mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:10:48 +02:00
Merge pull request #10516 from Frauschi/mldsa_rename
Finalize ML-DSA renaming
This commit is contained in:
@@ -19,15 +19,15 @@ jobs:
|
||||
matrix:
|
||||
config: [
|
||||
# Add new configs here
|
||||
'--disable-shared --enable-dilithium --enable-mlkem CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=undefined" CPPFLAGS="-DWOLFSSL_DILITHIUM_ALIGNMENT=4"',
|
||||
'--disable-shared --enable-dilithium --enable-mlkem CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=undefined" CPPFLAGS="-DWOLFSSL_MLDSA_ALIGNMENT=4"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS="-DWOLFSSL_ML_KEM_USE_OLD_IDS"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-tls-mlkem-standalone --enable-extra-pqc-hybrids --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"',
|
||||
'--enable-intelasm --enable-sp-math --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --disable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-tls-mlkem-standalone --enable-extra-pqc-hybrids --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"',
|
||||
'--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++',
|
||||
'--disable-intelasm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"',
|
||||
'--disable-intelasm --enable-smallstack --enable-smallstackcache --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"',
|
||||
'--disable-intelasm --enable-all --disable-mlkem --enable-lms=yes,small,verify-only --enable-xmss=yes,small,verify-only --enable-slhdsa=yes,small,verify-only --enable-dilithium=yes,small,verify-only --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"',
|
||||
'--disable-intelasm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM -DWOLFSSL_MLDSA_NO_LARGE_CODE"',
|
||||
'--disable-intelasm --enable-smallstack --enable-smallstackcache --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM -DWOLFSSL_MLDSA_NO_LARGE_CODE"',
|
||||
'--disable-intelasm --enable-all --disable-mlkem --enable-lms=yes,small,verify-only --enable-xmss=yes,small,verify-only --enable-slhdsa=yes,small,verify-only --enable-dilithium=yes,small,verify-only --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_NO_LARGE_CODE"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,512 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
|
||||
@@ -37,9 +37,9 @@ jobs:
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium=yes,no-ctx --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem,cache-a CPPFLAGS="-DWOLFSSL_MLKEM_DYNAMIC_KEYS"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-dilithium=yes CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
|
||||
'--disable-intelasm --enable-dilithium=yes,small CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
|
||||
'--disable-intelasm --enable-dilithium=44,65,87,verify-only CPPFLAGS="-DWOLFSSL_DILITHIUM_DYNAMIC_KEYS"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-dilithium=yes CPPFLAGS="-DWOLFSSL_MLDSA_DYNAMIC_KEYS"',
|
||||
'--disable-intelasm --enable-dilithium=yes,small CPPFLAGS="-DWOLFSSL_MLDSA_DYNAMIC_KEYS"',
|
||||
'--disable-intelasm --enable-dilithium=44,65,87,verify-only CPPFLAGS="-DWOLFSSL_MLDSA_DYNAMIC_KEYS"',
|
||||
]
|
||||
name: make check
|
||||
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
|
||||
|
||||
@@ -19,16 +19,16 @@ jobs:
|
||||
matrix:
|
||||
config: [
|
||||
# Add new configs here
|
||||
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa=yes,small --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_ALIGNMENT=0 -DWC_XMSS_FULL_HASH -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa=yes,small --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_ALIGNMENT=0 -DWC_XMSS_FULL_HASH -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa=yes,draft --enable-lms --enable-xmss CPPFLAGS="-DWC_LMS_FULL_HASH -DWOLFSSL_LMS_LARGE_CACHES -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa=yes,no-ctx --enable-lms=yes,small --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_XMSS_LARGE_SECRET_KEY -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC -DWOLFSSL_WC_LMS_SERIALIZE_STATE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A -DWOLFSSL_WC_XMSS_NO_SHA512 -DWOLFSSL_LMS_NO_SIG_CACHE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128 -Wcast-qual"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa=yes,verify-only --enable-lms=yes,small,sha256-192,shake256 --enable-xmss=yes,verify-only CPPFLAGS="-DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_NO_MALLOC -DWOLFSSL_DILITHIUM_SMALL_MEM_POLY64 -DWOLFSSL_WC_XMSS_NO_SHAKE128 -DWOLFSSL_WC_XMSS_NO_SHAKE256 -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-slhdsa=yes,small --enable-mldsa --enable-lms --enable-xmss=yes,small CPPFLAGS="-DWC_DILITHIUM_CACHE_MATRIX_A -DWOLFSSL_LMS_NO_SIGN_SMOOTHING -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code --enable-slhdsa=yes,small-mem --enable-mldsa --enable-lms=yes,sha256-192,shake256 --enable-xmss CPPFLAGS="-DWOLFSSL_DILITHIUM_NO_LARGE_CODE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa --enable-lms=yes,verify-only --enable-xmss CPPFLAGS="-DWC_DILITHIUM_CACHE_PRIV_VECTORS -DWC_DILITHIUM_CACHE_PUB_VECTORS -DWOLFSSL_DILITHIUM_DYNAMIC_KEYS -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,verify-only --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_ASN1 -DWOLFSSL_DILITHIUM_ALIGNMENT=0 -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
|
||||
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa=yes,no-ctx --enable-lms=yes,small --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM -DWOLFSSL_XMSS_LARGE_SECRET_KEY -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC -DWOLFSSL_WC_LMS_SERIALIZE_STATE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_SIGN_SMALL_MEM -DWOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC_A -DWOLFSSL_WC_XMSS_NO_SHA512 -DWOLFSSL_LMS_NO_SIG_CACHE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128 -Wcast-qual"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,sha2 --enable-mldsa=yes,verify-only --enable-lms=yes,small,sha256-192,shake256 --enable-xmss=yes,verify-only CPPFLAGS="-DWOLFSSL_MLDSA_VERIFY_SMALL_MEM -DWOLFSSL_MLDSA_VERIFY_NO_MALLOC -DWOLFSSL_MLDSA_SMALL_MEM_POLY64 -DWOLFSSL_WC_XMSS_NO_SHAKE128 -DWOLFSSL_WC_XMSS_NO_SHAKE256 -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-slhdsa=yes,small --enable-mldsa --enable-lms --enable-xmss=yes,small CPPFLAGS="-DWC_MLDSA_CACHE_MATRIX_A -DWOLFSSL_LMS_NO_SIGN_SMOOTHING -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code --enable-slhdsa=yes,small-mem --enable-mldsa --enable-lms=yes,sha256-192,shake256 --enable-xmss CPPFLAGS="-DWOLFSSL_MLDSA_NO_LARGE_CODE -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa --enable-mldsa --enable-lms=yes,verify-only --enable-xmss CPPFLAGS="-DWC_MLDSA_CACHE_PRIV_VECTORS -DWC_MLDSA_CACHE_PUB_VECTORS -DWOLFSSL_MLDSA_DYNAMIC_KEYS -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-slhdsa=yes,verify-only --enable-mldsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLDSA_NO_ASN1 -DWOLFSSL_MLDSA_ALIGNMENT=0 -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
|
||||
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-slhdsa --enable-lms --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
|
||||
]
|
||||
name: build library
|
||||
|
||||
@@ -2939,6 +2939,7 @@ if(WOLFSSL_EXAMPLES)
|
||||
tests/api/test_ed448.c
|
||||
tests/api/test_mlkem.c
|
||||
tests/api/test_mldsa.c
|
||||
tests/api/test_mldsa_legacy.c
|
||||
tests/api/test_slhdsa.c
|
||||
tests/api/test_signature.c
|
||||
tests/api/test_dtls.c
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,8 +0,0 @@
|
||||
# vim:ft=automake
|
||||
# All paths should be given relative to the root
|
||||
#
|
||||
|
||||
EXTRA_DIST += \
|
||||
certs/dilithium/bench_dilithium_level2_key.der \
|
||||
certs/dilithium/bench_dilithium_level3_key.der \
|
||||
certs/dilithium/bench_dilithium_level5_key.der
|
||||
@@ -160,7 +160,6 @@ include certs/test-serial0/include.am
|
||||
include certs/intermediate/include.am
|
||||
include certs/falcon/include.am
|
||||
include certs/rsapss/include.am
|
||||
include certs/dilithium/include.am
|
||||
include certs/slhdsa/include.am
|
||||
include certs/lms/include.am
|
||||
include certs/xmss/include.am
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -33,4 +33,10 @@ EXTRA_DIST += \
|
||||
certs/mldsa/mldsa65-cert.der \
|
||||
certs/mldsa/mldsa87-key.pem \
|
||||
certs/mldsa/mldsa87-cert.pem \
|
||||
certs/mldsa/mldsa87-cert.der
|
||||
certs/mldsa/mldsa87-cert.der \
|
||||
certs/mldsa/bench_mldsa_44_key.der \
|
||||
certs/mldsa/bench_mldsa_44_pubkey.der \
|
||||
certs/mldsa/bench_mldsa_65_key.der \
|
||||
certs/mldsa/bench_mldsa_65_pubkey.der \
|
||||
certs/mldsa/bench_mldsa_87_key.der \
|
||||
certs/mldsa/bench_mldsa_87_pubkey.der
|
||||
|
||||
+130
-131
@@ -41,6 +41,16 @@ the legacy API.
|
||||
| `DILITHIUM_LEVEL{2,3,5}_*_SIZE`, `ML_DSA_LEVEL{2,3,5}_*_SIZE`, `DILITHIUM_ML_DSA_{44,65,87}_*_SIZE` | `WC_MLDSA_{44,65,87}_*_SIZE` |
|
||||
| `DEBUG_DILITHIUM` | `DEBUG_MLDSA` |
|
||||
|
||||
The three legacy size-constant families
|
||||
(`DILITHIUM_LEVEL{2,3,5}_*_SIZE`, `ML_DSA_LEVEL{2,3,5}_*_SIZE`,
|
||||
`DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`) remain reachable through the
|
||||
dilithium.h shim as `#define`-style aliases for the canonical
|
||||
`WC_MLDSA_{44,65,87}_*_SIZE` family — eight spellings per parameter
|
||||
set (`KEY_SIZE`, `PRV_KEY_SIZE`, `PUB_KEY_SIZE`, `SIG_SIZE`,
|
||||
`PRV_KEY_DER_SIZE`, `PUB_KEY_DER_SIZE`, `BOTH_KEY_DER_SIZE`,
|
||||
`BOTH_KEY_PEM_SIZE`). All of them are gated on
|
||||
`!defined(WOLFSSL_NO_DILITHIUM_LEGACY_NAMES)`.
|
||||
|
||||
The `WC_ML_DSA_{44,65,87}` / `WC_ML_DSA_{44,65,87}_DRAFT` / `WC_ML_DSA_DRAFT`
|
||||
public level identifiers and the `PARAMS_ML_DSA_{44,65,87}_*`
|
||||
per-parameter-set internal constants intentionally **keep** their
|
||||
@@ -85,6 +95,60 @@ projects.
|
||||
|
||||
The configure summary echoes `ML-DSA: yes` rather than `DILITHIUM: yes`.
|
||||
|
||||
### Public error-code rename
|
||||
|
||||
The error-code enumerator in `wolfssl/error-ssl.h` was renamed:
|
||||
|
||||
| Legacy | Canonical | Numeric value |
|
||||
|-------------------------|----------------------|---------------|
|
||||
| `DILITHIUM_KEY_SIZE_E` | `MLDSA_KEY_SIZE_E` | `-453` (unchanged) |
|
||||
|
||||
The numeric value is unchanged, so any code that compares against the
|
||||
literal `-453` (or stores the value) continues to work. Code that
|
||||
references the symbol by name is covered by a legacy `#define
|
||||
DILITHIUM_KEY_SIZE_E MLDSA_KEY_SIZE_E` alias, gated on
|
||||
`!defined(WOLFSSL_NO_DILITHIUM_LEGACY_NAMES)`. The error string returned
|
||||
by `wolfSSL_ERR_reason_error_string` is now `"Wrong key size for
|
||||
ML-DSA."`.
|
||||
|
||||
### Public ASN.1 / OID identifier renames
|
||||
|
||||
The pre-standardization `LEVEL2/3/5` spellings of the ML-DSA public ASN.1
|
||||
key-type, certificate-type, and OID enumerators were renamed to match
|
||||
the FIPS 204 parameter-set numbers (44 / 65 / 87), and to match the
|
||||
existing `WC_MLDSA_{44,65,87}_*_SIZE` / `BENCH_ML_DSA_{44,65,87}_SIGN`
|
||||
spellings:
|
||||
|
||||
| Legacy | Canonical | Defined in |
|
||||
|------------------------------|------------------------|------------|
|
||||
| `ML_DSA_LEVEL{2,3,5}_TYPE` | `ML_DSA_{44,65,87}_TYPE` | `wolfssl/wolfcrypt/asn_public.h` (`enum CertType`) |
|
||||
| `ML_DSA_LEVEL{2,3,5}_KEY` | `ML_DSA_{44,65,87}_KEY` | `wolfssl/wolfcrypt/asn.h` (cert-gen key type) |
|
||||
| `ML_DSA_LEVEL{2,3,5}k` | `ML_DSA_{44,65,87}k` | `wolfssl/wolfcrypt/oid_sum.h` (`enum Key_Sum`) |
|
||||
| `CTC_ML_DSA_LEVEL{2,3,5}` | `CTC_ML_DSA_{44,65,87}` | `wolfssl/wolfcrypt/oid_sum.h` (`enum Ctc_SigType`) |
|
||||
|
||||
All four families keep their numeric values (e.g. `ML_DSA_44k` is still
|
||||
`431`), so ABI is preserved. Source-level back-compat for unmigrated
|
||||
consumers is provided by `#define`-style legacy aliases next to each
|
||||
enum, gated on `!defined(WOLFSSL_NO_DILITHIUM_LEGACY_NAMES)` (the same
|
||||
gate as the rest of the dilithium.h shim — see header comment in
|
||||
`<wolfssl/wolfcrypt/dilithium.h>` for the gate's full coverage).
|
||||
|
||||
The `DILITHIUM_LEVEL{2,3,5}k` / `CTC_DILITHIUM_LEVEL{2,3,5}` /
|
||||
`DILITHIUM_LEVEL{2,3,5}_TYPE` / `DILITHIUM_LEVEL{2,3,5}_KEY`
|
||||
pre-standardization (NIST PQC round 3) enumerators are intentionally
|
||||
**not** renamed: they identify a distinct draft-era OID surface and
|
||||
coexist with the FIPS 204 entries in the same enum. For the same reason
|
||||
the `"Dilithium Level {2,3,5}"` OID-name labels in
|
||||
`wolfssl_object_info[]` (`src/ssl.c`) are kept under the Dilithium name
|
||||
and coexist with parallel `"ML-DSA {44,65,87}"` rows.
|
||||
|
||||
The PEM header / footer markers used by `wc_MlDsaKey_*` PEM
|
||||
import/export (`"-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----"`, etc.) are
|
||||
**intentionally unchanged** — the string contents are a serialization
|
||||
format and renaming them would break PEM files written by older
|
||||
wolfSSL. The C identifier names (`BEGIN_ML_DSA_LEVEL{2,3,5}_PRIV`,
|
||||
`END_*`) are likewise unchanged.
|
||||
|
||||
### OpenSSL compatibility
|
||||
|
||||
The OpenSSL-compat enum value `WC_EVP_PKEY_DILITHIUM` and macro
|
||||
@@ -115,7 +179,10 @@ migration), define one or both of:
|
||||
|
||||
- `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES` — suppresses the legacy
|
||||
`dilithium_key` / `wc_dilithium_*` / `wc_Dilithium_*` macro / inline
|
||||
aliases.
|
||||
aliases, the `ML_DSA_LEVEL{2,3,5}*` / `CTC_ML_DSA_LEVEL{2,3,5}` /
|
||||
`DILITHIUM_KEY_SIZE_E` enum aliases, and the legacy size-constant
|
||||
family (`DILITHIUM_LEVEL{2,3,5}_*_SIZE`, `ML_DSA_LEVEL{2,3,5}_*_SIZE`,
|
||||
`DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`).
|
||||
- `WOLFSSL_NO_DILITHIUM_LEGACY_GATES` — suppresses the bidirectional
|
||||
sub-config gate translations (legacy `WOLFSSL_DILITHIUM_*` /
|
||||
`WC_DILITHIUM_*` ↔ canonical `WOLFSSL_MLDSA_*` / `WC_MLDSA_*`). The
|
||||
@@ -124,146 +191,78 @@ migration), define one or both of:
|
||||
compile the canonical implementation file; the reverse arm honors
|
||||
this opt-out.
|
||||
|
||||
> **Note on `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`:** in this release the
|
||||
> opt-out is only useful for builds whose consumer code (TLS, ASN.1,
|
||||
> EVP, tests, benchmark, examples, ...) has already been migrated to
|
||||
> the canonical names. The standard wolfSSL distribution still uses
|
||||
> `wc_dilithium_*` and `dilithium_key` in `wolfcrypt/src/asn.c`,
|
||||
> `src/ssl_load.c`, `src/internal.c`, `wolfcrypt/test/test.c`, and
|
||||
> elsewhere; suppressing the macro / inline aliases breaks those
|
||||
> translation units (e.g. `wc_dilithium_verify_ctx_msg` becomes an
|
||||
> implicit declaration). The flag is intended primarily for downstream
|
||||
> projects that have completed their own migration; in-tree consumers
|
||||
> will be migrated in a follow-up PR.
|
||||
In-tree consumers have been migrated to the canonical names in this
|
||||
release, so a build that defines `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`
|
||||
(with or without `WOLFSSL_NO_DILITHIUM_LEGACY_GATES`) compiles cleanly
|
||||
and `make check` passes.
|
||||
|
||||
## Internal infrastructure files migrated to canonical sub-gates
|
||||
### Internal API note (no back-compat aliases)
|
||||
|
||||
One wolfSSL-internal file outside the dilithium.h reach had its
|
||||
`WOLFSSL_DILITHIUM_NO_SIGN` / `WOLFSSL_DILITHIUM_NO_VERIFY` sub-gate
|
||||
references migrated to canonical `WOLFSSL_MLDSA_*` spellings:
|
||||
A handful of identifiers that were defined only in wolfSSL-internal
|
||||
headers (no presence in `dilithium.h`, no public-API surface) were
|
||||
renamed in place **without** a backwards-compatibility alias. They
|
||||
affect downstream code only if it reached into `wolfssl/internal.h` or
|
||||
similar internal headers:
|
||||
|
||||
- `wolfssl/certs_test.h` — auto-generated cert-data buffers, has zero
|
||||
`#include` directives. Reachable from external TUs (examples,
|
||||
embedded apps) that pull in only `<wolfssl/ssl.h>` and do not
|
||||
transitively include `dilithium.h`. Reads 11 sub-gate references
|
||||
(`_NO_SIGN` / `_NO_VERIFY`).
|
||||
| Legacy | Canonical | Defined in |
|
||||
|-------------------------------------------------------|---------------------------------------------------|------------|
|
||||
| `DILITHIUM_SA_MAJOR`, `DILITHIUM_LEVEL{2,3,5}_SA_{MAJOR,MINOR}` | `MLDSA_SA_MAJOR`, `MLDSA_{44,65,87}_SA_{MAJOR,MINOR}` | `wolfssl/internal.h` |
|
||||
| `SIG_DILITHIUM` | `SIG_MLDSA` | `wolfssl/internal.h` |
|
||||
| `dilithium_level{2,3,5}_sa_algo` (`enum SignatureAlgorithm`) | `mldsa_{44,65,87}_sa_algo` | `wolfssl/internal.h` |
|
||||
| `dilithium_sign` (`enum ClientCertificateType`) | `mldsa_sign` | `wolfssl/internal.h` |
|
||||
| `MIN_DILITHIUMKEY_SZ` | `MIN_MLDSAKEY_SZ` | `wolfssl/internal.h` |
|
||||
| `minDilithiumKeySz` (struct field on `WOLFSSL_CTX`, `WOLFSSL_CERT_MANAGER`, `Options`) | `minMlDsaKeySz` | `wolfssl/internal.h` |
|
||||
| `haveDilithiumSig` (bitfield on `WOLFSSL_CTX`, `Options`) | `haveMlDsaSig` | `wolfssl/internal.h` |
|
||||
| `peerDilithiumKey`, `peerDilithiumKeyPresent` (`WOLFSSL`) | `peerMlDsaKey`, `peerMlDsaKeyPresent` | `wolfssl/internal.h` |
|
||||
| `HYBRID_*_DILITHIUM_LEVEL*_SA_MINOR` | `HYBRID_*_MLDSA_{44,65,87}_SA_MINOR` | `src/tls13.c` (file-local) |
|
||||
| `dilithium` (union field on `SignatureCtx::key`) | `mldsa` | `wolfssl/wolfcrypt/asn.h` |
|
||||
| `dilithium_test` (test-driver entry point) | `mldsa_test` | `wolfcrypt/test/test.{c,h}` |
|
||||
| `bench_dilithium_level{2,3,5}_{key,pubkey,sig}` | `bench_mldsa_{44,65,87}_{key,pubkey,sig}` | `wolfssl/certs_test.h`, `wolfcrypt/benchmark/benchmark.c` |
|
||||
| `bench_dilithiumKeySign` | `bench_mldsaKeySign` | `wolfcrypt/benchmark/benchmark.{c,h}` |
|
||||
| `BENCH_DILITHIUM_LEVEL{2,3,5}_SIGN` | `BENCH_ML_DSA_{44,65,87}_SIGN` (legacy macros deleted as redundant duplicates) | `wolfcrypt/benchmark/benchmark.c` |
|
||||
|
||||
`wolfssl/wolfcrypt/memory.h` previously branched its static-pool sizing
|
||||
(`LARGEST_MEM_BUCKET` / `WOLFMEM_BUCKETS` / `WOLFMEM_DIST`) on a
|
||||
combination of `WOLFSSL_MLDSA_VERIFY_SMALL_MEM` /
|
||||
`WOLFSSL_MLDSA_SIGN_SMALL_MEM` / `WOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM` /
|
||||
`WOLFSSL_MLDSA_VERIFY_ONLY`. Those branches were removed: when
|
||||
`WOLFSSL_HAVE_MLDSA` is defined, the file now picks the larger sizing
|
||||
unconditionally. The static-pool macros are consumed only by
|
||||
`wolfcrypt/src/memory.c` and the test harnesses; production deployments
|
||||
that need different sizing already override `LARGEST_MEM_BUCKET` /
|
||||
`WOLFMEM_BUCKETS` / `WOLFMEM_DIST` directly. Removing the conditional
|
||||
gating drops memory.h's dependency on ML-DSA sub-gates entirely.
|
||||
The benchmark CLI options `-dilithium_level{2,3,5}` are retained as
|
||||
deprecated aliases for `-ml-dsa-{44,65,87}` and will be removed
|
||||
alongside the dilithium.h shim.
|
||||
|
||||
To keep the legacy `user_settings.h` path working for `certs_test.h` —
|
||||
i.e. a build that defines only `WOLFSSL_DILITHIUM_NO_SIGN` /
|
||||
`WOLFSSL_DILITHIUM_NO_VERIFY` and never reaches `dilithium.h` before
|
||||
the cert-buffer header is processed — the forward translations for
|
||||
those two gates live in `<wolfssl/wolfcrypt/settings.h>`. settings.h is
|
||||
included transitively by any TU that pulls in `certs_test.h`, so the
|
||||
canonical sub-gates are always defined before they are read. The
|
||||
remaining ~30 sub-gates are read only from wc\_mldsa.h / wc\_mldsa.c,
|
||||
both of which transitively pull in dilithium.h first; their forward
|
||||
translations stay there to keep settings.h lean. The reverse arm
|
||||
(canonical → legacy) lives entirely in dilithium.h because it is only
|
||||
consumed by unmigrated code, which by definition includes dilithium.h.
|
||||
The generator script (`gencertbuf.pl`) was updated correspondingly.
|
||||
### Test coverage
|
||||
|
||||
`certs_test.h` and the `memory.h` static-pool macros are both
|
||||
wolfSSL-internal infrastructure (an auto-generated cert-buffer data
|
||||
file and the static allocator's default sizing), not consumer-facing
|
||||
API; these changes do not require downstream code changes.
|
||||
The canonical ML-DSA API is exercised by `tests/api/test_mldsa.c`
|
||||
(~24 `test_mldsa_*` functions), `wolfcrypt/test/test.c::mldsa_test`,
|
||||
and the TLS / X.509 paths in `tests/api.c` that exercise ML-DSA
|
||||
end-to-end. These run under all build configurations including builds
|
||||
that suppress the legacy alias surface.
|
||||
|
||||
## Macro / comment cleanup inside `wc_mldsa.{c,h}`
|
||||
The legacy-name shim itself is covered by
|
||||
`tests/api/test_mldsa_legacy.c::test_mldsa_legacy_shim`, a single
|
||||
focused regression test combining three layers of check:
|
||||
|
||||
A follow-on cleanup of the ML-DSA implementation file finished the
|
||||
internal naming migration that the file/symbol rename above started:
|
||||
- **Compile-time `wc_static_assert`** over every alias spelling — all
|
||||
three size-constant families (LEVEL, DILITHIUM_LEVEL,
|
||||
DILITHIUM_ML_DSA) at all 8 spellings per parameter set, every public
|
||||
enum alias, the error-code alias, and the FIPS 204
|
||||
algorithm-parameter macros.
|
||||
- **Typed function-pointer assignments without casts** that bind each
|
||||
symbol-form alias (`wc_dilithium_init_ex`, `wc_dilithium_free`, …) to
|
||||
a pointer with the canonical signature, so a signature drift in the
|
||||
shim trips a build error.
|
||||
- **Compile-time invocation of every arg-reordering macro** under
|
||||
`if (0)` so the compiler type-checks the macro expansion in every
|
||||
configuration (including verify-only builds where the runtime smoke
|
||||
test below is skipped).
|
||||
- **Runtime make-key / sign / verify / export / import / DER round-trip**
|
||||
driving the arg-reordering macros with valid inputs; a same-type arg
|
||||
swap (which the compile-time invocation can't catch) shows up as a
|
||||
verification or import failure.
|
||||
|
||||
- All algorithm-parameter macros defined in `wolfssl/wolfcrypt/wc_mldsa.h`
|
||||
(`DILITHIUM_Q`, `DILITHIUM_N`, `DILITHIUM_D`, `DILITHIUM_ETA_*`,
|
||||
`DILITHIUM_GAMMA1_*`, `DILITHIUM_K_SZ`, `DILITHIUM_MU_SZ`,
|
||||
`DILITHIUM_MAX_*`, …) were renamed to canonical `MLDSA_*` spellings
|
||||
matching the `MLKEM_*` internal constants in
|
||||
`<wolfssl/wolfcrypt/wc_mlkem.h>`. The `PARAMS_ML_DSA_{44,65,87}_*`
|
||||
per-parameter-set internal constants and the
|
||||
`WC_ML_DSA_{44,65,87}` / `WC_ML_DSA_{44,65,87}_DRAFT` /
|
||||
`WC_ML_DSA_DRAFT` public level identifiers keep their underscored
|
||||
spelling — the level identifiers are established public names and
|
||||
the `PARAMS_*` family is internal-only.
|
||||
- The per-parameter-set size constants previously existed in **three**
|
||||
redundant spellings — `DILITHIUM_LEVEL{2,3,5}_*_SIZE`,
|
||||
`ML_DSA_LEVEL{2,3,5}_*_SIZE`, and
|
||||
`DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`. They were consolidated to a
|
||||
single canonical family, `WC_MLDSA_{44,65,87}_*_SIZE`. All three
|
||||
legacy spellings remain reachable as aliases through the
|
||||
`<wolfssl/wolfcrypt/dilithium.h>` shim (gated by
|
||||
`WOLFSSL_NO_DILITHIUM_LEGACY_NAMES`); a duplicate `MLDSA_N`
|
||||
definition in `wc_mldsa.h` was also removed.
|
||||
- All ~20 file-local macros inside `wolfcrypt/src/wc_mldsa.c`
|
||||
(`DILITHIUM_SIGN_BYTES`, `DILITHIUM_GEN_S_*`, `DILITHIUM_HASH_OID_LEN`,
|
||||
`DILITHIUM_PARAMS_CNT`, `DILITHIUM_COEFF_S*`, `DILITHIUM_QINV`,
|
||||
`DILITHIUM_NTT_ZETA_1`, `DILITHIUM_POS_OFFSET`, …) were renamed
|
||||
to `MLDSA_*`. The file-local macros are not user-visible and have no
|
||||
alias in the shim.
|
||||
- The user-tunable knobs documented in the `wc_mldsa.c` file-top
|
||||
comment block — `DEBUG_DILITHIUM` and the five performance-tuning
|
||||
defines `DILITHIUM_MUL_SLOW`, `DILITHIUM_MUL_44_SLOW`,
|
||||
`DILITHIUM_MUL_11_SLOW`, `DILITHIUM_MUL_QINV_SLOW`,
|
||||
`DILITHIUM_MUL_Q_SLOW` — were renamed to `DEBUG_MLDSA` /
|
||||
`MLDSA_MUL_*_SLOW`. These are set from `user_settings.h` or `-D`,
|
||||
so a forward-translation block was added to the legacy-gates arm
|
||||
in `<wolfssl/wolfcrypt/dilithium.h>` (gated by
|
||||
`WOLFSSL_NO_DILITHIUM_LEGACY_GATES`) so consumers using the legacy
|
||||
spelling continue to get the intended code path.
|
||||
- A long-standing typo, `dilitihium_get_der_length()` (5 call sites,
|
||||
`static`-scope), was corrected to `mldsa_get_der_length()`.
|
||||
- All `DILITHIUM_*` legacy macro spellings remain reachable from
|
||||
unmigrated in-tree consumers (`wolfcrypt/src/asn.c`, `src/ssl_load.c`,
|
||||
`src/internal.c`, `src/tls13.c`, `src/ssl.c`, `src/x509.c`,
|
||||
`src/ssl_api_pk.c`, `src/ssl_certman.c`, `wolfssl/internal.h`,
|
||||
`wolfssl/wolfcrypt/asn.h`, `asn_public.h`, `oid_sum.h`,
|
||||
`examples/configs/user_settings_pq.h`,
|
||||
`wolfcrypt/benchmark/benchmark.c`, `wolfcrypt/test/test.c`,
|
||||
`tests/api/test_mldsa.c`) and downstream code through a new
|
||||
reverse-arm macro alias block in `<wolfssl/wolfcrypt/dilithium.h>`,
|
||||
gated by the existing `WOLFSSL_NO_DILITHIUM_LEGACY_NAMES` opt-out.
|
||||
- All function and section comments inside `wc_mldsa.c` had their
|
||||
"Dilithium" / "dilithium" prose replaced with "ML-DSA" (the file-top
|
||||
credit retains a parenthetical mention of the historical name).
|
||||
- Every algorithm-step citation was re-numbered against FIPS 204 Final
|
||||
(August 2024). The implementation was previously annotated with the
|
||||
draft (IPD) numbering — e.g. `Algorithm 18 skEncode`, `Algorithm 26
|
||||
ExpandA`, `Algorithm 29 Power2Round`. These were updated to the
|
||||
Final numbering (`Algorithm 24 skEncode`, `Algorithm 32 ExpandA`,
|
||||
`Algorithm 35 Power2Round`, …) and the section references were
|
||||
retargeted from the draft `§8.x` building-blocks group to the Final
|
||||
`§7.x` arrangement. SHAKE128/256 notation references were redirected
|
||||
from the IPD `§8.3` to the Final `§3.7`. Citation punctuation was
|
||||
normalized from `FIPS 204. N.M:` to `FIPS 204 §N.M,`.
|
||||
The runtime portion requires both sign and verify; in a verify-only
|
||||
build it skips and the compile-time layers carry the coverage. A
|
||||
same-type arg swap on the verify side specifically is then caught only
|
||||
by the canonical KAT-driven verify tests in
|
||||
`test_mldsa.c::test_mldsa_verify_*_kats`, which always run.
|
||||
|
||||
These changes are contained to `wolfcrypt/src/wc_mldsa.c`,
|
||||
`wolfssl/wolfcrypt/wc_mldsa.h`, and the macro-alias block in
|
||||
`wolfssl/wolfcrypt/dilithium.h`. No external consumer is touched.
|
||||
|
||||
### Retained internal symbols
|
||||
|
||||
A few internal-only spellings are intentionally **not** renamed in this
|
||||
PR:
|
||||
|
||||
- `DYNAMIC_TYPE_DILITHIUM` — heap-allocation tag string used by
|
||||
`WC_ALLOC_VAR` / `WC_FREE_VAR_EX` inside `wc_mldsa.c`. Pure
|
||||
bookkeeping, never crosses the public API surface.
|
||||
- `ML_DSA_PCT_E` — internal error code returned only by the FIPS
|
||||
Pairwise Consistency Test path inside `wc_MlDsaKey_MakeKey`. Not part
|
||||
of the documented external error-code surface for this algorithm.
|
||||
|
||||
These are scheduled for renaming alongside the eventual removal of the
|
||||
`dilithium.h` shim.
|
||||
The whole file becomes a `TEST_SKIPPED` stub when
|
||||
`WOLFSSL_NO_DILITHIUM_LEGACY_NAMES` is defined.
|
||||
|
||||
## ABI note
|
||||
|
||||
|
||||
@@ -146,9 +146,8 @@ extern "C" {
|
||||
/* ------------------------------------------------- */
|
||||
/* Post-Quantum Certificates */
|
||||
/* ------------------------------------------------- */
|
||||
#if 0 /* ML-DSA / Dilithium certificates */
|
||||
#define WOLFSSL_EXPERIMENTAL_SETTINGS
|
||||
#define HAVE_DILITHIUM
|
||||
#if 0 /* ML-DSA (FIPS 204) certificates */
|
||||
#define WOLFSSL_HAVE_MLDSA
|
||||
#define WOLFSSL_SHAKE128
|
||||
#define WOLFSSL_SHAKE256
|
||||
#endif
|
||||
|
||||
@@ -87,13 +87,10 @@ extern "C" {
|
||||
/* ML-DSA / Dilithium (Signatures) */
|
||||
/* ------------------------------------------------- */
|
||||
#if 1 /* ML-DSA (FIPS 204) */
|
||||
#define HAVE_DILITHIUM
|
||||
#define DILITHIUM_LEVEL2 /* Level 2: ~128-bit security */
|
||||
#define DILITHIUM_LEVEL3 /* Level 3: ~192-bit security */
|
||||
#define DILITHIUM_LEVEL5 /* Level 5: ~256-bit security */
|
||||
#define WOLFSSL_HAVE_MLDSA
|
||||
/* Uses FIPS 204 final standard by default */
|
||||
#if 0 /* FIPS 204 Draft version */
|
||||
#define WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#define WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
#endif
|
||||
#define WOLFSSL_SHAKE128
|
||||
#define WOLFSSL_SHAKE256
|
||||
|
||||
@@ -115,12 +115,12 @@ extern "C" {
|
||||
/* ------------------------------------------------- */
|
||||
#define WOLFSSL_EXPERIMENTAL_SETTINGS
|
||||
|
||||
#if 1 /* ML-DSA / Dilithium */
|
||||
#define HAVE_DILITHIUM
|
||||
#if 1 /* ML-DSA (FIPS 204) */
|
||||
#define WOLFSSL_HAVE_MLDSA
|
||||
/* Builds to FIPS 204 final standard by default.
