WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 

Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard.
Implementation include making a key, signing and verification.
Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.
pull/7622/head
Sean Parkinson 2024-06-06 22:07:26 +10:00
parent a141041d13
commit 3e3a00dafd
23 changed files with 14024 additions and 3014 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
configure.ac
View File

@ -1172,8 +1172,7 @@ AC_ARG_WITH([liboqs],
# KYBER
# Used:
# - SHA3, Shake128 and Shake256, or
# - SHA256, SHA512, AES-CTR
# - SHA3, Shake128 and Shake256
AC_ARG_ENABLE([kyber],
[AS_HELP_STRING([--enable-kyber],[Enable KYBER (requires --enable-experimental) (default: disabled)])],
[ ENABLED_KYBER=$enableval ],
@ -1238,6 +1237,100 @@ then
fi
fi
# Dilithium
# - SHA3, Shake128, Shake256 and AES-CTR
AC_ARG_ENABLE([dilithium],
[AS_HELP_STRING([--enable-dilithium],[Enable DILITHIUM (requires --enable-experimental) (default: disabled)])],
[ ENABLED_DILITHIUM=$enableval ],
[ ENABLED_DILITHIUM=no ]
)
ENABLED_DILITHIUM_OPTS=$ENABLED_DILITHIUM
ENABLED_DILITHIUM_MAKE_KEY=no
ENABLED_DILITHIUM_SIGN=no
ENABLED_DILITHIUM_VERIFY=no
for v in `echo $ENABLED_DILITHIUM_OPTS | tr "," " "`
do
case $v in
yes)
ENABLED_MLDSA44=yes
ENABLED_MLDSA65=yes
ENABLED_MLDSA87=yes
ENABLED_DILITHIUM_MAKE_KEY=yes
ENABLED_DILITHIUM_SIGN=yes
ENABLED_DILITHIUM_VERIFY=yes
;;
no)
;;
all)
ENABLED_DILITHIUM_MAKE_KEY=yes
ENABLED_DILITHIUM_SIGN=yes
ENABLED_DILITHIUM_VERIFY=yes
;;
make)
ENABLED_DILITHIUM_MAKE_KEY=yes
;;
sign)
ENABLED_DILITHIUM_SIGN=yes
;;
verify)
ENABLED_DILITHIUM_VERIFY=yes
;;
verify-only)
ENABLED_DILITHIUM_MAKE_KEY=no
ENABLED_DILITHIUM_SIGN=no
ENABLED_DILITHIUM_VERIFY=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_VERIFY_ONLY"
;;
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_SMALL"
;;
44)
ENABLED_MLDSA44=yes
;;
65)
ENABLED_MLDSA65=yes
;;
87)
ENABLED_MLDSA87=yes
;;
*)
AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.])
break;;
esac
done
if test "$ENABLED_DILITHIUM" != "no"
then
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([DILITHIUM requires --enable-experimental.]) ])
AM_CFLAGS="$AM_CFLAGS -DHAVE_DILITHIUM"
if test "$ENABLED_MLDSA44" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_44"
fi
if test "$ENABLED_MLDSA65" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_65"
fi
if test "$ENABLED_MLDSA87" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_87"
fi
if test "$ENABLED_DILITHIUM_MAKE_KEY" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_MAKE_KEY"
fi
if test "$ENABLED_DILITHIUM_SIGN" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_SIGN"
fi
if test "$ENABLED_DILITHIUM_VERIFY" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_VERIFY"
fi
if test "$ENABLED_LIBOQS" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_DILITHIUM"
test "$enable_sha3" = "" && enable_sha3=yes
test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes
fi
fi
# XMSS
AC_ARG_ENABLE([xmss],
@ -9519,6 +9612,7 @@ AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes"
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_KYBER],[test "x$ENABLED_WC_KYBER" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@ -10019,6 +10113,7 @@ echo " * XMSS_ROOT: $XMSS_ROOT"
fi
echo " * KYBER: $ENABLED_KYBER"
echo " * KYBER wolfSSL impl: $ENABLED_WC_KYBER"
echo " * DILITHIUM: $ENABLED_DILITHIUM"
echo " * ECCSI $ENABLED_ECCSI"
echo " * SAKKE $ENABLED_SAKKE"
echo " * ASN: $ENABLED_ASN"

4
src/include.am
View File

@ -980,6 +980,10 @@ endif
endif
endif
if BUILD_DILITHIUM
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
endif
if BUILD_WC_LMS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms_impl.c

84
src/internal.c
View File

@ -2228,7 +2228,6 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
ssl->options.haveECC = 1; /* server turns on with ECC key cert */
}
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ssl->options.haveFalconSig = 1; /* always on client side */
@ -2239,7 +2238,6 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
ssl->options.haveDilithiumSig = 1; /* always on client side */
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
if (ssl->options.side == WOLFSSL_CLIENT_END) {
@ -2326,14 +2324,12 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
ctx->minEccKeySz = MIN_ECCKEY_SZ;
ctx->eccTempKeySz = ECDHE_SIZE;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
ctx->minFalconKeySz = MIN_FALCONKEY_SZ;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
ctx->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
ctx->verifyDepth = MAX_CHAIN_DEPTH;
#ifdef OPENSSL_EXTRA
ctx->cbioFlag = WOLFSSL_CBIO_NONE;
@ -2397,7 +2393,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
wolfSSL_CTX_set_server_cert_type(ctx, NULL, 0); /* set to default */
#endif /* HAVE_RPK */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (method->side == WOLFSSL_CLIENT_END)
ctx->haveFalconSig = 1; /* always on client side */
@ -2408,7 +2403,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
ctx->haveDilithiumSig = 1; /* always on client side */
/* server can turn on by loading key */
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef HAVE_ECC
if (method->side == WOLFSSL_CLIENT_END) {
ctx->haveECDSAsig = 1; /* always on client side */
@ -3074,7 +3068,6 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
}
else
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (sigAlgo == falcon_level1_sa_algo) {
ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx,
@ -3104,7 +3097,6 @@ static WC_INLINE void AddSuiteHashSigAlgo(byte* hashSigAlgo, byte macAlgo,
}
else
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef WC_RSA_PSS
if (sigAlgo == rsa_pss_sa_algo) {
/* RSA PSS is sig then mac */
@ -3165,7 +3157,6 @@ void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2,
&idx);
}
#endif
#if defined(HAVE_PQC)
#ifdef HAVE_FALCON
if (haveSig & SIG_FALCON) {
AddSuiteHashSigAlgo(hashSigAlgo, no_mac, falcon_level1_sa_algo, keySz,
@ -3184,7 +3175,6 @@ void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2,
keySz, &idx);
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
if (haveSig & SIG_RSA) {
#ifdef WC_RSA_PSS
if (tls1_2) {
@ -4395,7 +4385,7 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
}
break;
#endif
#ifdef HAVE_PQC
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
case PQC_SA_MAJOR:
/* Hash performed as part of sign/verify operation.
* However, if we want a dual alg signature with a
@ -6772,14 +6762,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#ifdef HAVE_ECC
ssl->options.minEccKeySz = ctx->minEccKeySz;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
ssl->options.minFalconKeySz = ctx->minFalconKeySz;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
ssl->options.minDilithiumKeySz = ctx->minDilithiumKeySz;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
ssl->options.verifyDepth = ctx->verifyDepth;
#endif
@ -7758,7 +7746,6 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
wc_curve448_free((curve448_key*)*pKey);
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
wc_falcon_free((falcon_key*)*pKey);
@ -7769,7 +7756,6 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
wc_dilithium_free((dilithium_key*)*pKey);
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifndef NO_DH
case DYNAMIC_TYPE_DH:
wc_FreeDhKey((DhKey*)*pKey);
@ -7845,7 +7831,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
sz = sizeof(curve448_key);
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
sz = sizeof(falcon_key);
@ -7856,7 +7841,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
sz = sizeof(dilithium_key);
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifndef NO_DH
case DYNAMIC_TYPE_DH:
sz = sizeof(DhKey);
@ -7920,7 +7904,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
ret = 0;
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
wc_falcon_init_ex((falcon_key*)*pKey, ssl->heap, ssl->devId);
@ -7933,7 +7916,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
ret = 0;
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef HAVE_CURVE448
case DYNAMIC_TYPE_CURVE448:
wc_curve448_init((curve448_key*)*pKey);
@ -7959,8 +7941,7 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_CURVE25519) || defined(HAVE_ED448) || \
defined(HAVE_CURVE448) || (defined(HAVE_PQC) && defined(HAVE_FALCON)) || \
(defined(HAVE_PQC) && defined(HAVE_DILITHIUM))
defined(HAVE_CURVE448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
{
int ret = 0;
@ -8006,12 +7987,18 @@ static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
ret = wc_curve448_init((curve448_key*)pKey);
break;
#endif /* HAVE_CURVE448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
case DYNAMIC_TYPE_FALCON:
wc_falcon_free((falcon_key*)pKey);
ret = wc_falcon_init((falcon_key*)pKey);
break;
#endif /* HAVE_PQC && HAVE_FALCON */
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
case DYNAMIC_TYPE_DILITHIUM:
wc_dilithium_free((dilithium_key*)pKey);
ret = wc_dilithium_init((dilithium_key*)pKey);
break;
#endif /* HAVE_DILITHIUM */
#ifndef NO_DH
case DYNAMIC_TYPE_DH:
wc_FreeDhKey((DhKey*)pKey);
@ -8305,7 +8292,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
}
#endif
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
ssl->peerFalconKeyPresent = 0;
#endif
@ -8556,10 +8543,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
FreeKey(ssl, DYNAMIC_TYPE_ED448, (void**)&ssl->peerEd448Key);
ssl->peerEd448KeyPresent = 0;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
ssl->peerFalconKeyPresent = 0;
#endif /* HAVE_PQC */
#endif /* HAVE_FALCON */
}
#ifdef HAVE_ECC
@ -14274,7 +14261,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
if (ssl->options.minFalconKeySz < 0 ||
@ -14293,7 +14279,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
}
break;
#endif /* HAVE_FALCON */
#endif /* HAVE_PQC */
#if defined(HAVE_DILITHIUM)
case DILITHIUM_LEVEL2k:
if (ssl->options.minDilithiumKeySz < 0 ||
@ -15774,7 +15759,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break;
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
@ -15824,7 +15808,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
@ -15877,7 +15862,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
default:
break;
}
@ -26870,14 +26854,12 @@ static int ParseCipherList(Suites* suites,
defined(HAVE_ED448)
haveSig |= SIG_ECDSA;
#endif
#if defined(HAVE_PQC)
#ifdef HAVE_FALCON
haveSig |= SIG_FALCON;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
haveSig |= SIG_DILITHIUM;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
}
else
#ifdef BUILD_TLS_SM4_GCM_SM3
@ -27109,14 +27091,12 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list,
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
haveECDSAsig = 1;
#endif
#if defined(HAVE_PQC)
#ifdef HAVE_FALCON
haveFalconSig = 1;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
haveDilithiumSig = 1;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
}
else
#endif /* WOLFSSL_TLS13 */
@ -27357,7 +27337,6 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
return sigAlgo == ed448_sa_algo;
}
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (ssl->pkCurveOID == CTC_FALCON_LEVEL1) {
/* Certificate has Falcon level 1 key, only match with Falcon level 1
@ -27384,7 +27363,6 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
return sigAlgo == dilithium_level5_sa_algo;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#ifdef WC_RSA_PSS
/* RSA certificate and PSS sig alg. */
if (ssl->options.sigAlgo == rsa_sa_algo) {
@ -27494,7 +27472,6 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
break;
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (ssl->pkCurveOID == CTC_FALCON_LEVEL1 ||
ssl->pkCurveOID == CTC_FALCON_LEVEL5 ) {
@ -27516,7 +27493,6 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
break;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#if defined(WOLFSSL_ECDSA_MATCH_HASH) && defined(USE_ECDSA_KEYSZ_HASH_ALGO)
#error "WOLFSSL_ECDSA_MATCH_HASH and USE_ECDSA_KEYSZ_HASH_ALGO cannot "
@ -27926,7 +27902,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
#endif
}
else if (hsType == DYNAMIC_TYPE_DILITHIUM) {
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
dilithium_key* dilithiumKey;
dilithiumKey = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
@ -27951,7 +27927,7 @@ int CreateDevPrivateKey(void** pkey, byte* data, word32 length, int hsType,
#endif
}
else if (hsType == DYNAMIC_TYPE_FALCON) {
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
falcon_key* falconKey;
falconKey = (falcon_key*)XMALLOC(sizeof(falcon_key), heap,
@ -28088,7 +28064,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
}
else if ((ssl->buffers.keyType == falcon_level1_sa_algo) ||
(ssl->buffers.keyType == falcon_level5_sa_algo)) {
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if (ssl->buffers.keyLabel) {
ret = wc_falcon_init_label((falcon_key*)ssl->hsKey,
(char*)ssl->buffers.key->buffer,
@ -28124,7 +28100,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
else if ((ssl->buffers.keyType == dilithium_level2_sa_algo) ||
(ssl->buffers.keyType == dilithium_level3_sa_algo) ||
(ssl->buffers.keyType == dilithium_level5_sa_algo)) {
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
if (ssl->buffers.keyLabel) {
ret = wc_dilithium_init_label((dilithium_key*)ssl->hsKey,
(char*)ssl->buffers.key->buffer,
@ -28394,7 +28370,6 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
}
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#if !defined(NO_RSA) || defined(HAVE_ECC)
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
@ -28461,7 +28436,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
}
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
#if !defined(NO_RSA) || defined(HAVE_ECC)
FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
#endif
@ -28513,9 +28488,9 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is a Dilithium private key. */
ret = wc_dilithium_import_private_only(ssl->buffers.key->buffer,
ssl->buffers.key->length,
(dilithium_key*)ssl->hsKey);
ret = wc_dilithium_import_private(ssl->buffers.key->buffer,
ssl->buffers.key->length,
(dilithium_key*)ssl->hsKey);
if (ret == 0) {
WOLFSSL_MSG("Using Dilithium private key");
@ -28533,7 +28508,6 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
}
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
(void)idx;
(void)keySz;
@ -28640,7 +28614,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
}
else if ((ssl->buffers.altKeyType == falcon_level1_sa_algo) ||
(ssl->buffers.altKeyType == falcon_level5_sa_algo)) {
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if (ssl->buffers.altKeyLabel) {
ret = wc_falcon_init_label((falcon_key*)ssl->hsAltKey,
(char*)ssl->buffers.altKey->buffer,
@ -28676,7 +28650,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
else if ((ssl->buffers.altKeyType == dilithium_level2_sa_algo) ||
(ssl->buffers.altKeyType == dilithium_level3_sa_algo) ||
(ssl->buffers.altKeyType == dilithium_level5_sa_algo)) {
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
if (ssl->buffers.altKeyLabel) {
ret = wc_dilithium_init_label((dilithium_key*)ssl->hsAltKey,
(char*)ssl->buffers.altKey->buffer,
@ -28831,7 +28805,6 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
}
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#if !defined(NO_RSA) || defined(HAVE_ECC)
FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey);
@ -28942,9 +28915,9 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is a Dilithium private key. */
ret = wc_dilithium_import_private_only(ssl->buffers.altKey->buffer,
ssl->buffers.altKey->length,
(dilithium_key*)ssl->hsAltKey);
ret = wc_dilithium_import_private(ssl->buffers.altKey->buffer,
ssl->buffers.altKey->length,
(dilithium_key*)ssl->hsAltKey);
if (ret == 0) {
WOLFSSL_MSG("Using Dilithium private key");
@ -28962,7 +28935,6 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
}
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
(void)idx;
(void)keySz;

