From d692f99631bd030bd67438115a28da9a19daf680 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 13 Apr 2026 15:55:31 -0700 Subject: [PATCH] More peer review fixes (Use ML-DSA naming) --- .../CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | 42 ++++-- wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | 133 ++++++++++-------- 2 files changed, 100 insertions(+), 75 deletions(-) diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs index 146a20d288..344cf10a8e 100644 --- a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs +++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs @@ -843,6 +843,7 @@ public class wolfCrypt_Test_CSharp { int ret = 0; IntPtr key = IntPtr.Zero; + IntPtr importKey = IntPtr.Zero; IntPtr heap = IntPtr.Zero; int devId = wolfcrypt.INVALID_DEVID; byte[] privateKey = null; @@ -856,7 +857,7 @@ public class wolfCrypt_Test_CSharp /* Generate Key */ Console.WriteLine("Testing ML-DSA Key Generation..."); - key = wolfcrypt.DilithiumMakeKey(heap, devId, level); + key = wolfcrypt.MlDsaMakeKey(heap, devId, level); if (key == IntPtr.Zero) { ret = -1; @@ -871,7 +872,7 @@ public class wolfCrypt_Test_CSharp if (ret == 0) { Console.WriteLine("Testing ML-DSA Key Export..."); - ret = wolfcrypt.DilithiumExportPrivateKey(key, out privateKey); + ret = wolfcrypt.MlDsaExportPrivateKey(key, out privateKey); if (ret != 0) { Console.Error.WriteLine($"Failed to export private key. Error code: {ret}"); @@ -879,7 +880,7 @@ public class wolfCrypt_Test_CSharp } if (ret == 0) { - ret = wolfcrypt.DilithiumExportPublicKey(key, out publicKey); + ret = wolfcrypt.MlDsaExportPublicKey(key, out publicKey); if (ret != 0) { Console.Error.WriteLine($"Failed to export public key. Error code: {ret}"); @@ -890,11 +891,22 @@ public class wolfCrypt_Test_CSharp Console.WriteLine("ML-DSA Key Export test passed."); } - /* Import */ + /* Import into a fresh key to test the full import workflow */ if (ret == 0) { Console.WriteLine("Testing ML-DSA Key Import..."); - ret = wolfcrypt.DilithiumImportPrivateKey(privateKey, key); + /* Free the keygen key and create a fresh one for import */ + wolfcrypt.MlDsaFreeKey(ref key); + importKey = wolfcrypt.MlDsaNew(heap, devId, level); + if (importKey == IntPtr.Zero) + { + ret = -1; + Console.Error.WriteLine("Failed to allocate key for import."); + } + } + if (ret == 0) + { + ret = wolfcrypt.MlDsaImportPrivateKey(privateKey, importKey); if (ret != 0) { Console.Error.WriteLine($"Failed to import private key. Error code: {ret}"); @@ -902,7 +914,7 @@ public class wolfCrypt_Test_CSharp } if (ret == 0) { - ret = wolfcrypt.DilithiumImportPublicKey(publicKey, key); + ret = wolfcrypt.MlDsaImportPublicKey(publicKey, importKey); if (ret != 0) { Console.Error.WriteLine($"Failed to import public key. Error code: {ret}"); @@ -913,11 +925,11 @@ public class wolfCrypt_Test_CSharp Console.WriteLine("ML-DSA Key Import test passed."); } - /* Sign */ + /* Sign with imported key */ if (ret == 0) { Console.WriteLine("Testing ML-DSA Signature Creation..."); - ret = wolfcrypt.DilithiumSignMsg(key, message, out signature); + ret = wolfcrypt.MlDsaSignMsg(importKey, message, out signature); if (ret != 0) { Console.Error.WriteLine($"Failed to sign. Error code: {ret}"); @@ -928,11 +940,11 @@ public class wolfCrypt_Test_CSharp Console.WriteLine($"ML-DSA Signature Creation test passed. Signature Length: {signature.Length}"); } - /* Verify */ + /* Verify with imported key */ if (ret == 0) { Console.WriteLine("Testing ML-DSA Signature Verification..."); - ret = wolfcrypt.DilithiumVerifyMsg(key, message, signature); + ret = wolfcrypt.MlDsaVerifyMsg(importKey, message, signature); if (ret != 0) { Console.Error.WriteLine($"Failed to verify message. Error code: {ret}"); @@ -957,11 +969,11 @@ public class wolfCrypt_Test_CSharp { if (key != IntPtr.Zero) { - ret = wolfcrypt.DilithiumFreeKey(ref key); - if (ret != 0) - { - Console.Error.WriteLine($"Failed to free ML-DSA key. Error code: {ret}"); - } + wolfcrypt.MlDsaFreeKey(ref key); + } + if (importKey != IntPtr.Zero) + { + wolfcrypt.MlDsaFreeKey(ref importKey); } } diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs index 67120982ef..9355d1137c 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs @@ -3248,7 +3248,7 @@ namespace wolfSSL.CSharp if (rng == IntPtr.Zero) { log(ERROR_LOG, "Failed to create RNG for MlKem encapsulate."); - return BAD_FUNC_ARG; + return MEMORY_E; } ret = wc_MlKemKey_Encapsulate(key, ct, ss, rng); if (ret != 0) @@ -3293,6 +3293,19 @@ namespace wolfSSL.CSharp try { + uint ctLen = 0; + ret = wc_MlKemKey_CipherTextSize(key, ref ctLen); + if (ret != 0) + { + log(ERROR_LOG, "Failed to determine ciphertext length. Error code: " + ret); + return ret; + } + if ((uint)ct.Length != ctLen) + { + log(ERROR_LOG, "Ciphertext length mismatch. Expected: " + ctLen + ", got: " + ct.Length); + return BUFFER_E; + } + ret = wc_MlKemKey_SharedSecretSize(key, ref ssLen); if (ret != 0) { @@ -3341,16 +3354,16 @@ namespace wolfSSL.CSharp // Please refer to `../user_settings.h`. /// - /// Allocate and initialize a new Dilithium key (with level set) without + /// Allocate and initialize a new ML-DSA key (with level set) without /// generating key material. Use this when you intend to import an - /// existing key (e.g., before calling DilithiumImportPublicKey or - /// DilithiumImportPrivateKey). + /// existing key (e.g., before calling MlDsaImportPublicKey or + /// MlDsaImportPrivateKey). /// /// Heap pointer for memory allocation /// Device ID (if applicable) - /// Dilithium security level - /// Pointer to the Dilithium key structure, or IntPtr.Zero on failure - public static IntPtr DilithiumNew(IntPtr heap, int devId, MlDsaLevels level) + /// ML-DSA security level + /// Pointer to the ML-DSA key structure, or IntPtr.Zero on failure + public static IntPtr MlDsaNew(IntPtr heap, int devId, MlDsaLevels level) { IntPtr key = IntPtr.Zero; bool success = false; @@ -3360,14 +3373,14 @@ namespace wolfSSL.CSharp key = wc_dilithium_new(heap, devId); if (key == IntPtr.Zero) { - log(ERROR_LOG, "Failed to allocate and initialize Dilithium key."); + log(ERROR_LOG, "Failed to allocate and initialize ML-DSA key."); return IntPtr.Zero; } int ret = wc_dilithium_set_level(key, (byte)level); if (ret != 0) { - log(ERROR_LOG, "Failed to set Dilithium level. Error code: " + ret); + log(ERROR_LOG, "Failed to set ML-DSA level. Error code: " + ret); return IntPtr.Zero; } @@ -3376,30 +3389,30 @@ namespace wolfSSL.CSharp } catch (Exception ex) { - log(ERROR_LOG, "Dilithium key allocation exception: " + ex.ToString()); + log(ERROR_LOG, "ML-DSA key allocation exception: " + ex.ToString()); return IntPtr.Zero; } finally { if (!success && key != IntPtr.Zero) { - int ret = DilithiumFreeKey(ref key); + int ret = MlDsaFreeKey(ref