mirror of https://github.com/wolfSSL/wolfssl.git
David Garske
GitHub
commit
20ae10fd8c
105
src/internal.c
105
src/internal.c
|
|
@ -14917,6 +14917,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
|
||||||
break;
|
break;
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
case DILITHIUM_LEVEL2k:
|
case DILITHIUM_LEVEL2k:
|
||||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||||
DILITHIUM_LEVEL2_KEY_SIZE
|
DILITHIUM_LEVEL2_KEY_SIZE
|
||||||
|
|
@ -14941,6 +14942,31 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
|
||||||
ret = DILITHIUM_KEY_SIZE_E;
|
ret = DILITHIUM_KEY_SIZE_E;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
case ML_DSA_LEVEL2k:
|
||||||
|
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||||
|
ML_DSA_LEVEL2_KEY_SIZE
|
||||||
|
< (word16)ssl->options.minDilithiumKeySz) {
|
||||||
|
WOLFSSL_MSG("Dilithium key size in cert chain error");
|
||||||
|
ret = DILITHIUM_KEY_SIZE_E;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ML_DSA_LEVEL3k:
|
||||||
|
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||||
|
ML_DSA_LEVEL3_KEY_SIZE
|
||||||
|
< (word16)ssl->options.minDilithiumKeySz) {
|
||||||
|
WOLFSSL_MSG( "Dilithium key size in cert chain error");
|
||||||
|
ret = DILITHIUM_KEY_SIZE_E;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ML_DSA_LEVEL5k:
|
||||||
|
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||||
|
ML_DSA_LEVEL5_KEY_SIZE
|
||||||
|
< (word16)ssl->options.minDilithiumKeySz) {
|
||||||
|
WOLFSSL_MSG("Dilithium key size in cert chain error");
|
||||||
|
ret = DILITHIUM_KEY_SIZE_E;
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* HAVE_DILITHIUM */
|
#endif /* HAVE_DILITHIUM */
|
||||||
default:
|
default:
|
||||||
WOLFSSL_MSG("Key size not checked");
|
WOLFSSL_MSG("Key size not checked");
|
||||||
|
|
@ -16596,9 +16622,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#if defined(HAVE_DILITHIUM) && \
|
#if defined(HAVE_DILITHIUM) && \
|
||||||
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||||
|
case ML_DSA_LEVEL2k:
|
||||||
|
case ML_DSA_LEVEL3k:
|
||||||
|
case ML_DSA_LEVEL5k:
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
case DILITHIUM_LEVEL2k:
|
case DILITHIUM_LEVEL2k:
|
||||||
case DILITHIUM_LEVEL3k:
|
case DILITHIUM_LEVEL3k:
|
||||||
case DILITHIUM_LEVEL5k:
|
case DILITHIUM_LEVEL5k:
|
||||||
|
#endif
|
||||||
{
|
{
|
||||||
int keyRet = 0;
|
int keyRet = 0;
|
||||||
if (ssl->peerDilithiumKey == NULL) {
|
if (ssl->peerDilithiumKey == NULL) {
|
||||||
|
|
@ -16612,18 +16643,32 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keyRet == 0) {
|
if (keyRet == 0) {
|
||||||
if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
|
if (args->dCert->keyOID == ML_DSA_LEVEL2k) {
|
||||||
keyRet = wc_dilithium_set_level(
|
keyRet = wc_dilithium_set_level(
|
||||||
ssl->peerDilithiumKey, 2);
|
ssl->peerDilithiumKey, WC_ML_DSA_44);
|
||||||
|
}
|
||||||
|
else if (args->dCert->keyOID == ML_DSA_LEVEL3k) {
|
||||||
|
keyRet = wc_dilithium_set_level(
|
||||||
|
ssl->peerDilithiumKey, WC_ML_DSA_65);
|
||||||
|
}
|
||||||
|
else if (args->dCert->keyOID == ML_DSA_LEVEL5k) {
|
||||||
|
keyRet = wc_dilithium_set_level(
|
||||||
|
ssl->peerDilithiumKey, WC_ML_DSA_87);
|
||||||
|
}
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
else if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
|
||||||
|
keyRet = wc_dilithium_set_level(
|
||||||
|
ssl->peerDilithiumKey, WC_ML_DSA_44_DRAFT);
|
||||||
}
|
}
|
||||||
else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
|
else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
|
||||||
keyRet = wc_dilithium_set_level(
|
keyRet = wc_dilithium_set_level(
|
||||||
ssl->peerDilithiumKey, 3);
|
ssl->peerDilithiumKey, WC_ML_DSA_65_DRAFT);
|
||||||
}
|
}
|
||||||
else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
|
else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
|
||||||
keyRet = wc_dilithium_set_level(
|
keyRet = wc_dilithium_set_level(
|
||||||
ssl->peerDilithiumKey, 5);
|
ssl->peerDilithiumKey, WC_ML_DSA_87_DRAFT);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keyRet != 0 ||
|
if (keyRet != 0 ||
|
||||||
|
|
@ -28542,6 +28587,7 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
|
||||||
}
|
}
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#ifdef HAVE_DILITHIUM
|
#ifdef HAVE_DILITHIUM
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2) {
|
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2) {
|
||||||
/* Certificate has Dilithium level 2 key, only match with it. */
|
/* Certificate has Dilithium level 2 key, only match with it. */
|
||||||