46
src/ssl.c
View File

@ -116,7 +116,6 @@
#include <wolfssl/wolfcrypt/curve25519.h>
#include <wolfssl/wolfcrypt/ed25519.h>
#include <wolfssl/wolfcrypt/curve448.h>
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#include <wolfssl/wolfcrypt/falcon.h>
#endif /* HAVE_FALCON */
@ -126,7 +125,6 @@
#if defined(HAVE_SPHINCS)
#include <wolfssl/wolfcrypt/sphincs.h>
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
#ifdef HAVE_OCSP
#include <wolfssl/openssl/ocsp.h>
@ -3269,11 +3267,11 @@ static int isValidCurveGroup(word16 name)
case WOLFSSL_FFDHE_6144:
case WOLFSSL_FFDHE_8192:
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
case WOLFSSL_KYBER_LEVEL1:
case WOLFSSL_KYBER_LEVEL3:
case WOLFSSL_KYBER_LEVEL5:
#ifdef HAVE_LIBOQS
#if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)
case WOLFSSL_P256_KYBER_LEVEL1:
case WOLFSSL_P384_KYBER_LEVEL3:
case WOLFSSL_P521_KYBER_LEVEL5:
@ -5370,7 +5368,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
if (cm->minFalconKeySz < 0 ||
@ -5410,7 +5407,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
default:
WOLFSSL_MSG("\tNo key size check done on CA");
@ -6124,14 +6120,14 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
type = DYNAMIC_TYPE_ECC;
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
if ((keyOID == DILITHIUM_LEVEL2k) ||
(keyOID == DILITHIUM_LEVEL3k) ||
(keyOID == DILITHIUM_LEVEL5k)) {
type = DYNAMIC_TYPE_DILITHIUM;
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if ((keyOID == FALCON_LEVEL1k) ||
(keyOID == FALCON_LEVEL5k)) {
type = DYNAMIC_TYPE_FALCON;
@ -6156,7 +6152,7 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, pubKey, pubSz);
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
if ((keyOID == DILITHIUM_LEVEL2k) ||
(keyOID == DILITHIUM_LEVEL3k) ||
(keyOID == DILITHIUM_LEVEL5k)) {
@ -6165,7 +6161,7 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
pubKey, pubSz);
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if ((keyOID == FALCON_LEVEL1k) ||
(keyOID == FALCON_LEVEL5k)) {
ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
@ -6195,14 +6191,14 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
wc_ecc_free((ecc_key*)pkey);
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
if ((keyOID == DILITHIUM_LEVEL2k) ||
(keyOID == DILITHIUM_LEVEL3k) ||
(keyOID == DILITHIUM_LEVEL5k)) {
wc_dilithium_free((dilithium_key*)pkey);
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if ((keyOID == FALCON_LEVEL1k) ||
(keyOID == FALCON_LEVEL5k)) {
wc_falcon_free((falcon_key*)pkey);
@ -6919,7 +6915,6 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
long memSz, int priv)
@ -7025,16 +7020,16 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
/* Test if Dilithium key. Try all levels. */
if (priv) {
isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) &&
(wc_dilithium_import_private_only(mem,
(wc_dilithium_import_private(mem,
(word32)memSz, dilithium) == 0));
if (!isDilithium) {
isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) &&
(wc_dilithium_import_private_only(mem,
(wc_dilithium_import_private(mem,
(word32)memSz, dilithium) == 0));
}
if (!isDilithium) {
isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) &&
(wc_dilithium_import_private_only(mem,
(wc_dilithium_import_private(mem,
(word32)memSz, dilithium) == 0));
}
}
@ -7082,7 +7077,6 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem,
return 1;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
const unsigned char** in, long inSz, int priv)
@ -7138,7 +7132,6 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (d2iTryFalconKey(&pkey, *in, inSz, priv) >= 0) {
;
@ -7151,7 +7144,6 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
}
else
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
{
WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type");
}
@ -14263,7 +14255,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
if (ssl == NULL)
return NULL;
#if defined(WOLFSSL_TLS13) && defined(HAVE_PQC)
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_KYBER)
/* Check for post-quantum groups. Return now because we do not want the ECC
* check to override this result in the case of a hybrid. */
if (IsAtLeastTLSv1_3(ssl->version)) {
@ -14288,20 +14280,26 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
#ifdef WOLFSSL_KYBER512
case WOLFSSL_KYBER_LEVEL1:
return "KYBER_LEVEL1";
case WOLFSSL_P256_KYBER_LEVEL1:
return "P256_KYBER_LEVEL1";
#endif
#ifdef WOLFSSL_KYBER768
case WOLFSSL_KYBER_LEVEL3:
return "KYBER_LEVEL3";
case WOLFSSL_P384_KYBER_LEVEL3:
return "P384_KYBER_LEVEL3";
#endif
#ifdef WOLFSSL_KYBER1024
case WOLFSSL_KYBER_LEVEL5:
return "KYBER_LEVEL5";
case WOLFSSL_P521_KYBER_LEVEL5:
return "P521_KYBER_LEVEL5";
#endif
#endif
}
}
#endif /* WOLFSSL_TLS13 && WOLFSSL_HAVE_KYBER */
#endif /* WOLFSSL_TLS13 && HAVE_PQC */
#ifdef HAVE_FFDHE
if (ssl->namedGroup != 0) {
cName = wolfssl_ffdhe_name(ssl->namedGroup);
@ -17197,7 +17195,6 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
#ifdef HAVE_ED25519
{ NID_ED25519, ED25519k, oidKeyType, "ED25519", "ED25519"},
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
{ CTC_FALCON_LEVEL1, FALCON_LEVEL1k, oidKeyType, "Falcon Level 1",
"Falcon Level 1"},
@ -17212,7 +17209,6 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
{ CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType,
"Dilithium Level 5", "Dilithium Level 5"},
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
/* oidCurveType */
#ifdef HAVE_ECC
@ -21475,11 +21471,11 @@ const WOLF_EC_NIST_NAME kNistCurves[] = {
#ifdef HAVE_CURVE448
{CURVE_NAME("X448"), NID_X448, WOLFSSL_ECC_X448},
#endif
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
{CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1},
{CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1},
{CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1},
#ifdef HAVE_LIBOQS
#if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)
{CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1},
{CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1},
{CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1},

2
src/ssl_certman.c
View File

@ -141,14 +141,12 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
#ifdef HAVE_ECC
cm->minEccKeySz = MIN_ECCKEY_SZ;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
cm->minFalconKeySz = MIN_FALCONKEY_SZ;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
cm->minDilithiumKeySz = MIN_DILITHIUMKEY_SZ;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
/* Set heap hint to use in certificate manager operations. */
cm->heap = heap;

28
src/ssl_load.c
View File

@ -852,7 +852,6 @@ static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
/* See if DER data is an Falcon private key.
*
@ -943,7 +942,7 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
#endif
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
/* See if DER data is an Dilithium private key.
*
* Checks size meets minimum Falcon key size.
@ -997,7 +996,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
if (ret == 0) {
/* Decode as a Dilithium private key. */
ret = wc_dilithium_import_private_only(der->buffer, der->length, key);
ret = wc_dilithium_import_private(der->buffer, der->length, key);
if (ret == 0) {
/* Get the minimum Dilithium key size from SSL or SSL context
* object. */
@ -1040,7 +1039,6 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
return ret;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
/* Try to decode DER data is a known private key.
*
@ -1143,7 +1141,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
keyType, keySz);
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
/* Try Falcon if key format is Falcon level 1k or 5k or yet unknown. */
if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) ||
@ -1152,7 +1149,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
keyType, keySz);
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
/* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown.
*/
if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == DILITHIUM_LEVEL2k) ||
@ -1162,7 +1159,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
keyType, keySz);
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
/* Check we know the format. */
if ((ret == 0) && (*keyFormat == 0)) {
@ -1467,8 +1463,7 @@ static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
#ifdef HAVE_FALCON
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
if (ssl != NULL) {
@ -1478,8 +1473,8 @@ static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
ctx->haveFalconSig = 1;
}
break;
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
@ -1490,8 +1485,7 @@ static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
ctx->haveDilithiumSig = 1;
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#endif /* HAVE_DILITHIUM */
default:
WOLFSSL_MSG("Cert key not supported");
break;
@ -1539,7 +1533,6 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
ctx->haveECDSAsig = 1;
}
break;
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
case CTC_FALCON_LEVEL1:
case CTC_FALCON_LEVEL5:
@ -1565,14 +1558,13 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif
#endif
default:
WOLFSSL_MSG("Cert signature not supported");
break;
}
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
(defined(HAVE_PQC) && defined(HAVE_LIBOQS)) || !defined(NO_RSA)
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || !defined(NO_RSA)
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
/* Set the private key curve OID. */
if (ssl != NULL) {
@ -1702,7 +1694,6 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
keyType = falcon_level1_sa_algo;
@ -1757,7 +1748,6 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
default:
WOLFSSL_MSG("No key size check done on public key in certificate");
@ -1893,7 +1883,6 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
keyType = falcon_level1_sa_algo;
@ -1948,7 +1937,6 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
break;
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
default:
/* In this case, there was an OID that we didn't recognize.

