From a3862f0e5989db0e977677c91168e00c16850dc0 Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Thu, 10 Apr 2025 14:17:56 +0900 Subject: [PATCH 1/7] Improve ML-DSA private key import --- src/ssl_load.c | 140 ++++++++++++++-------------------- tests/api.c | 114 +++++++++++++++++++++++++++ tests/api/test_mldsa.c | 2 +- wolfcrypt/src/dilithium.c | 50 ++++++++++-- wolfssl/wolfcrypt/dilithium.h | 4 + 5 files changed, 219 insertions(+), 91 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 542289f72..72bf81719 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -946,6 +946,9 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int ret; word32 idx; dilithium_key* key; + int keyFormatTemp = 0; + int keyTypeTemp; + int keySizeTemp; /* Allocate a Dilithium key to parse into. */ key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap, @@ -955,106 +958,75 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } /* Initialize Dilithium key. */ - ret = wc_dilithium_init(key); - if (ret == 0) { - /* Set up key to parse the format specified. */ - if ((*keyFormat == ML_DSA_LEVEL2k) || ((*keyFormat == 0) && - ((der->length == ML_DSA_LEVEL2_KEY_SIZE) || - (der->length == ML_DSA_LEVEL2_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, WC_ML_DSA_44); - } - else if ((*keyFormat == ML_DSA_LEVEL3k) || ((*keyFormat == 0) && - ((der->length == ML_DSA_LEVEL3_KEY_SIZE) || - (der->length == ML_DSA_LEVEL3_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, WC_ML_DSA_65); - } - else if ((*keyFormat == ML_DSA_LEVEL5k) || ((*keyFormat == 0) && - ((der->length == ML_DSA_LEVEL5_KEY_SIZE) || - (der->length == ML_DSA_LEVEL5_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, WC_ML_DSA_87); - } - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - else if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) && - ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) || - (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT); - } - else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) && - ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) || - (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT); - } - else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) && - ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) || - (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT); - } - #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ - else { - wc_dilithium_free(key); - ret = ALGO_ID_E; - } - } - + ret = wc_dilithium_init(key); if (ret == 0) { /* Decode as a Dilithium private key. */ idx = 0; ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length); if (ret == 0) { - /* Get the minimum Dilithium key size from SSL or SSL context - * object. */ - int minKeySz = ssl ? ssl->options.minDilithiumKeySz : - ctx->minDilithiumKeySz; + ret = dilithium_get_oid_sum(key, &keyFormatTemp); + if(ret == 0) { + /* Format is known. */ + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (keyFormatTemp == DILITHIUM_LEVEL2k) { + keyTypeTemp = dilithium_level2_sa_algo; + keySizeTemp = DILITHIUM_LEVEL2_KEY_SIZE; + } + else if (keyFormatTemp == DILITHIUM_LEVEL3k) { + keyTypeTemp = dilithium_level3_sa_algo; + keySizeTemp = DILITHIUM_LEVEL3_KEY_SIZE; + } + else if (keyFormatTemp == DILITHIUM_LEVEL5k) { + keyTypeTemp = dilithium_level5_sa_algo; + keySizeTemp = DILITHIUM_LEVEL5_KEY_SIZE; + } + else + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + if (keyFormatTemp == ML_DSA_LEVEL2k) { + keyTypeTemp = dilithium_level2_sa_algo; + keySizeTemp = ML_DSA_LEVEL2_KEY_SIZE; + } + else if (keyFormatTemp == ML_DSA_LEVEL3k) { + keyTypeTemp = dilithium_level3_sa_algo; + keySizeTemp = ML_DSA_LEVEL3_KEY_SIZE; + } + else if (keyFormatTemp == ML_DSA_LEVEL5k) { + keyTypeTemp = dilithium_level5_sa_algo; + keySizeTemp = ML_DSA_LEVEL5_KEY_SIZE; + } + else { + ret = ALGO_ID_E; + } + } - /* Format is known. */ - if (*keyFormat == ML_DSA_LEVEL2k) { - *keyType = dilithium_level2_sa_algo; - *keySize = ML_DSA_LEVEL2_KEY_SIZE; - } - else if (*keyFormat == ML_DSA_LEVEL3k) { - *keyType = dilithium_level3_sa_algo; - *keySize = ML_DSA_LEVEL3_KEY_SIZE; - } - else if (*keyFormat == ML_DSA_LEVEL5k) { - *keyType = dilithium_level5_sa_algo; - *keySize = ML_DSA_LEVEL5_KEY_SIZE; - } - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - else if (*keyFormat == DILITHIUM_LEVEL2k) { - *keyType = dilithium_level2_sa_algo; - *keySize = DILITHIUM_LEVEL2_KEY_SIZE; - } - else if (*keyFormat == DILITHIUM_LEVEL3k) { - *keyType = dilithium_level3_sa_algo; - *keySize = DILITHIUM_LEVEL3_KEY_SIZE; - } - else if (*keyFormat == DILITHIUM_LEVEL5k) { - *keyType = dilithium_level5_sa_algo; - *keySize = DILITHIUM_LEVEL5_KEY_SIZE; - } - #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + if(ret == 0) { + /* Get the minimum Dilithium key size from SSL or SSL context + * object. */ + int minKeySz = ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz; - /* Check that the size of the Dilithium key is enough. */ - if (*keySize < minKeySz) { - WOLFSSL_MSG("Dilithium private key too small"); - ret = DILITHIUM_KEY_SIZE_E; + /* Check that the size of the Dilithium key is enough. */ + if (keySizeTemp < minKeySz) { + WOLFSSL_MSG("Dilithium private key too small"); + ret = DILITHIUM_KEY_SIZE_E; + } + } + + if(ret == 0) { + *keyFormat = keyFormatTemp; + *keyType = keyTypeTemp; + *keySize = keySizeTemp; } } - /* Not a Dilithium key but check whether we know what it is. */ else if (*keyFormat == 0) { WOLFSSL_MSG("Not a Dilithium key"); - /* Format unknown so keep trying. */ + /* Unknowun format was not dilithium, so keep trying other formats. */ ret = 0; } - + /* Free dynamically allocated data in key. */ wc_dilithium_free(key); } - else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) { - WOLFSSL_MSG("Not a Dilithium key"); - /* Format unknown so keep trying. */ - ret = 0; - } /* Dispose of allocated key. */ XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM); diff --git a/tests/api.c b/tests/api.c index 0a0913586..8b9770c4b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -13933,6 +13933,119 @@ static int test_wolfSSL_PKCS8_ED448(void) return EXPECT_RESULT(); } +static int test_wolfSSL_PKCS8_MLDSA(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + + WOLFSSL_CTX* ctx = NULL; + size_t i; + const int derMaxSz = 8192; /* Largest size will be 7520 of separated format, WC_ML_DSA_87, DER */ + const int tempMaxSz = 10240; /* Largest size will be 10239 of separated format, WC_MLS_DSA_87, PEM */ + byte* der = NULL; + byte* temp = NULL; /* Store PEM or intermediate key */ + word32 derSz = 0; + word32 pemSz = 0; + word32 keySz = 0; + dilithium_key mldsa_key; + WC_RNG rng; + word32 size; + + struct { + int wcId; + int oidSum; + int keySz; + } test_variant[] = {{WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_PRV_KEY_SIZE}, + {WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_PRV_KEY_SIZE}, + {WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_PRV_KEY_SIZE}}; + + (void) pemSz; + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif /* NO_WOLFSSL_SERVER */ + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(&mldsa_key), 0); + + /* Test private + public key (separated format) */ + for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&mldsa_key, der, derMaxSz), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + /* Test private key only */ + for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + ExpectIntGT(derSz = wc_Dilithium_PrivateKeyToDer(&mldsa_key, der, derMaxSz), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + /* Test private + public key (integrated format) */ + for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + keySz = 0; + temp[0] = 0x04; /* ASN.1 OCTET STRING */ + temp[1] = 0x82; /* 2 bytes length field */ + temp[2] = (test_variant[i].keySz >> 8) & 0xff; /* MSB of the length */ + temp[3] = test_variant[i].keySz & 0xff; /* LSB of the length */ + keySz += 4; + size = tempMaxSz - keySz; + ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz, &size), 0); + keySz += size; + size = tempMaxSz - keySz; + ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size), 0); + keySz += size; + derSz = derMaxSz; + ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz, test_variant[i].oidSum, NULL, 0), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + wc_dilithium_free(&mldsa_key); + ExpectIntEQ(wc_FreeRng(&rng), 0); + wolfSSL_CTX_free(ctx); + XFREE(temp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + +#endif + return EXPECT_RESULT(); +} + /* Testing functions dealing with PKCS5 */ static int test_wolfSSL_PKCS5(void) { @@ -67519,6 +67632,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_PKCS8), TEST_DECL(test_wolfSSL_PKCS8_ED25519), TEST_DECL(test_wolfSSL_PKCS8_ED448), + TEST_DECL(test_wolfSSL_PKCS8_MLDSA), #ifdef HAVE_IO_TESTS_DEPENDENCIES TEST_DECL(test_wolfSSL_get_finished), diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 