return sigAlgo == dilithium_level2_sa_algo;
|
return sigAlgo == dilithium_level2_sa_algo;
|
||||||
|
|
@ -28554,6 +28600,19 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
|
||||||
/* Certificate has Dilithium level 5 key, only match with it. */
|
/* Certificate has Dilithium level 5 key, only match with it. */
|
||||||
return sigAlgo == dilithium_level5_sa_algo;
|
return sigAlgo == dilithium_level5_sa_algo;
|
||||||
}
|
}
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2) {
|
||||||
|
/* Certificate has ML-DSA level 2 key, only match with it. */
|
||||||
|
return sigAlgo == dilithium_level2_sa_algo;
|
||||||
|
}
|
||||||
|
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL3) {
|
||||||
|
/* Certificate has ML-DSA level 3 key, only match with it. */
|
||||||
|
return sigAlgo == dilithium_level3_sa_algo;
|
||||||
|
}
|
||||||
|
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL5) {
|
||||||
|
/* Certificate has ML-DSA level 5 key, only match with it. */
|
||||||
|
return sigAlgo == dilithium_level5_sa_algo;
|
||||||
|
}
|
||||||
#endif /* HAVE_DILITHIUM */
|
#endif /* HAVE_DILITHIUM */
|
||||||
#ifdef WC_RSA_PSS
|
#ifdef WC_RSA_PSS
|
||||||
/* RSA certificate and PSS sig alg. */
|
/* RSA certificate and PSS sig alg. */
|
||||||
|
|
@ -28716,10 +28775,16 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz,
|
||||||
}
|
}
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2 ||
|
if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2 ||
|
||||||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 ||
|
ssl->pkCurveOID == CTC_ML_DSA_LEVEL3 ||
|
||||||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) {
|
ssl->pkCurveOID == CTC_ML_DSA_LEVEL5
|
||||||
/* Matched Dilithium - set chosen and finished. */
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2
|
||||||
|
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3
|
||||||
|
|| ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
) {
|
||||||
|
/* Matched ML-DSA or Dilithium - set chosen and finished. */
|
||||||
ssl->options.sigAlgo = sigAlgo;
|
ssl->options.sigAlgo = sigAlgo;
|
||||||
ssl->options.hashAlgo = hashAlgo;
|
ssl->options.hashAlgo = hashAlgo;
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
@ -29347,13 +29412,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
|
||||||
}
|
}
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
|
if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44);
|
||||||
}
|
}
|
||||||
else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
|
else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65);
|
||||||
}
|
}
|
||||||
else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
|
else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
|
|
@ -29687,13 +29752,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
|
if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44);
|
||||||
}
|
}
|
||||||
else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
|
else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65);
|
||||||
}
|
}
|
||||||
else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
|
else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
/* What if ssl->buffers.keyType is 0? We might want to do something
|
/* What if ssl->buffers.keyType is 0? We might want to do something
|
||||||
|
|
@ -29900,15 +29965,15 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
|
if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
|
||||||
ret = wc_dilithium_set_level(
|
ret = wc_dilithium_set_level(
|
||||||
(dilithium_key*)ssl->hsAltKey, 2);
|
(dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44);
|
||||||
}
|
}
|
||||||
else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
|
else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
|
||||||
ret = wc_dilithium_set_level(
|
ret = wc_dilithium_set_level(
|
||||||
(dilithium_key*)ssl->hsAltKey, 3);
|
(dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65);
|
||||||
}
|
}
|
||||||
else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
|
else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
|
||||||
ret = wc_dilithium_set_level(
|
ret = wc_dilithium_set_level(
|
||||||
(dilithium_key*)ssl->hsAltKey, 5);
|
(dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
|
|
@ -30119,13 +30184,13 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
|
if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 2);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44);
|
||||||
}
|
}
|
||||||
else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
|
else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 3);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65);