55
src/tls.c
View File

@ -48,7 +48,7 @@
#ifdef HAVE_CURVE448
#include <wolfssl/wolfcrypt/curve448.h>
#endif
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
#include <wolfssl/wolfcrypt/kyber.h>
#ifdef WOLFSSL_WC_KYBER
#include <wolfssl/wolfcrypt/wc_kyber.h>
@ -4032,7 +4032,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type,
#ifdef HAVE_SUPPORTED_CURVES
#if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \
&& !defined(HAVE_FFDHE) && !defined(HAVE_PQC)
&& !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_KYBER)
#error Elliptic Curves Extension requires Elliptic Curve Cryptography or liboqs groups. \
Use --enable-ecc and/or --enable-liboqs in the configure script or \
define HAVE_ECC. Alternatively use FFDHE for DH cipher suites.
@ -7671,7 +7671,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
return ret;
}
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
static int kyber_id2type(int id, int *type)
{
int ret = 0;
@ -7874,7 +7874,7 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse)
return ret;
}
#endif /* HAVE_PQC */
#endif /* WOLFSSL_HAVE_KYBER */
/* Generate a secret/key using the key share entry.
*
@ -7891,7 +7891,7 @@ int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
ret = TLSX_KeyShare_GenX25519Key(ssl, kse);
else if (kse->group == WOLFSSL_ECC_X448)
ret = TLSX_KeyShare_GenX448Key(ssl, kse);
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
else if (WOLFSSL_NAMED_GROUP_IS_PQC(kse->group))
ret = TLSX_KeyShare_GenPqcKey(ssl, kse);
#endif
@ -7929,7 +7929,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap)
wc_curve448_free((curve448_key*)current->key);
#endif
}
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group)) {
if (current->key != NULL) {
ForceZero((byte*)current->key, current->keyLen);
@ -8484,7 +8484,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
return ret;
}
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
/* Process the Kyber key share extension on the client side.
*
* ssl The SSL/TLS object.
@ -8653,7 +8653,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
wc_KyberKey_Free(kem);
return ret;
}
#endif /* HAVE_PQC */
#endif /* WOLFSSL_HAVE_KYBER */
/* Process the key share extension on the client side.
*
@ -8679,7 +8679,7 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry);
else if (keyShareEntry->group == WOLFSSL_ECC_X448)
ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry);
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
else if (WOLFSSL_NAMED_GROUP_IS_PQC(keyShareEntry->group))
ret = TLSX_KeyShare_ProcessPqc(ssl, keyShareEntry);
#endif
@ -8730,7 +8730,7 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
if (keLen > length - offset)
return BUFFER_ERROR;
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
if (WOLFSSL_NAMED_GROUP_IS_PQC(group) &&
ssl->options.side == WOLFSSL_SERVER_END) {
/* For KEMs, the public key is not stored. Casting away const because
@ -8909,7 +8909,7 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
/* Not in list sent if there isn't a private key. */
if (keyShareEntry == NULL || (keyShareEntry->key == NULL
#if !defined(NO_DH) || defined(HAVE_PQC)
#if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER)
&& keyShareEntry->privKey == NULL
#endif
)) {
@ -9001,7 +9001,7 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap,
return 0;
}
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
KeyShareEntry* keyShareEntry, byte* data, word16 len)
{
@ -9162,7 +9162,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
wc_KyberKey_Free(kem);
return ret;
}
#endif /* HAVE_PQC */
#endif /* WOLFSSL_HAVE_KYBER */
/* Use the data to create a new key share object in the extensions.
*
@ -9211,7 +9211,7 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data,
}
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
if (WOLFSSL_NAMED_GROUP_IS_PQC(group) &&
ssl->options.side == WOLFSSL_SERVER_END) {
ret = server_generate_pqc_ciphertext((WOLFSSL*)ssl, keyShareEntry, data,
@ -9378,16 +9378,19 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
break;
#endif
#endif
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
#ifdef WOLFSSL_WC_KYBER
#ifdef WOLFSSL_KYBER512
case WOLFSSL_KYBER_LEVEL1:
case WOLFSSL_P256_KYBER_LEVEL1:
#endif
#ifdef WOLFSSL_KYBER768
case WOLFSSL_KYBER_LEVEL3:
case WOLFSSL_P384_KYBER_LEVEL3:
#endif
#ifdef WOLFSSL_KYBER1024
case WOLFSSL_KYBER_LEVEL5:
case WOLFSSL_P521_KYBER_LEVEL5:
#endif
break;
#elif defined(HAVE_LIBOQS)
@ -9415,7 +9418,7 @@ static int TLSX_KeyShare_IsSupported(int namedGroup)
case WOLFSSL_KYBER_LEVEL1:
break;
#endif
#endif /* HAVE_PQC */
#endif
default:
return 0;
}
@ -9464,12 +9467,15 @@ static const word16 preferredGroup[] = {
#ifdef WOLFSSL_WC_KYBER
#ifdef WOLFSSL_KYBER512
WOLFSSL_KYBER_LEVEL1,
WOLFSSL_P256_KYBER_LEVEL1,
#endif
#ifdef WOLFSSL_KYBER768
WOLFSSL_KYBER_LEVEL3,
WOLFSSL_P384_KYBER_LEVEL3,
#endif
#ifdef WOLFSSL_KYBER1024
WOLFSSL_KYBER_LEVEL5,
WOLFSSL_P521_KYBER_LEVEL5,
#endif
#elif defined(HAVE_LIBOQS)
/* These require a runtime call to TLSX_KeyShare_IsSupported to use */
@ -9787,7 +9793,7 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions,
if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(clientKSE->group)) {
/* Check max value supported. */
if (clientKSE->group > WOLFSSL_ECC_MAX) {
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
if (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group))
#endif
continue;
@ -9852,7 +9858,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE)
return ret;
if (clientKSE->key == NULL) {
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) {
/* Going to need the public key (AKA ciphertext). */
serverKSE->pubKey = clientKSE->pubKey;
@ -13076,22 +13082,31 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
#endif
#endif
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
#ifdef WOLFSSL_WC_KYBER
#ifdef WOLFSSL_KYBER512
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1,
ssl->heap);
#endif
#ifdef WOLFSSL_KYBER768
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL3,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3,
ssl->heap);
#endif
#ifdef WOLFSSL_KYBER768
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5,
ssl->heap);
if (ret == WOLFSSL_SUCCESS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5,
ssl->heap);
#endif
#elif defined(HAVE_LIBOQS)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap);
@ -13113,7 +13128,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
#elif defined(HAVE_PQM4)
ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap);
#endif /* HAVE_LIBOQS */
#endif /* HAVE_PQC */
#endif /* WOLFSSL_HAVE_KYBER */
(void)ssl;
(void)extensions;

97
src/tls13.c
View File

@ -189,7 +189,7 @@ static const byte
#ifndef NO_CERTS
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_PQC)
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
static WC_INLINE int GetMsgHash(WOLFSSL* ssl, byte* hash);
@ -7751,7 +7751,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
#ifndef NO_CERTS
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_PQC)
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
/* Encode the signature algorithm into buffer.
*
* hashalgo The hash algorithm.
@ -7796,8 +7796,7 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
output[1] = hashAlgo;
break;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
#ifdef HAVE_FALCON
case falcon_level1_sa_algo:
output[0] = FALCON_LEVEL1_SA_MAJOR;
output[1] = FALCON_LEVEL1_SA_MINOR;
@ -7806,8 +7805,8 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
output[0] = FALCON_LEVEL5_SA_MAJOR;
output[1] = FALCON_LEVEL5_SA_MINOR;
break;
#endif
#ifdef HAVE_DILITHIUM
#endif
#ifdef HAVE_DILITHIUM
case dilithium_level2_sa_algo:
output[0] = DILITHIUM_LEVEL2_SA_MAJOR;
output[1] = DILITHIUM_LEVEL2_SA_MINOR;
@ -7820,7 +7819,6 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
output[0] = DILITHIUM_LEVEL5_SA_MAJOR;
output[1] = DILITHIUM_LEVEL5_SA_MINOR;
break;
#endif
#endif
default:
break;
@ -7964,7 +7962,7 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
else
ret = INVALID_PARAMETER;
break;
#ifdef HAVE_PQC
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
case PQC_SA_MAJOR:
#if defined(HAVE_FALCON)
if (input[1] == FALCON_LEVEL1_SA_MINOR) {
@ -8747,7 +8745,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
}
#if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_PQC)) && \
defined(HAVE_ED448) || defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM)) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
typedef struct Scv13Args {
byte* output; /* not allocated */
@ -8987,8 +8986,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
else if (ssl->hsType == DYNAMIC_TYPE_ED448)
args->sigAlgo = ed448_sa_algo;
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
else if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
falcon_key* fkey = (falcon_key*)ssl->hsKey;
byte level = 0;
@ -9005,8 +9003,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
ERROR_OUT(ALGO_ID_E, exit_scv);
}
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
dilithium_key* fkey = (dilithium_key*)ssl->hsKey;
byte level = 0;
@ -9026,8 +9024,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
ERROR_OUT(ALGO_ID_E, exit_scv);
}
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#endif /* HAVE_DILITHIUM */
else {
ERROR_OUT(ALGO_ID_E, exit_scv);
}
@ -9183,18 +9180,16 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
}
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
args->sigLen = FALCON_MAX_SIG_SIZE;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
args->sigLen = DILITHIUM_MAX_SIG_SIZE;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#endif /* HAVE_DILITHIUM */
#ifdef WOLFSSL_DUAL_ALG_CERTS
if (ssl->sigSpec != NULL &&
@ -9300,24 +9295,22 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
args->length = (word16)args->sigLen;
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz,
sigOut, &args->sigLen,
(falcon_key*)ssl->hsKey, ssl->rng);
args->length = (word16)args->sigLen;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz,
sigOut, &args->sigLen,
(dilithium_key*)ssl->hsKey, ssl->rng);
args->length = (word16)args->sigLen;
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#endif /* HAVE_DILITHIUM */
#ifndef NO_RSA
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
ret = RsaSign(ssl, rsaSigBuf->buffer, (word32)rsaSigBuf->length,
@ -9375,8 +9368,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
}
}
#endif /* !NO_RSA */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if (ssl->hsAltType == DYNAMIC_TYPE_FALCON) {
ret = wc_falcon_sign_msg(args->altSigData,
args->altSigDataSz, sigOut,
@ -9384,8 +9376,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
(falcon_key*)ssl->hsAltKey,
ssl->rng);
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
ret = wc_dilithium_sign_msg(args->altSigData,
args->altSigDataSz, sigOut,
@ -9393,8 +9385,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
(dilithium_key*)ssl->hsAltKey,
ssl->rng);
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_PQC */
#endif /* HAVE_DILITHIUM */
/* Check for error */
if (ret != 0) {
@ -10051,7 +10042,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
ssl->peerEccDsaKeyPresent;
}
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
if (ssl->options.peerSigAlgo == falcon_level1_sa_algo) {
WOLFSSL_MSG("Peer sent Falcon Level 1 sig");
validSigAlgo = (ssl->peerFalconKey != NULL) &&
@ -10062,6 +10053,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
validSigAlgo = (ssl->peerFalconKey != NULL) &&
ssl->peerFalconKeyPresent;
}
#endif
#ifdef HAVE_DILITHIUM
if (ssl->options.peerSigAlgo == dilithium_level2_sa_algo) {
WOLFSSL_MSG("Peer sent Dilithium Level 2 sig");
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
@ -10326,7 +10319,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
}
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if (((ssl->options.peerSigAlgo == falcon_level1_sa_algo) ||
(ssl->options.peerSigAlgo == falcon_level5_sa_algo)) &&
(ssl->peerFalconKeyPresent)) {
@ -10346,8 +10339,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
ssl->peerFalconKeyPresent = 0;
}
}
#endif /* HAVE_PQC && HAVE_FALCON */
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
if (((ssl->options.peerSigAlgo == dilithium_level2_sa_algo) ||
(ssl->options.peerSigAlgo == dilithium_level3_sa_algo) ||
(ssl->options.peerSigAlgo == dilithium_level5_sa_algo)) &&
@ -10368,7 +10361,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
ssl->peerDilithiumKeyPresent = 0;
}
}
#endif /* HAVE_PQC && HAVE_DILITHIUM */
#endif /* HAVE_DILITHIUM */
/* Check for error */
if (ret != 0) {
@ -10428,7 +10421,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
}
}
#endif /* HAVE_ECC */
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if (((args->altSigAlgo == falcon_level1_sa_algo) ||
(args->altSigAlgo == falcon_level5_sa_algo)) &&
(ssl->peerFalconKeyPresent)) {
@ -10448,8 +10441,8 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
ssl->peerFalconKeyPresent = 0;
}
}
#endif /* HAVE_PQC && HAVE_FALCON */
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
if (((args->altSigAlgo == dilithium_level2_sa_algo) ||
(args->altSigAlgo == dilithium_level3_sa_algo) ||
(args->altSigAlgo == dilithium_level5_sa_algo)) &&
@ -10470,7 +10463,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
ssl->peerDilithiumKeyPresent = 0;
}
}
#endif /* HAVE_PQC && HAVE_DILITHIUM */
#endif /* HAVE_DILITHIUM */
/* Check for error */
if (ret != 0) {
@ -12513,7 +12506,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448) || defined(HAVE_PQC)
defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
case certificate_verify:
WOLFSSL_MSG("processing certificate verify");
ret = DoTls13CertificateVerify(ssl, input, inOutIdx, size);
@ -13150,8 +13143,8 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
case FIRST_REPLY_THIRD:
#if (!defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
defined(HAVE_ED25519) || defined(HAVE_ED448) || \
defined(HAVE_PQC))) && (!defined(NO_WOLFSSL_SERVER) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH))
if (!ssl->options.resuming && ssl->options.sendVerify) {
ssl->error = SendTls13CertificateVerify(ssl);
if (ssl->error != 0) {
@ -13369,7 +13362,7 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
}
#endif
#ifdef HAVE_PQC
#if defined(WOLFSSL_HAVE_KYBER)
if (WOLFSSL_NAMED_GROUP_IS_PQC(group)) {
if (ssl->ctx != NULL && ssl->ctx->method != NULL &&
@ -13378,10 +13371,11 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
}
if (ssl->options.side == WOLFSSL_SERVER_END) {
/* If I am the server of a KEM connection, do not do keygen because I'm
* going to encapsulate with the client's public key. Note that I might
* be the client and ssl->option.side has not been properly set yet. In
* that case the KeyGen operation will be deferred to connection time. */
/* If I am the server of a KEM connection, do not do keygen because
* I'm going to encapsulate with the client's public key. Note that
* I might be the client and ssl->option.side has not been properly
* set yet. In that case the KeyGen operation will be deferred to
* connection time. */
return WOLFSSL_SUCCESS;
}
}
@ -14292,7 +14286,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
case TLS13_CERT_SENT :
#if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_PQC))
defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM))
if (!ssl->options.resuming && ssl->options.sendVerify) {
if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);