2229c5f77..5991d0b16 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -2959,7 +2959,7 @@ int test_wc_dilithium_der(void) idx = 0; #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + WC_NO_ERR_TRACE(ASN_PARSE_E)); #else ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), WC_NO_ERR_TRACE(ASN_PARSE_E)); diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index e4498edca..ec60e5156 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9589,6 +9589,42 @@ static int mapOidToSecLevel(word32 oid) } } +/* Get OID sum from dilithium key */ +int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat) { + int ret = 0; + + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { + *keyFormat = DILITHIUM_LEVEL2k; + } + else if (key->params->level == WC_ML_DSA_65_DRAFT) { + *keyFormat = DILITHIUM_LEVEL3k; + } + else if (key->params->level == WC_ML_DSA_87_DRAFT) { + *keyFormat = DILITHIUM_LEVEL5k; + } + else + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + if (key->level == WC_ML_DSA_44) { + *keyFormat = ML_DSA_LEVEL2k; + } + else if (key->level == WC_ML_DSA_65) { + *keyFormat = ML_DSA_LEVEL3k; + } + else if (key->level == WC_ML_DSA_87) { + *keyFormat = ML_DSA_LEVEL5k; + } + else { + /* Level is not set */ + ret = ALGO_ID_E; + } + + return ret; +} + #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) /* Decode the DER encoded Dilithium key. @@ -9627,9 +9663,13 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, } if (ret == 0) { - /* Get OID sum for level. */ + /* Get OID sum for level. */ + if(key->level == 0) { /* Check first, because key->params will be NULL when key->level = 0 */ + /* Level not set by caller, decode from DER */ + keytype = ANONk; + } #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) - if (key->params == NULL) { + else if (key->params == NULL) { ret = BAD_FUNC_ARG; } else if (key->params->level == WC_ML_DSA_44_DRAFT) { @@ -9641,9 +9681,8 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, else if (key->params->level == WC_ML_DSA_87_DRAFT) { keytype = DILITHIUM_LEVEL5k; } - else #endif - if (key->level == WC_ML_DSA_44) { + else if (key->level == WC_ML_DSA_44) { keytype = ML_DSA_LEVEL2k; } else if (key->level == WC_ML_DSA_65) { @@ -9653,8 +9692,7 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, keytype = ML_DSA_LEVEL5k; } else { - /* Level not set by caller, decode from DER */ - keytype = ANONk; /* 0, not a valid key type in this situation*/ + ret = BAD_FUNC_ARG; } } diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index 25fd1587f..c7655884f 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -813,6 +813,10 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); #endif +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +WOLFSSL_LOCAL int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat); +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + #ifndef WOLFSSL_DILITHIUM_NO_ASN1 #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input, From 85c71dacb17492e20fae99fb79ab9afda88110de Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Sat, 12 Apr 2025 10:01:17 +0900 Subject: [PATCH 2/7] Update src/ssl_load.c Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/ssl_load.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 72bf81719..de93d2ab1 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -1020,8 +1020,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } else if (*keyFormat == 0) { WOLFSSL_MSG("Not a Dilithium key"); - /* Unknowun format was not dilithium, so keep trying other formats. */ - ret = 0; + /* Unknown format was not dilithium, so keep trying other formats. */ } /* Free dynamically allocated data in key. */ From 770b6cb9e7aa8b3296b621c38c645e355c9ea870 Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Sat, 12 Apr 2025 10:58:13 +0900 Subject: [PATCH 3/7] Fix too long lines --- src/ssl_load.c | 2 +- wolfcrypt/src/dilithium.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index de93d2ab1..2cb0238e6 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -1020,7 +1020,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } else if (*keyFormat == 0) { WOLFSSL_MSG("Not a Dilithium key"); - /* Unknown format was not dilithium, so keep trying other formats. */ + /* Unknown format wasn't dilithium, so keep trying other formats. */ } /* Free dynamically allocated data in key. */ diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index ec60e5156..c77f5676a 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9664,7 +9664,8 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Get OID sum for level. */ - if(key->level == 0) { /* Check first, because key->params will be NULL when key->level = 0 */ + if(key->level == 0) { /* Check first, because key->params will be NULL + * when key->level = 0 */ /* Level not set by caller, decode from DER */ keytype = ANONk; } From 29482a3e4d17649c0b66e7c081d2ae05df6979b8 Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Sat, 12 Apr 2025 13:12:36 +0900 Subject: [PATCH 4/7] Fix a logic --- src/ssl_load.