mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 04:40:49 +02:00
Merge pull request #7026 from Frauschi/liboqs
Improve liboqs integration
This commit is contained in:
+3
-3
@@ -28901,7 +28901,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
|
||||
#if defined(HAVE_FALCON)
|
||||
if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) {
|
||||
word32 outSz = sigSz;
|
||||
ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey);
|
||||
ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey, rng);
|
||||
if (ret == 0)
|
||||
ret = outSz;
|
||||
}
|
||||
@@ -28910,7 +28910,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
|
||||
if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
|
||||
dilithiumKey) {
|
||||
word32 outSz = sigSz;
|
||||
ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey);
|
||||
ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng);
|
||||
if (ret == 0)
|
||||
ret = outSz;
|
||||
}
|
||||
@@ -28919,7 +28919,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
|
||||
if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
|
||||
!dilithiumKey && sphincsKey) {
|
||||
word32 outSz = sigSz;
|
||||
ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey);
|
||||
ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng);
|
||||
if (ret == 0)
|
||||
ret = outSz;
|
||||
}
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
*/
|
||||
int wc_dilithium_sign_msg(const byte* in, word32 inLen,
|
||||
byte* out, word32 *outLen,
|
||||
dilithium_key* key)
|
||||
dilithium_key* key, WC_RNG* rng)
|
||||
{
|
||||
int ret = 0;
|
||||
#ifdef HAVE_LIBOQS
|
||||
@@ -107,6 +107,10 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
|
||||
localOutLen = *outLen;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wolfSSL_liboqsRngMutexLock(rng);
|
||||
}
|
||||
|
||||
if ((ret == 0) &&
|
||||
(OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
|
||||
== OQS_ERROR)) {
|
||||
@@ -117,6 +121,8 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
|
||||
*outLen = (word32)localOutLen;
|
||||
}
|
||||
|
||||
wolfSSL_liboqsRngMutexUnlock();
|
||||
|
||||
if (oqssig != NULL) {
|
||||
OQS_SIG_free(oqssig);
|
||||
}
|
||||
|
||||
@@ -39,6 +39,8 @@
|
||||
|
||||
#if defined (HAVE_LIBOQS)
|
||||
|
||||
#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
|
||||
|
||||
static const char* OQS_ID2name(int id) {
|
||||
switch (id) {
|
||||
case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
|
||||
@@ -337,12 +339,16 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wolfSSL_liboqsRngMutexLock(rng);
|
||||
}
|
||||
if (ret == 0) {
|
||||
if (OQS_KEM_keypair(kem, key->pub, key->priv) !=
|
||||
OQS_SUCCESS) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
wolfSSL_liboqsRngMutexUnlock();
|
||||
OQS_KEM_free(kem);
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#ifdef HAVE_PQM4
|
||||
@@ -422,12 +428,15 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wolfSSL_liboqsRngMutexLock(rng);
|
||||
}
|
||||
if (ret == 0) {
|
||||
if (OQS_KEM_encaps(kem, ct, ss, key->pub) != OQS_SUCCESS) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
|
||||
wolfSSL_liboqsRngMutexUnlock();
|
||||
OQS_KEM_free(kem);
|
||||
#endif /* HAVE_LIBOQS */
|
||||
#ifdef HAVE_PQM4
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
*/
|
||||
int wc_falcon_sign_msg(const byte* in, word32 inLen,
|
||||
byte* out, word32 *outLen,
|
||||
falcon_key* key)
|
||||
falcon_key* key, WC_RNG* rng)
|
||||
{
|
||||
int ret = 0;
|
||||
#ifdef HAVE_LIBOQS
|
||||
@@ -101,6 +101,10 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
|
||||
localOutLen = *outLen;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wolfSSL_liboqsRngMutexLock(rng);
|
||||
}
|
||||
|
||||
if ((ret == 0) &&
|
||||
(OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
|
||||
== OQS_ERROR)) {
|
||||
@@ -111,6 +115,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
|
||||
*outLen = (word32)localOutLen;
|
||||
}
|
||||
|
||||
wolfSSL_liboqsRngMutexUnlock();
|
||||
|
||||
if (oqssig != NULL) {
|
||||
OQS_SIG_free(oqssig);
|
||||
}
|
||||
|
||||
@@ -132,7 +132,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
|
||||
wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \
|
||||
wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \
|
||||
wolfcrypt/src/port/Renesas/README.md \
|
||||
wolfcrypt/src/port/cypress/psoc6_crypto.c
|
||||
wolfcrypt/src/port/cypress/psoc6_crypto.c \
|
||||
wolfcrypt/src/port/liboqs/liboqs.c
|
||||
|
||||
$(ASYNC_FILES):
|
||||
$(AM_V_at)touch $(srcdir)/$@
|
||||
|
||||
@@ -0,0 +1,111 @@
|
||||
/* liboqs.c
|
||||
*
|
||||
* Copyright (C) 2006-2023 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*
|
||||
|
||||
DESCRIPTION
|
||||
This library provides the support interfaces to the liboqs library providing
|
||||
implementations for Post-Quantum cryptography algorithms.