18
src/x509.c
View File

@ -10191,13 +10191,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
#ifndef NO_DSA
DsaKey* dsa = NULL;
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
falcon_key* falcon = NULL;
#endif
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
dilithium_key* dilithium = NULL;
#endif
#if defined(HAVE_PQC) && defined(HAVE_SPHINCS)
#if defined(HAVE_SPHINCS)
sphincs_key* sphincs = NULL;
#endif
WC_RNG rng;
@ -10326,7 +10326,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
key = (void*)dsa;
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if ((x509->pubKeyOID == FALCON_LEVEL1k) ||
(x509->pubKeyOID == FALCON_LEVEL5k)) {
falcon = (falcon_key*)XMALLOC(sizeof(falcon_key), NULL,
@ -10365,7 +10365,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
key = (void*)falcon;
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) ||
(x509->pubKeyOID == DILITHIUM_LEVEL3k) ||
(x509->pubKeyOID == DILITHIUM_LEVEL5k)) {
@ -10409,7 +10409,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(
key = (void*)dilithium;
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_SPHINCS)
#if defined(HAVE_SPHINCS)
if ((x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) ||
(x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) ||
(x509->pubKeyOID == SPHINCS_FAST_LEVEL5k) ||
@ -10568,14 +10568,14 @@ cleanup:
XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
if ((x509->pubKeyOID == FALCON_LEVEL1k) ||
(x509->pubKeyOID == FALCON_LEVEL5k)) {
wc_falcon_free(falcon);
XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) ||
(x509->pubKeyOID == DILITHIUM_LEVEL3k) ||
(x509->pubKeyOID == DILITHIUM_LEVEL5k)) {
@ -10583,7 +10583,7 @@ cleanup:
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
}
#endif
#if defined(HAVE_PQC) && defined(HAVE_SPHINCS)
#if defined(HAVE_SPHINCS)
if ((x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) ||
(x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) ||
(x509->pubKeyOID == SPHINCS_FAST_LEVEL5k) ||

1471
tests/api.c
View File

File diff suppressed because it is too large Load Diff

1325
wolfcrypt/benchmark/benchmark.c
View File

File diff suppressed because it is too large Load Diff

233
wolfcrypt/src/asn.c
View File

@ -166,16 +166,14 @@ ASN Options:
#include <wolfssl/wolfcrypt/curve448.h>
#endif
#ifdef HAVE_PQC
#if defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
#include <wolfssl/wolfcrypt/falcon.h>
#endif
#if defined(HAVE_DILITHIUM)
#endif
#if defined(HAVE_DILITHIUM)
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#if defined(HAVE_SPHINCS)
#endif
#if defined(HAVE_SPHINCS)
#include <wolfssl/wolfcrypt/sphincs.h>
#endif
#endif
#ifdef WOLFSSL_QNX_CAAM
@ -4200,7 +4198,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
#ifdef HAVE_ED448
static const byte sigEd448Oid[] = {43, 101, 113};
#endif /* HAVE_ED448 */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
/* Falcon Level 1: 1 3 9999 3 6 */
static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 6};
@ -4246,7 +4243,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
static const byte sigSphincsSmall_Level5Oid[] =
{43, 206, 15, 6, 9, 7};
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
/* keyType */
#ifndef NO_DSA
@ -4276,7 +4272,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
#ifndef NO_DH
static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1};
#endif /* !NO_DH */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
/* Falcon Level 1: 1 3 9999 3 6 */
static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 6};
@ -4322,7 +4317,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
static const byte keySphincsSmall_Level5Oid[] =
{43, 206, 15, 6, 9, 7};
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
/* curveType */
#ifdef HAVE_ECC
@ -4830,7 +4824,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
*oidSz = sizeof(sigEd448Oid);
break;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
case CTC_FALCON_LEVEL1:
oid = sigFalcon_Level1Oid;
@ -4881,7 +4874,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
*oidSz = sizeof(sigSphincsSmall_Level5Oid);
break;
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
default:
break;
}
@ -4943,7 +4935,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
*oidSz = sizeof(keyDhOid);
break;
#endif /* !NO_DH */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
case FALCON_LEVEL1k:
oid = keyFalcon_Level1Oid;
@ -4994,7 +4985,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
*oidSz = sizeof(keySphincsSmall_Level5Oid);
break;
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
default:
break;
}
@ -5875,7 +5865,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
const byte* checkOid = NULL;
word32 checkOidSz;
#endif /* NO_VERIFY_OID */
#ifdef HAVE_PQC
#if defined(HAVE_SPHINCS)
word32 found_collision = 0;
#endif
(void)oidType;
@ -5887,7 +5877,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
actualOidSz = (word32)length;
#endif /* NO_VERIFY_OID */
#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_SPHINCS)
#if defined(HAVE_SPHINCS)
/* Since we are summing it up, there could be collisions...and indeed there
* are: SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3.
*
@ -5901,7 +5891,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
sizeof(sigSphincsFast_Level3Oid)) == 0) {
found_collision = SPHINCS_FAST_LEVEL3k;
}
#endif /* HAVE_PQC */
#endif /* HAVE_SPHINCS */
/* Sum it up for now. */
while (length--) {
@ -5910,11 +5900,11 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
idx++;
}
#ifdef HAVE_PQC
#ifdef HAVE_SPHINCS
if (found_collision) {
*oid = found_collision;
}
#endif /* HAVE_PQC */
#endif /* HAVE_SPHINCS */
/* Return the index after the OID data. */
*inOutIdx = idx;
@ -7565,7 +7555,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
}
else
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if ((ks == FALCON_LEVEL1k) || (ks == FALCON_LEVEL5k)) {
#ifdef WOLFSSL_SMALL_STACK
@ -7627,7 +7616,8 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
}
else
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
if ((ks == DILITHIUM_LEVEL2k) ||
(ks == DILITHIUM_LEVEL3k) ||
(ks == DILITHIUM_LEVEL5k)) {
@ -7685,7 +7675,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
#endif
}
else
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_VERIFY_ONLY */
#if defined(HAVE_SPHINCS)
if ((ks == SPHINCS_FAST_LEVEL1k) ||
(ks == SPHINCS_FAST_LEVEL3k) ||
@ -7757,7 +7747,6 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
}
else
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
{
ret = 0;
}
@ -8102,7 +8091,6 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
XFREE(ed448, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT && !NO_ASN_CRYPT */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (*algoID == 0) {
falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(*falcon), heap,
@ -8138,7 +8126,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
XFREE(falcon, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
if (*algoID == 0) {
dilithium_key *dilithium = (dilithium_key *)XMALLOC(sizeof(*dilithium),
heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -8184,7 +8173,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
}
XFREE(dilithium, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* HAVE_DILITHIUM */
#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_VERIFY_ONLY */
#if defined(HAVE_SPHINCS)
if (*algoID == 0) {
sphincs_key *sphincs = (sphincs_key *)XMALLOC(sizeof(*sphincs),
@ -8262,7 +8251,6 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
XFREE(sphincs, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
/* if flag is not set then this is not a key that we understand. */
if (*algoID == 0) {
@ -11554,8 +11542,8 @@ static int GetCertHeader(DecodedCert* cert)
}
#endif
#if defined(HAVE_ED25519) || defined(HAVE_ED448) || (defined(HAVE_PQC) && \
defined(HAVE_LIBOQS))
#if defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
/* Store the key data under the BIT_STRING in dynamically allocated data.
*
* @param [in, out] cert Certificate object.
@ -12628,7 +12616,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
ret = StoreKey(cert, source, &srcIdx, maxIdx);
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
#ifdef HAVE_FALCON
case FALCON_LEVEL1k:
cert->pkCurveOID = FALCON_LEVEL1k;
@ -12679,7 +12666,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
ret = StoreKey(cert, source, &srcIdx, maxIdx);
break;
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
#ifndef NO_DSA
case DSAk:
cert->publicKey = source + pubIdx;
@ -15983,7 +15969,6 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
#ifdef HAVE_CURVE448
|| (algoOID == X448k)
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FACON
|| (algoOID == FALCON_LEVEL1k)
|| (algoOID == FALCON_LEVEL5k)
@ -16001,7 +15986,6 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID)
|| (algoOID == SPHINCS_SMALL_LEVEL3k)
|| (algoOID == SPHINCS_SMALL_LEVEL5k)
#endif
#endif /* HAVE_PQC */
);
}
@ -16319,7 +16303,6 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
sigCtx->key.ed448 = NULL;
break;
#endif /* HAVE_ED448 */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
@ -16352,7 +16335,6 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
sigCtx->key.sphincs = NULL;
break;
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
default:
break;
} /* switch (keyOID) */
@ -16498,7 +16480,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
*/
break;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
case CTC_FALCON_LEVEL1:
case CTC_FALCON_LEVEL5:
@ -16522,7 +16503,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
/* Hashes done in signing operation. */
break;
#endif
#endif /* HAVE_PQC */
default:
ret = HASH_TYPE_E;
@ -16902,7 +16882,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
{
@ -16959,7 +16938,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
case DILITHIUM_LEVEL2k:
{
word32 idx = 0;
@ -17200,7 +17181,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
default:
WOLFSSL_MSG("Verify Key type unknown");
ret = ASN_UNKNOWN_OID_E;
@ -17356,7 +17336,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1k:
case FALCON_LEVEL5k:
@ -17367,7 +17346,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
case DILITHIUM_LEVEL2k:
case DILITHIUM_LEVEL3k:
case DILITHIUM_LEVEL5k:
@ -17392,7 +17371,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
default:
break;
} /* switch (keyOID) */
@ -17545,7 +17523,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* HAVE_ED448 */
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
case FALCON_LEVEL1k:
{
@ -17675,7 +17652,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
default:
break;
} /* switch (keyOID) */
@ -24430,7 +24406,6 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----";
wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----";
@ -24460,7 +24435,6 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----";
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----"
"-----END X509 CRL-----");
@ -24568,7 +24542,6 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
ret = 0;
break;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
case FALCON_LEVEL1_TYPE:
if (header) *header = BEGIN_FALCON_LEVEL1_PRIV;
@ -24630,7 +24603,6 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
ret = 0;
break;
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
case PUBLICKEY_TYPE:
case ECC_PUBLICKEY_TYPE:
if (header) *header = BEGIN_PUB_KEY;
@ -28485,7 +28457,7 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
}
break;
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
case FALCON_LEVEL1_KEY:
case FALCON_LEVEL5_KEY:
ret = wc_Falcon_PublicKeyToDer(falconKey, output,
@ -28494,8 +28466,8 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
ret = PUBLIC_KEY_E;
}
break;
#endif /* HAVE_PQC && HAVE_FALCON */
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
case DILITHIUM_LEVEL2_KEY:
case DILITHIUM_LEVEL3_KEY:
case DILITHIUM_LEVEL5_KEY:
@ -28505,8 +28477,8 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
ret = PUBLIC_KEY_E;
}
break;
#endif /* HAVE_PQC && HAVE_DILITHIUM */
#if defined(HAVE_PQC) && defined(HAVE_SPHINCS)
#endif /* HAVE_DILITHIUM */
#if defined(HAVE_SPHINCS)
case SPHINCS_FAST_LEVEL1_KEY:
case SPHINCS_FAST_LEVEL3_KEY:
case SPHINCS_FAST_LEVEL5_KEY:
@ -28519,7 +28491,7 @@ static int EncodePublicKey(int keyType, byte* output, int outLen,
ret = PUBLIC_KEY_E;
}
break;
#endif /* HAVE_PQC && HAVE_SPHINCS */
#endif /* HAVE_SPHINCS */
default:
ret = PUBLIC_KEY_E;
break;
@ -29308,7 +29280,6 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if ((cert->keyType == FALCON_LEVEL1_KEY) ||
(cert->keyType == FALCON_LEVEL5_KEY)) {
@ -29320,7 +29291,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
(word32)sizeof(der->publicKey), 1);
}
#endif /* HAVE_FALCON */
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
(cert->keyType == DILITHIUM_LEVEL3_KEY) ||
(cert->keyType == DILITHIUM_LEVEL5_KEY)) {
@ -29347,7 +29318,6 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
(word32)sizeof(der->publicKey), 1);
}
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
if (der->publicKeySz <= 0)
return PUBLIC_KEY_E;
@ -29853,7 +29823,6 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
}
#endif /* HAVE_ED448 && HAVE_ED448_SIGN */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) {
word32 outSz = sigSz;
@ -29880,7 +29849,6 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
ret = outSz;
}
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
break;
}
@ -30097,7 +30065,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = ED25519_KEY;
else if (ed448Key)
cert->keyType = ED448_KEY;
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
else if ((falconKey != NULL) && (falconKey->level == 1))
cert->keyType = FALCON_LEVEL1_KEY;
@ -30132,7 +30099,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
&& (sphincsKey->optim == SMALL_VARIANT))
cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
else
return BAD_FUNC_ARG;
@ -30192,7 +30158,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
else if (ed448Key) {
cert->keyType = ED448_KEY;
}
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
else if ((falconKey != NULL) && (falconKey->level == 1)) {
cert->keyType = FALCON_LEVEL1_KEY;
@ -30238,7 +30203,6 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
}
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
else {
ret = BAD_FUNC_ARG;
}
@ -30813,7 +30777,6 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
(word32)sizeof(der->publicKey), 1);
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if ((cert->keyType == FALCON_LEVEL1_KEY) ||
(cert->keyType == FALCON_LEVEL5_KEY)) {
@ -30823,7 +30786,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
der->publicKey, (word32)sizeof(der->publicKey), 1);
}
#endif
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
(cert->keyType == DILITHIUM_LEVEL3_KEY) ||
(cert->keyType == DILITHIUM_LEVEL5_KEY)) {
@ -30846,7 +30809,6 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
der->publicKey, (word32)sizeof(der->publicKey), 1);
}
#endif
#endif /* HAVE_PQC */
if (der->publicKeySz <= 0)
return PUBLIC_KEY_E;
@ -31172,7 +31134,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = ED25519_KEY;
else if (ed448Key)
cert->keyType = ED448_KEY;
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
else if ((falconKey != NULL) && (falconKey->level == 1))
cert->keyType = FALCON_LEVEL1_KEY;
@ -31207,7 +31168,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
&& (sphincsKey->optim == SMALL_VARIANT))
cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
else
return BAD_FUNC_ARG;
@ -31268,7 +31228,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
else if (ed448Key != NULL) {
cert->keyType = ED448_KEY;
}
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
else if ((falconKey != NULL) && (falconKey->level == 1)) {
cert->keyType = FALCON_LEVEL1_KEY;
@ -31314,7 +31273,6 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
}
#endif /* HAVE_SPHINCS */
#endif /* HAVE_PQC */
else {
ret = BAD_FUNC_ARG;
}
@ -31853,14 +31811,13 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
bufferSz = wc_Ed448PublicKeyToDer(ed448Key, buf, MAX_PUBLIC_KEY_SZ, 0);
}
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
if (falconKey != NULL) {
bufferSz = wc_Falcon_PublicKeyToDer(falconKey, buf, MAX_PUBLIC_KEY_SZ,
0);
}
#endif
#if defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1)
if (dilithiumKey != NULL) {
bufferSz = wc_Dilithium_PublicKeyToDer(dilithiumKey, buf,
MAX_PUBLIC_KEY_SZ, 0);
@ -31872,7 +31829,6 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
MAX_PUBLIC_KEY_SZ, 0);
}
#endif
#endif /* HAVE_PQC */
if (bufferSz <= 0) {
XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -34785,13 +34741,11 @@ enum {
|| (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
|| (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
|| (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
|| (defined(HAVE_PQC) && defined(HAVE_FALCON)) \
|| (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) \
|| (defined(HAVE_PQC) && defined(HAVE_SPHINCS)))
|| defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))
int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
byte* privKey, word32* privKeyLen,
byte* pubKey, word32* pubKeyLen, int keyType)
int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
const byte** privKey, word32* privKeyLen,
const byte** pubKey, word32* pubKeyLen, int keyType)
{
#ifndef WOLFSSL_ASN_TEMPLATE
word32 oid;
@ -34846,12 +34800,9 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
endKeyIdx = (int)*inOutIdx;
}
if ((word32)privSz > *privKeyLen)
return BUFFER_E;
if (endKeyIdx == (int)*inOutIdx) {
*privKeyLen = (word32)privSz;
XMEMCPY(privKey, priv, *privKeyLen);
*privKey = priv;
if (pubKeyLen != NULL)
*pubKeyLen = 0;
}
@ -34865,17 +34816,14 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
return ASN_PARSE_E;
}
if ((word32)pubSz > *pubKeyLen)
return BUFFER_E;
pub = input + *inOutIdx;
*inOutIdx += (word32)pubSz;
*privKeyLen = (word32)privSz;
XMEMCPY(privKey, priv, *privKeyLen);
*privKey = priv;
*pubKeyLen = (word32)pubSz;
if (pubKey != NULL)
XMEMCPY(pubKey, pub, *pubKeyLen);
*pubKey = pub;
}
if (endKeyIdx != (int)*inOutIdx)
return ASN_PARSE_E;
@ -34899,33 +34847,22 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
}
}
}
/* Check the private value length is correct. */
if ((ret == 0) && dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length
> *privKeyLen) {
ret = ASN_PARSE_E;
if (ret == 0) {
/* Import private value. */
*privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
*privKey = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data;
}
if ((ret == 0) && dataASN[EDKEYASN_IDX_PUBKEY].tag == 0) {
*privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
XMEMCPY(privKey, dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data,
*privKeyLen);
/* Set public length to 0 as not seen. */
if (pubKeyLen != NULL)
*pubKeyLen = 0;
}
else if ((ret == 0) &&
(pubKeyLen != NULL) &&
(dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length > *pubKeyLen)) {
ret = ASN_PARSE_E;
}
else if (ret == 0) {
/* Import private and public value. */
*privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
XMEMCPY(privKey, dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data,
*privKeyLen);
/* Import public value. */
if (pubKeyLen != NULL)
*pubKeyLen = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length;
if (pubKey != NULL && pubKeyLen != NULL)
XMEMCPY(pubKey, dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data,
*pubKeyLen);
*pubKey = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data;
}
FREE_ASNGETDATA(dataASN, NULL);
@ -34933,8 +34870,46 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
#endif /* WOLFSSL_ASN_TEMPLATE */
}
int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
byte* privKey, word32* privKeyLen,
byte* pubKey, word32* pubKeyLen, int keyType)
{
int ret = 0;
const byte* privKeyPtr = NULL;
const byte* pubKeyPtr = NULL;
word32 privKeyPtrLen = 0;
word32 pubKeyPtrLen = 0;
if (privKey == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr,
&privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, keyType);
}
if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) {
ret = BUFFER_E;
}
if ((ret == 0) && (pubKeyLen != NULL) && (pubKeyPtrLen > *pubKeyLen)) {
ret = BUFFER_E;
}
if ((ret == 0) && (privKeyPtr != NULL)) {
XMEMCPY(privKey, privKeyPtr, privKeyPtrLen);
*privKeyLen = privKeyPtrLen;
}
if ((ret == 0) && (pubKey != NULL) && (pubKeyPtr != NULL)) {
XMEMCPY(pubKey, pubKeyPtr, pubKeyPtrLen);
}
if ((ret == 0) && (pubKeyLen != NULL)) {
*pubKeyLen = pubKeyPtrLen;
}
return ret;
}
int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
const byte** pubKey, word32* pubKeyLen, int keyType)
{
int ret = 0;
#ifndef WOLFSSL_ASN_TEMPLATE
@ -34967,17 +34942,13 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
if (ret != 0)
return ret;
/* check that the value found is not too large for pubKey buffer */
if ((word32)length > *pubKeyLen)
return ASN_PARSE_E;
/* check that input buffer is exhausted */
if (*inOutIdx + (word32)length != inSz)
return ASN_PARSE_E;
/* This is the raw point data compressed or uncompressed. */
*pubKeyLen = (word32)length;
XMEMCPY(pubKey, input + *inOutIdx, *pubKeyLen);
*pubKey = input + *inOutIdx;
#else
len = inSz - *inOutIdx;
@ -34998,11 +34969,6 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
if (*inOutIdx != inSz)
ret = ASN_PARSE_E;
}
/* Check the public value length is correct. */
if ((ret == 0) &&
(dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length > *pubKeyLen)) {
ret = ASN_PARSE_E;
}
/* Check that the all the buffer was used. */
if ((ret == 0) &&
(GetASNItem_Length(dataASN[EDPUBKEYASN_IDX_SEQ], input) != len)) {
@ -35010,14 +34976,39 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
}
if (ret == 0) {
*pubKeyLen = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length;
XMEMCPY(pubKey, dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data,
*pubKeyLen);
*pubKey = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data;
}
FREE_ASNGETDATA(dataASN, NULL);
#endif /* WOLFSSL_ASN_TEMPLATE */
return ret;
}
int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
byte* pubKey, word32* pubKeyLen, int keyType)
{
int ret = 0;
const byte* pubKeyPtr = NULL;
word32 pubKeyPtrLen = 0;
if (pubKey == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKeyPtr,
&pubKeyPtrLen, keyType);
}
if ((ret == 0) && (pubKeyPtrLen > *pubKeyLen)) {
ret = BUFFER_E;
}
if ((ret == 0) && (pubKeyPtr != NULL)) {
XMEMCPY(pubKey, pubKeyPtr, pubKeyPtrLen);
*pubKeyLen = pubKeyPtrLen;
}
return ret;
}
#endif
#endif /* WC_ENABLE_ASYM_KEY_IMPORT */