|
||||||
}
|
}
|
||||||
else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
|
else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) {
|
||||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 5);
|
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
/* What if ssl->buffers.keyType is 0? We might want to do something
|
/* What if ssl->buffers.keyType is 0? We might want to do something
|
||||||
|
|
|
||||||
91
src/ssl.c
91
src/ssl.c
|
|
@ -5790,6 +5790,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||||
break;
|
break;
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
case DILITHIUM_LEVEL2k:
|
case DILITHIUM_LEVEL2k:
|
||||||
if (cm->minDilithiumKeySz < 0 ||
|
if (cm->minDilithiumKeySz < 0 ||
|
||||||
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||||
|
|
@ -5811,6 +5812,28 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||||
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
|
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
case ML_DSA_LEVEL2k:
|
||||||
|
if (cm->minDilithiumKeySz < 0 ||
|
||||||
|
ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||||
|
ret = DILITHIUM_KEY_SIZE_E;
|
||||||
|
WOLFSSL_MSG("\tCA Dilithium level 2 key size error");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ML_DSA_LEVEL3k:
|
||||||
|
if (cm->minDilithiumKeySz < 0 ||
|
||||||
|
ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||||
|
ret = DILITHIUM_KEY_SIZE_E;
|
||||||
|
WOLFSSL_MSG("\tCA Dilithium level 3 key size error");
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ML_DSA_LEVEL5k:
|
||||||
|
if (cm->minDilithiumKeySz < 0 ||
|
||||||
|
ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||||
|
ret = DILITHIUM_KEY_SIZE_E;
|
||||||
|
WOLFSSL_MSG("\tCA Dilithium level 5 key size error");
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* HAVE_DILITHIUM */
|
#endif /* HAVE_DILITHIUM */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
@ -6829,9 +6852,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
if ((keyOID == DILITHIUM_LEVEL2k) ||
|
if ((keyOID == ML_DSA_LEVEL2k) ||
|
||||||
(keyOID == DILITHIUM_LEVEL3k) ||
|
(keyOID == ML_DSA_LEVEL3k) ||
|
||||||
(keyOID == DILITHIUM_LEVEL5k)) {
|
(keyOID == ML_DSA_LEVEL5k)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL2k)
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL3k)
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL5k)
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
) {
|
||||||
type = DYNAMIC_TYPE_DILITHIUM;
|
type = DYNAMIC_TYPE_DILITHIUM;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -6861,9 +6890,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
if ((keyOID == DILITHIUM_LEVEL2k) ||
|
if ((keyOID == ML_DSA_LEVEL2k) ||
|
||||||
(keyOID == DILITHIUM_LEVEL3k) ||
|
(keyOID == ML_DSA_LEVEL3k) ||
|
||||||
(keyOID == DILITHIUM_LEVEL5k)) {
|
(keyOID == ML_DSA_LEVEL5k)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL2k)
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL3k)
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL5k)
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
) {
|
||||||
ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
|
ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
|
||||||
WC_PQC_SIG_TYPE_DILITHIUM,
|
WC_PQC_SIG_TYPE_DILITHIUM,
|
||||||
pubKey, pubSz);
|
pubKey, pubSz);
|
||||||
|
|
@ -6900,9 +6935,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
if ((keyOID == DILITHIUM_LEVEL2k) ||
|
if ((keyOID == ML_DSA_LEVEL2k) ||
|
||||||
(keyOID == DILITHIUM_LEVEL3k) ||
|
(keyOID == ML_DSA_LEVEL3k) ||
|
||||||
(keyOID == DILITHIUM_LEVEL5k)) {
|
(keyOID == ML_DSA_LEVEL5k)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL2k) ||
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL3k) ||
|
||||||
|
|| (keyOID == DILITHIUM_LEVEL5k)
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
) {
|
||||||
wc_dilithium_free((dilithium_key*)pkey);
|
wc_dilithium_free((dilithium_key*)pkey);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -7732,31 +7773,31 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
|
||||||
|
|
||||||
/* Test if Dilithium key. Try all levels. */
|
/* Test if Dilithium key. Try all levels. */
|
||||||
if (priv) {
|
if (priv) {
|
||||||
isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) &&
|
isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) &&
|
||||||
(wc_dilithium_import_private(mem,
|
(wc_dilithium_import_private(mem,
|
||||||
(word32)memSz, dilithium) == 0));
|
(word32)memSz, dilithium) == 0));
|
||||||
if (!isDilithium) {
|
if (!isDilithium) {
|
||||||
isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) &&
|
isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) &&
|
||||||
(wc_dilithium_import_private(mem,
|
(wc_dilithium_import_private(mem,
|
||||||
(word32)memSz, dilithium) == 0));
|
(word32)memSz, dilithium) == 0));
|
||||||
}
|
}
|
||||||
if (!isDilithium) {
|
if (!isDilithium) {
|
||||||
isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) &&
|
isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) &&
|
||||||
(wc_dilithium_import_private(mem,
|
(wc_dilithium_import_private(mem,
|
||||||
(word32)memSz, dilithium) == 0));
|
(word32)memSz, dilithium) == 0));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) &&
|
isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) &&
|
||||||
(wc_dilithium_import_public(mem, (word32)memSz,
|
(wc_dilithium_import_public(mem, (word32)memSz,
|
||||||
dilithium) == 0));
|
dilithium) == 0));
|
||||||
if (!isDilithium) {
|
if (!isDilithium) {
|
||||||
isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) &&
|
isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) &&
|
||||||
(wc_dilithium_import_public(mem, (word32)memSz,
|
(wc_dilithium_import_public(mem, (word32)memSz,
|
||||||
dilithium) == 0));
|
dilithium) == 0));
|
||||||
}
|
}
|
||||||
if (!isDilithium) {
|
if (!isDilithium) {
|
||||||
isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) &&
|
isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) &&
|
||||||
(wc_dilithium_import_public(mem, (word32)memSz,
|
(wc_dilithium_import_public(mem, (word32)memSz,
|
||||||
dilithium) == 0));
|
dilithium) == 0));
|
||||||
}
|
}
|
||||||
|
|
@ -12084,13 +12125,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||||
*sigAlgo = FALCON_LEVEL5k;
|
*sigAlgo = FALCON_LEVEL5k;
|
||||||
break;
|
break;
|
||||||
case dilithium_level2_sa_algo:
|
case dilithium_level2_sa_algo:
|
||||||
*sigAlgo = DILITHIUM_LEVEL2k;
|
*sigAlgo = ML_DSA_LEVEL2k;
|
||||||
break;
|
break;
|
||||||
case dilithium_level3_sa_algo:
|
case dilithium_level3_sa_algo:
|
||||||
*sigAlgo = DILITHIUM_LEVEL3k;
|
*sigAlgo = ML_DSA_LEVEL3k;
|
||||||
break;
|
break;
|
||||||
case dilithium_level5_sa_algo:
|
case dilithium_level5_sa_algo:
|
||||||
*sigAlgo = DILITHIUM_LEVEL5k;
|
*sigAlgo = ML_DSA_LEVEL5k;
|
||||||
break;
|
break;
|
||||||
case sm2_sa_algo:
|
case sm2_sa_algo:
|
||||||
*sigAlgo = SM2k;
|
*sigAlgo = SM2k;
|
||||||
|
|
@ -18398,12 +18439,20 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
|
||||||
"Falcon Level 5"},
|
"Falcon Level 5"},
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#ifdef HAVE_DILITHIUM
|
#ifdef HAVE_DILITHIUM
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
{ CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k, oidKeyType,
|
{ CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k, oidKeyType,
|
||||||
"Dilithium Level 2", "Dilithium Level 2"},
|
"Dilithium Level 2", "Dilithium Level 2"},
|
||||||
{ CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k, oidKeyType,
|
{ CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k, oidKeyType,
|
||||||
"Dilithium Level 3", "Dilithium Level 3"},
|
"Dilithium Level 3", "Dilithium Level 3"},
|
||||||
{ CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType,
|
{ CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType,
|
||||||
"Dilithium Level 5", "Dilithium Level 5"},
|
"Dilithium Level 5", "Dilithium Level 5"},
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
{ CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k, oidKeyType,
|
||||||
|
"ML_DSA Level 2", "ML_DSA Level 2"},
|
||||||
|
{ CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k, oidKeyType,
|
||||||
|
"ML_DSA Level 3", "ML_DSA Level 3"},
|
||||||
|
{ CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k, oidKeyType,
|
||||||
|
"ML_DSA Level 5", "ML_DSA Level 5"},
|
||||||
#endif /* HAVE_DILITHIUM */
|
#endif /* HAVE_DILITHIUM */
|
||||||
|
|
||||||
/* oidCurveType */
|
/* oidCurveType */
|
||||||
|
|
@ -18786,13 +18835,13 @@ static int SaToNid(byte sa, int* nid)
|
||||||
*nid = CTC_FALCON_LEVEL5;
|
*nid = CTC_FALCON_LEVEL5;
|
||||||
break;
|
break;
|
||||||
case dilithium_level2_sa_algo:
|
case dilithium_level2_sa_algo:
|
||||||
*nid = CTC_DILITHIUM_LEVEL2;
|
*nid = CTC_ML_DSA_LEVEL2;
|
||||||
break;
|
break;
|
||||||
case dilithium_level3_sa_algo:
|
case dilithium_level3_sa_algo:
|
||||||
*nid = CTC_DILITHIUM_LEVEL3;
|
*nid = CTC_ML_DSA_LEVEL3;
|
||||||
break;
|
break;
|
||||||
case dilithium_level5_sa_algo:
|
case dilithium_level5_sa_algo:
|
||||||
*nid = CTC_DILITHIUM_LEVEL5;
|
*nid = CTC_ML_DSA_LEVEL5;
|
||||||
break;
|
break;
|
||||||
