wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

gate dilithium OID autodetection on FIPS 204 draft mode

Browse Source
This commit is contained in:
Brett Nicholas
2024-11-20 16:07:25 -07:00
parent 30f372ce16
commit cceeb776f7
3 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/api.c
View File

@ -35003,10 +35003,20 @@ static int test_wc_dilithium_der(void)
* the supplied DER is invalid, this should fail with ASN parsing error */
idx = 0;
ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
WC_NO_ERR_TRACE(ASN_PARSE_E));
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
WC_NO_ERR_TRACE(BAD_FUNC_ARG)
#else
WC_NO_ERR_TRACE(ASN_PARSE_E)
#endif
);
idx = 0;
ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
WC_NO_ERR_TRACE(ASN_PARSE_E));
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
WC_NO_ERR_TRACE(BAD_FUNC_ARG)
#else
WC_NO_ERR_TRACE(ASN_PARSE_E)
#endif
);
#ifndef WOLFSSL_NO_ML_DSA_44
ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);

21
wolfcrypt/src/dilithium.c
View File

@ -9532,14 +9532,15 @@ static int mapOidToSecLevel(word32 oid)
* @param [in, out] inOutIdx On in, index into array of start of DER encoding.
* On out, index into array after DER encoding.
* @param [in, out] key Dilithium key structure to hold the decoded key.
* If the security level is set in the key structure on
* input, the DER key will be decoded as such and will
* fail if there is a mismatch. If the level and
* parameters are not set in the key structure on
* If the security level is set in the key structure
* on input, the DER key will be decoded as such and
* will fail if there is a mismatch. If the level
* and parameters are not set in the key structure on
* input, the level will be detected from the DER
* file based on the algorithm OID, appropriately
* decoded, then updated in the key structure on
* output.
* output. Auto-detection of the security level is
* not supported if compiled for FIPS 204 draft mode.
* @param [in] inSz Total size of the input DER buffer array.
* @return 0 on success.
* @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
@ -9803,10 +9804,12 @@ static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type,
* on input, the DER key will be decoded as such
* and will fail if there is a mismatch. If the level
* and parameters are not set in the key structure on
* input, the level will be detected from the DER file
* based on the algorithm OID, appropriately decoded,
* then updated in the key structure on output.
* updated in the key structure on output.
* input, the level will be detected from the DER
* file based on the algorithm OID, appropriately
* decoded, then updated in the key structure on
* output. Auto-detection of the security level is
* not supported if compiled for FIPS 204
* draft mode.
* @param [in] inSz Total size of data in array.
* @return 0 on success.
* @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.

2
wolfcrypt/test/test.c
View File

@ -45952,6 +45952,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
ret = wc_dilithium_init(&key);
}
#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
/* Test decoding without setting security level - should auto-detect */
if (ret == 0) {
idx = 0;
@ -45974,6 +45975,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
expectedLevel, key.level);
ret = WC_TEST_RET_ENC_NC;
}
#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
/* Cleanup */
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);