10
wolfcrypt/src/cryptocb.c
View File

@ -785,7 +785,7 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
}
#endif /* HAVE_ED25519 */
#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_HAVE_KYBER)
int wc_CryptoCb_PqcKemGetDevId(int type, void* key)
{
int devId = INVALID_DEVID;
@ -794,11 +794,9 @@ int wc_CryptoCb_PqcKemGetDevId(int type, void* key)
return devId;
/* get devId */
#if defined(WOLFSSL_HAVE_KYBER)
if (type == WC_PQC_KEM_TYPE_KYBER) {
devId = ((KyberKey*) key)->devId;
}
#endif
return devId;
}
@ -906,9 +904,9 @@ int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* HAVE_PQC && WOLFSSL_HAVE_KYBER */
#endif /* WOLFSSL_HAVE_KYBER */
#if defined(HAVE_PQC) && (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
{
int devId = INVALID_DEVID;
@ -1068,7 +1066,7 @@ int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
return wc_CryptoCb_TranslateErrorCode(ret);
}
#endif /* HAVE_PQC && (HAVE_FALCON || HAVE_DILITHIUM) */
#endif /* HAVE_FALCON || HAVE_DILITHIUM */
#ifndef NO_AES
#ifdef HAVE_AESGCM

7380
wolfcrypt/src/dilithium.c
View File

File diff suppressed because it is too large Load Diff

1856
wolfcrypt/test/test.c
View File

File diff suppressed because it is too large Load Diff

3535
wolfssl/certs_test.h
View File

File diff suppressed because it is too large Load Diff

42
wolfssl/internal.h
View File

@ -122,8 +122,10 @@
#ifdef HAVE_CURVE448
#include <wolfssl/wolfcrypt/curve448.h>
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
#include <wolfssl/wolfcrypt/falcon.h>
#endif
#ifdef HAVE_DILITHIUM
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#ifdef HAVE_HKDF
@ -1554,7 +1556,7 @@ enum Misc {
MAXEARLYDATASZ_LEN = 4, /* maxEarlyDataSz size in ticket */
#endif
#endif
#ifdef HAVE_PQC
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
ENCRYPT_LEN = 5120, /* Allow 5k byte buffer for dilithium and
* hybridization with other algs. */
#else
@ -1803,7 +1805,7 @@ enum Misc {
MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
MAX_CERT_VERIFY_SZ = 6000, /* For Dilithium */
#elif defined(WOLFSSL_CERT_EXT)
MAX_CERT_VERIFY_SZ = 2048, /* For larger extensions */
@ -1855,13 +1857,13 @@ enum Misc {
#define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \
(MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP)
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
#define WOLFSSL_NAMED_GROUP_IS_PQC(group) \
((WOLFSSL_PQC_SIMPLE_MIN <= (group) && (group) <= WOLFSSL_PQC_SIMPLE_MAX) || \
(WOLFSSL_PQC_HYBRID_MIN <= (group) && (group) <= WOLFSSL_PQC_HYBRID_MAX))
#else
#define WOLFSSL_NAMED_GROUP_IS_PQC(group) ((void)(group), 0)
#endif /* HAVE_PQC */
#endif /* WOLFSSL_HAVE_KYBER */
/* minimum Downgrade Minor version */
#ifndef WOLFSSL_MIN_DOWNGRADE
@ -1891,7 +1893,7 @@ enum Misc {
/* number of items in the signature algo list */
#ifndef WOLFSSL_MAX_SIGALGO
#ifdef HAVE_PQC
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
/* If we are building with post-quantum algorithms, we likely want to
* inter-op with OQS's OpenSSL and they send a lot more sigalgs.
*/
@ -1920,10 +1922,12 @@ enum Misc {
#endif
#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
#ifndef MIN_FALCONKEY_SZ
#define MIN_FALCONKEY_SZ 1281
#endif
#endif
#ifdef HAVE_DILITHIUM
#ifndef MIN_DILITHIUMKEY_SZ
#define MIN_DILITHIUMKEY_SZ 2528
#endif
@ -1968,7 +1972,7 @@ enum Misc {
#endif
#ifndef MAX_X509_SIZE
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
#define MAX_X509_SIZE (8*1024) /* max static x509 buffer size; dilithium is big */
#elif defined(WOLFSSL_HAPROXY)
#define MAX_X509_SIZE 3072 /* max static x509 buffer size */
@ -2637,8 +2641,10 @@ struct WOLFSSL_CERT_MANAGER {
/* with CTX free. */
#endif
wolfSSL_Ref ref;
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
short minFalconKeySz; /* minimum allowed Falcon key size */
#endif
#ifdef HAVE_DILITHIUM
short minDilithiumKeySz; /* minimum allowed Dilithium key size */
#endif
#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
@ -3417,7 +3423,7 @@ typedef struct KeyShareEntry {
word32 keyLen; /* Key size (bytes) */
byte* pubKey; /* Public key */
word32 pubKeyLen; /* Public key length */
#if !defined(NO_DH) || defined(HAVE_PQC)
#if !defined(NO_DH) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
byte* privKey; /* Private key - DH and PQ KEMs only */
word32 privKeyLen;/* Only for PQ KEMs. */
#endif
@ -3750,8 +3756,10 @@ struct WOLFSSL_CTX {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum ECC key size */
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
short minFalconKeySz; /* minimum Falcon key size */
#endif
#ifdef HAVE_DILITHIUM
short minDilithiumKeySz;/* minimum Dilithium key size */
#endif
unsigned long mask; /* store SSL_OP_ flags */
@ -4910,8 +4918,10 @@ struct Options {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum ECC key size */
#endif
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON)
short minFalconKeySz; /* minimum Falcon key size */
#endif
#if defined(HAVE_DILITHIUM)
short minDilithiumKeySz;/* minimum Dilithium key size */
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@ -5105,9 +5115,9 @@ struct WOLFSSL_X509 {
int pubKeyOID;
DNS_entry* altNamesNext; /* hint for retrieval */
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
defined(HAVE_PQC)
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
word32 pkCurveOID;
#endif /* HAVE_ECC || HAVE_PQC */
#endif
#ifndef NO_CERTS
DerBuffer* derCert; /* may need */
#endif
@ -5700,9 +5710,11 @@ struct WOLFSSL {
curve448_key* peerX448Key;
byte peerX448KeyPresent;
#endif
#ifdef HAVE_PQC
#ifdef HAVE_FALCON
falcon_key* peerFalconKey;
byte peerFalconKeyPresent;
#endif
#ifdef HAVE_DILITHIUM
dilithium_key* peerDilithiumKey;
byte peerDilithiumKeyPresent;
#endif

26
wolfssl/wolfcrypt/asn.h
View File

@ -948,7 +948,7 @@ enum Misc_ASN {
ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
#ifdef HAVE_SPHINCS
MAX_ENCODED_SIG_SZ = 51200,
#elif defined(HAVE_PQC)
#elif defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
MAX_ENCODED_SIG_SZ = 5120,
#elif !defined(NO_RSA)
#ifdef WOLFSSL_HAPROXY
@ -983,7 +983,7 @@ enum Misc_ASN {
MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ +
MAX_VERSION_SZ, /* Maximum size of a DSA Private
key taken from DsaKeyIntsToDer. */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of a Dilithium public key. */
#endif
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
@ -1032,7 +1032,7 @@ enum Misc_ASN {
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
#if defined(HAVE_PQC)
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
MAX_PUBLIC_KEY_SZ = MAX_PQC_PUBLIC_KEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
#else
MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
@ -1497,9 +1497,13 @@ struct SignatureCtx {
#ifdef HAVE_ED448
struct ed448_key* ed448;
#endif
#ifdef HAVE_PQC
#if defined(HAVE_FALCON)
struct falcon_key* falcon;
#endif
#if defined(HAVE_DILITHIUM)
struct dilithium_key* dilithium;
#endif
#if defined(HAVE_SPHINCS)
struct sphincs_key* sphincs;
#endif
void* ptr;
@ -2375,8 +2379,11 @@ WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx);
WOLFSSL_LOCAL int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
byte* output, word32 outLen, int keyType, int withHeader);
WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
byte* pubKey, word32* pubKeyLen, int keyType);
WOLFSSL_LOCAL int DecodeAsymKeyPublic_Assign(const byte* input,
word32* inOutIdx, word32 inSz, const byte** pubKey, word32* pubKeyLen,
int keyType);
WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx,
word32 inSz, byte* pubKey, word32* pubKeyLen, int keyType);
#ifndef NO_CERTS
@ -2683,9 +2690,10 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);
|| (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
|| (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
|| (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
|| (defined(HAVE_PQC) && defined(HAVE_FALCON)) \
|| (defined(HAVE_PQC) && defined(HAVE_DILITHIUM)) \
|| (defined(HAVE_PQC) && defined(HAVE_SPHINCS)))
|| defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))
WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx,
word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey,
word32* pubKeyLen, int keyType);
WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx,
word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey,
word32* pubKeyLen, int keyType);

6
wolfssl/wolfcrypt/asn_public.h
View File

@ -799,8 +799,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \
(defined(HAVE_PQC) && (defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))))
(defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))
#define WC_ENABLE_ASYM_KEY_EXPORT
#endif
@ -809,8 +808,7 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
(defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \
(defined(HAVE_PQC) && (defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))))
(defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)))
#define WC_ENABLE_ASYM_KEY_IMPORT
#endif

19
wolfssl/wolfcrypt/cryptocb.h
View File

@ -71,7 +71,7 @@
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef HAVE_PQC
#ifdef WOLFSSL_HAVE_KYBER
#include <wolfssl/wolfcrypt/kyber.h>
#ifdef WOLFSSL_WC_KYBER
#include <wolfssl/wolfcrypt/wc_kyber.h>
@ -79,10 +79,10 @@
#include <wolfssl/wolfcrypt/ext_kyber.h>
#endif
#endif
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#if defined(HAVE_PQC) && defined(HAVE_FALCON)
#if defined(HAVE_FALCON)
#include <wolfssl/wolfcrypt/falcon.h>
#endif
@ -216,7 +216,7 @@ typedef struct wc_CryptoInfo {
byte contextLen;
} ed25519verify;
#endif
#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_HAVE_KYBER)
struct {
WC_RNG* rng;
int size;
@ -241,8 +241,7 @@ typedef struct wc_CryptoInfo {
int type; /* enum wc_PqcKemType */
} pqc_decaps;
#endif
#if defined(HAVE_PQC) && \
(defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
struct {
WC_RNG* rng;
int size;
@ -525,7 +524,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen,
const byte* context, byte contextLen);
#endif /* HAVE_ED25519 */
#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_HAVE_KYBER)
WOLFSSL_LOCAL int wc_CryptoCb_PqcKemGetDevId(int type, void* key);
WOLFSSL_LOCAL int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type,
@ -538,9 +537,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcEncapsulate(byte* ciphertext,
WOLFSSL_LOCAL int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext,
word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen,
int type, void* key);
#endif /* HAVE_PQC && WOLFSSL_HAVE_KYBER */
#endif /* WOLFSSL_HAVE_KYBER */
#if defined(HAVE_PQC) && (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM))
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
WOLFSSL_LOCAL int wc_CryptoCb_PqcSigGetDevId(int type, void* key);
WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type,
@ -554,7 +553,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen,
WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
const byte* pubKey, word32 pubKeySz);
#endif /* HAVE_PQC && (HAVE_FALCON || HAVE_DILITHIUM) */
#endif /* HAVE_FALCON || HAVE_DILITHIUM */
#ifndef NO_AES
#ifdef HAVE_AESGCM

