mirror of https://github.com/wolfSSL/wolfssl.git
Merge pull request #8494 from Laboratory-for-Safe-and-Secure-Systems/various
Various fixes and improvementspull/8512/head
Sean Parkinson
GitHub
commit
99f25c6399
|
|
@ -655,6 +655,16 @@ else()
|
|||
endif()
|
||||
endif()
|
||||
|
||||
# LMS
|
||||
add_option(WOLFSSL_LMS
|
||||
"Enable the wolfSSL LMS implementation (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
# XMSS
|
||||
add_option(WOLFSSL_XMSS
|
||||
"Enable the wolfSSL XMSS implementation (default: disabled)"
|
||||
"no" "yes;no")
|
||||
|
||||
# TODO: - Lean PSK
|
||||
# - Lean TLS
|
||||
# - Low resource
|
||||
|
|
@ -668,8 +678,6 @@ endif()
|
|||
# - Atomic user record layer
|
||||
# - Public key callbacks
|
||||
# - Microchip/Atmel CryptoAuthLib
|
||||
# - XMSS
|
||||
# - LMS
|
||||
# - dual-certs
|
||||
|
||||
# AES-CBC
|
||||
|
|
|
|||
|
|
@ -208,6 +208,12 @@ function(generate_build_flags)
|
|||
set(BUILD_EXT_KYBER "yes" PARENT_SCOPE)
|
||||
set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
|
||||
endif()
|
||||
if(WOLFSSL_LMS OR WOLFSSL_USER_SETTINGS)
|
||||
set(BUILD_WC_LMS "yes" PARENT_SCOPE)
|
||||
endif()
|
||||
if(WOLFSSL_XMSS OR WOLFSSL_USER_SETTINGS)
|
||||
set(BUILD_WC_XMSS "yes" PARENT_SCOPE)
|
||||
endif()
|
||||
if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS)
|
||||
message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA")
|
||||
# we cannot actually build, as we only have pre-compiled bin
|
||||
|
|
@ -818,6 +824,16 @@ function(generate_lib_src_list LIB_SOURCES)
|
|||
list(APPEND LIB_SOURCES wolfcrypt/src/ext_kyber.c)
|
||||
endif()
|
||||
|
||||
if(BUILD_WC_LMS)
|
||||
list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms.c)
|
||||
list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms_impl.c)
|
||||
endif()
|
||||
|
||||
if(BUILD_WC_XMSS)
|
||||
list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss.c)
|
||||
list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss_impl.c)
|
||||
endif()
|
||||
|
||||
if(BUILD_LIBZ)
|
||||
list(APPEND LIB_SOURCES wolfcrypt/src/compress.c)
|
||||
endif()
|
||||
|
|
|
|||
|
|
@ -382,6 +382,14 @@ extern "C" {
|
|||
#cmakedefine HAVE_ECC_KOBLITZ
|
||||
#undef HAVE_ECC_CDH
|
||||
#cmakedefine HAVE_ECC_CDH
|
||||
#undef WOLFSSL_HAVE_LMS
|
||||
#cmakedefine WOLFSSL_HAVE_LMS
|
||||
#undef WOLFSSL_WC_LMS
|
||||
#cmakedefine WOLFSSL_WC_LMS
|
||||
#undef WOLFSSL_HAVE_XMSS
|
||||
#cmakedefine WOLFSSL_HAVE_XMSS
|
||||
#undef WOLFSSL_WC_XMSS
|
||||
#cmakedefine WOLFSSL_WC_XMSS
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8906,6 +8906,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||
FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey);
|
||||
ssl->peerFalconKeyPresent = 0;
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
|
|
|
|||
|
|
@ -18569,11 +18569,11 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
|
|||
"Dilithium Level 5", "Dilithium Level 5"},
|
||||
#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
|
||||
{ CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k, oidKeyType,
|
||||
"ML_DSA Level 2", "ML_DSA Level 2"},
|
||||
"ML-DSA 44", "ML-DSA 44"},
|
||||
{ CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k, oidKeyType,
|
||||
"ML_DSA Level 3", "ML_DSA Level 3"},
|
||||
"ML-DSA 65", "ML-DSA 65"},
|
||||
{ CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k, oidKeyType,
|
||||
"ML_DSA Level 5", "ML_DSA Level 5"},
|
||||
"ML-DSA 87", "ML-DSA 87"},
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
|
||||
/* oidCurveType */
|
||||
|
|
|
|||
80
src/tls13.c
80
src/tls13.c
|
|
@ -7181,7 +7181,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||
ERROR_OUT(MATCH_SUITE_ERROR, exit_dch);
|
||||
}
|
||||
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
if (ssl->options.resuming) {
|
||||
ssl->options.resuming = 0;
|
||||
ssl->arrays->psk_keySz = 0;
|
||||
|
|
@ -9145,41 +9145,12 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||
#endif
|
||||
#if defined(HAVE_FALCON)
|
||||
else if (ssl->hsType == DYNAMIC_TYPE_FALCON) {
|
||||
falcon_key* fkey = (falcon_key*)ssl->hsKey;
|
||||
byte level = 0;
|
||||
if (wc_falcon_get_level(fkey, &level) != 0) {