case sm2_sa_algo:
|
case sm2_sa_algo:
|
||||||
*nid = WC_NID_sm2;
|
*nid = WC_NID_sm2;
|
||||||
|
|
|
||||||
129
src/ssl_load.c
129
src/ssl_load.c
|
|
@ -961,21 +961,38 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
ret = wc_dilithium_init(key);
|
ret = wc_dilithium_init(key);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
/* Set up key to parse the format specified. */
|
/* Set up key to parse the format specified. */
|
||||||
if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) &&
|
if ((*keyFormat == ML_DSA_LEVEL2k) || ((*keyFormat == 0) &&
|
||||||
|
((der->length == ML_DSA_LEVEL2_KEY_SIZE) ||
|
||||||
|
(der->length == ML_DSA_LEVEL2_PRV_KEY_SIZE)))) {
|
||||||
|
ret = wc_dilithium_set_level(key, WC_ML_DSA_44);
|
||||||
|
}
|
||||||
|
else if ((*keyFormat == ML_DSA_LEVEL3k) || ((*keyFormat == 0) &&
|
||||||
|
((der->length == ML_DSA_LEVEL3_KEY_SIZE) ||
|
||||||
|
(der->length == ML_DSA_LEVEL3_PRV_KEY_SIZE)))) {
|
||||||
|
ret = wc_dilithium_set_level(key, WC_ML_DSA_65);
|
||||||
|
}
|
||||||
|
else if ((*keyFormat == ML_DSA_LEVEL5k) || ((*keyFormat == 0) &&
|
||||||
|
((der->length == ML_DSA_LEVEL5_KEY_SIZE) ||
|
||||||
|
(der->length == ML_DSA_LEVEL5_PRV_KEY_SIZE)))) {
|
||||||
|
ret = wc_dilithium_set_level(key, WC_ML_DSA_87);
|
||||||
|
}
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
else if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) &&
|
||||||
((der->length == DILITHIUM_LEVEL2_KEY_SIZE) ||
|
((der->length == DILITHIUM_LEVEL2_KEY_SIZE) ||
|
||||||
(der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) {
|
(der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) {
|
||||||
ret = wc_dilithium_set_level(key, 2);
|
ret = wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT);
|
||||||
}
|
}
|
||||||
else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) &&
|
else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) &&
|
||||||
((der->length == DILITHIUM_LEVEL3_KEY_SIZE) ||
|
((der->length == DILITHIUM_LEVEL3_KEY_SIZE) ||
|
||||||
(der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) {
|
(der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) {
|
||||||
ret = wc_dilithium_set_level(key, 3);
|
ret = wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT);
|
||||||
}
|
}
|
||||||
else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) &&
|
else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) &&
|
||||||
((der->length == DILITHIUM_LEVEL5_KEY_SIZE) ||
|
((der->length == DILITHIUM_LEVEL5_KEY_SIZE) ||
|
||||||
(der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) {
|
(der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) {
|
||||||
ret = wc_dilithium_set_level(key, 5);
|
ret = wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT);
|
||||||
}
|
}
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
else {
|
else {
|
||||||
wc_dilithium_free(key);
|
wc_dilithium_free(key);
|
||||||
ret = ALGO_ID_E;
|
ret = ALGO_ID_E;
|
||||||
|
|
@ -993,7 +1010,20 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
ctx->minDilithiumKeySz;
|
ctx->minDilithiumKeySz;
|
||||||
|
|
||||||
/* Format is known. */
|
/* Format is known. */
|
||||||
if (*keyFormat == DILITHIUM_LEVEL2k) {
|
if (*keyFormat == ML_DSA_LEVEL2k) {
|
||||||
|
*keyType = dilithium_level2_sa_algo;
|
||||||
|
*keySize = ML_DSA_LEVEL2_KEY_SIZE;
|
||||||
|
}
|
||||||
|
else if (*keyFormat == ML_DSA_LEVEL3k) {
|
||||||
|
*keyType = dilithium_level3_sa_algo;
|
||||||
|
*keySize = ML_DSA_LEVEL3_KEY_SIZE;
|
||||||
|
}
|
||||||
|
else if (*keyFormat == ML_DSA_LEVEL5k) {
|
||||||
|
*keyType = dilithium_level5_sa_algo;
|
||||||
|
*keySize = ML_DSA_LEVEL5_KEY_SIZE;
|
||||||
|
}
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
else if (*keyFormat == DILITHIUM_LEVEL2k) {
|
||||||
*keyType = dilithium_level2_sa_algo;
|
*keyType = dilithium_level2_sa_algo;
|
||||||
*keySize = DILITHIUM_LEVEL2_KEY_SIZE;
|
*keySize = DILITHIUM_LEVEL2_KEY_SIZE;
|
||||||
}
|
}
|
||||||
|
|
@ -1005,6 +1035,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
*keyType = dilithium_level5_sa_algo;
|
*keyType = dilithium_level5_sa_algo;
|
||||||
*keySize = DILITHIUM_LEVEL5_KEY_SIZE;
|
*keySize = DILITHIUM_LEVEL5_KEY_SIZE;
|
||||||
}
|
}
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
|
||||||
/* Check that the size of the Dilithium key is enough. */
|
/* Check that the size of the Dilithium key is enough. */
|
||||||
if (*keySize < minKeySz) {
|
if (*keySize < minKeySz) {
|
||||||
|
|
@ -1147,9 +1178,17 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
||||||
/* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown.