687
wolfssl/wolfcrypt/dilithium.h
View File

@ -35,34 +35,458 @@
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#if defined(HAVE_PQC) && defined(HAVE_DILITHIUM)
#if defined(HAVE_DILITHIUM)
#ifdef HAVE_LIBOQS
#include <oqs/oqs.h>
#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
#endif
#if defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
!defined(WOLFSSL_DILITHIUM_VERIFY_ONLY)
#define WOLFSSL_DILITHIUM_VERIFY_ONLY
#endif
#ifdef WOLFSSL_DILITHIUM_VERIFY_ONLY
#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
#define WOLFSSL_DILITHIUM_NO_MAKE_KEY
#endif
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
#define WOLFSSL_DILITHIUM_NO_SIGN
#endif
#endif
#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
!defined(WOLFSSL_DILITHIUM_NO_VERIFY)
#define WOLFSSL_DILITHIUM_PUBLIC_KEY
#endif
#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
!defined(WOLFSSL_DILITHIUM_NO_SIGN)
#define WOLFSSL_DILITHIUM_PRIVATE_KEY
#endif
#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \
defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_CHECK_KEY) && \
!defined(WOLFSSL_DILITHIUM_CHECK_KEY)
#define WOLFSSL_DILITHIUM_CHECK_KEY
#endif
#ifdef WOLFSSL_WC_DILITHIUM
#include <wolfssl/wolfcrypt/sha3.h>
#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY
#include <wolfssl/wolfcrypt/random.h>
#endif
#endif
#if defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) && \
!defined(WC_DILITHIUM_CACHE_MATRIX_A)
#define WC_DILITHIUM_CACHE_MATRIX_A
#endif
#if defined(WC_DILITHIUM_CACHE_PUB_VECTORS) && \
!defined(WC_DILITHIUM_CACHE_MATRIX_A)
#define WC_DILITHIUM_CACHE_MATRIX_A
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* Macros Definitions */
#ifdef HAVE_LIBOQS
#define DILITHIUM_LEVEL2_KEY_SIZE OQS_SIG_dilithium_2_length_secret_key
#define DILITHIUM_LEVEL2_SIG_SIZE OQS_SIG_dilithium_2_length_signature
#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_dilithium_2_length_public_key
#define DILITHIUM_LEVEL2_PRV_KEY_SIZE (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE)
#ifdef WOLFSSL_WC_DILITHIUM
#define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_dilithium_3_length_secret_key
#define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_dilithium_3_length_signature
#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_dilithium_3_length_public_key
#define DILITHIUM_LEVEL3_PRV_KEY_SIZE (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE)
#ifndef WOLFSSL_DILITHIUM_ALIGNMENT
#if defined(__arch64__)
#define WOLFSSL_DILITHIUM_ALIGNMENT 8
#elif defined(__arm__)
#define WOLFSSL_DILITHIUM_ALIGNMENT 4
#elif !defined(WOLFSSL_AESNI) && defined(WOLFSSL_GENERAL_ALIGNMENT)
#define WOLFSSL_DILITHIUM_ALIGNMENT WOLFSSL_GENERAL_ALIGNMENT
#else
#define WOLFSSL_DILITHIUM_ALIGNMENT 8
#endif
#endif /* WOLFSSL_DILITHIUM_ALIGNMENT */
#define DILITHIUM_LEVEL2_KEY_SIZE 2560
#define DILITHIUM_LEVEL2_SIG_SIZE 2420
#define DILITHIUM_LEVEL2_PUB_KEY_SIZE 1312
#define DILITHIUM_LEVEL2_PRV_KEY_SIZE \
(DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE)
#define DILITHIUM_LEVEL3_KEY_SIZE 4032
#define DILITHIUM_LEVEL3_SIG_SIZE 3309
#define DILITHIUM_LEVEL3_PUB_KEY_SIZE 1952
#define DILITHIUM_LEVEL3_PRV_KEY_SIZE \
(DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE)
#define DILITHIUM_LEVEL5_KEY_SIZE 4896
#define DILITHIUM_LEVEL5_SIG_SIZE 4627
#define DILITHIUM_LEVEL5_PUB_KEY_SIZE 2592
#define DILITHIUM_LEVEL5_PRV_KEY_SIZE \
(DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE)
/* Modulus. */
#define DILITHIUM_Q 0x7fe001
/* Number of bits in modulus. */
#define DILITHIUM_Q_BITS 23
/* Number of elements in polynomial. */
#define DILITHIUM_N 256
/* Number of dropped bits. */
#define DILITHIUM_D 13
/* Maximum value of dropped bits. */
#define DILITHIUM_D_MAX (1 << DILITHIUM_D)
/* Half maximum value. */
#define DILITHIUM_D_MAX_HALF (1 << (DILITHIUM_D - 1))
/* Number of undropped bits. */
#define DILITHIUM_U (DILITHIUM_Q_BITS - DILITHIUM_D)
/* Bits in coefficient range of y, GAMMA1, of 2^17 is 17. */
#define DILITHIUM_GAMMA1_BITS_17 17
/* Coefficient range of y, GAMMA1, of 2^17. */
#define DILITHIUM_GAMMA1_17 (1 << 17)
/* # encoding bits of y is GAMMA1 + 1. */
#define DILITHIUM_GAMMA1_17_ENC_BITS 18
/* Coefficient range of y, GAMMA1, of 2^17. */
/* Bits in coefficient range of y, GAMMA1, of 2^19 is 19. */
#define DILITHIUM_GAMMA1_BITS_19 19
/* Coefficient range of y, GAMMA1, of 2^19. */
#define DILITHIUM_GAMMA1_19 (1 << 19)
/* # encoding bits of y is GAMMA1 + 1. */
#define DILITHIUM_GAMMA1_19_ENC_BITS 20
/* Low-order rounding range, GAMMA2, is Q divided by 88. */
#define DILITHIUM_Q_LOW_88 ((DILITHIUM_Q - 1) / 88)
/* Absolute low-order rounding range, GAMMA2, is Q divided by 88. */
#define DILITHIUM_Q_LOW_88_2 (((DILITHIUM_Q - 1) / 88) * 2)
/* # encoding bits of w1 when range is 88. */
#define DILITHIUM_Q_HI_88_ENC_BITS 6
/* Low-order rounding range, GAMMA2, is Q divided by 32. */
#define DILITHIUM_Q_LOW_32 ((DILITHIUM_Q - 1) / 32)
/* Absolute low-order rounding range, GAMMA2, is Q divided by 32. */
#define DILITHIUM_Q_LOW_32_2 (((DILITHIUM_Q - 1) / 32) * 2)
/* # encoding bits of w1 when range is 32. */
#define DILITHIUM_Q_HI_32_ENC_BITS 4
/* Private key range, eta, of 2. */
#define DILITHIUM_ETA_2 2
/* Bits needed to encode values in range -2..2 as a positive number. */
#define DILITHIUM_ETA_2_BITS 3
/* Extract count of valid values. */
#define DILITHIUM_ETA_2_MOD 15
/* Private key range, eta, of 4. */
#define DILITHIUM_ETA_4 4
/* Bits needed to encode values in range -4..4 as a positive number. */
#define DILITHIUM_ETA_4_BITS 4
/* Extract count of valid values. */
#define DILITHIUM_ETA_4_MOD 9
/* Number of bytes in a polynomial in memory. */
#define DILITHIUM_POLY_SIZE (DILITHIUM_N * sizeof(sword32))
#ifndef WOLFSSL_NO_ML_DSA_44
/* Fist dimension of A, k, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_K 4
/* Second dimension of A, l, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_L 4
/* Private key range, ETA, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_ETA DILITHIUM_ETA_2
/* Number of bits in private key for ML-DSA-44. */
#define PARAMS_ML_DSA_44_ETA_BITS DILITHIUM_ETA_2_BITS
/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_LAMBDA 16
/* # +/-1's in polynomial c, TAU, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_TAU 39
/* BETA = TAU * ETA for ML-DSA-44. */
#define PARAMS_ML_DSA_44_BETA \
(PARAMS_ML_DSA_44_TAU * PARAMS_ML_DSA_44_ETA)
/* Max # 1's in the hint h, OMEGA, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_OMEGA 80
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_17
/* Ccoefficient range of y, GAMMA1, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_GAMMA1 (1 << PARAMS_ML_DSA_44_GAMMA1_BITS)
/* Low-order rounding range, GAMMA2, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_GAMMA2 DILITHIUM_Q_LOW_88
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-44. */
#define PARAMS_ML_DSA_44_GAMMA2_HI_BITS 6
/* Encoding size of w1 in bytes for ML-DSA-44.
* K * N / 8 * 6 - 6 bits as max value is 43 in high bits. */
#define PARAMS_ML_DSA_44_W1_ENC_SZ \
(PARAMS_ML_DSA_44_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_44_GAMMA2_HI_BITS)
/* Size of memory used for matrix a in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_A_SIZE \
(PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE)
/* Size of memory used for vector s1 in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_S1_SIZE \
(PARAMS_ML_DSA_44_L * DILITHIUM_POLY_SIZE)
/* Encoding size of s1 in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_S1_ENC_SIZE \
(PARAMS_ML_DSA_44_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8)
/* Size of memory used for vector s2 in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_S2_SIZE \
(PARAMS_ML_DSA_44_K * DILITHIUM_POLY_SIZE)
/* Encoding size of s2 in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_S2_ENC_SIZE \
(PARAMS_ML_DSA_44_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_44_ETA_BITS / 8)
/* Encoding size of z in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_Z_ENC_SIZE \
(PARAMS_ML_DSA_44_S1_SIZE / sizeof(sword32) / 8 * \
(PARAMS_ML_DSA_44_GAMMA1_BITS + 1))
/* Encoding size of public key in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_PK_SIZE \
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8)
/* Encoding size of signature in bytes for ML-DSA-44. */
#define PARAMS_ML_DSA_44_SIG_SIZE \
((PARAMS_ML_DSA_44_LAMBDA * 2) + \
PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K)
#endif /* WOLFSSL_NO_ML_DSA_44 */
#ifndef WOLFSSL_NO_ML_DSA_65
/* Fist dimension of A, k, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_K 6
/* Second dimension of A, l, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_L 5
/* Private key range, ETA, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_ETA DILITHIUM_ETA_4
/* Number of bits in private key for ML-DSA-65. */
#define PARAMS_ML_DSA_65_ETA_BITS DILITHIUM_ETA_4_BITS
/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_LAMBDA 24
/* # +/-1's in polynomial c, TAU, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_TAU 49
/* BETA = TAU * ETA for ML-DSA-65. */
#define PARAMS_ML_DSA_65_BETA \
(PARAMS_ML_DSA_65_TAU * PARAMS_ML_DSA_65_ETA)
/* Max # 1's in the hint h, OMEGA, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_OMEGA 55
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19
/* Ccoefficient range of y, GAMMA1, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_GAMMA1 (1 << PARAMS_ML_DSA_65_GAMMA1_BITS)
/* Low-order rounding range, GAMMA2, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_GAMMA2 DILITHIUM_Q_LOW_32
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-65. */
#define PARAMS_ML_DSA_65_GAMMA2_HI_BITS 4
/* Encoding size of w1 in bytes for ML-DSA-65.
* K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */
#define PARAMS_ML_DSA_65_W1_ENC_SZ \
(PARAMS_ML_DSA_65_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_65_GAMMA2_HI_BITS)
/* Size of memory used for matrix a in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_A_SIZE \
(PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE)
/* Size of memory used for vector s1 in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_S1_SIZE \
(PARAMS_ML_DSA_65_L * DILITHIUM_POLY_SIZE)
/* Encoding size of s1 in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_S1_ENC_SIZE \
(PARAMS_ML_DSA_65_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8)
/* Size of memory used for vector s2 in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_S2_SIZE \
(PARAMS_ML_DSA_65_K * DILITHIUM_POLY_SIZE)
/* Encoding size of s2 in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_S2_ENC_SIZE \
(PARAMS_ML_DSA_65_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_65_ETA_BITS / 8)
/* Encoding size of z in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_Z_ENC_SIZE \
(PARAMS_ML_DSA_65_S1_SIZE / sizeof(sword32) / 8 * \
(PARAMS_ML_DSA_65_GAMMA1_BITS + 1))
/* Encoding size of public key in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_PK_SIZE \
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8)
/* Encoding size of signature in bytes for ML-DSA-65. */
#define PARAMS_ML_DSA_65_SIG_SIZE \
((PARAMS_ML_DSA_65_LAMBDA * 2) + \
PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K)
#endif /* WOLFSSL_NO_ML_DSA_65 */
#ifndef WOLFSSL_NO_ML_DSA_87
/* Fist dimension of A, k, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_K 8
/* Second dimension of A, l, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_L 7
/* Private key range, ETA, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_ETA DILITHIUM_ETA_2
/* Number of bits in private key for ML-DSA-87. */
#define PARAMS_ML_DSA_87_ETA_BITS DILITHIUM_ETA_2_BITS
/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_LAMBDA 32
/* # +/-1's in polynomial c, TAU, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_TAU 60
/* BETA = TAU * ETA for ML-DSA-87. */
#define PARAMS_ML_DSA_87_BETA \
(PARAMS_ML_DSA_87_TAU * PARAMS_ML_DSA_87_ETA)
/* Max # 1's in the hint h, OMEGA, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_OMEGA 75
/* Bits in coefficient range of y, GAMMA1, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19
/* Ccoefficient range of y, GAMMA1, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_GAMMA1 (1 << PARAMS_ML_DSA_87_GAMMA1_BITS)
/* Low-order rounding range, GAMMA2, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_GAMMA2 DILITHIUM_Q_LOW_32
/* Bits in high-order rounding range, GAMMA2, for ML-DSA-87. */
#define PARAMS_ML_DSA_87_GAMMA2_HI_BITS 4
/* Encoding size of w1 in bytes for ML-DSA-87.
* K * N / 8 * 4 - 4 bits as max value is 15 in high bits. */
#define PARAMS_ML_DSA_87_W1_ENC_SZ \
(PARAMS_ML_DSA_87_K * DILITHIUM_N / 8 * PARAMS_ML_DSA_87_GAMMA2_HI_BITS)
/* Size of memory used for matrix A in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_A_SIZE \
(PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE)
#define PARAMS_ML_DSA_87_S_SIZE 4
/* Size of memory used for vector s1 in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_S1_SIZE \
(PARAMS_ML_DSA_87_L * DILITHIUM_POLY_SIZE)
/* Encoding size of s1 in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_S1_ENC_SIZE \
(PARAMS_ML_DSA_87_S1_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8)
/* Size of memory used for vector s2 in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_S2_SIZE \
(PARAMS_ML_DSA_87_K * DILITHIUM_POLY_SIZE)
/* Encoding size of s2 in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_S2_ENC_SIZE \