|
||||
ERROR_OUT(ALGO_ID_E, exit_scv);
|
||||
}
|
||||
if (level == 1) {
|
||||
args->sigAlgo = falcon_level1_sa_algo;
|
||||
}
|
||||
else if (level == 5) {
|
||||
args->sigAlgo = falcon_level5_sa_algo;
|
||||
}
|
||||
else {
|
||||
ERROR_OUT(ALGO_ID_E, exit_scv);
|
||||
}
|
||||
args->sigAlgo = ssl->buffers.keyType;
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
dilithium_key* fkey = (dilithium_key*)ssl->hsKey;
|
||||
byte level = 0;
|
||||
if (wc_dilithium_get_level(fkey, &level) != 0) {
|
||||
ERROR_OUT(ALGO_ID_E, exit_scv);
|
||||
}
|
||||
if (level == 2) {
|
||||
args->sigAlgo = dilithium_level2_sa_algo;
|
||||
}
|
||||
else if (level == 3) {
|
||||
args->sigAlgo = dilithium_level3_sa_algo;
|
||||
}
|
||||
else if (level == 5) {
|
||||
args->sigAlgo = dilithium_level5_sa_algo;
|
||||
}
|
||||
else {
|
||||
ERROR_OUT(ALGO_ID_E, exit_scv);
|
||||
}
|
||||
args->sigAlgo = ssl->buffers.keyType;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
else {
|
||||
|
|
@ -9463,9 +9434,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz,
|
||||
sigOut, &args->sigLen,
|
||||
(dilithium_key*)ssl->hsKey, ssl->rng);
|
||||
ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->sigData,
|
||||
args->sigDataSz, sigOut,
|
||||
&args->sigLen,
|
||||
(dilithium_key*)ssl->hsKey,
|
||||
ssl->rng);
|
||||
args->length = (word16)args->sigLen;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
|
|
@ -9557,11 +9530,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
|||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN)
|
||||
if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
ret = wc_dilithium_sign_msg(args->altSigData,
|
||||
args->altSigDataSz, sigOut,
|
||||
&args->altSigLen,
|
||||
(dilithium_key*)ssl->hsAltKey,
|
||||
ssl->rng);
|
||||
ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->altSigData,
|
||||
args->altSigDataSz, sigOut, &args->altSigLen,
|
||||
(dilithium_key*)ssl->hsAltKey, ssl->rng);
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
|
||||
|
|
@ -10546,6 +10517,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
(void**)&ssl->peerFalconKey);
|
||||
ssl->peerFalconKeyPresent = 0;
|
||||
}
|
||||
else if ((ret >= 0) && (res == 0)) {
|
||||
WOLFSSL_MSG("Falcon signature verification failed");
|
||||
ret = SIG_VERIFY_E;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
|
|
@ -10555,9 +10530,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
(ssl->peerDilithiumKeyPresent)) {
|
||||
int res = 0;
|
||||
WOLFSSL_MSG("Doing Dilithium peer cert verify");
|
||||
ret = wc_dilithium_verify_msg(sig, args->sigSz,
|
||||
args->sigData, args->sigDataSz,
|
||||
&res, ssl->peerDilithiumKey);
|
||||
ret = wc_dilithium_verify_ctx_msg(sig, args->sigSz, NULL, 0,
|
||||
args->sigData, args->sigDataSz,
|
||||
&res, ssl->peerDilithiumKey);
|
||||
|
||||
if ((ret >= 0) && (res == 1)) {
|
||||
/* CLIENT/SERVER: data verified with public key from
|
||||
|
|
@ -10568,6 +10543,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
(void**)&ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
}
|
||||
else if ((ret >= 0) && (res == 0)) {
|
||||
WOLFSSL_MSG("Dilithium signature verification failed");
|
||||
ret = SIG_VERIFY_E;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
|
||||
|
|
@ -10648,6 +10627,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
(void**)&ssl->peerFalconKey);
|
||||
ssl->peerFalconKeyPresent = 0;
|
||||
}
|
||||
else if ((ret >= 0) && (res == 0)) {
|
||||
WOLFSSL_MSG("Falcon signature verification failed");
|
||||
ret = SIG_VERIFY_E;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
|
||||
|
|
@ -10657,9 +10640,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
(ssl->peerDilithiumKeyPresent)) {
|
||||
int res = 0;
|
||||
WOLFSSL_MSG("Doing Dilithium peer cert alt verify");
|
||||
ret = wc_dilithium_verify_msg(sig, args->altSignatureSz,
|
||||
args->altSigData, args->altSigDataSz,
|
||||
&res, ssl->peerDilithiumKey);
|
||||
ret = wc_dilithium_verify_ctx_msg(sig, args->altSignatureSz,
|
||||
NULL, 0, args->altSigData,
|
||||
args->altSigDataSz, &res,
|
||||
ssl->peerDilithiumKey);
|
||||
|
||||
if ((ret >= 0) && (res == 1)) {
|