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl_load.c b/src/ssl_load.c index 2cb0238e6..ee0e8f21b 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -1021,6 +1021,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, else if (*keyFormat == 0) { WOLFSSL_MSG("Not a Dilithium key"); /* Unknown format wasn't dilithium, so keep trying other formats. */ + ret = 0; } /* Free dynamically allocated data in key. */ From 1252d69a9a1d012badb928bf16cfd47c8547d4dc Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Sat, 12 Apr 2025 17:09:36 +0900 Subject: [PATCH 5/7] Remove trailing spaces --- src/ssl_load.c | 6 +++--- tests/api.c | 10 +++++----- wolfcrypt/src/dilithium.c | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index ee0e8f21b..19d1426a7 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -946,7 +946,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int ret; word32 idx; dilithium_key* key; - int keyFormatTemp = 0; + int keyFormatTemp = 0; int keyTypeTemp; int keySizeTemp; @@ -958,7 +958,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } /* Initialize Dilithium key. */ - ret = wc_dilithium_init(key); + ret = wc_dilithium_init(key); if (ret == 0) { /* Decode as a Dilithium private key. */ idx = 0; @@ -1023,7 +1023,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, /* Unknown format wasn't dilithium, so keep trying other formats. */ ret = 0; } - + /* Free dynamically allocated data in key. */ wc_dilithium_free(key); } diff --git a/tests/api.c b/tests/api.c index 8b9770c4b..81754b0c4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -13944,7 +13944,7 @@ static int test_wolfSSL_PKCS8_MLDSA(void) size_t i; const int derMaxSz = 8192; /* Largest size will be 7520 of separated format, WC_ML_DSA_87, DER */ const int tempMaxSz = 10240; /* Largest size will be 10239 of separated format, WC_MLS_DSA_87, PEM */ - byte* der = NULL; + byte* der = NULL; byte* temp = NULL; /* Store PEM or intermediate key */ word32 derSz = 0; word32 pemSz = 0; @@ -13964,7 +13964,7 @@ static int test_wolfSSL_PKCS8_MLDSA(void) (void) pemSz; ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); - ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); #ifndef NO_WOLFSSL_SERVER ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); @@ -13980,7 +13980,7 @@ static int test_wolfSSL_PKCS8_MLDSA(void) ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); - ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&mldsa_key, der, derMaxSz), 0); + ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&mldsa_key, der, derMaxSz), 0); ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); @@ -13996,7 +13996,7 @@ static int test_wolfSSL_PKCS8_MLDSA(void) ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); - ExpectIntGT(derSz = wc_Dilithium_PrivateKeyToDer(&mldsa_key, der, derMaxSz), 0); + ExpectIntGT(derSz = wc_Dilithium_PrivateKeyToDer(&mldsa_key, der, derMaxSz), 0); ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); @@ -14006,7 +14006,7 @@ static int test_wolfSSL_PKCS8_MLDSA(void) WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #endif /* WOLFSSL_DER_TO_PEM */ } - + /* Test private + public key (integrated format) */ for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index c77f5676a..f5804615e 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9663,7 +9663,7 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, } if (ret == 0) { - /* Get OID sum for level. */ + /* Get OID sum for level. */ if(key->level == 0) { /* Check first, because key->params will be NULL * when key->level = 0 */ /* Level not set by caller, decode from DER */ From 1646a4b274718ebd3e1fc68935ece07945d6cf38 Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Wed, 16 Apr 2025 13:46:39 +0900 Subject: [PATCH 6/7] Reflect review --- tests/api.c | 114 ------------------------------ tests/api/test_mldsa.c | 127 ++++++++++++++++++++++++++++++++++ tests/api/test_mldsa.h | 4 +- wolfcrypt/src/dilithium.c | 2 +- wolfssl/wolfcrypt/dilithium.h | 54 ++++++++++++++- 5 files changed, 183 insertions(+), 118 deletions(-) diff --git a/tests/api.c b/tests/api.c index 81754b0c4..0a0913586 100644 --- a/tests/api.c +++ b/tests/api.c @@ -13933,119 +13933,6 @@ static int test_wolfSSL_PKCS8_ED448(void) return EXPECT_RESULT(); } -static int test_wolfSSL_PKCS8_MLDSA(void) -{ - EXPECT_DECLS; -#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ - defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \ - (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) - - WOLFSSL_CTX* ctx = NULL; - size_t i; - const int derMaxSz = 8192; /* Largest size will be 7520 of separated format, WC_ML_DSA_87, DER */ - const int tempMaxSz = 10240; /* Largest size will be 10239 of separated format, WC_MLS_DSA_87, PEM */ - byte* der = NULL; - byte* temp = NULL; /* Store PEM or intermediate key */ - word32 derSz = 0; - word32 pemSz = 0; - word32 keySz = 0; - dilithium_key mldsa_key; - WC_RNG rng; - word32 size; - - struct { - int wcId; - int oidSum; - int keySz; - } test_variant[] = {{WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_PRV_KEY_SIZE}, - {WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_PRV_KEY_SIZE}, - {WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_PRV_KEY_SIZE}}; - - (void) pemSz; - - ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); - ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); - -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); -#else - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); -#endif /* NO_WOLFSSL_SERVER */ - - ExpectIntEQ(wc_InitRng(&rng), 0); - ExpectIntEQ(wc_dilithium_init(&mldsa_key), 0); - - /* Test private + public key (separated format) */ - for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { - ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); - ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); - - ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&mldsa_key, der, derMaxSz), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - -#ifdef WOLFSSL_DER_TO_PEM - ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); -#endif /* WOLFSSL_DER_TO_PEM */ - } - - /* Test private key only */ - for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { - ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); - ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); - - ExpectIntGT(derSz = wc_Dilithium_PrivateKeyToDer(&mldsa_key, der, derMaxSz), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - -#ifdef WOLFSSL_DER_TO_PEM - ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); -#endif /* WOLFSSL_DER_TO_PEM */ - } - - /* Test private + public key (integrated format) */ - for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { - ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); - ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); - - keySz = 0; - temp[0] = 0x04; /* ASN.1 OCTET STRING */ - temp[1] = 0x82; /* 2 bytes length field */ - temp[2] = (test_variant[i].keySz >> 8) & 0xff; /* MSB of the length */ - temp[3] = test_variant[i].keySz & 0xff; /* LSB of the length */ - keySz += 4; - size = tempMaxSz - keySz; - ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz, &size), 0); - keySz += size; - size = tempMaxSz - keySz; - ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size), 0); - keySz += size; - derSz = derMaxSz; - ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz, test_variant[i].oidSum, NULL, 0), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - -#ifdef WOLFSSL_DER_TO_PEM - ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); - ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); -#endif /* WOLFSSL_DER_TO_PEM */ - } - - wc_dilithium_free(&mldsa_key); - ExpectIntEQ(wc_FreeRng(&rng), 0); - wolfSSL_CTX_free(ctx); - XFREE(temp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - -#endif - return EXPECT_RESULT(); -} - /* Testing functions dealing with PKCS5 */ static int test_wolfSSL_PKCS5(void) { @@ -67632,7 +67519,6 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_PKCS8), TEST_DECL(test_wolfSSL_PKCS8_ED25519), TEST_DECL(test_wolfSSL_PKCS8_ED448), - TEST_DECL(test_wolfSSL_PKCS8_MLDSA), #ifdef HAVE_IO_TESTS_DEPENDENCIES TEST_DECL(test_wolfSSL_get_finished), diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 5991d0b16..3464471d2 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -16658,3 +16658,130 @@ int