(PARAMS_ML_DSA_87_S2_SIZE / sizeof(sword32) * PARAMS_ML_DSA_87_ETA_BITS / 8)
/* Encoding size of z in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_Z_ENC_SIZE \
(PARAMS_ML_DSA_87_S1_SIZE / sizeof(sword32) / 8 * \
(PARAMS_ML_DSA_87_GAMMA1_BITS + 1))
/* Encoding size of public key in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_PK_SIZE \
(DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8)
/* Encoding size of signature in bytes for ML-DSA-87. */
#define PARAMS_ML_DSA_87_SIG_SIZE \
((PARAMS_ML_DSA_87_LAMBDA * 2) + \
PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \
PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K)
#endif /* WOLFSSL_NO_ML_DSA_87 */
#ifndef WOLFSSL_NO_ML_DSA_87
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_87_W1_ENC_SZ
/* Maximum collision strength of c-tilde in bytes. */
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_87_LAMBDA
/* Maximum count of elements of a vector with dimension K. */
#define DILITHIUM_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_87_K * DILITHIUM_N)
/* Maximum count of elements of a vector with dimension L. */
#define DILITHIUM_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_87_L * DILITHIUM_N)
#elif !defined(WOLFSSL_NO_ML_DSA_65)
/* Maximum w1 encoding size in bytes. */
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_65_W1_ENC_SZ
/* Maximum collision strength of c-tilde in bytes. */
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_65_LAMBDA
/* Maximum count of elements of a vector with dimension K. */
#define DILITHIUM_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_65_K * DILITHIUM_N)
/* Maximum count of elements of a vector with dimension L. */
#define DILITHIUM_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_65_L * DILITHIUM_N)
#else
/* Maximum w1 encoding size in bytes. */
#define DILITHIUM_MAX_W1_ENC_SZ PARAMS_ML_DSA_44_W1_ENC_SZ
/* Maximum collision strength of c-tilde in bytes. */
#define DILITHIUM_MAX_LAMBDA PARAMS_ML_DSA_44_LAMBDA
/* Maximum count of elements of a vector with dimension K. */
#define DILITHIUM_MAX_K_VECTOR_COUNT \
(PARAMS_ML_DSA_44_K * DILITHIUM_N)
/* Maximum count of elements of a vector with dimension L. */
#define DILITHIUM_MAX_L_VECTOR_COUNT \
(PARAMS_ML_DSA_44_L * DILITHIUM_N)
#endif
/* Length of K in bytes. */
#define DILITHIUM_K_SZ 32
/* Length of TR in bytes. */
#define DILITHIUM_TR_SZ 64
/* Length of public key seed in bytes when expanding a. */
#define DILITHIUM_PUB_SEED_SZ 32
/* Length of private key seed in bytes when generating a key. */
#define DILITHIUM_PRIV_SEED_SZ 64
/* Length of seed when creating vector c. */
#define DILITHIUM_SEED_SZ 32
/* Length of seeds created when making a key. */
#define DILITHIUM_SEEDS_SZ 128
/* Length of MU in bytes. */
#define DILITHIUM_MU_SZ 64
/* Length of random in bytes when generating a signature. */
#define DILITHIUM_RND_SZ 32
/* Length of private random in bytes when generating a signature. */
#define DILITHIUM_PRIV_RAND_SEED_SZ 64
/* 5 blocks, each block 21 * 8 bytes = 840 bytes.
* Minimum required is 256 * 3 = 768. */
#define DILITHIUM_GEN_A_NBLOCKS 5
/* Number of bytes to generate with Shake128 when generating A. */
#define DILITHIUM_GEN_A_BYTES \
(DILITHIUM_GEN_A_NBLOCKS * WC_SHA3_128_COUNT * 8)
/* Number of bytes to a block of SHAKE-128 when generating A. */
#define DILITHIUM_GEN_A_BLOCK_BYTES (WC_SHA3_128_COUNT * 8)
/* Number of bytes to a block of SHAKE-256 when generating c. */
#define DILITHIUM_GEN_C_BLOCK_BYTES (WC_SHA3_256_COUNT * 8)
#ifndef WOLFSSL_DILITHIUM_SMALL
#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
/* A block SHAKE-128 output plus one for reading 4 bytes at a time. */
#define DILITHIUM_REJ_NTT_POLY_H_SIZE (DILITHIUM_GEN_A_BYTES + 1)
#else
/* A block SHAKE-128 output. */
#define DILITHIUM_REJ_NTT_POLY_H_SIZE DILITHIUM_GEN_A_BYTES
#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_DILITHIUM_ALIGNMENT == 0 */
#else
#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
/* A block SHAKE-128 output plus one for reading 4 bytes at a time. */
#define DILITHIUM_REJ_NTT_POLY_H_SIZE (DILITHIUM_GEN_A_BLOCK_BYTES + 1)
#else
/* A block SHAKE-128 output. */
#define DILITHIUM_REJ_NTT_POLY_H_SIZE DILITHIUM_GEN_A_BLOCK_BYTES
#endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_DILITHIUM_ALIGNMENT == 0 */
#endif
#elif defined(HAVE_LIBOQS)
#define DILITHIUM_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key
#define DILITHIUM_LEVEL2_SIG_SIZE OQS_SIG_ml_dsa_44_ipd_length_signature
#define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_public_key
#define DILITHIUM_LEVEL2_PRV_KEY_SIZE \
(DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE)
#define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key
#define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature
#define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_public_key
#define DILITHIUM_LEVEL3_PRV_KEY_SIZE \
(DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE)
#define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key
#define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature
#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key
#define DILITHIUM_LEVEL5_PRV_KEY_SIZE \
(DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
#define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_dilithium_5_length_secret_key
#define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_dilithium_5_length_signature
#define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_dilithium_5_length_public_key
#define DILITHIUM_LEVEL5_PRV_KEY_SIZE (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE)
#endif
#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_KEY_SIZE
@ -77,9 +501,34 @@
/* Structs */
#ifdef WOLFSSL_WC_DILITHIUM
typedef struct wc_dilithium_params {
byte level;
byte k;
byte l;
byte eta;
byte eta_bits;
byte tau;
byte beta;
byte omega;
byte lambda;
byte gamma1_bits;
word32 gamma2;
word32 w1EncSz;
word16 aSz;
word16 s1Sz;
word16 s1EncSz;
word16 s2Sz;
word16 s2EncSz;
word16 zEncSz;
word16 pkSz;
word16 sigSz;
} wc_dilithium_params;
#endif
struct dilithium_key {
bool pubKeySet;
bool prvKeySet;
byte pubKeySet;
byte prvKeySet;
byte level; /* 2,3 or 5 */
#ifdef WOLF_CRYPTO_CB
@ -93,8 +542,43 @@ struct dilithium_key {
int labelLen;
#endif
#ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
byte k[DILITHIUM_MAX_PRV_KEY_SIZE];
byte k[DILITHIUM_MAX_KEY_SIZE];
#else
const byte* p;
const byte* k;
#endif
#ifdef WOLFSSL_WC_DILITHIUM
const wc_dilithium_params* params;
wc_Shake shake;
#ifdef WC_DILITHIUM_CACHE_MATRIX_A
sword32* a;
byte aSet;
#endif
#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS
sword32* s1;
sword32* s2;
sword32* t0;
byte privVecsSet;
#endif
#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
sword32* t1;
byte pubVecSet;
#endif
#if defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && \
defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)
sword32 z[DILITHIUM_MAX_L_VECTOR_COUNT];
sword32 c[DILITHIUM_N];
sword32 w[DILITHIUM_N];
sword32 t1[DILITHIUM_N];
byte w1e[DILITHIUM_MAX_W1_ENC_SZ];
byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE];
byte block[DILITHIUM_GEN_C_BLOCK_BYTES];
#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC &&
* WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */
#endif /* WOLFSSL_WC_DILITHIUM */
};
#ifndef WC_DILITHIUMKEY_TYPE_DEFINED
@ -104,12 +588,17 @@ struct dilithium_key {
/* Functions */
#ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY
WOLFSSL_API
int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
dilithium_key* key, WC_RNG* rng);
int wc_dilithium_make_key(dilithium_key* key, WC_RNG* rng);
WOLFSSL_API
int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out,
word32 *outLen, dilithium_key* key, WC_RNG* rng);
#endif
WOLFSSL_API
int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, dilithium_key* key);
word32 msgLen, int* res, dilithium_key* key);
WOLFSSL_API
int wc_dilithium_init(dilithium_key* key);
@ -120,10 +609,10 @@ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId);
#ifdef WOLF_PRIVATE_KEY_ID
WOLFSSL_API
int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len,
void* heap, int devId);
void* heap, int devId);
WOLFSSL_API
int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap,
int devId);
int devId);
#endif
WOLFSSL_API
@ -133,54 +622,142 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level);
WOLFSSL_API
void wc_dilithium_free(dilithium_key* key);
WOLFSSL_API
int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key);
WOLFSSL_API
int wc_dilithium_import_private_only(const byte* priv, word32 privSz,
dilithium_key* key);
WOLFSSL_API
int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz,
dilithium_key* key);
WOLFSSL_API
int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz);
WOLFSSL_API
int wc_dilithium_check_key(dilithium_key* key);
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
WOLFSSL_API
int wc_dilithium_size(dilithium_key* key);
#endif
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
WOLFSSL_API
int wc_dilithium_priv_size(dilithium_key* key);
#endif
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
WOLFSSL_API
int wc_dilithium_pub_size(dilithium_key* key);
#endif
#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
WOLFSSL_API
int wc_dilithium_sig_size(dilithium_key* key);
#endif
#ifdef WOLFSSL_DILITHIUM_CHECK_KEY
WOLFSSL_API
int wc_dilithium_check_key(dilithium_key* key);
#endif
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
WOLFSSL_API
int wc_dilithium_import_public(const byte* in, word32 inLen,
dilithium_key* key);
#endif
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
WOLFSSL_API
int wc_dilithium_import_private(const byte* priv, word32 privSz,
dilithium_key* key);
#define wc_dilithium_import_private_only wc_dilithium_import_private
WOLFSSL_API
int wc_dilithium_import_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz, dilithium_key* key);
#endif
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
WOLFSSL_API
int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen);
#endif
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
WOLFSSL_API
int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen);
#endif
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
WOLFSSL_API
int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz);
#endif
#ifndef WOLFSSL_DILITHIUM_NO_ASN1
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input,
word32* inOutIdx,
dilithium_key* key, word32 inSz);
word32* inOutIdx, dilithium_key* key, word32 inSz);
#endif
#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input,
word32* inOutIdx,
dilithium_key* key, word32 inSz);
WOLFSSL_API int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output,
word32 inLen);
WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
word32 inLen);
word32* inOutIdx, dilithium_key* key, word32 inSz);
#endif
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output,
word32 inLen, int withAlg);
word32 inLen, int withAlg);
#endif
#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \
defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
WOLFSSL_API int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output,
word32 inLen);
#endif
#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY
WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
word32 inLen);
#endif
#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
#define WC_ML_DSA_44 2
#define WC_ML_DSA_65 3
#define WC_ML_DSA_87 5
#define DILITHIUM_ML_DSA_44_KEY_SIZE 2560
#define DILITHIUM_ML_DSA_44_SIG_SIZE 2420
#define DILITHIUM_ML_DSA_44_PUB_KEY_SIZE 1312
#define DILITHIUM_ML_DSA_44_PRV_KEY_SIZE \
(DILITHIUM_ML_DSA_44_PUB_KEY_SIZE + DILITHIUM_ML_DSA_44_KEY_SIZE)
#define DILITHIUM_ML_DSA_65_KEY_SIZE 4032
#define DILITHIUM_ML_DSA_65_SIG_SIZE 3309
#define DILITHIUM_ML_DSA_65_PUB_KEY_SIZE 1952
#define DILITHIUM_ML_DSA_65_PRV_KEY_SIZE \
(DILITHIUM_ML_DSA_65_PUB_KEY_SIZE + DILITHIUM_ML_DSA_65_KEY_SIZE)
#define DILITHIUM_ML_DSA_87_KEY_SIZE 4896
#define DILITHIUM_ML_DSA_87_SIG_SIZE 4627
#define DILITHIUM_ML_DSA_87_PUB_KEY_SIZE 2592
#define DILITHIUM_ML_DSA_87_PRV_KEY_SIZE \
(DILITHIUM_ML_DSA_87_PUB_KEY_SIZE + DILITHIUM_ML_DSA_87_KEY_SIZE)
#define MlDsaKey dilithium_key
#define wc_MlDsaKey_Init(key, heap, devId) \
wc_dilithium_init_ex(key, heap, devId)
#define wc_MlDsaKey_SetParams(key, id) \
wc_dilithium_set_level(key, id)
#define wc_MlDsaKey_GetParams(key, id) \
wc_dilithium_get_level(key, id)
#define wc_MlDsaKey_MakeKey(key, rng) \
wc_dilithium_make_key(key, rng)
#define wc_MlDsaKey_ExportPrivRaw(key, out, outLen) \
wc_dilithium_export_private_only(key, out, outLen)
#define wc_MlDsaKey_ImportPrivRaw(key, in, inLen) \
wc_dilithium_import_private_only(out, outLen, key)
#define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng) \
wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng)
#define wc_MlDsaKey_Free(key) \
wc_dilithium_free(key)
#define wc_MlDsaKey_ExportPubRaw(key, out, outLen) \
wc_dilithium_export_public(key, out, outLen)
#define wc_MlDsaKey_ImportPubRaw(key, in, inLen) \
wc_dilithium_import_public(out, outLen, key)
#define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \
wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key)
int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len);
int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len);
int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* HAVE_PQC && HAVE_DILITHIUM */
#endif /* HAVE_DILITHIUM */
#endif /* WOLF_CRYPT_DILITHIUM_H */