|
||||
* Set to 1 for draft version. */
|
||||
#if 0 /* FIPS 204 Draft */
|
||||
#define WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#define WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
#endif
|
||||
#ifndef ML_DSA_LEVEL
|
||||
#define ML_DSA_LEVEL 2
|
||||
|
||||
+28
-1800
File diff suppressed because it is too large
Load Diff
+27
-6
@@ -170,6 +170,25 @@ sub print_sum_enum {
|
||||
print_enum($_[0] . "_Sum", $_[1], $_[2], 32, 48);
|
||||
}
|
||||
|
||||
# Emit legacy ML-DSA "LEVEL{2,3,5}" #define aliases for an enum whose
|
||||
# canonical entries use the FIPS 204 parameter-set numbers (44/65/87).
|
||||
# Required for source-level back-compat with code written before the
|
||||
# pre-standardization Dilithium identifiers were renamed.
|
||||
# $_[0] - canonical prefix (e.g. "ML_DSA_", "CTC_ML_DSA_")
|
||||
# $_[1] - canonical suffix appended to each entry (e.g. "k", "")
|
||||
sub print_mldsa_legacy_aliases {
|
||||
my $prefix = $_[0];
|
||||
my $suffix = $_[1];
|
||||
|
||||
print "#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES\n";
|
||||
print "/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will\n";
|
||||
print " * be removed alongside the dilithium.h shim. */\n";
|
||||
print "#define ${prefix}LEVEL2${suffix} ${prefix}44${suffix}\n";
|
||||
print "#define ${prefix}LEVEL3${suffix} ${prefix}65${suffix}\n";
|
||||
print "#define ${prefix}LEVEL5${suffix} ${prefix}87${suffix}\n";
|
||||
print "#endif\n\n";
|
||||
}
|
||||
|
||||
sub print_header {
|
||||
my $t = Time::Piece->new();
|
||||
|
||||
@@ -336,9 +355,9 @@ my @keys = (
|
||||
{ name => "DILITHIUM_LEVEL2", oid => \@dilithium_2 },
|
||||
{ name => "DILITHIUM_LEVEL3", oid => \@dilithium_3 },
|
||||
{ name => "DILITHIUM_LEVEL5", oid => \@dilithium_5 },
|
||||
{ name => "ML_DSA_LEVEL2", oid => \@mldsa_2 },
|
||||
{ name => "ML_DSA_LEVEL3", oid => \@mldsa_3 },
|
||||
{ name => "ML_DSA_LEVEL5", oid => \@mldsa_5 },
|
||||
{ name => "ML_DSA_44", oid => \@mldsa_2 },
|
||||
{ name => "ML_DSA_65", oid => \@mldsa_3 },
|
||||
{ name => "ML_DSA_87", oid => \@mldsa_5 },
|
||||
{ name => "SLH_DSA_SHA2_128S", oid => \@slhdsa_sha2_128s },
|
||||
{ name => "SLH_DSA_SHA2_128F", oid => \@slhdsa_sha2_128f },
|
||||
{ name => "SLH_DSA_SHA2_192S", oid => \@slhdsa_sha2_192s },
|
||||
@@ -357,6 +376,7 @@ my @keys = (
|
||||
);
|
||||
|
||||
print_sum_enum("Key", "k", \@keys);
|
||||
print_mldsa_legacy_aliases("ML_DSA_", "k");
|
||||
|
||||
|
||||
my @aes128_kw = ( 2, 16, 840, 1, 101, 3, 4, 1, 5 );
|
||||
@@ -1137,11 +1157,11 @@ my @sig_types = (
|
||||
same => 1 },
|
||||
{ name => "CTC_DILITHIUM_LEVEL5", oid => \@dilithium_5,
|
||||
same => 1 },
|
||||
{ name => "CTC_ML_DSA_LEVEL2", oid => \@mldsa_2,
|
||||
{ name => "CTC_ML_DSA_44", oid => \@mldsa_2,
|
||||
same => 1 },
|
||||
{ name => "CTC_ML_DSA_LEVEL3", oid => \@mldsa_3,
|
||||
{ name => "CTC_ML_DSA_65", oid => \@mldsa_3,
|
||||
same => 1 },
|
||||
{ name => "CTC_ML_DSA_LEVEL5", oid => \@mldsa_5,
|
||||
{ name => "CTC_ML_DSA_87", oid => \@mldsa_5,
|
||||
same => 1 },
|
||||
{ name => "CTC_SLH_DSA_SHA2_128S", oid => \@slhdsa_sha2_128s,
|
||||
same => 1 },
|
||||
@@ -1176,6 +1196,7 @@ my @sig_types = (
|
||||
);
|
||||
|
||||
print_enum("Ctc_SigType", "", \@sig_types, 32, 48);
|
||||
print_mldsa_legacy_aliases("CTC_ML_DSA_", "");
|
||||
|
||||
|
||||
my @p7t_pkcs7_msg = ( 1, 2, 840, 113549, 1, 7 );
|
||||
|
||||
+222
-222
@@ -2313,11 +2313,11 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
|
||||
ssl->options.haveFalconSig = 1; /* always on client side */
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
ssl->options.haveDilithiumSig = 1; /* always on client side */
|
||||
ssl->options.haveMlDsaSig = 1; /* always on client side */
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
|
||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
||||
@@ -2658,9 +2658,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
||||
#ifdef HAVE_FALCON
|
||||
ctx->minFalconKeySz = MIN_FALCONKEY_SZ;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
ctx->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
ctx->minMlDsaKeySz = MIN_MLDSAKEY_SZ;
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
ctx->verifyDepth = MAX_CHAIN_DEPTH;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
ctx->cbioFlag = WOLFSSL_CBIO_NONE;
|
||||
@@ -2731,11 +2731,11 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
|
||||
ctx->haveFalconSig = 1; /* always on client side */
|
||||
/* server can turn on by loading key */
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (method->side == WOLFSSL_CLIENT_END)
|
||||
ctx->haveDilithiumSig = 1; /* always on client side */
|
||||
ctx->haveMlDsaSig = 1; /* always on client side */
|
||||
/* server can turn on by loading key */
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifdef HAVE_ECC
|
||||
if (method->side == WOLFSSL_CLIENT_END) {
|
||||
ctx->haveECDSAsig = 1; /* always on client side */
|
||||
@@ -3415,23 +3415,23 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
if (sigAlgo == dilithium_level2_sa_algo) {
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (sigAlgo == mldsa_44_sa_algo) {
|
||||
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx,
|
||||
DILITHIUM_LEVEL2_SA_MAJOR, DILITHIUM_LEVEL2_SA_MINOR);
|
||||
MLDSA_44_SA_MAJOR, MLDSA_44_SA_MINOR);
|
||||
}
|
||||
else
|
||||
if (sigAlgo == dilithium_level3_sa_algo) {
|
||||
if (sigAlgo == mldsa_65_sa_algo) {
|
||||
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx,
|
||||
DILITHIUM_LEVEL3_SA_MAJOR, DILITHIUM_LEVEL3_SA_MINOR);
|
||||
MLDSA_65_SA_MAJOR, MLDSA_65_SA_MINOR);
|
||||
}
|
||||
else
|
||||
if (sigAlgo == dilithium_level5_sa_algo) {
|
||||
if (sigAlgo == mldsa_87_sa_algo) {
|
||||
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx,
|
||||
DILITHIUM_LEVEL5_SA_MAJOR, DILITHIUM_LEVEL5_SA_MINOR);
|
||||
MLDSA_87_SA_MAJOR, MLDSA_87_SA_MINOR);
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifdef WC_RSA_PSS
|
||||
if (sigAlgo == rsa_pss_sa_algo) {
|
||||
/* RSA PSS is sig then mac */
|
||||
@@ -3536,16 +3536,16 @@ void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2,
|
||||
&idx);
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
if (haveSig & SIG_DILITHIUM) {
|
||||
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level2_sa_algo,
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (haveSig & SIG_MLDSA) {
|
||||
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, mldsa_44_sa_algo,
|
||||
keySz, &idx);
|
||||
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level3_sa_algo,
|
||||
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, mldsa_65_sa_algo,
|
||||
keySz, &idx);
|
||||
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, dilithium_level5_sa_algo,
|
||||
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, mldsa_87_sa_algo,
|
||||
keySz, &idx);
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
if (haveSig & SIG_RSA) {
|
||||
#ifdef WC_RSA_PSS
|
||||
if (tls1_2) {
|
||||
@@ -4784,22 +4784,22 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
case DILITHIUM_SA_MAJOR:
|
||||
if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
|
||||
*hsType = dilithium_level2_sa_algo;
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
case MLDSA_SA_MAJOR:
|
||||
if (input[1] == MLDSA_44_SA_MINOR) {
|
||||
*hsType = mldsa_44_sa_algo;
|
||||
*hashAlgo = sha256_mac;
|
||||
}
|
||||
else if (input[1] == DILITHIUM_LEVEL3_SA_MINOR) {
|
||||
*hsType = dilithium_level3_sa_algo;
|
||||
else if (input[1] == MLDSA_65_SA_MINOR) {
|
||||
*hsType = mldsa_65_sa_algo;
|
||||
*hashAlgo = sha384_mac;
|
||||
}
|
||||
else if (input[1] == DILITHIUM_LEVEL5_SA_MINOR) {
|
||||
*hsType = dilithium_level5_sa_algo;
|
||||
else if (input[1] == MLDSA_87_SA_MINOR) {
|
||||
*hsType = mldsa_87_sa_algo;
|
||||
*hashAlgo = sha512_mac;
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
default:
|
||||
*hashAlgo = input[0];
|
||||
*hsType = input[1];
|
||||
@@ -7180,7 +7180,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
ssl->options.haveECC = ctx->haveECC;
|
||||
ssl->options.haveStaticECC = ctx->haveStaticECC;
|
||||
ssl->options.haveFalconSig = ctx->haveFalconSig;
|
||||
ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
|
||||
ssl->options.haveMlDsaSig = ctx->haveMlDsaSig;
|
||||
|
||||
#ifndef NO_PSK
|
||||
ssl->options.havePSK = (word16)(ctx->havePSK);
|
||||
@@ -7217,9 +7217,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
#ifdef HAVE_FALCON
|
||||
ssl->options.minFalconKeySz = ctx->minFalconKeySz;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
ssl->options.minDilithiumKeySz = ctx->minDilithiumKeySz;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
ssl->options.minMlDsaKeySz = ctx->minMlDsaKeySz;
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
ssl->options.verifyDepth = ctx->verifyDepth;
|
||||
#endif
|
||||
@@ -8363,11 +8363,11 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
|
||||
wc_falcon_free((falcon_key*)*pKey);
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case DYNAMIC_TYPE_DILITHIUM:
|
||||
wc_dilithium_free((dilithium_key*)*pKey);
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case DYNAMIC_TYPE_MLDSA:
|
||||
wc_MlDsaKey_Free((wc_MlDsaKey*)*pKey);
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifndef NO_DH
|
||||
case DYNAMIC_TYPE_DH:
|
||||
#if defined(WC_DH_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
|
||||
@@ -8471,11 +8471,11 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
|
||||
sz = sizeof(falcon_key);
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case DYNAMIC_TYPE_DILITHIUM:
|
||||
sz = sizeof(dilithium_key);
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case DYNAMIC_TYPE_MLDSA:
|
||||
sz = sizeof(wc_MlDsaKey);
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifndef NO_DH
|
||||
case DYNAMIC_TYPE_DH:
|
||||
sz = sizeof(DhKey);
|
||||
@@ -8588,12 +8588,12 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
|
||||
ret = 0;
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case DYNAMIC_TYPE_DILITHIUM:
|
||||
wc_dilithium_init_ex((dilithium_key*)*pKey, ssl->heap, ssl->devId);
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case DYNAMIC_TYPE_MLDSA:
|
||||
wc_MlDsaKey_Init((wc_MlDsaKey*)*pKey, ssl->heap, ssl->devId);
|
||||
ret = 0;
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifdef HAVE_CURVE448
|
||||
case DYNAMIC_TYPE_CURVE448:
|
||||
wc_curve448_init((curve448_key*)*pKey);
|
||||
@@ -8639,7 +8639,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
|
||||
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_CURVE25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_CURVE448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
defined(HAVE_CURVE448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -8691,12 +8691,12 @@ static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
|
||||
ret = wc_falcon_init((falcon_key*)pKey);
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case DYNAMIC_TYPE_DILITHIUM:
|
||||
wc_dilithium_free((dilithium_key*)pKey);
|
||||
ret = wc_dilithium_init((dilithium_key*)pKey);
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case DYNAMIC_TYPE_MLDSA:
|
||||
wc_MlDsaKey_Free((wc_MlDsaKey*)pKey);
|
||||
ret = wc_MlDsaKey_Init((wc_MlDsaKey*)pKey, NULL, INVALID_DEVID);
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifndef NO_DH
|
||||
case DYNAMIC_TYPE_DH:
|
||||
wc_FreeDhKey((DhKey*)pKey);
|
||||
@@ -9036,9 +9036,9 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
FreeKey(ssl, DYNAMIC_TYPE_MLDSA, (void**)&ssl->peerMlDsaKey);
|
||||
ssl->peerMlDsaKeyPresent = 0;
|
||||
#endif
|
||||
#if defined(HAVE_FALCON)
|
||||
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
|
||||
@@ -9317,10 +9317,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
||||
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
|
||||
ssl->peerFalconKeyPresent = 0;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
FreeKey(ssl, DYNAMIC_TYPE_MLDSA, (void**)&ssl->peerMlDsaKey);
|
||||
ssl->peerMlDsaKeyPresent = 0;
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
@@ -15781,58 +15781,58 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL2_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
WOLFSSL_MSG("Dilithium key size in cert chain error");
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
if (ssl->options.minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_44_KEY_SIZE
|
||||
< (word16)ssl->options.minMlDsaKeySz) {
|
||||
WOLFSSL_MSG("ML-DSA key size in cert chain error");
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL3k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL3_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
WOLFSSL_MSG( "Dilithium key size in cert chain error");
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
if (ssl->options.minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_65_KEY_SIZE
|
||||
< (word16)ssl->options.minMlDsaKeySz) {
|
||||
WOLFSSL_MSG("ML-DSA key size in cert chain error");
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL5k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL5_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
WOLFSSL_MSG("Dilithium key size in cert chain error");
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
if (ssl->options.minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_87_KEY_SIZE
|
||||
< (word16)ssl->options.minMlDsaKeySz) {
|
||||
WOLFSSL_MSG("ML-DSA key size in cert chain error");
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
}
|
||||
break;
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
case ML_DSA_LEVEL2k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL2_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
WOLFSSL_MSG("Dilithium key size in cert chain error");
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
case ML_DSA_44k:
|
||||
if (ssl->options.minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_44_KEY_SIZE
|
||||
< (word16)ssl->options.minMlDsaKeySz) {
|
||||
WOLFSSL_MSG("ML-DSA key size in cert chain error");
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL3k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL3_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
WOLFSSL_MSG( "Dilithium key size in cert chain error");
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
case ML_DSA_65k:
|
||||
if (ssl->options.minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_65_KEY_SIZE
|
||||
< (word16)ssl->options.minMlDsaKeySz) {
|
||||
WOLFSSL_MSG("ML-DSA key size in cert chain error");
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL5k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL5_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
WOLFSSL_MSG("Dilithium key size in cert chain error");
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
case ML_DSA_87k:
|
||||
if (ssl->options.minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_87_KEY_SIZE
|
||||
< (word16)ssl->options.minMlDsaKeySz) {
|
||||
WOLFSSL_MSG("ML-DSA key size in cert chain error");
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
default:
|
||||
WOLFSSL_MSG("Key size not checked");
|
||||
/* key not being checked for size if not in
|
||||
@@ -17562,79 +17562,79 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
case ML_DSA_LEVEL2k:
|
||||
case ML_DSA_LEVEL3k:
|
||||
case ML_DSA_LEVEL5k:
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
case ML_DSA_44k:
|
||||
case ML_DSA_65k:
|
||||
case ML_DSA_87k:
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
#endif
|
||||
{
|
||||
int keyRet = 0;
|
||||
if (ssl->peerDilithiumKey == NULL) {
|
||||
if (ssl->peerMlDsaKey == NULL) {
|
||||
/* alloc/init on demand */
|
||||
keyRet = AllocKey(ssl, DYNAMIC_TYPE_DILITHIUM,
|
||||
(void**)&ssl->peerDilithiumKey);
|
||||
} else if (ssl->peerDilithiumKeyPresent) {
|
||||
keyRet = ReuseKey(ssl, DYNAMIC_TYPE_DILITHIUM,
|
||||
ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
keyRet = AllocKey(ssl, DYNAMIC_TYPE_MLDSA,
|
||||
(void**)&ssl->peerMlDsaKey);
|
||||
} else if (ssl->peerMlDsaKeyPresent) {
|
||||
keyRet = ReuseKey(ssl, DYNAMIC_TYPE_MLDSA,
|
||||
ssl->peerMlDsaKey);
|
||||
ssl->peerMlDsaKeyPresent = 0;
|
||||
}
|
||||
|
||||
if (keyRet == 0) {
|
||||
if (args->dCert->keyOID == ML_DSA_LEVEL2k) {
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, WC_ML_DSA_44);
|
||||
if (args->dCert->keyOID == ML_DSA_44k) {
|
||||
keyRet = wc_MlDsaKey_SetParams(
|
||||
ssl->peerMlDsaKey, WC_ML_DSA_44);
|
||||
}
|
||||
else if (args->dCert->keyOID == ML_DSA_LEVEL3k) {
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, WC_ML_DSA_65);
|
||||
else if (args->dCert->keyOID == ML_DSA_65k) {
|
||||
keyRet = wc_MlDsaKey_SetParams(
|
||||
ssl->peerMlDsaKey, WC_ML_DSA_65);
|
||||
}
|
||||
else if (args->dCert->keyOID == ML_DSA_LEVEL5k) {
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, WC_ML_DSA_87);
|
||||
else if (args->dCert->keyOID == ML_DSA_87k) {
|
||||
keyRet = wc_MlDsaKey_SetParams(
|
||||
ssl->peerMlDsaKey, WC_ML_DSA_87);
|
||||
}
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
else if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, WC_ML_DSA_44_DRAFT);
|
||||
keyRet = wc_MlDsaKey_SetParams(
|
||||
ssl->peerMlDsaKey, WC_ML_DSA_44_DRAFT);
|
||||
}
|
||||
else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, WC_ML_DSA_65_DRAFT);
|
||||
keyRet = wc_MlDsaKey_SetParams(
|
||||
ssl->peerMlDsaKey, WC_ML_DSA_65_DRAFT);
|
||||
}
|
||||
else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, WC_ML_DSA_87_DRAFT);
|
||||
keyRet = wc_MlDsaKey_SetParams(
|
||||
ssl->peerMlDsaKey, WC_ML_DSA_87_DRAFT);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (keyRet != 0 ||
|
||||
wc_dilithium_import_public(args->dCert->publicKey,
|
||||
args->dCert->pubKeySize,
|
||||
ssl->peerDilithiumKey)
|
||||
wc_MlDsaKey_ImportPubRaw(ssl->peerMlDsaKey,
|
||||
args->dCert->publicKey,
|
||||
args->dCert->pubKeySize)
|
||||
!= 0) {
|
||||
ret = PEER_KEY_ERROR;
|
||||
}
|
||||
else {
|
||||
ssl->peerDilithiumKeyPresent = 1;
|
||||
ssl->peerMlDsaKeyPresent = 1;
|
||||
}
|
||||
|
||||
/* check size of peer Dilithium key */
|
||||
if (ret == 0 && ssl->peerDilithiumKeyPresent &&
|
||||
if (ret == 0 && ssl->peerMlDsaKeyPresent &&
|
||||
!ssl->options.verifyNone &&
|
||||
DILITHIUM_MAX_KEY_SIZE <
|
||||
ssl->options.minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("Peer Dilithium key is too small");
|
||||
MLDSA_MAX_KEY_SIZE <
|
||||
ssl->options.minMlDsaKeySz) {
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("Peer ML-DSA key is too small");
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -27939,8 +27939,8 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
|
||||
case FALCON_KEY_SIZE_E:
|
||||
return "Wrong key size for Falcon.";
|
||||
|
||||
case DILITHIUM_KEY_SIZE_E:
|
||||
return "Wrong key size for Dilithium.";
|
||||
case MLDSA_KEY_SIZE_E:
|
||||
return "Wrong key size for ML-DSA.";
|
||||
|
||||
case QUIC_TP_MISSING_E:
|
||||
return "QUIC transport parameter not set";
|
||||
@@ -29398,9 +29398,9 @@ static int ParseCipherList(Suites* suites,
|
||||
#ifdef HAVE_FALCON
|
||||
haveSig |= SIG_FALCON;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
haveSig |= SIG_DILITHIUM;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
haveSig |= SIG_MLDSA;
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
}
|
||||
else
|
||||
#ifdef BUILD_TLS_SM4_GCM_SM3
|
||||
@@ -29566,7 +29566,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
|
||||
int haveRSAsig = 0;
|
||||
int haveECDSAsig = 0;
|
||||
int haveFalconSig = 0;
|
||||
int haveDilithiumSig = 0;
|
||||
int haveMlDsaSig = 0;
|
||||
int haveAnon = 0;
|
||||
int tls1_3 = 0;
|
||||
|
||||
@@ -29638,9 +29638,9 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
|
||||
#ifdef HAVE_FALCON
|
||||
haveFalconSig = 1;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
haveDilithiumSig = 1;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
haveMlDsaSig = 1;
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
}
|
||||
else
|
||||
#endif /* WOLFSSL_TLS13 */
|
||||
@@ -29678,7 +29678,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
|
||||
#endif
|
||||
haveSig |= haveRSAsig ? SIG_RSA : 0;
|
||||
haveSig |= haveFalconSig ? SIG_FALCON : 0;
|
||||
haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0;
|
||||
haveSig |= haveMlDsaSig ? SIG_MLDSA : 0;
|
||||
haveSig |= haveAnon ? SIG_ANON : 0;
|
||||
InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, tls1_3,
|
||||
keySz, &suites->hashSigAlgoSz);
|
||||
@@ -29903,34 +29903,34 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
|
||||
return sigAlgo == falcon_level5_sa_algo;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2) {
|
||||
/* Certificate has Dilithium level 2 key, only match with it. */
|
||||
return sigAlgo == dilithium_level2_sa_algo;
|
||||
return sigAlgo == mldsa_44_sa_algo;
|
||||
}
|
||||
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3) {
|
||||
/* Certificate has Dilithium level 3 key, only match with it. */
|
||||
return sigAlgo == dilithium_level3_sa_algo;
|
||||
return sigAlgo == mldsa_65_sa_algo;
|
||||
}
|
||||
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) {
|
||||
/* Certificate has Dilithium level 5 key, only match with it. */
|
||||
return sigAlgo == dilithium_level5_sa_algo;
|
||||
return sigAlgo == mldsa_87_sa_algo;
|
||||
}
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2) {
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
if (ssl->pkCurveOID == CTC_ML_DSA_44) {
|
||||
/* Certificate has ML-DSA level 2 key, only match with it. */
|
||||
return sigAlgo == dilithium_level2_sa_algo;
|
||||
return sigAlgo == mldsa_44_sa_algo;
|
||||
}
|
||||
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL3) {
|
||||
if (ssl->pkCurveOID == CTC_ML_DSA_65) {
|
||||
/* Certificate has ML-DSA level 3 key, only match with it. */
|
||||
return sigAlgo == dilithium_level3_sa_algo;
|
||||
return sigAlgo == mldsa_65_sa_algo;
|
||||
}
|
||||
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL5) {
|
||||
if (ssl->pkCurveOID == CTC_ML_DSA_87) {
|
||||
/* Certificate has ML-DSA level 5 key, only match with it. */
|
||||
return sigAlgo == dilithium_level5_sa_algo;
|
||||
return sigAlgo == mldsa_87_sa_algo;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifdef WC_RSA_PSS
|
||||
/* RSA certificate and PSS sig alg. */
|
||||
if (ssl->options.sigAlgo == rsa_sa_algo) {
|
||||
@@ -30126,15 +30126,15 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2 ||
|
||||
ssl->pkCurveOID == CTC_ML_DSA_LEVEL3 ||
|
||||
ssl->pkCurveOID == CTC_ML_DSA_LEVEL5
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
if (ssl->pkCurveOID == CTC_ML_DSA_44 ||
|
||||
ssl->pkCurveOID == CTC_ML_DSA_65 ||
|
||||
ssl->pkCurveOID == CTC_ML_DSA_87
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2
|
||||
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3
|
||||
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
) {
|
||||
/* Matched ML-DSA or Dilithium - set chosen and finished. */
|
||||
ssl->options.sigAlgo = sigAlgo;
|
||||
@@ -30142,7 +30142,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#if defined(HAVE_ECC_BRAINPOOL)
|
||||
if (ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID ||
|
||||
ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID ||
|
||||
@@ -30560,28 +30560,28 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else if (hsType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
dilithium_key* dilithiumKey;
|
||||
else if (hsType == DYNAMIC_TYPE_MLDSA) {
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
wc_MlDsaKey* mldsaKey;
|
||||
|
||||
dilithiumKey = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
|
||||
DYNAMIC_TYPE_DILITHIUM);
|
||||
if (dilithiumKey == NULL) {
|
||||
mldsaKey = (wc_MlDsaKey*)XMALLOC(sizeof(wc_MlDsaKey), heap,
|
||||
DYNAMIC_TYPE_MLDSA);
|
||||
if (mldsaKey == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
if (label) {
|
||||
ret = wc_dilithium_init_label(dilithiumKey, (char*)data,
|
||||
ret = wc_MlDsaKey_InitLabel(mldsaKey, (char*)data,
|
||||
heap, devId);
|
||||
}
|
||||
else if (id) {
|
||||
ret = wc_dilithium_init_id(dilithiumKey, data, length, heap, devId);
|
||||
ret = wc_MlDsaKey_InitId(mldsaKey, data, length, heap, devId);
|
||||
}
|
||||
if (ret == 0) {
|
||||
*pkey = (void*)dilithiumKey;
|
||||
*pkey = (void*)mldsaKey;
|
||||
}
|
||||
else {
|
||||
XFREE(dilithiumKey, heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
XFREE(mldsaKey, heap, DYNAMIC_TYPE_MLDSA);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@@ -30668,10 +30668,10 @@ static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key,
|
||||
else if ((keyType == falcon_level1_sa_algo) ||
|
||||
(keyType == falcon_level5_sa_algo))
|
||||
*hsType = DYNAMIC_TYPE_FALCON;
|
||||
else if ((keyType == dilithium_level2_sa_algo) ||
|
||||
(keyType == dilithium_level3_sa_algo) ||
|
||||
(keyType == dilithium_level5_sa_algo))
|
||||
*hsType = DYNAMIC_TYPE_DILITHIUM;
|
||||
else if ((keyType == mldsa_44_sa_algo) ||
|
||||
(keyType == mldsa_65_sa_algo) ||
|
||||
(keyType == mldsa_87_sa_algo))
|
||||
*hsType = DYNAMIC_TYPE_MLDSA;
|
||||
|
||||
/* Create the private key */
|
||||
ret = CreateDevPrivateKey(hsKey, key->buffer,
|
||||
@@ -30731,29 +30731,29 @@ static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key,
|
||||
ret = NOT_COMPILED_IN;
|
||||
#endif
|
||||
}
|
||||
else if (*hsType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
if (keyType == dilithium_level2_sa_algo) {
|
||||
ret = wc_dilithium_set_level((dilithium_key*)*hsKey,
|
||||
else if (*hsType == DYNAMIC_TYPE_MLDSA) {
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
if (keyType == mldsa_44_sa_algo) {
|
||||
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey,
|
||||
WC_ML_DSA_44);
|
||||
}
|
||||
else if (keyType == dilithium_level3_sa_algo) {
|
||||
ret = wc_dilithium_set_level((dilithium_key*)*hsKey,
|
||||
else if (keyType == mldsa_65_sa_algo) {
|
||||
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey,
|
||||
WC_ML_DSA_65);
|
||||
}
|
||||
else if (keyType == dilithium_level5_sa_algo) {
|
||||
ret = wc_dilithium_set_level((dilithium_key*)*hsKey,
|
||||
else if (keyType == mldsa_87_sa_algo) {
|
||||
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey,
|
||||
WC_ML_DSA_87);
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if (keySz < ssl->options.minDilithiumKeySz) {
|
||||
WOLFSSL_MSG("Dilithium key size too small");
|
||||
ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
|
||||
if (keySz < ssl->options.minMlDsaKeySz) {
|
||||
WOLFSSL_MSG("ML-DSA key size too small");
|
||||
ERROR_OUT(MLDSA_KEY_SIZE_E, exit_dpk);
|
||||
}
|
||||
|
||||
/* Return the maximum signature length. */
|
||||
*sigLen = wc_dilithium_sig_size((dilithium_key*)*hsKey);
|
||||
*sigLen = wc_MlDsaKey_SigSize((wc_MlDsaKey*)*hsKey);
|
||||
}
|
||||
#else
|
||||
ret = NOT_COMPILED_IN;
|
||||
@@ -31030,31 +31030,31 @@ static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key,
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_ASN1)
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC)
|
||||
FreeKey(ssl, *hsType, hsKey);
|
||||
#endif
|
||||
|
||||
if (keyType == dilithium_level2_sa_algo ||
|
||||
keyType == dilithium_level3_sa_algo ||
|
||||
keyType == dilithium_level5_sa_algo ||
|
||||
if (keyType == mldsa_44_sa_algo ||
|
||||
keyType == mldsa_65_sa_algo ||
|
||||
keyType == mldsa_87_sa_algo ||
|
||||
keyType == 0) {
|
||||
|
||||
*hsType = DYNAMIC_TYPE_DILITHIUM;
|
||||
*hsType = DYNAMIC_TYPE_MLDSA;
|
||||
ret = AllocKey(ssl, *hsType, hsKey);
|
||||
if (ret != 0) {
|
||||
goto exit_dpk;
|
||||
}
|
||||
|
||||
if (keyType == dilithium_level2_sa_algo) {
|
||||
ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_44);
|
||||
if (keyType == mldsa_44_sa_algo) {
|
||||
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey, WC_ML_DSA_44);
|
||||
}
|
||||
else if (keyType == dilithium_level3_sa_algo) {
|
||||
ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_65);
|
||||
else if (keyType == mldsa_65_sa_algo) {
|
||||
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey, WC_ML_DSA_65);
|
||||
}
|
||||
else if (keyType == dilithium_level5_sa_algo) {
|
||||
ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_87);
|
||||
else if (keyType == mldsa_87_sa_algo) {
|
||||
ret = wc_MlDsaKey_SetParams((wc_MlDsaKey*)*hsKey, WC_ML_DSA_87);
|
||||
}
|
||||
else {
|
||||
/* What if keyType is 0? We might want to do something
|
||||
@@ -31066,39 +31066,39 @@ static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key,
|
||||
goto exit_dpk;
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("Trying Dilithium private key");
|
||||
WOLFSSL_MSG("Trying ML-DSA private key");
|
||||
|
||||
/* Set start of data to beginning of buffer. */
|
||||
idx = 0;
|
||||
/* Decode the key assuming it is a Dilithium private key. The FIPS
|
||||
* wrapper for wc_dilithium_import_private gates on the per-thread
|
||||
/* Decode the key assuming it is an ML-DSA private key. The FIPS
|
||||
* wrapper for wc_MlDsaKey_ImportPrivRaw gates on the per-thread
|
||||
* privateKeyReadEnable flag, which is unset by default in any
|
||||
* thread that hasn't called PRIVATE_KEY_UNLOCK(). Without the
|
||||
* bracket, decoding a Dilithium/ML-DSA private key from a
|
||||
* handshake worker thread fails with FIPS_PRIVATE_KEY_LOCKED_E. */
|
||||
* bracket, decoding an ML-DSA private key from a handshake worker
|
||||
* thread fails with FIPS_PRIVATE_KEY_LOCKED_E. */
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
ret = wc_Dilithium_PrivateKeyDecode(key->buffer,
|
||||
&idx,
|
||||
(dilithium_key*)*hsKey,
|
||||
key->length);
|
||||
ret = wc_MlDsaKey_PrivateKeyDecode((wc_MlDsaKey*)*hsKey,
|
||||
key->buffer,
|
||||
key->length,
|
||||
&idx);
|
||||
PRIVATE_KEY_LOCK();
|
||||
if (ret == 0) {
|
||||
WOLFSSL_MSG("Using Dilithium private key");
|
||||
WOLFSSL_MSG("Using ML-DSA private key");
|
||||
|
||||
/* Check it meets the minimum Dilithium key size requirements. */
|
||||
keySzDecoded = wc_dilithium_size((dilithium_key*)*hsKey);
|
||||
if (keySzDecoded < ssl->options.minDilithiumKeySz) {
|
||||
WOLFSSL_MSG("Dilithium key size too small");
|
||||
ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk);
|
||||
/* Check it meets the minimum ML-DSA key size requirements. */
|
||||
keySzDecoded = wc_MlDsaKey_Size((wc_MlDsaKey*)*hsKey);
|
||||
if (keySzDecoded < ssl->options.minMlDsaKeySz) {
|
||||
WOLFSSL_MSG("ML-DSA key size too small");
|
||||
ERROR_OUT(MLDSA_KEY_SIZE_E, exit_dpk);
|
||||
}
|
||||
|
||||
/* Return the maximum signature length. */
|
||||
*sigLen = wc_dilithium_sig_size((dilithium_key*)*hsKey);
|
||||
*sigLen = wc_MlDsaKey_SigSize((wc_MlDsaKey*)*hsKey);
|
||||
|
||||
goto exit_dpk;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
(void)idx;
|
||||
(void)keySzDecoded;
|
||||
|
||||
@@ -115,9 +115,9 @@
|
||||
#if defined(HAVE_FALCON)
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
#include <wolfssl/wolfcrypt/wc_mldsa.h>
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
|
||||
#ifdef HAVE_OCSP
|
||||
#include <wolfssl/openssl/ocsp.h>
|
||||
@@ -8632,14 +8632,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||
case falcon_level5_sa_algo:
|
||||
*sigAlgo = FALCON_LEVEL5k;
|
||||
break;
|
||||
case dilithium_level2_sa_algo:
|
||||
*sigAlgo = ML_DSA_LEVEL2k;
|
||||
case mldsa_44_sa_algo:
|
||||
*sigAlgo = ML_DSA_44k;
|
||||
break;
|
||||
case dilithium_level3_sa_algo:
|
||||
*sigAlgo = ML_DSA_LEVEL3k;
|
||||
case mldsa_65_sa_algo:
|
||||
*sigAlgo = ML_DSA_65k;
|
||||
break;
|
||||
case dilithium_level5_sa_algo:
|
||||
*sigAlgo = ML_DSA_LEVEL5k;
|
||||
case mldsa_87_sa_algo:
|
||||
*sigAlgo = ML_DSA_87k;
|
||||
break;
|
||||
case sm2_sa_algo:
|
||||
*sigAlgo = SM2k;
|
||||
@@ -13488,22 +13488,25 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
|
||||
{ CTC_FALCON_LEVEL5, FALCON_LEVEL5k, oidKeyType, "Falcon Level 5",
|
||||
"Falcon Level 5"},
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
/* Pre-standardization (NIST PQC round 3) Dilithium OID labels.