test_wc_dilithium_verify_kats(void) return EXPECT_RESULT(); } +int test_mldsa_pkcs8(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + + WOLFSSL_CTX* ctx = NULL; + size_t i; + const int derMaxSz = DILITHIUM_MAX_BOTH_KEY_DER_SIZE; + const int tempMaxSz = DILITHIUM_MAX_BOTH_KEY_PEM_SIZE; + byte* der = NULL; + byte* temp = NULL; /* Store PEM or intermediate key */ + word32 derSz = 0; + word32 pemSz = 0; + word32 keySz = 0; + dilithium_key mldsa_key; + WC_RNG rng; + word32 size; + + struct { + int wcId; + int oidSum; + int keySz; + } test_variant[] = { + {WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_PRV_KEY_SIZE}, + {WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_PRV_KEY_SIZE}, + {WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_PRV_KEY_SIZE} + }; + + (void) pemSz; + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif /* NO_WOLFSSL_SERVER */ + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(&mldsa_key), 0); + + /* Test private + public key (separated format) */ + for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, + test_variant[i].wcId), 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&mldsa_key, der, derMaxSz), + 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, + PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + /* Test private key only */ + for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), + 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + ExpectIntGT(derSz = wc_Dilithium_PrivateKeyToDer(&mldsa_key, der, + derMaxSz), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, + PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + /* Test private + public key (integrated format) */ + for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), + 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + keySz = 0; + temp[0] = 0x04; /* ASN.1 OCTET STRING */ + temp[1] = 0x82; /* 2 bytes length field */ + temp[2] = (test_variant[i].keySz >> 8) & 0xff; /* MSB of the length */ + temp[3] = test_variant[i].keySz & 0xff; /* LSB of the length */ + keySz += 4; + size = tempMaxSz - keySz; + ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz, + &size), 0); + keySz += size; + size = tempMaxSz - keySz; + ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size), + 0); + keySz += size; + derSz = derMaxSz; + ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz, + test_variant[i].oidSum, NULL, 0), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, + PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + wc_dilithium_free(&mldsa_key); + ExpectIntEQ(wc_FreeRng(&rng), 0); + wolfSSL_CTX_free(ctx); + XFREE(temp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + +#endif + return EXPECT_RESULT(); +} diff --git a/tests/api/test_mldsa.h b/tests/api/test_mldsa.h index 9b77d4620..38568d275 100644 --- a/tests/api/test_mldsa.h +++ b/tests/api/test_mldsa.h @@ -35,6 +35,7 @@ int test_wc_dilithium_der(void); int test_wc_dilithium_make_key_from_seed(void); int test_wc_dilithium_sig_kats(void); int test_wc_dilithium_verify_kats(void); +int test_mldsa_pkcs8(void); #define TEST_MLDSA_DECLS \ TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ @@ -47,6 +48,7 @@ int test_wc_dilithium_verify_kats(void); TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ - TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats) + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8) #endif /* WOLFCRYPT_TEST_MLDSA_H */ diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index f5804615e..1aa275098 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -9664,7 +9664,7 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Get OID sum for level. */ - if(key->level == 0) { /* Check first, because key->params will be NULL + if (key->level == 0) { /* Check first, because key->params will be NULL * when key->level = 0 */ /* Level not set by caller, decode from DER */ keytype = ANONk; diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index c7655884f..306cef197 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -117,6 +117,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334 #define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588 +#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE 3904 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE 5344 #define DILITHIUM_LEVEL3_KEY_SIZE 4032 #define DILITHIUM_LEVEL3_SIG_SIZE 3309 @@ -126,7 +130,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974 #define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060 - +#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE 6016 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE 8204 #define DILITHIUM_LEVEL5_KEY_SIZE 4896 #define DILITHIUM_LEVEL5_SIG_SIZE 4627 @@ -136,6 +143,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614 #define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924 +#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10239 #define ML_DSA_LEVEL2_KEY_SIZE 2560 #define ML_DSA_LEVEL2_SIG_SIZE 2420 @@ -145,6 +156,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE #define ML_DSA_LEVEL3_KEY_SIZE 4032 #define ML_DSA_LEVEL3_SIG_SIZE 3309 @@ -154,6 +169,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE #define ML_DSA_LEVEL5_KEY_SIZE 4896 #define ML_DSA_LEVEL5_SIG_SIZE 4627 @@ -163,6 +182,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE @@ -524,6 +547,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334 #define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588 +#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE 3904 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE 5344 #define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key #define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature @@ -533,6 +560,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974 #define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060 +#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE 6016 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE 8204 #define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key #define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature @@ -542,7 +573,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614 #define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924 - +#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10239 #define ML_DSA_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key #define ML_DSA_LEVEL2_SIG_SIZE OQS_SIG_ml_dsa_44_ipd_length_signature @@ -552,6 +586,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE #define ML_DSA_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key #define ML_DSA_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature @@ -561,6 +599,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE #define ML_DSA_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key #define ML_DSA_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature @@ -570,6 +612,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE #endif @@ -580,6 +626,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE +#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE #ifdef WOLF_PRIVATE_KEY_ID From c05c827d6b2a6de2d87166d24e021064510b0f6c Mon Sep 17 00:00:00 2001 From: Koji Takeda Date: Wed, 16 Apr 2025 16:09:02 +0900 Subject: [PATCH 7/7] Add a space after if and for --- src/ssl_load.c | 6 +++--- tests/api/test_mldsa.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 19d1426a7..d3a64f59e 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -965,7 +965,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length); if (ret == 0) { ret = dilithium_get_oid_sum(key, &keyFormatTemp); - if(ret == 0) { + if (ret == 0) { /* Format is known. */ #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) if (keyFormatTemp == DILITHIUM_LEVEL2k) { @@ -999,7 +999,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } } - if(ret == 0) { + if (ret == 0) { /* Get the minimum Dilithium key size from SSL or SSL context * object. */ int minKeySz = ssl ? ssl->options.minDilithiumKeySz : @@ -1012,7 +1012,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } } - if(ret == 0) { + if (ret == 0) { *keyFormat = keyFormatTemp; *keyType = keyTypeTemp; *keySize = keySizeTemp; diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c index 3464471d2..a9d2e1980 100644 --- a/tests/api/test_mldsa.c +++ b/tests/api/test_mldsa.c @@ -16705,7 +16705,7 @@ int test_mldsa_pkcs8(void) ExpectIntEQ(wc_dilithium_init(&mldsa_key), 0); /* Test private + public key (separated format) */ - for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); @@ -16724,7 +16724,7 @@ int test_mldsa_pkcs8(void) } /* Test private key only */ - for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); @@ -16743,7 +16743,7 @@ int test_mldsa_pkcs8(void) } /* Test private + public key (integrated format) */ - for(i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), 0); ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0);