key); if (ret != 0) { - log(ERROR_LOG, "Failed to free Dilithium key. Error code: " + ret); + log(ERROR_LOG, "Failed to free ML-DSA key. Error code: " + ret); } } } } /// - /// Create a new Dilithium key pair and initialize it with random values + /// Create a new ML-DSA key pair and initialize it with random values /// /// Heap pointer for memory allocation /// Device ID (if applicable) - /// Dilithium security level - /// Pointer to the Dilithium key structure, or IntPtr.Zero on failure - public static IntPtr DilithiumMakeKey(IntPtr heap, int devId, MlDsaLevels level) + /// ML-DSA security level + /// Pointer to the ML-DSA key structure, or IntPtr.Zero on failure + public static IntPtr MlDsaMakeKey(IntPtr heap, int devId, MlDsaLevels level) { IntPtr key = IntPtr.Zero; IntPtr rng = IntPtr.Zero; @@ -3411,28 +3424,28 @@ namespace wolfSSL.CSharp key = wc_dilithium_new(heap, devId); if (key == IntPtr.Zero) { - log(ERROR_LOG, "Failed to allocate and initialize Dilithium key."); + log(ERROR_LOG, "Failed to allocate and initialize ML-DSA key."); return IntPtr.Zero; } ret = wc_dilithium_set_level(key, (byte)level); if (ret != 0) { - log(ERROR_LOG, "Failed to set Dilithium level. Error code: " + ret); + log(ERROR_LOG, "Failed to set ML-DSA level. Error code: " + ret); return IntPtr.Zero; } rng = RandomNew(); if (rng == IntPtr.Zero) { - log(ERROR_LOG, "Failed to create RNG for Dilithium key."); + log(ERROR_LOG, "Failed to create RNG for ML-DSA key."); return IntPtr.Zero; } ret = wc_dilithium_make_key(key, rng); if (ret != 0) { - log(ERROR_LOG, "Failed to make Dilithium key. Error code: " + ret); + log(ERROR_LOG, "Failed to make ML-DSA key. Error code: " + ret); return IntPtr.Zero; } @@ -3441,7 +3454,7 @@ namespace wolfSSL.CSharp } catch (Exception ex) { - log(ERROR_LOG, "Dilithium key creation exception: " + ex.ToString()); + log(ERROR_LOG, "ML-DSA key creation exception: " + ex.ToString()); return IntPtr.Zero; } finally @@ -3452,21 +3465,21 @@ namespace wolfSSL.CSharp } if (!success && key != IntPtr.Zero) { - ret = DilithiumFreeKey(ref key); + ret = MlDsaFreeKey(ref key); if (ret != 0) { - log(ERROR_LOG, "Failed to free Dilithium key. Error code: " + ret); + log(ERROR_LOG, "Failed to free ML-DSA key. Error code: " + ret); } } } } /// - /// Free a Dilithium key structure and release its memory + /// Free an ML-DSA key structure and release its memory /// - /// Pointer to the Dilithium key structure + /// Pointer to the ML-DSA key structure /// 0 on success, negative value on error. - public static int DilithiumFreeKey(ref IntPtr key) + public static int MlDsaFreeKey(ref IntPtr key) { int ret; @@ -3481,12 +3494,12 @@ namespace wolfSSL.CSharp } /// - /// Import a Dilithium public key from a byte array. + /// Import an ML-DSA public key from a byte array. /// - /// Byte array containing the public key (big-endian). - /// Pointer to the Dilithium key structure (must be initialized). + /// Byte array containing the serialized public key. + /// Pointer to the ML-DSA key structure (must be initialized). /// 0 on success, negative value on error. - public static int DilithiumImportPublicKey(byte[] publicKey, IntPtr key) + public static int MlDsaImportPublicKey(byte[] publicKey, IntPtr key) { if (publicKey == null || key == IntPtr.Zero) { @@ -3499,18 +3512,18 @@ namespace wolfSSL.CSharp } catch (Exception e) { - log(ERROR_LOG, "Dilithium import public key exception: " + e.ToString()); + log(ERROR_LOG, "ML-DSA import public key exception: " + e.ToString()); return EXCEPTION_E; } } /// - /// Import a Dilithium private key from a byte array. + /// Import an ML-DSA private key from a byte array. /// /// Byte array containing the private key. - /// Pointer to the Dilithium key structure (must be initialized and have level set). + /// Pointer to the ML-DSA key structure (must be initialized and have level set). /// 0 on success, negative value on error. - public static int DilithiumImportPrivateKey(byte[] privateKey, IntPtr key) + public static int MlDsaImportPrivateKey(byte[] privateKey, IntPtr key) { if (privateKey == null || key == IntPtr.Zero) { @@ -3523,18 +3536,18 @@ namespace wolfSSL.CSharp } catch (Exception e) { - log(ERROR_LOG, "Dilithium import private key exception: " + e.ToString()); + log(ERROR_LOG, "ML-DSA import private key exception: " + e.ToString()); return EXCEPTION_E; } } /// - /// Export a Dilithium private key to a byte array. + /// Export an ML-DSA private key to a byte array. /// - /// Pointer to the Dilithium key structure. + /// Pointer to the ML-DSA key structure. /// Output byte array containing the private key. /// 0 on success, negative value on error. - public static int DilithiumExportPrivateKey(IntPtr key, out byte[] privateKey) + public static int MlDsaExportPrivateKey(IntPtr key, out byte[] privateKey) { privateKey = null; int ret = 0; @@ -3551,7 +3564,7 @@ namespace wolfSSL.CSharp ret = wc_MlDsaKey_GetPrivLen(key, ref privLen); if (ret != 0 || privLen <= 0) { - log(ERROR_LOG, "Failed to get Dilithium private key length. Error code: " + ret); + log(ERROR_LOG, "Failed to get ML-DSA private key length. Error code: " + ret); return (ret != 0) ? ret : BAD_FUNC_ARG; } @@ -3560,7 +3573,7 @@ namespace wolfSSL.CSharp ret = wc_dilithium_export_private(key, privateKey, ref outLen); if (ret != 0) { - log(ERROR_LOG, "Failed to export Dilithium private key. Error code: " + ret); + log(ERROR_LOG, "Failed to export ML-DSA private key. Error code: " + ret); privateKey = null; return ret; } @@ -3571,7 +3584,7 @@ namespace wolfSSL.CSharp } catch (Exception e) { - log(ERROR_LOG, "Dilithium export private key exception: " + e.ToString()); + log(ERROR_LOG, "ML-DSA export private key exception: " + e.ToString()); privateKey = null; return EXCEPTION_E; } @@ -3579,12 +3592,12 @@ namespace wolfSSL.CSharp } /// - /// Export a Dilithium public key to a byte array. + /// Export an ML-DSA public key to a byte array. /// - /// Pointer to the Dilithium key structure. + /// Pointer to the ML-DSA key structure. /// Output byte array containing the public key. /// 0 on success, negative value on error. - public static int DilithiumExportPublicKey(IntPtr key, out byte[] publicKey) + public static int MlDsaExportPublicKey(IntPtr key, out byte[] publicKey) { publicKey = null; int ret = 0; @@ -3601,7 +3614,7 @@ namespace wolfSSL.CSharp ret = wc_MlDsaKey_GetPubLen(key, ref pubLen); if (ret != 0 || pubLen <= 0) { - log(ERROR_LOG, "Failed to get Dilithium public key length. Error code: " + ret); + log(ERROR_LOG, "Failed to get ML-DSA public key length. Error code: " + ret); return (ret != 0) ? ret : BAD_FUNC_ARG; } @@ -3610,7 +3623,7 @@ namespace wolfSSL.CSharp ret = wc_dilithium_export_public(key, publicKey, ref outLen); if (ret != 0) { - log(ERROR_LOG, "Failed