TYPE_MAX = _WC_PQC_SIG_TYPE_MAX
};
#if defined(HAVE_DILITHIUM)
#if defined(WOLFSSL_HAVE_MLDSA)
/* Pre-standardization name retained for backwards compatibility. */
#define WC_PQC_SIG_TYPE_DILITHIUM WC_PQC_SIG_TYPE_MLDSA
#endif
@@ -2379,7 +2379,7 @@ enum Max_ASN {
/* Largest raw SLH-DSA signature (SHAKE-256f) is 49856 bytes; round up
* to leave headroom for ASN.1 wrapping (BIT STRING tag + length). */
MAX_ENCODED_SIG_SZ = 51200,
#elif defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
#elif defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
MAX_ENCODED_SIG_SZ = 5120,
#elif !defined(NO_RSA)
#if defined(USE_FAST_MATH) && defined(FP_MAX_BITS)
@@ -2418,8 +2418,8 @@ enum Max_ASN {
MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ +
MAX_VERSION_SZ, /* Maximum size of a DSA Private
key taken from DsaKeyIntsToDer. */
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of a Dilithium public key. */
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of an ML-DSA public key. */
#endif
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
@@ -2430,13 +2430,13 @@ enum Max_ASN {
/* Maximum DER digest ASN header size */
/* Max X509 header length indicates the
* max length + 2 ('\n', '\0') */
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA)
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || defined(WOLFSSL_HAVE_SLHDSA)
MAX_X509_HEADER_SZ = (48 + 2), /* Maximum PEM Header/Footer Size */
#else
MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */
#endif
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
MAX_PUBLIC_KEY_SZ = MAX_PQC_PUBLIC_KEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
#else
MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
+21 -31
View File
@@ -54,39 +54,29 @@
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
/* TEMPORARY: pull in the legacy compatibility shim so its forward-arm
* sub-config gate translation (legacy WOLFSSL_DILITHIUM_* /
* WC_DILITHIUM_* -> canonical WOLFSSL_MLDSA_* / WC_MLDSA_*) and the
* derivation of secondary canonical gates (WOLFSSL_MLDSA_VERIFY_ONLY,
* _PUBLIC_KEY, _PRIVATE_KEY, _CHECK_KEY) run before this header's
* struct definition and conditional declarations are parsed. Required
* because this header is reachable via <asn.h> / <asn_public.h>
* without going through dilithium.h, and any gate that affects
* wc_MlDsaKey struct layout (e.g. WOLFSSL_MLDSA_DYNAMIC_KEYS) must be
* normalized to its canonical spelling in every TU before the struct
* is parsed -- otherwise TUs disagree about sizeof / field offsets.
*
* The recursive #include of this file from dilithium.h is a no-op
* (header guard above is already set); dilithium.h's reverse arm and
* legacy aliases see the derived gates because the derivation in
* dilithium.h runs before that recursive include returns.
*
* To be removed alongside <wolfssl/wolfcrypt/dilithium.h> when the
* legacy compatibility shim is dropped. */
#include <wolfssl/wolfcrypt/dilithium.h>
#if defined(WOLFSSL_HAVE_MLDSA)
#if defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY) && \
!defined(WOLFSSL_MLDSA_VERIFY_ONLY)
#define WOLFSSL_MLDSA_VERIFY_ONLY
#endif
#ifdef WOLFSSL_MLDSA_VERIFY_ONLY
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
#define WOLFSSL_MLDSA_NO_MAKE_KEY
#endif
#ifndef WOLFSSL_MLDSA_NO_SIGN
#define WOLFSSL_MLDSA_NO_SIGN
#endif
#endif
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
#define WOLFSSL_MLDSA_PUBLIC_KEY
#endif
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
!defined(WOLFSSL_MLDSA_NO_SIGN)
#define WOLFSSL_MLDSA_PRIVATE_KEY
#endif
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_CHECK_KEY) && \
!defined(WOLFSSL_MLDSA_CHECK_KEY)
#define WOLFSSL_MLDSA_CHECK_KEY
#endif
#include <wolfssl/wolfcrypt/sha3.h>
#ifndef WOLFSSL_MLDSA_VERIFY_ONLY
#include <wolfssl/wolfcrypt/random.h>