|
/* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown.
|
||||||
*/
|
*/
|
||||||
if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == DILITHIUM_LEVEL2k) ||
|
if ((ret == 0) &&
|
||||||
(*keyFormat == DILITHIUM_LEVEL3k) ||
|
((*keyFormat == 0) ||
|
||||||
(*keyFormat == DILITHIUM_LEVEL5k))) {
|
(*keyFormat == ML_DSA_LEVEL2k) ||
|
||||||
|
(*keyFormat == ML_DSA_LEVEL3k) ||
|
||||||
|
(*keyFormat == ML_DSA_LEVEL5k)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
|| (*keyFormat == DILITHIUM_LEVEL2k) ||
|
||||||
|
|| (*keyFormat == DILITHIUM_LEVEL3k) ||
|
||||||
|
|| (*keyFormat == DILITHIUM_LEVEL5k)
|
||||||
|
#endif
|
||||||
|
)) {
|
||||||
ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap,
|
ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap,
|
||||||
keyType, keySz);
|
keyType, keySz);
|
||||||
}
|
}
|
||||||
|
|
@ -1461,9 +1500,14 @@ static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
break;
|
break;
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#ifdef HAVE_DILITHIUM
|
#ifdef HAVE_DILITHIUM
|
||||||
|
case ML_DSA_LEVEL2k:
|
||||||
|
case ML_DSA_LEVEL3k:
|
||||||
|
case ML_DSA_LEVEL5k:
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
case DILITHIUM_LEVEL2k:
|
case DILITHIUM_LEVEL2k:
|
||||||
case DILITHIUM_LEVEL3k:
|
case DILITHIUM_LEVEL3k:
|
||||||
case DILITHIUM_LEVEL5k:
|
case DILITHIUM_LEVEL5k:
|
||||||
|
#endif
|
||||||
if (ssl != NULL) {
|
if (ssl != NULL) {
|
||||||
ssl->options.haveDilithiumSig = 1;
|
ssl->options.haveDilithiumSig = 1;
|
||||||
}
|
}
|
||||||
|
|
@ -1532,9 +1576,14 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_DILITHIUM
|
#ifdef HAVE_DILITHIUM
|
||||||
|
case CTC_ML_DSA_LEVEL2:
|
||||||
|
case CTC_ML_DSA_LEVEL3:
|
||||||
|
case CTC_ML_DSA_LEVEL5:
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
case CTC_DILITHIUM_LEVEL2:
|
case CTC_DILITHIUM_LEVEL2:
|
||||||
case CTC_DILITHIUM_LEVEL3:
|
case CTC_DILITHIUM_LEVEL3:
|
||||||
case CTC_DILITHIUM_LEVEL5:
|
case CTC_DILITHIUM_LEVEL5:
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
WOLFSSL_MSG("Dilithium cert signature");
|
WOLFSSL_MSG("Dilithium cert signature");
|
||||||
if (ssl) {
|
if (ssl) {
|
||||||
ssl->options.haveDilithiumSig = 1;
|
ssl->options.haveDilithiumSig = 1;
|
||||||
|
|
@ -1705,6 +1754,7 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
break;
|
break;
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
case DILITHIUM_LEVEL2k:
|
case DILITHIUM_LEVEL2k:
|
||||||
keyType = dilithium_level2_sa_algo;
|
keyType = dilithium_level2_sa_algo;
|
||||||
/* Dilithium is fixed key size */
|
/* Dilithium is fixed key size */
|
||||||
|
|
@ -1735,6 +1785,37 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
DILITHIUM_KEY_SIZE_E);
|
DILITHIUM_KEY_SIZE_E);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
case ML_DSA_LEVEL2k:
|
||||||
|
keyType = dilithium_level2_sa_algo;
|
||||||
|
/* Dilithium is fixed key size */
|
||||||
|
keySz = ML_DSA_LEVEL2_KEY_SIZE;
|
||||||
|
if (checkKeySz) {
|
||||||
|
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||||
|
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||||
|
DILITHIUM_KEY_SIZE_E);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ML_DSA_LEVEL3k:
|
||||||
|
keyType = dilithium_level3_sa_algo;
|
||||||
|
/* Dilithium is fixed key size */
|
||||||
|
keySz = ML_DSA_LEVEL3_KEY_SIZE;
|
||||||
|
if (checkKeySz) {
|
||||||
|
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||||
|
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||||
|
DILITHIUM_KEY_SIZE_E);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ML_DSA_LEVEL5k:
|
||||||
|
keyType = dilithium_level5_sa_algo;
|
||||||
|
/* Dilithium is fixed key size */
|
||||||
|
keySz = ML_DSA_LEVEL5_KEY_SIZE;
|
||||||
|
if (checkKeySz) {
|
||||||
|
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||||
|
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||||
|
DILITHIUM_KEY_SIZE_E);
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* HAVE_DILITHIUM */
|
#endif /* HAVE_DILITHIUM */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
@ -1894,6 +1975,7 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
break;
|
break;
|
||||||
#endif /* HAVE_FALCON */
|
#endif /* HAVE_FALCON */
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
case DILITHIUM_LEVEL2k:
|
case DILITHIUM_LEVEL2k:
|
||||||
keyType = dilithium_level2_sa_algo;
|
keyType = dilithium_level2_sa_algo;
|
||||||
/* Dilithium is fixed key size */
|
/* Dilithium is fixed key size */
|
||||||
|
|
@ -1924,6 +2006,37 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||||
DILITHIUM_KEY_SIZE_E);
|
DILITHIUM_KEY_SIZE_E);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
case ML_DSA_LEVEL2k:
|
||||||
|
keyType = dilithium_level2_sa_algo;
|
||||||
|
/* Dilithium is fixed key size */
|
||||||
|
keySz = ML_DSA_LEVEL2_KEY_SIZE;
|
||||||
|
if (checkKeySz) {
|
||||||
|
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||||
|
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||||
|
DILITHIUM_KEY_SIZE_E);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ML_DSA_LEVEL3k:
|
||||||
|
keyType = dilithium_level3_sa_algo;
|
||||||
|
/* Dilithium is fixed key size */
|
||||||
|
keySz = ML_DSA_LEVEL3_KEY_SIZE;
|
||||||
|
if (checkKeySz) {
|
||||||
|
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||||
|
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||||
|
DILITHIUM_KEY_SIZE_E);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ML_DSA_LEVEL5k:
|
||||||
|
keyType = dilithium_level5_sa_algo;
|
||||||
|
/* Dilithium is fixed key size */
|
||||||
|
keySz = ML_DSA_LEVEL5_KEY_SIZE;
|
||||||
|
if (checkKeySz) {
|
||||||
|
ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
|
||||||
|
ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
|
||||||
|
DILITHIUM_KEY_SIZE_E);
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* HAVE_DILITHIUM */
|
#endif /* HAVE_DILITHIUM */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
|
||||||
|
|
@ -10150,13 +10150,13 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_DILITHIUM
|
#ifdef HAVE_DILITHIUM
|
||||||
case dilithium_level2_sa_algo:
|
case dilithium_level2_sa_algo:
|
||||||
ret = decodeDilithiumKey(ssl, 2);
|
ret = decodeDilithiumKey(ssl, WC_ML_DSA_44);
|
||||||
break;
|
break;
|
||||||
case dilithium_level3_sa_algo:
|
case dilithium_level3_sa_algo:
|
||||||
ret = decodeDilithiumKey(ssl, 3);
|
ret = decodeDilithiumKey(ssl, WC_ML_DSA_65);
|
||||||
break;
|
break;
|
||||||
case dilithium_level5_sa_algo:
|
case dilithium_level5_sa_algo:
|
||||||
ret = decodeDilithiumKey(ssl, 5);
|
ret = decodeDilithiumKey(ssl, WC_ML_DSA_87);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_FALCON
|
#ifdef HAVE_FALCON
|
||||||
|
|
|
||||||
46
src/x509.c
46
src/x509.c
|
|
@ -11107,9 +11107,15 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) ||
|
if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
|
||||||
(x509->pubKeyOID == DILITHIUM_LEVEL3k) ||
|
(x509->pubKeyOID == ML_DSA_LEVEL3k) ||
|
||||||
(x509->pubKeyOID == DILITHIUM_LEVEL5k)) {
|
(x509->pubKeyOID == ML_DSA_LEVEL5k)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
|| (x509->pubKeyOID == DILITHIUM_LEVEL2k)
|
||||||
|