|
||||
* These coexist with the FIPS 204 "ML-DSA 44/65/87" entries below
|
||||
* and are intentionally kept under the Dilithium name. */
|
||||
{ CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k, oidKeyType,
|
||||
"Dilithium Level 2", "Dilithium Level 2"},
|
||||
{ CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k, oidKeyType,
|
||||
"Dilithium Level 3", "Dilithium Level 3"},
|
||||
{ CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType,
|
||||
"Dilithium Level 5", "Dilithium Level 5"},
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
{ CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k, oidKeyType,
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
{ CTC_ML_DSA_44, ML_DSA_44k, oidKeyType,
|
||||
"ML-DSA 44", "ML-DSA 44"},
|
||||
{ CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k, oidKeyType,
|
||||
{ CTC_ML_DSA_65, ML_DSA_65k, oidKeyType,
|
||||
"ML-DSA 65", "ML-DSA 65"},
|
||||
{ CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k, oidKeyType,
|
||||
{ CTC_ML_DSA_87, ML_DSA_87k, oidKeyType,
|
||||
"ML-DSA 87", "ML-DSA 87"},
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/* oidCurveType */
|
||||
#ifdef HAVE_ECC
|
||||
@@ -13885,14 +13888,14 @@ static int SaToNid(byte sa, int* nid)
|
||||
case falcon_level5_sa_algo:
|
||||
*nid = CTC_FALCON_LEVEL5;
|
||||
break;
|
||||
case dilithium_level2_sa_algo:
|
||||
*nid = CTC_ML_DSA_LEVEL2;
|
||||
case mldsa_44_sa_algo:
|
||||
*nid = CTC_ML_DSA_44;
|
||||
break;
|
||||
case dilithium_level3_sa_algo:
|
||||
*nid = CTC_ML_DSA_LEVEL3;
|
||||
case mldsa_65_sa_algo:
|
||||
*nid = CTC_ML_DSA_65;
|
||||
break;
|
||||
case dilithium_level5_sa_algo:
|
||||
*nid = CTC_ML_DSA_LEVEL5;
|
||||
case mldsa_87_sa_algo:
|
||||
*nid = CTC_ML_DSA_87;
|
||||
break;
|
||||
case sm2_sa_algo:
|
||||
*nid = WC_NID_sm2;
|
||||
@@ -15993,7 +15996,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
|
||||
ssl->options.haveECC = ctx->haveECC;
|
||||
ssl->options.haveStaticECC = ctx->haveStaticECC;
|
||||
ssl->options.haveFalconSig = ctx->haveFalconSig;
|
||||
ssl->options.haveDilithiumSig = ctx->haveDilithiumSig;
|
||||
ssl->options.haveMlDsaSig = ctx->haveMlDsaSig;
|
||||
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
||||
#ifndef WOLFSSL_BLIND_PRIVATE_KEY
|
||||
ssl->buffers.altKey = ctx->altPrivateKey;
|
||||
|
||||
+17
-17
@@ -72,16 +72,16 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
|
||||
type = DYNAMIC_TYPE_ECC;
|
||||
break;
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case ML_DSA_LEVEL2k:
|
||||
case ML_DSA_LEVEL3k:
|
||||
case ML_DSA_LEVEL5k:
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case ML_DSA_44k:
|
||||
case ML_DSA_65k:
|
||||
case ML_DSA_87k:
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
#endif
|
||||
type = DYNAMIC_TYPE_DILITHIUM;
|
||||
type = DYNAMIC_TYPE_MLDSA;
|
||||
break;
|
||||
#endif
|
||||
#if defined(HAVE_FALCON)
|
||||
@@ -112,11 +112,11 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
|
||||
pubSz);
|
||||
break;
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case ML_DSA_LEVEL2k:
|
||||
case ML_DSA_LEVEL3k:
|
||||
case ML_DSA_LEVEL5k:
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case ML_DSA_44k:
|
||||
case ML_DSA_65k:
|
||||
case ML_DSA_87k:
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
@@ -157,16 +157,16 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
|
||||
wc_ecc_free((ecc_key*)pkey);
|
||||
break;
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case ML_DSA_LEVEL2k:
|
||||
case ML_DSA_LEVEL3k:
|
||||
case ML_DSA_LEVEL5k:
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case ML_DSA_44k:
|
||||
case ML_DSA_65k:
|
||||
case ML_DSA_87k:
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
#endif
|
||||
wc_dilithium_free((dilithium_key*)pkey);
|
||||
wc_MlDsaKey_Free((wc_MlDsaKey*)pkey);
|
||||
break;
|
||||
#endif
|
||||
#if defined(HAVE_FALCON)
|
||||
|
||||
+34
-34
@@ -158,9 +158,9 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
|
||||
#ifdef HAVE_FALCON
|
||||
cm->minFalconKeySz = MIN_FALCONKEY_SZ;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
cm->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
cm->minMlDsaKeySz = MIN_MLDSAKEY_SZ;
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
}
|
||||
|
||||
/* Dispose of certificate manager on error. The reference count may not
|
||||
@@ -3145,52 +3145,52 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
|
||||
if (cm->minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_44_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA ML-DSA level 2 key size error");
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL3k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
|
||||
if (cm->minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_65_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA ML-DSA level 3 key size error");
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL5k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
|
||||
if (cm->minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_87_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA ML-DSA level 5 key size error");
|
||||
}
|
||||
break;
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
case ML_DSA_LEVEL2k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
case ML_DSA_44k:
|
||||
if (cm->minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_44_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA ML-DSA level 2 key size error");
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL3k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
|
||||
case ML_DSA_65k:
|
||||
if (cm->minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_65_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA ML-DSA level 3 key size error");
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL5k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
|
||||
case ML_DSA_87k:
|
||||
if (cm->minMlDsaKeySz < 0 ||
|
||||
WC_MLDSA_87_KEY_SIZE < (word16)cm->minMlDsaKeySz) {
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("\tCA ML-DSA level 5 key size error");
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("\tNo key size check done on CA");
|
||||
|
||||
+142
-142
@@ -919,8 +919,8 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_ASN1)
|
||||
/* See if DER data is an Dilithium private key.
|
||||
*
|
||||
* Checks size meets minimum Falcon key size.
|
||||
@@ -934,69 +934,69 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
* @param [out] keyType Type of key.
|
||||
* @param [out] keySize Size of key.
|
||||
* @return 0 on success or not a Dilithium key and format unknown.
|
||||
* @return DILITHIUM_KEY_SIZE_E when key size doesn't meet minimum required.
|
||||
* @return MLDSA_KEY_SIZE_E when key size doesn't meet minimum required.
|
||||
*/
|
||||
static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
static int ProcessBufferTryDecodeMlDsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize)
|
||||
{
|
||||
int ret;
|
||||
word32 idx;
|
||||
dilithium_key* key;
|
||||
wc_MlDsaKey* key;
|
||||
int keyFormatTemp = 0;
|
||||
int keyTypeTemp = 0;
|
||||
int keySizeTemp = 0;
|
||||
|
||||
/* Allocate a Dilithium key to parse into. */
|
||||
key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
|
||||
DYNAMIC_TYPE_DILITHIUM);
|
||||
key = (wc_MlDsaKey*)XMALLOC(sizeof(wc_MlDsaKey), heap,
|
||||
DYNAMIC_TYPE_MLDSA);
|
||||
if (key == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
/* Initialize Dilithium key. */
|
||||
ret = wc_dilithium_init(key);
|
||||
/* Initialize ML-DSA key. */
|
||||
ret = wc_MlDsaKey_Init(key, NULL, INVALID_DEVID);
|
||||
if (ret == 0) {
|
||||
/* Decode as a Dilithium private key. The FIPS wrapper for
|
||||
* wc_dilithium_import_private gates on the per-thread
|
||||
/* Decode as an ML-DSA private key. The FIPS wrapper for
|
||||
* wc_MlDsaKey_ImportPrivRaw gates on the per-thread
|
||||
* privateKeyReadEnable flag, which is unset by default in any
|
||||
* thread that hasn't called PRIVATE_KEY_UNLOCK(). Without the
|
||||
* bracket, loading a Dilithium/ML-DSA private key from a
|
||||
* worker thread fails with FIPS_PRIVATE_KEY_LOCKED_E. */
|
||||
* bracket, loading an ML-DSA private key from a worker thread
|
||||
* fails with FIPS_PRIVATE_KEY_LOCKED_E. */
|
||||
idx = 0;
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key,
|
||||
der->length);
|
||||
ret = wc_MlDsaKey_PrivateKeyDecode(key, der->buffer,
|
||||
der->length, &idx);
|
||||
PRIVATE_KEY_LOCK();
|
||||
if (ret == 0) {
|
||||
ret = dilithium_get_oid_sum(key, &keyFormatTemp);
|
||||
ret = mldsa_get_oid_sum(key, &keyFormatTemp);
|
||||
if (ret == 0) {
|
||||
/* Format is known. */
|
||||
#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
|
||||
#if defined(WOLFSSL_MLDSA_FIPS204_DRAFT)
|
||||
if (keyFormatTemp == DILITHIUM_LEVEL2k) {
|
||||
keyTypeTemp = dilithium_level2_sa_algo;
|
||||
keySizeTemp = DILITHIUM_LEVEL2_KEY_SIZE;
|
||||
keyTypeTemp = mldsa_44_sa_algo;
|
||||
keySizeTemp = WC_MLDSA_44_KEY_SIZE;
|
||||
}
|
||||
else if (keyFormatTemp == DILITHIUM_LEVEL3k) {
|
||||
keyTypeTemp = dilithium_level3_sa_algo;
|
||||
keySizeTemp = DILITHIUM_LEVEL3_KEY_SIZE;
|
||||
keyTypeTemp = mldsa_65_sa_algo;
|
||||
keySizeTemp = WC_MLDSA_65_KEY_SIZE;
|
||||
}
|
||||
else if (keyFormatTemp == DILITHIUM_LEVEL5k) {
|
||||
keyTypeTemp = dilithium_level5_sa_algo;
|
||||
keySizeTemp = DILITHIUM_LEVEL5_KEY_SIZE;
|
||||
keyTypeTemp = mldsa_87_sa_algo;
|
||||
keySizeTemp = WC_MLDSA_87_KEY_SIZE;
|
||||
}
|
||||
else
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
if (keyFormatTemp == ML_DSA_LEVEL2k) {
|
||||
keyTypeTemp = dilithium_level2_sa_algo;
|
||||
keySizeTemp = ML_DSA_LEVEL2_KEY_SIZE;
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
if (keyFormatTemp == ML_DSA_44k) {
|
||||
keyTypeTemp = mldsa_44_sa_algo;
|
||||
keySizeTemp = WC_MLDSA_44_KEY_SIZE;
|
||||
}
|
||||
else if (keyFormatTemp == ML_DSA_LEVEL3k) {
|
||||
keyTypeTemp = dilithium_level3_sa_algo;
|
||||
keySizeTemp = ML_DSA_LEVEL3_KEY_SIZE;
|
||||
else if (keyFormatTemp == ML_DSA_65k) {
|
||||
keyTypeTemp = mldsa_65_sa_algo;
|
||||
keySizeTemp = WC_MLDSA_65_KEY_SIZE;
|
||||
}
|
||||
else if (keyFormatTemp == ML_DSA_LEVEL5k) {
|
||||
keyTypeTemp = dilithium_level5_sa_algo;
|
||||
keySizeTemp = ML_DSA_LEVEL5_KEY_SIZE;
|
||||
else if (keyFormatTemp == ML_DSA_87k) {
|
||||
keyTypeTemp = mldsa_87_sa_algo;
|
||||
keySizeTemp = WC_MLDSA_87_KEY_SIZE;
|
||||
}
|
||||
else {
|
||||
ret = ALGO_ID_E;
|
||||
@@ -1006,13 +1006,13 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
if (ret == 0) {
|
||||
/* Get the minimum Dilithium key size from SSL or SSL context
|
||||
* object. */
|
||||
int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz;
|
||||
int minKeySz = ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz;
|
||||
|
||||
/* Check that the size of the Dilithium key is enough. */
|
||||
if (keySizeTemp < minKeySz) {
|
||||
WOLFSSL_MSG("Dilithium private key too small");
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
WOLFSSL_MSG("ML-DSA private key too small");
|
||||
ret = MLDSA_KEY_SIZE_E;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1023,20 +1023,20 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
}
|
||||
else if (*keyFormat == 0) {
|
||||
WOLFSSL_MSG("Not a Dilithium key");
|
||||
WOLFSSL_MSG("Not an ML-DSA key");
|
||||
/* Unknown format wasn't dilithium, so keep trying other formats. */
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* Free dynamically allocated data in key. */
|
||||
wc_dilithium_free(key);
|
||||
wc_MlDsaKey_Free(key);
|
||||
}
|
||||
|
||||
/* Dispose of allocated key. */
|
||||
XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
XFREE(key, heap, DYNAMIC_TYPE_MLDSA);
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/* Try to decode DER data is a known private key.
|
||||
*
|
||||
@@ -1161,26 +1161,26 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
matchAnyKey = 1;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_ASN1)
|
||||
/* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown.
|
||||
*/
|
||||
if ((ret == 0) &&
|
||||
((*keyFormat == 0) ||
|
||||
(*keyFormat == ML_DSA_LEVEL2k) ||
|
||||
(*keyFormat == ML_DSA_LEVEL3k) ||
|
||||
(*keyFormat == ML_DSA_LEVEL5k)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
(*keyFormat == ML_DSA_44k) ||
|
||||
(*keyFormat == ML_DSA_65k) ||
|
||||
(*keyFormat == ML_DSA_87k)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
|| (*keyFormat == DILITHIUM_LEVEL2k)
|
||||
|| (*keyFormat == DILITHIUM_LEVEL3k)
|
||||
|| (*keyFormat == DILITHIUM_LEVEL5k)
|
||||
#endif
|
||||
)) {
|
||||
ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap,
|
||||
ret = ProcessBufferTryDecodeMlDsa(ctx, ssl, der, keyFormat, heap,
|
||||
keyType, keySz);
|
||||
matchAnyKey = 1;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/* Check we know the format. */
|
||||
if ((ret == 0) &&
|
||||
@@ -1489,23 +1489,23 @@ static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
case ML_DSA_LEVEL2k:
|
||||
case ML_DSA_LEVEL3k:
|
||||
case ML_DSA_LEVEL5k:
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
case ML_DSA_44k:
|
||||
case ML_DSA_65k:
|
||||
case ML_DSA_87k:
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
#endif
|
||||
if (ssl != NULL) {
|
||||
ssl->options.haveDilithiumSig = 1;
|
||||
ssl->options.haveMlDsaSig = 1;
|
||||
}
|
||||
else {
|
||||
ctx->haveDilithiumSig = 1;
|
||||
ctx->haveMlDsaSig = 1;
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
default:
|
||||
WOLFSSL_MSG("Cert key not supported");
|
||||
break;
|
||||
@@ -1527,7 +1527,7 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
/* Reset signatures we have in SSL. */
|
||||
ssl->options.haveECDSAsig = 0;
|
||||
ssl->options.haveFalconSig = 0;
|
||||
ssl->options.haveDilithiumSig = 0;
|
||||
ssl->options.haveMlDsaSig = 0;
|
||||
}
|
||||
|
||||
/* Set which signature we have based on the type in the cert. */
|
||||
@@ -1565,21 +1565,21 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
case CTC_ML_DSA_LEVEL2:
|
||||
case CTC_ML_DSA_LEVEL3:
|
||||
case CTC_ML_DSA_LEVEL5:
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
case CTC_ML_DSA_44:
|
||||
case CTC_ML_DSA_65:
|
||||
case CTC_ML_DSA_87:
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case CTC_DILITHIUM_LEVEL2:
|
||||
case CTC_DILITHIUM_LEVEL3:
|
||||
case CTC_DILITHIUM_LEVEL5:
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
WOLFSSL_MSG("Dilithium cert signature");
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
WOLFSSL_MSG("ML-DSA cert signature");
|
||||
if (ssl) {
|
||||
ssl->options.haveDilithiumSig = 1;
|
||||
ssl->options.haveMlDsaSig = 1;
|
||||
}
|
||||
else if (ctx) {
|
||||
ctx->haveDilithiumSig = 1;
|
||||
ctx->haveMlDsaSig = 1;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
@@ -1589,7 +1589,7 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || !defined(NO_RSA)
|
||||
defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || !defined(NO_RSA)
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
|
||||
/* Set the private key curve OID. */
|
||||
if (ssl != NULL) {
|
||||
@@ -1754,70 +1754,70 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
keyType = dilithium_level2_sa_algo;
|
||||
keyType = mldsa_44_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = DILITHIUM_LEVEL2_KEY_SIZE;
|
||||
keySz = WC_MLDSA_44_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL3k:
|
||||
keyType = dilithium_level3_sa_algo;
|
||||
keyType = mldsa_65_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = DILITHIUM_LEVEL3_KEY_SIZE;
|
||||
keySz = WC_MLDSA_65_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL5k:
|
||||
keyType = dilithium_level5_sa_algo;
|
||||
keyType = mldsa_87_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = DILITHIUM_LEVEL5_KEY_SIZE;
|
||||
keySz = WC_MLDSA_87_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
case ML_DSA_LEVEL2k:
|
||||
keyType = dilithium_level2_sa_algo;
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
case ML_DSA_44k:
|
||||
keyType = mldsa_44_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = ML_DSA_LEVEL2_KEY_SIZE;
|
||||
keySz = WC_MLDSA_44_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL3k:
|
||||
keyType = dilithium_level3_sa_algo;
|
||||
case ML_DSA_65k:
|
||||
keyType = mldsa_65_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = ML_DSA_LEVEL3_KEY_SIZE;
|
||||
keySz = WC_MLDSA_65_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL5k:
|
||||
keyType = dilithium_level5_sa_algo;
|
||||
case ML_DSA_87k:
|
||||
keyType = mldsa_87_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = ML_DSA_LEVEL5_KEY_SIZE;
|
||||
keySz = WC_MLDSA_87_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("No key size check done on public key in certificate");
|
||||
@@ -1964,70 +1964,70 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
keyType = dilithium_level2_sa_algo;
|
||||
keyType = mldsa_44_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = DILITHIUM_LEVEL2_KEY_SIZE;
|
||||
keySz = WC_MLDSA_44_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL3k:
|
||||
keyType = dilithium_level3_sa_algo;
|
||||
keyType = mldsa_65_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = DILITHIUM_LEVEL3_KEY_SIZE;
|
||||
keySz = WC_MLDSA_65_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL5k:
|
||||
keyType = dilithium_level5_sa_algo;
|
||||
keyType = mldsa_87_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = DILITHIUM_LEVEL5_KEY_SIZE;
|
||||
keySz = WC_MLDSA_87_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
case ML_DSA_LEVEL2k:
|
||||
keyType = dilithium_level2_sa_algo;
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
case ML_DSA_44k:
|
||||
keyType = mldsa_44_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = ML_DSA_LEVEL2_KEY_SIZE;
|
||||
keySz = WC_MLDSA_44_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL3k:
|
||||
keyType = dilithium_level3_sa_algo;
|
||||
case ML_DSA_65k:
|
||||
keyType = mldsa_65_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = ML_DSA_LEVEL3_KEY_SIZE;
|
||||
keySz = WC_MLDSA_65_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
case ML_DSA_LEVEL5k:
|
||||
keyType = dilithium_level5_sa_algo;
|
||||
case ML_DSA_87k:
|
||||
keyType = mldsa_87_sa_algo;
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = ML_DSA_LEVEL5_KEY_SIZE;
|
||||
keySz = WC_MLDSA_87_KEY_SIZE;
|
||||
if (checkKeySz) {
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||
DILITHIUM_KEY_SIZE_E);
|
||||
ret = CHECK_KEY_SZ(ssl ? ssl->options.minMlDsaKeySz :
|
||||
ctx->minMlDsaKeySz, MLDSA_MAX_KEY_SIZE, keySz,
|
||||
MLDSA_KEY_SIZE_E);
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
default:
|
||||
/* In this case, there was an OID that we didn't recognize.
|
||||
|
||||
+158
-159
@@ -183,7 +183,7 @@ static const byte
|
||||
|
||||
#ifndef NO_CERTS
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
|
||||
static WC_INLINE int GetMsgHash(WOLFSSL* ssl, byte* hash);
|
||||
|
||||
@@ -8507,7 +8507,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
|
||||
#ifndef NO_CERTS
|
||||
#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \
|
||||
(!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA))
|
||||
/* Encode the signature algorithm into buffer.
|
||||
*
|
||||
* hashalgo The hash algorithm.
|
||||
@@ -8592,18 +8592,18 @@ static WC_INLINE void EncodeSigAlg(const WOLFSSL * ssl, byte hashAlgo,
|
||||
output[1] = FALCON_LEVEL5_SA_MINOR;
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
case dilithium_level2_sa_algo:
|
||||
output[0] = DILITHIUM_LEVEL2_SA_MAJOR;
|
||||
output[1] = DILITHIUM_LEVEL2_SA_MINOR;
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
case mldsa_44_sa_algo:
|
||||
output[0] = MLDSA_44_SA_MAJOR;
|
||||
output[1] = MLDSA_44_SA_MINOR;
|
||||
break;
|
||||
case dilithium_level3_sa_algo:
|
||||
output[0] = DILITHIUM_LEVEL3_SA_MAJOR;
|
||||
output[1] = DILITHIUM_LEVEL3_SA_MINOR;
|
||||
case mldsa_65_sa_algo:
|
||||
output[0] = MLDSA_65_SA_MAJOR;
|
||||
output[1] = MLDSA_65_SA_MINOR;
|
||||
break;
|
||||
case dilithium_level5_sa_algo:
|
||||
output[0] = DILITHIUM_LEVEL5_SA_MAJOR;
|
||||
output[1] = DILITHIUM_LEVEL5_SA_MINOR;
|
||||
case mldsa_87_sa_algo:
|
||||
output[0] = MLDSA_87_SA_MAJOR;
|
||||
output[1] = MLDSA_87_SA_MINOR;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
@@ -8613,24 +8613,24 @@ static WC_INLINE void EncodeSigAlg(const WOLFSSL * ssl, byte hashAlgo,
|
||||
#endif
|
||||
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
||||
/* These match up with what the OQS team has defined. */
|
||||
#define HYBRID_SA_MAJOR 0xFE
|
||||
#define HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR 0xA1
|
||||
#define HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR 0xA2
|
||||
#define HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR 0xA4
|
||||
#define HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR 0xA6
|
||||
#define HYBRID_P256_MLDSA_44_SA_MINOR 0xA1
|
||||
#define HYBRID_RSA3072_MLDSA_44_SA_MINOR 0xA2
|
||||
#define HYBRID_P384_MLDSA_65_SA_MINOR 0xA4
|
||||
#define HYBRID_P521_MLDSA_87_SA_MINOR 0xA6
|
||||
/* Falcon hybrid codepoints aligned with oqs-provider. */
|
||||
#define HYBRID_P256_FALCON_LEVEL1_SA_MINOR 0xD8
|
||||
#define HYBRID_RSA3072_FALCON_LEVEL1_SA_MINOR 0xD9
|
||||
#define HYBRID_P521_FALCON_LEVEL5_SA_MINOR 0xDB
|
||||
|
||||
/* Custom defined ones for PQC first */
|
||||
#define HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR 0xD1
|
||||
#define HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR 0xD2
|
||||
#define HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR 0xD3
|
||||
#define HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR 0xD4
|
||||
#define HYBRID_MLDSA_44_P256_SA_MINOR 0xD1
|
||||
#define HYBRID_MLDSA_44_RSA3072_SA_MINOR 0xD2
|
||||
#define HYBRID_MLDSA_65_P384_SA_MINOR 0xD3
|
||||
#define HYBRID_MLDSA_87_P521_SA_MINOR 0xD4
|
||||
#define HYBRID_FALCON_LEVEL1_P256_SA_MINOR 0xD5
|
||||
#define HYBRID_FALCON_LEVEL1_RSA3072_SA_MINOR 0xD6
|
||||
#define HYBRID_FALCON_LEVEL5_P521_SA_MINOR 0xD7
|
||||
@@ -8642,20 +8642,20 @@ static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output)
|
||||
output[0] = 0x0;
|
||||
output[1] = 0x0;
|
||||
|
||||
if (sigAlg == ecc_dsa_sa_algo && altSigAlg == dilithium_level2_sa_algo) {
|
||||
output[1] = HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR;
|
||||
if (sigAlg == ecc_dsa_sa_algo && altSigAlg == mldsa_44_sa_algo) {
|
||||
output[1] = HYBRID_P256_MLDSA_44_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == rsa_pss_sa_algo &&
|
||||
altSigAlg == dilithium_level2_sa_algo) {
|
||||
output[1] = HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR;
|
||||
altSigAlg == mldsa_44_sa_algo) {
|
||||
output[1] = HYBRID_RSA3072_MLDSA_44_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == ecc_dsa_sa_algo &&
|
||||
altSigAlg == dilithium_level3_sa_algo) {
|
||||
output[1] = HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR;
|
||||
altSigAlg == mldsa_65_sa_algo) {
|
||||
output[1] = HYBRID_P384_MLDSA_65_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == ecc_dsa_sa_algo &&
|
||||
altSigAlg == dilithium_level5_sa_algo) {
|
||||
output[1] = HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR;
|
||||
altSigAlg == mldsa_87_sa_algo) {
|
||||
output[1] = HYBRID_P521_MLDSA_87_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == ecc_dsa_sa_algo &&
|
||||
altSigAlg == falcon_level1_sa_algo) {
|
||||
@@ -8669,21 +8669,21 @@ static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output)
|
||||
altSigAlg == falcon_level5_sa_algo) {
|
||||
output[1] = HYBRID_P521_FALCON_LEVEL5_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == dilithium_level2_sa_algo &&
|
||||
else if (sigAlg == mldsa_44_sa_algo &&
|
||||
altSigAlg == ecc_dsa_sa_algo) {
|
||||
output[1] = HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR;
|
||||
output[1] = HYBRID_MLDSA_44_P256_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == dilithium_level2_sa_algo &&
|
||||
else if (sigAlg == mldsa_44_sa_algo &&
|
||||
altSigAlg == rsa_pss_sa_algo) {
|
||||
output[1] = HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR;
|
||||
output[1] = HYBRID_MLDSA_44_RSA3072_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == dilithium_level3_sa_algo &&
|
||||
else if (sigAlg == mldsa_65_sa_algo &&
|
||||
altSigAlg == ecc_dsa_sa_algo) {
|
||||
output[1] = HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR;
|
||||
output[1] = HYBRID_MLDSA_65_P384_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == dilithium_level5_sa_algo &&
|
||||
else if (sigAlg == mldsa_87_sa_algo &&
|
||||
altSigAlg == ecc_dsa_sa_algo) {
|
||||
output[1] = HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR;
|
||||
output[1] = HYBRID_MLDSA_87_P521_SA_MINOR;
|
||||
}
|
||||
else if (sigAlg == falcon_level1_sa_algo &&
|
||||
altSigAlg == ecc_dsa_sa_algo) {
|
||||
@@ -8806,18 +8806,18 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
|
||||
ret = INVALID_PARAMETER;
|
||||
break;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case DILITHIUM_SA_MAJOR:
|
||||
if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
|
||||
*hsType = dilithium_level2_sa_algo;
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case MLDSA_SA_MAJOR:
|
||||
if (input[1] == MLDSA_44_SA_MINOR) {
|
||||
*hsType = mldsa_44_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
*hashAlgo = sha512_mac;
|
||||
} else if (input[1] == DILITHIUM_LEVEL3_SA_MINOR) {
|
||||
*hsType = dilithium_level3_sa_algo;
|
||||
} else if (input[1] == MLDSA_65_SA_MINOR) {
|
||||
*hsType = mldsa_65_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
*hashAlgo = sha512_mac;
|
||||
} else if (input[1] == DILITHIUM_LEVEL5_SA_MINOR) {
|
||||
*hsType = dilithium_level5_sa_algo;
|
||||
} else if (input[1] == MLDSA_87_SA_MINOR) {
|
||||
*hsType = mldsa_87_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
*hashAlgo = sha512_mac;
|
||||
}
|
||||
@@ -8826,7 +8826,7 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
|
||||
ret = INVALID_PARAMETER;
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
default:
|
||||
*hashAlgo = input[0];
|
||||
*hsType = input[1];
|
||||
@@ -8852,25 +8852,25 @@ static WC_INLINE int DecodeTls13HybridSigAlg(byte* input, byte* hashAlg,
|
||||
return INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (input[1] == HYBRID_P256_DILITHIUM_LEVEL2_SA_MINOR) {
|
||||
if (input[1] == HYBRID_P256_MLDSA_44_SA_MINOR) {
|
||||
*sigAlg = ecc_dsa_sa_algo;
|
||||
*hashAlg = sha256_mac;
|
||||
*altSigAlg = dilithium_level2_sa_algo;
|
||||
*altSigAlg = mldsa_44_sa_algo;
|
||||
}
|
||||
else if (input[1] == HYBRID_RSA3072_DILITHIUM_LEVEL2_SA_MINOR) {
|
||||
else if (input[1] == HYBRID_RSA3072_MLDSA_44_SA_MINOR) {
|
||||
*sigAlg = rsa_pss_sa_algo;
|
||||
*hashAlg = sha256_mac;
|
||||
*altSigAlg = dilithium_level2_sa_algo;
|
||||
*altSigAlg = mldsa_44_sa_algo;
|
||||
}
|
||||
else if (input[1] == HYBRID_P384_DILITHIUM_LEVEL3_SA_MINOR) {
|
||||
else if (input[1] == HYBRID_P384_MLDSA_65_SA_MINOR) {
|
||||
*sigAlg = ecc_dsa_sa_algo;
|
||||
*hashAlg = sha384_mac;
|
||||
*altSigAlg = dilithium_level3_sa_algo;
|
||||
*altSigAlg = mldsa_65_sa_algo;
|
||||
}
|
||||
else if (input[1] == HYBRID_P521_DILITHIUM_LEVEL5_SA_MINOR) {
|
||||
else if (input[1] == HYBRID_P521_MLDSA_87_SA_MINOR) {
|
||||
*sigAlg = ecc_dsa_sa_algo;
|
||||
*hashAlg = sha512_mac;
|
||||
*altSigAlg = dilithium_level5_sa_algo;
|
||||
*altSigAlg = mldsa_87_sa_algo;
|
||||
}
|
||||
else if (input[1] == HYBRID_P256_FALCON_LEVEL1_SA_MINOR) {
|
||||
*sigAlg = ecc_dsa_sa_algo;
|
||||
@@ -8887,23 +8887,23 @@ static WC_INLINE int DecodeTls13HybridSigAlg(byte* input, byte* hashAlg,
|
||||
*hashAlg = sha512_mac;
|
||||
*altSigAlg = falcon_level5_sa_algo;
|
||||
}
|
||||
else if (input[1] == HYBRID_DILITHIUM_LEVEL2_P256_SA_MINOR) {
|
||||
*sigAlg = dilithium_level2_sa_algo;
|
||||
else if (input[1] == HYBRID_MLDSA_44_P256_SA_MINOR) {
|
||||
*sigAlg = mldsa_44_sa_algo;
|
||||
*hashAlg = sha256_mac;
|
||||
*altSigAlg = ecc_dsa_sa_algo;
|
||||
}
|
||||
else if (input[1] == HYBRID_DILITHIUM_LEVEL2_RSA3072_SA_MINOR) {
|
||||
*sigAlg = dilithium_level2_sa_algo;
|
||||
else if (input[1] == HYBRID_MLDSA_44_RSA3072_SA_MINOR) {
|
||||
*sigAlg = mldsa_44_sa_algo;
|
||||
*hashAlg = sha256_mac;
|
||||
*altSigAlg = rsa_pss_sa_algo;
|
||||
}
|
||||
else if (input[1] == HYBRID_DILITHIUM_LEVEL3_P384_SA_MINOR) {
|
||||
*sigAlg = dilithium_level3_sa_algo;
|
||||
else if (input[1] == HYBRID_MLDSA_65_P384_SA_MINOR) {
|
||||
*sigAlg = mldsa_65_sa_algo;
|
||||
*hashAlg = sha384_mac;
|
||||
*altSigAlg = ecc_dsa_sa_algo;
|
||||
}
|
||||
else if (input[1] == HYBRID_DILITHIUM_LEVEL5_P521_SA_MINOR) {
|
||||
*sigAlg = dilithium_level5_sa_algo;
|
||||
else if (input[1] == HYBRID_MLDSA_87_P521_SA_MINOR) {
|
||||
*sigAlg = mldsa_87_sa_algo;
|
||||
*hashAlg = sha512_mac;
|
||||
*altSigAlg = ecc_dsa_sa_algo;
|
||||
}
|
||||
@@ -9769,7 +9769,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
|
||||
|
||||
#if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || \
|
||||
defined(HAVE_DILITHIUM)) && \
|
||||
defined(WOLFSSL_HAVE_MLDSA)) && \
|
||||
(!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
|
||||
typedef struct Scv13Args {
|
||||
byte* output; /* not allocated */
|
||||
@@ -10021,11 +10021,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
args->sigAlgo = ssl->buffers.keyType;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
else if (ssl->hsType == DYNAMIC_TYPE_MLDSA) {
|
||||
args->sigAlgo = ssl->buffers.keyType;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
else {
|
||||
ERROR_OUT(ALGO_ID_E, exit_scv);
|
||||
}
|
||||
@@ -10057,9 +10057,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
if (ssl->buffers.altKeyType == ecc_dsa_sa_algo ||
|
||||
ssl->buffers.altKeyType == falcon_level1_sa_algo ||
|
||||
ssl->buffers.altKeyType == falcon_level5_sa_algo ||
|
||||
ssl->buffers.altKeyType == dilithium_level2_sa_algo ||
|
||||
ssl->buffers.altKeyType == dilithium_level3_sa_algo ||
|
||||
ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
|
||||
ssl->buffers.altKeyType == mldsa_44_sa_algo ||
|
||||
ssl->buffers.altKeyType == mldsa_65_sa_algo ||
|
||||
ssl->buffers.altKeyType == mldsa_87_sa_algo) {
|
||||
args->altSigAlgo = ssl->buffers.altKeyType;
|
||||
}
|
||||
else if (ssl->buffers.altKeyType == rsa_sa_algo &&
|
||||
@@ -10187,11 +10187,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
args->sigLen = FALCON_MAX_SIG_SIZE;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
args->sigLen = DILITHIUM_MAX_SIG_SIZE;
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
if (ssl->hsType == DYNAMIC_TYPE_MLDSA) {
|
||||
args->sigLen = MLDSA_MAX_SIG_SIZE;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
||||
if (ssl->sigSpec != NULL &&
|
||||
@@ -10306,16 +10306,15 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
args->length = (word16)args->sigLen;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->sigData,
|
||||
args->sigDataSz, sigOut,
|
||||
&args->sigLen,
|
||||
(dilithium_key*)ssl->hsKey,
|
||||
ssl->rng);
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
if (ssl->hsType == DYNAMIC_TYPE_MLDSA) {
|
||||
ret = wc_MlDsaKey_SignCtx((wc_MlDsaKey*)ssl->hsKey, NULL, 0,
|
||||
sigOut, &args->sigLen,
|
||||
args->sigData, args->sigDataSz,
|
||||
ssl->rng);
|
||||
args->length = (word16)args->sigLen;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
|
||||
!defined(WOLFSSL_RSA_VERIFY_ONLY)
|
||||
