diff --git a/src/internal.c b/src/internal.c index 247bd3f156..965d1eb42c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -28443,9 +28443,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is a Dilithium private key. */ - ret = wc_dilithium_import_private(ssl->buffers.key->buffer, - ssl->buffers.key->length, - (dilithium_key*)ssl->hsKey); + ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.key->buffer, + &idx, + (dilithium_key*)ssl->hsKey, + ssl->buffers.key->length); if (ret == 0) { WOLFSSL_MSG("Using Dilithium private key"); @@ -28870,9 +28871,10 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is a Dilithium private key. */ - ret = wc_dilithium_import_private(ssl->buffers.altKey->buffer, - ssl->buffers.altKey->length, - (dilithium_key*)ssl->hsAltKey); + ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.altKey->buffer, + &idx, + (dilithium_key*)ssl->hsAltKey, + ssl->buffers.altKey->length); if (ret == 0) { WOLFSSL_MSG("Using Dilithium private key"); diff --git a/src/ssl_load.c b/src/ssl_load.c index 6b8da4cae4..9b78fbdb40 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -962,6 +962,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize) { int ret; + word32 idx; dilithium_key* key; /* Allocate a Dilithium key to parse into. */ @@ -996,7 +997,8 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, if (ret == 0) { /* Decode as a Dilithium private key. */ - ret = wc_dilithium_import_private(der->buffer, der->length, key); + idx = 0; + ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length); if (ret == 0) { /* Get the minimum Dilithium key size from SSL or SSL context * object. */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 6b142fcb5c..2ba4b93e8c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4206,17 +4206,17 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; #endif /* HAVE_FACON */ #ifdef HAVE_DILITHIUM - /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */ + /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ static const byte sigDilithium_Level2Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4}; - /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */ + /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */ static const byte sigDilithium_Level3Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5}; - /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */ + /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */ static const byte sigDilithium_Level5Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7}; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */ @@ -4280,17 +4280,17 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */ + /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ static const byte keyDilithium_Level2Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4}; - /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */ + /* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */ static const byte keyDilithium_Level3Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5}; - /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */ + /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */ static const byte keyDilithium_Level5Oid[] = - {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7}; + {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7}; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */ diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index eea32bae2b..9568081b88 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -7126,6 +7126,29 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKey, &privKeyLen, &pubKey, &pubKeyLen, keytype); } + + if ((pubKey == NULL) && (pubKeyLen == 0)) { + /* Check if the public key is included in the private key. */ + if ((key->level == 2) && + (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) { + pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE; + pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; + privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE; + } + else if ((key->level == 3) && + (privKeyLen != DILITHIUM_LEVEL3_PRV_KEY_SIZE)) { + pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE; + pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; + privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE; + } + else if ((key->level == 5) && + (privKeyLen != DILITHIUM_LEVEL5_PRV_KEY_SIZE)) { + pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE; + pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; + privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE; + } + } + if (ret == 0) { /* Check whether public key data was found. */ if (pubKeyLen == 0) { @@ -7171,6 +7194,18 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, ret = BAD_FUNC_ARG; } + if (ret == 0) { + /* Try to import the key directly. */ + ret = wc_dilithium_import_public(input, inSz, key); + } + if (ret == 0) { + return 0; + } + else { + /* Not successful, decode it first. */ + ret = 0; + } + if (ret == 0) { /* Get OID sum for level. */ if (key->level == 2) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index dea087739b..7bac1f6cf8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1796,11 +1796,11 @@ enum Misc { FALCON_LEVEL5_SA_MINOR = 0xB1, DILITHIUM_LEVEL2_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL2_SA_MINOR = 0xA0, + DILITHIUM_LEVEL2_SA_MINOR = 0xD0, DILITHIUM_LEVEL3_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL3_SA_MINOR = 0xA3, + DILITHIUM_LEVEL3_SA_MINOR = 0xD1, DILITHIUM_LEVEL5_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL5_SA_MINOR = 0xA5, + DILITHIUM_LEVEL5_SA_MINOR = 0xD2, MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 8e8a031110..20c41b7628 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1164,9 +1164,9 @@ enum Key_Sum { DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ FALCON_LEVEL1k = 273, /* 1.3.9999.3.6 */ FALCON_LEVEL5k = 276, /* 1.3.9999.3.9 */ - DILITHIUM_LEVEL2k = 213, /* 1.3.6.1.4.1.2.267.7.4.4 */ - DILITHIUM_LEVEL3k = 216, /* 1.3.6.1.4.1.2.267.7.6.5 */ - DILITHIUM_LEVEL5k = 220, /* 1.3.6.1.4.1.2.267.7.8.7 */ + DILITHIUM_LEVEL2k = 218, /* 1.3.6.1.4.1.2.267.12.4.4 */ + DILITHIUM_LEVEL3k = 221, /* 1.3.6.1.4.1.2.267.12.6.5 */ + DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */ SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */ SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */ SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index b99fe7aeb9..f233004a36 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -218,9 +218,9 @@ enum Ctc_SigType { CTC_FALCON_LEVEL1 = 273, CTC_FALCON_LEVEL5 = 276, - CTC_DILITHIUM_LEVEL2 = 213, - CTC_DILITHIUM_LEVEL3 = 216, - CTC_DILITHIUM_LEVEL5 = 220, + CTC_DILITHIUM_LEVEL2 = 218, + CTC_DILITHIUM_LEVEL3 = 221, + CTC_DILITHIUM_LEVEL5 = 225, CTC_SPHINCS_FAST_LEVEL1 = 281, CTC_SPHINCS_FAST_LEVEL3 = 283,