mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
gate dilithium OID autodetection on FIPS 204 draft mode
This commit is contained in:
Brett Nicholas
14
tests/api.c
14
tests/api.c
@@ -35003,10 +35003,20 @@ static int test_wc_dilithium_der(void)
|
|||||||
* the supplied DER is invalid, this should fail with ASN parsing error */
|
* the supplied DER is invalid, this should fail with ASN parsing error */
|
||||||
idx = 0;
|
idx = 0;
|
||||||
ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
|
ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen),
|
||||||
WC_NO_ERR_TRACE(ASN_PARSE_E));
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
WC_NO_ERR_TRACE(BAD_FUNC_ARG)
|
||||||
|
#else
|
||||||
|
WC_NO_ERR_TRACE(ASN_PARSE_E)
|
||||||
|
#endif
|
||||||
|
);
|
||||||
idx = 0;
|
idx = 0;
|
||||||
ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
|
ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen),
|
||||||
WC_NO_ERR_TRACE(ASN_PARSE_E));
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
WC_NO_ERR_TRACE(BAD_FUNC_ARG)
|
||||||
|
#else
|
||||||
|
WC_NO_ERR_TRACE(ASN_PARSE_E)
|
||||||
|
#endif
|
||||||
|
);
|
||||||
|
|
||||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||||
ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
|
ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0);
|
||||||
|
|||||||
@@ -9532,14 +9532,15 @@ static int mapOidToSecLevel(word32 oid)
|
|||||||
* @param [in, out] inOutIdx On in, index into array of start of DER encoding.
|
* @param [in, out] inOutIdx On in, index into array of start of DER encoding.
|
||||||
* On out, index into array after DER encoding.
|
* On out, index into array after DER encoding.
|
||||||
* @param [in, out] key Dilithium key structure to hold the decoded key.
|
* @param [in, out] key Dilithium key structure to hold the decoded key.
|
||||||
* If the security level is set in the key structure on
|
* If the security level is set in the key structure
|
||||||
* input, the DER key will be decoded as such and will
|
* on input, the DER key will be decoded as such and
|
||||||
* fail if there is a mismatch. If the level and
|
* will fail if there is a mismatch. If the level
|
||||||
* parameters are not set in the key structure on
|
* and parameters are not set in the key structure on
|
||||||
* input, the level will be detected from the DER
|
* input, the level will be detected from the DER
|
||||||
* file based on the algorithm OID, appropriately
|
* file based on the algorithm OID, appropriately
|
||||||
* decoded, then updated in the key structure on
|
* decoded, then updated in the key structure on
|
||||||
* output.
|
* output. Auto-detection of the security level is
|
||||||
|
* not supported if compiled for FIPS 204 draft mode.
|
||||||
* @param [in] inSz Total size of the input DER buffer array.
|
* @param [in] inSz Total size of the input DER buffer array.
|
||||||
* @return 0 on success.
|
* @return 0 on success.
|
||||||
* @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
|
* @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
|
||||||
@@ -9803,10 +9804,12 @@ static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type,
|
|||||||
* on input, the DER key will be decoded as such
|
* on input, the DER key will be decoded as such
|
||||||
* and will fail if there is a mismatch. If the level
|
* and will fail if there is a mismatch. If the level
|
||||||
* and parameters are not set in the key structure on
|
* and parameters are not set in the key structure on
|
||||||
* input, the level will be detected from the DER file
|
* input, the level will be detected from the DER
|
||||||
* based on the algorithm OID, appropriately decoded,
|
* file based on the algorithm OID, appropriately
|
||||||
* then updated in the key structure on output.
|
* decoded, then updated in the key structure on
|
||||||
* updated in the key structure on output.
|
* output. Auto-detection of the security level is
|
||||||
|
* not supported if compiled for FIPS 204
|
||||||
|
* draft mode.
|
||||||
* @param [in] inSz Total size of data in array.
|
* @param [in] inSz Total size of data in array.
|
||||||
* @return 0 on success.
|
* @return 0 on success.
|
||||||
* @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
|
* @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0.
|
||||||
|
|||||||
@@ -45952,6 +45952,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
|
|||||||
ret = wc_dilithium_init(&key);
|
ret = wc_dilithium_init(&key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
/* Test decoding without setting security level - should auto-detect */
|
/* Test decoding without setting security level - should auto-detect */
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
idx = 0;
|
idx = 0;
|
||||||
@@ -45974,6 +45975,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
|
|||||||
expectedLevel, key.level);
|
expectedLevel, key.level);
|
||||||
ret = WC_TEST_RET_ENC_NC;
|
ret = WC_TEST_RET_ENC_NC;
|
||||||
}
|
}
|
||||||
|
#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
|
||||||
/* Cleanup */
|
/* Cleanup */
|
||||||
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|||||||
Reference in New Issue
Block a user