wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 13:44:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8659 from kojiws/improve_mldsa_priv_key_import

Browse Source 
Improve ML-DSA private key import and the test
This commit is contained in:
Sean Parkinson
2025-04-16 18:21:00 +10:00
committed by GitHub
parent f458930d24 c05c827d6b
commit 5e8d018ff7
5 changed files with 285 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
src/ssl_load.c
View File

@@ -946,6 +946,9 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
int ret;
word32 idx;
dilithium_key* key;
int keyFormatTemp = 0;
int keyTypeTemp;
int keySizeTemp;
/* Allocate a Dilithium key to parse into. */
key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
@@ -956,105 +959,74 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
/* Initialize Dilithium key. */
ret = wc_dilithium_init(key);
if (ret == 0) {
/* Set up key to parse the format specified. */
if ((*keyFormat == ML_DSA_LEVEL2k) || ((*keyFormat == 0) &&
((der->length == ML_DSA_LEVEL2_KEY_SIZE) ||
(der->length == ML_DSA_LEVEL2_PRV_KEY_SIZE)))) {
ret = wc_dilithium_set_level(key, WC_ML_DSA_44);
}
else if ((*keyFormat == ML_DSA_LEVEL3k) || ((*keyFormat == 0) &&
((der->length == ML_DSA_LEVEL3_KEY_SIZE) ||
(der->length == ML_DSA_LEVEL3_PRV_KEY_SIZE)))) {
ret = wc_dilithium_set_level(key, WC_ML_DSA_65);
}
else if ((*keyFormat == ML_DSA_LEVEL5k) || ((*keyFormat == 0) &&
((der->length == ML_DSA_LEVEL5_KEY_SIZE) ||
(der->length == ML_DSA_LEVEL5_PRV_KEY_SIZE)))) {
ret = wc_dilithium_set_level(key, WC_ML_DSA_87);
}
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
else if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) &&
((der->length == DILITHIUM_LEVEL2_KEY_SIZE) ||
(der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) {
ret = wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT);
}
else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) &&
((der->length == DILITHIUM_LEVEL3_KEY_SIZE) ||
(der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) {
ret = wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT);
}
else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) &&
((der->length == DILITHIUM_LEVEL5_KEY_SIZE) ||
(der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) {
ret = wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT);
}
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
else {
wc_dilithium_free(key);
ret = ALGO_ID_E;
}
}
if (ret == 0) {
/* Decode as a Dilithium private key. */
idx = 0;
ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length);
if (ret == 0) {
/* Get the minimum Dilithium key size from SSL or SSL context
* object. */
int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz;
ret = dilithium_get_oid_sum(key, &keyFormatTemp);
if (ret == 0) {
/* Format is known. */
#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
if (keyFormatTemp == DILITHIUM_LEVEL2k) {
keyTypeTemp = dilithium_level2_sa_algo;
keySizeTemp = DILITHIUM_LEVEL2_KEY_SIZE;
}
else if (keyFormatTemp == DILITHIUM_LEVEL3k) {
keyTypeTemp = dilithium_level3_sa_algo;
keySizeTemp = DILITHIUM_LEVEL3_KEY_SIZE;
}
else if (keyFormatTemp == DILITHIUM_LEVEL5k) {
keyTypeTemp = dilithium_level5_sa_algo;
keySizeTemp = DILITHIUM_LEVEL5_KEY_SIZE;
}
else
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
if (keyFormatTemp == ML_DSA_LEVEL2k) {
keyTypeTemp = dilithium_level2_sa_algo;
keySizeTemp = ML_DSA_LEVEL2_KEY_SIZE;
}
else if (keyFormatTemp == ML_DSA_LEVEL3k) {
keyTypeTemp = dilithium_level3_sa_algo;
keySizeTemp = ML_DSA_LEVEL3_KEY_SIZE;
}
else if (keyFormatTemp == ML_DSA_LEVEL5k) {
keyTypeTemp = dilithium_level5_sa_algo;
keySizeTemp = ML_DSA_LEVEL5_KEY_SIZE;
}
else {
ret = ALGO_ID_E;
}
}
/* Format is known. */
if (*keyFormat == ML_DSA_LEVEL2k) {
*keyType = dilithium_level2_sa_algo;
*keySize = ML_DSA_LEVEL2_KEY_SIZE;
}
else if (*keyFormat == ML_DSA_LEVEL3k) {
*keyType = dilithium_level3_sa_algo;
*keySize = ML_DSA_LEVEL3_KEY_SIZE;
}
else if (*keyFormat == ML_DSA_LEVEL5k) {
*keyType = dilithium_level5_sa_algo;
*keySize = ML_DSA_LEVEL5_KEY_SIZE;
}
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
else if (*keyFormat == DILITHIUM_LEVEL2k) {
*keyType = dilithium_level2_sa_algo;
*keySize = DILITHIUM_LEVEL2_KEY_SIZE;
}
else if (*keyFormat == DILITHIUM_LEVEL3k) {
*keyType = dilithium_level3_sa_algo;
*keySize = DILITHIUM_LEVEL3_KEY_SIZE;
}
else if (*keyFormat == DILITHIUM_LEVEL5k) {
*keyType = dilithium_level5_sa_algo;
*keySize = DILITHIUM_LEVEL5_KEY_SIZE;
}
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
if (ret == 0) {
/* Get the minimum Dilithium key size from SSL or SSL context
* object. */
int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
ctx->minDilithiumKeySz;
/* Check that the size of the Dilithium key is enough. */
if (*keySize < minKeySz) {
WOLFSSL_MSG("Dilithium private key too small");
ret = DILITHIUM_KEY_SIZE_E;
/* Check that the size of the Dilithium key is enough. */
if (keySizeTemp < minKeySz) {
WOLFSSL_MSG("Dilithium private key too small");
ret = DILITHIUM_KEY_SIZE_E;
}
}
if (ret == 0) {
*keyFormat = keyFormatTemp;
*keyType = keyTypeTemp;
*keySize = keySizeTemp;
}
}
/* Not a Dilithium key but check whether we know what it is. */
else if (*keyFormat == 0) {
WOLFSSL_MSG("Not a Dilithium key");
/* Format unknown so keep trying. */
/* Unknown format wasn't dilithium, so keep trying other formats. */
ret = 0;
}
/* Free dynamically allocated data in key. */
wc_dilithium_free(key);
}
else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
WOLFSSL_MSG("Not a Dilithium key");
/* Format unknown so keep trying. */
ret = 0;
}
/* Dispose of allocated key. */
XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);

129
tests/api/test_mldsa.c
View File

@@ -2959,7 +2959,7 @@ int test_wc_dilithium_der(void)
idx = 0;
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
WC_NO_ERR_TRACE(ASN_PARSE_E));
#else
ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
WC_NO_ERR_TRACE(ASN_PARSE_E));
@@ -16658,3 +16658,130 @@ int test_wc_dilithium_verify_kats(void)
return EXPECT_RESULT();
}
int test_mldsa_pkcs8(void)
{
EXPECT_DECLS;
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \
(!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
WOLFSSL_CTX* ctx = NULL;
size_t i;
const int derMaxSz = DILITHIUM_MAX_BOTH_KEY_DER_SIZE;
const int tempMaxSz = DILITHIUM_MAX_BOTH_KEY_PEM_SIZE;
byte* der = NULL;
byte* temp = NULL; /* Store PEM or intermediate key */
word32 derSz = 0;
word32 pemSz = 0;
word32 keySz = 0;
dilithium_key mldsa_key;
WC_RNG rng;
word32 size;
struct {
int wcId;
int oidSum;
int keySz;
} test_variant[] = {
{WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_PRV_KEY_SIZE},
{WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_PRV_KEY_SIZE},
{WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_PRV_KEY_SIZE}
};
(void) pemSz;
ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
#ifndef NO_WOLFSSL_SERVER
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif /* NO_WOLFSSL_SERVER */
ExpectIntEQ(wc_InitRng(&rng), 0);
ExpectIntEQ(wc_dilithium_init(&mldsa_key), 0);
/* Test private + public key (separated format) */
for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) {
ExpectIntEQ(wc_dilithium_set_level(&mldsa_key,
test_variant[i].wcId), 0);
ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0);
ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&mldsa_key, der, derMaxSz),
0);
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_DER_TO_PEM
ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz,
PKCS8_PRIVATEKEY_TYPE), 0);
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif /* WOLFSSL_DER_TO_PEM */
}
/* Test private key only */
for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) {
ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId),
0);
ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0);
ExpectIntGT(derSz = wc_Dilithium_PrivateKeyToDer(&mldsa_key, der,
derMaxSz), 0);
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_DER_TO_PEM
ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz,
PKCS8_PRIVATEKEY_TYPE), 0);
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif /* WOLFSSL_DER_TO_PEM */
}
/* Test private + public key (integrated format) */
for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) {
ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId),
0);
ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0);
keySz = 0;
temp[0] = 0x04; /* ASN.1 OCTET STRING */
temp[1] = 0x82; /* 2 bytes length field */
temp[2] = (test_variant[i].keySz >> 8) & 0xff; /* MSB of the length */
temp[3] = test_variant[i].keySz & 0xff; /* LSB of the length */
keySz += 4;
size = tempMaxSz - keySz;
ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz,
&size), 0);
keySz += size;
size = tempMaxSz - keySz;
ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size),
0);
keySz += size;
derSz = derMaxSz;
ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz,
test_variant[i].oidSum, NULL, 0), 0);
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_DER_TO_PEM
ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz,
PKCS8_PRIVATEKEY_TYPE), 0);
ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif /* WOLFSSL_DER_TO_PEM */
}
wc_dilithium_free(&mldsa_key);
ExpectIntEQ(wc_FreeRng(&rng), 0);
wolfSSL_CTX_free(ctx);
XFREE(temp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return EXPECT_RESULT();
}