to export Dilithium public key. Error code: " + ret); + log(ERROR_LOG, "Failed to export ML-DSA public key. Error code: " + ret); publicKey = null; return ret; } @@ -3621,7 +3634,7 @@ namespace wolfSSL.CSharp } catch (Exception e) { - log(ERROR_LOG, "Dilithium export public key exception: " + e.ToString()); + log(ERROR_LOG, "ML-DSA export public key exception: " + e.ToString()); publicKey = null; return EXCEPTION_E; } @@ -3629,13 +3642,13 @@ namespace wolfSSL.CSharp } /// - /// Sign a message using a Dilithium private key + /// Sign a message using an ML-DSA private key /// - /// Pointer to the Dilithium key structure + /// Pointer to the ML-DSA key structure /// Message to sign /// Output byte array for the signature /// 0 on success, otherwise an error code - public static int DilithiumSignMsg(IntPtr key, byte[] msg, out byte[] sig) + public static int MlDsaSignMsg(IntPtr key, byte[] msg, out byte[] sig) { int ret; int sigLen = 0; @@ -3653,7 +3666,7 @@ namespace wolfSSL.CSharp ret = wc_MlDsaKey_GetSigLen(key, ref sigLen); if (ret != 0 || sigLen <= 0) { - log(ERROR_LOG, "Failed to get Dilithium signature length. Error code: " + ret); + log(ERROR_LOG, "Failed to get ML-DSA signature length. Error code: " + ret); return (ret != 0) ? ret : BAD_FUNC_ARG; } @@ -3662,14 +3675,14 @@ namespace wolfSSL.CSharp rng = RandomNew(); if (rng == IntPtr.Zero) { - log(ERROR_LOG, "Failed to create RNG for Dilithium signing."); + log(ERROR_LOG, "Failed to create RNG for ML-DSA signing."); return MEMORY_E; } /* FIPS 204 sign with empty context (ctx=null, ctxLen=0). */ ret = wc_dilithium_sign_ctx_msg(null, 0, msg, (uint)msg.Length, sig, ref outLen, key, rng); if (ret != 0) { - log(ERROR_LOG, "Failed to sign message with Dilithium key. Error code: " + ret); + log(ERROR_LOG, "Failed to sign message with ML-DSA key. Error code: " + ret); return ret; } if (outLen != (uint)sigLen) @@ -3679,7 +3692,7 @@ namespace wolfSSL.CSharp } catch (Exception e) { - log(ERROR_LOG, "Dilithium sign message exception: " + e.ToString()); + log(ERROR_LOG, "ML-DSA sign message exception: " + e.ToString()); return EXCEPTION_E; } finally @@ -3692,13 +3705,13 @@ namespace wolfSSL.CSharp } /// - /// Verify a Dilithium signature + /// Verify an ML-DSA signature /// - /// Pointer to the Dilithium key structure + /// Pointer to the ML-DSA key structure /// Message that was signed /// Signature to verify /// 0 if the signature is valid, otherwise an error code - public static int DilithiumVerifyMsg(IntPtr key, byte[] msg, byte[] sig) + public static int MlDsaVerifyMsg(IntPtr key, byte[] msg, byte[] sig) { int ret; int res = 0; @@ -3714,18 +3727,18 @@ namespace wolfSSL.CSharp ret = wc_dilithium_verify_ctx_msg(sig, (uint)sig.Length, null, 0, msg, (uint)msg.Length, ref res, key); if (ret != 0) { - log(ERROR_LOG, "Failed to verify message with Dilithium key. Error code: " + ret); + log(ERROR_LOG, "Failed to verify message with ML-DSA key. Error code: " + ret); return ret; } if (res != 1) { - log(ERROR_LOG, "Dilithium signature verification failed (invalid signature)."); + log(ERROR_LOG, "ML-DSA signature verification failed (invalid signature)."); return SIG_VERIFY_E; } } catch (Exception e) { - log(ERROR_LOG, "Dilithium verify message exception: " + e.ToString()); + log(ERROR_LOG, "ML-DSA verify message exception: " + e.ToString()); return EXCEPTION_E; } return SUCCESS;