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
|
||||
@@ -10404,13 +10403,13 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
ssl->rng);
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->altSigData,
|
||||
args->altSigDataSz, sigOut, &args->altSigLen,
|
||||
(dilithium_key*)ssl->hsAltKey, ssl->rng);
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
if (ssl->hsAltType == DYNAMIC_TYPE_MLDSA) {
|
||||
ret = wc_MlDsaKey_SignCtx((wc_MlDsaKey*)ssl->hsAltKey,
|
||||
NULL, 0, sigOut, &args->altSigLen,
|
||||
args->altSigData, args->altSigDataSz, ssl->rng);
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/* Check for error */
|
||||
if (ret != 0) {
|
||||
@@ -10779,36 +10778,36 @@ static int decodeEccKey(WOLFSSL* ssl)
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
|
||||
* dilithium public key. Convert it into a usable public key. */
|
||||
static int decodeDilithiumKey(WOLFSSL* ssl, int level)
|
||||
* ML-DSA public key. Convert it into a usable public key. */
|
||||
static int decodeMlDsaKey(WOLFSSL* ssl, int level)
|
||||
{
|
||||
int keyRet;
|
||||
word32 tmpIdx = 0;
|
||||
|
||||
if (ssl->peerDilithiumKeyPresent)
|
||||
if (ssl->peerMlDsaKeyPresent)
|
||||
return INVALID_PARAMETER;
|
||||
|
||||
keyRet = AllocKey(ssl, DYNAMIC_TYPE_DILITHIUM,
|
||||
(void**)&ssl->peerDilithiumKey);
|
||||
keyRet = AllocKey(ssl, DYNAMIC_TYPE_MLDSA,
|
||||
(void**)&ssl->peerMlDsaKey);
|
||||
if (keyRet != 0)
|
||||
return PEER_KEY_ERROR;
|
||||
|
||||
ssl->peerDilithiumKeyPresent = 1;
|
||||
keyRet = wc_dilithium_set_level(ssl->peerDilithiumKey, level);
|
||||
ssl->peerMlDsaKeyPresent = 1;
|
||||
keyRet = wc_MlDsaKey_SetParams(ssl->peerMlDsaKey, level);
|
||||
if (keyRet != 0)
|
||||
return PEER_KEY_ERROR;
|
||||
|
||||
keyRet = wc_Dilithium_PublicKeyDecode(ssl->peerCert.sapkiDer, &tmpIdx,
|
||||
ssl->peerDilithiumKey,
|
||||
ssl->peerCert.sapkiLen);
|
||||
keyRet = wc_MlDsaKey_PublicKeyDecode(ssl->peerMlDsaKey,
|
||||
ssl->peerCert.sapkiDer,
|
||||
ssl->peerCert.sapkiLen, &tmpIdx);
|
||||
if (keyRet != 0)
|
||||
return PEER_KEY_ERROR;
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
#ifdef HAVE_FALCON
|
||||
/* ssl->peerCert->sapkiDer is the alternative public key. Hopefully it is a
|
||||
@@ -11014,15 +11013,15 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
ret = decodeEccKey(ssl);
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
case dilithium_level2_sa_algo:
|
||||
ret = decodeDilithiumKey(ssl, WC_ML_DSA_44);
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
case mldsa_44_sa_algo:
|
||||
ret = decodeMlDsaKey(ssl, WC_ML_DSA_44);
|
||||
break;
|
||||
case dilithium_level3_sa_algo:
|
||||
ret = decodeDilithiumKey(ssl, WC_ML_DSA_65);
|
||||
case mldsa_65_sa_algo:
|
||||
ret = decodeMlDsaKey(ssl, WC_ML_DSA_65);
|
||||
break;
|
||||
case dilithium_level5_sa_algo:
|
||||
ret = decodeDilithiumKey(ssl, WC_ML_DSA_87);
|
||||
case mldsa_87_sa_algo:
|
||||
ret = decodeMlDsaKey(ssl, WC_ML_DSA_87);
|
||||
break;
|
||||
#endif
|
||||
#ifdef HAVE_FALCON
|
||||
@@ -11058,14 +11057,14 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
ssl->peerEccDsaKeyPresent = 0;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if (ssl->peerDilithiumKeyPresent &&
|
||||
sa != dilithium_level2_sa_algo &&
|
||||
sa != dilithium_level3_sa_algo &&
|
||||
sa != dilithium_level5_sa_algo) {
|
||||
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
|
||||
(void**)&ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
else if (ssl->peerMlDsaKeyPresent &&
|
||||
sa != mldsa_44_sa_algo &&
|
||||
sa != mldsa_65_sa_algo &&
|
||||
sa != mldsa_87_sa_algo) {
|
||||
FreeKey(ssl, DYNAMIC_TYPE_MLDSA,
|
||||
(void**)&ssl->peerMlDsaKey);
|
||||
ssl->peerMlDsaKeyPresent = 0;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_FALCON
|
||||
@@ -11127,21 +11126,21 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
ssl->peerFalconKeyPresent;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
if (ssl->options.peerSigAlgo == dilithium_level2_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent Dilithium Level 2 sig");
|
||||
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
|
||||
ssl->peerDilithiumKeyPresent;
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (ssl->options.peerSigAlgo == mldsa_44_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent ML-DSA Level 2 sig");
|
||||
validSigAlgo = (ssl->peerMlDsaKey != NULL) &&
|
||||
ssl->peerMlDsaKeyPresent;
|
||||
}
|
||||
if (ssl->options.peerSigAlgo == dilithium_level3_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent Dilithium Level 3 sig");
|
||||
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
|
||||
ssl->peerDilithiumKeyPresent;
|
||||
if (ssl->options.peerSigAlgo == mldsa_65_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent ML-DSA Level 3 sig");
|
||||
validSigAlgo = (ssl->peerMlDsaKey != NULL) &&
|
||||
ssl->peerMlDsaKeyPresent;
|
||||
}
|
||||
if (ssl->options.peerSigAlgo == dilithium_level5_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent Dilithium Level 5 sig");
|
||||
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
|
||||
ssl->peerDilithiumKeyPresent;
|
||||
if (ssl->options.peerSigAlgo == mldsa_87_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent ML-DSA Level 5 sig");
|
||||
validSigAlgo = (ssl->peerMlDsaKey != NULL) &&
|
||||
ssl->peerMlDsaKeyPresent;
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
@@ -11425,32 +11424,32 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
if (((ssl->options.peerSigAlgo == dilithium_level2_sa_algo) ||
|
||||
(ssl->options.peerSigAlgo == dilithium_level3_sa_algo) ||
|
||||
(ssl->options.peerSigAlgo == dilithium_level5_sa_algo)) &&
|
||||
(ssl->peerDilithiumKeyPresent)) {
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
if (((ssl->options.peerSigAlgo == mldsa_44_sa_algo) ||
|
||||
(ssl->options.peerSigAlgo == mldsa_65_sa_algo) ||
|
||||
(ssl->options.peerSigAlgo == mldsa_87_sa_algo)) &&
|
||||
(ssl->peerMlDsaKeyPresent)) {
|
||||
int res = 0;
|
||||
WOLFSSL_MSG("Doing Dilithium peer cert verify");
|
||||
ret = wc_dilithium_verify_ctx_msg(sig, args->sigSz, NULL, 0,
|
||||
args->sigData, args->sigDataSz,
|
||||
&res, ssl->peerDilithiumKey);
|
||||
WOLFSSL_MSG("Doing ML-DSA peer cert verify");
|
||||
ret = wc_MlDsaKey_VerifyCtx(ssl->peerMlDsaKey, sig, args->sigSz,
|
||||
NULL, 0, args->sigData,
|
||||
args->sigDataSz, &res);
|
||||
|
||||
if ((ret >= 0) && (res == 1)) {
|
||||
/* CLIENT/SERVER: data verified with public key from
|
||||
* certificate. */
|
||||
ssl->options.peerAuthGood = 1;
|
||||
|
||||
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
|
||||
(void**)&ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
FreeKey(ssl, DYNAMIC_TYPE_MLDSA,
|
||||
(void**)&ssl->peerMlDsaKey);
|
||||
ssl->peerMlDsaKeyPresent = 0;
|
||||
}
|
||||
else if ((ret >= 0) && (res == 0)) {
|
||||
WOLFSSL_MSG("Dilithium signature verification failed");
|
||||
WOLFSSL_MSG("ML-DSA signature verification failed");
|
||||
ret = SIG_VERIFY_E;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/* Check for error */
|
||||
if (ret != 0) {
|
||||
@@ -11535,33 +11534,33 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
if (((args->altSigAlgo == dilithium_level2_sa_algo) ||
|
||||
(args->altSigAlgo == dilithium_level3_sa_algo) ||
|
||||
(args->altSigAlgo == dilithium_level5_sa_algo)) &&
|
||||
(ssl->peerDilithiumKeyPresent)) {
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
if (((args->altSigAlgo == mldsa_44_sa_algo) ||
|
||||
(args->altSigAlgo == mldsa_65_sa_algo) ||
|
||||
(args->altSigAlgo == mldsa_87_sa_algo)) &&
|
||||
(ssl->peerMlDsaKeyPresent)) {
|
||||
int res = 0;
|
||||
WOLFSSL_MSG("Doing Dilithium peer cert alt verify");
|
||||
ret = wc_dilithium_verify_ctx_msg(sig, args->altSignatureSz,
|
||||
NULL, 0, args->altSigData,
|
||||
args->altSigDataSz, &res,
|
||||
ssl->peerDilithiumKey);
|
||||
WOLFSSL_MSG("Doing ML-DSA peer cert alt verify");
|
||||
ret = wc_MlDsaKey_VerifyCtx(ssl->peerMlDsaKey, sig,
|
||||
args->altSignatureSz, NULL, 0,
|
||||
args->altSigData,
|
||||
args->altSigDataSz, &res);
|
||||
|
||||
if ((ret >= 0) && (res == 1)) {
|
||||
/* CLIENT/SERVER: data verified with public key from
|
||||
* certificate. */
|
||||
args->altPeerAuthGood = 1;
|
||||
|
||||
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM,
|
||||
(void**)&ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
FreeKey(ssl, DYNAMIC_TYPE_MLDSA,
|
||||
(void**)&ssl->peerMlDsaKey);
|
||||
ssl->peerMlDsaKeyPresent = 0;
|
||||
}
|
||||
else if ((ret >= 0) && (res == 0)) {
|
||||
WOLFSSL_MSG("Dilithium signature verification failed");
|
||||
WOLFSSL_MSG("ML-DSA signature verification failed");
|
||||
ret = SIG_VERIFY_E;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/* Check for error */
|
||||
if (ret != 0) {
|
||||
@@ -13683,7 +13682,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
#endif
|
||||
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
case certificate_verify:
|
||||
WOLFSSL_MSG("processing certificate verify");
|
||||
ret = DoTls13CertificateVerify(ssl, input, inOutIdx, size);
|
||||
@@ -14374,7 +14373,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
case FIRST_REPLY_THIRD:
|
||||
#if (!defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
|
||||
defined(HAVE_ED25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))) && \
|
||||
defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA))) && \
|
||||
(!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
|
||||
if (!ssl->options.resuming && ssl->options.sendVerify) {
|
||||
ssl->error = SendTls13CertificateVerify(ssl);
|
||||
@@ -15558,7 +15557,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
|
||||
case TLS13_CERT_SENT :
|
||||
#if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
|
||||
defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \
|
||||
defined(HAVE_DILITHIUM))
|
||||
defined(WOLFSSL_HAVE_MLDSA))
|
||||
if (!ssl->options.resuming && ssl->options.sendVerify) {
|
||||
if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
|
||||
+44
-44
@@ -6405,10 +6405,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
|
||||
else if (x509->pubKeyOID == DSAk) {
|
||||
key->type = WC_EVP_PKEY_DSA;
|
||||
}
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if (x509->pubKeyOID == ML_DSA_LEVEL2k ||
|
||||
x509->pubKeyOID == ML_DSA_LEVEL3k ||
|
||||
x509->pubKeyOID == ML_DSA_LEVEL5k) {
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
else if (x509->pubKeyOID == ML_DSA_44k ||
|
||||
x509->pubKeyOID == ML_DSA_65k ||
|
||||
x509->pubKeyOID == ML_DSA_87k) {
|
||||
key->type = WC_EVP_PKEY_DILITHIUM;
|
||||
}
|
||||
#endif
|
||||
@@ -12258,8 +12258,8 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
|
||||
#if defined(HAVE_FALCON)
|
||||
falcon_key* falcon = NULL;
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
dilithium_key* dilithium = NULL;
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
wc_MlDsaKey* mldsa = NULL;
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA)
|
||||
SlhDsaKey* slhdsa = NULL;
|
||||
@@ -12429,68 +12429,68 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
|
||||
key = (void*)falcon;
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
|
||||
(x509->pubKeyOID == ML_DSA_LEVEL3k) ||
|
||||
(x509->pubKeyOID == ML_DSA_LEVEL5k)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
if ((x509->pubKeyOID == ML_DSA_44k) ||
|
||||
(x509->pubKeyOID == ML_DSA_65k) ||
|
||||
(x509->pubKeyOID == ML_DSA_87k)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
|| (x509->pubKeyOID == DILITHIUM_LEVEL2k)
|
||||
|| (x509->pubKeyOID == DILITHIUM_LEVEL3k)
|
||||
|| (x509->pubKeyOID == DILITHIUM_LEVEL5k)
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
) {
|
||||
dilithium = (dilithium_key*)XMALLOC(sizeof(dilithium_key), NULL,
|
||||
DYNAMIC_TYPE_DILITHIUM);
|
||||
if (dilithium == NULL) {
|
||||
WOLFSSL_MSG("Failed to allocate memory for dilithium_key");
|
||||
mldsa = (wc_MlDsaKey*)XMALLOC(sizeof(wc_MlDsaKey), NULL,
|
||||
DYNAMIC_TYPE_MLDSA);
|
||||
if (mldsa == NULL) {
|
||||
WOLFSSL_MSG("Failed to allocate memory for wc_MlDsaKey");
|
||||
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
ret = wc_dilithium_init(dilithium);
|
||||
ret = wc_MlDsaKey_Init(mldsa, NULL, INVALID_DEVID);
|
||||
if (ret != 0) {
|
||||
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
|
||||
XFREE(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
|
||||
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (x509->pubKeyOID == ML_DSA_LEVEL2k) {
|
||||
type = ML_DSA_LEVEL2_TYPE;
|
||||
wc_dilithium_set_level(dilithium, WC_ML_DSA_44);
|
||||
if (x509->pubKeyOID == ML_DSA_44k) {
|
||||
type = ML_DSA_44_TYPE;
|
||||
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_44);
|
||||
}
|
||||
else if (x509->pubKeyOID == ML_DSA_LEVEL3k) {
|
||||
type = ML_DSA_LEVEL3_TYPE;
|
||||
wc_dilithium_set_level(dilithium, WC_ML_DSA_65);
|
||||
else if (x509->pubKeyOID == ML_DSA_65k) {
|
||||
type = ML_DSA_65_TYPE;
|
||||
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_65);
|
||||
}
|
||||
else if (x509->pubKeyOID == ML_DSA_LEVEL5k) {
|
||||
type = ML_DSA_LEVEL5_TYPE;
|
||||
wc_dilithium_set_level(dilithium, WC_ML_DSA_87);
|
||||
else if (x509->pubKeyOID == ML_DSA_87k) {
|
||||
type = ML_DSA_87_TYPE;
|
||||
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_87);
|
||||
}
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
else if (x509->pubKeyOID == DILITHIUM_LEVEL2k) {
|
||||
type = DILITHIUM_LEVEL2_TYPE;
|
||||
wc_dilithium_set_level(dilithium, WC_ML_DSA_44_DRAFT);
|
||||
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_44_DRAFT);
|
||||
}
|
||||
else if (x509->pubKeyOID == DILITHIUM_LEVEL3k) {
|
||||
type = DILITHIUM_LEVEL3_TYPE;
|
||||
wc_dilithium_set_level(dilithium, WC_ML_DSA_65_DRAFT);
|
||||
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_65_DRAFT);
|
||||
}
|
||||
else if (x509->pubKeyOID == DILITHIUM_LEVEL5k) {
|
||||
type = DILITHIUM_LEVEL5_TYPE;
|
||||
wc_dilithium_set_level(dilithium, WC_ML_DSA_87_DRAFT);
|
||||
wc_MlDsaKey_SetParams(mldsa, WC_ML_DSA_87_DRAFT);
|
||||
}
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
|
||||
ret = wc_Dilithium_PublicKeyDecode(x509->pubKey.buffer, &idx,
|
||||
dilithium, x509->pubKey.length);
|
||||
ret = wc_MlDsaKey_PublicKeyDecode(mldsa, x509->pubKey.buffer,
|
||||
x509->pubKey.length, &idx);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_ERROR_VERBOSE(ret);
|
||||
wc_dilithium_free(dilithium);
|
||||
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
|
||||
wc_MlDsaKey_Free(mldsa);
|
||||
XFREE(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
|
||||
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
|
||||
return ret;
|
||||
}
|
||||
key = (void*)dilithium;
|
||||
key = (void*)mldsa;
|
||||
}
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA)
|
||||
@@ -12654,18 +12654,18 @@ cleanup:
|
||||
XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
|
||||
(x509->pubKeyOID == ML_DSA_LEVEL3k) ||
|
||||
(x509->pubKeyOID == ML_DSA_LEVEL5k)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
if ((x509->pubKeyOID == ML_DSA_44k) ||
|
||||
(x509->pubKeyOID == ML_DSA_65k) ||
|
||||
(x509->pubKeyOID == ML_DSA_87k)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
|| (x509->pubKeyOID == DILITHIUM_LEVEL2k)
|
||||
|| (x509->pubKeyOID == DILITHIUM_LEVEL3k)
|
||||
|| (x509->pubKeyOID == DILITHIUM_LEVEL5k)
|
||||
#endif
|
||||
) {
|
||||
wc_dilithium_free(dilithium);
|
||||
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
|
||||
wc_MlDsaKey_Free(mldsa);
|
||||
XFREE(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
|
||||
}
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA)
|
||||
|
||||
+70
-70
@@ -169,8 +169,8 @@
|
||||
#include <sys/uio.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#include <wolfssl/wolfcrypt/wc_mldsa.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_MLKEM)
|
||||
#include <wolfssl/wolfcrypt/wc_mlkem.h>
|
||||
@@ -1561,11 +1561,11 @@ static int test_dual_alg_crit_ext_support(void)
|
||||
static int test_dual_alg_ecdsa_mldsa(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_DUAL_ALG_CERTS) && defined(HAVE_DILITHIUM) && \
|
||||
#if defined(WOLFSSL_DUAL_ALG_CERTS) && defined(WOLFSSL_HAVE_MLDSA) && \
|
||||
defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK)
|
||||
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK)
|
||||
WOLFSSL_CERT_MANAGER * cm = NULL;
|
||||
wc_MlDsaKey alt_ca_key;
|
||||
ecc_key ca_key;
|
||||
@@ -1660,8 +1660,8 @@ static int test_dual_alg_ecdsa_mldsa(void)
|
||||
ExpectIntGT(tbs_der_sz, 0);
|
||||
|
||||
alt_sig_sz = wc_MakeSigWithBitStr(alt_sig, alt_sig_sz,
|
||||
CTC_ML_DSA_LEVEL2, tbs_der, tbs_der_sz,
|
||||
ML_DSA_LEVEL2_TYPE, &alt_ca_key, &rng);
|
||||
CTC_ML_DSA_44, tbs_der, tbs_der_sz,
|
||||
ML_DSA_44_TYPE, &alt_ca_key, &rng);
|
||||
ExpectIntGT(alt_sig_sz, 0);
|
||||
|
||||
ret = wc_SetCustomExtension(&new_cert, 0, "2.5.29.74", alt_sig, alt_sig_sz);
|
||||
@@ -19273,7 +19273,7 @@ static int test_wolfSSL_sigalg_info(void)
|
||||
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO];
|
||||
word16 len = 0;
|
||||
word16 idx = 0;
|
||||
int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_DILITHIUM;
|
||||
int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_MLDSA;
|
||||
|
||||
InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 1, 0xFFFFFFFF, &len);
|
||||
for (idx = 0; idx < len; idx += 2) {
|
||||
@@ -19946,47 +19946,47 @@ static int test_wolfSSL_ticket_keys(void)
|
||||
|
||||
#ifndef NO_BIO
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_DILITHIUM)
|
||||
/* Verify wc_dilithium auto detects the expected ML-DSA level from the OID
|
||||
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_MLDSA)
|
||||
/* Verify wc_MlDsaKey auto detects the expected ML-DSA level from the OID
|
||||
* in a SPKI / PKCS#8 DER buffer. Returns 0 on match. */
|
||||
static int check_dilithium_der_level(const byte* der, word32 derSz,
|
||||
static int check_mldsa_der_level(const byte* der, word32 derSz,
|
||||
byte expectedLevel, int isPrivate)
|
||||
{
|
||||
dilithium_key key;
|
||||
wc_MlDsaKey key;
|
||||
word32 idx = 0;
|
||||
byte level = 0;
|
||||
int rc;
|
||||
#ifndef WOLFSSL_DILITHIUM_PRIVATE_KEY
|
||||
#ifndef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
(void)isPrivate;
|
||||
#endif
|
||||
|
||||
if ((rc = wc_dilithium_init(&key)) != 0) {
|
||||
if ((rc = wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID)) != 0) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
|
||||
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY)
|
||||
if (isPrivate) {
|
||||
rc = wc_Dilithium_PrivateKeyDecode(der, &idx, &key, derSz);
|
||||
rc = wc_MlDsaKey_PrivateKeyDecode(&key, der, derSz, &idx);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
rc = wc_Dilithium_PublicKeyDecode(der, &idx, &key, derSz);
|
||||
rc = wc_MlDsaKey_PublicKeyDecode(&key, der, derSz, &idx);
|
||||
}
|
||||
|
||||
if (rc == 0) {
|
||||
rc = wc_dilithium_get_level(&key, &level);
|
||||
rc = wc_MlDsaKey_GetParams(&key, &level);
|
||||
}
|
||||
|
||||
if (rc == 0 && level != expectedLevel) {
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
wc_dilithium_free(&key);
|
||||
wc_MlDsaKey_Free(&key);
|
||||
|
||||
return rc;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA && HAVE_DILITHIUM */
|
||||
#endif /* OPENSSL_EXTRA && WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
static int test_wolfSSL_d2i_PUBKEY(void)
|
||||
{
|
||||
@@ -20038,12 +20038,12 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
#endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */
|
||||
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
/* ML-DSA-44 PUBKEY test (raw key bytes) */
|
||||
ExpectIntGT(BIO_write(bio, bench_dilithium_level2_pubkey,
|
||||
sizeof_bench_dilithium_level2_pubkey), 0);
|
||||
ExpectIntGT(BIO_write(bio, bench_mldsa_44_pubkey,
|
||||
sizeof_bench_mldsa_44_pubkey), 0);
|
||||
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
EVP_PKEY_free(pkey);
|
||||
@@ -20053,7 +20053,7 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
|
||||
ExpectIntGT(BIO_write(bio, mldsa44_pub_spki, sizeof_mldsa44_pub_spki), 0);
|
||||
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
ExpectIntEQ(check_dilithium_der_level(mldsa44_pub_spki,
|
||||
ExpectIntEQ(check_mldsa_der_level(mldsa44_pub_spki,
|
||||
sizeof_mldsa44_pub_spki, WC_ML_DSA_44, 0), 0);
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
@@ -20061,8 +20061,8 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
|
||||
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_65)
|
||||
/* ML-DSA-65 PUBKEY test (raw key bytes) */
|
||||
ExpectIntGT(BIO_write(bio, bench_dilithium_level3_pubkey,
|
||||
sizeof_bench_dilithium_level3_pubkey), 0);
|
||||
ExpectIntGT(BIO_write(bio, bench_mldsa_65_pubkey,
|
||||
sizeof_bench_mldsa_65_pubkey), 0);
|
||||
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
EVP_PKEY_free(pkey);
|
||||
@@ -20072,7 +20072,7 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
|
||||
ExpectIntGT(BIO_write(bio, mldsa65_pub_spki, sizeof_mldsa65_pub_spki), 0);
|
||||
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
ExpectIntEQ(check_dilithium_der_level(mldsa65_pub_spki,
|
||||
ExpectIntEQ(check_mldsa_der_level(mldsa65_pub_spki,
|
||||
sizeof_mldsa65_pub_spki, WC_ML_DSA_65, 0), 0);
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
@@ -20080,8 +20080,8 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
|
||||
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_87)
|
||||
/* ML-DSA-87 PUBKEY test (raw key bytes) */
|
||||
ExpectIntGT(BIO_write(bio, bench_dilithium_level5_pubkey,
|
||||
sizeof_bench_dilithium_level5_pubkey), 0);
|
||||
ExpectIntGT(BIO_write(bio, bench_mldsa_87_pubkey,
|
||||
sizeof_bench_mldsa_87_pubkey), 0);
|
||||
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
EVP_PKEY_free(pkey);
|
||||
@@ -20091,13 +20091,13 @@ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
|
||||
ExpectIntGT(BIO_write(bio, mldsa87_pub_spki, sizeof_mldsa87_pub_spki), 0);
|
||||
ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
ExpectIntEQ(check_dilithium_der_level(mldsa87_pub_spki,
|
||||
ExpectIntEQ(check_mldsa_der_level(mldsa87_pub_spki,
|
||||
sizeof_mldsa87_pub_spki, WC_ML_DSA_87, 0), 0);
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_DILITHIUM && !NO_VERIFY */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA && !NO_VERIFY */
|
||||
|
||||
/* Negative test, invalid input must return NULL */
|
||||
{
|
||||
@@ -20211,12 +20211,12 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
/* ML-DSA-44 PrivateKey test (raw bytes) */
|
||||
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
ExpectIntGT(BIO_write(bio, bench_dilithium_level2_key,
|
||||
sizeof_bench_dilithium_level2_key), 0);
|
||||
ExpectIntGT(BIO_write(bio, bench_mldsa_44_key,
|
||||
sizeof_bench_mldsa_44_key), 0);
|
||||
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
EVP_PKEY_free(pkey);
|
||||
@@ -20230,7 +20230,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
sizeof_mldsa44_priv_only), 0);
|
||||
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
ExpectIntEQ(check_dilithium_der_level(mldsa44_priv_only,
|
||||
ExpectIntEQ(check_mldsa_der_level(mldsa44_priv_only,
|
||||
sizeof_mldsa44_priv_only, WC_ML_DSA_44, 1), 0);
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
@@ -20248,7 +20248,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
BIO_free(bio);
|
||||
bio = NULL;
|
||||
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
/* ML-DSA-44 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
|
||||
* requires wc_dilithium_make_key_from_seed to expand the seed. */
|
||||
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
@@ -20266,8 +20266,8 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_65)
|
||||
/* ML-DSA-65 PrivateKey test (raw bytes) */
|
||||
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
ExpectIntGT(BIO_write(bio, bench_dilithium_level3_key,
|
||||
sizeof_bench_dilithium_level3_key), 0);
|
||||
ExpectIntGT(BIO_write(bio, bench_mldsa_65_key,
|
||||
sizeof_bench_mldsa_65_key), 0);
|
||||
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
EVP_PKEY_free(pkey);
|
||||
@@ -20281,7 +20281,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
sizeof_mldsa65_priv_only), 0);
|
||||
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
ExpectIntEQ(check_dilithium_der_level(mldsa65_priv_only,
|
||||
ExpectIntEQ(check_mldsa_der_level(mldsa65_priv_only,
|
||||
sizeof_mldsa65_priv_only, WC_ML_DSA_65, 1), 0);
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
@@ -20299,7 +20299,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
BIO_free(bio);
|
||||
bio = NULL;
|
||||
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
/* ML-DSA-65 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
|
||||
* requires wc_dilithium_make_key_from_seed to expand the seed. */
|
||||
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
@@ -20317,8 +20317,8 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
#if !defined(WOLFSSL_NO_ML_DSA_87)
|
||||
/* ML-DSA-87 PrivateKey test (raw bytes) */
|
||||
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
ExpectIntGT(BIO_write(bio, bench_dilithium_level5_key,
|
||||
sizeof_bench_dilithium_level5_key), 0);
|
||||
ExpectIntGT(BIO_write(bio, bench_mldsa_87_key,
|
||||
sizeof_bench_mldsa_87_key), 0);
|
||||
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
EVP_PKEY_free(pkey);
|
||||
@@ -20332,7 +20332,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
sizeof_mldsa87_priv_only), 0);
|
||||
ExpectNotNull(pkey = d2i_PrivateKey_bio(bio, NULL));
|
||||
ExpectIntEQ(EVP_PKEY_id(pkey), EVP_PKEY_DILITHIUM);
|
||||
ExpectIntEQ(check_dilithium_der_level(mldsa87_priv_only,
|
||||
ExpectIntEQ(check_mldsa_der_level(mldsa87_priv_only,
|
||||
sizeof_mldsa87_priv_only, WC_ML_DSA_87, 1), 0);
|
||||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
@@ -20350,7 +20350,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
BIO_free(bio);
|
||||
bio = NULL;
|
||||
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
/* ML-DSA-87 PrivateKey test (LAMPS PKCS#8 seed-only DER) --
|
||||
* requires wc_dilithium_make_key_from_seed to expand the seed. */
|
||||
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
@@ -20364,7 +20364,7 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
bio = NULL;
|
||||
#endif
|
||||
#endif
|
||||
#endif /* HAVE_DILITHIUM && !NO_SIGN */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA && !NO_SIGN */
|
||||
|
||||
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
@@ -39041,10 +39041,10 @@ static int test_DhAgree_rejects_p_minus_1(void)
|
||||
static int test_mldsa_verify_hash(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_DILITHIUM) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
dilithium_key key;
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
wc_MlDsaKey key;
|
||||
WC_RNG rng;
|
||||
int res = 0;
|
||||
byte sig[4000];
|
||||
@@ -39056,22 +39056,22 @@ static int test_mldsa_verify_hash(void)
|
||||
XMEMSET(hash, 'A', sizeof(hash));
|
||||
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectIntEQ(wc_dilithium_init(&key), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_65), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_65), 0);
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_44), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_44), 0);
|
||||
#else
|
||||
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_87), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_87), 0);
|
||||
#endif
|
||||
ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_MakeKey(&key, &rng), 0);
|
||||
|
||||
/* hashLen=4096 must be rejected, not overflow the stack */
|
||||
ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sizeof(sig), NULL, 0,
|
||||
WC_HASH_TYPE_SHA256, hash, sizeof(hash), &res, &key),
|
||||
ExpectIntEQ(wc_MlDsaKey_VerifyCtxHash(&key, sig, sizeof(sig), NULL, 0,
|
||||
hash, sizeof(hash), WC_HASH_TYPE_SHA256, &res),
|
||||
WC_NO_ERR_TRACE(BAD_LENGTH_E));
|
||||
|
||||
wc_dilithium_free(&key);
|
||||
wc_MlDsaKey_Free(&key);
|
||||
DoExpectIntEQ(wc_FreeRng(&rng), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
@@ -39959,10 +39959,10 @@ static int test_pkcs7_enveloped_content_size_overflow(void)
|
||||
static int test_dilithium_hash(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_DILITHIUM) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
dilithium_key key;
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
wc_MlDsaKey key;
|
||||
WC_RNG rng;
|
||||
int res = 0;
|
||||
byte sig[4000];
|
||||
@@ -39974,20 +39974,20 @@ static int test_dilithium_hash(void)
|
||||
XMEMSET(msg, 'A', sizeof(msg));
|
||||
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectIntEQ(wc_dilithium_init(&key), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_Init(&key, NULL, INVALID_DEVID), 0);
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_65), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_65), 0);
|
||||
#elif !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_44), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_44), 0);
|
||||
#else
|
||||
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_87), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_SetParams(&key, WC_ML_DSA_87), 0);
|
||||
#endif
|
||||
ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
|
||||
ExpectIntEQ(wc_MlDsaKey_MakeKey(&key, &rng), 0);
|
||||
|
||||
ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sizeof(sig), NULL, 0,
|
||||
msg, 0xFFFFFFC0, &res, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_MlDsaKey_VerifyCtx(&key, sig, sizeof(sig), NULL, 0,
|
||||
msg, 0xFFFFFFC0, &res), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
wc_dilithium_free(&key);
|
||||
wc_MlDsaKey_Free(&key);
|
||||
DoExpectIntEQ(wc_FreeRng(&rng), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
|
||||
@@ -48,6 +48,7 @@ tests_unit_test_SOURCES += tests/api/test_curve448.c
|
||||
tests_unit_test_SOURCES += tests/api/test_ed448.c
|
||||
tests_unit_test_SOURCES += tests/api/test_mlkem.c
|
||||
tests_unit_test_SOURCES += tests/api/test_mldsa.c
|
||||
tests_unit_test_SOURCES += tests/api/test_mldsa_legacy.c
|
||||
tests_unit_test_SOURCES += tests/api/test_slhdsa.c
|
||||
tests_unit_test_SOURCES += tests/api/test_signature.c
|
||||
# TLS Protocol
|
||||
|
||||
+874
-1086
File diff suppressed because it is too large
Load Diff
+51
-40
@@ -24,53 +24,64 @@
|
||||
|
||||
#include <tests/api/api_decl.h>
|
||||
|
||||
int test_wc_dilithium(void);
|
||||
int test_wc_dilithium_sign_pubonly_fails(void);
|
||||
int test_wc_dilithium_make_key(void);
|
||||
int test_wc_dilithium_sign(void);
|
||||
int test_wc_dilithium_verify(void);
|
||||
int test_wc_dilithium_sign_vfy(void);
|
||||
int test_wc_dilithium_check_key(void);
|
||||
int test_wc_dilithium_public_der_decode(void);
|
||||
int test_wc_dilithium_der(void);
|
||||
int test_wc_dilithium_oneasymkey_version(void);
|
||||
int test_wc_dilithium_make_key_from_seed(void);
|
||||
int test_wc_dilithium_sig_kats(void);
|
||||
int test_wc_dilithium_sign_ctx_kats(void);
|
||||
int test_wc_dilithium_verify_ctx_kats(void);
|
||||
int test_wc_dilithium_verify_kats(void);
|
||||
int test_wc_dilithium_sign_mu_kats(void);
|
||||
int test_wc_dilithium_verify_mu_kats(void);
|
||||
int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void);
|
||||
/* Canonical ML-DSA tests defined in tests/api/test_mldsa.c.