4
tests/api/test_mldsa.h
View File

@@ -35,6 +35,7 @@ int test_wc_dilithium_der(void);
int test_wc_dilithium_make_key_from_seed(void);
int test_wc_dilithium_sig_kats(void);
int test_wc_dilithium_verify_kats(void);
int test_mldsa_pkcs8(void);
#define TEST_MLDSA_DECLS \
TEST_DECL_GROUP("mldsa", test_wc_dilithium), \
@@ -47,6 +48,7 @@ int test_wc_dilithium_verify_kats(void);
TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats)
TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \
TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8)
#endif /* WOLFCRYPT_TEST_MLDSA_H */

49
wolfcrypt/src/dilithium.c
View File

@@ -9589,6 +9589,42 @@ static int mapOidToSecLevel(word32 oid)
}
}
/* Get OID sum from dilithium key */
int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat) {
int ret = 0;
#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
if (key->params == NULL) {
ret = BAD_FUNC_ARG;
}
else if (key->params->level == WC_ML_DSA_44_DRAFT) {
*keyFormat = DILITHIUM_LEVEL2k;
}
else if (key->params->level == WC_ML_DSA_65_DRAFT) {
*keyFormat = DILITHIUM_LEVEL3k;
}
else if (key->params->level == WC_ML_DSA_87_DRAFT) {
*keyFormat = DILITHIUM_LEVEL5k;
}
else
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
if (key->level == WC_ML_DSA_44) {
*keyFormat = ML_DSA_LEVEL2k;
}
else if (key->level == WC_ML_DSA_65) {
*keyFormat = ML_DSA_LEVEL3k;
}
else if (key->level == WC_ML_DSA_87) {
*keyFormat = ML_DSA_LEVEL5k;
}
else {
/* Level is not set */
ret = ALGO_ID_E;
}
return ret;
}
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
/* Decode the DER encoded Dilithium key.
@@ -9628,8 +9664,13 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
if (ret == 0) {
/* Get OID sum for level. */
if (key->level == 0) { /* Check first, because key->params will be NULL
* when key->level = 0 */
/* Level not set by caller, decode from DER */
keytype = ANONk;
}
#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
if (key->params == NULL) {
else if (key->params == NULL) {
ret = BAD_FUNC_ARG;
}
else if (key->params->level == WC_ML_DSA_44_DRAFT) {
@@ -9641,9 +9682,8 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
else if (key->params->level == WC_ML_DSA_87_DRAFT) {
keytype = DILITHIUM_LEVEL5k;
}
else
#endif
if (key->level == WC_ML_DSA_44) {
else if (key->level == WC_ML_DSA_44) {
keytype = ML_DSA_LEVEL2k;
}
else if (key->level == WC_ML_DSA_65) {
@@ -9653,8 +9693,7 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
keytype = ML_DSA_LEVEL5k;
}
else {
/* Level not set by caller, decode from DER */
keytype = ANONk; /* 0, not a valid key type in this situation*/
ret = BAD_FUNC_ARG;
}
}

58
wolfssl/wolfcrypt/dilithium.h
View File

@@ -117,6 +117,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334
#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588
#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE 3904
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE 5344
#define DILITHIUM_LEVEL3_KEY_SIZE 4032
#define DILITHIUM_LEVEL3_SIG_SIZE 3309
@@ -126,7 +130,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974
#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060
#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE 6016
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE 8204
#define DILITHIUM_LEVEL5_KEY_SIZE 4896
#define DILITHIUM_LEVEL5_SIG_SIZE 4627
@@ -136,6 +143,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614
#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924
#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10239
#define ML_DSA_LEVEL2_KEY_SIZE 2560
#define ML_DSA_LEVEL2_SIG_SIZE 2420
@@ -145,6 +156,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE
#define ML_DSA_LEVEL3_KEY_SIZE 4032
#define ML_DSA_LEVEL3_SIG_SIZE 3309
@@ -154,6 +169,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE
#define ML_DSA_LEVEL5_KEY_SIZE 4896
#define ML_DSA_LEVEL5_SIG_SIZE 4627
@@ -163,6 +182,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE
@@ -524,6 +547,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334
#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588
#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE 3904
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE 5344
#define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key
#define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature
@@ -533,6 +560,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974
#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060
#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE 6016
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE 8204
#define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key
#define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature
@@ -542,7 +573,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614
#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924
#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10239
#define ML_DSA_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key
#define ML_DSA_LEVEL2_SIG_SIZE OQS_SIG_ml_dsa_44_ipd_length_signature
@@ -552,6 +586,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE
#define ML_DSA_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key
#define ML_DSA_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature
@@ -561,6 +599,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE
#define ML_DSA_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key
#define ML_DSA_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature
@@ -570,6 +612,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE
#endif
@@ -580,6 +626,10 @@
/* Buffer sizes large enough to store exported DER encoded keys */
#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE
#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE
#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE
/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and
* the footer "-----END PRIVATE KEY-----" */
#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE
#ifdef WOLF_PRIVATE_KEY_ID
@@ -813,6 +863,10 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz);
#endif
#ifndef WOLFSSL_DILITHIUM_NO_ASN1
WOLFSSL_LOCAL int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat);
#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
#ifndef WOLFSSL_DILITHIUM_NO_ASN1
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input,