|
||||
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
|
||||
/* RNG for liboqs */
|
||||
static WC_RNG liboqsDefaultRNG;
|
||||
static WC_RNG* liboqsCurrentRNG;
|
||||
|
||||
static wolfSSL_Mutex liboqsRNGMutex;
|
||||
|
||||
static int liboqs_init = 0;
|
||||
|
||||
|
||||
static void wolfSSL_liboqsGetRandomData(uint8_t* buffer, size_t numOfBytes)
|
||||
{
|
||||
int ret = wc_RNG_GenerateBlock(liboqsCurrentRNG, buffer, numOfBytes);
|
||||
if (ret != 0) {
|
||||
// ToDo: liboqs exits programm if RNG fails, not sure what to do here
|
||||
}
|
||||
}
|
||||
|
||||
int wolfSSL_liboqsInit(void)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (liboqs_init == 0) {
|
||||
ret = wc_InitMutex(&liboqsRNGMutex);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
ret = wc_LockMutex(&liboqsRNGMutex);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
ret = wc_InitRng(&liboqsDefaultRNG);
|
||||
if (ret == 0) {
|
||||
OQS_init();
|
||||
liboqs_init = 1;
|
||||
}
|
||||
liboqsCurrentRNG = &liboqsDefaultRNG;
|
||||
wc_UnLockMutex(&liboqsRNGMutex);
|
||||
|
||||
OQS_randombytes_custom_algorithm(wolfSSL_liboqsGetRandomData);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfSSL_liboqsRngMutexLock(WC_RNG* rng)
|
||||
{
|
||||
int ret = wolfSSL_liboqsInit();
|
||||
if (ret == 0) {
|
||||
ret = wc_LockMutex(&liboqsRNGMutex);
|
||||
}
|
||||
if (ret == 0 && rng != NULL) {
|
||||
/* Update the pointer with the RNG to use. This is safe as we locked the mutex */
|
||||
liboqsCurrentRNG = rng;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int wolfSSL_liboqsRngMutexUnlock(void)
|
||||
{
|
||||
int ret = BAD_MUTEX_E;
|
||||
|
||||
liboqsCurrentRNG = &liboqsDefaultRNG;
|
||||
|
||||
if (liboqs_init) {
|
||||
ret = wc_UnLockMutex(&liboqsRNGMutex);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* HAVE_LIBOQS */
|
||||
@@ -58,7 +58,7 @@
|
||||
* 0 otherwise.
|
||||
*/
|
||||
int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
|
||||
sphincs_key* key)
|
||||
sphincs_key* key, WC_RNG* rng)
|
||||
{
|
||||
int ret = 0;
|
||||
#ifdef HAVE_LIBOQS
|
||||
@@ -135,6 +135,10 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
|
||||
localOutLen = *outLen;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wolfSSL_liboqsRngMutexLock(rng);
|
||||
}
|
||||
|
||||
if ((ret == 0) &&
|
||||
(OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
|
||||
== OQS_ERROR)) {
|
||||
@@ -145,6 +149,8 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
|
||||
*outLen = (word32)localOutLen;
|
||||
}
|
||||
|
||||
wolfSSL_liboqsRngMutexUnlock();
|
||||
|
||||
if (oqssig != NULL) {
|
||||
OQS_SIG_free(oqssig);
|
||||
}
|
||||
|
||||
@@ -127,6 +127,10 @@
|
||||
#include <wolfssl/wolfcrypt/port/psa/psa.h>
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
|
||||
#endif
|
||||
|
||||
#if defined(FREERTOS) && defined(WOLFSSL_ESPIDF)
|
||||
#include <freertos/FreeRTOS.h>
|
||||
#include <freertos/task.h>
|
||||
@@ -392,6 +396,12 @@ int wolfCrypt_Init(void)
|
||||
}
|
||||
rpcmem_init();
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LIBOQS)
|
||||
if ((ret = wolfSSL_liboqsInit()) != 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
initRefCount++;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user