|
||||
* These exercise the wc_MlDsaKey / wc_MlDsaKey_* / WC_MLDSA_* API surface
|
||||
* directly and run under all build configurations. */
|
||||
int test_mldsa(void);
|
||||
int test_mldsa_sign_pubonly_fails(void);
|
||||
int test_mldsa_make_key(void);
|
||||
int test_mldsa_sign(void);
|
||||
int test_mldsa_verify(void);
|
||||
int test_mldsa_sign_vfy(void);
|
||||
int test_mldsa_check_key(void);
|
||||
int test_mldsa_public_der_decode(void);
|
||||
int test_mldsa_der(void);
|
||||
int test_mldsa_oneasymkey_version(void);
|
||||
int test_mldsa_make_key_from_seed(void);
|
||||
int test_mldsa_sig_kats(void);
|
||||
int test_mldsa_sign_ctx_kats(void);
|
||||
int test_mldsa_verify_ctx_kats(void);
|
||||
int test_mldsa_verify_kats(void);
|
||||
int test_mldsa_sign_mu_kats(void);
|
||||
int test_mldsa_verify_mu_kats(void);
|
||||
int test_mldsa_PrivateKeyDecode_OpenSSL_form(void);
|
||||
int test_mldsa_pkcs8_import_OpenSSL_form(void);
|
||||
int test_mldsa_pkcs8_export_import_wolfSSL_form(void);
|
||||
int test_wc_dilithium_encode_w1_large_values(void);
|
||||
int test_mldsa_encode_w1_large_values(void);
|
||||
int test_mldsa_pkcs12(void);
|
||||
int test_mldsa_x509_pubkey_sigtype(void);
|
||||
|
||||
/* Legacy-name shim coverage defined in tests/api/test_mldsa_legacy.c.
|
||||
* Single function -- compile-time wc_static_assert checks for every alias
|
||||
* + one runtime smoke test that drives each arg-reordering macro family.
|
||||
* Becomes a TEST_SKIPPED stub when WOLFSSL_NO_DILITHIUM_LEGACY_NAMES is
|
||||
* defined. */
|
||||
int test_mldsa_legacy_shim(void);
|
||||
|
||||
#define TEST_MLDSA_DECLS \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_pubonly_fails), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_oneasymkey_version), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_ctx_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_ctx_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_mu_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_mu_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_sign_pubonly_fails), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_make_key), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_sign), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_verify), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_sign_vfy), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_check_key), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_public_der_decode), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_der), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_oneasymkey_version), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_make_key_from_seed), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_sig_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_sign_ctx_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_verify_ctx_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_verify_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_sign_mu_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_verify_mu_kats), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_PrivateKeyDecode_OpenSSL_form), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_export_import_wolfSSL_form), \
|
||||
TEST_DECL_GROUP("mldsa", test_wc_dilithium_encode_w1_large_values), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_x509_pubkey_sigtype)
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_encode_w1_large_values), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_x509_pubkey_sigtype), \
|
||||
TEST_DECL_GROUP("mldsa", test_mldsa_legacy_shim)
|
||||
|
||||
#endif /* WOLFCRYPT_TEST_MLDSA_H */
|
||||
|
||||
@@ -0,0 +1,512 @@
|
||||
/* test_mldsa_legacy.c
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/* Coverage for the temporary Dilithium -> ML-DSA legacy-name shim
|
||||
* (<wolfssl/wolfcrypt/dilithium.h>). The shim is purely a set of
|
||||
* #define aliases and typedef redirects; correctness reduces to:
|
||||
*
|
||||
* 1. every legacy name resolves to the canonical symbol / value, and
|
||||
* 2. the arg-reordering wrappers dispatch to the canonical function
|
||||
* with the arguments in the right slots.
|
||||
*
|
||||
* This file exercises both axes:
|
||||
*
|
||||
* - Compile-time: wc_static_assert checks every per-level size-constant
|
||||
* spelling and every public-enum alias against the canonical value;
|
||||
* typed function-pointer assignments (no casts) verify every
|
||||
* symbol-form alias has the canonical signature; a never-called
|
||||
* `if (0)` block invokes every arg-reordering macro with correctly
|
||||
* typed dummy arguments so the compiler type-checks the expanded
|
||||
* canonical call.
|
||||
*
|
||||
* - Runtime: a single make-key / sign / verify / export / import /
|
||||
* DER round-trip drives the arg-reordering macros with valid inputs,
|
||||
* so a same-type arg swap (which the compile-time invocation can't
|
||||
* catch) shows up as a verification or import failure.
|
||||
*
|
||||
* Functional coverage of the canonical ML-DSA API itself lives in
|
||||
* tests/api/test_mldsa.c (~24 test_mldsa_* functions),
|
||||
* wolfcrypt/test/test.c::mldsa_test, and the TLS / X.509 paths in
|
||||
* tests/api.c that exercise ML-DSA end-to-end; this file is solely a
|
||||
* regression net for the shim. When WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
|
||||
* is defined every test below becomes a TEST_SKIPPED stub.
|
||||
*
|
||||
* Note on verify-only builds: the runtime smoke test below requires the
|
||||
* sign side too (to produce a signature against a freshly-made key).
|
||||
* In a verify-only build the compile-time invocation block still drives
|
||||
* every verify-side shim macro through its arg-reordering expansion, so
|
||||
* signature / arg-count regressions are caught at compile time even
|
||||
* without a KAT-driven runtime verify. A same-type arg swap on the
|
||||
* verify side specifically (e.g. swapping the two `const byte*` /
|
||||
* `word32` pairs in `wc_dilithium_verify_ctx_msg`) would not be caught
|
||||
* in a verify-only build by this file alone; the canonical KAT-driven
|
||||
* tests in test_mldsa.c::test_mldsa_verify_*_kats cover that case in
|
||||
* builds that include the canonical headers (which all in-tree builds
|
||||
* do). */
|
||||
|
||||
#include <tests/unit.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/asn_public.h>
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#include <wolfssl/wolfcrypt/wc_mldsa.h>
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <tests/api/api.h>
|
||||
#include <tests/api/test_mldsa.h>
|
||||
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_NO_DILITHIUM_LEGACY_NAMES)
|
||||
|
||||
/* === Compile-time checks =============================================== */
|
||||
|
||||
/* Type aliases collapse to the canonical struct. A sizeof-equality check is
|
||||
* a sufficient and portable proxy for "same type": both legacy spellings
|
||||
* are typedefs of `struct wc_MlDsaKey`, so any divergence in the typedef
|
||||
* chain would change sizeof and trip the assert at compile time. */
|
||||
wc_static_assert(sizeof(dilithium_key) == sizeof(wc_MlDsaKey));
|
||||
wc_static_assert(sizeof(MlDsaKey) == sizeof(wc_MlDsaKey));
|
||||
wc_static_assert(sizeof(wc_dilithium_params) == sizeof(wc_MlDsaParams));
|
||||
|
||||
/* Per-parameter-set size constants. Every spelling family (LEVEL{2,3,5}_*,
|
||||
* DILITHIUM_LEVEL{2,3,5}_*, DILITHIUM_ML_DSA_{44,65,87}_*) lives in its own
|
||||
* `#define` line in <dilithium.h>, so each is checked separately. */
|
||||
#define MLDSA_LEGACY_SIZE_ASSERT(LEGACY, CANONICAL) \
|
||||
wc_static_assert(LEGACY == CANONICAL)
|
||||
|
||||
/* LEVEL2 = ML-DSA-44 */
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_KEY_SIZE, WC_MLDSA_44_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_PRV_KEY_SIZE, WC_MLDSA_44_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_PUB_KEY_SIZE, WC_MLDSA_44_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_SIG_SIZE, WC_MLDSA_44_SIG_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_PRV_KEY_DER_SIZE, WC_MLDSA_44_PRV_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_PUB_KEY_DER_SIZE, WC_MLDSA_44_PUB_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE, WC_MLDSA_44_BOTH_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE, WC_MLDSA_44_BOTH_KEY_PEM_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_KEY_SIZE, WC_MLDSA_44_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_PRV_KEY_SIZE, WC_MLDSA_44_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_PUB_KEY_SIZE, WC_MLDSA_44_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_SIG_SIZE, WC_MLDSA_44_SIG_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE,WC_MLDSA_44_PRV_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE,WC_MLDSA_44_PUB_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE,WC_MLDSA_44_BOTH_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE,WC_MLDSA_44_BOTH_KEY_PEM_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_44_KEY_SIZE, WC_MLDSA_44_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_44_PRV_KEY_SIZE, WC_MLDSA_44_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_44_PUB_KEY_SIZE, WC_MLDSA_44_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_44_SIG_SIZE, WC_MLDSA_44_SIG_SIZE);
|
||||
|
||||
/* LEVEL3 = ML-DSA-65 */
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_KEY_SIZE, WC_MLDSA_65_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_PRV_KEY_SIZE, WC_MLDSA_65_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_PUB_KEY_SIZE, WC_MLDSA_65_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_SIG_SIZE, WC_MLDSA_65_SIG_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_PRV_KEY_DER_SIZE, WC_MLDSA_65_PRV_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_PUB_KEY_DER_SIZE, WC_MLDSA_65_PUB_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE, WC_MLDSA_65_BOTH_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE, WC_MLDSA_65_BOTH_KEY_PEM_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_KEY_SIZE, WC_MLDSA_65_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_PRV_KEY_SIZE, WC_MLDSA_65_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_PUB_KEY_SIZE, WC_MLDSA_65_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_SIG_SIZE, WC_MLDSA_65_SIG_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE,WC_MLDSA_65_PRV_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE,WC_MLDSA_65_PUB_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE,WC_MLDSA_65_BOTH_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE,WC_MLDSA_65_BOTH_KEY_PEM_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_65_KEY_SIZE, WC_MLDSA_65_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_65_PRV_KEY_SIZE, WC_MLDSA_65_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_65_PUB_KEY_SIZE, WC_MLDSA_65_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_65_SIG_SIZE, WC_MLDSA_65_SIG_SIZE);
|
||||
|
||||
/* LEVEL5 = ML-DSA-87 */
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_KEY_SIZE, WC_MLDSA_87_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_PRV_KEY_SIZE, WC_MLDSA_87_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_PUB_KEY_SIZE, WC_MLDSA_87_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_SIG_SIZE, WC_MLDSA_87_SIG_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_PRV_KEY_DER_SIZE, WC_MLDSA_87_PRV_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_PUB_KEY_DER_SIZE, WC_MLDSA_87_PUB_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE, WC_MLDSA_87_BOTH_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE, WC_MLDSA_87_BOTH_KEY_PEM_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_KEY_SIZE, WC_MLDSA_87_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_PRV_KEY_SIZE, WC_MLDSA_87_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_PUB_KEY_SIZE, WC_MLDSA_87_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_SIG_SIZE, WC_MLDSA_87_SIG_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE,WC_MLDSA_87_PRV_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE,WC_MLDSA_87_PUB_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE,WC_MLDSA_87_BOTH_KEY_DER_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE,WC_MLDSA_87_BOTH_KEY_PEM_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_87_KEY_SIZE, WC_MLDSA_87_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_87_PRV_KEY_SIZE, WC_MLDSA_87_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_87_PUB_KEY_SIZE, WC_MLDSA_87_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_ML_DSA_87_SIG_SIZE, WC_MLDSA_87_SIG_SIZE);
|
||||
|
||||
/* Maxima (used as stack/heap sizing on the call sites). */
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_MAX_KEY_SIZE, MLDSA_MAX_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_MAX_PRV_KEY_SIZE, MLDSA_MAX_PRV_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_MAX_PUB_KEY_SIZE, MLDSA_MAX_PUB_KEY_SIZE);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_MAX_SIG_SIZE, MLDSA_MAX_SIG_SIZE);
|
||||
|
||||
/* FIPS 204 algorithm-parameter constants -- spot-check the families that
|
||||
* exist as both DILITHIUM_* and MLDSA_* spellings. */
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_Q, MLDSA_Q);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_N, MLDSA_N);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_SEED_SZ, MLDSA_SEED_SZ);
|
||||
MLDSA_LEGACY_SIZE_ASSERT(DILITHIUM_TR_SZ, MLDSA_TR_SZ);
|
||||
|
||||
#undef MLDSA_LEGACY_SIZE_ASSERT
|
||||
|
||||
/* Public-enum aliases (asn_public.h / asn.h / oid_sum.h). These are
|
||||
* #define aliases for FIPS 204 enumerators that were renamed in this
|
||||
* PR; the legacy LEVEL{2,3,5} spellings live behind the same
|
||||
* WOLFSSL_NO_DILITHIUM_LEGACY_NAMES gate as the dilithium.h shim. Casts
|
||||
* are deliberately omitted: enum constants are integer constant
|
||||
* expressions in C, and a hidden enum-width divergence is itself a
|
||||
* regression worth surfacing. */
|
||||
wc_static_assert(ML_DSA_LEVEL2_TYPE == ML_DSA_44_TYPE);
|
||||
wc_static_assert(ML_DSA_LEVEL3_TYPE == ML_DSA_65_TYPE);
|
||||
wc_static_assert(ML_DSA_LEVEL5_TYPE == ML_DSA_87_TYPE);
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
wc_static_assert(ML_DSA_LEVEL2_KEY == ML_DSA_44_KEY);
|
||||
wc_static_assert(ML_DSA_LEVEL3_KEY == ML_DSA_65_KEY);
|
||||
wc_static_assert(ML_DSA_LEVEL5_KEY == ML_DSA_87_KEY);
|
||||
#endif
|
||||
wc_static_assert(ML_DSA_LEVEL2k == ML_DSA_44k);
|
||||
wc_static_assert(ML_DSA_LEVEL3k == ML_DSA_65k);
|
||||
wc_static_assert(ML_DSA_LEVEL5k == ML_DSA_87k);
|
||||
wc_static_assert(CTC_ML_DSA_LEVEL2 == CTC_ML_DSA_44);
|
||||
wc_static_assert(CTC_ML_DSA_LEVEL3 == CTC_ML_DSA_65);
|
||||
wc_static_assert(CTC_ML_DSA_LEVEL5 == CTC_ML_DSA_87);
|
||||
|
||||
/* Error-code rename: the symbol stays at the same numeric value, and the
|
||||
* legacy spelling is a #define for the canonical enumerator. */
|
||||
wc_static_assert(WC_NO_ERR_TRACE(DILITHIUM_KEY_SIZE_E) ==
|
||||
WC_NO_ERR_TRACE(MLDSA_KEY_SIZE_E));
|
||||
|
||||
/* Function-symbol aliases. Each entry below is a #define legacy canonical
|
||||
* (a pure symbol redirect, no arg reordering). Assigning to a typed
|
||||
* function pointer **without a cast** is the actual check: the compiler
|
||||
* fails the build if the alias's signature drifts from the typedef. The
|
||||
* casts are deliberately absent -- adding them would silently coerce
|
||||
* signature mismatches and defeat the purpose. */
|
||||
static void mldsa_legacy_shim_symbol_aliases_compile_check(void)
|
||||
{
|
||||
typedef int (*init_fn)(wc_MlDsaKey*, void*, int);
|
||||
typedef void (*free_fn)(wc_MlDsaKey*);
|
||||
typedef int (*set_level_fn)(wc_MlDsaKey*, byte);
|
||||
typedef int (*get_level_fn)(wc_MlDsaKey*, byte*);
|
||||
typedef int (*size_fn)(wc_MlDsaKey*);
|
||||
typedef int (*check_fn)(wc_MlDsaKey*);
|
||||
typedef int (*export_fn)(wc_MlDsaKey*, byte*, word32*);
|
||||
|
||||
init_fn f_init_ex = &wc_dilithium_init_ex;
|
||||
free_fn f_free = &wc_dilithium_free;
|
||||
set_level_fn f_set_level = &wc_dilithium_set_level;
|
||||
get_level_fn f_get_level = &wc_dilithium_get_level;
|
||||
size_fn f_sig_size = &wc_dilithium_sig_size;
|
||||
|
||||
(void)f_init_ex; (void)f_free; (void)f_set_level; (void)f_get_level;
|
||||
(void)f_sig_size;
|
||||
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
{
|
||||
size_fn f_size = &wc_dilithium_size;
|
||||
export_fn f_export_priv = &wc_dilithium_export_private;
|
||||
(void)f_size; (void)f_export_priv;
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
{
|
||||
size_fn f_priv_size = &wc_dilithium_priv_size;
|
||||
(void)f_priv_size;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
{
|
||||
size_fn f_pub_size = &wc_dilithium_pub_size;
|
||||
export_fn f_export_pub = &wc_dilithium_export_public;
|
||||
(void)f_pub_size; (void)f_export_pub;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_MLDSA_CHECK_KEY
|
||||
{
|
||||
check_fn f_check = &wc_dilithium_check_key;
|
||||
(void)f_check;
|
||||
}
|
||||
#else
|
||||
(void)((check_fn)NULL);
|
||||
#endif
|
||||
|
||||
#ifdef WOLF_PRIVATE_KEY_ID
|
||||
{
|
||||
typedef int (*init_id_fn)(wc_MlDsaKey*, const unsigned char*, int,
|
||||
void*, int);
|
||||
typedef int (*init_label_fn)(wc_MlDsaKey*, const char*, void*, int);
|
||||
init_id_fn f_init_id = &wc_dilithium_init_id;
|
||||
init_label_fn f_init_label = &wc_dilithium_init_label;
|
||||
(void)f_init_id; (void)f_init_label;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_MLDSA_NO_ASN1)
|
||||
{
|
||||
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
|
||||
{
|
||||
typedef int (*to_der_fn)(wc_MlDsaKey*, byte*, word32, int);
|
||||
to_der_fn f_pub_to_der = &wc_Dilithium_PublicKeyToDer;
|
||||
(void)f_pub_to_der;
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
{
|
||||
typedef int (*to_der_priv_fn)(wc_MlDsaKey*, byte*, word32);
|
||||
to_der_priv_fn f_priv_to_der = &wc_Dilithium_PrivateKeyToDer;
|
||||
to_der_priv_fn f_key_to_der = &wc_Dilithium_KeyToDer;
|
||||
(void)f_priv_to_der; (void)f_key_to_der;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Compile-time invocation of every arg-reordering shim macro. The macros
|
||||
* are function-like #defines, so they can only be checked by expansion at
|
||||
* a call site. The block below is guarded by `if (0)` so it never runs at
|
||||
* runtime -- the compiler still parses and type-checks every macro
|
||||
* expansion, so a signature regression or arg-count change in the shim
|
||||
* trips a build error here even in configurations (e.g. verify-only)
|
||||
* where the happy-path runtime test below is skipped.
|
||||
*
|
||||
* Limitation: a same-type arg swap inside a shim macro (e.g. swapping the
|
||||
* two `const byte*` operands in `wc_dilithium_verify_msg`) compiles
|
||||
* cleanly here and is caught only by the runtime smoke test, which
|
||||
* requires sign+verify. */
|
||||
static void mldsa_legacy_shim_macro_invocations_compile_check(void)
|
||||
{
|
||||
wc_MlDsaKey* key = NULL;
|
||||
const byte* inp = NULL;
|
||||
byte* outp = NULL;
|
||||
word32 inLen = 0;
|
||||
word32 outLen = 0;
|
||||
word32 idx = 0;
|
||||
int res = 0;
|
||||
WC_RNG* rng = NULL;
|
||||
const byte* seed = NULL;
|
||||
|
||||
/* The bodies are dead code (`if (0)`), but the macro expansions are
|
||||
* still parsed and type-checked. Return values are discarded with a
|
||||
* cast to `(void)`. */
|
||||
if (0) {
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
(void)wc_dilithium_import_public(inp, inLen, key);
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
(void)wc_dilithium_import_private(inp, inLen, key);
|
||||
(void)wc_dilithium_import_private_only(inp, inLen, key);
|
||||
(void)wc_dilithium_import_key(inp, inLen, inp, inLen, key);
|
||||
#endif
|
||||
#ifndef WOLFSSL_MLDSA_VERIFY_ONLY
|
||||
#ifdef WOLFSSL_MLDSA_NO_CTX
|
||||
(void)wc_dilithium_sign_msg(inp, inLen, outp, &outLen, key, rng);
|
||||
(void)wc_dilithium_sign_msg_with_seed(inp, inLen, outp, &outLen,
|
||||
key, seed);
|
||||
#endif
|
||||
(void)wc_dilithium_sign_ctx_msg(inp, (byte)0, inp, inLen,
|
||||
outp, &outLen, key, rng);
|
||||
(void)wc_dilithium_sign_ctx_hash(inp, (byte)0, 0, inp, inLen,
|
||||
outp, &outLen, key, rng);
|
||||
(void)wc_dilithium_sign_ctx_msg_with_seed(inp, (byte)0, inp, inLen,
|
||||
outp, &outLen, key, seed);
|
||||
(void)wc_dilithium_sign_ctx_hash_with_seed(inp, (byte)0, 0, inp,
|
||||
inLen, outp, &outLen, key, seed);
|
||||
(void)wc_dilithium_sign_mu_with_seed(inp, inLen, outp, &outLen,
|
||||
key, seed);
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_NO_CTX
|
||||
(void)wc_dilithium_verify_msg(inp, inLen, inp, inLen, &res, key);
|
||||
#endif
|
||||
(void)wc_dilithium_verify_ctx_msg(inp, inLen, inp, (byte)0, inp,
|
||||
inLen, &res, key);
|
||||
(void)wc_dilithium_verify_ctx_hash(inp, inLen, inp, (byte)0, 0, inp,
|
||||
inLen, &res, key);
|
||||
(void)wc_dilithium_verify_mu(inp, inLen, inp, inLen, &res, key);
|
||||
#if !defined(WOLFSSL_MLDSA_NO_ASN1)
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
(void)wc_Dilithium_PrivateKeyDecode(inp, &idx, key, inLen);
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
(void)wc_Dilithium_PublicKeyDecode(inp, &idx, key, inLen);
|
||||
#endif
|
||||
#endif
|
||||
/* 1-arg init shim. */
|
||||
(void)wc_dilithium_init(key);
|
||||
}
|
||||
(void)key; (void)inp; (void)outp; (void)inLen; (void)outLen;
|
||||
(void)idx; (void)res; (void)rng; (void)seed;
|
||||
}
|
||||
|
||||
/* === Runtime checks ==================================================== */
|
||||
|
||||
/* Smoke test exercising the arg-reordering macros that are reachable
|
||||
* end-to-end via a make-key / sign / verify / export / import / decode
|
||||
* happy-path. A same-type arg swap inside any of these macros shows up as
|
||||
* a verification or import failure here.
|
||||
*
|
||||
* Verify-only / sign-only / no-ASN1 builds skip the corresponding
|
||||
* sub-blocks; the compile-time invocation check above still type-checks
|
||||
* every shim macro in those configurations. */
|
||||
int test_mldsa_legacy_shim(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
/* Reference the compile-only checks so the compiler doesn't drop them
|
||||
* (and so -Wunused-function stays quiet under strict warning levels).
|
||||
* These are no-ops at runtime; the work is in the parse/type-check
|
||||
* the compiler did on the file. */
|
||||
(void)&mldsa_legacy_shim_symbol_aliases_compile_check;
|
||||
(void)&mldsa_legacy_shim_macro_invocations_compile_check;
|
||||
|
||||
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && !defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44) && \
|
||||
defined(WOLFSSL_MLDSA_PUBLIC_KEY) && defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WC_NO_RNG)
|
||||
{
|
||||
dilithium_key key; /* legacy typedef */
|
||||
WC_RNG rng;
|
||||
byte level = 0;
|
||||
byte pubBuf[WC_MLDSA_44_PUB_KEY_SIZE];
|
||||
byte privBuf[WC_MLDSA_44_KEY_SIZE];
|
||||
word32 pubLen = (word32)sizeof(pubBuf);
|
||||
word32 privLen = (word32)sizeof(privBuf);
|
||||
static const byte msg[] = "wolfSSL ML-DSA legacy shim smoke test";
|
||||
|
||||
XMEMSET(&key, 0, sizeof(key));
|
||||
XMEMSET(&rng, 0, sizeof(rng));
|
||||
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
|
||||
/* 1-arg shim macro -> wc_MlDsaKey_Init(key, NULL, INVALID_DEVID). */
|
||||
ExpectIntEQ(wc_dilithium_init(&key), 0);
|
||||
ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_44), 0);
|
||||
ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0);
|
||||
ExpectIntEQ((int)level, WC_ML_DSA_44);
|
||||
|
||||
/* Sizes -- pure symbol aliases. PrivSize is the export size of the
|
||||
* "private key" form (priv + pub combined), not the raw secret-key
|
||||
* buffer. */
|
||||
ExpectIntEQ(wc_dilithium_priv_size(&key), WC_MLDSA_44_PRV_KEY_SIZE);
|
||||
ExpectIntEQ(wc_dilithium_pub_size(&key), WC_MLDSA_44_PUB_KEY_SIZE);
|
||||
ExpectIntEQ(wc_dilithium_sig_size(&key), WC_MLDSA_44_SIG_SIZE);
|
||||
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
|
||||
PRIVATE_KEY_LOCK();
|
||||
|
||||
#ifdef WOLFSSL_MLDSA_CHECK_KEY
|
||||
ExpectIntEQ(wc_dilithium_check_key(&key), 0);
|
||||
#endif
|
||||
|
||||
/* Sign + verify drive the arg-reordering sign/verify shim macros
|
||||
* with a real signature; a same-type arg swap shows up as a
|
||||
* verification failure. */
|
||||
#ifdef WOLFSSL_MLDSA_NO_CTX
|
||||
{
|
||||
byte sig[WC_MLDSA_44_SIG_SIZE];
|
||||
word32 sigLen = (word32)sizeof(sig);
|
||||
int verifyRes = 0;
|
||||
|
||||
ExpectIntEQ(wc_dilithium_sign_msg(msg, (word32)sizeof(msg),
|
||||
sig, &sigLen, &key, &rng), 0);
|
||||
ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen,
|
||||
msg, (word32)sizeof(msg), &verifyRes, &key), 0);
|
||||
ExpectIntEQ(verifyRes, 1);
|
||||
}
|
||||
#else
|
||||
{
|
||||
byte sig[WC_MLDSA_44_SIG_SIZE];
|
||||
word32 sigLen = (word32)sizeof(sig);
|
||||
int verifyRes = 0;
|
||||
|
||||
ExpectIntEQ(wc_dilithium_sign_ctx_msg(NULL, 0,
|
||||
msg, (word32)sizeof(msg), sig, &sigLen, &key, &rng), 0);
|
||||
ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0,
|
||||
msg, (word32)sizeof(msg), &verifyRes, &key), 0);
|
||||
ExpectIntEQ(verifyRes, 1);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Export raw key material and re-import via the legacy arg order. */
|
||||
ExpectIntEQ(wc_dilithium_export_public(&key, pubBuf, &pubLen), 0);
|
||||
ExpectIntEQ((int)pubLen, WC_MLDSA_44_PUB_KEY_SIZE);
|
||||
ExpectIntEQ(wc_dilithium_export_private(&key, privBuf, &privLen), 0);
|
||||
ExpectIntEQ((int)privLen, WC_MLDSA_44_KEY_SIZE);
|
||||
|
||||
{
|
||||
dilithium_key imported;
|
||||
XMEMSET(&imported, 0, sizeof(imported));
|
||||
ExpectIntEQ(wc_dilithium_init(&imported), 0);
|
||||
ExpectIntEQ(wc_dilithium_set_level(&imported, WC_ML_DSA_44), 0);
|
||||
ExpectIntEQ(wc_dilithium_import_public(pubBuf, pubLen, &imported),
|
||||
0);
|
||||
ExpectIntEQ(wc_dilithium_import_private(privBuf, privLen,
|
||||
&imported), 0);
|
||||
wc_dilithium_free(&imported);
|
||||
}
|
||||
|
||||
/* ASN.1 round-trip through the legacy Decode wrapper (arg order:
|
||||
* input, inOutIdx, key, inSz). */
|
||||
#if !defined(WOLFSSL_MLDSA_NO_ASN1)
|
||||
{
|
||||
byte der[MLDSA_MAX_PRV_KEY_DER_SIZE];
|
||||
int derSz;
|
||||
word32 idx = 0;
|
||||
dilithium_key decoded;
|
||||
|
||||
XMEMSET(&decoded, 0, sizeof(decoded));
|
||||
derSz = wc_Dilithium_PrivateKeyToDer(&key, der,
|
||||
(word32)sizeof(der));
|
||||
ExpectIntGT(derSz, 0);
|
||||
|
||||
ExpectIntEQ(wc_dilithium_init(&decoded), 0);
|
||||
ExpectIntEQ(wc_dilithium_set_level(&decoded, WC_ML_DSA_44), 0);
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, &decoded,
|
||||
(word32)derSz), 0);
|
||||
PRIVATE_KEY_LOCK();
|
||||
wc_dilithium_free(&decoded);
|
||||
}
|
||||
#endif
|
||||
|
||||
wc_dilithium_free(&key);
|
||||
wc_FreeRng(&rng);
|
||||
}
|
||||
#endif /* sign+verify happy-path */
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
#else /* !WOLFSSL_HAVE_MLDSA || WOLFSSL_NO_DILITHIUM_LEGACY_NAMES */
|
||||
|
||||
int test_mldsa_legacy_shim(void)
|
||||
{
|
||||
return TEST_SKIPPED;
|
||||
}
|
||||
|
||||
#endif
|
||||
+2
-2
@@ -1263,7 +1263,7 @@ int SuiteTest(int argc, char** argv)
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA) && defined(HAVE_DILITHIUM) && \
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA) && defined(WOLFSSL_HAVE_MLDSA) && \
|
||||
defined(WOLFSSL_SLHDSA_PARAM_128S) && \
|
||||
defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
/* SLH-DSA-SHAKE-128s root + ML-DSA-44 entity cert tests (TLS 1.3) */
|
||||
@@ -1294,7 +1294,7 @@ int SuiteTest(int argc, char** argv)
|
||||
args.argc = 2;
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA) && defined(WOLFSSL_SLHDSA_SHA2) && \
|
||||
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) && defined(HAVE_DILITHIUM) && \
|
||||
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) && defined(WOLFSSL_HAVE_MLDSA) && \
|
||||
defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_ML_DSA_44)
|
||||
/* SLH-DSA-SHA2-128s root + ML-DSA-44 entity cert tests (TLS 1.3) */
|
||||
XSTRLCPY(argv0[1], "tests/test-tls13-slhdsa-sha2.conf",
|
||||
|
||||
+1218
-1173
File diff suppressed because it is too large
Load Diff
@@ -140,7 +140,7 @@ void bench_blake2s(void);
|
||||
void bench_ascon_hash(void);
|
||||
void bench_pbkdf2(void);
|
||||
void bench_falconKeySign(byte level);
|
||||
void bench_dilithiumKeySign(byte level);
|
||||
void bench_mldsaKeySign(byte level);
|
||||
|
||||
void bench_stats_print(void);
|
||||
|
||||
|
||||
+341
-342
File diff suppressed because it is too large
Load Diff
+60
-60
@@ -6070,7 +6070,7 @@ static int SetValidity(byte* output, int daysValid)
|
||||
static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key,
|
||||
ed448_key* ed448Key, falcon_key* falconKey,
|
||||
dilithium_key* dilithiumKey, SlhDsaKey* slhDsaKey)
|
||||
wc_MlDsaKey* mldsaKey, SlhDsaKey* slhDsaKey)
|
||||
{
|
||||
int ret;
|
||||
|
||||
@@ -6080,7 +6080,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
/* make sure at least one key type is provided */
|
||||
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
|
||||
dsaKey == NULL && ed448Key == NULL && falconKey == NULL &&
|
||||
dilithiumKey == NULL && slhDsaKey == NULL) {
|
||||
mldsaKey == NULL && slhDsaKey == NULL) {
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
|
||||
@@ -6168,24 +6168,24 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
(word32)sizeof(der->publicKey), 1);
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
||||
if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
|
||||
(cert->keyType == ML_DSA_LEVEL3_KEY) ||
|
||||
(cert->keyType == ML_DSA_LEVEL5_KEY)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_ASN1)
|
||||
if ((cert->keyType == ML_DSA_44_KEY) ||
|
||||
(cert->keyType == ML_DSA_65_KEY) ||
|
||||
(cert->keyType == ML_DSA_87_KEY)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
|| (cert->keyType == DILITHIUM_LEVEL2_KEY)
|
||||
|| (cert->keyType == DILITHIUM_LEVEL3_KEY)
|
||||
|| (cert->keyType == DILITHIUM_LEVEL5_KEY)
|
||||
#endif
|
||||
) {
|
||||
if (dilithiumKey == NULL)
|
||||
if (mldsaKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
der->publicKeySz =
|
||||
wc_Dilithium_PublicKeyToDer(dilithiumKey, der->publicKey,
|
||||
wc_MlDsaKey_PublicKeyToDer(mldsaKey, der->publicKey,
|
||||
(word32)sizeof(der->publicKey), 1);
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA)
|
||||
if ((cert->keyType == SLH_DSA_SHAKE_128F_KEY) ||
|
||||
(cert->keyType == SLH_DSA_SHAKE_192F_KEY) ||
|
||||
@@ -6669,7 +6669,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
|
||||
DsaKey* dsaKey, ed25519_key* ed25519Key,
|
||||
ed448_key* ed448Key, falcon_key* falconKey,
|
||||
dilithium_key* dilithiumKey, SlhDsaKey* slhDsaKey)
|
||||
wc_MlDsaKey* mldsaKey, SlhDsaKey* slhDsaKey)
|
||||
{
|
||||
int ret;
|
||||
WC_DECLARE_VAR(der, DerCert, 1, 0);
|
||||
@@ -6693,34 +6693,34 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
else if ((falconKey != NULL) && (falconKey->level == 5))
|
||||
cert->keyType = FALCON_LEVEL5_KEY;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_44_DRAFT)) {
|
||||
cert->keyType = DILITHIUM_LEVEL2_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_65_DRAFT)) {
|
||||
cert->keyType = DILITHIUM_LEVEL3_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_87_DRAFT)) {
|
||||
cert->keyType = DILITHIUM_LEVEL5_KEY;
|
||||
}
|
||||
#endif
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_44)) {
|
||||
cert->keyType = ML_DSA_LEVEL2_KEY;
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_44)) {
|
||||
cert->keyType = ML_DSA_44_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_65)) {
|
||||
cert->keyType = ML_DSA_LEVEL3_KEY;
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_65)) {
|
||||
cert->keyType = ML_DSA_65_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_87)) {
|
||||
cert->keyType = ML_DSA_LEVEL5_KEY;
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_87)) {
|
||||
cert->keyType = ML_DSA_87_KEY;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifdef WOLFSSL_HAVE_SLHDSA
|
||||
else if ((slhDsaKey != NULL) && (slhDsaKey->params != NULL) &&
|
||||
(SlhDsaParamToKeyType(slhDsaKey->params->param) != 0)) {
|
||||
@@ -6734,7 +6734,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
return MEMORY_E);
|
||||
|
||||
ret = EncodeCert(cert, der, rsaKey, eccKey, rng, dsaKey, ed25519Key,
|
||||
ed448Key, falconKey, dilithiumKey, slhDsaKey);
|
||||
ed448Key, falconKey, mldsaKey, slhDsaKey);
|
||||
if (ret == 0) {
|
||||
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
|
||||
ret = BUFFER_E;
|
||||
@@ -6909,7 +6909,7 @@ static int SetCustomObjectId(Cert* cert, byte* output, word32 outSz,
|
||||
static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
|
||||
DsaKey* dsaKey, ecc_key* eccKey,
|
||||
ed25519_key* ed25519Key, ed448_key* ed448Key,
|
||||
falcon_key* falconKey, dilithium_key* dilithiumKey,
|
||||
falcon_key* falconKey, wc_MlDsaKey* mldsaKey,
|
||||
SlhDsaKey* slhDsaKey)
|
||||
{
|
||||
int ret;
|
||||
@@ -6918,7 +6918,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
|
||||
(void)ed25519Key;
|
||||
(void)ed448Key;
|
||||
(void)falconKey;
|
||||
(void)dilithiumKey;
|
||||
(void)mldsaKey;
|
||||
(void)slhDsaKey;
|
||||
|
||||
if (cert == NULL || der == NULL)
|
||||
@@ -6926,7 +6926,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
|
||||
|
||||
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
|
||||
dsaKey == NULL && ed448Key == NULL && falconKey == NULL &&
|
||||
dilithiumKey == NULL && slhDsaKey == NULL) {
|
||||
mldsaKey == NULL && slhDsaKey == NULL) {
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
|
||||
@@ -7017,19 +7017,19 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
|
||||
der->publicKey, (word32)sizeof(der->publicKey), 1);
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
||||
if ((cert->keyType == ML_DSA_LEVEL2_KEY) ||
|
||||
(cert->keyType == ML_DSA_LEVEL3_KEY) ||
|
||||
(cert->keyType == ML_DSA_LEVEL5_KEY)
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) && !defined(WOLFSSL_MLDSA_NO_ASN1)
|
||||
if ((cert->keyType == ML_DSA_44_KEY) ||
|
||||
(cert->keyType == ML_DSA_65_KEY) ||
|
||||
(cert->keyType == ML_DSA_87_KEY)
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
|| (cert->keyType == DILITHIUM_LEVEL2_KEY)
|
||||
|| (cert->keyType == DILITHIUM_LEVEL3_KEY)
|
||||
|| (cert->keyType == DILITHIUM_LEVEL5_KEY)
|
||||
#endif
|
||||
) {
|
||||
if (dilithiumKey == NULL)
|
||||
if (mldsaKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey,
|
||||
der->publicKeySz = wc_MlDsaKey_PublicKeyToDer(mldsaKey,
|
||||
der->publicKey, (word32)sizeof(der->publicKey), 1);
|
||||
}
|
||||
#endif
|
||||
@@ -7301,7 +7301,7 @@ static int WriteCertReqBody(DerCert* der, byte* buf)
|
||||
static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey,
|
||||
ed25519_key* ed25519Key, ed448_key* ed448Key,
|
||||
falcon_key* falconKey, dilithium_key* dilithiumKey,
|
||||
falcon_key* falconKey, wc_MlDsaKey* mldsaKey,
|
||||
SlhDsaKey* slhDsaKey)
|
||||
{
|
||||
int ret;
|
||||
@@ -7323,34 +7323,34 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
else if ((falconKey != NULL) && (falconKey->level == 5))
|
||||
cert->keyType = FALCON_LEVEL5_KEY;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) {
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_44_DRAFT)) {
|
||||
cert->keyType = DILITHIUM_LEVEL2_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) {
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_65_DRAFT)) {
|
||||
cert->keyType = DILITHIUM_LEVEL3_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) {
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_87_DRAFT)) {
|
||||
cert->keyType = DILITHIUM_LEVEL5_KEY;
|
||||
}
|
||||
#endif
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_44)) {
|
||||
cert->keyType = ML_DSA_LEVEL2_KEY;
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_44)) {
|
||||
cert->keyType = ML_DSA_44_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_65)) {
|
||||
cert->keyType = ML_DSA_LEVEL3_KEY;
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_65)) {
|
||||
cert->keyType = ML_DSA_65_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) &&
|
||||
(dilithiumKey->params->level == WC_ML_DSA_87)) {
|
||||
cert->keyType = ML_DSA_LEVEL5_KEY;
|
||||
else if ((mldsaKey != NULL) &&
|
||||
(mldsaKey->params->level == WC_ML_DSA_87)) {
|
||||
cert->keyType = ML_DSA_87_KEY;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
#ifdef WOLFSSL_HAVE_SLHDSA
|
||||
else if ((slhDsaKey != NULL) && (slhDsaKey->params != NULL) &&
|
||||
(SlhDsaParamToKeyType(slhDsaKey->params->param) != 0)) {
|
||||
@@ -7364,7 +7364,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
return MEMORY_E);
|
||||
|
||||
ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key,
|
||||
falconKey, dilithiumKey, slhDsaKey);
|
||||
falconKey, mldsaKey, slhDsaKey);
|
||||
|
||||
if (ret == 0) {
|
||||
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
|
||||
|
||||
@@ -1288,7 +1288,7 @@ int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen,
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_MLKEM */
|
||||
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || \
|
||||
defined(WOLFSSL_HAVE_SLHDSA)
|
||||
int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
|
||||
{
|
||||
@@ -1298,9 +1298,9 @@ int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
|
||||
return devId;
|
||||
|
||||
/* get devId */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
if (type == WC_PQC_SIG_TYPE_MLDSA) {
|
||||
devId = ((dilithium_key*) key)->devId;
|
||||
devId = ((wc_MlDsaKey*) key)->devId;
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_FALCON)
|
||||
@@ -1462,7 +1462,7 @@ int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
|
||||
|
||||
return wc_CryptoCb_TranslateErrorCode(ret);
|
||||
}
|
||||
#endif /* HAVE_FALCON || HAVE_DILITHIUM || WOLFSSL_HAVE_SLHDSA */
|
||||
#endif /* HAVE_FALCON || WOLFSSL_HAVE_MLDSA || WOLFSSL_HAVE_SLHDSA */
|
||||
|
||||
#ifndef NO_AES
|
||||
#ifdef HAVE_AESGCM
|
||||
|
||||
+1
-1
@@ -10060,7 +10060,7 @@ int wolfSSL_EVP_PKEY_type(int type)
|
||||
return WC_EVP_PKEY_EC;
|
||||
case WC_EVP_PKEY_DH:
|
||||
return WC_EVP_PKEY_DH;
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
case WC_EVP_PKEY_DILITHIUM:
|
||||
return WC_EVP_PKEY_DILITHIUM;
|
||||
#endif
|
||||
|
||||
+30
-30
@@ -852,9 +852,9 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
/**
|
||||
* Try to make a Dilithium EVP PKEY from data.
|
||||
* Try to make an ML-DSA EVP PKEY from data.
|
||||
*
|
||||
* Accepts either raw key bytes or DER (PKCS#8 / SPKI). Raw bytes are
|
||||
* size-keyed, so each level is tried in turn. DER input is decoded once,
|
||||
@@ -870,81 +870,81 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
|
||||
* object creation/import failed.
|
||||
* @return WOLFSSL_FATAL_ERROR when input is not this key type.
|
||||
*/
|
||||
static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
|
||||
static int d2iTryMlDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
|
||||
long memSz, int priv)
|
||||
{
|
||||
static const byte levels[] = { WC_ML_DSA_44, WC_ML_DSA_65, WC_ML_DSA_87 };
|
||||
word32 inSz = (word32)memSz;
|
||||
word32 keyIdx = 0;
|
||||
int isDilithium = 0;
|
||||
int isMlDsa = 0;
|
||||
int i, numLevels, rc;
|
||||
WC_DECLARE_VAR(dilithium, dilithium_key, 1, NULL);
|
||||
WC_DECLARE_VAR(mldsa, wc_MlDsaKey, 1, NULL);
|
||||
|
||||
#if !defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
|
||||
#if !defined(WOLFSSL_MLDSA_PRIVATE_KEY)
|
||||
if (priv) {
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
WC_ALLOC_VAR_EX(dilithium, dilithium_key, 1, NULL, DYNAMIC_TYPE_DILITHIUM,
|
||||
WC_ALLOC_VAR_EX(mldsa, wc_MlDsaKey, 1, NULL, DYNAMIC_TYPE_MLDSA,
|
||||
return 0);
|
||||
|
||||
if (wc_dilithium_init(dilithium) != 0) {
|
||||
WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
|
||||
if (wc_MlDsaKey_Init(mldsa, NULL, INVALID_DEVID) != 0) {
|
||||
WC_FREE_VAR_EX(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Raw key bytes are size-keyed, try each level */
|
||||
numLevels = (int)(sizeof(levels) / sizeof(levels[0]));
|
||||
for (i = 0; i < numLevels && !isDilithium; i++) {
|
||||
if (wc_dilithium_set_level(dilithium, levels[i]) != 0) {
|
||||
for (i = 0; i < numLevels && !isMlDsa; i++) {
|
||||
if (wc_MlDsaKey_SetParams(mldsa, levels[i]) != 0) {
|
||||
continue;
|
||||
}
|
||||
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
|
||||
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY)
|
||||
if (priv) {
|
||||
rc = wc_dilithium_import_private(mem, inSz, dilithium);
|
||||
rc = wc_MlDsaKey_ImportPrivRaw(mldsa, mem, inSz);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
rc = wc_dilithium_import_public(mem, inSz, dilithium);
|
||||
rc = wc_MlDsaKey_ImportPubRaw(mldsa, mem, inSz);
|
||||
}
|
||||
if (rc == 0) {
|
||||
isDilithium = 1;
|
||||
isMlDsa = 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* DER input includes auto level detection */
|
||||
if (!isDilithium) {
|
||||
wc_dilithium_free(dilithium);
|
||||
if (wc_dilithium_init(dilithium) != 0) {
|
||||
WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
|
||||
if (!isMlDsa) {
|
||||
wc_MlDsaKey_Free(mldsa);
|
||||
if (wc_MlDsaKey_Init(mldsa, NULL, INVALID_DEVID) != 0) {
|
||||
WC_FREE_VAR_EX(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
|
||||
return 0;
|
||||
}
|
||||
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
|
||||
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY)
|
||||
if (priv) {
|
||||
rc = wc_Dilithium_PrivateKeyDecode(mem, &keyIdx, dilithium, inSz);
|
||||
rc = wc_MlDsaKey_PrivateKeyDecode(mldsa, mem, inSz, &keyIdx);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
rc = wc_Dilithium_PublicKeyDecode(mem, &keyIdx, dilithium, inSz);
|
||||
rc = wc_MlDsaKey_PublicKeyDecode(mldsa, mem, inSz, &keyIdx);
|
||||
}
|
||||
if (rc == 0) {
|
||||
isDilithium = 1;
|
||||
isMlDsa = 1;
|
||||
}
|
||||
}
|
||||
|
||||
wc_dilithium_free(dilithium);
|
||||
WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
|
||||
wc_MlDsaKey_Free(mldsa);
|
||||
WC_FREE_VAR_EX(mldsa, NULL, DYNAMIC_TYPE_MLDSA);
|
||||
|
||||
if (!isDilithium) {
|
||||
if (!isMlDsa) {
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
return d2i_make_pkey(out, NULL, 0, priv, WC_EVP_PKEY_DILITHIUM);
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/**
|
||||
* Try to make a WOLFSSL_EVP_PKEY from data.
|
||||
@@ -1030,12 +1030,12 @@ static WOLFSSL_EVP_PKEY* d2i_evp_pkey_try(WOLFSSL_EVP_PKEY** out,
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
if (d2iTryDilithiumKey(&pkey, *in, inSz, priv) >= 0) {
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (d2iTryMlDsaKey(&pkey, *in, inSz, priv) >= 0) {
|
||||
found = 1;
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
{
|
||||
WOLFSSL_MSG("d2i_evp_pkey_try couldn't determine key type");
|
||||
}
|
||||
|
||||
+27
-28
@@ -148,13 +148,12 @@
|
||||
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
|
||||
/* Pull in the legacy compatibility shim. settings.h has already run the
|
||||
* forward arm of the sub-config gate translation block (legacy
|
||||
* WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> canonical WOLFSSL_MLDSA_* /
|
||||
* WC_MLDSA_*) so wc_mldsa.h's own conditional declarations read the
|
||||
* canonical gates regardless of which spelling was used by the build
|
||||
* system or user_settings.h. This include brings in the reverse arm
|
||||
* (canonical -> legacy) and the legacy macro / inline aliases. */
|
||||
/* Pull in the legacy compatibility shim. wc_mldsa.h pulls in dilithium.h
|
||||
* itself for the forward arm of the sub-config gate translation (so the
|
||||
* canonical WOLFSSL_MLDSA_* gates are visible to wc_mldsa.h's own
|
||||
* conditional declarations regardless of which spelling was used by the
|
||||
* build system or user_settings.h). This include brings in the reverse
|
||||
* arm (canonical -> legacy) and the legacy macro / inline aliases. */
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
#include <wolfssl/wolfcrypt/sha3.h>
|
||||
@@ -11931,11 +11930,11 @@ int wc_MlDsaKey_ExportKey(wc_MlDsaKey* key, byte* priv, word32 *privSz,
|
||||
static int mapOidToSecLevel(int oid)
|
||||
{
|
||||
switch (oid) {
|
||||
case ML_DSA_LEVEL2k:
|
||||
case ML_DSA_44k:
|
||||
return WC_ML_DSA_44;
|
||||
case ML_DSA_LEVEL3k:
|
||||
case ML_DSA_65k:
|
||||
return WC_ML_DSA_65;
|
||||
case ML_DSA_LEVEL5k:
|
||||
case ML_DSA_87k:
|
||||
return WC_ML_DSA_87;
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
case DILITHIUM_LEVEL2k:
|
||||
@@ -11970,13 +11969,13 @@ int mldsa_get_oid_sum(wc_MlDsaKey* key, int* keyFormat) {
|
||||
else
|
||||
#endif /* WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
if (key->level == WC_ML_DSA_44) {
|
||||
*keyFormat = ML_DSA_LEVEL2k;
|
||||
*keyFormat = ML_DSA_44k;
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_65) {
|
||||
*keyFormat = ML_DSA_LEVEL3k;
|
||||
*keyFormat = ML_DSA_65k;
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_87) {
|
||||
*keyFormat = ML_DSA_LEVEL5k;
|
||||
*keyFormat = ML_DSA_87k;
|
||||
}
|
||||
else {
|
||||
/* Level is not set */
|
||||
@@ -12048,13 +12047,13 @@ int wc_MlDsaKey_PrivateKeyDecode(wc_MlDsaKey* key, const byte* input,
|
||||
}
|
||||
#endif
|
||||
else if (key->level == WC_ML_DSA_44) {
|
||||
keyType = ML_DSA_LEVEL2k;
|
||||
keyType = ML_DSA_44k;
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_65) {
|
||||
keyType = ML_DSA_LEVEL3k;
|
||||
keyType = ML_DSA_65k;
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_87) {
|
||||
keyType = ML_DSA_LEVEL5k;
|
||||
keyType = ML_DSA_87k;
|
||||
}
|
||||
else {
|
||||
ret = BAD_FUNC_ARG;
|
||||
@@ -12368,13 +12367,13 @@ int wc_MlDsaKey_PublicKeyDecode(wc_MlDsaKey* key, const byte* input,
|
||||
else
|
||||
#endif
|
||||
if (key->level == WC_ML_DSA_44) {
|
||||
keyType = ML_DSA_LEVEL2k;
|
||||
keyType = ML_DSA_44k;
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_65) {
|
||||
keyType = ML_DSA_LEVEL3k;
|
||||
keyType = ML_DSA_65k;
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_87) {
|
||||
keyType = ML_DSA_LEVEL5k;
|
||||
keyType = ML_DSA_87k;
|
||||
}
|
||||
else {
|
||||
/* Level not set by caller, decode from DER */
|
||||
@@ -12554,15 +12553,15 @@ int wc_MlDsaKey_PublicKeyToDer(wc_MlDsaKey* key, byte* output, word32 len,
|
||||
else
|
||||
#endif
|
||||
if (key->level == WC_ML_DSA_44) {
|
||||
keyType = ML_DSA_LEVEL2k;
|
||||
keyType = ML_DSA_44k;
|
||||
pubKeyLen = WC_MLDSA_44_PUB_KEY_SIZE;
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_65) {
|
||||
keyType = ML_DSA_LEVEL3k;
|
||||
keyType = ML_DSA_65k;
|
||||
pubKeyLen = WC_MLDSA_65_PUB_KEY_SIZE;
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_87) {
|
||||
keyType = ML_DSA_LEVEL5k;
|
||||
keyType = ML_DSA_87k;
|
||||
pubKeyLen = WC_MLDSA_87_PUB_KEY_SIZE;
|
||||
}
|
||||
else {
|
||||
@@ -12627,15 +12626,15 @@ int wc_MlDsaKey_KeyToDer(wc_MlDsaKey* key, byte* output, word32 len)
|
||||
#endif
|
||||
if (key->level == WC_ML_DSA_44) {
|
||||
ret = SetAsymKeyDer(key->k, WC_MLDSA_44_KEY_SIZE, key->p,
|
||||
WC_MLDSA_44_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL2k);
|
||||
WC_MLDSA_44_PUB_KEY_SIZE, output, len, ML_DSA_44k);
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_65) {
|
||||
ret = SetAsymKeyDer(key->k, WC_MLDSA_65_KEY_SIZE, key->p,
|
||||
WC_MLDSA_65_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL3k);
|
||||
WC_MLDSA_65_PUB_KEY_SIZE, output, len, ML_DSA_65k);
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_87) {
|
||||
ret = SetAsymKeyDer(key->k, WC_MLDSA_87_KEY_SIZE, key->p,
|
||||
WC_MLDSA_87_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL5k);
|
||||
WC_MLDSA_87_PUB_KEY_SIZE, output, len, ML_DSA_87k);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12681,15 +12680,15 @@ int wc_MlDsaKey_PrivateKeyToDer(wc_MlDsaKey* key, byte* output, word32 len)
|
||||
#endif
|
||||
if (key->level == WC_ML_DSA_44) {
|
||||
ret = SetAsymKeyDer(key->k, WC_MLDSA_44_KEY_SIZE, NULL, 0, output,
|
||||
len, ML_DSA_LEVEL2k);
|
||||
len, ML_DSA_44k);
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_65) {
|
||||
ret = SetAsymKeyDer(key->k, WC_MLDSA_65_KEY_SIZE, NULL, 0, output,
|
||||
len, ML_DSA_LEVEL3k);
|
||||
len, ML_DSA_65k);
|
||||
}
|
||||
else if (key->level == WC_ML_DSA_87) {
|
||||
ret = SetAsymKeyDer(key->k, WC_MLDSA_87_KEY_SIZE, NULL, 0, output,
|
||||
len, ML_DSA_LEVEL5k);
|
||||
len, ML_DSA_87k);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+51
-51
@@ -66,8 +66,8 @@
|
||||
#if defined(NO_PKCS11_RNG) && !defined(WC_NO_RNG)
|
||||
#define WC_NO_RNG
|
||||
#endif
|
||||
#if defined(NO_PKCS11_MLDSA) && defined(HAVE_DILITHIUM)
|
||||
#undef HAVE_DILITHIUM
|
||||
#if defined(NO_PKCS11_MLDSA) && defined(WOLFSSL_HAVE_MLDSA)
|
||||
#undef WOLFSSL_HAVE_MLDSA
|
||||
#endif
|
||||
#if defined(NO_PKCS11_MLKEM) && defined(WOLFSSL_HAVE_MLKEM)
|
||||
#undef WOLFSSL_HAVE_MLKEM
|
||||
@@ -81,7 +81,7 @@ static CK_BBOOL ckFalse = CK_FALSE;
|
||||
#endif
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
|
||||
(defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \
|
||||
!defined(NO_HMAC) || defined(HAVE_DILITHIUM) || \
|
||||
!defined(NO_HMAC) || defined(WOLFSSL_HAVE_MLDSA) || \
|
||||
defined(WOLFSSL_HAVE_MLKEM)
|
||||
/* Pointer to true required for templates. */
|
||||
static CK_BBOOL ckTrue = CK_TRUE;
|
||||
@@ -99,11 +99,11 @@ static CK_KEY_TYPE ecKeyType = CKK_EC;
|
||||
/* Pointer to ML-KEM key type required for templates. */
|
||||
static CK_KEY_TYPE mlkemKeyType = CKK_ML_KEM;
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
/* Pointer to ML-DSA key type required for templates. */
|
||||
static CK_KEY_TYPE mldsaKeyType = CKK_ML_DSA;
|
||||
#endif
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_DILITHIUM) || \
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(WOLFSSL_HAVE_MLDSA) || \
|
||||
defined(WOLFSSL_HAVE_MLKEM)
|
||||
/* Pointer to public key class required for templates. */
|
||||
static CK_OBJECT_CLASS pubKeyClass = CKO_PUBLIC_KEY;
|
||||
@@ -1773,7 +1773,7 @@ static int Pkcs11CreateMlKemPrivateKey(CK_OBJECT_HANDLE* privateKey,
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_MLKEM */
|
||||
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
/**
|
||||
* Create a PKCS#11 object containing the ML-DSA public key data.
|
||||
* @param handle [out] Handle to public key object.
|
||||
@@ -1824,21 +1824,21 @@ static int Pkcs11CreateMldsaPublicKey(CK_OBJECT_HANDLE* handle,
|
||||
}
|
||||
|
||||
if ((key->level == WC_ML_DSA_44) &&
|
||||
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) {
|
||||
publicKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE;
|
||||
(mechInfo->ulMinKeySize <= WC_MLDSA_44_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= WC_MLDSA_44_PUB_KEY_SIZE)) {
|
||||
publicKeyLen = WC_MLDSA_44_PUB_KEY_SIZE;
|
||||
param_set = CKP_ML_DSA_44;
|
||||
}
|
||||
else if ((key->level == WC_ML_DSA_65) &&
|
||||
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) {
|
||||
publicKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE;
|
||||
(mechInfo->ulMinKeySize <= WC_MLDSA_65_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= WC_MLDSA_65_PUB_KEY_SIZE)) {
|
||||
publicKeyLen = WC_MLDSA_65_PUB_KEY_SIZE;
|
||||
param_set = CKP_ML_DSA_65;
|
||||
}
|
||||
else if ((key->level == WC_ML_DSA_87) &&
|
||||
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) {
|
||||
publicKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
|
||||
(mechInfo->ulMinKeySize <= WC_MLDSA_87_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= WC_MLDSA_87_PUB_KEY_SIZE)) {
|
||||
publicKeyLen = WC_MLDSA_87_PUB_KEY_SIZE;
|
||||
param_set = CKP_ML_DSA_87;
|
||||
}
|
||||
else {
|
||||
@@ -1907,21 +1907,21 @@ static int Pkcs11CreateMldsaPrivateKey(CK_OBJECT_HANDLE* privateKey,
|
||||
}
|
||||
|
||||
if ((key->level == WC_ML_DSA_44) &&
|
||||
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) {
|
||||
privateKeyLen = ML_DSA_LEVEL2_KEY_SIZE;
|
||||
(mechInfo->ulMinKeySize <= WC_MLDSA_44_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= WC_MLDSA_44_PUB_KEY_SIZE)) {
|
||||
privateKeyLen = WC_MLDSA_44_KEY_SIZE;
|
||||
param_set = CKP_ML_DSA_44;
|
||||
}
|
||||
else if ((key->level == WC_ML_DSA_65) &&
|
||||
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) {
|
||||
privateKeyLen = ML_DSA_LEVEL3_KEY_SIZE;
|
||||
(mechInfo->ulMinKeySize <= WC_MLDSA_65_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= WC_MLDSA_65_PUB_KEY_SIZE)) {
|
||||
privateKeyLen = WC_MLDSA_65_KEY_SIZE;
|
||||
param_set = CKP_ML_DSA_65;
|
||||
}
|
||||
else if ((key->level == WC_ML_DSA_87) &&
|
||||
(mechInfo->ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) {
|
||||
privateKeyLen = ML_DSA_LEVEL5_KEY_SIZE;
|
||||
(mechInfo->ulMinKeySize <= WC_MLDSA_87_PUB_KEY_SIZE) &&
|
||||
(mechInfo->ulMaxKeySize >= WC_MLDSA_87_PUB_KEY_SIZE)) {
|
||||
privateKeyLen = WC_MLDSA_87_KEY_SIZE;
|
||||
param_set = CKP_ML_DSA_87;
|
||||
}
|
||||
else {
|
||||
@@ -1943,11 +1943,11 @@ static int Pkcs11CreateMldsaPrivateKey(CK_OBJECT_HANDLE* privateKey,
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
|
||||
(defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \
|
||||
!defined(NO_HMAC) || defined(HAVE_DILITHIUM) || \
|
||||
!defined(NO_HMAC) || defined(WOLFSSL_HAVE_MLDSA) || \
|
||||
defined(WOLFSSL_HAVE_MLKEM)
|
||||
/**
|
||||
* Check if mechanism is available in session on token.
|
||||
@@ -2220,7 +2220,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
|
||||
break;
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_MLKEM */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case PKCS11_KEY_TYPE_MLDSA: {
|
||||
wc_MlDsaKey* mldsaKey = (wc_MlDsaKey*) key;
|
||||
CK_MECHANISM_INFO mechInfo;
|
||||
@@ -2246,19 +2246,19 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
|
||||
session.func->C_DestroyObject(session.handle, privKey);
|
||||
}
|
||||
}
|
||||
#if !defined(WOLFSSL_DILITHIUM_ASSIGN_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)
|
||||
#if !defined(WOLFSSL_MLDSA_ASSIGN_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_DYNAMIC_KEYS)
|
||||
if (ret == 0 && clear) {
|
||||
ForceZero(mldsaKey->k, sizeof(mldsaKey->k));
|
||||
}
|
||||
#elif defined(WOLFSSL_DILITHIUM_DYNAMIC_KEYS)
|
||||
#elif defined(WOLFSSL_MLDSA_DYNAMIC_KEYS)
|
||||
if (ret == 0 && clear && mldsaKey->k != NULL) {
|
||||
ForceZero(mldsaKey->k, mldsaKey->kSz);
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM*/
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
default:
|
||||
ret = NOT_COMPILED_IN;
|
||||
break;
|
||||
@@ -4748,7 +4748,7 @@ static int Pkcs11PqcKemDecapsulate(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_MLKEM */
|
||||
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
/**
|
||||
* Find the PKCS#11 object containing the ML-DSA public or private key data.
|
||||
*
|
||||
@@ -4852,11 +4852,11 @@ static int Pkcs11GetMldsaPublicKey(wc_MlDsaKey* key,
|
||||
PKCS11_DUMP_TEMPLATE("ML-DSA Public Key", tmpl, tmplCnt);
|
||||
}
|
||||
if (ret == 0) {
|
||||
if (pubKeySize == ML_DSA_LEVEL2_PUB_KEY_SIZE)
|
||||
if (pubKeySize == WC_MLDSA_44_PUB_KEY_SIZE)
|
||||
wc_MlDsaKey_SetParams(key, WC_ML_DSA_44);
|
||||
else if (pubKeySize == ML_DSA_LEVEL3_PUB_KEY_SIZE)
|
||||
else if (pubKeySize == WC_MLDSA_65_PUB_KEY_SIZE)
|
||||
wc_MlDsaKey_SetParams(key, WC_ML_DSA_65);
|
||||
else if (pubKeySize == ML_DSA_LEVEL5_PUB_KEY_SIZE)
|
||||
else if (pubKeySize == WC_MLDSA_87_PUB_KEY_SIZE)
|
||||
wc_MlDsaKey_SetParams(key, WC_ML_DSA_87);
|
||||
else
|
||||
ret = WC_KEY_SIZE_E;
|
||||
@@ -4965,18 +4965,18 @@ static int Pkcs11MldsaKeyGen(Pkcs11Session* session, wc_MlDsaKey* key)
|
||||
ret = Pkcs11MechAvail(session, CKM_ML_DSA_KEY_PAIR_GEN, &mechInfo);
|
||||
if (ret == 0) {
|
||||
if ((key->level == WC_ML_DSA_44) &&
|
||||
(mechInfo.ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) &&
|
||||
(mechInfo.ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) {
|
||||
(mechInfo.ulMinKeySize <= WC_MLDSA_44_PUB_KEY_SIZE) &&
|
||||
(mechInfo.ulMaxKeySize >= WC_MLDSA_44_PUB_KEY_SIZE)) {
|
||||
param_set = CKP_ML_DSA_44;
|
||||
}
|
||||
else if ((key->level == WC_ML_DSA_65) &&
|
||||
(mechInfo.ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) &&
|
||||
(mechInfo.ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) {
|
||||
(mechInfo.ulMinKeySize <= WC_MLDSA_65_PUB_KEY_SIZE) &&
|
||||
(mechInfo.ulMaxKeySize >= WC_MLDSA_65_PUB_KEY_SIZE)) {
|
||||
param_set = CKP_ML_DSA_65;
|
||||
}
|
||||
else if ((key->level == WC_ML_DSA_87) &&
|
||||
(mechInfo.ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) &&
|
||||
(mechInfo.ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) {
|
||||
(mechInfo.ulMinKeySize <= WC_MLDSA_87_PUB_KEY_SIZE) &&
|
||||
(mechInfo.ulMaxKeySize >= WC_MLDSA_87_PUB_KEY_SIZE)) {
|
||||
param_set = CKP_ML_DSA_87;
|
||||
}
|
||||
else {
|
||||
@@ -5333,7 +5333,7 @@ static int Pkcs11MldsaCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
wc_MlDsaKey* privKey = (wc_MlDsaKey*) info->pk.pqc_sig_check.key;
|
||||
WC_DECLARE_VAR(pubKey, wc_MlDsaKey, 1, privKey->heap);
|
||||
|
||||
WC_ALLOC_VAR_EX(pubKey, wc_MlDsaKey, 1, privKey->heap, DYNAMIC_TYPE_DILITHIUM,
|
||||
WC_ALLOC_VAR_EX(pubKey, wc_MlDsaKey, 1, privKey->heap, DYNAMIC_TYPE_MLDSA,
|
||||
ret = MEMORY_E);
|
||||
|
||||
/* Get the ML-DSA public key object. */
|
||||
@@ -5357,11 +5357,11 @@ static int Pkcs11MldsaCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
|
||||
if (ret == 0) {
|
||||
if (key_level == WC_ML_DSA_44)
|
||||
storedKeySize = ML_DSA_LEVEL2_PUB_KEY_SIZE;
|
||||
storedKeySize = WC_MLDSA_44_PUB_KEY_SIZE;
|
||||
else if (key_level == WC_ML_DSA_65)
|
||||
storedKeySize = ML_DSA_LEVEL3_PUB_KEY_SIZE;
|
||||
storedKeySize = WC_MLDSA_65_PUB_KEY_SIZE;
|
||||
else if (key_level == WC_ML_DSA_87)
|
||||
storedKeySize = ML_DSA_LEVEL5_PUB_KEY_SIZE;
|
||||
storedKeySize = WC_MLDSA_87_PUB_KEY_SIZE;
|
||||
else
|
||||
ret = WC_KEY_SIZE_E;
|
||||
}
|
||||
@@ -5385,7 +5385,7 @@ static int Pkcs11MldsaCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
wc_MlDsaKey_Free(pubKey);
|
||||
}
|
||||
|
||||
WC_FREE_VAR_EX(pubKey, privKey->heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
WC_FREE_VAR_EX(pubKey, privKey->heap, DYNAMIC_TYPE_MLDSA);
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -5512,7 +5512,7 @@ static int Pkcs11PqcSigCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
#if !defined(NO_AES) && defined(HAVE_AESGCM)
|
||||
/**
|
||||
@@ -6329,7 +6329,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
||||
*/
|
||||
if (ret == 0) {
|
||||
if (info->algo_type == WC_ALGO_TYPE_PK) {
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_DILITHIUM) || \
|
||||
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(WOLFSSL_HAVE_MLDSA) || \
|
||||
defined(WOLFSSL_HAVE_MLKEM)
|
||||
switch (info->pk.type) {
|
||||
#ifndef NO_RSA
|
||||
@@ -6433,7 +6433,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
case WC_PK_TYPE_PQC_SIG_KEYGEN:
|
||||
ret = Pkcs11OpenSession(token, &session, readWrite);
|
||||
if (ret == 0) {
|
||||
@@ -6469,7 +6469,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
||||
}
|
||||
#else
|
||||
ret = NOT_COMPILED_IN;
|
||||
#endif /* !NO_RSA || HAVE_ECC || HAVE_DILITHIUM || WOLFSSL_HAVE_MLKEM */
|
||||
#endif /* !NO_RSA || HAVE_ECC || WOLFSSL_HAVE_MLDSA || WOLFSSL_HAVE_MLKEM */
|
||||
}
|
||||
else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
|
||||
#ifndef NO_AES
|
||||
@@ -6629,7 +6629,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (info->free.algo == WC_ALGO_TYPE_PK &&
|
||||
info->free.type == WC_PK_TYPE_PQC_SIG_KEYGEN &&
|
||||
info->free.subType == WC_PQC_SIG_TYPE_MLDSA) {
|
||||
|
||||
@@ -7840,7 +7840,7 @@ static const byte slhdsakey_oid_sha3_512[] = {
|
||||
* corresponding OID for the chosen hash algorithm.
|
||||
*
|
||||
* The HashSLH-DSA family takes the digest as input rather than the full
|
||||
* message. This mirrors the wc_dilithium_*_ctx_hash interface and matches the
|
||||
* message. This mirrors the wc_MlDsaKey_*Ctx_Hash interface and matches the
|
||||
* convention used by NIST ACVP signatureInterface=external / preHash test
|
||||
* vectors and other libraries (OpenSSL HASH-ML-DSA, leancrypto SLH-DSA,
|
||||
* mldsa-native pre_hash_internal). The expected digest length is fixed by
|
||||
@@ -9185,7 +9185,7 @@ int wc_SlhDsaKey_PublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
* parameter set -- callers chaining decoders must pass inSz scoped to
|
||||
* just the public-key buffer or the import will reject the length and
|
||||
* fall through to SPKI parsing. Mirrors the raw-first fallback in
|
||||
* wc_Dilithium_PublicKeyDecode and wc_Falcon_PublicKeyDecode so all PQ
|
||||
* wc_MlDsaKey_PublicKeyDecode and wc_Falcon_PublicKeyDecode so all PQ
|
||||
* public-key decoders accept either raw bytes or SPKI.
|
||||
*
|
||||
* The length check in ImportPublic is the disambiguator: a real SPKI
|
||||
|
||||
+229
-229
@@ -395,8 +395,8 @@ static const byte const_byte_array[] = "A+Gd\0\0\0";
|
||||
#ifdef WOLFSSL_HAVE_MLKEM
|
||||
#include <wolfssl/wolfcrypt/wc_mlkem.h>
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#include <wolfssl/wolfcrypt/wc_mldsa.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_XMSS)
|
||||
#include <wolfssl/wolfcrypt/wc_xmss.h>
|
||||
@@ -965,8 +965,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
|
||||
#ifdef WOLFSSL_HAVE_MLKEM
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void);
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void);
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mldsa_test(void);
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_XMSS)
|
||||
#if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
|
||||
@@ -1447,14 +1447,14 @@ static WC_MAYBE_UNUSED Aes* test_AesGcmNew(void* heap, int declaredDevId,
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
#if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
|
||||
static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
|
||||
#elif defined(HAVE_DILITHIUM)
|
||||
#if defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) && \
|
||||
defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) && \
|
||||
defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM) && \
|
||||
defined(WOLFSSL_DILITHIUM_VERIFY_ONLY)
|
||||
static byte gTestMemory[192*1024]; /* Dilithium low mem */
|
||||
#elif defined(WOLFSSL_HAVE_MLDSA)
|
||||
#if defined(WOLFSSL_MLDSA_VERIFY_SMALL_MEM) && \
|
||||
defined(WOLFSSL_MLDSA_SIGN_SMALL_MEM) && \
|
||||
defined(WOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM) && \
|
||||
defined(WOLFSSL_MLDSA_VERIFY_ONLY)
|
||||
static byte gTestMemory[192*1024]; /* ML-DSA low mem */
|
||||
#else
|
||||
static byte gTestMemory[576*1024]; /* Dilithium full mem */
|
||||
static byte gTestMemory[576*1024]; /* ML-DSA full mem */
|
||||
#endif
|
||||
#elif defined(BENCH_EMBEDDED)
|
||||
static byte gTestMemory[14000];
|
||||
@@ -3130,12 +3130,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
|
||||
PRIVATE_KEY_LOCK();
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
if ( (ret = dilithium_test()) != 0)
|
||||
TEST_FAIL("DILITHIUM test failed!\n", ret);
|
||||
if ( (ret = mldsa_test()) != 0)
|
||||
TEST_FAIL("ML-DSA test failed!\n", ret);
|
||||
else
|
||||
TEST_PASS("DILITHIUM test passed!\n");
|
||||
TEST_PASS("ML-DSA test passed!\n");
|
||||
PRIVATE_KEY_LOCK();
|
||||
#endif
|
||||
|
||||
@@ -52263,22 +52263,22 @@ out:
|
||||
}
|
||||
#endif /* WOLFSSL_HAVE_MLKEM */
|
||||
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
|
||||
static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#ifndef WOLFSSL_MLDSA_NO_VERIFY
|
||||
static wc_test_ret_t mldsa_param_vfy_test(int param, const byte* pubKey,
|
||||
word32 pubKeyLen, const byte* sig, word32 sigLen)
|
||||
{
|
||||
#ifndef DILITHIUM_TEST_MSG_SZ
|
||||
#define DILITHIUM_TEST_MSG_SZ 512
|
||||
#ifndef WC_MLDSA_TEST_MSG_SZ
|
||||
#define WC_MLDSA_TEST_MSG_SZ 512
|
||||
#endif
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
byte* msg = NULL;
|
||||
dilithium_key* key = NULL;
|
||||
wc_MlDsaKey* key = NULL;
|
||||
byte* pubExported = NULL;
|
||||
#else
|
||||
byte msg[DILITHIUM_TEST_MSG_SZ];
|
||||
dilithium_key key[1];
|
||||
byte pubExported[DILITHIUM_MAX_PUB_KEY_SIZE];
|
||||
byte msg[WC_MLDSA_TEST_MSG_SZ];
|
||||
wc_MlDsaKey key[1];
|
||||
byte pubExported[MLDSA_MAX_PUB_KEY_SIZE];
|
||||
#endif
|
||||
wc_test_ret_t ret;
|
||||
int i;
|
||||
@@ -52287,9 +52287,9 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
|
||||
int n_diff = 0;
|
||||
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
msg = (byte*)XMALLOC(DILITHIUM_TEST_MSG_SZ, HEAP_HINT,
|
||||
msg = (byte*)XMALLOC(WC_MLDSA_TEST_MSG_SZ, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
|
||||
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -52299,33 +52299,33 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
|
||||
#endif
|
||||
|
||||
/* make dummy msg */
|
||||
for (i = 0; i < DILITHIUM_TEST_MSG_SZ; i++) {
|
||||
for (i = 0; i < WC_MLDSA_TEST_MSG_SZ; i++) {
|
||||
msg[i] = (byte)i;
|
||||
}
|
||||
|
||||
ret = wc_dilithium_init_ex(key, NULL, devId);
|
||||
ret = wc_MlDsaKey_Init(key, NULL, devId);
|
||||
if (ret != 0) {
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = wc_dilithium_set_level(key, param);
|
||||
ret = wc_MlDsaKey_SetParams(key, param);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
ret = wc_dilithium_import_public(pubKey, pubKeyLen, key);
|
||||
ret = wc_MlDsaKey_ImportPubRaw(key, pubKey, pubKeyLen);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
if (param >= WC_ML_DSA_DRAFT) {
|
||||
ret = wc_dilithium_verify_msg(sig, sigLen, msg, DILITHIUM_TEST_MSG_SZ,
|
||||
&res, key);
|
||||
ret = wc_MlDsaKey_Verify(key, sig, sigLen, msg, WC_MLDSA_TEST_MSG_SZ,
|
||||
&res);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
|
||||
DILITHIUM_TEST_MSG_SZ, &res, key);
|
||||
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
|
||||
WC_MLDSA_TEST_MSG_SZ, &res);
|
||||
}
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
@@ -52333,7 +52333,7 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
|
||||
|
||||
/* Now test the export pub raw API, verify we recover the original pub. */
|
||||
ret = wc_dilithium_export_public(key, pubExported, &lenExported);
|
||||
ret = wc_MlDsaKey_ExportPubRaw(key, pubExported, &lenExported);
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
}
|
||||
@@ -52349,7 +52349,7 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey,
|
||||
}
|
||||
|
||||
out:
|
||||
wc_dilithium_free(key);
|
||||
wc_MlDsaKey_Free(key);
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -52359,7 +52359,7 @@ out:
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
static wc_test_ret_t dilithium_param_44_vfy_test(void)
|
||||
static wc_test_ret_t mldsa_param_44_vfy_test(void)
|
||||
{
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = {
|
||||
0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04,
|
||||
@@ -52473,7 +52473,7 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
|
||||
0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5,
|
||||
0x70, 0x8d, 0x8b, 0x9c
|
||||
};
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = {
|
||||
0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
|
||||
0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
|
||||
@@ -52813,7 +52813,7 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
|
||||
0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a
|
||||
};
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = {
|
||||
0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a,
|
||||
0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5,
|
||||
@@ -53061,12 +53061,12 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
|
||||
#endif
|
||||
wc_test_ret_t ret;
|
||||
|
||||
ret = dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
|
||||
ret = mldsa_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
|
||||
(word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig,
|
||||
(word32)sizeof(ml_dsa_44_sig));
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
if (ret == 0) {
|
||||
ret = dilithium_param_vfy_test(WC_ML_DSA_44_DRAFT,
|
||||
ret = mldsa_param_vfy_test(WC_ML_DSA_44_DRAFT,
|
||||
ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key),
|
||||
ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig));
|
||||
}
|
||||
@@ -53077,7 +53077,7 @@ static wc_test_ret_t dilithium_param_44_vfy_test(void)
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
static wc_test_ret_t dilithium_param_65_vfy_test(void)
|
||||
static wc_test_ret_t mldsa_param_65_vfy_test(void)
|
||||
{
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = {
|
||||
0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd,
|
||||
@@ -53244,7 +53244,7 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
|
||||
0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0,
|
||||
0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6
|
||||
};
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = {
|
||||
0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
|
||||
0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
|
||||
@@ -53722,7 +53722,7 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25
|
||||
};
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = {
|
||||
0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc,
|
||||
0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e,
|
||||
@@ -54059,12 +54059,12 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
|
||||
#endif
|
||||
wc_test_ret_t ret;
|
||||
|
||||
ret = dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
|
||||
ret = mldsa_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
|
||||
(word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig,
|
||||
(word32)sizeof(ml_dsa_65_sig));
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
if (ret == 0) {
|
||||
ret = dilithium_param_vfy_test(WC_ML_DSA_65_DRAFT,
|
||||
ret = mldsa_param_vfy_test(WC_ML_DSA_65_DRAFT,
|
||||
ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key),
|
||||
ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig));
|
||||
}
|
||||
@@ -54075,7 +54075,7 @@ static wc_test_ret_t dilithium_param_65_vfy_test(void)
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
static wc_test_ret_t dilithium_param_87_vfy_test(void)
|
||||
static wc_test_ret_t mldsa_param_87_vfy_test(void)
|
||||
{
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = {
|
||||
0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e,
|
||||
@@ -54295,7 +54295,7 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
|
||||
0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50,
|
||||
0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4
|
||||
};
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = {
|
||||
0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
|
||||
0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
|
||||
@@ -54947,7 +54947,7 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
|
||||
0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f
|
||||
};
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = {
|
||||
0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0,
|
||||
0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf,
|
||||
@@ -55416,12 +55416,12 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
|
||||
#endif
|
||||
wc_test_ret_t ret;
|
||||
|
||||
ret = dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
|
||||
ret = mldsa_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
|
||||
(word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig,
|
||||
(word32)sizeof(ml_dsa_87_sig));
|
||||
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
if (ret == 0) {
|
||||
ret = dilithium_param_vfy_test(WC_ML_DSA_87_DRAFT,
|
||||
ret = mldsa_param_vfy_test(WC_ML_DSA_87_DRAFT,
|
||||
ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key),
|
||||
ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig));
|
||||
}
|
||||
@@ -55432,64 +55432,64 @@ static wc_test_ret_t dilithium_param_87_vfy_test(void)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
|
||||
static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
static wc_test_ret_t mldsa_param_test(int param, WC_RNG* rng)
|
||||
{
|
||||
wc_test_ret_t ret;
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
dilithium_key* key = NULL;
|
||||
wc_MlDsaKey* key = NULL;
|
||||
byte* sig = NULL;
|
||||
#else
|
||||
dilithium_key key[1];
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
|
||||
byte sig[DILITHIUM_MAX_SIG_SIZE];
|
||||
wc_MlDsaKey key[1];
|
||||
#ifndef WOLFSSL_MLDSA_NO_SIGN
|
||||
byte sig[MLDSA_MAX_SIG_SIZE];
|
||||
#endif
|
||||
#endif
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
|
||||
#ifndef WOLFSSL_MLDSA_NO_SIGN
|
||||
word32 sigLen;
|
||||
byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
|
||||
#ifndef WOLFSSL_MLDSA_NO_VERIFY
|
||||
int res = 0;
|
||||
#endif
|
||||
#endif
|
||||
dilithium_key* tmpKey = NULL;
|
||||
wc_MlDsaKey* tmpKey = NULL;
|
||||
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
|
||||
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT,
|
||||
sig = (byte*)XMALLOC(MLDSA_MAX_SIG_SIZE, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (key == NULL || sig == NULL) {
|
||||
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = wc_dilithium_init_ex(key, NULL, devId);
|
||||
ret = wc_MlDsaKey_Init(key, NULL, devId);
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
}
|
||||
|
||||
ret = wc_dilithium_set_level(key, param);
|
||||
ret = wc_MlDsaKey_SetParams(key, param);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
ret = wc_dilithium_make_key(key, rng);
|
||||
ret = wc_MlDsaKey_MakeKey(key, rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
|
||||
sigLen = wc_dilithium_sig_size(key);
|
||||
#ifndef WOLFSSL_MLDSA_NO_SIGN
|
||||
sigLen = wc_MlDsaKey_SigSize(key);
|
||||
if (sigLen <= 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg, (word32)sizeof(msg), sig,
|
||||
&sigLen, key, rng);
|
||||
ret = wc_MlDsaKey_SignCtx(key, NULL, 0, sig, &sigLen,
|
||||
msg, (word32)sizeof(msg), rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
|
||||
ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
|
||||
(word32)sizeof(msg), &res, key);
|
||||
#ifndef WOLFSSL_MLDSA_NO_VERIFY
|
||||
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
|
||||
(word32)sizeof(msg), &res);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
if (res != 1)
|
||||
@@ -55497,16 +55497,16 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
tmpKey = wc_dilithium_new(HEAP_HINT, devId);
|
||||
tmpKey = wc_MlDsaKey_New(HEAP_HINT, devId);
|
||||
if (tmpKey == NULL)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
ret = wc_dilithium_delete(tmpKey, &tmpKey);
|
||||
ret = wc_MlDsaKey_Delete(tmpKey, &tmpKey);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
out:
|
||||
wc_dilithium_free(key);
|
||||
wc_MlDsaKey_Free(key);
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -55515,77 +55515,77 @@ out:
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WC_DILITHIUM_CACHE_MATRIX_A) && \
|
||||
!defined(WC_DILITHIUM_FIXED_ARRAY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
#if defined(WC_MLDSA_CACHE_MATRIX_A) && \
|
||||
!defined(WC_MLDSA_FIXED_ARRAY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
/* Regression test for sign path matrix A cache allocation.
|
||||
*
|
||||
* dilithium_sign_with_seed_mu() previously stored the result of XMALLOC for
|
||||
* mldsa_sign_with_seed_mu() previously stored the result of XMALLOC for
|
||||
* the matrix A cache into a local variable instead of key->a. The local was
|
||||
* then immediately overwritten by `a = key->a` (still NULL), so the just-
|
||||
* allocated buffer was leaked and a NULL pointer was passed to
|
||||
* dilithium_expand_a().
|
||||
* mldsa_expand_a().
|
||||
*
|
||||
* This test exercises that exact code path by clearing the cache state on a
|
||||
* key after make_key, then signing. The post-condition asserts that key->a
|
||||
* was populated (proving the allocation made it into the key, not the local)
|
||||
* and that signing produces a verifiable signature.
|
||||
*/
|
||||
static wc_test_ret_t dilithium_sign_cache_alloc_test(int param, WC_RNG* rng)
|
||||
static wc_test_ret_t mldsa_sign_cache_alloc_test(int param, WC_RNG* rng)
|
||||
{
|
||||
wc_test_ret_t ret;
|
||||
dilithium_key* key = NULL;
|
||||
wc_MlDsaKey* key = NULL;
|
||||
byte* sig = NULL;
|
||||
word32 sigLen;
|
||||
byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
|
||||
int res = 0;
|
||||
|
||||
key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT,
|
||||
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (key == NULL) {
|
||||
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
|
||||
}
|
||||
/* Init before further allocations so wc_dilithium_free() in the cleanup
|
||||
/* Init before further allocations so wc_MlDsaKey_Free() in the cleanup
|
||||
* path operates on a zeroed struct, not garbage cached-pointer fields. */
|
||||
ret = wc_dilithium_init_ex(key, NULL, devId);
|
||||
ret = wc_MlDsaKey_Init(key, NULL, devId);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT,
|
||||
sig = (byte*)XMALLOC(MLDSA_MAX_SIG_SIZE, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (sig == NULL) {
|
||||
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
|
||||
}
|
||||
|
||||
ret = wc_dilithium_set_level(key, param);
|
||||
ret = wc_MlDsaKey_SetParams(key, param);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
ret = wc_dilithium_make_key(key, rng);
|
||||
ret = wc_MlDsaKey_MakeKey(key, rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
/* Drop the cached matrix A so the next sign exercises the allocation
|
||||
* branch in dilithium_sign_with_seed_mu(). */
|
||||
XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
* branch in mldsa_sign_with_seed_mu(). */
|
||||
XFREE(key->a, key->heap, DYNAMIC_TYPE_MLDSA);
|
||||
key->a = NULL;
|
||||
key->aSet = 0;
|
||||
#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
|
||||
XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
|
||||
#ifdef WC_MLDSA_CACHE_PRIV_VECTORS
|
||||
XFREE(key->s1, key->heap, DYNAMIC_TYPE_MLDSA);
|
||||
key->s1 = NULL;
|
||||
key->s2 = NULL;
|
||||
key->t0 = NULL;
|
||||
key->privVecsSet = 0;
|
||||
#endif
|
||||
|
||||
sigLen = wc_dilithium_sig_size(key);
|
||||
sigLen = wc_MlDsaKey_SigSize(key);
|
||||
if (sigLen <= 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg, (word32)sizeof(msg), sig,
|
||||
&sigLen, key, rng);
|
||||
ret = wc_MlDsaKey_SignCtx(key, NULL, 0, sig, &sigLen,
|
||||
msg, (word32)sizeof(msg), rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
@@ -55597,8 +55597,8 @@ static wc_test_ret_t dilithium_sign_cache_alloc_test(int param, WC_RNG* rng)
|
||||
if (key->aSet != 1)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
|
||||
|
||||
ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg,
|
||||
(word32)sizeof(msg), &res, key);
|
||||
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
|
||||
(word32)sizeof(msg), &res);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
if (res != 1)
|
||||
@@ -55606,48 +55606,48 @@ static wc_test_ret_t dilithium_sign_cache_alloc_test(int param, WC_RNG* rng)
|
||||
|
||||
out:
|
||||
if (key != NULL)
|
||||
wc_dilithium_free(key);
|
||||
wc_MlDsaKey_Free(key);
|
||||
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
}
|
||||
#endif /* WC_DILITHIUM_CACHE_MATRIX_A && !WC_DILITHIUM_FIXED_ARRAY &&
|
||||
* !WOLFSSL_DILITHIUM_NO_MAKE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN &&
|
||||
* !WOLFSSL_DILITHIUM_NO_VERIFY */
|
||||
#endif /* WC_MLDSA_CACHE_MATRIX_A && !WC_MLDSA_FIXED_ARRAY &&
|
||||
* !WOLFSSL_MLDSA_NO_MAKE_KEY && !WOLFSSL_MLDSA_NO_SIGN &&
|
||||
* !WOLFSSL_MLDSA_NO_VERIFY */
|
||||
|
||||
|
||||
#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \
|
||||
(defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY))
|
||||
#if (defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN)) || \
|
||||
(defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY))
|
||||
/* Tests decoding a key from DER without the security level specified */
|
||||
static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
|
||||
static wc_test_ret_t test_mldsa_decode_level(const byte* rawKey,
|
||||
word32 rawKeySz,
|
||||
int expectedLevel,
|
||||
int isPublicOnlyKey)
|
||||
{
|
||||
int ret = 0;
|
||||
#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
|
||||
#if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
|
||||
/* Size the buffer to accommodate the largest encoded key size */
|
||||
const word32 maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE;
|
||||
const word32 maxDerSz = MLDSA_MAX_PRV_KEY_DER_SIZE;
|
||||
word32 derSz;
|
||||
word32 idx;
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
byte* der = NULL;
|
||||
#else
|
||||
byte der[DILITHIUM_MAX_PRV_KEY_DER_SIZE];
|
||||
byte der[MLDSA_MAX_PRV_KEY_DER_SIZE];
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
dilithium_key *key = NULL;
|
||||
wc_MlDsaKey *key = NULL;
|
||||
#else
|
||||
dilithium_key key[1];
|
||||
wc_MlDsaKey key[1];
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
/* Allocate DER buffer */
|
||||
der = (byte*)XMALLOC(maxDerSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT,
|
||||
key = (wc_MlDsaKey *)XMALLOC(sizeof(*key), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (der == NULL || key == NULL) {
|
||||
ret = MEMORY_E;
|
||||
@@ -55656,38 +55656,38 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
|
||||
|
||||
/* Initialize key */
|
||||
if (ret == 0) {
|
||||
ret = wc_dilithium_init_ex(key, NULL, devId);
|
||||
ret = wc_MlDsaKey_Init(key, NULL, devId);
|
||||
}
|
||||
|
||||
/* Import raw key, setting the security level */
|
||||
if (ret == 0) {
|
||||
ret = wc_dilithium_set_level(key, expectedLevel);
|
||||
ret = wc_MlDsaKey_SetParams(key, expectedLevel);
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
if (isPublicOnlyKey) {
|
||||
ret = wc_dilithium_import_public(rawKey, rawKeySz, key);
|
||||
ret = wc_MlDsaKey_ImportPubRaw(key, rawKey, rawKeySz);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
if (!isPublicOnlyKey) {
|
||||
ret = wc_dilithium_import_private(rawKey, rawKeySz, key);
|
||||
ret = wc_MlDsaKey_ImportPrivRaw(key, rawKey, rawKeySz);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
|
||||
#if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
|
||||
/* Export raw key as DER */
|
||||
if (ret == 0) {
|
||||
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
if (isPublicOnlyKey) {
|
||||
ret = wc_Dilithium_PublicKeyToDer(key, der, maxDerSz, 1);
|
||||
ret = wc_MlDsaKey_PublicKeyToDer(key, der, maxDerSz, 1);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
if (!isPublicOnlyKey) {
|
||||
ret = wc_Dilithium_PrivateKeyToDer(key, der, maxDerSz);
|
||||
ret = wc_MlDsaKey_PrivateKeyToDer(key, der, maxDerSz);
|
||||
}
|
||||
#endif
|
||||
if (ret >= 0) {
|
||||
@@ -55698,63 +55698,63 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
|
||||
|
||||
/* Free and reinit key to test fresh decode */
|
||||
if (ret == 0) {
|
||||
wc_dilithium_free(key);
|
||||
ret = wc_dilithium_init_ex(key, NULL, devId);
|
||||
wc_MlDsaKey_Free(key);
|
||||
ret = wc_MlDsaKey_Init(key, NULL, devId);
|
||||
}
|
||||
|
||||
/* First test decoding when security level is set externally */
|
||||
if (ret == 0) {
|
||||
ret = wc_dilithium_set_level(key, expectedLevel);
|
||||
ret = wc_MlDsaKey_SetParams(key, expectedLevel);
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
idx = 0;
|
||||
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
if (isPublicOnlyKey) {
|
||||
ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz);
|
||||
ret = wc_MlDsaKey_PublicKeyDecode(key, der, derSz, &idx);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
if (!isPublicOnlyKey) {
|
||||
ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz);
|
||||
ret = wc_MlDsaKey_PrivateKeyDecode(key, der, derSz, &idx);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Free and reinit key to test fresh decode */
|
||||
if (ret == 0) {
|
||||
wc_dilithium_free(key);
|
||||
ret = wc_dilithium_init_ex(key, NULL, devId);
|
||||
wc_MlDsaKey_Free(key);
|
||||
ret = wc_MlDsaKey_Init(key, NULL, devId);
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||
#ifndef WOLFSSL_MLDSA_FIPS204_DRAFT
|
||||
/* Test decoding without setting security level - should auto-detect */
|
||||
if (ret == 0) {
|
||||
idx = 0;
|
||||
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
if (isPublicOnlyKey) {
|
||||
ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz);
|
||||
ret = wc_MlDsaKey_PublicKeyDecode(key, der, derSz, &idx);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
if (!isPublicOnlyKey) {
|
||||
ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz);
|
||||
ret = wc_MlDsaKey_PrivateKeyDecode(key, der, derSz, &idx);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Verify auto-detected security level */
|
||||
if (ret == 0 && key->level != expectedLevel) {
|
||||
printf("Dilithium key decode failed to detect level.\n"
|
||||
printf("ML-DSA key decode failed to detect level.\n"
|
||||
"\tExpected level=%d\n\tGot level=%d\n",
|
||||
expectedLevel, key->level);
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */
|
||||
#endif /* !WOLFSSL_MLDSA_FIPS204_DRAFT */
|
||||
#endif /* !WOLFSSL_MLDSA_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */
|
||||
|
||||
/* Cleanup */
|
||||
wc_dilithium_free(key);
|
||||
wc_MlDsaKey_Free(key);
|
||||
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
|
||||
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -55763,97 +55763,97 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
|
||||
}
|
||||
|
||||
/* Test Dilithium key decoding and security level detection */
|
||||
static wc_test_ret_t dilithium_decode_test(void)
|
||||
static wc_test_ret_t mldsa_decode_test(void)
|
||||
{
|
||||
wc_test_ret_t ret;
|
||||
const byte* key;
|
||||
word32 keySz;
|
||||
|
||||
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
const int isPrvKey = 0;
|
||||
#endif
|
||||
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
const int isPubKey = 1;
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
/* Test ML-DSA-44 */
|
||||
key = bench_dilithium_level2_key;
|
||||
keySz = sizeof_bench_dilithium_level2_key;
|
||||
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPrvKey);
|
||||
key = bench_mldsa_44_key;
|
||||
keySz = sizeof_bench_mldsa_44_key;
|
||||
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_44, isPrvKey);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
|
||||
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
|
||||
|
||||
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
key = bench_dilithium_level2_pubkey;
|
||||
keySz = sizeof_bench_dilithium_level2_pubkey;
|
||||
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPubKey);
|
||||
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
key = bench_mldsa_44_pubkey;
|
||||
keySz = sizeof_bench_mldsa_44_pubkey;
|
||||
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_44, isPubKey);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
|
||||
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
|
||||
#endif /* WOLFSSL_NO_ML_DSA_44 */
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
/* Test ML-DSA-65 */
|
||||
key = bench_dilithium_level3_key;
|
||||
keySz = sizeof_bench_dilithium_level3_key;
|
||||
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPrvKey);
|
||||
key = bench_mldsa_65_key;
|
||||
keySz = sizeof_bench_mldsa_65_key;
|
||||
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_65, isPrvKey);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
|
||||
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
|
||||
|
||||
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
key = bench_dilithium_level3_pubkey;
|
||||
keySz = sizeof_bench_dilithium_level3_pubkey;
|
||||
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPubKey);
|
||||
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
key = bench_mldsa_65_pubkey;
|
||||
keySz = sizeof_bench_mldsa_65_pubkey;
|
||||
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_65, isPubKey);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
|
||||
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
|
||||
#endif /* WOLFSSL_NO_ML_DSA_65 */
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
/* Test ML-DSA-87 */
|
||||
key = bench_dilithium_level5_key;
|
||||
keySz = sizeof_bench_dilithium_level5_key;
|
||||
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPrvKey);
|
||||
key = bench_mldsa_87_key;
|
||||
keySz = sizeof_bench_mldsa_87_key;
|
||||
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_87, isPrvKey);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */
|
||||
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
|
||||
|
||||
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
key = bench_dilithium_level5_pubkey;
|
||||
keySz = sizeof_bench_dilithium_level5_pubkey;
|
||||
ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPubKey);
|
||||
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
key = bench_mldsa_87_pubkey;
|
||||
keySz = sizeof_bench_mldsa_87_pubkey;
|
||||
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_87, isPubKey);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */
|
||||
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
|
||||
#endif /* WOLFSSL_NO_ML_DSA_87 */
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) ||
|
||||
* (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */
|
||||
#endif /* (WOLFSSL_MLDSA_PUBLIC_KEY && !WOLFSSL_MLDSA_NO_VERIFY) ||
|
||||
* (WOLFSSL_MLDSA_PRIVATE_KEY && !WOLFSSL_MLDSA_NO_SIGN) */
|
||||
|
||||
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mldsa_test(void)
|
||||
{
|
||||
wc_test_ret_t ret;
|
||||
WC_RNG rng;
|
||||
@@ -55869,85 +55869,85 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void)
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
|
||||
ret = dilithium_param_44_vfy_test();
|
||||
#ifndef WOLFSSL_MLDSA_NO_VERIFY
|
||||
ret = mldsa_param_44_vfy_test();
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
|
||||
ret = dilithium_param_test(WC_ML_DSA_44, &rng);
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
ret = mldsa_param_test(WC_ML_DSA_44, &rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
|
||||
ret = dilithium_param_65_vfy_test();
|
||||
#ifndef WOLFSSL_MLDSA_NO_VERIFY
|
||||
ret = mldsa_param_65_vfy_test();
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
|
||||
ret = dilithium_param_test(WC_ML_DSA_65, &rng);
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
ret = mldsa_param_test(WC_ML_DSA_65, &rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_VERIFY
|
||||
ret = dilithium_param_87_vfy_test();
|
||||
#ifndef WOLFSSL_MLDSA_NO_VERIFY
|
||||
ret = mldsa_param_87_vfy_test();
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
|
||||
ret = dilithium_param_test(WC_ML_DSA_87, &rng);
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
ret = mldsa_param_test(WC_ML_DSA_87, &rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(WC_DILITHIUM_CACHE_MATRIX_A) && \
|
||||
!defined(WC_DILITHIUM_FIXED_ARRAY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
#if defined(WC_MLDSA_CACHE_MATRIX_A) && \
|
||||
!defined(WC_MLDSA_FIXED_ARRAY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
ret = dilithium_sign_cache_alloc_test(WC_ML_DSA_44, &rng);
|
||||
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_44, &rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
ret = dilithium_sign_cache_alloc_test(WC_ML_DSA_65, &rng);
|
||||
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_65, &rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
ret = dilithium_sign_cache_alloc_test(WC_ML_DSA_87, &rng);
|
||||
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_87, &rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(ret, out);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \
|
||||
(defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY))
|
||||
ret = dilithium_decode_test();
|
||||
#if (defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN)) || \
|
||||
(defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY))
|
||||
ret = mldsa_decode_test();
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(ret, out);
|
||||
}
|
||||
#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) ||
|
||||
* (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */
|
||||
#endif /* (WOLFSSL_MLDSA_PUBLIC_KEY && !WOLFSSL_MLDSA_NO_VERIFY) ||
|
||||
* (WOLFSSL_MLDSA_PRIVATE_KEY && !WOLFSSL_MLDSA_NO_SIGN) */
|
||||
|
||||
#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
|
||||
defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) || \
|
||||
defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
|
||||
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY) || \
|
||||
defined(WOLFSSL_MLDSA_PRIVATE_KEY) || \
|
||||
defined(WOLFSSL_MLDSA_PUBLIC_KEY)
|
||||
out:
|
||||
#endif
|
||||
wc_FreeRng(&rng);
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
|
||||
static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz,
|
||||
@@ -73047,14 +73047,14 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) || defined(WOLFSSL_HAVE_SLHDSA)
|
||||
case WC_PK_TYPE_PQC_SIG_KEYGEN:
|
||||
{
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (info->free.subType == WC_PQC_SIG_TYPE_MLDSA) {
|
||||
dilithium_key* dil = (dilithium_key*)info->free.obj;
|
||||
wc_MlDsaKey* dil = (wc_MlDsaKey*)info->free.obj;
|
||||
dil->devId = INVALID_DEVID;
|
||||
wc_dilithium_free(dil);
|
||||
wc_MlDsaKey_Free(dil);
|
||||
ret = 0;
|
||||
}
|
||||
#endif
|
||||
@@ -73729,9 +73729,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
|
||||
if (ret == 0)
|
||||
ret = mlkem_test();
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
if (ret == 0)
|
||||
ret = dilithium_test();
|
||||
ret = mldsa_test();
|
||||
#endif
|
||||
#ifdef WOLFSSL_HAVE_SLHDSA
|
||||
if (ret == 0) {
|
||||
|
||||
@@ -307,8 +307,8 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
|
||||
#ifdef WOLFSSL_HAVE_MLKEM
|
||||
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void);
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void);
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mldsa_test(void);
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_XMSS)
|
||||
#if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
|
||||
|
||||
+1763
-1776
File diff suppressed because it is too large
Load Diff
+1792
-1812
File diff suppressed because it is too large
Load Diff
+7
-1
@@ -197,7 +197,7 @@ enum wolfSSL_ErrorCodes {
|
||||
UNSUPPORTED_PROTO_VERSION = -450, /* bad/unsupported protocol version*/
|
||||
FALCON_KEY_SIZE_E = -451, /* Wrong key size for Falcon. */
|
||||
QUIC_TP_MISSING_E = -452, /* QUIC transport parameter missing */
|
||||
DILITHIUM_KEY_SIZE_E = -453, /* Wrong key size for Dilithium. */
|
||||
MLDSA_KEY_SIZE_E = -453, /* Wrong key size for ML-DSA. */
|
||||
DTLS_CID_ERROR = -454, /* Wrong or missing CID */
|
||||
DTLS_TOO_MANY_FRAGMENTS_E = -455, /* Received too many fragments */
|
||||
QUIC_WRONG_ENC_LEVEL = -456, /* QUIC data received on wrong encryption level */
|
||||
@@ -251,6 +251,12 @@ enum wolfSSL_ErrorCodes {
|
||||
|
||||
wc_static_assert((int)WC_LAST_E <= (int)WOLFSSL_LAST_E);
|
||||
|
||||
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
|
||||
/* Legacy alias for code written against the pre-standardization
|
||||
* Dilithium name. Will be removed alongside the dilithium.h shim. */
|
||||
#define DILITHIUM_KEY_SIZE_E MLDSA_KEY_SIZE_E
|
||||
#endif
|
||||
|
||||
/* I/O Callback default errors */
|
||||
enum IOerrors {
|
||||
WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */
|
||||
|
||||
+35
-36
@@ -126,8 +126,8 @@
|
||||
#ifdef HAVE_FALCON
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#include <wolfssl/wolfcrypt/wc_mldsa.h>
|
||||
#endif
|
||||
#ifdef HAVE_HKDF
|
||||
#include <wolfssl/wolfcrypt/kdf.h>
|
||||
@@ -1778,7 +1778,7 @@ enum Misc {
|
||||
SM2_SA_MINOR = 8, /* Least significant byte for SM2 with SM3 */
|
||||
|
||||
FALCON_SA_MAJOR = 0xFE,/* Most significant byte used with falcon sig algs */
|
||||
DILITHIUM_SA_MAJOR = 0x09,/* Most significant byte used with dilithium sig algs */
|
||||
MLDSA_SA_MAJOR = 0x09,/* Most significant byte used with ML-DSA sig algs */
|
||||
|
||||
/* These values for falcon match what OQS has defined. */
|
||||
FALCON_LEVEL1_SA_MAJOR = 0xFE,
|
||||
@@ -1786,14 +1786,13 @@ enum Misc {
|
||||
FALCON_LEVEL5_SA_MAJOR = 0xFE,
|
||||
FALCON_LEVEL5_SA_MINOR = 0xDA,
|
||||
|
||||
/* these values for MLDSA (Dilithium) correspond to what is proposed in the
|
||||
* IETF. */
|
||||
DILITHIUM_LEVEL2_SA_MAJOR = 0x09,
|
||||
DILITHIUM_LEVEL2_SA_MINOR = 0x04,
|
||||
DILITHIUM_LEVEL3_SA_MAJOR = 0x09,
|
||||
DILITHIUM_LEVEL3_SA_MINOR = 0x05,
|
||||
DILITHIUM_LEVEL5_SA_MAJOR = 0x09,
|
||||
DILITHIUM_LEVEL5_SA_MINOR = 0x06,
|
||||
/* These values for ML-DSA correspond to what is proposed in the IETF. */
|
||||
MLDSA_44_SA_MAJOR = 0x09,
|
||||
MLDSA_44_SA_MINOR = 0x04,
|
||||
MLDSA_65_SA_MAJOR = 0x09,
|
||||
MLDSA_65_SA_MINOR = 0x05,
|
||||
MLDSA_87_SA_MAJOR = 0x09,
|
||||
MLDSA_87_SA_MINOR = 0x06,
|
||||
|
||||
MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
|
||||
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
|
||||
@@ -1894,7 +1893,7 @@ WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
|
||||
|
||||
/* number of items in the signature algo list */
|
||||
#ifndef WOLFSSL_MAX_SIGALGO
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
/* If we are building with post-quantum algorithms, we likely want to
|
||||
* inter-op with OQS's OpenSSL and they send a lot more sigalgs.