5
wolfssl/wolfcrypt/settings.h
View File

@ -3349,7 +3349,9 @@ extern void uITRON4_free(void *p) ;
#ifdef HAVE_LIBOQS
#define HAVE_PQC
#define HAVE_FALCON
#define HAVE_DILITHIUM
#ifndef HAVE_DILITHIUM
#define HAVE_DILITHIUM
#endif
#ifndef WOLFSSL_NO_SPHINCS
#define HAVE_SPHINCS
#endif
@ -3371,6 +3373,7 @@ extern void uITRON4_free(void *p) ;
#if (defined(HAVE_LIBOQS) || \
defined(WOLFSSL_WC_KYBER) || \
defined(WOLFSSL_WC_DILITHIUM) || \
defined(HAVE_LIBXMSS) || \
defined(HAVE_LIBLMS) || \
defined(WOLFSSL_DUAL_ALG_CERTS)) && \

10
wolfssl/wolfcrypt/types.h
View File

@ -1216,14 +1216,14 @@ typedef struct w64wrapper {
WC_PK_TYPE_CURVE25519_KEYGEN = 16,
WC_PK_TYPE_RSA_GET_SIZE = 17,
#define _WC_PK_TYPE_MAX WC_PK_TYPE_RSA_GET_SIZE
#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_HAVE_KYBER)
WC_PK_TYPE_PQC_KEM_KEYGEN = 18,
WC_PK_TYPE_PQC_KEM_ENCAPS = 19,
WC_PK_TYPE_PQC_KEM_DECAPS = 20,
#undef _WC_PK_TYPE_MAX
#define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_KEM_DECAPS
#endif
#if defined(HAVE_PQC) && (defined(HAVE_DILITHIUM) || defined(HAVE_FALCON))
#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON)
WC_PK_TYPE_PQC_SIG_KEYGEN = 21,
WC_PK_TYPE_PQC_SIG_SIGN = 22,
WC_PK_TYPE_PQC_SIG_VERIFY = 23,
@ -1234,7 +1234,7 @@ typedef struct w64wrapper {
WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX
};
#if defined(HAVE_PQC)
#if defined(WOLFSSL_HAVE_KYBER)
/* Post quantum KEM algorithms */
enum wc_PqcKemType {
WC_PQC_KEM_TYPE_NONE = 0,
@ -1246,7 +1246,9 @@ typedef struct w64wrapper {
#endif
WC_PQC_KEM_TYPE_MAX = _WC_PQC_KEM_TYPE_MAX
};
#endif
#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON)
/* Post quantum signature algorithms */
enum wc_PqcSignatureType {
WC_PQC_SIG_TYPE_NONE = 0,
@ -1263,7 +1265,7 @@ typedef struct w64wrapper {
#endif
WC_PQC_SIG_TYPE_MAX = _WC_PQC_SIG_TYPE_MAX
};
#endif
#endif
/* settings detection for compile vs runtime math incompatibilities */
enum {