||||
/* CLIENT/SERVER: data verified with public key from
|
||||
|
|
@ -10670,6 +10654,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
|||
(void**)&ssl->peerDilithiumKey);
|
||||
ssl->peerDilithiumKeyPresent = 0;
|
||||
}
|
||||
else if ((ret >= 0) && (res == 0)) {
|
||||
WOLFSSL_MSG("Dilithium signature verification failed");
|
||||
ret = SIG_VERIFY_E;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
|
||||
|
|
|
|||
|
|
@ -17282,6 +17282,10 @@ int ConfirmSignature(SignatureCtx* sigCtx,
|
|||
level = WC_ML_DSA_87_DRAFT;
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
WOLFSSL_MSG("Invalid Dilithium key OID");
|
||||
goto exit_cs;
|
||||
}
|
||||
sigCtx->verify = 0;
|
||||
sigCtx->key.dilithium = (dilithium_key*)XMALLOC(
|
||||
sizeof(dilithium_key), sigCtx->heap,
|
||||
|
|
|
|||
|
|
@ -1043,7 +1043,8 @@ int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize,
|
|||
}
|
||||
|
||||
int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
||||
WC_RNG* rng, int type, void* key)
|
||||
const byte* context, byte contextLen, word32 preHashType, WC_RNG* rng,
|
||||
int type, void* key)
|
||||
{
|
||||
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
|
||||
int devId = INVALID_DEVID;
|
||||
|
|
@ -1068,6 +1069,9 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
|||
cryptoInfo.pk.pqc_sign.inlen = inlen;
|
||||
cryptoInfo.pk.pqc_sign.out = out;
|
||||
cryptoInfo.pk.pqc_sign.outlen = outlen;
|
||||
cryptoInfo.pk.pqc_sign.context = context;
|
||||
cryptoInfo.pk.pqc_sign.contextLen = contextLen;
|
||||
cryptoInfo.pk.pqc_sign.preHashType = preHashType;
|
||||
cryptoInfo.pk.pqc_sign.rng = rng;
|
||||
cryptoInfo.pk.pqc_sign.key = key;
|
||||
cryptoInfo.pk.pqc_sign.type = type;
|
||||
|
|
@ -1079,7 +1083,8 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
|||
}
|
||||
|
||||
int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg,
|
||||
word32 msglen, int* res, int type, void* key)
|
||||
word32 msglen, const byte* context, byte contextLen, word32 preHashType,
|
||||
int* res, int type, void* key)
|
||||
{
|
||||
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
|
||||
int devId = INVALID_DEVID;
|
||||
|
|
@ -1104,6 +1109,9 @@ int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg,
|
|||
cryptoInfo.pk.pqc_verify.siglen = siglen;
|
||||
cryptoInfo.pk.pqc_verify.msg = msg;
|
||||
cryptoInfo.pk.pqc_verify.msglen = msglen;
|
||||
cryptoInfo.pk.pqc_verify.context = context;
|
||||
cryptoInfo.pk.pqc_verify.contextLen = contextLen;
|
||||
cryptoInfo.pk.pqc_verify.preHashType = preHashType;
|
||||
cryptoInfo.pk.pqc_verify.res = res;
|
||||
cryptoInfo.pk.pqc_verify.key = key;
|
||||
cryptoInfo.pk.pqc_verify.type = type;
|
||||
|
|
|
|||
|
|
@ -8024,8 +8024,8 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg,
|
|||
if (key->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng,
|
||||
WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, ctx, ctxLen,
|
||||
WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
|
|
@ -8075,8 +8075,8 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig,
|
|||
if (key->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng,
|
||||
WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, NULL, 0,
|
||||
WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
|
|
@ -8127,6 +8127,22 @@ int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg,
|
|||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (ret == 0) {
|
||||
#ifndef WOLF_CRYPTO_CB_FIND
|
||||
if (key->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcSign(hash, hashLen, sig, sigLen, ctx, ctxLen,
|
||||
hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* Sign message. */
|
||||
#ifdef WOLFSSL_WC_DILITHIUM
|
||||
|
|
@ -8301,6 +8317,22 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx,
|
|||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (ret == 0) {
|
||||
#ifndef WOLF_CRYPTO_CB_FIND
|
||||
if (key->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, ctx, ctxLen,
|
||||
WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* Verify message with signature. */
|
||||
#ifdef WOLFSSL_WC_DILITHIUM
|
||||
|
|
@ -8339,21 +8371,21 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
|
|||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (ret == 0) {
|
||||
#ifndef WOLF_CRYPTO_CB_FIND
|
||||
#ifndef WOLF_CRYPTO_CB_FIND
|
||||
if (key->devId != INVALID_DEVID)
|
||||
#endif
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res,
|
||||
WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0,
|
||||
WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* Verify message with signature. */
|
||||
|
|
@ -8397,6 +8429,22 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
|
|||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
if (ret == 0) {
|
||||
#ifndef WOLF_CRYPTO_CB_FIND
|
||||
if (key->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcVerify(sig, sigLen, hash, hashLen, ctx, ctxLen,
|
||||
hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
/* Verify message with signature. */
|
||||
#ifdef WOLFSSL_WC_DILITHIUM
|
||||
|
|
@ -9228,7 +9276,7 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key)
|
|||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
XMEMSET(key->a, 0, params->aSz);
|
||||
XMEMSET(key->a, 0, key->params->aSz);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -73,8 +73,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
|
|||
if (key->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng,
|
||||
WC_PQC_SIG_TYPE_FALCON, key);
|
||||
ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, NULL, 0,
|
||||
WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_FALCON, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
|
|
@ -171,8 +171,8 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
|
|||
if (key->devId != INVALID_DEVID)
|
||||
#endif
|
||||
{
|
||||
ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res,
|
||||
WC_PQC_SIG_TYPE_FALCON, key);
|
||||
ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0,
|
||||
WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_FALCON, key);
|
||||
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
||||
return ret;
|
||||
/* fall-through when unavailable */
|
||||
|
|
|
|||
|
|
@ -1162,7 +1162,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen)
|
|||
if (ret == 0) {
|
||||
XMEMCPY(key->pub, in, inLen);
|
||||
|
||||
key->state = WC_LMS_STATE_VERIFYONLY;
|
||||
if (key->state != WC_LMS_STATE_OK)
|
||||
key->state = WC_LMS_STATE_VERIFYONLY;
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
|
|
|||
|
|
@ -294,6 +294,9 @@ typedef struct wc_CryptoInfo {
|
|||
WC_RNG* rng;
|
||||
void* key;
|
||||
int type; /* enum wc_PqcSignatureType */
|
||||
const byte* context;
|
||||
byte contextLen;
|
||||
word32 preHashType; /* enum wc_HashType */
|
||||
} pqc_sign;
|
||||
struct {
|
||||
const byte* sig;
|
||||
|
|
@ -303,6 +306,9 @@ typedef struct wc_CryptoInfo {
|
|||
int* res;
|
||||
void* key;
|
||||
int type; /* enum wc_PqcSignatureType */
|
||||
const byte* context;
|
||||
byte contextLen;
|
||||
word32 preHashType; /* enum wc_HashType */
|
||||
} pqc_verify;
|
||||
struct {
|
||||
void* key;
|
||||
|
|
@ -560,10 +566,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type,
|
|||
int keySize, void* key);
|
||||
|
||||
WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out,
|
||||
word32 *outlen, WC_RNG* rng, int type, void* key);
|
||||
word32 *outlen, const byte* context, byte contextLen, word32 preHashType,
|
||||
WC_RNG* rng, int type, void* key);
|
||||
|
||||
WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen,
|
||||
const byte* msg, word32 msglen, int* res, int type, void* key);
|
||||
const byte* msg, word32 msglen, const byte* context, byte contextLen,
|
||||
word32 preHashType, int* res, int type, void* key);
|
||||
|
||||
WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
|
||||
const byte* pubKey, word32 pubKeySz);
|
||||
|
|
|
|||
|
|
@ -119,6 +119,8 @@ if(CONFIG_WOLFSSL)
|
|||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_encrypt.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_kyber_poly.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms_impl.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c)
|
||||
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
|
||||
|
|
|
|||
Loading…
Reference in New Issue