|
||||
*/
|
||||
@@ -1928,9 +1927,9 @@ WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
|
||||
#define MIN_FALCONKEY_SZ 1281
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifndef MIN_DILITHIUMKEY_SZ
|
||||
#define MIN_DILITHIUMKEY_SZ 2528
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#ifndef MIN_MLDSAKEY_SZ
|
||||
#define MIN_MLDSAKEY_SZ 2528
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -1973,8 +1972,8 @@ WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group);
|
||||
#endif
|
||||
|
||||
#ifndef MAX_X509_SIZE
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
#define MAX_X509_SIZE (8*1024) /* max static x509 buffer size; dilithium is big */
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
#define MAX_X509_SIZE (8*1024) /* max static x509 buffer size; ML-DSA is big */
|
||||
#elif defined(WOLFSSL_HAPROXY)
|
||||
#define MAX_X509_SIZE 3072 /* max static x509 buffer size */
|
||||
#else
|
||||
@@ -2689,8 +2688,8 @@ struct WOLFSSL_CERT_MANAGER {
|
||||
#ifdef HAVE_FALCON
|
||||
short minFalconKeySz; /* minimum allowed Falcon key size */
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
short minDilithiumKeySz; /* minimum allowed Dilithium key size */
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
short minMlDsaKeySz; /* minimum allowed ML-DSA key size */
|
||||
#endif
|
||||
#ifdef WC_ASN_UNKNOWN_EXT_CB
|
||||
wc_UnknownExtCallback unknownExtCallback;
|
||||
@@ -3989,7 +3988,7 @@ struct WOLFSSL_CTX {
|
||||
byte haveDH:1; /* server DH params set by user */
|
||||
byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
|
||||
byte haveFalconSig:1; /* server cert signed w/ Falcon */
|
||||
byte haveDilithiumSig:1;/* server cert signed w/ Dilithium */
|
||||
byte haveMlDsaSig:1; /* server cert signed w/ ML-DSA */
|
||||
byte haveStaticECC:1; /* static server ECC private key */
|
||||
byte partialWrite:1; /* only one msg per write call */
|
||||
byte autoRetry:1; /* retry read/write on a WANT_{READ|WRITE} */
|
||||
@@ -4082,8 +4081,8 @@ struct WOLFSSL_CTX {
|
||||
#ifdef HAVE_FALCON
|
||||
short minFalconKeySz; /* minimum Falcon key size */
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
short minDilithiumKeySz;/* minimum Dilithium key size */
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
short minMlDsaKeySz; /* minimum ML-DSA key size */
|
||||
#endif
|
||||
unsigned long mask; /* store SSL_OP_ flags */
|
||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
|
||||
@@ -4450,11 +4449,11 @@ enum KeyExchangeAlgorithm {
|
||||
#define SIG_RSA 0x02
|
||||
#define SIG_SM2 0x04
|
||||
#define SIG_FALCON 0x08
|
||||
#define SIG_DILITHIUM 0x10
|
||||
#define SIG_MLDSA 0x10
|
||||
#define SIG_ANON 0x20
|
||||
/* SIG_ANON is omitted by default */
|
||||
#define SIG_ALL (SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | \
|
||||
SIG_DILITHIUM)
|
||||
SIG_MLDSA)
|
||||
|
||||
/* Supported Authentication Schemes */
|
||||
enum SignatureAlgorithm {
|
||||
@@ -4468,9 +4467,9 @@ enum SignatureAlgorithm {
|
||||
ed448_sa_algo = 11,
|
||||
falcon_level1_sa_algo = 12,
|
||||
falcon_level5_sa_algo = 13,
|
||||
dilithium_level2_sa_algo = 14,
|
||||
dilithium_level3_sa_algo = 15,
|
||||
dilithium_level5_sa_algo = 16,
|
||||
mldsa_44_sa_algo = 14,
|
||||
mldsa_65_sa_algo = 15,
|
||||
mldsa_87_sa_algo = 16,
|
||||
sm2_sa_algo = 17,
|
||||
any_sa_algo = 18,
|
||||
ecc_brainpool_sa_algo = 19,
|
||||
@@ -4521,7 +4520,7 @@ enum ClientCertificateType {
|
||||
rsa_fixed_ecdh = 65,
|
||||
ecdsa_fixed_ecdh = 66,
|
||||
falcon_sign = 67,
|
||||
dilithium_sign = 68,
|
||||
mldsa_sign = 68,
|
||||
};
|
||||
|
||||
|
||||
@@ -5138,7 +5137,7 @@ struct Options {
|
||||
word16 haveECDSAsig:1; /* server ECDSA signed cert */
|
||||
word16 haveStaticECC:1; /* static server ECC private key */
|
||||
word16 haveFalconSig:1; /* server Falcon signed cert */
|
||||
word16 haveDilithiumSig:1; /* server Dilithium signed cert */
|
||||
word16 haveMlDsaSig:1; /* server ML-DSA signed cert */
|
||||
word16 havePeerCert:1; /* do we have peer's cert */
|
||||
word16 havePeerVerify:1; /* and peer's cert verify */
|
||||
word16 usingPSK_cipher:1; /* are using psk as cipher */
|
||||
@@ -5329,8 +5328,8 @@ struct Options {
|
||||
#if defined(HAVE_FALCON)
|
||||
short minFalconKeySz; /* minimum Falcon key size */
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
short minDilithiumKeySz;/* minimum Dilithium key size */
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
short minMlDsaKeySz; /* minimum ML-DSA key size */
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
byte verifyDepth; /* maximum verification depth */
|
||||
@@ -5544,7 +5543,7 @@ struct WOLFSSL_X509 {
|
||||
int pubKeyOID;
|
||||
DNS_entry* altNamesNext; /* hint for retrieval */
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
word32 pkCurveOID;
|
||||
#endif
|
||||
#ifndef NO_CERTS
|
||||
@@ -6139,7 +6138,7 @@ struct WOLFSSL {
|
||||
word32 hsType; /* Type of Handshake key (hsKey) */
|
||||
WOLFSSL_CIPHER cipher;
|
||||
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
||||
void* hsAltKey; /* Handshake key (dilithium, falcon)
|
||||
void* hsAltKey; /* Handshake key (ML-DSA, falcon)
|
||||
* allocated from heap */
|
||||
word32 hsAltType; /* Type of Handshake key (hsAltKey) */
|
||||
#endif
|
||||
@@ -6261,9 +6260,9 @@ struct WOLFSSL {
|
||||
falcon_key* peerFalconKey;
|
||||
byte peerFalconKeyPresent;
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
dilithium_key* peerDilithiumKey;
|
||||
byte peerDilithiumKeyPresent;
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
wc_MlDsaKey* peerMlDsaKey;
|
||||
byte peerMlDsaKeyPresent;
|
||||
#endif
|
||||
#ifdef HAVE_LIBZ
|
||||
z_stream c_stream; /* compression stream */
|
||||
|
||||
+22
-14
@@ -79,8 +79,8 @@ that can be serialized and deserialized in a cross-platform way.
|
||||
#ifdef HAVE_FALCON
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#include <wolfssl/wolfcrypt/wc_mldsa.h>
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
#include <wolfssl/wolfcrypt/sha.h>
|
||||
@@ -883,8 +883,8 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
#define WC_MAX_CERT_VERIFY_SZ 6000 /* For Dilithium */
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
#define WC_MAX_CERT_VERIFY_SZ 6000 /* For ML-DSA */
|
||||
#elif defined(WOLFSSL_CERT_EXT)
|
||||
#define WC_MAX_CERT_VERIFY_SZ 2048 /* For larger extensions */
|
||||
#elif !defined(NO_RSA) && defined(WC_MAX_RSA_BITS)
|
||||
@@ -1547,7 +1547,7 @@ struct SignatureCtx {
|
||||
#endif
|
||||
#endif
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
|
||||
!defined(NO_DSA) || defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
|
||||
!defined(NO_DSA) || defined(WOLFSSL_HAVE_MLDSA) || defined(HAVE_FALCON) || \
|
||||
defined(WOLFSSL_HAVE_SLHDSA) || defined(WOLFSSL_HAVE_LMS) || \
|
||||
defined(WOLFSSL_HAVE_XMSS)
|
||||
int verify;
|
||||
@@ -1595,11 +1595,11 @@ struct SignatureCtx {
|
||||
struct falcon_key* falcon;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#ifdef WOLFSSL_HAVE_MLDSA
|
||||
#ifdef WOLFSSL_NO_MALLOC
|
||||
dilithium_key dilithium[1];
|
||||
wc_MlDsaKey mldsa[1];
|
||||
#else
|
||||
dilithium_key* dilithium;
|
||||
wc_MlDsaKey* mldsa;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef WOLFSSL_HAVE_SLHDSA
|
||||
@@ -1884,14 +1884,14 @@ struct DecodedCert {
|
||||
#endif /* WOLFSSL_SUBJ_INFO_ACC */
|
||||
|
||||
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
|
||||
defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
|
||||
defined(WOLFSSL_HAVE_MLDSA) || defined(HAVE_FALCON) || \
|
||||
defined(WOLFSSL_HAVE_SLHDSA) || defined(WOLFSSL_HAVE_LMS) || \
|
||||
defined(WOLFSSL_HAVE_XMSS)
|
||||
word32 pkCurveOID; /* Public Key's curve OID */
|
||||
#ifdef WOLFSSL_CUSTOM_CURVES
|
||||
int pkCurveSize; /* Public Key's curve size */
|
||||
#endif
|
||||
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || HAVE_DILITHIUM ||
|
||||
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || WOLFSSL_HAVE_MLDSA ||
|
||||
* HAVE_FALCON || WOLFSSL_HAVE_SLHDSA || WOLFSSL_HAVE_LMS ||
|
||||
* WOLFSSL_HAVE_XMSS */
|
||||
const byte* beforeDate;
|
||||
@@ -2759,9 +2759,9 @@ enum cert_enums {
|
||||
DILITHIUM_LEVEL2_KEY = 18,
|
||||
DILITHIUM_LEVEL3_KEY = 19,
|
||||
DILITHIUM_LEVEL5_KEY = 20,
|
||||
ML_DSA_LEVEL2_KEY = 21,
|
||||
ML_DSA_LEVEL3_KEY = 22,
|
||||
ML_DSA_LEVEL5_KEY = 23,
|
||||
ML_DSA_44_KEY = 21,
|
||||
ML_DSA_65_KEY = 22,
|
||||
ML_DSA_87_KEY = 23,
|
||||
SLH_DSA_SHA2_128S_KEY = 24,
|
||||
SLH_DSA_SHA2_128F_KEY = 25,
|
||||
SLH_DSA_SHA2_192S_KEY = 26,
|
||||
@@ -2776,6 +2776,14 @@ enum cert_enums {
|
||||
SLH_DSA_SHAKE_256F_KEY = 35
|
||||
};
|
||||
|
||||
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
|
||||
/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will
|
||||
* be removed alongside the dilithium.h shim. */
|
||||
#define ML_DSA_LEVEL2_KEY ML_DSA_44_KEY
|
||||
#define ML_DSA_LEVEL3_KEY ML_DSA_65_KEY
|
||||
#define ML_DSA_LEVEL5_KEY ML_DSA_87_KEY
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_CERT_GEN */
|
||||
|
||||
/* hashes type for asn */
|
||||
@@ -3211,7 +3219,7 @@ WOLFSSL_TEST_VIS int wolfssl_local_MatchIpSubnet(const byte* ip, int ipSz,
|
||||
|| (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
|
||||
|| (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
|
||||
|| (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
|
||||
|| defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA))
|
||||
|| defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || defined(WOLFSSL_HAVE_SLHDSA))
|
||||
WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx,
|
||||
word32 inSz, const byte** seed, word32* seedLen, const byte** privKey,
|
||||
word32* privKeyLen, const byte** pubKey, word32* pubKeyLen,
|
||||
|
||||
@@ -154,9 +154,9 @@ enum CertType {
|
||||
DILITHIUM_LEVEL2_TYPE,
|
||||
DILITHIUM_LEVEL3_TYPE,
|
||||
DILITHIUM_LEVEL5_TYPE,
|
||||
ML_DSA_LEVEL2_TYPE,
|
||||
ML_DSA_LEVEL3_TYPE,
|
||||
ML_DSA_LEVEL5_TYPE,
|
||||
ML_DSA_44_TYPE,
|
||||
ML_DSA_65_TYPE,
|
||||
ML_DSA_87_TYPE,
|
||||
SLH_DSA_SHA2_128S_TYPE,
|
||||
SLH_DSA_SHA2_128F_TYPE,
|
||||
SLH_DSA_SHA2_192S_TYPE,
|
||||
@@ -175,6 +175,14 @@ enum CertType {
|
||||
TRUSTED_CERT_TYPE
|
||||
};
|
||||
|
||||
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
|
||||
/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will
|
||||
* be removed alongside the dilithium.h shim. */
|
||||
#define ML_DSA_LEVEL2_TYPE ML_DSA_44_TYPE
|
||||
#define ML_DSA_LEVEL3_TYPE ML_DSA_65_TYPE
|
||||
#define ML_DSA_LEVEL5_TYPE ML_DSA_87_TYPE
|
||||
#endif
|
||||
|
||||
|
||||
enum Ctc_Encoding {
|
||||
CTC_UTF8 = 0x0c, /* utf8 */
|
||||
|
||||
@@ -80,8 +80,8 @@
|
||||
#ifdef WOLFSSL_HAVE_MLKEM
|
||||
#include <wolfssl/wolfcrypt/wc_mlkem.h>
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
#include <wolfssl/wolfcrypt/wc_mldsa.h>
|
||||
#endif
|
||||
#if defined(HAVE_FALCON)
|
||||
#include <wolfssl/wolfcrypt/falcon.h>
|
||||
@@ -315,7 +315,7 @@ typedef struct wc_CryptoInfo {
|
||||
int type; /* enum wc_PqcKemType */
|
||||
} pqc_decaps;
|
||||
#endif
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || \
|
||||
defined(WOLFSSL_HAVE_SLHDSA)
|
||||
struct {
|
||||
WC_RNG* rng;
|
||||
@@ -780,7 +780,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext,
|
||||
int type, void* key);
|
||||
#endif /* WOLFSSL_HAVE_MLKEM */
|
||||
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || \
|
||||
defined(WOLFSSL_HAVE_SLHDSA)
|
||||
WOLFSSL_LOCAL int wc_CryptoCb_PqcSigGetDevId(int type, void* key);
|
||||
|
||||
@@ -797,7 +797,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen,
|
||||
|
||||
WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
|
||||
const byte* pubKey, word32 pubKeySz);
|
||||
#endif /* HAVE_FALCON || HAVE_DILITHIUM || WOLFSSL_HAVE_SLHDSA */
|
||||
#endif /* HAVE_FALCON || WOLFSSL_HAVE_MLDSA || WOLFSSL_HAVE_SLHDSA */
|
||||
|
||||
#ifndef NO_AES
|
||||
#ifdef HAVE_AESGCM
|
||||
|
||||
+108
-19
@@ -57,6 +57,26 @@
|
||||
* written against the pre-standardization API keeps compiling. Suppressed
|
||||
* by defining WOLFSSL_NO_DILITHIUM_LEGACY_NAMES.
|
||||
*
|
||||
* WOLFSSL_NO_DILITHIUM_LEGACY_NAMES additionally suppresses several
|
||||
* identifier families that share its opt-out gate but are not
|
||||
* defined inside this header:
|
||||
*
|
||||
* - `ML_DSA_LEVEL{2,3,5}_TYPE` / `_KEY` / `k`, `CTC_ML_DSA_LEVEL{2,3,5}`
|
||||
* aliases in <wolfssl/wolfcrypt/asn_public.h>,
|
||||
* <wolfssl/wolfcrypt/asn.h>, <wolfssl/wolfcrypt/oid_sum.h>.
|
||||
* These were spelled in ML-DSA form on master but used the
|
||||
* pre-standardization NIST-security-category numbering (2/3/5)
|
||||
* rather than the FIPS 204 parameter-set numbers (44/65/87).
|
||||
*
|
||||
* - The `DILITHIUM_KEY_SIZE_E` error-code alias in
|
||||
* <wolfssl/error-ssl.h>.
|
||||
*
|
||||
* - The three per-parameter-set size-constant alias families
|
||||
* (`ML_DSA_LEVEL{2,3,5}_*_SIZE`,
|
||||
* `DILITHIUM_LEVEL{2,3,5}_*_SIZE`,
|
||||
* `DILITHIUM_ML_DSA_{44,65,87}_*_SIZE`) defined immediately
|
||||
* below in this header.
|
||||
*
|
||||
* New code must include <wolfssl/wolfcrypt/wc_mldsa.h> directly and use
|
||||
* the wc_MlDsaKey / wc_MlDsaKey_* / WOLFSSL_MLDSA_* names. */
|
||||
|
||||
@@ -71,7 +91,10 @@
|
||||
* <wolfssl/wolfcrypt/settings.h> so that header sees the canonical
|
||||
* spelling without going through dilithium.h. The block below covers
|
||||
* the remaining sub-gates, all of which are read only by wc_mldsa.h /
|
||||
* wc_mldsa.c (which transitively include this file first). */
|
||||
* wc_mldsa.c. wc_mldsa.h pulls this file in at its own top (see the
|
||||
* #include block in <wolfssl/wolfcrypt/wc_mldsa.h>) so the forward arm
|
||||
* fires before wc_mldsa.h reads any canonical gate -- including when
|
||||
* wc_mldsa.h is reached transitively via <asn.h> / <asn_public.h>. */
|
||||
|
||||
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_GATES
|
||||
|
||||
@@ -267,6 +290,46 @@
|
||||
|
||||
#endif /* !WOLFSSL_NO_DILITHIUM_LEGACY_GATES */
|
||||
|
||||
/* === Derived canonical gates ========================================== */
|
||||
|
||||
/* Derive secondary canonical gates from the primary NO_* gates. Lives in
|
||||
* this file (rather than in wc_mldsa.h alongside the struct definition)
|
||||
* so the reverse arm at the bottom of this file sees the derived set
|
||||
* fully populated without needing wc_mldsa.h to finish parsing first.
|
||||
* wc_mldsa.h includes this file at its top, so by the time control
|
||||
* returns from that include the gates are already set and wc_mldsa.h's
|
||||
* struct definition / conditional declarations read them directly. */
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
#if defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY) && \
|
||||
!defined(WOLFSSL_MLDSA_VERIFY_ONLY)
|
||||
#define WOLFSSL_MLDSA_VERIFY_ONLY
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_VERIFY_ONLY
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
#define WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
#endif
|
||||
#ifndef WOLFSSL_MLDSA_NO_SIGN
|
||||
#define WOLFSSL_MLDSA_NO_SIGN
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
#define WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
#endif
|
||||
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
#define WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
#endif
|
||||
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
|
||||
defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_CHECK_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_CHECK_KEY)
|
||||
#define WOLFSSL_MLDSA_CHECK_KEY
|
||||
#endif
|
||||
#endif /* WOLFSSL_HAVE_MLDSA */
|
||||
|
||||
/* === wc_mldsa.h is now reachable with canonical gates correctly set === */
|
||||
|
||||
#include <wolfssl/wolfcrypt/wc_mldsa.h>
|
||||
@@ -397,27 +460,53 @@
|
||||
* dlsym() or callback tables that key off the legacy spelling will see the
|
||||
* canonical name in the resulting pointer. */
|
||||
#define wc_dilithium_init_ex wc_MlDsaKey_Init
|
||||
#define wc_dilithium_init_id wc_MlDsaKey_InitId
|
||||
#define wc_dilithium_init_label wc_MlDsaKey_InitLabel
|
||||
#define wc_dilithium_new wc_MlDsaKey_New
|
||||
#define wc_dilithium_delete wc_MlDsaKey_Delete
|
||||
#ifdef WOLF_PRIVATE_KEY_ID
|
||||
#define wc_dilithium_init_id wc_MlDsaKey_InitId
|
||||
#define wc_dilithium_init_label wc_MlDsaKey_InitLabel
|
||||
#endif
|
||||
#ifndef WC_NO_CONSTRUCTORS
|
||||
#define wc_dilithium_new wc_MlDsaKey_New
|
||||
#define wc_dilithium_delete wc_MlDsaKey_Delete
|
||||
#endif
|
||||
#define wc_dilithium_free wc_MlDsaKey_Free
|
||||
#define wc_dilithium_set_level wc_MlDsaKey_SetParams
|
||||
#define wc_dilithium_get_level wc_MlDsaKey_GetParams
|
||||
#define wc_dilithium_make_key wc_MlDsaKey_MakeKey
|
||||
#define wc_dilithium_make_key_from_seed wc_MlDsaKey_MakeKeyFromSeed
|
||||
#define wc_dilithium_size wc_MlDsaKey_Size
|
||||
#define wc_dilithium_priv_size wc_MlDsaKey_PrivSize
|
||||
#define wc_dilithium_pub_size wc_MlDsaKey_PubSize
|
||||
#define wc_dilithium_sig_size wc_MlDsaKey_SigSize
|
||||
#define wc_dilithium_check_key wc_MlDsaKey_CheckKey
|
||||
#define wc_dilithium_export_public wc_MlDsaKey_ExportPubRaw
|
||||
#define wc_dilithium_export_private wc_MlDsaKey_ExportPrivRaw
|
||||
#define wc_dilithium_export_private_only wc_MlDsaKey_ExportPrivRaw
|
||||
#define wc_dilithium_export_key wc_MlDsaKey_ExportKey
|
||||
#define wc_Dilithium_PublicKeyToDer wc_MlDsaKey_PublicKeyToDer
|
||||
#define wc_Dilithium_PrivateKeyToDer wc_MlDsaKey_PrivateKeyToDer
|
||||
#define wc_Dilithium_KeyToDer wc_MlDsaKey_KeyToDer
|
||||
#ifndef WOLFSSL_MLDSA_VERIFY_ONLY
|
||||
#define wc_dilithium_make_key wc_MlDsaKey_MakeKey
|
||||
#define wc_dilithium_make_key_from_seed wc_MlDsaKey_MakeKeyFromSeed
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
#define wc_dilithium_size wc_MlDsaKey_Size
|
||||
#endif
|
||||
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && defined(WOLFSSL_MLDSA_PUBLIC_KEY)
|
||||
#define wc_dilithium_priv_size wc_MlDsaKey_PrivSize
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
#define wc_dilithium_pub_size wc_MlDsaKey_PubSize
|
||||
#endif
|
||||
#if !defined(WOLFSSL_MLDSA_NO_SIGN) || !defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
#define wc_dilithium_sig_size wc_MlDsaKey_SigSize
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_CHECK_KEY
|
||||
#define wc_dilithium_check_key wc_MlDsaKey_CheckKey
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
#define wc_dilithium_export_public wc_MlDsaKey_ExportPubRaw
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
#define wc_dilithium_export_private wc_MlDsaKey_ExportPrivRaw
|
||||
#define wc_dilithium_export_private_only wc_MlDsaKey_ExportPrivRaw
|
||||
#define wc_dilithium_export_key wc_MlDsaKey_ExportKey
|
||||
#endif
|
||||
#ifndef WOLFSSL_MLDSA_NO_ASN1
|
||||
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
|
||||
#define wc_Dilithium_PublicKeyToDer wc_MlDsaKey_PublicKeyToDer
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
#define wc_Dilithium_PrivateKeyToDer wc_MlDsaKey_PrivateKeyToDer
|
||||
#define wc_Dilithium_KeyToDer wc_MlDsaKey_KeyToDer
|
||||
#endif
|
||||
#endif /* !WOLFSSL_MLDSA_NO_ASN1 */
|
||||
|
||||
/* Legacy default-args / arg-reorder wrappers. The legacy form takes the key
|
||||
* pointer last (or near last); the FIPS 204 / ML-KEM convention used by the
|
||||
|
||||
+28
-12
@@ -191,11 +191,11 @@ enum Key_Sum {
|
||||
/* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */
|
||||
DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */
|
||||
ML_DSA_LEVEL2k = 431, /* 2.16.840.1.101.3.4.3.17 */
|
||||
ML_DSA_44k = 431, /* 2.16.840.1.101.3.4.3.17 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */
|
||||
ML_DSA_LEVEL3k = 432, /* 2.16.840.1.101.3.4.3.18 */
|
||||
ML_DSA_65k = 432, /* 2.16.840.1.101.3.4.3.18 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
|
||||
ML_DSA_LEVEL5k = 433, /* 2.16.840.1.101.3.4.3.19 */
|
||||
ML_DSA_87k = 433, /* 2.16.840.1.101.3.4.3.19 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
|
||||
SLH_DSA_SHA2_128Sk = 434, /* 2.16.840.1.101.3.4.3.20 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
|
||||
@@ -262,11 +262,11 @@ enum Key_Sum {
|
||||
/* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */
|
||||
DILITHIUM_LEVEL5k = 0x707b0cd9, /* 1.3.6.1.4.1.2.267.12.8.7 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */
|
||||
ML_DSA_LEVEL2k = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */
|
||||
ML_DSA_44k = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */
|
||||
ML_DSA_LEVEL3k = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
|
||||
ML_DSA_65k = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
|
||||
ML_DSA_LEVEL5k = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
|
||||
ML_DSA_87k = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
|
||||
SLH_DSA_SHA2_128Sk = 0x7db37aee, /* 2.16.840.1.101.3.4.3.20 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
|
||||
@@ -300,6 +300,14 @@ enum Key_Sum {
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
|
||||
/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will
|
||||
* be removed alongside the dilithium.h shim. */
|
||||
#define ML_DSA_LEVEL2k ML_DSA_44k
|
||||
#define ML_DSA_LEVEL3k ML_DSA_65k
|
||||
#define ML_DSA_LEVEL5k ML_DSA_87k
|
||||
#endif
|
||||
|
||||
enum KeyWrap_Sum {
|
||||
#ifdef WOLFSSL_OLD_OID_SUM
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05 */
|
||||
@@ -1611,11 +1619,11 @@ enum Ctc_SigType {
|
||||
/* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */
|
||||
CTC_DILITHIUM_LEVEL5 = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */
|
||||
CTC_ML_DSA_LEVEL2 = 431, /* 2.16.840.1.101.3.4.3.17 */
|
||||
CTC_ML_DSA_44 = 431, /* 2.16.840.1.101.3.4.3.17 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */
|
||||
CTC_ML_DSA_LEVEL3 = 432, /* 2.16.840.1.101.3.4.3.18 */
|
||||
CTC_ML_DSA_65 = 432, /* 2.16.840.1.101.3.4.3.18 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
|
||||
CTC_ML_DSA_LEVEL5 = 433, /* 2.16.840.1.101.3.4.3.19 */
|
||||
CTC_ML_DSA_87 = 433, /* 2.16.840.1.101.3.4.3.19 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
|
||||
CTC_SLH_DSA_SHA2_128S = 434, /* 2.16.840.1.101.3.4.3.20 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
|
||||
@@ -1710,11 +1718,11 @@ enum Ctc_SigType {
|
||||
/* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */
|
||||
CTC_DILITHIUM_LEVEL5 = 0x707b0cd9, /* 1.3.6.1.4.1.2.267.12.8.7 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */
|
||||
CTC_ML_DSA_LEVEL2 = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */
|
||||
CTC_ML_DSA_44 = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */
|
||||
CTC_ML_DSA_LEVEL3 = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
|
||||
CTC_ML_DSA_65 = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
|
||||
CTC_ML_DSA_LEVEL5 = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
|
||||
CTC_ML_DSA_87 = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
|
||||
CTC_SLH_DSA_SHA2_128S = 0x7db37aee, /* 2.16.840.1.101.3.4.3.20 */
|
||||
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
|
||||
@@ -1748,6 +1756,14 @@ enum Ctc_SigType {
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_NAMES
|
||||
/* Legacy LEVEL2/3/5 spellings for the pre-standardization names. Will
|
||||
* be removed alongside the dilithium.h shim. */
|
||||
#define CTC_ML_DSA_LEVEL2 CTC_ML_DSA_44
|
||||
#define CTC_ML_DSA_LEVEL3 CTC_ML_DSA_65
|
||||
#define CTC_ML_DSA_LEVEL5 CTC_ML_DSA_87
|
||||
#endif
|
||||
|
||||
enum PKCS7_TYPES {
|
||||
#ifdef WOLFSSL_OLD_OID_SUM
|
||||
/* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07 */
|
||||
|
||||
@@ -396,8 +396,9 @@
|
||||
* gencertbuf.pl with zero #include directives, so a TU can pull it in
|
||||
* (transitively, via <wolfssl/ssl.h> etc.) without ever including
|
||||
* dilithium.h. The remaining ML-DSA sub-gates are read only from
|
||||
* wc_mldsa.h / wc_mldsa.c, both of which transitively pull in
|
||||
* dilithium.h first; their forward translations live there.
|
||||
* wc_mldsa.h / wc_mldsa.c; wc_mldsa.c includes dilithium.h before
|
||||
* asn.h so the canonical names are set before wc_mldsa.h is first
|
||||
* parsed via either route. Their forward translations live there.
|
||||
* Suppressible by defining WOLFSSL_NO_DILITHIUM_LEGACY_GATES. */
|
||||
#ifndef WOLFSSL_NO_DILITHIUM_LEGACY_GATES
|
||||
#ifdef WOLFSSL_DILITHIUM_NO_SIGN
|
||||
|
||||
@@ -1564,7 +1564,7 @@ enum wc_PkType {
|
||||
#undef _WC_PK_TYPE_MAX
|
||||
#define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_KEM_DECAPS
|
||||
#endif
|
||||
#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) || defined(HAVE_FALCON) || \
|
||||
defined(WOLFSSL_HAVE_SLHDSA)
|
||||
WC_PK_TYPE_PQC_SIG_KEYGEN = 21,
|
||||
WC_PK_TYPE_PQC_SIG_SIGN = 22,
|
||||
@@ -1606,13 +1606,13 @@ enum wc_PkType {
|
||||
#define WC_PQC_KEM_TYPE_KYBER WC_PQC_KEM_TYPE_MLKEM
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
|
||||
#if defined(WOLFSSL_HAVE_MLDSA) || defined(HAVE_FALCON) || \
|
||||
defined(WOLFSSL_HAVE_SLHDSA)
|
||||
/* Post quantum signature algorithms */
|
||||
enum wc_PqcSignatureType {
|
||||
WC_PQC_SIG_TYPE_NONE = 0,
|
||||
#define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_NONE
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
WC_PQC_SIG_TYPE_MLDSA = 1,
|
||||
#undef _WC_PQC_SIG_TYPE_MAX
|
||||
#define _WC_PQC_SIG_TYPE_MAX WC_PQC_SIG_TYPE_MLDSA
|
||||
@@ -1630,7 +1630,7 @@ enum wc_PkType {
|
||||
WC_PQC_SIG_TYPE_MAX = _WC_PQC_SIG_TYPE_MAX
|
||||
};
|
||||
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
/* Pre-standardization name retained for backwards compatibility. */
|
||||
#define WC_PQC_SIG_TYPE_DILITHIUM WC_PQC_SIG_TYPE_MLDSA
|
||||
#endif
|
||||
@@ -2379,7 +2379,7 @@ enum Max_ASN {
|
||||
/* Largest raw SLH-DSA signature (SHAKE-256f) is 49856 bytes; round up
|
||||
* to leave headroom for ASN.1 wrapping (BIT STRING tag + length). */
|
||||
MAX_ENCODED_SIG_SZ = 51200,
|
||||
#elif defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
#elif defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
MAX_ENCODED_SIG_SZ = 5120,
|
||||
#elif !defined(NO_RSA)
|
||||
#if defined(USE_FAST_MATH) && defined(FP_MAX_BITS)
|
||||
@@ -2418,8 +2418,8 @@ enum Max_ASN {
|
||||
MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ +
|
||||
MAX_VERSION_SZ, /* Maximum size of a DSA Private
|
||||
key taken from DsaKeyIntsToDer. */
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of a Dilithium public key. */
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of an ML-DSA public key. */
|
||||
#endif
|
||||
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
|
||||
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
|
||||
@@ -2430,13 +2430,13 @@ enum Max_ASN {
|
||||
/* Maximum DER digest ASN header size */
|
||||
/* Max X509 header length indicates the
|
||||
* max length + 2 ('\n', '\0') */
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA)
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA) || defined(WOLFSSL_HAVE_SLHDSA)
|
||||
MAX_X509_HEADER_SZ = (48 + 2), /* Maximum PEM Header/Footer Size */
|
||||
#else
|
||||
MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
|
||||
#if defined(HAVE_FALCON) || defined(WOLFSSL_HAVE_MLDSA)
|
||||
MAX_PUBLIC_KEY_SZ = MAX_PQC_PUBLIC_KEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
|
||||
#else
|
||||
MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
|
||||
|
||||
@@ -54,39 +54,29 @@
|
||||
#include <wolfssl/wolfcrypt/cryptocb.h>
|
||||
#endif
|
||||
|
||||
/* TEMPORARY: pull in the legacy compatibility shim so its forward-arm
|
||||
* sub-config gate translation (legacy WOLFSSL_DILITHIUM_* /
|
||||
* WC_DILITHIUM_* -> canonical WOLFSSL_MLDSA_* / WC_MLDSA_*) and the
|
||||
* derivation of secondary canonical gates (WOLFSSL_MLDSA_VERIFY_ONLY,
|
||||
* _PUBLIC_KEY, _PRIVATE_KEY, _CHECK_KEY) run before this header's
|
||||
* struct definition and conditional declarations are parsed. Required
|
||||
* because this header is reachable via <asn.h> / <asn_public.h>
|
||||
* without going through dilithium.h, and any gate that affects
|
||||
* wc_MlDsaKey struct layout (e.g. WOLFSSL_MLDSA_DYNAMIC_KEYS) must be
|
||||
* normalized to its canonical spelling in every TU before the struct
|
||||
* is parsed -- otherwise TUs disagree about sizeof / field offsets.
|
||||
*
|
||||
* The recursive #include of this file from dilithium.h is a no-op
|
||||
* (header guard above is already set); dilithium.h's reverse arm and
|
||||
* legacy aliases see the derived gates because the derivation in
|
||||
* dilithium.h runs before that recursive include returns.
|
||||
*
|
||||
* To be removed alongside <wolfssl/wolfcrypt/dilithium.h> when the
|
||||
* legacy compatibility shim is dropped. */
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
|
||||
#if defined(WOLFSSL_HAVE_MLDSA)
|
||||
|
||||
#if defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
|
||||
defined(WOLFSSL_MLDSA_NO_SIGN) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY) && \
|
||||
!defined(WOLFSSL_MLDSA_VERIFY_ONLY)
|
||||
#define WOLFSSL_MLDSA_VERIFY_ONLY
|
||||
#endif
|
||||
#ifdef WOLFSSL_MLDSA_VERIFY_ONLY
|
||||
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
#define WOLFSSL_MLDSA_NO_MAKE_KEY
|
||||
#endif
|
||||
#ifndef WOLFSSL_MLDSA_NO_SIGN
|
||||
#define WOLFSSL_MLDSA_NO_SIGN
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
|
||||
!defined(WOLFSSL_MLDSA_NO_VERIFY)
|
||||
#define WOLFSSL_MLDSA_PUBLIC_KEY
|
||||
#endif
|
||||
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
|
||||
!defined(WOLFSSL_MLDSA_NO_SIGN)
|
||||
#define WOLFSSL_MLDSA_PRIVATE_KEY
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
|
||||
defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_NO_CHECK_KEY) && \
|
||||
!defined(WOLFSSL_MLDSA_CHECK_KEY)
|
||||
#define WOLFSSL_MLDSA_CHECK_KEY
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/sha3.h>
|
||||
#ifndef WOLFSSL_MLDSA_VERIFY_ONLY
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
Reference in New Issue
Block a user