|| (x509->pubKeyOID == DILITHIUM_LEVEL3k)
|
||||||
|
|| (x509->pubKeyOID == DILITHIUM_LEVEL5k)
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
) {
|
||||||
dilithium = (dilithium_key*)XMALLOC(sizeof(dilithium_key), NULL,
|
dilithium = (dilithium_key*)XMALLOC(sizeof(dilithium_key), NULL,
|
||||||
DYNAMIC_TYPE_DILITHIUM);
|
DYNAMIC_TYPE_DILITHIUM);
|
||||||
if (dilithium == NULL) {
|
if (dilithium == NULL) {
|
||||||
|
|
@ -11125,18 +11131,32 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (x509->pubKeyOID == DILITHIUM_LEVEL2k) {
|
if (x509->pubKeyOID == ML_DSA_LEVEL2k) {
|
||||||
|
type = ML_DSA_LEVEL2_TYPE;
|
||||||
|
wc_dilithium_set_level(dilithium, WC_ML_DSA_44);
|
||||||
|
}
|
||||||
|
else if (x509->pubKeyOID == ML_DSA_LEVEL3k) {
|
||||||
|
type = ML_DSA_LEVEL3_TYPE;
|
||||||
|
wc_dilithium_set_level(dilithium, WC_ML_DSA_65);
|
||||||
|
}
|
||||||
|
else if (x509->pubKeyOID == ML_DSA_LEVEL5k) {
|
||||||
|
type = ML_DSA_LEVEL5_TYPE;
|
||||||
|
wc_dilithium_set_level(dilithium, WC_ML_DSA_87);
|
||||||
|
}
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
else if (x509->pubKeyOID == DILITHIUM_LEVEL2k) {
|
||||||
type = DILITHIUM_LEVEL2_TYPE;
|
type = DILITHIUM_LEVEL2_TYPE;
|
||||||
wc_dilithium_set_level(dilithium, 2);
|
wc_dilithium_set_level(dilithium, WC_ML_DSA_44_DRAFT);
|
||||||
}
|
}
|
||||||
else if (x509->pubKeyOID == DILITHIUM_LEVEL3k) {
|
else if (x509->pubKeyOID == DILITHIUM_LEVEL3k) {
|
||||||
type = DILITHIUM_LEVEL3_TYPE;
|
type = DILITHIUM_LEVEL3_TYPE;
|
||||||
wc_dilithium_set_level(dilithium, 3);
|
wc_dilithium_set_level(dilithium, WC_ML_DSA_65_DRAFT);
|
||||||
}
|
}
|
||||||
else if (x509->pubKeyOID == DILITHIUM_LEVEL5k) {
|
else if (x509->pubKeyOID == DILITHIUM_LEVEL5k) {
|
||||||
type = DILITHIUM_LEVEL5_TYPE;
|
type = DILITHIUM_LEVEL5_TYPE;
|
||||||
wc_dilithium_set_level(dilithium, 5);
|
wc_dilithium_set_level(dilithium, WC_ML_DSA_87_DRAFT);
|
||||||
}
|
}
|
||||||
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
|
|
||||||
ret = wc_Dilithium_PublicKeyDecode(x509->pubKey.buffer, &idx,
|
ret = wc_Dilithium_PublicKeyDecode(x509->pubKey.buffer, &idx,
|
||||||
dilithium, x509->pubKey.length);
|
dilithium, x509->pubKey.length);
|
||||||
|
|
@ -11317,9 +11337,15 @@ cleanup:
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_DILITHIUM)
|
#if defined(HAVE_DILITHIUM)
|
||||||
if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) ||
|
if ((x509->pubKeyOID == ML_DSA_LEVEL2k) ||
|
||||||
(x509->pubKeyOID == DILITHIUM_LEVEL3k) ||
|
(x509->pubKeyOID == ML_DSA_LEVEL3k) ||
|
||||||
(x509->pubKeyOID == DILITHIUM_LEVEL5k)) {
|
(x509->pubKeyOID == ML_DSA_LEVEL5k)
|
||||||
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
||||||
|
|| (x509->pubKeyOID == DILITHIUM_LEVEL2k)
|
||||||
|
|| (x509->pubKeyOID == DILITHIUM_LEVEL3k)
|
||||||
|
|| (x509->pubKeyOID == DILITHIUM_LEVEL5k)
|
||||||
|
#endif
|
||||||
|
) {
|
||||||
wc_dilithium_free(dilithium);
|
wc_dilithium_free(dilithium);
|
||||||
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
|
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17833,7 +17833,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||||
case DILITHIUM_LEVEL2k:
|
case DILITHIUM_LEVEL2k:
|
||||||
case DILITHIUM_LEVEL3k:
|
case DILITHIUM_LEVEL3k:
|
||||||
case DILITHIUM_LEVEL5k:
|
case DILITHIUM_LEVEL5k:
|
||||||
#endif
|
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||||
case ML_DSA_LEVEL2k:
|
case ML_DSA_LEVEL2k:
|
||||||
case ML_DSA_LEVEL3k:
|
case ML_DSA_LEVEL3k:
|
||||||
case ML_DSA_LEVEL5k:
|
case ML_DSA_LEVEL5k:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue