Skip to content

Commit

Permalink
Fixes for WolfSSL ML-DSA implementation
Browse files Browse the repository at this point in the history
* Update OIDs etc. to match OQS ML-DSA values (old ones were Dilithium
  Round 3 values)
* Make sure private key files/buffers containing both the private and
  the public key are parsed correctly

Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
  • Loading branch information
Frauschi committed Jun 24, 2024
1 parent 0900e00 commit 7cd610b
Show file tree
Hide file tree
Showing 7 changed files with 67 additions and 28 deletions.
14 changes: 8 additions & 6 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -28443,9 +28443,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length)
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is a Dilithium private key. */
ret = wc_dilithium_import_private(ssl->buffers.key->buffer,
ssl->buffers.key->length,
(dilithium_key*)ssl->hsKey);
ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.key->buffer,
&idx,
(dilithium_key*)ssl->hsKey,
ssl->buffers.key->length);
if (ret == 0) {
WOLFSSL_MSG("Using Dilithium private key");

Expand Down Expand Up @@ -28870,9 +28871,10 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length)
/* Set start of data to beginning of buffer. */
idx = 0;
/* Decode the key assuming it is a Dilithium private key. */
ret = wc_dilithium_import_private(ssl->buffers.altKey->buffer,
ssl->buffers.altKey->length,
(dilithium_key*)ssl->hsAltKey);
ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.altKey->buffer,
&idx,
(dilithium_key*)ssl->hsAltKey,
ssl->buffers.altKey->length);
if (ret == 0) {
WOLFSSL_MSG("Using Dilithium private key");

Expand Down
4 changes: 3 additions & 1 deletion src/ssl_load.c
Original file line number Diff line number Diff line change
Expand Up @@ -962,6 +962,7 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize)
{
int ret;
word32 idx;
dilithium_key* key;

/* Allocate a Dilithium key to parse into. */
Expand Down Expand Up @@ -996,7 +997,8 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,

if (ret == 0) {
/* Decode as a Dilithium private key. */
ret = wc_dilithium_import_private(der->buffer, der->length, key);
idx = 0;
ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length);
if (ret == 0) {
/* Get the minimum Dilithium key size from SSL or SSL context
* object. */
Expand Down
24 changes: 12 additions & 12 deletions wolfcrypt/src/asn.c
Original file line number Diff line number Diff line change
Expand Up @@ -4206,17 +4206,17 @@ static word32 SetBitString16Bit(word16 val, byte* output)
static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
#endif /* HAVE_FACON */
#ifdef HAVE_DILITHIUM
/* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
/* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
static const byte sigDilithium_Level2Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
{43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};

/* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
/* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */
static const byte sigDilithium_Level3Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
{43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5};

/* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
/* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
static const byte sigDilithium_Level5Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
{43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
/* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
Expand Down Expand Up @@ -4280,17 +4280,17 @@ static word32 SetBitString16Bit(word16 val, byte* output)
static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9};
#endif /* HAVE_FALCON */
#ifdef HAVE_DILITHIUM
/* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
/* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */
static const byte keyDilithium_Level2Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
{43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4};

/* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
/* Dilithium Level 3: 1.3.6.1.4.1.2.267.12.6.5 */
static const byte keyDilithium_Level3Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
{43, 6, 1, 4, 1, 2, 130, 11, 12, 6, 5};

/* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
/* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */
static const byte keyDilithium_Level5Oid[] =
{43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
{43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7};
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
/* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
Expand Down
35 changes: 35 additions & 0 deletions wolfcrypt/src/dilithium.c
Original file line number Diff line number Diff line change
Expand Up @@ -6702,6 +6702,29 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKey, &privKeyLen,
&pubKey, &pubKeyLen, keytype);
}

if ((pubKey == NULL) && (pubKeyLen == 0)) {
/* Check if the public key is included in the private key. */
if ((key->level == 2) &&
(privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE;
pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE;
privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE;
}
else if ((key->level == 3) &&
(privKeyLen != DILITHIUM_LEVEL3_PRV_KEY_SIZE)) {
pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE;
pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE;
privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE;
}
else if ((key->level == 5) &&
(privKeyLen != DILITHIUM_LEVEL5_PRV_KEY_SIZE)) {
pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE;
pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE;
privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE;
}
}

if (ret == 0) {
/* Check whether public key data was found. */
if (pubKeyLen == 0) {
Expand Down Expand Up @@ -6747,6 +6770,18 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
ret = BAD_FUNC_ARG;
}

if (ret == 0) {
/* Try to import the key directly. */
ret = wc_dilithium_import_public(input, inSz, key);
}
if (ret == 0) {
return 0;
}
else {
/* Not successful, decode it first. */
ret = 0;
}

if (ret == 0) {
/* Get OID sum for level. */
if (key->level == 2) {
Expand Down
6 changes: 3 additions & 3 deletions wolfssl/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -1796,11 +1796,11 @@ enum Misc {
FALCON_LEVEL5_SA_MINOR = 0xB1,

DILITHIUM_LEVEL2_SA_MAJOR = 0xFE,
DILITHIUM_LEVEL2_SA_MINOR = 0xA0,
DILITHIUM_LEVEL2_SA_MINOR = 0xD0,
DILITHIUM_LEVEL3_SA_MAJOR = 0xFE,
DILITHIUM_LEVEL3_SA_MINOR = 0xA3,
DILITHIUM_LEVEL3_SA_MINOR = 0xD1,
DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
DILITHIUM_LEVEL5_SA_MINOR = 0xA5,
DILITHIUM_LEVEL5_SA_MINOR = 0xD2,

MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
Expand Down
6 changes: 3 additions & 3 deletions wolfssl/wolfcrypt/asn.h
Original file line number Diff line number Diff line change
Expand Up @@ -1164,9 +1164,9 @@ enum Key_Sum {
DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
FALCON_LEVEL1k = 273, /* 1.3.9999.3.6 */
FALCON_LEVEL5k = 276, /* 1.3.9999.3.9 */
DILITHIUM_LEVEL2k = 213, /* 1.3.6.1.4.1.2.267.7.4.4 */
DILITHIUM_LEVEL3k = 216, /* 1.3.6.1.4.1.2.267.7.6.5 */
DILITHIUM_LEVEL5k = 220, /* 1.3.6.1.4.1.2.267.7.8.7 */
DILITHIUM_LEVEL2k = 218, /* 1.3.6.1.4.1.2.267.12.4.4 */
DILITHIUM_LEVEL3k = 221, /* 1.3.6.1.4.1.2.267.12.6.5 */
DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */
SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */
SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */
SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */
Expand Down
6 changes: 3 additions & 3 deletions wolfssl/wolfcrypt/asn_public.h
Original file line number Diff line number Diff line change
Expand Up @@ -218,9 +218,9 @@ enum Ctc_SigType {
CTC_FALCON_LEVEL1 = 273,
CTC_FALCON_LEVEL5 = 276,

CTC_DILITHIUM_LEVEL2 = 213,
CTC_DILITHIUM_LEVEL3 = 216,
CTC_DILITHIUM_LEVEL5 = 220,
CTC_DILITHIUM_LEVEL2 = 218,
CTC_DILITHIUM_LEVEL3 = 221,
CTC_DILITHIUM_LEVEL5 = 225,

CTC_SPHINCS_FAST_LEVEL1 = 281,
CTC_SPHINCS_FAST_LEVEL3 = 283,
Expand Down

0 comments on commit 7cd610b

Please sign in to comment.